From 8734f607dbfc1504cfa592bafb89f5740d0ee7ac Mon Sep 17 00:00:00 2001 From: gardar Date: Tue, 15 Oct 2024 16:50:28 +0000 Subject: [PATCH 01/24] enhancement: add role for common tasks Signed-off-by: gardar --- .config/ansible-lint.yml | 1 + roles/_common/README.md | 3 + roles/_common/handlers/main.yml | 15 +++ roles/_common/meta/argument_specs.yml | 91 ++++++++++++++++++ roles/_common/meta/main.yml | 6 ++ roles/_common/tasks/configure.yml | 70 ++++++++++++++ roles/_common/tasks/install.yml | 108 ++++++++++++++++++++++ roles/_common/tasks/preflight.yml | 76 +++++++++++++++ roles/_common/tasks/selinux.yml | 58 ++++++++++++ roles/_common/templates/web_config.yml.j2 | 18 ++++ roles/_common/vars/main.yml | 24 +++++ 11 files changed, 470 insertions(+) create mode 100644 roles/_common/README.md create mode 100644 roles/_common/handlers/main.yml create mode 100644 roles/_common/meta/argument_specs.yml create mode 100644 roles/_common/meta/main.yml create mode 100644 roles/_common/tasks/configure.yml create mode 100644 roles/_common/tasks/install.yml create mode 100644 roles/_common/tasks/preflight.yml create mode 100644 roles/_common/tasks/selinux.yml create mode 100644 roles/_common/templates/web_config.yml.j2 create mode 100644 roles/_common/vars/main.yml diff --git a/.config/ansible-lint.yml b/.config/ansible-lint.yml index b3bc42cba..7b8dbb958 100644 --- a/.config/ansible-lint.yml +++ b/.config/ansible-lint.yml @@ -4,4 +4,5 @@ warn_list: - galaxy[version-incorrect] # until collection gets bumped to 1.x.x - name[casing] # https://github.com/ansible/ansible-lint/issues/4035#issuecomment-2116272270 skip_list: + - role-name # Allow underscore prefix in role name for internal role - var-naming[no-role-prefix] # https://github.com/ansible/ansible-lint/pull/3422#issuecomment-1549584988 diff --git a/roles/_common/README.md b/roles/_common/README.md new file mode 100644 index 000000000..1e29b5fcb --- /dev/null +++ b/roles/_common/README.md @@ -0,0 +1,3 @@ +--- +# Internal use only +This role is for common tasks shared between roles and should not be used directly diff --git a/roles/_common/handlers/main.yml b/roles/_common/handlers/main.yml new file mode 100644 index 000000000..76ba6b37f --- /dev/null +++ b/roles/_common/handlers/main.yml @@ -0,0 +1,15 @@ +--- +- name: "Restart {{ _common_service_name }}" + # listen: "restart_service" + become: true + ansible.builtin.service: + daemon_reload: true + name: "{{ _common_service_name }}" + state: restarted + +- name: "Reload {{ _common_service_name }}" + # listen: "reload_service" + become: true + ansible.builtin.service: + name: "{{ _common_service_name }}" + state: reloaded diff --git a/roles/_common/meta/argument_specs.yml b/roles/_common/meta/argument_specs.yml new file mode 100644 index 000000000..7642a47c6 --- /dev/null +++ b/roles/_common/meta/argument_specs.yml @@ -0,0 +1,91 @@ +--- +argument_specs: + configure: + short_description: "Internal only - common configuration tasks" + description: "Internal only - selinux requirements" + author: + - "Prometheus Community" + options: + _common_service_name: + description: + - "Name of the system service (systemd)" + - "Usually matches the role name" + default: "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}" + _common_config_dir: + description: "Path to directory to install configuration." + default: "" + _common_system_user: + description: "System user for running the service." + default: "" + _common_system_group: + description: "User group for the system user." + default: "" + _common_tls_server_config: + description: "Configuration for TLS authentication." + default: "" + _common_http_server_config: + description: "Configuration for HTTP/2 support." + default: "" + _common_common_basic_auth_users: + description: "Dictionary of users and password for basic authentication. Passwords are automatically hashed with bcrypt." + default: "" + install: + short_description: "Internal only - common installation tasks" + description: "Internal only - selinux requirements" + author: + - "Prometheus Community" + options: + _common_binaries: + description: "List of binaries to install" + default: [] + type: "list" + elements: "str" + _common_binary_install_dir: + description: "Directory to install binaries" + default: "" + _common_binary_name: + description: "Name of main binary" + default: "{{ __common_binary_basename }}" + _common_binary_unarchive_opts: + description: "Extra options to pass to binary unarchive task" + default: [] + type: "list" + elements: "str" + _common_binary_url: + description: "URL of the binaries to install" + default: "" + _common_checksums_url: + description: "URL of the checksums file for the binaries" + default: "" + _common_config_dir: + description: "Path to the configuration dir" + default: "" + _common_local_cache_path: + description: "Local path to stash the archive and its extraction" + default: "" + _common_system_user: + description: "System user for running the service." + default: "" + _common_system_group: + description: "User group for the system user." + default: "" + preflight: + short_description: "Internal only - common preflight tasks" + description: "Internal only - selinux requirements" + author: + - "Prometheus Community" + options: + _common_dependencies: + description: "Package dependencies to install" + default: "{% if (ansible_pkg_mgr == 'apt') %}\ + {{ ('python-apt' if ansible_python_version is version('3', '<') else 'python3-apt') }} + {% else %}\ + {% endif %}" + selinux: + short_description: "Internal only - common selinux configuration tasks" + description: "Internal only - selinux requirements" + author: + - "Prometheus Community" + options: + _common_selinux_port: + description: "Port to allow in SELinux" diff --git a/roles/_common/meta/main.yml b/roles/_common/meta/main.yml new file mode 100644 index 000000000..4c160942e --- /dev/null +++ b/roles/_common/meta/main.yml @@ -0,0 +1,6 @@ +--- +galaxy_info: + author: "Prometheus Community" + description: "Internal role for common tasks shared between roles" + license: "Apache" + min_ansible_version: "2.9" diff --git a/roles/_common/tasks/configure.yml b/roles/_common/tasks/configure.yml new file mode 100644 index 000000000..fe0333e21 --- /dev/null +++ b/roles/_common/tasks/configure.yml @@ -0,0 +1,70 @@ +--- +- name: "Validate invocation of _common role" + ansible.builtin.assert: + that: + - "ansible_parent_role_names is defined" + - "ansible_parent_role_names | default() | length > 0" + fail_msg: "Error: The '_common' role is a internal role and cannot be invoked directly." + tags: + - always + +- name: "Create systemd service unit {{ _common_service_name }}" + ansible.builtin.template: + src: "{{ _common_service_name }}.service.j2" + dest: "/etc/systemd/system/{{ _common_service_name }}.service" + owner: root + group: root + mode: 0644 + become: true + notify: + - "{{ ansible_parent_role_names | first }} : Restart {{ _common_service_name }}" + tags: + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}" + - configure + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_configure" + +- name: "Create config dir {{ _common_config_dir }}" + ansible.builtin.file: + path: "{{ _common_config_dir }}" + state: directory + owner: "{{ _common_system_user }}" + group: "{{ _common_system_group }}" + mode: u+rwX,g+rwX,o=rX + become: true + notify: + - "{{ ansible_parent_role_names | first }} : Restart {{ _common_service_name }}" + when: (_common_config_dir) + tags: + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}" + - configure + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_configure" + +- name: "Install web config for {{ _common_service_name }}" + ansible.builtin.template: + src: "web_config.yml.j2" + dest: "{{ _common_config_dir }}/web_config.yml" + owner: "{{ _common_system_user }}" + group: "{{ _common_system_group }}" + mode: 0644 + become: true + notify: + - "{{ ansible_parent_role_names | first }} : Restart {{ _common_service_name }}" + when: "[_common_tls_server_config, _common_http_server_config, _common_basic_auth_users] | map('length') | select('>', 0) | list is any" + tags: + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}" + - configure + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_configure" + +# +# - name: "Configure {{ _common_service_name }}" +# ansible.builtin.template: +# # src: "{{ ansible_parent_role_paths | first }}/templates/{{ _common_service_name }}.yml.j2" +# src: "{{ _config_template | default(ansible_parent_role_paths | first ~ '/templates/' ~ _common_service_name ~ '.yml.j2') }}" +# # dest: "/etc/{{ _common_service_name }}.yml" +# dest: "{{ _config_dest | default('/etc/' ~ _common_service_name ~ '.yml') }}" +# owner: "{{ _system_user }}" +# group: "{{ _system_group }}" +# mode: 0644 +# notify: +# - reload_service +# when: (ansible_parent_role_paths | first '/templates/' _common_service_name '.yml.j2') diff --git a/roles/_common/tasks/install.yml b/roles/_common/tasks/install.yml new file mode 100644 index 000000000..99cc293ae --- /dev/null +++ b/roles/_common/tasks/install.yml @@ -0,0 +1,108 @@ +--- +- name: "Validate invocation of _common role" + ansible.builtin.assert: + that: + - "ansible_parent_role_names is defined" + - "ansible_parent_role_names | default() | length > 0" + fail_msg: "Error: The '_common' role is a internal role and cannot be invoked directly." + tags: + - always + +- name: "Create system group {{ _common_system_group }}" + ansible.builtin.group: + name: "{{ _common_system_group }}" + system: true + state: present + become: true + when: _common_system_group != "root" + tags: + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}" + - install + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_install" + +- name: "Create system user {{ _common_system_user }}" + ansible.builtin.user: + name: "{{ _common_system_user }}" + system: true + shell: "/usr/sbin/nologin" + group: "{{ _common_system_group }}" + home: "{{ _common_config_dir | default('/') }}" + create_home: false + become: true + when: _common_system_user != "root" + tags: + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}" + - install + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_install" + +- name: "Create localhost binary cache path" + ansible.builtin.file: + path: "{{ _common_local_cache_path }}" + state: directory + mode: 0755 + delegate_to: localhost + tags: + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}" + - install + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_install" + - download + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_download" + +- name: "Download binary {{ __common_binary_basename }}" + tags: + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}" + - install + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_install" + - download + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_download" + block: + - name: "Get checksum list for {{ __common_binary_basename }}" + ansible.builtin.set_fact: + __common_binary_checksums: "{{ dict(lookup('url', _common_checksums_url, headers=__common_github_api_headers, wantlist=True) + | map('regex_replace', '^([a-fA-F0-9]+)\\s+', 'sha256:\\1 ') + | map('regex_findall', '^(sha256:[a-fA-F0-9]+)\\s+(.+)$') | map('flatten') | map('reverse')) }}" + run_once: true + when: (_common_checksums_url) + + - name: "Download {{ __common_binary_basename }}" + ansible.builtin.get_url: + url: "{{ _common_binary_url }}" + dest: "{{ _common_local_cache_path }}/{{ _common_binary_name | default(__common_binary_basename) }}" + headers: "{{ __common_github_api_headers }}" + checksum: "{{ __common_binary_checksums[__common_binary_basename] | default(omit) }}" + mode: 0644 + register: __common_download + until: __common_download is succeeded + retries: 5 + delay: 2 + # run_once: true # <-- this can't be set due to multi-arch support + delegate_to: localhost + check_mode: false + + - name: "Unpack binary archive {{ __common_binary_basename }}" + ansible.builtin.unarchive: + src: "{{ _common_local_cache_path }}/{{ __common_binary_basename }}" + dest: "{{ _common_local_cache_path }}" + mode: 0755 + list_files: true + extra_opts: "{{ _common_binary_unarchive_opts | default(omit, true) }}" + register: __common_unpack + delegate_to: localhost + check_mode: false + when: __common_binary_basename is search('\.zip$|\.tar\.gz$') + +- name: "Propagate binaries" + ansible.builtin.copy: + src: "{{ _common_local_cache_path }}/{{ item }}" + dest: "{{ _common_binary_install_dir }}/{{ item }}" + mode: 0755 + owner: root + group: root + loop: "{{ _common_binaries }}" + become: true + notify: + - "{{ ansible_parent_role_names | first }} : Restart {{ _common_service_name }}" + tags: + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}" + - install + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_install" diff --git a/roles/_common/tasks/preflight.yml b/roles/_common/tasks/preflight.yml new file mode 100644 index 000000000..4a8006e58 --- /dev/null +++ b/roles/_common/tasks/preflight.yml @@ -0,0 +1,76 @@ +--- +- name: "Validate invocation of _common role" + ansible.builtin.assert: + that: + - "ansible_parent_role_names is defined" + - "ansible_parent_role_names | default() | length > 0" + fail_msg: "Error: The '_common' role is a internal role and cannot be invoked directly." + tags: + - always + +- name: "Check for deprecated skip_install variable" + ansible.builtin.assert: + that: + - __common_parent_role_short_name ~ '_skip_install' not in vars + fail_msg: "The variable {{ __common_parent_role_short_name ~ '_skip_install' }} is deprecated. + Please use `--skip-tags {{ __common_parent_role_short_name }}_install` instead to skip the installation." + tags: + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}" + - configure + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_configure" + +- name: "Check for deprecated binary_local_dir variable" + ansible.builtin.assert: + that: + - __common_parent_role_short_name ~ '_binary_local_dir' not in vars + fail_msg: "The variable {{ __common_parent_role_short_name ~ '_binary_local_dir' }} is deprecated. + Please use the variable {{ __common_parent_role_short_name ~ '_local_cache_path' }} instead" + tags: + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}" + - configure + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_configure" + +- name: "Check for deprecated archive_path variable" + ansible.builtin.assert: + that: + - __common_parent_role_short_name ~ '_archive_path' not in vars + fail_msg: "The variable {{ __common_parent_role_short_name ~ '_archive_path' }} is deprecated. + Please use the variable {{ __common_parent_role_short_name ~ '_local_cache_path' }} instead" + tags: + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}" + - configure + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_configure" + +- name: Assert usage of systemd as an init system + ansible.builtin.assert: + that: ansible_service_mgr == 'systemd' + msg: "This module only works with systemd" + tags: + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}" + - configure + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_configure" + - install + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_install" + +- name: Install dependencies + become: true + ansible.builtin.package: + name: "{{ _common_dependencies }}" + state: present + when: (_common_dependencies) + tags: + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}" + - configure + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_configure" + - install + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_install" + +- name: Gather package facts + ansible.builtin.package_facts: + when: "not 'packages' in ansible_facts" + tags: + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}" + - configure + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_configure" + - install + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_install" diff --git a/roles/_common/tasks/selinux.yml b/roles/_common/tasks/selinux.yml new file mode 100644 index 000000000..5b7319fc8 --- /dev/null +++ b/roles/_common/tasks/selinux.yml @@ -0,0 +1,58 @@ +--- +- name: "Validate invocation of _common role" + ansible.builtin.assert: + that: + - "ansible_parent_role_names is defined" + - "ansible_parent_role_names | default() | length > 0" + fail_msg: "Error: The '_common' role is a internal role and cannot be invoked directly." + tags: + - always + +- name: Install selinux python packages [RedHat] + ansible.builtin.package: + name: "{{ ['libselinux-python', 'policycoreutils-python'] + if ansible_python_version is version('3', '<') else + ['python3-libselinux', 'python3-policycoreutils'] }}" + state: present + register: __common_install_selinux_packages + until: __common_install_selinux_packages is success + retries: 5 + delay: 2 + become: true + when: ansible_os_family | lower == "redhat" + tags: + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}" + - configure + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_configure" + +- name: Install selinux python packages [clearlinux] + ansible.builtin.package: + name: sysadmin-basic + state: present + register: __common_install_selinux_packages + until: __common_install_selinux_packages is success + retries: 5 + delay: 2 + become: true + when: + - ansible_distribution | lower == "clearlinux" + tags: + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}" + - configure + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_configure" + +- name: Allow port in SELinux + community.general.seport: + ports: "{{ _common_selinux_port }}" + proto: tcp + setype: http_port_t + state: present + become: true + when: + - ansible_version.full is version_compare('2.4', '>=') + - ansible_selinux.status == "enabled" + - (_common_selinux_port) + tags: + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}" + - configure + - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_configure" diff --git a/roles/_common/templates/web_config.yml.j2 b/roles/_common/templates/web_config.yml.j2 new file mode 100644 index 000000000..af495e509 --- /dev/null +++ b/roles/_common/templates/web_config.yml.j2 @@ -0,0 +1,18 @@ +--- +{{ ansible_managed | comment }} +{% if _common_tls_server_config | length > 0 %} +tls_server_config: +{{ _common_tls_server_config | to_nice_yaml | indent(2, true) }} +{% endif %} + +{% if _common_http_server_config | length > 0 %} +http_server_config: +{{ _common_http_server_config | to_nice_yaml | indent(2, true) }} +{% endif %} + +{% if _common_basic_auth_users | length > 0 %} +basic_auth_users: +{% for k, v in _common_basic_auth_users.items() %} + {{ k }}: {{ v | string | password_hash('bcrypt', ('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890' | shuffle(seed=inventory_hostname) | join)[:22], rounds=9) }} +{% endfor %} +{% endif %} diff --git a/roles/_common/vars/main.yml b/roles/_common/vars/main.yml new file mode 100644 index 000000000..dbda12bc2 --- /dev/null +++ b/roles/_common/vars/main.yml @@ -0,0 +1,24 @@ +--- +_common_local_cache_path: "" +_common_binaries: [] +_common_binary_name: "{{ __common_binary_basename }}" +_common_binary_install_dir: +_common_config_dir: "" +_common_binary_url: "" +_common_checksums_url: "" +_common_selinux_port: "" +_common_service_name: "{{ __common_parent_role_short_name }}" +_common_system_user: "" +_common_system_group: "" +_common_dependencies: "{% if (ansible_pkg_mgr == 'apt') %}\ + {{ ('python-apt' if ansible_python_version is version('3', '<') else 'python3-apt') }} + {% else %}\ + {% endif %}" +_common_binary_unarchive_opts: "" +_common_tls_server_config: {} +_common_http_server_config: {} +_common_basic_auth_users: {} +# Variables that should not be overwritten +__common_binary_basename: "{{ _common_binary_url | urlsplit('path') | basename }}" +__common_github_api_headers: "{{ {'GITHUB_TOKEN': lookup('ansible.builtin.env', 'GITHUB_TOKEN')} if (lookup('ansible.builtin.env', 'GITHUB_TOKEN')) else {} }}" +__common_parent_role_short_name: "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}" From d05e3c23b5b1e76d8dba59435576b5d7449757ae Mon Sep 17 00:00:00 2001 From: gardar Date: Tue, 15 Oct 2024 17:01:13 +0000 Subject: [PATCH 02/24] refactor(alertmanager): delegate common tasks to _common role Signed-off-by: gardar --- roles/alertmanager/defaults/main.yml | 11 ++- roles/alertmanager/meta/argument_specs.yml | 30 ++++--- .../molecule/alternative/molecule.yml | 4 +- roles/alertmanager/tasks/configure.yml | 69 +++++++++++---- roles/alertmanager/tasks/install.yml | 87 ------------------- roles/alertmanager/tasks/main.yml | 62 ++++++------- roles/alertmanager/tasks/preflight.yml | 52 +++-------- roles/alertmanager/tasks/selinux.yml | 23 ----- .../templates/alertmanager.service.j2 | 2 +- roles/alertmanager/vars/main.yml | 17 ++-- 10 files changed, 125 insertions(+), 232 deletions(-) delete mode 100644 roles/alertmanager/tasks/install.yml delete mode 100644 roles/alertmanager/tasks/selinux.yml diff --git a/roles/alertmanager/defaults/main.yml b/roles/alertmanager/defaults/main.yml index c8e82be1e..ac877bca2 100644 --- a/roles/alertmanager/defaults/main.yml +++ b/roles/alertmanager/defaults/main.yml @@ -1,10 +1,8 @@ --- alertmanager_version: 0.27.0 -alertmanager_binary_local_dir: '' alertmanager_binary_url: "https://github.com/{{ _alertmanager_repo }}/releases/download/v{{ alertmanager_version }}/\ - alertmanager-{{ alertmanager_version }}.linux-{{ go_arch }}.tar.gz" + alertmanager-{{ alertmanager_version }}.{{ ansible_system | lower }}-{{ _alertmanager_go_ansible_arch }}.tar.gz" alertmanager_checksums_url: "https://github.com/{{ _alertmanager_repo }}/releases/download/v{{ alertmanager_version }}/sha256sums.txt" -alertmanager_skip_install: false alertmanager_config_dir: /etc/alertmanager alertmanager_db_dir: /var/lib/alertmanager @@ -135,5 +133,10 @@ alertmanager_amtool_config_alertmanager_url: "{{ alertmanager_web_external_url } # Extended output of `amtool` commands, use '' for less verbosity alertmanager_amtool_config_output: 'extended' +alertmanager_binary_install_dir: '/usr/local/bin' + # Local path to stash the archive and its extraction -alertmanager_archive_path: /tmp +alertmanager_local_cache_path: "/tmp/alertmanager-{{ ansible_system | lower }}-{{ _alertmanager_go_ansible_arch }}/{{ alertmanager_version }}" + +alertmanager_system_user: alertmanager +alertmanager_system_group: "{{ alertmanager_system_user }}" diff --git a/roles/alertmanager/meta/argument_specs.yml b/roles/alertmanager/meta/argument_specs.yml index a16b2e224..789e2cb84 100644 --- a/roles/alertmanager/meta/argument_specs.yml +++ b/roles/alertmanager/meta/argument_specs.yml @@ -11,18 +11,9 @@ argument_specs: alertmanager_version: description: "Alertmanager package version. Also accepts `latest` as parameter." default: 0.27.0 - alertmanager_skip_install: - description: "Alertmanager installation tasks gets skipped when set to true." - type: bool - default: false - alertmanager_binary_local_dir: - description: - - "Allows to use local packages instead of ones distributed on github." - - "As parameter it takes a directory where C(alertmanager) AND C(amtool) binaries are stored on host on which ansible is ran." - - "This overrides I(alertmanager_version) parameter" alertmanager_binary_url: description: "URL of the alertmanager binaries .tar.gz file" - default: "https://github.com/{{ _alertmanager_repo }}/releases/download/v{{ alertmanager_version }}/alertmanager-{{ alertmanager_version }}.linux-{{ go_arch }}.tar.gz" + default: "https://github.com/{{ _alertmanager_repo }}/releases/download/v{{ alertmanager_version }}/alertmanager-{{ alertmanager_version }}.{{ ansible_system | lower }}-{{ _alertmanager_go_ansible_arch }}.tar.gz" alertmanager_checksums_url: description: "URL of the alertmanager checksums file" default: "https://github.com/{{ _alertmanager_repo }}/releases/download/v{{ alertmanager_version }}/sha256sums.txt" @@ -32,6 +23,11 @@ argument_specs: alertmanager_web_external_url: description: "External address on which alertmanager is available. Useful when behind reverse proxy. Ex. example.org/alertmanager" default: "http://localhost:9093/" + alertmanager_binary_install_dir: + description: + - "I(Advanced)" + - "Directory to install binaries" + default: "/usr/local/bin" alertmanager_config_dir: description: "Path to directory with alertmanager configuration" default: "/etc/alertmanager" @@ -110,6 +106,16 @@ argument_specs: alertmanager_amtool_config_output: description: 'Extended output, use C("") for simple output.' default: "extended" - alertmanager_archive_path: + alertmanager_local_cache_path: description: 'Local path to stash the archive and its extraction' - default: "/tmp" + default: "/tmp/alertmanager-{{ ansible_system | lower }}-{{ _alertmanager_go_ansible_arch }}/{{ alertmanager_version }}" + alertmanager_system_user: + description: + - "I(Advanced)" + - "alertmanager system user" + default: alertmanager + alertmanager_system_group: + description: + - "I(Advanced)" + - "System group for alertmanager" + default: alertmanager diff --git a/roles/alertmanager/molecule/alternative/molecule.yml b/roles/alertmanager/molecule/alternative/molecule.yml index 70f0d82df..a1e109e77 100644 --- a/roles/alertmanager/molecule/alternative/molecule.yml +++ b/roles/alertmanager/molecule/alternative/molecule.yml @@ -5,7 +5,8 @@ provisioner: inventory: group_vars: all: - alertmanager_binary_local_dir: '/tmp/alertmanager-linux-amd64' + alertmanager_version: 0.25.0 + alertmanager_local_cache_path: "/tmp/alertmanager-linux-amd64/{{ alertmanager_version }}" alertmanager_config_dir: /opt/am/etc alertmanager_db_dir: /opt/am/lib alertmanager_web_listen_address: @@ -35,6 +36,5 @@ provisioner: peers: - "127.0.0.1:6783" - "alertmanager.demo.do.prometheus.io:6783" - alertmanager_version: 0.25.0 alertmanager_binary_url: "https://github.com/prometheus/alertmanager/releases/download/v{{ alertmanager_version\ \ }}/alertmanager-{{ alertmanager_version }}.linux-amd64.tar.gz" diff --git a/roles/alertmanager/tasks/configure.yml b/roles/alertmanager/tasks/configure.yml index 806c14b89..437fcac81 100644 --- a/roles/alertmanager/tasks/configure.yml +++ b/roles/alertmanager/tasks/configure.yml @@ -1,44 +1,79 @@ --- +- name: "Common configure" + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: configure.yml + vars: + _common_system_user: "{{ alertmanager_system_user }}" + _common_system_group: "{{ alertmanager_system_group }}" + _common_config_dir: "{{ alertmanager_config_dir }}" + tags: + - alertmanager + - configure + - alertmanager_configure + +- name: Create alertmanager directories + ansible.builtin.file: + path: "{{ item }}" + state: directory + owner: "{{ alertmanager_system_user }}" + group: "{{ alertmanager_system_group }}" + mode: 0755 + loop: + - "{{ alertmanager_config_dir }}/templates" + - "{{ alertmanager_db_dir }}" + - "{{ _alertmanager_amtool_config_dir }}" + become: true + tags: + - alertmanager + - configure + - alertmanager_configure + - name: Copy amtool config ansible.builtin.template: force: true src: "{{ alertmanager_amtool_config_file }}" dest: "{{ _alertmanager_amtool_config_dir }}/config.yml" - owner: alertmanager - group: alertmanager + owner: "{{ alertmanager_system_user }}" + group: "{{ alertmanager_system_group }}" mode: 0644 + become: true + tags: + - alertmanager + - configure + - alertmanager_configure - name: Copy alertmanager config ansible.builtin.template: force: true src: "{{ alertmanager_config_file }}" dest: "{{ alertmanager_config_dir }}/alertmanager.yml" - owner: alertmanager - group: alertmanager + owner: "{{ alertmanager_system_user }}" + group: "{{ alertmanager_system_group }}" mode: 0644 - validate: "{{ _alertmanager_binary_install_dir }}/amtool check-config %s" + validate: "{{ alertmanager_binary_install_dir }}/amtool check-config %s" no_log: "{{ false if (lookup('env', 'CI')) or (lookup('env', 'MOLECULE_PROVISIONER_NAME')) else true }}" + become: true notify: - restart alertmanager - -- name: Create systemd service unit - ansible.builtin.template: - src: alertmanager.service.j2 - dest: /etc/systemd/system/alertmanager.service - owner: root - group: root - mode: 0644 - notify: - - restart alertmanager + tags: + - alertmanager + - configure + - alertmanager_configure - name: Copy alertmanager template files ansible.builtin.copy: src: "{{ item }}" dest: "{{ alertmanager_config_dir }}/templates/" force: true - owner: alertmanager - group: alertmanager + owner: "{{ alertmanager_system_user }}" + group: "{{ alertmanager_system_group }}" mode: 0644 with_fileglob: "{{ alertmanager_template_files }}" + become: true notify: - restart alertmanager + tags: + - alertmanager + - configure + - alertmanager_configure diff --git a/roles/alertmanager/tasks/install.yml b/roles/alertmanager/tasks/install.yml deleted file mode 100644 index 7f9b47d03..000000000 --- a/roles/alertmanager/tasks/install.yml +++ /dev/null @@ -1,87 +0,0 @@ ---- -- name: Create alertmanager system group - ansible.builtin.group: - name: alertmanager - system: true - state: present - -- name: Create alertmanager system user - ansible.builtin.user: - name: alertmanager - system: true - shell: "/usr/sbin/nologin" - group: alertmanager - createhome: false - -- name: Create alertmanager directories - ansible.builtin.file: - path: "{{ item }}" - state: directory - owner: alertmanager - group: alertmanager - mode: 0755 - with_items: - - "{{ alertmanager_config_dir }}" - - "{{ alertmanager_config_dir }}/templates" - - "{{ alertmanager_db_dir }}" - - "{{ _alertmanager_amtool_config_dir }}" - -- name: Get binary - when: - - alertmanager_binary_local_dir | length == 0 - - not alertmanager_skip_install - block: - - - name: Download alertmanager binary to local folder - become: false - ansible.builtin.get_url: - url: "{{ alertmanager_binary_url }}" - dest: "{{ alertmanager_archive_path }}/alertmanager-{{ alertmanager_version }}.linux-{{ go_arch }}.tar.gz" - checksum: "sha256:{{ __alertmanager_checksum }}" - mode: 0644 - register: _download_archive - until: _download_archive is succeeded - retries: 5 - delay: 2 - # run_once: true # <-- this can't be set due to multi-arch support - delegate_to: localhost - check_mode: false - - - name: Unpack alertmanager binaries - become: false - ansible.builtin.unarchive: - src: "{{ alertmanager_archive_path }}/alertmanager-{{ alertmanager_version }}.linux-{{ go_arch }}.tar.gz" - dest: "{{ alertmanager_archive_path }}" - mode: 0755 - creates: "{{ alertmanager_archive_path }}/alertmanager-{{ alertmanager_version }}.linux-{{ go_arch }}/alertmanager" - delegate_to: localhost - check_mode: false - - - name: Propagate official alertmanager and amtool binaries - ansible.builtin.copy: - src: "{{ alertmanager_archive_path }}/alertmanager-{{ alertmanager_version }}.linux-{{ go_arch }}/{{ item }}" - dest: "{{ _alertmanager_binary_install_dir }}/{{ item }}" - mode: 0755 - owner: root - group: root - with_items: - - alertmanager - - amtool - notify: - - restart alertmanager - -- name: Propagate locally distributed alertmanager and amtool binaries - ansible.builtin.copy: - src: "{{ alertmanager_binary_local_dir }}/{{ item }}" - dest: "{{ _alertmanager_binary_install_dir }}/{{ item }}" - mode: 0755 - owner: root - group: root - with_items: - - alertmanager - - amtool - when: - - alertmanager_binary_local_dir | length > 0 - - not alertmanager_skip_install - notify: - - restart alertmanager diff --git a/roles/alertmanager/tasks/main.yml b/roles/alertmanager/tasks/main.yml index 65a0d298c..902a316d9 100644 --- a/roles/alertmanager/tasks/main.yml +++ b/roles/alertmanager/tasks/main.yml @@ -2,56 +2,48 @@ - name: Preflight ansible.builtin.include_tasks: file: preflight.yml - apply: - tags: - - alertmanager_install - - alertmanager_configure - - alertmanager_run tags: + - alertmanager + - install + - configure - alertmanager_install - alertmanager_configure - - alertmanager_run - name: Install - ansible.builtin.include_tasks: - file: install.yml - apply: - become: true - tags: - - alertmanager_install + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: install.yml + vars: + _common_local_cache_path: "{{ alertmanager_local_cache_path }}" + _common_binaries: "{{ _alertmanager_binaries }}" + _common_binary_install_dir: "{{ alertmanager_binary_install_dir }}" + _common_binary_url: "{{ alertmanager_binary_url }}" + _common_checksums_url: "{{ alertmanager_checksums_url }}" + _common_system_group: "{{ alertmanager_system_group }}" + _common_system_user: "{{ alertmanager_system_user }}" + _common_config_dir: "{{ alertmanager_config_dir }}" + _common_binary_unarchive_opts: ['--strip-components=1'] tags: + - alertmanager + - install - alertmanager_install - name: SELinux - ansible.builtin.include_tasks: - file: selinux.yml - apply: - become: true - tags: - - alertmanager_configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: selinux.yml + vars: + _common_selinux_port: "{{ alertmanager_web_listen_address | urlsplit('port') }}" when: ansible_selinux.status == "enabled" tags: + - alertmanager + - configure - alertmanager_configure - name: Configure ansible.builtin.include_tasks: file: configure.yml - apply: - become: true - tags: - - alertmanager_configure tags: + - alertmanager + - configure - alertmanager_configure - -- name: Ensure alertmanager service is started and enabled - become: true - ansible.builtin.systemd: - daemon_reload: true - name: alertmanager - state: started - enabled: true - tags: - - alertmanager_run - -- name: Flush alertmangaer handlers after run. - ansible.builtin.meta: flush_handlers diff --git a/roles/alertmanager/tasks/preflight.yml b/roles/alertmanager/tasks/preflight.yml index c68b1293d..ea6f2a33a 100644 --- a/roles/alertmanager/tasks/preflight.yml +++ b/roles/alertmanager/tasks/preflight.yml @@ -1,24 +1,8 @@ --- -- name: Assert usage of systemd as an init system - ansible.builtin.assert: - that: ansible_service_mgr == 'systemd' - msg: "This module only works with systemd" - -- name: Install package fact dependencies - become: true - ansible.builtin.package: - name: "{{ _pkg_fact_req }}" - state: present - when: (_pkg_fact_req) - vars: - _pkg_fact_req: "{% if (ansible_pkg_mgr == 'apt') %}\ - {{ ('python-apt' if ansible_python_version is version('3', '<') else 'python3-apt') }} - {% else %}\ - {% endif %}" - -- name: Gather package facts - ansible.builtin.package_facts: - when: "not 'packages' in ansible_facts" +- name: Common preflight + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: preflight.yml - name: Assert that used version supports listen address type ansible.builtin.assert: @@ -50,28 +34,12 @@ retries: 10 when: - alertmanager_version == "latest" - - alertmanager_binary_local_dir | length == 0 - - not alertmanager_skip_install - -- name: Get alertmanager binary checksum - when: - - alertmanager_binary_local_dir | length == 0 - - not alertmanager_skip_install - block: - - name: "Get checksum list" - ansible.builtin.set_fact: - __alertmanager_checksums: "{{ lookup('url', alertmanager_checksums_url, headers=_github_api_headers, wantlist=True) | list }}" - run_once: true - until: __alertmanager_checksums is search('linux-' + go_arch + '.tar.gz') - retries: 10 - - - name: "Get checksum for {{ go_arch }}" - ansible.builtin.set_fact: - __alertmanager_checksum: "{{ item.split(' ')[0] }}" - with_items: "{{ __alertmanager_checksums }}" - when: - - "('linux-' + go_arch + '.tar.gz') in item" - + tags: + - alertmanager + - install + - alertmanager_install + - download + - alertmanager_download - name: Fail when extra config flags are duplicating ansible variables ansible.builtin.fail: diff --git a/roles/alertmanager/tasks/selinux.yml b/roles/alertmanager/tasks/selinux.yml deleted file mode 100644 index 754cbd0a2..000000000 --- a/roles/alertmanager/tasks/selinux.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Install selinux python packages [RedHat] - ansible.builtin.package: - name: "{{ ['libselinux-python', 'policycoreutils-python'] - if ansible_python_version is version('3', '<') else - ['python3-libselinux', 'python3-policycoreutils'] }}" - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: ansible_os_family | lower == "redhat" - -- name: Install selinux python packages [clearlinux] - ansible.builtin.package: - name: sysadmin-basic - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: - - ansible_distribution | lower == "clearlinux" diff --git a/roles/alertmanager/templates/alertmanager.service.j2 b/roles/alertmanager/templates/alertmanager.service.j2 index 34ffdba75..8c934fad6 100644 --- a/roles/alertmanager/templates/alertmanager.service.j2 +++ b/roles/alertmanager/templates/alertmanager.service.j2 @@ -21,7 +21,7 @@ PIDFile=/var/run/alertmanager.pid User=alertmanager Group=alertmanager ExecReload=/bin/kill -HUP $MAINPID -ExecStart={{ _alertmanager_binary_install_dir }}/alertmanager \ +ExecStart={{ alertmanager_binary_install_dir }}/alertmanager \ {% for option, value in (alertmanager_cluster.items() | sort) %} {% if option == "peers" %} {% for peer in value %} diff --git a/roles/alertmanager/vars/main.yml b/roles/alertmanager/vars/main.yml index 07ada7399..e5bfb48ad 100644 --- a/roles/alertmanager/vars/main.yml +++ b/roles/alertmanager/vars/main.yml @@ -1,15 +1,14 @@ --- -go_arch_map: - i386: '386' - x86_64: 'amd64' - aarch64: 'arm64' - armv7l: 'armv7' - armv6l: 'armv6' - -go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}" -_alertmanager_binary_install_dir: '/usr/local/bin' +_alertmanager_go_ansible_arch: "{{ {'i386': '386', + 'x86_64': 'amd64', + 'aarch64': 'arm64', + 'armv7l': 'armv7', + 'armv6l': 'armv6'}.get(ansible_architecture, ansible_architecture) }}" # The expected location of the amtool configuration file _alertmanager_amtool_config_dir: '/etc/amtool' _alertmanager_repo: "prometheus/alertmanager" _github_api_headers: "{{ {'GITHUB_TOKEN': lookup('ansible.builtin.env', 'GITHUB_TOKEN')} if (lookup('ansible.builtin.env', 'GITHUB_TOKEN')) else {} }}" +_alertmanager_binaries: + - alertmanager + - amtool From bc290813a40dcd96ee9056765d3b163cdf76f5d8 Mon Sep 17 00:00:00 2001 From: gardar Date: Tue, 15 Oct 2024 17:01:51 +0000 Subject: [PATCH 03/24] refactor(bind_exporter): delegate common tasks to _common role Signed-off-by: gardar --- roles/bind_exporter/defaults/main.yml | 10 +-- roles/bind_exporter/meta/argument_specs.yml | 16 ++--- .../molecule/alternative/molecule.yml | 7 +- .../molecule/default/tests/test_default.py | 1 - roles/bind_exporter/tasks/configure.yml | 42 ----------- roles/bind_exporter/tasks/install.yml | 71 ------------------- roles/bind_exporter/tasks/main.yml | 59 ++++++++------- roles/bind_exporter/tasks/preflight.yml | 68 +++--------------- roles/bind_exporter/tasks/selinux.yml | 23 ------ .../templates/bind_exporter.service.j2 | 2 +- .../templates/web_config.yaml.j2 | 18 ----- roles/bind_exporter/vars/main.yml | 15 ++-- 12 files changed, 59 insertions(+), 273 deletions(-) delete mode 100644 roles/bind_exporter/tasks/configure.yml delete mode 100644 roles/bind_exporter/tasks/install.yml delete mode 100644 roles/bind_exporter/tasks/selinux.yml delete mode 100644 roles/bind_exporter/templates/web_config.yaml.j2 diff --git a/roles/bind_exporter/defaults/main.yml b/roles/bind_exporter/defaults/main.yml index b5146697a..4a30b618b 100644 --- a/roles/bind_exporter/defaults/main.yml +++ b/roles/bind_exporter/defaults/main.yml @@ -1,10 +1,8 @@ --- bind_exporter_version: 0.7.0 -bind_exporter_binary_local_dir: "" bind_exporter_binary_url: "https://github.com/{{ _bind_exporter_repo }}/releases/download/v{{ bind_exporter_version }}/\ - bind_exporter-{{ bind_exporter_version }}.linux-{{ go_arch }}.tar.gz" + bind_exporter-{{ bind_exporter_version }}.{{ ansible_system | lower }}-{{ _bind_exporter_go_ansible_arch }}.tar.gz" bind_exporter_checksums_url: "https://github.com/{{ _bind_exporter_repo }}/releases/download/v{{ bind_exporter_version }}/sha256sums.txt" -bind_exporter_skip_install: false bind_exporter_web_listen_address: "0.0.0.0:9119" bind_exporter_web_telemetry_path: "/metrics" @@ -20,7 +18,9 @@ bind_exporter_http_server_config: {} bind_exporter_basic_auth_users: {} # Internal variables. -bind_exporter_binary_install_dir: "/usr/local/bin" -bind_exporter_config_dir: "/etc/bind_exporter" bind_exporter_system_group: "bind-exp" bind_exporter_system_user: "{{ bind_exporter_system_group }}" +bind_exporter_binary_install_dir: "/usr/local/bin" + +bind_exporter_config_dir: "/etc/bind_exporter" +bind_exporter_local_cache_path: "/tmp/bind_exporter-{{ ansible_system | lower }}-{{ _bind_exporter_go_ansible_arch }}/{{ bind_exporter_version }}" diff --git a/roles/bind_exporter/meta/argument_specs.yml b/roles/bind_exporter/meta/argument_specs.yml index 4cfdebc0b..49036bcee 100644 --- a/roles/bind_exporter/meta/argument_specs.yml +++ b/roles/bind_exporter/meta/argument_specs.yml @@ -11,18 +11,9 @@ argument_specs: bind_exporter_version: description: "BIND exporter package version. Also accepts latest as parameter." default: "0.7.0" - bind_exporter_skip_install: - description: "BIND installation tasks gets skipped when set to true." - type: bool - default: false - bind_exporter_binary_local_dir: - description: - - "Enables the use of local packages instead of those distributed on github." - - "The parameter may be set to a directory where the C(bind_exporter) binary is stored on the host where ansible is run." - - "This overrides the I(bind_exporter_version) parameter" bind_exporter_binary_url: description: "URL of the bind_exporter binaries .tar.gz file" - default: "https://github.com/{{ _bind_exporter_repo }}/download/v{{ bind_exporter_version }}/bind_exporter-{{ bind_exporter_version }}.linux-{{ go_arch }}.tar.gz" + default: "https://github.com/{{ _bind_exporter_repo }}/releases/download/v{{ bind_exporter_version }}/bind_exporter-{{ bind_exporter_version }}.{{ ansible_system | lower }}-{{ _bind_exporter_go_ansible_arch }}.tar.gz" bind_exporter_checksums_url: description: "URL of the bind_exporter checksums file" default: "https://github.com/{{ _bind_exporter_repo }}/releases/download/v{{ bind_exporter_version }}/sha256sums.txt" @@ -33,7 +24,7 @@ argument_specs: description: "Path under which to expose metrics" default: "/metrics" bind_exporter_config_dir: - description: "The path where exporter configuration is stored" + description: "Path to directory with bind_exporter configuration" default: "/etc/bind_exporter" bind_exporter_stats_url: description: "HTTP XML API address of BIND server" @@ -88,3 +79,6 @@ argument_specs: - "I(Advanced)" - "BIND Exporter user" default: "bind-exp" + bind_exporter_local_cache_path: + description: "Local path to stash the archive and its extraction" + default: "/tmp/bind_exporter-{{ ansible_system | lower }}-{{ _bind_exporter_go_ansible_arch }}/{{ bind_exporter_version }}" diff --git a/roles/bind_exporter/molecule/alternative/molecule.yml b/roles/bind_exporter/molecule/alternative/molecule.yml index ddd0ed6f6..73f940ba2 100644 --- a/roles/bind_exporter/molecule/alternative/molecule.yml +++ b/roles/bind_exporter/molecule/alternative/molecule.yml @@ -5,7 +5,8 @@ provisioner: inventory: group_vars: all: - bind_exporter_binary_local_dir: "/tmp/bind_exporter-linux-amd64" + bind_exporter_version: 0.7.0 + bind_exporter_local_cache_path: "/tmp/bind_exporter-linux-amd64/{{ bind_exporter_version }}" bind_exporter_web_listen_address: - '127.0.0.1:8080' - '127.0.1.1:8080' @@ -19,8 +20,6 @@ provisioner: http2: true bind_exporter_basic_auth_users: randomuser: examplepassword - go_arch: amd64 - bind_exporter_version: 0.7.0 bind_exporter_binary_url: "https://github.com/prometheus-community/bind_exporter/releases/download/v{{\ \ bind_exporter_version }}/bind_exporter-{{ bind_exporter_version\ - \ }}.linux-{{ go_arch }}.tar.gz" + \ }}.linux-amd64.tar.gz" diff --git a/roles/bind_exporter/molecule/default/tests/test_default.py b/roles/bind_exporter/molecule/default/tests/test_default.py index 18b149e70..70a960aed 100644 --- a/roles/bind_exporter/molecule/default/tests/test_default.py +++ b/roles/bind_exporter/molecule/default/tests/test_default.py @@ -46,7 +46,6 @@ def test_user(host): assert host.group("bind-exp").exists assert "bind-exp" in host.user("bind-exp").groups assert host.user("bind-exp").shell == "/usr/sbin/nologin" - assert host.user("bind-exp").home == "/" def test_service(host): diff --git a/roles/bind_exporter/tasks/configure.yml b/roles/bind_exporter/tasks/configure.yml deleted file mode 100644 index 4b7841e85..000000000 --- a/roles/bind_exporter/tasks/configure.