diff --git a/product_docs/docs/biganimal/release/using_cluster/05_monitoring_and_logging/index.mdx b/product_docs/docs/biganimal/release/using_cluster/05_monitoring_and_logging/index.mdx index c9b40ce04cc..21d204af41c 100644 --- a/product_docs/docs/biganimal/release/using_cluster/05_monitoring_and_logging/index.mdx +++ b/product_docs/docs/biganimal/release/using_cluster/05_monitoring_and_logging/index.mdx @@ -20,6 +20,8 @@ With BigAnimal, you have a few options for monitoring and logging solutions: - BigAnimal provides a Prometheus-compatible endpoint you can use to connect to your own metrics infrastructure, such as your AWS Managed Grafana. It also provides the option to view logs from your cloud provider's blob storage solution. For more information, see [Other monitoring and logging solutions](other_monitoring). This ability is an optional solution when you're using your own cloud account but is the only option when using BigAnimal's cloud account. +- BigAnimal provides PEMx as another metric endpoint. PEMx consolidates and exposes metrics in each data plane. PEMx is an integrated monitoring and alerting solution in BigAnimal. It's designed to monitor performance of the Postgres clusters. See [PEMx monitoring](monitoring_using_pemx) for more information. + - Existing Postgres Enterprise Manager (PEM) users who want to monitor BigAnimal clusters alongside self-managed Postgres clusters can use the remote monitoring capability of PEM. See [Remote monitoring](/pem/latest/monitoring_performance/pem_remote_monitoring/). With remote monitoring, you have access to many PEM features, including the ability to profile the workloads on your BigAnimal clusters. See [Profiling workloads](/pem/latest/profiling_workloads) for more information. diff --git a/product_docs/docs/biganimal/release/using_cluster/05_monitoring_and_logging/monitoring_using_pemx/images/monitoring_and_logging_tab.png b/product_docs/docs/biganimal/release/using_cluster/05_monitoring_and_logging/monitoring_using_pemx/images/monitoring_and_logging_tab.png new file mode 100644 index 00000000000..7cb8bfefff8 --- /dev/null +++ b/product_docs/docs/biganimal/release/using_cluster/05_monitoring_and_logging/monitoring_using_pemx/images/monitoring_and_logging_tab.png @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b5a96d277dfb37113e37153554f6cb777760649b24b2227f44627ae49d7f1131 +size 1009786 diff --git a/product_docs/docs/biganimal/release/using_cluster/05_monitoring_and_logging/monitoring_using_pemx/index.mdx b/product_docs/docs/biganimal/release/using_cluster/05_monitoring_and_logging/monitoring_using_pemx/index.mdx new file mode 100644 index 00000000000..2c104fd454e --- /dev/null +++ b/product_docs/docs/biganimal/release/using_cluster/05_monitoring_and_logging/monitoring_using_pemx/index.mdx @@ -0,0 +1,95 @@ +--- +title: "Monitoring using PEMx" +--- + +PEMx is an integrated monitoring and alerting solution in BigAnimal. It's designed to monitor the performance of the Postgres clusters. PEMx actively monitors various metrics of the Postgres clusters and triggers an alert as the defined thresholds are exceeded. This solution smoothly integrates into the BigAnimal ecosystem, using the vast amount of metric data that's gathered from Postgres clusters and their underlying infrastructure across all the regions. + +PEMx renders insightful charts that empower you to actively monitor each metric's behavior. PEMx provides a streamlined path for you to take prompt and informed actions based on the generated alerts. This cohesive monitoring and alert system ensures comprehensive oversight and prompt responses in the BigAnimal environment. + +When you log in, PEMx monitoring widgets are displayed on the overview page on the project summary page. These widgets are available only for the deployed Postgres clusters and aren't available for the clusters in the provisioning process. They provide high-level, key information on: +- Memory +- CPU +- Storage usage percentages +- Transactions per second +- Database size + +To see more in-depth metrics specific to the Postgres cluster, select any widget on the overview page. Selecting the widget opens the **Monitoring and Logging** tab of the cluster page. + +![Monitoring and logging tab](images/monitoring_and_logging_tab.png) + +To view the **Monitoring and Logging** tab from the BigAnimal portal: + +1. In the left navigation of BigAnimal portal, go to **Clusters**. +2. Select any ready cluster. +3. On the cluster detail page, select the **Monitoring and Logging** tab. + +The **Monitoring and Logging** tab displays the detailed PEMx monitoring metrics specific to that cluster in the form of charts: + +- [Single-value charts](#single-value-charts) +- [Historical charts](#historical-charts) + +## Single-value charts + +These charts display a specific single value based on the last value in the selected time interval. For example, if you choose **Last N**, the chart displays the current value. For the specific time interval, it displays the value at the end of that time interval. These charts display key metrics in text, gauges, or pie and donut form. They provide a concise snapshot of information such as: + - **Memory** (gauge chart) — The percentage of memory used by the Postgres cluster in the hosting node. + - **CPU** (gauge chart) — The percentage of CPU used by the Postgres cluster in the hosting node. + - **Storage** (gauge chart) — The percentage of the storage volume used by the Postgres cluster in the hosting node. + - **Storage** (donut chart) — The units of the storage volume used and available for the Postgres cluster. + - **Active connections** (text value) — The current number of connections between the client applications and the Postgres cluster. + - **Disk throughput** (text value) — The amount of data transferred to and from the disk per second for the Postgres cluster. + - **Transactions per second** (text value) — The total number of transactions executing in a second for the Postgres cluster. + - **Database size** (text value) — The amount of storage volume used by the Postgres cluster. + +## Historical charts + +By default, these charts displays the historical data of the last 15 minutes. To view the historical data of a particular time range, customize the time range using a time-range picker. These charts display key metrics in single-line and bar or multi-line and bar form. They provide a concise snapshot of the information such as: + - **Memory** (line chart) — The historical trend of memory usage percentage over a time period. + - **CPU** (bar chart) — The historical trend of CPU usage percentage over a time period. + - ** Network activity** (bar chart) — The historical data transfer to and from the network card per second, over a time period. + - **Disk IOPS** (multi-line chart) — The historical trends in the number of reads, writes, and total operations on the disk per second, over a time period. + - **Transaction per second** (multi-line chart) — The historical trends in the number of transactions per second, over a time period. + + +## Features for both types of charts + +All these charts have tools and features that help you to get more information about the metrics or the chart. The [time-range picker](#time-range-picker) helps with viewing the data on these charts for a specific time-range interval. The [information tootip](#information-tooltip) helps you to view the information for a particular chart. The [charts error state](#charts-error-state) helps you to find the error and provides the option to edit the configurations and fix the error. + +### Time-range picker + +To view the data of a particular time range configure the time range, on the **Monitoring and Logging** tab, use: +- The **Last X** list +- The date-time picker + +The **Last X** list provides several time-range options. Each option in the list is enabled only after the specifiec time duration has elapsed since the Postgres cluster was created. The default time range is 15 minutes, and the maximum is **Last 30 days**. + +!!! Note +When you select the time range from the **Last X** list, the data on the **Monitoring and Logging** tab refreshes every 30 seconds. +!!! + +### Information tooltip + +Each chart has an information tooltip that provides a detailed description of the chart. To view the information, hover over the tooltip icon on the right side of the chart name. + +### Charts error state + +A red warning icon is displayed next to the tooltip if there's any error for that chart. If any of the metric exceeds its threshold, an error indicator appears. Selecting the red icon displays a window with a description of the error and an **Edit Cluster** button. Select **Edit Cluster** to go to the Edit Cluster page. Make the configuration changes based on the specific metric that brings the cluster to a healthy state. + +The table shows a list of errors and the corresponding solutions. + +| Error | Solution | +| ---------------- | ------------------------------------------------------------------------------------------------------------------------------ | +| **High CPU** | On the Edit Cluster page, select the preferred category, instance series, and the instance size to increase the CPU. | +| **High Memory** | On the Edit Cluster page, select the preferred category, instance series, and the instance size to increase the memory size. | +| **High Storage** | On the Edit Cluster page, go to the cluster settings and increase the volume size to increase the storage. | + +## Features for historical charts + +You can [zoom](#zooming-charts) the historical charts and also [download](#download-csv) the data of the historical charts. + +### Zooming charts + +To zoom in an area on the historical chart, drag and select that specific area. To reset, select **Reset zoom** from the ellipsis menu at the top-right corner of the chart. + +### Download CSV + +To download the metrics data used to produce the chart in CSV format, from the ellipsis menu in the top-right corner of the chart, select **Download CSV**. The download includes only the data currently visible on the chart. To download the different data, configure the time-range picker before selecting **Download CSV**. diff --git a/product_docs/docs/epas/16/epas_rel_notes/index.mdx b/product_docs/docs/epas/16/epas_rel_notes/index.mdx index 021f55c55e9..26817b251e6 100644 --- a/product_docs/docs/epas/16/epas_rel_notes/index.mdx +++ b/product_docs/docs/epas/16/epas_rel_notes/index.mdx @@ -12,8 +12,7 @@ The EDB Postgres Advanced Server documentation describes the latest version of E | Version | Release date | Upstream merges | | ------------------------ | ------------ | ---------------------------------------------------------- | -| [16.1](epas16_rel_notes) | 09 Nov 2023 | [16.1](https://www.postgresql.org/docs/16/release-16.html) | - +| [16.1](epas16_rel_notes) | 09 Nov 2023 | [16.0](https://www.postgresql.org/docs/16/release-16.html),[16.1](https://www.postgresql.org/docs/release/16.1/) | ## Component certification diff --git a/product_docs/docs/lasso/4/common.mdx b/product_docs/docs/lasso/4/common.mdx deleted file mode 100644 index b42a56f3340..00000000000 --- a/product_docs/docs/lasso/4/common.mdx +++ /dev/null @@ -1,243 +0,0 @@ ---- -title: Common considerations ---- - -Lasso uses the libpq environment variables to get the -Postgres connection parameters. You can find the list of the environment -variables in the [PostgreSQL -documentation](http://www.postgresql.org/docs/current/static/libpq-envars.html). - -The connection parameters, among other options, can also be passed as command -line arguments: - -``` -usage: lasso [-h] [-H HOST_NAME] [-p PORT] [--password PASSWORD] - [--lock-timeout LOCK_TIMEOUT] - [--statement-timeout STATEMENT_TIMEOUT] [--bindir BINDIR] - [--depth [{surface,shallow,deep}]] - [--describe [{short,json,full}]] [--version] [--latest-version] - [--system-only | --barman] - [--barman-configuration BARMAN_CONFIGURATION] - [--repmgr-configuration REPMGR_CONFIGURATION] - [--efm-configuration EFM_CONFIGURATION] - [--xdb-pubserver-configuration XDB_PUBSERVER_CONFIGURATION] - [--xdb-subserver-configuration XDB_SUBSERVER_CONFIGURATION] - [--pgbouncer-configuration PGBOUNCER_CONFIGURATION] - [--harp-configuration HARP_CONFIGURATION] - [--etcd-configuration ETCD_CONFIGURATION] - [--upload] [--keep-report] [--is-latest-version] - [dbname] [user] - -EDB Lasso - -positional arguments: - dbname Database name to connect to (default root) - user Database user name (default root) - -optional arguments: - -h, --help show this help message and exit - -H HOST_NAME, --host-name HOST_NAME - Database host name or socket directory (default local - socket) - -p PORT, --port PORT Database server port (default 5432) - --password PASSWORD Database server password - --lock-timeout LOCK_TIMEOUT - Database connection lock timeout (default 3s) - --statement-timeout STATEMENT_TIMEOUT - Database connection statement timeout (default 5min) - --bindir BINDIR Postgres binaries directory (autodetect by default) - --depth [{surface,shallow,deep}] - Depth of the report (default deep) - --describe [{short,json,full}] - Describes every single module, in terms of action and - output - --version Shows Lasso version and modules revision - --latest-version Shows the latest available version of EDB Lasso, taken - from the EDB Web Services - --system-only Gather only system-related information - without - requiring a Postgres connection - --barman Gather Barman status, enabled by default when Lasso is - run as 'barman' user and the executable exists. - Defaults to False. When Barman reporting is enabled, - we do not gather Postgres related information - --barman-configuration BARMAN_CONFIGURATION - Barman configuration file. By default use the native - algorithm in Barman to find the configuration file. - Valid only if Barman reporting is enabled - --repmgr-configuration REPMGR_CONFIGURATION - Path to the repmgr.conf file, if using a non-default - path - --efm-configuration EFM_CONFIGURATION - Path to the EFM properties file, if using a non- - default path - --xdb-pubserver-configuration XDB_PUBSERVER_CONFIGURATION - Path to the xDB publication server configuration file, - if using a non-default path - --xdb-subserver-configuration XDB_SUBSERVER_CONFIGURATION - Path to the xDB subscription server configuration - file, if using a non-default path - --pgbouncer-configuration PGBOUNCER_CONFIGURATION - Path to the pgbouncer.ini file. You can specify multiple - files separated by comma - --harp-configuration HARP_CONFIGURATION - Path to the config.yml file, if using a non-default - path - --etcd-configuration ETCD_CONFIGURATION - Path to the etcd.conf file, if using a non-default - path - --upload Report tarball file is sent to EDB at the end of the - execution. The file will be removed if successfully - uploaded unless --keep-report is specified - --keep-report Keep a local copy of the report even after a - successful upload to EDB - --is-latest-version Only check if this is the latest available version of - Lasso and returns exit code 0 if this is the latest - version and 1 otherwise -``` - -You can also use a configuration file for Lasso, so you can omit most of the -command line options that your environment might require. Lasso looks -for configuration files in the following paths, in this order: - -1. `./edb-lasso.cfg` in the same directory where Lasso is running -2. `./edb-lasso.conf` in the same directory where Lasso is running -3. `$HOME/.edb-lasso.conf` -4. `/etc/edb-lasso.conf` - -It uses the first match . - -A template file for the configuration file looks like this: - -``` - ; Lasso template configuration file - ; - ; Copyright (C) EnterpriseDB UK Limited 2015-2022 - All Rights Reserved. - ; Licensed only for use with an EnterpriseDB subscription - - [customer] - ; the "Company code" from the customer page in the EDB Portal - id= - ; the "Token" from the customer page in the EDB Portal - token= - ; the depth of the Lasso report. Must be one between: surface, shallow and deep - depth=deep - - [postgresql] - ; Lasso uses the following connection string parameters to connect to your - ; PostgreSQL cluster and take diagnostics. By default it will attempt a peer - ; connection to socket under directory /var/run/postgresql - ; dbname= - ; user= - ; port= - ; hostname can be a host or a socket directory - ; hostname=/var/run/postgresql - ; password= - - ; session variable to control timeout on lock waits - ; lock_timeout=3s - ; session variable to control statement execution time - ; statement_timeout=5min - - [environment] - ; PostgreSQL binaries directory. Lasso will try to detect this automatically if - ; not set - ; bindir= - ; if the host is able to access the internet and reach the EDB servers to upload - ; Lasso reports - ; external_access=yes - - [barman] - ; path to barman.conf, if using a non-default one - ; configuration= - - [repmgr] - ; path to repmgr.conf, if using a non-default one - ; configuration= - - [efm] - ; path to efm.properties, if using a non-default one - ; configuration= - - [xdb] - ; path to xdb_pubserver.conf, if using a non-default one - ; pubserver_configuration= - ; path to xdb_subserver.conf, if using a non-default one - ; subserver_configuration= - - [pgbouncer] - ; path to pgbouncer.ini, if using a non-default one - ; configuration= - - [harp] - ; path to config.yml, if using a non-default one - ; configuration= -``` - -You can use this template to set up your configuration file. Uncomment -the desired parameters and set their values according to your -environment. - -If you installed Lasso from DEB or RPM packages, You can find that same template configuration -file at `/etc/edb-lasso.conf.templ`. - -!!! Important -If you installed Lasso from DEB or RPM packages, then you -must have a configuration file that contains at least the customer -ID and token set. That isn't required if you're running the Lasso disposable -binary, which contains those variables embedded in the binary. -!!! - - -The script produces a _TAR file_ containing the gathered data. -You must return this file to EDB engineers as part of the process -or send it automatically with the `--upload` option. [^upload] - -!!! Important -Some companies have requested for Lasso to -operate in an isolated network. In that case, the `--upload` option isn't -permitted. (You can easily verify this setting from your company page -in the Portal or through the `--version` runtime option.) -To take advantage of this feature, make -sure that the server that's analyzed by Lasso can access the -443 port of any of the front-line websites listed in [Servers accepting upload of reports](appendix-a). -!!! - -You can also use Lasso on a server that has no -Postgres installation. In that case, use the -`--system-only` option, and the _TAR file_ produced will contain only -system-related information. - -## Security considerations - -When running queries in the database, Lasso tries to use a role that -has enough privileges to gather the required information