Merge branch 'main' into debian-12

Signed-off-by: Ben Kochie <superq@gmail.com>
2024-11-22 11:53:12 +00:00 · 2023-10-27 16:12:49 -04:00 · 2023-10-27 16:12:49 -04:00 · a7288d092e
commit a7288d092e
parent f9a94ec210 2dac933659
67 changed files with 620 additions and 115 deletions
--- a/.config/molecule/config.yml
+++ b/.config/molecule/config.yml
@ -1,6 +1,7 @@
 ---
 dependency:
  name: galaxy
+prerun: false
 driver:
  name: docker
 platforms:
@ -58,6 +59,12 @@ platforms:
    privileged: true
    cgroup_parent: docker.slice
    command: /lib/systemd/systemd
+  - name: fedora-38
+    image: dokken/fedora-38
+    pre_build_image: true
+    privileged: true
+    cgroup_parent: docker.slice
+    command: /lib/systemd/systemd
  - name: ubuntu-20.04
    image: dokken/ubuntu-20.04
    pre_build_image: true
--- a/.github/scripts/version_updater.sh
+++ b/.github/scripts/version_updater.sh
@ -104,7 +104,7 @@ if ! git push "https://${GITHUB_TOKEN}:@github.com/${GIT_REPO}" --set-upstream "
 fi

 if ! post_pull_request \
-  "patch: New ${source_repo} upstream release!" \
+  "patch: New ${source_repo} upstream release ${version}!" \
  "main" \
  "${update_branch}" \
  "The upstream [${source_repo}](https://github.com/${source_repo}/releases) released new software version - **${version}**!\n\nThis automated PR updates code to bring new version into repository." ; then
--- a/.github/workflows/conventional-label.yml
+++ b/.github/workflows/conventional-label.yml
@ -16,7 +16,7 @@ jobs:
      - name: "Confirm correct pull request title"
        uses: mmubeen/action-pr-title@master  # until PR gets merged https://github.com/deepakputhraya/action-pr-title/pull/29
        with:
-          allowed_prefixes: 'feat,feature,fix,major,breaking,minor,enhancement,deprecated,removed,security,bug,bugfix,docs,packaging,test,refactor,refactoring,skip-release,skip_changelog'
+          allowed_prefixes: 'feat,feature,fix,major,breaking,minor,enhancement,deprecated,removed,security,bug,bugfix,docs,packaging,test,refactor,refactoring,skip-release,skip_changelog,patch'

      - name: "Apply label"
        if: github.event.pull_request.labels.length == 0
@ -42,7 +42,8 @@ jobs:
              "refactor": "trivial",
              "refactoring": "trivial",
              "skip-release": "skip_changelog",
-              "skip_changelog": "skip_changelog"
+              "skip_changelog": "skip_changelog",
+              "patch": "trivial"
              }

  role-label:
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@ -4,6 +4,7 @@ on:
  push:
    tags:
      - '*'
+  workflow_dispatch:

 jobs:
  release:
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@ -5,6 +5,39 @@ Prometheus.Prometheus Release Notes
 .. contents:: Topics


+v0.7.1
+======
+
+Bugfixes
+--------
+
+- fix(molecule): don't contact galaxy api since requirements come from git (https://github.com/prometheus-community/ansible/pull/241)
+
+v0.7.0
+======
+
+Minor Changes
+-------------
+
+- feat(prometheus): Add shutdown timeout variable (https://github.com/prometheus-community/ansible/pull/220)
+- feat(systemd_exporter): Add TLS configuration (https://github.com/prometheus-community/ansible/pull/205)
+- feat(systemd_exporter): Add logging configuration to systemd_exporter (https://github.com/prometheus-community/ansible/pull/210)
+
+Bugfixes
+--------
+
+- fix(systemd_exporter): Fix collector flags for older versions (https://github.com/prometheus-community/ansible/pull/208)
+- fix: blackbox_exporter ansible-lint risky-octal (https://github.com/prometheus-community/ansible/pull/174)
+
+v0.6.1
+======
+
+Bugfixes
+--------
+
+- fix(systemd_exporter): Fix collector flags for older versions (https://github.com/prometheus-community/ansible/pull/208)
+- fix: blackbox_exporter ansible-lint risky-octal (https://github.com/prometheus-community/ansible/pull/174)
+
 v0.6.0
 ======

@ -14,8 +47,10 @@ Minor Changes
 - feat: Add chrony_exporter role (https://github.com/prometheus-community/ansible/pull/159)
 - feat: Add pushgateway role (https://github.com/prometheus-community/ansible/pull/127)
 - feat: Add role smokeping_prober (https://github.com/prometheus-community/ansible/pull/128)
+- feature: Agent mode support (https://github.com/prometheus-community/ansible/pull/198)
 - feature: Make config installation dir configurable (https://github.com/prometheus-community/ansible/pull/173)
 - feature: blackbox exporter user/group configurable (https://github.com/prometheus-community/ansible/pull/172)
+- minor: support fedora 38 (https://github.com/prometheus-community/ansible/pull/202)

 Removed Features (previously deprecated)
 ----------------------------------------
@ -29,6 +64,7 @@ Bugfixes
 - fix(alertmanager): add routes before match_re (https://github.com/prometheus-community/ansible/pull/194)
 - fix(node_exporter): Fix ProtectHome for textfiles (https://github.com/prometheus-community/ansible/pull/184)
 - fix: Add test for argument_specs matching (https://github.com/prometheus-community/ansible/pull/177)
+- fix: Make binary installs consistent (https://github.com/prometheus-community/ansible/pull/204)
 - fix: mysqld_exporter should actually respect the mysqld_exporter_host variable (https://github.com/prometheus-community/ansible/pull/88)

