refactor(prometheus): delegate common tasks to _common role

Signed-off-by: gardar <gardar@users.noreply.github.com>

roles/prometheus/defaults/main.yml

@@ -1,11 +1,10 @@
 ---
 prometheus_version: 2.54.1
-prometheus_binary_local_dir: ''
 prometheus_binary_url: "https://github.com/{{ _prometheus_repo }}/releases/download/v{{ prometheus_version }}/\
-                        prometheus-{{ prometheus_version }}.linux-{{ go_arch }}.tar.gz"
+                        prometheus-{{ prometheus_version }}.{{ ansible_system | lower }}-{{ _prometheus_go_ansible_arch }}.tar.gz"
 prometheus_checksums_url: "https://github.com/{{ _prometheus_repo }}/releases/download/v{{ prometheus_version }}/sha256sums.txt"
-prometheus_skip_install: false
 
+prometheus_binary_install_dir: /usr/local/bin
 prometheus_config_dir: /etc/prometheus
 prometheus_db_dir: /var/lib/prometheus
 prometheus_read_only_dirs: []
@@ -237,4 +236,4 @@ prometheus_system_user: "{{ prometheus_system_group }}"
 prometheus_stop_timeout: '600s'
 
 # Local path to stash the archive and its extraction
-prometheus_archive_path: /tmp
+prometheus_local_cache_path: "/tmp/prometheus-{{ ansible_system | lower }}-{{ _prometheus_go_ansible_arch }}/{{ prometheus_version }}"

roles/prometheus/meta/argument_specs.yml

@@ -13,18 +13,9 @@ argument_specs:
           - "Prometheus package version. Also accepts C(latest) as parameter."
           - "Only prometheus 2.x is supported"
         default: "2.54.1"
-      prometheus_skip_install:
-        description: "Prometheus installation tasks gets skipped when set to true."
-        type: bool
-        default: false
-      prometheus_binary_local_dir:
-        description:
-          - "Allows to use local packages instead of ones distributed on github."
-          - "As parameter it takes a directory where I(prometheus) AND I(promtool) binaries are stored on host on which ansible is ran."
-          - "This overrides I(prometheus_version) parameter"
       prometheus_binary_url:
         description: "URL of the prometheus binaries .tar.gz file"
-        default: "https://github.com/{{ _prometheus_repo }}/releases/download/v{{ prometheus_version }}/ prometheus-{{ prometheus_version }}.linux-{{ go_arch }}.tar.gz"
+        default: "https://github.com/{{ _prometheus_repo }}/releases/download/v{{ prometheus_version }}/prometheus-{{ prometheus_version }}.{{ ansible_system | lower }}-{{ _prometheus_go_ansible_arch }}.tar.gz"
       prometheus_checksums_url:
         description: URL of the prometheus checksums file
         default: "https://github.com/{{ _prometheus_repo }}/releases/download/v{{ prometheus_version }}/sha256sums.txt"
@@ -38,6 +29,11 @@ argument_specs:
         description: "Additional paths that Prometheus is allowed to read (useful for SSL certs outside of the config directory)"
         type: "list"
         elements: "str"
+      prometheus_binary_install_dir:
+        description:
+          - "I(Advanced)"
+          - "Directory to install binaries"
+        default: "/usr/local/bin"
       prometheus_web_listen_address:
         description: "Address on which prometheus will be listening"
         default: "0.0.0.0:9090"
@@ -174,6 +170,6 @@ argument_specs:
           - "How long to wait for Prometheus to shutdown. This is passed as a systemd TimeoutStopSec time spec."
         type: "str"
         default: "600s"
-      prometheus_archive_path:
-        description: 'Local path to stash the archive and its extraction'
-        default: "/tmp"
+      prometheus_local_cache_path:
+        description: Local path to stash the archive and its extraction
+        default: /tmp/prometheus-{{ ansible_system | lower }}-{{ _prometheus_go_ansible_arch }}/{{ prometheus_version }}

roles/prometheus/molecule/alternative/molecule.yml

@@ -5,7 +5,7 @@ provisioner:
   inventory:
     group_vars:
       all:
-        prometheus_binary_local_dir: '/tmp/prometheus-linux-amd64'
+        prometheus_local_cache_path: '/tmp/prometheus-linux-amd64'
         prometheus_config_dir: /opt/prom/etc
         prometheus_db_dir: /opt/prom/lib
         prometheus_web_listen_address: "127.0.0.1:9090"

