Smartctl exporter

Nosirus · May 12, 2022, 1:11pm

Hello,
I’m stuck on a problem.
How to use the smartctl exporter? When I include it in “node” it crashes the service.

If I add it in its own exporter, it has no access to the disks
Are there any special rights to be granted?

thank you for your help!

hexa · May 12, 2022, 1:51pm

  services.prometheus.exporters.smartctl = {
    enable = true;
  };

  services.udev.extraRules = ''
    SUBSYSTEM=="nvme", KERNEL=="nvme[0-9]*", GROUP="disk"
  '';

The udev rule is to allow access to the raw nvme device to the disks group, should you have any, which is what the exporter automatically discovers.

github.com/nixos/nixpkgs

prometheus.exporters.smartctl: Fix autodiscovery

committed 12:37PM - 27 Jan 22 UTC

mweinelt

+11 -2

When no devices are given the exporter tries to autodiscover available disks. Th…e previous DevicePolicy was however preventing the exporter from accessing any device at all, since only explicitly mentioned ones were allowed. This commit adds an allow rule for several device classes that I could find on my machines, that gets set when no devices are explicitly configured. There is an existing problem with nvme devices, that expose a character device at `/dev/nvme0`, and a (namespaced) block device at `/dev/nvme0n1`. The character device does not come with permissions that we could give to the exporter without further impacting the hardening. crw------- 1 root root 247, 0 27. Jan 03:10 /dev/nvme0 brw-rw---- 1 root disk 259, 0 27. Jan 03:10 /dev/nvme0n1 The autodiscovery only finds the character device, which the exporter unfortunately does not have access to. However a simple udev rule can be used to resolve this: services.udev.extraRules = '' SUBSYSTEM=="nvme", KERNEL=="nvme[0-9]*", GROUP="disk" ''; Unfortunately I'm not fully aware of the security implications this change carries and we should question upstream (systemd) why they did not include such a rule. The disk group has no members on any of my machines. ❯ getent group disk disk:x:6:

Nosirus · May 15, 2022, 7:00pm

interesting, unfortunately I don’t have the access authorization.

mai 15 20:53:38 cobblepot systemd[1]: Started prometheus-smartctl-exporter.service.
mai 15 20:53:38 cobblepot smartctl_exporter[3862540]: [Warning] S.M.A.R.T. output reading error: exit status 2
mai 15 20:53:38 cobblepot smartctl_exporter[3862540]: [Warning] The device error log contains records of errors.
mai 15 20:53:38 cobblepot smartctl_exporter[3862540]: [Error] Smartctl open device: /dev/nvme0n1 failed: Operation not permitted
mai 15 20:53:38 cobblepot smartctl_exporter[3862540]: [Error] smartctl returned bad data for device /dev/nvme0n1
mai 15 20:53:38 cobblepot smartctl_exporter[3862540]: [Info] Starting on 0.0.0.0:9633/metrics

Do I have to create special rights?
My disks sda,sdb etc… and my disk nvme are in right root:disk

Nosirus · May 17, 2022, 4:25pm

I tried to change the rights of the disks or the smartctl exporter unfortunately nothing helps

“Operation not permitted”