Juju Charms Collection
postgresql package

Merge lp:~pjdc/charms/trusty/postgresql/nagios-additional-servicegroups into lp:charms/trusty/postgresql

  1. Trusty Tahr (14.04)
  2. nagios-additional-servicegroups
  3. Merge into trunk
Proposed by Paul Collins
Status: Merged
Merged at revision: 113
Proposed branch: lp:~pjdc/charms/trusty/postgresql/nagios-additional-servicegroups
Merge into: lp:charms/trusty/postgresql
Diff against target: 104 lines (+37/-8)
4 files modified
config.yaml (+9/-0)
hooks/hooks.py (+23/-7)
hooks/test_hooks.py (+1/-0)
templates/pg_hba.conf.tmpl (+4/-1)
To merge this branch: bzr merge lp:~pjdc/charms/trusty/postgresql/nagios-additional-servicegroups
Reviewer Review Type Date Requested Status
Stuart Bishop (community) Approve
Review via email: mp+248702@code.launchpad.net

Description of the change

1) Add config item nagios_additional_servicegroups, and use it.

2) When manual_replication is in use, update_nrpe_checks() may not be able to create the "nagios" role, e.g. if this postgres is replicating from another instance. Alter this function to not fail on role creation when manual_replication=true, and also alter pg_hba.conf.tmpl to let the administrator permit passwordless monitoring via the "nagios" role by adding a suitable line to extra_pg_auth.

To post a comment you must log in.
Revision history for this message
Stuart Bishop (stub) wrote :

We should probably just allow nagios@localhost to authenticate without a password. The account will still need to be created manually on the master when using manual replication, but it means we don't also need to sync the nagios user's password around. But no need to block this branch on that refactoring.

The changes look good. Ta.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'config.yaml'
--- config.yaml 2014-12-04 17:47:43 +0000
+++ config.yaml 2015-02-05 04:09:03 +0000
@@ -369,6 +369,15 @@
369 juju-postgresql-0369 juju-postgresql-0
370 If you're running multiple environments with the same services in them370 If you're running multiple environments with the same services in them
371 this allows you to differentiate between them.371 this allows you to differentiate between them.
372 nagios_additional_servicegroups:
373 default: ""
374 type: string
375 description: |
376 Used by the nrpe-external-master subordinate charm.
377 A comma-separated list of servicegroups to include along with
378 nagios_context when generating nagios service check configs.
379 This is useful for nagios installations where servicegroups
380 are used to apply special treatment to particular checks.
372 pgdg:381 pgdg:
373 description: |382 description: |
374 Enable the PostgreSQL Global Development Group APT repository383 Enable the PostgreSQL Global Development Group APT repository
375384
=== modified file 'hooks/hooks.py'
--- hooks/hooks.py 2015-01-13 16:14:28 +0000
+++ hooks/hooks.py 2015-02-05 04:09:03 +0000
@@ -2487,12 +2487,21 @@
2487 except Exception:2487 except Exception:
2488 hookenv.log("Nagios user not set up.", hookenv.DEBUG)2488 hookenv.log("Nagios user not set up.", hookenv.DEBUG)
2489 return2489 return
2490 nagios_password = create_user('nagios')2490
2491 pg_pass_entry = '*:*:*:nagios:%s' % (nagios_password)2491 try:
2492 with open('/var/lib/nagios/.pgpass', 'w') as target:2492 nagios_password = create_user('nagios')
2493 os.fchown(target.fileno(), nagios_uid, nagios_gid)2493 pg_pass_entry = '*:*:*:nagios:%s' % (nagios_password)
2494 os.fchmod(target.fileno(), 0400)2494 with open('/var/lib/nagios/.pgpass', 'w') as target:
2495 target.write(pg_pass_entry)2495 os.fchown(target.fileno(), nagios_uid, nagios_gid)
2496 os.fchmod(target.fileno(), 0400)
2497 target.write(pg_pass_entry)
2498 except psycopg2.InternalError:
2499 if config_data['manual_replication']:
2500 log("update_nrpe_checks(): manual_replication: "
2501 "ignoring psycopg2.InternalError caught creating 'nagios' "
2502 "postgres role; assuming we're already replicating")
2503 else:
2504 raise
24962505
2497 unit_name = hookenv.local_unit().replace('/', '-')2506 unit_name = hookenv.local_unit().replace('/', '-')
2498 nagios_hostname = "%s-%s" % (config_data['nagios_context'], unit_name)2507 nagios_hostname = "%s-%s" % (config_data['nagios_context'], unit_name)
@@ -2508,9 +2517,16 @@
2508 os.remove(os.path.join('/var/lib/nagios/export/', f))2517 os.remove(os.path.join('/var/lib/nagios/export/', f))
25092518
2510 # --- exported service configuration file2519 # --- exported service configuration file
2520 servicegroups = [config_data['nagios_context']]
2521 additional_servicegroups = config_data['nagios_additional_servicegroups']
2522 if additional_servicegroups != '':
2523 servicegroups.extend(
2524 servicegroup.strip() for servicegroup
2525 in additional_servicegroups.split(',')
2526 )
2511 templ_vars = {2527 templ_vars = {
2512 'nagios_hostname': nagios_hostname,2528 'nagios_hostname': nagios_hostname,
2513 'nagios_servicegroup': config_data['nagios_context'],2529 'nagios_servicegroup': ', '.join(servicegroups),
2514 }2530 }
2515 template = render_template('nrpe_service.tmpl', templ_vars)2531 template = render_template('nrpe_service.tmpl', templ_vars)
2516 with open(nrpe_service_file, 'w') as nrpe_service_config:2532 with open(nrpe_service_file, 'w') as nrpe_service_config:
25172533
=== modified file 'hooks/test_hooks.py'
--- hooks/test_hooks.py 2014-05-29 13:08:35 +0000
+++ hooks/test_hooks.py 2015-02-05 04:09:03 +0000
@@ -115,6 +115,7 @@
115 "backup_schedule": "13 4 * * *",115 "backup_schedule": "13 4 * * *",
116 "backup_retention_count": 7,116 "backup_retention_count": 7,
117 "nagios_context": "juju",117 "nagios_context": "juju",
118 "nagios_additional_servicegroups": "on-call-services",
118 "pgdg": False,119 "pgdg": False,
119 "install_sources": "",120 "install_sources": "",
120 "install_keys": "",121 "install_keys": "",
121122
=== modified file 'templates/pg_hba.conf.tmpl'
--- templates/pg_hba.conf.tmpl 2014-05-19 18:13:35 +0000
+++ templates/pg_hba.conf.tmpl 2015-02-05 04:09:03 +0000
@@ -5,7 +5,6 @@
5# Database administrative login by UNIX sockets5# Database administrative login by UNIX sockets
6local all root,postgres ident map=superusers6local all root,postgres ident map=superusers
7local replication root,postgres ident map=superusers7local replication root,postgres ident map=superusers
8local all nagios md5
98
10{% if extra_pg_auth is defined and extra_pg_auth|count > 0 -%}9{% if extra_pg_auth is defined and extra_pg_auth|count > 0 -%}
11# extra_pg_auth10# extra_pg_auth
@@ -14,6 +13,10 @@
14{% endfor -%}13{% endfor -%}
15{% endif -%}14{% endif -%}
1615
16# monitoring (this is below extra_pg_auth to allow for
17# specialized scenarios involving manual_replication=true)
18local all nagios md5
19
17{% if access_list is defined -%}20{% if access_list is defined -%}
18{% for unit in access_list -%}21{% for unit in access_list -%}
19# {{unit['relation-id']}} from {{unit['unit']}}22# {{unit['relation-id']}} from {{unit['unit']}}

Subscribers

People subscribed via source and target branches

to all changes: