Telegraf permissions for haproxy socket

telegraf

#1

I was having the same problem as listed on this closed issue: https://github.com/influxdata/telegraf/issues/2307

After reading the response on that issue I looked at the permissions for the haproxy socket. This is what I saw:

$ ll /var/run/haproxy/
srwxr-xr-x  1 root    haproxy   0 Jan 21 18:06 socket=

It is world readable. Should be good, right? Apparently not.

I decided to sudo chmod 777 /var/run/haproxy/socket and reloaded telegraf. That worked. It appears that telegraf wants write permissions on the socket. Why is that?

How are others giving adequate access to socket files? Adding the telegraf user to the service group?


#2

I just came across this documentation which indicates the following:

On Linux, connecting to a stream socket object requires write permission on that socket;

I guess this means if I want telegraf to connect to any local sockets, they will need to be writeable by the telegraf user.


#3

Telegraf also writes the show stat command to the socket. It should be possible to set the mode of the socket as a parameter to the stats socket option. If you could test this out then I’ll add it to the plugin documentation.


#4

Just out of curiosity, why are you using HAProxy stats via socket instead of the http endpoint. I have found it to work more reliably that way. You can assign it to just localhost and put basic auth on it if you need to protect the stats


#5

@daniel Thanks for the info, I will look into that.

@Esity This is just research at the moment. With telegraf running on the server in question, seems easier just to query the socket. Whereas if we are running telegraf remotely, hitting the http endpoints is the obvious choice. Of course, http works fine either way. You are saying that you have found the http endpoint to be more reliable than the socket?