Create PostgreSQL Custom OCI Monitoring Alarms and Dashboard using Container Instances
Introduction
This tutorial provides step-by-step instructions to deploy a custom monitoring solution for PostgreSQL using a Docker based Java application on Oracle Cloud Infrastructure (OCI). We will demonstrate how to create custom alerts and dashboards for inactive replication slots and replication lag in OCI using a virtual machine (VM) based container. While the current setup focuses on monitoring PostgreSQL replication lag and inactive replication slots, the design is flexible and can be easily extended to track additional database metrics by modifying the application code.
Objectives
-
Deploy a Docker based Java application on an OCI virtual machine to monitor PostgreSQL.
-
Create custom alarms and dashboards in OCI for inactive replication slots and replication lag using the deployed monitoring solution.
Task 1: Download and Set Up the Monitoring Service
-
Download the
Postgres-monitoring-services.zipfile from here: Postgres-monitoring-services.zip. -
Unzip and follow the instructions of
README.mdfile to build and run the application. -
Docker build and deployment instructions are included in the repo.
Note: Instructions for building and pushing the Docker image are already available in the project repository’s
README.md.
Task 2: Create a Dynamic Group
Dynamic groups allow your container VM to access OCI services like OCI Monitoring, OCI Vault, and OCI Registry without using hardcoded credentials and without storing credentials in your image.
Use the following information:
- Name: Enter
psql_monitoring_with_container_vm_dg. -
Matching Rule:
ALL {resource.type = 'computecontainerinstance', resource.compartment.id = '<your-compartment-id>'}
Note:
compartment.idis compartment OCID where the container instance will be created.
Task 3: Configure the Network (VCN and Service Gateway)
To ensure seamless communication, place your container VM in the same private subnet as your PostgreSQL database system. Enable access to OCI services using a service gateway.
Security List Rules:
Ensure the following rules are added to your private subnet’s security list, if they are not already present.
| Type | Source CIDR | Protocol | Port | Purpose |
|---|---|---|---|---|
| Ingress | private-subnet-CIDR | TCP | 5432 | PostgreSQL Access |
| Egress | 0.0.0.0/0 | All | All | Access OCI Services |
Task 4: Use OCI Vault for Secure Password Storage
Use OCI Vault for secure password storage to avoid hardcoding database credentials.
-
Create a Vault and add a Secret containing the PostgreSQL password.
-
Record the Vault Secret OCID.
-
Reuse the secret if it already exists.
Task 5: Define Oracle Cloud Infrastructure Identity and Access Management Policies
Attach these OCI IAM policies.
Allow dynamic-group psql_monitoring_with_container_vm_dg to read vaults in compartment <your-compartment-id>
Allow dynamic-group psql_monitoring_with_container_vm_dg to read secret-bundles in compartment <your-compartment-id>
Allow dynamic-group psql_monitoring_with_container_vm_dg to use metrics in compartment <your-compartment-id>
Allow dynamic-group psql_monitoring_with_container_vm_dg to read repos in compartment <your-tenancy-id>
Task 6: Launch the Container Instances
Go to the OCI Console, navigate to Developer Services, Container Artifact, Container Instances, Create Instance and enter the following information:
- VCN/Subnet: Select same as database system.
- Shape: Select 1 OCPU, 4 GB.
- Docker Image: Select From OCIR.
-
Environment Variables:
DB_PASSWORD_VAULT_ID=<your-vault-secret-ocid> DB_SYSTEM_ID=<your-db-system-ocid> DB_PE=<your-db-system-private-endpoint-FQDN> DB_PSQL_USER=<your-db-user> METRIC_COMPARTMENT_ID=<your-compartment-id> METRIC_NAMESPACE=postgres_monitor_with_container_vm REPLICATION_LAG_METRIC_NAME=replication_lag_metric INACTIVE_SLOTS_METRIC_NAME=inactive_slot_metric MONITOR_INTERVAL_SEC=60
Note: Access is granted without credentials through OCI IAM dynamic group.
