Discussion:
[ADMIN] check_postgresql.pl for zabbix
(too old to reply)
Bèrto ëd Sèra
2012-04-04 09:53:40 UTC
Permalink
Hi all,

I'm implementing a PG monitoring system on zabbix, using
http://bucardo.org/wiki/Check_postgres

Everything's fine, however I cannot seem to use action=checkpoint without
some intervention on permissions.
See http://bucardo.org/check_postgres/check_postgres.pl.html#checkpoint

The data directory is
drwx------+ 11 postgres postgres 4096 Apr 2 13:37 /var/lib/pgsql/data

so putting zabbix in the postgres group won't have any effect, and there is
not enough information for us to be sure that we can add read permission to
the group without impact, once the template I'm making is ported to a large
number of boxes, some of which may have local policies we are not aware of.

I'm left with the option of giving the zabbix agent daemon a limited sudo
right, which I quite do not like because it will need to be replicated on
all single boxes... is anyone aware of an alternative solution?

Cheerio
BÚrto
--
==============================
If Pac-Man had affected us as kids, we'd all be running around in a
darkened room munching pills and listening to repetitive music.
Matheus de Oliveira
2012-04-04 11:24:40 UTC
Permalink
Give read permissions to the group on the data directory and archives:

chmod g+r -R /var/lib/pgsql/data

I think just that will solve the problem, as you said that the agent is
already been executed with postgres group.

Regards,
--
Matheus de Oliveira

Bacharelado em Ciências de Computação
Laboratório de Computação de Alto Desempenho -
LCAD<http://www.lcad.icmc.usp.br/>
Instituto de Ciências Matemáticas e de Computação -
ICMC<http://www.icmc.usp.br/>
Universidade de São Paulo - USP <http://www.sc.usp.br/>
Post by Bèrto ëd Sèra
Hi all,
I'm implementing a PG monitoring system on zabbix, using
http://bucardo.org/wiki/Check_postgres
Everything's fine, however I cannot seem to use action=checkpoint without
some intervention on permissions.
See http://bucardo.org/check_postgres/check_postgres.pl.html#checkpoint
The data directory is
drwx------+ 11 postgres postgres 4096 Apr 2 13:37 /var/lib/pgsql/data
so putting zabbix in the postgres group won't have any effect, and there
is not enough information for us to be sure that we can add read permission
to the group without impact, once the template I'm making is ported to a
large number of boxes, some of which may have local policies we are not
aware of.
I'm left with the option of giving the zabbix agent daemon a limited sudo
right, which I quite do not like because it will need to be replicated on
all single boxes... is anyone aware of an alternative solution?
Cheerio
Bèrto
--
==============================
If Pac-Man had affected us as kids, we'd all be running around in a
darkened room munching pills and listening to repetitive music.
Bèrto ëd Sèra
2012-04-04 13:12:35 UTC
Permalink
Hi Matheus,

thanks but, as said before "there is not enough information for us to be
sure that we can add read permission to the group without impact"... any
other way to extract the same info?