 v0.5.2
--- a/changelogs/.plugin-cache.yaml
+++ b/changelogs/.plugin-cache.yaml
@ -13,4 +13,4 @@ plugins:
  shell: {}
  strategy: {}
  vars: {}
-version: 0.6.0
+version: 0.7.1
--- a/changelogs/changelog.yaml
+++ b/changelogs/changelog.yaml
@ -158,32 +158,68 @@ releases:
    release_date: '2023-06-24'
  0.6.0:
    changes:
+      bugfixes:
+        - 'fix(alertmanager): add routes before match_re (https://github.com/prometheus-community/ansible/pull/194)'
+        - 'fix(node_exporter): Fix ProtectHome for textfiles (https://github.com/prometheus-community/ansible/pull/184)'
+        - 'fix: Add test for argument_specs matching (https://github.com/prometheus-community/ansible/pull/177)'
+        - 'fix: Make binary installs consistent (https://github.com/prometheus-community/ansible/pull/204)'
+        - 'fix: mysqld_exporter should actually respect the mysqld_exporter_host variable
+          (https://github.com/prometheus-community/ansible/pull/88)'
      minor_changes:
-        - 'feature: blackbox exporter user/group configurable (https://github.com/prometheus-community/ansible/pull/172)'
-        - 'feature: Make config installation dir configurable (https://github.com/prometheus-community/ansible/pull/173)'
        - 'feat: Add chrony_exporter role (https://github.com/prometheus-community/ansible/pull/159)'
        - 'feat: Add pushgateway role (https://github.com/prometheus-community/ansible/pull/127)'
        - 'feat: Add role smokeping_prober (https://github.com/prometheus-community/ansible/pull/128)'
-      bugfixes:
-        - 'fix: mysqld_exporter should actually respect the mysqld_exporter_host variable
-          (https://github.com/prometheus-community/ansible/pull/88)'
-        - 'fix: Add test for argument_specs matching (https://github.com/prometheus-community/ansible/pull/177)'
-        - 'fix(alertmanager): add routes before match_re (https://github.com/prometheus-community/ansible/pull/194)'
-        - 'fix(node_exporter): Fix ProtectHome for textfiles (https://github.com/prometheus-community/ansible/pull/184)'
+        - 'feature: Agent mode support (https://github.com/prometheus-community/ansible/pull/198)'
+        - 'feature: Make config installation dir configurable (https://github.com/prometheus-community/ansible/pull/173)'
+        - 'feature: blackbox exporter user/group configurable (https://github.com/prometheus-community/ansible/pull/172)'
+        - 'minor: support fedora 38 (https://github.com/prometheus-community/ansible/pull/202)'
      removed_features:
-        - 'removed: Drop ubuntu 18.04 support as it is EOL (https://github.com/prometheus-community/ansible/pull/199)'
        - 'removed: Drop fedora 36 support as it is EOL (https://github.com/prometheus-community/ansible/pull/200)'
+        - 'removed: Drop ubuntu 18.04 support as it is EOL (https://github.com/prometheus-community/ansible/pull/199)'
      trivial:
-        - 'patch: New prometheus/snmp_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/146)'
-        - 'patch: New prometheus/mysqld_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/153)'
-        - 'patch: New prometheus/prometheus upstream release! (https://github.com/prometheus-community/ansible/pull/152)'
-        - 'patch: New prometheus/node_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/162)'
-        - 'patch: New prometheus/prometheus upstream release! (https://github.com/prometheus-community/ansible/pull/168)'
-        - 'Fix: rename collector flags (https://github.com/prometheus-community/ansible/pull/167)'
        - Fix mysqld_exporter world-readable secrets (https://github.com/prometheus-community/ansible/pull/169)
-        - 'fix ansible-lint: risky-octal & no-same-owner (https://github.com/prometheus-community/ansible/pull/171)'
-        - 'patch: New prometheus/snmp_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/188)'
+        - 'Fix: rename collector flags (https://github.com/prometheus-community/ansible/pull/167)'
        - 'docs(smokeping_prober): Update arguments specs (https://github.com/prometheus-community/ansible/pull/190)'
-        - 'patch: New superq/smokeping_prober upstream release! (https://github.com/prometheus-community/ansible/pull/196)'
        - 'docs: Fix node_exporter 404 TLS auth links (https://github.com/prometheus-community/ansible/pull/154)'
+        - 'fix ansible-lint: risky-octal & no-same-owner (https://github.com/prometheus-community/ansible/pull/171)'
+        - 'patch: New prometheus/alertmanager upstream release! (https://github.com/prometheus-community/ansible/pull/206)'
+        - 'patch: New prometheus/mysqld_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/153)'
+        - 'patch: New prometheus/node_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/162)'
+        - 'patch: New prometheus/prometheus upstream release! (https://github.com/prometheus-community/ansible/pull/152)'
+        - 'patch: New prometheus/prometheus upstream release! (https://github.com/prometheus-community/ansible/pull/168)'
+        - 'patch: New prometheus/snmp_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/146)'
+        - 'patch: New prometheus/snmp_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/188)'
+        - 'patch: New superq/smokeping_prober upstream release! (https://github.com/prometheus-community/ansible/pull/196)'
    release_date: '2023-07-29'
+  0.6.1:
+    changes:
+      bugfixes:
+        - 'fix(systemd_exporter): Fix collector flags for older versions (https://github.com/prometheus-community/ansible/pull/208)'
+        - 'fix: blackbox_exporter ansible-lint risky-octal (https://github.com/prometheus-community/ansible/pull/174)'
+    release_date: '2023-08-26'
+  0.7.0:
+    changes:
+      bugfixes:
+        - 'fix(systemd_exporter): Fix collector flags for older versions (https://github.com/prometheus-community/ansible/pull/208)'
+        - 'fix: blackbox_exporter ansible-lint risky-octal (https://github.com/prometheus-community/ansible/pull/174)'
+      minor_changes:
+        - 'feat(prometheus): Add shutdown timeout variable (https://github.com/prometheus-community/ansible/pull/220)'
+        - 'feat(systemd_exporter): Add TLS configuration (https://github.com/prometheus-community/ansible/pull/205)'
+        - 'feat(systemd_exporter): Add logging configuration to systemd_exporter (https://github.com/prometheus-community/ansible/pull/210)'
+      trivial:
+        - 'patch: New prometheus/prometheus upstream release! (https://github.com/prometheus-community/ansible/pull/215)'
+        - 'patch: New prometheus/pushgateway upstream release! (https://github.com/prometheus-community/ansible/pull/219)'
+        - 'patch: New prometheus/snmp_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/211)'
+        - 'patch: New prometheus/snmp_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/214)'
+    release_date: '2023-08-29'
+  0.7.1:
+    changes:
+      bugfixes:
+        - "fix(molecule): don't contact galaxy api since requirements come from git
+          (https://github.com/prometheus-community/ansible/pull/241)"
+      trivial:
+        - 'docs: fix alertmanager role name (https://github.com/prometheus-community/ansible/pull/240)'
+        - 'patch: New prometheus/prometheus upstream release! (https://github.com/prometheus-community/ansible/pull/232)'
+        - 'patch: New prometheus/snmp_exporter upstream release! (https://github.com/prometheus-community/ansible/pull/228)'
+        - 'docs: fix blackbox_exporter role name (https://github.com/prometheus-community/ansible/pull/239)'
+    release_date: '2023-10-27'
--- a/galaxy.yml
+++ b/galaxy.yml
@ -1,7 +1,7 @@
 ---
 namespace: prometheus
 name: prometheus
-version: 0.6.0
+version: 0.7.1
 readme: README.md
 authors:
  - "Ben Kochie (https://github.com/SuperQ)"
--- a/roles/alertmanager/README.md
+++ b/roles/alertmanager/README.md
@ -25,7 +25,7 @@ Please refer to the [collection docs](https://prometheus-community.github.io/ans
 ---
  hosts: all
  roles:
-    - ansible-alertmanager
+    - prometheus.prometheus.alertmanager
  vars:
    alertmanager_version: latest
    alertmanager_slack_api_url: "http://example.com"
--- a/roles/alertmanager/defaults/main.yml
+++ b/roles/alertmanager/defaults/main.yml
@ -1,5 +1,5 @@
 ---
-alertmanager_version: 0.25.0
+alertmanager_version: 0.26.0
 alertmanager_binary_local_dir: ''
 alertmanager_binary_url: "https://github.com/{{ _alertmanager_repo }}/releases/download/v{{ alertmanager_version }}/\
                          alertmanager-{{ alertmanager_version }}.linux-{{ go_arch }}.tar.gz"
--- a/roles/alertmanager/meta/argument_specs.yml
+++ b/roles/alertmanager/meta/argument_specs.yml
@ -10,7 +10,7 @@ argument_specs:
    options:
      alertmanager_version:
        description: "Alertmanager package version. Also accepts `latest` as parameter."
-        default: 0.25.0
+        default: 0.26.0
      alertmanager_skip_install:
        description: "Alertmanager installation tasks gets skipped when set to true."
        type: bool
--- a/roles/alertmanager/meta/main.yml
+++ b/roles/alertmanager/meta/main.yml
@ -22,6 +22,7 @@ galaxy_info:
    - name: "Fedora"
      versions:
        - "37"
+        - '38'
  galaxy_tags:
    - "monitoring"
    - "prometheus"
--- a/roles/alertmanager/tasks/install.yml
+++ b/roles/alertmanager/tasks/install.yml
@ -26,7 +26,7 @@
    - "{{ alertmanager_db_dir }}"
    - "{{ _alertmanager_amtool_config_dir }}"