Task 7: Check Logs in the OCI Console
Go to the OCI Console, navigate to Developer Services, Container Artifact, Container Instances, select your instance, and click the Containers tab to inspect logs and runtime status.
Task 8: View Metrics in Metrics Explorer
Go to the OCI Console, navigate to Observability & Management, Metrics Explorer, and enter the following information:
- Namespace: Enter
postgres_monitor_with_container_vm. - Metrics: Select
replication_lag_metricandinactive_slot_metric. - Filter: Enter
DBSystemId = "<your-db-system-ocid>".
Example Query:
replication_lag_metric[1m]{DBSystemId = "<your-db-system-ocid>"}.mean()
Task 9: Set Up an OCI Notifications Topic and Subscriptions
-
Go to the OCI Console, navigate to Application Integration and click Notifications.
-
Create a Topic. For example,
PostgresCustomMonitoringAlerts. -
Add Subscriptions (email, webhook, and so on).
-
Link this topic to your alarms for real-time alerting.
Task 10: Configure OCI Monitoring Alarms for Key Metrics
-
Replication Lag Alarm
replication_lag_metric[1m]{DBSystemId = "<your-db-system-ocid>"}.max()- Trigger: Enter > 1,000,000 (1 MB).
- Delay: Enter 5 minutes.
- Severity: Select Critical.
-
Inactive Replication Slots Alarm
inactive_slot_metric[1h]{DBSystemId = "<your-db-system-ocid>"}.max()- Trigger: Enter > 1.
- Delay: Enter 2 hours.
- Severity: Select Warning.
-
Missing Data Alarm
- Metric: Select
replication_lag_metric. - Trigger: Enter No data for 10 minutes.
- Severity: Select Error.
- Metric: Select
Task 11: Create a Custom Dashboard
-
Go to the OCI Console, navigate to Observability & Management and click Dashboards.
-
Click New Dashboard.
-
Add widgets using Metric Chart or Query Builder.
-
Enter the following information.
- Namespace: Enter
postgres_monitor_with_container_vm. - Metrics: Select
replication_lag_metricandinactive_slot_metric.
- Namespace: Enter
-
Customize chart types, filters, and time range.
Summary Table
| Component | Purpose |
|---|---|
| Dynamic Group | Grants OCI access to container VM |
| OCI Vault | Secure database credential storage |
| OCI Registry | Host Docker image repository |
| Monitoring Agent | Collects custom PostgreSQL metrics |
| Alarms | Alerts on lag, slots, missing data |
| Container VM | Runs the Java-based monitoring tool |
| Dashboard | Visualizes metrics in real-time |
Serverless and Resilient Architecture Highlights
-
Serverless Architecture:
- Deployed using container VM, no need to manage infrastructure manually.
- OCI handles VM provisioning and recovery from host-level failures
Advantage: Reduces operational overhead and improves fault tolerance.
-
Automatic Container Restart:
- Containers are set with a default restart policy.
- If the application crashes or exits unexpectedly, it restarts automatically.
Advantage: Ensures high availability and minimizes downtime.
-
Metric-Based Alarming:
- A dedicated alarm is configured to trigger when expected metrics are missing.
Advantage: Acts as a fail-safe to detect silent failures and enable early alerts.
Troubleshooting and Issues
-
Connectivity Issues:
- Ensure port
5432is open in the subnet’s security list. - Confirm service gateway is attached for private access.
- Ensure port
-
OCI IAM Permission Errors:
- Verify dynamic group matches the correct compartment.
- Ensure required policies are in place.
-
Setup Errors:
- Validate environment variables.
- Verify secret and metric OCIDs.
- Use logs to trace runtime failures.
Related Links
Acknowledgments
- Authors - Arvind Yadav, Kanaram Bhari (Software Engineer - OCI Database with PostgreSQL)
More Learning Resources
Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.
For product documentation, visit Oracle Help Center.
Create PostgreSQL Custom OCI Monitoring Alarms and Dashboard using Container Instances
G37435-01
Copyright ©2025, Oracle and/or its affiliates.