nixos/telegraf: Missing path for `smartctl` (from the `smartmontools` package)

caldwell commented 1 year ago

Describe the bug

I added the smart input plugin to telegraf in nixos:

  services.telegraf.enable = true;
  services.telegraf.extraConfig = {
    outputs = {
      ...snip...
    };
    inputs = {
      cpu = { };
      disk = { };
      diskio = { };
      kernel = { };
      mem = { };
      processes = { };
      smart = { };
      swap = { };
      system = { };
      net = { };
    };
  };

The telegraf systemd service fails to start, giving this error in the journal:

Nov 26 09:18:43 la telegraf[2404903]: 2023-11-26T17:18:43Z E! [telegraf] Error running agent: could not initialize input inputs.smart: smartctl not found: verify that smartctl is installed and it is in your PATH (or specified in config): provided path does not exist: []
Nov 26 09:18:43 la systemd[1]: telegraf.service: Main process exited, code=exited, status=1/FAILURE
Nov 26 09:18:43 la systemd[1]: telegraf.service: Failed with result 'exit-code'.
Nov 26 09:18:43 la systemd[1]: telegraf.service: Scheduled restart job, restart counter is at 5.
Nov 26 09:18:43 la systemd[1]: Stopped Telegraf Agent.
Nov 26 09:18:43 la systemd[1]: telegraf.service: Start request repeated too quickly.
Nov 26 09:18:43 la systemd[1]: telegraf.service: Failed with result 'exit-code'.
Nov 26 09:18:43 la systemd[1]: Failed to start Telegraf Agent.

It appears as if the path is not being set up right when smart is enabled.

I found this discussion and was able adapt the workaround mentioned there:

  systemd.services.telegraf.path = with pkgs; [
    smartmontools
  ];

Expected behavior

It would be nicer if it automatically added the path when the user enables the smart input plugin. Something like #256928.

Notify maintainers

@mic92 @roblabla @timstott @zowoq

Metadata

[user@system:~]$ nix-shell -p nix-info --run "nix-info -m"
 - system: `"x86_64-linux"`
 - host os: `Linux 5.10.113, NixOS, 21.11 (Porcupine)`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.3.16`
 - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos`

Priorities

Add a :+1: reaction to issues you find important.

Mic92 commented 1 year ago

The same trick wouldn't not be very useful because smartctl needs extended capabilities: https://github.com/nix-community/srvos/pull/303

caldwell commented 1 year ago

True. I ended up also having to do:

  systemd.services.telegraf.path = with pkgs; [
    smartmontools "/run/wrappers"
  ];
  security.sudo.configFile = ''
    telegraf ALL=(root:root) NOPASSWD: ${pkgs.smartmontools}/bin/smartctl
  '';

to get it fully working. But your wrapper with the direct capabilities looks much nicer. Is there any chance of getting that into main nixos? I'm not familiar with the srvos project…

Mic92 commented 1 year ago

True. I ended up also having to do:
  systemd.services.telegraf.path = with pkgs; [
    smartmontools "/run/wrappers"
  ];
  security.sudo.configFile = ''
    telegraf ALL=(root:root) NOPASSWD: ${pkgs.smartmontools}/bin/smartctl
  '';
to get it fully working. But your wrapper with the direct capabilities looks much nicer. Is there any chance of getting that into main nixos? I'm not familiar with the srvos project…

Sure. Just open a nixpkgs PR. I will drop it from srvos than.

stackcoder commented 6 days ago

The current implementation in srvos allows everyone (= other) to execute smartctl. Please consider limiting the permissions e.g. permissions = "u=x,g=x,o="; before integrating the wrapper in nixpkgs.

NixOS / nixpkgs