Using a9s PostgreSQL

This topic describes how to use a9s PostgreSQL.

Use PostgreSQL with an App

To use PostgreSQL with with an app, follow the procedures in this section to create a service instance and bind the service instance to your app. For more information on managing service instances, see Managing Service Instances with the cf CLI.

View the PostgreSQL Service

After the service is installed, a9s-postgresql and its service plans appear in your CF marketplace. Run cf marketplace to see the service listing:

$ cf marketplace
Getting services from marketplace in org test / space test as admin...

service            plans                                                                                              description
a9s-postgresql04     postgresql-single-small, postgresql-cluster-small, postgresql-single-big, postgresql-cluster-big   This is the PostgreSQL 9.4 service.

See the next section for instructions on creating a9s PostgreSQL service instances based on the plans listed in the cf marketplace output.

Create a Service Instance

To provision a Posa9s PostgreSQLtgreSQL database, run cf create-service. For example:

$ cf create-service a9s-postgresql postgresql-single-small my-postgresql-service

Depending on your infrastructure and service broker usage, it may take several minutes to create the service instance.

Check the creation status using cf services. This displays a list of all your service instances. To check the status of a specific service instance, run cf service NAME-OF-YOUR-SERVICE.

Bind an Application to a Service Instance

After you create your database, run cf bind-service to bind the service to your application:

$ cf bind-service a9s-postgresql-app my-postgresql-service

Restage or Restart Your Application

To enable your app to access the service instance, run cf restage or cf restart to restage or restart your app.

Obtain Service Instance Access Credentials

After a service instance is bound to an application, the credentials of your a9s PostgreSQL database are stored in the environment variables of the application. Run cf env APP-NAME to display the environment variables.

You can find the credentials in the VCAP_SERVICES key.

$ cf env a9s-postgresql-app
Getting env variables for app a9s-postgresql-app in org test / space test as admin...

  "a9s-postgresql": [
    "credentials": {
     "host": "EXAMPLE-HOST",
     "hosts": ["EXAMPLE-HOST"],
     "name": "d92e2bd",
     "password": "EXAMPLE-PASSWORD",
     "port": 5432,
     "uri": "EXAMPLE-URI",
     "username": "EXAMPLE-USERNAME"
    "label": "a9s-postgresql",
    "name": "my-postgresql-service",
    "plan": "postgresql-cluster-small",
    "tags": [

You can use the host, username and password values to connect to your database with a a9s PostgreSQL client.

Delete an PostgreSQL Service Instance

WARNING: Before deleting a service instance, you must back up data stored in your database. This operation cannot be undone and all the data is lost when the service is deleted.

Before you can delete a service instance, you must unbind it from all apps.

List Available Services

Run cf services to list your available services.

$ cf services

Getting services in org test / space test as admin...

name                    service          plan                      bound apps           last operation
my-postgresql-service   a9s-postgresql   postgresql-single-small   a9s-postgresql-app   create succeeded

This example shows that my-postgresql-service is bound to the a9s-postgresql-app app.

Unbind a Service Instance

Run cf unbind to unbind the service from your app.

$ cf unbind-service a9s-postgresql-app my-postgresql-service

Delete a Service Instance

After unbinding the service, it is no longer bound to an application. Run cf delete-service to delete the service:

  $ cf delete-service my-postgresql-service

It may take several minutes to delete the service. Deleting a service deprovisions the corresponding infrastructure resources. Run the cf services command to view the deletion status.

Upgrade the Service Instance to Another Service Plan

Once created, you can upgrade your service instance to another, larger service plan. A larger service plan provides more CPU, RAM, and storage. For more information, see the Update a Service Instance of the Managing Service Instances with the cf CLI topic.

$ cf update-service my-postgresql-service -p a-bigger-plan

Here are the plans you can upgrade to, depending on the one you are currently using:

  • If you are currently using the postgresql-single-small plan, you can upgrade to the postgresql-single-big plan.
  • If you are currently using the postgresql-cluster-small plan, you can upgrade to the postgresql-cluster-big plan.

Add a Graphite Endpoint

If you want to monitor your service with Graphite, you can set an endpoint to where to information will be sent with the cf update-service command. This command expects the -c flag and a JSON string containing the graphite and metrics_prefix keys. Depending on your graphite provider, the metrics_prefix might require that each metric must start with an API key in their name. You can also change the interval within the data is send to the endpoint. To do this, modify interval; the default is 10s.

$ cf update-service my-postgresql-service -c '{ "graphite": [""], "metrics_prefix": "", "interval": "5"}'

Add a Syslog Endpoint

The cf update-service command used with the -c flag can let you stream your syslog to a third-party service. In this case, the command expects a JSON string containing the syslog key. You can also change the interval for the syslog with the same key than for the graphite endpoint interval.

$ cf update-service my-postgresql-service -c '{ "syslog": [""], "interval": "5" }'

Cloud Foundry Application Security Groups

This topic describes how to check whether a security group was created.

Each a9s Data Service will automatically create and update Cloud Foundry security groups in order to protect service instances to be accessed by applications not running in the same Cloud Foundry applications space. To understand Security Groups, see Understanding Application Security Groups.

