我需要授予我的用户 postgres_exporter 一些权限,以便将指标从 postgres 抓取到 grafana
我可以在每台服务器上执行此操作
sudo -iu postgres psql -c 'GRANT pg_read_all_settings TO postgres_exporter;'
sudo -iu postgres psql -c 'GRANT EXECUTE ON FUNCTION pg_ls_logdir() TO postgres_exporter;'
sudo -iu postgres psql -c 'GRANT EXECUTE ON FUNCTION pg_ls_waldir() TO postgres_exporter;'
sudo -iu postgres psql -c 'GRANT CREATE ON TABLESPACE pg_global TO postgres_exporter;'
但我想使用 ansible 来实现这一点,但没有模块postgresql_查询,因为它不支持检查差异模式
如何将用户添加到默认角色,例如读取所有设置,无需创建用户?
对于最后三个命令我做了,但我不确定。
- name: GRANT EXECUTE ON FUNCTION pg_ls_logdir() TO postgres_exporter
community.postgresql.postgresql_privs:
db: "{{ db_name }}"
port: "{{ pg_port }}"
privs: EXECUTE
type: function
obj: pg_ls_logdir()
roles: "{{ postgres_exporter_user }}"
- name: GRANT EXECUTE ON FUNCTION pg_ls_waldir() TO postgres_exporter
community.postgresql.postgresql_privs:
db: "{{ db_name }}"
port: "{{ pg_port }}"
privs: EXECUTE
type: function
obj: pg_ls_waldir()
roles: "{{ postgres_exporter_user }}"
- name: GRANT CREATE ON TABLESPACE pg_global TO postgres_exporter
community.postgresql.postgresql_privs:
db: "{{ db_name }}"
port: "{{ pg_port }}"
privs: CREATE
type: tablespace
objs: pg_global
roles: "{{ postgres_exporter_user }}"
答案1
角色 pg_monitor 解决抓取指标的所有问题
- name: Grant role pg_monitor to postgres_exporter user
become: true
become_user: postgres
community.postgresql.postgresql_membership:
group: pg_monitor
target_roles: "{{ postgres_exporter_user }}"
state: present