PostgreSQL Beginner Guide

栏目: IT技术 · 发布时间: 4年前

内容简介:By default after instalation and creting database cluster PostgreSQL will listner only on localhost. No remote access will be allowed.To change listen address we have to configure parameter in

Configure remote access - listen address

By default after instalation and creting database cluster PostgreSQL will listner only on localhost. No remote access will be allowed.

PostgreSQL installation on Linux - with database creation

[postgres@postgres-lab ~]$ netstat -lptnu | grep post
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp        0      0 127.0.0.1:5432          0.0.0.0:*               LISTEN      1977/postmaster     
tcp6       0      0 ::1:5432                :::*                    LISTEN      1977/postmaster

To change listen address we have to configure parameter in postgresql.conf

Check PGDATA - after -D parameter:

[postgres@postgres-lab ~]$ ps aux | grep postgres
postgres  1977  0.0  2.5 286388 14864 ?        Ss   Jun28   0:02 /usr/pgsql-12/bin/postmaster -D /postgresql/data
postgres  1979  0.0  0.2 140768  1360 ?        Ss   Jun28   0:00 postgres: logger   
postgres  1981  0.0  0.5 286504  3028 ?        Ss   Jun28   0:00 postgres: checkpointer   
postgres  1982  0.0  0.2 286388  1696 ?        Ss   Jun28   0:03 postgres: background writer   
postgres  1983  0.0  0.9 286388  5676 ?        Ss   Jun28   0:03 postgres: walwriter   
postgres  1984  0.0  0.4 286924  2688 ?        Ss   Jun28   0:02 postgres: autovacuum launcher

Locate the file:

[postgres@postgres-lab ~]$ cd /postgresql/data/
[postgres@postgres-lab data]$ ls -lah postgresql.conf
-rw-------. 1 postgres postgres 26K Jun 28 21:44 postgresql.conf

Change in postgresql.conf parameter listen_addresses to your server IP or * to listen on all IP’s available on server:

[postgres@postgres-lab data]$ vi postgresql.conf

##------------------------------------------------------------------------------
## CONNECTIONS AND AUTHENTICATION
##------------------------------------------------------------------------------

## - Connection Settings -

listen_addresses = '*'          ## what IP address(es) to listen on;
                                        ## comma-separated list of addresses;
                                        ## defaults to 'localhost'; use '*' for all

Restart PostgreSQL to apply changes - you can do that with systemctl from root os user service or with pg_ctl -D PGDATA restart from postgres os user:

[root@postgres-lab ~]## systemctl restart postgresql-12.service

Check whre PostgreSQL is listening now:

[postgres@postgres-lab ~]$ netstat -lptnu | grep post
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp        0      0 0.0.0.0:5432            0.0.0.0:*               LISTEN      30161/postmaster    
tcp6       0      0 :::5432                 :::*                    LISTEN      30161/postmaster

Configure remote access - pg_hba.conf

PostgreSQL instance has got restricted access by pg_hba.conf file(host based authentication file).

We can provide in it information from which ADDRESS to which DATABASE on which USER by what METHOD we allow connecting. Additionaly we have to provide TYPE of connection.

This file resides in same place where postgresql.conf (we can alter this behavior by setting pg_hba parameter in postgresql.conf ):

[postgres@postgres-lab ~]$ cd /postgresql/data/

[postgres@postgres-lab data]$ vi pg_hba.conf
## TYPE  DATABASE        USER            ADDRESS                 METHOD

## "local" is for Unix domain socket connections only
local   all             all                                     trust
## IPv4 local connections:
host    all             all             127.0.0.1/32            trust
## IPv6 local connections:
host    all             all             ::1/128                 trust

Allowed TYPE 's:

local
host
hostssl
hostnossl
hostgssenc
hostnogssenc

With DATABASE we can specify database name or use special value sameuser if database name should be same as name of user that is connecting.

With USER we can specify user or role - role name should be preceded by + sign.

