Exciting updates for Crunchy Postgres: Enhancements to TLS, Firewall Management, Monitoring and More
We are excited to announce some big improvements for Crunchy Postgres for you available today. Crunchy Postgres provides everything you need for production ready Postgres in an opinionated distribution built fully on open source, upstream Postgres. Crunchy Postgres powered by our automation provides simple provisioning, backups, high availability, monitoring, and more. Existing Crunchy customers can download this from our Customer Access Portal today. If you’re not using Crunchy Postgres yet, contact us for a demo. For now let’s take a deeper look at what we included in our latest release.
Keeping your data safe and secure is at the core of managing your database. With this release we’re excited about several improvements that continue to improve the security available to you.
In previous releases of Crunchy Postgres our automation would would deploy TLS certificates and keys for you. But what if you’ve already set up a TLS deployment process outside of Crunchy Postgres? Now you can point Crunchy Postgres at these existing certificates and we will configure the components to use them! Of course, you can still have Crunchy Postgres deploy the certs and keys if you prefer.
In keeping with our "secure all the things'' mantra, Grafana support for TLS has been added to this release.
We also have a cleaner connection to pgBackRest. pgBackRest added support for TLS in version 2.37 so it can run in server mode and allow connections without SSH. This is fully supported by Crunchy Postgres the latest updates to our automation playbooks. Going forward we’re going to continue to leverage TLS for server mode over SSH support for pgBackRest.
Crunchy Postgres provides an ability to manage your firewall rules as part of
your deployment. If you’re already managing your firewall rules independent of
Crunchy Postgres you now have more flexibility. You can now indicate if
firewalld should be used or not and we'll check its status and warn
accordingly. You can also, separately, tell us if you want us to manipulate the
firewalld rules or not. By default, of course, we still both enable
firewalld and configure it for you.
It wouldn't be a Crunchy Postgres release without some improvements in the monitoring provided by pgMonitor:
The etcd dashboard now features much more detailed information about the etcd cluster state. A sampling of the new insights available to you include:
- Database Leader changes
- Slow applies
- Health and heartbeat failures
We added Patroni metrics and AlertManager alerts based on these metrics. If you want more Patroni on your dashboards or in your overnight pager, you can enable and configure this new feature.
User Management & Access Control
This release adds support for externally-managed OS users across all the Crunchy Postgres components. Whether you use Active Directory, LDAP, or another directory server, you can now configure Crunchy Postgres to use this instead of locally-created system users.
We’ve also added the ability to override every single system user used by
Crunchy Postgres even if you're using locally-created system users. Don't like
patroni user? Change it to something else.
When something goes wrong the amount of information you’re able to retrieve and
communicate when shareholding is key to timely resolution. In the case where
something goes wrong, you may end up needing help from our amazing Support team.
To make getting support as easy as possible for both you and our Support team,
this release of Crunchy Postgres includes a new playbook:
Running this playbook will reach out and gather the logs, version info, and other information that Support might need. This playbook gathers all this up, creates a tarball, and prompts you to send it into our Support team. This information will help us all in investigating and providing you the support you need.
Wait, there's more!
This release is packed with a number of features and we’ve only covered the highlights so far. We encourage you to review the rest over on our docs. If you have questions please reach out.
September 28, 2022 •More by this author