- name: Get alertmanager binary
+- name: Get binary
  when:
    - alertmanager_binary_local_dir | length == 0
    - not alertmanager_skip_install
--- a/roles/blackbox_exporter/README.md
+++ b/roles/blackbox_exporter/README.md
@ -24,7 +24,7 @@ Please refer to the [collection docs](https://prometheus-community.github.io/ans
 - hosts: all
  become: true
  roles:
-    - prometheus.prometheus.blackbox-exporter
+    - prometheus.prometheus.blackbox_exporter
 ```

 ### Demo site
--- a/roles/blackbox_exporter/defaults/main.yml
+++ b/roles/blackbox_exporter/defaults/main.yml
@ -1,8 +1,10 @@
 ---
 blackbox_exporter_version: 0.24.0
+blackbox_exporter_binary_local_dir: ""
 blackbox_exporter_binary_url: "https://github.com/{{ _blackbox_exporter_repo }}/releases/download/v{{ blackbox_exporter_version }}/\
                               blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] |
                               default(ansible_architecture) }}.tar.gz"
+blackbox_exporter_checksums_url: "https://github.com/{{ _blackbox_exporter_repo }}/releases/download/v{{ blackbox_exporter_version }}/sha256sums.txt"
 blackbox_exporter_skip_install: false

 blackbox_exporter_web_listen_address: "0.0.0.0:9115"
@ -71,3 +73,5 @@ blackbox_exporter_configuration_modules:

 # Where to put the blackbox_exporter.yml main configuration file
 blackbox_exporter_config_dir: /etc
+
+blackbox_exporter_binary_install_dir: "/usr/local/bin"
--- a/roles/blackbox_exporter/handlers/main.yml
+++ b/roles/blackbox_exporter/handlers/main.yml
@ -1,14 +1,14 @@
 ---
- name: Restart blackbox exporter
-  listen: "restart blackbox exporter"
+- name: Restart blackbox_exporter
+  listen: "restart blackbox_exporter"
  become: true
  ansible.builtin.systemd:
    daemon_reload: true
    name: blackbox_exporter
    state: restarted

- name: Reload blackbox exporter
-  listen: "reload blackbox exporter"
+- name: Reload blackbox_exporter
+  listen: "reload blackbox_exporter"
  become: true
  ansible.builtin.systemd:
    name: blackbox_exporter
--- a/roles/blackbox_exporter/meta/argument_specs.yml
+++ b/roles/blackbox_exporter/meta/argument_specs.yml
@ -9,15 +9,23 @@ argument_specs:
      - "Prometheus Community"
    options:
      blackbox_exporter_version:
-        description: "Blackbox exporter package version"
+        description: "Blackbox exporter package version. Also accepts latest as parameter."
        default: "0.24.0"
      blackbox_exporter_skip_install:
        description: "Blackbox exporter installation tasks gets skipped when set to true."
        type: bool
        default: false
+      blackbox_exporter_binary_local_dir:
+        description:
+          - "Enables the use of local packages instead of those distributed on github."
+          - "The parameter may be set to a directory where the C(blackbox_exporter) binary is stored on the host where ansible is run."
+          - "This overrides the I(blackbox_exporter_version) parameter"
      blackbox_exporter_binary_url:
        description: "URL of the blackbox_exporter binaries .tar.gz file"
        default: "https://github.com/{{ _blackbox_exporter_repo }}/releases/download/v{{ blackbox_exporter_version }}/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}.tar.gz"
+      blackbox_exporter_checksums_url:
+        description: "URL of the blackbox exporter checksums file"
+        default: "https://github.com/{{ _blackbox_exporter_repo }}/releases/download/v{{ blackbox_exporter_version }}/sha256sums.txt"
      blackbox_exporter_web_listen_address:
        description: "Address on which blackbox exporter will be listening"
        default: "0.0.0.0:9115"
@ -37,6 +45,11 @@ argument_specs:
      blackbox_exporter_config_dir:
        description: "Directory where the blackbox exporter configuration file is placed"
        default: "/etc"
+      blackbox_exporter_binary_install_dir:
+        description:
+          - "I(Advanced)"
+          - "Directory to install blackbox_exporter binary"
+        default: "/usr/local/bin"
      blackbox_exporter_user:
        description: "The user the exporter runs as"
        default: "blackbox-exp"
--- a/roles/blackbox_exporter/meta/main.yml
+++ b/roles/blackbox_exporter/meta/main.yml
@ -22,6 +22,7 @@ galaxy_info:
    - name: "Fedora"
      versions:
        - "37"
+        - '38'
  galaxy_tags:
    - "exporter"
    - "monitoring"
--- a/roles/blackbox_exporter/molecule/latest/molecule.yml
+++ b/roles/blackbox_exporter/molecule/latest/molecule.yml
@ -0,0 +1,6 @@
+---
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        blackbox_exporter_version: latest
--- a/roles/blackbox_exporter/molecule/latest/tests/test_latest.py
+++ b/roles/blackbox_exporter/molecule/latest/tests/test_latest.py
@ -0,0 +1,37 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import testinfra.utils.ansible_runner
+import pytest
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+@pytest.mark.parametrize("files", [
+    "/etc/systemd/system/blackbox_exporter.service",
+    "/usr/local/bin/blackbox_exporter"
+])
+def test_files(host, files):
+    f = host.file(files)
+    assert f.exists
+    assert f.is_file
+
+
+def test_service(host):
+    s = host.service("blackbox_exporter")
+    try:
+        assert s.is_running
+    except AssertionError:
+        # Capture service logs
+        journal_output = host.run('journalctl -u blackbox_exporter --since "1 hour ago"')
+        print("\n==== journalctl -u blackbox_exporter Output ====\n")
+        print(journal_output)
+        print("\n============================================\n")
+        raise  # Re-raise the original assertion error
+
+
+def test_socket(host):
+    s = host.socket("tcp://0.0.0.0:9100")
+    assert s.is_listening
--- a/roles/blackbox_exporter/tasks/configure.yml
+++ b/roles/blackbox_exporter/tasks/configure.yml
@ -5,9 +5,9 @@
    dest: /etc/systemd/system/blackbox_exporter.service
    owner: root
    group: root
-    mode: 0644
+    mode: '0644'
  notify:
-    - restart blackbox exporter
+    - restart blackbox_exporter

 - name: Configure blackbox exporter
  ansible.builtin.template:
@ -15,6 +15,6 @@
    dest: "{{ blackbox_exporter_config_dir }}/blackbox_exporter.yml"
    owner: root
    group: "{{ blackbox_exporter_group }}"
-    mode: 0644
+    mode: '0644'
  notify:
-    - reload blackbox exporter
+    - reload blackbox_exporter
--- a/roles/blackbox_exporter/tasks/install.yml
+++ b/roles/blackbox_exporter/tasks/install.yml
@ -15,33 +15,56 @@
    createhome: false
  when: blackbox_exporter_user != 'root'

- name: Download blackbox exporter binary to local folder
-  become: false
-  ansible.builtin.unarchive:
-    src: "{{ blackbox_exporter_binary_url }}"
-    dest: "/tmp"
-    remote_src: true
-    creates: "/tmp/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}/\
-              blackbox_exporter"
-  register: _download_binary
-  until: _download_binary is succeeded
-  retries: 5
-  delay: 2
-  delegate_to: localhost
-  check_mode: false
-  when: not blackbox_exporter_skip_install
+- name: Get binary
+  when:
+    - blackbox_exporter_binary_local_dir | length == 0
+    - not blackbox_exporter_skip_install
+  block:

- name: Propagate blackbox exporter binary
+    - name: Download blackbox_exporter binary to local folder
+      become: false
+      ansible.builtin.get_url:
+        url: "{{ blackbox_exporter_binary_url }}"
+        dest: "/tmp/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch }}.tar.gz"
+        checksum: "sha256:{{ __blackbox_exporter_checksum }}"
+        mode: '0644'
+      register: _download_binary
+      until: _download_binary is succeeded
+      retries: 5
+      delay: 2
+      delegate_to: localhost
+      check_mode: false
+
+    - name: Unpack blackbox_exporter binary
+      become: false
+      ansible.builtin.unarchive:
+        src: "/tmp/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch }}.tar.gz"
+        dest: "/tmp"
+        creates: "/tmp/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch }}/blackbox_exporter"
+      delegate_to: localhost
+      check_mode: false
+
+    - name: Propagate blackbox_exporter binaries
