# Provisioning a PostgreSQL service
The Provisioning app in the DB Services app family helps you provision PostgreSQL database services hosted on the available cloud regions. You can provision the database service on the basis of your workload.
***
## Prerequisites
Ensure that you have registered your cloud subscription and added your network details in the Subscriptions application under Governance.\
For more information, see [Subscriptions](https://docs.tessell.com/tessell/governance/subscriptions).
***
## Supportability Matrix
For supported versions, see [PostgreSQL Support Matrix](https://docs.tessell.com/tessell/tessell-for-postgresql/postgresql-support-matrix).
***
#### STEP 1 OF 9:
## Navigate to the Provisioning application
1. From the Tessell home page, select the **Provisioning** application under the DB Services application family in the left navigation bar.\
Available database engines are displayed and categorized into relational databases, vector databases, and NoSQL databases.
**Figure 1: Navigating to Provisioning app in DB Services**
2. From the available options in the relational databases, select **PostgreSQL** database engine.
**Figure 2: Selecting PostgreSQL in Provisioning app**
***
#### STEP 2 OF 9:
## Service Details
1. Specify a name for the database service in the **Service Name** field. This service name is a logical name of the database service on the Tessell platform.
* A service name must begin with a letter, followed by alphanumeric characters. Spaces, hyphens, and underscores are allowed. For example, `2my-service` is not allowed since it begins with a digit.
* By default, the database service name is auto-generated. You can override this name.
2. Optionally, specify a description for your database service in the **Description** box.
3. Click **+Add** next to **Tags** to specify a name and value for your database service tag.
* You can associate multiple tags with the resources in the database service.
* Tessell allows for the use of both internal and external tags. While Tessell provides its own internal tags, you can create your own external tags during provisioning.
> **Note**: Tags enhance database service management and enable users to monitor usage, establish ownership, and implement policies more efficiently. You can specify up to 50 external tags per resource.
Tessell supports the following internal tags:
* TESSELL\_COMPUTE\_RESOURCE\_ID
* TESSELL\_COMPUTE\_TYPE
* TESSELL\_DBSERVICE\_ID
* TESSELL\_DBSERVICE\_NAME
* TESSELL\_ENTITY\_ID
* TESSELL\_ENVIRONMENT
* TESSELL\_REFERENCE\_ID
* TESSELL\_SUBSCRIPTION\_ID
* TESSELL\_TENANT\_ID
* TESSELL\_USER\_ID
Tags are associated with the following cloud resources:
* Compute (VM/container)
* Storage (disks, volumes, snapshots)
* Networking components
* Backups and snapshots
* Secrets and keys
* Monitoring and logging resources
4. Choose the desired major software release for this service from the dropdown list.
5. To run a specific minor release version, click the pencil icon and choose the desired minor version number.
**Figure 3: Service details section**
***
#### STEP 3 OF 9:
## Cloud Provider Settings
Choose a cloud provider and subscription where you want to run this database instance.
1. Choose a cloud subscription from the **Subscription** dropdown list.
2. Choose a corresponding cloud region to deploy from the **Region** dropdown list.
3. Choose a VPC or VNet depending on the cloud provider from the dropdown list.\
A network can be added even after subscription registration in the **Networks** application under **Governance**.
4. Choose an availability zone from the **Availability Zone** dropdown list.
5. Choose a private subnet from the **Private Subnet** dropdown list.
**Figure 4: Cloud provider settings section**
***
#### STEP 4 OF 9:
## Compute Shape
After you choose the cloud provider, choose a compute shape for the instance. The Tessell team typically collaborates with you to determine the most suitable shape based on your performance needs.
1. Select a workload type, **High Performance** or **Standard** (Default).
> **Notes**:
>
> * The High Performance workload type offers an optimized configuration with increased CPU, memory, and IOPS, making it ideal for compute- or data-intensive applications.
> * The Standard workload type offers a balanced configuration of CPU, memory, and storage, making it suitable for general-purpose applications.
> * Compute shapes cannot be modified after a High Performance workload type service is provisioned.
2. Specify the number of vCPUs needed for your instance.\
This adjusts the compute shapes that are available to you.
3. Select the compute shape for this instance from the available list.\
For more information on supported compute shapes, see [Tessell compute shapes](https://docs.tessell.com/tessell/getting_started/tessell-compute-shapes).
4. Specify the required storage capacity for this instance in the **Storage** field.\
A range of storage values is displayed as help text based on the selected compute shape.
> **Note**: In the High Performance workload type, storage capacity is fixed.
5. Select the **Enable encryption at rest** check box to encrypt your data at rest.\
Tessell encrypts data at rest with a default encryption key. To use a different encryption key, ensure that you have registered encryption keys under **Governance** in the **Security** application.
> **Note**: Tessell's default encryption is cloud native disk encryption.
**Figure 5: Compute shape section**
***
#### STEP 5 OF 9:
## High Availability
1. Toggle the **High Availability** switch to create a highly available multi-AZ service by setting up standby database instances in different availability zones.
