Bug 2213409 - [RHOSP16.2] ceilometer sudoers is required by ceilometer-polling to enable polling ipmi namespace
Summary: [RHOSP16.2] ceilometer sudoers is required by ceilometer-polling to enable po...
Keywords:
Status: MODIFIED
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo-heat-templates
Version: 16.2 (Train)
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: z6
: 16.2 (Train on RHEL 8.4)
Assignee: Yadnesh Kulkarni
QA Contact: Leonid Natapov
mgeary
URL:
Whiteboard:
Depends On: 2169303
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-06-08 05:23 UTC by Yadnesh Kulkarni
Modified: 2023-08-09 06:39 UTC (History)
7 users (show)

Fixed In Version: openstack-tripleo-heat-templates-11.6.1-2.20230717085025.1608f56.el8ost
Doc Type: Bug Fix
Doc Text:
Cause: CeilometerIpmi service was not added to Compute roles. Consequence: Since this service was missing from THT compute roles, ipmi agent container didn't spawn. Fix: Enabling this service in all THT compute roles fixes this issue. Also ipmi agent container is executed with "--privilege" flag to execute "ipmitool" commands on the host. Result: With this fix, power metrics are being captured by ceilometer.
Clone Of: 2169303
Environment:
Last Closed:
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenStack gerrit 885564 0 None MERGED Fix CeilometerAgentIpmi service to gather and report power metrics 2023-08-09 06:33:39 UTC
Red Hat Issue Tracker OSP-27328 0 None None None 2023-08-09 06:39:03 UTC

Description Yadnesh Kulkarni 2023-06-08 05:23:38 UTC 
+++ This bug was initially created as a clone of Bug #2169303 +++

Description of problem:

Currently we have two methods to make ceilometer to poll ipmi namespace.
 1) Use ceilometer-polling and enable ipmi namespace
 2) Use ceilometer-ipmi and use that specific service

However sudoers is installed only for 2 and this causes the following failure in case 1 is used.

example:
https://86528e56a845f286885c-ddf4c57eb5e1f9e1a36bd74aa5f4e0cd.ssl.cf5.rackcdn.com/873444/2/check/puppet-openstack-integration-7-scenario001-tempest-centos-9-stream/7b8abc8/logs/ceilometer/polling.txt
~~~
2023-02-13 03:09:48.050 105607 INFO oslo.privsep.daemon [-] Running privsep helper: ['sudo', 'ceilometer-rootwrap', '/etc/ceilometer/rootwrap.conf', 'privsep-helper', '--privsep_context', 'ceilometer.privsep.sys_admin_pctxt', '--privsep_sock_path', '/tmp/tmpk6fsgjez/privsep.sock']
2023-02-13 03:09:48.078 105607 WARNING oslo.privsep.daemon [-] privsep log: 
2023-02-13 03:09:48.079 105607 WARNING oslo.privsep.daemon [-] privsep log: We trust you have received the usual lecture from the local System
2023-02-13 03:09:48.079 105607 WARNING oslo.privsep.daemon [-] privsep log: Administrator. It usually boils down to these three things:
2023-02-13 03:09:48.079 105607 WARNING oslo.privsep.daemon [-] privsep log: 
2023-02-13 03:09:48.079 105607 WARNING oslo.privsep.daemon [-] privsep log:     #1) Respect the privacy of others.
2023-02-13 03:09:48.079 105607 WARNING oslo.privsep.daemon [-] privsep log:     #2) Think before you type.
2023-02-13 03:09:48.079 105607 WARNING oslo.privsep.daemon [-] privsep log:     #3) With great power comes great responsibility.
2023-02-13 03:09:48.080 105607 WARNING oslo.privsep.daemon [-] privsep log: 
2023-02-13 03:09:48.133 105607 WARNING oslo.privsep.daemon [-] privsep log: sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
2023-02-13 03:09:48.134 105607 WARNING oslo.privsep.daemon [-] privsep log: sudo: a password is required
2023-02-13 03:09:48.137 105607 CRITICAL oslo.privsep.daemon [-] privsep helper command exited non-zero (1)
~~~


How reproducible:

Always

Steps to Reproduce:
1. Start ceilometer-polling with ipminamespace enabled
2. Check polling.log

Actual results:
It fails to run the rootwrap command

Expected results:
It succeeds to run the rootwrap command
Note You need to log in before you can comment on or make changes to this bug.