[SERVER-11466] SNMP: snmpd restart always reowns unix socket to inaccessible ownership Created: 29/Oct/13  Updated: 27/Oct/15  Resolved: 30/Oct/13

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: 2.5.3
Fix Version/s: 2.5.4

Type: Bug Priority: Major - P3
Reporter: John Morales Assignee: James Wahlin
Resolution: Done Votes: 0
Labels: 26qa
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:
  • 2.5.4-pre Enterprise Ubuntu 12.04
  • Build version: enterprise-97c3a3d2b487e9376d484d33ede2895e379a3033-2013-10-29

Issue Links:
Depends
depends on DOCS-2153 SNMP config file split in 2.6 Closed
Related
related to SERVER-11147 Split SNMP config to separate master ... Closed
Operating System: ALL
Steps To Reproduce:
  1. Install pre-req packages for SNMP.
  2. Edit /etc/snmpd/snmpd.conf to be standard SNMP master over UDP using unix socket at /tmp/agentx/master

    agentAddress udp:127.0.0.1:1161
    master agentx
    AgentXSocket /tmp/agentx/master

  3. Copy mongod.conf.subagent to /etc/snmp/mongod.conf, which specifies unix domain socket.
  4. Restart snmpd: /etc/init.d/snmpd restart
  5. Start a mongod as a SNMP subagent.

Example startup command:

./bin/mongod --replSet rs --snmp-subagent --port 27017 --fork --dbpath data/noauth-rs-0/ --logpath logs/noauth-rs-0/mongod.log --smallfiles --nohttpinterface

Participants:

 Description   

The new mongod.conf.subagent uses a UNIX socket definition of:

agentXSocket /tmp/agentx/master

On Ubuntu Server 12.04, This causes a directory structure permission/ownership as follows:

$ sudo ls -alh /tmp/agentx/
total 8.0K
drwx------ 2 root root 4.0K Oct 30 13:29 .
drwxrwxrwt 3 root root 4.0K Oct 30 13:29 ..
srwxr-xr-x 1 root root    0 Oct 30 13:29 master
$

Note that the /tmp/agentx is only user visible, and everything is owned by root. The more unexpected behavior, however, is that the permissions and ownership of the socket file are always reset back to root ownership and only user-writeable.

$ ls -lha /tmp/agentx/
total 8.0K
drwx------ 2 ubuntu ubuntu 4.0K Oct 30 13:17 .
drwxrwxrwt 3 root   root   4.0K Oct 30 13:17 ..
srwxrwxr-x 1 ubuntu ubuntu    0 Oct 30 13:17 master
ubuntu@ip-10-239-24-41:~/mongodb$ sudo /etc/init.d/snmpd restart
 * Restarting network management services:                                                                                                                                                                                                                            ubuntu@ip-10-239-24-41:~/mongodb$ ls -lha /tmp/agentx/
total 8.0K
drwx------ 2 ubuntu ubuntu 4.0K Oct 30 13:19 .
drwxrwxrwt 3 root   root   4.0K Oct 30 13:17 ..
srwxr-xr-x 1 root   root      0 Oct 30 13:19 master

This implies that the mongod running as a subagent will not be able to communicate through the UNIX socket.

The SNMP doc describes additional parameters (agentXPerms) to control the permission/ownership, so perhaps a documentation-only change. But also might be worth mentioning as a comment in the mongod.conf.subagent file itself.
http://net-snmp.sourceforge.net/docs/man/snmpd.conf.html



 Comments   
Comment by James Wahlin [ 30/Oct/13 ]

No subagent config change required. It is the agent that defines permissions on the domain socket used to talk to the subagent. The documentation change made under DOCS-2153 will address.

Comment by Eric Milkie [ 30/Oct/13 ]

Answering my own question: it doesn't matter if the master is mongod or snmpd, we need this line in the subagent config.

Comment by Eric Milkie [ 30/Oct/13 ]

Is this true even if you are running the three mongod's on separate machines, as in a real deployment?

Generated at Thu Feb 08 03:25:51 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.