Table of Contents
Consolidates cluster-wide security functionality on an easily accessible single page. In the previous versions, the cluster-wide security configuration fell under TimeScaleDB’s Cluster Actions menu. Supported security functionalities are:
- Client/Server SSL encryption for TimeScaleDB-based clusters.
- Audit Log
SSL Encryption
Enable
Enables encrypted SSL client-server connections for the database node(s). The transport layer will be encrypted using the Transfer Layer Security (TLS) protocol. The same certificate will be used on all nodes and to enable SSL encryption the nodes must be restarted. Select ‘Restart Nodes’ to perform a rolling restart of the nodes. All keys and certificates will be generated using OpenSSL.
Create Certificate
Field | Description |
---|---|
Create Certificate |
|
Certificate Expiration (days) |
|
Use Existing Certificate
Field | Description |
---|---|
Selected Certificate |
|
Restart Cluster |
|
Change Certificate
Changes the existing certificate for SSL client-server connections for the database node(s). This feature is only available if you already enabled SSL encryption for this cluster. It loads the same options as mentioned in Create Certificate and Use Existing Certificate respectively.
Disable
Disables SSL encryption for the cluster. This option is only available if you have enabled SSL encryption.
Starting from ClusterControl 1.9.7 (September 2023), ClusterControl GUI v2 is the default frontend graphical user interface (GUI) for ClusterControl. Note that the GUI v1 is considered a feature-freeze product with no future development. All new developments will be happening on ClusterControl GUI v2. See User Guide (GUI v2).
Audit Log
This feature is introduced in version 1.8.2.
Enable policy-based monitoring and logging of connection and query activity using the pgAudit plugin. The class of statements that can be logged is:
READ
: SELECT and COPY when the source is a relation or a query.WRITE
: INSERT, UPDATE, DELETE, TRUNCATE, and COPY when the destination is a relation.FUNCTION
: Function calls and DO blocks.ROLE
: Statements related to roles and privileges: GRANT, REVOKE, CREATE/ALTER/DROP ROLE.DDL
: All DDL that is not included in the ROLE class.MISC
: Miscellaneous commands, e.g. DISCARD, FETCH, CHECKPOINT, VACUUM, SET.MISC_SET
: Miscellaneous SET commands, e.g. SET ROLE.ALL
: Include all of the above.
If enabled, the audit events will be logged into the postgresql-{day}.log
file under the PostgreSQL’s data directory.
Cluster will be restarted to install the new plugin service.
Field | Description |
---|---|
Enable |
|
Disable |
|