from the tool from which -metrics are being gathered. - -The following are the tools and the roles that Lasso tries to use for -each of them. Lasso tries to use the first available role in each -tool role list. *Initial connection role* means the role that was provided through -Lasso CLI when running the tool—usually postgres or enterprisedb. - -- PostgreSQL: - - pg_monitor - - initial connection role -- PgLogical: - - pglogical_superuser - - initial connection role -- PGD: - - bdr_monitor - - initial connection role -- PEM: - - pem_user - - initial connection role -- repmgr: - - initial connection role -- xDB: - - initial connection role - -Most of the PGD gatherings try using the bdr_monitor role. However, one of them, -which is in charge of gathering conflicts, tries to use the role -bdr_read_all_conflicts for that purpose. That's the only exception. - -In any of the cases, it uses a read-only transaction while querying metrics -and configurations from the database. diff --git a/product_docs/docs/lasso/4/configuration.mdx b/product_docs/docs/lasso/4/configuration.mdx new file mode 100644 index 00000000000..33ed6c5dff1 --- /dev/null +++ b/product_docs/docs/lasso/4/configuration.mdx @@ -0,0 +1,97 @@ +--- +title: Configuration +--- + +Besides being mandatory for the customer `id` and `token`, the Lasso +configuration file also allows you to omit most of the command line +options that your environment might require (you can see a list of all +the command line options in [Usage](usage)). + +Lasso looks for configuration files in the following paths, in this +order, and uses the first match: + +1. `./edb-lasso.cfg` in the same directory where Lasso is running +2. `./edb-lasso.conf` in the same directory where Lasso is running +3. `$HOME/.edb-lasso.conf` +4. `/etc/edb-lasso.conf` + +A template file for the configuration file looks like this: + +``` + ; Lasso template configuration file + ; + ; Copyright (C) EnterpriseDB UK Limited 2015-2024 - All Rights Reserved. + ; Licensed only for use with an EnterpriseDB subscription + + [customer] + ; the "Company code" from the customer page in the EDB Portal + id= + ; the "Token" from the customer page in the EDB Portal + token= + ; the depth of the Lasso report. Must be one between: surface, shallow and deep + depth=deep + + [postgresql] + ; Lasso uses the following connection string parameters to connect to your + ; PostgreSQL cluster and take diagnostics. By default it will attempt a peer + ; connection to socket under directory /var/run/postgresql + ; dbname= + ; user= + ; port= + ; hostname can be a host or a socket directory + ; hostname=/var/run/postgresql + ; password= + + ; session variable to control timeout on lock waits + ; lock_timeout=3s + ; session variable to control statement execution time + ; statement_timeout=5min + + [environment] + ; PostgreSQL binaries directory. Lasso will try to detect this automatically if + ; not set + ; bindir= + ; if the host is able to access the internet and reach the EDB servers to upload + ; Lasso reports + ; external_access=yes + + [barman] + ; path to barman.conf, if using a non-default one + ; configuration= + + [repmgr] + ; path to repmgr.conf, if using a non-default one + ; configuration= + + [efm] + ; path to efm.properties, if using a non-default one + ; configuration= + + [xdb] + ; path to xdb_pubserver.conf, if using a non-default one + ; pubserver_configuration= + ; path to xdb_subserver.conf, if using a non-default one + ; subserver_configuration= + + [pgbouncer] + ; path to pgbouncer.ini, if using a non-default one + ; configuration= + + [harp] + ; path to config.yml, if using a non-default one + ; configuration= + + [pgd-proxy] + ; path to pgd-proxy-config.yml, if using a non-default one + ; configuration= +``` + +You can use this template to set up your configuration file. Uncomment +the desired parameters and set their values according to your +environment. + +On Linux, you can find that same template configuration +file at `/etc/edb-lasso.conf.templ`. + +You can see more details about how each of these arguments are used in the +[Lasso report types page](report-types). diff --git a/product_docs/docs/lasso/4/describe.mdx b/product_docs/docs/lasso/4/describe.mdx index d3e590eb477..48a98d7125d 100644 --- a/product_docs/docs/lasso/4/describe.mdx +++ b/product_docs/docs/lasso/4/describe.mdx @@ -4,2647 +4,2295 @@ navTitle: Gathered data details deepToC: true --- -## GNU/Linux operating system +## GNU/Linux Operating System ### barman crontab/cron (`barman_crontab_cron`) -#### Description +Output from crontab -l, if running as barman. Content of +/etc/cron.d/barman, if exists. -Output from `crontab -l`, if running as barman. Content of -`/etc/cron.d/barman`, if it exists. +Report output: -#### Report output + * file `/linux/barman_cron.data`: Content of /etc/cron.d/barman, if exists + * file `/linux/barman_crontab.data`: Output from barman crontab -l, if barman user -* File `/linux/barman_cron.data`: Content of `/etc/cron.d/barman`, if it exists -* File `/linux/barman_crontab.data`: Output from `barman crontab -l`, if barman user +**Depth:** surface -#### Depth -Surface - -#### Security impact - -Low — Might have entries in crontab/cron with sensitive data +**Security Impact:** *low* — +May have entries in crontab/cron with sensitive data ### debug_sources (`debug_sources`) -#### Description - -Counts files under `/usr/src/debug` to detect the application -source code present in the system and ease live debugging +Count files under `/usr/src/debug` to detect which applications' +source code is present in the system and facilitate live debugging. -#### Report output +Report output: -File `/linux/debug_sources.data`: Sources for GNU debugger + * file `/linux/debug_sources.data`: Sources for GNU debugger -#### Depth +**Depth:** surface -Surface -#### Security impact - -Low — No known security impact +**Security Impact:** *low* — +no known security impact. ### EFM CLI (`efm_cli`) -#### Description - -Gets output of `efm cluster-status` command +Get output of efm cluster-status command. -#### Report output +Report output: -File `/tools/efm/cli/cluster_status.out`: Output of `efm cluster-status ` command + * file `/tools/efm/cli/cluster_status.out`: Output of `efm cluster-status cluster_name` command -#### Depth +**Depth:** surface -Surface -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### EFM configuration (`efm_configuration`) -#### Description - EFM properties and nodes configuration files -#### Report output +Report output: -* File `/tools/efm/config/efm.nodes`: EFM nodes file -* File `/tools/efm/config/efm.properties`: EFM properties file + * file `/tools/efm/config/efm.nodes`: EFM nodes file + * file `/tools/efm/config/efm.properties`: EFM properties file -#### Depth +**Depth:** surface -Surface -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### EFM systemctl (`efm_systemctl`) -#### Description - When EFM services are detected, collects status and cat of the -corresponding services. Checks for any service whose name starts -with `edb-efm-`. +corresponding services. Will check for any service which name starts +with `edb-efm-` -#### Report output +Report output: -* File `/tools/efm/systemd/_cat.data`: Output of 'systemctl cat -* File `/tools/efm/systemd/_status.data`: Output of 'systemctl status + * file `/tools/efm/systemd/service_name_cat.data`: Output of 'systemctl cat service_name + * file `/tools/efm/systemd/service_name_status.data`: Output of 'systemctl status service_name -#### Depth +**Depth:** surface -Surface -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### etcd CLI (`etcd_cli`) -#### Description - -Gathers the output of some etcdctl commands, if etcdctl is -available in the server. The commands are `endpoint status` and -`endpoint health`. +Gathers the output of some `etcdctl` commands, if `etcdctl` is +available in the server. The commands are: endpoint status and +endpoint health. -#### Report output +Report output: -* File `/tools/etcd/cli/endpoint_status.out`: Output of `etcdctl endpoint status` command -* File `/tools/etcd/cli/endpoint_health.out`: Output of `etcdctl endpoint health` command + * file `/tools/etcd/cli/endpoint_status.out`: Output of `etcdctl endpoint status` command + * file `/tools/etcd/cli/endpoint_health.out`: Output of `etcdctl endpoint health` command -#### Depth +**Depth:** surface -Surface -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### etcd configuration (`etcd_configuration`) -#### Description - -Collects etcd configuration file that's found in the server - -#### Report output +Collects etcd configuration file that is found in the server -File `/tools/etcd/config/`: etcd configuration file +Report output: -#### Depth + * file `/tools/etcd/config/basename`: etcd configuration file -Surface +**Depth:** surface -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### etcd systemctl (`etcd_systemctl`) -#### Description - When etcd services are detected, collects status and cat of the -corresponding services. Checks for any service whose name starts -with `etcd`. - -#### Report output +corresponding services. Will check for any service which name starts +with `etcd` -* File `/tools/etcd/systemd/_cat.data`: Output of 'systemctl cat -* File `/tools/etcd/systemd/_status.data`: Output of 'systemctl status +Report output: -#### Depth + * file `/tools/etcd/systemd/service_name_cat.data`: Output of 'systemctl cat service_name + * file `/tools/etcd/systemd/service_name_status.data`: Output of 'systemctl status service_name -Surface +**Depth:** surface -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### HARP CLI (`harp_cli`) -#### Description +Gathers output of a few `harpctl` command outputs using the +`config.yml` file which is found in the server. The commands are: +cluster, proxies, locations, nodes, and version. -Gathers output of a few harpctl command outputs using the -`config.yml` file that's found in the server. The commands are: -`cluster`, `proxies`, `locations`, `nodes`, and `version`. +Report output: -#### Report output + * file `/tools/harp/cli/version.out`: Output of `harp -f conf_file_path version` command + * file `/tools/harp/cli/proxies.out`: Output of `harp -f conf_file_path get proxies -o yaml` command + * file `/tools/harp/cli/nodes.out`: Output of `harp -f conf_file_path get nodes -o yaml` command + * file `/tools/harp/cli/locations.out`: Output of `harp -f conf_file_path get locations -o yaml` command + * file `/tools/harp/cli/cluster.out`: Output of `harp -f conf_file_path get cluster -o yaml` command -* File `/tools/harp/cli/version.out`: Output of `harp -f version` command -* File `/tools/harp/cli/proxies.out`: Output of `harp -f get proxies -o yaml` command -* File `/tools/harp/cli/nodes.out`: Output of `harp -f get nodes -o yaml` command -* File `/tools/harp/cli/locations.out`: Output of `harp -f get locations -o yaml` command -* File `/tools/harp/cli/cluster.out`: Output of `harp -f get cluster -o yaml` command +**Depth:** surface -#### Depth -Surface - -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### HARP configuration (`harp_configuration`) -#### Description - -Collects HARP configuration file that's found in the server - -#### Report output +Collects HARP configuration file that is found in the server -* File `/tools/harp/config/harp.cluster.init.yml`: HARP bootstrap configuration file -* File `/tools/harp/config/`: HARP configuration file +Report output: -#### Depth + * file `/tools/harp/config/harp.cluster.init.yml`: HARP bootstrap configuration file + * file `/tools/harp/config/basename`: HARP configuration file -Surface +**Depth:** surface -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### HARP systemctl (`harp_systemctl`) -#### Description - When HARP services are detected, collects status and cat of the -corresponding services. Checks for any service whose name starts -with `harp`. - -#### Report output +corresponding services. Will check for any service which name starts +with `harp` -* File `/tools/harp/systemd/_cat.data`: Output of 'systemctl cat -* File `/tools/harp/systemd/_status.data`: Output of 'systemctl status +Report output: -#### Depth + * file `/tools/harp/systemd/service_name_cat.data`: Output of 'systemctl cat service_name + * file `/tools/harp/systemd/service_name_status.data`: Output of 'systemctl status service_name -Surface +**Depth:** surface -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Block devices layout (`linux_block_devices_layout`) -#### Description - Information on block devices layout from the `lsblk` command -#### Report output +Report output: -File `/linux/lsbk.data`: `lsbk` command output + * file `/linux/lsbk.data`: `lsbk` command output -#### Depth +**Depth:** surface -Surface -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Processor governor (`linux_cpu_governor`) -#### Description - Processor scaling governor from the files in `/sys/devices/system/cpu` -#### Report output +Report output: -* File `/linux/sys/energy_perf_bias.data`: Intel Performance and Energy Bias attributes -* File `/linux/sys/intel_pstate.data`: Intel pstate configuration -* File `/linux/sys/cpu_scaling_driver.data`: available CPU scaling driver -* File `/linux/sys/cpu_scaling_available_governors.data`: available CPU scaling governors -* File `/linux/sys/cpu_scaling_governor.data`: active CPU scaling governor + * file `/linux/sys/energy_perf_bias.data`: Intel Performance and Energy Bias attributes + * file `/linux/sys/intel_pstate.data`: Intel pstate configuration + * file `/linux/sys/cpu_scaling_driver.data`: available CPU scaling driver + * file `/linux/sys/cpu_scaling_available_governors.data`: available CPU scaling governors + * file `/linux/sys/cpu_scaling_governor.data`: active CPU scaling governor -#### Depth +**Depth:** surface -Surface -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Mounted file systems and available space (`linux_devices_info`) -#### Description - -Lists mounted filesystems through the `mount` command and free space -using `df` +List mounted filesystems through the `mount` command and free space +using `df`. -#### Report output +Report output: -* File `/linux/diskspace.data`: amount of available disk space -* File `/linux/mount.data`: Output of the `mount` command + * file `/linux/diskspace.data`: amount of available disk space + * file `/linux/mount.data`: Output of the `mount` command -#### Depth +**Depth:** surface -Surface -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### File systems configuration (`linux_disk_configuration`) -#### Description - Disk configuration obtained through the `/etc/fstab` file -#### Report output +Report output: -File `/linux/fstab.data`: contents of /etc/fstab + * file `/linux/fstab.data`: contents of /etc/fstab -#### Depth +**Depth:** surface -Surface -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### OS distribution, kernel and device data (`linux_distro_collector`) -#### Description - Information about the Linux distribution currently in use, as returned -by the `lsb_release` command - -#### Report output +by the `lsb_release` command. -* File `/linux/release.data`: The Linux distribution currently in use -* File `/linux/release_source.data`: The name of the collected file or the executed command +Report output: -#### Depth + * file `/linux/release.data`: The Linux distribution currently in use + * file `/linux/release_source.data`: The name of the collected file or the executed command -Surface +**Depth:** surface -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Hardware (`linux_hardware_info`) -#### Description - Hardware info through `lspci` -#### Report output - -File `/linux/lspci.data`: Hardware info from `lspci` +Report output: -#### Depth + * file `/linux/lspci.data`: Hardware info from `lspci` -Surface +**Depth:** surface -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Hypervisor (`linux_hypervisor_collector`) -#### Description - Information about the type of virtualization used, as returned by the -`systemd-detect-virt` command - -#### Report output +`systemd-detect-virt` command. -File `/linux/hypervisor.data`: The name of the collected file or the executed command +Report output: -#### Depth + * file `/linux/hypervisor.data`: The name of the collected file or the executed command -Surface +**Depth:** surface -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Kernel (`linux_kernel_info`) -#### Description - -Kernel info, transparent huge pages status, and disk scheduler +Kernel info, transparent huge pages status and disk scheduler configuration obtained by combining the output of the commands `uname` and `ipcs` with the contents of the `/proc` and `/sys` filesystems -#### Report output - -* File `/linux/read_ahead.data`: Info on the read ahead -* File `/linux/schedulers.data`: Scheduler info from `/sys` dir -* File `/linux/sys/kernel_mm_transparent_hugepage.data`: Transparent huge pages info -* File `/linux/ipcs.data`: `ipcs` command output -* File `/linux/uname.data`: `uname` command output +Report output: -#### Depth + * file `/linux/read_ahead.data`: Info on the read ahead + * file `/linux/schedulers.data`: Scheduler info from `/sys` dir + * file `/linux/sys/kernel_mm_transparent_hugepage.data`: Transparent huge pages info + * file `/linux/ipcs.data`: `ipcs` command output + * file `/linux/uname.data`: `uname` command output -Surface +**Depth:** surface -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Kernel limits (`linux_kernel_limits`) -#### Description - Configuration file for the `pam_limits` module -#### Report output - -File `/linux/limits.data`: content of the `limits.conf` file +Report output: -#### Depth + * file `/linux/limits.data`: content of the `limits.conf` file -Surface +**Depth:** surface -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Processor usage statistics (`linux_mpstat`) -#### Description - Processor statistics from the `mpstat` command. -#### Report output +Report output: -File `/linux/mpstat.data`: Output from 'mpstat -P ALL 1 10' + * file `/linux/mpstat.data`: Output from 'mpstat -P ALL 1 10' -#### Depth +**Depth:** surface -Surface -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Network interfaces (`linux_network_interfaces`) -#### Description - -Network interface information from the `ip` and `ifconfig` commands +Network interface information from the `ip` and `ifconfig` commands. -#### Report output +Report output: -* File `/linux/ifconfig.data`: Output from 'ifconfig' -* File `/linux/ip_address_list.data`: Output from 'ip address list' + * file `/linux/ifconfig.data`: Output from 'ifconfig' + * file `/linux/ip_address_list.data`: Output from 'ip address list' -#### Depth +**Depth:** surface -Surface -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Installed packages via rpm or dpkg (`linux_packages_info`) -#### Description - Information about the system packages installed using `rpm` or `dpkg` -#### Report output +Report output: -* File `/linux/packages-dpkg.data`: List of packages installed using `dpkg` -* File `/linux/packages-rpm.data`: List of packages installed using `rpm` + * file `/linux/packages-dpkg.data`: List of packages installed using `dpkg` + * file `/linux/packages-rpm.data`: List of packages installed using `rpm` -#### Depth +**Depth:** surface -Surface -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### PostgreSQL disk layout (`linux_postgresql_disk_layout`) -#### Description - -Lists all files in the Postgres data directory using `find` for +List all files in the PostgreSQL data directory using `find` for links and `ls` for files -#### Report output +Report output: -* File `/linux/pg_ls.data`: List of files inside the data directory -* File `/linux/pg_links.data`: List of links inside the data directory + * file `/linux/pg_ls.data`: List of files inside the data directory + * file `/linux/pg_links.data`: List of links inside the data directory -#### Depth +**Depth:** surface -Surface -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### SELinux (`linux_sestatus`) -#### Description - SELinux status from `sestatus` -#### Report output - -File `/linux/sestatus.data`: Output from 'setstatus' +Report output: -#### Depth + * file `/linux/sestatus.data`: Output from 'setstatus' -Surface +**Depth:** surface -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### System identification (`linux_system_identity`) -#### Description - -Collects hostname, network interfaces, system info (uname), system -identifier, and release info - -#### Report output +Collect hostname, network interfaces, system info (uname), system +identifier and release info. -* File `/linux/id/system_release.data`: OS information from `/etc/system-release` -* File `/linux/id/os_release.data`: OS information from `/etc/os-release` -* File `/linux/id/machine_id.data`: Machine ID contained in `/etc/machine-id` -* File `/linux/id/uname.data`: Information about the running kernel -* File `/linux/id/hostname.data`: Fully qualified domain name -* File `/linux/id/interfaces.data`: Network addresses of the host +Report output: -#### Depth + * file `/linux/id/system_release.data`: OS information from /etc/system-release + * file `/linux/id/os_release.data`: OS information from /etc/os-release + * file `/linux/id/machine_id.data`: Machine ID contained in /etc/machine-id + * file `/linux/id/uname.data`: Information about the running kernel + * file `/linux/id/hostname.data`: Fully qualified domain name + * file `/linux/id/interfaces.data`: Network addresses of the host -Surface +**Depth:** surface -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### dmesg and /proc information (`linux_system_info`) -#### Description - System info from the contents of the `/proc` filesystem and through the output of `dmesg` command. -#### Report output - -* File `/linux/lsmod.data`: Lsmod output -* File `/linux/dmesg_with_timestamp.data`: Dmesg output (human readable timestamps) -* File `/linux/dmesg.data`: Dmesg output -* File `/linux/proc/sys_net_ipv4.data`: Network info from `/proc` -* File `/linux/proc/sys_vm.data`: vm info from `/proc` -* File `/linux/proc/sys_kernel.data`: Kernel info from `/proc` -* File `/linux/vmstat.data`: VM statistics from `/proc` -* File `/linux/proc/mounts.data`: Mount points from `/proc` -* File `/linux/proc/uptime.data`: Uptime info from `/proc` -* File `/linux/proc/loadavg.data`: Load avg from `/proc` -* File `/linux/proc/meminfo.data`: Memory info from `/proc` - -#### Depth - -Surface +Report output: -#### Security impact + * file `/linux/lsmod.data`: Lsmod output + * file `/linux/dmesg_with_timestamp.data`: Dmesg output (human readable timestamps) + * file `/linux/dmesg.data`: Dmesg output + * file `/linux/proc/sys_net_ipv4.data`: Network info from `/proc` + * file `/linux/proc/sys_vm.data`: vm info from `/proc` + * file `/linux/proc/sys_kernel.data`: Kernel info from `/proc` + * file `/linux/vmstat.data`: VM statistics from `/proc` + * file `/linux/proc/mounts.data`: Mount points from `/proc` + * file `/linux/proc/uptime.data`: Uptime info from `/proc` + * file `/linux/proc/loadavg.data`: Load avg from `/proc` + * file `/linux/proc/meminfo.data`: Memory info from `/proc` -Low — No known security impact. +**Depth:** surface -### System status - iostat (`linux_system_status_iostat`) -#### Description +**Security Impact:** *low* — +no known security impact. -System status from the `iostat` command +### System status — iostat (`linux_system_status_iostat`) -#### Report output +System status from the `iostat` command. -File `/linux/iostat.data`: Info on I/O statistics +Report output: -#### Depth + * file `/linux/iostat.data`: Info on I/O statistics -Surface +**Depth:** surface -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. -### System status - nfsiostat (`linux_system_status_nfsiostat`) +### System status — nfsiostat (`linux_system_status_nfsiostat`) -#### Description +System status from the `nfsiostat` command. -System status from the `nfsiostat` command +Report output: -#### Report output + * file `/linux/nfsiostat.data`: nfs I/O statistics -File `/linux/nfsiostat.data`: nfs I/O statistics +**Depth:** surface -#### Depth -Surface +**Security Impact:** *low* — +no known security impact. -#### Security impact +### System status — ps (`linux_system_status_ps`) -Low — No known security impact. +System status from the `ps` command. -### System status - ps (`linux_system_status_ps`) +Report output: -#### Description + * file `/linux/ps.data`: Active processes info -System status from the `ps` command +**Depth:** surface -#### Report output -File `/linux/ps.data`: Active processes info +**Security Impact:** *low* — +Some processes might contain sensitive data in their names -#### Depth +### System status — sar (`linux_system_status_sar`) -Surface +System status from the `sar` command. -#### Security impact +Report output: -Low — Some processes might contain sensitive data in their names. + * file `/linux/sar.data`: Actual `sar` info + * file `/linux/sar-yesterday.data`: `sar` info from yesterday -### System status - sar (`linux_system_status_sar`) +**Depth:** surface -#### Description -System status from the `sar` command +**Security Impact:** *low* — +no known security impact. -#### Report output +### System status — top (`linux_system_status_top`) -* File `/linux/sar.data`: Actual `sar` info -* File `/linux/sar-yesterday.data`: `sar` info from yesterday +System status from the `top` command. -#### Depth +Report output: -Surface + * file `/linux/top.data`: Process information -#### Security impact +**Depth:** surface -Low — No known security impact. -### System status - top (`linux_system_status_top`) +**Security Impact:** *low* — +Some processes might contain sensitive data in their names -#### Description +### System status — vmstat (`linux_system_status_vmstat`) -System status from the `top` command +System status from the `vmstat` command. -#### Report output +Report output: -File `/linux/top.data`: Process information + * file `/linux/vmstat.data`: Info on processes, memory, paging, block IO, traps, disks and cpu activity -#### Depth +**Depth:** surface -Surface -#### Security impact - -Low — Some processes might contain sensitive data in their names. - -### System status - vmstat (`linux_system_status_vmstat`) - -#### Description - -System status from the `vmstat` command - -#### Report output - -File `/linux/vmstat.data`: Info on processes, memory, paging, block IO, traps, disks and cpu activity - -#### Depth - -Surface - -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### systemctl units (`linux_systemctl_units`) -#### Description - -`Systemctl list-units` on a `systemd` server - -#### Report output +Systemctl list-units on a `systemd` server -File `/linux/systemctl-list-units.data`: Output of 'systemctl list-units' +Report output: -#### Depth + * file `/linux/systemctl-list-units.data`: Output of 'systemctl list-units' -Surface +**Depth:** surface -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### tuned (`linux_tuned`) -#### Description - Tuned status and profiles -#### Report output - -* Directory `/linux/tuned/tune-profiles`: Files from `/etc/tune-profiles` -* Directory `/linux/tuned/tuned`: Files from `/etc/tuned` -* File `/linux/tuned/tuned.conf`: The file `/etc/tuned.conf` -* File `/linux/tuned/tuned-list.data`: Output from `tuned_adm list` -* File `/linux/tuned/tuned-active.data`: Output from `tuned_adm active` +Report output: -#### Depth + * directory `/linux/tuned/tune-profiles`: Files from `/etc/tune-profiles` + * directory `/linux/tuned/tuned`: Files from `/etc/tuned` + * file `/linux/tuned/tuned.conf`: The file `/etc/tuned.conf` + * file `/linux/tuned/tuned-list.data`: Output from `tuned_adm list` + * file `/linux/tuned/tuned-active.data`: Output from `tuned_adm active` -Surface +**Depth:** surface -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### PEM configuration (`pem_configuration`) -#### Description +PEM configuration files from PEM agent, PEM server, and PEM Web server -PEM configuration files from PEM agent, PEM server, and PEM web server +Report output: -#### Report output + * file `/tools/pem/config/edb-ssl-pem.conf`: PEM Web server SSL configuration file + * file `/tools/pem/config/edb-pem.conf`: PEM Web server configuration file + * file `/tools/pem/config/install-config`: PEM server configuration file (installation config file) + * file `/tools/pem/config/config_setup.py`: PEM server setup configuration file + * file `/tools/pem/config/pem.wsgi`: PEM server WSGI definition file + * file `/tools/pem/config/agent.cfg`: PEM agent configuration file -* File `/tools/pem/config/edb-ssl-pem.conf`: PEM web server SSL configuration file -* File `/tools/pem/config/edb-pem.conf`: PEM web server configuration file -* File `/tools/pem/config/install-config`: PEM server configuration file (installation config file) -* File `/tools/pem/config/config_setup.py`: PEM server setup configuration file -* File `/tools/pem/config/pem.wsgi`: PEM server WSGI definition file -* File `/tools/pem/config/agent.cfg`: PEM agent configuration file +**Depth:** surface -#### Depth -Surface - -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### PEM systemctl (`pem_systemctl`) -#### Description - When PEM is detected, collects PEM agent and PEM web server status and content -#### Report output - -* File `/tools/pem/systemd/_cat.data`: Output of 'systemctl cat -* File `/tools/pem/systemd/_status.data`: Output of 'systemctl status +Report output: -#### Depth + * file `/tools/pem/systemd/service_name_cat.data`: Output of 'systemctl cat service_name + * file `/tools/pem/systemd/service_name_status.data`: Output of 'systemctl status service_name -Surface +**Depth:** surface -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### PgBouncer configuration (`pgbouncer_configuration`) -#### Description - PgBouncer configuration files -#### Report output - -File `/tools/pgbouncer//config/`: PgBouncer configuration file from instance `` +Report output: -#### Depth + * file `/tools/pgbouncer/num/config/basename`: PgBouncer configuration file from instance num -Surface +**Depth:** surface -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### PgBouncer systemctl (`pgbouncer_systemctl`) -#### Description - When PgBouncer services are detected, collects status and cat of the -corresponding services. Checks for any service that contains any -of the PgBouncer configuration files. +corresponding services. Will check for any service which contains any +of the PgBouncer configuration files -#### Report output +Report output: -* File `/tools/pgbouncer//systemd/_cat.data`: Output of 'systemctl cat from instance `` -* File `/tools/pgbouncer//systemd/_status.data`: Output of 'systemctl status from instance `` + * file `/tools/pgbouncer/num/systemd/service_name_cat.data`: Output of 'systemctl cat service_name from instance num + * file `/tools/pgbouncer/num/systemd/service_name_status.data`: Output of 'systemctl status service_name from instance num -#### Depth +**Depth:** surface -Surface -#### Security impact +**Security Impact:** *low* — +no known security impact. -Low — No known security impact. +### PGD Proxy configuration (`pgd_proxy_configuration`) -### postgres/enterprisedb crontab (`postgres_enterprisedb_crontab`) +Collects PGD Proxy configuration file that is found in the server -#### Description +Report output: -Output from `crontab -l`, if running as postgres or enterprisedb + * file `/tools/pgd-proxy/config/basename`: PGD Proxy configuration file -#### Report output +**Depth:** surface -* File `/linux/enterprisedb_crontab.data`: Output from enterprisedb crontab -l, if enterprisedb user -* File `/linux/postgres_crontab.data`: Output from postgres crontab -l, if postgres user -#### Depth +**Security Impact:** *low* — +no known security impact. -Surface +### PGD Proxy systemctl (`pgd_proxy_systemctl`) -#### Security impact +When PGD Proxy services are detected, collects status and cat of the +corresponding services. Will check for any service which name starts +with `pgd-proxy` -Low — Might have entries in `crontab/cron` with sensitive data. +Report output: -### repmgr CLI (`repmgr_cli`) + * file `/tools/pgd-proxy/systemd/service_name_cat.data`: Output of 'systemctl cat service_name + * file `/tools/pgd-proxy/systemd/service_name_status.data`: Output of 'systemctl status service_name -#### Description +**Depth:** surface -Collects output of `repmgr cluster crosscheck` and `repmgr daemon -status` using the `repmgr.conf` file that's found in the server -#### Report output +**Security Impact:** *low* — +no known security impact. -* File `/tools/repmgr/cli/daemon_status.out`: Output of `repmgr daemon status -f ` command -* File `/tools/repmgr/cli/cluster_crosscheck.out`: Output of `repmgr cluster crosscheck -f ` command +### postgres/enterprisedb crontab (`postgres_enterprisedb_crontab`) -#### Depth +Output from crontab -l, if running as postgres or enterprisedb -Surface +Report output: -#### Security impact + * file `/linux/enterprisedb_crontab.data`: Output from enterprisedb crontab -l, if enterprisedb user + * file `/linux/postgres_crontab.data`: Output from postgres crontab -l, if postgres user -Low — No known security impact. +**Depth:** surface -### repmgr configuration (`repmgr_configuration`) -#### Description +**Security Impact:** *low* — +May have entries in crontab/cron with sensitive data -Collects repmgr configuration file that's found in the server +### repmgr CLI (`repmgr_cli`) -#### Report output +Collects output of `repmgr cluster crosscheck` and `repmgr daemon +status` using the repmgr.conf file which is found in the server. -File `/tools/repmgr/config/repmgr.conf`: repmgr configuration file +Report output: -#### Depth + * file `/tools/repmgr/cli/daemon_status.out`: Output of `repmgr daemon status -f conf_file_path` command + * file `/tools/repmgr/cli/cluster_crosscheck.out`: Output of `repmgr cluster crosscheck -f conf_file_path` command -Surface +**Depth:** surface -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. -### repmgr systemctl (`repmgr_systemctl`) +### repmgr configuration (`repmgr_configuration`) -#### Description +Collects repmgr configuration file that is found in the server -When repmgr services are detected, collects status and cat of the -corresponding services. Checks for any service whose name starts -with `repmgr`. +Report output: -#### Report output + * file `/tools/repmgr/config/repmgr.conf`: repmgr configuration file -* File `/tools/repmgr/systemd/_cat.data`: Output of 'systemctl cat -* File `/tools/repmgr/systemd/_status.data`: Output of 'systemctl status +**Depth:** surface -#### Depth -Surface +**Security Impact:** *low* — +no known security impact. -#### Security impact +### repmgr systemctl (`repmgr_systemctl`) -Low — No known security impact. +When repmgr services are detected, collects status and cat of the +corresponding services. Will check for any service which name starts +with `repmgr` -### xDB CLI (`xdb_cli`) +Report output: -#### Description + * file `/tools/repmgr/systemd/service_name_cat.data`: Output of 'systemctl cat service_name + * file `/tools/repmgr/systemd/service_name_status.data`: Output of 'systemctl status service_name -xDB output from several CLI commands, from the running xDB publication and -subscription server +**Depth:** surface -#### Report output -* Directory `/tools/xdb/cli`: xDB CLI print commands +**Security Impact:** *low* — +no known security impact. -#### Depth +### xDB CLI (`xdb_cli`) -Surface +xDB output from several CLI commands, from the xDB publication and/or +subscription server that are running. -#### Security impact +Report output: -Low — No known security impact. + * directory `/tools/xdb/cli`: xDB CLI print commands -### xDB configuration (`xdb_configuration`) +**Depth:** surface -#### Description -xDB configuration files +**Security Impact:** *low* — +no known security impact. -#### Report output +### xDB configuration (`xdb_configuration`) -* File `/tools/xdb/config/xdbReplicationServer.config`: xDB startup configuration -* File `/tools/xdb/config/edb-repl.conf`: xDB replication configuration -* File `/tools/xdb/config/xdb_subserver.conf`: xDB subscription server configuration -* File `/tools/xdb/config/xdb_pubserver.conf`: xDB publication server configuration +xDB configuration files -#### Depth +Report output: -Surface + * file `/tools/xdb/config/xdbReplicationServer.config`: xDB startup configuration` + * file `/tools/xdb/config/edb-repl.conf`: xDB replication configuration` + * file `/tools/xdb/config/xdb_subserver.conf`: xDB subscription server configuration + * file `/tools/xdb/config/xdb_pubserver.conf`: xDB publication server configuration -#### Security impact +**Depth:** surface -Low — No known security impact. -### xDB systemctl (`xdb_systemctl`) +**Security Impact:** *low* — +no known security impact. -#### Description +### xDB systemctl (`xdb_systemctl`) When xDB services are detected, collects status and cat of edb- xdbpubserver and edb-xdbsubserver -#### Report output +Report output: -* File `/tools/xdb/systemd/_cat.data`: Output of `systemctl cat ` -* File `/tools/xdb/systemd/_status.data`: Output of `systemctl status ` + * file `/tools/xdb/systemd/service_name_cat.data`: Output of 'systemctl cat service_name + * file `/tools/xdb/systemd/service_name_status.data`: Output of 'systemctl status service_name -#### Depth +**Depth:** surface -Surface -#### Security impact +**Security Impact:** *low* — +no known security impact. -Low — No known security impact. +## Microsoft Windows Operating System +### PEM configuration — Windows (`pem_configuration_windows`) -## Microsoft Windows operating system -### PEM configuration - Windows (`pem_configuration_windows`) +PEM configuration files from PEM agent, PEM server, and PEM Web server +in a Windows environment. -#### Description +Report output: -PEM configuration files from PEM agent, PEM server, and PEM web server -in a Windows environment + * file `/tools/pem/config/edb-ssl-pem.conf`: PEM Web server SSL configuration file + * file `/tools/pem/config/edb-pem.conf`: PEM Web server configuration file + * file `/tools/pem/config/pem.wsgi`: PEM server WSGI definition file + * file `/tools/pem/config/agent.cfg`: PEM agent configuration file -#### Report output +**Depth:** surface -* File `/tools/pem/config/edb-ssl-pem.conf`: PEM web server SSL configuration file -* File `/tools/pem/config/edb-pem.conf`: PEM web server configuration file -* File `/tools/pem/config/pem.wsgi`: PEM server WSGI definition file -* File `/tools/pem/config/agent.cfg`: PEM agent configuration file -#### Depth - -Surface - -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### PEM sc (`pem_sc`) -#### Description - When PEM is detected, collects PEM agent and PEM web server status and content -#### Report output +Report output: -File `/tools/pem/sc/_query.data`: Output of `sc query ` + * file `/tools/pem/sc/service_name_query.data`: Output of 'sc query service_name -#### Depth +**Depth:** surface -Surface -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Disk information (`win_disk_information`) -#### Description - -Disk and controller information from the system registry - -#### Report output +Disk and controller information from the system registry. -* File `/windows/enum_ide.reg`: Local machine ide device settings -* File `/windows/enum_scsi.reg`: Local machine scsi device settings +Report output: -#### Depth + * file `/windows/enum_ide.reg`: Local machine ide device settings + * file `/windows/enum_scsi.reg`: Local machine scsi device settings -Surface +**Depth:** surface -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Hosts file (`win_hosts`) -#### Description - -Host files and network-related information - -#### Report output +Host files and network related information -* File `/windows/services.data`: Windows `services` file -* File `/windows/protocol.data`: Windows `protocol` file -* File `/windows/networks.data`: Windows `networks` file -* File `/windows/hosts.sam`: Windows `hosts.sam` file -* File `/windows/hosts.data`: Windows `hosts` file +Report output: -#### Depth + * file `/windows/services.data`: Windows `services` file + * file `/windows/protocol.data`: Windows `protocol` file + * file `/windows/networks.data`: Windows `networks` file + * file `/windows/hosts.sam`: Windows `hosts.sam` file + * file `/windows/hosts.data`: Windows `hosts` file -Surface +**Depth:** surface -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### MsInfo (`win_msinfo`) -#### Description +`MsInfo32` report in `NFO` and `TXT` format -MsInfo32 report in NFO and TXT format +Report output: -#### Report output + * file `/windows/msinfo_report.txt`: Information from the `MsInfo32` in textual format + * file `/windows/msinfo_report.nfo`: Information from the `MsInfo32` in `NFO` -* File `/windows/msinfo_report.txt`: Information from the `MsInfo32` in textual format -* File `/windows/msinfo_report.nfo`: Information from the `MsInfo32` in NFO +**Depth:** surface -#### Depth -Surface - -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### ODBC/64 (`win_odbc32_info`) -#### Description - -ODBC configuration from the 64-bit registry section - -#### Report output +ODBC configuration from the 64 bit registry section -* File `/windows/user_odbc_wow64.reg`: User DSN list -* File `/windows/localmachine_odbcinst_wow64.reg`: List of installed ODBC drivers -* File `/windows/localmachine_odbc_wow64.reg`: System DSN list +Report output: -#### Depth + * file `/windows/user_odbc_wow64.reg`: User DSN list + * file `/windows/localmachine_odbcinst_wow64.reg`: List of installed ODBC drivers + * file `/windows/localmachine_odbc_wow64.reg`: System DSN list -Surface +**Depth:** surface -#### Security impact -Medium — ODBC connection information can expose the presence of other -databases or connection information to Postgres that can be used to -attack the system. +**Security Impact:** *medium* — +ODBC connection information could expose the presence of other +databases or connection information to PostgreSQL that can be used to +attack the system ### ODBC/32 (`win_odbc64_info`) -#### Description +ODBC configuration from the 32 bit registry section -ODBC configuration from the 32-bit registry section +Report output: -#### Report output + * file `/windows/user_odbc.reg`: User DSN list + * file `/windows/localmachine_odbcinst.reg`: list of installed ODBC drivers + * file `/windows/localmachine_odbc.reg`: System DSN list -* File `/windows/user_odbc.reg`: User DSN list -* File `/windows/localmachine_odbcinst.reg`: List of installed ODBC drivers -* File `/windows/localmachine_odbc.reg`: System DSN list +**Depth:** surface -#### Depth -Surface - -#### Security impact - -Medium — ODBC connection information can expose the presence of other -databases or connection information to Postgres that can be used to -attack the system. +**Security Impact:** *medium* — +ODBC connection information could expose the presence of other +databases or connection information to PostgreSQL that can be used to +attack the system ### systeminfo (`win_systeminfo`) -#### Description - Output of the `systeminfo` command -#### Report output +Report output: -File `/windows/systeminfo_report.txt`: Information from the `systeminfo` command + * file `/windows/systeminfo_report.txt`: Information from the `systeminfo` command -#### Depth +**Depth:** surface -Surface -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Disk volumes (`win_volumes`) -#### Description - Volume list from `WMI` -#### Report output - -* File `/windows/association_structure`: Association between drive letters and physical drives -* File `/windows/volume_disk`: Volume list from the WMI subsystem -* File `/windows/logical_disk_list`: Logical disk list from the WMI subsystem -* File `/windows/disk_partition_list`: Disk partition list from the WMI subsystem -* File `/windows/disk_drive_list`: Disk list from the WMI subsystem - -#### Depth - -Surface - -#### Security impact +Report output: -Low — No known security impact. + * file `/windows/association_structure`: Association between drive letters and physical drives + * file `/windows/volume_disk`: Volume list from the WMI subsystem + * file `/windows/logical_disk_list`: Logical disk list from the WMI subsystem + * file `/windows/disk_partition_list`: Disk partition list from the WMI subsystem + * file `/windows/disk_drive_list`: Disk list from the WMI subsystem -### xDB CLI - Windows (`xdb_cli_windows`) +**Depth:** surface -#### Description -xDB output from several CLI commands, from the running xDB publication and -subscription server +**Security Impact:** *low* — +no known security impact. -#### Report output +### xDB CLI — Windows (`xdb_cli_windows`) -* Directory `/tools/xdb/cli`: xDB CLI print commands +xDB output from several CLI commands, from the xDB publication and/or +subscription server that are running. -#### Depth +Report output: -Surface + * directory `/tools/xdb/cli`: xDB CLI print commands -#### Security impact +**Depth:** surface -Low — No known security impact. -### xDB configuration - Windows (`xdb_configuration_windows`) +**Security Impact:** *low* — +no known security impact. -#### Description +### xDB configuration — Windows (`xdb_configuration_windows`) xDB configuration files -#### Report output +Report output: -* File `/tools/xdb/config/xdbReplicationServer.config`: xDB startup configuration` -* File `/tools/xdb/config/edb-repl.conf`: xDB replication configuration` -* File `/tools/xdb/config/xdb_subserver.conf`: xDB subscription server configuration -* File `/tools/xdb/config/xdb_pubserver.conf`: xDB publication server configuration + * file `/tools/xdb/config/xdbReplicationServer.config`: xDB startup configuration` + * file `/tools/xdb/config/edb-repl.conf`: xDB replication configuration` + * file `/tools/xdb/config/xdb_subserver.conf`: xDB subscription server configuration + * file `/tools/xdb/config/xdb_pubserver.conf`: xDB publication server configuration -#### Depth +**Depth:** surface -Surface -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### xDB sc (`xdb_sc`) -#### Description - When xDB is detected, collects xDB Publication and Subscription server status -#### Report output - -File `/tools/xdb/sc/_query.data`: Output of 'sc query +Report output: -#### Depth + * file `/tools/xdb/sc/service_name_query.data`: Output of 'sc query service_name -Surface +**Depth:** surface -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. -## PostgreSQL/PGD3 nstance +## PostgreSQL/BDR3 Instance ### Current archiver stats (`postgresql_archiver`) -#### Description - -Statistics about the archiver process's activity from -pg_stat_archiver - -#### Report output +Statistics about the archiver process's activity (from +pg_stat_archiver) -File `postgresql/archiver.out` +Report output: -#### Depth + * file `postgresql/archiver.out` -Surface +**Depth:** surface -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Available extensions (`postgresql_available_extensions`) -#### Description - List of extensions available on the server -#### Report output - -File `postgresql/available_extensions.out` +Report output: -#### Depth + * file `postgresql/available_extensions.out` -Surface +**Depth:** surface -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Current bg_writer stats (`postgresql_bgwriter`) -#### Description - -Statistics about the background writer process's activity from -pg_stat_bgwriter - -#### Report output +Statistics about the background writer process's activity (from +pg_stat_bgwriter) -File `postgresql/bgwriter.out` +Report output: -#### Depth + * file `postgresql/bgwriter.out` -Surface +**Depth:** surface -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Directory with binaries (`postgresql_bin_dir`) -#### Description - PostgreSQL binary directory -#### Report output - -File `/postgresql/postgresql_bin_path.data`: Path to the Postgres bin directory +Report output: -#### Depth + * file `/postgresql/postgresql_bin_path.data`: Path to the PostgreSQL bin directory -Surface +**Depth:** surface -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Current configuration (`postgresql_configuration`) -#### Description - -Postgres current configuration +PostgreSQL current configuration -#### Report output +Report output: -File `postgresql/configuration.out` + * file `postgresql/configuration.out` -#### Depth +**Depth:** surface -Surface -#### Security impact - -Medium — `postgresql.conf` might contain bad security policies +**Security Impact:** *medium* — +postgresql.conf might contain bad security policies ### Configuration files (`postgresql_configuration_files`) -#### Description +PostgreSQL configuration files and the data directory path (passwords +contained in well-known connection strings are automatically redacted +for information security reasons). -Postgres configuration files and the data directory path. Passwords -contained in well-known connection strings are redacted -for information security reasons. +Report output: -#### Report output + * file `/postgresql/pg_ident.conf`: PostgreSQL ident configuration file + * file `/postgresql/pg_hba.conf`: PostgreSQL host-based authentication file + * file `/postgresql/postgresql.auto.conf`: PostgreSQL auto configuration file + * file `/postgresql/recovery.done`: PostgreSQL recovery.done file + * file `/postgresql/recovery.conf`: PostgreSQL recovery.conf file + * file `/postgresql/postgresql.conf`: PostgreSQL configuration file -* File `/postgresql/pg_ident.conf`: Postgres ident configuration file -* File `/postgresql/pg_hba.conf`: Postgres host-based authentication file -* File `/postgresql/postgresql.auto.conf`: Postgres auto configuration file -* File `/postgresql/recovery.done`: Postgres recovery.done file -* File `/postgresql/recovery.conf`: Postgres recovery.conf file -* File `/postgresql/postgresql.conf`: Postgres configuration file +**Depth:** surface -#### Depth -Surface +**Security Impact:** *medium* — +`pg_hba.conf` and `pg_ident.conf` might expose potential security +holes such as trusted connections. -#### Security impact +### Databases (`postgresql_databases`) -Medium — `pg_hba.conf` and `pg_ident.conf` might expose potential security -holes, such as trusted connections. +List of databases in the PostgreSQL node -### Databases (`postgresql_databases`) +Report output: -#### Description + * file `postgresql/databases.out` -List of databases in the Postgres node +**Depth:** surface -#### Report output -File `postgresql/databases.out` +**Security Impact:** *low* — +no known security impact. -#### Depth +### postgresql_db_bdr_tables_and_views (`postgresql_db_bdr_tables_and_views`) -Surface +Collect all the tables and views of the BDR extension, except for: +- bdr.apply_log — bdr.conflict_history — bdr.consensus_kv_data +- bdr.internal_node_pre_commit — bdr.replication_status - +bdr.state_journal — bdr.stat_activity -#### Security impact +Report output: -Low — No known security impact. + * file `/postgresql/dbs/dbname/bdr/*`: Content of all tables under the BDR schema -### postgresql_db_bdr_tables_and_views (`postgresql_db_bdr_tables_and_views`) +**Depth:** shallow -#### Description -Collects all the tables and views of the BDR extension, except for: +**Security Impact:** *low* — +no known security impact. -- `bdr.apply_log` -- `bdr.conflict_history` -- `bdr.consensus_kv_data` -- `bdr.internal_node_pre_commit` -- `bdr.replication_status` -- `bdr.state_journal` -- `bdr.stat_activity` +### postgresql_db_pglogical_tables_and_views (`postgresql_db_pglogical_tables_and_views`) -#### Report output +Collect all the tables and views of the pglogical extension -File `/postgresql/dbs//bdr/*`: Content of all tables under the BDR schema +Report output: -#### Depth + * file `/postgresql/dbs/dbname/pglogical/*`: Content of all tables under the pglogical schema -Shallow +**Depth:** shallow -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. -### postgresql_db_pglogical_tables_and_views (`postgresql_db_pglogical_tables_and_views`) +### Database/Role Setting (`postgresql_db_role_setting`) -#### Description +List of database/role settings in the PostgreSQL node -Collects all the tables and views of the pglogical extension +Report output: -#### Report output + * file `postgresql/db_role_setting.out` -File `/postgresql/dbs//pglogical/*`: Content of all tables under the pglogical schema +**Depth:** shallow -#### Depth -Shallow +**Security Impact:** *low* — +no known security impact. -#### Security impact +### Node and snapshot data (`postgresql_node`) -Low — No known security impact. +Information about the running PostgreSQL node -### Database/Role Setting (`postgresql_db_role_setting`) +Report output: -#### Description + * file `postgresql/node.out` -List of database/role settings in the Postgres node +**Depth:** surface -#### Report output -File `postgresql/db_role_setting.out` +**Security Impact:** *low* — +no known security impact. -#### Depth +### pg_config (`postgresql_pg_config`) -Shallow +PostgreSQL `pg_config` command output. -#### Security impact +Report output: -Low — No known security impact. + * file `/postgresql/pg_config.data`: `pg_config` command output -### Node and snapshot data (`postgresql_node`) +**Depth:** surface -#### Description -Information about the running Postgres node +**Security Impact:** *low* — +no known security impact. -#### Report output +### pg_controldata (`postgresql_pg_controldata`) -File `postgresql/node.out` +PostgreSQL `pg_controldata` information. -#### Depth +Report output: -Surface + * file `/postgresql/pg_controldata.data`: `pg_controldata` command output -#### Security impact +**Depth:** surface -Low — No known security impact. -### pg_config (`postgresql_pg_config`) +**Security Impact:** *low* — +no known security impact. -#### Description +### Version (`postgresql_pg_version`) -Postgres `pg_config` command output +PostgreSQL client and server version. -#### Report output +Report output: -File `/postgresql/pg_config.data`: `pg_config` command output + * file `/postgresql/postgresql_server_version.data`: PostgreSQL server version + * file `/postgresql/postgresql_client_version.data`: PostgreSQL client version -#### Depth +**Depth:** surface -Surface -#### Security impact +**Security Impact:** *low* — +no known security impact. -Low — No known security impact. +### Current pg_prepared_xacts contents (`postgresql_prepared_xacts`) -### pg_controldata (`postgresql_pg_controldata`) +Status of prepared xacts (from pg_prepared_xacts) -#### Description +Report output: -Postgres `pg_controldata` information + * file `postgresql/prepared_xacts.out` -#### Report output +**Depth:** surface -File `/postgresql/pg_controldata.data`: `pg_controldata` command output -#### Depth +**Security Impact:** *low* — +no known security impact. -Surface +### Current pg_replication_origin_status contents (`postgresql_replication_origin`) -#### Security impact +Status of replication origins (from pg_replication_origin_status) -Low — No known security impact. +Report output: -### Version (`postgresql_pg_version`) + * file `postgresql/replication_origins.out` -#### Description +**Depth:** surface -Postgres client and server version -#### Report output +**Security Impact:** *low* — +no known security impact. -* File `/postgresql/postgresql_server_version.data`: Postgres server version -* File `/postgresql/postgresql_client_version.data`: Postgres client version +### Current pg_replication_slots contents (`postgresql_replication_slots`) -#### Depth +Replication slots (from pg_replication_slots) -Surface +Report output: -#### Security impact + * file `postgresql/replication_slots.out` -Low — No known security impact. +**Depth:** surface -### Current pg_prepared_xacts contents (`postgresql_prepared_xacts`) -#### Description +**Security Impact:** *low* — +no known security impact. -Status of prepared xacts from `pg_prepared_xacts` +### Roles (`postgresql_roles`) -#### Report output +Database roles from `pg_roles` -File `postgresql/prepared_xacts.out` +Report output: -#### Depth + * file `postgresql/roles.out` -Surface +**Depth:** shallow -#### Security impact -Low — No known security impact. +**Security Impact:** *medium* — +pg_roles might contain bad security policies -### Current pg_replication_origin_status contents (`postgresql_replication_origin`) +### Current activity stats (`postgresql_running_activity`) -#### Description +Information related to the current activity on running processes (from +`pg_stat_activity`) -Status of replication origins from `pg_replication_origin_status` +Report output: -#### Report output + * file `postgresql/running_activity.out` -File `postgresql/replication_origins.out` +**Depth:** shallow -#### Depth -Surface +**Security Impact:** *low* — +queries in `pg_stat_activity` could contain user names and application +names. -#### Security impact +### Active locks (`postgresql_running_locks`) -Low — No known security impact. +List of active locks -### Current pg_replication_slots contents (`postgresql_replication_slots`) +Report output: -#### Description + * file `postgresql/running_locks.out` -Replication slots from `pg_replication_slots` +**Depth:** surface -#### Report output -File `postgresql/replication_slots.out` +**Security Impact:** *low* — +no known security impact. -#### Depth +### pg_server_limits (`postgresql_server_limits`) -Surface +Real effective kernel OS limits for the postmaster PID. -#### Security impact +Report output: -Low — No known security impact. + * file `/postgresql/pg_server_limits_PORT.data`: `prlimit` for postmaster PID -### Roles (`postgresql_roles`) +**Depth:** surface -#### Description -Database roles from `pg_roles` +**Security Impact:** *low* — +no known security impact. -#### Report output +### Current pg_shmem_allocations contents (`postgresql_shmem_allocations`) -File `postgresql/roles.out` +Status of shared memory allocations (from pg_shmem_allocations) -#### Depth +Report output: -Shallow + * file `postgresql/shmem_allocations.out` -#### Security impact +**Depth:** surface -Medium — pg_roles might contain bad security policies -### Current activity stats (`postgresql_running_activity`) +**Security Impact:** *low* — +no known security impact. -#### Description +### Current pg_stat_progress_analyze contents (`postgresql_stat_progress_analyze`) -Information related to the current activity on running processes from -`pg_stat_activity` +ANALYZE progress -#### Report output +Report output: -File `postgresql/running_activity.out` + * file `postgresql/pg_stat_progress_analyze.out` -#### Depth +**Depth:** surface -Shallow -#### Security impact +**Security Impact:** *low* — +no known security impact. -Low — queries in `pg_stat_activity` could contain user names and application -names. +### Current pg_stat_progress_basebackup contents (`postgresql_stat_progress_basebackup`) -### Active locks (`postgresql_running_locks`) +BASEBACKUP progress -#### Description +Report output: -List of active locks + * file `postgresql/pg_stat_progress_basebackup.out` -#### Report output +**Depth:** surface -File `postgresql/running_locks.out` -#### Depth +**Security Impact:** *low* — +no known security impact. -Surface +### Current pg_stat_progress_copy contents (`postgresql_stat_progress_copy`) -#### Security impact +COPY progress -Low — No known security impact. +Report output: -### Current pg_shmem_allocations contents (`postgresql_shmem_allocations`) + * file `postgresql/pg_stat_progress_copy.out` -#### Description +**Depth:** surface -Status of shared memory allocations from `pg_shmem_allocations` -#### Report output +**Security Impact:** *low* — +no known security impact. -File `postgresql/shmem_allocations.out` +### Current pg_stat_progress_vacuum contents (`postgresql_stat_progress_vacuum`) -#### Depth +VACUUM progress -Surface +Report output: -#### Security impact + * file `postgresql/pg_stat_progress_vacuum.out` -Low — No known security impact. +**Depth:** surface -### Current pg_stat_replication contents (`postgresql_stat_replication`) -#### Description +**Security Impact:** *low* — +no known security impact. -Replication connections from `pg_stat_replication` +### Current pg_stat_replication contents (`postgresql_stat_replication`) -#### Report output +Replication connections (from pg_stat_replication) -File `postgresql/replication.out` +Report output: -#### Depth + * file `postgresql/replication.out` -Surface +**Depth:** surface -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Server subscription statistics (`postgresql_subscription_statistics`) -#### Description - Statistics of subscriptions -#### Report output +Report output: -File `postgresql/subscription_statistics.out` + * file `postgresql/subscription_statistics.out` -#### Depth +**Depth:** shallow -Shallow -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Server subscriptions (`postgresql_subscriptions`) -#### Description - List of subscriptions -#### Report output +Report output: -File `postgresql/subscriptions.out` + * file `postgresql/subscriptions.out` -#### Depth +**Depth:** shallow -Shallow -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Tablespaces (`postgresql_tablespaces`) -#### Description - Tablespaces information and location -#### Report output - -File `postgresql/tablespaces.out` +Report output: -#### Depth + * file `postgresql/tablespaces.out` -Surface +**Depth:** surface -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. +### Workload characteristics using waits (`postgresql_waits_stats`) -## Details for every Postgres/BDR3 database -### PGD1 replication slots (`postgresql_db_bdr1_replication_slots`) +PostgreSQL workload characterisation using built-in wait events -#### Description +Report output: -List of replication slots with 9.6 format for PGD1 + * file `postgresql/running_waits_sample.out`: Workload characterisation using built-in wait events -#### Report output +**Depth:** surface -File `bdr1_replication_slots.out` -#### Depth +**Security Impact:** *low* — +no known security impact. -Surface -#### Security impact +## Details for every PostgreSQL/BDR3 Database +### BDR1 replication slots (`postgresql_db_bdr1_replication_slots`) -Low — No known security impact. +List of replication slots with 9.6 format for BDR1 -### PGD2 replication slots (`postgresql_db_bdr2_replication_slots`) +Report output: -#### Description + * file `bdr1_replication_slots.out` -List of replication slots with 9.6 format for PGD2 +**Depth:** surface -#### Report output -File `bdr2_replication_slots.out` +**Security Impact:** *low* — +no known security impact. -#### Depth +### BDR2 replication slots (`postgresql_db_bdr2_replication_slots`) -Surface +List of replication slots with 9.6 format for BDR2 -#### Security impact +Report output: -Low — No known security impact. + * file `bdr2_replication_slots.out` -### PGD conflict_history_summary aggregation (`postgresql_db_bdr3_conflict_history_summary_agg`) +**Depth:** surface -#### Description -Collects aggregate count for all types of conflicts +**Security Impact:** *low* — +no known security impact. -#### Report output +### BDR conflict_history_summary aggregation (`postgresql_db_bdr3_conflict_history_summary_agg`) -File `bdr_conflict_history_summary_agg.out` +Collect aggregate count for all types of conflicts -#### Depth +Report output: -Surface + * file `bdr_conflict_history_summary_agg.out` -#### Security impact +**Depth:** surface -Low — No known security impact. -### PGD current activity stats (`postgresql_db_bdr3_stat_activity`) +**Security Impact:** *low* — +no known security impact. -#### Description +### BDR current activity stats (`postgresql_db_bdr3_stat_activity`) -Information related to the current activity on running processes from -`bdr.stat_activity` +Information related to the current activity on running processes (from +`bdr.stat_activity`) -#### Report output +Report output: -File `bdr_stat_activity.out` + * file `bdr_stat_activity.out` -#### Depth +**Depth:** shallow -Shallow -#### Security impact - -Low — queries in `bdr.stat_activity` could contain user names and +**Security Impact:** *low* — +queries in `bdr.stat_activity` could contain user names and application names. -### PGD sequences (`postgresql_db_bdr_sequences`) - -#### Description +### BDR sequences (`postgresql_db_bdr_sequences`) -List of the PGD sequences +List of the BDR sequences -#### Report output +Report output: -File `bdr_sequences.out` + * file `bdr_sequences.out` -#### Depth +**Depth:** surface -Surface -#### Security impact +**Security Impact:** *low* — +no known security impact. -Low — No known security impact. +### BDR version (`postgresql_db_bdr_version`) -### PGD version (`postgresql_db_bdr_version`) +Currently used version of BDR -#### Description +Report output: -Currently used version of PGD + * file `bdr_version.out` -#### Report output +**Depth:** surface -File `bdr_version.out` -#### Depth - -Surface - -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Database extensions (`postgresql_db_extensions`) -#### Description - List of extensions in the database -#### Report output +Report output: -File `extensions.out` + * file `extensions.out` -#### Depth +**Depth:** shallow -Shallow -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Database indexes (`postgresql_db_indexes`) -#### Description - List of indexes in the database -#### Report output - -File `indexes.out` +Report output: -#### Depth + * file `indexes.out` -Shallow +**Depth:** shallow -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Database procedural languages (`postgresql_db_languages`) -#### Description - Procedural languages in the database -#### Report output - -File `language.out` +Report output: -#### Depth + * file `language.out` -Shallow +**Depth:** shallow -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. -### PGD monitor_group_raft (`postgresql_db_monitor_group_raft`) - -#### Description +### BDR monitor_group_raft (`postgresql_db_monitor_group_raft`) Check the raft status in the bdr cluster -#### Report output - -File `bdr_monitor_group_raft.out` - -#### Depth - -Surface +Report output: -#### Security impact + * file `bdr_monitor_group_raft.out` -Low — No known security impact. +**Depth:** surface -### PGD monitor_group_versions (`postgresql_db_monitor_group_versions`) -#### Description +**Security Impact:** *low* — +no known security impact. -Check the version of all PGD nodes +### BDR monitor_group_versions (`postgresql_db_monitor_group_versions`) -#### Report output +Check the version of all BDR nodes -File `bdr_monitor_group_versions.out` +Report output: -#### Depth + * file `bdr_monitor_group_versions.out` -Surface +**Depth:** surface -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. -### PGD monitor_local_replslots (`postgresql_db_monitor_local_replslots`) +### BDR monitor_local_replslots (`postgresql_db_monitor_local_replslots`) -#### Description +Check all the replication slot status -Checks all the replication slot status +Report output: -#### Report output + * file `bdr_monitor_local_replslots.out` -File `bdr_monitor_local_replslots.out` +**Depth:** surface -#### Depth -Surface - -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Database operators (`postgresql_db_operators`) -#### Description - Operators in the database -#### Report output +Report output: -File `operator.out` + * file `operator.out` -#### Depth +**Depth:** shallow -Shallow -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Database partitioned tables (`postgresql_db_partitioned_tables`) -#### Description - -Information about partitioned tables using declarative partitioning +Information about partitioned tables (using declarative partitioning) -#### Report output +Report output: -File `partitioned_table.out` + * file `partitioned_table.out` -#### Depth +**Depth:** shallow -Shallow -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Database PEM pem.agent table tuples (`postgresql_db_pem_agent`) -#### Description - -Data from metatable `pem.agent` +Data from metatable pem.agent -#### Report output +Report output: -File `pem_agent.out` + * file `pem_agent.out` -#### Depth +**Depth:** shallow -Shallow -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Database PEM pem.agent_config table tuples (`postgresql_db_pem_agent_config`) -#### Description - -Data from metatable `pem.agent_config` +Data from metatable pem.agent_config -#### Report output +Report output: -File `pem_agent_config.out` + * file `pem_agent_config.out` -#### Depth +**Depth:** shallow -Shallow -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Database PEM pem.agent_heartbeat table tuples (`postgresql_db_pem_agent_heartbeat`) -#### Description - -Data from metatable `pem.agent_heartbeat` - -#### Report output +Data from metatable pem.agent_heartbeat -File `pem_agent_heartbeat.out` +Report output: -#### Depth + * file `pem_agent_heartbeat.out` -Shallow +**Depth:** shallow -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Database PEM pem.agent_server_binding table tuples (`postgresql_db_pem_agent_server_binding`) -#### Description - -Data from metatable `pem.agent_server_binding` - -#### Report output +Data from metatable pem.agent_server_binding -File `pem_agent_server_binding.out` +Report output: -#### Depth + * file `pem_agent_server_binding.out` -Shallow +**Depth:** shallow -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Database PEM pem.config table tuples (`postgresql_db_pem_config`) -#### Description +Data from metatable pem.config -Data from metatable `pem.config` +Report output: -#### Report output + * file `pem_config.out` -File `pem_config.out` +**Depth:** shallow -#### Depth -Shallow - -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Database PEM pem.email_group table tuples (`postgresql_db_pem_email_group`) -#### Description - -Data from metatable `pem.email_group` - -#### Report output +Data from metatable pem.email_group -File `pem_email_group.out` +Report output: -#### Depth + * file `pem_email_group.out` -Shallow +**Depth:** shallow -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Database PEM pem.email_group_option table tuples (`postgresql_db_pem_email_group_option`) -#### Description +Data from metatable pem.email_group_option -Data from metatable `pem.email_group_option` +Report output: -#### Report output + * file `pem_email_group_option.out` -File `pem_email_group_option.out` +**Depth:** shallow -#### Depth -Shallow - -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Database PEM pem.probe table tuples (`postgresql_db_pem_probe`) -#### Description - -Data from metatable `pem.probe` +Data from metatable pem.probe -#### Report output +Report output: -File `pem_probe.out` + * file `pem_probe.out` -#### Depth +**Depth:** shallow -Shallow -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Database PEM pem.probe_schedule table tuples (`postgresql_db_pem_probe_schedule`) -#### Description - -Data from metatable `pem.probe_schedule` +Data from metatable pem.probe_schedule -#### Report output +Report output: -File `pem_probe_schedule.out` + * file `pem_probe_schedule.out` -#### Depth +**Depth:** shallow -Shallow -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Database PEM pem.schema_version() output (`postgresql_db_pem_schema_version`) -#### Description - -Output from function `pem.schema_version()` +Output from function pem.schema_version() -#### Report output +Report output: -File `pem_schema_version.out` + * file `pem_schema_version.out` -#### Depth +**Depth:** shallow -Shallow -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Database PEM pem.server table tuples (`postgresql_db_pem_server`) -#### Description - -Data from metatable `pem.server` +Data from metatable pem.server -#### Report output +Report output: -File `pem_server.out` + * file `pem_server.out` -#### Depth +**Depth:** shallow -Shallow -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Database PEM pem.server_heartbeat table tuples (`postgresql_db_pem_server_heartbeat`) -#### Description - -Data from metatable `pem.server_heartbeat` - -#### Report output +Data from metatable pem.server_heartbeat -File `pem_server_heartbeat.out` +Report output: -#### Depth + * file `pem_server_heartbeat.out` -Shallow +**Depth:** shallow -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Database PEM pem.smtp_spool table tuples (`postgresql_db_pem_smtp_spool`) -#### Description - -Data from metatable `pem.smtp_spool` - -#### Report output +Data from metatable pem.smtp_spool -File `pem_smtp_spool.out` +Report output: -#### Depth + * file `pem_smtp_spool.out` -Shallow +**Depth:** shallow -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Database PEM pem.snmp_spool table tuples (`postgresql_db_pem_snmp_spool`) -#### Description +Data from metatable pem.snmp_spool -Data from metatable `pem.snmp_spool` +Report output: -#### Report output + * file `pem_snmp_spool.out` -File `pem_snmp_spool.out` +**Depth:** shallow -#### Depth -Shallow - -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Pglogical subscription status (`postgresql_db_pglogical_subscription_status`) -#### Description - List of tables replicated by pglogical -#### Report output - -File `pglogical_subscription_status.out` +Report output: -#### Depth + * file `pglogical_subscription_status.out` -Surface +**Depth:** surface -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Database functions (`postgresql_db_procs`) -#### Description - Functions in the database -#### Report output - -File `proc.out` +Report output: -#### Depth + * file `proc.out` -Shallow +**Depth:** shallow -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Database publication tables (`postgresql_db_publication_tables`) -#### Description - List of tables of publications of the database -#### Report output +Report output: -File `publication_tables.out` + * file `publication_tables.out` -#### Depth +**Depth:** shallow -Shallow -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Database publications (`postgresql_db_publications`) -#### Description - List of publications of the database -#### Report output +Report output: -File `publications.out` + * file `publications.out` -#### Depth +**Depth:** shallow -Shallow -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Database repmgr repmgr.events table tuples (`postgresql_db_repmgr_events`) -#### Description - -Data from metatable `repmgr.events` +Data from metatable repmgr.events -#### Report output +Report output: -File `repmgr/events.out` + * file `repmgr/events.out` -#### Depth +**Depth:** shallow -Shallow -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Database repmgr repmgr.monitoring_history table tuples (`postgresql_db_repmgr_monitoring_history`) -#### Description - -Data from metatable `repmgr.monitoring_history` +Data from metatable repmgr.monitoring_history -#### Report output +Report output: -File `repmgr/monitoring_history.out` + * file `repmgr/monitoring_history.out` -#### Depth +**Depth:** shallow -Shallow -#### Security impact - -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Database repmgr repmgr.nodes table tuples (`postgresql_db_repmgr_nodes`) -#### Description +Data from metatable repmgr.nodes -Data from metatable `repmgr.nodes` +Report output: -#### Report output + * file `repmgr/nodes.out` -File `repmgr/nodes.out` +**Depth:** shallow -#### Depth -Shallow +**Security Impact:** *low* — +no known security impact. -#### Security impact +### Database repmgr repmgr.replication_status table tuples (`postgresql_db_repmgr_replication_status`) -Low — No known security impact. +Data from metatable repmgr.replication_status -### Database repmgr repmgr.replication_status table tuples (`postgresql_db_repmgr_replication_status`) +Report output: -#### Description + * file `repmgr/replication_status.out` -Data from metatable `repmgr.replication_status` +**Depth:** shallow -#### Report output -File `repmgr/replication_status.out` +**Security Impact:** *low* — +no known security impact. -#### Depth +### Database repmgr repmgr.show_nodes table tuples (`postgresql_db_repmgr_show_nodes`) -Shallow +Data from metatable repmgr.show_nodes -#### Security impact +Report output: -Low — No known security impact. + * file `repmgr/show_nodes.out` -### Database repmgr repmgr.show_nodes table tuples (`postgresql_db_repmgr_show_nodes`) +**Depth:** shallow -#### Description -Data from metatable `repmgr.show_nodes` +**Security Impact:** *low* — +no known security impact. -#### Report output +### Database schema (`postgresql_db_schemas`) -File `repmgr/show_nodes.out` +List of schemas in the database -#### Depth +Report output: -Shallow + * file `schemas.out` -#### Security impact +**Depth:** shallow -Low — No known security impact. -### Database schema (`postgresql_db_schemas`) +**Security Impact:** *low* — +no known security impact. -#### Description +### Database statistics (`postgresql_db_statistics`) -List of schemas in the database +Statistics of the database -#### Report output +Report output: -File `schemas.out` + * file `statistics.out` -#### Depth +**Depth:** deep -Shallow -#### Security impact +**Security Impact:** *low* — +no known security impact. -Low — No known security impact. +### Database subscription tables (`postgresql_db_subscription_tables`) -### Database statistics (`postgresql_db_statistics`) +List of tables of subscriptions of the database -#### Description +Report output: -Statistics of the database + * file `subscription_tables.out` -#### Report output +**Depth:** shallow -File `statistics.out` -#### Depth +**Security Impact:** *low* — +no known security impact. -Deep +### Database tables (`postgresql_db_tables`) -#### Security impact +List of tables in the database -Low — No known security impact. +Report output: -### Database subscription tables (`postgresql_db_subscription_tables`) + * file `tables.out` -#### Description +**Depth:** shallow -List of tables of subscriptions of the database -#### Report output +**Security Impact:** *low* — +no known security impact. -File `subscription_tables.out` +### Database types (`postgresql_db_types`) -#### Depth +Types in the database -Shallow +Report output: -#### Security impact + * file `type.out` -Low — No known security impact. +**Depth:** shallow -### Database tables (`postgresql_db_tables`) -#### Description +**Security Impact:** *low* — +no known security impact. -List of tables in the database +### Database xDB _edb_replicator_pub.xdb_mmr_pub_group table tuples (`postgresql_db_xdb_mmr_pub_group`) -#### Report output +Data from metatable _edb_replicator_pub.xdb_mmr_pub_group -File `tables.out` +Report output: -#### Depth + * file `xdb_mmr_pub_group.out` -Shallow +**Depth:** shallow -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. -### Database types (`postgresql_db_types`) +### Database xDB _edb_replicator_pub.xdb_pub_database table tuples (`postgresql_db_xdb_pub_database`) -#### Description +Data from metatable _edb_replicator_pub.xdb_pub_database -Types in the database +Report output: -#### Report output + * file `xdb_pub_database.out` -File `type.out` +**Depth:** shallow -#### Depth -Shallow +**Security Impact:** *low* — +no known security impact. -#### Security impact +### Database xDB _edb_replicator_pub.xdb_pub_replog table tuples (`postgresql_db_xdb_pub_replog`) -Low — No known security impact. +Last 50 rows from metatable _edb_replicator_pub.xdb_pub_replog -### Database xDB _edb_replicator_pub.xdb_mmr_pub_group table tuples (`postgresql_db_xdb_mmr_pub_group`) +Report output: -#### Description + * file `xdb_pub_replog.out` -Data from metatable `_edb_replicator_pub.xdb_mmr_pub_group` +**Depth:** shallow -#### Report output -File `xdb_mmr_pub_group.out` +**Security Impact:** *low* — +no known security impact. -#### Depth +### Database xDB _edb_replicator_pub.xdb_publication_subscriptionstable tuples (`postgresql_db_xdb_publication_subscriptions`) -Shallow +Data from metatable_edb_replicator_pub.xdb_publication_subscriptions -#### Security impact +Report output: -Low — No known security impact. + * file `xdb_publication_subscriptions.out` -### Database xDB _edb_replicator_pub.xdb_pub_database table tuples (`postgresql_db_xdb_pub_database`) +**Depth:** shallow -#### Description -Data from metatable `_edb_replicator_pub.xdb_pub_database` +**Security Impact:** *low* — +no known security impact. -#### Report output +### Database xDB _edb_replicator_pub.xdb_publications table tuples (`postgresql_db_xdb_publications`) -File `xdb_pub_database.out` +Data from metatable _edb_replicator_pub.xdb_publications -#### Depth +Report output: -Shallow + * file `xdb_publications.out` -#### Security impact +**Depth:** shallow -Low — No known security impact. -### Database xDB _edb_replicator_pub.xdb_pub_replog table tuples (`postgresql_db_xdb_pub_replog`) +**Security Impact:** *low* — +no known security impact. -#### Description +### Database xDB _edb_replicator_pub.rrep_mmr_pub_group table tuples (`postgresql_db_xdb_rrep_mmr_pub_group`) -Last 50 rows from metatable `_edb_replicator_pub.xdb_pub_replog` +Data from metatable _edb_replicator_pub.rrep_mmr_pub_group -#### Report output +Report output: -File `xdb_pub_replog.out` + * file `xdb_rrep_mmr_pub_group.out` -#### Depth +**Depth:** shallow -Shallow -#### Security impact +**Security Impact:** *low* — +no known security impact. -Low — No known security impact. +### Database xDB _edb_replicator_pub.rrep_mmr_txset table tuples (`postgresql_db_xdb_rrep_mmr_txset`) -### Database xDB _edb_replicator_pub.xdb_publication_subscriptionstable tuples (`postgresql_db_xdb_publication_subscriptions`) +Last 10 rows from metatable _edb_replicator_pub.rrep_mmr_txset -#### Description +Report output: -Data from metatable `_edb_replicator_pub.xdb_publication_subscriptions` + * file `xdb_rrep_mmr_txset.out` -#### Report output +**Depth:** shallow -File `xdb_publication_subscriptions.out` -#### Depth +**Security Impact:** *low* — +no known security impact. -Shallow +### Database xDB _edb_replicator_pub.rrep_properties table tuples (`postgresql_db_xdb_rrep_properties`) -#### Security impact +Data from from metatable _edb_replicator_pub.rrep_properties -Low — No known security impact. +Report output: -### Database xDB _edb_replicator_pub.xdb_publications table tuples (`postgresql_db_xdb_publications`) + * file `xdb_rrep_properties.out` -#### Description +**Depth:** shallow -Data from metatable `_edb_replicator_pub.xdb_publications` -#### Report output +**Security Impact:** *low* — +no known security impact. -File `xdb_publications.out` +### Database xDB _edb_replicator_pub.rrep_publication_tablestable tuples (`postgresql_db_xdb_rrep_publication_tables`) -#### Depth +Data from from metatable_edb_replicator_pub.rrep_publication_tables -Shallow +Report output: -#### Security impact + * file `xdb_rrep_publication_tables.out` -Low — No known security impact. +**Depth:** shallow -### Database xDB _edb_replicator_pub.rrep_mmr_pub_group table tuples (`postgresql_db_xdb_rrep_mmr_pub_group`) -#### Description +**Security Impact:** *low* — +no known security impact. -Data from metatable `_edb_replicator_pub.rrep_mmr_pub_group` +### Database xDB _edb_replicator_pub.rrep_txset table tuples (`postgresql_db_xdb_rrep_txset`) -#### Report output +Data from metatable _edb_replicator_pub.rrep_txset -File `xdb_rrep_mmr_pub_group.out` +Report output: -#### Depth + * file `xdb_pub_rrep_txset.out` -Shallow +**Depth:** shallow -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. -### Database xDB _edb_replicator_pub.rrep_mmr_txset table tuples (`postgresql_db_xdb_rrep_mmr_txset`) +### Oracle-compatibile partitioning key view (`postgresql_epas_all_part_key_columns`) -#### Description +Provides partitioning key details (all_part_key_columns, EPAS +specific) -Last 10 rows from metatable `_edb_replicator_pub.rrep_mmr_txset` +Report output: -#### Report output + * file `epas_all_part_key_columns.out` -File `xdb_rrep_mmr_txset.out` +**Depth:** surface -#### Depth -Shallow +**Security Impact:** *low* — +no known security impact. -#### Security impact +### Oracle-compatibile all partitioned table view (`postgresql_epas_all_part_tables`) -Low — No known security impact. +All partitioned tables view (from all_part_tables, EPAS specific) -### Database xDB _edb_replicator_pub.rrep_properties table tuples (`postgresql_db_xdb_rrep_properties`) +Report output: -#### Description + * file `epas_all_part_tables.out` -Data from from metatable `_edb_replicator_pub.rrep_properties` +**Depth:** surface -#### Report output -File `xdb_rrep_properties.out` +**Security Impact:** *low* — +no known security impact. -#### Depth:** shallow +### Oracle-compatibile subpartitioning key view (`postgresql_epas_all_subpart_key_columns`) -#### Security impact +Provides subpartitioning key details (all_subpart_key_columns, EPAS +specific) -Low — No known security impact. +Report output: -### Database xDB _edb_replicator_pub.rrep_publication_tablestable tuples (`postgresql_db_xdb_rrep_publication_tables`) + * file `epas_all_subpart_key_columns.out` -#### Description +**Depth:** surface -Data from metatable `_edb_replicator_pub.rrep_publication_tables` -#### Report output +**Security Impact:** *low* — +no known security impact. -File `xdb_rrep_publication_tables.out` +### Oracle-compatibile all table partitions view (`postgresql_epas_all_tab_partitions`) -#### Depth +All partitions of all partitioned tables view (all_tab_partitions, +EPAS specific) -Shallow +Report output: -#### Security impact + * file `epas_all_tab_partitions.out` -Low — No known security impact. +**Depth:** surface -### Database xDB _edb_replicator_pub.rrep_txset table tuples (`postgresql_db_xdb_rrep_txset`) -#### Description +**Security Impact:** *low* — +no known security impact. -Data from metatable `_edb_replicator_pub.rrep_txset` +### Oracle-compatibile all table subpartitioning view (`postgresql_epas_all_tab_subpartitions`) -#### Report output +All subpartitions of all partitioned tables view +(all_tab_subpartitions, EPAS specific) -File `xdb_pub_rrep_txset.out` +Report output: -#### Depth + * file `epas_all_tab_subpartitions.out` -Shallow +**Depth:** surface -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. +### EPAS specific dblink information (`postgresql_epas_dblink`) -## Barman (Backup and Recovery Manager) -### Barman check (`barman_check`) +Current EPAS dblink information from edb_dblink) -#### Description +Report output: -Collects the status of the Barman `check` framework for all configured -servers + * file `epas_dblink.out` -#### Report output +**Depth:** surface -File `/barman/barman_check.data`: Output of `barman check` -#### Depth +**Security Impact:** *low* — +no known security impact. -Surface -#### Security impact +## Barman (Backup and Recovery Manager) +### Barman check (`barman_check`) -Low — No known security impact. +Collect the status of the Barman `check` framework for all configured +servers. -### Barman diagnose (`barman_diagnose`) +Report output: -#### Description + * file `/barman/barman_check.data`: Output of `barman check` -Collects the barman diagnosis information +**Depth:** surface -#### Report output -File `/barman/diagnose.data`: Output from 'barman diagnose' +**Security Impact:** *low* — +no known security impact. -#### Depth +### Barman diagnose (`barman_diagnose`) -Surface +Collect the barman diagnosis information -#### Security impact +Report output: -Low — No known security impact. + * file `/barman/diagnose.data`: Output from 'barman diagnose' -### Barman executable location (`barman_executable`) +**Depth:** surface -#### Description -Collects the barman executable location +**Security Impact:** *low* — +no known security impact. + +### Barman executable location (`barman_executable`) -#### Report output +Collect the 'barman' executable location -File `/barman/barman_location.data`: The path of the main barman executable +Report output: -#### Depth + * file `/barman/barman_location.data`: The path of the main barman executable -Surface +**Depth:** surface -#### Security impact -Low — No known security impact. +**Security Impact:** *low* — +no known security impact. ### Barman module location (`barman_modules_path`) -#### Description +Collect the location of the 'barman' Python modules -Collects the location of the barman Python modules +Report output: -#### Report output + * file `/barman/barman_python_verbose.data`: The list of Barman python modules -File `/barman/barman_python_verbose.data`: The list of Barman python modules +**Depth:** surface -#### Depth -Surface +**Security Impact:** *low* — +no known security impact. -#### Security impact -Low — No known security impact. diff --git a/product_docs/docs/lasso/4/download.mdx b/product_docs/docs/lasso/4/download.mdx deleted file mode 100644 index 4a92584d9cf..00000000000 --- a/product_docs/docs/lasso/4/download.mdx +++ /dev/null @@ -1,29 +0,0 @@ ---- -title: 'Downloading Lasso' ---- - -EDB has developed a small multi-platform application called Lasso that -can safely gather relevant diagnostics data on a system where Postgres -and other relevant supported software, such as Barman, is running. - -EDB distributes the application in a binary form by way of the -[Customer Portal](https://techsupport.enterprisedb.com/) -and grants usage to its customers using their *company token* as a means of authentication. - -!!! Important -Consider Lasso a disposable application. -Always download the application before exporting a report (or a series of -reports), as the application is in continuous deployment mode. -!!! - -To download Lasso for your system, use the -**Lasso** link in the left panel of the Portal. - -Unless your company requested a version of Lasso for -an isolated network system, without external access to EnterpriseDB's -infrastructure, you can upload the produced tarball -directly through Lasso using the `--upload` option. For more information, see [Servers accepting upload of reports](appendix-a). - -Alternatively, you can attach the report to a specific support ticket -through the Portal or use the **Support operations > Upload report** menu -from your company's page. diff --git a/product_docs/docs/lasso/4/index.mdx b/product_docs/docs/lasso/4/index.mdx index 5e21619ec54..d945e79ba20 100644 --- a/product_docs/docs/lasso/4/index.mdx +++ b/product_docs/docs/lasso/4/index.mdx @@ -1,47 +1,38 @@ --- title: Lasso navigation: -- "#Phase 1" -- unsupervised -- download -- linux -- windows -- common -- "#Phase 2" -- supervised -- "#Phase 3" +- release-notes +- install +- usage +- configuration +- security +- report-types - return -- troubleshooting - collected-data - describe - appendix-a --- -A *Lasso report* is the first step of any evaluation and assessment -process delivered by EDB on existing installations of Postgres -or related tools, including **supportability checks**, **health checks**, -and **incident response investigations**. +EDB has developed a small multi-platform application called Lasso that +can safely gather relevant diagnostics data on a system where Postgres +and other relevant supported software, such as Barman, is running. -You can generate it both in an [_automated_](unsupervised) -and in a [_supervised_](supervised) way. +You can also run Lasso on systems where Postgres isn't +installed to gather all relevant information regarding the +underlying operating system. -Some information can be gathered through automated -tools in a noninvasive way, in phase 1 of the Lasso report. -Some other information isn't automatically detected -(at least in a noninvasive way). You must communicate it -as part of the Lasso report, in phase 2. - -After you return the gathered information to EDB -engineers in phase 3, EDB proceeds with data analysis. -Then comes either: - -- An offer, in the case of an initial assessment -- A final report assessing the status and -the _health_ of your Postgres server, in the case of a health check -service +Consult the specific information for your operating system. !!! Important -You must provide EDB with all relevant -information about the underlying system to check, -in particular network and hardware configurations. +Lasso can't affect your data. It gathers +statistics and diagnostics information from your Postgres server, +with imperceptible effects on the workload. *No actual data* from +the rows of your Postgres user tables is gathered. [^1] !!! + +[^1]: Gathered diagnostics data files are available for your inspection. + +Lasso is crucial for Support Operations because it allows EDB's +engineers to have a centralized and standardized source of information +about your system, greatly improving our resolution times and quality of +services. diff --git a/product_docs/docs/lasso/4/install.mdx b/product_docs/docs/lasso/4/install.mdx new file mode 100644 index 00000000000..df384f28d8f --- /dev/null +++ b/product_docs/docs/lasso/4/install.mdx @@ -0,0 +1,134 @@ +--- +title: Installing Lasso +--- + +EDB distributes the application through the +[EDB Website](https://www.enterprisedb.com/software-downloads-postgres) +and grants usage to its customers using their *company token* as a means of +authentication. + + +## Linux + +You can install Lasso on any major supported Linux distribution by following +the corresponding Linux installation option for your system from the +[EDB Website Downloads](https://www.enterprisedb.com/software-downloads-postgres), +or directly from the +[EDB repositories for Linux page](https://www.enterprisedb.com/repos), +choosing Lasso and following the installation instructions. + +After installing the EDB repository for your subscription on your system, +you will be able to install Lasso on Linux using the package manager tool +for your Linux distribution, for example, including but not limited to: + +- Debian / Ubuntu: + +``` + apt install edb-lasso +``` + +- RHEL / CentOS / Oracle Linux 7: + +``` + yum install edb-lasso +``` + +- RHEL / Rocky / AlmaLinux / Oracle Linux 8+: + +``` + dnf install edb-lasso +``` + +If you system has access to the Internet, then installing the `edb-lasso` +package using your package manager will already automatically install the +Lasso dependencies, which are: + +- `python3` +- `python3-psycopg2` +- `python3-setuptools` +- `python3-psutil` + +If your system does not have access to the Internet, then these dependencies +need to be downloaded and installed manually. Consult EDB Support for more +details. + + +## Windows + +Lasso for Windows is a single-file binary executable called +`lasso-windows-X.Y.Z.exe`, where `X.Y.Z` is the current Lasso version, which +can be downloaded from the +[EDB Website Downloads page](https://www.enterprisedb.com/software-downloads-postgres). + +On Windows, Lasso doesn't require installing any dependencies, but Lasso +can only run on Windows Server 2008 R2 or newer. + + +## Configuration file + +If you try to run Lasso without a configuration file, it will error out +with: + +``` + ERROR: no configuration file for Lasso could be found. Please create a configuration file and try again. +``` + +Lasso requires a configuration file, which can be one of the following +options (it uses the first match): + +1. `./edb-lasso.cfg` in the same directory where Lasso is running +2. `./edb-lasso.conf` in the same directory where Lasso is running +3. `$HOME/.edb-lasso.conf` +4. `/etc/edb-lasso.conf` + +The minimum configuration file should look like this: + +``` +[customer] +id=XXXXX +token=YYYYYYYYY +``` + +Replacing the `id` and `token` above with the information found in your +company page in the Support Portal (in the left menu bar, click on +`Company info` then click on `Company`). The `Company code` from the page +should be filled in the `id` field in the configuration file, and the +`Token` from the page should be filled in the `token` field in the +configuration file. + +!!! Important +A configuration file for Lasso is mandatory, at least +with the customer id and token. +!!! + +For more details about the Lasso configuration, see +[Configuration](configuration). + + +## Executing Lasso + +After installing Lasso and creating an appropriate configuration file, +then a standard Lasso execution on Linux consists of simply: + +``` + lasso +``` + +On Windows, in order to run Lasso, you need to do the following: + +1. In the Start Menu, search for "cmd"; +2. Right-click the "Command Prompt" and choose "Run as administrator"; +3. If Windows asks whether you allow "Command Prompt" to do changes in the system, click "Yes"; +4. Inside the "Command Prompt", `cd` to the directory where the Lasso `.exe` file is located; +4. Execute the command "lasso-windows-X.Y.Z.exe", where `X.Y.Z` is the Lasso version: + +``` + lasso-windows-X.Y.Z.exe -H IP_ADDRESS -p PORT --password PASSWORD DATABASE_NAME USER_NAME +``` + +Alternatively, if you fill the settings under the `postgresql` section +in the configuration file telling Lasso how to connect to Postgres, then +you can execute Lasso from the Windows explorer by right-clicking on the +`.exe` file, then choosing `Run as administrator`. + +For more details on the many Lasso options, see [Usage](usage). diff --git a/product_docs/docs/lasso/4/release-notes.mdx b/product_docs/docs/lasso/4/release-notes.mdx new file mode 100644 index 00000000000..9a15e9573ec --- /dev/null +++ b/product_docs/docs/lasso/4/release-notes.mdx @@ -0,0 +1,183 @@ +--- +title: Release notes +--- + +# Lasso - Version 4.11.0 (2023-12-14) + +## New features + +- Implement EPAS and 2ndQPG flavour detection (DC-875) +- Gathering EPAS Catalog - Views related to partitioned tables in Oracle syntax (DC-266) +- Support for PostgreSQL 16 (DC-887) +- Add support for RHEL9 (DC-802, DC-803) + +## Bug fix + +- Fix situation when `ls pg_data` command takes much time to complete (when number of files is extremely large). Adding +a default `timeout` of `120s` for this cases. (DC-845) + + +## Lasso - Version 4.10.0 (2023-11-07) + +### New features + +- Implement a new feature (filelock) to not rely on an EPEL dependency (DC-863) + +### Deprecation notes + +- Deprecate Ubuntu Bionic (18.04) as it is EOL since June 2023 (DC-877) + + +## Lasso - Version 4.9.0 (2023-10-17) + +### New features + +- Include the limits for the postmaster process (DC-162) +- Add progress reporting views (DC-170) +- Add waits profiling via pg_stat_activity (DC-841) + +### Bug fix + +- Fix issue related to the report filename when the hostname is a socket path (DC-769) +- Fix issue for the SET ROLE syntax (DC-842) +- Fix issue on Hostname from config file (DC-864) + + +## Lasso - Version 4.8.0 (2023-07-06) + +### New features + +- Add support for PGD Proxy: + - New option `--pgd-proxy-configuration` for custom installations of pgd-proxy (Default: + `/etc/edb/pgd-proxy/pgd-proxy-config.yml`) (DC-696); + - Collect the contents of the PGD Proxy configuration file (DC-697); + - Collect the output of systemctl status pgd-proxy (DC-698). + - Collect the output of systemctl cat pgd-proxy (DC-699). + + +## Lasso - Version 4.7.0 (2023-06-01) + +### New features + +- Collect output of `systemd-detect-virt` (DC-76); +- Collect the output of `lsmod` (DC-197); +- Collect the content of `harp.cluster.init.yml` (DC-628). + +### Security fixes + +- Redaction of password for Lasso with `--password` seen in `ps` and `top` outputs (DC-627). + +### Other bug fixes + +- Fix a bug where it wasn't possible to run `lasso --help` without a configuration file (DC-490). + + +## Lasso - Version 4.6.0 (2022-12-06) + +### New feature + +- Lasso packages open to all customers through EnterpriseDB repository (https://www.enterprisedb.com/repos) (DC-443) + +### Improvements + +- Updated the [main Lasso Knowledge Base article](https://techsupport.enterprisedb.com/kb/a/support-lasso/) to reflect the installation from packages and the configuration file (KB-54) + +### Bug fix + +- Improve Debian/Ubuntu packages to comply with the Lintian (DC-435) + + +## Lasso - Version 4.5.0 (2022-11-15) + +### Improvements + +- Support for PostgreSQL 15 (DC-428) +- Improved execution on situations where there is a short timeout or when Lasso is executed on the standby (DC-169). + + +## Lasso - Version 4.4.0 (2022-09-22) + +### Improvements + +- Collect output of `pg_shmem_allocations` in PG >= 13 (DC-195) +- Document options for `edb-lasso.conf` (DC-308) + + +## Lasso - Version 4.3.0 (2022-08-25) + +### Improvements + +- Lasso support for `etcd` (DC-367, DC-371, DC-370, DC-369, DC-368) + +### Bug + +- Gather databases and tablespaces sizes regardless of `CONNECT` privilege (DC-325) + + +## Lasso - Version 4.2.0 (2022-05-18) + +### Improvements + +- Collect systemd information for HARP (DC-331) +- Collect configuration files included in pgbouncer.ini (DC-322) +- Allow the user to specify custom paths to pgbouncer configuration files (DC-321) +- Gather etcdctl endpoint commands, if this is the consensus database (DC-309) +- Add an option to lasso to specify a different path for harp's config.yml (DC-306) +- Helper function to get harp configuration file (DC-305) +- Get harpctl outputs (DC-304) +- Get HARP config.yml (DC-303) +- Identify all the pgbouncer instances on the node (DC-157) +- Collect systemctl output for pgbouncer (DC-156) +- Collect pgbouncer.ini configuration file (DC-151) + +### Other changes + +- Fix SLES smoke tests which are failing (DC-349) +- Add support for Ubuntu 22.04 (DC-284) + +### Bug + +- Redact sslpassword (DC-348) + + +## Lasso - Version 4.1.1 (2022-05-10) + +### Bug + +- Remove the psycopg2-binary warning from the bundle execution + + +## Lasso - Version 4.1.0 (2022-05-03) + +### Improvements + +- Build PPC64le Lasso bundle (DC-276) +- Add `.exe` extension to Windows artifacts (DC-285) + +### Other changes + +- Add smoke tests for Almalinux 8 (x86_64) (DC-294) +- Add smoke tests for RHEL (x86_64 and PPC64le) (DC-295) +- Add smoke tests for SLES 12 (x86_64 and PPC64le) (DC-296) +- Add smoke tests for SLES 15 (x86_64 and PPC64le) (DC-297) + +### Bug + +- Lasso was unable to use MD5 hashing of tarball in FIPS enable systems (DC-310) + + +## Lasso - Version 4.0.0 (2022-03-30) + +### Features + +- Rebranding of Data Collector to Lasso, the diagnostic tool from EDB + - Update of Copyright notes (DC-239) + - Update license on all files (DC-228) + - Change the name of the bundle to reflect the new brand of the tool (DC-208) + - The generated output tarball now has the new brand and is identified with EDB (DC-49) + - The connection Lasso creates to the database now sets the `application_name` + to `edb-lasso` to identify the process Lasso is running (DC-222) + - Update the documentation to reflect the new brand name (DC-184) +- Add a report that gathers output from `pg_replication_origin_status` to help with +logical replication diagnostics (this includes native logical replication and others like +BDR or xDB) (DC-232) diff --git a/product_docs/docs/lasso/4/linux.mdx b/product_docs/docs/lasso/4/report-types.mdx similarity index 59% rename from product_docs/docs/lasso/4/linux.mdx rename to product_docs/docs/lasso/4/report-types.mdx index 2b83f5c6822..e08bd6cdf4f 100644 --- a/product_docs/docs/lasso/4/linux.mdx +++ b/product_docs/docs/lasso/4/report-types.mdx @@ -1,15 +1,15 @@ --- -title: Linux systems +title: Report types --- -## Requirements +## Local/Full PostgreSQL report -Glibc 2.5 or newer +This type of report is useful when the server has a PostgreSQL cluster +which is up, running and accessible. Besides all information that is +gathered in the system only report, it will also gather configurations +and metrics from the PostgreSQL instance. - -## Postgres and BDR3 report - -As the user postgres, copy the Lasso binary into a folder. +For this you need to run Lasso as the `postgres` or `enterprisedb` user. !!! Important The same user that runs the Postgres server process must run the command. @@ -20,61 +20,116 @@ in the current working directory. A standard Lasso run consists of: ``` - ./lasso + lasso ``` -Lasso writes the output file in the current working directory. +By default, Lasso tries to connect using Unix sockets, the default +Postgres port (5432), the default database and user name (`postgres`), +but you can specify different values in the command line like this: + +``` + lasso -p PORT DATABASE_NAME USER_NAME +``` -!!! Warning -Lasso needs to execute files from the -temporary directory. If your system temporary directory is mounted -with the `noexec` flag, the following error occurs: +If a password is required, Lasso will ask for a password, but you can +specify a password using the `PGPASSWORD` environment variable: ``` - ./lasso: error while loading shared libraries: - libz.so.1: failed to map segment from shared object: - Operation not permitted + PGPASSWORD=xxxx lasso -p PORT DATABASE_NAME USER_NAME ``` -In that case, you can specify a different temporary file location -using the `TMPDIR` environment variable: +By default Lasso looks for a Unix socket under `/var/run/postgresql/`, +but you can specify any socket listed by +`SHOW unix_socket_directories` using the `-H` argument. For example, +usually a Lasso report for the EnterpriseDB Advanced Server is +gathered with: + ``` - TMPDIR=/some/alternate/tmp/location ./lasso` + lasso -H /tmp -p 5444 edb ``` -!!! + +On Windows, typically you run Lasso like this: + +``` + lasso-windows-X.Y.Z.exe -H IP_ADDRESS -p PORT --password PASSWORD DATABASE_NAME USER_NAME +``` + +For a list of all command line arguments detailed in [Usage](usage), +run: + +``` + lasso --help +``` + +Postgres settings can be specified in the Lasso configuration file, +under the `postgresql` setting. For more details see +[Configuration](configuration). !!! Important When run on a local instance, Lasso -requires a user that belongs to the pg_monitor role, which is available +requires a user that belongs to the `pg_monitor` role, which is available in Postgres 10 and later. Before 10, you must run as a superuser. For more information, see -[Default Roles](https://www.postgresql.org/docs/current/default-roles.html)in the PostgreSQL documentation. +[Default Roles](https://www.postgresql.org/docs/current/default-roles.html) in the PostgreSQL documentation. !!! Lasso transparently gathers information related to all supported versions of EDB Postgres Distributed (PGD) and pglogical. + +## Remote/Database-only PostgreSQL report + +If you need to gather data from a remote PostgreSQL instance, you can +run a remote PostgreSQL report. + +As explained in the previous section, you can change the connection +string parameters of Lasso. For example, to gather a PostgreSQL report +from a remote server located in the IP 192.168.0.10, running on port +5433, you could invoke Lasso from another server as below: + +``` + lasso -H 192.168.0.10 -p 5433 +``` + +This type of report will bring only PostgreSQL related info from the +PostgreSQL instance that Lasso was connected to. It means it will not +be able to gather files like `postgresql.conf` and `pg_hba.conf`, nor +will it be able to gather configurations and metrics from the underlying +operational system or information from PostgreSQL related tools, like EFM +configuration files. Having that in mind, it's always preferable running a +local PostgreSQL report, if possible. + +!!! Important +This is the only option you have to gather PostgreSQL information +from an instance hosted on a DBaaS provider such as EDB Big Animal or +Amazon RDS. +!!! + +!!! Important +This is the only option you have to gather PostgreSQL information +from an instance running under Kubernetes. +!!! + + ## Barman report Lasso can run on systems where Barman is installed. In that case, it gathers Barman-related information, as well as system information, that helps during analysis. -As the user barman, copy the Lasso binary into a folder. - !!! Important You must run the command as the same user that runs the Barman process, and you must have enough permission to write in the current working directory. If you installed Barman using RPM/DEB packages, -Barman is configured to run as the user barman. +Barman is configured to run as the `barman` user. !!! -The Barman report is enabled by default if Lasso runs as the barman user -and looks for configuration files in the expected locations, typically `/etc/barman.conf`. -Enter `man 5 barman` for details. +The Barman report is enabled by default if Lasso runs as the `barman` user +and looks for configuration files in the expected locations, typically +`/etc/barman.conf`. See `man 5 barman` for details. In general, if you installed Barman using EDB-certified RPM and DEB -packages, all you need to do is execute Lasso as the barman user. +packages, all you need to do is execute Lasso as the `barman` user. ### Managing custom installations of Barman @@ -82,16 +137,17 @@ If you have custom installations of Barman, you can enable the barman report by passing the `--barman` option to Lasso: ``` - ./lasso --barman + lasso --barman ``` -You can also point to a specific global configuration file by using the `--barman-configuration` -option as follows: +You can also point to a specific global configuration file by using the +`--barman-configuration` option as follows: ``` - ./lasso --barman-configuration /opt/barman/barman.conf + lasso --barman-configuration /opt/barman/barman.conf ``` + ## Replication Manager (repmgr) report Lasso can run on systems where repmgr is installed. In that @@ -120,16 +176,17 @@ as it does in approach 2, and uses the first match. ### Managing custom installations of repmgr -You can point to a specific repmgr configuration file by using the `--repmgr-configuration` -option as follows: +You can point to a specific repmgr configuration file by using the +`--repmgr-configuration` option as follows: ``` - ./lasso --repmgr-configuration /opt/repmgr/repmgr.conf + lasso --repmgr-configuration /opt/repmgr/repmgr.conf ``` This approach is preferred, as it guarantees Lasso will use the correct repmgr configuration file instead of trying to find it automatically. + ## Postgres Enterprise Manager (PEM) report Lasso can run on systems where PEM is installed. In that @@ -140,6 +197,7 @@ Lasso inspects the well-known paths for configuration files, as well as well-known service names. If you have custom PEM installations, Lasso doesn't gather the related information. + ## Failover Manager (EFM) report Lasso can run on systems where EFM is installed. In that @@ -172,16 +230,17 @@ file that it finds. ### Managing custom installations of EFM -You can point to a specific EFM configuration file by using the `--efm-configuration` -option, as follows: +You can point to a specific EFM configuration file by using the +`--efm-configuration` option, as follows: ``` - ./lasso --efm-configuration /opt/EFM/efm.properties + lasso --efm-configuration /opt/EFM/efm.properties ``` This approach is preferred, as it guarantees Lasso will use the correct EFM configuration file instead of trying to find it automatically. + ## Replication Server (xDB) report Lasso can run on systems where xDB is installed. In that @@ -195,6 +254,8 @@ bitrock installer, all you need to do is execute Lasso. Lasso uses the following approach while trying to identify the xDB configuration files. It uses the first one it finds. +On Linux: + 1. Use the ones provided through the `--xdb-pubserver-configuration` and `--xdb-subserver-configuration` options, if given. 2. Check the paths provided by xDB 7 RPM package and bitrock installer. The @@ -208,11 +269,26 @@ respectively. Lasso inspects these folders and, if they exist, uses the case of RPM packages, as there can be a lot of folders, they're inspected from newest XDB version to oldest. +On Windows: + +1. Use the ones provided through `--xdb-pubserver-configuration` and +`--xdb-subserver-configuration` options, if given. +2. Check the paths provided by xDB 7 packages. The configuration files are usually +put under `:\Program Files\edb\EnterpriseDB-xDBReplicationServer\etc`. +Lasso inspects this folder, if it exists, and uses the `xdb_pubserver.conf` and +`xdb_subserver.conf` files found under that folder. +3. Check the paths provided by xDB 7 packages. The configuration files are usually +put under `:\Program Files\PostgreSQL\EnterpriseDB-xDBReplicationServer\etc`. +Lasso inspects this folder, if it exists, and uses the `xdb_pubserver.conf` +and `xdb_subserver.conf` files found under that folder. + ### How Lasso finds the xDB binary Lasso uses the following approach while trying to identify the xDB binary file. It uses the first one it finds. +On Linux: + 1. Check the paths provided by xDB 7 RPM package and bitrock installer. The binary files are usually put under `/etc/edb/xdb/bin`. Lasso inspects this folder, if it exists, and uses the `edb-repcli.jar` file found under that @@ -223,19 +299,39 @@ respectively. Lasso inspects these folders and, if they exist, uses the `edb-repcli.jar` file found under the folder. In the case of RPM packages, as there can be a lot of folders, they're inspected from newest XDB version to oldest. -### Managing custom installations of EFM +On Windows: + +1. Check the paths provided by xDB 7 packages. The binary files are usually +put under `:\Program Files\edb\EnterpriseDB-xDBReplicationServer\bin`. +Lasso inspects this folder, if it exists, and uses the `edb-repcli.jar` file found +under that folder. +2. Check the paths provided by xDB 7 packages. The binary files are usually +put under `:\Program Files\PostgreSQL\EnterpriseDB-xDBReplicationServer\bin`. +Lasso inspects this folder, if it exists, and uses the `edb-repcli.jar` +file found under that folder. + +### Managing custom installations of xDB You can point to a specific xDB publication or subscription server configuration file by using the `--xdb-pubserver-configuration` and `--xdb-subserver-configuration` options, as follows: +On Linux: + +``` + lasso --xdb-pubserver-configuration /opt/xDB/pubserver.conf --xdb-subserver-configuration /opt/xDB/subserver.conf +``` + +On Windows: + ``` - ./lasso --xdb-pubserver-configuration /opt/xDB/pubserver.conf --xdb-subserver-configuration /opt/xDB/subserver.conf + lasso-windows-X.Y.Z.exe --xdb-pubserver-configuration C:\\xDB\pubserver.conf --xdb-subserver-configuration C:\\xDB\subserver.conf ``` This approach is preferred, as it guarantees Lasso will use the correct xDB configuration files instead of trying to find it automatically. + ## PgBouncer report Lasso can run on systems where PgBouncer is installed. In that @@ -257,6 +353,7 @@ detect the configuration file from the process