Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

prepend_sudo does not work as expected #57

Open
bjoern-r opened this issue Apr 5, 2021 · 2 comments
Open

prepend_sudo does not work as expected #57

bjoern-r opened this issue Apr 5, 2021 · 2 comments

Comments

@bjoern-r
Copy link

bjoern-r commented Apr 5, 2021

i'm running the exporter as an unprivileged user monitoring and added a sudoers entry to allow execution of the wg tool by monitoring user without password. however the exporter just returns Permission denied (os error 13)

via shell it works as expected:

monitoring@hell:/tmp$ wg show
Unable to access interface wg0: Operation not permitted
monitoring@hell:/tmp$ sudo wg show 
interface: wg0                                                 
  public key: pZ...A=
  private key: (hidden)                       
  listening port: 51820

via prometheus_wireguard_exporter it fails

# sudo -u monitoring /usr/local/bin/prometheus_wireguard_exporter -a -l 10.192.123.1 -n /etc/wireguard/wg0.conf -i wg0 -v

a ==> wg0
[2021-04-05T16:48:33Z INFO  prometheus_wireguard_exporter] prometheus_wireguard_exporter v3.5.0 starting...
[2021-04-05T16:48:33Z INFO  prometheus_wireguard_exporter] using options: Options { verbose: true, prepend_sudo: true, separate_allowed_ips: false, extract_names_config_file: Some("/etc/wireguard/wg0.conf"), interfaces: Some(["wg0"]), export_remote_ip_and_port: false }
[2021-04-05T16:48:33Z INFO  prometheus_wireguard_exporter] starting exporter on http://10.192.123.1:9586/metrics
[2021-04-05T16:48:33Z INFO  prometheus_exporter_base] Listening on http://10.192.123.1:9586
[2021-04-05T16:48:37Z TRACE prometheus_exporter_base] serve_function:: req.uri() == /metrics, req.method() == GET
[2021-04-05T16:48:37Z TRACE prometheus_exporter_base] serve_function:: options == Options { verbose: true, prepend_sudo: true, separate_allowed_ips: false, extract_names_config_file: Some("/etc/wireguard/wg0.conf"), interfaces: Some(["wg0"]), export_remote_ip_and_port: false }
[2021-04-05T16:48:37Z WARN  prometheus_exporter_base] internal server error == Os { code: 13, kind: PermissionDenied, message: "Permission denied" }
@zxyz
Copy link

zxyz commented Feb 27, 2022

@bjoern-r is the user monitoring allowed to read /etc/wireguard/wg0.conf? This was my problem.
You could try your above prometheus_wireguard_exporter command without the -n to verify this easily.

@bjoern-r
Copy link
Author

bjoern-r commented Mar 1, 2022

thanks for pointing out. i will try it out when i have the chance..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bjoern-r @zxyz