Consider support for pg_service file for remote servers definition in remote setup option.

[aleszeleny]

Hello,

thanks for working on POWA, such a great tool!

I've realized a limitation (by a convention, I did not want to modify package provided powa-collector systemd unit file ==> it runs under root OS account [at least the version for CentOS]) coming from the fact, that monitored servers are identified by host/ip_addr and port [what is generally meaningfully] but running powa-collector under root requires storing .pgpass in root user home directory, while I'd like to keep passwords (outside plain text powa_servers table column) in a directory managed by Postgres [and ansible roles dedicated to Postgres management]. This might be achieved by using the service file entries.
The expected limitation in such a case is that the user shall decide to use IP/port or service names to uniquely identify monitored clusters unless there is libPQ/Psycopg2 feature to parse the content of the service file (what might become tricky, as it allows more than a simple IP).

An alternative might be to modify the powa-collector service to run under postgres OS user, which is generally easy to do, but might be a limitation for cases, when powa-collector is intended to run on a host other than RDBMS installed.

In my case, I'll create different systemd unit file just to run powa-collector under postgres OS user as the intention now is to run it on the same host where central powa repository instance is deployed, so no problems are expected to have collector running under Postrgres and therefore .pgpass will be in postgres OS user home and sysadmins will be satisfied for me not touching root's home directory.
The idea about the service file was just motivated by having, possibly, more generic solution.

Thanks Ales

[rjuju]

Thanks a lot!

If your primary goal is to have powa-collector running as a specific user, have you tried to rely on something like systemctl edit powa-collector.service and specify (or override) User and/or Group configuration (and then of course systemctl daemon-reload)? This should add extra configuration files without modifying the RPM shipped definition.

I can of course still add support for config file even if that makes things easier for you.

[aleszeleny]

Thanks for the tip with systemctl edit, I'll check the ansible role whether I'll be able to manage it that way.

My personal (so I can be wrong...) feeling is, that .pgpass is perfect for humans, potentially for an application user if it is a dedicated application account, but for a shared central managed use, I tend to prefer using a service file under the SYSCONFIG directory with an appropriate file permissions.

Kind regards Ales

[rjuju]

Thanks for the tip with systemctl edit, I'll check the ansible role whether I'll be able to manage it that way.

Ok, let me know if that solves at least partially your problem.

My personal (so I can be wrong...) feeling is, that .pgpass is perfect for humans, potentially for an application user if it is a dedicated application account, but for a shared central managed use, I tend to prefer using a service file under the SYSCONFIG directory with an appropriate file permissions.

That sounds like a perfectly reasonable thing to do. As I said I'll be happy to work on implementing service file compatibility :)

[aleszeleny]

I need a while to complete some tasks, afterward I'll take a look at it. The custom unit file is a backup plan in my case :-)

[aleszeleny]

Hello,
the systemctl edit solution works prefectly:

● powa-collector.service - POWA Collector Daemon
   Loaded: loaded (/usr/lib/systemd/system/powa-collector.service; enabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/powa-collector.service.d
           └─override.conf
   Active: active (running) since Čt 2021-03-18 14:48:43 CET; 3min 23s ago
     Docs: https://powa.readthedocs.io/en/latest/powa-collector/
 Main PID: 4884 (python3)
    Tasks: 6
   Memory: 37.3M
   CGroup: /system.slice/powa-collector.service
           └─4884 /usr/bin/python3 /usr/bin/powa-collector.py

[Service]
User=postgres
Group=postgres

# ps -fp 4884
UID        PID  PPID  C STIME TTY          TIME CMD
postgres  4884     1  0 14:48 ?        00:00:02 /usr/bin/python3 /usr/bin/powa-collector.py

The ugly part is, that I was not able to find an Ansible way to do so (ansible.builtin.systemd).

Possible hack: https://stackoverflow.com/questions/35105615/ansible-use-default-if-a-variable-is-not-defined
or just create the override file manually, reload systems and re/start powa collector.

Anyway, systems override is a valid solution.