cancel
Showing results for 
Search instead for 
Did you mean: 

EFM 2.1 Quickstart - Installation and Setup

EDB Team Member

Enterprise Failover Manager (EFM) allows the automatic switch from a primary database to a mirror database that is kept up-to-date via Postgres streaming replication.  Multiple standby databases can be configured, and prioritized.

 

Should a standby database promote itself to master while the master database is still active and supporting connections, there would be an extremely high probability of data corruption and loss.  For that reason, EFM makes a number of checks to ensure that the master database is truly offline.  The standby will not be promoted if the master is still online.

 

The minimum configuration, a master database with a single standby, requires a third node to act as a witness.  Essentially this node, along with another reliably available IP address outside of the EFM configuration, allows the standby database node to verify its own connectivity before promotion.  If more than one standby database node is used, one of them can also serve as the witness.  The diagram below depicts two standby databases, with a separate server acting as witness.

 

This example will do the following:

  • Create a master database

  • Create one standby database with replication

  • Create one witness node

  • Configure and start EFM on all components

 

By the end of this exercise, you will have a functioning master database with a standby and automatic failover.  In order to install and configure this environment, there are four (4) script files, two for the witness, and one each for the master and standby.  The witness has two scripts, since configuring the EFM cluster requires an encrypted version of the database password, and is therefore required before installation of the master.  Some values, such as usernames, passwords, and IP addresses, need to be entered into the top of each script prior to running it.  The scripts perform the following actions, and should be run in this order:

  1. efm_witness.sh  This scripts installs Java and EFM 2.1 on a server running RHEL 7, and generates the encrypted password that is required by the remaining three scripts.

  2. efm_master.sh  This script installs Java, EFM 2.1, and Postgres Advanced Server (PAS) 9.5, creates a database and starts it, and configures EFM and starts it.  The configuration of EFM adds the remaining nodes when the cluster starts.

  3. efm_stdby.sh  This script installs Java, EFM 2.1, and PAS 9.5, populates a data directory via pg_basebackup from the master, and starts the database with streaming from the master.  It also configures and starts EFM, having the standby join the master node’s EFM cluster.

  4. efm_witness2.sh  This script configures and starts EFM, having this node join the cluster as the witness server.

 

All 4 scripts are attached for download.  (Remove the “.txt” extension prior to saving it on your server.)

On the witness:

#!/bin/bash

# Set environment variables with needed properties
export YUM_USER=<username>
export YUM_PASSWORD=<password> 
export MASTER_IP=<IP>
export STDBY_IP=<IP>
export WITNESS_IP=<IP>
export YOUR_EMAIL=<email addr>

# Install Java, if not already installed
yum -y install java

# Setup YUM repository for installing EPAS and EFM
rpm -Uvh http://yum.enterprisedb.com/edbrepos/edb-repo-9.6-4.noarch.rpm

# Set YUM username/password in edb.repo
sed -i "s/<username>:<password>/$YUM_USER:$YUM_PASSWORD/g" /etc/yum.repos.d/edb.repo
                                                                                                                                                           
# Enable EFM repo in edb.repo
sed -i "\/enterprisedb-tools/,/gpgcheck/ s/enabled=0/enabled=1/" /etc/yum.repos.d/edb.repo
sed -i "\/enterprisedb-dependencies/,/gpgcheck/ s/enabled=0/enabled=1/" /etc/yum.repos.d/edb.repo

# Install EFM
yum -y install efm21

# The encrypted password is required to set up the master and standby.  This will retrieve
#   the encrypted version of the password.  Follow the prompts, using enterprisedb as the
#   password.  Copy the password, and enter in at the top of the master and standby scripts.

/usr/efm-2.1/bin/efm encrypt efm
# At this point, run the efm_master.sh script and then the efm_stdby.sh script.
#  Complete the installation by running efm_witness2.sh.

 

 

On the master:

#!/bin/bash

# Set environment variables with needed properties
export YUM_USER=<username>
export YUM_PASSWORD=<password> 
export MASTER_IP=<IP>
export STDBY_IP=<IP>
export WITNESS_IP=<IP>
export YOUR_EMAIL=<email addr>
export PWD_ENCRYPT=<password>  #see notes above
export PGDATA=/var/lib/edb/as9.6/master

# Install Java, if not already installed
yum -y install java

# Setup YUM repository for installing EPAS and EFM
rpm -Uvh http://yum.enterprisedb.com/edbrepos/edb-repo-9.6-4.noarch.rpm

# Set YUM username/password in edb.repo
sed -i "s/<username>:<password>/$YUM_USER:$YUM_PASSWORD/g" /etc/yum.repos.d/edb.repo
                                                                                                                                                           
