Acronis Data Protection 15 Backup of Postgresql Databases

Acronis Data Protection 15 Backup of PostgreSQL Databases

INSTALLING AND CONFIGURING Revision: 4/21/2021 Table of contents

1 Introduction 3 2 Supported Operating Systems 4 2.1 Supported Windows Operating Systems 4 2.2 Supported Linux Operating Systems 4 3 Supported PostgreSQL versions 5 4 Preparing to install the program 6 4.1 Prerequisites 6 4.2 Required program components 6 4.3 Setting up user authentication and authorization 6 5 Installing and configuring the program 10

2 © LLC Acronis-Infoprotect, 2021 1 Introduction

Acronis Data Protection 15 supports backing up PostgreSQL databases, as well as Postgres databases developed specifically for the Russian market based on the open-source PostgreSQL DBMS.

The current version of the program supports only full backup - backup of clusters with databases. One server can have multiple clusters.

3 © LLC Acronis-Infoprotect, 2021 2 Supported Operating Systems

To back up PostgreSQL databases, you will need to install the Acronis Data Protection agent for the operating system you are using (Windows agent or Linux agent), as well as the PostgreSQL agent. Requirements for operating systems supported by Windows and Linux agents are given in the Acronis Data Protection documentation in the Software Requirements section

However, the PostgreSQL agent has more strict requirements for operating systems. The PostgreSQL agent can only run on next-generation 64-bit operating systems. So as Windows and Linux agents could work together with the PostgreSQL agent, refer to the below listed supported operating systems.

2.1 Supported Windows Operating Systems

l Windows Server 2008 R2 (x64)

l Windows Server 2012 R2 (x64)

l Windows Server 2016

l Windows 7 (x64)

l Windows 8 or 8.1 (x64)

l Windows 10

2.2 Supported Linux Operating Systems

Linux kernel version 2.6.23 or later:

l Red Hat Enterprise Linux 5.x or later

l Ubuntu 9.10 or later

l Fedora 9 or later

l SUSE Linux Enterprise Server 11 or later

l Debian 5 or later

l CentOS 6.x or later

l PostgreSQL Linux 6.x or later

l Astra Linux 1.2 or later

l ClearOS 6.x or later

l ALT Linux 7.0 or later

Before installing the product on a system that does not use RPM Package Manager, such as an Ubuntu system, you need to install this manager manually; for example, by running the following command (as the root user):: apt-get install rpm

4 © LLC Acronis-Infoprotect, 2021 3 Supported PostgreSQL versions

You can backup databases in the following versions of PostgreSQL:

l PostgreSQL 9.6

l PostgreSQL 10

l PostgreSQL 11

l PostgreSQL 12

l PostgreSQL 13

5 © LLC Acronis-Infoprotect, 2021 4 Preparing to install the program

4.1 Prerequisites

To work with PostgreSQL, you must have Acronis Data Protection Advanced licenses for each PostreSQL cluster that you plan to back up. The number of licenses does not depend on the number of PostgreSQL agents installed.

4.2 Required program components

To protect PostgreSQL data, you need to install the following components:

l Management server allows you to centrally manage multiple machines: create backup plans, track their execution, deploy agents, and perform other actions. It can be installed on a Windows or Linux machine that has network access to all managed machines. To install the management server, follow the steps in the user documentation section Installing Management server.

l Agents are required to back up servers and databases. o Depending on the operating system on the server running PostgreSQL, install Agent for Windows or Agent for Linux on your server. o To protect a physical or virtual server running PostgreSQL, install Agent for PostgreSQL. To install agents, follow the steps in the user documentation section Local installation of agents.

The PostgreSQL agent can be installed either on the server where the PostgreSQL databases are located, or on another machine.

If you are installing PostgreSQL agent on another machine:

1. Make sure the agent machine and PostgreSQL server can communicate over the network. Open the necessary ports, configure the connection, if necessary, configure the proxy server. 2. On the PostgreSQL server, allow local inbound connections of the replication type.

4.3 Setting up user authentication and authorization

To configure connection between Acronis Data Protection and PostgreSQL, specify the authentication parameters in the configuration file pg_hba.conf located in the directory with the database cluster data (HBA stands for host-based authentication). The standard content file pg_hba.conf is created by the initdb command during initialization of the data directory.

The usual format for a pg_hba.conf file is a set of entries, one per line. Blank lines are ignored, as are any comment text after the # sign. The entries do not continue on the next line. Records consist of a number of fields separated by spaces and/or tabs. Spaces can be used in fields if enclosed in quotation marks. If any reserved word in a database field, a user name field or an address field is quoted (for example, all or replication), then the word loses its special meaning and simply denotes the database, the user or the server name.

6 © LLC Acronis-Infoprotect, 2021 Each entry indicates the type of connection, the range of client IP addresses (if it matches the type of the connection), the database name, the user name, and the authentication method that will be used for the connection according to these parameters. The first entry with the appropriate connection type, the client address, the specified database and the user name is used for authentication. The fall-through or backup procedures do not work: if an entry is selected and authentication fails, subsequent entries are not considered. If none of the entries match, access will be denied.

Specify parameters in the following format:

The preset is:

TYPE

Connection type The local value controls connections over Unix sockets. Without such a record, connections via Unix sockets are impossible. The host value controls connections over TCP/IP.

