I upgraded my test cluster from sys-cluster/ceph-14.2.21-r2 to sys-cluster/ceph-16.2.4-r2 yesterday. Today, I received three e-mails from every OSD node in this cluster: Subject: *** SECURITY information for backup1 *** From: ceph@backup1.komensky.sk Date: 24. 7. 2021, 2:01 To: root@backup1.komensky.sk backup1 : Jul 24 00:01:26 : ceph : user NOT in sudoers ; PWD=/ ; USER=root ; COMMAND=/usr/sbin/smartctl -x --json=o /dev/sda Subject: *** SECURITY information for backup1 *** From: ceph@backup1.komensky.sk Date: 24. 7. 2021, 2:01 To: root@backup1.komensky.sk backup1 : Jul 24 00:01:29 : ceph : user NOT in sudoers ; PWD=/ ; USER=root ; COMMAND=/usr/sbin/nvme st8000vn004-2m2101 smart-log-add --json /dev/sda Subject: *** SECURITY information for backup1 *** From: ceph@backup1.komensky.sk Date: 24. 7. 2021, 2:01 To: root@backup1.komensky.sk backup1 : Jul 24 00:01:53 : ceph : user NOT in sudoers ; PWD=/ ; USER=root ; COMMAND=/usr/sbin/smartctl -x --json=o /dev/sdb After some digging in ceph documentation, it seems that there should be a sudoers file installed in /etc/sudoers.d/ceph for ceph user (since ceph version 15): https://docs.ceph.com/en/octopus/rados/deployment/preflight-checklist/#create-a-user Reproducible: Always Steps to Reproduce: 1. install latest stable ceph 2. let it run 3. wait for security alert from sudo Actual Results: ceph attempts to sudo and it is denied, then an alert is sent to administrator Expected Results: ceph should be able to run at least smartctl and nvme commands
this seems to be the relevant file: https://github.com/ceph/ceph/blob/master/sudoers.d/ceph-osd-smartctl
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7da3a597a4b8d0f09e3e68bde8135ad4f8bee14b commit 7da3a597a4b8d0f09e3e68bde8135ad4f8bee14b Author: Patrick McLean <chutzpah@gentoo.org> AuthorDate: 2021-09-17 00:06:53 +0000 Commit: Patrick McLean <chutzpah@gentoo.org> CommitDate: 2021-09-17 01:20:44 +0000 sys-cluster/ceph-16.2.6: Version bump Closes: https://bugs.gentoo.org/797622 Closes: https://bugs.gentoo.org/797622 Closes: https://bugs.gentoo.org/803947 Closes: https://bugs.gentoo.org/803629 Closes: https://bugs.gentoo.org/797598 Closes: https://bugs.gentoo.org/795807 Package-Manager: Portage-3.0.23, Repoman-3.0.3 Signed-off-by: Patrick McLean <chutzpah@gentoo.org> sys-cluster/ceph/Manifest | 1 + sys-cluster/ceph/ceph-16.2.6.ebuild | 459 ++++++++++++++++++++++++++++++++++++ 2 files changed, 460 insertions(+)