+      ansible.builtin.copy:
+        src: "/tmp/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch }}/blackbox_exporter"
+        dest: "{{ blackbox_exporter_binary_install_dir }}/blackbox_exporter"
+        mode: 0755
+        owner: root
+        group: root
+      notify: restart blackbox_exporter
+      when: not ansible_check_mode
+
+- name: Propagate locally distributed blackbox_exporter binary
  ansible.builtin.copy:
-    src: "/tmp/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}/\
-          blackbox_exporter"
-    dest: "/usr/local/bin/blackbox_exporter"
-    mode: 0750
+    src: "{{ blackbox_exporter_binary_local_dir }}/blackbox_exporter"
+    dest: "{{ blackbox_exporter_binary_install_dir }}/blackbox_exporter"
+    mode: '0755'
    owner: root
-    group: "{{ blackbox_exporter_group }}"
-  when: not blackbox_exporter_skip_install
-  notify:
-    - restart blackbox exporter
+    group: root
+  when:
+    - blackbox_exporter_binary_local_dir | length > 0
+    - not blackbox_exporter_skip_install
+  notify: restart blackbox_exporter

 - name: Install libcap on Debian systems
  ansible.builtin.package:
--- a/roles/blackbox_exporter/tasks/preflight.yml
+++ b/roles/blackbox_exporter/tasks/preflight.yml
@ -24,3 +24,34 @@
  ansible.builtin.assert:
    that:
      - "':' in blackbox_exporter_web_listen_address"
+
+- name: Discover latest version
+  ansible.builtin.set_fact:
+    blackbox_exporter_version: "{{ (lookup('url', 'https://api.github.com/repos/prometheus/blackbox_exporter/releases/latest', headers=_github_api_headers,
+                            split_lines=False) | from_json).get('tag_name') | replace('v', '') }}"
+  run_once: true
+  until: blackbox_exporter_version is version('0.0.0', '>=')
+  retries: 10
+  when:
+    - blackbox_exporter_version == "latest"
+    - blackbox_exporter_binary_local_dir | length == 0
+    - not blackbox_exporter_skip_install
+
+- name: Get blackbox_exporter binary checksum
+  when:
+    - blackbox_exporter_binary_local_dir | length == 0
+    - not blackbox_exporter_skip_install
+  block:
+    - name: Get checksum list from github
+      ansible.builtin.set_fact:
+        __blackbox_exporter_checksums: "{{ lookup('url', blackbox_exporter_checksums_url, headers=_github_api_headers, wantlist=True) | list }}"
+      run_once: true
+      until: __blackbox_exporter_checksums is search('linux-' + go_arch + '.tar.gz')
+      retries: 10
+
+    - name: "Get checksum for {{ go_arch }}"
+      ansible.builtin.set_fact:
+        __blackbox_exporter_checksum: "{{ item.split(' ')[0] }}"
+      with_items: "{{ __blackbox_exporter_checksums }}"
+      when:
+        - "('linux-' + go_arch + '.tar.gz') in item"
--- a/roles/blackbox_exporter/vars/main.yml
+++ b/roles/blackbox_exporter/vars/main.yml
@ -5,4 +5,7 @@ go_arch_map:
  aarch64: 'arm64'
  armv7l: 'armv7'
  armv6l: 'armv6'
+
+go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}"
 _blackbox_exporter_repo: "prometheus/blackbox_exporter"
+_github_api_headers: "{{ {'GITHUB_TOKEN': lookup('ansible.builtin.env', 'GITHUB_TOKEN')} if (lookup('ansible.builtin.env', 'GITHUB_TOKEN')) else {} }}"
--- a/roles/chrony_exporter/meta/main.yml
+++ b/roles/chrony_exporter/meta/main.yml
@ -22,6 +22,7 @@ galaxy_info:
    - name: "Fedora"
      versions:
        - "37"
+        - '38'
  galaxy_tags:
    - "monitoring"
    - "prometheus"
--- a/roles/chrony_exporter/tasks/install.yml
+++ b/roles/chrony_exporter/tasks/install.yml
@ -17,7 +17,7 @@
    home: /
  when: chrony_exporter_system_user != "root"

- name: Discover latest version
+- name: Get binary
  when:
    - chrony_exporter_binary_local_dir | length == 0
    - not chrony_exporter_skip_install
--- a/roles/mysqld_exporter/meta/main.yml
+++ b/roles/mysqld_exporter/meta/main.yml
@ -22,6 +22,7 @@ galaxy_info:
    - name: "Fedora"
      versions:
        - "37"
+        - '38'
  galaxy_tags:
    - "monitoring"
    - "prometheus"
--- a/roles/mysqld_exporter/tasks/install.yml
+++ b/roles/mysqld_exporter/tasks/install.yml
@ -17,7 +17,7 @@
    home: /
  when: mysqld_exporter_system_user != "root"

- name: Discover latest version
+- name: Get binary
  when:
    - mysqld_exporter_binary_local_dir | length == 0
    - not mysqld_exporter_skip_install
--- a/roles/node_exporter/meta/main.yml
+++ b/roles/node_exporter/meta/main.yml
@ -22,6 +22,7 @@ galaxy_info:
    - name: "Fedora"
      versions:
        - "37"
+        - '38'
  galaxy_tags:
    - "monitoring"
    - "prometheus"
--- a/roles/node_exporter/tasks/install.yml
+++ b/roles/node_exporter/tasks/install.yml
@ -17,7 +17,7 @@
    home: /
  when: node_exporter_system_user != "root"

- name: Discover latest version
+- name: Get binary
  when:
    - node_exporter_binary_local_dir | length == 0
    - not node_exporter_skip_install
--- a/roles/prometheus/defaults/main.yml
+++ b/roles/prometheus/defaults/main.yml
@ -1,5 +1,5 @@
 ---
-prometheus_version: 2.46.0
+prometheus_version: 2.47.2
 prometheus_binary_local_dir: ''
 prometheus_binary_url: "https://github.com/{{ _prometheus_repo }}/releases/download/v{{ prometheus_version }}/\
                        prometheus-{{ prometheus_version }}.linux-{{ go_arch }}.tar.gz"
@ -25,6 +25,9 @@ prometheus_storage_retention: "30d"
 # supported: KB, MB, GB, TB, PB.
 prometheus_storage_retention_size: "0"

+# The Agent mode optimizes Prometheus for the remote write use case: https://prometheus.io/blog/2021/11/16/agent/
+prometheus_agent_mode: false
+
 prometheus_config_flags_extra: {}
 # prometheus_config_flags_extra:
 #   storage.tsdb.retention: 15d
@ -223,3 +226,5 @@ prometheus_alert_rules:  # noqa yaml[line-length]  # noqa line-length
    labels:
      severity: warning
 # yamllint enable rule:line-length
+
+prometheus_stop_timeout: '600s'
--- a/roles/prometheus/meta/argument_specs.yml
+++ b/roles/prometheus/meta/argument_specs.yml
@ -12,7 +12,7 @@ argument_specs:
        description:
          - "Prometheus package version. Also accepts C(latest) as parameter."
          - "Only prometheus 2.x is supported"
-        default: "2.46.0"
+        default: "2.47.2"
      prometheus_skip_install:
        description: "Prometheus installation tasks gets skipped when set to true."
        type: bool
@ -59,6 +59,12 @@ argument_specs:
          - "Maximum number of bytes that can be stored for blocks."
          - "Units supported: KB, MB, GB, TB, PB."
        default: "0"
+      prometheus_agent_mode:
+        description:
+          - "The Agent mode optimizes Prometheus for the remote write use case. It disables querying, alerting, and local storage, and replaces it with a customized TSDB WAL. L(Everything,https://prometheus.io/docs/prometheus/latest/feature_flags/#prometheus-agent) else stays the same."
+          - "This feature is available starting from Prometheus v2.32.0."
+        type: bool
+        default: false
      prometheus_config_flags_extra:
        description:
          - "Additional configuration flags passed to prometheus binary at startup"
@ -144,3 +150,8 @@ argument_specs:
        default:
          - "prometheus/targets/*.yml"
          - "prometheus/targets/*.json"
+      prometheus_stop_timeout:
+        description:
+          - "How long to wait for Prometheus to shutdown. This is passed as a systemd TimeoutStopSec time spec."
+        type: "str"
+        default: "600s"
--- a/roles/prometheus/meta/main.yml
+++ b/roles/prometheus/meta/main.yml
@ -22,6 +22,7 @@ galaxy_info:
    - name: "Fedora"
      versions:
        - "37"
+        - '38'
  galaxy_tags:
    - "monitoring"
    - "prometheus"
--- a/roles/prometheus/molecule/agentmode/molecule.yml
+++ b/roles/prometheus/molecule/agentmode/molecule.yml
@ -0,0 +1,6 @@
+---
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        prometheus_agent_mode: true
--- a/roles/prometheus/molecule/agentmode/tests/test_agentmode.py
+++ b/roles/prometheus/molecule/agentmode/tests/test_agentmode.py
@ -0,0 +1,45 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import yaml
+import testinfra.utils.ansible_runner
+import pytest
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+@pytest.fixture()