> **Note**: PostgreSQL high availability is implemented using streaming replication, with a primary instance and a standby instance for automatic failover.
1. From the **Availability Zone** dropdown list, choose an availability zone for the standby instance.
2. From the **Private Subnet** dropdown list, select a private subnet for the standby instance.
**Figure 6: High Availability section**
***
#### STEP 6 OF 9:
## Connectivity
1. Specify a port number for the database connection in the **Port** field.\
PostgreSQL uses 5432 as the default port. You can specify a different port number in the range 1 to 65535.
2. Specify the port on which PgBouncer (the connection pooler) listens on this instance in the **Connection Pool Port field**. The default port for PgBouncer is 6432.
> **Note**: This field must contain a valid, non-zero port number. Leaving it as 0 or providing an invalid value will cause provisioning to fail.
3. Toggle the **Enable SSL for this service** switch to enable SSL.
> **Notes**:
>
> * Enabling SSL enhances the security of database connections, safeguarding sensitive information and protecting data from unauthorized access or interception.
> * Tessell only supports either SSL or non-SSL connections for all database services on a VM.
> * SSL connections use TLS 1.2 encryption to secure data in transit between client applications and database instances.
4. Toggle the **Allow public access** switch to enable public access to the service.\
This option is only available when a public subnet exists within the VPC/VNet.
5. Specify the allowed IP addresses in the **Add IP address** field for the public access.
* Your detected public IP address is automatically fetched and displayed.
* You can add up to 60 IP addresses.
**Figure 7: Connectivity section**
***
#### STEP 7 OF 9:
## Configure the database instance
1. Specify the database name in the **Database Name** field.\
A database name must start with a lowercase letter or underscore, and can only contain alphanumeric characters and underscores. The character limit is 63.
2. Specify the master username in the **Master Username** field.\
Username must start with a lowercase letter or underscore and can only contain alphanumeric characters and underscores. The character limit is 63.
3. Specify the master password in the **Master Password** field.\
The password must be at least 9 characters long and can include alphanumeric characters and special characters. Space and following special characters are not supported **'**, **"**, **/**, **\\**, and **@**.
4. Specify a timezone for your instance.
> **Note**: Timezone is important for ensuring that all timestamps and time-related data stored in the database are accurate and consistent.
5. Expand **Advanced Configuration** to access further configuration options.
1. Choose a parameter profile from the **Parameter Profile** dropdown list.
2. Click **See Values** to view the parameter names and values corresponding to the selected parameter profile.
3. Choose an option profile from the dropdown list.
4. Click See Values to view values corresponding to the option profile selected.
* For more information on parameter and option profiles, see *DB Governance documentation*.
* To use a custom profile, ensure that you have created a parameter and option profile in the **DB Governance** application under the **Governance** app family.
6. Expand **Custom Script** to run a custom script for your instance.\
Custom script functionality allows for additional customization and automation in managing your database operations.
To use a custom script, ensure that you have uploaded scripts in the **Script Library** application under the DB Services app family.
1. Choose a pre-script from the **Pre-Script** dropdown list to execute actions before creating a database.
> **Note**: Tessell supports Shell scripts for pre-scripts that are executed after VM creation and database software installation, but prior to the PostgreSQL instance creation. Privileged users, such as "ec2-user" on AWS and "azureuser" on Azure, execute Shell scripts.
2. Choose a post-script from the **Post-Script** dropdown list to execute actions after creating a database.
For post-scripts, Tessell supports both Shell and SQL scripts. Post-scripts are executed after a PostgreSQL instance is created. The SQL script runs directly on the PostgreSQL instance.
3. After you select a post-script, click the edit icon below the post-script dropdown to choose your preferred post-script version.
4. Select the **Ignore Post-Script Failure** check box to proceed even if the post-script operation fails.
**Figure 8: Configure the database instance section**
***
#### STEP 8 OF 9:
## Additional Settings
### Maintenance window
1. Expand the maintenance window to choose a specific time for maintenance activities like updates, patches, and OS patching.
2. If a specific time window is chosen, select the occurrence whether Weekly, Monthly, and Quarterly.
3. Define the start day, start time, and duration, adjustable in 30-minute increments.
4. Toggle the **Enable auto minor version update** switch to allow automatic, seamless minor version updates during this maintenance window.
**Figure 9: Maintenance window section**
***
### Monitoring Insights
1. Toggle the **Performance Insights** switch to assess and analyze database load over a specified timeframe. This helps identify bottlenecks and pinpoint areas requiring performance improvements.\
To enable performance insights, ensure that you create a Monitoring Infra in the **Monitoring Performance Insights Infrastructure** app under the **Infrastructure Management** app family.
**Figure 10: Monitoring Insights section**
### Observability
The Observability section allows you to monitor the health of your database service through automated alert policies. These policies are auto-selected based on your current subscription level.
