search

letsencrypt / unbound_exporter

A Prometheus exporter for Unbound.
Apache License 2.0
179 stars 80 forks source link

Panic occurs for using Unix sockets #62

Open lamchakchan opened 1 year ago

lamchakchan commented 1 year ago

Description

When trying unix socket for the remote-control interface, the exporter has no way to be configured to input the unix socket address without a panic. Looks the the use of Parse() from net/url fails to recognize the scheme for a target of unix:///var/run/unbound/control.sock.

Unbound Configuration

server:
    ...
remote-control:
    control-enable: yes
    control-use-cert: no
    control-interface: "/var/run/unbound/control.sock"

Command

unbound-exporter -unbound.host unix:///var/run/unbound/control.sock

Error

level=info ts=2023-10-30T21:31:55.062Z caller=unbound_exporter.go:509 Startingunbound_exporter=(MISSING)
panic: open /etc/unbound/unbound_server.pem: no such file or directory

goroutine 1 [running]:
main.main()
jpds commented 1 year ago

@lamchakchan You need to disable the default TLS options - otherwise it tries to find those and then tries to securely connect to the socket: https://github.com/letsencrypt/unbound_exporter/blob/main/unbound_exporter.go#L398

lamchakchan commented 1 year ago

Does this mean I need to call unbound-exporter like this?

unbound-exporter -unbound.host unix:///var/run/unbound/control.sock -unbound.ca="" -unbound.key="" -unbound.cert=""

lamchakchan commented 1 year ago

Shouldn't this bypass the loading of the certs?

I'm confused on why u.Scheme == "unix" condition isn't triggering. Do I need to pass a different socket path format to -unbound.host