prometheus_wireguard_exporter icon indicating copy to clipboard operation
prometheus_wireguard_exporter copied to clipboard

Published 20 hours ago verified publisher icon MindFlavor

prepend_sudo does not work as expected

Open bjoern-r opened this issue 4 years ago • 2 comments
trafficstars

i'm running the exporter as an unprivileged user monitoring and added a sudoers entry to allow execution of the wg tool by monitoring user without password. however the exporter just returns Permission denied (os error 13)

via shell it works as expected:

monitoring@hell:/tmp$ wg show
Unable to access interface wg0: Operation not permitted
monitoring@hell:/tmp$ sudo wg show 
interface: wg0                                                 
  public key: pZ...A=
  private key: (hidden)                       
  listening port: 51820

via prometheus_wireguard_exporter it fails

# sudo -u monitoring /usr/local/bin/prometheus_wireguard_exporter -a -l 10.192.123.1 -n /etc/wireguard/wg0.conf -i wg0 -v

a ==> wg0
[2021-04-05T16:48:33Z INFO  prometheus_wireguard_exporter] prometheus_wireguard_exporter v3.5.0 starting...
[2021-04-05T16:48:33Z INFO  prometheus_wireguard_exporter] using options: Options { verbose: true, prepend_sudo: true, separate_allowed_ips: false, extract_names_config_file: Some("/etc/wireguard/wg0.conf"), interfaces: Some(["wg0"]), export_remote_ip_and_port: false }
[2021-04-05T16:48:33Z INFO  prometheus_wireguard_exporter] starting exporter on http://10.192.123.1:9586/metrics
[2021-04-05T16:48:33Z INFO  prometheus_exporter_base] Listening on http://10.192.123.1:9586
[2021-04-05T16:48:37Z TRACE prometheus_exporter_base] serve_function:: req.uri() == /metrics, req.method() == GET
[2021-04-05T16:48:37Z TRACE prometheus_exporter_base] serve_function:: options == Options { verbose: true, prepend_sudo: true, separate_allowed_ips: false, extract_names_config_file: Some("/etc/wireguard/wg0.conf"), interfaces: Some(["wg0"]), export_remote_ip_and_port: false }
[2021-04-05T16:48:37Z WARN  prometheus_exporter_base] internal server error == Os { code: 13, kind: PermissionDenied, message: "Permission denied" }

bjoern-r avatar Apr 05 '21 17:04 bjoern-r

@bjoern-r is the user monitoring allowed to read /etc/wireguard/wg0.conf? This was my problem. You could try your above prometheus_wireguard_exporter command without the -n to verify this easily.

zxyz avatar Feb 27 '22 10:02 zxyz

thanks for pointing out. i will try it out when i have the chance..

bjoern-r avatar Mar 01 '22 15:03 bjoern-r