A Practical Multi-Tenant Cluster

2,808 views

Published on

Rod Anderson

For the small business support person being able to provide PostgreSQL hosting for a small set of specific applications without having to build and support several Pg installations is necessary. By building a multi-tenant Pg cluster with one tenant per database and each application in it's own schema maintenance and support is much simpler. The issues that present themselves are how to provide and control dba and user access to the database and get the applications into their own schema. With this comes need to make logging in to the database (pg_hba.conf) as non-complex as possible.

0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,808
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
40
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

A Practical Multi-Tenant Cluster

  1. 1. A practical (pragmatic) multi-tenant cluster (Mental meandering) by Rod Anderson raanders@acm.org
  2. 2. Credits • Thomas Jacobs http://wiki.postgresql.org/wiki/Shared_Database_Hosting http://www.internet24.de/ • Thomas Jacobs Scott Marlowe Robert Treat http://archives.postgresql.org/pgsql-admin/2008-08/msg00049.php • Tom Lane For the gentle suggestion to just try it when I asked about using '@' in role names.
  3. 3. What is a multi-tenant cluster? • A single PostgreSQL database cluster. • One (or more) databases per customer. • One chunk of hardware. • Allowing many tenants to run the same applications in their own database.
  4. 4. Why a multi-tenant cluster? • Single superuser (postgres?) for all databases, customers, clients. • Sharing of memory and processor(s). • Low impact applications or low usage needs, i.e. smaller businesses. • Hardware goes further. • Even a server inside a company/organization could benefit by having a database per department.
  5. 5. Issues with a multi-tenant cluster • Missing - per database users/roles Actually there is a method in 8.4 but it doesn't play well with md5 requires the use of password. So if there is a possibility or concern of password "sniffing" this can't be used unless you use a SSL encrypted connection. See the following two links for the gory details. http://www.postgresql.org/docs/current/static/runtime-config-connection.html#GUC-DB-USER-NAMESPACE http://www.postgresql.org/docs/current/static/auth-methods.html • No method to add database roles when there is only a cluster superuser? That is allow create role but restrict those roles to a specific database. • If createuser is granted to a database administrator, what controls and options are there on role naming. • When deleting/removing users/roles how to clean up database spanning ACLs.
  6. 6. • Database resources controls. • Bad queries eating the database engine alive. • Disk and storage quotas • In PostgreSQL? • File system • OS? • CPU and memory quotas • PostgreSQL • OS
  7. 7. What can be done and what can we do to make it easier. • Identify applications that can be modified to support or do support installation into a schema instead of a database. • Get around the global user/roles • Give each database it's own tablespace for data.
  8. 8. Other multi-tenant options Though not what I'd consider true multi-tenant solutions there are • Multiple PostgreSQL instances • Linux-Vservers • XEN • BSD jails(?) • Others?
  9. 9. Steps to create a multi-tenant cluster. 1. Come up with a database and role naming system. 2. Develop scripts to build the database and roles. 3. Method to control access to the cluster as painless as possible. 4. Modify application scripts to use a schema in a database instead of a database.
  10. 10. Here is what I came up with. Databases and their controlling(?) role have short, almost mnemonic, names: acme, tsmg, snoi, etc. Tenant user/role names are in the form dba@acme, rt_user@acme, or ledgersmb@acme. pg_hba.conf has these four entries: local all postgres md5 local samerole all md5 host all postgres 0/0 md5 host samerole all 0/0 md5
  11. 11. To install LedgerSMB I did a manual install and skipped/modified those steps that conflicted with the schema-based install. That is: I created the database, role, and schema then ran the LedgerSMB INSTALL steps manually. To create the database I use a shell script that makes the TABLESPACE directory and builds the SQL script. Here are some excerpts from the file. TSDIR="/var/lib/pgsql/data/ts" TENANT="$1" pushd "$TSDIR" [[ ! -d "$TENANT" ]] && mkdir "$TENANT" chown postgres:postgres "$TENANT" chmod 700 "$TENANT" popd
  12. 12. The script creates and calls this SQL script. (Assuming a tenant called/named acme.) CREATE ROLE acme NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT NOLOGIN; CREATE ROLE "dba@acme" NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT LOGIN ENCRYPTED PASSWORD '07cc54da9f666'; GRANT acme TO "dba@acme"; CREATE TABLESPACE acme_ts OWNER "dba@acme" LOCATION '/var/lib/pgsql/data/ts/acme'; CREATE DATABASE acme WITH OWNER="dba@acme"; COMMENT ON DATABASE acme IS 'Database create 20090319'; c acme GRANT ALL ON SCHEMA public TO "dba@acme" WITH GRANT OPTION;
  13. 13. To create a schema specifically for the application I use a script specific to that application. For LedgerSMB it generates the following SQL script. CREATE ROLE "ledgersmb@acme" NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT LOGIN ENCRYPTED PASSWORD 'c3c20524a6621'; GRANT USAGE ON SCHEMA public TO "ledgersmb@acme"; GRANT CONNECT, TEMPORARY ON DATABASE acme TO "ledgersmb@acme"; GRANT acme TO "ledgersmb@acme"; c acme CREATE SCHEMA ledgersmb AUTHORIZATION "ledgersmb@acme"; COMMENT ON SCHEMA ledgersmb IS 'Schema create 20090319'; ALTER ROLE "ledgersmb@acme" SET search_path = ledgersmb, public

×