DATABASE

Determines which database names this record matches. The all value determines that all databases are suitable. The replication value indicates that the entry matches when a connection is requested for physical replication (note that no specific database is selected for such connections).. Multiple database names can be specified. Separate them with commas. The file containing database names can be specified by placing the @ sign at the beginning of its name.

USER

Indicates which user name (or names) this entry corresponds to. The all value indicates that the entry matches all users. Multiple database names can be specified. Separate them with commas. A file containing user names can be specified by placing the @ sign at the beginning of its name.

ADDRESS

Specifies the address (or addresses) of the client machine that this entry corresponds to. This field can contain either a computer name, a range of IP addresses, or one of the following keywords.

7 © LLC Acronis-Infoprotect, 2021 The range of IP addresses is specified as the starting address of the range, followed by a forward slash (/) and the length of the CIDR mask. The mask length specifies the number of the most significant bits of the client IP address, which must match the bits of the IP address of the range. Bits to the right of the specified IP address must be zero. There must be no whitespace between the IP address and the length of the CIDR mask.

Typical examples of IPv4 address ranges specified in the following way: 172.20.143.89/32 for one computer, 172.20.143.0/24 for a small and 10.6.0.0/16 for a large network. An IPv6 address range can look like ::1/128 for one computer (this is an IPv6 loopback address) or like fe80::7a31:c1ff:0000:0000/96 for a small network. 0.0.0.0/0 stands for all IPv4 addresses, and ::0/0 stands for all IPv6 addresses. To specify a single computer, use a mask length of 32 for IPv4 addresses or 128 for IPv6 addresses. Do not omit trailing zeros in the network addresses.

An IPv4 entry will only work for IPv4 connections, and an IPv6 entry will only work for IPv6 connections, even if the presented address is in the IPv4-in-IPv6 range. Note that IPv6 entries will not be accepted if the C system library does not support IPv6 addresses.

You can also enter the all value to specify any IP address, the samehost value to specify any IP addresses of this server, or the samenet value to specify any address of any subnet to which the server is directly connected.

If a computer name is specified (anything that is not an IP address range or special keyword is treated as a computer name), it is compared with the result of a reverse translation of the client IP address (for example, a reverse DNS query if DNS is used). Comparing computer names is not case sensitive. If the names match, a direct name resolution is performed (for example, a direct DNS lookup) to check if the client IP address refers to the addresses that match the name. If the two-sided validation passes, the entry is considered as matching the computer. (The host name in the pg_hba.conf file must match the returned value when resolving the client's IP address to a name, otherwise the string will not match the host. Some name databases allow multiple host names to be associated with a single IP address, but the operating system only returns one name when attempting to resolve an IP address.)

A name specification starting with a period (.) matches the suffix of the actual node name. This way, .example.com will match for.example.com (and not only example.com).

When specifying host names in pg_hba.conf, make sure the name was resolved fast enough. A local name resolution cache such as nscd can be useful. You can also enable the log_host name configuration parameter to see the client computer name in the logs instead of the IP address.

METHOD

Authentication method.

To connect to PostgreSQL with a user name and password, specify the md5 value. PostgreSQL will verify the user's password using SCRAM-SHA-256 or MD5 authentication.

The ident value gets the client operating system user name by contacting the Ident server and checks to see if it matches the database username. Ident authentication can only be used for TCP/IP connections. For local connections peer authentication is used.

8 © LLC Acronis-Infoprotect, 2021 The peer value gets the client operating system user name from the operating system and checks if it matches the requested database username. Available for local connections only.

Follow the following steps to install and configure the program:

1. Prepare the PostgreSQL server. Pay attention to the Supported PostgreSQL versions. 2. If you are installing the PostgreSQL agent on a non-PostgreSQL server, Prepare the connection. 3. Configure the Authentication settings on the PostgreSQL server. 4. Install Acronis Data Protection, which includes the PostgreSQL agent. More details in the Installation section of the project documentation. During the installation process, you will be prompted to select the agents you want to install. Select the PostgreSQL agent and the Windows agent. They are installed together.

5. After installing the program via the Acronis Data Protection web console, add the Acronis Data Protection Advanced licenses for each PostreSQL cluster that you plan to back up. More details in the Managing licenses section of the project documentation. 6. Add PostgreSQL devices via the Acronis Data Protection web console: a. Click All Devices > Add. b. Select PostgreSQL from the Programs list. More details in the Adding machines section of the project documentation.

7. Configure connection to PostgreSQL through the Acronis Data Protection web console. a. Select the PostgreSQL agent. b. Specify the host name or IP address of the PostgreSQL server and the connection port (by default, port 5432), the user name and password of the account to connect to PostgreSQL and click the Add button. Make sure you have configured the md5 authentication method when configuring the Authentication settings .

The PostgreSQL section with the added server appears in the device list.

8. Configure backup of PostgreSQL databases: settings, schedule, clearing, encryption. More details in the Creating protection plan section of the project documentation.

As a result, you will be able to:

l Back up PostgreSQL databases. More details in the Backup section of the project documentation. In the current version, backups can only be made to a local folder, and only full backups can be made.

l Restore PostgreSQL databases from backups. More details in the Restore section of the project documentation. Recovery can be performed only for files (the % Program Files%\PostgreSQL\\ data folder in Windows).