Merge branch 'main' into haavard/systemd-exporter-tls

Signed-off-by: gardar <gardar@users.noreply.github.com>
2024-11-25 05:10:20 +00:00 · 2023-08-29 14:01:16 +00:00 · 2023-08-29 14:01:16 +00:00 · 4786ce4ac5
commit 4786ce4ac5
parent 9c415697aa 6a676daf03
51 changed files with 442 additions and 103 deletions
--- a/.config/molecule/config.yml
+++ b/.config/molecule/config.yml
@ -52,6 +52,12 @@ platforms:
    privileged: true
    cgroup_parent: docker.slice
    command: /lib/systemd/systemd
+  - name: fedora-38
+    image: dokken/fedora-38
+    pre_build_image: true
+    privileged: true
+    cgroup_parent: docker.slice
+    command: /lib/systemd/systemd
  - name: ubuntu-20.04
    image: dokken/ubuntu-20.04
    pre_build_image: true
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@ -5,6 +5,15 @@ Prometheus.Prometheus Release Notes
 .. contents:: Topics


+v0.6.1
+======
+
+Bugfixes
+--------
+
+- fix(systemd_exporter): Fix collector flags for older versions (https://github.com/prometheus-community/ansible/pull/208)
+- fix: blackbox_exporter ansible-lint risky-octal (https://github.com/prometheus-community/ansible/pull/174)
+
 v0.6.0
 ======

@ -14,8 +23,10 @@ Minor Changes
 - feat: Add chrony_exporter role (https://github.com/prometheus-community/ansible/pull/159)
 - feat: Add pushgateway role (https://github.com/prometheus-community/ansible/pull/127)
 - feat: Add role smokeping_prober (https://github.com/prometheus-community/ansible/pull/128)
+- feature: Agent mode support (https://github.com/prometheus-community/ansible/pull/198)
 - feature: Make config installation dir configurable (https://github.com/prometheus-community/ansible/pull/173)
 - feature: blackbox exporter user/group configurable (https://github.com/prometheus-community/ansible/pull/172)
+- minor: support fedora 38 (https://github.com/prometheus-community/ansible/pull/202)

 Removed Features (previously deprecated)
 ----------------------------------------
@ -29,6 +40,7 @@ Bugfixes
 - fix(alertmanager): add routes before match_re (https://github.com/prometheus-community/ansible/pull/194)
 - fix(node_exporter): Fix ProtectHome for textfiles (https://github.com/prometheus-community/ansible/pull/184)
 - fix: Add test for argument_specs matching (https://github.com/prometheus-community/ansible/pull/177)
+- fix: Make binary installs consistent (https://github.com/prometheus-community/ansible/pull/204)
 - fix: mysqld_exporter should actually respect the mysqld_exporter_host variable (https://github.com/prometheus-community/ansible/pull/88)

