Postgresql Example Setup (Red Hat Linux - Major Ver. 16)

Enterprise‑Grade PostgreSQL 16 Installation on RHEL

PostgreSQL 16
Enterprise‑Grade Installation Guide
RHEL 8/9 Edition

1 · Preparation Checklist

  • 64‑bit RHEL 8/9 minimal install, fully patched.
  • Dedicated LVM volume:
    • /pgdata → data files (XFS, noatime)
    • /pgwal → WAL (optional, SSD / NVMe for low latency)
  • Outbound HTTPS for the official PostgreSQL YUM repository.
  • Root (or sudo) access for initial setup; thereafter run the service as a locked postgres OS user.

2 · Create the postgres Service Account

# groupadd --system postgres
# useradd  --system --gid postgres --home-dir /pgdata --shell /bin/bash postgres
# passwd -l postgres         # lock password (SSH key / sudo only)
Why? Running the server under an unprivileged user isolates the cluster and its files from the rest of the OS—exactly as recommended in the EDB training.

3 · Kernel & System Tuning

cat >/etc/sysctl.d/99-postgresql-tuning.conf <<EOF
# Increase shared memory & semaphores for DB loads
kernel.shmmax = 68719476736        # 64 GB, adjust to 75‑80 % of RAM
kernel.shmall = 16777216           # shmmax / 4 kB
kernel.sem    = 4096 524288 4096 512
vm.swappiness = 10
# Allow enough pending connections
net.core.somaxconn = 1024
EOF

sysctl --system

SELinux

If you run SELinux enforcing, add the supplied policy module from postgresql-server RPM.
Otherwise set it to permissive during install, then back to enforcing:

# setenforce 0   # permissive
...
# setenforce 1   # enforcing

4 · Add the Official PGDG YUM Repository

# dnf -y install https://download.postgresql.org/pub/repos/yum/reporpms/EL-$(rpm -E %{rhel})-x86_64/\
postgresql16-libs-16.2-1PGDG.rhel$(rpm -E %{rhel}).x86_64.rpm

The above command installs a small “hook” RPM; it configures /etc/yum.repos.d/pgdg-redhat-all.repo.

5 · Install Server & Contrib Packages

# dnf -y groupinstall "PostgreSQL Server 16"
# dnf -y install postgresql16-contrib postgresql16-devel

6 · Initialise a Custom Data Directory

# mkdir /pgdata /pgwal
# chown postgres:postgres /pgdata /pgwal
# su - postgres
$ /usr/pgsql-16/bin/initdb -D /pgdata \
    --waldir=/pgwal \
    --encoding=UTF8 \
    --locale=en_US.UTF-8

7 · Environment Variables (User Profile)

$ vi ~/.bash_profile
# ---- PostgreSQL env ----
export PATH=/usr/pgsql-16/bin:$PATH
export PGDATA=/pgdata
export PGPORT=5432
export PGUSER=postgres
export PGDATABASE=postgres

Log off / back on to load them, or source ~/.bash_profile.

8 · First‑Cut postgresql.conf Tweaks

# /pgdata/postgresql.conf
listen_addresses = '*'               # allow remote access (firewall permitting)
max_connections  = 200
shared_buffers   = 8GB               # ≈25 % RAM (assumes 32 GB machine)
effective_cache_size = 24GB          # ≈75 % RAM
work_mem        = 32MB               # × active sorts
maintenance_work_mem = 2GB
wal_level       = replica
wal_compression = on
wal_buffers     = -1                 # auto (≈16 MB)
checkpoint_timeout = 15min
max_wal_size    = 8GB
checkpoint_completion_target = 0.9
archive_mode    = on
archive_command = 'rsync -a %p /archived_wal/%f'
log_destination = 'stderr'
log_directory   = 'log'
log_filename    = 'postgresql-%a.log'
log_rotation_age = 1d
log_min_duration_statement = 1000    # ms
autovacuum_vacuum_cost_limit = 2000
Tip: Revisit these values after load testing; use pg_test_timing and pgbench for baselines.

