Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

installer setuid fallback for perf and slabinfo plugins #15807

Merged
merged 1 commit into from
Aug 16, 2023
Merged

installer setuid fallback for perf and slabinfo plugins #15807

merged 1 commit into from
Aug 16, 2023

Conversation

ilyam8
Copy link
Member

@ilyam8 ilyam8 commented Aug 14, 2023
edited
Loading

Summary

ssia, noticed the problem when building a static version locally.

@Ferroin setcap is not available in our helper images. It is ok to setuid these plugins because setuid bit will be overwritten in install-or-update.sh (static build).

[/usr/src/netdata]# sh -c setcap cap_perfmon+ep "/opt/netdata/usr/libexec/netdata/plugins.d/perf.plugin" || setcap cap_sys_admin+ep "/opt/netdata/usr/libexec/netdata/plugins.d/perf.plugin"
sh: setcap: not found
sh: setcap: not found
 FAILED  ''

[/usr/src/netdata]# setcap cap_dac_read_search+ep /opt/netdata/usr/libexec/netdata/plugins.d/slabinfo.plugin
./netdata-installer.sh: line 344: setcap: not found
 FAILED  ''
Test Plan
  • install from source.
  • build static and install.

Check slabinfo/perf plugins permissions/capabilities.

Additional Information
For users: How does this change affect me?

@github-actions github-actions bot added the area/packaging Packaging and operating systems support label Aug 14, 2023
@ilyam8 ilyam8 marked this pull request as ready for review August 14, 2023 14:35
thiagoftsm
thiagoftsm approved these changes Aug 16, 2023
View reviewed changes
Copy link
Contributor

@thiagoftsm thiagoftsm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Current master on my environment is setting:

bash-5.2# ls -l /usr/libexec/netdata/plugins.d/slabinfo.plugin /usr/libexec/netdata/plugins.d/perf.plugin 
-rwxr-x--- 1 root netdata 2197008 Aug 16 14:54 /usr/libexec/netdata/plugins.d/perf.plugin
-rwxr-x--- 1 root netdata 2188272 Aug 16 14:54 /usr/libexec/netdata/plugins.d/slabinfo.plugin

And this PR is keeping permissions with plugin running normally:

bash-5.2# ls -l /usr/libexec/netdata/plugins.d/slabinfo.plugin /usr/libexec/netdata/plugins.d/perf.plugin 
-rwxr-x--- 1 root netdata 2647128 Aug 16 14:42 /usr/libexec/netdata/plugins.d/perf.plugin
-rwxr-x--- 1 root netdata 2638432 Aug 16 14:42 /usr/libexec/netdata/plugins.d/slabinfo.plugin
bash-5.2# netdata
2023-08-16 14:43:58: netdata IERR  : MAIN : (0048@daemon/common.c     :get_netdata_cpu): System CPUs: 4, (system: 4, cgroups cpuset v1: 4, cgroups cpuset v2: 0, netdata.conf: 4)
bash-5.2# grep perf /var/log/netdata/*
/var/log/netdata/access.log:2023-08-16 14:44:55: 2: 1474 '[localhost]:46696' 'DATA' (sent/all = 2310/15036 bytes -85%, prep/sent/total = 0.42/0.15/0.57 ms) 200 '//api/v2/data?points=304&format=json2&time_group=average&time_resampling=0&after=1692196196&before=1692197096&group_by%5B0%5D=dimension&group_by_label%5B0%5D=&aggregation%5B0%5D=sum&options=jsonwrap%7Cnonzero%7Cflip%7Cms%7Cjw-anomaly-rates%7Cminify&contexts=*&scope_contexts=perf.cpu_cycles&scope_nodes=*&nodes=*&instances=*&dimensions=*&labels=*'
/var/log/netdata/access.log:2023-08-16 14:44:58: 2: 1474 '[localhost]:46696' 'DATA' (sent/all = 2327/15065 bytes -85%, prep/sent/total = 0.52/0.20/0.72 ms) 200 '//api/v2/data?points=304&format=json2&time_group=average&time_resampling=0&after=1692196199&before=1692197099&group_by%5B0%5D=dimension&group_by_label%5B0%5D=&aggregation%5B0%5D=sum&options=jsonwrap%7Cnonzero%7Cflip%7Cms%7Cjw-anomaly-rates%7Cminify&contexts=*&scope_contexts=perf.cpu_cycles&scope_nodes=*&nodes=*&instances=*&dimensions=*&labels=*'
/var/log/netdata/collector.log:2023-08-16 14:44:04: go.d ERROR: prometheus[performance_counters_exporter_local] Get "http://127.0.0.1:9358/metrics": dial tcp 127.0.0.1:9358: connect: connection refused
/var/log/netdata/collector.log:2023-08-16 14:44:04: go.d ERROR: prometheus[performance_counters_exporter_local] check failed
/var/log/netdata/collector.log:2023-08-16 14:44:04: go.d ERROR: prometheus[windows_perflib_exporter_local] Get "http://127.0.0.1:9432/metrics": dial tcp 127.0.0.1:9432: connect: connection refused
/var/log/netdata/collector.log:2023-08-16 14:44:04: go.d ERROR: prometheus[windows_perflib_exporter_local] check failed
/var/log/netdata/collector.log:2023-08-16 14:44:04: go.d ERROR: prometheus[iperf3_exporter_local] Get "http://127.0.0.1:9579/metrics": dial tcp 127.0.0.1:9579: connect: connection refused
/var/log/netdata/collector.log:2023-08-16 14:44:04: go.d ERROR: prometheus[iperf3_exporter_local] check failed
/var/log/netdata/collector.log:2023-08-16 14:44:04: go.d ERROR: prometheus[opvizor_performance_analyzer_process_exporter_local] Get "http://127.0.0.1:9585/metrics": dial tcp 127.0.0.1:9585: connect: connection refused
/var/log/netdata/collector.log:2023-08-16 14:44:04: go.d ERROR: prometheus[opvizor_performance_analyzer_process_exporter_local] check failed
/var/log/netdata/error.log:2023-08-16 14:44:02: netdata INFO  : PD[perf] : (0250@libnetdata/threads/t:netdata_thread_): thread created with task id 1498
/var/log/netdata/error.log:2023-08-16 14:44:02: netdata INFO  : PD[perf] : (0210@libnetdata/threads/t:thread_set_name): set name of thread 1498 to PD[perf]
/var/log/netdata/error.log:2023-08-16 14:44:02: netdata INFO  : MAIN : (2115@daemon/main.c       :main           ): NETDATA STARTUP: completed in 4291 ms. Enjoy real-time performance monitoring!
/var/log/netdata/error.log:2023-08-16 14:44:02: netdata INFO  : PD[perf] : (0160@collectors/plugins.d:pluginsd_worker): PLUGINSD: 'host:hades' connected to '/usr/libexec/netdata/plugins.d/perf.plugin' running on pid 1510
/var/log/netdata/error.log:2023-08-16 14:44:55: netdata IERR  : WEB[1] : (0416@database/ram/rrddim_:rrddim_query_fi): QUERY: query for chart 'perf.cpu_cycles' dimension 'cpu' has been stopped unfinished
/var/log/netdata/error.log:2023-08-16 14:44:55: netdata IERR  : WEB[1] : (0416@database/ram/rrddim_:rrddim_query_fi): QUERY: query for chart 'perf.cpu_cycles' dimension 'ref_cpu' has been stopped unfinished
/var/log/netdata/error.log:2023-08-16 14:44:58: netdata IERR  : WEB[1] : (0416@database/ram/rrddim_:rrddim_query_fi): QUERY: query for chart 'perf.cpu_cycles' dimension 'cpu' has been stopped unfinished
/var/log/netdata/error.log:2023-08-16 14:44:58: netdata IERR  : WEB[1] : (0416@database/ram/rrddim_:rrddim_query_fi): QUERY: query for chart 'perf.cpu_cycles' dimension 'ref_cpu' has been stopped unfinished

LGTM!

@ilyam8 ilyam8 merged commit e3f1c5f into netdata:master Aug 16, 2023
127 checks passed
@ilyam8 ilyam8 deleted the installer_setuid_fallback_perf_slabinfo branch August 16, 2023 15:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ferroin Ferroin Ferroin approved these changes

@thiagoftsm thiagoftsm thiagoftsm approved these changes

@tkatsoulas tkatsoulas Awaiting requested review from tkatsoulas

@Dim-P Dim-P Awaiting requested review from Dim-P

Assignees
No one assigned
Labels
area/packaging Packaging and operating systems support
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ilyam8 @Ferroin @thiagoftsm