roles/prometheus/molecule/default/tests/test_default.py

@@ -33,7 +33,6 @@ def test_directories(host, dirs):
     "/etc/prometheus/prometheus.yml",
     "/etc/prometheus/console_libraries/prom.lib",
     "/etc/prometheus/consoles/prometheus.html",
-    "/etc/prometheus/web.yml",
     "/etc/systemd/system/prometheus.service",
     "/usr/local/bin/prometheus",
     "/usr/local/bin/promtool"

roles/prometheus/tasks/configure.yml

@@ -1,9 +1,73 @@
 ---
+- name: Configure
+  ansible.builtin.include_role:
+    name: prometheus.prometheus._common
+    tasks_from: configure.yml
+  vars:
+    _common_system_user: "{{ prometheus_system_user }}"
+    _common_system_group: "{{ prometheus_system_group }}"
+    _common_config_dir: "{{ prometheus_config_dir }}"
+    _common_tls_server_config: "{{ prometheus_web_config.tls_server_config }}"
+    _common_http_server_config: "{{ prometheus_web_config.http_server_config }}"
+    _common_basic_auth_users: "{{ prometheus_web_config.basic_auth_users }}"
+  tags:
+    - prometheus
+    - configure
+    - prometheus_configure
+
+- name: Create prometheus data directory
+  ansible.builtin.file:
+    path: "{{ prometheus_db_dir }}"
+    state: directory
+    owner: "{{ prometheus_system_user }}"
+    group: "{{ prometheus_system_group }}"
+    mode: 0755
+  become: true
+  tags:
+    - prometheus
+    - configure
+    - prometheus_configure
+
+- name: Create additional prometheus configuration directories
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ prometheus_system_user }}"
+    group: "{{ prometheus_system_group }}"
+    mode: 0775
+  loop:
+    - "{{ prometheus_config_dir }}/rules"
+    - "{{ prometheus_config_dir }}/file_sd"
+    - "{{ prometheus_config_dir }}/scrapes"
+  become: true
+  tags:
+    - prometheus
+    - configure
+    - prometheus_configure
+
+- name: Propagate official console templates
+  ansible.builtin.copy:
+    src: "{{ prometheus_local_cache_path }}/{{ item }}"
+    dest: "{{ prometheus_config_dir }}"
+    mode: 0644
+    owner: "{{ prometheus_system_user }}"
+    group: "{{ prometheus_system_group }}"
+  loop:
+    - console_libraries
+    - consoles
+  notify:
+    - restart prometheus
+  become: true
+  tags:
+    - prometheus
+    - configure
+    - prometheus_configure
+
 - name: Alerting rules file
   ansible.builtin.template:
     src: "alert.rules.j2"
     dest: "{{ prometheus_config_dir }}/rules/ansible_managed.rules"
-    owner: root
+    owner: "{{ prometheus_system_user }}"
     group: "{{ prometheus_system_group }}"
     mode: 0640
     validate: "{{ _prometheus_binary_install_dir }}/promtool check rules %s"
@@ -12,42 +76,48 @@
     - not prometheus_agent_mode
   notify:
     - reload prometheus
+  become: true
+  tags:
+    - prometheus
+    - configure
+    - prometheus_configure
 
 - name: Copy custom alerting rule files
   ansible.builtin.copy:
     src: "{{ item }}"
     dest: "{{ prometheus_config_dir }}/rules/"
-    owner: root
+    owner: "{{ prometheus_system_user }}"
     group: "{{ prometheus_system_group }}"
     mode: 0640
     validate: "{{ _prometheus_binary_install_dir }}/promtool check rules %s"
-  with_fileglob: "{{ prometheus_alert_rules_files }}"
+  loop: "{{ prometheus_alert_rules_files | map('ansible.builtin.fileglob') | flatten }}"
   when:
     - not prometheus_agent_mode
   notify:
     - reload prometheus
+  become: true
+  tags:
+    - prometheus
+    - configure
+    - prometheus_configure
 
 - name: Configure prometheus
   ansible.builtin.template:
     src: "{{ prometheus_config_file }}"
     dest: "{{ prometheus_config_dir }}/prometheus.yml"
     force: true
-    owner: root
+    owner: "{{ prometheus_system_user }}"
     group: "{{ prometheus_system_group }}"
     mode: 0640
     validate: "{{ _prometheus_binary_install_dir }}/promtool check config %s"
   no_log: "{{ false if (lookup('env', 'CI')) or (lookup('env', 'MOLECULE_PROVISIONER_NAME')) else true }}"
   notify:
     - reload prometheus
-
-- name: Configure Prometheus web
-  ansible.builtin.copy:
-    content: "{{ prometheus_web_config | to_nice_yaml(indent=2, sort_keys=False) }}"
-    dest: "{{ prometheus_config_dir }}/web.yml"
-    force: true
-    owner: root
-    group: "{{ prometheus_system_group }}"
-    mode: 0640
+  become: true
+  tags:
+    - prometheus
+    - configure
+    - prometheus_configure
 
