Bug 2213409

Summary: [RHOSP16.2] ceilometer sudoers is required by ceilometer-polling to enable polling ipmi namespace
Product: Red Hat OpenStack Reporter: Yadnesh Kulkarni <ykulkarn>
Component: openstack-tripleo-heat-templatesAssignee: Yadnesh Kulkarni <ykulkarn>
Status: MODIFIED --- QA Contact: Leonid Natapov <lnatapov>
Severity: high Docs Contact: mgeary <mgeary>
Priority: high    
Version: 16.2 (Train)CC: apevec, lnatapov, mburns, mrunge, srevivo, tkajinam, ykulkarn
Target Milestone: z6Keywords: Bugfix, Triaged
Target Release: 16.2 (Train on RHEL 8.4)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-tripleo-heat-templates-11.6.1-2.20230717085025.1608f56.el8ost Doc Type: Bug Fix
Doc Text:
Cause: CeilometerIpmi service was not added to Compute roles. Consequence: Since this service was missing from THT compute roles, ipmi agent container didn't spawn. Fix: Enabling this service in all THT compute roles fixes this issue. Also ipmi agent container is executed with "--privilege" flag to execute "ipmitool" commands on the host. Result: With this fix, power metrics are being captured by ceilometer.
 Story Points: ---
Clone Of: 2169303 Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2169303    
Bug Blocks:    

Description Yadnesh Kulkarni 2023-06-08 05:23:38 UTC 
+++ This bug was initially created as a clone of Bug #2169303 +++

Description of problem:

Currently we have two methods to make ceilometer to poll ipmi namespace.
 1) Use ceilometer-polling and enable ipmi namespace
 2) Use ceilometer-ipmi and use that specific service

However sudoers is installed only for 2 and this causes the following failure in case 1 is used.

example:
https://86528e56a845f286885c-ddf4c57eb5e1f9e1a36bd74aa5f4e0cd.ssl.cf5.rackcdn.com/873444/2/check/puppet-openstack-integration-7-scenario001-tempest-centos-9-stream/7b8abc8/logs/ceilometer/polling.txt
~~~
2023-02-13 03:09:48.050 105607 INFO oslo.privsep.daemon [-] Running privsep helper: ['sudo', 'ceilometer-rootwrap', '/etc/ceilometer/rootwrap.conf', 'privsep-helper', '--privsep_context', 'ceilometer.privsep.sys_admin_pctxt', '--privsep_sock_path', '/tmp/tmpk6fsgjez/privsep.sock']
2023-02-13 03:09:48.078 105607 WARNING oslo.privsep.daemon [-] privsep log: 
2023-02-13 03:09:48.079 105607 WARNING oslo.privsep.daemon [-] privsep log: We trust you have received the usual lecture from the local System
2023-02-13 03:09:48.079 105607 WARNING oslo.privsep.daemon [-] privsep log: Administrator. It usually boils down to these three things:
2023-02-13 03:09:48.079 105607 WARNING oslo.privsep.daemon [-] privsep log: 
2023-02-13 03:09:48.079 105607 WARNING oslo.privsep.daemon [-] privsep log:     #1) Respect the privacy of others.
2023-02-13 03:09:48.079 105607 WARNING oslo.privsep.daemon [-] privsep log:     #2) Think before you type.
2023-02-13 03:09:48.079 105607 WARNING oslo.privsep.daemon [-] privsep log:     #3) With great power comes great responsibility.
2023-02-13 03:09:48.080 105607 WARNING oslo.privsep.daemon [-] privsep log: 
2023-02-13 03:09:48.133 105607 WARNING oslo.privsep.daemon [-] privsep log: sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
2023-02-13 03:09:48.134 105607 WARNING oslo.privsep.daemon [-] privsep log: sudo: a password is required
2023-02-13 03:09:48.137 105607 CRITICAL oslo.privsep.daemon [-] privsep helper command exited non-zero (1)
~~~


How reproducible:

Always

Steps to Reproduce:
1. Start ceilometer-polling with ipminamespace enabled
2. Check polling.log

Actual results:
It fails to run the rootwrap command

Expected results:
It succeeds to run the rootwrap command