# Enable EPAS 9.6 and EFM repo in edb.repo
sed -i "\/edbas96/,/gpgcheck/ s/enabled=0/enabled=1/" /etc/yum.repos.d/edb.repo
sed -i "\/enterprisedb-tools/,/gpgcheck/ s/enabled=0/enabled=1/" /etc/yum.repos.d/edb.repo
sed -i "\/enterprisedb-dependencies/,/gpgcheck/ s/enabled=0/enabled=1/" /etc/yum.repos.d/edb.repo

# Install EPAS 9.6 and EFM
yum -y install edb-as96-server
yum -y install efm21

# Setup .pgpass file so that we can connect to the database without prompting for password
# These commands are run as the enterprisedb OS user
su - enterprisedb -c "echo \"*:*:*:enterprisedb:enterprisedb\" > ~/.pgpass"
su - enterprisedb -c "chmod 600 ~/.pgpass"

# Create the data directory
# These commands are run as the enterprisedb OS user
su - enterprisedb -c "mkdir $PGDATA"
su - enterprisedb -c "chmod 700 $PGDATA"
# initdb populates the master directory
# This command is run as the enterprisedb OS user
su - enterprisedb -c "/usr/edb/as9.6/bin/initdb -D $PGDATA"

# Modify parameters in postgresql.conf to:
#  - Set wal_level from minimal to hot_standby
#  - Set max_wal_senders to 3 (should be AT LEAST as many wal_senders as replicas)
#  - Set hot_standby to on (this parameter has licensing implications)
#     so that the replicas will inherit the setting from pg_basebasckup
#  - Set wal_keep_segments to 5 (keep 5 WALs since we're not archiving)
#  - Set logging_collector to on
sed -i "s/#wal_level = minimal/wal_level = hot_standby/"    $PGDATA/postgresql.conf
sed -i "s/#max_wal_senders = 0/max_wal_senders = 3/"        $PGDATA/postgresql.conf
sed -i "s/#hot_standby = off/hot_standby = on/"             $PGDATA/postgresql.conf
sed -i "s/#wal_keep_segments = 0/wal_keep_segments = 5/"    $PGDATA/postgresql.conf
sed -i "s/#logging_collector = off/logging_collector = on/" $PGDATA/postgresql.conf

# Modify pg_hba.conf to allow for replication to standby and connection from witness, also
# to disable IPv6 access
#  Note master's IP address is added, since it's replicated to the standby which could become master
sed -i "s/#host[ ]*replication[ ]*enterprisedb[ ]*127.0.0.1/host   replication     enterprisedb     $STDBY_IP/g" $PGDATA/pg_hba.conf
sed -i "s/#local[ ]*replication/local   replication/g"      $PGDATA/pg_hba.conf
echo host      edb       all     $MASTER_IP/32        trust >> $PGDATA/pg_hba.conf
echo host      edb       all     $STDBY_IP/32        trust >> $PGDATA/pg_hba.conf
echo host      edb       all     $WITNESS_IP/32      trust >> $PGDATA/pg_hba.conf
echo host      replication       enterprisedb     $MASTER_IP/32      trust >> $PGDATA/pg_hba.conf
echo host      replication       enterprisedb     $STDBY_IP/32      trust >> $PGDATA/pg_hba.conf
sed -i 's/.*::/#&/g' $PGDATA/pg_hba.conf

# Start the database and set default enterprisedb password
# These commands are run as the enterprisedb OS user
su - enterprisedb -c "/usr/edb/as9.6/bin/pg_ctl -w -D $PGDATA start"  
su - enterprisedb -c "/usr/edb/as9.6/bin/psql -p 5444 -d postgres -c \"alter user enterprisedb identified by enterprisedb\""

# Copy template properties file to properties file, create node list file
cp /etc/efm-2.1/efm.properties.in /etc/efm-2.1/efm.properties
echo $MASTER_IP:7800 > /etc/efm-2.1/efm.nodes
echo $STDBY_IP:7800 >> /etc/efm-2.1/efm.nodes
echo $WITNESS_IP:7800 >> /etc/efm-2.1/efm.nodes
chmod 600 /etc/efm-2.1/efm.nodes