Get Service Instance GUID

To get the GUID of the service instance, run cf service INSTANCE_NAME --guid.

$ cf service my-postgresql --guid

Check Available Security Groups

To see all available security groups, run cf security-groups.

$cf security-groups
Getting security groups as

     Name                                         Organization     Space
#0   public_networks
#1   dns
#2   tcp_open
#3   guard_432fb752-876d-443b-a311-a075f4df2237   demonstrations   demo
#4   guard_ca16f111-5073-40b7-973a-156c75dd3028   demonstrations   demo

You can see a security group with the named guard_ca16f111-5073-40b7-973a-156c75dd3028 was successfully created.

Note: In some circumstances, the connection between the application and the service instance is not possible. In this case, check to see if a security group was created.

Back Up and Restore Service Instances

PostgreSQL provides an easy way to create backups and restore if needed.

Get Dashboard Address, Log In, and Authorize

  1. Grap the dashboard URL with cf service SERVICE-NAME. “`bash $cf service my-postgresql

Service instance: my-postgresql Service: a9s-postgresql Bound apps: Tags: Plan: postgresql-single-small Description: This is a service creating and managing dedicated a9s PostgreSQL service instances and clusters, powered by the anynines Service Framework Documentation url: Dashboard:

Last Operation Status: update succeeded Message: Started: 2017-10-26T08:28:38Z Updated: 2017-10-26T08:28:38Z ”`

  1. Browse to the dashboard URL and authenticate on the redirected page with your Cloud Foundry credentials. authentication-page

  2. Click Authorize to approve the authorization request. authorization-page

Perform a Backup

On the dashboard, you can trigger a backup by clicking Trigger backup.


After a short period of time, the backup will be queued and the backup process will soon start.


Note: Depending on the size of the data, the backup will take some time.

Restore a Backup

  1. Open the dashboard again and select the backup you would like to restore.

  2. Click Restore and wait for the restore to trigger.


Note: Depending on the size of the data, the restore will take some time.


Make a Service Instance Locally Available

It is possible to access any of the a9s Data Services locally. You can connect with a local client to the service for any purpose, such as debugging. CF provides a smart way to create SSH forward tunnels through a pushed application. For more information about this feature, see the Accessing Apps with SSH section of the CF documentation.

First, you must have an application bound to the service. To do this, see Bind an Application to a Service Instance.

Note: `cf ssh` support must be enabled in the platform. Your administrator can tell you whether it is enabled.

Get the Service URL and Credentials

You must first follow the procedure in Obtain Service Instance Access Credentials to get the hostname of the service and the user credentials.

$ cf env a9s-postgresql-app
Getting env variables for app a9s-postgresql-app in org test / space test as admin...

   "a9s-postgresql": [
      "credentials": {
       "host": "d67901c-psql-master-alias.node.dc1.consul",
       "hosts": [
       "password": "a9s-brk-usr",
       "username": "a9s-password"
     "label": "a9s-postgresql",
     "name": "my-postgresql-service",
     "plan": "postgresql-cluster-small"

Note the host d67901c-psql-master-alias.node.dc1.consul, the username a9s-brk-usr, and the password a9s-password. You will need these in the next step.

Create a Tunnel to the Service

With cf ssh, you can create am SSH forward tunnel to the management dashboard. Use port 5432 to connect to the PostgreSQL Instance.

$ cf ssh a9s-postgresql-app -L 5432:d67901c-psql-master-alias.node.dc1.consul:5432

When the SSH tunnel is open, you can access the instance using the address localhost:5432.

Note: Be sure to close the session by running exit.

a9s PostgreSQL Extensions

Create or Drop Extensions

To install a9s PostgreSQL extensions with the Cloud Foundry CLI and additional configuration parameters, run the following commands:

$ cf create-service a9s-postgresql PLAN_NAME INSTANCE_NAME -c '{"install_plugins": ["<plugin_name>"]}'
$ cf update-service INSTANCE_NAME -c '{"install_plugins": ["<plugin_name>]}'
$ cf update-service INSTANCE_NAME -c '{"delete_plugins": ["<plugin_name>]}'

Available Extensions

The following a9s PostgreSQL extensions are available:

  • postgis
  • uuid-ossp
  • ltree
  • pgcrypto
  • citext

Default Extensions

Some a9s PostgreSQL extensions are always installed and cannot be deleted. The following a9s PostgreSQL extensions are set as default extensions:

  • pgcrypto
  • citext

These two extensions are necessary for a functional replication.

a9s PostgreSQL Custom Parameters

As an end user, you have the ability to customize your service instance by using custom parameters. Custom parameters are passed on to a service instance by using the -c switch of the cf CLI commands cf create-service and cf update-service. For example, running cf update-service mypg -c '{"max_connections": "100"}' would set the maximum number of concurrent connections to 100 for the service instance mypg.

You are not required to utilize these settings.

Every parameter corresponds to a property in the configuration file for the respective a9s PostgreSQL version.


Determines the maximum number of concurrent connections to the database server.

