You can leverage systemd to harden your database by configuring it to run as a service — see how to do it for OSS PostgreSQL and enterprise-ready FUJITSU Enterprise Postgres.
Systemd is the standard service management tool set across most Linux distributions. Created and promoted by Red Hat and quickly establishing itself in clones of RHEL such as CentOS and Fedora, it hasn't taken long for it to become established in other popular distributions like Ubuntu and SUSE.
Systemd is a framework of libraries, daemons, and utilities that assist with the management of services in your environment, which of course can include Postgres.
The systemctl utility that you will use to control your service accepts various commands — the ones you are most likely to use are as follows:
- systemctl list-units | grep postgres
- systemctl status name.service
- systemctl start name.service
- systemctl stop name.service
- systemctl restart name.service
Init scripts, used to start services, are stored in directories such as /lib/systemd/system or /usr/lib/systemd/system. The init script itself can have any name, with the suffix .service. The script contains a specific format of information that describes the service, how to start and stop it, and the user and group under which it should run.
Below is an example of a service file for PostgreSQL 10 from an Ubuntu distribution:
To enable a service, we must first create a symbolic link (using systemctl enable) to the init script of the service described above in the /etc/systemd/system folder, which is where the systemd daemon will look.
Once the link is created, the service will get started automatically upon a system boot. We can also manage the service manually using the systemctl utilities start, stop, and restart commands. Below is an example of starting the postgresql service using the systemctl utility.
The list-units command can be helpful in finding out the actual name of the service and init script (appended '.service') as follows:
FUJITSU Enterprise Postgres
The same steps can be performed to configure FUJITSU Enterprise Postgres, which is designed for the enterprise, with enhancements that make it more secure and increase its performance.
The steps below demonstrate setting up the service on a RHEL or CentOS distribution. It's very similar to how we set up PostgreSQL — we copy a service init script template across to the /etc/systemd/system folder, which we then modify.
We edit the file, and it's pretty similar to the PostgreSQL example above. Notice the installation setting at the bottom of the file — multi-user.target configures the service to be a runlevel 2-4 target. Runlevel 6 or reboot can be set, by changing the value to reboot.target. In this example file, I have set the user and group to 'gary', where this would normally be 'fsepuser' (the FUJITSU Enterprise Postgres equivalent of 'postgres').
We then enable the service in the same way as with PostgreSQL, using systemctl enable, and this will create the appropriate link based on values in the service file.
In the example below, I stop the FUJITSU Enterprise Postgres server, and then use systemctl daemon-reload to reload the daemon so that it picks up changes made to the service file. After that, I start the service with systemctl start, and then check its state with systemctl status.
If you’d like to see how adopting an enterprise Postgres system such as FUJITSU Enterprise Postgres can help you increase your system availability, click here to make an enquiry.