+def AnsibleDefaults():
+    with open("defaults/main.yml", 'r') as stream:
+        return yaml.full_load(stream)
+
+
+@pytest.mark.parametrize('file, content', [
+    ("/etc/systemd/system/prometheus.service",
+     "storage.agent.path=/var/lib/prometheus"),
+    ("/etc/systemd/system/prometheus.service",
+     "enable-feature=agent"),
+])
+def test_file_contents(host, file, content):
+    f = host.file(file)
+    assert f.exists
+    assert f.is_file
+    assert f.contains(content)
+
+
+def test_service(host):
+    s = host.service("prometheus")
+    assert s.is_running
+
+
+# # "/agent" page is available (http 200) when agent mode is enabled
+def test_agent_enabled(host):
+    output = host.check_output('curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:9090/agent')
+    assert '200' in output
+
+
+def test_socket(host):
+    s = host.socket("tcp://0.0.0.0:9090")
+    assert s.is_listening
--- a/roles/prometheus/molecule/alternative/molecule.yml
+++ b/roles/prometheus/molecule/alternative/molecule.yml
@ -87,3 +87,4 @@ provisioner:
              - target_label: __address__
                replacement: 127.0.0.1:9115  # Blackbox exporter.
        version: 2.25.2
+        prometheus_stop_timeout: 1min
--- a/roles/prometheus/molecule/alternative/tests/test_alternative.py
+++ b/roles/prometheus/molecule/alternative/tests/test_alternative.py
@ -42,6 +42,8 @@ def test_files(host, files):
     "enable-feature=promql-at-modifier"),
    ("/etc/systemd/system/prometheus.service",
     "enable-feature=remote-write-receiver"),
+    ("/etc/systemd/system/prometheus.service",
+     "TimeoutStopSec=1min"),
 ])
 def test_file_contents(host, file, content):
    f = host.file(file)
--- a/roles/prometheus/tasks/configure.yml
+++ b/roles/prometheus/tasks/configure.yml
@ -9,6 +9,7 @@
    validate: "{{ _prometheus_binary_install_dir }}/promtool check rules %s"
  when:
    - prometheus_alert_rules != []
+    - not prometheus_agent_mode
  notify:
    - reload prometheus

@ -21,6 +22,8 @@
    mode: 0640
    validate: "{{ _prometheus_binary_install_dir }}/promtool check rules %s"
  with_fileglob: "{{ prometheus_alert_rules_files }}"
+  when:
+    - not prometheus_agent_mode
  notify:
    - reload prometheus

--- a/roles/prometheus/templates/prometheus.service.j2
+++ b/roles/prometheus/templates/prometheus.service.j2
@ -13,6 +13,7 @@ User=prometheus
 Group=prometheus
 ExecReload=/bin/kill -HUP $MAINPID
 ExecStart={{ _prometheus_binary_install_dir }}/prometheus \
+{% if not prometheus_agent_mode %}
  --storage.tsdb.path={{ prometheus_db_dir }} \
 {% if prometheus_version is version('2.7.0', '>=') %}
  --storage.tsdb.retention.time={{ prometheus_storage_retention }} \
@ -20,6 +21,10 @@ ExecStart={{ _prometheus_binary_install_dir }}/prometheus \
 {% else %}
  --storage.tsdb.retention={{ prometheus_storage_retention }} \
 {% endif %}
+{% else %}
+  --enable-feature=agent \
+  --storage.agent.path={{ prometheus_db_dir }} \
+{% endif %}
 {% if prometheus_version is version('2.24.0', '>=') %}
  --web.config.file={{ prometheus_config_dir }}/web.yml \
 {% endif %}
@ -80,6 +85,7 @@ Environment="HTTP_PROXY={{ http_proxy }}"{% if https_proxy is defined %} "HTTPS_

 SyslogIdentifier=prometheus
 Restart=always
+TimeoutStopSec={{ prometheus_stop_timeout }}

 [Install]
 WantedBy=multi-user.target
--- a/roles/prometheus/templates/prometheus.yml.j2
+++ b/roles/prometheus/templates/prometheus.yml.j2
@ -17,8 +17,10 @@ remote_read:
  {{ prometheus_remote_read | to_nice_yaml(indent=2,sort_keys=False) | indent(2, False) }}
 {% endif %}

+{% if not prometheus_agent_mode and prometheus_alert_rules_files != [] %}
 rule_files:
  - {{ prometheus_config_dir }}/rules/*.rules
+{% endif %}

 {% if prometheus_alertmanager_config | length > 0 %}
 alerting:
--- a/roles/pushgateway/defaults/main.yml
+++ b/roles/pushgateway/defaults/main.yml
@ -1,5 +1,5 @@
 ---
-pushgateway_version: 1.6.0
+pushgateway_version: 1.6.2
 pushgateway_binary_local_dir: ""
 pushgateway_binary_url: "https://github.com/{{ _pushgateway_repo }}/releases/download/v{{ pushgateway_version }}/\
                           pushgateway-{{ pushgateway_version }}.linux-{{ go_arch }}.tar.gz"
--- a/roles/pushgateway/meta/argument_specs.yml
+++ b/roles/pushgateway/meta/argument_specs.yml
@ -10,7 +10,7 @@ argument_specs:
    options:
      pushgateway_version:
        description: "Pushgateway package version. Also accepts latest as parameter."
-        default: "1.1.2"
+        default: "1.6.2"
      pushgateway_skip_install:
        description: "Pushgateway installation tasks gets skipped when set to true."
        type: bool
--- a/roles/pushgateway/meta/main.yml
+++ b/roles/pushgateway/meta/main.yml
@ -22,6 +22,7 @@ galaxy_info:
    - name: "Fedora"
      versions:
        - "37"
+        - '38'
  galaxy_tags:
    - "monitoring"
    - "prometheus"
--- a/roles/pushgateway/tasks/install.yml
+++ b/roles/pushgateway/tasks/install.yml
@ -17,7 +17,7 @@
    home: /
  when: pushgateway_system_user != "root"

- name: Discover latest version
+- name: Get binary
  when:
    - pushgateway_binary_local_dir | length == 0
    - not pushgateway_skip_install
--- a/roles/smokeping_prober/meta/main.yml
+++ b/roles/smokeping_prober/meta/main.yml
@ -22,6 +22,7 @@ galaxy_info:
    - name: "Fedora"
      versions:
        - "37"
+        - '38'
  galaxy_tags:
    - "monitoring"
    - "prometheus"
--- a/roles/smokeping_prober/tasks/install.yml
+++ b/roles/smokeping_prober/tasks/install.yml
@ -17,7 +17,7 @@
    home: /
  when: smokeping_prober_system_user != "root"

- name: Discover latest version
+- name: Get binary
  when:
    - smokeping_prober_binary_local_dir | length == 0
    - not smokeping_prober_skip_install
--- a/roles/snmp_exporter/defaults/main.yml
+++ b/roles/snmp_exporter/defaults/main.yml
@ -1,5 +1,6 @@
 ---
-snmp_exporter_version: 0.23.0
+snmp_exporter_version: 0.24.1
+snmp_exporter_binary_local_dir: ""
 snmp_exporter_binary_url: "https://github.com/{{ _snmp_exporter_repo }}/releases/download/v{{ snmp_exporter_version }}/\
                           snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}.tar.gz"
 snmp_exporter_checksums_url: "https://github.com/{{ _snmp_exporter_repo }}/releases/download/v{{ snmp_exporter_version }}/sha256sums.txt"
@ -9,3 +10,5 @@ snmp_exporter_log_level: info

 # If this is empty, role will download snmp.yml file from https://github.com/prometheus/snmp_exporter.
 snmp_exporter_config_file: ""
+
+snmp_exporter_binary_install_dir: "/usr/local/bin"
--- a/roles/snmp_exporter/handlers/main.yml
+++ b/roles/snmp_exporter/handlers/main.yml
@ -1,14 +1,14 @@
 ---
- name: Reload snmp exporter
-  listen: "reload snmp exporter"
+- name: Reload snmp_exporter
+  listen: "reload snmp_exporter"
  become: true
  ansible.builtin.systemd:
    daemon_reload: true
    name: snmp_exporter
    state: reloaded

- name: Restart snmp exporter
-  listen: "restart snmp exporter"
+- name: Restart snmp_exporter
+  listen: "restart snmp_exporter"
  become: true
  ansible.builtin.systemd:
    daemon_reload: true
--- a/roles/snmp_exporter/meta/argument_specs.yml
+++ b/roles/snmp_exporter/meta/argument_specs.yml
@ -9,12 +9,17 @@ argument_specs:
      - "Prometheus Community"
    options:
      snmp_exporter_version:
-        description: "SNMP exporter package version"
-        default: "0.23.0"
+        description: "SNMP exporter package version. Also accepts latest as parameter."
+        default: "0.24.1"
      snmp_exporter_skip_install:
        description: "SNMP exporter installation tasks gets skipped when set to true."
        type: bool
        default: false
+      snmp_exporter_binary_local_dir:
+        description:
+          - "Enables the use of local packages instead of those distributed on github."
+          - "The parameter masnmp set to a directory where the C(snmp_exporter) binary is stored on the host where ansible is run."
+          - "This overrides the I(snmp_exporter_version) parameter"
      snmp_exporter_binary_url:
        description: "URL of the snmp exporter binaries .tar.gz file"
