[Feature Request] ipmitool - Option to select Session Privilege

[runningAgain]

On systems with lanplus interfaces ipmi plugin doesnt work

Steps to reproduce:

1. run telegraf -test with configured ipmi section
2. Error: E! run /bin/ipmitool ipmitool -H xxx.xxx.xx.xx -U myuser -P mypassword -I lanplus sdr: Set Session Privilege Level to ADMINISTRATOR failed: Unknown (0x81) Error: Unable to establish IPMI v2 / RMCP+ session (exit status 1)
3. If i run the command with the privilege option -L User then command is successfull. Whole commandline is .... ipmitool -H xxx.xxx.xx.xx -U myuser -P mypassword -I lanplus -L User sdr

[sparrc]

it will work, but you need to give it credentials for an admin user.

do you need the option to run the ipmi plugin with "USER" privileges?

[runningAgain]

Hello again, yes i can use the admin account but a read only user account is better because the plain text password inside the configuration. However, a option to use the "privilege" option "-L User" is helpfull and a nice feature.

[Stefan-Code]

I was about to open the same issue. This would really be a nice feature to have, because from a security perspective it doesn't really make sense to let telegraf access IPMI with admin privileges.

[duckman]

Just for reference if anyone is interested in setting a user up for this: https://www.thomas-krenn.com/en/wiki/Configuring_IPMI_under_Linux_using_ipmitool#User_Configuration

[artbird309]

I really would like to get this added, I tried every combination in the config file to get the "-L user" to it added when the command is executed and it was too smart and would error out.

I really do not want my monitoring user to be have admin privileges due to the password being plain text in config and all the logs. With admin privileges you can turn on and off my server remotely.