From 71b56f7c1cc8eba7af4ff9baacb975189933da24 Mon Sep 17 00:00:00 2001 From: Alex Vandiver Date: Mon, 13 Dec 2021 20:23:23 -0800 Subject: [PATCH] puppet: process_fts_updates connects as nagios (or provided username). It should not use the configured zulip username, but should instead pull from the login user (likely `nagios`), or an explicit alternate provided PostgreSQL username. Failure to do so results in Nagios failures because the `nagios` login does not have permissions to authenticated the `zulip` PostgreSQL user. This requires CI changes, as the install tests install as the `zulip` login username, which allowed Nagios tests to pass previously; with the custom database and username, however, they must be passed to process_fts_updates explicitly when validating the install. --- .github/workflows/production-suite.yml | 6 +-- .../files/postgresql/process_fts_updates | 6 +++ tools/ci/production-verify | 38 ++++++++++++++++++- 3 files changed, 46 insertions(+), 4 deletions(-) diff --git a/.github/workflows/production-suite.yml b/.github/workflows/production-suite.yml index 03e84de3a7..caec1aefee 100644 --- a/.github/workflows/production-suite.yml +++ b/.github/workflows/production-suite.yml @@ -194,7 +194,7 @@ jobs: sudo /tmp/production-install ${{ matrix.extra-args }} - name: Verify install - run: sudo /tmp/production-verify + run: sudo /tmp/production-verify ${{ matrix.extra-args }} - name: Install pgroonga if: ${{ matrix.is_bionic }} @@ -202,7 +202,7 @@ jobs: - name: Verify install after installing pgroonga if: ${{ matrix.is_bionic }} - run: sudo /tmp/production-verify + run: sudo /tmp/production-verify ${{ matrix.extra-args }} - name: Upgrade postgresql if: ${{ matrix.is_bionic }} @@ -210,7 +210,7 @@ jobs: - name: Verify install after upgrading postgresql if: ${{ matrix.is_bionic }} - run: sudo /tmp/production-verify + run: sudo /tmp/production-verify ${{ matrix.extra-args }} - name: Report status if: failure() diff --git a/puppet/zulip/files/postgresql/process_fts_updates b/puppet/zulip/files/postgresql/process_fts_updates index 1b31176f14..dff771cbd8 100755 --- a/puppet/zulip/files/postgresql/process_fts_updates +++ b/puppet/zulip/files/postgresql/process_fts_updates @@ -47,6 +47,7 @@ BATCH_SIZE = 1000 parser = argparse.ArgumentParser() parser.add_argument("--quiet", action="store_true") parser.add_argument("--nagios-check", action="store_true") +parser.add_argument("--nagios-user") options = parser.parse_args() logging.Formatter.converter = time.gmtime @@ -154,6 +155,11 @@ except ImportError: conn: Optional[psycopg2.extensions.connection] if options.nagios_check: + # Nagios connects as itself, unless you specify otherwise + if options.nagios_user: + pg_args["user"] = options.nagios_user + else: + del pg_args["user"] conn = psycopg2.connect(**pg_args) cursor = conn.cursor() cursor.execute("SELECT count(*) FROM fts_update_log") diff --git a/tools/ci/production-verify b/tools/ci/production-verify index 9c508b0fa2..472d883c6c 100755 --- a/tools/ci/production-verify +++ b/tools/ci/production-verify @@ -5,6 +5,42 @@ set -e set -x +usage() { + cat <<'EOF' +Usage: + production-verify + production-verify --test-custom-db + production-verify --help + +Options: + --test-custom-db + Use custom database and user names. + +EOF +} + +# Shell option parsing. +args="$(getopt -o '' --long help,test-custom-db -n "$0" -- "$@")" +eval "set -- $args" +NAGIOS_USER="zulip" +while true; do + case "$1" in + --help) + usage + exit 0 + ;; + + --test-custom-db) + NAGIOS_USER="zulipcustomuser" + shift + ;; + --) + shift + break + ;; + esac +done + cat >>/etc/zulip/settings.py <