 v0.5.2
--- a/changelogs/.plugin-cache.yaml
+++ b/changelogs/.plugin-cache.yaml
@ -13,4 +13,4 @@ plugins:
  shell: {}
  strategy: {}
  vars: {}
-version: 0.6.0
+version: 0.6.1
--- a/changelogs/changelog.yaml
+++ b/changelogs/changelog.yaml
@ -158,32 +158,42 @@ releases:
    release_date: '2023-06-24'
  0.6.0:
    changes:
+      bugfixes:
+        - 'fix(alertmanager): add routes before match_re (https://github.com/prometheus-community/ansible/pull/194)'
+        - 'fix(node_exporter): Fix ProtectHome for textfiles (https://github.com/prometheus-community/ansible/pull/184)'
+        - 'fix: Add test for argument_specs matching (https://github.com/prometheus-community/ansible/pull/177)'
+        - 'fix: Make binary installs consistent (https://github.com/prometheus-community/ansible/pull/204)'
+        - 'fix: mysqld_exporter should actually respect the mysqld_exporter_host variable
+          (https://github.com/prometheus-community/ansible/pull/88)'
      minor_changes:
-        - 'feature: blackbox exporter user/group configurable (https://github.com/prometheus-community/ansible/pull/172)'
-        - 'feature: Make config installation dir configurable (https://github.com/prometheus-community/ansible/pull/173)'
        - 'feat: Add chrony_exporter role (https://github.com/prometheus-community/ansible/pull/159)'
        - 'feat: Add pushgateway role (https://github.com/prometheus-community/ansible/pull/127)'
        - 'feat: Add role smokeping_prober (https://github.com/prometheus-community/ansible/pull/128)'
-      bugfixes:
-        - 'fix: mysqld_exporter should actually respect the mysqld_exporter_host variable
-          (https://github.com/prometheus-community/ansible/pull/88)'
-        - 'fix: Add test for argument_specs matching (https://github.com/prometheus-community/ansible/pull/177)'
-        - 'fix(alertmanager): add routes before match_re (https://github.com/prometheus-community/ansible/pull/194)'
-        - 'fix(node_exporter): Fix ProtectHome for textfiles (https://github.com/prometheus-community/ansible/pull/184)'
+        - 'feature: Agent mode support (https://github.com/prometheus-community/ansible/pull/198)'
+        - 'feature: Make config installation dir configurable (https://github.com/prometheus-community/ansible/pull/173)'
+        - 'feature: blackbox exporter user/group configurable (https://github.com/prometheus-community/ansible/pull/172)'
+        - 'minor: support fedora 38 (https://github.com/prometheus-community/ansible/pull/202)'
      removed_features:
-        - 'removed: Drop ubuntu 18.04 support as it is EOL (https://github.com/prometheus-community/ansible/pull/199)'
        - 'removed: Drop fedora 36 support as it is EOL (https://github.com/prometheus-community/ansible/pull/200)'
+        - 'removed: Drop ubuntu 18.04 support as it is EOL (https://github.com/prometheus-community/ansible/pull/199)'
      trivial:
-        - 'patch: New prometheus/snmp_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/146)'
-        - 'patch: New prometheus/mysqld_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/153)'
-        - 'patch: New prometheus/prometheus upstream release! (https://github.com/prometheus-community/ansible/pull/152)'
-        - 'patch: New prometheus/node_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/162)'
-        - 'patch: New prometheus/prometheus upstream release! (https://github.com/prometheus-community/ansible/pull/168)'
-        - 'Fix: rename collector flags (https://github.com/prometheus-community/ansible/pull/167)'
        - Fix mysqld_exporter world-readable secrets (https://github.com/prometheus-community/ansible/pull/169)
-        - 'fix ansible-lint: risky-octal & no-same-owner (https://github.com/prometheus-community/ansible/pull/171)'
-        - 'patch: New prometheus/snmp_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/188)'
+        - 'Fix: rename collector flags (https://github.com/prometheus-community/ansible/pull/167)'
        - 'docs(smokeping_prober): Update arguments specs (https://github.com/prometheus-community/ansible/pull/190)'
-        - 'patch: New superq/smokeping_prober upstream release! (https://github.com/prometheus-community/ansible/pull/196)'
        - 'docs: Fix node_exporter 404 TLS auth links (https://github.com/prometheus-community/ansible/pull/154)'
+        - 'fix ansible-lint: risky-octal & no-same-owner (https://github.com/prometheus-community/ansible/pull/171)'
+        - 'patch: New prometheus/alertmanager upstream release! (https://github.com/prometheus-community/ansible/pull/206)'
+        - 'patch: New prometheus/mysqld_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/153)'
+        - 'patch: New prometheus/node_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/162)'
+        - 'patch: New prometheus/prometheus upstream release! (https://github.com/prometheus-community/ansible/pull/152)'
+        - 'patch: New prometheus/prometheus upstream release! (https://github.com/prometheus-community/ansible/pull/168)'
+        - 'patch: New prometheus/snmp_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/146)'
+        - 'patch: New prometheus/snmp_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/188)'
+        - 'patch: New superq/smokeping_prober upstream release! (https://github.com/prometheus-community/ansible/pull/196)'
    release_date: '2023-07-29'
+  0.6.1:
+    changes:
+      bugfixes:
+        - 'fix: blackbox_exporter ansible-lint risky-octal (https://github.com/prometheus-community/ansible/pull/174)'
+        - 'fix(systemd_exporter): Fix collector flags for older versions (https://github.com/prometheus-community/ansible/pull/208)'
+    release_date: '2023-08-26'
--- a/galaxy.yml
+++ b/galaxy.yml
@ -1,7 +1,7 @@
 ---
 namespace: prometheus
 name: prometheus
-version: 0.6.0
+version: 0.6.1
 readme: README.md
 authors:
  - "Ben Kochie (https://github.com/SuperQ)"
--- a/roles/alertmanager/defaults/main.yml
+++ b/roles/alertmanager/defaults/main.yml
@ -1,5 +1,5 @@
 ---
-alertmanager_version: 0.25.0
+alertmanager_version: 0.26.0
 alertmanager_binary_local_dir: ''
 alertmanager_binary_url: "https://github.com/{{ _alertmanager_repo }}/releases/download/v{{ alertmanager_version }}/\
                          alertmanager-{{ alertmanager_version }}.linux-{{ go_arch }}.tar.gz"
--- a/roles/alertmanager/meta/argument_specs.yml
+++ b/roles/alertmanager/meta/argument_specs.yml
@ -10,7 +10,7 @@ argument_specs:
    options:
      alertmanager_version:
        description: "Alertmanager package version. Also accepts `latest` as parameter."
-        default: 0.25.0
+        default: 0.26.0
      alertmanager_skip_install:
        description: "Alertmanager installation tasks gets skipped when set to true."
        type: bool
--- a/roles/alertmanager/meta/main.yml
+++ b/roles/alertmanager/meta/main.yml
@ -21,6 +21,7 @@ galaxy_info:
    - name: "Fedora"
      versions:
        - "37"
+        - '38'
  galaxy_tags:
    - "monitoring"
    - "prometheus"
--- a/roles/alertmanager/tasks/install.yml
+++ b/roles/alertmanager/tasks/install.yml
@ -26,7 +26,7 @@
    - "{{ alertmanager_db_dir }}"
    - "{{ _alertmanager_amtool_config_dir }}"

- name: Get alertmanager binary
+- name: Get binary
  when:
    - alertmanager_binary_local_dir | length == 0
    - not alertmanager_skip_install
--- a/roles/blackbox_exporter/defaults/main.yml
+++ b/roles/blackbox_exporter/defaults/main.yml
@ -1,8 +1,10 @@
 ---
 blackbox_exporter_version: 0.24.0
+blackbox_exporter_binary_local_dir: ""
 blackbox_exporter_binary_url: "https://github.com/{{ _blackbox_exporter_repo }}/releases/download/v{{ blackbox_exporter_version }}/\
                               blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] |
                               default(ansible_architecture) }}.tar.gz"
+blackbox_exporter_checksums_url: "https://github.com/{{ _blackbox_exporter_repo }}/releases/download/v{{ blackbox_exporter_version }}/sha256sums.txt"
 blackbox_exporter_skip_install: false

 blackbox_exporter_web_listen_address: "0.0.0.0:9115"
@ -71,3 +73,5 @@ blackbox_exporter_configuration_modules:

 # Where to put the blackbox_exporter.yml main configuration file
 blackbox_exporter_config_dir: /etc
+
+blackbox_exporter_binary_install_dir: "/usr/local/bin"
--- a/roles/blackbox_exporter/handlers/main.yml
+++ b/roles/blackbox_exporter/handlers/main.yml
@ -1,14 +1,14 @@
 ---
- name: Restart blackbox exporter
-  listen: "restart blackbox exporter"
+- name: Restart blackbox_exporter
+  listen: "restart blackbox_exporter"
  become: true
  ansible.builtin.systemd:
    daemon_reload: true
    name: blackbox_exporter
    state: restarted

- name: Reload blackbox exporter
-  listen: "reload blackbox exporter"
+- name: Reload blackbox_exporter
+  listen: "reload blackbox_exporter"
  become: true
  ansible.builtin.systemd:
    name: blackbox_exporter
--- a/roles/blackbox_exporter/meta/argument_specs.yml
+++ b/roles/blackbox_exporter/meta/argument_specs.yml
@ -9,15 +9,23 @@ argument_specs:
      - "Prometheus Community"
    options:
      blackbox_exporter_version:
-        description: "Blackbox exporter package version"
+        description: "Blackbox exporter package version. Also accepts latest as parameter."
        default: "0.24.0"
      blackbox_exporter_skip_install:
        description: "Blackbox exporter installation tasks gets skipped when set to true."
        type: bool
        default: false
+      blackbox_exporter_binary_local_dir:
+        description:
+          - "Enables the use of local packages instead of those distributed on github."
+          - "The parameter may be set to a directory where the C(blackbox_exporter) binary is stored on the host where ansible is run."
+          - "This overrides the I(blackbox_exporter_version) parameter"
      blackbox_exporter_binary_url:
        description: "URL of the blackbox_exporter binaries .tar.gz file"
        default: "https://github.com/{{ _blackbox_exporter_repo }}/releases/download/v{{ blackbox_exporter_version }}/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}.tar.gz"
+      blackbox_exporter_checksums_url:
+        description: "URL of the blackbox exporter checksums file"
+        default: "https://github.com/{{ _blackbox_exporter_repo }}/releases/download/v{{ blackbox_exporter_version }}/sha256sums.txt"
      blackbox_exporter_web_listen_address:
        description: "Address on which blackbox exporter will be listening"
        default: "0.0.0.0:9115"
@ -37,6 +45,11 @@ argument_specs:
      blackbox_exporter_config_dir:
        description: "Directory where the blackbox exporter configuration file is placed"
        default: "/etc"
+      blackbox_exporter_binary_install_dir:
+        description:
+          - "I(Advanced)"
+          - "Directory to install blackbox_exporter binary"
+        default: "/usr/local/bin"
      blackbox_exporter_user:
        description: "The user the exporter runs as"
        default: "blackbox-exp"
--- a/roles/blackbox_exporter/meta/main.yml
+++ b/roles/blackbox_exporter/meta/main.yml
@ -21,6 +21,7 @@ galaxy_info:
    - name: "Fedora"
      versions:
        - "37"
+        - '38'
  galaxy_tags:
    - "exporter"
    - "monitoring"
--- a/roles/blackbox_exporter/molecule/latest/molecule.yml
+++ b/roles/blackbox_exporter/molecule/latest/molecule.yml
@ -0,0 +1,6 @@
+---
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        blackbox_exporter_version: latest
--- a/roles/blackbox_exporter/molecule/latest/tests/test_latest.py
+++ b/roles/blackbox_exporter/molecule/latest/tests/test_latest.py
@ -0,0 +1,37 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import testinfra.utils.ansible_runner
+import pytest
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+@pytest.mark.parametrize("files", [
+    "/etc/systemd/system/blackbox_exporter.service",
+    "/usr/local/bin/blackbox_exporter"
+])
+def test_files(host, files):
+    f = host.file(files)
+    assert f.exists
+    assert f.is_file
+
+
+def test_service(host):
+    s = host.service("blackbox_exporter")
+    try:
+        assert s.is_running
+    except AssertionError:
+        # Capture service logs
+        journal_output = host.run('journalctl -u blackbox_exporter --since "1 hour ago"')
+        print("\n==== journalctl -u blackbox_exporter Output ====\n")
+        print(journal_output)
+        print("\n============================================\n")
+        raise  # Re-raise the original assertion error
+
+
+def test_socket(host):
+    s = host.socket("tcp://0.0.0.0:9100")
+    assert s.is_listening
--- a/roles/blackbox_exporter/tasks/configure.yml
+++ b/roles/blackbox_exporter/tasks/configure.yml
@ -5,9 +5,9 @@
    dest: /etc/systemd/system/blackbox_exporter.service
    owner: root
    group: root
-    mode: 0644
+    mode: '0644'
  notify:
-    - restart blackbox exporter
+    - restart blackbox_exporter

 - name: Configure blackbox exporter
  ansible.builtin.template:
@ -15,6 +15,6 @@
    dest: "{{ blackbox_exporter_config_dir }}/blackbox_exporter.yml"
    owner: root
    group: "{{ blackbox_exporter_group }}"
-    mode: 0644
+    mode: '0644'
  notify:
-    - reload blackbox exporter
+    - reload blackbox_exporter
--- a/roles/blackbox_exporter/tasks/install.yml
+++ b/roles/blackbox_exporter/tasks/install.yml
@ -15,33 +15,56 @@
    createhome: false
  when: blackbox_exporter_user != 'root'

