0

I need to give some rights to my user postgres_exporter to scrape metrics from postgres to grafana

I can do that on each server by

sudo -iu postgres psql -c 'GRANT pg_read_all_settings TO postgres_exporter;'
sudo -iu postgres psql -c  'GRANT EXECUTE ON FUNCTION pg_ls_logdir() TO postgres_exporter;'
sudo -iu postgres psql -c  'GRANT EXECUTE ON FUNCTION pg_ls_waldir() TO postgres_exporter;'
sudo -iu postgres psql -c 'GRANT CREATE ON TABLESPACE pg_global TO postgres_exporter;'

But i want to use ansible for that, but without module postgresql_query, because its not supporting check diff mode

How to add user to default roles such as pg_read_all_settings, without creating a user?

For the last three commands i did, but im not sure about that.

- name: GRANT EXECUTE ON FUNCTION pg_ls_logdir() TO postgres_exporter
  community.postgresql.postgresql_privs:
    db: "{{ db_name }}"
    port: "{{ pg_port }}"
    privs: EXECUTE
    type: function
    obj: pg_ls_logdir()
    roles: "{{ postgres_exporter_user }}"

- name: GRANT EXECUTE ON FUNCTION pg_ls_waldir() TO postgres_exporter
  community.postgresql.postgresql_privs:
    db: "{{ db_name }}"
    port: "{{ pg_port }}"
    privs: EXECUTE
    type: function
    obj: pg_ls_waldir()
    roles: "{{ postgres_exporter_user }}"

- name: GRANT CREATE ON TABLESPACE pg_global TO postgres_exporter
  community.postgresql.postgresql_privs:
    db: "{{ db_name }}"
    port: "{{ pg_port }}"
    privs: CREATE
    type: tablespace
    objs: pg_global
    roles: "{{ postgres_exporter_user }}"
a1dude
  • 11
  • 3

1 Answers1

0

role pg_monitor resolve all problems with scraping metrics

- name: Grant role pg_monitor to postgres_exporter user
  become: true
  become_user: postgres
  community.postgresql.postgresql_membership:
    group: pg_monitor
    target_roles: "{{ postgres_exporter_user }}"
    state: present
a1dude
  • 11
  • 3