How to avoid vgdisplay sudo rights error messages on hyps


Since some time ago we have detected from our hyps secure logs several error messages like this:

2016-01-26T09:39:02.796813+01:00 hyp101 sudo: oneadmin : command not allowed ; TTY=unknown ; PWD=/var/tmp/one/im/kvm-probes.d ; USER=root ; COMMAND=/sbin/vgdisplay --separator : --units m -o vg_size,vg_free --nosuffix --noheadings -C vg-one-0

We only have a Ceph datastore, there is no FS LVM Datastore configured in our system but the kvm probes are still trying to check this (and sudo command fails).

How we can avoid these error messages from kvm-probes? Is this the expected behaviour or something is misconfigured?

Cheers and thanks!

Hi Álvaro Simón,

The vgdisplay is called from /var/tmp/one/im/kvm-probes.d/ which is (IMO) a little bit messy.

It is expecting the vgdisplay to be called from a non-root user (oneadmin) with sudo.

Another option is to tweak the test for vgdisplay check to fail always. Edit /var/tmp/one/im/kvm-probes.d/ and replace(somewhere close to the 9-th row)

PATH=$PATH:/sbin:/bin:/usr/sbin:/usr/bin which vgdisplay &> /dev/null


PATH=$PATH:/sbin:/bin:/usr/sbin:/usr/bin which vgdisplay.enabled &> /dev/null

if you want to enable the lvm check for any reason just create symlink from vgdislay to vgdisplay.enabled :slightly_smiling:

Kind Regards,
Anton Todorov

Hi Anton

Thanks for the workaround! :slightly_smiling: in any case monitor_ds should perform some check only if that kind of datastore is available and configured in the system…


I agrree this could be improved. Any suggestions?

Hi @jmelis

I was thinking about it, I didn’t check if is possible yet but maybe we can use the same mechanism that tm scripts, parsing in this case onedatastore list -x output from monitor_ds without trying anything else before…
In this case we are looking for any:


and run the desired tests only if the TM_MAD value is available in our conf, if not we avoid any undesired probe execution, this will also valid for any other specific datastore check.

As I said I didn’t try this yet, I think that I should use :
XPATH="${DRIVER_PATH}/../../datastore/xpath.rb --stdin"
to parse the XML output from monitor_ds bash script…

What do you think about this change? do you have another idea?

Cheers and thanks!