FS#74548 - [prometheus-bird-exporter] Exporter cannot access bird control socket

Attached to Project: Community Packages
Opened by Brian BIdulock (bidulock) - Sunday, 24 April 2022, 10:19 GMT
Last edited by Buggy McBugFace (bugbot) - Saturday, 25 November 2023, 20:03 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Tim (bastelfreak)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:

The configuration of prometheus-bird-exporter.service is restricting it
from accessing the /run/bird/bird.ctl socket necessary for it to scrape
metrics.

This is because it is run with User=bird_exporter Group=bird_exporter
which prohibit it from accessing the /run/bird/bird.ctl socket.

Additional info:
* package version(s)

bird 2.0.9-2
prometheus-bird-exporter 1.2.6-1

* config and/or log files etc.

#/etc/conf.d/prometheus-bird-exporter
BIRD_EXPORTER_ARGS="-bird.v2=true -bird.socket /run/bird/bird.ctl"

above config otherwise prometheus-bird-exporter.service looks for
control socket in /var/run/bird.ctl by default.

* link to upstream bug report, if any

Steps to reproduce:

Install bird and prometheus-bird-exporter

$> systemctl start bird.service

$> prometheus-bird-exporter -bird.v2=true -bird.socket /run/bird/bird.ctl &
$> curl localhost:9324/metrics

The above two will work (as prometheus-bird-exporter is run as root).

$> kill %1
$> systemctl start prometheus-bird-exporter.service
$> curl localhost:9324/metrics
$> systemctl status prometheus-bird-exporter.service

Above yields:

Apr 24 03:58:57 hamm prometheus-bird-exporter[676776]: time="2022-04-24T09:58:57Z" level=error msg="dial unix /run/bird/bird.ctl: connect: permission denied"
Apr 24 03:59:00 hamm prometheus-bird-exporter[676776]: time="2022-04-24T09:59:00Z" level=error msg="dial unix /run/bird/bird.ctl: connect: permission denied"
This task depends upon

Closed by  Buggy McBugFace (bugbot)
Saturday, 25 November 2023, 20:03 GMT
Reason for closing:  Moved
Additional comments about closing:  https://gitlab.archlinux.org/archlinux/p ackaging/packages/prometheus-bird-export er/issues/1
Comment by Tim (bastelfreak) - Wednesday, 04 May 2022, 06:46 GMT
Hi,
sorry for the late reply. The own user/group is on purpose. The idea is that you add the bird_exporter user to the bird group. This is currently not done by the package itself ( I think that's not possible, but I'm not sure). I could add a postinstall message that informs user about it. If you prefer to run the exporter as root, you can use a systemd dropin file to overwrite the User/Group settings.

Does that help you?
Comment by Brian BIdulock (bidulock) - Thursday, 05 May 2022, 16:07 GMT
You could have installed a sysusers.d file as part of the package that adds bird_exporter user to the bird group with the line:

m bird_exporter bird

Please do this to avoid breaking existing installations during upgrade. Thank you.
Comment by Brian BIdulock (bidulock) - Thursday, 05 May 2022, 16:13 GMT
So, just add the line

m bird_exporter bird

to the prometheus-bird-exporter.conf file that you are already installing in /usr/lib/sysusers.d
Comment by Brian BIdulock (bidulock) - Thursday, 05 May 2022, 16:20 GMT
The bird package has DynamicUser=true in its service unit. Just the m line will break the service unit because the static group will be created without a static user named bird.
Comment by Tim (bastelfreak) - Thursday, 05 May 2022, 19:38 GMT
The exporter has no dependency to bird at the moment (but we could change that). I think we could add the sysusers file when https://bugs.archlinux.org/task/71902 is solved.

Loading...