Archive the PostgreSQL Audit trail

The audit trial can generate a high volume of data, so it is a good practice to periodically archive portions of it. An archive separates a portion of the data from the database and keeps it for long-term storage. This process involves the use of PostgreSQL Table Partitions.

Archiving a partition improves query speed for current data, while providing a cost-effective way to store older.

Prerequisites

Before you start, ensure you have the following:

• A designated backup location, for example ~/rhize-archives/libre-audit.
• Access to the Rhize Kubernetes Environment - Optional: kubectx utilities
  • kubectx to manage multiple clusters
  • kubens to switch between and configure namespaces easily
• Optional: the k8 Lens IDE, if you prefer to use Kubernetes graphically

Also, before you start, confirm you are in the right context and namespace.

## context
kubectl config current-context
## namespace
kubectl get namespace

To change the namespace for all subsequent kubectl commands to libre, run this command:

kubectl config set-context --current --namespace=libre

For a reference of useful kubectl commands, refer to the official kubectl Cheat Sheet.

Steps

To archive the PostgreSQL Audit trail, follow these steps:

1. Record the <PARTITION_NAME> of the partition you wish to detach and archive. This is based on the retention-period query for the names of the existing partitions:

   kubectl exec -i audit-postgres-0 -- psql -h localhost \ 
     -d audit -U <DB_USER> \
     -c "select * from partman.show_partitions('public.audit_log')"

2. Detach the target partitions from the main table:

   
   kubectl exec -i audit-postgres-0 -- psql -h localhost \
     -d audit -U <DB_USER> \
     -c 'alter table audit_log detach partition <PARTITION_NAME>;'

3. Backup the partition table:

   pg_dump -U <DB_USER> -h audit-postgres-0 -p5433 \
     --file ./audit-p20240101.sql --table public.audit_log_p20240101 audit

   On success, the backup creates a GZIP file, <PARITION_NAME>.sql. To check that the backup succeeded, unzip the files and inspect the data.

4. Drop the partition table to remove it from the database:

   kubectl exec -i audit-postgres-0 -- psql -h localhost -d audit \
     -U <DB_USER> -c 'drop table <PARTITION_NAME>;'

Next Steps

• For full backups or Rhize services, read how to back up:
  • Keycloak
  • The Audit trail
  • Grafana
  • The Graph Database