Common considerations v4

Suggest edits

Lasso uses the libpq environment variables to get the Postgres connection parameters. You can find the list of the environment variables in the PostgreSQL documentation.

The connection parameters, among other options, can also be passed as command line arguments:

usage: lasso [-h] [-H HOST_NAME] [-p PORT] [--password PASSWORD]
             [--lock-timeout LOCK_TIMEOUT]
             [--statement-timeout STATEMENT_TIMEOUT] [--bindir BINDIR]
             [--depth [{surface,shallow,deep}]]
             [--describe [{short,json,full}]] [--version] [--latest-version]
             [--system-only | --barman]
             [--barman-configuration BARMAN_CONFIGURATION]
             [--repmgr-configuration REPMGR_CONFIGURATION]
             [--efm-configuration EFM_CONFIGURATION]
             [--xdb-pubserver-configuration XDB_PUBSERVER_CONFIGURATION]
             [--xdb-subserver-configuration XDB_SUBSERVER_CONFIGURATION]
             [--pgbouncer-configuration PGBOUNCER_CONFIGURATION]
             [--harp-configuration HARP_CONFIGURATION]
             [--etcd-configuration ETCD_CONFIGURATION]
             [--upload] [--keep-report] [--is-latest-version]
             [dbname] [user]

EDB Lasso

positional arguments:
  dbname                Database name to connect to (default root)
  user                  Database user name (default root)

optional arguments:
  -h, --help            show this help message and exit
  -H HOST_NAME, --host-name HOST_NAME
                        Database host name or socket directory (default local
                        socket)
  -p PORT, --port PORT  Database server port (default 5432)
  --password PASSWORD   Database server password
  --lock-timeout LOCK_TIMEOUT
                        Database connection lock timeout (default 3s)
  --statement-timeout STATEMENT_TIMEOUT
                        Database connection statement timeout (default 5min)
  --bindir BINDIR       Postgres binaries directory (autodetect by default)
  --depth [{surface,shallow,deep}]
                        Depth of the report (default deep)
  --describe [{short,json,full}]
                        Describes every single module, in terms of action and
                        output
  --version             Shows Lasso version and modules revision
  --latest-version      Shows the latest available version of EDB Lasso, taken
                        from the EDB Web Services
  --system-only         Gather only system-related information - without
                        requiring a Postgres connection
  --barman              Gather Barman status, enabled by default when Lasso is
                        run as 'barman' user and the executable exists.
                        Defaults to False. When Barman reporting is enabled,
                        we do not gather Postgres related information
  --barman-configuration BARMAN_CONFIGURATION
                        Barman configuration file. By default use the native
                        algorithm in Barman to find the configuration file.
                        Valid only if Barman reporting is enabled
  --repmgr-configuration REPMGR_CONFIGURATION
                        Path to the repmgr.conf file, if using a non-default
                        path
  --efm-configuration EFM_CONFIGURATION
                        Path to the EFM properties file, if using a non-
                        default path
  --xdb-pubserver-configuration XDB_PUBSERVER_CONFIGURATION
                        Path to the xDB publication server configuration file,
                        if using a non-default path
  --xdb-subserver-configuration XDB_SUBSERVER_CONFIGURATION
                        Path to the xDB subscription server configuration
                        file, if using a non-default path
  --pgbouncer-configuration PGBOUNCER_CONFIGURATION
                        Path to the pgbouncer.ini file. You can specify multiple
                        files separated by comma
  --harp-configuration HARP_CONFIGURATION
                        Path to the config.yml file, if using a non-default
                        path
  --etcd-configuration ETCD_CONFIGURATION
                        Path to the etcd.conf file, if using a non-default
                        path
  --upload              Report tarball file is sent to EDB at the end of the
                        execution. The file will be removed if successfully
                        uploaded unless --keep-report is specified
  --keep-report         Keep a local copy of the report even after a
                        successful upload to EDB
  --is-latest-version   Only check if this is the latest available version of
                        Lasso and returns exit code 0 if this is the latest
                        version and 1 otherwise

You can also use a configuration file for Lasso, so you can omit most of the command line options that your environment might require. Lasso looks for configuration files in the following paths, in this order:

  1. ./edb-lasso.cfg in the same directory where Lasso is running
  2. ./edb-lasso.conf in the same directory where Lasso is running
  3. $HOME/.edb-lasso.conf
  4. /etc/edb-lasso.conf

It uses the first match .

