Postgres
This page contains the setup guide and reference information for the Postgres source connector for CDC and non-CDC workflows.
When to use Postgres with CDC
Configure Postgres with CDC if:
- You need a record of deletions
- Your table has a primary key but doesn't have a reasonable cursor field for incremental syncing (updated_at). CDC allows you to sync your table incrementally
If your goal is to maintain a snapshot of your table in the destination but the limitations prevent you from using CDC, consider using non-CDC incremental sync [Coming Soon] and occasionally reset the data and re-sync.
If your dataset is small and you just want a snapshot of your table in the destination, consider using Full Refresh replication for your table instead of CDC.
Prerequisites
- Use Postgres v9.3.x or above for non-CDC workflows and Postgres v10 or above for CDC workflows
Setup guide
Step 1: (Optional) Create a dedicated read-only user
We recommend creating a dedicated read-only user for better permission control and auditing. Alternatively, you can use an existing Postgres user in your database.
To create a dedicated user, run the following command:
CREATE USER <user_name> PASSWORD 'your_password_here';
Grant access to the relevant schema:
GRANT USAGE ON SCHEMA <schema_name> TO <user_name>
NOTE
To replicate data from multiple Postgres schemas, re-run the command to grant access to all the relevant schemas.
Grant the user read-only access to the relevant tables:
GRANT SELECT ON ALL TABLES IN SCHEMA <schema_name> TO <user_name>;
Allow users to see tables created in the future:
ALTER DEFAULT PRIVILEGES IN SCHEMA <schema_name> GRANT SELECT ON TABLES TO <user_name>;
Additionally, if you plan to configure CDC for the Postgres source connector, grant REPLICATION permissions to the user:
ALTER USER <user_name> REPLICATION;
Syncing a subset of columns
Currently, there is no way to sync a subset of columns using the Postgres source connector:
- When setting up a connection, you can only choose which tables to sync, but not columns.
- If the user can only access a subset of columns, the connection check will pass. However, the data sync will fail with a permission-denied exception.
The workaround for partial table syncing is to create a view on the specific columns, and grant the user read access to that view:
CREATE VIEW <view_name> as SELECT <columns> FROM <table>;
GRANT SELECT ON TABLE <view_name> IN SCHEMA <schema_name> to <user_name>;
Note: The workaround works only for non-CDC setups since CDC requires data to be in tables and not views.
Step 2: Set up the Postgres connector in Connect
- Navigate back to Connect and create a new Source.
- On the Set up the source page, select Postgres from the Source type dropdown.
- Enter a name for your source.
- For the Host, Port, and DB Name, enter the hostname, port number, and name for your Postgres database.
- List the Schemas you want to sync.
NOTE
The schema names are case-sensitive. The 'public' schema is set by default. Multiple schemas may be used at one time. No schemas set explicitly - will sync all of existing. - For User and Password, enter the username and password you created in Step 1.
- To customize the JDBC connection beyond common options, specify additional supported JDBC URL parameters as key-value pairs separated by the symbol & in the JDBC URL Parameters (Advanced) field.
Example: key1=value1&key2=value2&key3=value3
These parameters will be added at the end of the JDBC URL that the Connect will use to connect to your Postgres database.
The connector now supports connectTimeout and defaults to 60 seconds. Setting connectTimeout to 0 seconds will set the timeout to the longest time available.
Note: Do not use the following keys in JDBC URL Params field as they will be overwritten: currentSchema, user, password, ssl, and sslmode.
DANGER
This is an advanced configuration option. Users are advised to use it with caution. - For SSL Modes, select:
- disable to disable encrypted communication between Connect and the source
- allow to enable encrypted communication only when required by the source
- prefer to allow unencrypted communication only when the source doesn't support encryption
- require to always require encryption. Note: The connection will fail if the source doesn't support encryption.
- verify-ca to always require encryption and verify that the source has a valid SSL certificate
- verify-full to always require encryption and verify the identity of the source
- For Replication Method, select Standard or Logical CDC from the dropdown. Refer to Configuring Postgres connector with Change Data Capture (CDC) for more information.
