Support icmp probes by enabling install_method=apt

[jneo8]

Per [1]:
"""
The ICMP probe requires elevated privileges to function:
[...]
Linux: root user or CAP_NET_RAW capability is required.
Can be set by executing setcap cap_net_raw+ep blackbox_exporter
[...]
"""

Since the charm intalls a snap, "setcap" cannot be applied. An alternative install method should exist as the "prometheus-blackbox-exporter" APT package in Bionic works in the same way than the snap, and "setcap" can be used against "/usr/bin/prometheus-blackbox-exporter". A service restart would be needed after the change.

Similar to other prometheus-related charms, a new "install_method=apt" option should be added. For backward compatibility, "install_method=snap" should be the default value.

1. https://github.com/prometheus/blackbox_exporter#permissions

---

Imported from Launchpad using lp2gh.

• date created: 2019-11-13T07:57:54Z

• owner: aluria

• assignee: None

• the launchpad url

[jneo8]

(by vultaire)
It should be noted that the prometheus docs also mention that the sysctl setting "net.ipv4.ping_group_range" can also be used to provide these privileges.

It seems like Focal may have this enabled out-of-the-box, but for Bionic, it may be reasonable to deploy the sysconfig charm as a subordinate, with the sysctl setting set to '{"net.ipv4.ping_group_range": "0 2147483647"}'.

If we want this to consistently work in the charm without sysctl settings, we could:

1. Have this charm set the above sysctl setting itself, or
2. Leave the sysctl setting alone, allow for using the apt package instead of the snap, and optionally enable the CAP_NET_RAW capability.