- name: Download blackbox exporter binary to local folder
-  become: false
-  ansible.builtin.unarchive:
-    src: "{{ blackbox_exporter_binary_url }}"
-    dest: "/tmp"
-    remote_src: true
-    creates: "/tmp/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}/\
-              blackbox_exporter"
-  register: _download_binary
-  until: _download_binary is succeeded
-  retries: 5
-  delay: 2
-  delegate_to: localhost
-  check_mode: false
-  when: not blackbox_exporter_skip_install
+- name: Get binary
+  when:
+    - blackbox_exporter_binary_local_dir | length == 0
+    - not blackbox_exporter_skip_install
+  block:

- name: Propagate blackbox exporter binary
+    - name: Download blackbox_exporter binary to local folder
+      become: false
+      ansible.builtin.get_url:
+        url: "{{ blackbox_exporter_binary_url }}"
+        dest: "/tmp/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch }}.tar.gz"
+        checksum: "sha256:{{ __blackbox_exporter_checksum }}"
+        mode: '0644'
+      register: _download_binary
+      until: _download_binary is succeeded
+      retries: 5
+      delay: 2
+      delegate_to: localhost
+      check_mode: false
+
+    - name: Unpack blackbox_exporter binary
+      become: false
+      ansible.builtin.unarchive:
+        src: "/tmp/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch }}.tar.gz"
+        dest: "/tmp"
+        creates: "/tmp/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch }}/blackbox_exporter"
+      delegate_to: localhost
+      check_mode: false
+
+    - name: Propagate blackbox_exporter binaries
+      ansible.builtin.copy:
+        src: "/tmp/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch }}/blackbox_exporter"
+        dest: "{{ blackbox_exporter_binary_install_dir }}/blackbox_exporter"
+        mode: 0755
+        owner: root
+        group: root
+      notify: restart blackbox_exporter
+      when: not ansible_check_mode
+
+- name: Propagate locally distributed blackbox_exporter binary
  ansible.builtin.copy:
-    src: "/tmp/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}/\
-          blackbox_exporter"
-    dest: "/usr/local/bin/blackbox_exporter"
-    mode: 0750
+    src: "{{ blackbox_exporter_binary_local_dir }}/blackbox_exporter"
+    dest: "{{ blackbox_exporter_binary_install_dir }}/blackbox_exporter"
+    mode: '0755'
    owner: root
-    group: "{{ blackbox_exporter_group }}"
-  when: not blackbox_exporter_skip_install
-  notify:
-    - restart blackbox exporter
+    group: root
+  when:
+    - blackbox_exporter_binary_local_dir | length > 0
+    - not blackbox_exporter_skip_install
+  notify: restart blackbox_exporter

 - name: Install libcap on Debian systems
  ansible.builtin.package:
--- a/roles/blackbox_exporter/tasks/preflight.yml
+++ b/roles/blackbox_exporter/tasks/preflight.yml
@ -24,3 +24,34 @@
  ansible.builtin.assert:
    that:
      - "':' in blackbox_exporter_web_listen_address"
+
+- name: Discover latest version
+  ansible.builtin.set_fact:
+    blackbox_exporter_version: "{{ (lookup('url', 'https://api.github.com/repos/prometheus/blackbox_exporter/releases/latest', headers=_github_api_headers,
+                            split_lines=False) | from_json).get('tag_name') | replace('v', '') }}"
+  run_once: true
+  until: blackbox_exporter_version is version('0.0.0', '>=')
+  retries: 10
+  when:
+    - blackbox_exporter_version == "latest"
+    - blackbox_exporter_binary_local_dir | length == 0
+    - not blackbox_exporter_skip_install
+
+- name: Get blackbox_exporter binary checksum
+  when:
+    - blackbox_exporter_binary_local_dir | length == 0
+    - not blackbox_exporter_skip_install
+  block:
+    - name: Get checksum list from github
+      ansible.builtin.set_fact:
+        __blackbox_exporter_checksums: "{{ lookup('url', blackbox_exporter_checksums_url, headers=_github_api_headers, wantlist=True) | list }}"
+      run_once: true
+      until: __blackbox_exporter_checksums is search('linux-' + go_arch + '.tar.gz')
+      retries: 10
+
+    - name: "Get checksum for {{ go_arch }}"
+      ansible.builtin.set_fact:
+        __blackbox_exporter_checksum: "{{ item.split(' ')[0] }}"
+      with_items: "{{ __blackbox_exporter_checksums }}"
+      when:
+        - "('linux-' + go_arch + '.tar.gz') in item"
--- a/roles/blackbox_exporter/vars/main.yml
+++ b/roles/blackbox_exporter/vars/main.yml
@ -5,4 +5,7 @@ go_arch_map:
  aarch64: 'arm64'
  armv7l: 'armv7'
  armv6l: 'armv6'
+
+go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}"
 _blackbox_exporter_repo: "prometheus/blackbox_exporter"
+_github_api_headers: "{{ {'GITHUB_TOKEN': lookup('ansible.builtin.env', 'GITHUB_TOKEN')} if (lookup('ansible.builtin.env', 'GITHUB_TOKEN')) else {} }}"
--- a/roles/chrony_exporter/meta/main.yml
+++ b/roles/chrony_exporter/meta/main.yml
@ -21,6 +21,7 @@ galaxy_info:
    - name: "Fedora"
      versions:
        - "37"
+        - '38'
  galaxy_tags:
    - "monitoring"
    - "prometheus"
--- a/roles/chrony_exporter/tasks/install.yml
+++ b/roles/chrony_exporter/tasks/install.yml
@ -17,7 +17,7 @@
    home: /
  when: chrony_exporter_system_user != "root"

