bakery-ia/infrastructure/scripts/create-pg-monitoring-users.sh

#!/bin/bash
# Create monitoring users in all PostgreSQL databases for SigNoz metrics collection
#
# This script creates a 'monitoring' user with pg_monitor role in each PostgreSQL database
# Based on: https://signoz.io/docs/integrations/postgresql/
#
# Usage: ./create-pg-monitoring-users.sh

set -e

NAMESPACE="bakery-ia"
MONITORING_USER="monitoring"
MONITORING_PASSWORD="monitoring_$(openssl rand -hex 16)"

# List of all PostgreSQL database deployments
DATABASES=(
  "auth-db"
  "inventory-db"
  "orders-db"
  "ai-insights-db"
  "alert-processor-db"
  "demo-session-db"
  "distribution-db"
  "external-db"
  "forecasting-db"
  "notification-db"
  "orchestrator-db"
  "pos-db"
  "procurement-db"
  "production-db"
  "recipes-db"
  "sales-db"
  "suppliers-db"
  "tenant-db"
  "training-db"
)

echo "=================================================="
echo "PostgreSQL Monitoring User Setup for SigNoz"
echo "=================================================="
echo ""
echo "This script will create a monitoring user in all PostgreSQL databases"
echo "User: $MONITORING_USER"
echo "Password: $MONITORING_PASSWORD"
echo ""
echo "IMPORTANT: Save this password! You'll need it for SigNoz configuration."
echo ""
read -p "Press Enter to continue or Ctrl+C to cancel..."

SUCCESS_COUNT=0
FAILED_COUNT=0
FAILED_DBS=()

for db in "${DATABASES[@]}"; do
  echo ""
  echo "Processing: $db"
  echo "---"

  # Create monitoring user with pg_monitor role (PostgreSQL 10+)
  if kubectl exec -n $NAMESPACE deployment/$db -- psql -U postgres -c "
    DO \$\$
    BEGIN
      -- Try to create the user
      CREATE USER $MONITORING_USER WITH PASSWORD '$MONITORING_PASSWORD';
      RAISE NOTICE 'User created successfully';
    EXCEPTION
      WHEN duplicate_object THEN
        -- User already exists, update password
        ALTER USER $MONITORING_USER WITH PASSWORD '$MONITORING_PASSWORD';
        RAISE NOTICE 'User already exists, password updated';
    END
    \$\$;

    -- Grant pg_monitor role (PostgreSQL 10+)
    GRANT pg_monitor TO $MONITORING_USER;

    -- Grant SELECT on pg_stat_database
    GRANT SELECT ON pg_stat_database TO $MONITORING_USER;

    -- Verify permissions
    SELECT
      r.rolname as role_name,
      ARRAY_AGG(b.rolname) as granted_roles
    FROM pg_auth_members m
    JOIN pg_roles r ON (m.member = r.oid)
    JOIN pg_roles b ON (m.roleid = b.oid)
    WHERE r.rolname = '$MONITORING_USER'
    GROUP BY r.rolname;
  " 2>&1; then
    echo "✅ SUCCESS: $db"
    ((SUCCESS_COUNT++))
  else
    echo "❌ FAILED: $db"
    ((FAILED_COUNT++))
    FAILED_DBS+=("$db")
  fi
done

echo ""
echo "=================================================="
echo "Summary"
echo "=================================================="
echo "Successful: $SUCCESS_COUNT databases"
echo "Failed: $FAILED_COUNT databases"

if [ $FAILED_COUNT -gt 0 ]; then
  echo ""
  echo "Failed databases:"
  for db in "${FAILED_DBS[@]}"; do
    echo "  - $db"
  done
fi

echo ""
echo "=================================================="
echo "Next Steps"
echo "=================================================="
echo ""
echo "1. Create Kubernetes secret with monitoring credentials:"
echo ""
echo "kubectl create secret generic -n $NAMESPACE postgres-monitoring-secrets \\"
echo "  --from-literal=POSTGRES_MONITOR_USER=$MONITORING_USER \\"
echo "  --from-literal=POSTGRES_MONITOR_PASSWORD='$MONITORING_PASSWORD'"
echo ""
echo "2. Update infrastructure/helm/signoz-values-dev.yaml with PostgreSQL receivers"
echo ""
echo "3. Add environment variables to otelCollector configuration"
echo ""
echo "4. Run: helm upgrade signoz signoz/signoz -n $NAMESPACE -f infrastructure/helm/signoz-values-dev.yaml"
echo ""
echo "5. Apply OpAMP patch:"
echo ""
echo "kubectl patch deployment -n $NAMESPACE signoz-otel-collector --type=json -p='["
echo "  {\"op\":\"replace\",\"path\":\"/spec/template/spec/containers/0/args\",\"value\":["
echo "    \"--config=/conf/otel-collector-config.yaml\","
echo "    \"--feature-gates=-pkg.translator.prometheus.NormalizeName\""
echo "  ]}"
echo "]'"
echo ""
echo "=================================================="
echo "SAVE THIS INFORMATION!"
echo "=================================================="
echo "Username: $MONITORING_USER"
echo "Password: $MONITORING_PASSWORD"
echo "=================================================="