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- -- name: Copy the bind_exporter systemd service file - ansible.builtin.template: - src: bind_exporter.service.j2 - dest: /etc/systemd/system/bind_exporter.service - owner: root - group: root - mode: '0644' - notify: restart bind_exporter - -- name: Create bind_exporter config directory - ansible.builtin.file: - path: "{{ bind_exporter_config_dir }}" - state: directory - owner: root - group: root - mode: u+rwX,g+rwX,o=rX - -- name: Configure bind_exporter web config - when: - ( bind_exporter_tls_server_config | length > 0 ) or - ( bind_exporter_http_server_config | length > 0 ) or - ( bind_exporter_basic_auth_users | length > 0 ) - block: - - name: Copy the bind_exporter web config file - ansible.builtin.template: - src: web_config.yaml.j2 - dest: "{{ bind_exporter_config_dir }}/web_config.yaml" - owner: root - group: '{{ bind_exporter_system_group }}' - mode: '0640' - notify: restart bind_exporter - -- name: Allow bind_exporter port in SELinux on RedHat OS family - community.general.seport: - ports: "{{ bind_exporter_web_listen_address.split(':')[-1] }}" - proto: tcp - setype: http_port_t - state: present - when: - - ansible_version.full is version_compare('2.4', '>=') - - ansible_selinux.status == "enabled" diff --git a/roles/bind_exporter/tasks/install.yml b/roles/bind_exporter/tasks/install.yml deleted file mode 100644 index 6f835dab2..000000000 --- a/roles/bind_exporter/tasks/install.yml +++ /dev/null @@ -1,71 +0,0 @@ ---- -- name: Create the bind_exporter group - ansible.builtin.group: - name: "{{ bind_exporter_system_group }}" - state: present - system: true - when: bind_exporter_system_group not in ["root"] - -- name: Create the bind_exporter user - ansible.builtin.user: - name: "{{ bind_exporter_system_user }}" - groups: "{{ bind_exporter_system_group }}" - append: true - shell: /usr/sbin/nologin - system: true - create_home: false - home: / - when: bind_exporter_system_user not in ["root"] - -- name: Get binary - when: - - bind_exporter_binary_local_dir | length == 0 - - not bind_exporter_skip_install - block: - - - name: Download bind_exporter binary to local folder - become: false - ansible.builtin.get_url: - url: "{{ bind_exporter_binary_url }}" - dest: "/tmp/bind_exporter-{{ bind_exporter_version }}.linux-{{ go_arch }}.tar.gz" - checksum: "sha256:{{ __bind_exporter_checksum }}" - mode: '0644' - register: _download_binary - until: _download_binary is succeeded - retries: 5 - delay: 2 - delegate_to: localhost - check_mode: false - - - name: Unpack bind_exporter binary - become: false - ansible.builtin.unarchive: - src: "/tmp/bind_exporter-{{ bind_exporter_version }}.linux-{{ go_arch }}.tar.gz" - dest: "/tmp" - creates: "/tmp/bind_exporter-{{ bind_exporter_version }}.linux-{{ go_arch }}/bind_exporter" - extra_opts: - - --no-same-owner - delegate_to: localhost - check_mode: false - - - name: Propagate bind_exporter binaries - ansible.builtin.copy: - src: "/tmp/bind_exporter-{{ bind_exporter_version }}.linux-{{ go_arch }}/bind_exporter" - dest: "{{ bind_exporter_binary_install_dir }}/bind_exporter" - mode: '0755' - owner: root - group: root - notify: restart bind_exporter - when: not ansible_check_mode - -- name: Propagate locally distributed bind_exporter binary - ansible.builtin.copy: - src: "{{ bind_exporter_binary_local_dir }}/bind_exporter" - dest: "{{ bind_exporter_binary_install_dir }}/bind_exporter" - mode: '0755' - owner: root - group: root - when: - - bind_exporter_binary_local_dir | length > 0 - - not bind_exporter_skip_install - notify: restart bind_exporter diff --git a/roles/bind_exporter/tasks/main.yml b/roles/bind_exporter/tasks/main.yml index 6dc4ac9c2..fcf502183 100644 --- a/roles/bind_exporter/tasks/main.yml +++ b/roles/bind_exporter/tasks/main.yml @@ -2,51 +2,50 @@ - name: Preflight ansible.builtin.include_tasks: file: preflight.yml - apply: - tags: - - bind_exporter_install - - bind_exporter_configure - - bind_exporter_run tags: - bind_exporter_install - bind_exporter_configure - bind_exporter_run - name: Install - ansible.builtin.include_tasks: - file: install.yml - apply: - become: true - tags: - - bind_exporter_install - when: - ( not __bind_exporter_is_installed.stat.exists ) or - ( (__bind_exporter_current_version_output.stderr_lines | length > 0) - and (__bind_exporter_current_version_output.stderr_lines[0].split(" ")[2] != bind_exporter_version) ) or - ( (__bind_exporter_current_version_output.stdout_lines | length > 0) - and (__bind_exporter_current_version_output.stdout_lines[0].split(" ")[2] != bind_exporter_version) ) or - ( bind_exporter_binary_local_dir | length > 0 ) + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: install.yml + vars: + _common_local_cache_path: "{{ bind_exporter_local_cache_path }}" + _common_binaries: "{{ _bind_exporter_binaries }}" + _common_binary_install_dir: "{{ bind_exporter_binary_install_dir }}" + _common_binary_url: "{{ bind_exporter_binary_url }}" + _common_checksums_url: "{{ bind_exporter_checksums_url }}" + _common_system_group: "{{ bind_exporter_system_group }}" + _common_system_user: "{{ bind_exporter_system_user }}" + _common_config_dir: "{{ bind_exporter_config_dir }}" + _common_binary_unarchive_opts: ['--strip-components=1'] tags: - bind_exporter_install - name: SELinux - ansible.builtin.include_tasks: - file: selinux.yml - apply: - become: true - tags: - - bind_exporter_configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: selinux.yml + vars: + _common_selinux_port: "{{ bind_exporter_web_listen_address | urlsplit('port') }}" when: ansible_selinux.status == "enabled" tags: - bind_exporter_configure + - name: Configure - ansible.builtin.include_tasks: - file: configure.yml - apply: - become: true - tags: - - bind_exporter_configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: configure.yml + vars: + _common_system_user: "{{ bind_exporter_system_user }}" + _common_system_group: "{{ bind_exporter_system_group }}" + _common_config_dir: "{{ bind_exporter_config_dir }}" + _common_tls_server_config: "{{ bind_exporter_tls_server_config }}" + _common_http_server_config: "{{ bind_exporter_http_server_config }}" + _common_basic_auth_users: "{{ bind_exporter_basic_auth_users }}" tags: - bind_exporter_configure diff --git a/roles/bind_exporter/tasks/preflight.yml b/roles/bind_exporter/tasks/preflight.yml index a130762c0..82ff04faf 100644 --- a/roles/bind_exporter/tasks/preflight.yml +++ b/roles/bind_exporter/tasks/preflight.yml @@ -1,24 +1,8 @@ --- -- name: Assert usage of systemd as an init system - ansible.builtin.assert: - that: ansible_service_mgr == 'systemd' - msg: "This role only works with systemd" - -- name: Install package fact dependencies - become: true - ansible.builtin.package: - name: "{{ _pkg_fact_req }}" - state: present - when: (_pkg_fact_req) - vars: - _pkg_fact_req: "{% if (ansible_pkg_mgr == 'apt') %}\ - {{ ('python-apt' if ansible_python_version is version('3', '<') else 'python3-apt') }} - {% else %}\ - {% endif %}" - -- name: Gather package facts - ansible.builtin.package_facts: - when: "not 'packages' in ansible_facts" +- name: Common preflight + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: preflight.yml - name: Naive assertion of proper listen address ansible.builtin.assert: @@ -55,23 +39,6 @@ - "__bind_exporter_cert_file.stat.exists" - "__bind_exporter_key_file.stat.exists" -- name: Check if bind_exporter is installed - ansible.builtin.stat: - path: "{{ bind_exporter_binary_install_dir }}/bind_exporter" - register: __bind_exporter_is_installed - check_mode: false - tags: - - bind_exporter_install - -- name: Gather currently installed bind_exporter version (if any) - ansible.builtin.command: "{{ bind_exporter_binary_install_dir }}/bind_exporter --version" - changed_when: false - register: __bind_exporter_current_version_output - check_mode: false - when: __bind_exporter_is_installed.stat.exists - tags: - - bind_exporter_install - - name: Discover latest version ansible.builtin.set_fact: bind_exporter_version: "{{ (lookup('url', 'https://api.github.com/repos/{{ _bind_exporter_repo }}/releases/latest', headers=_github_api_headers, @@ -81,24 +48,9 @@ retries: 10 when: - bind_exporter_version == "latest" - - bind_exporter_binary_local_dir | length == 0 - - not bind_exporter_skip_install - -- name: Get bind_exporter binary checksum - when: - - bind_exporter_binary_local_dir | length == 0 - - not bind_exporter_skip_install - block: - - name: Get checksum list from github - ansible.builtin.set_fact: - __bind_exporter_checksums: "{{ lookup('url', bind_exporter_checksums_url, headers=_github_api_headers, wantlist=True) | list }}" - run_once: true - until: __bind_exporter_checksums is search('linux-' + go_arch + '.tar.gz') - retries: 10 - - - name: "Get checksum for {{ go_arch }}" - ansible.builtin.set_fact: - __bind_exporter_checksum: "{{ item.split(' ')[0] }}" - with_items: "{{ __bind_exporter_checksums }}" - when: - - "('linux-' + go_arch + '.tar.gz') in item" + tags: + - bind_exporter + - install + - bind_exporter_install + - download + - bind_exporter_download diff --git a/roles/bind_exporter/tasks/selinux.yml b/roles/bind_exporter/tasks/selinux.yml deleted file mode 100644 index 754cbd0a2..000000000 --- a/roles/bind_exporter/tasks/selinux.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Install selinux python packages [RedHat] - ansible.builtin.package: - name: "{{ ['libselinux-python', 'policycoreutils-python'] - if ansible_python_version is version('3', '<') else - ['python3-libselinux', 'python3-policycoreutils'] }}" - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: ansible_os_family | lower == "redhat" - -- name: Install selinux python packages [clearlinux] - ansible.builtin.package: - name: sysadmin-basic - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: - - ansible_distribution | lower == "clearlinux" diff --git a/roles/bind_exporter/templates/bind_exporter.service.j2 b/roles/bind_exporter/templates/bind_exporter.service.j2 index ab5624ef6..b2896d605 100644 --- a/roles/bind_exporter/templates/bind_exporter.service.j2 +++ b/roles/bind_exporter/templates/bind_exporter.service.j2 @@ -13,7 +13,7 @@ ExecStart={{ bind_exporter_binary_install_dir }}/bind_exporter \ --bind.stats-groups="{{ bind_exporter_stats_groups | join(',') }}" \ {% endif %} {% if bind_exporter_tls_server_config | length > 0 or bind_exporter_http_server_config | length > 0 or bind_exporter_basic_auth_users | length > 0 %} - --web.config.file={{ bind_exporter_config_dir }}/web_config.yaml \ + --web.config.file={{ bind_exporter_config_dir }}/web_config.yml \ {% endif %} --bind.stats-url="{{ bind_exporter_stats_url }}" \ --bind.timeout="{{ bind_exporter_timeout }}" \ diff --git a/roles/bind_exporter/templates/web_config.yaml.j2 b/roles/bind_exporter/templates/web_config.yaml.j2 deleted file mode 100644 index cf458e424..000000000 --- a/roles/bind_exporter/templates/web_config.yaml.j2 +++ /dev/null @@ -1,18 +0,0 @@ ---- -{{ ansible_managed | comment }} -{% if bind_exporter_tls_server_config | length > 0 %} -tls_server_config: -{{ bind_exporter_tls_server_config | to_nice_yaml | indent(2, true) }} -{% endif %} - -{% if bind_exporter_http_server_config | length > 0 %} -http_server_config: -{{ bind_exporter_http_server_config | to_nice_yaml | indent(2, true) }} -{% endif %} - -{% if bind_exporter_basic_auth_users | length > 0 %} -basic_auth_users: -{% for k, v in bind_exporter_basic_auth_users.items() %} - {{ k }}: {{ v | string | password_hash('bcrypt', ('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890' | shuffle(seed=inventory_hostname) | join)[:22], rounds=9) }} -{% endfor %} -{% endif %} diff --git a/roles/bind_exporter/vars/main.yml b/roles/bind_exporter/vars/main.yml index 40eba5dba..5460cb663 100644 --- a/roles/bind_exporter/vars/main.yml +++ b/roles/bind_exporter/vars/main.yml @@ -1,12 +1,9 @@ --- -go_arch_map: - i386: '386' - x86_64: 'amd64' - aarch64: 'arm64' - armv7l: 'armv7' - armv6l: 'armv6' - -go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}" - +_bind_exporter_go_ansible_arch: "{{ {'i386': '386', + 'x86_64': 'amd64', + 'aarch64': 'arm64', + 'armv7l': 'armv7', + 'armv6l': 'armv6'}.get(ansible_architecture, ansible_architecture) }}" _bind_exporter_repo: "prometheus-community/bind_exporter" _github_api_headers: "{{ {'GITHUB_TOKEN': lookup('ansible.builtin.env', 'GITHUB_TOKEN')} if (lookup('ansible.builtin.env', 'GITHUB_TOKEN')) else {} }}" +_bind_exporter_binaries: ['bind_exporter'] From bf1d349d0293714796202cb2be8f132af3913972 Mon Sep 17 00:00:00 2001 From: gardar Date: Tue, 15 Oct 2024 17:02:22 +0000 Subject: [PATCH 04/24] refactor(blackbox_exporter): delegate common tasks to _common role Signed-off-by: gardar --- roles/blackbox_exporter/defaults/main.yml | 16 ++-- .../blackbox_exporter/meta/argument_specs.yml | 23 ++--- roles/blackbox_exporter/tasks/configure.yml | 58 ++++++++---- roles/blackbox_exporter/tasks/install.yml | 90 ------------------- roles/blackbox_exporter/tasks/main.yml | 38 ++++---- roles/blackbox_exporter/tasks/preflight.yml | 53 +++-------- .../templates/blackbox_exporter.service.j2 | 4 +- roles/blackbox_exporter/vars/main.yml | 18 ++-- 8 files changed, 101 insertions(+), 199 deletions(-) delete mode 100644 roles/blackbox_exporter/tasks/install.yml diff --git a/roles/blackbox_exporter/defaults/main.yml b/roles/blackbox_exporter/defaults/main.yml index e94ed4d59..ae9d04f9d 100644 --- a/roles/blackbox_exporter/defaults/main.yml +++ b/roles/blackbox_exporter/defaults/main.yml @@ -1,16 +1,13 @@ --- blackbox_exporter_version: 0.25.0 -blackbox_exporter_binary_local_dir: "" blackbox_exporter_binary_url: "https://github.com/{{ _blackbox_exporter_repo }}/releases/download/v{{ blackbox_exporter_version }}/\ - blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | - default(ansible_architecture) }}.tar.gz" + blackbox_exporter-{{ blackbox_exporter_version }}.{{ ansible_system | lower }}-{{ _blackbox_exporter_go_ansible_arch }}.tar.gz" blackbox_exporter_checksums_url: "https://github.com/{{ _blackbox_exporter_repo }}/releases/download/v{{ blackbox_exporter_version }}/sha256sums.txt" -blackbox_exporter_skip_install: false blackbox_exporter_web_listen_address: "0.0.0.0:9115" -blackbox_exporter_user: blackbox-exp -blackbox_exporter_group: "{{ blackbox_exporter_user }}" +blackbox_exporter_system_user: blackbox-exp +blackbox_exporter_system_group: "{{ blackbox_exporter_system_user }}" blackbox_exporter_cli_flags: {} # blackbox_exporter_cli_flags: @@ -74,7 +71,8 @@ blackbox_exporter_configuration_modules: # Where to put the blackbox_exporter.yml main configuration file blackbox_exporter_config_dir: /etc/blackbox_exporter -blackbox_exporter_binary_install_dir: "/usr/local/bin" - # Local path to stash the archive and its extraction -blackbox_exporter_archive_path: /tmp +blackbox_exporter_local_cache_path: "/tmp/blackbox_exporter-{{ ansible_system | lower }}-{{ _blackbox_exporter_go_ansible_arch }}/\ + {{ blackbox_exporter_version }}" + +blackbox_exporter_binary_install_dir: "/usr/local/bin" diff --git a/roles/blackbox_exporter/meta/argument_specs.yml b/roles/blackbox_exporter/meta/argument_specs.yml index cd954820c..fc83cb41d 100644 --- a/roles/blackbox_exporter/meta/argument_specs.yml +++ b/roles/blackbox_exporter/meta/argument_specs.yml @@ -11,18 +11,9 @@ argument_specs: blackbox_exporter_version: description: "Blackbox exporter package version. Also accepts latest as parameter." default: "0.25.0" - blackbox_exporter_skip_install: - description: "Blackbox exporter installation tasks gets skipped when set to true." - type: bool - default: false - blackbox_exporter_binary_local_dir: - description: - - "Enables the use of local packages instead of those distributed on github." - - "The parameter may be set to a directory where the C(blackbox_exporter) binary is stored on the host where ansible is run." - - "This overrides the I(blackbox_exporter_version) parameter" blackbox_exporter_binary_url: description: "URL of the blackbox_exporter binaries .tar.gz file" - default: "https://github.com/{{ _blackbox_exporter_repo }}/releases/download/v{{ blackbox_exporter_version }}/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}.tar.gz" + default: "https://github.com/{{ _blackbox_exporter_repo }}/releases/download/v{{ blackbox_exporter_version }}/blackbox_exporter-{{ blackbox_exporter_version }}.{{ ansible_system | lower }}-{{ _blackbox_exporter_go_ansible_arch }}.tar.gz" blackbox_exporter_checksums_url: description: "URL of the blackbox exporter checksums file" default: "https://github.com/{{ _blackbox_exporter_repo }}/releases/download/v{{ blackbox_exporter_version }}/sha256sums.txt" @@ -43,19 +34,19 @@ argument_specs: method: GET valid_status_codes: [] blackbox_exporter_config_dir: - description: "Directory where the blackbox exporter configuration file is placed" - default: "/etc" + description: "Path to directory with blackbox_exporter configuration" + default: "/etc/blackbox_exporter" blackbox_exporter_binary_install_dir: description: - "I(Advanced)" - "Directory to install blackbox_exporter binary" default: "/usr/local/bin" - blackbox_exporter_user: + blackbox_exporter_system_user: description: "The user the exporter runs as" default: "blackbox-exp" - blackbox_exporter_group: + blackbox_exporter_system_group: description: "The group the exporter runs as" default: "blackbox-exp" - blackbox_exporter_archive_path: + blackbox_exporter_local_cache_path: description: 'Local path to stash the archive and its extraction' - default: "/tmp" + default: "/tmp/blackbox_exporter-{{ ansible_system | lower }}-{{ _blackbox_exporter_go_ansible_arch }}/{{ blackbox_exporter_version }}" diff --git a/roles/blackbox_exporter/tasks/configure.yml b/roles/blackbox_exporter/tasks/configure.yml index 2fcc063bd..4b1c2c50b 100644 --- a/roles/blackbox_exporter/tasks/configure.yml +++ b/roles/blackbox_exporter/tasks/configure.yml @@ -1,28 +1,50 @@ --- -- name: Create systemd service unit - ansible.builtin.template: - src: blackbox_exporter.service.j2 - dest: /etc/systemd/system/blackbox_exporter.service - owner: root - group: root - mode: '0644' - notify: - - restart blackbox_exporter +- name: "Common configure" + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: configure.yml + vars: + _common_system_user: "{{ blackbox_exporter_system_user }}" + _common_system_group: "{{ blackbox_exporter_system_group }}" + _common_config_dir: "{{ blackbox_exporter_config_dir }}" + tags: + - blackbox_exporter + - configure + - blackbox_exporter_configure + +- name: Ensure blackbox exporter binary has cap_net_raw capability + community.general.capabilities: + path: "{{ blackbox_exporter_binary_install_dir }}/blackbox_exporter" + capability: cap_net_raw+ep + state: present + become: true + when: not ansible_check_mode + changed_when: "'molecule-idempotence-notest' not in ansible_skip_tags" + tags: + - blackbox_exporter + - configure + - blackbox_exporter_configure -- name: Create blackbox_exporter config directory - ansible.builtin.file: - path: "{{ blackbox_exporter_config_dir }}" - state: directory - owner: root - group: root - mode: u+rwX,g+rwX,o=rX +- name: Check Debug Message + ansible.builtin.debug: + msg: "The capabilities module is skipped during check mode, as the file may not exist, causing execution to fail." + when: ansible_check_mode + tags: + - blackbox_exporter + - configure + - blackbox_exporter_configure - name: Configure blackbox exporter ansible.builtin.template: src: blackbox_exporter.yml.j2 dest: "{{ blackbox_exporter_config_dir }}/blackbox_exporter.yml" - owner: root - group: "{{ blackbox_exporter_group }}" + owner: "{{ blackbox_exporter_system_user }}" + group: "{{ blackbox_exporter_system_group }}" mode: '0644' + become: true notify: - reload blackbox_exporter + tags: + - blackbox_exporter + - configure + - blackbox_exporter_configure diff --git a/roles/blackbox_exporter/tasks/install.yml b/roles/blackbox_exporter/tasks/install.yml deleted file mode 100644 index d45519f97..000000000 --- a/roles/blackbox_exporter/tasks/install.yml +++ /dev/null @@ -1,90 +0,0 @@ ---- -- name: Create blackbox_exporter system group - ansible.builtin.group: - name: "{{ blackbox_exporter_group }}" - system: true - state: present - when: blackbox_exporter_group != 'root' - -- name: Create blackbox_exporter system user - ansible.builtin.user: - name: "{{ blackbox_exporter_user }}" - system: true - shell: "/usr/sbin/nologin" - group: "{{ blackbox_exporter_group }}" - createhome: false - when: blackbox_exporter_user != 'root' - -- name: Get binary - when: - - blackbox_exporter_binary_local_dir | length == 0 - - not blackbox_exporter_skip_install - block: - - - name: Download blackbox_exporter binary to local folder - become: false - ansible.builtin.get_url: - url: "{{ blackbox_exporter_binary_url }}" - dest: "{{ blackbox_exporter_archive_path }}/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch }}.tar.gz" - checksum: "sha256:{{ __blackbox_exporter_checksum }}" - mode: '0644' - register: _download_binary - until: _download_binary is succeeded - retries: 5 - delay: 2 - delegate_to: localhost - check_mode: false - - - name: Unpack blackbox_exporter binary - become: false - ansible.builtin.unarchive: - src: "{{ blackbox_exporter_archive_path }}/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch }}.tar.gz" - dest: "{{ blackbox_exporter_archive_path }}" - creates: "{{ blackbox_exporter_archive_path }}/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch }}/blackbox_exporter" - delegate_to: localhost - check_mode: false - - - name: Propagate blackbox_exporter binaries - ansible.builtin.copy: - src: "{{ blackbox_exporter_archive_path }}/blackbox_exporter-{{ blackbox_exporter_version }}.linux-{{ go_arch }}/blackbox_exporter" - dest: "{{ blackbox_exporter_binary_install_dir }}/blackbox_exporter" - mode: 0755 - owner: root - group: root - notify: restart blackbox_exporter - when: not ansible_check_mode - -- name: Propagate locally distributed blackbox_exporter binary - ansible.builtin.copy: - src: "{{ blackbox_exporter_binary_local_dir }}/blackbox_exporter" - dest: "{{ blackbox_exporter_binary_install_dir }}/blackbox_exporter" - mode: '0755' - owner: root - group: root - when: - - blackbox_exporter_binary_local_dir | length > 0 - - not blackbox_exporter_skip_install - notify: restart blackbox_exporter - -- name: Install libcap on Debian systems - ansible.builtin.package: - name: "libcap2-bin" - state: present - register: _download_packages - until: _download_packages is succeeded - retries: 5 - delay: 2 - when: ansible_os_family | lower == "debian" - -- name: Ensure blackbox exporter binary has cap_net_raw capability - community.general.capabilities: - path: "{{ blackbox_exporter_binary_install_dir }}/blackbox_exporter" - capability: cap_net_raw+ep - state: present - when: not ansible_check_mode - changed_when: "'molecule-idempotence-notest' not in ansible_skip_tags" - -- name: Check Debug Message - ansible.builtin.debug: - msg: "The capabilities module is skipped during check mode, as the file may not exist, causing execution to fail." - when: ansible_check_mode diff --git a/roles/blackbox_exporter/tasks/main.yml b/roles/blackbox_exporter/tasks/main.yml index 193dcdfd8..76c8359ec 100644 --- a/roles/blackbox_exporter/tasks/main.yml +++ b/roles/blackbox_exporter/tasks/main.yml @@ -2,33 +2,41 @@ - name: Preflight ansible.builtin.include_tasks: file: preflight.yml - apply: - tags: - - blackbox_exporter_install - - blackbox_exporter_configure - - blackbox_exporter_run tags: - blackbox_exporter_install - blackbox_exporter_configure - blackbox_exporter_run - name: Install - ansible.builtin.include_tasks: - file: install.yml - apply: - become: true - tags: - - blackbox_exporter_install + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: install.yml + vars: + _common_local_cache_path: "{{ blackbox_exporter_local_cache_path }}" + _common_binaries: "{{ _blackbox_exporter_binaries }}" + _common_binary_install_dir: "{{ blackbox_exporter_binary_install_dir }}" + _common_binary_url: "{{ blackbox_exporter_binary_url }}" + _common_checksums_url: "{{ blackbox_exporter_checksums_url }}" + _common_system_group: "{{ blackbox_exporter_system_group }}" + _common_system_user: "{{ blackbox_exporter_system_user }}" + _common_config_dir: "{{ blackbox_exporter_config_dir }}" + _common_binary_unarchive_opts: ['--strip-components=1'] tags: - blackbox_exporter_install +- name: SELinux + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: selinux.yml + vars: + _common_selinux_port: "{{ blackbox_exporter_web_listen_address | urlsplit('port') }}" + when: ansible_selinux.status == "enabled" + tags: + - blackbox_exporter_configure + - name: Configure ansible.builtin.include_tasks: file: configure.yml - apply: - become: true - tags: - - blackbox_exporter_configure tags: - blackbox_exporter_configure diff --git a/roles/blackbox_exporter/tasks/preflight.yml b/roles/blackbox_exporter/tasks/preflight.yml index 6f4c1fee3..7f8c98e8b 100644 --- a/roles/blackbox_exporter/tasks/preflight.yml +++ b/roles/blackbox_exporter/tasks/preflight.yml @@ -1,24 +1,10 @@ --- -- name: Assert usage of systemd as an init system - ansible.builtin.assert: - that: ansible_service_mgr == 'systemd' - msg: "This role only works with systemd" - -- name: Install package fact dependencies - become: true - ansible.builtin.package: - name: "{{ _pkg_fact_req }}" - state: present - when: (_pkg_fact_req) +- name: Common preflight + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: preflight.yml vars: - _pkg_fact_req: "{% if (ansible_pkg_mgr == 'apt') %}\ - {{ ('python-apt' if ansible_python_version is version('3', '<') else 'python3-apt') }} - {% else %}\ - {% endif %}" - -- name: Gather package facts - ansible.builtin.package_facts: - when: "not 'packages' in ansible_facts" + _common_dependencies: "{{ _blackbox_exporter_dependencies }}" - name: Assert that used version supports listen address type ansible.builtin.assert: @@ -44,30 +30,15 @@ - name: Discover latest version ansible.builtin.set_fact: blackbox_exporter_version: "{{ (lookup('url', 'https://api.github.com/repos/{{ _blackbox_exporter_repo }}/releases/latest', headers=_github_api_headers, - split_lines=False) | from_json).get('tag_name') | replace('v', '') }}" + split_lines=False) | from_json).get('tag_name') | replace('v', '') }}" run_once: true until: blackbox_exporter_version is version('0.0.0', '>=') retries: 10 when: - blackbox_exporter_version == "latest" - - blackbox_exporter_binary_local_dir | length == 0 - - not blackbox_exporter_skip_install - -- name: Get blackbox_exporter binary checksum - when: - - blackbox_exporter_binary_local_dir | length == 0 - - not blackbox_exporter_skip_install - block: - - name: Get checksum list from github - ansible.builtin.set_fact: - __blackbox_exporter_checksums: "{{ lookup('url', blackbox_exporter_checksums_url, headers=_github_api_headers, wantlist=True) | list }}" - run_once: true - until: __blackbox_exporter_checksums is search('linux-' + go_arch + '.tar.gz') - retries: 10 - - - name: "Get checksum for {{ go_arch }}" - ansible.builtin.set_fact: - __blackbox_exporter_checksum: "{{ item.split(' ')[0] }}" - with_items: "{{ __blackbox_exporter_checksums }}" - when: - - "('linux-' + go_arch + '.tar.gz') in item" + tags: + - blackbox_exporter + - install + - blackbox_exporter_install + - download + - blackbox_exporter_download diff --git a/roles/blackbox_exporter/templates/blackbox_exporter.service.j2 b/roles/blackbox_exporter/templates/blackbox_exporter.service.j2 index 66c0305d6..e27e94644 100644 --- a/roles/blackbox_exporter/templates/blackbox_exporter.service.j2 +++ b/roles/blackbox_exporter/templates/blackbox_exporter.service.j2 @@ -7,8 +7,8 @@ StartLimitIntervalSec=0 [Service] Type=simple -User={{ blackbox_exporter_user }} -Group={{ blackbox_exporter_group }} +User={{ blackbox_exporter_system_user }} +Group={{ blackbox_exporter_system_group }} PermissionsStartOnly=true ExecReload=/bin/kill -HUP $MAINPID ExecStart={{ blackbox_exporter_binary_install_dir }}/blackbox_exporter \ diff --git a/roles/blackbox_exporter/vars/main.yml b/roles/blackbox_exporter/vars/main.yml index 5a78bf2a3..1ff00abca 100644 --- a/roles/blackbox_exporter/vars/main.yml +++ b/roles/blackbox_exporter/vars/main.yml @@ -1,11 +1,13 @@ --- -go_arch_map: - i386: '386' - x86_64: 'amd64' - aarch64: 'arm64' - armv7l: 'armv7' - armv6l: 'armv6' - -go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}" +_blackbox_exporter_go_ansible_arch: "{{ {'i386': '386', + 'x86_64': 'amd64', + 'aarch64': 'arm64', + 'armv7l': 'armv7', + 'armv6l': 'armv6'}.get(ansible_architecture, ansible_architecture) }}" _blackbox_exporter_repo: "prometheus/blackbox_exporter" _github_api_headers: "{{ {'GITHUB_TOKEN': lookup('ansible.builtin.env', 'GITHUB_TOKEN')} if (lookup('ansible.builtin.env', 'GITHUB_TOKEN')) else {} }}" +_blackbox_exporter_binaries: ['blackbox_exporter'] +_blackbox_exporter_dependencies: "{% if (ansible_pkg_mgr == 'apt') %}\ + {{ (['python-apt', 'libcap2-bin'] if ansible_python_version is version('3', '<') else ['python3-apt', 'libcap2-bin']) }} + {% else %}\ + {% endif %}" From 3259947a8909c738eb0bb4b188447e86f18d73a4 Mon Sep 17 00:00:00 2001 From: gardar Date: Tue, 15 Oct 2024 17:03:59 +0000 Subject: [PATCH 05/24] refactor(cadvisor): delegate common tasks to _common role Signed-off-by: gardar --- roles/cadvisor/defaults/main.yml | 9 ++-- roles/cadvisor/meta/argument_specs.yml | 25 ++++------- roles/cadvisor/tasks/configure.yml | 19 --------- roles/cadvisor/tasks/install.yml | 59 -------------------------- roles/cadvisor/tasks/main.yml | 50 +++++++++------------- roles/cadvisor/tasks/preflight.yml | 49 +++++---------------- roles/cadvisor/tasks/selinux.yml | 23 ---------- roles/cadvisor/vars/main.yml | 13 +++--- 8 files changed, 48 insertions(+), 199 deletions(-) delete mode 100644 roles/cadvisor/tasks/configure.yml delete mode 100644 roles/cadvisor/tasks/install.yml delete mode 100644 roles/cadvisor/tasks/selinux.yml diff --git a/roles/cadvisor/defaults/main.yml b/roles/cadvisor/defaults/main.yml index b8aa30230..10a42fd6f 100644 --- a/roles/cadvisor/defaults/main.yml +++ b/roles/cadvisor/defaults/main.yml @@ -1,9 +1,7 @@ --- cadvisor_version: 0.49.1 -cadvisor_binary_local_dir: "" cadvisor_binary_url: "https://github.com/{{ _cadvisor_repo }}/releases/download/v{{ cadvisor_version }}/\ - cadvisor-v{{ cadvisor_version }}-linux-{{ go_arch }}" -cadvisor_skip_install: false + cadvisor-v{{ cadvisor_version }}-{{ ansible_system | lower }}-{{ _cadvisor_go_ansible_arch }}" cadvisor_listen_ip: "0.0.0.0" cadvisor_port: "8080" @@ -16,9 +14,10 @@ cadvisor_whitelisted_container_labels: [] cadvisor_store_container_labels: true cadvisor_docker_only: false -cadvisor_binary_install_dir: "/usr/local/bin" cadvisor_system_group: "root" cadvisor_system_user: "{{ cadvisor_system_group }}" # Local path to stash the archive and its extraction -cadvisor_archive_path: /tmp +cadvisor_local_cache_path: "/tmp/cadvisor-{{ ansible_system | lower }}-{{ _cadvisor_go_ansible_arch }}/{{ cadvisor_version }}" + +cadvisor_binary_install_dir: "/usr/local/bin" diff --git a/roles/cadvisor/meta/argument_specs.yml b/roles/cadvisor/meta/argument_specs.yml index cb7e443fc..c9cf3918e 100644 --- a/roles/cadvisor/meta/argument_specs.yml +++ b/roles/cadvisor/meta/argument_specs.yml @@ -11,18 +11,9 @@ argument_specs: cadvisor_version: description: "cAdvisor package version. Also accepts latest as parameter." default: "0.49.1" - cadvisor_skip_install: - description: "cAdvisor installation tasks gets skipped when set to true." - type: bool - default: false - cadvisor_binary_local_dir: - description: - - "Enables the use of local packages instead of those distributed on github." - - "The parameter may be set to a directory where the C(cadvisor) binary is stored on the host where ansible is run." - - "This overrides the I(cadvisor_version) parameter" cadvisor_binary_url: description: "URL of the cadvisor binary file" - default: "https://github.com/{{ _cadvisor_repo }}/releases/download/v{{ cadvisor_version }}/cadvisor-{{ cadvisor_version }}-linux-{{ go_arch }}" + default: "https://github.com/{{ _cadvisor_repo }}/releases/download/v{{ cadvisor_version }}/cadvisor-v{{ cadvisor_version }}-{{ ansible_system | lower }}-{{ _cadvisor_go_ansible_arch }}" cadvisor_listen_ip: description: "Address on which cadvisor will listen" default: "0.0.0.0" @@ -80,11 +71,6 @@ argument_specs: description: "do not report raw cgroup metrics, except the root cgroup" type: "bool" default: false - cadvisor_binary_install_dir: - description: - - "I(Advanced)" - - "Directory to install cadvisor binary" - default: "/usr/local/bin" cadvisor_system_group: description: - "I(Advanced)" @@ -95,6 +81,11 @@ argument_specs: - "I(Advanced)" - "cAdvisor user" default: "root" - cadvisor_archive_path: + cadvisor_binary_install_dir: + description: + - "I(Advanced)" + - "Directory to install binaries" + default: "/usr/local/bin" + cadvisor_local_cache_path: description: 'Local path to stash the archive and its extraction' - default: "/tmp" + default: "/tmp/cadvisor-{{ ansible_system | lower }}-{{ _cadvisor_go_ansible_arch }}/{{ cadvisor_version }}" diff --git a/roles/cadvisor/tasks/configure.yml b/roles/cadvisor/tasks/configure.yml deleted file mode 100644 index f82faf6c0..000000000 --- a/roles/cadvisor/tasks/configure.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- name: Copy the cadvisor systemd service file - ansible.builtin.template: - src: cadvisor.service.j2 - dest: /etc/systemd/system/cadvisor.service - owner: root - group: root - mode: 0644 - notify: restart cadvisor - -- name: Allow cadvisor port in SELinux on RedHat OS family - community.general.seport: - ports: "{{ cadvisor_port }}" - proto: tcp - setype: http_port_t - state: present - when: - - ansible_version.full is version_compare('2.4', '>=') - - ansible_selinux.status == "enabled" diff --git a/roles/cadvisor/tasks/install.yml b/roles/cadvisor/tasks/install.yml deleted file mode 100644 index 9cebe72be..000000000 --- a/roles/cadvisor/tasks/install.yml +++ /dev/null @@ -1,59 +0,0 @@ ---- -- name: Create the cadvisor group - ansible.builtin.group: - name: "{{ cadvisor_system_group }}" - state: present - system: true - when: cadvisor_system_group != "root" - -- name: Create the cadvisor user - ansible.builtin.user: - name: "{{ cadvisor_system_user }}" - groups: "{{ cadvisor_system_group }}" - append: true - shell: /usr/sbin/nologin - system: true - create_home: false - home: / - when: cadvisor_system_user != "root" - -- name: Get binary - when: - - cadvisor_binary_local_dir | length == 0 - - not cadvisor_skip_install - block: - - - name: Download cadvisor binary to local folder - become: false - ansible.builtin.get_url: - url: "{{ cadvisor_binary_url }}" - dest: "{{ cadvisor_archive_path }}/cadvisor-v{{ cadvisor_version }}-linux-{{ go_arch }}" - mode: '0644' - register: _download_binary - until: _download_binary is succeeded - retries: 5 - delay: 2 - delegate_to: localhost - check_mode: false - - - name: Propagate cadvisor binaries - ansible.builtin.copy: - src: "{{ cadvisor_archive_path }}/cadvisor-v{{ cadvisor_version }}-linux-{{ go_arch }}" - dest: "{{ cadvisor_binary_install_dir }}/cadvisor" - mode: 0755 - owner: root - group: root - notify: restart cadvisor - when: not ansible_check_mode - -- name: Propagate locally distributed cadvisor binary - ansible.builtin.copy: - src: "{{ cadvisor_binary_local_dir }}/cadvisor" - dest: "{{ cadvisor_binary_install_dir }}/cadvisor" - mode: 0755 - owner: root - group: root - when: - - cadvisor_binary_local_dir | length > 0 - - not cadvisor_skip_install - notify: restart cadvisor diff --git a/roles/cadvisor/tasks/main.yml b/roles/cadvisor/tasks/main.yml index 96590ece4..7b6a1263d 100644 --- a/roles/cadvisor/tasks/main.yml +++ b/roles/cadvisor/tasks/main.yml @@ -2,51 +2,41 @@ - name: Preflight ansible.builtin.include_tasks: file: preflight.yml - apply: - tags: - - cadvisor_install - - cadvisor_configure - - cadvisor_run tags: - cadvisor_install - cadvisor_configure - cadvisor_run - name: Install - ansible.builtin.include_tasks: - file: install.yml - apply: - become: true - tags: - - cadvisor_install - when: - ( not __cadvisor_is_installed.stat.exists ) or - ( (__cadvisor_current_version_output.stderr_lines | length > 0) - and ((__cadvisor_current_version_output.stderr_lines[0].split(" ")[2] | replace('v', '')) != cadvisor_version) ) or - ( (__cadvisor_current_version_output.stdout_lines | length > 0) - and ((__cadvisor_current_version_output.stdout_lines[0].split(" ")[2] | replace('v', '')) != cadvisor_version) ) or - ( cadvisor_binary_local_dir | length > 0 ) + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: install.yml + vars: + _common_local_cache_path: "{{ cadvisor_local_cache_path }}" + _common_binary_name: "{{ _cadvisor_binaries | first }}" + _common_binaries: "{{ _cadvisor_binaries }}" + _common_binary_install_dir: "{{ cadvisor_binary_install_dir }}" + _common_binary_url: "{{ cadvisor_binary_url }}" + _common_system_group: "{{ cadvisor_system_group }}" + _common_system_user: "{{ cadvisor_system_user }}" + _common_config_dir: "{{ cadvisor_config_dir }}" tags: - cadvisor_install - name: SELinux - ansible.builtin.include_tasks: - file: selinux.yml - apply: - become: true - tags: - - cadvisor_configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: selinux.yml + vars: + _common_selinux_port: "{{ cadvisor_port }}" when: ansible_selinux.status == "enabled" tags: - cadvisor_configure - name: Configure - ansible.builtin.include_tasks: - file: configure.yml - apply: - become: true - tags: - - cadvisor_configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: configure.yml tags: - cadvisor_configure diff --git a/roles/cadvisor/tasks/preflight.yml b/roles/cadvisor/tasks/preflight.yml index c128875e6..e26b8388c 100644 --- a/roles/cadvisor/tasks/preflight.yml +++ b/roles/cadvisor/tasks/preflight.yml @@ -1,41 +1,8 @@ --- -- name: Assert usage of systemd as an init system - ansible.builtin.assert: - that: ansible_service_mgr == 'systemd' - msg: "This role only works with systemd" - -- name: Install package fact dependencies - become: true - ansible.builtin.package: - name: "{{ _pkg_fact_req }}" - state: present - when: (_pkg_fact_req) - vars: - _pkg_fact_req: "{% if (ansible_pkg_mgr == 'apt') %}\ - {{ ('python-apt' if ansible_python_version is version('3', '<') else 'python3-apt') }} - {% else %}\ - {% endif %}" - -- name: Gather package facts - ansible.builtin.package_facts: - when: "not 'packages' in ansible_facts" - -- name: Check if cadvisor is installed - ansible.builtin.stat: - path: "{{ cadvisor_binary_install_dir }}/cadvisor" - register: __cadvisor_is_installed - check_mode: false - tags: - - cadvisor_install - -- name: Gather currently installed cadvisor version (if any) - ansible.builtin.command: "{{ cadvisor_binary_install_dir }}/cadvisor --version" - changed_when: false - register: __cadvisor_current_version_output - check_mode: false - when: __cadvisor_is_installed.stat.exists - tags: - - cadvisor_install +- name: Common preflight + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: preflight.yml - name: Discover latest version ansible.builtin.set_fact: @@ -46,5 +13,9 @@ retries: 10 when: - cadvisor_version == "latest" - - cadvisor_binary_local_dir | length == 0 - - not cadvisor_skip_install + tags: + - cadvisor + - install + - cadvisor_install + - download + - cadvisor_download diff --git a/roles/cadvisor/tasks/selinux.yml b/roles/cadvisor/tasks/selinux.yml deleted file mode 100644 index 754cbd0a2..000000000 --- a/roles/cadvisor/tasks/selinux.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Install selinux python packages [RedHat] - ansible.builtin.package: - name: "{{ ['libselinux-python', 'policycoreutils-python'] - if ansible_python_version is version('3', '<') else - ['python3-libselinux', 'python3-policycoreutils'] }}" - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: ansible_os_family | lower == "redhat" - -- name: Install selinux python packages [clearlinux] - ansible.builtin.package: - name: sysadmin-basic - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: - - ansible_distribution | lower == "clearlinux" diff --git a/roles/cadvisor/vars/main.yml b/roles/cadvisor/vars/main.yml index 18007a405..8a1da1d00 100644 --- a/roles/cadvisor/vars/main.yml +++ b/roles/cadvisor/vars/main.yml @@ -1,10 +1,9 @@ --- -go_arch_map: - x86_64: 'amd64' - aarch64: 'arm64' - armv7l: 'arm' - armv6l: 'arm' - -go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}" +_cadvisor_go_ansible_arch: "{{ {'i386': '386', + 'x86_64': 'amd64', + 'aarch64': 'arm64', + 'armv7l': 'armv7', + 'armv6l': 'armv6'}.get(ansible_architecture, ansible_architecture) }}" _cadvisor_repo: "google/cadvisor" _github_api_headers: "{{ {'GITHUB_TOKEN': lookup('ansible.builtin.env', 'GITHUB_TOKEN')} if (lookup('ansible.builtin.env', 'GITHUB_TOKEN')) else {} }}" +_cadvisor_binaries: ['cadvisor'] From 95889b99621618ef806e4883b05483121297517c Mon Sep 17 00:00:00 2001 From: gardar Date: Tue, 15 Oct 2024 17:04:27 +0000 Subject: [PATCH 06/24] refactor(chrony_exporter): delegate common tasks to _common role Signed-off-by: gardar --- roles/chrony_exporter/defaults/main.yml | 15 ++-- roles/chrony_exporter/meta/argument_specs.yml | 28 +++----- .../molecule/alternative/molecule.yml | 7 +- .../molecule/default/tests/test_default.py | 1 - roles/chrony_exporter/tasks/configure.yml | 36 ---------- roles/chrony_exporter/tasks/install.yml | 69 ------------------- roles/chrony_exporter/tasks/main.yml | 58 ++++++++-------- roles/chrony_exporter/tasks/preflight.yml | 68 +++--------------- roles/chrony_exporter/tasks/selinux.yml | 23 ------- .../templates/chrony_exporter.service.j2 | 2 +- .../templates/web_config.yaml.j2 | 18 ----- roles/chrony_exporter/vars/main.yml | 15 ++-- 12 files changed, 68 insertions(+), 272 deletions(-) delete mode 100644 roles/chrony_exporter/tasks/configure.yml delete mode 100644 roles/chrony_exporter/tasks/install.yml delete mode 100644 roles/chrony_exporter/tasks/selinux.yml delete mode 100644 roles/chrony_exporter/templates/web_config.yaml.j2 diff --git a/roles/chrony_exporter/defaults/main.yml b/roles/chrony_exporter/defaults/main.yml index e67c8a741..bbe5d6bff 100644 --- a/roles/chrony_exporter/defaults/main.yml +++ b/roles/chrony_exporter/defaults/main.yml @@ -1,10 +1,8 @@ --- chrony_exporter_version: 0.10.1 -chrony_exporter_binary_local_dir: "" chrony_exporter_binary_url: "https://github.com/{{ _chrony_exporter_repo }}/releases/download/v{{ chrony_exporter_version }}/\ - chrony_exporter-{{ chrony_exporter_version }}.linux-{{ go_arch }}.tar.gz" + chrony_exporter-{{ chrony_exporter_version }}.{{ ansible_system | lower }}-{{ _chrony_exporter_go_ansible_arch }}.tar.gz" chrony_exporter_checksums_url: "https://github.com/{{ _chrony_exporter_repo }}/releases/download/v{{ chrony_exporter_version }}/sha256sums.txt" -chrony_exporter_skip_install: false chrony_exporter_web_listen_address: "0.0.0.0:9123" chrony_exporter_web_telemetry_path: "/metrics" @@ -21,9 +19,12 @@ chrony_exporter_enabled_collectors: [] chrony_exporter_disabled_collectors: [] -chrony_exporter_binary_install_dir: "/usr/local/bin" -chrony_exporter_system_group: "chrony-exp" -chrony_exporter_system_user: "{{ chrony_exporter_system_group }}" +chrony_exporter_system_user: "chrony-exp" +chrony_exporter_system_group: "{{ chrony_exporter_system_user }}" + # Local path to stash the archive and its extraction -chrony_exporter_archive_path: /tmp +chrony_exporter_local_cache_path: "/tmp/chrony_exporter-{{ ansible_system | lower }}-{{ _chrony_exporter_go_ansible_arch }}/{{ chrony_exporter_version }}" + +chrony_exporter_binary_install_dir: "/usr/local/bin" +chrony_exporter_config_dir: "/etc/chrony_exporter" diff --git a/roles/chrony_exporter/meta/argument_specs.yml b/roles/chrony_exporter/meta/argument_specs.yml index 5e57c921d..8bace65e0 100644 --- a/roles/chrony_exporter/meta/argument_specs.yml +++ b/roles/chrony_exporter/meta/argument_specs.yml @@ -11,18 +11,9 @@ argument_specs: chrony_exporter_version: description: "Chrony exporter package version. Also accepts latest as parameter." default: "0.10.1" - chrony_exporter_skip_install: - description: "Chrony exporter installation tasks gets skipped when set to true." - type: bool - default: false - chrony_exporter_binary_local_dir: - description: - - "Enables the use of local packages instead of those distributed on github." - - "The parameter may be set to a directory where the C(chrony_exporter) binary is stored on the host where ansible is run." - - "This overrides the I(chrony_exporter_version) parameter" chrony_exporter_binary_url: description: "URL of the chrony_exporter binaries .tar.gz file" - default: "https://github.com/{{ _chrony_exporter_repo }}/releases/download/v{{ chrony_exporter_version }}/chrony_exporter-{{ chrony_exporter_version }}.linux-{{ go_arch }}.tar.gz" + default: "https://github.com/{{ _chrony_exporter_repo }}/releases/download/v{{ chrony_exporter_version }}/chrony_exporter-{{ chrony_exporter_version }}.