# Numerous edits have to be made to the efm.properties file.  These edits include:
# - Username, encrypted password, port, db name for the local database
# - Set port for administrative commands to typically-used 7809
# - Leave local period timeout settings and remote timeout at the default
# - Set user.email to your email address
# - Set bind address
# - Set is witness to false
# - OS username owning the data directory
# - Where the recovery.conf file is located
# - Location of the database binaries
# - VIP will not be used for this exercise
# - Leave the ping server set to Google DNS
# - No fence scripts will be used for this exercise
sed -i "s/db.user=/db.user=enterprisedb/" /etc/efm-2.1/efm.properties
sed -i "s/db.password.encrypted=/db.password.encrypted=$PWD_ENCRYPT/" /etc/efm-2.1/efm.properties
sed -i "s/db.port=/db.port=5444/" /etc/efm-2.1/efm.properties
sed -i "s/db.database=/db.database=edb/" /etc/efm-2.1/efm.properties
sed -i "s/admin.port=/admin.port=7809/" /etc/efm-2.1/efm.properties
sed -i "s/user.email=/user.email=$YOUR_EMAIL/" /etc/efm-2.1/efm.properties
sed -i "s/bind.address=/bind.address=$MASTER_IP:7800/" /etc/efm-2.1/efm.properties
sed -i "s/is.witness=/is.witness=false/" /etc/efm-2.1/efm.properties
sed -i "s/db.service.owner=/db.service.owner=enterprisedb/" /etc/efm-2.1/efm.properties
sed -i "s;db.recovery.conf.dir=;db.recovery.conf.dir=$PGDATA;g" /etc/efm-2.1/efm.properties
sed -i "s/db.bin=/db.bin=\/usr\/ppas-9.5\/bin/" /etc/efm-2.1/efm.properties
sed -i "s/auto.allow.hosts=false/auto.allow.hosts=true/" /etc/efm-2.1/efm.properties

# Start the EFM service and verify it's running (using RHEL/CentOS 7 version of command)
systemctl start efm-2.1.service
/usr/efm-2.1/bin/efm cluster-status efm

# Add standby and witness nodes to the cluster and verify
/usr/efm-2.1/bin/efm add-node efm $STDBY_IP
/usr/efm-2.1/bin/efm add-node efm $WITNESS_IP
/usr/efm-2.1/bin/efm cluster-status efm

 

 

On the standby:

#!/bin/bash

# Set environment variables with needed properties
export YUM_USER=<username>
export YUM_PASSWORD=<password> 
export MASTER_IP=<IP>
export STDBY_IP=<IP>
export WITNESS_IP=<IP>
export YOUR_EMAIL=<email addr>
export PWD_ENCRYPT=<password>  #see notes above
export PGDATA=
/var/lib/edb/as9.6/stdby0

# Install Java, if not already installed
yum -y install java

# Setup YUM repository for installing EPAS and EFM
rpm -Uvh http://yum.enterprisedb.com/edbrepos/edb-repo-9.6-4.noarch.rpm

# Set YUM username/password in edb.repo
sed -i "s/<username>:<password>/$YUM_USER:$YUM_PASSWORD/g" /etc/yum.repos.d/edb.repo
                                                                                                                                                           
# Enable EPAS 9.6 and EFM repo in edb.repo
sed -i "\/ppas95/,/gpgcheck/ s/enabled=0/enabled=1/" /etc/yum.repos.d/edb.repo
sed -i "\/enterprisedb-tools/,/gpgcheck/ s/enabled=0/enabled=1/" /etc/yum.repos.d/edb.repo

# Install EPAS 9.6 and EFM
yum -y install edb-as96-server
yum -y install efm21

# Setup .pgpass file so that we can connect to the database without prompting for password
# These commands are run as the enterprisedb OS user
su - enterprisedb -c "echo \"*:*:*:enterprisedb:enterprisedb\" > ~/.pgpass"
su - enterprisedb -c "chmod 600 ~/.pgpass"


# Create the data directory
# These commands are run as the enterprisedb OS user
su - enterprisedb -c "mkdir $PGDATA"
su - enterprisedb -c "chmod 700 $PGDATA"

# Populate data directory by pulling from master DB
# These commands are run as the enterprisedb OS user
su - enterprisedb -c "
/usr/edb/as9.6/bin/pg_basebackup -h $MASTER_IP -p 5444 -R -D $PGDATA"

# Edit the recovery.conf file to add the trigger file statement

echo trigger_file=\'$PGDATA/trigger.file\' >> $PGDATA/recovery.conf

 

# This line in recovery.conf ensures that master and standby are on the same backup timeline

#  so they can easily switch back and forth

echo recovery_target_timeline='latest' >> $PGDATA/recovery.conf

 

# Start the database as the enterprisedb OS user
su - enterprisedb -c "
/usr/edb/as9.6/bin/pg_ctl -w -D $PGDATA start" 

# Copy template properties file to properties file, create node list file
cp /etc/efm-2.1/efm.properties.in /etc/efm-2.1/efm.properties
echo $MASTER_IP:7800 > /etc/efm-2.1/efm.nodes
echo $STDBY_IP:7800 >> /etc/efm-2.1/efm.nodes
echo $WITNESS_IP:7800 >> /etc/efm-2.1/efm.nodes
chmod 600 /etc/efm-2.1/efm.nodes

