#!/bin/bash # Create monitoring users in all PostgreSQL databases for SigNoz metrics collection # # This script creates a 'monitoring' user with pg_monitor role in each PostgreSQL database # Based on: https://signoz.io/docs/integrations/postgresql/ # # Usage: ./create-pg-monitoring-users.sh set -e NAMESPACE="bakery-ia" MONITORING_USER="monitoring" MONITORING_PASSWORD="monitoring_$(openssl rand -hex 16)" # List of all PostgreSQL database deployments DATABASES=( "auth-db" "inventory-db" "orders-db" "ai-insights-db" "alert-processor-db" "demo-session-db" "distribution-db" "external-db" "forecasting-db" "notification-db" "orchestrator-db" "pos-db" "procurement-db" "production-db" "recipes-db" "sales-db" "suppliers-db" "tenant-db" "training-db" ) echo "==================================================" echo "PostgreSQL Monitoring User Setup for SigNoz" echo "==================================================" echo "" echo "This script will create a monitoring user in all PostgreSQL databases" echo "User: $MONITORING_USER" echo "Password: $MONITORING_PASSWORD" echo "" echo "IMPORTANT: Save this password! You'll need it for SigNoz configuration." echo "" read -p "Press Enter to continue or Ctrl+C to cancel..." SUCCESS_COUNT=0 FAILED_COUNT=0 FAILED_DBS=() for db in "${DATABASES[@]}"; do echo "" echo "Processing: $db" echo "---" # Create monitoring user with pg_monitor role (PostgreSQL 10+) if kubectl exec -n $NAMESPACE deployment/$db -- psql -U postgres -c " DO \$\$ BEGIN -- Try to create the user CREATE USER $MONITORING_USER WITH PASSWORD '$MONITORING_PASSWORD'; RAISE NOTICE 'User created successfully'; EXCEPTION WHEN duplicate_object THEN -- User already exists, update password ALTER USER $MONITORING_USER WITH PASSWORD '$MONITORING_PASSWORD'; RAISE NOTICE 'User already exists, password updated'; END \$\$; -- Grant pg_monitor role (PostgreSQL 10+) GRANT pg_monitor TO $MONITORING_USER; -- Grant SELECT on pg_stat_database GRANT SELECT ON pg_stat_database TO $MONITORING_USER; -- Verify permissions SELECT r.rolname as role_name, ARRAY_AGG(b.rolname) as granted_roles FROM pg_auth_members m JOIN pg_roles r ON (m.member = r.oid) JOIN pg_roles b ON (m.roleid = b.oid) WHERE r.rolname = '$MONITORING_USER' GROUP BY r.rolname; " 2>&1; then echo "✅ SUCCESS: $db" ((SUCCESS_COUNT++)) else echo "❌ FAILED: $db" ((FAILED_COUNT++)) FAILED_DBS+=("$db") fi done echo "" echo "==================================================" echo "Summary" echo "==================================================" echo "Successful: $SUCCESS_COUNT databases" echo "Failed: $FAILED_COUNT databases" if [ $FAILED_COUNT -gt 0 ]; then echo "" echo "Failed databases:" for db in "${FAILED_DBS[@]}"; do echo " - $db" done fi echo "" echo "==================================================" echo "Next Steps" echo "==================================================" echo "" echo "1. Create Kubernetes secret with monitoring credentials:" echo "" echo "kubectl create secret generic -n $NAMESPACE postgres-monitoring-secrets \\" echo " --from-literal=POSTGRES_MONITOR_USER=$MONITORING_USER \\" echo " --from-literal=POSTGRES_MONITOR_PASSWORD='$MONITORING_PASSWORD'" echo "" echo "2. Update infrastructure/helm/signoz-values-dev.yaml with PostgreSQL receivers" echo "" echo "3. Add environment variables to otelCollector configuration" echo "" echo "4. Run: helm upgrade signoz signoz/signoz -n $NAMESPACE -f infrastructure/helm/signoz-values-dev.yaml" echo "" echo "5. Apply OpAMP patch:" echo "" echo "kubectl patch deployment -n $NAMESPACE signoz-otel-collector --type=json -p='[" echo " {\"op\":\"replace\",\"path\":\"/spec/template/spec/containers/0/args\",\"value\":[" echo " \"--config=/conf/otel-collector-config.yaml\"," echo " \"--feature-gates=-pkg.translator.prometheus.NormalizeName\"" echo " ]}" echo "]'" echo "" echo "==================================================" echo "SAVE THIS INFORMATION!" echo "==================================================" echo "Username: $MONITORING_USER" echo "Password: $MONITORING_PASSWORD" echo "=================================================="