{{ ansible_system | lower }}-{{ _chrony_exporter_go_ansible_arch }}.tar.gz" chrony_exporter_checksums_url: description: "URL of the chrony_exporter checksums file" default: "https://github.com/{{ _chrony_exporter_repo }}/releases/download/v{{ chrony_exporter_version }}/sha256sums.txt" @@ -58,11 +49,6 @@ argument_specs: chrony_exporter_basic_auth_users: description: "Dictionary of users and password for basic authentication. Passwords are automatically hashed with bcrypt." type: "dict" - chrony_exporter_binary_install_dir: - description: - - "I(Advanced)" - - "Directory to install chrony_exporter binary" - default: "/usr/local/bin" chrony_exporter_system_group: description: - "I(Advanced)" @@ -73,6 +59,14 @@ argument_specs: - "I(Advanced)" - "Chrony exporter user" default: "chrony-exp" - chrony_exporter_archive_path: + chrony_exporter_binary_install_dir: + description: + - "I(Advanced)" + - "Directory to install binaries" + default: "/usr/local/bin" + chrony_exporter_local_cache_path: description: 'Local path to stash the archive and its extraction' - default: "/tmp" + default: "/tmp/chrony_exporter-{{ ansible_system | lower }}-{{ _chrony_exporter_go_ansible_arch }}/{{ chrony_exporter_version }}" + chrony_exporter_config_dir: + description: "Path to directory with chrony_exporter configuration" + default: "/etc/chrony_exporter" diff --git a/roles/chrony_exporter/molecule/alternative/molecule.yml b/roles/chrony_exporter/molecule/alternative/molecule.yml index 6e55e96e5..d0944c50a 100644 --- a/roles/chrony_exporter/molecule/alternative/molecule.yml +++ b/roles/chrony_exporter/molecule/alternative/molecule.yml @@ -5,7 +5,8 @@ provisioner: inventory: group_vars: all: - chrony_exporter_binary_local_dir: "/tmp/chrony_exporter-linux-amd64" + chrony_exporter_version: 0.6.0 + chrony_exporter_local_cache_path: "/tmp/chrony_exporter-linux-amd64/{{ chrony_exporter_version }}" chrony_exporter_web_listen_address: - '127.0.0.1:8080' - '127.0.1.1:8080' @@ -20,7 +21,5 @@ provisioner: http2: true chrony_exporter_basic_auth_users: randomuser: examplepassword - go_arch: amd64 - chrony_exporter_version: 0.6.0 chrony_exporter_binary_url: "https://github.com/superq/chrony_exporter/releases/download/v{{ chrony_exporter_version\ - \ }}/chrony_exporter-{{ chrony_exporter_version }}.linux-{{ go_arch }}.tar.gz" + \ }}/chrony_exporter-{{ chrony_exporter_version }}.linux-amd64.tar.gz" diff --git a/roles/chrony_exporter/molecule/default/tests/test_default.py b/roles/chrony_exporter/molecule/default/tests/test_default.py index f3d272a1b..1979c44bb 100644 --- a/roles/chrony_exporter/molecule/default/tests/test_default.py +++ b/roles/chrony_exporter/molecule/default/tests/test_default.py @@ -46,7 +46,6 @@ def test_user(host): assert host.group("chrony-exp").exists assert "chrony-exp" in host.user("chrony-exp").groups assert host.user("chrony-exp").shell == "/usr/sbin/nologin" - assert host.user("chrony-exp").home == "/" def test_service(host): diff --git a/roles/chrony_exporter/tasks/configure.yml b/roles/chrony_exporter/tasks/configure.yml deleted file mode 100644 index 517e624cb..000000000 --- a/roles/chrony_exporter/tasks/configure.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- name: Copy the chrony_exporter systemd service file - ansible.builtin.template: - src: chrony_exporter.service.j2 - dest: /etc/systemd/system/chrony_exporter.service - owner: root - group: root - mode: 0644 - notify: restart chrony_exporter - -- name: Create chrony_exporter config directory - ansible.builtin.file: - path: "/etc/chrony_exporter" - state: directory - owner: root - group: root - mode: u+rwX,g+rwX,o=rX - -- name: Copy the chrony_exporter web config file - ansible.builtin.template: - src: web_config.yaml.j2 - dest: /etc/chrony_exporter/web_config.yaml - owner: root - group: root - mode: 0644 - notify: restart chrony_exporter - -- name: Allow chrony_exporter port in SELinux on RedHat OS family - community.general.seport: - ports: "{{ chrony_exporter_web_listen_address.split(':')[-1] }}" - proto: tcp - setype: http_port_t - state: present - when: - - ansible_version.full is version_compare('2.4', '>=') - - ansible_selinux.status == "enabled" diff --git a/roles/chrony_exporter/tasks/install.yml b/roles/chrony_exporter/tasks/install.yml deleted file mode 100644 index 347def862..000000000 --- a/roles/chrony_exporter/tasks/install.yml +++ /dev/null @@ -1,69 +0,0 @@ ---- -- name: Create the chrony_exporter group - ansible.builtin.group: - name: "{{ chrony_exporter_system_group }}" - state: present - system: true - when: chrony_exporter_system_group != "root" - -- name: Create the chrony_exporter user - ansible.builtin.user: - name: "{{ chrony_exporter_system_user }}" - groups: "{{ chrony_exporter_system_group }}" - append: true - shell: /usr/sbin/nologin - system: true - create_home: false - home: / - when: chrony_exporter_system_user != "root" - -- name: Get binary - when: - - chrony_exporter_binary_local_dir | length == 0 - - not chrony_exporter_skip_install - block: - - - name: Download chrony_exporter binary to local folder - become: false - ansible.builtin.get_url: - url: "{{ chrony_exporter_binary_url }}" - dest: "{{ chrony_exporter_archive_path }}/chrony_exporter-{{ chrony_exporter_version }}.linux-{{ go_arch }}.tar.gz" - checksum: "sha256:{{ __chrony_exporter_checksum }}" - mode: '0644' - register: _download_binary - until: _download_binary is succeeded - retries: 5 - delay: 2 - delegate_to: localhost - check_mode: false - - - name: Unpack chrony_exporter binary - become: false - ansible.builtin.unarchive: - src: "{{ chrony_exporter_archive_path }}/chrony_exporter-{{ chrony_exporter_version }}.linux-{{ go_arch }}.tar.gz" - dest: "{{ chrony_exporter_archive_path }}" - creates: "{{ chrony_exporter_archive_path }}/chrony_exporter-{{ chrony_exporter_version }}.linux-{{ go_arch }}/chrony_exporter" - delegate_to: localhost - check_mode: false - - - name: Propagate chrony_exporter binaries - ansible.builtin.copy: - src: "{{ chrony_exporter_archive_path }}/chrony_exporter-{{ chrony_exporter_version }}.linux-{{ go_arch }}/chrony_exporter" - dest: "{{ chrony_exporter_binary_install_dir }}/chrony_exporter" - mode: 0755 - owner: root - group: root - notify: restart chrony_exporter - when: not ansible_check_mode - -- name: Propagate locally distributed chrony_exporter binary - ansible.builtin.copy: - src: "{{ chrony_exporter_binary_local_dir }}/chrony_exporter" - dest: "{{ chrony_exporter_binary_install_dir }}/chrony_exporter" - mode: 0755 - owner: root - group: root - when: - - chrony_exporter_binary_local_dir | length > 0 - - not chrony_exporter_skip_install - notify: restart chrony_exporter diff --git a/roles/chrony_exporter/tasks/main.yml b/roles/chrony_exporter/tasks/main.yml index b382e24eb..e2d8bd57b 100644 --- a/roles/chrony_exporter/tasks/main.yml +++ b/roles/chrony_exporter/tasks/main.yml @@ -2,51 +2,49 @@ - name: Preflight ansible.builtin.include_tasks: file: preflight.yml - apply: - tags: - - chrony_exporter_install - - chrony_exporter_configure - - chrony_exporter_run tags: - chrony_exporter_install - chrony_exporter_configure - chrony_exporter_run - name: Install - ansible.builtin.include_tasks: - file: install.yml - apply: - become: true - tags: - - chrony_exporter_install - when: - ( not __chrony_exporter_is_installed.stat.exists ) or - ( (__chrony_exporter_current_version_output.stderr_lines | length > 0) - and (__chrony_exporter_current_version_output.stderr_lines[0].split(" ")[2] != chrony_exporter_version) ) or - ( (__chrony_exporter_current_version_output.stdout_lines | length > 0) - and (__chrony_exporter_current_version_output.stdout_lines[0].split(" ")[2] != chrony_exporter_version) ) or - ( chrony_exporter_binary_local_dir | length > 0 ) + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: install.yml + vars: + _common_local_cache_path: "{{ chrony_exporter_local_cache_path }}" + _common_binaries: "{{ _chrony_exporter_binaries }}" + _common_binary_install_dir: "{{ chrony_exporter_binary_install_dir }}" + _common_binary_url: "{{ chrony_exporter_binary_url }}" + _common_checksums_url: "{{ chrony_exporter_checksums_url }}" + _common_system_group: "{{ chrony_exporter_system_group }}" + _common_system_user: "{{ chrony_exporter_system_user }}" + _common_config_dir: "{{ chrony_exporter_config_dir }}" + _common_binary_unarchive_opts: ['--strip-components=1'] tags: - chrony_exporter_install - name: SELinux - ansible.builtin.include_tasks: - file: selinux.yml - apply: - become: true - tags: - - chrony_exporter_configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: selinux.yml + vars: + _common_selinux_port: "{{ chrony_exporter_web_listen_address | urlsplit('port') }}" when: ansible_selinux.status == "enabled" tags: - chrony_exporter_configure - name: Configure - ansible.builtin.include_tasks: - file: configure.yml - apply: - become: true - tags: - - chrony_exporter_configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: configure.yml + vars: + _common_system_user: "{{ chrony_exporter_system_user }}" + _common_system_group: "{{ chrony_exporter_system_group }}" + _common_config_dir: "{{ chrony_exporter_config_dir }}" + _common_tls_server_config: "{{ chrony_exporter_tls_server_config }}" + _common_http_server_config: "{{ chrony_exporter_http_server_config }}" + _common_basic_auth_users: "{{ chrony_exporter_basic_auth_users }}" tags: - chrony_exporter_configure diff --git a/roles/chrony_exporter/tasks/preflight.yml b/roles/chrony_exporter/tasks/preflight.yml index 2d0d93d5a..77057bd6d 100644 --- a/roles/chrony_exporter/tasks/preflight.yml +++ b/roles/chrony_exporter/tasks/preflight.yml @@ -1,24 +1,8 @@ --- -- name: Assert usage of systemd as an init system - ansible.builtin.assert: - that: ansible_service_mgr == 'systemd' - msg: "This role only works with systemd" - -- name: Install package fact dependencies - become: true - ansible.builtin.package: - name: "{{ _pkg_fact_req }}" - state: present - when: (_pkg_fact_req) - vars: - _pkg_fact_req: "{% if (ansible_pkg_mgr == 'apt') %}\ - {{ ('python-apt' if ansible_python_version is version('3', '<') else 'python3-apt') }} - {% else %}\ - {% endif %}" - -- name: Gather package facts - ansible.builtin.package_facts: - when: "not 'packages' in ansible_facts" +- name: Common preflight + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: preflight.yml - name: Assert that used version supports listen address type ansible.builtin.assert: @@ -72,23 +56,6 @@ - "__chrony_exporter_cert_file.stat.exists" - "__chrony_exporter_key_file.stat.exists" -- name: Check if chrony_exporter is installed - ansible.builtin.stat: - path: "{{ chrony_exporter_binary_install_dir }}/chrony_exporter" - register: __chrony_exporter_is_installed - check_mode: false - tags: - - chrony_exporter_install - -- name: Gather currently installed chrony_exporter version (if any) - ansible.builtin.command: "{{ chrony_exporter_binary_install_dir }}/chrony_exporter --version" - changed_when: false - register: __chrony_exporter_current_version_output - check_mode: false - when: __chrony_exporter_is_installed.stat.exists - tags: - - chrony_exporter_install - - name: Discover latest version ansible.builtin.set_fact: chrony_exporter_version: "{{ (lookup('url', 'https://api.github.com/repos/{{ _chrony_exporter_repo }}/releases/latest', headers=_github_api_headers, @@ -98,24 +65,9 @@ retries: 10 when: - chrony_exporter_version == "latest" - - chrony_exporter_binary_local_dir | length == 0 - - not chrony_exporter_skip_install - -- name: Get chrony_exporter binary checksum - when: - - chrony_exporter_binary_local_dir | length == 0 - - not chrony_exporter_skip_install - block: - - name: Get checksum list from github - ansible.builtin.set_fact: - __chrony_exporter_checksums: "{{ lookup('url', chrony_exporter_checksums_url, headers=_github_api_headers, wantlist=True) | list }}" - run_once: true - until: __chrony_exporter_checksums is search('linux-' + go_arch + '.tar.gz') - retries: 10 - - - name: "Get checksum for {{ go_arch }}" - ansible.builtin.set_fact: - __chrony_exporter_checksum: "{{ item.split(' ')[0] }}" - with_items: "{{ __chrony_exporter_checksums }}" - when: - - "('linux-' + go_arch + '.tar.gz') in item" + tags: + - chrony_exporter + - install + - chrony_exporter_install + - download + - chrony_exporter_download diff --git a/roles/chrony_exporter/tasks/selinux.yml b/roles/chrony_exporter/tasks/selinux.yml deleted file mode 100644 index 754cbd0a2..000000000 --- a/roles/chrony_exporter/tasks/selinux.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Install selinux python packages [RedHat] - ansible.builtin.package: - name: "{{ ['libselinux-python', 'policycoreutils-python'] - if ansible_python_version is version('3', '<') else - ['python3-libselinux', 'python3-policycoreutils'] }}" - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: ansible_os_family | lower == "redhat" - -- name: Install selinux python packages [clearlinux] - ansible.builtin.package: - name: sysadmin-basic - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: - - ansible_distribution | lower == "clearlinux" diff --git a/roles/chrony_exporter/templates/chrony_exporter.service.j2 b/roles/chrony_exporter/templates/chrony_exporter.service.j2 index 4e3ac3525..d2fea9b57 100644 --- a/roles/chrony_exporter/templates/chrony_exporter.service.j2 +++ b/roles/chrony_exporter/templates/chrony_exporter.service.j2 @@ -24,7 +24,7 @@ ExecStart={{ chrony_exporter_binary_install_dir }}/chrony_exporter \ '--no-collector.{{ collector }}' \ {% endfor %} {% if chrony_exporter_tls_server_config | length > 0 or chrony_exporter_http_server_config | length > 0 or chrony_exporter_basic_auth_users | length > 0 %} - '--web.config.file=/etc/chrony_exporter/web_config.yaml' \ + '--web.config.file={{ chrony_exporter_config_dir }}/web_config.yml' \ {% endif %} {% if chrony_exporter_version is version('0.5.0', '>=') and chrony_exporter_web_listen_address is iterable and diff --git a/roles/chrony_exporter/templates/web_config.yaml.j2 b/roles/chrony_exporter/templates/web_config.yaml.j2 deleted file mode 100644 index 85874bb40..000000000 --- a/roles/chrony_exporter/templates/web_config.yaml.j2 +++ /dev/null @@ -1,18 +0,0 @@ ---- -{{ ansible_managed | comment }} -{% if chrony_exporter_tls_server_config | length > 0 %} -tls_server_config: -{{ chrony_exporter_tls_server_config | to_nice_yaml | indent(2, true) }} -{% endif %} - -{% if chrony_exporter_http_server_config | length > 0 %} -http_server_config: -{{ chrony_exporter_http_server_config | to_nice_yaml | indent(2, true) }} -{% endif %} - -{% if chrony_exporter_basic_auth_users | length > 0 %} -basic_auth_users: -{% for k, v in chrony_exporter_basic_auth_users.items() %} - {{ k }}: {{ v | string | password_hash('bcrypt', ('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890' | shuffle(seed=inventory_hostname) | join)[:22], rounds=9) }} -{% endfor %} -{% endif %} diff --git a/roles/chrony_exporter/vars/main.yml b/roles/chrony_exporter/vars/main.yml index de3755eda..0314b49e5 100644 --- a/roles/chrony_exporter/vars/main.yml +++ b/roles/chrony_exporter/vars/main.yml @@ -1,11 +1,10 @@ --- -go_arch_map: - i386: '386' - x86_64: 'amd64' - aarch64: 'arm64' - armv7l: 'armv7' - armv6l: 'armv6' - -go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}" +_chrony_exporter_go_ansible_arch: "{{ {'i386': '386', + 'x86_64': 'amd64', + 'aarch64': 'arm64', + 'armv7l': 'armv7', + 'armv6l': 'armv6'}.get(ansible_architecture, ansible_architecture) }}" _chrony_exporter_repo: "superq/chrony_exporter" _github_api_headers: "{{ {'GITHUB_TOKEN': lookup('ansible.builtin.env', 'GITHUB_TOKEN')} if (lookup('ansible.builtin.env', 'GITHUB_TOKEN')) else {} }}" +chrony_exporter_binary_install_dir: "/usr/local/bin" +_chrony_exporter_binaries: ['chrony_exporter'] From a3f317588da4a2f8dfb1fb40a33a75bf2379ac0e Mon Sep 17 00:00:00 2001 From: gardar Date: Tue, 15 Oct 2024 17:04:55 +0000 Subject: [PATCH 07/24] refactor(fail2ban_exporter): delegate common tasks to _common role Signed-off-by: gardar --- roles/fail2ban_exporter/defaults/main.yml | 9 +-- .../fail2ban_exporter/meta/argument_specs.yml | 25 +++---- roles/fail2ban_exporter/tasks/configure.yml | 19 ----- roles/fail2ban_exporter/tasks/install.yml | 51 -------------- roles/fail2ban_exporter/tasks/main.yml | 50 ++++++------- roles/fail2ban_exporter/tasks/preflight.yml | 70 +++---------------- roles/fail2ban_exporter/tasks/selinux.yml | 23 ------ .../templates/fail2ban_exporter.service.j2 | 4 +- roles/fail2ban_exporter/vars/main.yml | 14 ++-- 9 files changed, 57 insertions(+), 208 deletions(-) delete mode 100644 roles/fail2ban_exporter/tasks/configure.yml delete mode 100644 roles/fail2ban_exporter/tasks/install.yml delete mode 100644 roles/fail2ban_exporter/tasks/selinux.yml diff --git a/roles/fail2ban_exporter/defaults/main.yml b/roles/fail2ban_exporter/defaults/main.yml index 2126d0972..c735caade 100644 --- a/roles/fail2ban_exporter/defaults/main.yml +++ b/roles/fail2ban_exporter/defaults/main.yml @@ -1,11 +1,9 @@ --- fail2ban_exporter_version: 0.10.1 -fail2ban_exporter_binary_local_dir: "" fail2ban_exporter_binary_url: "https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/releases/v{{ fail2ban_exporter_version }}/downloads/\ - fail2ban_exporter_{{ fail2ban_exporter_version }}_linux_{{ go_arch }}.tar.gz" + fail2ban_exporter_{{ fail2ban_exporter_version }}_{{ ansible_system | lower }}_{{ _fail2ban_exporter_go_ansible_arch }}.tar.gz" fail2ban_exporter_checksums_url: "https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/releases/v{{ fail2ban_exporter_version }}/downloads/\ fail2ban_exporter_{{ fail2ban_exporter_version }}_checksums.txt" -fail2ban_exporter_skip_install: false fail2ban_exporter_web_listen_address: "0.0.0.0:9191" fail2ban_exporter_socket: "/var/run/fail2ban/fail2ban.sock" @@ -13,6 +11,9 @@ fail2ban_exporter_binary_install_dir: "/usr/local/bin" fail2ban_exporter_username: "" fail2ban_exporter_password: "" +fail2ban_exporter_system_user: "root" +fail2ban_exporter_system_group: "{{ fail2ban_exporter_system_user }}" # Local path to stash the archive and its extraction -fail2ban_exporter_archive_path: /tmp +fail2ban_exporter_local_cache_path: "/tmp/fail2ban_exporter-{{ ansible_system | lower }}-{{ _fail2ban_exporter_go_ansible_arch }}/\ + {{ fail2ban_exporter_version }}" diff --git a/roles/fail2ban_exporter/meta/argument_specs.yml b/roles/fail2ban_exporter/meta/argument_specs.yml index 6f70e2f4f..cc840d6de 100644 --- a/roles/fail2ban_exporter/meta/argument_specs.yml +++ b/roles/fail2ban_exporter/meta/argument_specs.yml @@ -11,18 +11,9 @@ argument_specs: fail2ban_exporter_version: description: "fail2ban_exporter package version. Also accepts latest as parameter." default: "0.10.1" - fail2ban_exporter_skip_install: - description: "fail2ban_exporter installation tasks gets skipped when set to true." - type: bool - default: false - fail2ban_exporter_binary_local_dir: - description: - - "Enables the use of local packages instead of those distributed on gitlab." - - "The parameter may be set to a directory where the C(fail2ban_exporter) binary is stored on the host where ansible is run." - - "This overrides the I(fail2ban_exporter_version) parameter" fail2ban_exporter_binary_url: description: "URL of the fail2ban_exporter binaries .tar.gz file" - default: "https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/releases/v{{ fail2ban_exporter_version }}/downloads/fail2ban_exporter_{{ fail2ban_exporter_version }}_linux_{{ go_arch }}.tar.gz" + default: "https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/releases/v{{ fail2ban_exporter_version }}/downloads/fail2ban_exporter_{{ fail2ban_exporter_version }}_{{ ansible_system | lower }}_{{ _fail2ban_exporter_go_ansible_arch }}.tar.gz" fail2ban_exporter_checksums_url: description: "URL of the fail2ban_exporter checksums file" default: "https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/releases/v{{ fail2ban_exporter_version }}/downloads/fail2ban_exporter_{{ fail2ban_exporter_version }}_checksums.txt" @@ -46,6 +37,16 @@ argument_specs: description: - "I(Advanced)" - "Password to use to protect endpoints with basic auth" - fail2ban_exporter_archive_path: + fail2ban_exporter_local_cache_path: description: 'Local path to stash the archive and its extraction' - default: "/tmp" + default: "/tmp/fail2ban_exporter-{{ ansible_system | lower }}-{{ _fail2ban_exporter_go_ansible_arch }}/{{ fail2ban_exporter_version }}" + fail2ban_exporter_system_user: + description: + - "I(Advanced)" + - "fail2ban exporter system user" + default: root + fail2ban_exporter_system_group: + description: + - "I(Advanced)" + - "System group for fail2ban exporter" + default: root diff --git a/roles/fail2ban_exporter/tasks/configure.yml b/roles/fail2ban_exporter/tasks/configure.yml deleted file mode 100644 index 903b0e9b1..000000000 --- a/roles/fail2ban_exporter/tasks/configure.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- name: Copy the fail2ban_exporter systemd service file - ansible.builtin.template: - src: fail2ban_exporter.service.j2 - dest: /etc/systemd/system/fail2ban_exporter.service - owner: root - group: root - mode: 0644 - notify: restart fail2ban_exporter - -- name: Allow fail2ban_exporter port in SELinux on RedHat OS family - community.general.seport: - ports: "{{ fail2ban_exporter_web_listen_address.split(':')[-1] }}" - proto: tcp - setype: http_port_t - state: present - when: - - ansible_version.full is version_compare('2.4', '>=') - - ansible_selinux.status == "enabled" diff --git a/roles/fail2ban_exporter/tasks/install.yml b/roles/fail2ban_exporter/tasks/install.yml deleted file mode 100644 index 0c7f6802d..000000000 --- a/roles/fail2ban_exporter/tasks/install.yml +++ /dev/null @@ -1,51 +0,0 @@ ---- -- name: Get binary - when: - - fail2ban_exporter_binary_local_dir | length == 0 - - not fail2ban_exporter_skip_install - block: - - - name: Download fail2ban_exporter binary to local folder - become: false - ansible.builtin.get_url: - url: "{{ fail2ban_exporter_binary_url }}" - dest: "{{ fail2ban_exporter_archive_path }}/fail2ban_exporter_{{ fail2ban_exporter_version }}_linux_{{ go_arch }}.tar.gz" - checksum: "sha256:{{ __fail2ban_exporter_checksum }}" - mode: '0644' - register: _download_binary - until: _download_binary is succeeded - retries: 5 - delay: 2 - delegate_to: localhost - check_mode: false - - - name: Unpack fail2ban_exporter binary - become: false - ansible.builtin.unarchive: - src: "{{ fail2ban_exporter_archive_path }}/fail2ban_exporter_{{ fail2ban_exporter_version }}_linux_{{ go_arch }}.tar.gz" - dest: "{{ fail2ban_exporter_archive_path }}" - creates: "{{ fail2ban_exporter_archive_path }}/fail2ban_exporter" - delegate_to: localhost - check_mode: false - - - name: Propagate fail2ban_exporter binaries - ansible.builtin.copy: - src: "{{ fail2ban_exporter_archive_path }}/fail2ban_exporter" - dest: "{{ fail2ban_exporter_binary_install_dir }}/fail2ban_exporter" - mode: 0755 - owner: root - group: root - notify: restart fail2ban_exporter - when: not ansible_check_mode - -- name: Propagate locally distributed fail2ban_exporter binary - ansible.builtin.copy: - src: "{{ fail2ban_exporter_binary_local_dir }}/fail2ban_exporter" - dest: "{{ fail2ban_exporter_binary_install_dir }}/fail2ban_exporter" - mode: 0755 - owner: root - group: root - when: - - fail2ban_exporter_binary_local_dir | length > 0 - - not fail2ban_exporter_skip_install - notify: restart fail2ban_exporter diff --git a/roles/fail2ban_exporter/tasks/main.yml b/roles/fail2ban_exporter/tasks/main.yml index 43660fed0..50047a556 100644 --- a/roles/fail2ban_exporter/tasks/main.yml +++ b/roles/fail2ban_exporter/tasks/main.yml @@ -2,51 +2,41 @@ - name: Preflight ansible.builtin.include_tasks: file: preflight.yml - apply: - tags: - - fail2ban_exporter_install - - fail2ban_exporter_configure - - fail2ban_exporter_run tags: - fail2ban_exporter_install - fail2ban_exporter_configure - fail2ban_exporter_run - name: Install - ansible.builtin.include_tasks: - file: install.yml - apply: - become: true - tags: - - fail2ban_exporter_install - when: - ( not __fail2ban_exporter_is_installed.stat.exists ) or - ( (__fail2ban_exporter_current_version_output.stderr_lines | length > 0) - and (__fail2ban_exporter_current_version_output.stderr_lines[0] != fail2ban_exporter_version) ) or - ( (__fail2ban_exporter_current_version_output.stdout_lines | length > 0) - and (__fail2ban_exporter_current_version_output.stdout_lines[0] != fail2ban_exporter_version) ) or - ( fail2ban_exporter_binary_local_dir | length > 0 ) + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: install.yml + vars: + _common_local_cache_path: "{{ fail2ban_exporter_local_cache_path }}" + _common_binaries: "{{ _fail2ban_exporter_binaries }}" + _common_binary_install_dir: "{{ fail2ban_exporter_binary_install_dir }}" + _common_binary_url: "{{ fail2ban_exporter_binary_url }}" + _common_checksums_url: "{{ fail2ban_exporter_checksums_url }}" + _common_system_group: "{{ fail2ban_exporter_system_group }}" + _common_system_user: "{{ fail2ban_exporter_system_user }}" + _common_config_dir: "{{ fail2ban_exporter_config_dir }}" tags: - fail2ban_exporter_install - name: SELinux - ansible.builtin.include_tasks: - file: selinux.yml - apply: - become: true - tags: - - fail2ban_exporter_configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: selinux.yml + vars: + _common_selinux_port: "{{ fail2ban_exporter_web_listen_address | urlsplit('port') }}" when: ansible_selinux.status == "enabled" tags: - fail2ban_exporter_configure - name: Configure - ansible.builtin.include_tasks: - file: configure.yml - apply: - become: true - tags: - - fail2ban_exporter_configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: configure.yml tags: - fail2ban_exporter_configure diff --git a/roles/fail2ban_exporter/tasks/preflight.yml b/roles/fail2ban_exporter/tasks/preflight.yml index 714505ea3..f98df9753 100644 --- a/roles/fail2ban_exporter/tasks/preflight.yml +++ b/roles/fail2ban_exporter/tasks/preflight.yml @@ -1,24 +1,8 @@ --- -- name: Assert usage of systemd as an init system - ansible.builtin.assert: - that: ansible_service_mgr == 'systemd' - msg: "This role only works with systemd" - -- name: Install package fact dependencies - become: true - ansible.builtin.package: - name: "{{ _pkg_fact_req }}" - state: present - when: (_pkg_fact_req) - vars: - _pkg_fact_req: "{% if (ansible_pkg_mgr == 'apt') %}\ - {{ ('python-apt' if ansible_python_version is version('3', '<') else 'python3-apt') }} - {% else %}\ - {% endif %}" - -- name: Gather package facts - ansible.builtin.package_facts: - when: "not 'packages' in ansible_facts" +- name: Common preflight + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: preflight.yml - name: Assert that used version supports listen address type ansible.builtin.assert: @@ -36,50 +20,18 @@ list | length == 0 -- name: Check if fail2ban_exporter is installed - ansible.builtin.stat: - path: "{{ fail2ban_exporter_binary_install_dir }}/fail2ban_exporter" - register: __fail2ban_exporter_is_installed - check_mode: false - tags: - - fail2ban_exporter_install - -- name: Gather currently installed fail2ban_exporter version (if any) - ansible.builtin.command: "{{ fail2ban_exporter_binary_install_dir }}/fail2ban_exporter --version" - changed_when: false - register: __fail2ban_exporter_current_version_output - check_mode: false - when: __fail2ban_exporter_is_installed.stat.exists - tags: - - fail2ban_exporter_install - - name: Discover latest version ansible.builtin.set_fact: fail2ban_exporter_version: "{{ (lookup('url', 'https://gitlab.com/api/v4/projects/{{ _fail2ban_exporter_repo }}/releases', - split_lines=False) | from_json)[0].get('tag_name') | replace('v', '') }}" + split_lines=False) | from_json)[0].get('tag_name') | replace('v', '') }}" run_once: true until: fail2ban_exporter_version is version('0.0.0', '>=') retries: 10 when: - fail2ban_exporter_version == "latest" - - fail2ban_exporter_binary_local_dir | length == 0 - - not fail2ban_exporter_skip_install - -- name: Get fail2ban_exporter binary checksum - when: - - fail2ban_exporter_binary_local_dir | length == 0 - - not fail2ban_exporter_skip_install - block: - - name: Get checksum list from gitlab - ansible.builtin.set_fact: - __fail2ban_exporter_checksums: "{{ lookup('url', fail2ban_exporter_checksums_url, wantlist=True) | list }}" - run_once: true - until: __fail2ban_exporter_checksums is search('linux_' + go_arch + '.tar.gz') - retries: 10 - - - name: "Get checksum for {{ go_arch }}" - ansible.builtin.set_fact: - __fail2ban_exporter_checksum: "{{ item.split(' ')[0] }}" - with_items: "{{ __fail2ban_exporter_checksums }}" - when: - - "item.endswith('fail2ban_exporter_' + fail2ban_exporter_version + '_linux_' + go_arch + '.tar.gz')" + tags: + - fail2ban_exporter + - install + - fail2ban_exporter_install + - download + - fail2ban_exporter_download diff --git a/roles/fail2ban_exporter/tasks/selinux.yml b/roles/fail2ban_exporter/tasks/selinux.yml deleted file mode 100644 index 754cbd0a2..000000000 --- a/roles/fail2ban_exporter/tasks/selinux.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Install selinux python packages [RedHat] - ansible.builtin.package: - name: "{{ ['libselinux-python', 'policycoreutils-python'] - if ansible_python_version is version('3', '<') else - ['python3-libselinux', 'python3-policycoreutils'] }}" - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: ansible_os_family | lower == "redhat" - -- name: Install selinux python packages [clearlinux] - ansible.builtin.package: - name: sysadmin-basic - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: - - ansible_distribution | lower == "clearlinux" diff --git a/roles/fail2ban_exporter/templates/fail2ban_exporter.service.j2 b/roles/fail2ban_exporter/templates/fail2ban_exporter.service.j2 index 56c22270c..3690504fc 100644 --- a/roles/fail2ban_exporter/templates/fail2ban_exporter.service.j2 +++ b/roles/fail2ban_exporter/templates/fail2ban_exporter.service.j2 @@ -6,8 +6,8 @@ After=network-online.target [Service] Type=simple -User=root -Group=root +User={{ fail2ban_exporter_system_user }} +Group={{ fail2ban_exporter_system_group }} ExecStart={{ fail2ban_exporter_binary_install_dir }}/fail2ban_exporter \ --web.listen-address={{ fail2ban_exporter_web_listen_address }} \ {% if fail2ban_exporter_username | length > 0 -%} diff --git a/roles/fail2ban_exporter/vars/main.yml b/roles/fail2ban_exporter/vars/main.yml index 0807ef1f7..f250a48fb 100644 --- a/roles/fail2ban_exporter/vars/main.yml +++ b/roles/fail2ban_exporter/vars/main.yml @@ -1,10 +1,8 @@ --- -go_arch_map: - i386: '386' - x86_64: 'amd64' - aarch64: 'arm64' - armv7l: 'armv7' - armv6l: 'armv6' - -go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}" +_fail2ban_exporter_go_ansible_arch: "{{ {'i386': '386', + 'x86_64': 'amd64', + 'aarch64': 'arm64', + 'armv7l': 'armv7', + 'armv6l': 'armv6'}.get(ansible_architecture, ansible_architecture) }}" _fail2ban_exporter_repo: 24199687 +_fail2ban_exporter_binaries: ['fail2ban_exporter'] From f09635db7343c6a69b8adcdc61fb524129d1bdce Mon Sep 17 00:00:00 2001 From: gardar Date: Tue, 15 Oct 2024 17:05:25 +0000 Subject: [PATCH 08/24] refactor(ipmi_exporter): delegate common tasks to _common role Signed-off-by: gardar --- roles/ipmi_exporter/defaults/main.yml | 14 ++-- roles/ipmi_exporter/meta/argument_specs.yml | 20 ++--- .../molecule/alternative/molecule.yml | 6 +- .../molecule/default/tests/test_default.py | 1 - roles/ipmi_exporter/tasks/configure.yml | 57 ++++++-------- roles/ipmi_exporter/tasks/install.yml | 74 ------------------- roles/ipmi_exporter/tasks/main.yml | 46 +++++------- roles/ipmi_exporter/tasks/preflight.yml | 68 +++-------------- roles/ipmi_exporter/tasks/selinux.yml | 23 ------ .../templates/ipmi_exporter.service.j2 | 4 +- .../templates/web_config.yaml.j2 | 18 ----- roles/ipmi_exporter/vars/main.yml | 17 +++-- 12 files changed, 76 insertions(+), 272 deletions(-) delete mode 100644 roles/ipmi_exporter/tasks/install.yml delete mode 100644 roles/ipmi_exporter/tasks/selinux.yml delete mode 100644 roles/ipmi_exporter/templates/web_config.yaml.j2 diff --git a/roles/ipmi_exporter/defaults/main.yml b/roles/ipmi_exporter/defaults/main.yml index 4635c988f..caa0009f3 100644 --- a/roles/ipmi_exporter/defaults/main.yml +++ b/roles/ipmi_exporter/defaults/main.yml @@ -1,10 +1,8 @@ --- ipmi_exporter_version: 1.8.0 -ipmi_exporter_binary_local_dir: "" ipmi_exporter_binary_url: "https://github.com/{{ _ipmi_exporter_repo }}/releases/download/v{{ ipmi_exporter_version }}/\ - ipmi_exporter-{{ ipmi_exporter_version }}.linux-{{ go_arch }}.tar.gz" + ipmi_exporter-{{ ipmi_exporter_version }}.{{ ansible_system | lower }}-{{ _ipmi_exporter_go_ansible_arch }}.tar.gz" ipmi_exporter_checksums_url: "https://github.com/{{ _ipmi_exporter_repo }}/releases/download/v{{ ipmi_exporter_version }}/sha256sums.txt" -ipmi_exporter_skip_install: false ipmi_exporter_modules: default: @@ -18,17 +16,17 @@ ipmi_exporter_modules: ipmi_exporter_web_listen_address: "0.0.0.0:9290" ipmi_exporter_tls_server_config: {} - ipmi_exporter_http_server_config: {} - ipmi_exporter_basic_auth_users: {} ipmi_exporter_log_level: "info" ipmi_exporter_log_format: "logfmt" ipmi_exporter_binary_install_dir: "/usr/local/bin" -ipmi_exporter_system_group: "ipmi-exp" -ipmi_exporter_system_user: "{{ ipmi_exporter_system_group }}" +ipmi_exporter_system_user: "ipmi-exp" +ipmi_exporter_system_group: "{{ ipmi_exporter_system_user }}" + +ipmi_exporter_config_dir: /etc/ipmi_exporter # Local path to stash the archive and its extraction -ipmi_exporter_archive_path: /tmp +ipmi_exporter_local_cache_path: "/tmp/ipmi_exporter-{{ ansible_system | lower }}-{{ _ipmi_exporter_go_ansible_arch }}/{{ ipmi_exporter_version }}" diff --git a/roles/ipmi_exporter/meta/argument_specs.yml b/roles/ipmi_exporter/meta/argument_specs.yml index 7142d0734..76effcd34 100644 --- a/roles/ipmi_exporter/meta/argument_specs.yml +++ b/roles/ipmi_exporter/meta/argument_specs.yml @@ -11,18 +11,9 @@ argument_specs: ipmi_exporter_version: description: "ipmi_exporter package version. Also accepts latest as parameter." default: "1.8.0" - ipmi_exporter_skip_install: - description: "ipmi_exporter installation tasks gets skipped when set to true." - type: bool - default: false - ipmi_exporter_binary_local_dir: - description: - - "Enables the use of local packages instead of those distributed on github." - - "The parameter may be set to a directory where the C(ipmi_exporter) binary is stored on the host where ansible is run." - - "This overrides the I(ipmi_exporter_version) parameter" ipmi_exporter_binary_url: description: "URL of the ipmi_exporter binaries .tar.gz file" - default: "https://github.com/{{ _ipmi_exporter_repo }}/releases/download/v{{ ipmi_exporter_version }}/ipmi_exporter-{{ ipmi_exporter_version }}.linux-{{ go_arch }}.tar.gz" + default: "https://github.com/{{ _ipmi_exporter_repo }}/releases/download/v{{ ipmi_exporter_version }}/ipmi_exporter-{{ ipmi_exporter_version }}.{{ ansible_system | lower }}-{{ _ipmi_exporter_go_ansible_arch }}.tar.gz" ipmi_exporter_checksums_url: description: "URL of the ipmi_exporter checksums file" default: "https://github.com/{{ _ipmi_exporter_repo }}/releases/download/v{{ ipmi_exporter_version }}/sha256sums.txt" @@ -68,6 +59,9 @@ argument_specs: - "I(Advanced)" - "ipmi_exporter user" default: "ipmi-exp" - ipmi_exporter_archive_path: - description: 'Local path to stash the archive and its extraction' - default: "/tmp" + ipmi_exporter_local_cache_path: + description: "Local path to stash the archive and its extraction" + default: "/tmp/ipmi_exporter-{{ ansible_system | lower }}-{{ _ipmi_exporter_go_ansible_arch }}/{{ ipmi_exporter_version }}" + ipmi_exporter_config_dir: + description: "Path to directory with ipmi_exporter configuration" + default: "/etc/ipmi_exporter" diff --git a/roles/ipmi_exporter/molecule/alternative/molecule.yml b/roles/ipmi_exporter/molecule/alternative/molecule.yml index d997bc7f0..f35e70951 100644 --- a/roles/ipmi_exporter/molecule/alternative/molecule.yml +++ b/roles/ipmi_exporter/molecule/alternative/molecule.yml @@ -5,7 +5,7 @@ provisioner: inventory: group_vars: all: - ipmi_exporter_binary_local_dir: "/tmp/ipmi_exporter-linux-amd64" + ipmi_exporter_local_cache_path: "/tmp/ipmi_exporter-linux-amd64" ipmi_exporter_web_listen_address: "127.0.0.1:8080" ipmi_exporter_tls_server_config: cert_file: /etc/ipmi_exporter/tls.cert @@ -14,8 +14,6 @@ provisioner: http2: true ipmi_exporter_basic_auth_users: randomuser: examplepassword - go_arch: amd64 ipmi_exporter_version: 1.6.1 ipmi_exporter_binary_url: "https://github.com/prometheus-community/ipmi_exporter/releases/download/v{{\ - \ ipmi_exporter_version }}/ipmi_exporter-{{ ipmi_exporter_version }}.linux-{{\ - \ go_arch }}.tar.gz" + \ ipmi_exporter_version }}/ipmi_exporter-{{ ipmi_exporter_version }}.linux-amd64.tar.gz" diff --git a/roles/ipmi_exporter/molecule/default/tests/test_default.py b/roles/ipmi_exporter/molecule/default/tests/test_default.py index bcde01288..b38115496 100644 --- a/roles/ipmi_exporter/molecule/default/tests/test_default.py +++ b/roles/ipmi_exporter/molecule/default/tests/test_default.py @@ -31,7 +31,6 @@ def test_user(host): assert host.group("ipmi-exp").exists assert "ipmi-exp" in host.user("ipmi-exp").groups assert host.user("ipmi-exp").shell == "/usr/sbin/nologin" - assert host.user("ipmi-exp").home == "/" def test_service(host): diff --git a/roles/ipmi_exporter/tasks/configure.yml b/roles/ipmi_exporter/tasks/configure.yml index 34a03ef82..25cc671ed 100644 --- a/roles/ipmi_exporter/tasks/configure.yml +++ b/roles/ipmi_exporter/tasks/configure.yml @@ -1,47 +1,32 @@ --- -- name: Copy the ipmi_exporter systemd service file - ansible.builtin.template: - src: ipmi_exporter.service.j2 - dest: /etc/systemd/system/ipmi_exporter.service - owner: root - group: root - mode: 0644 - notify: restart ipmi_exporter - -- name: Create ipmi_exporter config directory - ansible.builtin.file: - path: "/etc/ipmi_exporter" - state: directory - owner: root - group: root - mode: u+rwX,g+rwX,o=rX - -- name: Copy the ipmi_exporter web config file - ansible.builtin.template: - src: web_config.yaml.j2 - dest: /etc/ipmi_exporter/web_config.yaml - owner: root - group: root - mode: 0644 - notify: restart ipmi_exporter +- name: "Common configure" + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: configure.yml + vars: + _common_system_user: "{{ ipmi_exporter_system_user }}" + _common_system_group: "{{ ipmi_exporter_system_group }}" + _common_config_dir: "{{ ipmi_exporter_config_dir }}" + _common_tls_server_config: "{{ ipmi_exporter_tls_server_config }}" + _common_http_server_config: "{{ ipmi_exporter_http_server_config }}" + _common_basic_auth_users: "{{ ipmi_exporter_basic_auth_users }}" + tags: + - ipmi_exporter + - configure + - ipmi_exporter_configure - name: Copy the ipmi_exporter config file ansible.builtin.template: src: config.yaml.j2 dest: /etc/ipmi_exporter/config.yaml - owner: root + owner: "{{ ipmi_exporter_system_user }}" group: "{{ ipmi_exporter_system_group }}" mode: 0640 + become: true no_log: "{{ false if (lookup('env', 'CI')) or (lookup('env', 'MOLECULE_PROVISIONER_NAME')) else true }}" notify: - restart ipmi_exporter - -- name: Allow ipmi_exporter port in SELinux on RedHat OS family - community.general.seport: - ports: "{{ ipmi_exporter_web_listen_address.split(':')[-1] }}" - proto: tcp - setype: http_port_t - state: present - when: - - ansible_version.full is version_compare('2.4', '>=') - - ansible_selinux.status == "enabled" + tags: + - ipmi_exporter + - configure + - ipmi_exporter_configure diff --git a/roles/ipmi_exporter/tasks/install.yml b/roles/ipmi_exporter/tasks/install.yml deleted file mode 100644 index b251a58f8..000000000 --- a/roles/ipmi_exporter/tasks/install.yml +++ /dev/null @@ -1,74 +0,0 @@ ---- -- name: Create the ipmi_exporter group - ansible.builtin.group: - name: "{{ ipmi_exporter_system_group }}" - state: present - system: true - when: ipmi_exporter_system_group != "root" - -- name: Create the ipmi_exporter user - ansible.builtin.user: - name: "{{ ipmi_exporter_system_user }}" - groups: "{{ ipmi_exporter_system_group }}" - append: true - shell: /usr/sbin/nologin - system: true - create_home: false - home: / - when: ipmi_exporter_system_user != "root" - -- name: Get binary - when: - - ipmi_exporter_binary_local_dir | length == 0 - - not ipmi_exporter_skip_install - block: - - - name: Download ipmi_exporter binary to local folder - become: false - ansible.builtin.get_url: - url: "{{ ipmi_exporter_binary_url }}" - dest: "{{ ipmi_exporter_archive_path }}/ipmi_exporter-{{ ipmi_exporter_version }}.linux-{{ go_arch }}.tar.gz" - checksum: "sha256:{{ __ipmi_exporter_checksum }}" - mode: '0644' - register: _download_binary - until: _download_binary is succeeded - retries: 5 - delay: 2 - delegate_to: localhost - check_mode: false - - - name: Unpack ipmi_exporter binary - become: false - ansible.builtin.unarchive: - src: "{{ ipmi_exporter_archive_path }}/ipmi_exporter-{{ ipmi_exporter_version }}.linux-{{ go_arch }}.tar.gz" - dest: "{{ ipmi_exporter_archive_path }}" - creates: "{{ ipmi_exporter_archive_path }}/ipmi_exporter-{{ ipmi_exporter_version }}.linux-{{ go_arch }}/ipmi_exporter" - delegate_to: localhost - check_mode: false - - - name: Propagate ipmi_exporter binaries - ansible.builtin.copy: - src: "{{ ipmi_exporter_archive_path }}/ipmi_exporter-{{ ipmi_exporter_version }}.linux-{{ go_arch }}/ipmi_exporter" - dest: "{{ ipmi_exporter_binary_install_dir }}/ipmi_exporter" - mode: 0755 - owner: root - group: root - notify: restart ipmi_exporter - when: not ansible_check_mode - -- name: Propagate locally distributed ipmi_exporter binary - ansible.builtin.copy: - src: "{{ ipmi_exporter_binary_local_dir }}/ipmi_exporter" - dest: "{{ ipmi_exporter_binary_install_dir }}/ipmi_exporter" - mode: 0755 - owner: root - group: root - when: - - ipmi_exporter_binary_local_dir | length > 0 - - not ipmi_exporter_skip_install - notify: restart ipmi_exporter - -- name: Install freeipmi package - ansible.builtin.package: - name: freeipmi - state: present diff --git a/roles/ipmi_exporter/tasks/main.yml b/roles/ipmi_exporter/tasks/main.yml index c3ebe6d15..cb7317710 100644 --- a/roles/ipmi_exporter/tasks/main.yml +++ b/roles/ipmi_exporter/tasks/main.yml @@ -2,40 +2,34 @@ - name: Preflight ansible.builtin.include_tasks: file: preflight.yml - apply: - tags: - - ipmi_exporter_install - - ipmi_exporter_configure - - ipmi_exporter_run tags: - ipmi_exporter_install - ipmi_exporter_configure - ipmi_exporter_run - name: Install - ansible.builtin.include_tasks: - file: install.yml - apply: - become: true - tags: - - ipmi_exporter_install - when: - ( not __ipmi_exporter_is_installed.stat.exists ) or - ( (__ipmi_exporter_current_version_output.stderr_lines | length > 0) - and (__ipmi_exporter_current_version_output.stderr_lines[0].split(" ")[2] != ipmi_exporter_version) ) or - ( (__ipmi_exporter_current_version_output.stdout_lines | length > 0) - and (__ipmi_exporter_current_version_output.stdout_lines[0].split(" ")[2] != ipmi_exporter_version) ) or - ( ipmi_exporter_binary_local_dir | length > 0 ) + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: install.yml + vars: + _common_local_cache_path: "{{ ipmi_exporter_local_cache_path }}" + _common_binaries: "{{ _ipmi_exporter_binaries }}" + _common_binary_install_dir: "{{ ipmi_exporter_binary_install_dir }}" + _common_binary_url: "{{ ipmi_exporter_binary_url }}" + _common_checksums_url: "{{ ipmi_exporter_checksums_url }}" + _common_system_group: "{{ ipmi_exporter_system_group }}" + _common_system_user: "{{ ipmi_exporter_system_user }}" + _common_config_dir: "{{ ipmi_exporter_config_dir }}" + _common_binary_unarchive_opts: ['--strip-components=1'] tags: - ipmi_exporter_install - name: SELinux - ansible.builtin.include_tasks: - file: selinux.yml - apply: - become: true - tags: - - ipmi_exporter_configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: selinux.yml + vars: + _common_selinux_port: "{{ ipmi_exporter_web_listen_address | urlsplit('port') }}" when: ansible_selinux.status == "enabled" tags: - ipmi_exporter_configure @@ -43,10 +37,6 @@ - name: Configure ansible.builtin.include_tasks: file: configure.yml - apply: - become: true - tags: - - ipmi_exporter_configure tags: - ipmi_exporter_configure diff --git a/roles/ipmi_exporter/tasks/preflight.yml b/roles/ipmi_exporter/tasks/preflight.yml index 5baab8ca0..4e07f0199 100644 --- a/roles/ipmi_exporter/tasks/preflight.yml +++ b/roles/ipmi_exporter/tasks/preflight.yml @@ -1,24 +1,10 @@ --- -- name: Assert usage of systemd as an init system - ansible.builtin.assert: - that: ansible_service_mgr == 'systemd' - msg: "This role only works with systemd" - -- name: Install package fact dependencies - become: true - ansible.builtin.package: - name: "{{ _pkg_fact_req }}" - state: present - when: (_pkg_fact_req) +- name: Common preflight + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: preflight.yml vars: - _pkg_fact_req: "{% if (ansible_pkg_mgr == 'apt') %}\ - {{ ('python-apt' if ansible_python_version is version('3', '<') else 'python3-apt') }} - {% else %}\ - {% endif %}" - -- name: Gather package facts - ansible.builtin.package_facts: - when: "not 'packages' in ansible_facts" + _common_dependencies: "{{ _ipmi_exporter_dependencies }}" - name: Assert that used version supports listen address type ansible.builtin.assert: @@ -61,23 +47,6 @@ - "__ipmi_exporter_cert_file.stat.exists" - "__ipmi_exporter_key_file.stat.exists" -- name: Check if ipmi_exporter is installed - ansible.builtin.stat: - path: "{{ ipmi_exporter_binary_install_dir }}/ipmi_exporter" - register: __ipmi_exporter_is_installed - check_mode: false - tags: - - ipmi_exporter_install - -- name: Gather currently installed ipmi_exporter version (if any) - ansible.builtin.command: "{{ ipmi_exporter_binary_install_dir }}/ipmi_exporter --version" - changed_when: false - register: __ipmi_exporter_current_version_output - check_mode: false - when: __ipmi_exporter_is_installed.stat.exists - tags: - - ipmi_exporter_install - - name: Discover latest version ansible.builtin.set_fact: ipmi_exporter_version: "{{ (lookup('url', 'https://api.github.com/repos/{{ _ipmi_exporter_repo }}/releases/latest', headers=_github_api_headers, @@ -87,24 +56,9 @@ retries: 10 when: - ipmi_exporter_version == "latest" - - ipmi_exporter_binary_local_dir | length == 0 - - not ipmi_exporter_skip_install - -- name: Get ipmi_exporter binary checksum - when: - - ipmi_exporter_binary_local_dir | length == 0 - - not ipmi_exporter_skip_install - block: - - name: Get checksum list from github - ansible.builtin.set_fact: - __ipmi_exporter_checksums: "{{ lookup('url', ipmi_exporter_checksums_url, headers=_github_api_headers, wantlist=True) | list }}" - run_once: true - until: __ipmi_exporter_checksums is search('linux-' + go_arch + '.tar.gz') - retries: 10 - - - name: "Get checksum for {{ go_arch }}" - ansible.builtin.set_fact: - __ipmi_exporter_checksum: "{{ item.split(' ')[0] }}" - with_items: "{{ __ipmi_exporter_checksums }}" - when: - - "('linux-' + go_arch + '.tar.gz') in item" + tags: + - ipmi_exporter + - install + - ipmi_exporter_install + - download + - ipmi_exporter_download diff --git a/roles/ipmi_exporter/tasks/selinux.yml b/roles/ipmi_exporter/tasks/selinux.yml deleted file mode 100644 index 754cbd0a2..000000000 --- a/roles/ipmi_exporter/tasks/selinux.