Using PostgreSQL in an OpenBSD environment
At least two different accounts are involved when working with PostgreSQL:
One is an OpenBSD userid, '_postgresql', which is used as the userid of files
that are part of PostgreSQL. The other, usually named 'postgres', is not an
OpenBSD userid, i.e. you will not find it in /etc/passwd, but an account
internal to the database system. The 'postgres' account is called the dba
account (database administrator) and is created when a new database is
initialized using the initdb command.
If you are installing PostgreSQL for the first time, you have to create
a default database first. In the following example we install a database
in /var/postgresql/data with a dba account 'postgres' and md5 authentication.
We will be prompted for a password to protect the dba account:
# su - _postgresql
$ mkdir /var/postgresql/data
$ initdb -D /var/postgresql/data -U postgres -A md5 -W
It is strongly advised that you do not work with the postgres dba account
other than creating more users and/or databases or for administrative task.
Use the PostgreSQL permission system to make sure that a database is only
accessed by programs/users that have the right to do so.
Please consult the PostgreSQL website for more information, especially when
you are upgrading an existing database installation.
Auto Start and Stop
To start PostgreSQL at boot and shut it down when the system shuts down,
add the following lines to /etc/rc.local and /etc/rc.shutdown, respectively:
/etc/rc.local:
if [ -x !!PREFIX!!/bin/pg_ctl ]; then
echo -n ' postgresql'
su -l _postgresql -c "nohup !!PREFIX!!/bin/pg_ctl start \
-D /var/postgresql/data -l /var/postgresql/logfile \
-o '-D /var/postgresql/data' >/dev/null"
fi
/etc/rc.shutdown:
if [ -f /var/postgresql/data/postmaster.pid ]; then
su -l _postgresql -c "!!PREFIX!!/bin/pg_ctl stop -m fast \
-D /var/postgresql/data"
rm -f /var/postgresql/data/postmaster.pid
fi
Network Connections and Tuning
To allow connections over TCP (and other options) edit the file:
/var/postgresql/data/postgresql.conf
and also edit the pg_hba.conf (in the same directory) making the
appropriate changes to allow connection from your network.
The default sizes in the GENERIC kernel for SysV semaphores
are not really large enough for a database with more than a
handful of connections. A server running such a database should
have at least the following in /etc/sysctl.conf:
kern.seminfo.semmni=256
kern.seminfo.semmns=2048
To serve a large number of connections (>250), you may also need
to increase the maximum shared memory segment size, on the i386
try:
kern.shminfo.shmmax=50331648 # this is 48MB.
# default on i386 is 32MB
# other archs will vary
These numbers should be tuned depending on system use. You will also
need to tune the values in the postgresql.conf file to increase the
number of connections to the backend.
By default, the _postgresql user, and so the postmaster and backend
processes run in the login(1) class of "daemon". On a busy server,
it may be advisable to put the _postgresql user and processes in
their own login(1) class with tuned resources, such as more open
file descriptors etc.
For example, add this to the login.conf(5) file:
postgresql:\
:openfiles-cur=768:\
:tc=daemon:
Rebuild the login.conf.db file if necessary:
# cap_mkdb /etc/login.conf
Change the login class with either vipw(8) or chsh(8).
For more than about 250 connections, these numbers should be
increased. Please report any changes and experiences to the package
maintainers so that we can update this file for future versions.
Kerberos authentication
By default the postgresql server requires it's own krb5.keytab file. It
should be readable only by the _postgresql user. The default location of
the file is '/etc/postgresql/krb5.keytab' but is tunable by setting the
krb_server_keyfile line in postgresql.conf.
To generate the keytab:
# mkdir /etc/postgresql
# ktutil -k /etc/postgresql/krb5.keytab get postgres/server.domain
# chown _postgresql:_postgresql /etc/postgresql/krb5.keytab
Clients/Frontends
Many applications can use the PostgreSQL database right away. To faciliate
administration of a PostgreSQL database, two clients are notable:
www/phppgadmin A web based user interface that uses PHP5
databases/pgadmin3 A graphical user interface that uses wxWidgets
