Add option to run varnish under sudo (#3097)
This commit is contained in:
		
							parent
							
								
									cb04fa1e9c
								
							
						
					
					
						commit
						8a2373e8c8
					
				|  | @ -7,6 +7,9 @@ This plugin gathers stats from [Varnish HTTP Cache](https://varnish-cache.org/) | |||
| ```toml | ||||
|  # A plugin to collect stats from Varnish HTTP Cache | ||||
|  [[inputs.varnish]] | ||||
|    ## If running as a restricted user you can prepend sudo for additional access: | ||||
|    #use_sudo = false | ||||
| 
 | ||||
|    ## The default location of the varnishstat binary can be overridden with: | ||||
|    binary = "/usr/bin/varnishstat" | ||||
| 
 | ||||
|  | @ -330,6 +333,63 @@ the following values: | |||
|   - LCK | ||||
|    | ||||
|    | ||||
| 
 | ||||
| ### Permissions: | ||||
| 
 | ||||
| It's important to note that this plugin references varnishstat, which may require additional permissions to execute successfully. | ||||
| Depending on the user/group permissions of the telegraf user executing this plugin, you may need to alter the group membership, set facls, or use sudo. | ||||
| 
 | ||||
| **Group membership (Recommended)**: | ||||
| ```bash | ||||
| $ groups telegraf | ||||
| telegraf : telegraf | ||||
| 
 | ||||
| $ usermod -a -G varnish telegraf | ||||
| 
 | ||||
| $ groups telegraf | ||||
| telegraf : telegraf varnish | ||||
| ``` | ||||
| 
 | ||||
| **Extended filesystem ACL's**: | ||||
| ```bash | ||||
| $ getfacl /var/lib/varnish/<hostname>/_.vsm | ||||
| # file: var/lib/varnish/<hostname>/_.vsm | ||||
| # owner: root | ||||
| # group: root | ||||
| user::rw- | ||||
| group::r-- | ||||
| other::--- | ||||
| 
 | ||||
| $ setfacl -m u:telegraf:r /var/lib/varnish/<hostname>/_.vsm | ||||
| 
 | ||||
| $ getfacl /var/lib/varnish/<hostname>/_.vsm | ||||
| # file: var/lib/varnish/<hostname>/_.vsm | ||||
| # owner: root | ||||
| # group: root | ||||
| user::rw- | ||||
| user:telegraf:r-- | ||||
| group::r-- | ||||
| mask::r-- | ||||
| other::--- | ||||
| ``` | ||||
| 
 | ||||
| **Sudo privileges**: | ||||
| ```bash | ||||
| # If you use this method, you will need the following in your telegraf config: | ||||
| [[inputs.varnish]] | ||||
|   use_sudo = true | ||||
| 
 | ||||
| $ visudo | ||||
| 
 | ||||
| # Add the following line: | ||||
| telegraf ALL=(ALL) NOPASSWD: /usr/bin/varnishstat | ||||
| 
 | ||||
| $ grep varnish /etc/sudoers | ||||
| telegraf ALL = NOPASSWD: /usr/bin/varnishstat | ||||
| ``` | ||||
| 
 | ||||
| Please use the solution you see as most appropriate. | ||||
| 
 | ||||
| ### Example Output: | ||||
| 
 | ||||
| ``` | ||||
|  |  | |||
|  | @ -17,12 +17,13 @@ import ( | |||
| 	"github.com/influxdata/telegraf/plugins/inputs" | ||||
| ) | ||||
| 
 | ||||
| type runner func(cmdName string) (*bytes.Buffer, error) | ||||
| type runner func(cmdName string, UseSudo bool) (*bytes.Buffer, error) | ||||
| 
 | ||||
| // Varnish is used to store configuration values
 | ||||
| type Varnish struct { | ||||
| 	Stats   []string | ||||
| 	Binary  string | ||||
| 	UseSudo bool | ||||
| 
 | ||||
| 	filter filter.Filter | ||||
| 	run    runner | ||||
|  | @ -32,6 +33,9 @@ var defaultStats = []string{"MAIN.cache_hit", "MAIN.cache_miss", "MAIN.uptime"} | |||
| var defaultBinary = "/usr/bin/varnishstat" | ||||
| 
 | ||||
| var sampleConfig = ` | ||||
|   ## If running as a restricted user you can prepend sudo for additional access: | ||||