ADDRESS field could be - hostname, IP range in CIDR format or special words:

samehost
samenet

With METHOD field we can set one of authentication methods - most important ones are:

trust
reject
md5
password
ldap

In DATABASE and USER fields you can specify special word all if you don’t want to create any restrictions here.

There can be situation when we must use additional field named auth-options for specyfying details for example for hostssl connection type. This topic will be covered in another post.

Sample pg_hba record - allow all users connect to any DB from all IP addresses - only with password

Add in pg_hba.conf :

## Network access
host    all             all             0.0.0.0/0               md5

Reload(online operation) PostgreSQL that it can use pg_hba.conf changes:

[postgres@postgres-lab data]$ /usr/pgsql-12/bin/pg_ctl -D /postgresql/data reload
server signaled

Connecting to PostgreSQL

Local from server

It will work without password because we have trust in pg_hba.conf for local connections:

[postgres@postgres-lab ~]$ psql
psql (12.3)
Type "help" for help.

Remote machine

Default URI syntax - you can connect like this:

psql postgresql://user:passwd@host:5432/dbame

or by more common method:

Connect to remote database from psql with connections details provided in parameters(it will ask for password because of md5 method in pg_hba.conf for connections from 0.0.0.0/0 ):

[postgres@postgres-lab data]$ psql -h 10.128.0.2 -p 5432
Password for user postgres:
psql (12.3)
Type "help" for help.

postgres=##

We can also use parameter -U to specify username different than OS username we currently are using.

Also all this parameters can be taken from shell variables which names are self descriptive - if we set all of them we can just use plain psql command to connect:

PGHOST
PGPORT
PGDATABASE
PGUSER
PGPASSWORD

Check connected database

postgres=## select current_database();
 current_database
------------------
 postgres
(1 row)

Check current user

postgres=## select current_user;
 current_user
--------------
 postgres
(1 row)

Check IP and port used for connection

postgres=## select inet_server_addr(), inet_server_port();
 inet_server_addr | inet_server_port
------------------+------------------
 10.128.0.2       |             5432
(1 row)

Check PostgreSQL version

postgres=## select version();
                                                version                                                 
--------------------------------------------------------------------------------------------------------
 PostgreSQL 12.3 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 8.3.1 20191121 (Red Hat 8.3.1-5), 64-bit
(1 row)

Check connection info

postgres=## \conninfo
You are connected to database "postgres" as user "postgres" on host "10.128.0.2" at port "5432".

Executing commands from shell

Execute single command from shell

[postgres@postgres-lab ~]$ psql -c "select current_time"
    current_time    
--------------------
 14:09:19.854598+00
(1 row)

Exacute sql script from shell

[postgres@postgres-lab ~]$ psql -f create_user.sql
CREATE ROLE
CREATE ROLE
CREATE ROLE

Combine single command with sql script from shell

[postgres@postgres-lab ~]$ psql -c "select current_time" -f create_user.sql -c "select current_time"
    current_time    
--------------------
 14:14:26.922453+00
(1 row)

CREATE ROLE
CREATE ROLE
CREATE ROLE
    current_time    
--------------------
 14:14:26.926545+00
(1 row)

psql metacommands

Check all available metacommands

Do it yourself to see all available commands - output trimmed to important ones!

postgres=## \?
General
  \copyright             show PostgreSQL usage and distribution terms
  \crosstabview [COLUMNS] execute query and display results in crosstab
  \errverbose            show most recent error message at maximum verbosity
  \g [FILE] or ;         execute query (and send results to file or |pipe)
  \gdesc                 describe result of query, without executing it
  \gexec                 execute query, then execute each value in its result
  \gset [PREFIX]         execute query and store results in psql variables
  \gx [FILE]             as \g, but forces expanded output mode
  \q                     quit psql
  \watch [SEC]           execute query every SEC seconds

  Query Buffer
    \e [FILE] [LINE]       edit the query buffer (or file) with external editor
    \ef [FUNCNAME [LINE]]  edit function definition with external editor
    \ev [VIEWNAME [LINE]]  edit view definition with external editor
    \p                     show the contents of the query buffer
    \r                     reset (clear) the query buffer
    \s [FILE]              display history or save it to file
    \w FILE                write query buffer to file