- For SSH Tunnel Method, select:
- No Tunnel for a direct connection to the database
- SSH Key Authentication to use an RSA Private as your secret for establishing the SSH tunnel
- Password Authentication to use a password as your secret for establishing the SSH tunnel
Refer to Connect via SSH Tunnel for more information. 13. Click Set up source.
Connect via SSH Tunnel
You can connect to a Postgres instance via an SSH tunnel.
When using an SSH tunnel, you are configuring Connect to connect to an intermediate server (also called a bastion or a jump server) that has direct access to the database. Connect connects to the bastion and then asks the bastion to connect directly to the server.
To connect to a Postgres instance via an SSH tunnel:
- While setting up the Postgres source connector, from the SSH tunnel dropdown, select:
- SSH Key Authentication to use a private as your secret for establishing the SSH tunnel
- Password Authentication to use a password as your secret for establishing the SSH Tunnel
- For SSH Tunnel Jump Server Host, enter the hostname or IP address for the intermediate (bastion) server that Connect will connect to.
- For SSH Connection Port, enter the port on the bastion server. The default port for SSH connections is 22.
- For SSH Login Username, enter the username to use when connecting to the bastion server. Note: This is the operating system username and not the Postgres username.
- For authentication:
- If you selected SSH Key Authentication, set the SSH Private Key to the private Key that you are using to create the SSH connection.
- If you selected Password Authentication, enter the password for the operating system user to connect to the bastion server. Note: This is the operating system password and not the Postgres password.
Generating a Private Key
The connector supports any SSH compatible key format such as RSA or Ed25519. To generate an RSA key, for example, run:
ssh-keygen -t rsa -m PEM -f myuser_rsa
The command produces the private key in PEM format and the public key remains in the standard format used by the authorized_keys file on your bastion server. Add the public key to your bastion host to the user you want to use with Connect. The private key is provided via copy-and-paste to the Connect connector configuration screen to allow it to log into the bastion server.
Configuring Postgres connector with Change Data Capture (CDC)
Connect uses logical replication of the Postgres write-ahead log (WAL) to incrementally capture deletes using a replication plugin. To learn more about how Connect implements CDC, refer to Change Data Capture (CDC)
CDC Considerations
- Incremental sync is only supported for tables with primary keys. For tables without primary keys, use Full Refresh sync.
- Data must be in tables and not views. If you require data synchronization from a view, you would need to create a new connection with Standard as Replication Method.
- The modifications you want to capture must be made using DELETE/INSERT/UPDATE. For example, changes made using TRUNCATE/ALTER will not appear in logs and therefore in your destination.
- Schema changes are not supported automatically for CDC sources. Reset and resync data if you make a schema change.
- The records produced by DELETE statements only contain primary keys. All other data fields are unset.
- Log-based replication only works for master instances of Postgres. CDC cannot be run from a read-replica of your primary database.
- Using logical replication increases disk space used on the database server. The additional data is stored until it is consumed.
- Set frequent syncs for CDC to ensure that the data doesn't fill up your disk space.
- If you stop syncing a CDC-configured Postgres instance with Connect, delete the replication slot. Otherwise, it may fill up your disk space.
CONNECTOR CONFIGURATION ARE SUPPORTED ONLY ON PRIMARY/MASTER DB HOST/SERVERS. DO NOT POINT CONNECTOR CONFIGURATION TO REPLICA DB HOSTS, IT WILL NOT WORK.. :::
Setting up CDC for Postgres
Connect requires a replication slot configured only for its use. Only one source should be configured that uses this replication slot. See Setting up CDC for Postgres for instructions.
Step 1: Enable logical replication
To enable logical replication on bare metal, VMs (EC2/GCE/etc), or Docker, configure the following parameters in the postgresql.conf file for your Postgres database:
Parameter | Description | Set value to |
wal_level | Type of coding used within the Postgres write-ahead log | logical |
max_wal_senders | The maximum number of processes used for handling WAL changes | Min: 1 |
max_replication_slots | The maximum number of replication slots that are allowed to stream WAL changes | 1 (if Connect is the only service reading subscribing to WAL changes. More than 1 if other services are also reading from the WAL) |
To enable logical replication on AWS Postgres RDS or Aurora:
- Go to the Configuration tab for your DB cluster.
- Find your cluster parameter group. Either edit the parameters for this group or create a copy of this parameter group to edit. If you create a copy, change your cluster's parameter group before restarting.
