DEB Repository

This page helps you configure the Cybertec PostgreSQL Enterprise Edition (PGEE) DEB repository. (The RPM repository is on a different host.)

PGEE comes in two flavors, a free public demo version and the full Enterprise Edition.

Available Packages

• PostgreSQL 16 Enterprise Edition: postgresql-16ee
• PostgreSQL 15 Enterprise Edition: postgresql-15ee
• PostgreSQL 14 Enterprise Edition: postgresql-14ee
• PostgreSQL 13 Enterprise Edition: postgresql-13ee

Supported Distributions

• Debian:
  • bookworm (12)
  • bullseye (11)
  • buster (10)
• Ubuntu:
  • noble (24.04)
  • jammy (22.04)
  • focal (20.04)

Repository Configuration

Install Requisites

sudo apt install curl ca-certificates

Get Repository Key

sudo install -d /etc/apt/keyrings/
sudo curl -o /etc/apt/keyrings/cybertec-deb.asc --fail \
  https://deb.cybertec-postgresql.com/assets/cybertec-deb.asc

Public PGEE Demo Version Repository

Free to use, limited to 100MB per table

. /etc/os-release
echo "deb [signed-by=/etc/apt/keyrings/cybertec-deb.asc] \
https://deb.cybertec-postgresql.com/public $VERSION_CODENAME main" \
  | sudo tee /etc/apt/sources.list.d/cybertec.list

Full PGEE Version Repository

Unlimited version - contact Cybertec for a quote

. /etc/os-release
echo "deb [signed-by=/etc/apt/keyrings/cybertec-deb.asc] \
https://deb.cybertec-postgresql.com/pgee $VERSION_CODENAME main" \
  | sudo tee /etc/apt/sources.list.d/cybertec.list

Access to the full PGEE version is password-protected. To tell apt about your username and password, create this file:

/etc/apt/auth.conf.d/cybertec.conf

machine deb.cybertec-postgresql.com
login YOUR_LOGIN
password YOUR_PASSWORD

Install Packages

sudo apt update
sudo apt install postgresql-15ee

The first unencrypted PostgreSQL instance (called “cluster” in PostgreSQL jargon) is created automatically on package installation, named main.

pg_lsclusters
Ver Cluster Port Status Owner    Data directory              Log file
15  main    5432 online postgres /var/lib/postgresql/15/main /var/log/postgresql/postgresql-15-main.log

Create Encrypted Cluster

To create an encrypted cluster, remove the automatic cluster, set up an encryption key, and create a new cluster:

sudo pg_dropcluster --stop 15 main

KEY=$(dd if=/dev/random bs=1k count=1 | md5sum - | cut -d ' ' -f 1)
sudo pg_createcluster --start 15 pgee -- -k -K "echo $KEY"

Creating new PostgreSQL cluster 15/pgee ...
/usr/lib/postgresql/15/bin/initdb -D /var/lib/postgresql/15/pgee --auth-local peer --auth-host scram-sha-256 --no-instructions -k -K echo 6f640051a17f38eb5541c6bb1b2ca3e3
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.

The database cluster will be initialized with locale "C.UTF-8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".

Data page checksums are enabled.
Data encryption is enabled.

fixing permissions on existing directory /var/lib/postgresql/15/pgee ... ok
creating subdirectories ... ok
selecting dynamic shared memory implementation ... posix
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting default time zone ... Etc/UTC
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok
syncing data to disk ... ok
Ver Cluster Port Status Owner    Data directory              Log file
15  pgee    5432 online postgres /var/lib/postgresql/15/pgee /var/log/postgresql/postgresql-15-pgee.log

sudo -u postgres psql
psql (15.3_EE_1.2.0 (Debian 15.3ee1.2.0-1.cybertec120+1))
Type "help" for help.

postgres=# show data_encryption;
 data_encryption
-----------------
 on
(1 row)

postgres=#

Note: The cluster created here uses an encryption key that is stored inside postgresql.conf. Other more secure key retrieval methods can be configured; talk to Cybertec about which method fits your security requirements best.

Migrating from TDE to PGEE

The old TDE packages hosted on apt.cybertec-postgresql.com are unfortunately not co-installable with the PGEE packages hosted on this server. (The change was made to integrate better with Debian’s own packages and packages from apt.postgresql.org. Both at the same time didn’t prove feasible.) Therefore, using pg_upgrade to migrate in-place is not possible.

Options to migrate are:

• Set up a new cluster on a different machine and migrate using pg_dumpall (easy and straightforward)
• Use the instructions below to replace a TDE installation with PGEE (unfortunately somewhat convoluted)

In-place switch from TDE to PGEE

Versions 13 and 14 can be used as pivot versions to switch from TDE to PGEE in-place. We recommend having a backup before doing any maintenance operation.

version=14 # or 13

# stop old server
pg_ctlcluster ${version}tde main stop

# rename config directory
mv /etc/postgresql/${version}tde /etc/postgresql/${version}

# fix references to old config directory in config
sed -i -e "s;/etc/postgresql/${version}tde;/etc/postgresql/${version};" \
    /etc/postgresql/${version}/main/postgresql.conf

# remove old packages
apt-get remove postgresql-client-common-tde

# install new repository as above

# install new packages
apt-get install postgresql-${version}ee

# start new server
pg_ctlcluster ${version} main start

A full upgrade plan for something like 12 TDE -> 16 EE would be the following:

• pg_upgrade from 12 TDE to 14 TDE
• Use the above instructions to side-grade from 14 TDE to 14 EE
• pg_upgrade from 14 EE to 16 EE

Documentation

• PostgreSQL 16 EE Documentation
• PostgreSQL 15 EE Documentation
• PostgreSQL 14 EE Documentation
• PostgreSQL 13 TDE Documentation
• PostgreSQL 12 TDE Documentation

© 2024 Cybertec — Built with swege