list. Lasso collects information from all identified PgBouncer instances. + ## HARP report Lasso can run on systems where HARP is installed. In that @@ -279,7 +376,7 @@ You can point to a specific HARP configuration file by using the `--harp-configu option, as follows: ``` - ./lasso --harp-configuration /opt/harp/config.yml + lasso --harp-configuration /opt/harp/config.yml ``` This approach is preferred, as it guarantees Lasso will use @@ -293,6 +390,43 @@ intended only as a proxy for connections coming in from the applications. When using Lasso to gather information from a HARP proxy node, you must use the `--system-only` option so it doesn't try to connect to the database server. + +## PGD Proxy report + +Lasso can be run on systems where PGD Proxy is installed. In that +case, it will gather PGD Proxy related information. + +In general, if you have installed PGD Proxy using EDB certified RPM and DEB +packages, all you need to do is execute Lasso. + +### How Lasso finds the PGD Proxy configuration file + +Lasso will use the below approach while trying to identify the PGD Proxy +configuration file, and will use the first one which is found: + +1. Use the one provided through `--pgd-proxy-configuration` option, if given +2. Check if `/etc/edb/pgd-proxy/pgd-proxy-config.yml` file exists + +### Managing custom installations of PGD Proxy + +You can point to a specific PGD Proxy configuration file, by using the +`--pgd-proxy-configuration` option, as follows: + + lasso --pgd-proxy-configuration /opt/pgd-proxy/config.yml + +This is actually the preferred approach, as it guarantees Lasso will use +the correct PGD Proxy configuration file instead of trying to find it automatically. + +### Running Lasso on a PGD Proxy node + +There are cases where the PGD Proxy nodes do not have a Postgres/EPAS service running +on them, as they are only intended as a proxy for connections coming in from the +applications. + +When using Lasso to gather information from a standalone PGD Proxy node you will have +to use the `--system-only` option so it doesn't try to connect to the database server. + + ## etcd report Lasso can run on systems where etcd is installed. In that @@ -316,5 +450,12 @@ regarding the underlying operating system. You can run a system-only report with the following command: ``` - ./lasso --system-only + lasso --system-only ``` + +!!! Important +Despite the argument being called `--system-only`, in this mode, +Lasso actually gathers information about all the aforementioned tools, +except PostgreSQL/EPAS and Barman. +!!! + diff --git a/product_docs/docs/lasso/4/return.mdx b/product_docs/docs/lasso/4/return.mdx index 81423e0a078..17c8468e894 100644 --- a/product_docs/docs/lasso/4/return.mdx +++ b/product_docs/docs/lasso/4/return.mdx @@ -2,11 +2,20 @@ title: Returning the Lasso report --- -The Lasso report on a single instance ends -when you return the following information -to your contact person at EDB: - -1. The TAR files from phase 1 by uploading them in the Portal - using the **Upload report** menu or as a specific ticket attachment -2. A document containing the answers to the questions from phase 2 - by uploading it in the Portal in the **My Documents** section +The script produces a _TAR file_ in the same directory where you +executed Lasso, containing the gathered data: this is the +"Lasso report". + +You can also use Lasso on a server that has no +Postgres installation. In that case, use the +`--system-only` option, and the _TAR file_ produced will contain only +system-related information. + +Unless you are running Lasso on an isolated network system, without +external access to EnterpriseDB's infrastructure, you can upload the +produced tarball directly through Lasso using the `--upload` option. For +more information, see [Servers accepting upload of reports](appendix-a). + +Alternatively, you can attach the report to a specific support ticket +through the Portal or use the **Support operations > Upload report** menu +from your company's page. diff --git a/product_docs/docs/lasso/4/security.mdx b/product_docs/docs/lasso/4/security.mdx new file mode 100644 index 00000000000..ca960492370 --- /dev/null +++ b/product_docs/docs/lasso/4/security.mdx @@ -0,0 +1,35 @@ +--- +title: Security considerations +--- + +When running queries in the database, Lasso tries to use a role that +has enough privileges to gather the required information from the tool from which metrics are being gathered. + +The following are the tools and the roles that Lasso tries to use for +each of them. Lasso tries to use the first available role in each +tool role list. *Initial connection role* means the role that was provided through Lasso CLI when running the +tool—usually `postgres` or `enterprisedb`. + +- PostgreSQL: + - `pg_monitor` + - initial connection role +- PgLogical: + - `pglogical_superuser` + - initial connection role +- PGD: + - `bdr_monitor` + - initial connection role +- PEM: + - `pem_user` + - initial connection role +- Repmgr: + - initial connection role +- xDB: + - initial connection role + +Most of the PGD gatherings try using the `bdr_monitor` role. However, one of +them, which is in charge of gathering conflicts, tries to use the role +`bdr_read_all_conflicts` for that purpose. That's the only exception. + +In any of the cases, it uses a read-only transaction while querying metrics +and configurations from the database. diff --git a/product_docs/docs/lasso/4/supervised.mdx b/product_docs/docs/lasso/4/supervised.mdx deleted file mode 100644 index a22ff072b26..00000000000 --- a/product_docs/docs/lasso/4/supervised.mdx +++ /dev/null @@ -1,60 +0,0 @@ ---- -title: 'Supervised Lasso report generation' ---- - -Lasso can't detect certain information. -You must provide detailed information about the -server running Postgres and the database system architecture, -including business continuity implementations, such as -availability and disaster recovery. - -The following is a non-exhaustive list of questions for your -network, system, and database administrators. -(You might find you need additional information.) - -## General architecture - -- What are the main use cases for your databases? - - Client applications and tools - - Frameworks and programming languages -- What's your current high-availability strategy for Postgres? -- What's your current disaster-recovery strategy for Postgres? - - Describe your backup strategy. - - Is it regularly being tested? - - Do you have dedicated hardware for the recovery and testing of your backups? -- Are you using any connection poolers for Postgres? If yes, which ones? -- What's the network architecture around your database server? - -## Hardware related - -- What's the configuration of the disks? - - Brand and model of the disks - - Brand and model of the controller/interface, where applicable - - Brand and model of any device for disk management (SAN, NAS, and so on), where applicable - - RAID configuration, where applicable - - Configuration of write cache - - Battery status, where applicable - - Multipath configuration, where applicable - - LVM physical volume dump, where applicable -- Is the server protected by a UPS? - -## Software related - -- Is the server virtual? - - Which technology is used for virtualization? -- Software RAID configuration, where applicable -- Are you using any trending/monitoring tools (that is, Cacti, ZenOS, Zabbix, and so on)? -- Are you using any alerting tools (that is, Nagios/Icinga, ZenOS, Zabbix, and so on)? -- Do you use any record-based software for replication in Postgres (that is, Slony, Bucardo, Londiste, and so on)? -- Have you ever used the pg_upgrade tool to upgrade your Postgres server? What - version did you upgrade this way? - -## Amazon Web Services (AWS) - -If you have Postgres on Amazon instances: - -- If using AWS, what's the size of your instances? -- Can you provide information on the regions of the servers? -- Are you using CloudWatch? -- Are you using VPC? -- In case of S3 backups, are you using any encryption for your backups and archives? diff --git a/product_docs/docs/lasso/4/troubleshooting.mdx b/product_docs/docs/lasso/4/troubleshooting.mdx deleted file mode 100644 index 5a6d2c2ba4e..00000000000 --- a/product_docs/docs/lasso/4/troubleshooting.mdx +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Troubleshooting ---- - -For support and assistance on Lasso, refer to your contact person at EDB. diff --git a/product_docs/docs/lasso/4/unsupervised.mdx b/product_docs/docs/lasso/4/unsupervised.mdx deleted file mode 100644 index 2402d2037da..00000000000 --- a/product_docs/docs/lasso/4/unsupervised.mdx +++ /dev/null @@ -1,21 +0,0 @@ ---- -title: "Automated diagnostics gathering" ---- - -The process of automated diagnostics gathering is performed by -a small multi-platform application written in Python. - -You can also run Lasso on systems where Postgres isn't -installed to gather all relevant information regarding the -underlying operating system. - -Consult the specific information for your operating system. - -!!! Important -Lasso can't affect your data. It gathers -statistics and diagnostics information from your Postgres server, -with imperceptible effects on the workload. *No actual data* from -the rows of your Postgres user tables is gathered. [^1] -!!! - -[^1]: Gathered diagnostics data files are available for your inspection. diff --git a/product_docs/docs/lasso/4/usage.mdx b/product_docs/docs/lasso/4/usage.mdx new file mode 100644 index 00000000000..99dba37c3a1 --- /dev/null +++ b/product_docs/docs/lasso/4/usage.mdx @@ -0,0 +1,103 @@ +--- +title: Usage +--- + +Lasso uses the `libpq` environment variables to get the +Postgres connection parameters. You can find the list of the environment +variables in the [PostgreSQL +documentation](http://www.postgresql.org/docs/current/static/libpq-envars.html). + +The connection parameters, among other options, can also be passed as command +line arguments: + +``` +usage: lasso [-h] [-H HOST_NAME] [-p PORT] [--password PASSWORD] + [--lock-timeout LOCK_TIMEOUT] + [--statement-timeout STATEMENT_TIMEOUT] [--bindir BINDIR] + [--depth [{surface,shallow,deep}]] + [--describe [{short,json,full}]] [--version] [--latest-version] + [--system-only | --barman] + [--barman-configuration BARMAN_CONFIGURATION] + [--repmgr-configuration REPMGR_CONFIGURATION] + [--efm-configuration EFM_CONFIGURATION] + [--xdb-pubserver-configuration XDB_PUBSERVER_CONFIGURATION] + [--xdb-subserver-configuration XDB_SUBSERVER_CONFIGURATION] + [--pgbouncer-configuration PGBOUNCER_CONFIGURATION] + [--harp-configuration HARP_CONFIGURATION] + [--etcd-configuration ETCD_CONFIGURATION] + [--pgd-proxy-configuration PGD_PROXY_CONFIGURATION] + [--upload] [--keep-report] [--is-latest-version] + [dbname] [user] + +EDB Lasso + +positional arguments: + dbname Database name to connect to (default root) + user Database user name (default root) + +optional arguments: + -h, --help show this help message and exit + -H HOST_NAME, --host-name HOST_NAME + Database host name or socket directory (default local + socket) + -p PORT, --port PORT Database server port (default 5432) + --password PASSWORD Database server password + --lock-timeout LOCK_TIMEOUT + Database connection lock timeout (default 3s) + --statement-timeout STATEMENT_TIMEOUT + Database connection statement timeout (default 5min) + --bindir BINDIR PostgreSQL binaries directory (autodetect by default) + --depth [{surface,shallow,deep}] + Depth of the report (default deep) + --describe [{short,json,full}] + Describes every single module, in terms of action and + output + --version Shows Lasso version and modules revision + --latest-version Shows the latest available version of EDB Lasso, taken + from the EDB Web Services + --system-only Gather only system-related information - without + requiring a PostgreSQL connection + --barman Gather Barman status, enabled by default when Lasso is + run as 'barman' user and the executable exists. + Defaults to False. When Barman reporting is enabled, + we do not gather PostgreSQL related information + --barman-configuration BARMAN_CONFIGURATION + Barman configuration file. By default use the native + algorithm in Barman to find the configuration file. + Valid only if Barman reporting is enabled + --repmgr-configuration REPMGR_CONFIGURATION + Path to the repmgr.conf file, if using a non-default + path + --efm-configuration EFM_CONFIGURATION + Path to the EFM properties file, if using a non- + default path + --xdb-pubserver-configuration XDB_PUBSERVER_CONFIGURATION + Path to the xDB publication server configuration file, + if using a non-default path + --xdb-subserver-configuration XDB_SUBSERVER_CONFIGURATION + Path to the xDB subscription server configuration + file, if using a non-default path + --pgbouncer-configuration PGBOUNCER_CONFIGURATION + Path to the pgbouncer.ini file. You can specify multiple + files separated by comma + --harp-configuration HARP_CONFIGURATION + Path to the config.yml file, if using a non-default + path + --etcd-configuration ETCD_CONFIGURATION + Path to the etcd.conf file, if using a non-default + path + --pgd-proxy-configuration PGD_PROXY_CONFIGURATION + Path to the pgd-proxy-config.yml file, if using a + non-default path + --upload Report tarball file is sent to EDB at the end of the + execution. The file will be removed if successfully + uploaded unless --keep-report is specified + --keep-report Keep a local copy of the report even after a + successful upload to EDB + --is-latest-version Only check if this is the latest available version of + Lasso and returns exit code 0 if this is the latest + version and 1 otherwise +``` + +You can see more details about how each of these arguments are used in the +[Lasso report types page](report-types). diff --git a/product_docs/docs/lasso/4/windows.mdx b/product_docs/docs/lasso/4/windows.mdx deleted file mode 100644 index ed8f789178f..00000000000 --- a/product_docs/docs/lasso/4/windows.mdx +++ /dev/null @@ -1,102 +0,0 @@ ---- -title: Windows systems ---- - -## Requirements - -Windows Server 2008 r2 or newer - -## Usage - -Expand the distribution zip file in a folder. - -A standard Lasso run consists of: - -``` - lasso.exe -``` - -!!! Important -The process must run in an elevated environment, -such as an elevated command prompt or with the *Run as administrator** context menu option. -!!! - -Lasso writes the output file in the working directory. - -!!! Important -Lasso is distributed as a 64-bit executable. -!!! - -## Postgres Enterprise Manager (PEM) report - -Lasso can run on systems where PEM is installed. In that -case, it also gathers PEM-related information, like some configuration -files and information about services. - -Lasso inspects the well-known paths for configuration files, -as well as well-known service names. If you have custom PEM installations, -Lasso doesn't gather the related information. - - -## Replication Server (xDB) report - -Lasso can run on systems where xDB is installed. In that -case, it gathers xDB-related information. - -In general, if you installed xDB using EDB-certified packages, all you -need to do is execute Lasso. - -### How Lasso finds the xDB configuration file - -Lasso uses the following approach while trying to identify the xDB -configuration files. It uses the first one it finds: - -1. Use the ones provided through `--xdb-pubserver-configuration` and -`--xdb-subserver-configuration` options, if given. -2. Check the paths provided by xDB 7 packages. The configuration files are usually -put under `:\Program Files\edb\EnterpriseDB-xDBReplicationServer\etc`. -Lasso inspects this folder, if it exists, and uses the `xdb_pubserver.conf` and -`xdb_subserver.conf` files found under that folder. -3. Check the paths provided by xDB 7 packages. The configuration files are usually -put under `:\Program Files\PostgreSQL\EnterpriseDB-xDBReplicationServer\etc`. -Lasso inspects this folder, if it exists, and uses the `xdb_pubserver.conf` -and `xdb_subserver.conf` files found under that folder. - -### How Lasso finds the xDB binary - -Lasso uses the following approach while trying to identify the xDB -binary files. It uses the first one it finds: - -1. Check the paths provided by xDB 7 packages. The binary files are usually -put under `:\Program Files\edb\EnterpriseDB-xDBReplicationServer\bin`. -Lasso inspects this folder, if it exists, and uses the `edb-repcli.jar` file found -under that folder. -2. Check the paths provided by xDB 7 packages. The binary files are usually -put under `:\Program Files\PostgreSQL\EnterpriseDB-xDBReplicationServer\bin`. -Lasso inspects this folder, if it exists, and uses the `edb-repcli.jar` -file found under that folder. - -### Managing custom installations of EFM - -You can point to a specific xDB publication or subscription server configuration -file by using the `--xdb-pubserver-configuration` and `--xdb-subserver-configuration` -options, as follows: - -``` - lasso.exe --xdb-pubserver-configuration C:\\xDB\pubserver.conf --xdb-subserver-configuration C:\\xDB\subserver.conf -``` - -This approach is preferred, as it guarantees Lasso will use -the correct xDB configuration files instead of trying to find it automatically. - -### System-only report - -Lasso can also run on systems where Postgres isn't -installed to gather all relevant information regarding the -underlying operating system. - -You can run a system-only report with the following command: - -``` - lasso.exe --system-only -``` \ No newline at end of file diff --git a/product_docs/docs/pgd/5/reference/commit-scopes.mdx b/product_docs/docs/pgd/5/reference/commit-scopes.mdx index 19be9ee301a..7253a2cd97b 100644 --- a/product_docs/docs/pgd/5/reference/commit-scopes.mdx +++ b/product_docs/docs/pgd/5/reference/commit-scopes.mdx @@ -7,7 +7,7 @@ rootisheading: false deepToC: true --- -Commit scopes are rules which determine how transaction commits and conflicts are handled within a PGD system. +Commit scopes are rules which determine how transaction commits and conflicts are handled within a PGD system. You can read more about them in the [Durability](/pgd/latest/durability) section. Commit scopes are manipulated by the [`bdr.add_commit_scope`](/pgd/latest/reference/functions#bdradd_commit_scope), [`bdr.alter_commit_scope`](/pgd/latest/reference/functions#bdralter_commit_scope) and [`bdr.remove_commit_scope`](/pgd/latest/reference/functions#bdrremove_commit_scope) functions. diff --git a/product_docs/docs/tpa/23/reference/bdr.mdx b/product_docs/docs/tpa/23/reference/bdr.mdx index a9980ca1609..3a2be32508d 100644 --- a/product_docs/docs/tpa/23/reference/bdr.mdx +++ b/product_docs/docs/tpa/23/reference/bdr.mdx @@ -144,7 +144,7 @@ is mentioned in `bdr_node_groups`), it will join that group instead of ### bdr_commit_scopes This is an optional list of -[commit scopes](https://www.enterprisedb.com/docs/pgd/latest/durability/group-commit/) +[commit scopes](https://www.enterprisedb.com/docs/pgd/latest/reference/commit-scopes/) that must exist in the PGD database (available for PGD 4.1 and above). ```yaml