A template file for the configuration file looks like this:

    ; Lasso template configuration file
    ;
    ; Copyright (C) EnterpriseDB UK Limited 2015-2022 - All Rights Reserved.
    ; Licensed only for use with an EnterpriseDB subscription

    [customer]
    ; the "Company code" from the customer page in the EDB Portal
    id=
    ; the "Token" from the customer page in the EDB Portal
    token=
    ; the depth of the Lasso report. Must be one between: surface, shallow and deep
    depth=deep

    [postgresql]
    ; Lasso uses the following connection string parameters to connect to your
    ; PostgreSQL cluster and take diagnostics. By default it will attempt a peer
    ; connection to socket under directory /var/run/postgresql
    ; dbname=
    ; user=
    ; port=
    ; hostname can be a host or a socket directory
    ; hostname=/var/run/postgresql
    ; password=

    ; session variable to control timeout on lock waits
    ; lock_timeout=3s
    ; session variable to control statement execution time
    ; statement_timeout=5min

    [environment]
    ; PostgreSQL binaries directory. Lasso will try to detect this automatically if
    ; not set
    ; bindir=
    ; if the host is able to access the internet and reach the EDB servers to upload
    ; Lasso reports
    ; external_access=yes

    [barman]
    ; path to barman.conf, if using a non-default one
    ; configuration=

    [repmgr]
    ; path to repmgr.conf, if using a non-default one
    ; configuration=

    [efm]
    ; path to efm.properties, if using a non-default one
    ; configuration=

    [xdb]
    ; path to xdb_pubserver.conf, if using a non-default one
    ; pubserver_configuration=
    ; path to xdb_subserver.conf, if using a non-default one
    ; subserver_configuration=

    [pgbouncer]
    ; path to pgbouncer.ini, if using a non-default one
    ; configuration=

    [harp]
    ; path to config.yml, if using a non-default one
    ; configuration=

You can use this template to set up your configuration file. Uncomment the desired parameters and set their values according to your environment.

If you installed Lasso from DEB or RPM packages, You can find that same template configuration file at /etc/edb-lasso.conf.templ.

Important

If you installed Lasso from DEB or RPM packages, then you must have a configuration file that contains at least the customer ID and token set. That isn't required if you're running the Lasso disposable binary, which contains those variables embedded in the binary.

The script produces a TAR file containing the gathered data. You must return this file to EDB engineers as part of the process or send it automatically with the --upload option. upload

Important

Some companies have requested for Lasso to operate in an isolated network. In that case, the --upload option isn't permitted. (You can easily verify this setting from your company page in the Portal or through the --version runtime option.) To take advantage of this feature, make sure that the server that's analyzed by Lasso can access the 443 port of any of the front-line websites listed in Servers accepting upload of reports.

You can also use Lasso on a server that has no Postgres installation. In that case, use the --system-only option, and the TAR file produced will contain only system-related information.

Security considerations

When running queries in the database, Lasso tries to use a role that has enough privileges to gather the required information from the tool from which metrics are being gathered.

The following are the tools and the roles that Lasso tries to use for each of them. Lasso tries to use the first available role in each tool role list. Initial connection role means the role that was provided through Lasso CLI when running the toolusually postgres or enterprisedb.

  • PostgreSQL:
    • pg_monitor
    • initial connection role
  • PgLogical:
    • pglogical_superuser
    • initial connection role
  • PGD:
    • bdr_monitor
    • initial connection role
  • PEM:
    • pem_user
    • initial connection role
  • repmgr:
    • initial connection role
  • xDB:
    • initial connection role

Most of the PGD gatherings try using the bdr_monitor role. However, one of them, which is in charge of gathering conflicts, tries to use the role bdr_read_all_conflicts for that purpose. That's the only exception.

In any of the cases, it uses a read-only transaction while querying metrics and configurations from the database.