Support icmp probes by enabling install_method=apt
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Prometheus Blackbox Exporter Charm |
New
|
Wishlist
|
Unassigned |
Bug Description
Per [1]:
"""
The ICMP probe requires elevated privileges to function:
[...]
Linux: root user or CAP_NET_RAW capability is required.
Can be set by executing setcap cap_net_raw+ep blackbox_exporter
[...]
"""
Since the charm intalls a snap, "setcap" cannot be applied. An alternative install method should exist as the "prometheus-
Similar to other prometheus-related charms, a new "install_
1. https:/
Changed in charm-prometheus-blackbox-exporter: | |
importance: | Undecided → Medium |
Changed in charm-prometheus-blackbox-exporter: | |
importance: | Medium → Wishlist |
It should be noted that the prometheus docs also mention that the sysctl setting "net.ipv4. ping_group_ range" can also be used to provide these privileges.
It seems like Focal may have this enabled out-of-the-box, but for Bionic, it may be reasonable to deploy the sysconfig charm as a subordinate, with the sysctl setting set to '{"net. ipv4.ping_ group_range" : "0 2147483647"}'.
If we want this to consistently work in the charm without sysctl settings, we could:
1. Have this charm set the above sysctl setting itself, or
2. Leave the sysctl setting alone, allow for using the apt package instead of the snap, and optionally enable the CAP_NET_RAW capability.