From f5527d84e5d638dea105bb207c0c406a6db5e7ae Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Mon, 23 Jan 2023 10:04:19 +0000 Subject: [PATCH] Don't allow postgres export to remove IPC objects --- cookbooks/postgresql/recipes/default.rb | 1 + cookbooks/prometheus/resources/exporter.rb | 2 ++ 2 files changed, 3 insertions(+) diff --git a/cookbooks/postgresql/recipes/default.rb b/cookbooks/postgresql/recipes/default.rb index 07e59cbce..affe9f502 100644 --- a/cookbooks/postgresql/recipes/default.rb +++ b/cookbooks/postgresql/recipes/default.rb @@ -198,5 +198,6 @@ prometheus_exporter "postgres" do "PG_EXPORTER_AUTO_DISCOVER_DATABASES" => "true", "PG_EXPORTER_EXCLUDE_DATABASES" => "postgres,template0,template1" restrict_address_families "AF_UNIX" + remove_ipc false subscribes :restart, "template[/etc/prometheus/exporters/postgres_queries.yml]" end diff --git a/cookbooks/prometheus/resources/exporter.rb b/cookbooks/prometheus/resources/exporter.rb index 3087f9c93..581c961dd 100644 --- a/cookbooks/prometheus/resources/exporter.rb +++ b/cookbooks/prometheus/resources/exporter.rb @@ -36,6 +36,7 @@ property :proc_subset, String property :private_devices, [true, false] property :protect_clock, [true, false] property :restrict_address_families, [String, Array] +property :remove_ipc, [true, false] property :system_call_filter, [String, Array] property :service, :kind_of => String property :scrape_interval, :kind_of => String @@ -60,6 +61,7 @@ action :create do private_devices new_resource.private_devices if new_resource.property_is_set?(:private_devices) protect_clock new_resource.protect_clock if new_resource.property_is_set?(:protect_clock) restrict_address_families new_resource.restrict_address_families if new_resource.property_is_set?(:restrict_address_families) + remove_ipc new_resource.remove_ipc if new_resource.property_is_set?(:remove_ipc) system_call_filter new_resource.system_call_filter if new_resource.property_is_set?(:system_call_filter) end -- 2.39.5