]> git.openstreetmap.org Git - chef.git/commitdiff
Don't allow postgres export to remove IPC objects
authorTom Hughes <tom@compton.nu>
Mon, 23 Jan 2023 10:04:19 +0000 (10:04 +0000)
committerTom Hughes <tom@compton.nu>
Mon, 23 Jan 2023 10:05:52 +0000 (10:05 +0000)
cookbooks/postgresql/recipes/default.rb
cookbooks/prometheus/resources/exporter.rb

index 07e59cbce81761aa7ea60e218dce71c540b26894..affe9f502d50084d620cb7c09794805943b44f25 100644 (file)
@@ -198,5 +198,6 @@ prometheus_exporter "postgres" do
               "PG_EXPORTER_AUTO_DISCOVER_DATABASES" => "true",
               "PG_EXPORTER_EXCLUDE_DATABASES" => "postgres,template0,template1"
   restrict_address_families "AF_UNIX"
               "PG_EXPORTER_AUTO_DISCOVER_DATABASES" => "true",
               "PG_EXPORTER_EXCLUDE_DATABASES" => "postgres,template0,template1"
   restrict_address_families "AF_UNIX"
+  remove_ipc false
   subscribes :restart, "template[/etc/prometheus/exporters/postgres_queries.yml]"
 end
   subscribes :restart, "template[/etc/prometheus/exporters/postgres_queries.yml]"
 end
index 3087f9c93084eede68b1104ac035dd7632594862..581c961ddd4709de25cad39b564eeacb18de921f 100644 (file)
@@ -36,6 +36,7 @@ property :proc_subset, String
 property :private_devices, [true, false]
 property :protect_clock, [true, false]
 property :restrict_address_families, [String, Array]
 property :private_devices, [true, false]
 property :protect_clock, [true, false]
 property :restrict_address_families, [String, Array]
+property :remove_ipc, [true, false]
 property :system_call_filter, [String, Array]
 property :service, :kind_of => String
 property :scrape_interval, :kind_of => String
 property :system_call_filter, [String, Array]
 property :service, :kind_of => String
 property :scrape_interval, :kind_of => String
@@ -60,6 +61,7 @@ action :create do
     private_devices new_resource.private_devices if new_resource.property_is_set?(:private_devices)
     protect_clock new_resource.protect_clock if new_resource.property_is_set?(:protect_clock)
     restrict_address_families new_resource.restrict_address_families if new_resource.property_is_set?(:restrict_address_families)
     private_devices new_resource.private_devices if new_resource.property_is_set?(:private_devices)
     protect_clock new_resource.protect_clock if new_resource.property_is_set?(:protect_clock)
     restrict_address_families new_resource.restrict_address_families if new_resource.property_is_set?(:restrict_address_families)
+    remove_ipc new_resource.remove_ipc if new_resource.property_is_set?(:remove_ipc)
     system_call_filter new_resource.system_call_filter if new_resource.property_is_set?(:system_call_filter)
   end
 
     system_call_filter new_resource.system_call_filter if new_resource.property_is_set?(:system_call_filter)
   end