2213409 – [RHOSP16.2] ceilometer sudoers is required by ceilometer-polling to enable polling ipmi namespace

Bug 2213409 - [RHOSP16.2] ceilometer sudoers is required by ceilometer-polling to enable polling ipmi namespace

Summary: [RHOSP16.2] ceilometer sudoers is required by ceilometer-polling to enable po...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-tripleo-heat-templates
Sub Component:
Version:	16.2 (Train)
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	z6
Target Release:	16.2 (Train on RHEL 8.4)
Assignee:	Yadnesh Kulkarni
QA Contact:	Leonid Natapov
Docs Contact:	mgeary
URL:
Whiteboard:
Depends On:	2169303
Blocks:
TreeView+	depends on / blocked

Reported:	2023-06-08 05:23 UTC by Yadnesh Kulkarni
Modified:	2023-11-08 19:19 UTC (History)
CC List:	8 users (show)
Fixed In Version:	openstack-tripleo-heat-templates-11.6.1-2.20230717085025.1608f56.el8ost
Doc Type:	Bug Fix
Doc Text:	Before this update, the IPMI agent container did not spawn because the CeilometerIpmi service was not added to THT Compute roles. With this update, the CeilometerIpmi service is added to all THT Compute roles, and the IPMI agent container is spawned with the `--privilege` flag to run `ipmitool` commands on the host. The data collection service (ceilometer) now captures power metrics.
Clone Of:	2169303
Environment:
Last Closed:	2023-11-08 19:18:36 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
OpenStack gerrit	885564	None	MERGED	Fix CeilometerAgentIpmi service to gather and report power metrics	2023-08-09 06:33:39 UTC
Red Hat Issue Tracker	OSP-27328	None	None	None	2023-08-09 06:39:03 UTC
Red Hat Product Errata	RHBA-2023:6307	None	None	None	2023-11-08 19:19:28 UTC

Description Yadnesh Kulkarni 2023-06-08 05:23:38 UTC

+++ This bug was initially created as a clone of Bug #2169303 +++

Description of problem:

Currently we have two methods to make ceilometer to poll ipmi namespace.
 1) Use ceilometer-polling and enable ipmi namespace
 2) Use ceilometer-ipmi and use that specific service

However sudoers is installed only for 2 and this causes the following failure in case 1 is used.

example:
https://86528e56a845f286885c-ddf4c57eb5e1f9e1a36bd74aa5f4e0cd.ssl.cf5.rackcdn.com/873444/2/check/puppet-openstack-integration-7-scenario001-tempest-centos-9-stream/7b8abc8/logs/ceilometer/polling.txt
~~~
2023-02-13 03:09:48.050 105607 INFO oslo.privsep.daemon [-] Running privsep helper: ['sudo', 'ceilometer-rootwrap', '/etc/ceilometer/rootwrap.conf', 'privsep-helper', '--privsep_context', 'ceilometer.privsep.sys_admin_pctxt', '--privsep_sock_path', '/tmp/tmpk6fsgjez/privsep.sock']
2023-02-13 03:09:48.078 105607 WARNING oslo.privsep.daemon [-] privsep log: 
2023-02-13 03:09:48.079 105607 WARNING oslo.privsep.daemon [-] privsep log: We trust you have received the usual lecture from the local System
2023-02-13 03:09:48.079 105607 WARNING oslo.privsep.daemon [-] privsep log: Administrator. It usually boils down to these three things:
2023-02-13 03:09:48.079 105607 WARNING oslo.privsep.daemon [-] privsep log: 
2023-02-13 03:09:48.079 105607 WARNING oslo.privsep.daemon [-] privsep log:     #1) Respect the privacy of others.
2023-02-13 03:09:48.079 105607 WARNING oslo.privsep.daemon [-] privsep log:     #2) Think before you type.
2023-02-13 03:09:48.079 105607 WARNING oslo.privsep.daemon [-] privsep log:     #3) With great power comes great responsibility.
2023-02-13 03:09:48.080 105607 WARNING oslo.privsep.daemon [-] privsep log: 
2023-02-13 03:09:48.133 105607 WARNING oslo.privsep.daemon [-] privsep log: sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
2023-02-13 03:09:48.134 105607 WARNING oslo.privsep.daemon [-] privsep log: sudo: a password is required
2023-02-13 03:09:48.137 105607 CRITICAL oslo.privsep.daemon [-] privsep helper command exited non-zero (1)
~~~


How reproducible:

Always

Steps to Reproduce:
1. Start ceilometer-polling with ipminamespace enabled
2. Check polling.log

Actual results:
It fails to run the rootwrap command

Expected results:
It succeeds to run the rootwrap command

Comment 6 Leonid Natapov 2023-09-30 05:39:25 UTC

ceilometer_agent_ipmi is running on compute nodes and there are no errors in the ipmi.log file

Comment 16 errata-xmlrpc 2023-11-08 19:18:36 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenStack Platform 16.2.6 (Train) bug fix and enhancement advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:6307

Note You need to log in before you can comment on or make changes to this bug.