[ DEB Repository ] [ RPM Repository ] [ Docker Images ] [ Windows Installer ]
This page helps you configure the Cybertec PostgreSQL Enterprise Edition (PGEE) DEB repository.
PGEE comes in two flavors, a free public demo version and the full Enterprise Edition.
sudo apt install curl ca-certificates
sudo install -d /etc/apt/keyrings/
sudo curl -o /etc/apt/keyrings/cybertec-deb.asc --fail \
https://deb.cybertec-postgresql.com/assets/cybertec-deb.asc
Free to use, limited to 1 GB per table
. /etc/os-release
echo "deb [signed-by=/etc/apt/keyrings/cybertec-deb.asc] \
https://deb.cybertec-postgresql.com/public $VERSION_CODENAME main" \
| sudo tee /etc/apt/sources.list.d/cybertec.list
Unlimited version - contact Cybertec for a quote
. /etc/os-release
echo "deb [signed-by=/etc/apt/keyrings/cybertec-deb.asc] \
https://deb.cybertec-postgresql.com/pgee $VERSION_CODENAME main" \
| sudo tee /etc/apt/sources.list.d/cybertec.list
Access to the full PGEE version is password-protected. To tell apt about your username and password, create this file:
/etc/apt/auth.conf.d/cybertec.conf
machine deb.cybertec-postgresql.com
login YOUR_LOGIN
password YOUR_PASSWORD
sudo apt update
sudo apt install postgresql-15ee
The first unencrypted PostgreSQL instance (called “cluster” in PostgreSQL jargon) is
created automatically on package installation, named main
.
pg_lsclusters
Ver Cluster Port Status Owner Data directory Log file
15 main 5432 online postgres /var/lib/postgresql/15/main /var/log/postgresql/postgresql-15-main.log
To create an encrypted cluster, remove the automatic cluster, set up an encryption key, and create a new cluster:
sudo pg_dropcluster --stop 15 main
KEY=$(dd if=/dev/random bs=1k count=1 | md5sum - | cut -d ' ' -f 1)
sudo pg_createcluster --start 15 pgee -- -k -K "echo $KEY"
Creating new PostgreSQL cluster 15/pgee ...
/usr/lib/postgresql/15/bin/initdb -D /var/lib/postgresql/15/pgee --auth-local peer --auth-host scram-sha-256 --no-instructions -k -K echo 6f640051a17f38eb5541c6bb1b2ca3e3
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.
The database cluster will be initialized with locale "C.UTF-8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".
Data page checksums are enabled.
Data encryption is enabled.
fixing permissions on existing directory /var/lib/postgresql/15/pgee ... ok
creating subdirectories ... ok
selecting dynamic shared memory implementation ... posix
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting default time zone ... Etc/UTC
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok
syncing data to disk ... ok
Ver Cluster Port Status Owner Data directory Log file
15 pgee 5432 online postgres /var/lib/postgresql/15/pgee /var/log/postgresql/postgresql-15-pgee.log
sudo -u postgres psql
psql (15.3_EE_1.2.0 (Debian 15.3ee1.2.0-1.cybertec120+1))
Type "help" for help.
postgres=# show data_encryption;
data_encryption
-----------------
on
(1 row)
postgres=#
Note: The cluster created here uses an encryption key that is stored inside postgresql.conf. Other more secure key retrieval methods can be configured; talk to Cybertec about which method fits your security requirements best.
The old TDE packages hosted on apt.cybertec-postgresql.com are unfortunately
not co-installable with the PGEE packages hosted on this server. (The change
was made to integrate better with Debian’s own packages and packages from
apt.postgresql.org. Both at the same time didn’t prove feasible.) Therefore,
using pg_upgrade
to migrate in-place is not possible.
Options to migrate are:
pg_dumpall
(easy and straightforward)Versions 13 and 14 can be used as pivot versions to switch from TDE to PGEE in-place. We recommend having a backup before doing any maintenance operation.
version=14 # or 13
# stop old server
pg_ctlcluster ${version}tde main stop
# rename config directory
mv /etc/postgresql/${version}tde /etc/postgresql/${version}
# fix references to old config directory in config
sed -i -e "s;/etc/postgresql/${version}tde;/etc/postgresql/${version};" \
/etc/postgresql/${version}/main/postgresql.conf
# remove old packages
apt-get remove postgresql-client-common-tde
# install new repository as above
# install new packages
apt-get install postgresql-${version}ee
# start new server
pg_ctlcluster ${version} main start
A full upgrade plan for something like 12 TDE -> 16 EE would be the following:
pg_upgrade
from 12 TDE to 14 TDEpg_upgrade
from 14 EE to 16 EE