List objects in psql

  • \d[S+] - list tables, views, and sequences
  • \d[S+] NAME - describe table, view, sequence, or index
  • \da[S] [PATTERN] - list aggregates
  • \dA[+] [PATTERN] - list access methods
  • \db[+] [PATTERN] - list tablespaces
  • \dc[S+] [PATTERN] - list conversions
  • \dC[+] [PATTERN] - list casts
  • \dd[S] [PATTERN] - show object descriptions not displayed elsewhere
  • \dD[S+] [PATTERN] - list domains
  • \ddp [PATTERN] - list default privileges
  • \dE[S+] [PATTERN] - list foreign tables
  • \det[+] [PATTERN] - list foreign tables
  • \des[+] [PATTERN] - list foreign servers
  • \deu[+] [PATTERN] - list user mappings
  • \dew[+] [PATTERN] - list foreign-data wrappers
  • \df[anptw][S+] [PATRN]- list [only agg/normal/procedures/trigger/window] functions
  • \dF[+] [PATTERN] - list text search configurations
  • \dFd[+] [PATTERN] - list text search dictionaries
  • \dFp[+] [PATTERN] - list text search parsers
  • \dFt[+] [PATTERN] - list text search templates
  • \dg[S+] [PATTERN] - list roles
  • \di[S+] [PATTERN] - list indexes
  • \dl - list large objects, same as \lo_list
  • \dL[S+] [PATTERN] - list procedural languages
  • \dm[S+] [PATTERN] - list materialized views
  • \dn[S+] [PATTERN] - list schemas
  • \do[S] [PATTERN] - list operators
  • \dO[S+] [PATTERN] - list collations
  • \dp [PATTERN] - list table, view, and sequence access privileges
  • \dP[itn+] [PATTERN] - list [only index/table] partitioned relations [n=nested]
  • \drds [PATRN1 [PATRN2]] - list per-database role settings
  • \dRp[+] [PATTERN] - list replication publications
  • \dRs[+] [PATTERN] - list replication subscriptions
  • \ds[S+] [PATTERN] - list sequences
  • \dt[S+] [PATTERN] - list tables
  • \dT[S+] [PATTERN] - list data types
  • \du[S+] [PATTERN] - list roles

Check syntax for SQL statement

postgres-## \h SELECT
Command:     SELECT
Description: retrieve rows from a table or view
Syntax:
[ WITH [ RECURSIVE ] with_query [, ...] ]
SELECT [ ALL | DISTINCT [ ON ( expression [, ...] ) ] ]
    [ * | expression [ [ AS ] output_name ] [, ...] ]
    [ FROM from_item [, ...] ]
    [ WHERE condition ]
    [ GROUP BY grouping_element [, ...] ]
    [ HAVING condition [, ...] ]
    [ WINDOW window_name AS ( window_definition ) [, ...] ]
    [...]
postgres-## \h UPDATE
Command:     UPDATE
Description: update rows of a table
Syntax:
[ WITH [ RECURSIVE ] with_query [, ...] ]
UPDATE [ ONLY ] table_name [ * ] [ [ AS ] alias ]
    SET { column_name = { expression | DEFAULT } |
          ( column_name [, ...] ) = [ ROW ] ( { expression | DEFAULT } [, ...] ) |
          ( column_name [, ...] ) = ( sub-SELECT )
        } [, ...]
    [ FROM from_item [, ...] ]
    [ WHERE condition | WHERE CURRENT OF cursor_name ]
    [ RETURNING * | output_expression [ [ AS ] output_name ] [, ...] ]

URL: https://www.postgresql.org/docs/12/sql-update.html
postgres-## \h ALTER SYSTEM
Command:     ALTER SYSTEM
Description: change a server configuration parameter
Syntax:
ALTER SYSTEM SET configuration_parameter { TO | = } { value | 'value' | DEFAULT }

ALTER SYSTEM RESET configuration_parameter
ALTER SYSTEM RESET ALL

URL: https://www.postgresql.org/docs/12/sql-altersystem.html

Change your password in secure way

Setting password_encryption instruct psql to send password enrypted from client to database server.

postgres=## SET password_encryption = 'scram-sha-256';
SET
postgres=## \password
Enter new password:
Enter it again:
postgres=##

Saving passwords in your OS user account with .pgpass

.pgpass file is used to keep passwords for easy of connection with PostgreSQL database servers.