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Install selinux python packages [RedHat] - ansible.builtin.package: - name: "{{ ['libselinux-python', 'policycoreutils-python'] - if ansible_python_version is version('3', '<') else - ['python3-libselinux', 'python3-policycoreutils'] }}" - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: ansible_os_family | lower == "redhat" - -- name: Install selinux python packages [clearlinux] - ansible.builtin.package: - name: sysadmin-basic - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: - - ansible_distribution | lower == "clearlinux" diff --git a/roles/ipmi_exporter/templates/ipmi_exporter.service.j2 b/roles/ipmi_exporter/templates/ipmi_exporter.service.j2 index e59c09e7a..eb88469a0 100644 --- a/roles/ipmi_exporter/templates/ipmi_exporter.service.j2 +++ b/roles/ipmi_exporter/templates/ipmi_exporter.service.j2 @@ -9,10 +9,10 @@ Type=simple User={{ ipmi_exporter_system_user }} Group={{ ipmi_exporter_system_group }} ExecStart={{ ipmi_exporter_binary_install_dir }}/ipmi_exporter \ - '--config.file=/etc/ipmi_exporter/config.yaml' \ + '--config.file={{ ipmi_exporter_config_dir }}/config.yaml' \ '--web.listen-address={{ ipmi_exporter_web_listen_address }}' \ {% if ipmi_exporter_tls_server_config | length > 0 or ipmi_exporter_http_server_config | length > 0 or ipmi_exporter_basic_auth_users | length > 0 %} - '--web.config.file=/etc/ipmi_exporter/web_config.yaml' \ + '--web.config.file={{ ipmi_exporter_config_dir }}/web_config.yml' \ {% endif %} '--log.level={{ ipmi_exporter_log_level }}' \ '--log.format={{ ipmi_exporter_log_format }}' diff --git a/roles/ipmi_exporter/templates/web_config.yaml.j2 b/roles/ipmi_exporter/templates/web_config.yaml.j2 deleted file mode 100644 index 9842b7de2..000000000 --- a/roles/ipmi_exporter/templates/web_config.yaml.j2 +++ /dev/null @@ -1,18 +0,0 @@ ---- -{{ ansible_managed | comment }} -{% if ipmi_exporter_tls_server_config | length > 0 %} -tls_server_config: -{{ ipmi_exporter_tls_server_config | to_nice_yaml | indent(2, true) }} -{% endif %} - -{% if ipmi_exporter_http_server_config | length > 0 %} -http_server_config: -{{ ipmi_exporter_http_server_config | to_nice_yaml | indent(2, true) }} -{% endif %} - -{% if ipmi_exporter_basic_auth_users | length > 0 %} -basic_auth_users: -{% for k, v in ipmi_exporter_basic_auth_users.items() %} - {{ k }}: {{ v | string | password_hash('bcrypt', ('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890' | shuffle(seed=inventory_hostname) | join)[:22], rounds=9) }} -{% endfor %} -{% endif %} diff --git a/roles/ipmi_exporter/vars/main.yml b/roles/ipmi_exporter/vars/main.yml index 0f385948c..f0dfaf389 100644 --- a/roles/ipmi_exporter/vars/main.yml +++ b/roles/ipmi_exporter/vars/main.yml @@ -1,11 +1,12 @@ --- -go_arch_map: - i386: '386' - x86_64: 'amd64' - aarch64: 'arm64' - armv7l: 'armv7' - armv6l: 'armv6' - -go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}" +_ipmi_exporter_go_ansible_arch: "{{ {'i386': '386', + 'x86_64': 'amd64', + 'aarch64': 'arm64', + 'armv7l': 'armv7', + 'armv6l': 'armv6'}.get(ansible_architecture, ansible_architecture) }}" _ipmi_exporter_repo: "prometheus-community/ipmi_exporter" _github_api_headers: "{{ {'GITHUB_TOKEN': lookup('ansible.builtin.env', 'GITHUB_TOKEN')} if (lookup('ansible.builtin.env', 'GITHUB_TOKEN')) else {} }}" +_ipmi_exporter_binaries: ['ipmi_exporter'] +_ipmi_exporter_dependencies: "{{ (ansible_pkg_mgr == 'apt') + | ternary((['python-apt'] if ansible_python_version is version('3', '<') else ['python3-apt']), + []) + ['freeipmi'] }}" From 4dac93aa7456f9f7926aab7fd49c3396d560f58a Mon Sep 17 00:00:00 2001 From: gardar Date: Tue, 15 Oct 2024 17:06:35 +0000 Subject: [PATCH 09/24] refactor(memcached_exporter): delegate common tasks to _common role Signed-off-by: gardar --- roles/memcached_exporter/defaults/main.yml | 14 ++-- .../meta/argument_specs.yml | 20 ++---- .../molecule/alternative/molecule.yml | 6 +- .../molecule/default/tests/test_default.py | 1 - roles/memcached_exporter/tasks/configure.yml | 36 ---------- roles/memcached_exporter/tasks/install.yml | 69 ------------------- roles/memcached_exporter/tasks/main.yml | 58 ++++++++-------- roles/memcached_exporter/tasks/preflight.yml | 68 +++--------------- roles/memcached_exporter/tasks/selinux.yml | 23 ------- .../templates/memcached_exporter.service.j2 | 2 +- .../templates/web_config.yaml.j2 | 18 ----- roles/memcached_exporter/vars/main.yml | 14 ++-- 12 files changed, 60 insertions(+), 269 deletions(-) delete mode 100644 roles/memcached_exporter/tasks/configure.yml delete mode 100644 roles/memcached_exporter/tasks/install.yml delete mode 100644 roles/memcached_exporter/tasks/selinux.yml delete mode 100644 roles/memcached_exporter/templates/web_config.yaml.j2 diff --git a/roles/memcached_exporter/defaults/main.yml b/roles/memcached_exporter/defaults/main.yml index 933b8774d..3d79a9fd8 100644 --- a/roles/memcached_exporter/defaults/main.yml +++ b/roles/memcached_exporter/defaults/main.yml @@ -1,10 +1,8 @@ --- memcached_exporter_version: 0.14.4 -memcached_exporter_binary_local_dir: "" memcached_exporter_binary_url: "https://github.com/{{ _memcached_exporter_repo }}/releases/download/v{{ memcached_exporter_version }}/\ - memcached_exporter-{{ memcached_exporter_version }}.linux-{{ go_arch }}.tar.gz" + memcached_exporter-{{ memcached_exporter_version }}.{{ ansible_system | lower }}-{{ _memcached_exporter_go_ansible_arch }}.tar.gz" memcached_exporter_checksums_url: "https://github.com/{{ _memcached_exporter_repo }}/releases/download/v{{ memcached_exporter_version }}/sha256sums.txt" -memcached_exporter_skip_install: false memcached_exporter_memcached_pid_file: "" @@ -14,17 +12,17 @@ memcached_exporter_web_listen_address: "0.0.0.0:9150" memcached_exporter_web_telemetry_path: "/metrics" memcached_exporter_tls_server_config: {} - memcached_exporter_http_server_config: {} - memcached_exporter_basic_auth_users: {} memcached_exporter_log_level: "info" memcached_exporter_log_format: "logfmt" memcached_exporter_binary_install_dir: "/usr/local/bin" -memcached_exporter_system_group: "memcached-exp" -memcached_exporter_system_user: "{{ memcached_exporter_system_group }}" +memcached_exporter_system_user: "memcached-exp" +memcached_exporter_system_group: "{{ memcached_exporter_system_user }}" # Local path to stash the archive and its extraction -memcached_exporter_archive_path: /tmp +memcached_exporter_local_cache_path: "/tmp/memcached_exporter-{{ ansible_system | lower }}-{{ _memcached_exporter_go_ansible_arch }}/\ + {{ memcached_exporter_version }}" +memcached_exporter_config_dir: "/etc/memcached_exporter" diff --git a/roles/memcached_exporter/meta/argument_specs.yml b/roles/memcached_exporter/meta/argument_specs.yml index 53dfeb20b..f4063cf80 100644 --- a/roles/memcached_exporter/meta/argument_specs.yml +++ b/roles/memcached_exporter/meta/argument_specs.yml @@ -11,18 +11,9 @@ argument_specs: memcached_exporter_version: description: "memcached_exporter package version. Also accepts latest as parameter." default: "0.14.4" - memcached_exporter_skip_install: - description: "memcached_exporter installation tasks gets skipped when set to true." - type: bool - default: false - memcached_exporter_binary_local_dir: - description: - - "Enables the use of local packages instead of those distributed on github." - - "The parameter may be set to a directory where the C(memcached_exporter) binary is stored on the host where ansible is run." - - "This overrides the I(memcached_exporter_version) parameter" memcached_exporter_binary_url: description: "URL of the memcached_exporter binaries .tar.gz file" - default: "https://github.com/{{ _memcached_exporter_repo }}/releases/download/v{{ memcached_exporter_version }}/memcached_exporter-{{ memcached_exporter_version }}.linux-{{ go_arch }}.tar.gz" + default: "https://github.com/{{ _memcached_exporter_repo }}/releases/download/v{{ memcached_exporter_version }}/memcached_exporter-{{ memcached_exporter_version }}.{{ ansible_system | lower }}-{{ _memcached_exporter_go_ansible_arch }}.tar.gz" memcached_exporter_checksums_url: description: "URL of the memcached_exporter checksums file" default: "https://github.com/{{ _memcached_exporter_repo }}/releases/download/v{{ memcached_exporter_version }}/sha256sums.txt" @@ -74,6 +65,9 @@ argument_specs: - "I(Advanced)" - "memcached_exporter user" default: "memcached-exp" - memcached_exporter_archive_path: - description: 'Local path to stash the archive and its extraction' - default: "/tmp" + memcached_exporter_local_cache_path: + description: "Local path to stash the archive and its extraction" + default: "/tmp/memcached_exporter-{{ ansible_system | lower }}-{{ _memcached_exporter_go_ansible_arch }}/{{ memcached_exporter_version }}" + memcached_exporter_config_dir: + description: "Path to directory with memcached_exporter configuration" + default: "/etc/memcached_exporter" diff --git a/roles/memcached_exporter/molecule/alternative/molecule.yml b/roles/memcached_exporter/molecule/alternative/molecule.yml index 421307617..62ed9c28a 100644 --- a/roles/memcached_exporter/molecule/alternative/molecule.yml +++ b/roles/memcached_exporter/molecule/alternative/molecule.yml @@ -5,7 +5,7 @@ provisioner: inventory: group_vars: all: - memcached_exporter_binary_local_dir: "/tmp/memcached_exporter-linux-amd64" + memcached_exporter_local_cache_path: "/tmp/memcached_exporter-linux-amd64" memcached_exporter_web_listen_address: "127.0.0.1:8080" memcached_exporter_tls_server_config: cert_file: /etc/memcached_exporter/tls.cert @@ -14,8 +14,6 @@ provisioner: http2: true memcached_exporter_basic_auth_users: randomuser: examplepassword - go_arch: amd64 memcached_exporter_version: 0.12.0 memcached_exporter_binary_url: "https://github.com/prometheus/memcached_exporter/releases/download/v{{\ - \ memcached_exporter_version }}/memcached_exporter-{{ memcached_exporter_version }}.linux-{{\ - \ go_arch }}.tar.gz" + \ memcached_exporter_version }}/memcached_exporter-{{ memcached_exporter_version }}.linux-amd64.tar.gz" diff --git a/roles/memcached_exporter/molecule/default/tests/test_default.py b/roles/memcached_exporter/molecule/default/tests/test_default.py index eeccbee9b..153e2941f 100644 --- a/roles/memcached_exporter/molecule/default/tests/test_default.py +++ b/roles/memcached_exporter/molecule/default/tests/test_default.py @@ -31,7 +31,6 @@ def test_user(host): assert host.group("memcached-exp").exists assert "memcached-exp" in host.user("memcached-exp").groups assert host.user("memcached-exp").shell == "/usr/sbin/nologin" - assert host.user("memcached-exp").home == "/" def test_service(host): diff --git a/roles/memcached_exporter/tasks/configure.yml b/roles/memcached_exporter/tasks/configure.yml deleted file mode 100644 index 63c3f4b5c..000000000 --- a/roles/memcached_exporter/tasks/configure.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- name: Copy the memcached_exporter systemd service file - ansible.builtin.template: - src: memcached_exporter.service.j2 - dest: /etc/systemd/system/memcached_exporter.service - owner: root - group: root - mode: 0644 - notify: restart memcached_exporter - -- name: Create memcached_exporter config directory - ansible.builtin.file: - path: "/etc/memcached_exporter" - state: directory - owner: root - group: root - mode: u+rwX,g+rwX,o=rX - -- name: Copy the memcached_exporter web config file - ansible.builtin.template: - src: web_config.yaml.j2 - dest: /etc/memcached_exporter/web_config.yaml - owner: root - group: root - mode: 0644 - notify: restart memcached_exporter - -- name: Allow memcached_exporter port in SELinux on RedHat OS family - community.general.seport: - ports: "{{ memcached_exporter_web_listen_address.split(':')[-1] }}" - proto: tcp - setype: http_port_t - state: present - when: - - ansible_version.full is version_compare('2.4', '>=') - - ansible_selinux.status == "enabled" diff --git a/roles/memcached_exporter/tasks/install.yml b/roles/memcached_exporter/tasks/install.yml deleted file mode 100644 index 86404166d..000000000 --- a/roles/memcached_exporter/tasks/install.yml +++ /dev/null @@ -1,69 +0,0 @@ ---- -- name: Create the memcached_exporter group - ansible.builtin.group: - name: "{{ memcached_exporter_system_group }}" - state: present - system: true - when: memcached_exporter_system_group != "root" - -- name: Create the memcached_exporter user - ansible.builtin.user: - name: "{{ memcached_exporter_system_user }}" - groups: "{{ memcached_exporter_system_group }}" - append: true - shell: /usr/sbin/nologin - system: true - create_home: false - home: / - when: memcached_exporter_system_user != "root" - -- name: Get binary - when: - - memcached_exporter_binary_local_dir | length == 0 - - not memcached_exporter_skip_install - block: - - - name: Download memcached_exporter binary to local folder - become: false - ansible.builtin.get_url: - url: "{{ memcached_exporter_binary_url }}" - dest: "{{ memcached_exporter_archive_path }}/memcached_exporter-{{ memcached_exporter_version }}.linux-{{ go_arch }}.tar.gz" - checksum: "sha256:{{ __memcached_exporter_checksum }}" - mode: '0644' - register: _download_binary - until: _download_binary is succeeded - retries: 5 - delay: 2 - delegate_to: localhost - check_mode: false - - - name: Unpack memcached_exporter binary - become: false - ansible.builtin.unarchive: - src: "{{ memcached_exporter_archive_path }}/memcached_exporter-{{ memcached_exporter_version }}.linux-{{ go_arch }}.tar.gz" - dest: "{{ memcached_exporter_archive_path }}" - creates: "{{ memcached_exporter_archive_path }}/memcached_exporter-{{ memcached_exporter_version }}.linux-{{ go_arch }}/memcached_exporter" - delegate_to: localhost - check_mode: false - - - name: Propagate memcached_exporter binaries - ansible.builtin.copy: - src: "{{ memcached_exporter_archive_path }}/memcached_exporter-{{ memcached_exporter_version }}.linux-{{ go_arch }}/memcached_exporter" - dest: "{{ memcached_exporter_binary_install_dir }}/memcached_exporter" - mode: 0755 - owner: root - group: root - notify: restart memcached_exporter - when: not ansible_check_mode - -- name: Propagate locally distributed memcached_exporter binary - ansible.builtin.copy: - src: "{{ memcached_exporter_binary_local_dir }}/memcached_exporter" - dest: "{{ memcached_exporter_binary_install_dir }}/memcached_exporter" - mode: 0755 - owner: root - group: root - when: - - memcached_exporter_binary_local_dir | length > 0 - - not memcached_exporter_skip_install - notify: restart memcached_exporter diff --git a/roles/memcached_exporter/tasks/main.yml b/roles/memcached_exporter/tasks/main.yml index c7a637086..d1224069d 100644 --- a/roles/memcached_exporter/tasks/main.yml +++ b/roles/memcached_exporter/tasks/main.yml @@ -2,51 +2,49 @@ - name: Preflight ansible.builtin.include_tasks: file: preflight.yml - apply: - tags: - - memcached_exporter_install - - memcached_exporter_configure - - memcached_exporter_run tags: - memcached_exporter_install - memcached_exporter_configure - memcached_exporter_run - name: Install - ansible.builtin.include_tasks: - file: install.yml - apply: - become: true - tags: - - memcached_exporter_install - when: - ( not __memcached_exporter_is_installed.stat.exists ) or - ( (__memcached_exporter_current_version_output.stderr_lines | length > 0) - and (__memcached_exporter_current_version_output.stderr_lines[0].split(" ")[2] != memcached_exporter_version) ) or - ( (__memcached_exporter_current_version_output.stdout_lines | length > 0) - and (__memcached_exporter_current_version_output.stdout_lines[0].split(" ")[2] != memcached_exporter_version) ) or - ( memcached_exporter_binary_local_dir | length > 0 ) + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: install.yml + vars: + _common_local_cache_path: "{{ memcached_exporter_local_cache_path }}" + _common_binaries: "{{ _memcached_exporter_binaries }}" + _common_binary_install_dir: "{{ memcached_exporter_binary_install_dir }}" + _common_binary_url: "{{ memcached_exporter_binary_url }}" + _common_checksums_url: "{{ memcached_exporter_checksums_url }}" + _common_system_group: "{{ memcached_exporter_system_group }}" + _common_system_user: "{{ memcached_exporter_system_user }}" + _common_config_dir: "{{ memcached_exporter_config_dir }}" + _common_binary_unarchive_opts: ['--strip-components=1'] tags: - memcached_exporter_install - name: SELinux - ansible.builtin.include_tasks: - file: selinux.yml - apply: - become: true - tags: - - memcached_exporter_configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: selinux.yml + vars: + _common_selinux_port: "{{ memcached_exporter_web_listen_address | urlsplit('port') }}" when: ansible_selinux.status == "enabled" tags: - memcached_exporter_configure - name: Configure - ansible.builtin.include_tasks: - file: configure.yml - apply: - become: true - tags: - - memcached_exporter_configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: configure.yml + vars: + _common_system_user: "{{ memcached_exporter_system_user }}" + _common_system_group: "{{ memcached_exporter_system_group }}" + _common_config_dir: "{{ memcached_exporter_config_dir }}" + _common_tls_server_config: "{{ memcached_exporter_tls_server_config }}" + _common_http_server_config: "{{ memcached_exporter_http_server_config }}" + _common_basic_auth_users: "{{ memcached_exporter_basic_auth_users }}" tags: - memcached_exporter_configure diff --git a/roles/memcached_exporter/tasks/preflight.yml b/roles/memcached_exporter/tasks/preflight.yml index 3ea33858b..47857357a 100644 --- a/roles/memcached_exporter/tasks/preflight.yml +++ b/roles/memcached_exporter/tasks/preflight.yml @@ -1,24 +1,8 @@ --- -- name: Assert usage of systemd as an init system - ansible.builtin.assert: - that: ansible_service_mgr == 'systemd' - msg: "This role only works with systemd" - -- name: Install package fact dependencies - become: true - ansible.builtin.package: - name: "{{ _pkg_fact_req }}" - state: present - when: (_pkg_fact_req) - vars: - _pkg_fact_req: "{% if (ansible_pkg_mgr == 'apt') %}\ - {{ ('python-apt' if ansible_python_version is version('3', '<') else 'python3-apt') }} - {% else %}\ - {% endif %}" - -- name: Gather package facts - ansible.builtin.package_facts: - when: "not 'packages' in ansible_facts" +- name: Common preflight + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: preflight.yml - name: Assert that used version supports listen address type ansible.builtin.assert: @@ -61,23 +45,6 @@ - "__memcached_exporter_cert_file.stat.exists" - "__memcached_exporter_key_file.stat.exists" -- name: Check if memcached_exporter is installed - ansible.builtin.stat: - path: "{{ memcached_exporter_binary_install_dir }}/memcached_exporter" - register: __memcached_exporter_is_installed - check_mode: false - tags: - - memcached_exporter_install - -- name: Gather currently installed memcached_exporter version (if any) - ansible.builtin.command: "{{ memcached_exporter_binary_install_dir }}/memcached_exporter --version" - changed_when: false - register: __memcached_exporter_current_version_output - check_mode: false - when: __memcached_exporter_is_installed.stat.exists - tags: - - memcached_exporter_install - - name: Discover latest version ansible.builtin.set_fact: memcached_exporter_version: "{{ (lookup('url', 'https://api.github.com/repos/{{ _memcached_exporter_repo }}/releases/latest', headers=_github_api_headers, @@ -87,24 +54,9 @@ retries: 10 when: - memcached_exporter_version == "latest" - - memcached_exporter_binary_local_dir | length == 0 - - not memcached_exporter_skip_install - -- name: Get memcached_exporter binary checksum - when: - - memcached_exporter_binary_local_dir | length == 0 - - not memcached_exporter_skip_install - block: - - name: Get checksum list from github - ansible.builtin.set_fact: - __memcached_exporter_checksums: "{{ lookup('url', memcached_exporter_checksums_url, headers=_github_api_headers, wantlist=True) | list }}" - run_once: true - until: __memcached_exporter_checksums is search('linux-' + go_arch + '.tar.gz') - retries: 10 - - - name: "Get checksum for {{ go_arch }}" - ansible.builtin.set_fact: - __memcached_exporter_checksum: "{{ item.split(' ')[0] }}" - with_items: "{{ __memcached_exporter_checksums }}" - when: - - "('linux-' + go_arch + '.tar.gz') in item" + tags: + - memcached_exporter + - install + - memcached_exporter_install + - download + - memcached_exporter_download diff --git a/roles/memcached_exporter/tasks/selinux.yml b/roles/memcached_exporter/tasks/selinux.yml deleted file mode 100644 index 754cbd0a2..000000000 --- a/roles/memcached_exporter/tasks/selinux.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Install selinux python packages [RedHat] - ansible.builtin.package: - name: "{{ ['libselinux-python', 'policycoreutils-python'] - if ansible_python_version is version('3', '<') else - ['python3-libselinux', 'python3-policycoreutils'] }}" - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: ansible_os_family | lower == "redhat" - -- name: Install selinux python packages [clearlinux] - ansible.builtin.package: - name: sysadmin-basic - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: - - ansible_distribution | lower == "clearlinux" diff --git a/roles/memcached_exporter/templates/memcached_exporter.service.j2 b/roles/memcached_exporter/templates/memcached_exporter.service.j2 index 17e6f851f..2fa1200fb 100644 --- a/roles/memcached_exporter/templates/memcached_exporter.service.j2 +++ b/roles/memcached_exporter/templates/memcached_exporter.service.j2 @@ -18,7 +18,7 @@ ExecStart={{ memcached_exporter_binary_install_dir }}/memcached_exporter \ '--web.listen-address={{ memcached_exporter_web_listen_address }}' \ '--web.telemetry-path={{ memcached_exporter_web_telemetry_path }}' \ {% if memcached_exporter_tls_server_config | length > 0 or memcached_exporter_http_server_config | length > 0 or memcached_exporter_basic_auth_users | length > 0 %} - '--web.config.file=/etc/memcached_exporter/web_config.yaml' \ + '--web.config.file={{ memcached_exporter_config_dir }}/web_config.yml' \ {% endif %} '--log.level={{ memcached_exporter_log_level }}' \ '--log.format={{ memcached_exporter_log_format }}' diff --git a/roles/memcached_exporter/templates/web_config.yaml.j2 b/roles/memcached_exporter/templates/web_config.yaml.j2 deleted file mode 100644 index 854b18eb3..000000000 --- a/roles/memcached_exporter/templates/web_config.yaml.j2 +++ /dev/null @@ -1,18 +0,0 @@ ---- -{{ ansible_managed | comment }} -{% if memcached_exporter_tls_server_config | length > 0 %} -tls_server_config: -{{ memcached_exporter_tls_server_config | to_nice_yaml | indent(2, true) }} -{% endif %} - -{% if memcached_exporter_http_server_config | length > 0 %} -http_server_config: -{{ memcached_exporter_http_server_config | to_nice_yaml | indent(2, true) }} -{% endif %} - -{% if memcached_exporter_basic_auth_users | length > 0 %} -basic_auth_users: -{% for k, v in memcached_exporter_basic_auth_users.items() %} - {{ k }}: {{ v | string | password_hash('bcrypt', ('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890' | shuffle(seed=inventory_hostname) | join)[:22], rounds=9) }} -{% endfor %} -{% endif %} diff --git a/roles/memcached_exporter/vars/main.yml b/roles/memcached_exporter/vars/main.yml index 476ec9a3b..f60c91828 100644 --- a/roles/memcached_exporter/vars/main.yml +++ b/roles/memcached_exporter/vars/main.yml @@ -1,11 +1,9 @@ --- -go_arch_map: - i386: '386' - x86_64: 'amd64' - aarch64: 'arm64' - armv7l: 'armv7' - armv6l: 'armv6' - -go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}" +_memcached_exporter_go_ansible_arch: "{{ {'i386': '386', + 'x86_64': 'amd64', + 'aarch64': 'arm64', + 'armv7l': 'armv7', + 'armv6l': 'armv6'}.get(ansible_architecture, ansible_architecture) }}" _memcached_exporter_repo: "prometheus/memcached_exporter" _github_api_headers: "{{ {'GITHUB_TOKEN': lookup('ansible.builtin.env', 'GITHUB_TOKEN')} if (lookup('ansible.builtin.env', 'GITHUB_TOKEN')) else {} }}" +_memcached_exporter_binaries: ['memcached_exporter'] From c2145718218589faad106268572d1806f89d97be Mon Sep 17 00:00:00 2001 From: gardar Date: Tue, 15 Oct 2024 17:06:59 +0000 Subject: [PATCH 10/24] refactor(mongodb_exporter): delegate common tasks to _common role Signed-off-by: gardar --- roles/mongodb_exporter/defaults/main.yml | 9 +-- .../mongodb_exporter/meta/argument_specs.yml | 19 ++--- .../molecule/alternative/molecule.yml | 5 +- .../molecule/default/tests/test_default.py | 1 - roles/mongodb_exporter/tasks/configure.yml | 36 ---------- roles/mongodb_exporter/tasks/install.yml | 69 ------------------- roles/mongodb_exporter/tasks/main.yml | 58 ++++++++-------- roles/mongodb_exporter/tasks/preflight.yml | 68 +++--------------- roles/mongodb_exporter/tasks/selinux.yml | 23 ------- .../templates/mongodb_exporter.service.j2 | 2 +- .../templates/web_config.yaml.j2 | 18 ----- roles/mongodb_exporter/vars/main.yml | 14 ++-- 12 files changed, 55 insertions(+), 267 deletions(-) delete mode 100644 roles/mongodb_exporter/tasks/configure.yml delete mode 100644 roles/mongodb_exporter/tasks/install.yml delete mode 100644 roles/mongodb_exporter/tasks/selinux.yml delete mode 100644 roles/mongodb_exporter/templates/web_config.yaml.j2 diff --git a/roles/mongodb_exporter/defaults/main.yml b/roles/mongodb_exporter/defaults/main.yml index fd3cc91fe..330a1c427 100644 --- a/roles/mongodb_exporter/defaults/main.yml +++ b/roles/mongodb_exporter/defaults/main.yml @@ -1,15 +1,12 @@ --- mongodb_exporter_version: 0.41.1 -mongodb_exporter_binary_local_dir: "" mongodb_exporter_binary_url: "https://github.com/{{ _mongodb_exporter_repo }}/releases/download/v{{ mongodb_exporter_version }}/\ - mongodb_exporter-{{ mongodb_exporter_version }}.linux-{{ go_arch }}.tar.gz" + mongodb_exporter-{{ mongodb_exporter_version }}.{{ ansible_system | lower }}-{{ _mongodb_exporter_go_ansible_arch }}.tar.gz" mongodb_exporter_checksums_url: "https://github.com/{{ _mongodb_exporter_repo }}/releases/download/v{{ mongodb_exporter_version }}/\ mongodb_exporter_{{ mongodb_exporter_version }}_checksums.txt" -mongodb_exporter_skip_install: false mongodb_exporter_web_listen_address: "0.0.0.0:9216" mongodb_exporter_web_telemetry_path: "/metrics" - mongodb_exporter_uri: "mongodb://127.0.0.1:27017/admin?ssl=false" # specify a list of collectors or "all" mongodb_exporter_collectors: [] @@ -32,9 +29,9 @@ mongodb_exporter_basic_auth_users: {} mongodb_exporter_log_level: "error" mongodb_exporter_binary_install_dir: "/usr/local/bin" -mongodb_exporter_system_group: "{{ mongodb_exporter_system_user }}" mongodb_exporter_system_user: "mongodb-exp" +mongodb_exporter_system_group: "{{ mongodb_exporter_system_user }}" mongodb_exporter_config_dir: "/etc/mongodb_exporter" # Local path to stash the archive and its extraction -mongodb_exporter_archive_path: /tmp +mongodb_exporter_local_cache_path: "/tmp/mongodb_exporter-{{ ansible_system | lower }}-{{ _mongodb_exporter_go_ansible_arch }}/{{ mongodb_exporter_version }}" diff --git a/roles/mongodb_exporter/meta/argument_specs.yml b/roles/mongodb_exporter/meta/argument_specs.yml index e342853a7..762c2eae2 100644 --- a/roles/mongodb_exporter/meta/argument_specs.yml +++ b/roles/mongodb_exporter/meta/argument_specs.yml @@ -11,18 +11,9 @@ argument_specs: mongodb_exporter_version: description: "mongodb_exporter package version. Also accepts latest as parameter." default: "0.41.1" - mongodb_exporter_skip_install: - description: "mongodb_exporter installation tasks gets skipped when set to true." - type: bool - default: false - mongodb_exporter_binary_local_dir: - description: - - "Enables the use of local packages instead of those distributed on github." - - "The parameter may be set to a directory where the C(mongodb_exporter) binary is stored on the host where ansible is run." - - "This overrides the I(mongodb_exporter_version) parameter" mongodb_exporter_binary_url: description: "URL of the mongodb_exporter binaries .tar.gz file" - default: "https://github.com/{{ _mongodb_exporter_repo }}/releases/download/v{{ mongodb_exporter_version }}/mongodb_exporter-{{ mongodb_exporter_version }}.linux-{{ go_arch }}.tar.gz" + default: "https://github.com/{{ _mongodb_exporter_repo }}/releases/download/v{{ mongodb_exporter_version }}/mongodb_exporter-{{ mongodb_exporter_version }}.{{ ansible_system | lower }}-{{ _mongodb_exporter_go_ansible_arch }}.tar.gz" mongodb_exporter_checksums_url: description: "URL of the mongodb_exporter checksums file" default: "https://github.com/{{ _mongodb_exporter_repo }}/releases/download/v{{ mongodb_exporter_version }}/mongodb_exporter_{{ mongodb_exporter_version }}_checksums.txt" @@ -33,7 +24,7 @@ argument_specs: description: "Path under which to expose metrics" default: "/metrics" mongodb_exporter_config_dir: - description: "The path where exporter configuration is stored" + description: "Path to directory with mongodb_exporter configuration" default: "/etc/mongodb_exporter" mongodb_exporter_tls_server_config: description: @@ -118,6 +109,6 @@ argument_specs: - "I(Advanced)" - "mongodb_exporter user" default: "mongodb-exp" - mongodb_exporter_archive_path: - description: 'Local path to stash the archive and its extraction' - default: "/tmp" + mongodb_exporter_local_cache_path: + description: "Local path to stash the archive and its extraction" + default: "/tmp/mongodb_exporter-{{ ansible_system | lower }}-{{ _mongodb_exporter_go_ansible_arch }}/{{ mongodb_exporter_version }}" diff --git a/roles/mongodb_exporter/molecule/alternative/molecule.yml b/roles/mongodb_exporter/molecule/alternative/molecule.yml index 0e14d811a..95ed1ed2e 100644 --- a/roles/mongodb_exporter/molecule/alternative/molecule.yml +++ b/roles/mongodb_exporter/molecule/alternative/molecule.yml @@ -5,7 +5,7 @@ provisioner: inventory: group_vars: all: - mongodb_exporter_binary_local_dir: "/tmp/mongodb_exporter-linux-amd64_local" + mongodb_exporter_local_cache_path: "/tmp/mongodb_exporter-linux-amd64_local" mongodb_exporter_web_listen_address: "127.0.1.1:9216" mongodb_exporter_tls_server_config: cert_file: /etc/mongodb_exporter/tls.cert @@ -14,7 +14,6 @@ provisioner: http2: true mongodb_exporter_basic_auth_users: randomuser: examplepassword - go_arch: amd64 mongodb_exporter_version: 0.40.0 mongodb_exporter_binary_url: "https://github.com/percona/mongodb_exporter/releases/download/v{{ mongodb_exporter_version }}/\ - mongodb_exporter-{{ mongodb_exporter_version }}.linux-{{ go_arch }}.tar.gz" + mongodb_exporter-{{ mongodb_exporter_version }}.linux-amd64.tar.gz" diff --git a/roles/mongodb_exporter/molecule/default/tests/test_default.py b/roles/mongodb_exporter/molecule/default/tests/test_default.py index c8cf3caae..3997b57ed 100644 --- a/roles/mongodb_exporter/molecule/default/tests/test_default.py +++ b/roles/mongodb_exporter/molecule/default/tests/test_default.py @@ -31,7 +31,6 @@ def test_user(host): assert host.group("mongodb-exp").exists assert "mongodb-exp" in host.user("mongodb-exp").groups assert host.user("mongodb-exp").shell == "/usr/sbin/nologin" - assert host.user("mongodb-exp").home == "/" def test_service(host): diff --git a/roles/mongodb_exporter/tasks/configure.yml b/roles/mongodb_exporter/tasks/configure.yml deleted file mode 100644 index e83997710..000000000 --- a/roles/mongodb_exporter/tasks/configure.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- name: Copy the mongodb_exporter systemd service file - ansible.builtin.template: - src: mongodb_exporter.service.j2 - dest: /etc/systemd/system/mongodb_exporter.service - owner: root - group: root - mode: 0644 - notify: restart mongodb_exporter - -- name: Create mongodb_exporter config directory - ansible.builtin.file: - path: "/etc/mongodb_exporter" - state: directory - owner: root - group: root - mode: u+rwX,g+rwX,o=rX - -- name: Copy the mongodb_exporter web config file - ansible.builtin.template: - src: web_config.yaml.j2 - dest: /etc/mongodb_exporter/web_config.yaml - owner: root - group: root - mode: 0644 - notify: restart mongodb_exporter - -- name: Allow mongodb_exporter port in SELinux on RedHat OS family - community.general.seport: - ports: "{{ mongodb_exporter_web_listen_address.split(':')[-1] }}" - proto: tcp - setype: http_port_t - state: present - when: - - ansible_version.full is version_compare('2.4', '>=') - - ansible_selinux.status == "enabled" diff --git a/roles/mongodb_exporter/tasks/install.yml b/roles/mongodb_exporter/tasks/install.yml deleted file mode 100644 index 2d9049eb1..000000000 --- a/roles/mongodb_exporter/tasks/install.yml +++ /dev/null @@ -1,69 +0,0 @@ ---- -- name: Create the mongodb_exporter group - ansible.builtin.group: - name: "{{ mongodb_exporter_system_group }}" - state: present - system: true - when: mongodb_exporter_system_group not in ["root", 'mongodb', 'nogroup'] - -- name: Create the mongodb_exporter user - ansible.builtin.user: - name: "{{ mongodb_exporter_system_user }}" - groups: "{{ mongodb_exporter_system_group }}" - append: true - shell: /usr/sbin/nologin - system: true - create_home: false - home: / - when: mongodb_exporter_system_user not in ["root", 'mongodb', 'nobody'] - -- name: Get binary - when: - - mongodb_exporter_binary_local_dir | length == 0 - - not mongodb_exporter_skip_install - block: - - - name: Download mongodb_exporter binary to local folder - become: false - ansible.builtin.get_url: - url: "{{ mongodb_exporter_binary_url }}" - dest: "{{ mongodb_exporter_archive_path }}/mongodb_exporter-{{ mongodb_exporter_version }}.linux-{{ go_arch }}.tar.gz" - checksum: "sha256:{{ __mongodb_exporter_checksum }}" - mode: '0644' - register: _download_binary - until: _download_binary is succeeded - retries: 5 - delay: 2 - delegate_to: localhost - check_mode: false - - - name: Unpack mongodb_exporter binary - become: false - ansible.builtin.unarchive: - src: "{{ mongodb_exporter_archive_path }}/mongodb_exporter-{{ mongodb_exporter_version }}.linux-{{ go_arch }}.tar.gz" - dest: "{{ mongodb_exporter_archive_path }}" - creates: "{{ mongodb_exporter_archive_path }}/mongodb_exporter-{{ mongodb_exporter_version }}.linux-{{ go_arch }}/mongodb_exporter" - delegate_to: localhost - check_mode: false - - - name: Propagate mongodb_exporter binaries - ansible.builtin.copy: - src: "{{ mongodb_exporter_archive_path }}/mongodb_exporter-{{ mongodb_exporter_version }}.linux-{{ go_arch }}/mongodb_exporter" - dest: "{{ mongodb_exporter_binary_install_dir }}/mongodb_exporter" - mode: 0755 - owner: root - group: root - notify: restart mongodb_exporter - when: not ansible_check_mode - -- name: Propagate locally distributed mongodb_exporter binary - ansible.builtin.copy: - src: "{{ mongodb_exporter_binary_local_dir }}/mongodb_exporter" - dest: "{{ mongodb_exporter_binary_install_dir }}/mongodb_exporter" - mode: 0755 - owner: root - group: root - when: - - mongodb_exporter_binary_local_dir | length > 0 - - not mongodb_exporter_skip_install - notify: restart mongodb_exporter diff --git a/roles/mongodb_exporter/tasks/main.yml b/roles/mongodb_exporter/tasks/main.yml index b49b7c9f6..b07a81e15 100644 --- a/roles/mongodb_exporter/tasks/main.yml +++ b/roles/mongodb_exporter/tasks/main.yml @@ -2,51 +2,49 @@ - name: Preflight ansible.builtin.include_tasks: file: preflight.yml - apply: - tags: - - mongodb_exporter_install - - mongodb_exporter_configure - - mongodb_exporter_run tags: - mongodb_exporter_install - mongodb_exporter_configure - mongodb_exporter_run - name: Install - ansible.builtin.include_tasks: - file: install.yml - apply: - become: true - tags: - - mongodb_exporter_install - when: - ( not __mongodb_exporter_is_installed.stat.exists ) or - ( (__mongodb_exporter_current_version_output.stderr_lines | length > 0) - and (__mongodb_exporter_current_version_output.stderr_lines[1].split(" ")[1] != 'v' + mongodb_exporter_version) ) or - ( (__mongodb_exporter_current_version_output.stdout_lines | length > 0) - and (__mongodb_exporter_current_version_output.stdout_lines[1].split(" ")[1] != 'v' + mongodb_exporter_version) ) or - ( mongodb_exporter_binary_local_dir | length > 0 ) + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: install.yml + vars: + _common_local_cache_path: "{{ mongodb_exporter_local_cache_path }}" + _common_binaries: "{{ _mongodb_exporter_binaries }}" + _common_binary_install_dir: "{{ mongodb_exporter_binary_install_dir }}" + _common_binary_url: "{{ mongodb_exporter_binary_url }}" + _common_checksums_url: "{{ mongodb_exporter_checksums_url }}" + _common_system_group: "{{ mongodb_exporter_system_group }}" + _common_system_user: "{{ mongodb_exporter_system_user }}" + _common_config_dir: "{{ mongodb_exporter_config_dir }}" + _common_binary_unarchive_opts: ['--strip-components=1'] tags: - mongodb_exporter_install - name: SELinux - ansible.builtin.include_tasks: - file: selinux.yml - apply: - become: true - tags: - - mongodb_exporter_configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: selinux.yml + vars: + _common_selinux_port: "{{ mongodb_exporter_web_listen_address | urlsplit('port') }}" when: ansible_selinux.status == "enabled" tags: - mongodb_exporter_configure - name: Configure - ansible.builtin.include_tasks: - file: configure.yml - apply: - become: true - tags: - - mongodb_exporter_configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: configure.yml + vars: + _common_system_user: "{{ mongodb_exporter_system_user }}" + _common_system_group: "{{ mongodb_exporter_system_group }}" + _common_config_dir: "{{ mongodb_exporter_config_dir }}" + _common_tls_server_config: "{{ mongodb_exporter_tls_server_config }}" + _common_http_server_config: "{{ mongodb_exporter_http_server_config }}" + _common_basic_auth_users: "{{ mongodb_exporter_basic_auth_users }}" tags: - mongodb_exporter_configure diff --git a/roles/mongodb_exporter/tasks/preflight.yml b/roles/mongodb_exporter/tasks/preflight.yml index d5e28d0b3..35d15fe41 100644 --- a/roles/mongodb_exporter/tasks/preflight.yml +++ b/roles/mongodb_exporter/tasks/preflight.yml @@ -1,24 +1,8 @@ --- -- name: Assert usage of systemd as an init system - ansible.builtin.assert: - that: ansible_service_mgr == 'systemd' - msg: "This role only works with systemd" - -- name: Install package fact dependencies - become: true - ansible.builtin.package: - name: "{{ _pkg_fact_req }}" - state: present - when: (_pkg_fact_req) - vars: - _pkg_fact_req: "{% if (ansible_pkg_mgr == 'apt') %}\ - {{ ('python-apt' if ansible_python_version is version('3', '<') else 'python3-apt') }} - {% else %}\ - {% endif %}" - -- name: Gather package facts - ansible.builtin.package_facts: - when: "not 'packages' in ansible_facts" +- name: Common preflight + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: preflight.yml - name: Assert that used version supports listen address type ansible.builtin.assert: @@ -61,23 +45,6 @@ - "__mongodb_exporter_cert_file.stat.exists" - "__mongodb_exporter_key_file.stat.exists" -- name: Check if mongodb_exporter is installed - ansible.builtin.stat: - path: "{{ mongodb_exporter_binary_install_dir }}/mongodb_exporter" - register: __mongodb_exporter_is_installed - check_mode: false - tags: - - mongodb_exporter_install - -- name: Gather currently installed mongodb_exporter version (if any) - ansible.builtin.command: "{{ mongodb_exporter_binary_install_dir }}/mongodb_exporter --version" - changed_when: false - register: __mongodb_exporter_current_version_output - check_mode: false - when: __mongodb_exporter_is_installed.stat.exists - tags: - - mongodb_exporter_install - - name: Discover latest version ansible.builtin.set_fact: mongodb_exporter_version: "{{ (lookup('url', 'https://api.github.com/repos/{{ _mongodb_exporter_repo }}/releases/latest', headers=_github_api_headers, @@ -87,24 +54,9 @@ retries: 10 when: - mongodb_exporter_version == "latest" - - mongodb_exporter_binary_local_dir | length == 0 - - not mongodb_exporter_skip_install - -- name: Get mongodb_exporter binary checksum - when: - - mongodb_exporter_binary_local_dir | length == 0 - - not mongodb_exporter_skip_install - block: - - name: Get checksum list from github - ansible.builtin.set_fact: - __mongodb_exporter_checksums: "{{ lookup('url', mongodb_exporter_checksums_url, headers=_github_api_headers, wantlist=True) | list }}" - run_once: true - until: __mongodb_exporter_checksums is search('linux-' + go_arch + '.tar.gz') - retries: 3 - - - name: "Get checksum for {{ go_arch }}" - ansible.builtin.set_fact: - __mongodb_exporter_checksum: "{{ item.split(' ')[0] }}" - with_items: "{{ __mongodb_exporter_checksums }}" - when: - - "item.endswith('mongodb_exporter-' + mongodb_exporter_version + '.linux-' + go_arch + '.tar.gz')" + tags: + - mongodb_exporter + - install + - mongodb_exporter_install + - download + - mongodb_exporter_download diff --git a/roles/mongodb_exporter/tasks/selinux.yml b/roles/mongodb_exporter/tasks/selinux.yml deleted file mode 100644 index 754cbd0a2..000000000 --- a/roles/mongodb_exporter/tasks/selinux.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Install selinux python packages [RedHat] - ansible.builtin.package: - name: "{{ ['libselinux-python', 'policycoreutils-python'] - if ansible_python_version is version('3', '<') else - ['python3-libselinux', 'python3-policycoreutils'] }}" - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: ansible_os_family | lower == "redhat" - -- name: Install selinux python packages [clearlinux] - ansible.builtin.package: - name: sysadmin-basic - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: - - ansible_distribution | lower == "clearlinux" diff --git a/roles/mongodb_exporter/templates/mongodb_exporter.service.j2 b/roles/mongodb_exporter/templates/mongodb_exporter.service.j2 index 0a096f398..5f5daa457 100644 --- a/roles/mongodb_exporter/templates/mongodb_exporter.service.j2 +++ b/roles/mongodb_exporter/templates/mongodb_exporter.service.j2 @@ -29,7 +29,7 @@ ExecStart={{ mongodb_exporter_binary_install_dir }}/mongodb_exporter \ --collector.collstats-limit={{ mongodb_exporter_collstats_limit }} \ {% endif -%} {% if mongodb_exporter_tls_server_config | length > 0 or mongodb_exporter_http_server_config | length > 0 or mongodb_exporter_basic_auth_users | length > 0 -%} - --web.config={{ mongodb_exporter_config_dir }}/web_config.yaml \ + --web.config={{ mongodb_exporter_config_dir }}/web_config.yml \ {% endif -%} {% if mongodb_exporter_compatible_mode -%} --compatible-mode \ diff --git a/roles/mongodb_exporter/templates/web_config.yaml.j2 b/roles/mongodb_exporter/templates/web_config.yaml.j2 deleted file mode 100644 index 54453f535..000000000 --- a/roles/mongodb_exporter/templates/web_config.yaml.j2 +++ /dev/null @@ -1,18 +0,0 @@ ---- -{{ ansible_managed | comment }} -{% if mongodb_exporter_tls_server_config | length > 0 %} -tls_server_config: -{{ mongodb_exporter_tls_server_config | to_nice_yaml | indent(2, true) }} -{% endif %} - -{% if mongodb_exporter_http_server_config | length > 0 %} -http_server_config: -{{ mongodb_exporter_http_server_config | to_nice_yaml | indent(2, true) }} -{% endif %} - -{% if mongodb_exporter_basic_auth_users | length > 0 %} -basic_auth_users: -{% for k, v in mongodb_exporter_basic_auth_users.items() %} - {{ k }}: {{ v | string | password_hash('bcrypt', ('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890' | shuffle(seed=inventory_hostname) | join)[:22], rounds=9) }} -{% endfor %} -{% endif %} diff --git a/roles/mongodb_exporter/vars/main.yml b/roles/mongodb_exporter/vars/main.yml index cb201f87d..41781cecd 100644 --- a/roles/mongodb_exporter/vars/main.yml +++ b/roles/mongodb_exporter/vars/main.yml @@ -1,11 +1,9 @@ --- -go_arch_map: - i386: '386' - x86_64: 'amd64' - aarch64: 'arm64' - armv7l: 'armv7' - armv6l: 'armv6' - -go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}" +_mongodb_exporter_go_ansible_arch: "{{ {'i386': '386', + 'x86_64': 'amd64', + 'aarch64': 'arm64', + 'armv7l': 'armv7', + 'armv6l': 'armv6'}.get(ansible_architecture, ansible_architecture) }}" _mongodb_exporter_repo: "percona/mongodb_exporter" _github_api_headers: "{{ {'GITHUB_TOKEN': lookup('ansible.builtin.env', 'GITHUB_TOKEN')} if (lookup('ansible.builtin.env', 'GITHUB_TOKEN')) else {} }}" +_mongodb_exporter_binaries: ['mongodb_exporter'] From 330e66a75d3456b55662520a66bd801dc2680bdd Mon Sep 17 00:00:00 2001 From: gardar Date: Tue, 15 Oct 2024 17:07:29 +0000 Subject: [PATCH 11/24] refactor(mysqld_exporter): delegate common tasks to _common role Signed-off-by: gardar --- roles/mysqld_exporter/defaults/main.yml | 6 +- roles/mysqld_exporter/meta/argument_specs.yml | 19 ++--- .../molecule/alternative/molecule.yml | 5 +- .../molecule/default/tests/test_default.py | 1 - roles/mysqld_exporter/tasks/configure.yml | 61 ++++++---------- roles/mysqld_exporter/tasks/install.yml | 71 ------------------- roles/mysqld_exporter/tasks/main.yml | 46 +++++------- roles/mysqld_exporter/tasks/preflight.yml | 68 +++--------------- roles/mysqld_exporter/tasks/selinux.yml | 23 ------ .../templates/mysqld_exporter.service.j2 | 2 +- .../templates/web_config.yaml.j2 | 18 ----- roles/mysqld_exporter/vars/main.yml | 15 ++-- 12 files changed, 64 insertions(+), 271 deletions(-) delete mode 100644 roles/mysqld_exporter/tasks/install.yml delete mode 100644 roles/mysqld_exporter/tasks/selinux.yml delete mode 100644 roles/mysqld_exporter/templates/web_config.yaml.j2 diff --git a/roles/mysqld_exporter/defaults/main.yml b/roles/mysqld_exporter/defaults/main.yml index 3e7a6c2d5..b469b77e1 100644 --- a/roles/mysqld_exporter/defaults/main.yml +++ b/roles/mysqld_exporter/defaults/main.yml @@ -1,10 +1,8 @@ --- mysqld_exporter_version: 0.15.1 -mysqld_exporter_binary_local_dir: "" mysqld_exporter_binary_url: "https://github.com/{{ _mysqld_exporter_repo }}/releases/download/v{{ mysqld_exporter_version }}/\ - mysqld_exporter-{{ mysqld_exporter_version }}.linux-{{ go_arch }}.tar.gz" + mysqld_exporter-{{ mysqld_exporter_version }}.