From b8cbf0f6be259f6437e08eba24b1912f3e20c372 Mon Sep 17 00:00:00 2001
From: Raphael Druon <rdruon@ddn.com>
Date: Wed, 2 Aug 2023 08:41:06 -0600
Subject: [PATCH] Use sudoers file to allow prometheus user to run lnetctl

---
 debian/install          | 1 +
 debian/rules            | 1 +
 lustrefs_exporter.spec  | 3 +++
 src/main.rs             | 8 ++++----
 sudoers_file/prometheus | 1 +
 5 files changed, 10 insertions(+), 4 deletions(-)
 create mode 100644 sudoers_file/prometheus

diff --git a/debian/install b/debian/install
index e979f90..3b80148 100644
--- a/debian/install
+++ b/debian/install
@@ -1 +1,2 @@
 /usr/bin/prometheus-lustrefs-exporter
+/etc/sudoers.d/prometheus
\ No newline at end of file
diff --git a/debian/rules b/debian/rules
index df7d1de..53b6bae 100755
--- a/debian/rules
+++ b/debian/rules
@@ -15,6 +15,7 @@ override_dh_auto_build:
 override_dh_auto_install:
 	install -v -d debian/tmp/usr/bin
 	install -v -T target/release/lustrefs-exporter debian/tmp/usr/bin/prometheus-lustrefs-exporter
+	install -v -T sudoers_file/prometheus debian/tmp/etc/sudoers.d/prometheus
 
 
 override_dh_auto_clean:
diff --git a/lustrefs_exporter.spec b/lustrefs_exporter.spec
index e413e22..7b29c32 100644
--- a/lustrefs_exporter.spec
+++ b/lustrefs_exporter.spec
@@ -19,14 +19,17 @@ cargo build --release
 %install
 install -v -d %{buildroot}%{_bindir}
 install -v -d %{buildroot}%{_unitdir}
+install -v -d %{buildroot}%{_sysconfdir}/sudoers.d/
 install -v -m 0644 lustrefs_exporter.service %{buildroot}%{_unitdir}
 install -v target/release/lustrefs-exporter %{buildroot}%{_bindir}
+install -v -m 0644 sudoers_file/prometheus %{buildroot}%{_sysconfdir}/sudoers.d/
 %{__ln_s} lustrefs-exporter %{buildroot}%{_bindir}/lustrefs_exporter
 
 %files
 %{_bindir}/lustrefs-exporter
 %{_bindir}/lustrefs_exporter
 %{_unitdir}/lustrefs_exporter.service
+%{_sysconfdir}/sudoers.d/prometheus
 
 %pre
 getent group prometheus >/dev/null || groupadd -r prometheus
diff --git a/src/main.rs b/src/main.rs
index e73b0a0..01ad362 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -36,8 +36,8 @@ async fn main() {
         let mut lctl_output = parse_lctl_output(&lctl.stdout)?;
         output.append(&mut lctl_output);
 
-        let lnetctl = Command::new("lnetctl")
-            .args(["net", "show", "-v", "4"])
+        let lnetctl = Command::new("sudo")
+            .args(["lnetctl", "net", "show", "-v", "4"])
             .kill_on_drop(true)
             .output()
             .await?;
@@ -46,8 +46,8 @@ async fn main() {
         let mut lnetctl_output = parse_lnetctl_output(lnetctl_stats)?;
         output.append(&mut lnetctl_output);
 
-        let lnetctl_stats_output = Command::new("lnetctl")
-            .args(["stats", "show"])
+        let lnetctl_stats_output = Command::new("sudo")
+            .args(["lnetctl", "stats", "show"])
             .kill_on_drop(true)
             .output()
             .await?;
diff --git a/sudoers_file/prometheus b/sudoers_file/prometheus
new file mode 100644
index 0000000..ae9ef05
--- /dev/null
+++ b/sudoers_file/prometheus
@@ -0,0 +1 @@
+prometheus ALL=(ALL) NOPASSWD: /usr/sbin/lnetctl
\ No newline at end of file