inputs.ping: Always SetPrivileged(true) in native mode

[sspaink]

resolve #8919

As pointed out by the users in the above issue, the inputs.ping implementation was incomplete. The documentation made it seem you needed to set CAP_NET_RAW and set sysctl, while the CAP_NET_RAW solution wouldn't work without the call to SetPrivileged(true). As well when using FreeBSD you either need root or set CAP_NET_RAW in order to send ICMP packets, therefore requiring SetPrivileged(true).

When SetPrivileged(true) is not set the library go-ping will attempt to send a UDP ping which isn't as reliable as a ICMP ping. While a UDP ping doesn't require any permissions it will only work if the endpoint is configured to reply. This change will make using ICMP ping as the default behavior, requiring elevated permissions.

Output examples with the changes in this PR:

Example of what happens when not giving the correct permissions, it outputs an error saying the operation is not permitted:

❯ ./telegraf --config ~/Documents/Telegraf/telegraf.conf --test
2021-03-30T14:56:17Z I! Starting Telegraf 
2021-03-30T14:56:17Z E! [inputs.ping] ping failed: failed to run pinger: listen ip4:icmp : socket: operation not permitted
> ping,host=sspaink-influxdata,url=example.org result_code=2i 1617116178000000000
2021-03-30T14:56:17Z E! [telegraf] Error running agent: input plugins recorded 1 errors

Working example:

❯ sudo ./telegraf --config ~/Documents/Telegraf/telegraf.conf --test
2021-03-30T14:58:49Z I! Starting Telegraf 
> ping,host=sspaink-influxdata,url=example.org average_response_ms=13.390971,maximum_response_ms=13.390971,minimum_response_ms=13.390971,packets_received=1i,packets_transmitted=1i,percent_packet_loss=0,result_code=0i,standard_deviation_ms=0,ttl=56i 1617116330000000000

[telegraf-tiger]

🤝 ✅ CLA has been signed. Thank you!

[telegraf-tiger]

Looks like new artifacts were built from this PR. Get them here!

Artifact URLs

• aarch64.rpm

• armel.rpm

• armv6hl.rpm

• i386.rpm

• ppc64le.rpm

• s390x.rpm

• x86_64.rpm

• darwin_amd64.tar.gz

• freebsd_amd64.tar.gz

• freebsd_i386.tar.gz

• linux_amd64.tar.gz

• linux_arm64.tar.gz

• linux_armel.tar.gz

• linux_armhf.tar.gz

• linux_i386.tar.gz

• linux_mips.tar.gz

• linux_mipsel.tar.gz

• linux_ppc64le.tar.gz

• linux_s390x.tar.gz

• static_linux_amd64.tar.gz

• windows_amd64.zip

• windows_i386.zip

• amd64.deb

• arm64.deb

• armel.deb

• armhf.deb

• i386.deb

• mips.deb

• mipsel.deb

• ppc64el.deb

• s390x.deb

[reimda]

Hi sspaink, I'd like to have telegraf give a more useful error message when the user doesn't have cap_net_raw set up yet. It will be hard especially for beginners to know that "ping failed: failed to run pinger: listen ip4:icmp : socket: operation not permitted" means they need to use run setcap on the telegraf binary.

Ideally the message should tell the user what they need to do to fix it, or at least point them to docs that tell them how to fix it. The more helpful the error message is, the fewer people will struggle to get this set up.

We would need to check the specific type of error on line 192 and return the helpful message, then let all other ping errors return the current generic "failed to run" message.

[telegraf-tiger]

Looks like new artifacts were built from this PR. Get them here!

Artifact URLs

• aarch64.rpm

• armel.rpm

• armv6hl.rpm

• i386.rpm

• ppc64le.rpm

• s390x.rpm

• x86_64.rpm

• darwin_amd64.tar.gz

• freebsd_amd64.tar.gz

• freebsd_i386.tar.gz

• linux_amd64.tar.gz

• linux_arm64.tar.gz

• linux_armel.tar.gz

• linux_armhf.tar.gz

• linux_i386.tar.gz

• linux_mips.tar.gz

• linux_mipsel.tar.gz

• linux_ppc64le.tar.gz

• linux_s390x.tar.gz

• static_linux_amd64.tar.gz

• windows_amd64.zip

• windows_i386.zip

• amd64.deb

• arm64.deb

• armel.deb

• armhf.deb

• i386.deb

• mips.deb

• mipsel.deb

• ppc64el.deb

• s390x.deb

[reimda]

Thanks!