[check_postgres] Super user role

David Christensen david at endpoint.com
Mon Oct 19 16:15:48 UTC 2020 

It checks the local `psql`, since that’s what needs to support the multiple -c flags.
--
David Christensen
Senior Software and Database Engineer
End Point Corporation
david at endpoint.com
785-727-1171


> On Oct 19, 2020, at 11:15 AM, Norman Wong <Norman.Wong at cn.ca> wrote:
> 
> Is the --role parameter checking the client's Postgresql version or the Target server?
> 
> My client is delivered as part of Redhat satellite at 9.2, but my database servier is at 11.9.
> 
> ./check_postgres.pl --host=mtl-db201d --port=5430 --dbname=postgres  --dbpass=$MYPWD --action=disk_space --role=pgdba
> ERROR: Need psql 9.6 or higher to use --role
> 
> From the monitoring client:
> psql -V
> psql (PostgreSQL) 9.2.24
> 
> From the target database server:
>> psql -d postgres --host=mtl-db201d --port=5430 --dbname=postgres  -c "select version()"
> Password:
>                                                 version
> ---------------------------------------------------------------------------------------------------------
> PostgreSQL 11.9 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-39), 64-bit
> (1 row)
> 
> 
> 
> 
> -----Original Message-----
> From: David Christensen <david at endpoint.com>
> Sent: Monday, October 19, 2020 10:56 AM
> To: Norman Wong <Norman.Wong at cn.ca>
> Cc: check_postgres at bucardo.org; Luc Galasso <Luc.Galasso at cn.ca>
> Subject: Re: [check_postgres] Super user role
> 
> Hi Norman,
> 
> You can check HEAD on the repo (or just retrieve from here):
> 
> https://raw.githubusercontent.com/bucardo/check_postgres/master/check_postgres.pl
> 
> Best,
> 
> David
> --
> David Christensen
> Senior Software and Database Engineer
> End Point Corporation
> david at endpoint.com
> 785-727-1171
> 
> 
>> On Oct 19, 2020, at 9:19 AM, Norman Wong <Norman.Wong at cn.ca> wrote:
>> 
>> Yes.  I would be able to test in our environment.
>> 
>> 
>> -----Original Message-----
>> From: David Christensen <david at endpoint.com>
>> Sent: Monday, October 19, 2020 10:05 AM
>> To: Norman Wong <Norman.Wong at cn.ca>
>> Cc: check_postgres at bucardo.org; Luc Galasso <Luc.Galasso at cn.ca>
>> Subject: Re: [check_postgres] Super user role
>> 
>> 
>> So after doing some research on this looks like 9.6 and up, but sounds like it will still work in your case. Would you be able to test a patch to check this support?
>> 
>> Sent from my iPhone
>> 
>>> On Oct 19, 2020, at 8:01 AM, Norman Wong <Norman.Wong at cn.ca> wrote:
>>> 
>>> We are running only on supported versions of Postgresql Community edition (so 9.6+).
>>> 
>>> I did a quick and dirty update to the perl code and hardcoded a 'SET ROLE' before each command.  It works without problem.  I am able to run all the checks requiring Super User access without a Altering the monitoring role.
>>> 
>>> Thanks for you quick response.
>>> 
>>> Norm
>>> 
>>> 
>>> -----Original Message-----
>>> From: David Christensen <david at endpoint.com>
>>> Sent: Sunday, October 18, 2020 1:08 PM
>>> To: Norman Wong <Norman.Wong at cn.ca>
>>> Cc: check_postgres at bucardo.org
>>> Subject: Re: [check_postgres] Super user role
>>> 
>>> Hi Norman,
>>> 
>>> You’re envisioning something which if set just does a `SET ROLE …` after making the connection but before running the individual checks? This does not seem like it would be very hard given a `psql` >= 9.5, as we could add the additional commands to the generated `psql` commands.
>>> 
>>> Supporting versions earlier than this would be quite a bit harder.
>>> Would that support your needs or do you have older databases than 9.5?
>>> (If 9.5 is in fact the cutoff for support, I’m fine with adding new
>>> features that would support all supported PostgreSQL versions.)
>>> 
>>> Best,
>>> 
>>> David
>>> --
>>> David Christensen
>>> Senior Software and Database Engineer End Point Corporation
>>> david at endpoint.com
>>> 785-727-1171
>>> 
>>> 
>>>> On Oct 15, 2020, at 1:29 PM, Norman Wong <Norman.Wong at cn.ca> wrote:
>>>> 
>>>> Thanks for producing this great module.  I’d like to suggest a small addition.
>>>> 
>>>> In our organization we do not grant superuser to any login roles.  There is a group role with superuser authority.  Superuser privilege cannot be inherited.  The login roles in this group must explicitly set the role to the superuser group to elevate their privileges.
>>>> 
>>>> There are a number of checks within check_postgres.pl that require superuser privilege.  Would it be possible to have a parameter where we can pass the superuser group role (e.g. –role )?
>>>> 
>>>> Thanks,
>>>> 
>>>> 
>>>> Norman Wong, BMath, FLMI, RRCP Certified Specialist Database, IT
>>>> Technology & Infrastructure for Db2, Postgresql, Hana DB, and
>>>> Versant Management | Information Technology
>>>> T: 514-399-7264 | C: 514-206-2258
>>>> Celebrating 100 years | Célébrons nos 100 ans
>>>> 
>>>> 
>>>> _______________________________________________
>>>> Check_postgres mailing list
>>>> Check_postgres at bucardo.org
>>>> https://bucardo.org/mailman/listinfo/check_postgres
>>> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://bucardo.org/pipermail/check_postgres/attachments/20201019/d690e4d4/attachment-0001.sig>

More information about the Check_postgres mailing list