{{ ansible_system | lower }}-{{ _mysqld_exporter_go_ansible_arch }}.tar.gz" mysqld_exporter_checksums_url: "https://github.com/{{ _mysqld_exporter_repo }}/releases/download/v{{ mysqld_exporter_version }}/sha256sums.txt" -mysqld_exporter_skip_install: false mysqld_exporter_web_listen_address: "0.0.0.0:9104" mysqld_exporter_web_telemetry_path: "/metrics" @@ -36,4 +34,4 @@ mysqld_exporter_system_group: "mysqld-exp" mysqld_exporter_system_user: "{{ mysqld_exporter_system_group }}" # Local path to stash the archive and its extraction -mysqld_exporter_archive_path: /tmp +mysqld_exporter_local_cache_path: "/tmp/mysqld_exporter-{{ ansible_system | lower }}-{{ _mysqld_exporter_go_ansible_arch }}/{{ mysqld_exporter_version }}" diff --git a/roles/mysqld_exporter/meta/argument_specs.yml b/roles/mysqld_exporter/meta/argument_specs.yml index d2e82e371..35dbd1c7f 100644 --- a/roles/mysqld_exporter/meta/argument_specs.yml +++ b/roles/mysqld_exporter/meta/argument_specs.yml @@ -11,18 +11,9 @@ argument_specs: mysqld_exporter_version: description: "MySQLd exporter package version. Also accepts latest as parameter." default: "0.15.1" - mysqld_exporter_skip_install: - description: "MySQLd installation tasks gets skipped when set to true." - type: bool - default: false - mysqld_exporter_binary_local_dir: - description: - - "Enables the use of local packages instead of those distributed on github." - - "The parameter may be set to a directory where the C(mysqld_exporter) binary is stored on the host where ansible is run." - - "This overrides the I(mysqld_exporter_version) parameter" mysqld_exporter_binary_url: description: "URL of the mysqld_exporter binaries .tar.gz file" - default: "https://github.com/prometheus/{{ _mysqld_exporter_repo }}/download/v{{ mysqld_exporter_version }}/mysqld_exporter-{{ mysqld_exporter_version }}.linux-{{ go_arch }}.tar.gz" + default: "https://github.com/{{ _mysqld_exporter_repo }}/releases/download/v{{ mysqld_exporter_version }}/mysqld_exporter-{{ mysqld_exporter_version }}.{{ ansible_system | lower }}-{{ _mysqld_exporter_go_ansible_arch }}.tar.gz" mysqld_exporter_checksums_url: description: "URL of the mysqld_exporter checksums file" default: "https://github.com/{{ _mysqld_exporter_repo }}/releases/download/v{{ mysqld_exporter_version }}/sha256sums.txt" @@ -33,7 +24,7 @@ argument_specs: description: "Path under which to expose metrics" default: "/metrics" mysqld_exporter_config_dir: - description: "The path where exporter configuration is stored" + description: "Path to directory with mysqld_exporter configuration" default: "/etc/mysqld_exporter" mysqld_exporter_config_file: description: "The filename of the exporter mysql config file" @@ -91,6 +82,6 @@ argument_specs: - "I(Advanced)" - "MySQLd Exporter user" default: "mysqld-exp" - mysqld_exporter_archive_path: - description: 'Local path to stash the archive and its extraction' - default: "/tmp" + mysqld_exporter_local_cache_path: + description: "Local path to stash the archive and its extraction" + default: "/tmp/mysqld_exporter-{{ ansible_system | lower }}-{{ _mysqld_exporter_go_ansible_arch }}/{{ mysqld_exporter_version }}" diff --git a/roles/mysqld_exporter/molecule/alternative/molecule.yml b/roles/mysqld_exporter/molecule/alternative/molecule.yml index 153959e8c..b81456cb5 100644 --- a/roles/mysqld_exporter/molecule/alternative/molecule.yml +++ b/roles/mysqld_exporter/molecule/alternative/molecule.yml @@ -5,7 +5,7 @@ provisioner: inventory: group_vars: all: - mysqld_exporter_binary_local_dir: "/tmp/mysqld_exporter-linux-amd64" + mysqld_exporter_local_cache_path: "/tmp/mysqld_exporter-linux-amd64" mysqld_exporter_web_listen_address: - '127.0.0.1:8080' - '127.0.1.1:8080' @@ -20,8 +20,7 @@ provisioner: http2: true mysqld_exporter_basic_auth_users: randomuser: examplepassword - go_arch: amd64 mysqld_exporter_version: 0.15.0 mysqld_exporter_binary_url: "https://github.com/prometheus/mysqld_exporter/releases/download/v{{\ \ mysqld_exporter_version }}/mysqld_exporter-{{ mysqld_exporter_version\ - \ }}.linux-{{ go_arch }}.tar.gz" + \ }}.linux-amd64.tar.gz" diff --git a/roles/mysqld_exporter/molecule/default/tests/test_default.py b/roles/mysqld_exporter/molecule/default/tests/test_default.py index 1bd8ac8a6..0d5d0a14e 100644 --- a/roles/mysqld_exporter/molecule/default/tests/test_default.py +++ b/roles/mysqld_exporter/molecule/default/tests/test_default.py @@ -46,7 +46,6 @@ def test_user(host): assert host.group("mysqld-exp").exists assert "mysqld-exp" in host.user("mysqld-exp").groups assert host.user("mysqld-exp").shell == "/usr/sbin/nologin" - assert host.user("mysqld-exp").home == "/" def test_service(host): diff --git a/roles/mysqld_exporter/tasks/configure.yml b/roles/mysqld_exporter/tasks/configure.yml index eff5ad576..ba7c92282 100644 --- a/roles/mysqld_exporter/tasks/configure.yml +++ b/roles/mysqld_exporter/tasks/configure.yml @@ -1,20 +1,19 @@ --- -- name: Copy the mysqld_exporter systemd service file - ansible.builtin.template: - src: mysqld_exporter.service.j2 - dest: /etc/systemd/system/mysqld_exporter.service - owner: root - group: root - mode: '0644' - notify: restart mysqld_exporter - -- name: Create mysqld_exporter config directory - ansible.builtin.file: - path: "{{ mysqld_exporter_config_dir }}" - state: directory - owner: root - group: root - mode: u+rwX,g+rwX,o=rX +- name: Configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: configure.yml + vars: + _common_system_user: "{{ mysqld_exporter_system_user }}" + _common_system_group: "{{ mysqld_exporter_system_group }}" + _common_config_dir: "{{ mysqld_exporter_config_dir }}" + _common_tls_server_config: "{{ mysqld_exporter_tls_server_config }}" + _common_http_server_config: "{{ mysqld_exporter_http_server_config }}" + _common_basic_auth_users: "{{ mysqld_exporter_basic_auth_users }}" + tags: + - mysqld_exporter + - configure + - mysqld_exporter_configure - name: Copy the mysqld_exporter config file ansible.builtin.template: @@ -24,29 +23,9 @@ group: '{{ mysqld_exporter_system_group }}' mode: '0640' no_log: "{{ false if (lookup('env', 'CI')) or (lookup('env', 'MOLECULE_PROVISIONER_NAME')) else true }}" + become: true notify: restart mysqld_exporter - -- name: Configure mysqld_exporter web config - when: - ( mysqld_exporter_tls_server_config | length > 0 ) or - ( mysqld_exporter_http_server_config | length > 0 ) or - ( mysqld_exporter_basic_auth_users | length > 0 ) - block: - - name: Copy the mysqld_exporter web config file - ansible.builtin.template: - src: web_config.yaml.j2 - dest: "{{ mysqld_exporter_config_dir }}/web_config.yaml" - owner: root - group: '{{ mysqld_exporter_system_group }}' - mode: '0640' - notify: restart mysqld_exporter - -- name: Allow mysqld_exporter port in SELinux on RedHat OS family - community.general.seport: - ports: "{{ mysqld_exporter_web_listen_address.split(':')[-1] }}" - proto: tcp - setype: http_port_t - state: present - when: - - ansible_version.full is version_compare('2.4', '>=') - - ansible_selinux.status == "enabled" + tags: + - mysqld_exporter + - configure + - mysqld_exporter_configure diff --git a/roles/mysqld_exporter/tasks/install.yml b/roles/mysqld_exporter/tasks/install.yml deleted file mode 100644 index e114d666c..000000000 --- a/roles/mysqld_exporter/tasks/install.yml +++ /dev/null @@ -1,71 +0,0 @@ ---- -- name: Create the mysqld_exporter group - ansible.builtin.group: - name: "{{ mysqld_exporter_system_group }}" - state: present - system: true - when: mysqld_exporter_system_group != "root" - -- name: Create the mysqld_exporter user - ansible.builtin.user: - name: "{{ mysqld_exporter_system_user }}" - groups: "{{ mysqld_exporter_system_group }}" - append: true - shell: /usr/sbin/nologin - system: true - create_home: false - home: / - when: mysqld_exporter_system_user != "root" - -- name: Get binary - when: - - mysqld_exporter_binary_local_dir | length == 0 - - not mysqld_exporter_skip_install - block: - - - name: Download mysqld_exporter binary to local folder - become: false - ansible.builtin.get_url: - url: "{{ mysqld_exporter_binary_url }}" - dest: "{{ mysqld_exporter_archive_path }}/mysqld_exporter-{{ mysqld_exporter_version }}.linux-{{ go_arch }}.tar.gz" - checksum: "sha256:{{ __mysqld_exporter_checksum }}" - mode: '0644' - register: _download_binary - until: _download_binary is succeeded - retries: 5 - delay: 2 - delegate_to: localhost - check_mode: false - - - name: Unpack mysqld_exporter binary - become: false - ansible.builtin.unarchive: - src: "{{ mysqld_exporter_archive_path }}/mysqld_exporter-{{ mysqld_exporter_version }}.linux-{{ go_arch }}.tar.gz" - dest: "{{ mysqld_exporter_archive_path }}" - creates: "{{ mysqld_exporter_archive_path }}/mysqld_exporter-{{ mysqld_exporter_version }}.linux-{{ go_arch }}/mysqld_exporter" - extra_opts: - - --no-same-owner - delegate_to: localhost - check_mode: false - - - name: Propagate mysqld_exporter binaries - ansible.builtin.copy: - src: "{{ mysqld_exporter_archive_path }}/mysqld_exporter-{{ mysqld_exporter_version }}.linux-{{ go_arch }}/mysqld_exporter" - dest: "{{ mysqld_exporter_binary_install_dir }}/mysqld_exporter" - mode: '0755' - owner: root - group: root - notify: restart mysqld_exporter - when: not ansible_check_mode - -- name: Propagate locally distributed mysqld_exporter binary - ansible.builtin.copy: - src: "{{ mysqld_exporter_binary_local_dir }}/mysqld_exporter" - dest: "{{ mysqld_exporter_binary_install_dir }}/mysqld_exporter" - mode: '0755' - owner: root - group: root - when: - - mysqld_exporter_binary_local_dir | length > 0 - - not mysqld_exporter_skip_install - notify: restart mysqld_exporter diff --git a/roles/mysqld_exporter/tasks/main.yml b/roles/mysqld_exporter/tasks/main.yml index d915f08f5..57a594415 100644 --- a/roles/mysqld_exporter/tasks/main.yml +++ b/roles/mysqld_exporter/tasks/main.yml @@ -2,40 +2,34 @@ - name: Preflight ansible.builtin.include_tasks: file: preflight.yml - apply: - tags: - - mysqld_exporter_install - - mysqld_exporter_configure - - mysqld_exporter_run tags: - mysqld_exporter_install - mysqld_exporter_configure - mysqld_exporter_run - name: Install - ansible.builtin.include_tasks: - file: install.yml - apply: - become: true - tags: - - mysqld_exporter_install - when: - ( not __mysqld_exporter_is_installed.stat.exists ) or - ( (__mysqld_exporter_current_version_output.stderr_lines | length > 0) - and (__mysqld_exporter_current_version_output.stderr_lines[0].split(" ")[2] != mysqld_exporter_version) ) or - ( (__mysqld_exporter_current_version_output.stdout_lines | length > 0) - and (__mysqld_exporter_current_version_output.stdout_lines[0].split(" ")[2] != mysqld_exporter_version) ) or - ( mysqld_exporter_binary_local_dir | length > 0 ) + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: install.yml + vars: + _common_local_cache_path: "{{ mysqld_exporter_local_cache_path }}" + _common_binaries: "{{ _mysqld_exporter_binaries }}" + _common_binary_install_dir: "{{ mysqld_exporter_binary_install_dir }}" + _common_binary_url: "{{ mysqld_exporter_binary_url }}" + _common_checksums_url: "{{ mysqld_exporter_checksums_url }}" + _common_system_group: "{{ mysqld_exporter_system_group }}" + _common_system_user: "{{ mysqld_exporter_system_user }}" + _common_config_dir: "{{ mysqld_exporter_config_dir }}" + _common_binary_unarchive_opts: ['--strip-components=1'] tags: - mysqld_exporter_install - name: SELinux - ansible.builtin.include_tasks: - file: selinux.yml - apply: - become: true - tags: - - mysqld_exporter_configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: selinux.yml + vars: + _common_selinux_port: "{{ mysqld_exporter_web_listen_address | urlsplit('port') }}" when: ansible_selinux.status == "enabled" tags: - mysqld_exporter_configure @@ -43,10 +37,6 @@ - name: Configure ansible.builtin.include_tasks: file: configure.yml - apply: - become: true - tags: - - mysqld_exporter_configure tags: - mysqld_exporter_configure diff --git a/roles/mysqld_exporter/tasks/preflight.yml b/roles/mysqld_exporter/tasks/preflight.yml index f7c09c8a1..59ae49229 100644 --- a/roles/mysqld_exporter/tasks/preflight.yml +++ b/roles/mysqld_exporter/tasks/preflight.yml @@ -1,24 +1,8 @@ --- -- name: Assert usage of systemd as an init system - ansible.builtin.assert: - that: ansible_service_mgr == 'systemd' - msg: "This role only works with systemd" - -- name: Install package fact dependencies - become: true - ansible.builtin.package: - name: "{{ _pkg_fact_req }}" - state: present - when: (_pkg_fact_req) - vars: - _pkg_fact_req: "{% if (ansible_pkg_mgr == 'apt') %}\ - {{ ('python-apt' if ansible_python_version is version('3', '<') else 'python3-apt') }} - {% else %}\ - {% endif %}" - -- name: Gather package facts - ansible.builtin.package_facts: - when: "not 'packages' in ansible_facts" +- name: Common preflight + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: preflight.yml - name: Assert that used version supports listen address type ansible.builtin.assert: @@ -72,23 +56,6 @@ - "__mysqld_exporter_cert_file.stat.exists" - "__mysqld_exporter_key_file.stat.exists" -- name: Check if mysqld_exporter is installed - ansible.builtin.stat: - path: "{{ mysqld_exporter_binary_install_dir }}/mysqld_exporter" - register: __mysqld_exporter_is_installed - check_mode: false - tags: - - mysqld_exporter_install - -- name: Gather currently installed mysqld_exporter version (if any) - ansible.builtin.command: "{{ mysqld_exporter_binary_install_dir }}/mysqld_exporter --version" - changed_when: false - register: __mysqld_exporter_current_version_output - check_mode: false - when: __mysqld_exporter_is_installed.stat.exists - tags: - - mysqld_exporter_install - - name: Discover latest version ansible.builtin.set_fact: mysqld_exporter_version: "{{ (lookup('url', 'https://api.github.com/repos/{{ _mysqld_exporter_repo }}/releases/latest', headers=_github_api_headers, @@ -98,24 +65,9 @@ retries: 10 when: - mysqld_exporter_version == "latest" - - mysqld_exporter_binary_local_dir | length == 0 - - not mysqld_exporter_skip_install - -- name: Get mysqld_exporter binary checksum - when: - - mysqld_exporter_binary_local_dir | length == 0 - - not mysqld_exporter_skip_install - block: - - name: Get checksum list from github - ansible.builtin.set_fact: - __mysqld_exporter_checksums: "{{ lookup('url', mysqld_exporter_checksums_url, headers=_github_api_headers, wantlist=True) | list }}" - run_once: true - until: __mysqld_exporter_checksums is search('linux-' + go_arch + '.tar.gz') - retries: 10 - - - name: "Get checksum for {{ go_arch }}" - ansible.builtin.set_fact: - __mysqld_exporter_checksum: "{{ item.split(' ')[0] }}" - with_items: "{{ __mysqld_exporter_checksums }}" - when: - - "('linux-' + go_arch + '.tar.gz') in item" + tags: + - mysqld_exporter + - install + - mysqld_exporter_install + - download + - mysqld_exporter_download diff --git a/roles/mysqld_exporter/tasks/selinux.yml b/roles/mysqld_exporter/tasks/selinux.yml deleted file mode 100644 index 754cbd0a2..000000000 --- a/roles/mysqld_exporter/tasks/selinux.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Install selinux python packages [RedHat] - ansible.builtin.package: - name: "{{ ['libselinux-python', 'policycoreutils-python'] - if ansible_python_version is version('3', '<') else - ['python3-libselinux', 'python3-policycoreutils'] }}" - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: ansible_os_family | lower == "redhat" - -- name: Install selinux python packages [clearlinux] - ansible.builtin.package: - name: sysadmin-basic - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: - - ansible_distribution | lower == "clearlinux" diff --git a/roles/mysqld_exporter/templates/mysqld_exporter.service.j2 b/roles/mysqld_exporter/templates/mysqld_exporter.service.j2 index cfc15b39b..9180e53c0 100644 --- a/roles/mysqld_exporter/templates/mysqld_exporter.service.j2 +++ b/roles/mysqld_exporter/templates/mysqld_exporter.service.j2 @@ -24,7 +24,7 @@ ExecStart={{ mysqld_exporter_binary_install_dir }}/mysqld_exporter \ --no-collect.{{ collector }} \ {% endfor %} {% if mysqld_exporter_tls_server_config | length > 0 or mysqld_exporter_http_server_config | length > 0 or mysqld_exporter_basic_auth_users | length > 0 %} - --web.config.file={{ mysqld_exporter_config_dir }}/web_config.yaml \ + --web.config.file={{ mysqld_exporter_config_dir }}/web_config.yml \ {% endif %} {% if mysqld_exporter_version is version('0.15.0', '>=') and mysqld_exporter_web_listen_address is iterable and diff --git a/roles/mysqld_exporter/templates/web_config.yaml.j2 b/roles/mysqld_exporter/templates/web_config.yaml.j2 deleted file mode 100644 index 47185bb4a..000000000 --- a/roles/mysqld_exporter/templates/web_config.yaml.j2 +++ /dev/null @@ -1,18 +0,0 @@ ---- -{{ ansible_managed | comment }} -{% if mysqld_exporter_tls_server_config | length > 0 %} -tls_server_config: -{{ mysqld_exporter_tls_server_config | to_nice_yaml | indent(2, true) }} -{% endif %} - -{% if mysqld_exporter_http_server_config | length > 0 %} -http_server_config: -{{ mysqld_exporter_http_server_config | to_nice_yaml | indent(2, true) }} -{% endif %} - -{% if mysqld_exporter_basic_auth_users | length > 0 %} -basic_auth_users: -{% for k, v in mysqld_exporter_basic_auth_users.items() %} - {{ k }}: {{ v | string | password_hash('bcrypt', ('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890' | shuffle(seed=inventory_hostname) | join)[:22], rounds=9) }} -{% endfor %} -{% endif %} diff --git a/roles/mysqld_exporter/vars/main.yml b/roles/mysqld_exporter/vars/main.yml index ab80cc61d..7d8442e98 100644 --- a/roles/mysqld_exporter/vars/main.yml +++ b/roles/mysqld_exporter/vars/main.yml @@ -1,12 +1,9 @@ --- -go_arch_map: - i386: '386' - x86_64: 'amd64' - aarch64: 'arm64' - armv7l: 'armv7' - armv6l: 'armv6' - -go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}" - +_mysqld_exporter_go_ansible_arch: "{{ {'i386': '386', + 'x86_64': 'amd64', + 'aarch64': 'arm64', + 'armv7l': 'armv7', + 'armv6l': 'armv6'}.get(ansible_architecture, ansible_architecture) }}" _mysqld_exporter_repo: "prometheus/mysqld_exporter" _github_api_headers: "{{ {'GITHUB_TOKEN': lookup('ansible.builtin.env', 'GITHUB_TOKEN')} if (lookup('ansible.builtin.env', 'GITHUB_TOKEN')) else {} }}" +_mysqld_exporter_binaries: ['mysqld_exporter'] From c9df5e56b43bc851988eee6ad49e4a4312f5155d Mon Sep 17 00:00:00 2001 From: gardar Date: Tue, 15 Oct 2024 17:08:17 +0000 Subject: [PATCH 12/24] refactor(nginx_exporter): delegate common tasks to _common role Signed-off-by: gardar --- roles/nginx_exporter/defaults/main.yml | 8 +-- roles/nginx_exporter/meta/argument_specs.yml | 20 ++---- .../molecule/default/tests/test_default.py | 1 - roles/nginx_exporter/tasks/configure.yml | 36 ---------- roles/nginx_exporter/tasks/install.yml | 69 ------------------- roles/nginx_exporter/tasks/main.yml | 57 ++++++++------- roles/nginx_exporter/tasks/preflight.yml | 68 +++--------------- roles/nginx_exporter/tasks/selinux.yml | 23 ------- .../templates/nginx_exporter.service.j2 | 2 +- .../templates/web_config.yaml.j2 | 18 ----- roles/nginx_exporter/vars/main.yml | 14 ++-- 11 files changed, 55 insertions(+), 261 deletions(-) delete mode 100644 roles/nginx_exporter/tasks/configure.yml delete mode 100644 roles/nginx_exporter/tasks/install.yml delete mode 100644 roles/nginx_exporter/tasks/selinux.yml delete mode 100644 roles/nginx_exporter/templates/web_config.yaml.j2 diff --git a/roles/nginx_exporter/defaults/main.yml b/roles/nginx_exporter/defaults/main.yml index cf389ee2c..42ba9de1b 100644 --- a/roles/nginx_exporter/defaults/main.yml +++ b/roles/nginx_exporter/defaults/main.yml @@ -1,11 +1,9 @@ --- nginx_exporter_version: 1.3.0 -nginx_exporter_binary_local_dir: "" nginx_exporter_binary_url: "https://github.com/{{ _nginx_exporter_repo }}/releases/download/v{{ nginx_exporter_version }}/\ - nginx-prometheus-exporter_{{ nginx_exporter_version }}_linux_{{ go_arch }}.tar.gz" + nginx-prometheus-exporter_{{ nginx_exporter_version }}_{{ ansible_system | lower }}_{{ _nginx_exporter_go_ansible_arch }}.tar.gz" nginx_exporter_checksums_url: "https://github.com/{{ _nginx_exporter_repo }}/releases/download/v{{ nginx_exporter_version }}/\ nginx-prometheus-exporter_{{ nginx_exporter_version }}_checksums.txt" -nginx_exporter_skip_install: false nginx_exporter_plus: false nginx_exporter_scrape_uri: "http://127.0.0.1/stub_status" nginx_exporter_web_listen_address: "0.0.0.0:9113" @@ -24,5 +22,7 @@ nginx_exporter_binary_install_dir: "/usr/local/bin" nginx_exporter_system_group: "nginx-exp" nginx_exporter_system_user: "{{ nginx_exporter_system_group }}" +nginx_exporter_config_dir: "/etc/nginx_exporter" + # Local path to stash the archive and its extraction -nginx_exporter_archive_path: /tmp +nginx_exporter_local_cache_path: "/tmp/nginx_exporter-{{ ansible_system | lower }}-{{ _nginx_exporter_go_ansible_arch }}/{{ nginx_exporter_version }}" diff --git a/roles/nginx_exporter/meta/argument_specs.yml b/roles/nginx_exporter/meta/argument_specs.yml index 330cd9a9a..5004be07f 100644 --- a/roles/nginx_exporter/meta/argument_specs.yml +++ b/roles/nginx_exporter/meta/argument_specs.yml @@ -11,22 +11,13 @@ argument_specs: nginx_exporter_version: description: "nginx_exporter package version. Also accepts latest as parameter." default: "1.3.0" - nginx_exporter_skip_install: - description: "nginx_exporter installation tasks gets skipped when set to true." - type: bool - default: false nginx_exporter_plus: description: "Start the exporter for NGINX Plus." type: bool default: false - nginx_exporter_binary_local_dir: - description: - - "Enables the use of local packages instead of those distributed on github." - - "The parameter may be set to a directory where the C(nginx_exporter) binary is stored on the host where ansible is run." - - "This overrides the I(nginx_exporter_version) parameter" nginx_exporter_binary_url: description: "URL of the nginx_exporter binaries .tar.gz file" - default: "https://github.com/{{ _nginx_exporter_repo }}/releases/download/v{{ nginx_exporter_version }}/nginx_exporter-{{ nginx_exporter_version }}.linux-{{ go_arch }}.tar.gz" + default: "https://github.com/{{ _nginx_exporter_repo }}/releases/download/v{{ nginx_exporter_version }}/nginx-prometheus-exporter_{{ nginx_exporter_version }}_{{ ansible_system | lower }}_{{ _nginx_exporter_go_ansible_arch }}.tar.gz" nginx_exporter_checksums_url: description: "URL of the nginx_exporter checksums file" default: "https://github.com/{{ _nginx_exporter_repo }}/releases/download/v{{ nginx_exporter_version }}/nginx-prometheus-exporter_{{ nginx_exporter_version }}_checksums.txt" @@ -73,6 +64,9 @@ argument_specs: - "I(Advanced)" - "nginx_exporter user" default: "nginx-exp" - nginx_exporter_archive_path: - description: 'Local path to stash the archive and its extraction' - default: "/tmp" + nginx_exporter_local_cache_path: + description: "Local path to stash the archive and its extraction" + default: "/tmp/nginx_exporter-{{ ansible_system | lower }}-{{ _nginx_exporter_go_ansible_arch }}/{{ nginx_exporter_version }}" + nginx_exporter_config_dir: + description: "Path to directory with nginx_exporter configuration" + default: "/etc/nginx_exporter" diff --git a/roles/nginx_exporter/molecule/default/tests/test_default.py b/roles/nginx_exporter/molecule/default/tests/test_default.py index d7c4a9fd4..1d10cc2aa 100644 --- a/roles/nginx_exporter/molecule/default/tests/test_default.py +++ b/roles/nginx_exporter/molecule/default/tests/test_default.py @@ -31,7 +31,6 @@ def test_user(host): assert host.group("nginx-exp").exists assert "nginx-exp" in host.user("nginx-exp").groups assert host.user("nginx-exp").shell == "/usr/sbin/nologin" - assert host.user("nginx-exp").home == "/" def test_service(host): diff --git a/roles/nginx_exporter/tasks/configure.yml b/roles/nginx_exporter/tasks/configure.yml deleted file mode 100644 index 55e810ceb..000000000 --- a/roles/nginx_exporter/tasks/configure.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- name: Copy the nginx_exporter systemd service file - ansible.builtin.template: - src: nginx_exporter.service.j2 - dest: /etc/systemd/system/nginx_exporter.service - owner: root - group: root - mode: 0644 - notify: restart nginx_exporter - -- name: Create nginx_exporter config directory - ansible.builtin.file: - path: "/etc/nginx_exporter" - state: directory - owner: root - group: root - mode: u+rwX,g+rwX,o=rX - -- name: Copy the nginx_exporter web config file - ansible.builtin.template: - src: web_config.yaml.j2 - dest: /etc/nginx_exporter/web_config.yaml - owner: root - group: root - mode: 0644 - notify: restart nginx_exporter - -- name: Allow nginx_exporter port in SELinux on RedHat OS family - community.general.seport: - ports: "{{ nginx_exporter_web_listen_address.split(':')[-1] }}" - proto: tcp - setype: http_port_t - state: present - when: - - ansible_version.full is version_compare('2.4', '>=') - - ansible_selinux.status == "enabled" diff --git a/roles/nginx_exporter/tasks/install.yml b/roles/nginx_exporter/tasks/install.yml deleted file mode 100644 index efc796785..000000000 --- a/roles/nginx_exporter/tasks/install.yml +++ /dev/null @@ -1,69 +0,0 @@ ---- -- name: Create the nginx_exporter group - ansible.builtin.group: - name: "{{ nginx_exporter_system_group }}" - state: present - system: true - when: nginx_exporter_system_group not in ["root", 'www-data', 'nogroup'] - -- name: Create the nginx_exporter user - ansible.builtin.user: - name: "{{ nginx_exporter_system_user }}" - groups: "{{ nginx_exporter_system_group }}" - append: true - shell: /usr/sbin/nologin - system: true - create_home: false - home: / - when: nginx_exporter_system_user not in ["root", 'www-data', 'nobody'] - -- name: Get binary - when: - - nginx_exporter_binary_local_dir | length == 0 - - not nginx_exporter_skip_install - block: - - - name: Download nginx_exporter binary to local folder - become: false - ansible.builtin.get_url: - url: "{{ nginx_exporter_binary_url }}" - dest: "{{ nginx_exporter_archive_path }}/nginx-prometheus-exporter_{{ nginx_exporter_version }}_linux_{{ go_arch }}.tar.gz" - checksum: "sha256:{{ __nginx_exporter_checksum }}" - mode: '0644' - register: _download_binary - until: _download_binary is succeeded - retries: 5 - delay: 2 - delegate_to: localhost - check_mode: false - - - name: Unpack nginx_exporter binary - become: false - ansible.builtin.unarchive: - src: "{{ nginx_exporter_archive_path }}/nginx-prometheus-exporter_{{ nginx_exporter_version }}_linux_{{ go_arch }}.tar.gz" - dest: "{{ nginx_exporter_archive_path }}" - creates: "{{ nginx_exporter_archive_path }}/nginx-prometheus-exporter" - delegate_to: localhost - check_mode: false - - - name: Propagate nginx_exporter binaries - ansible.builtin.copy: - src: "{{ nginx_exporter_archive_path }}/nginx-prometheus-exporter" - dest: "{{ nginx_exporter_binary_install_dir }}/nginx-prometheus-exporter" - mode: 0755 - owner: root - group: root - notify: restart nginx_exporter - when: not ansible_check_mode - -- name: Propagate locally distributed nginx_exporter binary - ansible.builtin.copy: - src: "{{ nginx_exporter_binary_local_dir }}/nginx-prometheus-exporter" - dest: "{{ nginx_exporter_binary_install_dir }}/nginx-prometheus-exporter" - mode: 0755 - owner: root - group: root - when: - - nginx_exporter_binary_local_dir | length > 0 - - not nginx_exporter_skip_install - notify: restart nginx_exporter diff --git a/roles/nginx_exporter/tasks/main.yml b/roles/nginx_exporter/tasks/main.yml index 760d1b604..1f584ba1d 100644 --- a/roles/nginx_exporter/tasks/main.yml +++ b/roles/nginx_exporter/tasks/main.yml @@ -2,51 +2,48 @@ - name: Preflight ansible.builtin.include_tasks: file: preflight.yml - apply: - tags: - - nginx_exporter_install - - nginx_exporter_configure - - nginx_exporter_run tags: - nginx_exporter_install - nginx_exporter_configure - nginx_exporter_run - name: Install - ansible.builtin.include_tasks: - file: install.yml - apply: - become: true - tags: - - nginx_exporter_install - when: - ( not __nginx_exporter_is_installed.stat.exists ) or - ( (__nginx_exporter_current_version_output.stderr_lines | length > 0) - and (__nginx_exporter_current_version_output.stderr_lines[0].split(" ")[2] != nginx_exporter_version) ) or - ( (__nginx_exporter_current_version_output.stdout_lines | length > 0) - and (__nginx_exporter_current_version_output.stdout_lines[0].split(" ")[2] != nginx_exporter_version) ) or - ( nginx_exporter_binary_local_dir | length > 0 ) + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: install.yml + vars: + _common_local_cache_path: "{{ nginx_exporter_local_cache_path }}" + _common_binaries: "{{ _nginx_exporter_binaries }}" + _common_binary_install_dir: "{{ nginx_exporter_binary_install_dir }}" + _common_binary_url: "{{ nginx_exporter_binary_url }}" + _common_checksums_url: "{{ nginx_exporter_checksums_url }}" + _common_system_group: "{{ nginx_exporter_system_group }}" + _common_system_user: "{{ nginx_exporter_system_user }}" + _common_config_dir: "{{ nginx_exporter_config_dir }}" tags: - nginx_exporter_install - name: SELinux - ansible.builtin.include_tasks: - file: selinux.yml - apply: - become: true - tags: - - nginx_exporter_configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: selinux.yml + vars: + _common_selinux_port: "{{ nginx_exporter_web_listen_address | urlsplit('port') }}" when: ansible_selinux.status == "enabled" tags: - nginx_exporter_configure - name: Configure - ansible.builtin.include_tasks: - file: configure.yml - apply: - become: true - tags: - - nginx_exporter_configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: configure.yml + vars: + _common_system_user: "{{ nginx_exporter_system_user }}" + _common_system_group: "{{ nginx_exporter_system_group }}" + _common_config_dir: "{{ nginx_exporter_config_dir }}" + _common_tls_server_config: "{{ nginx_exporter_tls_server_config }}" + _common_http_server_config: "{{ nginx_exporter_http_server_config }}" + _common_basic_auth_users: "{{ nginx_exporter_basic_auth_users }}" tags: - nginx_exporter_configure diff --git a/roles/nginx_exporter/tasks/preflight.yml b/roles/nginx_exporter/tasks/preflight.yml index 8f63bf74e..0d1b55f8f 100644 --- a/roles/nginx_exporter/tasks/preflight.yml +++ b/roles/nginx_exporter/tasks/preflight.yml @@ -1,24 +1,8 @@ --- -- name: Assert usage of systemd as an init system - ansible.builtin.assert: - that: ansible_service_mgr == 'systemd' - msg: "This role only works with systemd" - -- name: Install package fact dependencies - become: true - ansible.builtin.package: - name: "{{ _pkg_fact_req }}" - state: present - when: (_pkg_fact_req) - vars: - _pkg_fact_req: "{% if (ansible_pkg_mgr == 'apt') %}\ - {{ ('python-apt' if ansible_python_version is version('3', '<') else 'python3-apt') }} - {% else %}\ - {% endif %}" - -- name: Gather package facts - ansible.builtin.package_facts: - when: "not 'packages' in ansible_facts" +- name: Common preflight + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: preflight.yml - name: Assert that used version supports listen address type ansible.builtin.assert: @@ -61,23 +45,6 @@ - "__nginx_exporter_cert_file.stat.exists" - "__nginx_exporter_key_file.stat.exists" -- name: Check if nginx_exporter is installed - ansible.builtin.stat: - path: "{{ nginx_exporter_binary_install_dir }}/nginx_exporter" - register: __nginx_exporter_is_installed - check_mode: false - tags: - - nginx_exporter_install - -- name: Gather currently installed nginx_exporter version (if any) - ansible.builtin.command: "{{ nginx_exporter_binary_install_dir }}/nginx_exporter --version" - changed_when: false - register: __nginx_exporter_current_version_output - check_mode: false - when: __nginx_exporter_is_installed.stat.exists - tags: - - nginx_exporter_install - - name: Discover latest version ansible.builtin.set_fact: nginx_exporter_version: "{{ (lookup('url', 'https://api.github.com/repos/{{ _nginx_exporter_repo }}/releases/latest', headers=_github_api_headers, @@ -87,24 +54,9 @@ retries: 10 when: - nginx_exporter_version == "latest" - - nginx_exporter_binary_local_dir | length == 0 - - not nginx_exporter_skip_install - -- name: Get nginx_exporter binary checksum - when: - - nginx_exporter_binary_local_dir | length == 0 - - not nginx_exporter_skip_install - block: - - name: Get checksum list from github - ansible.builtin.set_fact: - __nginx_exporter_checksums: "{{ lookup('url', nginx_exporter_checksums_url, headers=_github_api_headers, wantlist=True) | list }}" - run_once: true - until: __nginx_exporter_checksums is search('linux_' + go_arch + '.tar.gz') - retries: 10 - - - name: "Get checksum for {{ go_arch }}" - ansible.builtin.set_fact: - __nginx_exporter_checksum: "{{ item.split(' ')[0] }}" - with_items: "{{ __nginx_exporter_checksums }}" - when: - - "item.endswith('nginx-prometheus-exporter_' + nginx_exporter_version + '_linux_' + go_arch + '.tar.gz')" + tags: + - nginx_exporter + - install + - nginx_exporter_install + - download + - nginx_exporter_download diff --git a/roles/nginx_exporter/tasks/selinux.yml b/roles/nginx_exporter/tasks/selinux.yml deleted file mode 100644 index 754cbd0a2..000000000 --- a/roles/nginx_exporter/tasks/selinux.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Install selinux python packages [RedHat] - ansible.builtin.package: - name: "{{ ['libselinux-python', 'policycoreutils-python'] - if ansible_python_version is version('3', '<') else - ['python3-libselinux', 'python3-policycoreutils'] }}" - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: ansible_os_family | lower == "redhat" - -- name: Install selinux python packages [clearlinux] - ansible.builtin.package: - name: sysadmin-basic - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: - - ansible_distribution | lower == "clearlinux" diff --git a/roles/nginx_exporter/templates/nginx_exporter.service.j2 b/roles/nginx_exporter/templates/nginx_exporter.service.j2 index 68650de46..545462522 100644 --- a/roles/nginx_exporter/templates/nginx_exporter.service.j2 +++ b/roles/nginx_exporter/templates/nginx_exporter.service.j2 @@ -13,7 +13,7 @@ ExecStart={{ nginx_exporter_binary_install_dir }}/nginx-prometheus-exporter \ '--web.listen-address={{ nginx_exporter_web_listen_address }}' \ '--web.telemetry-path={{ nginx_exporter_web_telemetry_path }}' \ {% if nginx_exporter_tls_server_config | length > 0 or nginx_exporter_http_server_config | length > 0 or nginx_exporter_basic_auth_users | length > 0 %} - '--web.config.file=/etc/nginx_exporter/web_config.yaml' \ + '--web.config.file={{ nginx_exporter_config_dir }}/web_config.yml' \ {% endif %} {% if nginx_exporter_plus %} '--nginx.plus' \ diff --git a/roles/nginx_exporter/templates/web_config.yaml.j2 b/roles/nginx_exporter/templates/web_config.yaml.j2 deleted file mode 100644 index 1b805f5f9..000000000 --- a/roles/nginx_exporter/templates/web_config.yaml.j2 +++ /dev/null @@ -1,18 +0,0 @@ ---- -{{ ansible_managed | comment }} -{% if nginx_exporter_tls_server_config | length > 0 %} -tls_server_config: -{{ nginx_exporter_tls_server_config | to_nice_yaml | indent(2, true) }} -{% endif %} - -{% if nginx_exporter_http_server_config | length > 0 %} -http_server_config: -{{ nginx_exporter_http_server_config | to_nice_yaml | indent(2, true) }} -{% endif %} - -{% if nginx_exporter_basic_auth_users | length > 0 %} -basic_auth_users: -{% for k, v in nginx_exporter_basic_auth_users.items() %} - {{ k }}: {{ v | string | password_hash('bcrypt', ('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890' | shuffle(seed=inventory_hostname) | join)[:22], rounds=9) }} -{% endfor %} -{% endif %} diff --git a/roles/nginx_exporter/vars/main.yml b/roles/nginx_exporter/vars/main.yml index 87698f9ee..ad678876c 100644 --- a/roles/nginx_exporter/vars/main.yml +++ b/roles/nginx_exporter/vars/main.yml @@ -1,11 +1,9 @@ --- -go_arch_map: - i386: '386' - x86_64: 'amd64' - aarch64: 'arm64' - armv7l: 'armv7' - armv6l: 'armv6' - -go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}" +_nginx_exporter_go_ansible_arch: "{{ {'i386': '386', + 'x86_64': 'amd64', + 'aarch64': 'arm64', + 'armv7l': 'armv7', + 'armv6l': 'armv6'}.get(ansible_architecture, ansible_architecture) }}" _nginx_exporter_repo: "nginxinc/nginx-prometheus-exporter" _github_api_headers: "{{ {'GITHUB_TOKEN': lookup('ansible.builtin.env', 'GITHUB_TOKEN')} if (lookup('ansible.builtin.env', 'GITHUB_TOKEN')) else {} }}" +_nginx_exporter_binaries: ['nginx-prometheus-exporter'] From 3c5d7107476cdeee2c0300ea4c5ddacde18999f5 Mon Sep 17 00:00:00 2001 From: gardar Date: Tue, 15 Oct 2024 17:08:40 +0000 Subject: [PATCH 13/24] refactor(node_exporter): delegate common tasks to _common role Signed-off-by: gardar --- roles/node_exporter/defaults/main.yml | 7 +- roles/node_exporter/meta/argument_specs.yml | 20 ++---- .../molecule/alternative/molecule.yml | 6 +- .../molecule/default/tests/test_default.py | 1 - roles/node_exporter/tasks/configure.yml | 55 ++++++--------- roles/node_exporter/tasks/install.yml | 69 ------------------- roles/node_exporter/tasks/main.yml | 46 +++++-------- roles/node_exporter/tasks/preflight.yml | 68 +++--------------- roles/node_exporter/tasks/selinux.yml | 23 ------- roles/node_exporter/templates/config.yaml.j2 | 18 ----- .../templates/node_exporter.service.j2 | 4 +- roles/node_exporter/vars/main.yml | 14 ++-- 12 files changed, 68 insertions(+), 263 deletions(-) delete mode 100644 roles/node_exporter/tasks/install.yml delete mode 100644 roles/node_exporter/tasks/selinux.yml delete mode 100644 roles/node_exporter/templates/config.yaml.j2 diff --git a/roles/node_exporter/defaults/main.yml b/roles/node_exporter/defaults/main.yml index 835c37d96..70cb27ef5 100644 --- a/roles/node_exporter/defaults/main.yml +++ b/roles/node_exporter/defaults/main.yml @@ -1,10 +1,8 @@ --- node_exporter_version: 1.8.2 -node_exporter_binary_local_dir: "" node_exporter_binary_url: "https://github.com/{{ _node_exporter_repo }}/releases/download/v{{ node_exporter_version }}/\ - node_exporter-{{ node_exporter_version }}.linux-{{ go_arch }}.tar.gz" + node_exporter-{{ node_exporter_version }}.{{ ansible_system | lower }}-{{ _node_exporter_go_ansible_arch }}.tar.gz" node_exporter_checksums_url: "https://github.com/{{ _node_exporter_repo }}/releases/download/v{{ node_exporter_version }}/sha256sums.txt" -node_exporter_skip_install: false node_exporter_web_disable_exporter_metrics: false node_exporter_web_listen_address: "0.0.0.0:9100" @@ -32,5 +30,6 @@ node_exporter_binary_install_dir: "/usr/local/bin" node_exporter_system_group: "node-exp" node_exporter_system_user: "{{ node_exporter_system_group }}" +node_exporter_config_dir: "/etc/node_exporter" # Local path to stash the archive and its extraction -node_exporter_archive_path: /tmp +node_exporter_local_cache_path: "/tmp/node_exporter-{{ ansible_system | lower }}-{{ _node_exporter_go_ansible_arch }}/{{ node_exporter_version }}" diff --git a/roles/node_exporter/meta/argument_specs.yml b/roles/node_exporter/meta/argument_specs.yml index 5129f471a..05aa16e31 100644 --- a/roles/node_exporter/meta/argument_specs.yml +++ b/roles/node_exporter/meta/argument_specs.yml @@ -11,18 +11,9 @@ argument_specs: node_exporter_version: description: "Node exporter package version. Also accepts latest as parameter." default: "1.8.2" - node_exporter_skip_install: - description: "Node exporter installation tasks gets skipped when set to true." - type: bool - default: false - node_exporter_binary_local_dir: - description: - - "Enables the use of local packages instead of those distributed on github." - - "The parameter may be set to a directory where the C(node_exporter) binary is stored on the host where ansible is run." - - "This overrides the I(node_exporter_version) parameter" node_exporter_binary_url: description: "URL of the node exporter binaries .tar.gz file" - default: "https://github.com/{{ _node_exporter_repo }}/releases/download/v{{ node_exporter_version }}/node_exporter-{{ node_exporter_version }}.linux-{{ go_arch }}.tar.gz" + default: "https://github.com/{{ _node_exporter_repo }}/releases/download/v{{ node_exporter_version }}/node_exporter-{{ node_exporter_version }}.