Percona
Percona Postgres Distribution with TDE support
Percona Postgres is a patched Postgres kernel with pg_tde (Transparent Data Encryption) extension.
It is compatible with PostgreSQL 17.5, and available on all supported platforms.
Get Started
install Pigsty’s with the pgtde config template.
./configure -c pgtde # use percona postgres kernel
./install.yml # setup everything with pigstyConfigure
The following parameters need to be tuned to deploy a PolarDB cluster:
pg-meta:
hosts:
10.10.10.10: { pg_seq: 1, pg_role: primary }
vars:
pg_cluster: pg-meta
pg_users:
- { name: dbuser_meta ,password: DBUser.Meta ,pgbouncer: true ,roles: [dbrole_admin ] ,comment: pigsty admin user }
- { name: dbuser_view ,password: DBUser.Viewer ,pgbouncer: true ,roles: [dbrole_readonly] ,comment: read-only viewer }
pg_databases:
- name: meta
baseline: cmdb.sql
comment: pigsty tde database
schemas: [pigsty]
extensions: [ vector, postgis, pg_tde ,pgaudit, { name: pg_stat_monitor, schema: monitor } ]
pg_hba_rules:
- { user: dbuser_view , db: all ,addr: infra ,auth: pwd ,title: 'allow grafana dashboard access cmdb from infra nodes' }
node_crontab: [ '00 01 * * * postgres /pg/bin/pg-backup full' ] # make a full backup every 1am
# Percona PostgreSQL TDE Ad Hoc Settings
pg_packages: [ percona-main, pgsql-common ] # install percona postgres packages
pg_libs: 'pg_tde, pgaudit, pg_stat_statements, pg_stat_monitor, auto_explain'