rpms/resource-agents
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- pgsqlms: use monitor_user and monitor_password for monitor operations

Browse Source 
Resolves: RHEL-150842
This commit is contained in:
Arslan Ahmad 2026-05-25 15:11:06 +05:30
parent afa76dbdac
commit aebab6b777
2 changed files with 128 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

119
RHEL-150842-pgsqlms-use-monitor_user-for-monitor-calls-and-use-pgpass-when-monitor_password-is-not-specified.patch Normal file
View File

@ -0,0 +1,119 @@
--- a/heartbeat/pgsqlms
+++ b/heartbeat/pgsqlms
@@ -48,6 +48,8 @@
# Default parameters values
my $system_user_default = "postgres";
+my $monitor_user_default = "";
+my $monitor_password_default = "";
my $bindir_default = "/usr/bin";
my $pgdata_default = "/var/lib/pgsql/data";
my $pghost_default = "/tmp";
@@ -57,6 +59,8 @@
# Set default values if not found in environment
my $system_user = $ENV{'OCF_RESKEY_system_user'} || $system_user_default;
+my $monitor_user = $ENV{'OCF_RESKEY_monitor_user'} || $monitor_user_default;
+my $monitor_password = $ENV{'OCF_RESKEY_monitor_password'} || $monitor_password_default;
my $bindir = $ENV{'OCF_RESKEY_bindir'} || $bindir_default;
my $pgdata = $ENV{'OCF_RESKEY_pgdata'} || $pgdata_default;
my $datadir = $ENV{'OCF_RESKEY_datadir'} || $pgdata;
@@ -98,6 +102,7 @@
# the result as second one.
#
sub _query {
+ my $user = shift if @_ == 3;
my $query = shift;
my $res = shift;
my $connstr = "dbname=postgres";
@@ -110,6 +115,7 @@
my $ans;
my $pid;
my $rc;
+ my @psql_args;
unless ( defined $res and defined $query and $query ne '' ) {
ocf_log( 'debug', '_query: wrong parameters!' );
@@ -138,9 +144,19 @@
$pid = open(my $KID, "-|");
if ( $pid == 0 ) { # child
- exec $PGPSQL, '--set', 'ON_ERROR_STOP=1', '-qXAtf', $tmpfile,
- '-R', $RS, '-F', $FS, '--port', $pgport, '--host', $pghost,
- $connstr;
+ # Build psql arguments
+ @psql_args = ('--set', 'ON_ERROR_STOP=1', '-qXAtf', $tmpfile,
+ '-R', $RS, '-F', $FS, '--port', $pgport, '--host', $pghost);
+
+ # Add username and password for non-system user
+ if ( $user ) {
+ push @psql_args, '-U', $user;
+ $ENV{'PGPASSWORD'} = $monitor_password if $monitor_password ne '';
+ }
+
+ push @psql_args, $connstr;
+
+ exec $PGPSQL, @psql_args;
}
# parent
@@ -259,7 +275,7 @@
ORDER BY priority DESC
};
- $rc = _query( $query, \@rs );
+ $rc = _query( $monitor_user, $query, \@rs );
if ( $rc != 0 ) {
ocf_exit_reason( 'Query to get standby locations failed (%d)', $rc );
@@ -898,7 +914,7 @@
my $rc;
my @rs;
- $rc = _query( "SELECT pg_is_in_recovery()", \@rs );
+ $rc = _query( $monitor_user, "SELECT pg_is_in_recovery()", \@rs );
$is_in_recovery = $rs[0][0];
@@ -1050,6 +1066,18 @@
(optional, string, default "postgres")
+=item B<monitor_user>
+
+PostgreSQL user for monitor operations
+
+(optional, string, default "")
+
+=item B<monitor_password>
+
+PostgreSQL password for monitor user
+
+(optional, string, default "")
+
=item B<recovery_template>
B<ONLY> for PostgreSQL 11 and bellow.
@@ -1114,6 +1142,22 @@
<content type="string" default="$system_user_default" />
</parameter>
+ <parameter name="monitor_user" unique="0" required="0">
+ <longdesc lang="en">
+ PostgreSQL user that pgsql RA will use for monitor operations
+ </longdesc>
+ <shortdesc lang="en">PostgreSQL monitor User</shortdesc>
+ <content type="string" default="$monitor_user_default" />
+ </parameter>
+
+ <parameter name="monitor_password" unique="0" required="0">
+ <longdesc lang="en">
+ PostgreSQL password for monitor user
+ </longdesc>
+ <shortdesc lang="en">PostgreSQL monitor Password</shortdesc>
+ <content type="string" default="$monitor_password_default" />
+ </parameter>
+
<parameter name="bindir" unique="0" required="0">
<longdesc lang="en">
Path to the directory storing the PostgreSQL binaries. The agent uses psql, pg_isready, pg_controldata and pg_ctl.

10
resource-agents.spec
View File

@ -45,7 +45,7 @@
Name: resource-agents
Summary: Open Source HA Reusable Cluster Resource Scripts
Version: 4.10.0
Release: 117%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}
Release: 118%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}
License: GPLv2+ and LGPLv2+
URL: https://github.com/ClusterLabs/resource-agents
Source0: %{upstream_prefix}-%{upstream_version}.tar.gz
@ -212,6 +212,7 @@ Patch159: RHEL-150850-pgsql-use-monitor_user-for-monitor-calls-and-use-pgpass-wh
Patch160: RHEL-177850-podman-etcd-fix-port-2380-binding-race.patch
Patch161: RHEL-177840-podman-etcd-fix-machine-deletion-deadlock.patch
Patch162: RHEL-177845-podman-etcd-fix-learner-start-deadlock.patch
Patch163: RHEL-150842-pgsqlms-use-monitor_user-for-monitor-calls-and-use-pgpass-when-monitor_password-is-not-specified.patch
# bundled ha-cloud-support libs
Patch500: ha-cloud-support-aliyun.patch
@ -519,6 +520,7 @@ exit 1
%patch -p1 -P 160
%patch -p1 -P 161
%patch -p1 -P 162
%patch -p1 -P 163
# bundled ha-cloud-support libs
%patch -p1 -P 500
@ -853,6 +855,12 @@ rm -rf %{buildroot}/usr/share/doc/resource-agents
%{_usr}/lib/ocf/lib/heartbeat/OCF_*.pm
%changelog
* Mon May 25 2026 Arslan Ahmad <arahmad@redhat.com> - 4.10.0-118
- pgsqlms: use monitor_user for monitor-calls and use .pgpass when
monitor_password is not specified
Resolves: RHEL-150842
* Wed May 20 2026 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-117
- podman-etcd: fix port 2380 binding race
- podman-etcd: fix machine deletion deadlock