9 · Systemd Service Unit

The postgresql-16 RPM provides /usr/lib/systemd/system/postgresql-16.service. Override it to use our custom directories & add hardening:

# systemctl edit postgresql-16
# (creates /etc/systemd/system/postgresql-16.service.d/override.conf)

[Service]
Environment=PGDATA=/pgdata
OOMScoreAdjust=-500
PrivateTmp=true
ProtectSystem=full
ProtectHome=true
NoNewPrivileges=true

Enable & Start

# systemctl daemon-reload
# systemctl enable --now postgresql-16
# systemctl status postgresql-16

10 · Firewall / SELinux Ports

# firewall-cmd --permanent --add-service=postgresql
# firewall-cmd --reload
# semanage port -a -t postgresql_port_t -p tcp 5432  # if using non‑default port

11 · Secure the Cluster

  • Replace the default DB superuser password: 
    ALTER USER postgres WITH PASSWORD '********';
  • Edit pg_hba.conf to use scram-sha-256 or md5 authentication, not trust.
  • Restrict replication connections to known hosts.

12 · Health‑Check & Monitoring Hooks

ToolInstallPurpose
postgres_exporterPrometheus / GrafanaMetrics
pgBackRestYUM repoIncremental, compressed backups
pgauditdnf install pgaudit16*Detailed audit logs

Quick Validation Script

#!/bin/bash
echo "== Version =="; psql -c "SELECT version();" -qt
echo "== Shared Buffers =="; psql -c "SHOW shared_buffers;" -qt
echo "== Conn Check =="; pg_isready
echo "== WAL Dir =="; ls -lh /pgwal | head

If all checks pass, your PostgreSQL 16 instance is production‑ready—tuned, secured, and laid out on enterprise‑grade storage.

© 2025 Your Name – feel free to adapt & share with attribution.

Comments

Post a Comment

Popular posts from this blog

Oracle Database Upgrade With OPatch Tool (RHEL/Centos/OEL)

Follow these steps to upgrade an Oracle Database using the OPatch tool: 1. Download and Prepare Files Download the patch you want to install along with the latest OPatch tool from Oracle's website. Transfer all downloaded files to the /tmp/ directory, and unzip them. Ensure the correct permissions and ownership are set: chown -R oracle:oinstall p26710464_122010_Linux-x86-64.zip chown -R oracle:oinstall p6880880_122010_Linux-x86-64.zip unzip p26710464_122010_Linux-x86-64.zip unzip p6880880_122010_Linux-x86-64.zip 2. Replace the OPatch Folder Replace the current OPatch folder inside the Oracle database files with the new one: cd $ORACLE_HOME cp -R OPatch OPatch_yedek # Backup current OPatch folder. rm -rf OPatch cp -R /tmp/Opatch . Verify the OPatch version and list applied patches: cd OPatch ./opatch lspatches 3. Check for Conflicts Navigate to the patch folder and run the following command to check for conflicts before starting the upgrade: cd /tmp/26710464/ $O...
Read more

Error when Installing Some Postgresql Packages (Perl IPC-Run)

Resolving PostgreSQL 17 Dependency Error on Oracle Linux 8 Fixing perl(IPC::Run) Dependency Error When Installing PostgreSQL 17 on Oracle Linux 8 Background While preparing a fresh Oracle Linux 8 server for a PostgreSQL 17 deployment, an attempt to install all PostgreSQL packages in one go failed with an unsatisfied dependency error: Problem 1: cannot install the best candidate for the job - nothing provides perl(IPC::Run) needed by postgresql17-devel-17.4-1PGDG.rhel8.x86_64 ... Root Cause The perl(IPC::Run) module (along with several tool‑chain libraries) resides in the CodeReady Builder repository, which is disabled by default on Oracle Linux 8. Because postgresql17-devel and postgresql17-test depend on that module, dnf / yum cannot resolve the full dependency tree unless the repository is enabled. CodeReady Builder hosts developer‑oriented packages—compilers, debuggers, Perl/Python modules—that ma...
Read more

POSTGRESQL UPGRADE WITH PG_UPGRADE UTILITY IN RHEL/CENTOS/OEL

Upgrading PostgreSQL can be a smooth process if you follow the necessary steps carefully. Below is a comprehensive guide to help you through the upgrade. Table of Contents Prerequisites Install the New PostgreSQL Version Set Up New Directories and Permissions Initialize the New Database Configure PostgreSQL Settings Stop and Disable Old PostgreSQL Services Run the Upgrade Process Finalize the Upgrade Post-Upgrade Tasks Prerequisites Before initiating the upgrade, ensure the following prerequisites are met: Internet Connection: Required for downloading packages. PostgreSQL RPM Packages: Necessary for installation. Free Disk Space: Ensure you have more free space than the current database size. Compatibility Checks: Verify PostgreSQL extension compatibility. Crontab Jobs: Identify any cron jobs related to PostgreSQL. Note: Skipping these checks may result in errors during the upgrade process. Install the New PostgreSQL Versio...
Read more