since charm revision 13 check_ipmi_sensors script can't write to /var/lib/nagios
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
NRPE Charm |
Fix Released
|
Critical
|
Joe Guo | ||
hw-health-charm |
Fix Released
|
Critical
|
Joe Guo |
Bug Description
Hi,
I've been running hw-health charm rev. 13 on an HP hardware server. Getting alerts from NRPE 'ipmi' services (see the attached screenshot).
# /etc/cron.d# cat hwhealth_ipmi
0,5,10,
The script tries to create the temporary file in /var/lib/nagios to then rename it to its final form, but creation fails because of "Permission denied":
# sudo -u nagios /usr/local/
Cannot write output file /var/lib/
The directory is not writeable by "nagios" user indeed, only by 'root':
# ls -la /var/lib/ | grep nagios
drwxr-xr-x 3 root root 4096 Dec 6 17:28 nagios
However since the commit [1] the check is not run by 'root' anymore. I'm not sure if that's the only change that caused it, or there was something else in other charms, but I'm filing the bug to hw-health charm as failing check is coming from hw-health charm.
Also I'm not seeing that on another deployment that runs hw-health charm rev. 12, as cron.d script runs as 'root':
$ cat /etc/cron.
4,9,14,
[1] https:/
Related branches
- Xav Paice (community): Approve
- Linda Guo (community): Approve
-
Diff: 57 lines (+25/-0)1 file modifiedsrc/lib/hwhealth/tools.py (+25/-0)
- Xav Paice (community): Approve
- Andrea Ieri: Approve
-
Diff: 25 lines (+14/-0)1 file modifiedhooks/nrpe_utils.py (+14/-0)
Changed in charm-hw-health: | |
status: | New → Confirmed |
Changed in charm-hw-health: | |
importance: | Undecided → Critical |
Changed in charm-hw-health: | |
assignee: | nobody → Joe Guo (guoqiao) |
status: | Confirmed → In Progress |
milestone: | none → 20.05 |
Changed in charm-nrpe: | |
status: | New → In Progress |
importance: | Undecided → Critical |
assignee: | nobody → Joe Guo (guoqiao) |
milestone: | none → 21.04 |
Changed in charm-nrpe: | |
status: | In Progress → Fix Committed |
Changed in charm-hw-health: | |
milestone: | 20.05 → 21.04 |
Changed in charm-nrpe: | |
status: | Fix Committed → Fix Released |
Changed in charm-hw-health: | |
status: | Fix Committed → Fix Released |
Suspect this is related to LP:#1866382 (not a duplicate, though). We should consider having the NRPE charm ensure that the dir /var/lib/nagios (nagios user home dir) is owned like so:
drwxr-sr-x 3 nagios nagios 4096 Feb 3 02:04 /var/lib/nagios
Note the setgid, to ensure that cron jobs running as root which drop files in that dir make files that are readable in the dir by the nagios user, even if the machine has been locked down to remove the r-x permission on the dir (see LP:#1904045).