Monitoring an AWS RDS database (using PostgreSQL as database engine) is not particularly difficult. The most important points can be checked with check_postgres.pl. This monitoring plugin is already part of the Icinga2 ITL definition and can be used (in a standard setup) using the check "postgres".
An example to monitor the number of connections on a DB:
# check postgres connections
object Service "Postgres Connections" {
import "service-5m-normal"
host_name = "aws-rds"
check_command = "postgres"
vars.postgres_host = "myfancypgsql.XXXXXXXXXXXX.eu-west-1.rds.amazonaws.com"
vars.postgres_dbuser = "mydbuser"
vars.postgres_dbpass = "mydbpass"
vars.postgres_dbname = "mydbname"
vars.postgres_action = "backends"
}
This results in the following output:
POSTGRES_BACKENDS OK: DB "mydbname" (host:myfancypgsql.XXXXXXXXXXXX.eu-west-1.rds.amazonaws.com) 4 of 648 connections (1%)
But certain checks require special attention. One of them is the plugin's action "database_size". This action checks all databases running on the target host for their current size and compare the size against thresholds:
# check postgres connections
object Service "Postgres Connections" {
import "service-5m-normal"
host_name = "aws-rds"
check_command = "postgres"
vars.postgres_host = "myfancypgsql.XXXXXXXXXXXX.eu-west-1.rds.amazonaws.com"
vars.postgres_dbuser = "mydbuser"
vars.postgres_dbpass = "mydbpass"
vars.postgres_dbname = "mydbname"
vars.postgres_action = "database_size"
vars.postgres_warning = "500MB"
vars.postgres_critical = "1000MB"
}
This resulted in the following error message:
Permission denied on database rdsadmin.
That's right. AWS creates a database called "rdsadmin" on each RDS instance. Purpose? Most likely handle privileges coming from the AWS console/UI. But what else is in there? We'll never know because only AWS know the credentials to this database. However this causes a problem with check_postgres.pl.
A way to handle this "hidden database" and exclude it is to only check for database objects belonging to the instance's master user. This can be achieved by using the plugin's option "includeuser". In Icinga 2's service object definition, this looks like:
# check postgres connections
object Service "Postgres Connections" {
import "service-5m-normal"
host_name = "aws-rds"
check_command = "postgres"
vars.postgres_host = "myfancypgsql.XXXXXXXXXXXX.eu-west-1.rds.amazonaws.com"
vars.postgres_dbuser = "mydbuser"
vars.postgres_dbpass = "mydbpass"
vars.postgres_dbname = "mydbname"
vars.postgres_action = "database_size"
vars.postgres_includeuser = "masteruser"
vars.postgres_warning = "500MB"
vars.postgres_critical = "1000MB"
}
This tells the plugin to look only for objects (like databases) which belong to "masteruser" (database owner). Result:
POSTGRES_DATABASE_SIZE CRITICAL: DB "mydbname" (host:host:myfancypgsql.XXXXXXXXXXXX.eu-west-1.rds.amazonaws.com) mydbname: 32215345336 (30 GB) postgres: 6744248 (6586 kB) template1: 6744248 (6586 kB)
As you can see, the database "rdsadmin" was excluded. All the checked databases are owned by the master user "masteruser".
Note: Another way would be to define "excludeuser" but at this moment I am not aware of the username being owner of "rdsadmin".
No comments yet.
AWS Android Ansible Apache Apple Atlassian BSD Backup Bash Bluecoat CMS Chef Cloud Coding Consul Containers CouchDB DB DNS Database Databases Docker ELK Elasticsearch Filebeat FreeBSD Galera Git GlusterFS Grafana Graphics HAProxy HTML Hacks Hardware Icinga Influx Internet Java KVM Kibana Kodi Kubernetes LVM LXC Linux Logstash Mac Macintosh Mail MariaDB Minio MongoDB Monitoring Multimedia MySQL NFS Nagios Network Nginx OSSEC OTRS Office OpenSearch PGSQL PHP Perl Personal PostgreSQL Postgres PowerDNS Proxmox Proxy Python Rancher Rant Redis Roundcube SSL Samba Seafile Security Shell SmartOS Solaris Surveillance Systemd TLS Tomcat Ubuntu Unix VMWare VMware Varnish Virtualization Windows Wireless Wordpress Wyse ZFS Zoneminder