Mirrors/ansible-collection-prometheus
2
0
Fork 0
mirror of https://github.com/prometheus-community/ansible synced 2025-03-07 16:37:34 +00:00
Code Issues Projects Releases Packages Wiki Activity

refactor: avoid using command module for systemd version fact

Browse source 
Signed-off-by: gardar <gardar@users.noreply.github.com>
This commit is contained in:
gardar 2023-03-06 16:08:26 +00:00
parent d389ad29e2
commit e02e6a5976
No known key found for this signature in database
GPG key ID: 75FAE37CBA8C13C2
8 changed files with 17 additions and 50 deletions
roles
alertmanager
tasks
preflight.yml
templates
alertmanager.service.j2
blackbox_exporter
tasks
preflight.yml
templates
blackbox_exporter.service.j2
node_exporter
tasks
preflight.yml
templates
node_exporter.service.j2
prometheus
tasks
preflight.yml
templates
prometheus.service.j2

14
roles/alertmanager/tasks/preflight.yml
View file

@ -4,17 +4,9 @@
that: ansible_service_mgr == 'systemd'
msg: "This module only works with systemd"
- name: Get systemd version
ansible.builtin.command: systemctl --version
changed_when: false
check_mode: false
register: __systemd_version
tags:
- skip_ansible_lint
- name: Set systemd version fact
ansible.builtin.set_fact:
alertmanager_systemd_version: "{{ __systemd_version.stdout_lines[0].split(' ')[-1] }}"
- name: Gather package facts
ansible.builtin.package_facts:
when: "not 'packages' in ansible_facts"
- name: Discover latest version
ansible.builtin.set_fact:

2
roles/alertmanager/templates/alertmanager.service.j2
View file

@ -51,7 +51,7 @@ ReadWriteDirectories={{ alertmanager_db_dir }}
RemoveIPC=true
RestrictSUIDSGID=true
{% if alertmanager_systemd_version | int >= 232 %}
{% if (ansible_facts.packages.systemd | first).version is version('232', '>=') %}
PrivateUsers=true
ProtectControlGroups=true
ProtectKernelModules=true

14
roles/blackbox_exporter/tasks/preflight.yml
View file

@ -4,17 +4,9 @@
that: ansible_service_mgr == 'systemd'
msg: "This role only works with systemd"
- name: Get systemd version
ansible.builtin.command: systemctl --version
changed_when: false
check_mode: false
register: __systemd_version
tags:
- skip_ansible_lint
- name: Set systemd version fact
ansible.builtin.set_fact:
blackbox_exporter_systemd_version: "{{ __systemd_version.stdout_lines[0] | regex_replace('^systemd\\s(\\d+).*$', '\\1') }}"
- name: Gather package facts
ansible.builtin.package_facts:
when: "not 'packages' in ansible_facts"
- name: Naive assertion of proper listen address
ansible.builtin.assert:

2
roles/blackbox_exporter/templates/blackbox_exporter.service.j2
View file

@ -32,7 +32,7 @@ RemoveIPC=true
RestrictSUIDSGID=true
AmbientCapabilities=CAP_NET_RAW
{% if blackbox_exporter_systemd_version | int >= 232 %}
{% if (ansible_facts.packages.systemd | first).version is version('232', '>=') %}
ProtectControlGroups=true
ProtectKernelModules=true
ProtectKernelTunables=yes

15
roles/node_exporter/tasks/preflight.yml
View file

@ -4,17 +4,9 @@
that: ansible_service_mgr == 'systemd'
msg: "This role only works with systemd"
- name: Get systemd version
ansible.builtin.command: systemctl --version
changed_when: false
check_mode: false
register: __systemd_version
tags:
- skip_ansible_lint
- name: Set systemd version fact
ansible.builtin.set_fact:
node_exporter_systemd_version: "{{ __systemd_version.stdout_lines[0] | regex_replace('^systemd\\s(\\d+).*$', '\\1') }}"
- name: Gather package facts
ansible.builtin.package_facts:
when: "not 'packages' in ansible_facts"
- name: Naive assertion of proper listen address
ansible.builtin.assert:
@ -68,7 +60,6 @@
when: __node_exporter_is_installed.stat.exists
tags:
- node_exporter_install
- skip_ansible_lint
- name: Discover latest version
ansible.builtin.set_fact:

2
roles/node_exporter/templates/node_exporter.service.j2
View file

@ -45,7 +45,7 @@ StartLimitInterval=0
ProtectHome={{ protect_home }}
NoNewPrivileges=yes
{% if node_exporter_systemd_version | int >= 232 %}
{% if (ansible_facts.packages.systemd | first).version is version('232', '>=') %}
ProtectSystem=strict
ProtectControlGroups=true
ProtectKernelModules=true

14
roles/prometheus/tasks/preflight.yml
View file

@ -4,17 +4,9 @@
that: ansible_service_mgr == 'systemd'
msg: "This module only works with systemd"
- name: Get systemd version
ansible.builtin.command: systemctl --version
changed_when: false
check_mode: false
register: __systemd_version
tags:
- skip_ansible_lint
- name: Set systemd version fact
ansible.builtin.set_fact:
prometheus_systemd_version: "{{ __systemd_version.stdout_lines[0].split(' ')[-1] }}"
- name: Gather package facts
ansible.builtin.package_facts:
when: "not 'packages' in ansible_facts"
- name: Assert no duplicate config flags
ansible.builtin.assert:

4
roles/prometheus/templates/prometheus.service.j2
View file

@ -52,7 +52,7 @@ RemoveIPC=true
RestrictSUIDSGID=true
#SystemCallFilter=@signal @timer
{% if prometheus_systemd_version | int >= 231 %}
{% if (ansible_facts.packages.systemd | first).version is version('231', '>=') %}
ReadWritePaths={{ prometheus_db_dir }}
{% for path in prometheus_read_only_dirs %}
ReadOnlyPaths={{ path }}
@ -64,7 +64,7 @@ ReadOnlyDirectories={{ path }}
{% endfor %}
{% endif %}
{% if prometheus_systemd_version | int >= 232 %}
{% if (ansible_facts.packages.systemd | first).version is version('232', '>=') %}
PrivateUsers=true
ProtectControlGroups=true
ProtectKernelModules=true