        default: "https://github.com/{{ _snmp_exporter_repo }}/releases/download/v{{ snmp_exporter_version }}/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}.tar.gz"
@ -31,3 +36,8 @@ argument_specs:
        description:
          - "If this is empty, role will download snmp.yml file from U(https://github.com/prometheus/snmp_exporter)."
          - "Otherwise this should contain path to file with custom snmp exporter configuration"
+      snmp_exporter_binary_install_dir:
+        description:
+          - "I(Advanced)"
+          - "Directory to install snmp_exporter binary"
+        default: "/usr/local/bin"
--- a/roles/snmp_exporter/meta/main.yml
+++ b/roles/snmp_exporter/meta/main.yml
@ -22,6 +22,7 @@ galaxy_info:
    - name: "Fedora"
      versions:
        - "37"
+        - '38'
  galaxy_tags:
    - "monitoring"
    - "prometheus"
--- a/roles/snmp_exporter/molecule/latest/molecule.yml
+++ b/roles/snmp_exporter/molecule/latest/molecule.yml
@ -0,0 +1,6 @@
+---
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        snmp_exporter_version: latest
--- a/roles/snmp_exporter/molecule/latest/tests/test_latest.py
+++ b/roles/snmp_exporter/molecule/latest/tests/test_latest.py
@ -0,0 +1,37 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import testinfra.utils.ansible_runner
+import pytest
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+@pytest.mark.parametrize("files", [
+    "/etc/systemd/system/snmp_exporter.service",
+    "/usr/local/bin/snmp_exporter"
+])
+def test_files(host, files):
+    f = host.file(files)
+    assert f.exists
+    assert f.is_file
+
+
+def test_service(host):
+    s = host.service("snmp_exporter")
+    try:
+        assert s.is_running
+    except AssertionError:
+        # Capture service logs
+        journal_output = host.run('journalctl -u snmp_exporter --since "1 hour ago"')
+        print("\n==== journalctl -u snmp_exporter Output ====\n")
+        print(journal_output)
+        print("\n============================================\n")
+        raise  # Re-raise the original assertion error
+
+
+def test_socket(host):
+    s = host.socket("tcp://0.0.0.0:9100")
+    assert s.is_listening
--- a/roles/snmp_exporter/tasks/configure.yml
+++ b/roles/snmp_exporter/tasks/configure.yml
@ -7,7 +7,7 @@
    group: root
    mode: 0644
  notify:
-    - restart snmp exporter
+    - restart snmp_exporter

 - name: Download snmp configuration file from github repository
  ansible.builtin.get_url:
@ -22,7 +22,7 @@
  retries: 5
  delay: 2
  notify:
-    - reload snmp exporter
+    - reload snmp_exporter
  when: not (snmp_exporter_config_file)

 - name: Copy configuration file
@ -34,5 +34,5 @@
    mode: 0644
  no_log: "{{ false if (lookup('env', 'CI')) or (lookup('env', 'MOLECULE_PROVISIONER_NAME')) else true }}"
  notify:
-    - reload snmp exporter
+    - reload snmp_exporter
  when: (snmp_exporter_config_file)
--- a/roles/snmp_exporter/tasks/install.yml
+++ b/roles/snmp_exporter/tasks/install.yml
@ -1,37 +1,54 @@
 ---
- name: Download snmp_exporter binary to local folder
-  become: false
-  ansible.builtin.get_url:
-    url: "{{ snmp_exporter_binary_url }}"
-    dest: "/tmp"
-    checksum: "sha256:{{ snmp_exporter_checksum }}"
-    mode: 0644
-  register: _download_binary
-  until: _download_binary is success
-  retries: 5
-  delay: 2
-  delegate_to: localhost
-  check_mode: false
-  when: not snmp_exporter_skip_install
+- name: Get binary
+  when:
+    - snmp_exporter_binary_local_dir | length == 0
+    - not snmp_exporter_skip_install
+  block:

- name: Unpack snmp_exporter binary
-  become: false
-  ansible.builtin.unarchive:
-    src: "/tmp/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}.tar.gz"
-    dest: "/tmp"
-    creates: "/tmp/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}/snmp_exporter"
-  delegate_to: localhost
-  check_mode: false
-  when: not snmp_exporter_skip_install
+    - name: Download snmp_exporter binary to local folder
+      become: false
+      ansible.builtin.get_url:
+        url: "{{ snmp_exporter_binary_url }}"
+        dest: "/tmp/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch }}.tar.gz"
+        checksum: "sha256:{{ __snmp_exporter_checksum }}"
+        mode: '0644'
+      register: _download_binary
+      until: _download_binary is succeeded
+      retries: 5
+      delay: 2
+      delegate_to: localhost
+      check_mode: false

- name: Propagate SNMP Exporter binaries
+    - name: Unpack snmp_exporter binary
+      become: false
+      ansible.builtin.unarchive:
+        src: "/tmp/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch }}.tar.gz"
+        dest: "/tmp"
+        creates: "/tmp/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch }}/snmp_exporter"
+      delegate_to: localhost
+      check_mode: false
+
+    - name: Propagate snmp_exporter binaries
+      ansible.builtin.copy:
+        src: "/tmp/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch }}/snmp_exporter"
+        dest: "{{ snmp_exporter_binary_install_dir }}/snmp_exporter"
+        mode: 0755
+        owner: root
+        group: root
+      notify: restart snmp_exporter
+      when: not ansible_check_mode
+
+- name: Propagate locally distributed snmp_exporter binary
  ansible.builtin.copy:
-    src: "/tmp/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}/snmp_exporter"
-    dest: "/usr/local/bin/snmp_exporter"
+    src: "{{ snmp_exporter_binary_local_dir }}/snmp_exporter"
+    dest: "{{ snmp_exporter_binary_install_dir }}/snmp_exporter"
    mode: 0755
-  when: not snmp_exporter_skip_install
-  notify:
-    - restart snmp exporter
+    owner: root
+    group: root
+  when:
+    - snmp_exporter_binary_local_dir | length > 0
+    - not snmp_exporter_skip_install
+  notify: restart snmp_exporter

 - name: Create configuration directory
  ansible.builtin.file:
--- a/roles/snmp_exporter/tasks/preflight.yml
+++ b/roles/snmp_exporter/tasks/preflight.yml
@ -1,9 +1,31 @@
 ---
- name: "Get checksum for snmp exporter"
+- name: Discover latest version
  ansible.builtin.set_fact:
-    snmp_exporter_checksum: "{{ item.split(' ')[0] }}"
-  with_items:
-    - "{{ lookup('url', snmp_exporter_checksums_url, headers=_github_api_headers, wantlist=True) | list }}"
+    snmp_exporter_version: "{{ (lookup('url', 'https://api.github.com/repos/prometheus/snmp_exporter/releases/latest', headers=_github_api_headers,
+                            split_lines=False) | from_json).get('tag_name') | replace('v', '') }}"
+  run_once: true
+  until: snmp_exporter_version is version('0.0.0', '>=')
+  retries: 10
  when:
-    - "('linux-' + (go_arch_map[ansible_architecture] | default(ansible_architecture)) + '.tar.gz') in item"
+    - snmp_exporter_version == "latest"
+    - snmp_exporter_binary_local_dir | length == 0
    - not snmp_exporter_skip_install
+
+- name: Get snmp_exporter binary checksum
+  when:
+    - snmp_exporter_binary_local_dir | length == 0
+    - not snmp_exporter_skip_install
+  block:
+    - name: Get checksum list from github
+      ansible.builtin.set_fact:
+        __snmp_exporter_checksums: "{{ lookup('url', snmp_exporter_checksums_url, headers=_github_api_headers, wantlist=True) | list }}"
+      run_once: true
+      until: __snmp_exporter_checksums is search('linux-' + go_arch + '.tar.gz')
+      retries: 10
+
+    - name: "Get checksum for {{ go_arch }}"
+      ansible.builtin.set_fact:
+        __snmp_exporter_checksum: "{{ item.split(' ')[0] }}"
+      with_items: "{{ __snmp_exporter_checksums }}"
+      when:
+        - "('linux-' + go_arch + '.tar.gz') in item"
--- a/roles/snmp_exporter/vars/main.yml
+++ b/roles/snmp_exporter/vars/main.yml
@ -5,5 +5,7 @@ go_arch_map:
  aarch64: 'arm64'
  armv7l: 'armv7'
  armv6l: 'armv6'
+
+go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}"
 _snmp_exporter_repo: "prometheus/snmp_exporter"
 _github_api_headers: "{{ {'GITHUB_TOKEN': lookup('ansible.builtin.env', 'GITHUB_TOKEN')} if (lookup('ansible.builtin.env', 'GITHUB_TOKEN')) else {} }}"
--- a/roles/systemd_exporter/README.md
+++ b/roles/systemd_exporter/README.md
@ -27,6 +27,14 @@ Use it in a playbook as follows:
    - prometheus.prometheus.systemd_exporter
 ```