You can view the specific alert policies applied to your service directly from this page.
* Click **View details** on the Alert Policies panel to open the detailed breakdown.\
The **Alert Policy details** panel provides a granular look at how your alerts are configured and where notifications are sent.
* **Notification Channels**: Displays the destination where alerts are delivered, such as Slack channels or specific email addresses.
* **Alert Metrics**: Lists the specific conditions that trigger an alert (for example, Node Down or DB Service Node Down) along with the severity level (for example, Critical).
* **Metric & Notification Policies**: Shows the underlying policy names and metric types associated with each alert group.
To modify these policies or create new alert profiles, navigate to the **Alerting** app within the **Observability** app family.
**Figure 11: Observability section**
### Availability Machine
The Availability Machine allows creation and maintenance of database backups for data protection. Backups are retained for short-term or long-term periods as per RPO policy. You can create snapshots and enable write-ahead logs (WAL) for point-in-time recovery.
1. Select **Include Transactional Logs** to enable point-in-time recovery of your transactional data using PostgreSQL write-ahead logs (WAL). This feature is crucial for maintaining data integrity and reducing data loss in case of system failures.\
These transactional logs correspond to the most recent snapshot captured.
2. Toggle the **Schedule Snapshots** switch to automate data protection and recovery. This feature regularly captures and retains point-in-time backups, enabling robust data protection, precise point-in-time recovery, and efficient cloning.
1. Choose either a **Standard** or **Custom** configuration type for your RPO policy.
2. For a **Standard** configuration, specify the snapshot retention days (1 to 35 days) and a snapshot time.
> **Note**: Logsweep runs every 5 minutes to enable PITR recovery.
**Figure 12: Availability Machine standard configuration for snapshots**
3. For a **Custom** configuration, provide the following details:
1. From the **RPO Policy** dropdown list, choose an RPO policy.\
To use an RPO policy, ensure that you have created an RPO policy in the **DB Governance** app under the **Governance** app family.
2. Pick a time to take the snapshot of your database service.
3. Select the desired frequency for the RPO Policy to create and store snapshot backups.
* **RPO Policy**: Displays the selected RPO policy. The possible options are one or more from Continuous Recovery (PITR), Daily Snapshots, Weekly Snapshots, Monthly Snapshots, and Yearly Snapshots, as per the option selected in the RPO policy field.
* **Every**: Depending on the weekly, monthly, or yearly schedule, select the frequency of the snapshot. For Daily Snapshots, this field shows the scheduled time of the snapshot in the day. For PITR, this is disabled.
* **Keep for**: Displays the number of days for which a snapshot needs to be retained as per the selected RPO policy.
**Figure 13: Availability Machine custom configuration for snapshots**
3. Select **Schedule Native Backups** to enable automatic native database backups at regular intervals.
1. Choose between standard or custom configuration for your native RPO policy.
2. For a standard configuration, you can specify backup retention days ranging from 7 to 35 days.
3. Choose the day and time for the full backup, and the time for incremental backups.
**Figure 14: Availability Machine standard configuration for backups**
4. If a custom configuration is chosen, specify the following details:
1. From the dropdown list, select an RPO policy.\
To use an RPO policy, ensure that you have created an RPO policy in the **DB governance** application under the **Governance** app family.
2. Choose the desired full backup day, full backup time, and incremental backup time.
3. Select the desired frequency for the RPO Policy to create and store snapshot backups.
* **RPO Policy**: Displays the selected RPO policy. The possible options are one or more from Continuous Recovery (PITR), Daily Backups, Weekly Backups, Monthly Backups, and Yearly Backups, as per the option selected in the RPO policy field.
* **Every**: Depending on the weekly, monthly, or yearly schedule, select the frequency of the backups. For Daily Backups, this field shows the scheduled time of the backups in the day. For PITR, this is disabled.
* **Keep for**: Displays the number of days for which a backup needs to be retained as per the selected RPO policy.
**Figure 15: Availability Machine custom configuration for backups**
***
#### STEP 9 OF 9:
## Creating a service
You can provision a service in two ways: using code, or making selections on the Tessell portal's UI.
1. Using the Tessell portal's UI:\
a. After you have specified all the necessary details in the previous steps, click **+ Create Service** at the bottom of the form located next to the left navigation bar.
**Figure 16: Creating a service**
2. Using the code:
1. Click **<> Code** in the top-right corner of the Provisioning window to generate an API and Terraform code for your provisioning request.
1. Terraform code can also be visualized in other languages, including Shell, Python, Go, Java, JavaScript, and PowerShell.
2. Use the copy icon to copy the code or API endpoint.
3. Use the download icon to download your code.
**Figure 17: Code for provisioning request**
After your service creation request is successfully submitted, your database service is created with a "Ready" status and listed in the **My Services** application within a few minutes, depending on your preferences.
***
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.tessell.com/tessell/tessell-for-postgresql/db-services/provisioning-postgresql.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.