- Within the parameter group page, search for rds.logical_replication. Select this row and click Edit parameters. Set this value to 1.
- Wait for a maintenance window to automatically restart the instance or restart it manually.
To enable logical replication on Azure Database for Postgres:
Change the replication mode of your Postgres DB on Azure to logical using the Replication menu of your PostgreSQL instance in the Azure Portal. Alternatively, use the Azure CLI to run the following command:
az postgres server configuration set --resource-group group --server-name server --name azure.replication_support --value logical
az postgres server restart --resource-group group --name server
Step 3: Create replication slot
Connect currently supports pgoutput plugin only. To create a replication slot called connect_slot using pgoutput, run:
SELECT pg_create_logical_replication_slot('connect_slot', 'pgoutput');
Step 4: Create publications and replication identities for tables
For each table you want to replicate with CDC, add the replication identity (the method of distinguishing between rows) first:
To use primary keys to distinguish between rows for tables that don't have a large amount of data per row, run:
ALTER TABLE tbl1 REPLICA IDENTITY DEFAULT;
In case your tables use data types that support TOAST and have very large field values, use:
ALTER TABLE tbl1 REPLICA IDENTITY FULL;
After setting the replication identity, run:
CREATE PUBLICATION connect_publication FOR TABLE <tbl1, tbl2, tbl3>;`
The publication name is customizable. Refer to the Postgres docs if you need to add or remove tables from your publication in the future.
You must add the replication identity before creating the publication. Otherwise, ALTER/UPDATE/DELETE statements may fail if Postgres cannot determine how to uniquely identify rows. Also, the publication should include all the tables and only the tables that need to be synced. Otherwise, data from these tables may not be replicated correctly. :::
Step 5: [Optional] Set up initial waiting time
DANGER
This is an advanced feature. Use it if absolutely necessary.
The Postgres connector may need some time to start processing the data in the CDC mode in the following scenarios:
- When the connection is set up for the first time and a snapshot is needed
- When the connector has a lot of change logs to process
The connector waits for the default initial wait time of 5 minutes (300 seconds). Setting the parameter to a longer duration will result in slower syncs, while setting it to a shorter duration may cause the connector to not have enough time to create the initial snapshot or read through the change logs. The valid range is 120 seconds to 1200 seconds.
If you know there are database changes to be synced, but the connector cannot read those changes, the root cause may be insufficient waiting time. In that case, you can increase the waiting time (example: set to 600 seconds) to test if it is indeed the root cause. On the other hand, if you know there are no database changes, you can decrease the wait time to speed up the zero record syncs.
Step 6: Set up the Postgres source connector
In Step 2 of the connector setup guide, enter the replication slot and publication you just created.
Supported sync modes
The Postgres source connector supports the following sync modes:
- Full Refresh - Overwrite
- Full Refresh - Append
- Incremental Sync - Append [Coming Soon]
- Incremental Sync - Deduped History [Coming Soon]
Supported cursors
- TIMESTAMP
- TIMESTAMP_WITH_TIMEZONE
- TIME
- TIME_WITH_TIMEZONE
- DATE
- BIT
- BOOLEAN
- TINYINT/SMALLINT
- INTEGER
- BIGINT
- FLOAT/DOUBLE
- REAL
- NUMERIC/DECIMAL
- CHAR/NCHAR/NVARCHAR/VARCHAR/LONGVARCHAR
- BINARY/BLOB
Data type mapping
According to Postgres documentation, Postgres data types are mapped to the following data types when synchronizing data. If you can't find the data type you are looking for or have any problems feel free to add a new test!
