diff options
| author | Ilya Mashchenko <ilyamaschenko@gmail.com> | 2018-10-26 08:57:34 +0900 |
|---|---|---|
| committer | Costa Tsaousis <costa@tsaousis.gr> | 2018-10-26 02:57:34 +0300 |
| commit | c6cce6bd2accec27a61243e1ffa38826ac2a4892 (patch) | |
| tree | 734d28a099ae2c12f4858a8d425cdf549581db0e | |
| parent | 6cf0d0c0169be2588ad2e199d911d7b10df58cb2 (diff) | |
Disable python sudo modules by default (#4477)
* adaptec_raid: check if `arcconf` is available first
* adaptec_raid: disable by default and update docs
* megacli: disable by default and update docs
* samba: disable by default and update docs
* samba megacli adaptec readme fix
* adaptec readme fix
8 files changed, 70 insertions, 28 deletions
diff --git a/collectors/python.d.plugin/adaptec_raid/README.md b/collectors/python.d.plugin/adaptec_raid/README.md index 44b327c8f8..499dc9190e 100644 --- a/collectors/python.d.plugin/adaptec_raid/README.md +++ b/collectors/python.d.plugin/adaptec_raid/README.md @@ -3,7 +3,9 @@ Module collects logical and physical devices health metrics. **Requirements:** - * `netdata` user needs to be able to sudo the `arcconf` program without password +* `arcconf` program +* `sudo` program +* `netdata` user needs to be able to sudo the `arcconf` program without password To grab stats it executes: * `sudo -n arcconf GETCONFIG 1 LD` @@ -20,7 +22,24 @@ It produces: 4. **Physical Device Temperature** -Screenshot: +### prerequisite +This module uses `arcconf` which can only be executed by root. It uses +`sudo` and assumes that it is configured such that the `netdata` user can +execute `arcconf` as root without password. + +Add to `sudoers`: + + netdata ALL=(root) NOPASSWD: /path/to/arcconf + +### configuration + + **adaptec_raid** is disabled by default. Should be explicitly enabled in `python.d.conf`. + +```yaml +adaptec_raid: yes +``` + +#### Screenshot:  diff --git a/collectors/python.d.plugin/adaptec_raid/adaptec_raid.chart.py b/collectors/python.d.plugin/adaptec_raid/adaptec_raid.chart.py index e4af5afff4..1fb1e4336c 100644 --- a/collectors/python.d.plugin/adaptec_raid/adaptec_raid.chart.py +++ b/collectors/python.d.plugin/adaptec_raid/adaptec_raid.chart.py @@ -12,6 +12,8 @@ from bases.FrameworkServices.ExecutableService import ExecutableService from bases.collection import find_binary +disabled_by_default = True + update_every = 5 ORDER = [ @@ -158,6 +160,11 @@ class Service(ExecutableService): return self._get_raw_data(command=command, stderr=stderr) def check(self): + arcconf = find_binary(ARCCONF) + if not arcconf: + self.error('can\'t locate "{0}" binary'.format(ARCCONF)) + return False + sudo = find_binary(SUDO) if self.use_sudo: if not sudo: @@ -168,11 +175,6 @@ class Service(ExecutableService): self.error(' '.join(err)) return False - arcconf = find_binary(ARCCONF) - if not arcconf: - self.error('can\'t locate "{0}" binary'.format(ARCCONF)) - return False - if self.use_sudo: self.arcconf = SudoArcconf(arcconf, sudo) else: diff --git a/collectors/python.d.plugin/adaptec_raid/adaptec_raid.conf b/collectors/python.d.plugin/adaptec_raid/adaptec_raid.conf index 9a3796db39..253cbf5a9c 100644 --- a/collectors/python.d.plugin/adaptec_raid/adaptec_raid.conf +++ b/collectors/python.d.plugin/adaptec_raid/adaptec_raid.conf @@ -53,7 +53,3 @@ # retries: 60 # the JOB's number of restoration attempts # autodetection_retry: 0 # the JOB's re-check interval in seconds # ---------------------------------------------------------------------- - -# IMPORTANT -# The netdata user needs to be able to sudo the arcconf program without password: -# netdata ALL=(root) NOPASSWD: /path/to/arcconf diff --git a/collectors/python.d.plugin/megacli/README.md b/collectors/python.d.plugin/megacli/README.md index 647a056b8d..d288a63535 100644 --- a/collectors/python.d.plugin/megacli/README.md +++ b/collectors/python.d.plugin/megacli/README.md @@ -3,6 +3,8 @@ Module collects adapter, physical drives and battery stats. **Requirements:** + * `megacli` program + * `sudo` program * `netdata` user needs to be able to be able to