- name: Discover latest version
+- name: Get binary
  when:
    - chrony_exporter_binary_local_dir | length == 0
    - not chrony_exporter_skip_install
--- a/roles/mysqld_exporter/meta/main.yml
+++ b/roles/mysqld_exporter/meta/main.yml
@ -21,6 +21,7 @@ galaxy_info:
    - name: "Fedora"
      versions:
        - "37"
+        - '38'
  galaxy_tags:
    - "monitoring"
    - "prometheus"
--- a/roles/mysqld_exporter/tasks/install.yml
+++ b/roles/mysqld_exporter/tasks/install.yml
@ -17,7 +17,7 @@
    home: /
  when: mysqld_exporter_system_user != "root"

- name: Discover latest version
+- name: Get binary
  when:
    - mysqld_exporter_binary_local_dir | length == 0
    - not mysqld_exporter_skip_install
--- a/roles/node_exporter/meta/main.yml
+++ b/roles/node_exporter/meta/main.yml
@ -21,6 +21,7 @@ galaxy_info:
    - name: "Fedora"
      versions:
        - "37"
+        - '38'
  galaxy_tags:
    - "monitoring"
    - "prometheus"
--- a/roles/node_exporter/tasks/install.yml
+++ b/roles/node_exporter/tasks/install.yml
@ -17,7 +17,7 @@
    home: /
  when: node_exporter_system_user != "root"

- name: Discover latest version
+- name: Get binary
  when:
    - node_exporter_binary_local_dir | length == 0
    - not node_exporter_skip_install
--- a/roles/prometheus/defaults/main.yml
+++ b/roles/prometheus/defaults/main.yml
@ -25,6 +25,9 @@ prometheus_storage_retention: "30d"
 # supported: KB, MB, GB, TB, PB.
 prometheus_storage_retention_size: "0"

+# The Agent mode optimizes Prometheus for the remote write use case: https://prometheus.io/blog/2021/11/16/agent/
+prometheus_agent_mode: false
+
 prometheus_config_flags_extra: {}
 # prometheus_config_flags_extra:
 #   storage.tsdb.retention: 15d
--- a/roles/prometheus/meta/argument_specs.yml
+++ b/roles/prometheus/meta/argument_specs.yml
@ -59,6 +59,12 @@ argument_specs:
          - "Maximum number of bytes that can be stored for blocks."
          - "Units supported: KB, MB, GB, TB, PB."
        default: "0"
+      prometheus_agent_mode:
+        description:
+          - "The Agent mode optimizes Prometheus for the remote write use case. It disables querying, alerting, and local storage, and replaces it with a customized TSDB WAL. L(Everything,https://prometheus.io/docs/prometheus/latest/feature_flags/#prometheus-agent) else stays the same."
+          - "This feature is available starting from Prometheus v2.32.0."
+        type: bool
+        default: false
      prometheus_config_flags_extra:
        description:
          - "Additional configuration flags passed to prometheus binary at startup"
--- a/roles/prometheus/meta/main.yml
+++ b/roles/prometheus/meta/main.yml
@ -21,6 +21,7 @@ galaxy_info:
    - name: "Fedora"
      versions:
        - "37"
+        - '38'
  galaxy_tags:
    - "monitoring"
    - "prometheus"
--- a/roles/prometheus/molecule/agentmode/molecule.yml
+++ b/roles/prometheus/molecule/agentmode/molecule.yml
@ -0,0 +1,6 @@
+---
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        prometheus_agent_mode: true
--- a/roles/prometheus/molecule/agentmode/tests/test_agentmode.py
+++ b/roles/prometheus/molecule/agentmode/tests/test_agentmode.py
@ -0,0 +1,45 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import yaml
+import testinfra.utils.ansible_runner
+import pytest
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+@pytest.fixture()
+def AnsibleDefaults():
+    with open("defaults/main.yml", 'r') as stream:
+        return yaml.full_load(stream)
+
+
+@pytest.mark.parametrize('file, content', [
+    ("/etc/systemd/system/prometheus.service",
+     "storage.agent.path=/var/lib/prometheus"),
+    ("/etc/systemd/system/prometheus.service",
+     "enable-feature=agent"),
+])
+def test_file_contents(host, file, content):
+    f = host.file(file)
+    assert f.exists
+    assert f.is_file
+    assert f.contains(content)
+
+
+def test_service(host):
+    s = host.service("prometheus")
+    assert s.is_running
+
+
+# # "/agent" page is available (http 200) when agent mode is enabled
+def test_agent_enabled(host):
+    output = host.check_output('curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:9090/agent')
+    assert '200' in output
+
+
+def test_socket(host):
+    s = host.socket("tcp://0.0.0.0:9090")
+    assert s.is_listening
--- a/roles/prometheus/tasks/configure.yml
+++ b/roles/prometheus/tasks/configure.yml
@ -9,6 +9,7 @@
    validate: "{{ _prometheus_binary_install_dir }}/promtool check rules %s"
  when:
    - prometheus_alert_rules != []
+    - not prometheus_agent_mode
  notify:
    - reload prometheus

@ -21,6 +22,8 @@
    mode: 0640
    validate: "{{ _prometheus_binary_install_dir }}/promtool check rules %s"
  with_fileglob: "{{ prometheus_alert_rules_files }}"
+  when:
+    - not prometheus_agent_mode
  notify:
    - reload prometheus