{{ ansible_system | lower }}-{{ _node_exporter_go_ansible_arch }}.tar.gz" node_exporter_checksums_url: description: "URL of the node exporter checksums file" default: "https://github.com/{{ _node_exporter_repo }}/releases/download/v{{ node_exporter_version }}/sha256sums.txt" @@ -85,6 +76,9 @@ argument_specs: - "I(Advanced)" - "Node exporter user" default: "node-exp" - node_exporter_archive_path: - description: 'Local path to stash the archive and its extraction' - default: "/tmp" + node_exporter_local_cache_path: + description: "Local path to stash the archive and its extraction" + default: "/tmp/node_exporter-{{ ansible_system | lower }}-{{ _node_exporter_go_ansible_arch }}/{{ node_exporter_version }}" + node_exporter_config_dir: + description: "Path to directory with node_exporter configuration" + default: "/etc/node_exporter" diff --git a/roles/node_exporter/molecule/alternative/molecule.yml b/roles/node_exporter/molecule/alternative/molecule.yml index 508f9af12..b6fc8e87f 100644 --- a/roles/node_exporter/molecule/alternative/molecule.yml +++ b/roles/node_exporter/molecule/alternative/molecule.yml @@ -5,7 +5,7 @@ provisioner: inventory: group_vars: all: - node_exporter_binary_local_dir: "/tmp/node_exporter-linux-amd64" + node_exporter_local_cache_path: "/tmp/node_exporter-linux-amd64" node_exporter_web_listen_address: - '127.0.0.1:8080' - '127.0.1.1:8080' @@ -21,8 +21,6 @@ provisioner: http2: true node_exporter_basic_auth_users: randomuser: examplepassword - go_arch: amd64 node_exporter_version: 1.5.0 node_exporter_binary_url: "https://github.com/prometheus/node_exporter/releases/download/v{{\ - \ node_exporter_version }}/node_exporter-{{ node_exporter_version }}.linux-{{\ - \ go_arch }}.tar.gz" + \ node_exporter_version }}/node_exporter-{{ node_exporter_version }}.linux-amd64.tar.gz" diff --git a/roles/node_exporter/molecule/default/tests/test_default.py b/roles/node_exporter/molecule/default/tests/test_default.py index 24688320a..045f9f7f2 100644 --- a/roles/node_exporter/molecule/default/tests/test_default.py +++ b/roles/node_exporter/molecule/default/tests/test_default.py @@ -46,7 +46,6 @@ def test_user(host): assert host.group("node-exp").exists assert "node-exp" in host.user("node-exp").groups assert host.user("node-exp").shell == "/usr/sbin/nologin" - assert host.user("node-exp").home == "/" def test_service(host): diff --git a/roles/node_exporter/tasks/configure.yml b/roles/node_exporter/tasks/configure.yml index db85c1991..368a4e54f 100644 --- a/roles/node_exporter/tasks/configure.yml +++ b/roles/node_exporter/tasks/configure.yml @@ -1,29 +1,19 @@ --- -- name: Copy the node_exporter systemd service file - ansible.builtin.template: - src: node_exporter.service.j2 - dest: /etc/systemd/system/node_exporter.service - owner: root - group: root - mode: 0644 - notify: restart node_exporter - -- name: Create node_exporter config directory - ansible.builtin.file: - path: "/etc/node_exporter" - state: directory - owner: root - group: root - mode: u+rwX,g+rwX,o=rX - -- name: Copy the node_exporter config file - ansible.builtin.template: - src: config.yaml.j2 - dest: /etc/node_exporter/config.yaml - owner: root - group: root - mode: 0644 - notify: restart node_exporter +- name: Configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: configure.yml + vars: + _common_system_user: "{{ node_exporter_system_user }}" + _common_system_group: "{{ node_exporter_system_group }}" + _common_config_dir: "{{ node_exporter_config_dir }}" + _common_tls_server_config: "{{ node_exporter_tls_server_config }}" + _common_http_server_config: "{{ node_exporter_http_server_config }}" + _common_basic_auth_users: "{{ node_exporter_basic_auth_users }}" + tags: + - node_exporter + - configure + - node_exporter_configure - name: Create textfile collector dir ansible.builtin.file: @@ -32,14 +22,9 @@ owner: "{{ node_exporter_system_user }}" group: "{{ node_exporter_system_group }}" mode: u+rwX,g+rwX,o=rX + become: true when: node_exporter_textfile_dir | length > 0 - -- name: Allow node_exporter port in SELinux on RedHat OS family - community.general.seport: - ports: "{{ node_exporter_web_listen_address.split(':')[-1] }}" - proto: tcp - setype: http_port_t - state: present - when: - - ansible_version.full is version_compare('2.4', '>=') - - ansible_selinux.status == "enabled" + tags: + - node_exporter + - configure + - node_exporter_configure diff --git a/roles/node_exporter/tasks/install.yml b/roles/node_exporter/tasks/install.yml deleted file mode 100644 index fd21ec6e4..000000000 --- a/roles/node_exporter/tasks/install.yml +++ /dev/null @@ -1,69 +0,0 @@ ---- -- name: Create the node_exporter group - ansible.builtin.group: - name: "{{ node_exporter_system_group }}" - state: present - system: true - when: node_exporter_system_group != "root" - -- name: Create the node_exporter user - ansible.builtin.user: - name: "{{ node_exporter_system_user }}" - groups: "{{ node_exporter_system_group }}" - append: true - shell: /usr/sbin/nologin - system: true - create_home: false - home: / - when: node_exporter_system_user != "root" - -- name: Get binary - when: - - node_exporter_binary_local_dir | length == 0 - - not node_exporter_skip_install - block: - - - name: Download node_exporter binary to local folder - become: false - ansible.builtin.get_url: - url: "{{ node_exporter_binary_url }}" - dest: "{{ node_exporter_archive_path }}/node_exporter-{{ node_exporter_version }}.linux-{{ go_arch }}.tar.gz" - checksum: "sha256:{{ __node_exporter_checksum }}" - mode: '0644' - register: _download_binary - until: _download_binary is succeeded - retries: 5 - delay: 2 - delegate_to: localhost - check_mode: false - - - name: Unpack node_exporter binary - become: false - ansible.builtin.unarchive: - src: "{{ node_exporter_archive_path }}/node_exporter-{{ node_exporter_version }}.linux-{{ go_arch }}.tar.gz" - dest: "{{ node_exporter_archive_path }}" - creates: "{{ node_exporter_archive_path }}/node_exporter-{{ node_exporter_version }}.linux-{{ go_arch }}/node_exporter" - delegate_to: localhost - check_mode: false - - - name: Propagate node_exporter binaries - ansible.builtin.copy: - src: "{{ node_exporter_archive_path }}/node_exporter-{{ node_exporter_version }}.linux-{{ go_arch }}/node_exporter" - dest: "{{ node_exporter_binary_install_dir }}/node_exporter" - mode: 0755 - owner: root - group: root - notify: restart node_exporter - when: not ansible_check_mode - -- name: Propagate locally distributed node_exporter binary - ansible.builtin.copy: - src: "{{ node_exporter_binary_local_dir }}/node_exporter" - dest: "{{ node_exporter_binary_install_dir }}/node_exporter" - mode: 0755 - owner: root - group: root - when: - - node_exporter_binary_local_dir | length > 0 - - not node_exporter_skip_install - notify: restart node_exporter diff --git a/roles/node_exporter/tasks/main.yml b/roles/node_exporter/tasks/main.yml index 60d6e4cee..d41d4370a 100644 --- a/roles/node_exporter/tasks/main.yml +++ b/roles/node_exporter/tasks/main.yml @@ -2,40 +2,34 @@ - name: Preflight ansible.builtin.include_tasks: file: preflight.yml - apply: - tags: - - node_exporter_install - - node_exporter_configure - - node_exporter_run tags: - node_exporter_install - node_exporter_configure - node_exporter_run - name: Install - ansible.builtin.include_tasks: - file: install.yml - apply: - become: true - tags: - - node_exporter_install - when: - ( not __node_exporter_is_installed.stat.exists ) or - ( (__node_exporter_current_version_output.stderr_lines | length > 0) - and (__node_exporter_current_version_output.stderr_lines[0].split(" ")[2] != node_exporter_version) ) or - ( (__node_exporter_current_version_output.stdout_lines | length > 0) - and (__node_exporter_current_version_output.stdout_lines[0].split(" ")[2] != node_exporter_version) ) or - ( node_exporter_binary_local_dir | length > 0 ) + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: install.yml + vars: + _common_local_cache_path: "{{ node_exporter_local_cache_path }}" + _common_binaries: "{{ _node_exporter_binaries }}" + _common_binary_install_dir: "{{ node_exporter_binary_install_dir }}" + _common_binary_url: "{{ node_exporter_binary_url }}" + _common_checksums_url: "{{ node_exporter_checksums_url }}" + _common_system_group: "{{ node_exporter_system_group }}" + _common_system_user: "{{ node_exporter_system_user }}" + _common_config_dir: "{{ node_exporter_config_dir }}" + _common_binary_unarchive_opts: ['--strip-components=1'] tags: - node_exporter_install - name: SELinux - ansible.builtin.include_tasks: - file: selinux.yml - apply: - become: true - tags: - - node_exporter_configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: selinux.yml + vars: + _common_selinux_port: "{{ node_exporter_web_listen_address | urlsplit('port') }}" when: ansible_selinux.status == "enabled" tags: - node_exporter_configure @@ -43,10 +37,6 @@ - name: Configure ansible.builtin.include_tasks: file: configure.yml - apply: - become: true - tags: - - node_exporter_configure tags: - node_exporter_configure diff --git a/roles/node_exporter/tasks/preflight.yml b/roles/node_exporter/tasks/preflight.yml index 5a56b60ee..6431ad691 100644 --- a/roles/node_exporter/tasks/preflight.yml +++ b/roles/node_exporter/tasks/preflight.yml @@ -1,24 +1,8 @@ --- -- name: Assert usage of systemd as an init system - ansible.builtin.assert: - that: ansible_service_mgr == 'systemd' - msg: "This role only works with systemd" - -- name: Install package fact dependencies - become: true - ansible.builtin.package: - name: "{{ _pkg_fact_req }}" - state: present - when: (_pkg_fact_req) - vars: - _pkg_fact_req: "{% if (ansible_pkg_mgr == 'apt') %}\ - {{ ('python-apt' if ansible_python_version is version('3', '<') else 'python3-apt') }} - {% else %}\ - {% endif %}" - -- name: Gather package facts - ansible.builtin.package_facts: - when: "not 'packages' in ansible_facts" +- name: Common preflight + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: preflight.yml - name: Assert that used version supports listen address type ansible.builtin.assert: @@ -72,23 +56,6 @@ - "__node_exporter_cert_file.stat.exists" - "__node_exporter_key_file.stat.exists" -- name: Check if node_exporter is installed - ansible.builtin.stat: - path: "{{ node_exporter_binary_install_dir }}/node_exporter" - register: __node_exporter_is_installed - check_mode: false - tags: - - node_exporter_install - -- name: Gather currently installed node_exporter version (if any) - ansible.builtin.command: "{{ node_exporter_binary_install_dir }}/node_exporter --version" - changed_when: false - register: __node_exporter_current_version_output - check_mode: false - when: __node_exporter_is_installed.stat.exists - tags: - - node_exporter_install - - name: Discover latest version ansible.builtin.set_fact: node_exporter_version: "{{ (lookup('url', 'https://api.github.com/repos/{{ _node_exporter_repo }}/releases/latest', headers=_github_api_headers, @@ -98,24 +65,9 @@ retries: 10 when: - node_exporter_version == "latest" - - node_exporter_binary_local_dir | length == 0 - - not node_exporter_skip_install - -- name: Get node_exporter binary checksum - when: - - node_exporter_binary_local_dir | length == 0 - - not node_exporter_skip_install - block: - - name: Get checksum list from github - ansible.builtin.set_fact: - __node_exporter_checksums: "{{ lookup('url', node_exporter_checksums_url, headers=_github_api_headers, wantlist=True) | list }}" - run_once: true - until: __node_exporter_checksums is search('linux-' + go_arch + '.tar.gz') - retries: 10 - - - name: "Get checksum for {{ go_arch }}" - ansible.builtin.set_fact: - __node_exporter_checksum: "{{ item.split(' ')[0] }}" - with_items: "{{ __node_exporter_checksums }}" - when: - - "('linux-' + go_arch + '.tar.gz') in item" + tags: + - node_exporter + - install + - node_exporter_install + - download + - node_exporter_download diff --git a/roles/node_exporter/tasks/selinux.yml b/roles/node_exporter/tasks/selinux.yml deleted file mode 100644 index 754cbd0a2..000000000 --- a/roles/node_exporter/tasks/selinux.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Install selinux python packages [RedHat] - ansible.builtin.package: - name: "{{ ['libselinux-python', 'policycoreutils-python'] - if ansible_python_version is version('3', '<') else - ['python3-libselinux', 'python3-policycoreutils'] }}" - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: ansible_os_family | lower == "redhat" - -- name: Install selinux python packages [clearlinux] - ansible.builtin.package: - name: sysadmin-basic - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: - - ansible_distribution | lower == "clearlinux" diff --git a/roles/node_exporter/templates/config.yaml.j2 b/roles/node_exporter/templates/config.yaml.j2 deleted file mode 100644 index 4dff5111d..000000000 --- a/roles/node_exporter/templates/config.yaml.j2 +++ /dev/null @@ -1,18 +0,0 @@ ---- -{{ ansible_managed | comment }} -{% if node_exporter_tls_server_config | length > 0 %} -tls_server_config: -{{ node_exporter_tls_server_config | to_nice_yaml | indent(2, true) }} -{% endif %} - -{% if node_exporter_http_server_config | length > 0 %} -http_server_config: -{{ node_exporter_http_server_config | to_nice_yaml | indent(2, true) }} -{% endif %} - -{% if node_exporter_basic_auth_users | length > 0 %} -basic_auth_users: -{% for k, v in node_exporter_basic_auth_users.items() %} - {{ k }}: {{ v | string | password_hash('bcrypt', ('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890' | shuffle(seed=inventory_hostname) | join)[:22], rounds=9) }} -{% endfor %} -{% endif %} diff --git a/roles/node_exporter/templates/node_exporter.service.j2 b/roles/node_exporter/templates/node_exporter.service.j2 index 95cf5587a..60cd69c6b 100644 --- a/roles/node_exporter/templates/node_exporter.service.j2 +++ b/roles/node_exporter/templates/node_exporter.service.j2 @@ -25,9 +25,9 @@ ExecStart={{ node_exporter_binary_install_dir }}/node_exporter \ {% endfor %} {% if node_exporter_tls_server_config | length > 0 or node_exporter_http_server_config | length > 0 or node_exporter_basic_auth_users | length > 0 %} {% if node_exporter_version is version('1.5.0', '>=') %} - '--web.config.file=/etc/node_exporter/config.yaml' \ + '--web.config.file={{ node_exporter_config_dir }}/web_config.yml' \ {% else %} - '--web.config=/etc/node_exporter/config.yaml' \ + '--web.config={{ node_exporter_config_dir }}/web_config.yml' \ {% endif %} {% endif %} {% if node_exporter_web_disable_exporter_metrics %} diff --git a/roles/node_exporter/vars/main.yml b/roles/node_exporter/vars/main.yml index 7a883d960..ad36964d9 100644 --- a/roles/node_exporter/vars/main.yml +++ b/roles/node_exporter/vars/main.yml @@ -1,11 +1,9 @@ --- -go_arch_map: - i386: '386' - x86_64: 'amd64' - aarch64: 'arm64' - armv7l: 'armv7' - armv6l: 'armv6' - -go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}" +_node_exporter_go_ansible_arch: "{{ {'i386': '386', + 'x86_64': 'amd64', + 'aarch64': 'arm64', + 'armv7l': 'armv7', + 'armv6l': 'armv6'}.get(ansible_architecture, ansible_architecture) }}" _node_exporter_repo: "prometheus/node_exporter" _github_api_headers: "{{ {'GITHUB_TOKEN': lookup('ansible.builtin.env', 'GITHUB_TOKEN')} if (lookup('ansible.builtin.env', 'GITHUB_TOKEN')) else {} }}" +_node_exporter_binaries: ['node_exporter'] From 90086175e1d71a760675417db190f74f363de141 Mon Sep 17 00:00:00 2001 From: gardar Date: Tue, 15 Oct 2024 17:09:10 +0000 Subject: [PATCH 14/24] refactor(postgres_exporter): delegate common tasks to _common role Signed-off-by: gardar --- roles/postgres_exporter/defaults/main.yml | 6 +- .../postgres_exporter/meta/argument_specs.yml | 19 ++--- .../molecule/alternative/molecule.yml | 6 +- .../molecule/default/tests/test_default.py | 1 - roles/postgres_exporter/tasks/configure.yml | 71 ++++++++----------- roles/postgres_exporter/tasks/install.yml | 71 ------------------- roles/postgres_exporter/tasks/main.yml | 46 +++++------- roles/postgres_exporter/tasks/preflight.yml | 68 +++--------------- roles/postgres_exporter/tasks/selinux.yml | 23 ------ .../templates/postgres_exporter.service.j2 | 2 +- .../templates/web_config.yaml.j2 | 18 ----- roles/postgres_exporter/vars/main.yml | 15 ++-- 12 files changed, 73 insertions(+), 273 deletions(-) delete mode 100644 roles/postgres_exporter/tasks/install.yml delete mode 100644 roles/postgres_exporter/tasks/selinux.yml delete mode 100644 roles/postgres_exporter/templates/web_config.yaml.j2 diff --git a/roles/postgres_exporter/defaults/main.yml b/roles/postgres_exporter/defaults/main.yml index 3d301ab65..0a133c52d 100644 --- a/roles/postgres_exporter/defaults/main.yml +++ b/roles/postgres_exporter/defaults/main.yml @@ -1,10 +1,8 @@ --- postgres_exporter_version: 0.15.0 -postgres_exporter_binary_local_dir: "" postgres_exporter_binary_url: "https://github.com/{{ _postgres_exporter_repo }}/releases/download/v{{ postgres_exporter_version }}/\ - postgres_exporter-{{ postgres_exporter_version }}.linux-{{ go_arch }}.tar.gz" + postgres_exporter-{{ postgres_exporter_version }}.{{ ansible_system | lower }}-{{ _postgres_exporter_go_ansible_arch }}.tar.gz" postgres_exporter_checksums_url: "https://github.com/{{ _postgres_exporter_repo }}/releases/download/v{{ postgres_exporter_version }}/sha256sums.txt" -postgres_exporter_skip_install: false postgres_exporter_web_listen_address: "0.0.0.0:9187" postgres_exporter_web_telemetry_path: "/metrics" @@ -33,4 +31,4 @@ postgres_exporter_system_group: "postgres-exp" postgres_exporter_system_user: "{{ postgres_exporter_system_group }}" # Local path to stash the archive and its extraction -postgres_exporter_archive_path: /tmp +postgres_exporter_local_cache_path: "/tmp/postgres_exporter-{{ ansible_system | lower }}-{{ _postgres_exporter_go_ansible_arch }}/{{ postgres_exporter_version }}" diff --git a/roles/postgres_exporter/meta/argument_specs.yml b/roles/postgres_exporter/meta/argument_specs.yml index 873c8777e..0256e4bfe 100644 --- a/roles/postgres_exporter/meta/argument_specs.yml +++ b/roles/postgres_exporter/meta/argument_specs.yml @@ -11,18 +11,9 @@ argument_specs: postgres_exporter_version: description: "PostgreSQL exporter package version. Also accepts latest as parameter." default: "0.15.0" - postgres_exporter_skip_install: - description: "PostgreSQL installation tasks gets skipped when set to true." - type: bool - default: false - postgres_exporter_binary_local_dir: - description: - - "Enables the use of local packages instead of those distributed on github." - - "The parameter may be set to a directory where the C(postgres_exporter) binary is stored on the host where ansible is run." - - "This overrides the I(postgres_exporter_version) parameter" postgres_exporter_binary_url: description: "URL of the postgres_exporter binaries .tar.gz file" - default: "https://github.com/{{ _postgres_exporter_repo }}/download/v{{ postgres_exporter_version }}/postgres_exporter-{{ postgres_exporter_version }}.linux-{{ go_arch }}.tar.gz" + default: "https://github.com/{{ _postgres_exporter_repo }}/releases/download/v{{ postgres_exporter_version }}/postgres_exporter-{{ postgres_exporter_version }}.{{ ansible_system | lower }}-{{ _postgres_exporter_go_ansible_arch }}.tar.gz" postgres_exporter_checksums_url: description: "URL of the postgres_exporter checksums file" default: "https://github.com/{{ _postgres_exporter_repo }}/releases/download/v{{ postgres_exporter_version }}/sha256sums.txt" @@ -33,7 +24,7 @@ argument_specs: description: "Path under which to expose metrics" default: "/metrics" postgres_exporter_config_dir: - description: "The path where exporter configuration is stored" + description: "Path to directory with postgres_exporter configuration" default: "/etc/postgres_exporter" postgres_exporter_config_file: description: "The filename of the postgres exporter config file" @@ -89,6 +80,6 @@ argument_specs: - "I(Advanced)" - "PostgreSQL Exporter user" default: "postgres-exp" - postgres_exporter_archive_path: - description: 'Local path to stash the archive and its extraction' - default: "/tmp" + postgres_exporter_local_cache_path: + description: "Local path to stash the archive and its extraction" + default: "/tmp/postgres_exporter-{{ ansible_system | lower }}-{{ _postgres_exporter_go_ansible_arch }}/{{ postgres_exporter_version }}" diff --git a/roles/postgres_exporter/molecule/alternative/molecule.yml b/roles/postgres_exporter/molecule/alternative/molecule.yml index da17a5945..d2b20f7a6 100644 --- a/roles/postgres_exporter/molecule/alternative/molecule.yml +++ b/roles/postgres_exporter/molecule/alternative/molecule.yml @@ -5,7 +5,7 @@ provisioner: inventory: group_vars: all: - postgres_exporter_binary_local_dir: "/tmp/postgres_exporter-linux-amd64" + postgres_exporter_local_cache_path: "/tmp/postgres_exporter-linux-amd64" postgres_exporter_web_listen_address: - '127.0.0.1:8080' - '127.0.1.1:8080' @@ -20,8 +20,6 @@ provisioner: http2: true postgres_exporter_basic_auth_users: randomuser: examplepassword - go_arch: amd64 postgres_exporter_version: 0.15.0 postgres_exporter_binary_url: "https://github.com/prometheus-community/postgres_exporter/releases/download/v{{\ - \ postgres_exporter_version }}/postgres_exporter-{{ postgres_exporter_version\ - \ }}.linux-{{ go_arch }}.tar.gz" + \ postgres_exporter_version }}/postgres_exporter-{{ postgres_exporter_version }}.linux-amd64.tar.gz" diff --git a/roles/postgres_exporter/molecule/default/tests/test_default.py b/roles/postgres_exporter/molecule/default/tests/test_default.py index d2eb60d75..0632a4a58 100644 --- a/roles/postgres_exporter/molecule/default/tests/test_default.py +++ b/roles/postgres_exporter/molecule/default/tests/test_default.py @@ -46,7 +46,6 @@ def test_user(host): assert host.group("postgres-exp").exists assert "postgres-exp" in host.user("postgres-exp").groups assert host.user("postgres-exp").shell == "/usr/sbin/nologin" - assert host.user("postgres-exp").home == "/" def test_service(host): diff --git a/roles/postgres_exporter/tasks/configure.yml b/roles/postgres_exporter/tasks/configure.yml index 0b23efc49..e5e24390d 100644 --- a/roles/postgres_exporter/tasks/configure.yml +++ b/roles/postgres_exporter/tasks/configure.yml @@ -1,20 +1,19 @@ --- -- name: Copy the postgres_exporter systemd service file - ansible.builtin.template: - src: postgres_exporter.service.j2 - dest: /etc/systemd/system/postgres_exporter.service - owner: root - group: root - mode: '0644' - notify: restart postgres_exporter - -- name: Create postgres_exporter config directory - ansible.builtin.file: - path: "{{ postgres_exporter_config_dir }}" - state: directory - owner: root - group: root - mode: u+rwX,g+rwX,o=rX +- name: Configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: configure.yml + vars: + _common_system_user: "{{ postgres_exporter_system_user }}" + _common_system_group: "{{ postgres_exporter_system_group }}" + _common_config_dir: "{{ postgres_exporter_config_dir }}" + _common_tls_server_config: "{{ postgres_exporter_tls_server_config }}" + _common_http_server_config: "{{ postgres_exporter_http_server_config }}" + _common_basic_auth_users: "{{ postgres_exporter_basic_auth_users }}" + tags: + - postgres_exporter + - configure + - postgres_exporter_configure - name: Create postgres_exporter.yml ansible.builtin.template: @@ -23,10 +22,21 @@ owner: root group: '{{ postgres_exporter_system_group }}' mode: '0640' - # no_log: "{{ false if (lookup('env', 'CI')) or (lookup('env', 'MOLECULE_PROVISIONER_NAME')) else true }}" + no_log: "{{ false if (lookup('env', 'CI')) or (lookup('env', 'MOLECULE_PROVISIONER_NAME')) else true }}" notify: restart postgres_exporter + become: true + tags: + - postgres_exporter + - configure + - postgres_exporter_configure + - name: Configure via URI when: postgres_exporter_uri | length > 0 + become: true + tags: + - postgres_exporter + - configure + - postgres_exporter_configure block: - name: Creating file postgres_exporter_uri ansible.builtin.copy: @@ -36,6 +46,7 @@ group: '{{ postgres_exporter_system_group }}' mode: '0640' notify: restart postgres_exporter + - name: Creating file postgres_exporter_user ansible.builtin.copy: dest: "{{ postgres_exporter_config_dir }}/postgres_exporter_user" @@ -44,6 +55,7 @@ group: '{{ postgres_exporter_system_group }}' mode: '0640' notify: restart postgres_exporter + - name: Creating file postgres_exporter_pass ansible.builtin.copy: dest: "{{ postgres_exporter_config_dir }}/postgres_exporter_pass" @@ -52,28 +64,3 @@ group: '{{ postgres_exporter_system_group }}' mode: '0640' notify: restart postgres_exporter - -- name: Configure postgres_exporter web config - when: - ( postgres_exporter_tls_server_config | length > 0 ) or - ( postgres_exporter_http_server_config | length > 0 ) or - ( postgres_exporter_basic_auth_users | length > 0 ) - block: - - name: Copy the postgres_exporter web config file - ansible.builtin.template: - src: web_config.yaml.j2 - dest: "{{ postgres_exporter_config_dir }}/web_config.yaml" - owner: root - group: '{{ postgres_exporter_system_group }}' - mode: '0640' - notify: restart postgres_exporter - -- name: Allow postgres_exporter port in SELinux on RedHat OS family - community.general.seport: - ports: "{{ postgres_exporter_web_listen_address.split(':')[-1] }}" - proto: tcp - setype: http_port_t - state: present - when: - - ansible_version.full is version_compare('2.4', '>=') - - ansible_selinux.status == "enabled" diff --git a/roles/postgres_exporter/tasks/install.yml b/roles/postgres_exporter/tasks/install.yml deleted file mode 100644 index f1311328f..000000000 --- a/roles/postgres_exporter/tasks/install.yml +++ /dev/null @@ -1,71 +0,0 @@ ---- -- name: Create the postgres_exporter group - ansible.builtin.group: - name: "{{ postgres_exporter_system_group }}" - state: present - system: true - when: postgres_exporter_system_group not in ["root", "postgres"] - -- name: Create the postgres_exporter user - ansible.builtin.user: - name: "{{ postgres_exporter_system_user }}" - groups: "{{ postgres_exporter_system_group }}" - append: true - shell: /usr/sbin/nologin - system: true - create_home: false - home: / - when: postgres_exporter_system_user not in ["root", "postgres"] - -- name: Get binary - when: - - postgres_exporter_binary_local_dir | length == 0 - - not postgres_exporter_skip_install - block: - - - name: Download postgres_exporter binary to local folder - become: false - ansible.builtin.get_url: - url: "{{ postgres_exporter_binary_url }}" - dest: "{{ postgres_exporter_archive_path }}/postgres_exporter-{{ postgres_exporter_version }}.linux-{{ go_arch }}.tar.gz" - checksum: "sha256:{{ __postgres_exporter_checksum }}" - mode: '0644' - register: _download_binary - until: _download_binary is succeeded - retries: 5 - delay: 2 - delegate_to: localhost - check_mode: false - - - name: Unpack postgres_exporter binary - become: false - ansible.builtin.unarchive: - src: "{{ postgres_exporter_archive_path }}/postgres_exporter-{{ postgres_exporter_version }}.linux-{{ go_arch }}.tar.gz" - dest: "{{ postgres_exporter_archive_path }}" - creates: "{{ postgres_exporter_archive_path }}/postgres_exporter-{{ postgres_exporter_version }}.linux-{{ go_arch }}/postgres_exporter" - extra_opts: - - --no-same-owner - delegate_to: localhost - check_mode: false - - - name: Propagate postgres_exporter binaries - ansible.builtin.copy: - src: "{{ postgres_exporter_archive_path }}/postgres_exporter-{{ postgres_exporter_version }}.linux-{{ go_arch }}/postgres_exporter" - dest: "{{ postgres_exporter_binary_install_dir }}/postgres_exporter" - mode: '0755' - owner: root - group: root - notify: restart postgres_exporter - when: not ansible_check_mode - -- name: Propagate locally distributed postgres_exporter binary - ansible.builtin.copy: - src: "{{ postgres_exporter_binary_local_dir }}/postgres_exporter" - dest: "{{ postgres_exporter_binary_install_dir }}/postgres_exporter" - mode: '0755' - owner: root - group: root - when: - - postgres_exporter_binary_local_dir | length > 0 - - not postgres_exporter_skip_install - notify: restart postgres_exporter diff --git a/roles/postgres_exporter/tasks/main.yml b/roles/postgres_exporter/tasks/main.yml index e1060efaa..315922711 100644 --- a/roles/postgres_exporter/tasks/main.yml +++ b/roles/postgres_exporter/tasks/main.yml @@ -2,40 +2,34 @@ - name: Preflight ansible.builtin.include_tasks: file: preflight.yml - apply: - tags: - - postgres_exporter_install - - postgres_exporter_configure - - postgres_exporter_run tags: - postgres_exporter_install - postgres_exporter_configure - postgres_exporter_run - name: Install - ansible.builtin.include_tasks: - file: install.yml - apply: - become: true - tags: - - postgres_exporter_install - when: - ( not __postgres_exporter_is_installed.stat.exists ) or - ( (__postgres_exporter_current_version_output.stderr_lines | length > 0) - and (__postgres_exporter_current_version_output.stderr_lines[0].split(" ")[2] != postgres_exporter_version) ) or - ( (__postgres_exporter_current_version_output.stdout_lines | length > 0) - and (__postgres_exporter_current_version_output.stdout_lines[0].split(" ")[2] != postgres_exporter_version) ) or - ( postgres_exporter_binary_local_dir | length > 0 ) + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: install.yml + vars: + _common_local_cache_path: "{{ postgres_exporter_local_cache_path }}" + _common_binaries: "{{ _postgres_exporter_binaries }}" + _common_binary_install_dir: "{{ postgres_exporter_binary_install_dir }}" + _common_binary_url: "{{ postgres_exporter_binary_url }}" + _common_checksums_url: "{{ postgres_exporter_checksums_url }}" + _common_system_group: "{{ postgres_exporter_system_group }}" + _common_system_user: "{{ postgres_exporter_system_user }}" + _common_config_dir: "{{ postgres_exporter_config_dir }}" + _common_binary_unarchive_opts: ['--strip-components=1'] tags: - postgres_exporter_install - name: SELinux - ansible.builtin.include_tasks: - file: selinux.yml - apply: - become: true - tags: - - postgres_exporter_configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: selinux.yml + vars: + _common_selinux_port: "{{ postgres_exporter_web_listen_address | urlsplit('port') }}" when: ansible_selinux.status == "enabled" tags: - postgres_exporter_configure @@ -43,10 +37,6 @@ - name: Configure ansible.builtin.include_tasks: file: configure.yml - apply: - become: true - tags: - - postgres_exporter_configure tags: - postgres_exporter_configure diff --git a/roles/postgres_exporter/tasks/preflight.yml b/roles/postgres_exporter/tasks/preflight.yml index 38b09d338..b2e67d213 100644 --- a/roles/postgres_exporter/tasks/preflight.yml +++ b/roles/postgres_exporter/tasks/preflight.yml @@ -1,24 +1,8 @@ --- -- name: Assert usage of systemd as an init system - ansible.builtin.assert: - that: ansible_service_mgr == 'systemd' - msg: "This role only works with systemd" - -- name: Install package fact dependencies - become: true - ansible.builtin.package: - name: "{{ _pkg_fact_req }}" - state: present - when: (_pkg_fact_req) - vars: - _pkg_fact_req: "{% if (ansible_pkg_mgr == 'apt') %}\ - {{ ('python-apt' if ansible_python_version is version('3', '<') else 'python3-apt') }} - {% else %}\ - {% endif %}" - -- name: Gather package facts - ansible.builtin.package_facts: - when: "not 'packages' in ansible_facts" +- name: Common preflight + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: preflight.yml - name: Assert that used version supports listen address type ansible.builtin.assert: @@ -72,23 +56,6 @@ - "__postgres_exporter_cert_file.stat.exists" - "__postgres_exporter_key_file.stat.exists" -- name: Check if postgres_exporter is installed - ansible.builtin.stat: - path: "{{ postgres_exporter_binary_install_dir }}/postgres_exporter" - register: __postgres_exporter_is_installed - check_mode: false - tags: - - postgres_exporter_install - -- name: Gather currently installed postgres_exporter version (if any) - ansible.builtin.command: "{{ postgres_exporter_binary_install_dir }}/postgres_exporter --version" - changed_when: false - register: __postgres_exporter_current_version_output - check_mode: false - when: __postgres_exporter_is_installed.stat.exists - tags: - - postgres_exporter_install - - name: Discover latest version ansible.builtin.set_fact: postgres_exporter_version: "{{ (lookup('url', 'https://api.github.com/repos/{{ _postgres_exporter_repo }}/releases/latest', headers=_github_api_headers, @@ -98,24 +65,9 @@ retries: 10 when: - postgres_exporter_version == "latest" - - postgres_exporter_binary_local_dir | length == 0 - - not postgres_exporter_skip_install - -- name: Get postgres_exporter binary checksum - when: - - postgres_exporter_binary_local_dir | length == 0 - - not postgres_exporter_skip_install - block: - - name: Get checksum list from github - ansible.builtin.set_fact: - __postgres_exporter_checksums: "{{ lookup('url', postgres_exporter_checksums_url, headers=_github_api_headers, wantlist=True) | list }}" - run_once: true - until: __postgres_exporter_checksums is search('linux-' + go_arch + '.tar.gz') - retries: 10 - - - name: "Get checksum for {{ go_arch }}" - ansible.builtin.set_fact: - __postgres_exporter_checksum: "{{ item.split(' ')[0] }}" - with_items: "{{ __postgres_exporter_checksums }}" - when: - - "('linux-' + go_arch + '.tar.gz') in item" + tags: + - postgres_exporter + - install + - postgres_exporter_install + - download + - postgres_exporter_download diff --git a/roles/postgres_exporter/tasks/selinux.yml b/roles/postgres_exporter/tasks/selinux.yml deleted file mode 100644 index 754cbd0a2..000000000 --- a/roles/postgres_exporter/tasks/selinux.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Install selinux python packages [RedHat] - ansible.builtin.package: - name: "{{ ['libselinux-python', 'policycoreutils-python'] - if ansible_python_version is version('3', '<') else - ['python3-libselinux', 'python3-policycoreutils'] }}" - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: ansible_os_family | lower == "redhat" - -- name: Install selinux python packages [clearlinux] - ansible.builtin.package: - name: sysadmin-basic - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: - - ansible_distribution | lower == "clearlinux" diff --git a/roles/postgres_exporter/templates/postgres_exporter.service.j2 b/roles/postgres_exporter/templates/postgres_exporter.service.j2 index 4ffb8cd8c..2b4bac66e 100644 --- a/roles/postgres_exporter/templates/postgres_exporter.service.j2 +++ b/roles/postgres_exporter/templates/postgres_exporter.service.j2 @@ -34,7 +34,7 @@ ExecStart={{ postgres_exporter_binary_install_dir }}/postgres_exporter \ --no-collector.{{ collector }} \ {% endfor %} {% if postgres_exporter_tls_server_config | length > 0 or postgres_exporter_http_server_config | length > 0 or postgres_exporter_basic_auth_users | length > 0 %} - --web.config.file={{ postgres_exporter_config_dir }}/web_config.yaml \ + --web.config.file={{ postgres_exporter_config_dir }}/web_config.yml \ {% endif %} {% if postgres_exporter_version is version('0.15.0', '>=') and postgres_exporter_web_listen_address is iterable and diff --git a/roles/postgres_exporter/templates/web_config.yaml.j2 b/roles/postgres_exporter/templates/web_config.yaml.j2 deleted file mode 100644 index 669be69f9..000000000 --- a/roles/postgres_exporter/templates/web_config.yaml.j2 +++ /dev/null @@ -1,18 +0,0 @@ ---- -{{ ansible_managed | comment }} -{% if postgres_exporter_tls_server_config | length > 0 %} -tls_server_config: -{{ postgres_exporter_tls_server_config | to_nice_yaml | indent(2, true) }} -{% endif %} - -{% if postgres_exporter_http_server_config | length > 0 %} -http_server_config: -{{ postgres_exporter_http_server_config | to_nice_yaml | indent(2, true) }} -{% endif %} - -{% if postgres_exporter_basic_auth_users | length > 0 %} -basic_auth_users: -{% for k, v in postgres_exporter_basic_auth_users.items() %} - {{ k }}: {{ v | string | password_hash('bcrypt', ('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890' | shuffle(seed=inventory_hostname) | join)[:22], rounds=9) }} -{% endfor %} -{% endif %} diff --git a/roles/postgres_exporter/vars/main.yml b/roles/postgres_exporter/vars/main.yml index 44a2fdf41..3b3719e4f 100644 --- a/roles/postgres_exporter/vars/main.yml +++ b/roles/postgres_exporter/vars/main.yml @@ -1,12 +1,9 @@ --- -go_arch_map: - i386: '386' - x86_64: 'amd64' - aarch64: 'arm64' - armv7l: 'armv7' - armv6l: 'armv6' - -go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}" - +_postgres_exporter_go_ansible_arch: "{{ {'i386': '386', + 'x86_64': 'amd64', + 'aarch64': 'arm64', + 'armv7l': 'armv7', + 'armv6l': 'armv6'}.get(ansible_architecture, ansible_architecture) }}" _postgres_exporter_repo: "prometheus-community/postgres_exporter" _github_api_headers: "{{ {'GITHUB_TOKEN': lookup('ansible.builtin.env', 'GITHUB_TOKEN')} if (lookup('ansible.builtin.env', 'GITHUB_TOKEN')) else {} }}" +_postgres_exporter_binaries: ['postgres_exporter'] From 2bd22378ba094c191f01be656cd4c603eb7ba496 Mon Sep 17 00:00:00 2001 From: gardar Date: Tue, 15 Oct 2024 17:10:43 +0000 Subject: [PATCH 15/24] refactor(process_exporter): delegate common tasks to _common role Signed-off-by: gardar --- roles/process_exporter/defaults/main.yml | 7 +- .../process_exporter/meta/argument_specs.yml | 20 ++---- .../molecule/alternative/molecule.yml | 6 +- .../molecule/default/tests/test_default.py | 3 +- .../molecule/latest/tests/test_latest.py | 2 +- roles/process_exporter/tasks/configure.yml | 63 ++++++----------- roles/process_exporter/tasks/install.yml | 69 ------------------- roles/process_exporter/tasks/main.yml | 39 +++++------ roles/process_exporter/tasks/preflight.yml | 67 +++--------------- roles/process_exporter/tasks/selinux.yml | 23 ------- .../templates/process_exporter.service.j2 | 6 +- .../templates/web_config.yml.j2 | 19 ----- roles/process_exporter/vars/main.yml | 14 ++-- 13 files changed, 73 insertions(+), 265 deletions(-) delete mode 100644 roles/process_exporter/tasks/install.yml delete mode 100644 roles/process_exporter/tasks/selinux.yml delete mode 100644 roles/process_exporter/templates/web_config.yml.j2 diff --git a/roles/process_exporter/defaults/main.yml b/roles/process_exporter/defaults/main.yml index 32b9f0a98..03a0d8591 100644 --- a/roles/process_exporter/defaults/main.yml +++ b/roles/process_exporter/defaults/main.yml @@ -1,11 +1,9 @@ --- process_exporter_version: 0.8.3 -process_exporter_binary_local_dir: "" process_exporter_binary_url: "https://github.com/{{ _process_exporter_repo }}/releases/download/v{{ process_exporter_version }}/\ - process-exporter-{{ process_exporter_version }}.linux-{{ go_arch }}.tar.gz" + process-exporter-{{ process_exporter_version }}.{{ ansible_system | lower }}-{{ _process_exporter_go_ansible_arch }}.tar.gz" process_exporter_checksums_url: "https://github.com/{{ _process_exporter_repo }}/releases/download/v{{ process_exporter_version }}/checksums.txt" -process_exporter_skip_install: false -process_exporter_archive_path: /tmp +process_exporter_local_cache_path: "/tmp/process_exporter-{{ ansible_system | lower }}-{{ _process_exporter_go_ansible_arch }}/{{ process_exporter_version }}" process_exporter_web_listen_address: "0.0.0.0:9256" @@ -30,3 +28,4 @@ process_exporter_names: | process_exporter_binary_install_dir: "/usr/local/bin" process_exporter_system_group: "process-exp" process_exporter_system_user: "{{ process_exporter_system_group }}" +process_exporter_config_dir: "/etc/process_exporter" diff --git a/roles/process_exporter/meta/argument_specs.yml b/roles/process_exporter/meta/argument_specs.yml index 2c567817a..d65320b19 100644 --- a/roles/process_exporter/meta/argument_specs.yml +++ b/roles/process_exporter/meta/argument_specs.yml @@ -11,21 +11,9 @@ argument_specs: process_exporter_version: description: "Process exporter package version. Also accepts latest as parameter." default: "0.8.3" - process_exporter_skip_install: - description: "Process exporter installation tasks gets skipped when set to true." - type: bool - default: false - process_exporter_binary_local_dir: - description: - - "Enables the use of local packages instead of those distributed on github." - - "The parameter may be set to a directory where the C(process_exporter) binary is stored on the host where ansible is run." - - "This overrides the I(process_exporter_version) parameter" - process_exporter_archive_path: - description: "Local path to stash the archive and its extraction" - default: "/tmp" process_exporter_binary_url: description: "URL of the Process exporter binaries .tar.gz file" - default: "https://github.com/{{ _process_exporter_repo }}/releases/download/v{{ process_exporter_version }}/process_exporter-{{ process_exporter_version }}.linux-{{ go_arch }}.tar.gz" + default: "https://github.com/{{ _process_exporter_repo }}/releases/download/v{{ process_exporter_version }}/process-exporter-{{ process_exporter_version }}.{{ ansible_system | lower }}-{{ _process_exporter_go_ansible_arch }}.tar.gz" process_exporter_checksums_url: description: "URL of the Process exporter checksums file" default: "https://github.com/{{ _process_exporter_repo }}/releases/download/v{{ process_exporter_version }}/checksums.txt" @@ -67,3 +55,9 @@ argument_specs: - "I(Advanced)" - "Process exporter user" default: "process-exp" + process_exporter_local_cache_path: + description: "Local path to stash the archive and its extraction" + default: "/tmp/process_exporter-{{ ansible_system | lower }}-{{ _process_exporter_go_ansible_arch }}/{{ process_exporter_version }}" + process_exporter_config_dir: + description: "Path to directory with process_exporter configuration" + default: "/etc/process_exporter" diff --git a/roles/process_exporter/molecule/alternative/molecule.yml b/roles/process_exporter/molecule/alternative/molecule.yml index 4d9c97d70..9684eea07 100644 --- a/roles/process_exporter/molecule/alternative/molecule.yml +++ b/roles/process_exporter/molecule/alternative/molecule.yml @@ -5,7 +5,7 @@ provisioner: inventory: group_vars: all: - process_exporter_binary_local_dir: "/tmp/process_exporter-linux-amd64" + process_exporter_local_cache_path: "/tmp/process_exporter-linux-amd64" process_exporter_web_listen_address: "127.0.0.1:8080" process_exporter_tls_server_config: cert_file: /etc/process_exporter/tls.cert @@ -14,7 +14,6 @@ provisioner: http2: true process_exporter_basic_auth_users: randomuser: examplepassword - go_arch: amd64 process_exporter_version: 0.7.10 process_exporter_names: | {% raw %} @@ -29,5 +28,4 @@ provisioner: - crond {% endraw %} process_exporter_binary_url: "https://github.com/ncabatoff/process-exporter/releases/download/v{{\ - \ process_exporter_version }}/process-exporter-{{ process_exporter_version }}.linux-{{\ - \ go_arch }}.tar.gz" + \ process_exporter_version }}/process-exporter-{{ process_exporter_version }}.linux-amd64.tar.gz" diff --git a/roles/process_exporter/molecule/default/tests/test_default.py b/roles/process_exporter/molecule/default/tests/test_default.py index 066e268f2..865ed0c46 100644 --- a/roles/process_exporter/molecule/default/tests/test_default.py +++ b/roles/process_exporter/molecule/default/tests/test_default.py @@ -19,7 +19,7 @@ def test_directories(host): def test_files(host): files = [ "/etc/systemd/system/process_exporter.service", - "/usr/local/bin/process_exporter", + "/usr/local/bin/process-exporter", ] for file in files: f = host.file(file) @@ -46,7 +46,6 @@ def test_user(host): assert host.group("process-exp").exists assert "process-exp" in host.user("process-exp").groups assert host.user("process-exp").shell == "/usr/sbin/nologin" - assert host.user("process-exp").home == "/" def test_service(host): diff --git a/roles/process_exporter/molecule/latest/tests/test_latest.py b/roles/process_exporter/molecule/latest/tests/test_latest.py index 0c7b0a68a..a53a6067f 100644 --- a/roles/process_exporter/molecule/latest/tests/test_latest.py +++ b/roles/process_exporter/molecule/latest/tests/test_latest.py @@ -9,7 +9,7 @@ @pytest.mark.parametrize("files", [ "/etc/systemd/system/process_exporter.service", - "/usr/local/bin/process_exporter" + "/usr/local/bin/process-exporter" ]) def test_files(host, files): f = host.file(files) diff --git a/roles/process_exporter/tasks/configure.yml b/roles/process_exporter/tasks/configure.yml index de82483f4..a4753e503 100644 --- a/roles/process_exporter/tasks/configure.yml +++ b/roles/process_exporter/tasks/configure.yml @@ -1,51 +1,32 @@ --- -- name: Copy the process_exporter systemd service file - ansible.builtin.template: - src: process_exporter.service.j2 - dest: /etc/systemd/system/process_exporter.service - owner: root - group: root - mode: 0644 - notify: restart process_exporter - -- name: Create process_exporter config directory - ansible.builtin.file: - path: "/etc/process_exporter" - state: directory - owner: root - group: root - mode: u+rwX,g+rwX,o=rX +- name: Configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: configure.yml + vars: + _common_system_user: "{{ process_exporter_system_user }}" + _common_system_group: "{{ process_exporter_system_group }}" + _common_config_dir: "{{ process_exporter_config_dir }}" + _common_tls_server_config: "{{ process_exporter_tls_server_config }}" + _common_http_server_config: "{{ process_exporter_http_server_config }}" + _common_basic_auth_users: "{{ process_exporter_basic_auth_users }}" + tags: + - process_exporter + - configure + - process_exporter_configure - name: Create/Update configuration file ansible.builtin.template: src: "config.yml.j2" dest: "/etc/process_exporter/config.yml" - owner: root - group: root + owner: "{{ process_exporter_system_user }}" + group: "{{ process_exporter_system_group }}" mode: 0644 when: - process_exporter_names != [] notify: restart process_exporter - -- name: Configure process_exporter web config - ansible.builtin.template: - src: "web_config.yml.j2" - dest: "/etc/process_exporter/web_config.yml" - owner: root - group: root - mode: 0644 - when: - ( process_exporter_tls_server_config | length > 0 ) or - ( process_exporter_http_server_config | length > 0 ) or - ( process_exporter_basic_auth_users | length > 0 ) - notify: restart process_exporter - -- name: Allow process_exporter port in SELinux on RedHat OS family - community.general.seport: - ports: "{{ process_exporter_web_listen_address.split(':')[-1] }}" - proto: tcp - setype: http_port_t - state: present - when: - - ansible_version.full is version_compare('2.4', '>=') - - ansible_selinux.status == "enabled" + become: true + tags: + - process_exporter + - configure + - process_exporter_configure diff --git a/roles/process_exporter/tasks/install.yml b/roles/process_exporter/tasks/install.yml deleted file mode 100644 index e4e2a984e..000000000 --- a/roles/process_exporter/tasks/install.yml +++ /dev/null @@ -1,69 +0,0 @@ ---- -- name: Create the process_exporter group - ansible.builtin.group: - name: "{{ process_exporter_system_group }}" - state: present - system: true - when: process_exporter_system_group != "root" - -- name: Create the process_exporter user - ansible.builtin.user: - name: "{{ process_exporter_system_user }}" - groups: "{{ process_exporter_system_group }}" - append: true - shell: /usr/sbin/nologin - system: true - create_home: false - home: / - when: process_exporter_system_user != "root" - -- name: Get binary - when: - - process_exporter_binary_local_dir | length == 0 - - not process_exporter_skip_install - block: - - - name: Download process_exporter binary to local folder - become: false - ansible.builtin.get_url: - url: "{{ process_exporter_binary_url }}" - dest: "{{ process_exporter_archive_path }}/process_exporter-{{ process_exporter_version }}.linux-{{ go_arch }}.tar.gz" - checksum: "sha256:{{ __process_exporter_checksum }}" - mode: '0644' - register: _download_binary - until: _download_binary is succeeded - retries: 5 - delay: 2 - delegate_to: localhost - check_mode: false - - - name: Unpack process_exporter binary - become: false - ansible.builtin.unarchive: - src: "{{ process_exporter_archive_path }}/process_exporter-{{ process_exporter_version }}.linux-{{ go_arch }}.tar.gz" - dest: "{{ process_exporter_archive_path }}" - creates: "{{ process_exporter_archive_path }}/process-exporter-{{ process_exporter_version }}.linux-{{ go_arch }}/process-exporter" - delegate_to: localhost - check_mode: false - - - name: Propagate process_exporter binaries - ansible.builtin.copy: - src: "{{ process_exporter_archive_path }}/process-exporter-{{ process_exporter_version }}.linux-{{ go_arch }}/process-exporter" - dest: "{{ process_exporter_binary_install_dir }}/process_exporter" - mode: 0755 - owner: root - group: root - notify: restart process_exporter - when: not ansible_check_mode - -- name: Propagate locally distributed process_exporter binary - ansible.builtin.copy: - src: "{{ process_exporter_binary_local_dir }}/process-exporter" - dest: "{{ process_exporter_binary_install_dir }}/process_exporter" - mode: 0755 - owner: root - group: root - when: - - process_exporter_binary_local_dir | length > 0 - - not process_exporter_skip_install - notify: restart process_exporter diff --git a/roles/process_exporter/tasks/main.yml b/roles/process_exporter/tasks/main.yml index 44ee66d6a..71d0aa1ff 100644 --- a/roles/process_exporter/tasks/main.yml +++ b/roles/process_exporter/tasks/main.yml @@ -2,33 +2,34 @@ - name: Preflight ansible.builtin.include_tasks: file: preflight.yml - apply: - tags: - - process_exporter_install - - process_exporter_configure - - process_exporter_run tags: - process_exporter_install - process_exporter_configure - process_exporter_run - name: Install - ansible.builtin.include_tasks: - file: install.yml - apply: - become: true - tags: - - process_exporter_install + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: install.yml + vars: + _common_local_cache_path: "{{ process_exporter_local_cache_path }}" + _common_binaries: "{{ _process_exporter_binaries }}" + _common_binary_install_dir: "{{ process_exporter_binary_install_dir }}" + _common_binary_url: "{{ process_exporter_binary_url }}" + _common_checksums_url: "{{ process_exporter_checksums_url }}" + _common_system_group: "{{ process_exporter_system_group }}" + _common_system_user: "{{ process_exporter_system_user }}" + _common_config_dir: "{{ process_exporter_config_dir }}" + _common_binary_unarchive_opts: ['--strip-components=1'] tags: - process_exporter_install - name: SELinux - ansible.builtin.include_tasks: - file: selinux.yml - apply: - become: true - tags: - - process_exporter_configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: selinux.yml + vars: + _common_selinux_port: "{{ process_exporter_web_listen_address | urlsplit('port') }}" when: ansible_selinux.status == "enabled" tags: - process_exporter_configure @@ -36,10 +37,6 @@ - name: Configure ansible.builtin.include_tasks: file: configure.yml - apply: - become: true - tags: - - process_exporter_configure tags: - process_exporter_configure diff --git a/roles/process_exporter/tasks/preflight.yml b/roles/process_exporter/tasks/preflight.yml index 77bb34735..b012d8e86 100644 --- a/roles/process_exporter/tasks/preflight.yml +++ b/roles/process_exporter/tasks/preflight.yml @@ -1,47 +1,14 @@ --- -- name: Assert usage of systemd as an init system - ansible.builtin.assert: - that: ansible_service_mgr == 'systemd' - msg: "This role only works with systemd" - -- name: Install package fact dependencies - become: true - ansible.builtin.package: - name: "{{ _pkg_fact_req }}" - state: present - when: (_pkg_fact_req) - vars: - _pkg_fact_req: "{% if (ansible_pkg_mgr == 'apt') %}\ - {{ ('python-apt' if ansible_python_version is version('3', '<') else 'python3-apt') }} - {% else %}\ - {% endif %}" - -- name: Gather package facts - ansible.builtin.package_facts: - when: "not 'packages' in ansible_facts" +- name: Common preflight + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: preflight.yml - name: Naive assertion of proper listen address ansible.builtin.assert: that: - "':' in process_exporter_web_listen_address" -- name: Check if process_exporter is installed - ansible.builtin.stat: - path: "{{ process_exporter_binary_install_dir }}/process_exporter" - register: __process_exporter_is_installed - check_mode: false - tags: - - process_exporter_install - -- name: Gather currently installed process_exporter version (if any) - ansible.builtin.command: "{{ process_exporter_binary_install_dir }}/process_exporter --version" - changed_when: false - register: __process_exporter_current_version_output - check_mode: false - when: __process_exporter_is_installed.stat.exists - tags: - - process_exporter_install - - name: Discover latest version ansible.builtin.set_fact: process_exporter_version: "{{ (lookup('url', 'https://api.github.com/repos/{{ _process_exporter_repo }}/releases/latest', headers=_github_api_headers, @@ -51,23 +18,9 @@ retries: 10 when: - process_exporter_version == "latest" - - process_exporter_binary_local_dir | length == 0 - - not process_exporter_skip_install - -- name: Get process_exporter binary checksum - when: - - process_exporter_binary_local_dir | length == 0 - - not process_exporter_skip_install - block: - - name: Get checksum list from github - ansible.builtin.set_fact: - __process_exporter_checksums: "{{ lookup('url', process_exporter_checksums_url, headers=_github_api_headers, wantlist=True) | list }}" - run_once: true - until: __process_exporter_checksums is search('linux-' + go_arch + '.tar.gz') - retries: 10 - - - name: "Get checksum for {{ go_arch }}" - ansible.builtin.set_fact: - __process_exporter_checksum: "{{ item.split(' ')[0] }}" - with_items: "{{ __process_exporter_checksums }}" - when: "('linux-' + go_arch + '.tar.gz') in item" + tags: + - process_exporter + - install + - process_exporter_install + - download + - process_exporter_download diff --git a/roles/process_exporter/tasks/selinux.yml b/roles/process_exporter/tasks/selinux.yml deleted file mode 100644 index 754cbd0a2..000000000 --- a/roles/process_exporter/tasks/selinux.