+### TLS config
+
+See node_exporter README for more extensive example. Requires systemd_exporter >= 0.5.0.
+
+    systemd_exporter_tls_server_config:
+      cert_file: /etc/systemd_exporter/tls.cert
+      key_file: /etc/systemd_exporter/tls.key
+
 ## Local Testing

 The preferred way of locally testing the role is to use Docker and [molecule](https://github.com/ansible-community/molecule) (v3.x). You will have to install Docker on your system. See "Get started" for a Docker package suitable to for your system. Running your tests is as simple as executing `molecule test`.
--- a/roles/systemd_exporter/defaults/main.yml
+++ b/roles/systemd_exporter/defaults/main.yml
@ -7,6 +7,8 @@ systemd_exporter_checksums_url: "https://github.com/{{ _systemd_exporter_repo }}
 systemd_exporter_skip_install: false
 systemd_exporter_web_listen_address: "0.0.0.0:9558"

+systemd_exporter_tls_server_config: {}
+
 systemd_exporter_enable_restart_count: false
 systemd_exporter_enable_ip_accounting: false
 systemd_exporter_enable_file_descriptor_size: false
@ -17,3 +19,5 @@ systemd_exporter_unit_exclude: ""
 systemd_exporter_binary_install_dir: "/usr/local/bin"
 systemd_exporter_system_group: "systemd-exporter"
 systemd_exporter_system_user: "{{ systemd_exporter_system_group }}"
+
+systemd_exporter_log_level: info
--- a/roles/systemd_exporter/meta/argument_specs.yml
+++ b/roles/systemd_exporter/meta/argument_specs.yml
@ -29,6 +29,11 @@ argument_specs:
      systemd_exporter_web_listen_address:
        description: Address on which systemd exporter will listen"
        default: "0.0.0.0:9558"
+      systemd_exporter_tls_server_config:
+        description:
+          - "Configuration for TLS authentication."
+          - "Keys and values are the same as in L(Prometheus docs,https://prometheus.io/docs/prometheus/latest/configuration/https/)."
+        type: "dict"
      systemd_exporter_enable_restart_count:
        description: Enables service restart count metrics. This feature only works with systemd 235 and above"
        type: "bool"
@ -60,3 +65,5 @@ argument_specs:
          - "I(Advanced)"
          - "Systemd exporter user"
        default: "systemd-exporter"
+      systemd_exporter_log_level:
+        description: Only log messages with the given severity or above.
--- a/roles/systemd_exporter/meta/main.yml
+++ b/roles/systemd_exporter/meta/main.yml
@ -23,6 +23,7 @@ galaxy_info:
    - name: "Fedora"
      versions:
        - "37"
+        - '38'
  galaxy_tags:
    - "monitoring"
    - "prometheus"
--- a/roles/systemd_exporter/molecule/alternative/molecule.yml
+++ b/roles/systemd_exporter/molecule/alternative/molecule.yml
@ -6,4 +6,8 @@ provisioner:
        systemd_exporter_binary_local_dir: "/tmp/systemd_exporter-linux-amd64"
        systemd_exporter_web_listen_address: "127.0.0.1:9000"
        go_arch: amd64
-        systemd_exporter_version: 0.4.0
+        systemd_exporter_version: 0.5.0
+        systemd_exporter_tls_server_config:
+          cert_file: /etc/systemd_exporter/tls.cert
+          key_file: /etc/systemd_exporter/tls.key
+        systemd_exporter_enable_file_descriptor_size: true
--- a/roles/systemd_exporter/molecule/alternative/prepare.yml
+++ b/roles/systemd_exporter/molecule/alternative/prepare.yml
@ -55,3 +55,26 @@
        csr_path: "/tmp/tls.csr"
        privatekey_path: "/tmp/tls.key"
        provider: selfsigned
+
+- name: Run target preparation
+  hosts: all
+  any_errors_fatal: true
+  tasks:
+    - name: Create systemd_exporter cert dir
+      ansible.builtin.file:
+        path: "{{ systemd_exporter_tls_server_config.cert_file | dirname }}"
+        state: directory
+        owner: root
+        group: root
+        mode: u+rwX,g+rwX,o=rX
+
+    - name: Copy cert and key
+      ansible.builtin.copy:
+        src: "{{ item.src }}"
+        dest: "{{ item.dest }}"
+        mode: "{{ item.mode | default('0644') }}"
+      loop:
+        - src: "/tmp/tls.cert"
+          dest: "{{ systemd_exporter_tls_server_config.cert_file }}"
+        - src: "/tmp/tls.key"
+          dest: "{{ systemd_exporter_tls_server_config.key_file }}"
--- a/roles/systemd_exporter/tasks/configure.yml
+++ b/roles/systemd_exporter/tasks/configure.yml
@ -8,6 +8,23 @@
    mode: 0644
  notify: restart systemd_exporter