--- a/roles/prometheus/templates/prometheus.service.j2
+++ b/roles/prometheus/templates/prometheus.service.j2
@ -13,6 +13,7 @@ User=prometheus
 Group=prometheus
 ExecReload=/bin/kill -HUP $MAINPID
 ExecStart={{ _prometheus_binary_install_dir }}/prometheus \
+{% if not prometheus_agent_mode %}
  --storage.tsdb.path={{ prometheus_db_dir }} \
 {% if prometheus_version is version('2.7.0', '>=') %}
  --storage.tsdb.retention.time={{ prometheus_storage_retention }} \
@ -20,6 +21,10 @@ ExecStart={{ _prometheus_binary_install_dir }}/prometheus \
 {% else %}
  --storage.tsdb.retention={{ prometheus_storage_retention }} \
 {% endif %}
+{% else %}
+  --enable-feature=agent \
+  --storage.agent.path={{ prometheus_db_dir }} \
+{% endif %}
 {% if prometheus_version is version('2.24.0', '>=') %}
  --web.config.file={{ prometheus_config_dir }}/web.yml \
 {% endif %}
--- a/roles/prometheus/templates/prometheus.yml.j2
+++ b/roles/prometheus/templates/prometheus.yml.j2
@ -17,8 +17,10 @@ remote_read:
  {{ prometheus_remote_read | to_nice_yaml(indent=2,sort_keys=False) | indent(2, False) }}
 {% endif %}

+{% if not prometheus_agent_mode and prometheus_alert_rules_files != [] %}
 rule_files:
  - {{ prometheus_config_dir }}/rules/*.rules
+{% endif %}

 {% if prometheus_alertmanager_config | length > 0 %}
 alerting:
--- a/roles/pushgateway/meta/main.yml
+++ b/roles/pushgateway/meta/main.yml
@ -21,6 +21,7 @@ galaxy_info:
    - name: "Fedora"
      versions:
        - "37"
+        - '38'
  galaxy_tags:
    - "monitoring"
    - "prometheus"
--- a/roles/pushgateway/tasks/install.yml
+++ b/roles/pushgateway/tasks/install.yml
@ -17,7 +17,7 @@
    home: /
  when: pushgateway_system_user != "root"

- name: Discover latest version
+- name: Get binary
  when:
    - pushgateway_binary_local_dir | length == 0
    - not pushgateway_skip_install
--- a/roles/smokeping_prober/meta/main.yml
+++ b/roles/smokeping_prober/meta/main.yml
@ -21,6 +21,7 @@ galaxy_info:
    - name: "Fedora"
      versions:
        - "37"
+        - '38'
  galaxy_tags:
    - "monitoring"
    - "prometheus"
--- a/roles/smokeping_prober/tasks/install.yml
+++ b/roles/smokeping_prober/tasks/install.yml
@ -17,7 +17,7 @@
    home: /
  when: smokeping_prober_system_user != "root"

- name: Discover latest version
+- name: Get binary
  when:
    - smokeping_prober_binary_local_dir | length == 0
    - not smokeping_prober_skip_install
--- a/roles/snmp_exporter/defaults/main.yml
+++ b/roles/snmp_exporter/defaults/main.yml
@ -1,5 +1,6 @@
 ---
 snmp_exporter_version: 0.23.0
+snmp_exporter_binary_local_dir: ""
 snmp_exporter_binary_url: "https://github.com/{{ _snmp_exporter_repo }}/releases/download/v{{ snmp_exporter_version }}/\
                           snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}.tar.gz"
 snmp_exporter_checksums_url: "https://github.com/{{ _snmp_exporter_repo }}/releases/download/v{{ snmp_exporter_version }}/sha256sums.txt"
@ -9,3 +10,5 @@ snmp_exporter_log_level: info

 # If this is empty, role will download snmp.yml file from https://github.com/prometheus/snmp_exporter.
 snmp_exporter_config_file: ""
+
+snmp_exporter_binary_install_dir: "/usr/local/bin"
--- a/roles/snmp_exporter/handlers/main.yml
+++ b/roles/snmp_exporter/handlers/main.yml
@ -1,14 +1,14 @@
 ---
- name: Reload snmp exporter
-  listen: "reload snmp exporter"
+- name: Reload snmp_exporter
+  listen: "reload snmp_exporter"
  become: true
  ansible.builtin.systemd:
    daemon_reload: true
    name: snmp_exporter
    state: reloaded