# Numerous edits have to be made to the efm.properties file.  These edits include:
# - Username, encrypted password, port, db name for the local database
# - Set port for administrative commands to typically-used 7809
# - Leave local period timeout settings and remote timeout at the default
# - Set user.email to your email address
# - Set bind address
# - Set is witness to false
# - OS username owning the data directory
# - Where the recovery.conf file is located
# - Location of the database binaries
# - VIP will not be used for this exercise
# - Leave the ping server set to Google DNS
# - No fence scripts will be used for this exercise
sed -i "s/db.user=/db.user=enterprisedb/" /etc/efm-2.1/efm.properties
sed -i "s/db.password.encrypted=/db.password.encrypted=$PWD_ENCRYPT/" /etc/efm-2.1/efm.properties
sed -i "s/db.port=/db.port=5444/" /etc/efm-2.1/efm.properties
sed -i "s/db.database=/db.database=edb/" /etc/efm-2.1/efm.properties
sed -i "s/admin.port=/admin.port=7809/" /etc/efm-2.1/efm.properties
sed -i "s/user.email=/user.email=$YOUR_EMAIL/" /etc/efm-2.1/efm.properties
sed -i "s/bind.address=/bind.address=$STDBY_IP:7800/" /etc/efm-2.1/efm.properties
sed -i "s/is.witness=/is.witness=false/" /etc/efm-2.1/efm.properties
sed -i "s/db.service.owner=/db.service.owner=enterprisedb/" /etc/efm-2.1/efm.properties
sed -i "s;db.recovery.conf.dir=;db.recovery.conf.dir=$PGDATA;g" /etc/efm-2.1/efm.properties
sed -i "s/db.bin=/db.bin=\/usr\/ppas-9.5\/bin/" /etc/efm-2.1/efm.properties
sed -i "s/auto.allow.hosts=false/auto.allow.hosts=true/" /etc/efm-2.1/efm.properties

# Start the EFM service and verify it's running (using RHEL/CentOS 7 version of command)
systemctl start efm-2.1.service
/usr/efm-2.1/bin/efm cluster-status efm

 

On the witness:

#!/bin/bash

# Set environment variables with needed properties
export YUM_USER=<username>
export YUM_PASSWORD=<password> 
export MASTER_IP=<IP>
export STDBY_IP=<IP>
export WITNESS_IP=<IP>
export YOUR_EMAIL=<email addr>
export PWD_ENCRYPT=<password>  #see notes above
export PGDATA=/var/lib/ppas/9.5/stdby0

# Copy template properties file to properties file, create node list file
cp /etc/efm-2.1/efm.properties.in /etc/efm-2.1/efm.properties
echo $MASTER_IP:7800 > /etc/efm-2.1/efm.nodes
echo $STDBY_IP:7800 >> /etc/efm-2.1/efm.nodes
echo $WITNESS_IP:7800 >> /etc/efm-2.1/efm.nodes
chmod 600 /etc/efm-2.1/efm.nodes

# Numerous edits have to be made to the efm.properties file.  These edits include:
# - Set port for administrative commands to typically-used 7809
# - Leave local period timeout settings and remote timeout at the default
# - Set user.email to your email address
# - Set bind address
# - Set is witness to true
# - VIP will not be used for this exercise
# - Leave the ping server set to Google DNS
# - No fence scripts will be used for this exercise
sed -i "s/db.user=/db.user=enterprisedb/" /etc/efm-2.1/efm.properties
sed -i "s/db.password.encrypted=/db.password.encrypted=$PWD_ENCRYPT/" /etc/efm-2.1/efm.properties
sed -i "s/db.port=/db.port=5444/" /etc/efm-2.1/efm.properties
sed -i "s/db.database=/db.database=edb/" /etc/efm-2.1/efm.properties
sed -i "s/admin.port=/admin.port=7809/" /etc/efm-2.1/efm.properties
sed -i "s/user.email=/user.email=$YOUR_EMAIL/" /etc/efm-2.1/efm.properties
sed -i "s/bind.address=/bind.address=$WITNESS_IP:7800/" /etc/efm-2.1/efm.properties
sed -i "s/is.witness=/is.witness=true/" /etc/efm-2.1/efm.properties

# Start the EFM service and verify it's running (using RHEL/CentOS 7 version of command)
systemctl start efm-2.1.service
/usr/efm-2.1/bin/efm cluster-status efm