sudo the `megacli` program without password To grab stats it executes: @@ -22,7 +24,25 @@ It produces: 5. **Battery Cycle Count** +### prerequisite +This module uses `megacli` which can only be executed by root. It uses +`sudo` and assumes that it is configured such that the `netdata` user can +execute `megacli` as root without password. + +Add to `sudoers`: + + netdata ALL=(root) NOPASSWD: /path/to/megacli + ### configuration -Battery stats disabled by default in the module configuration file. + +**megacli** is disabled by default. Should be explicitly enabled in `python.d.conf`. +```yaml +megacli: yes +``` + +Battery stats disabled by default. To enable them modify `megacli.conf`. +```yaml +do_battery: yes +``` --- diff --git a/collectors/python.d.plugin/megacli/megacli.chart.py b/collectors/python.d.plugin/megacli/megacli.chart.py index e9f1fe6813..41a1079f67 100644 --- a/collectors/python.d.plugin/megacli/megacli.chart.py +++ b/collectors/python.d.plugin/megacli/megacli.chart.py @@ -10,6 +10,8 @@ from bases.FrameworkServices.ExecutableService import ExecutableService from bases.collection import find_binary +disabled_by_default = True + update_every = 5 diff --git a/collectors/python.d.plugin/megacli/megacli.conf b/collectors/python.d.plugin/megacli/megacli.conf index d84078ecb1..73afb2f7fd 100644 --- a/collectors/python.d.plugin/megacli/megacli.conf +++ b/collectors/python.d.plugin/megacli/megacli.conf @@ -58,11 +58,5 @@ # do_battery: yes/no # default is no. Battery stats (adds additional call to megacli `megacli -AdpBbuCmd -a0`). # # ---------------------------------------------------------------------- - -# IMPORTANT -# The netdata user needs to be able to be able to sudo the megacli program without password: -# netdata ALL=(root) NOPASSWD: /path/to/megacli - - # uncomment the line below to collect battery statistics # do_battery: yes diff --git a/collectors/python.d.plugin/samba/README.md b/collectors/python.d.plugin/samba/README.md index 47a5551c06..44610d373a 100644 --- a/collectors/python.d.plugin/samba/README.md +++ b/collectors/python.d.plugin/samba/README.md @@ -2,6 +2,13 @@ Performance metrics of Samba file sharing. +**Requirements:** +* `smbstatus` program +* `sudo` program +* `smbd` must be compiled with profiling enabled +* `smbd` must be started either with the `-P 1` option or inside `smb.conf` using `smbd profiling level` +* `netdata` user needs to be able to sudo the `smbstatus` program without password + It produces the following charts: 1. **Syscall R/Ws** in kilobytes/s @@ -40,22 +47,21 @@ It produces the following charts: * break * sessetup -### configuration +### prerequisite +This module uses `smbstatus` which can only be executed by root. It uses +`sudo` and assumes that it is configured such that the `netdata` user can +execute `smbstatus` as root without password. -Requires that smbd has been compiled with profiling enabled. Also required -that `smbd` was started either with the `-P 1` option or inside `smb.conf` -using `smbd profiling level`. +Add to `sudoers`: -This plugin uses `smbstatus -P` which can only be executed by root. It uses -sudo and assumes that it is configured such that the `netdata` user can -execute smbstatus as root without password. + netdata ALL=(root) NOPASSWD: /path/to/smbstatus -For example: +### configuration - netdata ALL=(ALL) NOPASSWD: /usr/bin/smbstatus -P + **samba** is disabled by default. Should be explicitly enabled in `python.d.conf`. ```yaml -update_every : 5 # update frequency +samba: yes ``` --- diff --git a/collectors/python.d.plugin/samba/samba.chart.py b/collectors/python.d.plugin/samba/samba.chart.py index 27c1c72ecc..b2278de9ef 100644 --- a/collectors/python.d.plugin/samba/samba.chart.py +++ b/collectors/python.d.plugin/samba/samba.chart.py @@ -21,6 +21,9 @@ import re from bases.collection import find_binary from bases.FrameworkServices.ExecutableService import ExecutableService + +disabled_by_default = True + # default module values (can be overridden per job in `config`) update_every = 5 priority = 60000 |