 - name: Configure prometheus static targets
   ansible.builtin.copy:
@@ -55,28 +125,43 @@
       {{ item.value | to_nice_yaml(indent=2, sort_keys=False) }}
     dest: "{{ prometheus_config_dir }}/file_sd/{{ item.key }}.yml"
     force: true
-    owner: root
+    owner: "{{ prometheus_system_user }}"
     group: "{{ prometheus_system_group }}"
     mode: 0640
-  with_dict: "{{ prometheus_targets }}"
+  loop: "{{ prometheus_targets | dict2items }}"
   when: prometheus_targets != {}
+  become: true
+  tags:
+    - prometheus
+    - configure
+    - prometheus_configure
 
 - name: Copy prometheus custom static targets
   ansible.builtin.copy:
     src: "{{ item }}"
     dest: "{{ prometheus_config_dir }}/file_sd/"
     force: true
-    owner: root
+    owner: "{{ prometheus_system_user }}"
     group: "{{ prometheus_system_group }}"
     mode: 0640
-  with_fileglob: "{{ prometheus_static_targets_files }}"
+  loop: "{{ prometheus_static_targets_files | map('ansible.builtin.fileglob') | flatten }}"
+  become: true
+  tags:
+    - prometheus
+    - configure
+    - prometheus_configure
 
 - name: Copy prometheus scrape config files
   ansible.builtin.copy:
     src: "{{ item }}"
     dest: "{{ prometheus_config_dir }}/scrapes/"
     force: true
-    owner: root
+    owner: "{{ prometheus_system_user }}"
     group: "{{ prometheus_system_group }}"
     mode: 0640
-  with_fileglob: "{{ prometheus_scrape_config_files }}"
+  loop: "{{ prometheus_scrape_config_files | map('ansible.builtin.fileglob') | flatten }}"
+  become: true
+  tags:
+    - prometheus
+    - configure
+    - prometheus_configure