|   #use_sudo = false | ||||
| 
 | ||||
|   ## The default location of the varnishstat binary can be overridden with: | ||||
|   binary = "/usr/bin/varnishstat" | ||||
| 
 | ||||
|  | @ -52,10 +56,16 @@ func (s *Varnish) SampleConfig() string { | |||
| } | ||||
| 
 | ||||
| // Shell out to varnish_stat and return the output
 | ||||
| func varnishRunner(cmdName string) (*bytes.Buffer, error) { | ||||
| func varnishRunner(cmdName string, UseSudo bool) (*bytes.Buffer, error) { | ||||
| 	cmdArgs := []string{"-1"} | ||||
| 
 | ||||
| 	cmd := exec.Command(cmdName, cmdArgs...) | ||||
| 
 | ||||
| 	if UseSudo { | ||||
| 		cmdArgs = append([]string{cmdName}, cmdArgs...) | ||||
| 		cmdArgs = append([]string{"-n"}, cmdArgs...) | ||||
| 		cmd = exec.Command("sudo", cmdArgs...) | ||||
| 	} | ||||
| 
 | ||||
| 	var out bytes.Buffer | ||||
| 	cmd.Stdout = &out | ||||
| 	err := internal.RunTimeout(cmd, time.Millisecond*200) | ||||
|  | @ -89,7 +99,7 @@ func (s *Varnish) Gather(acc telegraf.Accumulator) error { | |||
| 		} | ||||
| 	} | ||||
| 
 | ||||
| 	out, err := s.run(s.Binary) | ||||
| 	out, err := s.run(s.Binary, s.UseSudo) | ||||
| 	if err != nil { | ||||
| 		return fmt.Errorf("error gathering metrics: %s", err) | ||||
| 	} | ||||
|  | @ -148,6 +158,7 @@ func init() { | |||
| 			run:     varnishRunner, | ||||
| 			Stats:   defaultStats, | ||||
| 			Binary:  defaultBinary, | ||||
| 			UseSudo: false, | ||||
| 		} | ||||
| 	}) | ||||
| } | ||||
|  |  | |||
|  | @ -11,8 +11,8 @@ import ( | |||
| 	"testing" | ||||
| ) | ||||
| 
 | ||||
| func fakeVarnishStat(output string) func(string) (*bytes.Buffer, error) { | ||||
| 	return func(string) (*bytes.Buffer, error) { | ||||
| func fakeVarnishStat(output string, useSudo bool) func(string, bool) (*bytes.Buffer, error) { | ||||
| 	return func(string, bool) (*bytes.Buffer, error) { | ||||
| 		return bytes.NewBuffer([]byte(output)), nil | ||||
| 	} | ||||
| } | ||||
|  | @ -20,7 +20,7 @@ func fakeVarnishStat(output string) func(string) (*bytes.Buffer, error) { | |||
| func TestGather(t *testing.T) { | ||||
| 	acc := &testutil.Accumulator{} | ||||
| 	v := &Varnish{ | ||||
| 		run:   fakeVarnishStat(smOutput), | ||||
| 		run:   fakeVarnishStat(smOutput, false), | ||||
| 		Stats: []string{"*"}, | ||||
| 	} | ||||
| 	v.Gather(acc) | ||||
|  | @ -36,7 +36,7 @@ func TestGather(t *testing.T) { | |||
| func TestParseFullOutput(t *testing.T) { | ||||
| 	acc := &testutil.Accumulator{} | ||||
| 	v := &Varnish{ | ||||
| 		run:   fakeVarnishStat(fullOutput), | ||||
| 		run:   fakeVarnishStat(fullOutput, true), | ||||
| 		Stats: []string{"*"}, | ||||
| 	} | ||||
| 	err := v.Gather(acc) | ||||
|  | @ -51,7 +51,7 @@ func TestParseFullOutput(t *testing.T) { | |||
| func TestFilterSomeStats(t *testing.T) { | ||||
| 	acc := &testutil.Accumulator{} | ||||
| 	v := &Varnish{ | ||||
| 		run:   fakeVarnishStat(fullOutput), | ||||
| 		run:   fakeVarnishStat(fullOutput, false), | ||||
| 		Stats: []string{"MGT.*", "VBE.*"}, | ||||
| 	} | ||||
| 	err := v.Gather(acc) | ||||
|  | @ -74,7 +74,7 @@ func TestFieldConfig(t *testing.T) { | |||
| 	for fieldCfg, expected := range expect { | ||||
| 		acc := &testutil.Accumulator{} | ||||
| 		v := &Varnish{ | ||||
| 			run:   fakeVarnishStat(fullOutput), | ||||
| 			run:   fakeVarnishStat(fullOutput, true), | ||||
| 			Stats: strings.Split(fieldCfg, ","), | ||||
| 		} | ||||
| 		err := v.Gather(acc) | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue