Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: remove default db role password for monitoring user during setup #427

Merged
merged 1 commit into from
Aug 28, 2024
Merged

fix: remove default db role password for monitoring user during setup #427

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion build/packages.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@ packages:
- { source: "sql_exporter/common/crunchy_pgbouncer_fdw_collector.yml", target: "/etc/sql_exporter/crunchy_pgbouncer_fdw_collector.yml", mode: "0640", type: "file", rpm_new: false, owner: "ccp_monitoring", group: "ccp_monitoring" }
- { source: "sql_exporter/common/crunchy_pg_stat_statements_collector.yml", target: "/etc/sql_exporter/crunchy_pg_stat_statements_collector.yml", mode: "0640", type: "file", rpm_new: false, owner: "ccp_monitoring", group: "ccp_monitoring" }
- { source: "sql_exporter/common/crunchy_pg_stat_statements_reset_collector.yml", target: "/etc/sql_exporter/crunchy_pg_stat_statements_reset_collector.yml", mode: "640", type: "file", rpm_new: false, owner: "ccp_monitoring", group: "ccp_monitoring" }
- { source: "sql_exporter/common/setup_db.sql", target: "/etc/sql_exporter/setup_db.sql", mode: "0640", type: "file", rpm_new: false, owner: "ccp_monitoring", group: "ccp_monitoring" }
- { source: "sql_exporter/common/setup_db.sql", target: "/etc/sql_exporter/setup_db.sql", mode: "0644", type: "file", rpm_new: false, owner: "ccp_monitoring", group: "ccp_monitoring" }
- { source: "sql_exporter/common/sql_exporter.yml.example", target: "/etc/sql_exporter/sql_exporter.yml.example", mode: "0640", type: "file", rpm_new: false, owner: "ccp_monitoring", group: "ccp_monitoring" }
- { source: "sql_exporter/linux/sql_exporter.sysconfig", target: "/etc/sysconfig/sql_exporter", mode: "0640", type: "file", rpm_new: true, owner: "ccp_monitoring", group: "ccp_monitoring" }
- { source: "sql_exporter/linux/crontab.txt", target: "/etc/sql_exporter/", mode: "0644", type: "file", rpm_new: false, owner: "ccp_monitoring", group: "ccp_monitoring" }
Expand Down
4 changes: 4 additions & 0 deletions changelogs/fragments/423.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---
minor_changes:
- sql_exporter - A password for the ccp_monitoring database role is no longer set when using the setup_db.sql file.
- sql_exporter - Make the default privileges for the setup_db.yml file world readable (when installing via package).
2 changes: 1 addition & 1 deletion hugo/content/exporter/_index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -182,7 +182,7 @@ CREATE EXTENSION pg_stat_statements;
| crunchy_pg_stat_statements_reset_collector.yml | Collection file with options to allow resetting of pg_stat_statements metrics |


Run the `setup_db.sql` file on all databases that will be monitored by pgMonitor. At minimum this must be at least the global database so the necessary database objects are created. The `pgmonitor-extension` is expected to be available to be installed in the target database(s) when running this file. Note the `setup_db.sql` file is a convenience file and the steps contained within it can be done manually and customized as needed.
Run the `setup_db.sql` file on all databases that will be monitored by pgMonitor. At minimum this must be at least the global database so the necessary database objects are created. The `pgmonitor-extension` is expected to be available to be installed in the target database(s) when running this file. Note the `setup_db.sql` file is a convenience file and the steps contained within it can be done manually and customized as needed. Note that a default password is not set for the `ccp_monitoring` database role.

The `sql_exporter.yml.example` file should be copied and renamed to `sql_exporter.yml` since this is what the sysconfig file is expecting to find. This file contains settings for sql_exporter, the list of collection files to use, and the configuration for which databases to connect to and which collections to run on each database. Please see the examples inside the file and refer to the [upstream project](#non-rpm-installs) for all of the configuration options available. The example shows how to run both the global and per-db collections on the default 'postgres' database. It also shows how you can connect to PgBouncer to collect metrics directly from it as well. The collector names that can be used can be found inside the collection files at the top. For additional information on setting up the sql_exporter, please see the [upstream documentation](#non-rpm-installs).

Expand Down
2 changes: 1 addition & 1 deletion sql_exporter/common/setup_db.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
DO $$
BEGIN
IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'ccp_monitoring') THEN
CREATE ROLE ccp_monitoring WITH LOGIN PASSWORD 'stuff';
CREATE ROLE ccp_monitoring WITH LOGIN;
END IF;
END
$$;
Expand Down