roles/prometheus/tasks/install.yml

@@ -1,140 +0,0 @@
----
-- name: Create prometheus system group
-  ansible.builtin.group:
-    name: "{{ prometheus_system_group }}"
-    system: true
-    state: present
-
-- name: Create prometheus system user
-  ansible.builtin.user:
-    name: "{{ prometheus_system_user }}"
-    system: true
-    shell: "/usr/sbin/nologin"
-    group: "{{ prometheus_system_group }}"
-    createhome: false
-    home: "{{ prometheus_db_dir }}"
-
-- name: Create prometheus data directory
-  ansible.builtin.file:
-    path: "{{ prometheus_db_dir }}"
-    state: directory
-    owner: "{{ prometheus_system_user }}"
-    group: "{{ prometheus_system_group }}"
-    mode: 0755
-
-- name: Create prometheus configuration directories
-  ansible.builtin.file:
-    path: "{{ item }}"
-    state: directory
-    owner: root
-    group: "{{ prometheus_system_group }}"
-    mode: 0770
-  with_items:
-    - "{{ prometheus_config_dir }}"
-    - "{{ prometheus_config_dir }}/rules"
-    - "{{ prometheus_config_dir }}/file_sd"
-    - "{{ prometheus_config_dir }}/scrapes"
-
-- name: Get prometheus binary
-  when:
-    - prometheus_binary_local_dir | length == 0
-    - not prometheus_skip_install
-  block:
-
-    - name: Download prometheus binary to local folder
-      become: false
-      ansible.builtin.get_url:
-        url: "{{ prometheus_binary_url }}"
-        dest: "{{ prometheus_archive_path }}/prometheus-{{ prometheus_version }}.linux-{{ go_arch }}.tar.gz"
-        checksum: "sha256:{{ __prometheus_checksum }}"
-        mode: 0644
-      register: _download_archive
-      until: _download_archive is succeeded
-      retries: 5
-      delay: 2
-      # run_once: true # <-- this cannot be set due to multi-arch support
-      delegate_to: localhost
-      check_mode: false
-
-    - name: Unpack prometheus binaries
-      become: false
-      ansible.builtin.unarchive:
-        src: "{{ prometheus_archive_path }}/prometheus-{{ prometheus_version }}.linux-{{ go_arch }}.tar.gz"
-        dest: "{{ prometheus_archive_path }}"
-        creates: "{{ prometheus_archive_path }}/prometheus-{{ prometheus_version }}.linux-{{ go_arch }}/prometheus"
-      delegate_to: localhost
-      check_mode: false
-
-    - name: Propagate official prometheus and promtool binaries
-      ansible.builtin.copy:
-        src: "{{ prometheus_archive_path }}/prometheus-{{ prometheus_version }}.linux-{{ go_arch }}/{{ item }}"
-        dest: "{{ _prometheus_binary_install_dir }}/{{ item }}"
-        mode: 0755
-        owner: root
-        group: root
-      with_items:
-        - prometheus
-        - promtool
-      notify:
-        - restart prometheus
-
-    - name: Propagate official console templates
-      ansible.builtin.copy:
-        src: "{{ prometheus_archive_path }}/prometheus-{{ prometheus_version }}.linux-{{ go_arch }}/{{ item }}/"
-        dest: "{{ prometheus_config_dir }}/{{ item }}/"
-        mode: 0644
-        owner: root
-        group: root
-      with_items:
-        - console_libraries
-        - consoles
-      notify:
-        - restart prometheus
-
-- name: Propagate locally distributed prometheus and promtool binaries
-  ansible.builtin.copy:
-    src: "{{ prometheus_binary_local_dir }}/{{ item }}"
-    dest: "{{ _prometheus_binary_install_dir }}/{{ item }}"
-    mode: 0755
-    owner: root
-    group: root
-  with_items:
-    - prometheus
-    - promtool
-  when:
-    - prometheus_binary_local_dir | length > 0
-    - not prometheus_skip_install
-  notify:
-    - restart prometheus
-
-- name: Create systemd service unit
-  ansible.builtin.template:
-    src: prometheus.service.j2
-    dest: /etc/systemd/system/prometheus.service
-    owner: root
-    group: root
-    mode: 0644
-  notify:
-    - restart prometheus
-
-- name: Install SELinux dependencies
-  ansible.builtin.package:
-    name: "{{ _prometheus_selinux_packages }}"
-    state: present
-  register: _install_packages
-  until: _install_packages is succeeded
-  retries: 5
-  delay: 2
-  when:
-    - ansible_version.full is version('2.4', '>=')
-    - ansible_selinux.status == "enabled"
-
-- name: Allow prometheus to bind to port in SELinux
-  community.general.seport:
-    ports: "{{ prometheus_web_listen_address.split(':')[1] }}"
-    proto: tcp
-    setype: http_port_t
-    state: present
-  when:
-    - ansible_version.full is version('2.4', '>=')
-    - ansible_selinux.status == "enabled"

roles/prometheus/tasks/main.yml

@@ -2,33 +2,41 @@
 - name: Preflight
   ansible.builtin.include_tasks:
     file: preflight.yml
-    apply:
-      tags:
-        - prometheus_configure
-        - prometheus_install
-        - prometheus_run
   tags:
     - prometheus_configure
     - prometheus_install
     - prometheus_run
 
 - name: Install
-  ansible.builtin.include_tasks:
-    file: install.yml
-    apply:
-      become: true
-      tags:
-        - prometheus_install
+  ansible.builtin.include_role:
+    name: prometheus.prometheus._common
+    tasks_from: install.yml
+  vars:
+    _common_local_cache_path: "{{ prometheus_local_cache_path }}"
+    _common_binaries: "{{ _prometheus_binaries }}"
+    _common_binary_install_dir: "{{ prometheus_binary_install_dir }}"
+    _common_binary_url: "{{ prometheus_binary_url }}"
+    _common_checksums_url: "{{ prometheus_checksums_url }}"
+    _common_system_group: "{{ prometheus_system_group }}"
+    _common_system_user: "{{ prometheus_system_user }}"
+    _common_config_dir: "{{ prometheus_config_dir }}"
+    _common_binary_unarchive_opts: ['--strip-components=1']
   tags:
     - prometheus_install
 
+- name: SELinux
+  ansible.builtin.include_role:
+    name: prometheus.prometheus._common
+    tasks_from: selinux.yml
+  vars:
+    _common_selinux_port: "{{ prometheus_web_listen_address | urlsplit('port') }}"
+  when: ansible_selinux.status == "enabled"
+  tags:
+    - prometheus_configure
+
 - name: Configure
   ansible.builtin.include_tasks:
     file: configure.yml
-    apply:
-      become: true
-      tags:
-        - prometheus_configure
   tags:
     - prometheus_configure
 