The default in the service plan of an anynines deployment is as follows:

Plan Max Connections
big 100
small 50
nano 20

An integer value greater than 10 is expected.


Sets the planner’s assumption about the effective size of the disk cache that is available to a single query.

Our BOSH release includes an algorithm that calculates a usable value for this property on the fly based on the resources of the VM running.

The effective_cache_size property can be specified (e.g. ‘2GB’) or omitted. If effective_cache_size is not set, its value is 75% of the total memory. If the total memory is less than 4 GB, it will use 50% of the total memory with a floor of 256 MB. When specifying this value, make sure you set a value that leads to a configuration that is higher than shared_buffers, because shared buffers are included in the a9s PostgreSQL query execution planner.

An integer value greater than 0 is expected.


Sets the amount of memory the database server uses for shared memory buffers.

The property shared_buffers can be specified (e.g. '2048MB’) or omitted. If shared_buffers is not set, its value is 25% of the total memory, if the total memory is greater than 1 GB and 15% or less with a floor of 128 MB.

An integer value greater than 0 is expected.


Specifies the amount of memory to be used by internal sort operations and hash tables before writing to temporary disk files.

An integer value greater than 0 is expected. The default is 8 MB for anynines deployment plans.


Specifies the maximum amount of disk space that a process can use for temporary files, such as sort and hash temporary files, or the storage file for a held cursor.

An integer value greater than 0 is expected. Alternatively, “-1” means “no limit”. The default value is “-1”.

Create a Fork of a Service Instance

Forking a service instance involves creating a backup of a service instance, modifying the backup, and restoring it to a different service instance.

  1. Ensure you have two service instances: “`shell $ cf s Getting services in org my_org / space my_space as

name service plan bound apps last operation psql1 a9s-postgresql94 postgresql-replica-small create succeeded psql2 a9s-postgresql94 postgresql-replica-small create succeeded ”`

  1. Create a service key for each service instance by running cf create-service-key psql1 mykey. You can then look at the key’s contents: “`shell $ cf service-key psql1 mykey Getting key mykey for service instance psql1 as

{ "host”: “pcsd85301a-psql-master-alias.node.dc1.consul”, “hosts”: [ “pcsd85301a-pg-0.node.dc1.consul”, “pcsd85301a-pg-1.node.dc1.consul”, “pcsd85301a-pg-2.node.dc1.consul” ], “name”: “pcsd85301a”, “password”: “a9spass”, “port”: 5432, “uri”: “postgres://a9suser:a9spass@pcsd85301a-psql-master-alias.node.dc1.consul:5432/pcsd85301a”, “username”: “a9suser” } $ cf service-key psql2 mykey Getting key mykey for service instance psql2 as

{ “host”: “pcsd59c00c-psql-master-alias.node.dc1.consul”, “hosts”: [ “pcsd59c00c-pg-0.node.dc1.consul”, “pcsd59c00c-pg-0.node.dc1.consul”, “pcsd59c00c-pg-0.node.dc1.consul” ], “name”: “pcsd59c00c”, “password”: “a9spass”, “port”: 5432, “uri”: “postgres://a9suser:a9spass@pcsd59c00c-psql-master-alias.node.dc1.consul:5432/pcsd59c00c”, “username”: “a9suser” } “ You need the database names for later use, as well as the credentials forpsql2. The database name is the trailing part of the URI. Forpsql1, the database name ispcsd85301a. Forpsql2, the database name ispcsd59c00c`. Additional prerequisites regarding command line tools: - BASH (some shell) - cat - sed - openssl - psql (the command line client for psql)

  1. Open the service dashboard of the service instance you want to fork, as in the psql1 example. You can find the dashboard URL by running the following command: ”`shell $ cf service psql1 Showing info of service psql1 in org my_org / space my_space as

name: psql1 service: a9s-postgresql94 bound apps: tags: plan: postgresql-replica-small description: Dedicated a9s PostgreSQL service instances and clusters powered by the anynines Service Framework documentation: dashboard:

[…] “`

  1. Click Change Backup Settings in the service instance dashboard to set an encryption password.

  2. Create a backup using the dashboard and download the backup to your local machine. The filename will be something like racsd92baee-1522222422893.

  3. Decrypt the backup and write its contents to a file: shell $ cat racsd92baee-1522222422893 | openssl enc -aes256 -d -pass 'pass:mytopsecretpassword' > backup.sql

  4. Replace the database name of the original instance in the backup with the database name of the other instance: shell $ cat backup.sql | sed -e 's/pcsd85301a/pcsd59c00c/g' > backup.fork.sql

  5. Create a tunnel to the admin interface of the a9s PostgreSQL instance forked from the original instance. shell $ cf ssh someapp -L

  6. Restore the data: shell psql -h -p 5432 -U a9s27ae5c9bfee2937a8dc04b1d7d9b9c9690c97704 pcsd59c00c &lt; backup.fork.sql

    Note: You may see error messages during this procedure. The backup contains data that you lack the necessary permissions to restore, but your data will still be restored.

Create a pull request or raise an issue on the source for this page in GitHub