Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

IPMI Sensor plugin requires telegraf service to run as root #3332

Closed
chrishoage opened this issue Oct 12, 2017 · 11 comments
Closed

IPMI Sensor plugin requires telegraf service to run as root #3332

chrishoage opened this issue Oct 12, 2017 · 11 comments
Labels
docs Issues related to Telegraf documentation and configuration descriptions
Milestone

Comments

@chrishoage
Copy link

Bug report

On Ubuntu /dev/ipmi0 is owned by root

› la /dev/ipmi0
crw------- 1 root root 243, 0 Oct 12 11:51 /dev/ipmi0

The only way I've found to get ipmitool sdr (local ipmi) to work is to modify the telegraf.service user to be root on ubuntu.

I've tried adding telegraf user to the root group. I've tried adding

telegraf ALL(root) NOEXEC: NOPASSWD: /usr/bin/ipmitool

to my visudo file.

I'm really unsure how to get this to work with out having the service run telegraf as root.

Relevant telegraf.conf:

[[inputs.ipmi_sensor]]

No other configuration

System info:

ipmitool version 1.8.16
Telegraf v1.4.2 (git: release-1.4 0cc5fc0)
Distributor ID: Ubuntu
Description: Ubuntu 16.04.3 LTS
Release: 16.04
Codename: xenial

Steps to reproduce:

  1. Install telegraf following instructions for apt
  2. Uncomment IPMI sensor config

Expected behavior:

IPMI to read sensor data

Actual behavior:

2017-10-12T19:22:20Z E! Error in plugin [inputs.ipmi_sensor]: failed to run command /usr/bin/ipmitool sdr: exit status 1 - Could not open device at /dev/ipmi0 or /dev/ipmi/0 or /dev/ipmidev/0: No such file or directory

I have scoured the GHIs and the internet for how to solve this issue and have come up short.

How is this intended to be used?

@danielnelson
Copy link
Contributor

I'm not very familiar with ipmi, I don't think I own any hardware that supports it, but it would be great if we could work out some improved documentation around setup.

I think the device file needs to be assigned to a group and the group given, at least, read permissions. Something like:

groupadd -r ipmi
usermod -a -G ipmi telegraf
chmod 640 /dev/ipmi0

If this does the job we could work on a udev rule to set it up on boot.

@danielnelson danielnelson added this to the 1.5.0 milestone Oct 12, 2017
@danielnelson danielnelson added the docs Issues related to Telegraf documentation and configuration descriptions label Oct 12, 2017
@chrishoage
Copy link
Author

chrishoage commented Oct 13, 2017

chmoding didn't work, but your suggestion of a udev rule sent me off in the right direction.

I found https://github.com/networkupstools/nut/tree/master/scripts/udev

which gave me the idea to create

› sudo cat /lib/udev/rules.d/52-telegraf-ipmi.rules
KERNEL=="ipmi*", MODE="664", GROUP="telegraf"

after changing telegraf.service back to the telgraf user and restarting the service I am able to read data with ipmitool sdr

@danielnelson
Copy link
Contributor

@chrishoage Can you check if the group needs read and write 660 permissions or just read 640?

@chrishoage
Copy link
Author

chrishoage commented Oct 13, 2017

@danielnelson I modified the udev rule to try both 640 and 660 running both udevadm control --reload-rules && udevadm trigger and service telegraf restart after each edit.

640 caused E! Error in plugin [inputs.ipmi_sensor]: failed to run command /usr/bin/ipmitool sdr: exit status 1 - Could not open device at /dev/ipmi0 or /dev/ipmi/0 or /dev/ipmidev/0: No such file or directory
660 did not trigger such an error

› cat /lib/udev/rules.d/52-telegraf-ipmi.rules
KERNEL=="ipmi*", MODE="660", GROUP="telegraf"

@danielnelson
Copy link
Contributor

I updated the ipmi_sensor README, can you take a look? I suggested placing the file into /etc/udev/rules.d instead of /lib because I think this is the correct spot for custom rules.

@chrishoage
Copy link
Author

I moved my rule to /etc/udev/ruels.d and everything is still working.

I notice you have a tiny typo here: a179698#diff-379ee781bc500686e14753d1bc9756efR58
impi -> ipmi

other than that the new docs look good.

Thank you for your guidance in helping me solve this issue.

Please feel free to close this issue at your own discretion.

@danielnelson
Copy link
Contributor

I fixed the typo, thanks

@antifuchs
Copy link
Contributor

I feel that this may not be super relevant to most people, but maybe it'll help another person is googling for the same problem I had: If you are on Ubuntu, and have the openipmi package installed, its init script resets the owner&permission on /dev/ipmi0. I solved this problem for myself by uninstalling the openipmi package, but I guess you could also drop an exit 0 in /etc/default/openipmi.

@jdeglopper
Copy link

@antifuchs I have submitted a change request to the upstream OpenIPMI project to fix the init script issue on Ubuntu. The tiny patch is to change the test on line 80 of /etc/init.d/openipmi to correctly detect udev on Ubuntu: if [ -e /sbin/udev -o -e /sbin/udevd -o -e /bin/udevadm ]; then

After this, the udev rule permissions changes are not overwritten by the init script.

@dewi-ny-je
Copy link

While adding the udev rule works, another option that would make sense is to run ipmitool as sudo, just like telegraf already does for smartctl.

The plugin however does not offer such option.

@danielnelson
Copy link
Contributor

A use_sudo = true option was added in #6798 and will be available in 1.14.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
docs Issues related to Telegraf documentation and configuration descriptions
Projects
None yet
Development

No branches or pull requests

5 participants