Skip to content

Commit fce8692

Browse files
snarlisticwrouesnel
snarlistic
authored and
wrouesnel
committed
Update the running as non-superuser section. This solves the problem that certain metrics didn't produce a value.
1 parent 6d2cae6 commit fce8692

File tree

1 file changed

+23
-7
lines changed

1 file changed

+23
-7
lines changed

README.md

Lines changed: 23 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -163,11 +163,13 @@ flag. This removes all built-in metrics, and uses only metrics defined by querie
163163
### Running as non-superuser
164164

165165
To be able to collect metrics from `pg_stat_activity` and `pg_stat_replication`
166-
as non-superuser you have to create views as a superuser, and assign permissions
167-
separately to those.
166+
as non-superuser you have to create functions and views as a superuser, and
167+
assign permissions separately to those.
168168

169169
In PostgreSQL, views run with the permissions of the user that created them so
170-
they can act as security barriers.
170+
they can act as security barriers. Functions need to be created to share this
171+
data with the non-superuser. Only creating the views will leave out the most
172+
important bits of data.
171173

172174
```sql
173175
CREATE USER postgres_exporter PASSWORD 'password';
@@ -176,16 +178,30 @@ ALTER USER postgres_exporter SET SEARCH_PATH TO postgres_exporter,pg_catalog;
176178
-- If deploying as non-superuser (for example in AWS RDS), uncomment the GRANT
177179
-- line below and replace <MASTER_USER> with your root user.
178180
-- GRANT postgres_exporter TO <MASTER_USER>
179-
CREATE SCHEMA postgres_exporter AUTHORIZATION postgres_exporter;
181+
CREATE SCHEMA postgres_exporter;
182+
GRANT USAGE ON SCHEMA postgres_exporter TO postgres_exporter;
183+
184+
CREATE FUNCTION get_pg_stat_activity() RETURNS SETOF pg_stat_activity AS
185+
$$ SELECT * FROM pg_catalog.pg_stat_activity; $$
186+
LANGUAGE sql
187+
VOLATILE
188+
SECURITY DEFINER;
180189

181190
CREATE VIEW postgres_exporter.pg_stat_activity
182191
AS
183-
SELECT * from pg_catalog.pg_stat_activity;
192+
SELECT * from get_pg_stat_activity();
184193

185194
GRANT SELECT ON postgres_exporter.pg_stat_activity TO postgres_exporter;
186195

187-
CREATE VIEW postgres_exporter.pg_stat_replication AS
188-
SELECT * from pg_catalog.pg_stat_replication;
196+
CREATE FUNCTION get_pg_stat_replication() RETURNS SETOF pg_stat_replication AS
197+
$$ SELECT * FROM pg_catalog.pg_stat_replication; $$
198+
LANGUAGE sql
199+
VOLATILE
200+
SECURITY DEFINER;
201+
202+
CREATE VIEW postgres_exporter.pg_stat_replication
203+
AS
204+
SELECT * FROM get_pg_stat_replication();
189205

190206
GRANT SELECT ON postgres_exporter.pg_stat_replication TO postgres_exporter;
191207
```

0 commit comments

Comments
 (0)