Summary ======= # su postgres $ psql template1 {...} template1=# create user rave; CREATE ROLE template1=# create database portdb with owner rave; CREATE DATABASE Template1=# grant all on database portdb to rave; GRANT template1=# \q $ psql -U rave portdb { ... } portdb=> \i /path/to/schema.sql BEGIN { ... } COMMIT portdb=> \q { Do additional configuration as detailed below.... } Introduction ============ The Analysis Portal uses a PostgreSQL database to store aggregate port information. This document describes how to set up this database. Server Configuration ==================== The remaining instructions in this document assume you have an instance of the PostgreSQL database server installed and running on the RAVE server. The correct version of the database server software is available from https://tools.netsa.cert.org/distrib/rhelas4/download.html. For documentation on installing and configuring PostgreSQL, please see http://www.postgresql.org/docs/manuals. If you're having problems running PostgreSQL, ensure that postgres.so is in the dynamic library search path. One way to do this is to add the directory that contains it to /etc/ld.so.conf.d and run ldconfig. Loading the Database Schema --------------------------- After PostgreSQL has been installed, connect using the psql command as user postgres, as in the following example. ------------------------------------------------------------------->8--- # su postgres $ psql template1 { ... standard output logging in to postgres. Note that postgres is the database superuser ... } template1=# create database portdb; CREATE DATABASE ------------------------------------------------------------------->8--- We recommend that you create a user in PostgreSQL specifically for RAVE services. The user that runs the RAVE server is a good choice. For the rest of this document, we will assume the existence of such a user, named rave. The database user name can be any user name on the system in the next line. It's also possible to define any new user name you wish, and to use the password option to set a password. We do not recommend this, as RAVE (acting as a PostgreSQL client) will then need access to the password, which means the password will have to be stored in plain text in any case. See the output of \h create user for details. After you have created a user to administrate the portdb database, you must load the schema of the database from the supplied schema.sql file. The following example describes the user creation and loading process. ------------------------------------------------------------------->8--- template1=# create user rave; CREATE ROLE template1=# grant all on database portdb to rave; GRANT template1=# \q { You've now quit psql, and are going to reconnect. } $ psql -U rave portdb { ... } portdb=> \i /path/to/port-database-schema.sql BEGIN ... COMMIT { Note: There should be a bunch of stuff between BEGIN and COMMIT, including two "NOTICE"s. But there should be no errors. } portdb=> \q $ ------------------------------------------------------------------->8--- Database Connectivity ===================== At this point, the port database schema has been loaded, but contains no data. If you changed any of the default names in the above examples, you must edit the portal.conf file to set the database URL. The database URL is specified in the "portdb" parameter. To set it, add a line to your portal.conf file under [databases], of the following type: ------------------------------------------------------------------->8--- [databases] portdb={type}://[{user}:{pass}@]{host}[:{port}]/{db-name} ------------------------------------------------------------------->8--- The default is "postgresql:///portdb". That is: Use the current system user, using no password, to log in to the portdb database on the postgres instance running on the local machine. (The database will always be running on the local machine.) In order to check that the default URL will work, try to become the rave user, then connect to the database: ------------------------------------------------------------------->8--- # su rave $ psql portdb ... ------------------------------------------------------------------->8--- This command should succeed, indicating that all is well. Performance Tuning ================== In order to allow PostgreSQL to make proper query optimizations based on the data partitioning scheme the portal uses, enable the "constraint_exclusion" option. To do this, edit the postgresql.conf file underneath the PostgreSQL data directory. Find the line: ------------------------------------------------------------------->8--- #constraint_exclusion = off ------------------------------------------------------------------->8--- underneath the QUERY TUNING section, and change it to: ------------------------------------------------------------------->8--- constraint_exclusion = on ------------------------------------------------------------------->8--- When constraint exclusion is used, PostgreSQL will no longer look at partitions that are not relevant to the query at hand--when it is off, it will look at these partitions even if they cannot possibly contain any relevant data. This parameter is set to off by default because it has drawbacks in certain rare situations, but none of those situations apply to this installation (and the performance benefits in a partitioned table are significant.)