Skip to content

Commit

Permalink
Merge pull request #6121 from EnterpriseDB/docs/edits_to_tde_pr6029
Browse files Browse the repository at this point in the history
Edits to TDE: pg to pge tutorial while enabling TDE #6029
  • Loading branch information
gvasquezvargas authored Oct 1, 2024
2 parents 55e5267 + 0e9890b commit aba6820
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 24 deletions.
2 changes: 1 addition & 1 deletion product_docs/docs/tde/15/enabling_tde_epas.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ Use [pg_dumpall](https://www.postgresql.org/docs/current/app-pg-dumpall.html), [

### Creating an encrypted server

1. Create an empty directory for the new server. In this example, the directory name is **TDE**.
1. Create an empty directory for the new server. In this example, the directory name is `TDE`.

```
mkdir /var/lib/edb-as/16/TDE
Expand Down
46 changes: 23 additions & 23 deletions product_docs/docs/tde/15/upgrade_use_cases/postgres_to_extended.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -4,44 +4,44 @@ navTitle: Upgrading PostgreSQL to EDB Postgres Extended Server
deepToC: true
---

Create a new EDB Postgres Extended Server cluster with TDE enabled and use `pg_upgrade` to transfer data from the existing PostgreSQL cluster to the new encrypted cluster.
Create a new EDB Postgres Extended Server cluster with TDE enabled and use pg_upgrade to transfer data from the existing PostgreSQL cluster to the new encrypted cluster.

- [Prepare your upgrade](#preparing-your-upgrade) by performing a backup of the existing instance.
- [Create a new database server](#creating-an-encrypted-server)
- Create an empty directory for the new server and ensure `postgres` owns it.
- [Create a new database server](#creating-an-encrypted-server).
- Create an empty directory for the new server and ensure the postgres user owns it.
- Set the environment variables to export the `wrap` and `unwrap` commands for encryption.
- Initialize a server with encryption enabled.
- Change the default port, so the new server is available at another port.
- Change the default port so the new server is available at another port.
- Start the database server.
- Connect to the database server and ensure it is functioning.
- [Upgrade to the encrypted server](#upgrading-to-the-encrypted-server)
- Connect to the database server and ensure it's functioning.
- [Upgrade to the encrypted server](#upgrading-to-the-encrypted-server).
- Stop both the source and the new server.
- Use `pg_upgrade` with `--copy-by-block` option to copy data from the source server to the new server. Specify the source and target bin and data directories.
- Start the new encrypted databaser server.
- Connect to the encrypted database server and ensure the data was transfered.
- [Clean up and delete the source server](#cleaning-up-after-upgrade)
- Use pg_upgrade with the `--copy-by-block` option to copy data from the source server to the new server. Specify the source and target bin and data directories.
- Start the new encrypted database server.
- Connect to the encrypted database server and ensure the data was transferred.
- [Clean up and delete the source server](#cleaning-up-after-upgrade).
- Clean up the database and its statistics.
- Remove the source PostgreSQL cluster with the script provided by `pg_upgrade`.
- Remove the source PostgreSQL cluster with the script provided by pg_upgrade.

## Worked example

This example upgrades a PostgreSQL 16 instance to EDB Postgres Extended Server 16 while enabling Transparent Data Encryption on an Ubuntu 22.04 machine. The location of the BIN and CONFIG directories differs depending on your operating system and Postgres versions.
This example upgrades a PostgreSQL 16 instance to EDB Postgres Extended Server 16 while enabling Transparent Data Encryption on an Ubuntu 22.04 machine. The location of the bin and config directories differs depending on your operating system and Postgres versions.

### Preparing your upgrade

- Install EDB Postgres Extended Server from the [EDB repository](https://www.enterprisedb.com/repos-downloads). Ensure the version you install has the same major version than the source server. `pg_upgrade` supports upgrades between minor and patch versions, but not between different major versions.
- Install EDB Postgres Extended Server from the [EDB repository](https://www.enterprisedb.com/repos-downloads). Ensure the version you install has the same major version as the source server. pg_upgrade supports upgrades between minor and patch versions but not between different major versions.

- Use [pg_dumpall](https://www.postgresql.org/docs/current/app-pg-dumpall.html), [pgBackRest](/supported-open-source/pgbackrest/), or [Barman](/supported-open-source/barman/) to create a backup of your unencrypted source server.
- Use [pg_dumpall](https://www.postgresql.org/docs/current/app-pg-dumpall.html), [pgBackRest](/supported-open-source/pgbackrest/), or [Barman](/supported-open-source/barman/) to create a backup of your unencrypted source server.

### Creating an encrypted server

1. Create an empty directory for the new server. In this example, the directory name is **TDE**.
1. Create an empty directory for the new server. In this example, the directory name is `TDE`.

```
mkdir /var/lib/edb-pge/16/TDE
mkdir /var/lib/edb-pge/16/TDE
```

1. Ensure the `postgres` user owns the directory:
1. Ensure the postgres user owns the directory:

```
sudo chown postgres /var/lib/edb-pge/16/TDE
Expand All @@ -66,7 +66,7 @@ This example upgrades a PostgreSQL 16 instance to EDB Postgres Extended Server 1
/usr/lib/edb-pge/16/bin/initdb --data-encryption -D /var/lib/edb-pge/16/TDE
```

This command initializes a CONFIG directory with all configuration files for the encrypted server.
This command initializes a config directory with all configuration files for the encrypted server.

1. Modify the default port number in the configuration file of the encrypted instance. Uncomment the line with `#port` and change the port number. For example:

Expand All @@ -87,7 +87,7 @@ This example upgrades a PostgreSQL 16 instance to EDB Postgres Extended Server 1
```

!!!note
If you're using two different Postgres versions, use the psql utility of the encrypted server. Otherwise, the system will attempt to use psql from the previous instance.
If you're using two different Postgres versions, use the psql utility of the encrypted server. Otherwise, the system attempts to use psql from the previous instance.

1. To ensure the new server is encrypted, [check for TDE presence](../enabling_tde/#checking-for-tde-presence-using-sql).

Expand All @@ -102,7 +102,7 @@ This example upgrades a PostgreSQL 16 instance to EDB Postgres Extended Server 1

1. To test for incompatibilities, run the `pg_upgrade` command in check mode.

With `-b` and `-B`, specify the source and target BIN directories. With `-d` and `-D`, specify the source and target CONFIG directories.
With `-b` and `-B`, specify the source and target BIN directories. With `-d` and `-D`, specify the source and target config directories.
Include the `--copy-by-block` option.

```
Expand Down Expand Up @@ -145,15 +145,15 @@ This example upgrades a PostgreSQL 16 instance to EDB Postgres Extended Server 1

### Cleaning up after upgrade

After you verify that `pg_upgrade` encrypted the data successfully, perform a cleanup.
After you verify that pg_upgrade encrypted the data successfully, perform a cleanup.

1. As the `postgres` user, clean up the database and its statistics:
1. As the postgres user, clean up the database and its statistics:

```
/usr/lib/edb-pge/16/bin/vacuumdb --all --analyze-in-stages
```

1. Remove all data files of the unencrypted server with the script generated by `pg_upgrade`:
1. Remove all data files of the unencrypted server with the script generated by pg_upgrade:

```
./delete_old_cluster.sh
Expand Down

1 comment on commit aba6820

@github-actions
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.