Juju Charms Collection
postgresql package

Merge lp:~pjdc/charms/trusty/postgresql/nagios-additional-servicegroups into lp:charms/trusty/postgresql

  1. Trusty Tahr (14.04)
  2. nagios-additional-servicegroups
  3. Merge into trunk
Proposed by Paul Collins
Status: Merged
Merged at revision: 113
Proposed branch: lp:~pjdc/charms/trusty/postgresql/nagios-additional-servicegroups
Merge into: lp:charms/trusty/postgresql
Diff against target: 104 lines (+37/-8)
4 files modified
config.yaml (+9/-0)
hooks/hooks.py (+23/-7)
hooks/test_hooks.py (+1/-0)
templates/pg_hba.conf.tmpl (+4/-1)
To merge this branch: bzr merge lp:~pjdc/charms/trusty/postgresql/nagios-additional-servicegroups
Reviewer Review Type Date Requested Status
Stuart Bishop (community) Approve
Review via email: mp+248702@code.launchpad.net

Description of the change

1) Add config item nagios_additional_servicegroups, and use it.

2) When manual_replication is in use, update_nrpe_checks() may not be able to create the "nagios" role, e.g. if this postgres is replicating from another instance. Alter this function to not fail on role creation when manual_replication=true, and also alter pg_hba.conf.tmpl to let the administrator permit passwordless monitoring via the "nagios" role by adding a suitable line to extra_pg_auth.

To post a comment you must log in.
Revision history for this message
Stuart Bishop (stub) wrote :

We should probably just allow nagios@localhost to authenticate without a password. The account will still need to be created manually on the master when using manual replication, but it means we don't also need to sync the nagios user's password around. But no need to block this branch on that refactoring.

The changes look good. Ta.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'config.yaml'
2--- config.yaml 2014-12-04 17:47:43 +0000
3+++ config.yaml 2015-02-05 04:09:03 +0000
4@@ -369,6 +369,15 @@
5 juju-postgresql-0
6 If you're running multiple environments with the same services in them
7 this allows you to differentiate between them.
8+ nagios_additional_servicegroups:
9+ default: ""
10+ type: string
11+ description: |
12+ Used by the nrpe-external-master subordinate charm.
13+ A comma-separated list of servicegroups to include along with
14+ nagios_context when generating nagios service check configs.
15+ This is useful for nagios installations where servicegroups
16+ are used to apply special treatment to particular checks.
17 pgdg:
18 description: |
19 Enable the PostgreSQL Global Development Group APT repository
20
21=== modified file 'hooks/hooks.py'
22--- hooks/hooks.py 2015-01-13 16:14:28 +0000
23+++ hooks/hooks.py 2015-02-05 04:09:03 +0000
24@@ -2487,12 +2487,21 @@
25 except Exception:
26 hookenv.log("Nagios user not set up.", hookenv.DEBUG)
27 return
28- nagios_password = create_user('nagios')
29- pg_pass_entry = '*:*:*:nagios:%s' % (nagios_password)
30- with open('/var/lib/nagios/.pgpass', 'w') as target:
31- os.fchown(target.fileno(), nagios_uid, nagios_gid)
32- os.fchmod(target.fileno(), 0400)
33- target.write(pg_pass_entry)
34+
35+ try:
36+ nagios_password = create_user('nagios')
37+ pg_pass_entry = '*:*:*:nagios:%s' % (nagios_password)
38+ with open('/var/lib/nagios/.pgpass', 'w') as target:
39+ os.fchown(target.fileno(), nagios_uid, nagios_gid)
40+ os.fchmod(target.fileno(), 0400)
41+ target.write(pg_pass_entry)
42+ except psycopg2.InternalError:
43+ if config_data['manual_replication']:
44+ log("update_nrpe_checks(): manual_replication: "
45+ "ignoring psycopg2.InternalError caught creating 'nagios' "
46+ "postgres role; assuming we're already replicating")
47+ else:
48+ raise
49
50 unit_name = hookenv.local_unit().replace('/', '-')
51 nagios_hostname = "%s-%s" % (config_data['nagios_context'], unit_name)
52@@ -2508,9 +2517,16 @@
53 os.remove(os.path.join('/var/lib/nagios/export/', f))
54
55 # --- exported service configuration file
56+ servicegroups = [config_data['nagios_context']]
57+ additional_servicegroups = config_data['nagios_additional_servicegroups']
58+ if additional_servicegroups != '':
59+ servicegroups.extend(
60+ servicegroup.strip() for servicegroup
61+ in additional_servicegroups.split(',')
62+ )
63 templ_vars = {
64 'nagios_hostname': nagios_hostname,
65- 'nagios_servicegroup': config_data['nagios_context'],
66+ 'nagios_servicegroup': ', '.join(servicegroups),
67 }
68 template = render_template('nrpe_service.tmpl', templ_vars)
69 with open(nrpe_service_file, 'w') as nrpe_service_config:
70
71=== modified file 'hooks/test_hooks.py'
72--- hooks/test_hooks.py 2014-05-29 13:08:35 +0000
73+++ hooks/test_hooks.py 2015-02-05 04:09:03 +0000
74@@ -115,6 +115,7 @@
75 "backup_schedule": "13 4 * * *",
76 "backup_retention_count": 7,
77 "nagios_context": "juju",
78+ "nagios_additional_servicegroups": "on-call-services",
79 "pgdg": False,
80 "install_sources": "",
81 "install_keys": "",
82
83=== modified file 'templates/pg_hba.conf.tmpl'
84--- templates/pg_hba.conf.tmpl 2014-05-19 18:13:35 +0000
85+++ templates/pg_hba.conf.tmpl 2015-02-05 04:09:03 +0000
86@@ -5,7 +5,6 @@
87 # Database administrative login by UNIX sockets
88 local all root,postgres ident map=superusers
89 local replication root,postgres ident map=superusers
90-local all nagios md5
91
92 {% if extra_pg_auth is defined and extra_pg_auth|count > 0 -%}
93 # extra_pg_auth
94@@ -14,6 +13,10 @@
95 {% endfor -%}
96 {% endif -%}
97
98+# monitoring (this is below extra_pg_auth to allow for
99+# specialized scenarios involving manual_replication=true)
100+local all nagios md5
101+
102 {% if access_list is defined -%}
103 {% for unit in access_list -%}
104 # {{unit['relation-id']}} from {{unit['unit']}}

Subscribers

People subscribed via source and target branches

to all changes: