Reliable Infra: Rock-Solid and Secure
Towering peaks, bedrock solid, standing firm at any summit!
High-Availability: HA PostgreSQL
Pigsty leverages PostgreSQL physical replication to deliver industry-leading high availability solutions.
Core metrics like RTO and RPO can be adjusted based on requirements, balancing trade-offs for specific scenarios.
- Primary failover metrics: RTO ≈ 30 seconds (adjustable)
- async commit mode: RPO < 1MB, crit mode: RPO = 0 (adjustable)
- Replica failure / switchover: RTO ≈ 0 seconds
Self-Healing: Adaptive service failover
Self-healing architecture with primary-replica topology transparent to applications, providing a multi-writer experience similar to distributed databases
Flexible service access automatically redirects traffic after failover, allowing both developers and operations to sleep peacefully
- Deep integration of industry HA best practices: Patroni, Etcd, HAProxy, VIP Manager
- Four default services: primary, replica, offline, default, with read-write splitting and customization options
- Automatic read/write traffic switching based on health checks, without manual intervention or application restarts
- Flexible connection methods: direct IP connection, connection pools, L2 VIP, L4 load balancing, service discovery, etc.
pg-pitr # Recover to WAL archive endpoint
pg-pitr -i # Recover to most recent backup point
pg-pitr --time=2022-12-30 14:44:44+08 # Recover to specific time point
pg-pitr --name=my-restore-point # Recover to named restore point
pg-pitr --lsn=0/7C82CB8 -X # Recover immediately before LSN
pg-pitr --xid=1234567 -X -P # Recover before specified XID
pg-pitr --backup=latest # Recover to latest backup set
pg-pitr --backup=20221108-105325 # Recover to specific backup setPITR Protection: Preconfigured point-in-time recovery
Pigsty preconfigures base backups and enables WAL archiving by default, allowing quick rollback to any historical point in time.
Whether using local backup disks or remote cold storage, mature disaster recovery solutions are available to suit various needs and budgets.
- Deep integration of industry backup best practices: pgBackRest + MinIO / Local Disk / S3
- Protection against software defects and human errors causing cluster/database/table/data deletion
- One-click backup and restore, ready out-of-the-box, with flexible backup strategies via scheduled tasks
- In-place concurrent incremental PITR, fast recovery with quick retry options to determine optimal recovery points
Infra Closure: No external dependencies
Pigsty integrates a complete infrastructure closure for PostgreSQL RDS, requiring no external dependencies.
Local software repositories ensure operational independence - even if the internet disappeared, you could run locally until the end of time.
- Observability infrastructure: Prometheus / Grafana
- Load balancing and reverse proxy: Nginx / HAProxy
- Configuration and object storage: Etcd / MinIO
- Critical services DNS and NTP: DNSMasq / Chronyd
| Role Name | Description |
|---|---|
| dbrole_readonly | Role: Global read-only access |
| dbrole_readwrite | Role: Global read-write access |
| dbrole_admin | Role: Admin/object creation |
| dbrole_offline | Role: Limited read-only access |
| postgres | System superuser |
| replicator | System replication user |
| dbuser_dba | PostgreSQL admin user |
| dbuser_monitor | PostgreSQL monitoring user |
Access Control: Built-in best-practice model
Sufficiently secure default access control model with read/write/admin/analytics/monitoring/DBA roles, each with specific responsibilities.
Carefully designed following the principle of least privilege to prevent unauthorized access, ready to use out-of-the-box and easy to customize.
- Default roles: readonly / readwrite / admin / offline
- Default users: DBSU / DBA / replication / monitoring
- Default HBA rule sets with simple configuration options
- Synchronized connection pool user credentials management, no separate maintenance required
Confidentiality: Guaranteed data security
Self-signed CA, end-to-end SSL encryption, password-protected backups and sensitive endpoints, with strict access control via allow/deny lists.
Each component follows industry best practices, creating multiple layers of defense for data security - as long as passwords are secure, your data remains safe.
- Local CA-issued certificates with SSL/TLS enabled globally by default
- SCRAM-SHA-256 verification, AES-encrypted backup data
- Precise allow/deny list default policies to prevent unauthorized access
- All externally exposed web services are uniformly managed through Nginx
Data Integrity: Thorough verification
Prevent silent corruption and data block damage through data checksums, multiple replicas, and delayed standby servers.
Combined with audit plugins and centralized logging, compliance reviews and troubleshooting become more efficient and transparent.
- CRIT configuration template: optimized for data integrity
- Data checksums enabled to prevent silent data corruption
- WatchDog: STONITH to prevent cluster split-brain
- Audit plugin logs: centrally collected, tamper-proof, and available for verification
Production Benchmark Case
PG Clusters
100+
CPU Cores
25,000
Deduplicated Data
200TB
Overall Availability
> 99.999%
Stable operation in production for 6 years, overall availability > 99.999%
Battle-Tested: Availability benchmark
Pigsty has been running robustly in many large organizations, helping database services maintain 99.999%+ availability.
Rolling upgrades, flash-cut switchovers, and maintenance without downtime contribute to achieving ultimate business continuity.
- No single points of failure: all critical components have redundant designs for full high availability
- Online upgrades: zero-downtime migration solutions based on logical replication blue-green deployment
- Emergency plans: standard SOPs for various failure scenarios
- Benchmark case: 25,000 vCPU x six years x 99.999% availability
PIGSTY