Add option to run varnish under sudo (#3097)

2017-08-09 13:38:54 -05:00 · 2017-08-09 13:38:54 -05:00 · 8a2373e8c8
parent cb04fa1e9c
commit 8a2373e8c8
3 changed files with 86 additions and 15 deletions
--- a/plugins/inputs/varnish/README.md
+++ b/plugins/inputs/varnish/README.md
@ -7,6 +7,9 @@ This plugin gathers stats from [Varnish HTTP Cache](https://varnish-cache.org/)
 ```toml
 # A plugin to collect stats from Varnish HTTP Cache
 [[inputs.varnish]]
   ## If running as a restricted user you can prepend sudo for additional access:
   #use_sudo = false
   ## The default location of the varnishstat binary can be overridden with:
   binary = "/usr/bin/varnishstat"
@ -330,6 +333,63 @@ the following values:
  - LCK
 ### Permissions:
 It's important to note that this plugin references varnishstat, which may require additional permissions to execute successfully.
 Depending on the user/group permissions of the telegraf user executing this plugin, you may need to alter the group membership, set facls, or use sudo.
 **Group membership (Recommended)**:
 ```bash
 $ groups telegraf
 telegraf : telegraf
 $ usermod -a -G varnish telegraf
 $ groups telegraf
 telegraf : telegraf varnish
 ```
 **Extended filesystem ACL's**:
 ```bash
 $ getfacl /var/lib/varnish/<hostname>/_.vsm
 # file: var/lib/varnish/<hostname>/_.vsm
 # owner: root
 # group: root
 user::rw-
 group::r--
 other::---
 $ setfacl -m u:telegraf:r /var/lib/varnish/<hostname>/_.vsm
 $ getfacl /var/lib/varnish/<hostname>/_.vsm
 # file: var/lib/varnish/<hostname>/_.vsm
 # owner: root
 # group: root
 user::rw-
 user:telegraf:r--
 group::r--
 mask::r--
 other::---
 ```
 **Sudo privileges**:
 ```bash
 # If you use this method, you will need the following in your telegraf config:
 [[inputs.varnish]]
  use_sudo = true
 $ visudo
 # Add the following line:
 telegraf ALL=(ALL) NOPASSWD: /usr/bin/varnishstat
 $ grep varnish /etc/sudoers
 telegraf ALL = NOPASSWD: /usr/bin/varnishstat
 ```
 Please use the solution you see as most appropriate.
 ### Example Output:
 ```
--- a/plugins/inputs/varnish/varnish.go
+++ b/plugins/inputs/varnish/varnish.go
@ -17,12 +17,13 @@ import (
 	"github.com/influxdata/telegraf/plugins/inputs"
 )
-type runner func(cmdName string) (*bytes.Buffer, error)
+type runner func(cmdName string, UseSudo bool) (*bytes.Buffer, error)
 // Varnish is used to store configuration values
 type Varnish struct {
-	Stats  []string
+	Stats   []string
-	Binary string
+	Binary  string
 	UseSudo bool
 	filter filter.Filter
 	run    runner
@ -32,6 +33,9 @@ var defaultStats = []string{"MAIN.cache_hit", "MAIN.cache_miss", "MAIN.uptime"}
 var defaultBinary = "/usr/bin/varnishstat"
 var sampleConfig = `
  ## If running as a restricted user you can prepend sudo for additional access:
  #use_sudo = false
  ## The default location of the varnishstat binary can be overridden with:
  binary = "/usr/bin/varnishstat"
@ -52,10 +56,16 @@ func (s *Varnish) SampleConfig() string {
 }
 // Shell out to varnish_stat and return the output
-func varnishRunner(cmdName string) (*bytes.Buffer, error) {
+func varnishRunner(cmdName string, UseSudo bool) (*bytes.Buffer, error) {
 	cmdArgs := []string{"-1"}
 	cmd := exec.Command(cmdName, cmdArgs...)
 	if UseSudo {
 		cmdArgs = append([]string{cmdName}, cmdArgs...)
 		cmdArgs = append([]string{"-n"}, cmdArgs...)
 		cmd = exec.Command("sudo", cmdArgs...)
 	}
 	var out bytes.Buffer
 	cmd.Stdout = &out
 	err := internal.RunTimeout(cmd, time.Millisecond*200)
@ -89,7 +99,7 @@ func (s *Varnish) Gather(acc telegraf.Accumulator) error {
 		}
 	}
-	out, err := s.run(s.Binary)
+	out, err := s.run(s.Binary, s.UseSudo)
 	if err != nil {
 		return fmt.Errorf("error gathering metrics: %s", err)
 	}
@ -145,9 +155,10 @@ func (s *Varnish) Gather(acc telegraf.Accumulator) error {
 func init() {
 	inputs.Add("varnish", func() telegraf.Input {
 		return &Varnish{
-			run:    varnishRunner,
+			run:     varnishRunner,
-			Stats:  defaultStats,
+			Stats:   defaultStats,
-			Binary: defaultBinary,
+			Binary:  defaultBinary,
 			UseSudo: false,
 		}
 	})
 }
--- a/plugins/inputs/varnish/varnish_test.go
+++ b/plugins/inputs/varnish/varnish_test.go
@ -11,8 +11,8 @@ import (
 	"testing"
 )
-func fakeVarnishStat(output string) func(string) (*bytes.Buffer, error) {
+func fakeVarnishStat(output string, useSudo bool) func(string, bool) (*bytes.Buffer, error) {
-	return func(string) (*bytes.Buffer, error) {
+	return func(string, bool) (*bytes.Buffer, error) {
 		return bytes.NewBuffer([]byte(output)), nil
 	}
 }
@ -20,7 +20,7 @@ func fakeVarnishStat(output string) func(string) (*bytes.Buffer, error) {
 func TestGather(t *testing.T) {
 	acc := &testutil.Accumulator{}
 	v := &Varnish{
-		run:   fakeVarnishStat(smOutput),
+		run:   fakeVarnishStat(smOutput, false),
 		Stats: []string{"*"},
 	}
 	v.Gather(acc)
@ -36,7 +36,7 @@ func TestGather(t *testing.T) {
 func TestParseFullOutput(t *testing.T) {
 	acc := &testutil.Accumulator{}
 	v := &Varnish{
-		run:   fakeVarnishStat(fullOutput),
+		run:   fakeVarnishStat(fullOutput, true),
 		Stats: []string{"*"},
 	}
 	err := v.Gather(acc)
@ -51,7 +51,7 @@ func TestParseFullOutput(t *testing.T) {
 func TestFilterSomeStats(t *testing.T) {
 	acc := &testutil.Accumulator{}
 	v := &Varnish{
-		run:   fakeVarnishStat(fullOutput),
+		run:   fakeVarnishStat(fullOutput, false),
 		Stats: []string{"MGT.*", "VBE.*"},
 	}
 	err := v.Gather(acc)
@ -74,7 +74,7 @@ func TestFieldConfig(t *testing.T) {
 	for fieldCfg, expected := range expect {
 		acc := &testutil.Accumulator{}
 		v := &Varnish{
-			run:   fakeVarnishStat(fullOutput),
+			run:   fakeVarnishStat(fullOutput, true),
 			Stats: strings.Split(fieldCfg, ","),
 		}
 		err := v.Gather(acc)