Mirrors/ansible-collection-prometheus
2
0
Fork 0
mirror of https://github.com/prometheus-community/ansible synced 2024-11-10 14:24:25 +00:00
Code Issues Projects Releases Packages Wiki Activity

node_exporter: Fix Systemd ProtectHome option in service unit

Browse source 
Fixes an issue with the jinja2 snippet which is used to create the node_exporter Systemd unit. More details here: https://github.com/prometheus-community/ansible/issues/13

Jinja2 namespaces are used to ensure the variable `protect_home` can be set in the parent scope of the `for` loop looking through the mounts.

Signed-off-by: Kevin Bowrin <kevinbowrin@cunet.carleton.ca>
This commit is contained in:
Kevin Bowrin 2023-05-03 12:44:57 -04:00
parent 26d2f99857
commit be0a877b00
No known key found for this signature in database
GPG key ID: 3BD30E7A6917F0F0
4 changed files with 21 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
roles/node_exporter/molecule/alternative/tests/test_alternative.py
View file

@ -23,6 +23,12 @@ def test_service(host):
assert s.is_running
def test_protecthome_property(host):
s = host.service("node_exporter")
p = s.systemd_properties
assert p.get("ProtectHome") == "yes"
def test_socket(host):
sockets = [
"tcp://127.0.0.1:8080"

6
roles/node_exporter/molecule/default/tests/test_default.py
View file

@ -57,6 +57,12 @@ def test_service(host):
assert s.is_running
def test_protecthome_property(host):
s = host.service("node_exporter")
p = s.systemd_properties
assert p.get("ProtectHome") == "yes"
def test_socket(host):
sockets = [
"tcp://127.0.0.1:9100"

6
roles/node_exporter/molecule/latest/tests/test_alternative.py
View file

@ -25,6 +25,12 @@ def test_service(host):
assert s.is_running
def test_protecthome_property(host):
s = host.service("node_exporter")
p = s.systemd_properties
assert p.get("ProtectHome") == "yes"
def test_socket(host):
s = host.socket("tcp://0.0.0.0:9100")
assert s.is_listening

6
roles/node_exporter/templates/node_exporter.service.j2
View file

@ -38,11 +38,11 @@ Restart=always
RestartSec=1
StartLimitInterval=0
{% set protect_home = 'yes' %}
{% set ns = namespace(protect_home = 'yes') %}
{% for m in ansible_mounts if m.mount.startswith('/home') %}
{% set protect_home = 'read-only' %}
{% set ns.protect_home = 'read-only' %}
{% endfor %}
ProtectHome={{ protect_home }}
ProtectHome={{ ns.protect_home }}
NoNewPrivileges=yes
{% if (ansible_facts.packages.systemd | first).version is version('232', '>=') %}