Mirrors/ansible-collection-prometheus
2
0
Fork 0
mirror of https://github.com/prometheus-community/ansible synced 2024-11-22 11:53:12 +00:00
Code Issues Projects Releases Packages Wiki Activity

chore: Configurable prometheus system user, group (#307)

Browse source 
Signed-off-by: Mahendra Paipuri <mahendra.paipuri@gmail.com>
This commit is contained in:
Mahendra Paipuri 2024-02-29 09:50:15 +01:00 committed by GitHub
parent ee540fe8de
commit cf1a5dbece
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 27 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
roles/prometheus/defaults/main.yml
View file

@ -227,4 +227,7 @@ prometheus_alert_rules: # noqa yaml[line-length] # noqa line-length
severity: warning severity: warning
# yamllint enable rule:line-length # yamllint enable rule:line-length
prometheus_system_group: 'prometheus'
prometheus_system_user: "{{ prometheus_system_group }}"
prometheus_stop_timeout: '600s' prometheus_stop_timeout: '600s'

10
roles/prometheus/meta/argument_specs.yml
View file

@ -150,6 +150,16 @@ argument_specs:
default: default:
- "prometheus/targets/*.yml" - "prometheus/targets/*.yml"
- "prometheus/targets/*.json" - "prometheus/targets/*.json"
prometheus_system_group:
description:
- "System group for Prometheus."
type: "str"
default: "prometheus"
prometheus_system_user:
description:
- "System user for Prometheus."
type: "str"
default: "prometheus"
prometheus_stop_timeout: prometheus_stop_timeout:
description: description:
- "How long to wait for Prometheus to shutdown. This is passed as a systemd TimeoutStopSec time spec." - "How long to wait for Prometheus to shutdown. This is passed as a systemd TimeoutStopSec time spec."

12
roles/prometheus/tasks/configure.yml
View file

@ -4,7 +4,7 @@
src: "alert.rules.j2" src: "alert.rules.j2"
dest: "{{ prometheus_config_dir }}/rules/ansible_managed.rules" dest: "{{ prometheus_config_dir }}/rules/ansible_managed.rules"
owner: root owner: root
group: prometheus group: "{{ prometheus_system_group }}"
mode: 0640 mode: 0640
validate: "{{ _prometheus_binary_install_dir }}/promtool check rules %s" validate: "{{ _prometheus_binary_install_dir }}/promtool check rules %s"
when: when:
@ -18,7 +18,7 @@
src: "{{ item }}" src: "{{ item }}"
dest: "{{ prometheus_config_dir }}/rules/" dest: "{{ prometheus_config_dir }}/rules/"
owner: root owner: root
group: prometheus group: "{{ prometheus_system_group }}"
mode: 0640 mode: 0640
validate: "{{ _prometheus_binary_install_dir }}/promtool check rules %s" validate: "{{ _prometheus_binary_install_dir }}/promtool check rules %s"
with_fileglob: "{{ prometheus_alert_rules_files }}" with_fileglob: "{{ prometheus_alert_rules_files }}"
@ -33,7 +33,7 @@
dest: "{{ prometheus_config_dir }}/prometheus.yml" dest: "{{ prometheus_config_dir }}/prometheus.yml"
force: true force: true
owner: root owner: root
group: prometheus group: "{{ prometheus_system_group }}"
mode: 0640 mode: 0640
validate: "{{ _prometheus_binary_install_dir }}/promtool check config %s" validate: "{{ _prometheus_binary_install_dir }}/promtool check config %s"
no_log: "{{ false if (lookup('env', 'CI')) or (lookup('env', 'MOLECULE_PROVISIONER_NAME')) else true }}" no_log: "{{ false if (lookup('env', 'CI')) or (lookup('env', 'MOLECULE_PROVISIONER_NAME')) else true }}"
@ -46,7 +46,7 @@
dest: "{{ prometheus_config_dir }}/web.yml" dest: "{{ prometheus_config_dir }}/web.yml"
force: true force: true
owner: root owner: root
group: prometheus group: "{{ prometheus_system_group }}"
mode: 0640 mode: 0640
- name: Configure prometheus static targets - name: Configure prometheus static targets
@ -56,7 +56,7 @@
dest: "{{ prometheus_config_dir }}/file_sd/{{ item.key }}.yml" dest: "{{ prometheus_config_dir }}/file_sd/{{ item.key }}.yml"
force: true force: true
owner: root owner: root
group: prometheus group: "{{ prometheus_system_group }}"
mode: 0640 mode: 0640
with_dict: "{{ prometheus_targets }}" with_dict: "{{ prometheus_targets }}"
when: prometheus_targets != {} when: prometheus_targets != {}
@ -67,6 +67,6 @@
dest: "{{ prometheus_config_dir }}/file_sd/" dest: "{{ prometheus_config_dir }}/file_sd/"
force: true force: true
owner: root owner: root
group: prometheus group: "{{ prometheus_system_group }}"
mode: 0640 mode: 0640
with_fileglob: "{{ prometheus_static_targets_files }}" with_fileglob: "{{ prometheus_static_targets_files }}"

12
roles/prometheus/tasks/install.yml
View file

@ -1,16 +1,16 @@
--- ---
- name: Create prometheus system group - name: Create prometheus system group
ansible.builtin.group: ansible.builtin.group:
name: prometheus name: "{{ prometheus_system_group }}"
system: true system: true
state: present state: present
- name: Create prometheus system user - name: Create prometheus system user
ansible.builtin.user: ansible.builtin.user:
name: prometheus name: "{{ prometheus_system_user }}"
system: true system: true
shell: "/usr/sbin/nologin" shell: "/usr/sbin/nologin"
group: prometheus group: "{{ prometheus_system_group }}"
createhome: false createhome: false
home: "{{ prometheus_db_dir }}" home: "{{ prometheus_db_dir }}"
@ -18,8 +18,8 @@
ansible.builtin.file: ansible.builtin.file:
path: "{{ prometheus_db_dir }}" path: "{{ prometheus_db_dir }}"
state: directory state: directory
owner: prometheus owner: "{{ prometheus_system_user }}"
group: prometheus group: "{{ prometheus_system_group }}"
mode: 0755 mode: 0755
- name: Create prometheus configuration directories - name: Create prometheus configuration directories
@ -27,7 +27,7 @@
path: "{{ item }}" path: "{{ item }}"
state: directory state: directory
owner: root owner: root
group: prometheus group: "{{ prometheus_system_group }}"
mode: 0770 mode: 0770
with_items: with_items:
- "{{ prometheus_config_dir }}" - "{{ prometheus_config_dir }}"

4
roles/prometheus/templates/prometheus.service.j2
View file

@ -9,8 +9,8 @@ After=local-fs.target
[Service] [Service]
Type=simple Type=simple
Environment="GOMAXPROCS={{ ansible_processor_vcpus|default(ansible_processor_count) }}" Environment="GOMAXPROCS={{ ansible_processor_vcpus|default(ansible_processor_count) }}"
User=prometheus User={{ prometheus_system_user }}
Group=prometheus Group={{ prometheus_system_group }}
ExecReload=/bin/kill -HUP $MAINPID ExecReload=/bin/kill -HUP $MAINPID
ExecStart={{ _prometheus_binary_install_dir }}/prometheus \ ExecStart={{ _prometheus_binary_install_dir }}/prometheus \
{% if not prometheus_agent_mode %} {% if not prometheus_agent_mode %}