Introducing Crunchy Data Warehouse: A next-generation Postgres-native data warehouse. Crunchy Data Warehouse Learn more

Production Postgres

Exciting updates for Crunchy Postgres: Enhancements to TLS, Firewall Management, Monitoring and More

Avatar for Douglas Hunley

Douglas Hunley

4 min read

We are excited to announce some big improvements for Crunchy Postgres for you available today. Crunchy Postgres provides everything you need for production ready Postgres in an opinionated distribution built fully on open source, upstream Postgres. Crunchy Postgres powered by our automation provides simple provisioning, backups, high availability, monitoring, and more. Existing Crunchy customers can download this from our Customer Access Portal today. If you’re not using Crunchy Postgres yet, contact us for a demo. For now let’s take a deeper look at what we included in our latest release.

Security Matters

Keeping your data safe and secure is at the core of managing your database. With this release we’re excited about several improvements that continue to improve the security available to you.

TLS

In previous releases of Crunchy Postgres our automation would would deploy TLS certificates and keys for you. But what if you’ve already set up a TLS deployment process outside of Crunchy Postgres? Now you can point Crunchy Postgres at these existing certificates and we will configure the components to use them! Of course, you can still have Crunchy Postgres deploy the certs and keys if you prefer.

In keeping with our "secure all the things'' mantra, Grafana support for TLS has been added to this release.

We also have a cleaner connection to pgBackRest. pgBackRest added support for TLS in version 2.37 so it can run in server mode and allow connections without SSH. This is fully supported by Crunchy Postgres the latest updates to our automation playbooks. Going forward we’re going to continue to leverage TLS for server mode over SSH support for pgBackRest.

Firewall

Crunchy Postgres provides an ability to manage your firewall rules as part of your deployment. If you’re already managing your firewall rules independent of Crunchy Postgres you now have more flexibility. You can now indicate if firewalld should be used or not and we'll check its status and warn accordingly. You can also, separately, tell us if you want us to manipulate the firewalld rules or not. By default, of course, we still both enable firewalld and configure it for you.

Monitoring Updates

It wouldn't be a Crunchy Postgres release without some improvements in the monitoring provided by pgMonitor:

etcd

The etcd dashboard now features much more detailed information about the etcd cluster state. A sampling of the new insights available to you include:

  • Database Leader changes
  • Slow applies
  • Health and heartbeat failures

grafana screenshot

Patroni

We added Patroni metrics and AlertManager alerts based on these metrics. If you want more Patroni on your dashboards or in your overnight pager, you can enable and configure this new feature.

User Management & Access Control

This release adds support for externally-managed OS users across all the Crunchy Postgres components. Whether you use Active Directory, LDAP, or another directory server, you can now configure Crunchy Postgres to use this instead of locally-created system users.

We’ve also added the ability to override every single system user used by Crunchy Postgres even if you're using locally-created system users. Don't like that patroni user? Change it to something else.

Support playbook

When something goes wrong the amount of information you’re able to retrieve and communicate when shareholding is key to timely resolution. In the case where something goes wrong, you may end up needing help from our amazing Support team. To make getting support as easy as possible for both you and our Support team, this release of Crunchy Postgres includes a new playbook: ansible-playbook crunchy-support-playbook.yml.

Running this playbook will reach out and gather the logs, version info, and other information that Support might need. This playbook gathers all this up, creates a tarball, and prompts you to send it into our Support team. This information will help us all in investigating and providing you the support you need.

Wait, there's more!

This release is packed with a number of features and we’ve only covered the highlights so far. We encourage you to review the rest over on our docs. If you have questions please reach out.

Related Articles