OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • [SOLVED] collectd network plugin is missing encryption support
« previous next »
  • Print
Pages: [1]

Author Topic: [SOLVED] collectd network plugin is missing encryption support  (Read 6077 times)

deviantintegral

  • Newbie
  • *
  • Posts: 27
  • Karma: 1
    • View Profile
[SOLVED] collectd network plugin is missing encryption support
« on: May 10, 2017, 07:40:51 pm »
collectd has been broken for the past week, as the network plugin is no longer linked to libgcrypt and libgpg-error.

Code: [Select]
May 10 13:22:32 blackbox collectd[32863]: network plugin: Option `SecurityLevel' is not allowed here.
May 10 13:22:32 blackbox collectd[32863]: network plugin: Option `Username' is not allowed here.
May 10 13:22:32 blackbox collectd[32863]: network plugin: Option `Password' is not allowed here.

I manually installed collectd 5.7.0 from 16.7 as I couldn't find prior builds for 17.1. That version has:

Code: [Select]
root@blackbox:/tmp # ldd /usr/local/lib/collectd/network.so
/usr/local/lib/collectd/network.so:
libgcrypt.so.20 => /usr/local/lib/libgcrypt.so.20 (0x3482980b000)
libgpg-error.so.0 => /usr/local/lib/libgpg-error.so.0 (0x34829b1d000)
libc.so.7 => /lib/libc.so.7 (0x34828dfa000)

And in the latest 5.7.1 release:

Code: [Select]
root@blackbox:/usr/local/etc # ldd /usr/local/lib/collectd/network.so
/usr/local/lib/collectd/network.so:
libc.so.7 => /lib/libc.so.7 (0x205546c4000)

For now, I've locked the older package, though if there's prior builds actually against 17.1 I can install that would be better. Or, is there a way to simply blacklist the specific release of collectd, so when a new (presumably fixed) version is out it will be upgraded to automatically?
« Last Edit: July 04, 2017, 04:04:18 pm by franco »
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13679
  • Karma: 1176
    • View Profile
Re: collectd network plugin is missing encryption support
« Reply #1 on: May 11, 2017, 04:05:22 pm »
Oops, look like this was never supposed to be working. We changed the build to do isolated runs like FreeBSD does, it looks like collectd has unregistered dependencies that fail now. Let's investigate. :)


Cheers,
Franco
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13679
  • Karma: 1176
    • View Profile
Re: collectd network plugin is missing encryption support
« Reply #2 on: May 11, 2017, 04:07:32 pm »
PS: This one should still work:

# opnsense-revert -r 17.1.4 collectd5


https://github.com/opnsense/ports/issues/41
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13679
  • Karma: 1176
    • View Profile
Re: collectd network plugin is missing encryption support
« Reply #3 on: May 11, 2017, 04:24:57 pm »
scratch that, also looks problematic
Logged

deviantintegral

  • Newbie
  • *
  • Posts: 27
  • Karma: 1
    • View Profile
Re: collectd network plugin is missing encryption support
« Reply #4 on: May 18, 2017, 10:45:50 pm »
Turns out that running the build from 16.7 didn't throw any errors, but did send wrong data in the networking plugin. Following https://forum.opnsense.org/index.php?topic=2004 I installed collectd from ports and crypt support is working fine.
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13679
  • Karma: 1176
    • View Profile
Re: collectd network plugin is missing encryption support
« Reply #5 on: May 22, 2017, 08:54:48 am »
I've added this to the build for the upcoming 17.1.8:

https://github.com/opnsense/tools/commit/2160deb86

I'm not sure it'll solve the issue as simply rebuilding in place doesn't change that option, but it would bring the build closer to how it looked like when you reported it.

Do you have libgcrypt manually installed? What does ldd say now for your port-build collectd5?


Cheers,
Franco
Logged

deviantintegral

  • Newbie
  • *
  • Posts: 27
  • Karma: 1
    • View Profile
Re: collectd network plugin is missing encryption support
« Reply #6 on: May 22, 2017, 02:24:38 pm »
Here's ldd after install:

Code: [Select]
root@blackbox:/usr/ports/net-mgmt/collectd5 # ldd /usr/local/sbin/collectd������ /usr/local/sbin/collectd:
        libm.so.5 => /lib/libm.so.5 (0x3442ba34000)
        libthr.so.3 => /lib/libthr.so.3 (0x3442bc5f000)
        libstatgrab.so.10 => /usr/local/lib/libstatgrab.so.10 (0x3442be87000)
        libdevstat.so.7 => /lib/libdevstat.so.7 (0x3442c099000)
        libltdl.so.7 => /usr/local/lib/libltdl.so.7 (0x3442c29f000)
        libc.so.7 => /lib/libc.so.7 (0x3442af14000)
        libkvm.so.7 => /lib/libkvm.so.7 (0x3442c4a8000)
        libelf.so.2 => /lib/libelf.so.2 (0x3442c6b7000)

You're right, there is no gcrypt support (nor shown in pkg info as well). However, encryption support is working fine. Perhaps there's multiple libraries it can use to support it, but I'm not finding anything obvious. I'd probably lean towards enabling gcrypt just to match what previous builds did.

I have a cron job for a nightly firmware upgrade. It looks like collectd has been replaced by the binary version on me from the repos. I thought I locked the package after install, but perhaps I didn't. Is there anything else to do when installing ports to keep them in place?
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13679
  • Karma: 1176
    • View Profile
Re: collectd network plugin is missing encryption support
« Reply #7 on: May 22, 2017, 03:42:22 pm »
Locking the package is the best bet. But the lock will be lifted when major upgrades (not minor, so for e.g. 17.7) are performed (opnsense-update) or when packages are reverted to their upstream equivalent (opnsense-revert).

Check back when 17.1.8 hits to see what we can do to fix this still of not working as expected then. :)


Thanks,
Franco
Logged

deviantintegral

  • Newbie
  • *
  • Posts: 27
  • Karma: 1
    • View Profile
Re: collectd network plugin is missing encryption support
« Reply #8 on: May 24, 2017, 03:15:30 pm »
Of course, the above ldd paste was on the colletctd binary, not network.so :(

libgcrypt is in the network plugin, using the default build options:

Code: [Select]
root@blackbox:~ # ldd /usr/local/lib/collectd/network.so
/usr/local/lib/collectd/network.so:
libgcrypt.so.20 => /usr/local/lib/libgcrypt.so.20 (0x2e31a0b000)
libgpg-error.so.0 => /usr/local/lib/libgpg-error.so.0 (0x2e31d1d000)
libc.so.7 => /lib/libc.so.7 (0x2e3102c000)
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13679
  • Karma: 1176
    • View Profile
Re: collectd network plugin is missing encryption support
« Reply #9 on: May 24, 2017, 08:14:04 pm »
I missed this was network.so, sorry. But in any case it can only build against libgcrypt if it was installed, default configuration or not, because it automatically picks it up like it did before. That's not true anymore for the build system, but that also means flipping on GCRYPT option should make this work again in 17.1.8. :)


Cheers,
Franco
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13679
  • Karma: 1176
    • View Profile
Re: collectd network plugin is missing encryption support
« Reply #10 on: June 09, 2017, 07:00:34 pm »
Hi deviantintegral,

Was this fixed as discussed with 17.1.8?


Thanks,
Franco
Logged

deviantintegral

  • Newbie
  • *
  • Posts: 27
  • Karma: 1
    • View Profile
Re: collectd network plugin is missing encryption support
« Reply #11 on: June 09, 2017, 11:10:38 pm »
It did! Thanks.
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • [SOLVED] collectd network plugin is missing encryption support
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2