- name: Restart snmp exporter
-  listen: "restart snmp exporter"
+- name: Restart snmp_exporter
+  listen: "restart snmp_exporter"
  become: true
  ansible.builtin.systemd:
    daemon_reload: true
--- a/roles/snmp_exporter/meta/argument_specs.yml
+++ b/roles/snmp_exporter/meta/argument_specs.yml
@ -9,12 +9,17 @@ argument_specs:
      - "Prometheus Community"
    options:
      snmp_exporter_version:
-        description: "SNMP exporter package version"
+        description: "SNMP exporter package version. Also accepts latest as parameter."
        default: "0.23.0"
      snmp_exporter_skip_install:
        description: "SNMP exporter installation tasks gets skipped when set to true."
        type: bool
        default: false
+      snmp_exporter_binary_local_dir:
+        description:
+          - "Enables the use of local packages instead of those distributed on github."
+          - "The parameter masnmp set to a directory where the C(snmp_exporter) binary is stored on the host where ansible is run."
+          - "This overrides the I(snmp_exporter_version) parameter"
      snmp_exporter_binary_url:
        description: "URL of the snmp exporter binaries .tar.gz file"
        default: "https://github.com/{{ _snmp_exporter_repo }}/releases/download/v{{ snmp_exporter_version }}/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}.tar.gz"
@ -31,3 +36,8 @@ argument_specs:
        description:
          - "If this is empty, role will download snmp.yml file from U(https://github.com/prometheus/snmp_exporter)."
          - "Otherwise this should contain path to file with custom snmp exporter configuration"
+      snmp_exporter_binary_install_dir:
+        description:
+          - "I(Advanced)"
+          - "Directory to install snmp_exporter binary"
+        default: "/usr/local/bin"
--- a/roles/snmp_exporter/meta/main.yml
+++ b/roles/snmp_exporter/meta/main.yml
@ -21,6 +21,7 @@ galaxy_info:
    - name: "Fedora"
      versions:
        - "37"
+        - '38'
  galaxy_tags:
    - "monitoring"
    - "prometheus"
--- a/roles/snmp_exporter/molecule/latest/molecule.yml
+++ b/roles/snmp_exporter/molecule/latest/molecule.yml
@ -0,0 +1,6 @@
+---
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        snmp_exporter_version: latest
--- a/roles/snmp_exporter/molecule/latest/tests/test_latest.py
+++ b/roles/snmp_exporter/molecule/latest/tests/test_latest.py
@ -0,0 +1,37 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import testinfra.utils.ansible_runner
+import pytest
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+@pytest.mark.parametrize("files", [
+    "/etc/systemd/system/snmp_exporter.service",
+    "/usr/local/bin/snmp_exporter"
+])
+def test_files(host, files):
+    f = host.file(files)
+    assert f.exists
+    assert f.is_file
+
+
+def test_service(host):
+    s = host.service("snmp_exporter")
+    try:
+        assert s.is_running
+    except AssertionError:
+        # Capture service logs
+        journal_output = host.run('journalctl -u snmp_exporter --since "1 hour ago"')
+        print("\n==== journalctl -u snmp_exporter Output ====\n")
+        print(journal_output)
+        print("\n============================================\n")
+        raise  # Re-raise the original assertion error
+
+
+def test_socket(host):
+    s = host.socket("tcp://0.0.0.0:9100")
+    assert s.is_listening
--- a/roles/snmp_exporter/tasks/configure.yml
+++ b/roles/snmp_exporter/tasks/configure.yml
@ -7,7 +7,7 @@
    group: root
    mode: 0644
  notify:
-    - restart snmp exporter
+    - restart snmp_exporter

 - name: Download snmp configuration file from github repository
  ansible.builtin.get_url:
@ -22,7 +22,7 @@
  retries: 5
  delay: 2
  notify:
-    - reload snmp exporter
+    - reload snmp_exporter
  when: not (snmp_exporter_config_file)

 - name: Copy configuration file
@ -34,5 +34,5 @@
    mode: 0644
  no_log: "{{ false if (lookup('env', 'CI')) or (lookup('env', 'MOLECULE_PROVISIONER_NAME')) else true }}"
  notify:
-    - reload snmp exporter
+    - reload snmp_exporter
  when: (snmp_exporter_config_file)
--- a/roles/snmp_exporter/tasks/install.yml
+++ b/roles/snmp_exporter/tasks/install.yml
@ -1,37 +1,54 @@
 ---
- name: Download snmp_exporter binary to local folder
-  become: false
-  ansible.builtin.get_url:
-    url: "{{ snmp_exporter_binary_url }}"
-    dest: "/tmp"
-    checksum: "sha256:{{ snmp_exporter_checksum }}"
-    mode: 0644
-  register: _download_binary
-  until: _download_binary is success
-  retries: 5
-  delay: 2
-  delegate_to: localhost
-  check_mode: false
-  when: not snmp_exporter_skip_install
+- name: Get binary
+  when:
+    - snmp_exporter_binary_local_dir | length == 0
+    - not snmp_exporter_skip_install
+  block:

- name: Unpack snmp_exporter binary
-  become: false
-  ansible.builtin.unarchive:
-    src: "/tmp/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}.tar.gz"
-    dest: "/tmp"
-    creates: "/tmp/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}/snmp_exporter"
-  delegate_to: localhost
-  check_mode: false
-  when: not snmp_exporter_skip_install
+    - name: Download snmp_exporter binary to local folder
+      become: false
+      ansible.builtin.get_url:
+        url: "{{ snmp_exporter_binary_url }}"
+        dest: "/tmp/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch }}.tar.gz"
+        checksum: "sha256:{{ __snmp_exporter_checksum }}"
+        mode: '0644'
+      register: _download_binary
+      until: _download_binary is succeeded
+      retries: 5
+      delay: 2
+      delegate_to: localhost
+      check_mode: false

- name: Propagate SNMP Exporter binaries
+    - name: Unpack snmp_exporter binary
+      become: false
+      ansible.builtin.unarchive:
+        src: "/tmp/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch }}.tar.gz"
+        dest: "/tmp"
+        creates: "/tmp/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch }}/snmp_exporter"
+      delegate_to: localhost
+      check_mode: false
+
+    - name: Propagate snmp_exporter binaries
+      ansible.builtin.copy:
+        src: "/tmp/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch }}/snmp_exporter"
+        dest: "{{ snmp_exporter_binary_install_dir }}/snmp_exporter"
+        mode: 0755
+        owner: root
+        group: root
+      notify: restart snmp_exporter
+      when: not ansible_check_mode
+
+- name: Propagate locally distributed snmp_exporter binary
  ansible.builtin.copy:
-    src: "/tmp/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}/snmp_exporter"
-    dest: "/usr/local/bin/snmp_exporter"
+    src: "{{ snmp_exporter_binary_local_dir }}/snmp_exporter"
+    dest: "{{ snmp_exporter_binary_install_dir }}/snmp_exporter"
    mode: 0755
-  when: not snmp_exporter_skip_install
-  notify:
-    - restart snmp exporter
+    owner: root
+    group: root
+  when:
+    - snmp_exporter_binary_local_dir | length > 0
+    - not snmp_exporter_skip_install
+  notify: restart snmp_exporter

