On 10/01/2020 09:56, Otto Moerbeek via Pdns-users wrote:
It looks like the rec_control line your snmpd.conf is triggering the
problem. Likely the snmd subsystem starts rec_control as a user that
does not have permission to write into /var/run/pdns-recursor.
You can try disabling (by commenting it out) the
extend pdns-rec /usr/local/bin/pdns_stats
line or, if you really need it, change the permissions of the
/var/run/pdns-recursor dir to include rwx for others.
Not that the latter might have security implications on your system. You
must decide if that is OK for you,
As someone mentioned before: if this is an SELinux environment (e.g.
CentOS/RedHat), snmpd may be prevented from accessing files in random
directories, even if normal file/directory perms allow it.
Similar situation: I was using snmpd-mdraid-connector and
snmpd-smartctl-connector, with these lines in snmpd.conf:
pass_persist .1.3.6.1.4.1.38696.2.1 /usr/sbin/snmpd-smartctl-connector
pass_persist .1.3.6.1.4.1.38696.2.2 /usr/sbin/snmpd-mdraid-connector
There is a separate cronjob which writes files that these connectors
read. To make these work, I had to ensure all the files were written
under /var/cache/snmp, and set the selinux type to `snmpd_var_run_t`
In ansible-ese:
- name: create cache dir
action: file path={{item}} state=directory setype=snmpd_var_run_t
with_items:
- /var/cache/snmp
- /var/cache/snmp/mdadm
- /var/cache/snmp/smartctl
You can test if this is the problem by putting selinux into permissive
mode temporarily, before digging down further into exact what the
required fix is.
Alternatively: move away from using SNMP for collecting host and service
information. Almost anything is better. Prometheus + node_exporter is
my favourite solution.
Regards,
Brian.
_______________________________________________
Pdns-users mailing list
[email protected]
https://mailman.powerdns.com/mailman/listinfo/pdns-users