+- name: Create systemd_exporter config directory
+  ansible.builtin.file:
+    path: "/etc/systemd_exporter"
+    state: directory
+    owner: root
+    group: root
+    mode: u+rwX,g+rwX,o=rX
+
+- name: Copy the systemd_exporter config file
+  ansible.builtin.template:
+    src: config.yaml.j2
+    dest: /etc/systemd_exporter/config.yaml
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart systemd_exporter
+
 - name: Allow systemd_exporter port in SELinux on RedHat OS family
  community.general.seport:
    ports: "{{ systemd_exporter_web_listen_address.split(':')[-1] }}"
--- a/roles/systemd_exporter/tasks/preflight.yml
+++ b/roles/systemd_exporter/tasks/preflight.yml
@ -25,6 +25,36 @@
    that:
      - "':' in systemd_exporter_web_listen_address"

+- name: Assert that TLS config is correct
+  when: systemd_exporter_tls_server_config | length > 0
+  block:
+    - name: Assert that systemd_exporter version supports TLS config
+      ansible.builtin.assert:
+        that:
+          - "systemd_exporter_version is version('0.5.0', '>=')"
+
+    - name: Assert that TLS key and cert path are set
+      ansible.builtin.assert:
+        that:
+          - "systemd_exporter_tls_server_config.cert_file is defined"
+          - "systemd_exporter_tls_server_config.key_file is defined"
+
+    - name: Check existence of TLS cert file
+      ansible.builtin.stat:
+        path: "{{ systemd_exporter_tls_server_config.cert_file }}"
+      register: __systemd_exporter_cert_file
+
+    - name: Check existence of TLS key file
+      ansible.builtin.stat:
+        path: "{{ systemd_exporter_tls_server_config.key_file }}"
+      register: __systemd_exporter_key_file
+
+    - name: Assert that TLS key and cert are present
+      ansible.builtin.assert:
+        that:
+          - "{{ __systemd_exporter_cert_file.stat.exists }}"
+          - "{{ __systemd_exporter_key_file.stat.exists }}"
+
 - name: Assert that systemd version is >= 235 when enabling ip accounting or measuring restart count
  ansible.builtin.assert:
    that:
--- a/roles/systemd_exporter/templates/config.yaml.j2
+++ b/roles/systemd_exporter/templates/config.yaml.j2
@ -0,0 +1,6 @@
+---
+{{ ansible_managed | comment }}
+{% if systemd_exporter_tls_server_config | length > 0 %}
+tls_server_config:
+{{ systemd_exporter_tls_server_config | to_nice_yaml | indent(2, true) }}
+{% endif %}
--- a/roles/systemd_exporter/templates/systemd_exporter.service.j2
+++ b/roles/systemd_exporter/templates/systemd_exporter.service.j2
@ -10,13 +10,25 @@ User={{ systemd_exporter_system_user }}
 Group={{ systemd_exporter_system_group }}
 ExecStart={{ systemd_exporter_binary_install_dir }}/systemd_exporter \
 {% if systemd_exporter_enable_restart_count %}
+    {% if systemd_exporter_version is version('0.5.0', '>=') %}
    --systemd.collector.enable-restart-count \
+    {% else %}
+    --collector.enable-restart-count \
+    {% endif %}
 {% endif %}
 {% if systemd_exporter_enable_file_descriptor_size %}
+    {% if systemd_exporter_version is version('0.5.0', '>=') %}
    --systemd.collector.enable-file-descriptor-size \
+    {% else %}
+    --collector.enable-file-descriptor-size \
+    {% endif %}
 {% endif %}
 {% if systemd_exporter_enable_ip_accounting %}
+    {% if systemd_exporter_version is version('0.5.0', '>=') %}
    --systemd.collector.enable-ip-accounting \
+    {% else %}
+    --collector.enable-ip-accounting \
+    {% endif %}
 {% endif %}
 {% if systemd_exporter_unit_include != ""%}
    --systemd.collector.unit-include={{ systemd_exporter_unit_include }} \
@ -24,6 +36,10 @@ ExecStart={{ systemd_exporter_binary_install_dir }}/systemd_exporter \
 {% if systemd_exporter_unit_exclude != "" %}
    --systemd.collector.unit-exclude={{ systemd_exporter_unit_exclude }} \
 {% endif %}
+{% if systemd_exporter_tls_server_config | length > 0 %}
+    --web.config.file=/etc/systemd_exporter/config.yaml \
+{% endif %}
+    --log.level={{ systemd_exporter_log_level }} \
    --web.listen-address={{ systemd_exporter_web_listen_address }}

 SyslogIdentifier=systemd_exporter
--- a/tests/integration/targets/molecule-prometheus-agentmode/runme.sh
+++ b/tests/integration/targets/molecule-prometheus-agentmode/runme.sh
@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+
+collection_root=$(pwd | grep -oP ".+\/ansible_collections\/\w+?\/\w+")
+source "$collection_root/tests/integration/molecule.sh"