November 13, 2008
Operating System |
Platform |
Application(s) |
Database(s) |
Other |
|
|
N / A
|
|
|
This document describes the process of setting up a PostgreSQL database server with Sun SPARC hardware and Solaris 10. For this task, we will compile PostgreSQL from source (so we can have the latest, compiled to our taste and 64-bit support).
Keep in mind that this document does not cover hardening the system. That process is outlined in other documents from myself or others. This machine needs to be well protected. It might be in a very vulnerable position.
Also, you will need root access to do most of these tasks. For the most part, this guide assumes access to the system through a terminal or SSH, with no attached keyboard or monitor.
Follow my guide titled Configuring a Solaris 10 JumpStart Server
to lay the foundation for what we will be doing here. This guide has an example JumpStart profile with the required clusters and packages needed for development.
You may want to nudge up the size on the /var partition, depending on your estimated database needs. This guide uses /var/db as the home for the database(s).
I also suggest you add the following to your system's PATH:
/usr/local/bin:/usr/sfw/bin:/usr/ccs/bin:/usr/local/pgsql/bin
This will allow easier access to some programs we will need later.
Most of my compilation activities occur within the /usr/src directory. This guide assumes that location.
Optional Features |
To get the most out of PostgreSQL, you'll want to build in Readline support (along with some other libs). Here is what Practical PostgreSQL says about it:
| The GNU Readline library greatly increases the usability of psql, the standard PostgreSQL command-line console client. It adds all of the standard functionality of the GNU Readline library to the psql command line, such as being able to easily modify, edit, and retrieve command-history information with the arrow keys and the ability to search the command history (also known as a reverse-i-search). |
# wget http://ftp.wayne.edu/pub/gnu/readline/readline-5.2.tar.gz
# gunzip readline-5.2.tar.gz
# tar -xvf readline-5.2.tar
# rm readline-5.2.tar && cd readline-5.2
# CC="gcc -m64 -mcpu=ultrasparc -L/usr/sfw/lib/sparcv9 -R/usr/sfw/lib/sparcv9" \
./configure --with-curses
# make && make install |
|
If the URL used here is too slow, check here for others to try.
# wget http://ftp7.us.postgresql.org/pub/postgresql/v8.3.5/postgresql-8.3.5.tar.bz2
# bunzip2 postgresql-8.3.5.tar.bz2
# tar -xvf postgresql-8.3.5.tar
# rm postgresql-8.3.5.tar && cd postgresql-8.3.5
# ./configure CC="gcc -m64 -mcpu=ultrasparc -R/usr/sfw/lib/64
-L/usr/sfw/lib/64 \
-R/usr/lib/64 -L/usr/lib/64 -R/usr/local/lib
-L/usr/local/lib" \
--libdir=/usr/local/pgsql/lib --with-openssl --with-libxml
--enable-thread-safety \
--with-includes=/usr/local/include
# gmake && gmake install |
Now we need to initialize the database cluster. An account called postgres for use with PostgreSQL is automatically created for you. It is locked for normal access, so to perform actions as this user, you must, as the root user, su - postgres to become that user. The following gives an example of how to initialize a database cluster in a directory called /var/db:
-bash-3.00$ su -
Password:
# mkdir /var/db - (if not already there from partitioning)
# rm -rf /var/db/* - (to empty the contents)
# chown postgres /var/db - (allow the user 'postgres' full rights)
# su - postgres
$ initdb -D /var/db |
Once this is done, we need to configure it for remote access. These examples are simple, but will give you a running start on the methods of customization and securing your installation.
The /var/db/postgresql.conf file contains many options. To allow remote access to your database(s) you need to uncomment and edit a few lines. First, to allow all hosts access to the server, uncomment this line:
#listen_addresses = 'localhost'
and change 'localhost' to '*'. Not the most secure, but good enough for our purposes. Further down in the file, we want to change some settings to enhance security for administration. To allow SSL, uncomment the following line:
#ssl = off
and change off to on. Just below that, we want to uncomment the line:
#password_encryption = on
to allow encrypted passwords. You also need to edit the /var/db/pg_hba.conf file to allow remote connections. Read through the file and add your network and/or hosts you wish to have access (change "trust" to "md5" to use encrypted passwords). That's all we are concerned with for now. The other features are for fine tuning and such.
Since we've turned on the SSL feature in postgresql.conf, we need to create the private server key and certificate for PostgreSQL to use when starting up. This is rather simple if you don't involve any signing authorities... and we're not here. As the postgres user, perform the following:
$ cd /var/db
$ openssl req -new -text -out server.req
$ openssl rsa -in privkey.pem -out server.key
$ rm privkey.pem
$ openssl req -x509 -in server.req -text -key server.key -out server.crt
$ chmod og-rwx server.key |
To start the database, enter postgres -D /var/db as the postgres user.
|