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Install selinux python packages [RedHat] - ansible.builtin.package: - name: "{{ ['libselinux-python', 'policycoreutils-python'] - if ansible_python_version is version('3', '<') else - ['python3-libselinux', 'python3-policycoreutils'] }}" - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: ansible_os_family | lower == "redhat" - -- name: Install selinux python packages [clearlinux] - ansible.builtin.package: - name: sysadmin-basic - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: - - ansible_distribution | lower == "clearlinux" diff --git a/roles/process_exporter/templates/process_exporter.service.j2 b/roles/process_exporter/templates/process_exporter.service.j2 index b45f7031a..179c881a5 100644 --- a/roles/process_exporter/templates/process_exporter.service.j2 +++ b/roles/process_exporter/templates/process_exporter.service.j2 @@ -8,12 +8,12 @@ After=network-online.target Type=simple User={{ process_exporter_system_user }} Group={{ process_exporter_system_group }} -ExecStart={{ process_exporter_binary_install_dir }}/process_exporter \ +ExecStart={{ process_exporter_binary_install_dir }}/process-exporter \ {% if process_exporter_names != [] -%} - '--config.path=/etc/process_exporter/config.yml' \ + '--config.path={{ process_exporter_config_dir }}/config.yml' \ {% endif -%} {% if process_exporter_tls_server_config | length > 0 or process_exporter_http_server_config | length > 0 or process_exporter_basic_auth_users | length > 0 %} - '--web.config.file=/etc/process_exporter/web_config.yml' \ + '--web.config.file={{ process_exporter_config_dir }}/web_config.yml' \ {% endif %} '--web.listen-address={{ process_exporter_web_listen_address }}' \ '--web.telemetry-path={{ process_exporter_web_telemetry_path }}' diff --git a/roles/process_exporter/templates/web_config.yml.j2 b/roles/process_exporter/templates/web_config.yml.j2 deleted file mode 100644 index 3ebf90d59..000000000 --- a/roles/process_exporter/templates/web_config.yml.j2 +++ /dev/null @@ -1,19 +0,0 @@ ---- -{{ ansible_managed | comment }} - -{% if process_exporter_tls_server_config | length > 0 %} -tls_server_config: -{{ process_exporter_tls_server_config | to_nice_yaml | indent(2, true) }} -{% endif %} - -{% if process_exporter_http_server_config | length > 0 %} -http_server_config: -{{ process_exporter_http_server_config | to_nice_yaml | indent(2, true) }} -{% endif %} - -{% if process_exporter_basic_auth_users | length > 0 %} -basic_auth_users: -{% for k, v in process_exporter_basic_auth_users.items() %} - {{ k }}: {{ v | string | password_hash('bcrypt', ('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890' | shuffle(seed=inventory_hostname) | join)[:22], rounds=9) }} -{% endfor %} -{% endif %} diff --git a/roles/process_exporter/vars/main.yml b/roles/process_exporter/vars/main.yml index b31254ff6..6b5e20aca 100644 --- a/roles/process_exporter/vars/main.yml +++ b/roles/process_exporter/vars/main.yml @@ -1,11 +1,9 @@ --- -go_arch_map: - i386: '386' - x86_64: 'amd64' - aarch64: 'arm64' - armv7l: 'armv7' - armv6l: 'armv6' - -go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}" +_process_exporter_go_ansible_arch: "{{ {'i386': '386', + 'x86_64': 'amd64', + 'aarch64': 'arm64', + 'armv7l': 'armv7', + 'armv6l': 'armv6'}.get(ansible_architecture, ansible_architecture) }}" _process_exporter_repo: "ncabatoff/process-exporter" _github_api_headers: "{{ {'GITHUB_TOKEN': lookup('ansible.builtin.env', 'GITHUB_TOKEN')} if (lookup('ansible.builtin.env', 'GITHUB_TOKEN')) else {} }}" +_process_exporter_binaries: ['process-exporter'] From 1e4e4c34156900d427a65430cd3eba805b441851 Mon Sep 17 00:00:00 2001 From: gardar Date: Tue, 15 Oct 2024 17:11:12 +0000 Subject: [PATCH 16/24] refactor(prometheus): delegate common tasks to _common role Signed-off-by: gardar --- roles/prometheus/defaults/main.yml | 7 +- roles/prometheus/meta/argument_specs.yml | 22 ++- .../molecule/alternative/molecule.yml | 2 +- .../molecule/default/tests/test_default.py | 1 - roles/prometheus/tasks/configure.yml | 123 ++++++++++++--- roles/prometheus/tasks/install.yml | 140 ------------------ roles/prometheus/tasks/main.yml | 45 ++++-- roles/prometheus/tasks/preflight.yml | 51 ++----- .../templates/prometheus.service.j2 | 4 +- roles/prometheus/vars/main.yml | 19 +-- 10 files changed, 167 insertions(+), 247 deletions(-) delete mode 100644 roles/prometheus/tasks/install.yml diff --git a/roles/prometheus/defaults/main.yml b/roles/prometheus/defaults/main.yml index 0b0e47589..cd77900f5 100644 --- a/roles/prometheus/defaults/main.yml +++ b/roles/prometheus/defaults/main.yml @@ -1,11 +1,10 @@ --- prometheus_version: 2.54.1 -prometheus_binary_local_dir: '' prometheus_binary_url: "https://github.com/{{ _prometheus_repo }}/releases/download/v{{ prometheus_version }}/\ - prometheus-{{ prometheus_version }}.linux-{{ go_arch }}.tar.gz" + prometheus-{{ prometheus_version }}.{{ ansible_system | lower }}-{{ _prometheus_go_ansible_arch }}.tar.gz" prometheus_checksums_url: "https://github.com/{{ _prometheus_repo }}/releases/download/v{{ prometheus_version }}/sha256sums.txt" -prometheus_skip_install: false +prometheus_binary_install_dir: /usr/local/bin prometheus_config_dir: /etc/prometheus prometheus_db_dir: /var/lib/prometheus prometheus_read_only_dirs: [] @@ -237,4 +236,4 @@ prometheus_system_user: "{{ prometheus_system_group }}" prometheus_stop_timeout: '600s' # Local path to stash the archive and its extraction -prometheus_archive_path: /tmp +prometheus_local_cache_path: "/tmp/prometheus-{{ ansible_system | lower }}-{{ _prometheus_go_ansible_arch }}/{{ prometheus_version }}" diff --git a/roles/prometheus/meta/argument_specs.yml b/roles/prometheus/meta/argument_specs.yml index 1712f3cde..6b80e3335 100644 --- a/roles/prometheus/meta/argument_specs.yml +++ b/roles/prometheus/meta/argument_specs.yml @@ -13,18 +13,9 @@ argument_specs: - "Prometheus package version. Also accepts C(latest) as parameter." - "Only prometheus 2.x is supported" default: "2.54.1" - prometheus_skip_install: - description: "Prometheus installation tasks gets skipped when set to true." - type: bool - default: false - prometheus_binary_local_dir: - description: - - "Allows to use local packages instead of ones distributed on github." - - "As parameter it takes a directory where I(prometheus) AND I(promtool) binaries are stored on host on which ansible is ran." - - "This overrides I(prometheus_version) parameter" prometheus_binary_url: description: "URL of the prometheus binaries .tar.gz file" - default: "https://github.com/{{ _prometheus_repo }}/releases/download/v{{ prometheus_version }}/ prometheus-{{ prometheus_version }}.linux-{{ go_arch }}.tar.gz" + default: "https://github.com/{{ _prometheus_repo }}/releases/download/v{{ prometheus_version }}/prometheus-{{ prometheus_version }}.{{ ansible_system | lower }}-{{ _prometheus_go_ansible_arch }}.tar.gz" prometheus_checksums_url: description: URL of the prometheus checksums file default: "https://github.com/{{ _prometheus_repo }}/releases/download/v{{ prometheus_version }}/sha256sums.txt" @@ -38,6 +29,11 @@ argument_specs: description: "Additional paths that Prometheus is allowed to read (useful for SSL certs outside of the config directory)" type: "list" elements: "str" + prometheus_binary_install_dir: + description: + - "I(Advanced)" + - "Directory to install binaries" + default: "/usr/local/bin" prometheus_web_listen_address: description: "Address on which prometheus will be listening" default: "0.0.0.0:9090" @@ -174,6 +170,6 @@ argument_specs: - "How long to wait for Prometheus to shutdown. This is passed as a systemd TimeoutStopSec time spec." type: "str" default: "600s" - prometheus_archive_path: - description: 'Local path to stash the archive and its extraction' - default: "/tmp" + prometheus_local_cache_path: + description: Local path to stash the archive and its extraction + default: /tmp/prometheus-{{ ansible_system | lower }}-{{ _prometheus_go_ansible_arch }}/{{ prometheus_version }} diff --git a/roles/prometheus/molecule/alternative/molecule.yml b/roles/prometheus/molecule/alternative/molecule.yml index 76c708494..14e4ff98b 100644 --- a/roles/prometheus/molecule/alternative/molecule.yml +++ b/roles/prometheus/molecule/alternative/molecule.yml @@ -5,7 +5,7 @@ provisioner: inventory: group_vars: all: - prometheus_binary_local_dir: '/tmp/prometheus-linux-amd64' + prometheus_local_cache_path: '/tmp/prometheus-linux-amd64' prometheus_config_dir: /opt/prom/etc prometheus_db_dir: /opt/prom/lib prometheus_web_listen_address: "127.0.0.1:9090" diff --git a/roles/prometheus/molecule/default/tests/test_default.py b/roles/prometheus/molecule/default/tests/test_default.py index f5a392c46..302d58e83 100644 --- a/roles/prometheus/molecule/default/tests/test_default.py +++ b/roles/prometheus/molecule/default/tests/test_default.py @@ -33,7 +33,6 @@ def test_directories(host, dirs): "/etc/prometheus/prometheus.yml", "/etc/prometheus/console_libraries/prom.lib", "/etc/prometheus/consoles/prometheus.html", - "/etc/prometheus/web.yml", "/etc/systemd/system/prometheus.service", "/usr/local/bin/prometheus", "/usr/local/bin/promtool" diff --git a/roles/prometheus/tasks/configure.yml b/roles/prometheus/tasks/configure.yml index c74f5929b..aea04b0a2 100644 --- a/roles/prometheus/tasks/configure.yml +++ b/roles/prometheus/tasks/configure.yml @@ -1,9 +1,73 @@ --- +- name: Configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: configure.yml + vars: + _common_system_user: "{{ prometheus_system_user }}" + _common_system_group: "{{ prometheus_system_group }}" + _common_config_dir: "{{ prometheus_config_dir }}" + _common_tls_server_config: "{{ prometheus_web_config.tls_server_config }}" + _common_http_server_config: "{{ prometheus_web_config.http_server_config }}" + _common_basic_auth_users: "{{ prometheus_web_config.basic_auth_users }}" + tags: + - prometheus + - configure + - prometheus_configure + +- name: Create prometheus data directory + ansible.builtin.file: + path: "{{ prometheus_db_dir }}" + state: directory + owner: "{{ prometheus_system_user }}" + group: "{{ prometheus_system_group }}" + mode: 0755 + become: true + tags: + - prometheus + - configure + - prometheus_configure + +- name: Create additional prometheus configuration directories + ansible.builtin.file: + path: "{{ item }}" + state: directory + owner: "{{ prometheus_system_user }}" + group: "{{ prometheus_system_group }}" + mode: 0775 + loop: + - "{{ prometheus_config_dir }}/rules" + - "{{ prometheus_config_dir }}/file_sd" + - "{{ prometheus_config_dir }}/scrapes" + become: true + tags: + - prometheus + - configure + - prometheus_configure + +- name: Propagate official console templates + ansible.builtin.copy: + src: "{{ prometheus_local_cache_path }}/{{ item }}" + dest: "{{ prometheus_config_dir }}" + mode: 0644 + owner: "{{ prometheus_system_user }}" + group: "{{ prometheus_system_group }}" + loop: + - console_libraries + - consoles + notify: + - restart prometheus + become: true + tags: + - prometheus + - configure + - prometheus_configure + - name: Alerting rules file ansible.builtin.template: src: "alert.rules.j2" dest: "{{ prometheus_config_dir }}/rules/ansible_managed.rules" - owner: root + owner: "{{ prometheus_system_user }}" group: "{{ prometheus_system_group }}" mode: 0640 validate: "{{ _prometheus_binary_install_dir }}/promtool check rules %s" @@ -12,42 +76,48 @@ - not prometheus_agent_mode notify: - reload prometheus + become: true + tags: + - prometheus + - configure + - prometheus_configure - name: Copy custom alerting rule files ansible.builtin.copy: src: "{{ item }}" dest: "{{ prometheus_config_dir }}/rules/" - owner: root + owner: "{{ prometheus_system_user }}" group: "{{ prometheus_system_group }}" mode: 0640 validate: "{{ _prometheus_binary_install_dir }}/promtool check rules %s" - with_fileglob: "{{ prometheus_alert_rules_files }}" + loop: "{{ prometheus_alert_rules_files | map('ansible.builtin.fileglob') | flatten }}" when: - not prometheus_agent_mode notify: - reload prometheus + become: true + tags: + - prometheus + - configure + - prometheus_configure - name: Configure prometheus ansible.builtin.template: src: "{{ prometheus_config_file }}" dest: "{{ prometheus_config_dir }}/prometheus.yml" force: true - owner: root + owner: "{{ prometheus_system_user }}" group: "{{ prometheus_system_group }}" mode: 0640 validate: "{{ _prometheus_binary_install_dir }}/promtool check config %s" no_log: "{{ false if (lookup('env', 'CI')) or (lookup('env', 'MOLECULE_PROVISIONER_NAME')) else true }}" notify: - reload prometheus - -- name: Configure Prometheus web - ansible.builtin.copy: - content: "{{ prometheus_web_config | to_nice_yaml(indent=2, sort_keys=False) }}" - dest: "{{ prometheus_config_dir }}/web.yml" - force: true - owner: root - group: "{{ prometheus_system_group }}" - mode: 0640 + become: true + tags: + - prometheus + - configure + - prometheus_configure - name: Configure prometheus static targets ansible.builtin.copy: @@ -55,28 +125,43 @@ {{ item.value | to_nice_yaml(indent=2, sort_keys=False) }} dest: "{{ prometheus_config_dir }}/file_sd/{{ item.key }}.yml" force: true - owner: root + owner: "{{ prometheus_system_user }}" group: "{{ prometheus_system_group }}" mode: 0640 - with_dict: "{{ prometheus_targets }}" + loop: "{{ prometheus_targets | dict2items }}" when: prometheus_targets != {} + become: true + tags: + - prometheus + - configure + - prometheus_configure - name: Copy prometheus custom static targets ansible.builtin.copy: src: "{{ item }}" dest: "{{ prometheus_config_dir }}/file_sd/" force: true - owner: root + owner: "{{ prometheus_system_user }}" group: "{{ prometheus_system_group }}" mode: 0640 - with_fileglob: "{{ prometheus_static_targets_files }}" + loop: "{{ prometheus_static_targets_files | map('ansible.builtin.fileglob') | flatten }}" + become: true + tags: + - prometheus + - configure + - prometheus_configure - name: Copy prometheus scrape config files ansible.builtin.copy: src: "{{ item }}" dest: "{{ prometheus_config_dir }}/scrapes/" force: true - owner: root + owner: "{{ prometheus_system_user }}" group: "{{ prometheus_system_group }}" mode: 0640 - with_fileglob: "{{ prometheus_scrape_config_files }}" + loop: "{{ prometheus_scrape_config_files | map('ansible.builtin.fileglob') | flatten }}" + become: true + tags: + - prometheus + - configure + - prometheus_configure diff --git a/roles/prometheus/tasks/install.yml b/roles/prometheus/tasks/install.yml deleted file mode 100644 index b1fe5d2f8..000000000 --- a/roles/prometheus/tasks/install.yml +++ /dev/null @@ -1,140 +0,0 @@ ---- -- name: Create prometheus system group - ansible.builtin.group: - name: "{{ prometheus_system_group }}" - system: true - state: present - -- name: Create prometheus system user - ansible.builtin.user: - name: "{{ prometheus_system_user }}" - system: true - shell: "/usr/sbin/nologin" - group: "{{ prometheus_system_group }}" - createhome: false - home: "{{ prometheus_db_dir }}" - -- name: Create prometheus data directory - ansible.builtin.file: - path: "{{ prometheus_db_dir }}" - state: directory - owner: "{{ prometheus_system_user }}" - group: "{{ prometheus_system_group }}" - mode: 0755 - -- name: Create prometheus configuration directories - ansible.builtin.file: - path: "{{ item }}" - state: directory - owner: root - group: "{{ prometheus_system_group }}" - mode: 0770 - with_items: - - "{{ prometheus_config_dir }}" - - "{{ prometheus_config_dir }}/rules" - - "{{ prometheus_config_dir }}/file_sd" - - "{{ prometheus_config_dir }}/scrapes" - -- name: Get prometheus binary - when: - - prometheus_binary_local_dir | length == 0 - - not prometheus_skip_install - block: - - - name: Download prometheus binary to local folder - become: false - ansible.builtin.get_url: - url: "{{ prometheus_binary_url }}" - dest: "{{ prometheus_archive_path }}/prometheus-{{ prometheus_version }}.linux-{{ go_arch }}.tar.gz" - checksum: "sha256:{{ __prometheus_checksum }}" - mode: 0644 - register: _download_archive - until: _download_archive is succeeded - retries: 5 - delay: 2 - # run_once: true # <-- this cannot be set due to multi-arch support - delegate_to: localhost - check_mode: false - - - name: Unpack prometheus binaries - become: false - ansible.builtin.unarchive: - src: "{{ prometheus_archive_path }}/prometheus-{{ prometheus_version }}.linux-{{ go_arch }}.tar.gz" - dest: "{{ prometheus_archive_path }}" - creates: "{{ prometheus_archive_path }}/prometheus-{{ prometheus_version }}.linux-{{ go_arch }}/prometheus" - delegate_to: localhost - check_mode: false - - - name: Propagate official prometheus and promtool binaries - ansible.builtin.copy: - src: "{{ prometheus_archive_path }}/prometheus-{{ prometheus_version }}.linux-{{ go_arch }}/{{ item }}" - dest: "{{ _prometheus_binary_install_dir }}/{{ item }}" - mode: 0755 - owner: root - group: root - with_items: - - prometheus - - promtool - notify: - - restart prometheus - - - name: Propagate official console templates - ansible.builtin.copy: - src: "{{ prometheus_archive_path }}/prometheus-{{ prometheus_version }}.linux-{{ go_arch }}/{{ item }}/" - dest: "{{ prometheus_config_dir }}/{{ item }}/" - mode: 0644 - owner: root - group: root - with_items: - - console_libraries - - consoles - notify: - - restart prometheus - -- name: Propagate locally distributed prometheus and promtool binaries - ansible.builtin.copy: - src: "{{ prometheus_binary_local_dir }}/{{ item }}" - dest: "{{ _prometheus_binary_install_dir }}/{{ item }}" - mode: 0755 - owner: root - group: root - with_items: - - prometheus - - promtool - when: - - prometheus_binary_local_dir | length > 0 - - not prometheus_skip_install - notify: - - restart prometheus - -- name: Create systemd service unit - ansible.builtin.template: - src: prometheus.service.j2 - dest: /etc/systemd/system/prometheus.service - owner: root - group: root - mode: 0644 - notify: - - restart prometheus - -- name: Install SELinux dependencies - ansible.builtin.package: - name: "{{ _prometheus_selinux_packages }}" - state: present - register: _install_packages - until: _install_packages is succeeded - retries: 5 - delay: 2 - when: - - ansible_version.full is version('2.4', '>=') - - ansible_selinux.status == "enabled" - -- name: Allow prometheus to bind to port in SELinux - community.general.seport: - ports: "{{ prometheus_web_listen_address.split(':')[1] }}" - proto: tcp - setype: http_port_t - state: present - when: - - ansible_version.full is version('2.4', '>=') - - ansible_selinux.status == "enabled" diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml index b14cbe46c..bfe59310c 100644 --- a/roles/prometheus/tasks/main.yml +++ b/roles/prometheus/tasks/main.yml @@ -2,33 +2,41 @@ - name: Preflight ansible.builtin.include_tasks: file: preflight.yml - apply: - tags: - - prometheus_configure - - prometheus_install - - prometheus_run tags: - prometheus_configure - prometheus_install - prometheus_run - name: Install - ansible.builtin.include_tasks: - file: install.yml - apply: - become: true - tags: - - prometheus_install + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: install.yml + vars: + _common_local_cache_path: "{{ prometheus_local_cache_path }}" + _common_binaries: "{{ _prometheus_binaries }}" + _common_binary_install_dir: "{{ prometheus_binary_install_dir }}" + _common_binary_url: "{{ prometheus_binary_url }}" + _common_checksums_url: "{{ prometheus_checksums_url }}" + _common_system_group: "{{ prometheus_system_group }}" + _common_system_user: "{{ prometheus_system_user }}" + _common_config_dir: "{{ prometheus_config_dir }}" + _common_binary_unarchive_opts: ['--strip-components=1'] tags: - prometheus_install +- name: SELinux + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: selinux.yml + vars: + _common_selinux_port: "{{ prometheus_web_listen_address | urlsplit('port') }}" + when: ansible_selinux.status == "enabled" + tags: + - prometheus_configure + - name: Configure ansible.builtin.include_tasks: file: configure.yml - apply: - become: true - tags: - - prometheus_configure tags: - prometheus_configure @@ -41,3 +49,10 @@ enabled: true tags: - prometheus_run + +- name: Make sure prometheus service is running + ansible.builtin.service_facts: {} + register: __service_status + until: "__service_status.ansible_facts.services['prometheus.service'].state == 'running'" + retries: 10 + delay: 5 diff --git a/roles/prometheus/tasks/preflight.yml b/roles/prometheus/tasks/preflight.yml index 22ba42e6d..12155eb9b 100644 --- a/roles/prometheus/tasks/preflight.yml +++ b/roles/prometheus/tasks/preflight.yml @@ -1,24 +1,8 @@ --- -- name: Assert usage of systemd as an init system - ansible.builtin.assert: - that: ansible_service_mgr == 'systemd' - msg: "This module only works with systemd" - -- name: Install package fact dependencies - become: true - ansible.builtin.package: - name: "{{ _pkg_fact_req }}" - state: present - when: (_pkg_fact_req) - vars: - _pkg_fact_req: "{% if (ansible_pkg_mgr == 'apt') %}\ - {{ ('python-apt' if ansible_python_version is version('3', '<') else 'python3-apt') }} - {% else %}\ - {% endif %}" - -- name: Gather package facts - ansible.builtin.package_facts: - when: "not 'packages' in ansible_facts" +- name: Common preflight + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: preflight.yml - name: Assert that used version supports listen address type ansible.builtin.assert: @@ -98,24 +82,9 @@ retries: 10 when: - prometheus_version == "latest" - - prometheus_binary_local_dir | length == 0 - - not prometheus_skip_install - -- name: Get prometheus binary checksum - when: - - prometheus_binary_local_dir | length == 0 - - not prometheus_skip_install - block: - - name: "Get checksum list" - ansible.builtin.set_fact: - __prometheus_checksums: "{{ lookup('url', prometheus_checksums_url, headers=_github_api_headers, wantlist=True) | list }}" - run_once: true - until: __prometheus_checksums is search('linux-' + go_arch + '.tar.gz') - retries: 10 - - - name: "Get checksum for {{ go_arch }}" - ansible.builtin.set_fact: - __prometheus_checksum: "{{ item.split(' ')[0] }}" - with_items: "{{ __prometheus_checksums }}" - when: - - "('linux-' + go_arch + '.tar.gz') in item" + tags: + - prometheus + - install + - prometheus_install + - download + - prometheus_download diff --git a/roles/prometheus/templates/prometheus.service.j2 b/roles/prometheus/templates/prometheus.service.j2 index d4fd0ceea..f7d85e748 100644 --- a/roles/prometheus/templates/prometheus.service.j2 +++ b/roles/prometheus/templates/prometheus.service.j2 @@ -25,8 +25,8 @@ ExecStart={{ _prometheus_binary_install_dir }}/prometheus \ --enable-feature=agent \ --storage.agent.path={{ prometheus_db_dir }} \ {% endif %} -{% if prometheus_version is version('2.24.0', '>=') %} - --web.config.file={{ prometheus_config_dir }}/web.yml \ +{% if (prometheus_version is version('2.24.0', '>=')) and (prometheus_web_config.values() | map('length') | select('gt', 0) | list is any) %} + --web.config.file={{ prometheus_config_dir }}/web_config.yml \ {% endif %} --web.console.libraries={{ prometheus_config_dir }}/console_libraries \ --web.console.templates={{ prometheus_config_dir }}/consoles \ diff --git a/roles/prometheus/vars/main.yml b/roles/prometheus/vars/main.yml index a96d3f9cf..c84efc35f 100644 --- a/roles/prometheus/vars/main.yml +++ b/roles/prometheus/vars/main.yml @@ -1,16 +1,13 @@ --- -go_arch_map: - i386: '386' - x86_64: 'amd64' - aarch64: 'arm64' - armv7l: 'armv7' - armv6l: 'armv6' - -go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}" +_prometheus_go_ansible_arch: "{{ {'i386': '386', + 'x86_64': 'amd64', + 'aarch64': 'arm64', + 'armv7l': 'armv7', + 'armv6l': 'armv6'}.get(ansible_architecture, ansible_architecture) }}" _prometheus_binary_install_dir: '/usr/local/bin' -_prometheus_selinux_packages: "{{ ['libselinux-python', 'policycoreutils-python'] - if ansible_python_version is version('3', '<') else - ['python3-libselinux', 'python3-policycoreutils'] }}" _prometheus_repo: "prometheus/prometheus" _github_api_headers: "{{ {'GITHUB_TOKEN': lookup('ansible.builtin.env', 'GITHUB_TOKEN')} if (lookup('ansible.builtin.env', 'GITHUB_TOKEN')) else {} }}" +_prometheus_binaries: + - prometheus + - promtool From e5005614b2cfe6b4b6c8a32093182b0e2f76f99b Mon Sep 17 00:00:00 2001 From: gardar Date: Tue, 15 Oct 2024 17:11:35 +0000 Subject: [PATCH 17/24] refactor(pushgateway): delegate common tasks to _common role Signed-off-by: gardar --- roles/pushgateway/defaults/main.yml | 7 +- roles/pushgateway/meta/argument_specs.yml | 20 ++---- .../molecule/alternative/molecule.yml | 5 +- .../molecule/default/tests/test_default.py | 1 - roles/pushgateway/tasks/configure.yml | 36 ---------- roles/pushgateway/tasks/install.yml | 69 ------------------- roles/pushgateway/tasks/main.yml | 58 ++++++++-------- roles/pushgateway/tasks/preflight.yml | 68 +++--------------- roles/pushgateway/tasks/selinux.yml | 23 ------- .../templates/pushgateway.service.j2 | 4 +- roles/pushgateway/templates/web_config.yml.j2 | 18 ----- roles/pushgateway/vars/main.yml | 14 ++-- 12 files changed, 58 insertions(+), 265 deletions(-) delete mode 100644 roles/pushgateway/tasks/configure.yml delete mode 100644 roles/pushgateway/tasks/install.yml delete mode 100644 roles/pushgateway/tasks/selinux.yml delete mode 100644 roles/pushgateway/templates/web_config.yml.j2 diff --git a/roles/pushgateway/defaults/main.yml b/roles/pushgateway/defaults/main.yml index 348c75baa..745741320 100644 --- a/roles/pushgateway/defaults/main.yml +++ b/roles/pushgateway/defaults/main.yml @@ -1,10 +1,8 @@ --- pushgateway_version: 1.10.0 -pushgateway_binary_local_dir: "" pushgateway_binary_url: "https://github.com/{{ _pushgateway_repo }}/releases/download/v{{ pushgateway_version }}/\ - pushgateway-{{ pushgateway_version }}.linux-{{ go_arch }}.tar.gz" + pushgateway-{{ pushgateway_version }}.{{ ansible_system | lower }}-{{ _pushgateway_go_ansible_arch }}.tar.gz" pushgateway_checksums_url: "https://github.com/{{ _pushgateway_repo }}/releases/download/v{{ pushgateway_version }}/sha256sums.txt" -pushgateway_skip_install: false pushgateway_web_listen_address: "0.0.0.0:9091" pushgateway_web_telemetry_path: "/metrics" @@ -18,6 +16,7 @@ pushgateway_basic_auth_users: {} pushgateway_binary_install_dir: "/usr/local/bin" pushgateway_system_group: "pushgateway" pushgateway_system_user: "{{ pushgateway_system_group }}" +pushgateway_config_dir: "/etc/pushgateway" # Local path to stash the archive and its extraction -pushgateway_archive_path: /tmp +pushgateway_local_cache_path: "/tmp/pushgateway-{{ ansible_system | lower }}-{{ _pushgateway_go_ansible_arch }}/{{ pushgateway_version }}" diff --git a/roles/pushgateway/meta/argument_specs.yml b/roles/pushgateway/meta/argument_specs.yml index 9d42613df..7b40c7a58 100644 --- a/roles/pushgateway/meta/argument_specs.yml +++ b/roles/pushgateway/meta/argument_specs.yml @@ -11,18 +11,9 @@ argument_specs: pushgateway_version: description: "Pushgateway package version. Also accepts latest as parameter." default: "1.10.0" - pushgateway_skip_install: - description: "Pushgateway installation tasks gets skipped when set to true." - type: bool - default: false - pushgateway_binary_local_dir: - description: - - "Enables the use of local packages instead of those distributed on github." - - "The parameter may be set to a directory where the C(pushgateway) binary is stored on the host where ansible is run." - - "This overrides the I(pushgateway_version) parameter" pushgateway_binary_url: description: "URL of the Pushgateway binaries .tar.gz file" - default: "https://github.com/{{ _pushgateway_repo }}/releases/download/v{{ pushgateway_version }}/pushgateway-{{ pushgateway_version }}.linux-{{ go_arch }}.tar.gz" + default: "https://github.com/{{ _pushgateway_repo }}/releases/download/v{{ pushgateway_version }}/pushgateway-{{ pushgateway_version }}.{{ ansible_system | lower }}-{{ _pushgateway_go_ansible_arch }}.tar.gz" pushgateway_checksums_url: description: "URL of the Pushgateway checksums file" default: "https://github.com/{{ _pushgateway_repo }}/releases/download/v{{ pushgateway_version }}/sha256sums.txt" @@ -60,6 +51,9 @@ argument_specs: - "I(Advanced)" - "Pushgateway user" default: "pushgateway" - pushgateway_archive_path: - description: 'Local path to stash the archive and its extraction' - default: "/tmp" + pushgateway_local_cache_path: + description: "Local path to stash the archive and its extraction" + default: "/tmp/pushgateway-{{ ansible_system | lower }}-{{ _pushgateway_go_ansible_arch }}/{{ pushgateway_version }}" + pushgateway_config_dir: + description: "Path to directory with pushgateway configuration" + default: "/etc/pushgateway" diff --git a/roles/pushgateway/molecule/alternative/molecule.yml b/roles/pushgateway/molecule/alternative/molecule.yml index ab4b97bbe..65d8445e0 100644 --- a/roles/pushgateway/molecule/alternative/molecule.yml +++ b/roles/pushgateway/molecule/alternative/molecule.yml @@ -5,7 +5,7 @@ provisioner: inventory: group_vars: all: - pushgateway_binary_local_dir: "/tmp/pushgateway-linux-amd64" + pushgateway_local_cache_path: "/tmp/pushgateway-linux-amd64" pushgateway_web_listen_address: - '127.0.0.1:8080' - '127.0.1.1:8080' @@ -16,7 +16,6 @@ provisioner: http2: true pushgateway_basic_auth_users: randomuser: examplepassword - go_arch: amd64 pushgateway_version: 1.5.1 pushgateway_binary_url: "https://github.com/prometheus/pushgateway/releases/download/v{{ pushgateway_version\ - \ }}/pushgateway-{{ pushgateway_version }}.linux-{{ go_arch }}.tar.gz" + \ }}/pushgateway-{{ pushgateway_version }}.linux-amd64.tar.gz" diff --git a/roles/pushgateway/molecule/default/tests/test_default.py b/roles/pushgateway/molecule/default/tests/test_default.py index 5fe09a4ef..b703d8f25 100644 --- a/roles/pushgateway/molecule/default/tests/test_default.py +++ b/roles/pushgateway/molecule/default/tests/test_default.py @@ -46,7 +46,6 @@ def test_user(host): assert host.group("pushgateway").exists assert "pushgateway" in host.user("pushgateway").groups assert host.user("pushgateway").shell == "/usr/sbin/nologin" - assert host.user("pushgateway").home == "/" def test_service(host): diff --git a/roles/pushgateway/tasks/configure.yml b/roles/pushgateway/tasks/configure.yml deleted file mode 100644 index 0458dfa81..000000000 --- a/roles/pushgateway/tasks/configure.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- name: Copy the pushgateway systemd service file - ansible.builtin.template: - src: pushgateway.service.j2 - dest: /etc/systemd/system/pushgateway.service - owner: root - group: root - mode: 0644 - notify: restart pushgateway - -- name: Create pushgateway config directory - ansible.builtin.file: - path: "/etc/pushgateway" - state: directory - owner: root - group: root - mode: u+rwX,g+rwX,o=rX - -- name: Copy the pushgateway config file - ansible.builtin.template: - src: web_config.yml.j2 - dest: /etc/pushgateway/web_config.yml - owner: root - group: root - mode: 0644 - notify: restart pushgateway - -- name: Allow pushgateway port in SELinux on RedHat OS family - community.general.seport: - ports: "{{ pushgateway_web_listen_address.split(':')[-1] }}" - proto: tcp - setype: http_port_t - state: present - when: - - ansible_version.full is version_compare('2.4', '>=') - - ansible_selinux.status == "enabled" diff --git a/roles/pushgateway/tasks/install.yml b/roles/pushgateway/tasks/install.yml deleted file mode 100644 index 3ca872f92..000000000 --- a/roles/pushgateway/tasks/install.yml +++ /dev/null @@ -1,69 +0,0 @@ ---- -- name: Create the pushgateway group - ansible.builtin.group: - name: "{{ pushgateway_system_group }}" - state: present - system: true - when: pushgateway_system_group != "root" - -- name: Create the pushgateway user - ansible.builtin.user: - name: "{{ pushgateway_system_user }}" - groups: "{{ pushgateway_system_group }}" - append: true - shell: /usr/sbin/nologin - system: true - create_home: false - home: / - when: pushgateway_system_user != "root" - -- name: Get binary - when: - - pushgateway_binary_local_dir | length == 0 - - not pushgateway_skip_install - block: - - - name: Download pushgateway binary to local folder - become: false - ansible.builtin.get_url: - url: "{{ pushgateway_binary_url }}" - dest: "{{ pushgateway_archive_path }}/pushgateway-{{ pushgateway_version }}.linux-{{ go_arch }}.tar.gz" - checksum: "sha256:{{ __pushgateway_checksum }}" - mode: '0644' - register: _download_binary - until: _download_binary is succeeded - retries: 5 - delay: 2 - delegate_to: localhost - check_mode: false - - - name: Unpack pushgateway binary - become: false - ansible.builtin.unarchive: - src: "{{ pushgateway_archive_path }}/pushgateway-{{ pushgateway_version }}.linux-{{ go_arch }}.tar.gz" - dest: "{{ pushgateway_archive_path }}" - creates: "{{ pushgateway_archive_path }}/pushgateway-{{ pushgateway_version }}.linux-{{ go_arch }}/pushgateway" - delegate_to: localhost - check_mode: false - - - name: Propagate pushgateway binaries - ansible.builtin.copy: - src: "{{ pushgateway_archive_path }}/pushgateway-{{ pushgateway_version }}.linux-{{ go_arch }}/pushgateway" - dest: "{{ pushgateway_binary_install_dir }}/pushgateway" - mode: 0755 - owner: root - group: root - notify: restart pushgateway - when: not ansible_check_mode - -- name: Propagate locally distributed pushgateway binary - ansible.builtin.copy: - src: "{{ pushgateway_binary_local_dir }}/pushgateway" - dest: "{{ pushgateway_binary_install_dir }}/pushgateway" - mode: 0755 - owner: root - group: root - when: - - pushgateway_binary_local_dir | length > 0 - - not pushgateway_skip_install - notify: restart pushgateway diff --git a/roles/pushgateway/tasks/main.yml b/roles/pushgateway/tasks/main.yml index e34ebfa96..54a3f214f 100644 --- a/roles/pushgateway/tasks/main.yml +++ b/roles/pushgateway/tasks/main.yml @@ -2,51 +2,49 @@ - name: Preflight ansible.builtin.include_tasks: file: preflight.yml - apply: - tags: - - pushgateway_install - - pushgateway_configure - - pushgateway_run tags: - pushgateway_install - pushgateway_configure - pushgateway_run - name: Install - ansible.builtin.include_tasks: - file: install.yml - apply: - become: true - tags: - - pushgateway_install - when: - ( not __pushgateway_is_installed.stat.exists ) or - ( (__pushgateway_current_version_output.stderr_lines | length > 0) - and (__pushgateway_current_version_output.stderr_lines[0].split(" ")[2] != pushgateway_version) ) or - ( (__pushgateway_current_version_output.stdout_lines | length > 0) - and (__pushgateway_current_version_output.stdout_lines[0].split(" ")[2] != pushgateway_version) ) or - ( pushgateway_binary_local_dir | length > 0 ) + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: install.yml + vars: + _common_local_cache_path: "{{ pushgateway_local_cache_path }}" + _common_binaries: "{{ _pushgateway_binaries }}" + _common_binary_install_dir: "{{ pushgateway_binary_install_dir }}" + _common_binary_url: "{{ pushgateway_binary_url }}" + _common_checksums_url: "{{ pushgateway_checksums_url }}" + _common_system_group: "{{ pushgateway_system_group }}" + _common_system_user: "{{ pushgateway_system_user }}" + _common_config_dir: "{{ pushgateway_config_dir }}" + _common_binary_unarchive_opts: ['--strip-components=1'] tags: - pushgateway_install - name: SELinux - ansible.builtin.include_tasks: - file: selinux.yml - apply: - become: true - tags: - - pushgateway_configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: selinux.yml + vars: + _common_selinux_port: "{{ pushgateway_web_listen_address | urlsplit('port') }}" when: ansible_selinux.status == "enabled" tags: - pushgateway_configure - name: Configure - ansible.builtin.include_tasks: - file: configure.yml - apply: - become: true - tags: - - pushgateway_configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: configure.yml + vars: + _common_system_user: "{{ pushgateway_system_user }}" + _common_system_group: "{{ pushgateway_system_group }}" + _common_config_dir: "{{ pushgateway_config_dir }}" + _common_tls_server_config: "{{ pushgateway_tls_server_config }}" + _common_http_server_config: "{{ pushgateway_http_server_config }}" + _common_basic_auth_users: "{{ pushgateway_basic_auth_users }}" tags: - pushgateway_configure diff --git a/roles/pushgateway/tasks/preflight.yml b/roles/pushgateway/tasks/preflight.yml index 41cbc0c1c..64ae53760 100644 --- a/roles/pushgateway/tasks/preflight.yml +++ b/roles/pushgateway/tasks/preflight.yml @@ -1,24 +1,8 @@ --- -- name: Assert usage of systemd as an init system - ansible.builtin.assert: - that: ansible_service_mgr == 'systemd' - msg: "This role only works with systemd" - -- name: Install package fact dependencies - become: true - ansible.builtin.package: - name: "{{ _pkg_fact_req }}" - state: present - when: (_pkg_fact_req) - vars: - _pkg_fact_req: "{% if (ansible_pkg_mgr == 'apt') %}\ - {{ ('python-apt' if ansible_python_version is version('3', '<') else 'python3-apt') }} - {% else %}\ - {% endif %}" - -- name: Gather package facts - ansible.builtin.package_facts: - when: "not 'packages' in ansible_facts" +- name: Common preflight + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: preflight.yml - name: Assert that used version supports listen address type ansible.builtin.assert: @@ -66,23 +50,6 @@ - "__pushgateway_cert_file.stat.exists" - "__pushgateway_key_file.stat.exists" -- name: Check if pushgateway is installed - ansible.builtin.stat: - path: "{{ pushgateway_binary_install_dir }}/pushgateway" - register: __pushgateway_is_installed - check_mode: false - tags: - - pushgateway_install - -- name: Gather currently installed pushgateway version (if any) - ansible.builtin.command: "{{ pushgateway_binary_install_dir }}/pushgateway --version" - changed_when: false - register: __pushgateway_current_version_output - check_mode: false - when: __pushgateway_is_installed.stat.exists - tags: - - pushgateway_install - - name: Discover latest version ansible.builtin.set_fact: pushgateway_version: "{{ (lookup('url', 'https://api.github.com/repos/{{ _pushgateway_repo }}/releases/latest', headers=_github_api_headers, @@ -92,24 +59,9 @@ retries: 10 when: - pushgateway_version == "latest" - - pushgateway_binary_local_dir | length == 0 - - not pushgateway_skip_install - -- name: Get pushgateway binary checksum - when: - - pushgateway_binary_local_dir | length == 0 - - not pushgateway_skip_install - block: - - name: Get checksum list from github - ansible.builtin.set_fact: - __pushgateway_checksums: "{{ lookup('url', pushgateway_checksums_url, headers=_github_api_headers, wantlist=True) | list }}" - run_once: true - until: __pushgateway_checksums is search('linux-' + go_arch + '.tar.gz') - retries: 10 - - - name: "Get checksum for {{ go_arch }}" - ansible.builtin.set_fact: - __pushgateway_checksum: "{{ item.split(' ')[0] }}" - with_items: "{{ __pushgateway_checksums }}" - when: - - "('linux-' + go_arch + '.tar.gz') in item" + tags: + - pushgateway + - install + - pushgateway_install + - download + - pushgateway_download diff --git a/roles/pushgateway/tasks/selinux.yml b/roles/pushgateway/tasks/selinux.yml deleted file mode 100644 index 754cbd0a2..000000000 --- a/roles/pushgateway/tasks/selinux.