Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add sudo config parameter #172

Merged
merged 1 commit into from
Jan 19, 2025
Merged

Add sudo config parameter #172

merged 1 commit into from
Jan 19, 2025

Conversation

Napsty
Copy link
Contributor

@Napsty Napsty commented Dec 19, 2024
edited
Loading

This PR was made to solve the sudo problem, I ran into in #171 .
The additional configuration parameter sudo is added in this PR and allows to define scripts which should be executed with privileged (root) permissions.

I've successfully tested this with a particular script which only runs correctly when executed as root.

  - name: check_example
    command: /opt/check_example.py
    args:
      - "-o"
      - "prometheus"
    timeout:
      max_timeout: 60

script_exporter runs as unprivileged user. When the particular script is run (curl localhost:9469/probe?script=check_example), the script returns an error:

ts=2024-12-19T14:07:31.771Z caller=scripts.go:93 level=error msg="Script 'check_example' execution failed" cmd="/opt/check_example.py -o prometheus" stdout="ERROR: Unable to decode JSON, Error: Expecting value: line 1 column 1 (char 0).\n" stderr= env= err="exit status 3"

Now adjusting the script config and adding the sudo option:

  - name: check_example
    command: /opt/check_example.py
    sudo: true
    args:
      - "-o"
      - "prometheus"
    timeout:
      max_timeout: 60

Starting the patched script_exporter and executing the script (curl localhost:9469/probe?script=check_example), the command is successfully executed with sudo:

curl localhost:9469/probe?script=check_example
# HELP script_success Script exit status (0 = error, 1 = success).
# TYPE script_success gauge
script_success{script="check_example"} 1
# HELP script_duration_seconds Script execution time, in seconds.
# TYPE script_duration_seconds gauge
script_duration_seconds{script="check_example"} 7.313547
# HELP script_exit_code The exit code of the script.
# TYPE script_exit_code gauge
script_exit_code{script="check_example"} 0
# HELP script_use_cache Script use cache (0 = no, 1 = yes).
# TYPE script_use_cache gauge
script_use_cache{script="check_example"} 0
# HELP script_use_expired_cache Script re-use expired cache (0 = no, 1 = yes).
# TYPE script_use_expired_cache gauge
script_use_expired_cache{script="check_example"} 0
HELP example_perf_status shows performance value of example script
TYPE example_perf_status gauge
example_perf_status 0

The relevant system security logs confirm this, too:

Dec 19 15:09:03 linux sudo[3023247]:    user : TTY=pts/0 ; PWD=/home/user ; USER=root ; COMMAND=/opt/check_example.py -o prometheus

This additional config option is very helpful, when script_exporter is NOT run as root user (which should be the default IMO, but that's out of scope of this PR).

Let me know if this PR needs further adjustments.

@Napsty Napsty mentioned this pull request Dec 19, 2024
Closed
@ricoberger
Copy link
Owner

Hi @Napsty lgtm, thanks for your contribution 🙂

@ricoberger ricoberger merged commit 498aab6 into ricoberger:main Jan 19, 2025
@ricoberger ricoberger added the changelog: added A new feature was added label Jan 19, 2025
@Napsty
Copy link
Contributor Author

Napsty commented Jan 19, 2025

Wohoo! 🎉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
changelog: added A new feature was added
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Napsty @ricoberger