kolla

prometheus blackbox_exporter missing new_raw capability

Bug #1840631 reported by Jack Heskett on 2019-08-19

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	kolla	Fix Released	Medium	Scott Solkhon	kolla 9.0.0 "Train"

Bug Description

The ICMP module in blackbox prometheus exporter does not work as expected - ICMP probes return probe_success 0 metric despite responding to ping from the host.

As per https://github.com/prometheus/blackbox_exporter#permissions, the Prometheus blackbox_exporter requires net_raw capability +effective and +permitted to create a socket for the ICMP probe. To resolve, the documentation suggests running "setcap cap_net_raw+ep blackbox_exporter".

Tags:

Scott Solkhon (scott.solkhon) on 2019-08-19

Changed in kolla:
assignee:	nobody → Scott Solkhon (scott.solkhon)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-08-19: Fix proposed to kolla (master)

Fix proposed to branch: master
Review: https://review.opendev.org/677156

Changed in kolla:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-09-18: Fix merged to kolla (master)

Reviewed: https://review.opendev.org/677156
Committed: https://git.openstack.org/cgit/openstack/kolla/commit/?id=b5a4478b0fa9b775a9b5c45545e78e9215a50588
Submitter: Zuul
Branch: master

commit b5a4478b0fa9b775a9b5c45545e78e9215a50588
Author: Scott Solkhon <email address hidden>
Date: Fri Aug 16 16:10:33 2019 +0000

Add effective and permitted capability to blackbox exporter

    The ICMP probe in the Prometheus blackbox exporter requires
    elevated privileges to function. Linux root user or CAP_NET_RAW
    capability is required. Can be set by executing setcap
    cap_net_raw+ep blackbox_exporter. This change also bumps the version
    of the blackbox exporter to the next minor version to allow for this
    support.

'+ep' means we're adding the capability as effective and permitted.

See: https://github.com/prometheus/blackbox_exporter

    Change-Id: I1c3b817712ae10edd45de01382b044af2fb728bd
    Closes-Bug: #1840631
    Co-authored-by: Jack Heskett <email address hidden>

Changed in kolla:
status:	In Progress → Fix Released

Mark Goddard (mgoddard) on 2019-10-16

Changed in kolla:
milestone:	none → 9.0.0
importance:	Undecided → Medium

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-11-05: Fix proposed to kolla (stable/stein)

Fix proposed to branch: stable/stein
Review: https://review.opendev.org/692988

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-11-06: Fix included in openstack/kolla 9.0.0.0rc1

This issue was fixed in the openstack/kolla 9.0.0.0rc1 release candidate.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-11-07: Fix merged to kolla (stable/stein)

Reviewed: https://review.opendev.org/692988
Committed: https://git.openstack.org/cgit/openstack/kolla/commit/?id=8e712fadd3d7e12163455a74a8076791d925de11
Submitter: Zuul
Branch: stable/stein

commit 8e712fadd3d7e12163455a74a8076791d925de11
Author: Scott Solkhon <email address hidden>
Date: Fri Aug 16 16:10:33 2019 +0000

Add effective and permitted capability to blackbox exporter

'+ep' means we're adding the capability as effective and permitted.

See: https://github.com/prometheus/blackbox_exporter

    Change-Id: I1c3b817712ae10edd45de01382b044af2fb728bd
    Closes-Bug: #1840631
    Co-authored-by: Jack Heskett <email address hidden>
    (cherry picked from commit b5a4478b0fa9b775a9b5c45545e78e9215a50588)

tags:

added: in-stable-stein

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-01-30: Fix included in openstack/kolla 8.0.2

This issue was fixed in the openstack/kolla 8.0.2 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.