RepoMirrors/postgres_exporter
1
0
Fork 0
mirror of https://github.com/prometheus-community/postgres_exporter synced 2025-04-07 17:51:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update the running as non-superuser section. This solves the problem that certain metrics didn't produce a value.

Browse Source
This commit is contained in:
Freddy Spierenburg 2019-02-20 13:31:09 +01:00 committed by Will Rouesnel
parent 6d2cae6fa8
commit fce869257f
1 changed files with 23 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
README.md
View File

@ -163,11 +163,13 @@ flag. This removes all built-in metrics, and uses only metrics defined by querie
### Running as non-superuser ### Running as non-superuser
To be able to collect metrics from `pg_stat_activity` and `pg_stat_replication` To be able to collect metrics from `pg_stat_activity` and `pg_stat_replication`
as non-superuser you have to create views as a superuser, and assign permissions as non-superuser you have to create functions and views as a superuser, and
separately to those. assign permissions separately to those.
In PostgreSQL, views run with the permissions of the user that created them so In PostgreSQL, views run with the permissions of the user that created them so
they can act as security barriers. they can act as security barriers. Functions need to be created to share this
data with the non-superuser. Only creating the views will leave out the most
important bits of data.
```sql ```sql
CREATE USER postgres_exporter PASSWORD 'password'; CREATE USER postgres_exporter PASSWORD 'password';
@ -176,16 +178,30 @@ ALTER USER postgres_exporter SET SEARCH_PATH TO postgres_exporter,pg_catalog;
-- If deploying as non-superuser (for example in AWS RDS), uncomment the GRANT -- If deploying as non-superuser (for example in AWS RDS), uncomment the GRANT
-- line below and replace <MASTER_USER> with your root user. -- line below and replace <MASTER_USER> with your root user.
-- GRANT postgres_exporter TO <MASTER_USER> -- GRANT postgres_exporter TO <MASTER_USER>
CREATE SCHEMA postgres_exporter AUTHORIZATION postgres_exporter; CREATE SCHEMA postgres_exporter;
GRANT USAGE ON SCHEMA postgres_exporter TO postgres_exporter;
CREATE FUNCTION get_pg_stat_activity() RETURNS SETOF pg_stat_activity AS
$$ SELECT * FROM pg_catalog.pg_stat_activity; $$
LANGUAGE sql
VOLATILE
SECURITY DEFINER;
CREATE VIEW postgres_exporter.pg_stat_activity CREATE VIEW postgres_exporter.pg_stat_activity
AS AS
SELECT * from pg_catalog.pg_stat_activity; SELECT * from get_pg_stat_activity();
GRANT SELECT ON postgres_exporter.pg_stat_activity TO postgres_exporter; GRANT SELECT ON postgres_exporter.pg_stat_activity TO postgres_exporter;
CREATE VIEW postgres_exporter.pg_stat_replication AS CREATE FUNCTION get_pg_stat_replication() RETURNS SETOF pg_stat_replication AS
SELECT * from pg_catalog.pg_stat_replication; $$ SELECT * FROM pg_catalog.pg_stat_replication; $$
LANGUAGE sql
VOLATILE
SECURITY DEFINER;
CREATE VIEW postgres_exporter.pg_stat_replication
AS
SELECT * FROM get_pg_stat_replication();
GRANT SELECT ON postgres_exporter.pg_stat_replication TO postgres_exporter; GRANT SELECT ON postgres_exporter.pg_stat_replication TO postgres_exporter;
``` ```