 - name: Create configuration directory
  ansible.builtin.file:
--- a/roles/snmp_exporter/tasks/preflight.yml
+++ b/roles/snmp_exporter/tasks/preflight.yml
@ -1,9 +1,31 @@
 ---
- name: "Get checksum for snmp exporter"
+- name: Discover latest version
  ansible.builtin.set_fact:
-    snmp_exporter_checksum: "{{ item.split(' ')[0] }}"
-  with_items:
-    - "{{ lookup('url', snmp_exporter_checksums_url, headers=_github_api_headers, wantlist=True) | list }}"
+    snmp_exporter_version: "{{ (lookup('url', 'https://api.github.com/repos/prometheus/snmp_exporter/releases/latest', headers=_github_api_headers,
+                            split_lines=False) | from_json).get('tag_name') | replace('v', '') }}"
+  run_once: true
+  until: snmp_exporter_version is version('0.0.0', '>=')
+  retries: 10
  when:
-    - "('linux-' + (go_arch_map[ansible_architecture] | default(ansible_architecture)) + '.tar.gz') in item"
+    - snmp_exporter_version == "latest"
+    - snmp_exporter_binary_local_dir | length == 0
    - not snmp_exporter_skip_install
+
+- name: Get snmp_exporter binary checksum
+  when:
+    - snmp_exporter_binary_local_dir | length == 0
+    - not snmp_exporter_skip_install
+  block:
+    - name: Get checksum list from github
+      ansible.builtin.set_fact:
+        __snmp_exporter_checksums: "{{ lookup('url', snmp_exporter_checksums_url, headers=_github_api_headers, wantlist=True) | list }}"
+      run_once: true
+      until: __snmp_exporter_checksums is search('linux-' + go_arch + '.tar.gz')
+      retries: 10
+
+    - name: "Get checksum for {{ go_arch }}"
+      ansible.builtin.set_fact:
+        __snmp_exporter_checksum: "{{ item.split(' ')[0] }}"
+      with_items: "{{ __snmp_exporter_checksums }}"
+      when:
+        - "('linux-' + go_arch + '.tar.gz') in item"
--- a/roles/snmp_exporter/vars/main.yml
+++ b/roles/snmp_exporter/vars/main.yml
@ -5,5 +5,7 @@ go_arch_map:
  aarch64: 'arm64'
  armv7l: 'armv7'
  armv6l: 'armv6'
+
+go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}"
 _snmp_exporter_repo: "prometheus/snmp_exporter"
 _github_api_headers: "{{ {'GITHUB_TOKEN': lookup('ansible.builtin.env', 'GITHUB_TOKEN')} if (lookup('ansible.builtin.env', 'GITHUB_TOKEN')) else {} }}"
--- a/roles/systemd_exporter/meta/main.yml
+++ b/roles/systemd_exporter/meta/main.yml
@ -22,6 +22,7 @@ galaxy_info:
    - name: "Fedora"
      versions:
        - "37"
+        - '38'
  galaxy_tags:
    - "monitoring"
    - "prometheus"
--- a/roles/systemd_exporter/molecule/alternative/molecule.yml
+++ b/roles/systemd_exporter/molecule/alternative/molecule.yml
@ -10,3 +10,4 @@ provisioner:
        systemd_exporter_tls_server_config:
          cert_file: /etc/systemd_exporter/tls.cert
          key_file: /etc/systemd_exporter/tls.key
+        systemd_exporter_enable_file_descriptor_size: true
--- a/roles/systemd_exporter/templates/systemd_exporter.service.j2
+++ b/roles/systemd_exporter/templates/systemd_exporter.service.j2
@ -10,13 +10,25 @@ User={{ systemd_exporter_system_user }}
 Group={{ systemd_exporter_system_group }}
 ExecStart={{ systemd_exporter_binary_install_dir }}/systemd_exporter \
 {% if systemd_exporter_enable_restart_count %}
+    {% if systemd_exporter_version is version('0.5.0', '>=') %}
    --systemd.collector.enable-restart-count \
+    {% else %}
+    --collector.enable-restart-count \
+    {% endif %}
 {% endif %}
 {% if systemd_exporter_enable_file_descriptor_size %}
+    {% if systemd_exporter_version is version('0.5.0', '>=') %}
    --systemd.collector.enable-file-descriptor-size \
+    {% else %}
+    --collector.enable-file-descriptor-size \
+    {% endif %}
 {% endif %}
 {% if systemd_exporter_enable_ip_accounting %}
+    {% if systemd_exporter_version is version('0.5.0', '>=') %}
    --systemd.collector.enable-ip-accounting \
+    {% else %}
+    --collector.enable-ip-accounting \
+    {% endif %}
 {% endif %}
 {% if systemd_exporter_unit_include != ""%}
    --systemd.collector.unit-include={{ systemd_exporter_unit_include }} \
--- a/tests/integration/targets/molecule-prometheus-agentmode/runme.sh
+++ b/tests/integration/targets/molecule-prometheus-agentmode/runme.sh
@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+
+collection_root=$(pwd | grep -oP ".+\/ansible_collections\/\w+?\/\w+")
+source "$collection_root/tests/integration/molecule.sh"