Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

./check_ceph_rgw as user nagios #30

Closed
linuxmail opened this issue Jun 25, 2017 · 4 comments
Closed

./check_ceph_rgw as user nagios #30

linuxmail opened this issue Jun 25, 2017 · 4 comments

Comments

@linuxmail
Copy link

hi,

I get all plugins as non-root working, except check_ceph_rgw.

RGW ERROR:  :: 2017-06-25 17:20:33.839691 7f2f7333c8c0 -1 auth: unable to find a keyring on /etc/pve/priv/ceph.client.admin.keyring: (13) Permission denied
2017-06-25 17:20:33.839702 7f2f7333c8c0  0 librados: client.admin initialization error (13) Permission denied
couldn't init storage provider

what is understandable, because /etc/pve/priv/ceph.client.admin.keyring is only readable by root. For the other checks, I created a separated keyring, but that option is missing. So what I have missed, to get it as user nagios working, withouth make the /etc/pve/priv/ceph.client.admin.keyring readable by nagios ?

cu denny

ps. very big thanks for the great plugins 👍
@valerytschopp
Copy link
Contributor

valerytschopp commented Jun 27, 2017
edited
Loading

You can try the -i CLIENT_ID option to specify another keyring to read. It will read the the file /etc/ceph/ceph.client.CLIENT_ID.keyring for the credentials.

If you create a new nagios user in the Ceph auth, with only the capability [mon] allow r, you will be able to use its keyring to use the plugins.

@linuxmail
Copy link
Author

hi @valerytschopp

that is, what I tried:

nagios@qh-a07-ceph-osd-01:~$ /usr/lib/nagios/plugins/check_ceph_rgw  --id nagios
RGW ERROR:  :: 2017-06-27 21:01:59.550531 7f0be77208c0 -1 auth: unable to find a keyring on /etc/pve/priv/ceph.client.admin.keyring: (13) Permission denied
2017-06-27 21:01:59.550542 7f0be77208c0  0 librados: client.admin initialization error (13) Permission denied
couldn't init storage provider

nagios@qh-a07-ceph-osd-01:~$ /usr/lib/nagios/plugins/check_ceph_rgw  -i nagios
RGW ERROR:  :: 2017-06-27 21:02:03.816009 7f0dc57438c0 -1 auth: unable to find a keyring on /etc/pve/priv/ceph.client.admin.keyring: (13) Permission denied
2017-06-27 21:02:03.816019 7f0dc57438c0  0 librados: client.admin initialization error (13) Permission denied
couldn't init storage provider

for all other plugins, it works. A bit problematic is, that I have the keyrings on a different place, like /etc/icinga2/secrets/ceph.nagios.keyring to have all secretes for Icinga together.

cu denny

@valerytschopp
Copy link
Contributor

Unfortunately if the -i option doesn't work, there is nothing we can do. The radosgw-admin doesn't have any option about the keyring file...

As a workaround, you could run the check_ceph_rgw command with sudo...

@valerytschopp
Copy link
Contributor

Or check this gist check_ceph_rgw.py (https://gist.github.com/valerytschopp/452e7cfc55053fb76cc454b03c731f4b)

It does more or less the same than check_ceph_rgw, but use my pyhton-radosgw-admin library (https://github.com/valerytschopp/python-radosgw-admin), and can be used remote, with other style of credentials (access and secret key)

@7thsonch 7thsonch mentioned this issue Aug 26, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@valerytschopp @linuxmail