By default client looks for .pgpass in your home directory.

This file should on Linux has got 0600 permissions.

We can change location of .pgpass by setting shell variable PGPASSFILE .

Sample .pgpass can look like - of course we can add multiple lines in it for diffrent connections:

vi .pgpass
postgres-lab:5432:*:postgres:postgres12345

Below .pgpass sets password postgres12345 , for user postgres to database postgres when connecting to host postgres-lab on port 5432 .

After saving .pgpass we can connect to our database without providing password:

[postgres@postgres-lab ~]$ psql -h postgres-lab -p 5432
psql (12.3)
Type "help" for help.

postgres=##

Service file

Service files allows us to save connection descriptions and call them by simple name.

Service file can be on:

/etc/pg_service.conf
~/.pg_service.conf

PostgreSQL client always look first for suer level service file, which overrides system level one.

Sample record in service file will look like:

vi .pg_service.conf

[prod_db]
host=postgres-lab
port=5432
dbname=postgres

After saving service file we can connect with psql like this(password will come from .pgpass ):

[postgres@postgres-lab ~]$ psql service=prod_db user=postgres
psql (12.3)
Type "help" for help.

postgres=##

Troubleshooting connection

pg_isready binary allows us to check status of PostgreSQL local or remote instance

[postgres@postgres-lab ~]$ /usr/pgsql-12/bin/pg_isready -h postgres-lab -p 5432
postgres-lab:5432 - accepting connections

You can also set in postgresql.conf parameters for logging connection debug info:

log_connections = on
log_disconnections = on

After setting it remember to reload PostgreSQL server.

Logfile by default is located in $PGDATA /log directory - in our example configuration that will be:

[postgres@postgres-lab ~]$ ls -lah /postgresql/data/log/
total 24K
drwx------.  2 postgres postgres  162 Jul  3 00:00 .
drwx------. 20 postgres postgres 4.0K Jul  3 00:00 ..
-rw-------.  1 postgres postgres  153 Jul  3 10:07 postgresql-Fri.log
-rw-------.  1 postgres postgres    0 Jun 29 00:00 postgresql-Mon.log
-rw-------.  1 postgres postgres  186 Jun 28 21:46 postgresql-Sun.log
-rw-------.  1 postgres postgres 4.7K Jul  2 17:00 postgresql-Thu.log
-rw-------.  1 postgres postgres   72 Jun 30 19:46 postgresql-Tue.log
-rw-------.  1 postgres postgres    0 Jul  1 00:00 postgresql-Wed.log

以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

暗时间

暗时间

刘未鹏 / 电子工业出版社 / 2011-7 / 35.00元

2003年,刘未鹏在杂志上发表了自己的第一篇文章,并开始写博客。最初的博客较短,也较琐碎,并夹杂着一些翻译的文章。后来渐渐开始有了一些自己的心得和看法。总体上在这8年里,作者平均每个月写1篇博客或更少,但从未停止。 刘未鹏说—— 写博客这件事情给我最大的体会就是,一件事情如果你能够坚持做8年,那么不管效率和频率多低,最终总能取得一些很可观的收益。而另一个体会就是,一件事情只要你坚持得足......一起来看看 《暗时间》 这本书的介绍吧!

HTML 压缩/解压工具
HTML 压缩/解压工具

在线压缩/解压 HTML 代码

随机密码生成器
随机密码生成器

多种字符组合密码

HTML 编码/解码
HTML 编码/解码

HTML 编码/解码