[MediaWiki-commits] [Gerrit] operations/puppet[production]: monitoring/base: add nagios sudo privs for IPMI sensors

Tue, 30 May 2017 19:33:06 -0700 

Dzahn has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/356324 )

Change subject: monitoring/base: add nagios sudo privs for IPMI sensors
......................................................................

monitoring/base: add nagios sudo privs for IPMI sensors

The nagios user needs to be able to run ipmi-sel and ipmi-sensors
to be able to run IPMI temperature checks, otherwise Iefd4e699302a7adc155
would not work yet and get UNKNOWNS.

From check_ipmi_sensors:

 64        For \"-H localhost\" or if no host is specified (local computer) the
 65        Nagios/Icinga user must be allowed to run
 66        ipmimonitoring/ipmi-sensors/ipmi-sel/[ipmi-fru] with root privileges
 67        or via sudo (ipmimonitoring/ipmi-sensors/ipmi-sel/[ipmi-fru] must be
 68        able to access the IPMI devices via the IPMI system interface).

This is like for some other existing nagios checks in base, like 
check_puppet_run etc.

Bug: T125205
Change-Id: Ifbefd75a3f82654f8fd0f6b6917cb111b81a6a2a
---
M modules/base/manifests/monitoring/host.pp
1 file changed, 6 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/24/356324/1

diff --git a/modules/base/manifests/monitoring/host.pp 
b/modules/base/manifests/monitoring/host.pp
index 8cc3e64..db6a9f3 100644
--- a/modules/base/manifests/monitoring/host.pp
+++ b/modules/base/manifests/monitoring/host.pp
@@ -158,6 +158,12 @@
 
     # check temperature sensors via IPMI, unless VM (T125205)
     if str2bool($facts['is_virtual']) == false {
+
+        ::sudo::user { 'nagios_ipmi_temp':
+            user       => 'nagios',
+            privileges => ['ALL = NOPASSWD: /usr/sbin/ipmi-sel, 
/usr/sbin/ipmi-sensors'],
+        }
+
         nrpe::monitor_service { 'check_ipmi_temp':
             description  => 'IPMI Temperature',
             nrpe_command => '/usr/local/lib/nagios/plugins/check_ipmi_sensor 
--noentityabsent -T Temperature -ST Temperature',

-- 
To view, visit https://gerrit.wikimedia.org/r/356324
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ifbefd75a3f82654f8fd0f6b6917cb111b81a6a2a
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to