Postgres Type | Resulting Type | Notes |
bigint | number | |
bigserial, serial8 | number | |
bit | string | Fixed-length bit string (e.g. "0100"). |
bit varying, varbit | string | Variable-length bit string (e.g. "0100"). |
boolean, bool | boolean | |
box | string | |
bytea | string | Variable length binary string with hex output format prefixed with "\x" (e.g. "\x6b707a"). |
character, char | string | |
character varying, varchar | string | |
cidr | string | |
circle | string | |
date | string | Parsed as ISO8601 date time at midnight. CDC mode doesn't support era indicators. |
double precision, float, float8 | number | Infinity, -Infinity, and NaN are not supported and converted to null. |
hstore | string | |
inet | string | |
integer, int, int4 | number | |
interval | string | |
json | string | |
jsonb | string | |
line | string | |
lseg | string | |
macaddr | string | |
macaddr8 | string | |
money | number | |
numeric, decimal | number | Infinity, -Infinity, and NaN are not supported and converted to null. |
path | string | |
pg_lsn | string | |
point | string | |
polygon | string | |
real, float4 | number | |
smallint, int2 | number | |
smallserial, serial2 | number | |
serial, serial4 | number | |
text | string | |
time | string | Parsed as a time string without a time-zone in the ISO-8601 calendar system. |
timetz | string | Parsed as a time string with time-zone in the ISO-8601 calendar system. |
timestamp | string | Parsed as a date-time string without a time-zone in the ISO-8601 calendar system. |
timestamptz | string | Parsed as a date-time string with time-zone in the ISO-8601 calendar system. |
tsquery | string | |
tsvector | string | |
uuid | string | |
xml | string | |
enum | string | |
tsrange | string | |
array | array | E.g. "[\"10001\",\"10002\",\"10003\",\"10004\"]". |
composite type | string |
Limitations
- The Postgres source connector currently does not handle schemas larger than 4MB.
- The Postgres source connector does not alter the schema present in your database. Depending on the destination connected to this source, however, the schema may be altered. See the destination's documentation for more details.
- The following two schema evolution actions are currently supported:
- Adding/removing tables without resetting the entire connection at the destination Caveat: In the CDC mode, adding a new table to a connection may become a temporary bottleneck. When a new table is added, the next sync job takes a full snapshot of the new table before it proceeds to handle any changes.
- Resetting a single table within the connection without resetting the rest of the destination tables in that connection
- Changing a column data type or removing a column might break connections.
Troubleshooting
Sync data from Postgres hot standby server
When the connector is reading from a Postgres replica that is configured as a Hot Standby, any update from the primary server will terminate queries on the replica after a certain amount of time, default to 30 seconds. This default waiting time is not enough to sync any meaning amount of data. See the Handling Query Conflicts section in the Postgres documentation for detailed explanation.
Here is the typical exception:
Caused by: org.postgresql.util.PSQLException: FATAL: terminating connection due to conflict with recovery
Detail: User query might have needed to see row versions that must be removed.
Hint: In a moment you should be able to reconnect to the database and repeat your command.
Possible solutions include:
- [Recommended] Set hot_standby_feedback to true on the replica server. This parameter will prevent the primary server from deleting the write-ahead logs when the replica is busy serving user queries. However, the downside is that the write-ahead log will increase in size.
- [Recommended] Sync data when there is no update running in the primary server, or sync data from the primary server.
- [Not Recommended] Increase max_standby_archive_delay and max_standby_streaming_delay to be larger than the amount of time needed to complete the data sync. However, it is usually hard to tell how much time it will take to sync all the data. This approach is not very practical.
Under CDC incremental mode, there are still full refresh syncs
Normally under the CDC mode, the Postgres source will first run a full refresh sync to read the snapshot of all the existing data, and all subsequent runs will only be incremental syncs reading from the write-ahead logs (WAL). However, occasionally, you may see full refresh syncs after the initial run. When this happens, you will see the following log:
Saved offset is before Replication slot's confirmed_flush_lsn, Connect will trigger sync from scratch
The root causes is that the WALs needed for the incremental sync has been removed by Postgres. This can occur under the following scenarios:
- When there are lots of database updates resulting in more WAL files than allowed in the pg_wal directory, Postgres will purge or archive the WAL files. This scenario is preventable. Possible solutions include:
- Set a higher wal_keep_size. If no unit is provided, it is in megabytes, and the default is 0. See detailed documentation here. The downside of this approach is that more disk space will be needed.
- When the Postgres connector successfully reads the WAL and acknowledges it to Postgres, but the destination connector fails to consume the data, the Postgres connector will try to read the same WAL again, which may have been removed by Postgres, since the WAL record is already acknowledged. This scenario is rare, because it can happen, and currently there is no way to prevent it. The correct behavior is to perform a full refresh.