From c3cef0a3c5fc1f47b43dc1ce59a60a61708ce230 Mon Sep 17 00:00:00 2001 From: Keith Fiske Date: Mon, 26 Aug 2024 15:21:58 -0400 Subject: [PATCH] fix: remove default db role password for monitoring user during setup --- build/packages.yml | 2 +- changelogs/fragments/423.yml | 4 ++++ hugo/content/exporter/_index.md | 2 +- sql_exporter/common/setup_db.sql | 2 +- 4 files changed, 7 insertions(+), 3 deletions(-) create mode 100644 changelogs/fragments/423.yml diff --git a/build/packages.yml b/build/packages.yml index 563a417..c57d0b4 100644 --- a/build/packages.yml +++ b/build/packages.yml @@ -124,7 +124,7 @@ packages: - { source: "sql_exporter/common/crunchy_pgbouncer_fdw_collector.yml", target: "/etc/sql_exporter/crunchy_pgbouncer_fdw_collector.yml", mode: "0640", type: "file", rpm_new: false, owner: "ccp_monitoring", group: "ccp_monitoring" } - { source: "sql_exporter/common/crunchy_pg_stat_statements_collector.yml", target: "/etc/sql_exporter/crunchy_pg_stat_statements_collector.yml", mode: "0640", type: "file", rpm_new: false, owner: "ccp_monitoring", group: "ccp_monitoring" } - { source: "sql_exporter/common/crunchy_pg_stat_statements_reset_collector.yml", target: "/etc/sql_exporter/crunchy_pg_stat_statements_reset_collector.yml", mode: "640", type: "file", rpm_new: false, owner: "ccp_monitoring", group: "ccp_monitoring" } - - { source: "sql_exporter/common/setup_db.sql", target: "/etc/sql_exporter/setup_db.sql", mode: "0640", type: "file", rpm_new: false, owner: "ccp_monitoring", group: "ccp_monitoring" } + - { source: "sql_exporter/common/setup_db.sql", target: "/etc/sql_exporter/setup_db.sql", mode: "0644", type: "file", rpm_new: false, owner: "ccp_monitoring", group: "ccp_monitoring" } - { source: "sql_exporter/common/sql_exporter.yml.example", target: "/etc/sql_exporter/sql_exporter.yml.example", mode: "0640", type: "file", rpm_new: false, owner: "ccp_monitoring", group: "ccp_monitoring" } - { source: "sql_exporter/linux/sql_exporter.sysconfig", target: "/etc/sysconfig/sql_exporter", mode: "0640", type: "file", rpm_new: true, owner: "ccp_monitoring", group: "ccp_monitoring" } - { source: "sql_exporter/linux/crontab.txt", target: "/etc/sql_exporter/", mode: "0644", type: "file", rpm_new: false, owner: "ccp_monitoring", group: "ccp_monitoring" } diff --git a/changelogs/fragments/423.yml b/changelogs/fragments/423.yml new file mode 100644 index 0000000..18c7a56 --- /dev/null +++ b/changelogs/fragments/423.yml @@ -0,0 +1,4 @@ +--- +minor_changes: + - sql_exporter - A password for the ccp_monitoring database role is no longer set when using the setup_db.sql file. + - sql_exporter - Make the default privileges for the setup_db.yml file world readable (when installing via package). diff --git a/hugo/content/exporter/_index.md b/hugo/content/exporter/_index.md index df877e1..546215f 100644 --- a/hugo/content/exporter/_index.md +++ b/hugo/content/exporter/_index.md @@ -182,7 +182,7 @@ CREATE EXTENSION pg_stat_statements; | crunchy_pg_stat_statements_reset_collector.yml | Collection file with options to allow resetting of pg_stat_statements metrics | -Run the `setup_db.sql` file on all databases that will be monitored by pgMonitor. At minimum this must be at least the global database so the necessary database objects are created. The `pgmonitor-extension` is expected to be available to be installed in the target database(s) when running this file. Note the `setup_db.sql` file is a convenience file and the steps contained within it can be done manually and customized as needed. +Run the `setup_db.sql` file on all databases that will be monitored by pgMonitor. At minimum this must be at least the global database so the necessary database objects are created. The `pgmonitor-extension` is expected to be available to be installed in the target database(s) when running this file. Note the `setup_db.sql` file is a convenience file and the steps contained within it can be done manually and customized as needed. Note that a default password is not set for the `ccp_monitoring` database role. The `sql_exporter.yml.example` file should be copied and renamed to `sql_exporter.yml` since this is what the sysconfig file is expecting to find. This file contains settings for sql_exporter, the list of collection files to use, and the configuration for which databases to connect to and which collections to run on each database. Please see the examples inside the file and refer to the [upstream project](#non-rpm-installs) for all of the configuration options available. The example shows how to run both the global and per-db collections on the default 'postgres' database. It also shows how you can connect to PgBouncer to collect metrics directly from it as well. The collector names that can be used can be found inside the collection files at the top. For additional information on setting up the sql_exporter, please see the [upstream documentation](#non-rpm-installs). diff --git a/sql_exporter/common/setup_db.sql b/sql_exporter/common/setup_db.sql index 1ad7f59..1aa20bd 100644 --- a/sql_exporter/common/setup_db.sql +++ b/sql_exporter/common/setup_db.sql @@ -6,7 +6,7 @@ DO $$ BEGIN IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'ccp_monitoring') THEN - CREATE ROLE ccp_monitoring WITH LOGIN PASSWORD 'stuff'; + CREATE ROLE ccp_monitoring WITH LOGIN; END IF; END $$;