@@ -41,3 +49,10 @@
     enabled: true
   tags:
     - prometheus_run
+
+- name: Make sure prometheus service is running
+  ansible.builtin.service_facts: {}
+  register: __service_status
+  until: "__service_status.ansible_facts.services['prometheus.service'].state == 'running'"
+  retries: 10
+  delay: 5

roles/prometheus/tasks/preflight.yml

@@ -1,24 +1,8 @@
 ---
-- name: Assert usage of systemd as an init system
-  ansible.builtin.assert:
-    that: ansible_service_mgr == 'systemd'
-    msg: "This module only works with systemd"
-
-- name: Install package fact dependencies
-  become: true
-  ansible.builtin.package:
-    name: "{{ _pkg_fact_req }}"
-    state: present
-  when: (_pkg_fact_req)
-  vars:
-    _pkg_fact_req: "{% if (ansible_pkg_mgr == 'apt') %}\
-                    {{ ('python-apt' if ansible_python_version is version('3', '<') else 'python3-apt') }}
-                    {% else %}\
-                    {% endif %}"
-
-- name: Gather package facts
-  ansible.builtin.package_facts:
-  when: "not 'packages' in ansible_facts"
+- name: Common preflight
+  ansible.builtin.include_role:
+    name: prometheus.prometheus._common
+    tasks_from: preflight.yml
 
 - name: Assert that used version supports listen address type
   ansible.builtin.assert:
@@ -98,24 +82,9 @@
   retries: 10
   when:
     - prometheus_version == "latest"
-    - prometheus_binary_local_dir | length == 0
-    - not prometheus_skip_install
-
-- name: Get prometheus binary checksum
-  when:
-    - prometheus_binary_local_dir | length == 0
-    - not prometheus_skip_install
-  block:
-    - name: "Get checksum list"
-      ansible.builtin.set_fact:
-        __prometheus_checksums: "{{ lookup('url', prometheus_checksums_url, headers=_github_api_headers, wantlist=True) | list }}"
-      run_once: true
-      until: __prometheus_checksums is search('linux-' + go_arch + '.tar.gz')
-      retries: 10
-
-    - name: "Get checksum for {{ go_arch }}"
-      ansible.builtin.set_fact:
-        __prometheus_checksum: "{{ item.split(' ')[0] }}"
-      with_items: "{{ __prometheus_checksums }}"
-      when:
-        - "('linux-' + go_arch + '.tar.gz') in item"
+  tags:
+    - prometheus
+    - install
+    - prometheus_install
+    - download
+    - prometheus_download

roles/prometheus/templates/prometheus.service.j2

@@ -25,8 +25,8 @@ ExecStart={{ _prometheus_binary_install_dir }}/prometheus \
   --enable-feature=agent \
   --storage.agent.path={{ prometheus_db_dir }} \
 {% endif %}
-{% if prometheus_version is version('2.24.0', '>=') %}
-  --web.config.file={{ prometheus_config_dir }}/web.yml \
+{% if (prometheus_version is version('2.24.0', '>=')) and (prometheus_web_config.values() | map('length') | select('gt', 0) | list is any) %}
+    --web.config.file={{ prometheus_config_dir }}/web_config.yml \
 {% endif %}
   --web.console.libraries={{ prometheus_config_dir }}/console_libraries \
   --web.console.templates={{ prometheus_config_dir }}/consoles \

roles/prometheus/vars/main.yml

@@ -1,16 +1,13 @@
 ---
-go_arch_map:
-  i386: '386'
-  x86_64: 'amd64'
-  aarch64: 'arm64'
-  armv7l: 'armv7'
-  armv6l: 'armv6'
-
-go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}"
+_prometheus_go_ansible_arch: "{{ {'i386': '386',
+                              'x86_64': 'amd64',
+                              'aarch64': 'arm64',
+                              'armv7l': 'armv7',
+                              'armv6l': 'armv6'}.get(ansible_architecture, ansible_architecture) }}"
 _prometheus_binary_install_dir: '/usr/local/bin'
 
-_prometheus_selinux_packages: "{{ ['libselinux-python', 'policycoreutils-python']
-                               if ansible_python_version is version('3', '<') else
-                               ['python3-libselinux', 'python3-policycoreutils'] }}"
 _prometheus_repo: "prometheus/prometheus"
 _github_api_headers: "{{ {'GITHUB_TOKEN': lookup('ansible.builtin.env', 'GITHUB_TOKEN')} if (lookup('ansible.builtin.env', 'GITHUB_TOKEN')) else {} }}"
+_prometheus_binaries:
+  - prometheus
+  - promtool