Docker images of Percona Distribution for PostgreSQL are hosted publicly on Docker Hub .
For more information about using Docker, see the Docker Docs .
Note
Make sure that you are using the latest version of Docker . The ones provided via apt and yum may be outdated and cause errors.
By default, Docker pulls the image from Docker Hub if it is not available locally.
Docker image contentsThe Docker image of Percona Distribution for PostgreSQL includes the following components:
Component name Descriptionpercona-postgresql17 A metapackage that installs the latest version of PostgreSQL percona-postgresql17-server The PostgreSQL server package. percona-postgresql-common PostgreSQL database-cluster manager. It provides a structure under which multiple versions of PostgreSQL may be installed and/or multiple clusters maintained at one time. percona-postgresql-client-common The manager for multiple PostgreSQL client versions. percona-postgresql17-contrib A collection of additional PostgreSQLcontrib extensions percona-postgresql17-libs Libraries for use with PostgreSQL. percona-pg-stat-monitor17 A Query Performance Monitoring tool for PostgreSQL. percona-pgaudit17 Provides detailed session or object audit logging via the standard PostgreSQL logging facility. percona-pgaudit17_set_user An additional layer of logging and control when unprivileged users must escalate themselves to superuser or object owner roles in order to perform needed maintenance tasks. percona-pg_repack17 rebuilds PostgreSQL database objects. percona-wal2json17 a PostgreSQL logical decoding JSON output plugin. percona-pgvector A vector similarity search for PostgreSQL Start the container¶
Start a Percona Distribution for PostgreSQL container as follows:
docker run --name container-name -e POSTGRES_PASSWORD=secret -d percona/percona-distribution-postgresql:17.5-2
Where:
container-name is the name you assign to your containerPOSTGRES_PASSWORD is the superuser password17.5-2 is the tag specifying the version you need. Docker identifies the architecture (x86_64 or ARM64) and pulls the respective image. See the full list of tags .Tip
You can secure the password by exporting it to the environment file and using that to start the container.
Export the password to the environment file:
echo "POSTGRES_PASSWORD=secret" > .my-pg.env
Start the container:
docker run --name container-name --env-file ./.my-pg.env -d percona/percona-distribution-postgresql:17.5-2
Connect to the container’s interactive terminal:
docker exec -it container-name bash
The container-name is the name of the container that you started in the previous step.
This image exposes the standard PostgreSQL port (5432), so container linking makes the instance available to other containers. Start other containers like this in order to link it to the Percona Distribution for PostgreSQL container:
docker run --name app-container-name --network container:container-name -d app-that-uses-postgresql
where:
app-container-name is the name of the container where your application is running,container name is the name of your Percona Distribution for PostgreSQL container, andapp-that-uses-postgresql is the name of your PostgreSQL client.psql command line client¶
The following command starts another container instance and runs the psql command line client against your original container, allowing you to execute SQL statements against your database:
docker run -it --network container:db-container-name --name container-name percona/percona-distribution-postgresql:17.5-2 psql -h address -U postgres
Where:
db-container-name is the name of your database containercontainer-name is the name of your container that you will use to connect to the database container using the psql command line client17.5-2 is the tag specifying the version you need. Docker identifies the architecture (x86_64 or ARM64) and pulls the respective image.address is the network address where your database container is running. Use 127.0.0.1, if the database container is running on the local machine/host.Percona Distribution for PostgreSQL Docker image includes the pg_tde extension to provide data encryption. You must explicitly enable it when you start the container. For more information, see the pg_tde documentation .
Follow these steps to enable pg_tde:
Start the container with the ENABLE_PG_TDE=1 environment variable:
docker run --name container-name -e ENABLE_PG_TDE=1 -e POSTGRES_PASSWORD=sUpers3cRet -d percona/percona-distribution-postgresql:17.5-2
where:
container-name is the name you assign to your containerENABLE_PG_TDE=1 adds the pg_tde to the shared_preload_libraries and enables the custom storage managerPOSTGRES_PASSWORD is the superuser passwordConnect to the container and start the interactive psql session:
docker exec -it container-name psql
psql (17.5 - Percona Server for PostgreSQL 17.5-2)
Type "help" for help.
postgres=#
Create the extension in the database where you want to encrypt data. This requires superuser privileges.
Add the key provider by using a keyring file. This setup is intended for development and stores the keys unencrypted in the specified data file. The below sample configuration is intended for testing and development purposes only.
Note
For production use, we strongly recommend setting up an external key management store and configure an external key provider. Refer to the Setup topic in the pg_tde documentation.
Warning: This example is for testing purposes only:
SELECT pg_tde_add_database_key_provider_file('file-vault', '/tmp/pg_tde_test_001_basic.per');
Create the key:
SELECT pg_tde_create_key_using_database_key_provider('test-db-key', 'file-vault');
Set the principal key:
SELECT pg_tde_set_key_using_database_key_provider('test-db-key', 'file-vault');
Create a table with encryption enabled. Pass the USING tde_heap clause to the CREATE TABLE command:
CREATE TABLE <table_name> (<field> <datatype>) USING tde_heap;
CREATE TABLE test_users (
user_id INT,
username VARCHAR(50),
email VARCHAR(100),
signup_date DATE
) USING tde_heap;
pg_stat_monitor¶
To enable the pg_stat_monitor extension after launching the container, do the following:
pg_stat_monitor view for that database:create extension pg_stat_monitor;
View "public.pg_stat_monitor"
Column | Type | Collation | Nullable | Default
---------------------+--------------------------+-----------+----------+---------
bucket | integer | | |
bucket_start_time | timestamp with time zone | | |
userid | oid | | |
dbid | oid | | |
queryid | text | | |
query | text | | |
plan_calls | bigint | | |
plan_total_time | numeric | | |
plan_min_timei | numeric | | |
plan_max_time | numeric | | |
plan_mean_time | numeric | | |
plan_stddev_time | numeric | | |
plan_rows | bigint | | |
calls | bigint | | |
total_time | numeric | | |
min_time | numeric | | |
max_time | numeric | | |
mean_time | numeric | | |
stddev_time | numeric | | |
rows | bigint | | |
shared_blks_hit | bigint | | |
shared_blks_read | bigint | | |
shared_blks_dirtied | bigint | | |
shared_blks_written | bigint | | |
local_blks_hit | bigint | | |
local_blks_read | bigint | | |
local_blks_dirtied | bigint | | |
local_blks_written | bigint | | |
temp_blks_read | bigint | | |
temp_blks_written | bigint | | |
blk_read_time | double precision | | |
blk_write_time | double precision | | |
host | bigint | | |
client_ip | inet | | |
resp_calls | text[] | | |
cpu_user_time | double precision | | |
cpu_sys_time | double precision | | |
tables_names | text[] | | |
wait_event | text | | |
wait_event_type | text | | |
Note
The pg_stat_monitor view is available only for the databases where you enabled it. If you create a new database, make sure to create the view for it to see its statistics data.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4