Check out our free resources and eBooks like: "Effective Indexing in Postgres"

Enterprise Server: Object Storage Setup (Local Storage)

1. Installation of the Minio storage server

Since pganalyze requires an object storage to store log data, we support the open-source storage server Minio which can be run in a small Docker container, together with a mounted directory.

The easiest way to get started is to simply launch a Minio container like this, whilst making sure to choose secure and randomly generated keys:

# Replace "my_access_key" and "my_secret_key" with two randomly generated strings!
docker run --name minio -e MINIO_ACCESS_KEY=my_access_key -e MINIO_SECRET_KEY=my_secret_key -d -v /storage:/data -p 9000:9000 minio/minio server /data

This assumes that you have sufficient storage available on the server where you are launching the container, and that this storage is provided under the /storage directory.

Note that whilst we do not require the Minio container and storage to be on the same server as the pganalyze container, it typically is easiest to get started that way.

When you now go to the URL http://minio.internal:9000 (replace minio.internal with the actual hostname of the server) you should see the minio login page.

2. Create buckets and configure retention policies

By default, Minio will keep objects forever, which can cause issues with exhausting disk storage after a while. We recommend setting a 35 day expiry policy for Minio using the mc client:

# Replace "my_access_key" and "my_secret_key" with correct values set earlier
mc alias set pganalyze-minio http://localhost:9000 my_access_key my_secret_key

mc mb pganalyze-minio/pganalyze-logs
mc mb pganalyze-minio/pganalyze-snapshots

mc ilm add pganalyze-minio/pganalyze-logs --expiry-days 35
mc ilm add pganalyze-minio/pganalyze-snapshots --expiry-days 35

3. Configuration of the pganalyze container

With the Minio server working, you can now configure the pganalyze container.

First of all, we also need to generate an encryption key, which will be used to encrypt all log data in transit as well as at rest. This way you can be sure that only those that have access to the encryption key can read sensitive log information.

You can generate a key like this:

dd if=/dev/urandom bs=32 count=1 2>/dev/null | openssl base64

And then configure the following environment variables:

LOG_ENCRYPTION_KEY={"1": "base64_encoded_key_here"}

At this point all you need to do is restart the pganalyze container, and then follow the instructions to install the collector on your database servers.

Couldn't find what you were looking for or want to talk about something specific?
Start a conversation with us →