Prometheus , BlackBox exporter ICMP issue
822 views
Skip to first unread message
Ara Hatamzade Niazi
Oct 3, 2019, 4:03:41 PM10/3/19
to Prometheus Users
Hello everyone i would like to get some help on my issue when i try to do ICMP check with blackbox_exporter from response i get this Error massge this is the hole respoense i get
Logs for the probe: ts=2019-10-03T20:01:59.785520103Z caller=main.go:118 module=icmp_ipv4 target=www.google.com level=info msg="Beginning probe" probe=icmp timeout_seconds=4.5 ts=2019-10-03T20:01:59.785636018Z caller=utils.go:42 module=icmp_ipv4 target=www.google.com level=info msg="Resolving target address" ip_protocol=ip4 ts=2019-10-03T20:01:59.786451866Z caller=utils.go:75 module=icmp_ipv4 target=www.google.com level=info msg="Resolved target address" ip=173.194.222.103 ts=2019-10-03T20:01:59.786498662Z caller=icmp.go:99 module=icmp_ipv4 target=www.google.com level=info msg="Creating socket" ts=2019-10-03T20:01:59.786532589Z caller=icmp.go:123 module=icmp_ipv4 target=www.google.com level=error msg="Error listening to socket" err="listen ip4:icmp 0.0.0.0: socket: operation not permitted" ts=2019-10-03T20:01:59.786561338Z caller=main.go:131 module=icmp_ipv4 target=www.google.com level=error msg="Probe failed" duration_seconds=0.000982561 Metrics that would have been returned: # HELP probe_dns_lookup_time_seconds Returns the time taken for probe dns lookup in seconds # TYPE probe_dns_lookup_time_seconds gauge probe_dns_lookup_time_seconds 0.000833454 # HELP probe_duration_seconds Returns how long the probe took to complete in seconds # TYPE probe_duration_seconds gauge probe_duration_seconds 0.000982561 # HELP probe_icmp_duration_seconds Duration of icmp request by phase # TYPE probe_icmp_duration_seconds gauge probe_icmp_duration_seconds{phase="resolve"} 0.000833454 probe_icmp_duration_seconds{phase="rtt"} 0 probe_icmp_duration_seconds{phase="setup"} 0 # HELP probe_ip_protocol Specifies whether probe ip protocol is IP4 or IP6 # TYPE probe_ip_protocol gauge probe_ip_protocol 4 # HELP probe_success Displays whether or not the probe was a success # TYPE probe_success gauge probe_success 0 Module configuration: prober: icmp timeout: 5s http: ip_protocol_fallback: true tcp: ip_protocol_fallback: true icmp: preferred_ip_protocol: ip4 ip_protocol_fallback: true dns: ip_protocol_fallback: true
ps i Would like to know what dose mean this msg msg="Error listening to socket" err="listen ip4:icmp 0.0.0.0: socket: operation not permitted" the most beacuse i think its not my issue its from google
Christian Hoffmann
Oct 3, 2019, 4:15:08 PM10/3/19
to Ara Hatamzade Niazi, Prometheus Users
Hi,
On 10/3/19 10:03 PM, 'Ara Hatamzade Niazi' via Prometheus Users wrote:
> Hello everyone i would like to get some help on my issue when i try to
> do ICMP check with blackbox_exporter from response i get this Error
> massge this is the hole respoense i get
>
[...]
permissions as described here?
https://github.com/prometheus/blackbox_exporter#permissions
Kind regards,
Christian
On 10/3/19 10:03 PM, 'Ara Hatamzade Niazi' via Prometheus Users wrote:
> Hello everyone i would like to get some help on my issue when i try to
> do ICMP check with blackbox_exporter from response i get this Error
> massge this is the hole respoense i get
>
> ts=2019-10-03T20:01:59.786532589Z caller=icmp.go:123 module=icmp_ipv4 target=www.google.com level=error msg="Error listening to socket" err="listen ip4:icmp 0.0.0.0: socket: operation not permitted"
[...]
> ps i Would like to know what dose mean this msg msg="Error listening to socket" err="listen ip4:icmp 0.0.0.0: socket: operation not permitted" the most beacuse i think its not my issue its from google
Can you confirm that you gave blackbox_exporter the necessary
permissions as described here?
https://github.com/prometheus/blackbox_exporter#permissions
Kind regards,
Christian
Ara Hatamzade Niazi
Oct 3, 2019, 4:39:08 PM10/3/19
to Prometheus Users
Hi there Christian . yes i have done whats says in the link and still same resoult is there a way to check if the premition was granted or any other solution you know ?
Christian Hoffmann
Oct 3, 2019, 5:10:27 PM10/3/19
to Ara Hatamzade Niazi, Prometheus Users
To verify if blackbox_exporter is running as root, check the process
list (or: $ grep Uid /proc/$(pidof blackbox_exporter)/status # it should
return 0).
To verify that the setcap call was effective, try this:
$ grep Cap /proc/$(pidof blackbox_exporter)/status
Or try using pscap.
To be honest, I have not experience regarding capabilities. In a quick
test, I was not able to make the relevant capability show up there.
Kind regards,
Christian
Christian Hoffmann
Oct 3, 2019, 5:31:12 PM10/3/19
to Ara Hatamzade Niazi, Prometheus Users
On 10/3/19 11:10 PM, Christian Hoffmann wrote:
> To be honest, I have not experience regarding capabilities. In a quick
> test, I was not able to make the relevant capability show up there.
Found out why:
> To be honest, I have not experience regarding capabilities. In a quick
> test, I was not able to make the relevant capability show up there.
I tried it in /tmp which is mounted with nosuid. This also seems to
prevent capabilities to be ignored.
Once moving my tests to another file system which with suid allowed,
both blackbox_exporter's ping check worked and the grep/pscap returned
the expected results.
So I suggest you verify the same: Ensure that you've placed the
blackbox_exporter binary on a regular file system without nosuid (if you
chose the setcap way).
Kind regards,
Christian
Reply all
Reply to author
Forward
0 new messages