BÚrto
Post by Matheus de Oliveira
chmod g+r -R /var/lib/pgsql/data
I think just that will solve the problem, as you said that the agent is
already been executed with postgres group.
Regards,
--
Matheus de Oliveira
Bacharelado em Ciências de Computação
Laboratório de Computação de Alto Desempenho - LCAD<http://www.lcad.icmc.usp.br/>
Instituto de Ciências Matemáticas e de Computação - ICMC<http://www.icmc.usp.br/>
Universidade de São Paulo - USP <http://www.sc.usp.br/>
Post by Bèrto ëd Sèra
Hi all,
I'm implementing a PG monitoring system on zabbix, using
http://bucardo.org/wiki/Check_postgres
Everything's fine, however I cannot seem to use action=checkpoint without
some intervention on permissions.
See http://bucardo.org/check_postgres/check_postgres.pl.html#checkpoint
The data directory is
drwx------+ 11 postgres postgres 4096 Apr 2 13:37 /var/lib/pgsql/data
so putting zabbix in the postgres group won't have any effect, and there
is not enough information for us to be sure that we can add read permission
to the group without impact, once the template I'm making is ported to a
large number of boxes, some of which may have local policies we are not
aware of.
I'm left with the option of giving the zabbix agent daemon a limited sudo
right, which I quite do not like because it will need to be replicated on
all single boxes... is anyone aware of an alternative solution?
Cheerio
BÚrto
--
==============================
If Pac-Man had affected us as kids, we'd all be running around in a
darkened room munching pills and listening to repetitive music.
--
==============================
If Pac-Man had affected us as kids, we'd all be running around in a
darkened room munching pills and listening to repetitive music.
Matheus de Oliveira
2012-04-04 16:27:05 UTC
Permalink
Post by Bèrto ëd Sèra
Hi Matheus,
thanks but, as said before "there is not enough information for us to be
sure that we can add read permission to the group without impact"... any
other way to extract the same info?
Bèrto
Post by Matheus de Oliveira
chmod g+r -R /var/lib/pgsql/data
I think just that will solve the problem, as you said that the agent is
already been executed with postgres group.
Regards,
--
Matheus de Oliveira
Bacharelado em Ciências de Computação
Laboratório de Computação de Alto Desempenho - LCAD<http://www.lcad.icmc.usp.br/>
Instituto de Ciências Matemáticas e de Computação - ICMC<http://www.icmc.usp.br/>
Universidade de São Paulo - USP <http://www.sc.usp.br/>
Post by Bèrto ëd Sèra
Hi all,
I'm implementing a PG monitoring system on zabbix, using
http://bucardo.org/wiki/Check_postgres
Everything's fine, however I cannot seem to use action=checkpoint
without some intervention on permissions.
See http://bucardo.org/check_postgres/check_postgres.pl.html#checkpoint
The data directory is
drwx------+ 11 postgres postgres 4096 Apr 2 13:37 /var/lib/pgsql/data
so putting zabbix in the postgres group won't have any effect, and there
is not enough information for us to be sure that we can add read permission
to the group without impact, once the template I'm making is ported to a
large number of boxes, some of which may have local policies we are not
aware of.
I'm left with the option of giving the zabbix agent daemon a limited
sudo right, which I quite do not like because it will need to be replicated
on all single boxes... is anyone aware of an alternative solution?
Cheerio
Bèrto
--
==============================
If Pac-Man had affected us as kids, we'd all be running around in a
darkened room munching pills and listening to repetitive music.
--
==============================
If Pac-Man had affected us as kids, we'd all be running around in a
darkened room munching pills and listening to repetitive music.
Sorry, I read it wrong.

But, in general, I see no problem giving read permission to a group, as if
some user has postgres group it should at least be able to read the files.

--
Matheus de Oliveira

Bacharelado em Ciências de Computação
Laboratório de Computação de Alto Desempenho -
LCAD<http://www.lcad.icmc.usp.br/>
Instituto de Ciências Matemáticas e de Computação -
ICMC<http://www.icmc.usp.br/>
Universidade de São Paulo - USP <http://www.sc.usp.br/>
Bèrto ëd Sèra
2012-07-26 08:26:05 UTC
Permalink
Hi,
Interesting. so have you also created zabbix postgres template to go with
it ?
I used to have one for zabbix 1.8, the main problem being that I had to
manually create items for each single database. We assist a large number of
customers and pretty often we have no clear idea of what they servers
contain, hence we are now moving to zabbix 2.0 and trying to make it a
self-discovery thing, so we do not need to have any manual alignment (and
we do not risk having entire databases going unnoticed).

I'll post something as soon as I have it working.

BÚrto
--
==============================
If Pac-Man had affected us as kids, we'd all be running around in a
darkened room munching pills and listening to repetitive music.
Loading...