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Install selinux python packages [RedHat] - ansible.builtin.package: - name: "{{ ['libselinux-python', 'policycoreutils-python'] - if ansible_python_version is version('3', '<') else - ['python3-libselinux', 'python3-policycoreutils'] }}" - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: ansible_os_family | lower == "redhat" - -- name: Install selinux python packages [clearlinux] - ansible.builtin.package: - name: sysadmin-basic - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: - - ansible_distribution | lower == "clearlinux" diff --git a/roles/pushgateway/templates/pushgateway.service.j2 b/roles/pushgateway/templates/pushgateway.service.j2 index eeab97e41..b6a5622e3 100644 --- a/roles/pushgateway/templates/pushgateway.service.j2 +++ b/roles/pushgateway/templates/pushgateway.service.j2 @@ -11,9 +11,9 @@ Group={{ pushgateway_system_group }} ExecStart={{ pushgateway_binary_install_dir }}/pushgateway \ {% if pushgateway_tls_server_config | length > 0 or pushgateway_http_server_config | length > 0 or pushgateway_basic_auth_users | length > 0 %} {% if pushgateway_version is version('1.5.0', '>=') %} - '--web.config.file=/etc/pushgateway/web_config.yml' \ + '--web.config.file={{ pushgateway_config_dir }}/web_config.yml' \ {% else %} - '--web.config=/etc/pushgateway/web_config.yml' \ + '--web.config={{ pushgateway_config_dir }}/web_config.yml' \ {% endif %} {% endif %} {% if pushgateway_version is version('1.5.0', '>=') and diff --git a/roles/pushgateway/templates/web_config.yml.j2 b/roles/pushgateway/templates/web_config.yml.j2 deleted file mode 100644 index f7d332b00..000000000 --- a/roles/pushgateway/templates/web_config.yml.j2 +++ /dev/null @@ -1,18 +0,0 @@ ---- -{{ ansible_managed | comment }} -{% if pushgateway_tls_server_config | length > 0 %} -tls_server_config: -{{ pushgateway_tls_server_config | to_nice_yaml | indent(2, true) }} -{% endif %} - -{% if pushgateway_http_server_config | length > 0 %} -http_server_config: -{{ pushgateway_http_server_config | to_nice_yaml | indent(2, true) }} -{% endif %} - -{% if pushgateway_basic_auth_users | length > 0 %} -basic_auth_users: -{% for k, v in pushgateway_basic_auth_users.items() %} - {{ k }}: {{ v | string | password_hash('bcrypt', ('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890' | shuffle(seed=inventory_hostname) | join)[:22], rounds=9) }} -{% endfor %} -{% endif %} diff --git a/roles/pushgateway/vars/main.yml b/roles/pushgateway/vars/main.yml index 06faa93d5..511e95037 100644 --- a/roles/pushgateway/vars/main.yml +++ b/roles/pushgateway/vars/main.yml @@ -1,11 +1,9 @@ --- -go_arch_map: - i386: '386' - x86_64: 'amd64' - aarch64: 'arm64' - armv7l: 'armv7' - armv6l: 'armv6' - -go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}" +_pushgateway_go_ansible_arch: "{{ {'i386': '386', + 'x86_64': 'amd64', + 'aarch64': 'arm64', + 'armv7l': 'armv7', + 'armv6l': 'armv6'}.get(ansible_architecture, ansible_architecture) }}" _pushgateway_repo: "prometheus/pushgateway" _github_api_headers: "{{ {'GITHUB_TOKEN': lookup('ansible.builtin.env', 'GITHUB_TOKEN')} if (lookup('ansible.builtin.env', 'GITHUB_TOKEN')) else {} }}" +_pushgateway_binaries: ['pushgateway'] From a6700b77269876410570653ea9741af7ee529823 Mon Sep 17 00:00:00 2001 From: gardar Date: Tue, 15 Oct 2024 17:12:07 +0000 Subject: [PATCH 18/24] refactor(redis_exporter): delegate common tasks to _common role Signed-off-by: gardar --- roles/redis_exporter/defaults/main.yml | 7 +- roles/redis_exporter/meta/argument_specs.yml | 20 ++---- .../molecule/alternative/molecule.yml | 6 +- .../molecule/default/tests/test_default.py | 1 - roles/redis_exporter/tasks/configure.yml | 49 ++++++------- roles/redis_exporter/tasks/install.yml | 69 ------------------- roles/redis_exporter/tasks/main.yml | 46 +++++-------- roles/redis_exporter/tasks/preflight.yml | 68 +++--------------- roles/redis_exporter/tasks/selinux.yml | 23 ------- roles/redis_exporter/vars/main.yml | 14 ++-- 10 files changed, 66 insertions(+), 237 deletions(-) delete mode 100644 roles/redis_exporter/tasks/install.yml delete mode 100644 roles/redis_exporter/tasks/selinux.yml diff --git a/roles/redis_exporter/defaults/main.yml b/roles/redis_exporter/defaults/main.yml index ded15dafb..8813da1fe 100644 --- a/roles/redis_exporter/defaults/main.yml +++ b/roles/redis_exporter/defaults/main.yml @@ -1,10 +1,8 @@ --- redis_exporter_version: 1.63.0 -redis_exporter_binary_local_dir: "" redis_exporter_binary_url: "https://github.com/{{ _redis_exporter_repo }}/releases/download/v{{ redis_exporter_version }}/\ - redis_exporter-v{{ redis_exporter_version }}.linux-{{ go_arch }}.tar.gz" + redis_exporter-v{{ redis_exporter_version }}.{{ ansible_system | lower }}-{{ _redis_exporter_go_ansible_arch }}.tar.gz" redis_exporter_checksums_url: "https://github.com/{{ _redis_exporter_repo }}/releases/download/v{{ redis_exporter_version }}/sha256sums.txt" -redis_exporter_skip_install: false # https://github.com/oliver006/redis_exporter?tab=readme-ov-file#command-line-flags redis_exporter_addr: "redis://localhost:6379" @@ -49,6 +47,7 @@ redis_exporter_config_command: "CONFIG" redis_exporter_binary_install_dir: "/usr/local/bin" redis_exporter_system_group: "redis-exp" redis_exporter_system_user: "{{ redis_exporter_system_group }}" +redis_exporter_config_dir: "/etc/redis_exporter" # Local path to stash the archive and its extraction -redis_exporter_archive_path: /tmp +redis_exporter_local_cache_path: "/tmp/redis_exporter-{{ ansible_system | lower }}-{{ _redis_exporter_go_ansible_arch }}/{{ redis_exporter_version }}" diff --git a/roles/redis_exporter/meta/argument_specs.yml b/roles/redis_exporter/meta/argument_specs.yml index 211497cc6..dbf0b5ae2 100644 --- a/roles/redis_exporter/meta/argument_specs.yml +++ b/roles/redis_exporter/meta/argument_specs.yml @@ -11,18 +11,9 @@ argument_specs: redis_exporter_version: description: "redis_exporter package version. Also accepts latest as parameter." default: "1.63.0" - redis_exporter_skip_install: - description: "redis_exporter installation tasks gets skipped when set to true." - type: bool - default: false - redis_exporter_binary_local_dir: - description: - - "Enables the use of local packages instead of those distributed on github." - - "The parameter may be set to a directory where the C(redis_exporter) binary is stored on the host where ansible is run." - - "This overrides the I(redis_exporter_version) parameter" redis_exporter_binary_url: description: "URL of the redis_exporter binaries .tar.gz file" - default: "https://github.com/{{ _redis_exporter_repo }}/releases/download/v{{ redis_exporter_version }}/redis_exporter-v{{ redis_exporter_version }}.linux-{{ go_arch }}.tar.gz" + default: "https://github.com/{{ _redis_exporter_repo }}/releases/download/v{{ redis_exporter_version }}/redis_exporter-v{{ redis_exporter_version }}.{{ ansible_system | lower }}-{{ _redis_exporter_go_ansible_arch }}.tar.gz" redis_exporter_checksums_url: description: "URL of the redis_exporter checksums file" default: "https://github.com/{{ _redis_exporter_repo }}/releases/download/v{{ redis_exporter_version }}/sha256sums.txt" @@ -179,6 +170,9 @@ argument_specs: - "I(Advanced)" - "redis_exporter user" default: "redis-exp" - redis_exporter_archive_path: - description: 'Local path to stash the archive and its extraction' - default: "/tmp" + redis_exporter_local_cache_path: + description: "Local path to stash the archive and its extraction" + default: "/tmp/redis_exporter-{{ ansible_system | lower }}-{{ _redis_exporter_go_ansible_arch }}/{{ redis_exporter_version }}" + redis_exporter_config_dir: + description: "Path to directory with redis_exporter configuration" + default: "/etc/redis_exporter" diff --git a/roles/redis_exporter/molecule/alternative/molecule.yml b/roles/redis_exporter/molecule/alternative/molecule.yml index 959161705..6fe5a6b8e 100644 --- a/roles/redis_exporter/molecule/alternative/molecule.yml +++ b/roles/redis_exporter/molecule/alternative/molecule.yml @@ -5,15 +5,13 @@ provisioner: inventory: group_vars: all: - redis_exporter_binary_local_dir: "/tmp/redis_exporter-linux-amd64" + redis_exporter_local_cache_path: "/tmp/redis_exporter-linux-amd64" redis_exporter_web_listen_address: "127.0.0.1:8080" redis_exporter_tls_server_config: cert_file: /etc/redis_exporter/tls.cert key_file: /etc/redis_exporter/tls.key redis_exporter_tls_server_cert_file: "{{ redis_exporter_tls_server_config.cert_file }}" redis_exporter_tls_server_key_file: "{{ redis_exporter_tls_server_config.key_file }}" - go_arch: amd64 redis_exporter_version: 1.58.0 redis_exporter_binary_url: "https://github.com/oliver006/redis_exporter/releases/download/v{{\ - \ redis_exporter_version }}/redis_exporter-v{{ redis_exporter_version }}.linux-{{\ - \ go_arch }}.tar.gz" + \ redis_exporter_version }}/redis_exporter-v{{ redis_exporter_version }}.linux-amd64.tar.gz" diff --git a/roles/redis_exporter/molecule/default/tests/test_default.py b/roles/redis_exporter/molecule/default/tests/test_default.py index d0b80ec15..efc03a726 100644 --- a/roles/redis_exporter/molecule/default/tests/test_default.py +++ b/roles/redis_exporter/molecule/default/tests/test_default.py @@ -31,7 +31,6 @@ def test_user(host): assert host.group("redis-exp").exists assert "redis-exp" in host.user("redis-exp").groups assert host.user("redis-exp").shell == "/usr/sbin/nologin" - assert host.user("redis-exp").home == "/" def test_service(host): diff --git a/roles/redis_exporter/tasks/configure.yml b/roles/redis_exporter/tasks/configure.yml index 88c330506..712870909 100644 --- a/roles/redis_exporter/tasks/configure.yml +++ b/roles/redis_exporter/tasks/configure.yml @@ -1,37 +1,28 @@ --- -- name: Copy the redis_exporter systemd service file - ansible.builtin.template: - src: redis_exporter.service.j2 - dest: /etc/systemd/system/redis_exporter.service - owner: root - group: root - mode: 0644 - notify: restart redis_exporter - -- name: Create redis_exporter config directory - ansible.builtin.file: - path: "/etc/redis_exporter" - state: directory - owner: root - group: root - mode: u+rwX,g+rwX,o=rX +- name: Configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: configure.yml + vars: + _common_system_user: "{{ redis_exporter_system_user }}" + _common_system_group: "{{ redis_exporter_system_group }}" + _common_config_dir: "{{ redis_exporter_config_dir }}" + tags: + - redis_exporter + - configure + - redis_exporter_configure - name: Copy the passwords file ansible.builtin.copy: - dest: /etc/redis_exporter/passwords.json content: "{{ redis_exporter_passwords | to_json(indent=2, sort_keys=True) }}" - owner: root - group: root + dest: "{{ redis_exporter_config_dir }}/passwords.json" + owner: "{{ redis_exporter_system_user }}" + group: "{{ redis_exporter_system_group }}" mode: 0644 notify: restart redis_exporter when: redis_exporter_passwords | length > 0 - -- name: Allow redis_exporter port in SELinux on RedHat OS family - community.general.seport: - ports: "{{ redis_exporter_web_listen_address.split(':')[-1] }}" - proto: tcp - setype: http_port_t - state: present - when: - - ansible_version.full is version_compare('2.4', '>=') - - ansible_selinux.status == "enabled" + become: true + tags: + - redis_exporter + - configure + - redis_exporter_configure diff --git a/roles/redis_exporter/tasks/install.yml b/roles/redis_exporter/tasks/install.yml deleted file mode 100644 index 3212b64d9..000000000 --- a/roles/redis_exporter/tasks/install.yml +++ /dev/null @@ -1,69 +0,0 @@ ---- -- name: Create the redis_exporter group - ansible.builtin.group: - name: "{{ redis_exporter_system_group }}" - state: present - system: true - when: redis_exporter_system_group != "root" - -- name: Create the redis_exporter user - ansible.builtin.user: - name: "{{ redis_exporter_system_user }}" - groups: "{{ redis_exporter_system_group }}" - append: true - shell: /usr/sbin/nologin - system: true - create_home: false - home: / - when: redis_exporter_system_user != "root" - -- name: Get binary - when: - - redis_exporter_binary_local_dir | length == 0 - - not redis_exporter_skip_install - block: - - - name: Download redis_exporter binary to local folder - become: false - ansible.builtin.get_url: - url: "{{ redis_exporter_binary_url }}" - dest: "{{ redis_exporter_archive_path }}/redis_exporter-{{ redis_exporter_version }}.linux-{{ go_arch }}.tar.gz" - checksum: "sha256:{{ __redis_exporter_checksum }}" - mode: '0644' - register: _download_binary - until: _download_binary is succeeded - retries: 5 - delay: 2 - delegate_to: localhost - check_mode: false - - - name: Unpack redis_exporter binary - become: false - ansible.builtin.unarchive: - src: "{{ redis_exporter_archive_path }}/redis_exporter-{{ redis_exporter_version }}.linux-{{ go_arch }}.tar.gz" - dest: "{{ redis_exporter_archive_path }}" - creates: "{{ redis_exporter_archive_path }}/redis_exporter-{{ redis_exporter_version }}.linux-{{ go_arch }}/redis_exporter" - delegate_to: localhost - check_mode: false - - - name: Propagate redis_exporter binaries - ansible.builtin.copy: - src: "{{ redis_exporter_archive_path }}/redis_exporter-v{{ redis_exporter_version }}.linux-{{ go_arch }}/redis_exporter" - dest: "{{ redis_exporter_binary_install_dir }}/redis_exporter" - mode: 0755 - owner: root - group: root - notify: restart redis_exporter - when: not ansible_check_mode - -- name: Propagate locally distributed redis_exporter binary - ansible.builtin.copy: - src: "{{ redis_exporter_binary_local_dir }}/redis_exporter" - dest: "{{ redis_exporter_binary_install_dir }}/redis_exporter" - mode: 0755 - owner: root - group: root - when: - - redis_exporter_binary_local_dir | length > 0 - - not redis_exporter_skip_install - notify: restart redis_exporter diff --git a/roles/redis_exporter/tasks/main.yml b/roles/redis_exporter/tasks/main.yml index be1acf120..357ba91d7 100644 --- a/roles/redis_exporter/tasks/main.yml +++ b/roles/redis_exporter/tasks/main.yml @@ -2,40 +2,34 @@ - name: Preflight ansible.builtin.include_tasks: file: preflight.yml - apply: - tags: - - redis_exporter_install - - redis_exporter_configure - - redis_exporter_run tags: - redis_exporter_install - redis_exporter_configure - redis_exporter_run - name: Install - ansible.builtin.include_tasks: - file: install.yml - apply: - become: true - tags: - - redis_exporter_install - when: - ( not __redis_exporter_is_installed.stat.exists ) or - ( (__redis_exporter_current_version_output.stderr_lines | length > 0) - and (__redis_exporter_current_version_output.stderr_lines[0].split(" ")[2] != redis_exporter_version) ) or - ( (__redis_exporter_current_version_output.stdout_lines | length > 0) - and (__redis_exporter_current_version_output.stdout_lines[0].split(" ")[2] != redis_exporter_version) ) or - ( redis_exporter_binary_local_dir | length > 0 ) + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: install.yml + vars: + _common_local_cache_path: "{{ redis_exporter_local_cache_path }}" + _common_binaries: "{{ _redis_exporter_binaries }}" + _common_binary_install_dir: "{{ redis_exporter_binary_install_dir }}" + _common_binary_url: "{{ redis_exporter_binary_url }}" + _common_checksums_url: "{{ redis_exporter_checksums_url }}" + _common_system_group: "{{ redis_exporter_system_group }}" + _common_system_user: "{{ redis_exporter_system_user }}" + _common_config_dir: "{{ redis_exporter_config_dir }}" + _common_binary_unarchive_opts: ['--strip-components=1'] tags: - redis_exporter_install - name: SELinux - ansible.builtin.include_tasks: - file: selinux.yml - apply: - become: true - tags: - - redis_exporter_configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: selinux.yml + vars: + _common_selinux_port: "{{ redis_exporter_web_listen_address | urlsplit('port') }}" when: ansible_selinux.status == "enabled" tags: - redis_exporter_configure @@ -43,10 +37,6 @@ - name: Configure ansible.builtin.include_tasks: file: configure.yml - apply: - become: true - tags: - - redis_exporter_configure tags: - redis_exporter_configure diff --git a/roles/redis_exporter/tasks/preflight.yml b/roles/redis_exporter/tasks/preflight.yml index 63c8267e2..040cf5de4 100644 --- a/roles/redis_exporter/tasks/preflight.yml +++ b/roles/redis_exporter/tasks/preflight.yml @@ -1,24 +1,8 @@ --- -- name: Assert usage of systemd as an init system - ansible.builtin.assert: - that: ansible_service_mgr == 'systemd' - msg: "This role only works with systemd" - -- name: Install package fact dependencies - become: true - ansible.builtin.package: - name: "{{ _pkg_fact_req }}" - state: present - when: (_pkg_fact_req) - vars: - _pkg_fact_req: "{% if (ansible_pkg_mgr == 'apt') %}\ - {{ ('python-apt' if ansible_python_version is version('3', '<') else 'python3-apt') }} - {% else %}\ - {% endif %}" - -- name: Gather package facts - ansible.builtin.package_facts: - when: "not 'packages' in ansible_facts" +- name: Common preflight + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: preflight.yml - name: Assert that used version supports listen address type ansible.builtin.assert: @@ -63,23 +47,6 @@ - "__redis_exporter_cert_file.stat.exists" - "__redis_exporter_key_file.stat.exists" -- name: Check if redis_exporter is installed - ansible.builtin.stat: - path: "{{ redis_exporter_binary_install_dir }}/redis_exporter" - register: __redis_exporter_is_installed - check_mode: false - tags: - - redis_exporter_install - -- name: Gather currently installed redis_exporter version (if any) - ansible.builtin.command: "{{ redis_exporter_binary_install_dir }}/redis_exporter --version" - changed_when: false - register: __redis_exporter_current_version_output - check_mode: false - when: __redis_exporter_is_installed.stat.exists - tags: - - redis_exporter_install - - name: Discover latest version ansible.builtin.set_fact: redis_exporter_version: "{{ (lookup('url', 'https://api.github.com/repos/{{ _redis_exporter_repo }}/releases/latest', headers=_github_api_headers, @@ -89,24 +56,9 @@ retries: 10 when: - redis_exporter_version == "latest" - - redis_exporter_binary_local_dir | length == 0 - - not redis_exporter_skip_install - -- name: Get redis_exporter binary checksum - when: - - redis_exporter_binary_local_dir | length == 0 - - not redis_exporter_skip_install - block: - - name: Get checksum list from github - ansible.builtin.set_fact: - __redis_exporter_checksums: "{{ lookup('url', redis_exporter_checksums_url, headers=_github_api_headers, wantlist=True) | list }}" - run_once: true - until: __redis_exporter_checksums is search('linux-' + go_arch + '.tar.gz') - retries: 10 - - - name: "Get checksum for {{ go_arch }}" - ansible.builtin.set_fact: - __redis_exporter_checksum: "{{ item.split(' ')[0] }}" - with_items: "{{ __redis_exporter_checksums }}" - when: - - "('linux-' + go_arch + '.tar.gz') in item" + tags: + - redis_exporter + - install + - redis_exporter_install + - download + - redis_exporter_download diff --git a/roles/redis_exporter/tasks/selinux.yml b/roles/redis_exporter/tasks/selinux.yml deleted file mode 100644 index 754cbd0a2..000000000 --- a/roles/redis_exporter/tasks/selinux.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Install selinux python packages [RedHat] - ansible.builtin.package: - name: "{{ ['libselinux-python', 'policycoreutils-python'] - if ansible_python_version is version('3', '<') else - ['python3-libselinux', 'python3-policycoreutils'] }}" - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: ansible_os_family | lower == "redhat" - -- name: Install selinux python packages [clearlinux] - ansible.builtin.package: - name: sysadmin-basic - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: - - ansible_distribution | lower == "clearlinux" diff --git a/roles/redis_exporter/vars/main.yml b/roles/redis_exporter/vars/main.yml index 7233a5c17..3b61006e8 100644 --- a/roles/redis_exporter/vars/main.yml +++ b/roles/redis_exporter/vars/main.yml @@ -1,11 +1,9 @@ --- -go_arch_map: - i386: '386' - x86_64: 'amd64' - aarch64: 'arm64' - armv7l: 'armv7' - armv6l: 'armv6' - -go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}" +_redis_exporter_go_ansible_arch: "{{ {'i386': '386', + 'x86_64': 'amd64', + 'aarch64': 'arm64', + 'armv7l': 'armv7', + 'armv6l': 'armv6'}.get(ansible_architecture, ansible_architecture) }}" _redis_exporter_repo: "oliver006/redis_exporter" _github_api_headers: "{{ {'GITHUB_TOKEN': lookup('ansible.builtin.env', 'GITHUB_TOKEN')} if (lookup('ansible.builtin.env', 'GITHUB_TOKEN')) else {} }}" +_redis_exporter_binaries: ['redis_exporter'] From 0da12f7cdc2cf3e9b2be30977d254c3968047edc Mon Sep 17 00:00:00 2001 From: gardar Date: Tue, 15 Oct 2024 17:12:36 +0000 Subject: [PATCH 19/24] refactor(smartctl_exporter): delegate common tasks to _common role Signed-off-by: gardar --- roles/smartctl_exporter/defaults/main.yml | 7 +- .../smartctl_exporter/meta/argument_specs.yml | 20 ++---- .../molecule/alternative/molecule.yml | 6 +- .../molecule/default/tests/test_default.py | 1 - roles/smartctl_exporter/tasks/configure.yml | 36 ---------- roles/smartctl_exporter/tasks/install.yml | 69 ------------------- roles/smartctl_exporter/tasks/main.yml | 58 ++++++++-------- roles/smartctl_exporter/tasks/preflight.yml | 68 +++--------------- roles/smartctl_exporter/tasks/selinux.yml | 23 ------- .../templates/smartctl_exporter.service.j2 | 2 +- .../templates/web_config.yaml.j2 | 18 ----- roles/smartctl_exporter/vars/main.yml | 14 ++-- 12 files changed, 57 insertions(+), 265 deletions(-) delete mode 100644 roles/smartctl_exporter/tasks/configure.yml delete mode 100644 roles/smartctl_exporter/tasks/install.yml delete mode 100644 roles/smartctl_exporter/tasks/selinux.yml delete mode 100644 roles/smartctl_exporter/templates/web_config.yaml.j2 diff --git a/roles/smartctl_exporter/defaults/main.yml b/roles/smartctl_exporter/defaults/main.yml index 3d95daf63..518e8af8f 100644 --- a/roles/smartctl_exporter/defaults/main.yml +++ b/roles/smartctl_exporter/defaults/main.yml @@ -1,10 +1,8 @@ --- smartctl_exporter_version: 0.12.0 -smartctl_exporter_binary_local_dir: "" smartctl_exporter_binary_url: "https://github.com/{{ _smartctl_exporter_repo }}/releases/download/v{{ smartctl_exporter_version }}/\ - smartctl_exporter-{{ smartctl_exporter_version }}.linux-{{ go_arch }}.tar.gz" + smartctl_exporter-{{ smartctl_exporter_version }}.{{ ansible_system | lower }}-{{ _smartctl_exporter_go_ansible_arch }}.tar.gz" smartctl_exporter_checksums_url: "https://github.com/{{ _smartctl_exporter_repo }}/releases/download/v{{ smartctl_exporter_version }}/sha256sums.txt" -smartctl_exporter_skip_install: false smartctl_exporter_smartctl_path: "/usr/sbin/smartctl" smartctl_exporter_smartctl_interval: "60s" @@ -28,6 +26,7 @@ smartctl_exporter_log_format: "logfmt" smartctl_exporter_binary_install_dir: "/usr/local/bin" smartctl_exporter_system_group: "smartctl-exp" smartctl_exporter_system_user: "{{ smartctl_exporter_system_group }}" +smartctl_exporter_config_dir: "/etc/smartctl_exporter" # Local path to stash the archive and its extraction -smartctl_exporter_archive_path: /tmp +smartctl_exporter_local_cache_path: "/tmp/smartctl_exporter-{{ ansible_system | lower }}-{{ _smartctl_exporter_go_ansible_arch }}/{{ smartctl_exporter_version }}" diff --git a/roles/smartctl_exporter/meta/argument_specs.yml b/roles/smartctl_exporter/meta/argument_specs.yml index 387c58588..dc735a35c 100644 --- a/roles/smartctl_exporter/meta/argument_specs.yml +++ b/roles/smartctl_exporter/meta/argument_specs.yml @@ -11,18 +11,9 @@ argument_specs: smartctl_exporter_version: description: "Smartctl exporter package version. Also accepts latest as parameter." default: "0.12.0" - smartctl_exporter_skip_install: - description: "Smartctl exporter installation tasks gets skipped when set to true." - type: bool - default: false - smartctl_exporter_binary_local_dir: - description: - - "Enables the use of local packages instead of those distributed on github." - - "The parameter may be set to a directory where the C(smartctl_exporter) binary is stored on the host where ansible is run." - - "This overrides the I(smartctl_exporter_version) parameter" smartctl_exporter_binary_url: description: "URL of the Smartctl exporter binaries .tar.gz file" - default: "https://github.com/{{ _smartctl_exporter_repo }}/releases/download/v{{ smartctl_exporter_version }}/smartctl_exporter-{{ smartctl_exporter_version }}.linux-{{ go_arch }}.tar.gz" + default: "https://github.com/{{ _smartctl_exporter_repo }}/releases/download/v{{ smartctl_exporter_version }}/smartctl_exporter-{{ smartctl_exporter_version }}.{{ ansible_system | lower }}-{{ _smartctl_exporter_go_ansible_arch }}.tar.gz" smartctl_exporter_checksums_url: description: "URL of the Smartctl exporter checksums file" default: "https://github.com/{{ _smartctl_exporter_repo }}/releases/download/v{{ smartctl_exporter_version }}/sha256sums.txt" @@ -90,6 +81,9 @@ argument_specs: - "I(Advanced)" - "Smartctl exporter user" default: "smartctl-exp" - smartctl_exporter_archive_path: - description: 'Local path to stash the archive and its extraction' - default: "/tmp" + smartctl_exporter_local_cache_path: + description: "Local path to stash the archive and its extraction" + default: "/tmp/smartctl_exporter-{{ ansible_system | lower }}-{{ _smartctl_exporter_go_ansible_arch }}/{{ smartctl_exporter_version }}" + smartctl_exporter_config_dir: + description: "Path to directory with smartctl_exporter configuration" + default: "/etc/smartctl_exporter" diff --git a/roles/smartctl_exporter/molecule/alternative/molecule.yml b/roles/smartctl_exporter/molecule/alternative/molecule.yml index fa83c8f65..fb3889be4 100644 --- a/roles/smartctl_exporter/molecule/alternative/molecule.yml +++ b/roles/smartctl_exporter/molecule/alternative/molecule.yml @@ -5,7 +5,7 @@ provisioner: inventory: group_vars: all: - smartctl_exporter_binary_local_dir: "/tmp/smartctl_exporter-linux-amd64" + smartctl_exporter_local_cache_path: "/tmp/smartctl_exporter-linux-amd64" smartctl_exporter_web_listen_address: "127.0.0.1:8080" smartctl_exporter_smartctl_interval: "30s" smartctl_exporter_smartctl_rescan: "5m" @@ -18,8 +18,6 @@ provisioner: http2: true smartctl_exporter_basic_auth_users: randomuser: examplepassword - go_arch: amd64 smartctl_exporter_version: 0.11.0 smartctl_exporter_binary_url: "https://github.com/prometheus-community/smartctl_exporter/releases/download/v{{\ - \ smartctl_exporter_version }}/smartctl_exporter-{{ smartctl_exporter_version }}.linux-{{\ - \ go_arch }}.tar.gz" + \ smartctl_exporter_version }}/smartctl_exporter-{{ smartctl_exporter_version }}.linux-amd64.tar.gz" diff --git a/roles/smartctl_exporter/molecule/default/tests/test_default.py b/roles/smartctl_exporter/molecule/default/tests/test_default.py index 37c7d26b7..54c141969 100644 --- a/roles/smartctl_exporter/molecule/default/tests/test_default.py +++ b/roles/smartctl_exporter/molecule/default/tests/test_default.py @@ -31,7 +31,6 @@ def test_user(host): assert host.group("smartctl-exp").exists assert "smartctl-exp" in host.user("smartctl-exp").groups assert host.user("smartctl-exp").shell == "/usr/sbin/nologin" - assert host.user("smartctl-exp").home == "/" def test_service(host): diff --git a/roles/smartctl_exporter/tasks/configure.yml b/roles/smartctl_exporter/tasks/configure.yml deleted file mode 100644 index 6f91d0f51..000000000 --- a/roles/smartctl_exporter/tasks/configure.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- name: Copy the smartctl_exporter systemd service file - ansible.builtin.template: - src: smartctl_exporter.service.j2 - dest: /etc/systemd/system/smartctl_exporter.service - owner: root - group: root - mode: 0644 - notify: restart smartctl_exporter - -- name: Create smartctl_exporter config directory - ansible.builtin.file: - path: "/etc/smartctl_exporter" - state: directory - owner: root - group: root - mode: u+rwX,g+rwX,o=rX - -- name: Copy the smartctl_exporter web config file - ansible.builtin.template: - src: web_config.yaml.j2 - dest: /etc/smartctl_exporter/web_config.yaml - owner: root - group: root - mode: 0644 - notify: restart smartctl_exporter - -- name: Allow smartctl_exporter port in SELinux on RedHat OS family - community.general.seport: - ports: "{{ smartctl_exporter_web_listen_address.split(':')[-1] }}" - proto: tcp - setype: http_port_t - state: present - when: - - ansible_version.full is version_compare('2.4', '>=') - - ansible_selinux.status == "enabled" diff --git a/roles/smartctl_exporter/tasks/install.yml b/roles/smartctl_exporter/tasks/install.yml deleted file mode 100644 index d7285c326..000000000 --- a/roles/smartctl_exporter/tasks/install.yml +++ /dev/null @@ -1,69 +0,0 @@ ---- -- name: Create the smartctl_exporter group - ansible.builtin.group: - name: "{{ smartctl_exporter_system_group }}" - state: present - system: true - when: smartctl_exporter_system_group != "root" - -- name: Create the smartctl_exporter user - ansible.builtin.user: - name: "{{ smartctl_exporter_system_user }}" - groups: "{{ smartctl_exporter_system_group }}" - append: true - shell: /usr/sbin/nologin - system: true - create_home: false - home: / - when: smartctl_exporter_system_user != "root" - -- name: Get binary - when: - - smartctl_exporter_binary_local_dir | length == 0 - - not smartctl_exporter_skip_install - block: - - - name: Download smartctl_exporter binary to local folder - become: false - ansible.builtin.get_url: - url: "{{ smartctl_exporter_binary_url }}" - dest: "{{ smartctl_exporter_archive_path }}/smartctl_exporter-{{ smartctl_exporter_version }}.linux-{{ go_arch }}.tar.gz" - checksum: "sha256:{{ __smartctl_exporter_checksum }}" - mode: '0644' - register: _download_binary - until: _download_binary is succeeded - retries: 5 - delay: 2 - delegate_to: localhost - check_mode: false - - - name: Unpack smartctl_exporter binary - become: false - ansible.builtin.unarchive: - src: "{{ smartctl_exporter_archive_path }}/smartctl_exporter-{{ smartctl_exporter_version }}.linux-{{ go_arch }}.tar.gz" - dest: "{{ smartctl_exporter_archive_path }}" - creates: "{{ smartctl_exporter_archive_path }}/smartctl_exporter-{{ smartctl_exporter_version }}.linux-{{ go_arch }}/smartctl_exporter" - delegate_to: localhost - check_mode: false - - - name: Propagate smartctl_exporter binaries - ansible.builtin.copy: - src: "{{ smartctl_exporter_archive_path }}/smartctl_exporter-{{ smartctl_exporter_version }}.linux-{{ go_arch }}/smartctl_exporter" - dest: "{{ smartctl_exporter_binary_install_dir }}/smartctl_exporter" - mode: 0755 - owner: root - group: root - notify: restart smartctl_exporter - when: not ansible_check_mode - -- name: Propagate locally distributed smartctl_exporter binary - ansible.builtin.copy: - src: "{{ smartctl_exporter_binary_local_dir }}/smartctl_exporter" - dest: "{{ smartctl_exporter_binary_install_dir }}/smartctl_exporter" - mode: 0755 - owner: root - group: root - when: - - smartctl_exporter_binary_local_dir | length > 0 - - not smartctl_exporter_skip_install - notify: restart smartctl_exporter diff --git a/roles/smartctl_exporter/tasks/main.yml b/roles/smartctl_exporter/tasks/main.yml index 3da42e964..9eb305664 100644 --- a/roles/smartctl_exporter/tasks/main.yml +++ b/roles/smartctl_exporter/tasks/main.yml @@ -2,51 +2,49 @@ - name: Preflight ansible.builtin.include_tasks: file: preflight.yml - apply: - tags: - - smartctl_exporter_install - - smartctl_exporter_configure - - smartctl_exporter_run tags: - smartctl_exporter_install - smartctl_exporter_configure - smartctl_exporter_run - name: Install - ansible.builtin.include_tasks: - file: install.yml - apply: - become: true - tags: - - smartctl_exporter_install - when: - ( not __smartctl_exporter_is_installed.stat.exists ) or - ( (__smartctl_exporter_current_version_output.stderr_lines | length > 0) - and (__smartctl_exporter_current_version_output.stderr_lines[0].split(" ")[2] != smartctl_exporter_version) ) or - ( (__smartctl_exporter_current_version_output.stdout_lines | length > 0) - and (__smartctl_exporter_current_version_output.stdout_lines[0].split(" ")[2] != smartctl_exporter_version) ) or - ( smartctl_exporter_binary_local_dir | length > 0 ) + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: install.yml + vars: + _common_local_cache_path: "{{ smartctl_exporter_local_cache_path }}" + _common_binaries: "{{ _smartctl_exporter_binaries }}" + _common_binary_install_dir: "{{ smartctl_exporter_binary_install_dir }}" + _common_binary_url: "{{ smartctl_exporter_binary_url }}" + _common_checksums_url: "{{ smartctl_exporter_checksums_url }}" + _common_system_group: "{{ smartctl_exporter_system_group }}" + _common_system_user: "{{ smartctl_exporter_system_user }}" + _common_config_dir: "{{ smartctl_exporter_config_dir }}" + _common_binary_unarchive_opts: ['--strip-components=1'] tags: - smartctl_exporter_install - name: SELinux - ansible.builtin.include_tasks: - file: selinux.yml - apply: - become: true - tags: - - smartctl_exporter_configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: selinux.yml + vars: + _common_selinux_port: "{{ smartctl_exporter_web_listen_address | urlsplit('port') }}" when: ansible_selinux.status == "enabled" tags: - smartctl_exporter_configure - name: Configure - ansible.builtin.include_tasks: - file: configure.yml - apply: - become: true - tags: - - smartctl_exporter_configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: configure.yml + vars: + _common_system_user: "{{ smartctl_exporter_system_user }}" + _common_system_group: "{{ smartctl_exporter_system_group }}" + _common_config_dir: "{{ smartctl_exporter_config_dir }}" + _common_tls_server_config: "{{ smartctl_exporter_tls_server_config }}" + _common_http_server_config: "{{ smartctl_exporter_http_server_config }}" + _common_basic_auth_users: "{{ smartctl_exporter_basic_auth_users }}" tags: - smartctl_exporter_configure diff --git a/roles/smartctl_exporter/tasks/preflight.yml b/roles/smartctl_exporter/tasks/preflight.yml index e5444c9a5..bb974c3af 100644 --- a/roles/smartctl_exporter/tasks/preflight.yml +++ b/roles/smartctl_exporter/tasks/preflight.yml @@ -1,24 +1,8 @@ --- -- name: Assert usage of systemd as an init system - ansible.builtin.assert: - that: ansible_service_mgr == 'systemd' - msg: "This role only works with systemd" - -- name: Install package fact dependencies - become: true - ansible.builtin.package: - name: "{{ _pkg_fact_req }}" - state: present - when: (_pkg_fact_req) - vars: - _pkg_fact_req: "{% if (ansible_pkg_mgr == 'apt') %}\ - {{ ('python-apt' if ansible_python_version is version('3', '<') else 'python3-apt') }} - {% else %}\ - {% endif %}" - -- name: Gather package facts - ansible.builtin.package_facts: - when: "not 'packages' in ansible_facts" +- name: Common preflight + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: preflight.yml - name: Assert that used version supports listen address type ansible.builtin.assert: @@ -61,23 +45,6 @@ - "__smartctl_exporter_cert_file.stat.exists" - "__smartctl_exporter_key_file.stat.exists" -- name: Check if smartctl_exporter is installed - ansible.builtin.stat: - path: "{{ smartctl_exporter_binary_install_dir }}/smartctl_exporter" - register: __smartctl_exporter_is_installed - check_mode: false - tags: - - smartctl_exporter_install - -- name: Gather currently installed smartctl_exporter version (if any) - ansible.builtin.command: "{{ smartctl_exporter_binary_install_dir }}/smartctl_exporter --version" - changed_when: false - register: __smartctl_exporter_current_version_output - check_mode: false - when: __smartctl_exporter_is_installed.stat.exists - tags: - - smartctl_exporter_install - - name: Discover latest version ansible.builtin.set_fact: smartctl_exporter_version: "{{ (lookup('url', 'https://api.github.com/repos/{{ _smartctl_exporter_repo }}/releases/latest', headers=_github_api_headers, @@ -87,24 +54,9 @@ retries: 10 when: - smartctl_exporter_version == "latest" - - smartctl_exporter_binary_local_dir | length == 0 - - not smartctl_exporter_skip_install - -- name: Get smartctl_exporter binary checksum - when: - - smartctl_exporter_binary_local_dir | length == 0 - - not smartctl_exporter_skip_install - block: - - name: Get checksum list from github - ansible.builtin.set_fact: - __smartctl_exporter_checksums: "{{ lookup('url', smartctl_exporter_checksums_url, headers=_github_api_headers, wantlist=True) | list }}" - run_once: true - until: __smartctl_exporter_checksums is search('linux-' + go_arch + '.tar.gz') - retries: 10 - - - name: "Get checksum for {{ go_arch }}" - ansible.builtin.set_fact: - __smartctl_exporter_checksum: "{{ item.split(' ')[0] }}" - with_items: "{{ __smartctl_exporter_checksums }}" - when: - - "('linux-' + go_arch + '.tar.gz') in item" + tags: + - smartctl_exporter + - install + - smartctl_exporter_install + - download + - smartctl_exporter_download diff --git a/roles/smartctl_exporter/tasks/selinux.yml b/roles/smartctl_exporter/tasks/selinux.yml deleted file mode 100644 index 754cbd0a2..000000000 --- a/roles/smartctl_exporter/tasks/selinux.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Install selinux python packages [RedHat] - ansible.builtin.package: - name: "{{ ['libselinux-python', 'policycoreutils-python'] - if ansible_python_version is version('3', '<') else - ['python3-libselinux', 'python3-policycoreutils'] }}" - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: ansible_os_family | lower == "redhat" - -- name: Install selinux python packages [clearlinux] - ansible.builtin.package: - name: sysadmin-basic - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: - - ansible_distribution | lower == "clearlinux" diff --git a/roles/smartctl_exporter/templates/smartctl_exporter.service.j2 b/roles/smartctl_exporter/templates/smartctl_exporter.service.j2 index 944fe0a7e..105262206 100644 --- a/roles/smartctl_exporter/templates/smartctl_exporter.service.j2 +++ b/roles/smartctl_exporter/templates/smartctl_exporter.service.j2 @@ -20,7 +20,7 @@ ExecStart={{ smartctl_exporter_binary_install_dir }}/smartctl_exporter \ '--web.listen-address={{ smartctl_exporter_web_listen_address }}' \ '--web.telemetry-path={{ smartctl_exporter_web_telemetry_path }}' \ {% if smartctl_exporter_tls_server_config | length > 0 or smartctl_exporter_http_server_config | length > 0 or smartctl_exporter_basic_auth_users | length > 0 %} - '--web.config.file=/etc/smartctl_exporter/web_config.yaml' \ + '--web.config.file={{ smartctl_exporter_config_dir }}/web_config.yml' \ {% endif %} '--log.level={{ smartctl_exporter_log_level }}' \ '--log.format={{ smartctl_exporter_log_format }}' diff --git a/roles/smartctl_exporter/templates/web_config.yaml.j2 b/roles/smartctl_exporter/templates/web_config.yaml.j2 deleted file mode 100644 index ca09ccd0f..000000000 --- a/roles/smartctl_exporter/templates/web_config.yaml.j2 +++ /dev/null @@ -1,18 +0,0 @@ ---- -{{ ansible_managed | comment }} -{% if smartctl_exporter_tls_server_config | length > 0 %} -tls_server_config: -{{ smartctl_exporter_tls_server_config | to_nice_yaml | indent(2, true) }} -{% endif %} - -{% if smartctl_exporter_http_server_config | length > 0 %} -http_server_config: -{{ smartctl_exporter_http_server_config | to_nice_yaml | indent(2, true) }} -{% endif %} - -{% if smartctl_exporter_basic_auth_users | length > 0 %} -basic_auth_users: -{% for k, v in smartctl_exporter_basic_auth_users.items() %} - {{ k }}: {{ v | string | password_hash('bcrypt', ('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890' | shuffle(seed=inventory_hostname) | join)[:22], rounds=9) }} -{% endfor %} -{% endif %} diff --git a/roles/smartctl_exporter/vars/main.yml b/roles/smartctl_exporter/vars/main.yml index 7636a8d40..79ccf2269 100644 --- a/roles/smartctl_exporter/vars/main.yml +++ b/roles/smartctl_exporter/vars/main.yml @@ -1,11 +1,9 @@ --- -go_arch_map: - i386: '386' - x86_64: 'amd64' - aarch64: 'arm64' - armv7l: 'armv7' - armv6l: 'armv6' - -go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}" +_smartctl_exporter_go_ansible_arch: "{{ {'i386': '386', + 'x86_64': 'amd64', + 'aarch64': 'arm64', + 'armv7l': 'armv7', + 'armv6l': 'armv6'}.get(ansible_architecture, ansible_architecture) }}" _smartctl_exporter_repo: "prometheus-community/smartctl_exporter" _github_api_headers: "{{ {'GITHUB_TOKEN': lookup('ansible.builtin.env', 'GITHUB_TOKEN')} if (lookup('ansible.builtin.env', 'GITHUB_TOKEN')) else {} }}" +_smartctl_exporter_binaries: ['smartctl_exporter'] From b90cb5bfe46fea27b56e7d8c858dad7ff574359a Mon Sep 17 00:00:00 2001 From: gardar Date: Tue, 15 Oct 2024 17:13:08 +0000 Subject: [PATCH 20/24] refactor(smokeping_prober): delegate common tasks to _common role Signed-off-by: gardar --- roles/smokeping_prober/defaults/main.yml | 6 +- .../smokeping_prober/meta/argument_specs.yml | 19 ++--- .../molecule/alternative/molecule.yml | 7 +- .../molecule/default/tests/test_default.py | 1 - roles/smokeping_prober/tasks/configure.yml | 61 ++++++---------- roles/smokeping_prober/tasks/install.yml | 69 ------------------- roles/smokeping_prober/tasks/main.yml | 46 +++++-------- roles/smokeping_prober/tasks/preflight.yml | 68 +++--------------- roles/smokeping_prober/tasks/selinux.yml | 23 ------- .../templates/smokeping_prober.service.j2 | 3 + .../templates/web_config.yaml.j2 | 18 ----- roles/smokeping_prober/vars/main.yml | 14 ++-- 12 files changed, 66 insertions(+), 269 deletions(-) delete mode 100644 roles/smokeping_prober/tasks/install.yml delete mode 100644 roles/smokeping_prober/tasks/selinux.yml delete mode 100644 roles/smokeping_prober/templates/web_config.yaml.j2 diff --git a/roles/smokeping_prober/defaults/main.yml b/roles/smokeping_prober/defaults/main.yml index c3b4edaf0..6d5ee50c0 100644 --- a/roles/smokeping_prober/defaults/main.yml +++ b/roles/smokeping_prober/defaults/main.yml @@ -1,10 +1,8 @@ --- smokeping_prober_version: 0.8.1 -smokeping_prober_binary_local_dir: "" smokeping_prober_binary_url: "https://github.com/{{ _smokeping_prober_repo }}/releases/download/v{{ smokeping_prober_version }}/\ - smokeping_prober-{{ smokeping_prober_version }}.linux-{{ go_arch }}.tar.gz" + smokeping_prober-{{ smokeping_prober_version }}.{{ ansible_system | lower }}-{{ _smokeping_prober_go_ansible_arch }}.tar.gz" smokeping_prober_checksums_url: "https://github.com/{{ _smokeping_prober_repo }}/releases/download/v{{ smokeping_prober_version }}/sha256sums.txt" -smokeping_prober_skip_install: false smokeping_prober_web_listen_address: "0.0.0.0:9374" @@ -34,4 +32,4 @@ smokeping_prober_system_group: "smokeping" smokeping_prober_system_user: "{{ smokeping_prober_system_group }}" # Local path to stash the archive and its extraction -smokeping_archive_path: /tmp +smokeping_prober_local_cache_path: "/tmp/smokeping_prober-{{ ansible_system | lower }}-{{ _smokeping_prober_go_ansible_arch }}/{{ smokeping_prober_version }}" diff --git a/roles/smokeping_prober/meta/argument_specs.yml b/roles/smokeping_prober/meta/argument_specs.yml index f571a731b..b0de9b341 100644 --- a/roles/smokeping_prober/meta/argument_specs.yml +++ b/roles/smokeping_prober/meta/argument_specs.yml @@ -11,18 +11,9 @@ argument_specs: smokeping_prober_version: description: "Smokeping Prober package version. Also accepts latest as parameter." default: "0.8.1" - smokeping_prober_skip_install: - description: "Smokeping Prober installation tasks gets skipped when set to true." - type: bool - default: false - smokeping_prober_binary_local_dir: - description: - - "Enables the use of local packages instead of those distributed on github." - - "The parameter may be set to a directory where the C(smokeping_prober) binary is stored on the host where ansible is run." - - "This overrides the I(smokeping_prober_version) parameter" smokeping_prober_binary_url: description: "URL of the Smokeping Prober binaries .tar.gz file" - default: "https://github.com/{{ _smokeping_prober_repo }}/releases/download/v{{ smokeping_prober_version }}/smokeping_prober-{{ smokeping_prober_version }}.linux-{{ go_arch }}.tar.gz" + default: "https://github.com/{{ _smokeping_prober_repo }}/releases/download/v{{ smokeping_prober_version }}/smokeping_prober-{{ smokeping_prober_version }}.{{ ansible_system | lower }}-{{ _smokeping_prober_go_ansible_arch }}.tar.gz" smokeping_prober_checksums_url: description: "URL of the Smokeping Prober checksums file" default: "https://github.com/{{ _smokeping_prober_repo }}/releases/download/v{{ smokeping_prober_version }}/sha256sums.txt" @@ -30,7 +21,7 @@ argument_specs: description: "Address on which Smokeping Prober will listen" default: "0.0.0.0:9374" smokeping_prober_config_dir: - description: "The directory of the smokeping_prober probes config files" + description: "Path to directory with smokeping_prober configuration" default: "/etc/smokeping_prober" smokeping_prober_config_file: description: "The filename of the smokeping_prober probes config file" @@ -66,6 +57,6 @@ argument_specs: - "I(Advanced)" - "Smokeping Prober user" default: "smokeping" - smokeping_archive_path: - description: 'Local path to stash the archive and its extraction' - default: "/tmp" + smokeping_prober_local_cache_path: + description: "Local path to stash the archive and its extraction" + default: "/tmp/smokeping_prober-{{ ansible_system | lower }}-{{ _smokeping_prober_go_ansible_arch }}/{{ smokeping_prober_version }}" diff --git a/roles/smokeping_prober/molecule/alternative/molecule.yml b/roles/smokeping_prober/molecule/alternative/molecule.yml index 726710555..6d3966493 100644 --- a/roles/smokeping_prober/molecule/alternative/molecule.yml +++ b/roles/smokeping_prober/molecule/alternative/molecule.yml @@ -5,7 +5,7 @@ provisioner: inventory: group_vars: all: - smokeping_prober_binary_local_dir: "/tmp/smokeping_prober-linux-amd64" + smokeping_prober_local_cache_path: "/tmp/smokeping_prober-linux-amd64" smokeping_prober_web_listen_address: - '127.0.0.1:8080' - '127.0.1.1:8080' @@ -16,9 +16,6 @@ provisioner: http2: true smokeping_prober_basic_auth_users: randomuser: examplepassword - go_arch: amd64 smokeping_prober_version: 0.7.0 - smokeping_prober_archive_path: /tmp - smokeping_archive_path: /tmp smokeping_prober_binary_url: "https://github.com/superq/smokeping_prober/releases/download/v{{ smokeping_prober_version\ - \ }}/smokeping_prober-{{ smokeping_prober_version }}.linux-{{ go_arch }}.tar.gz" + \ }}/smokeping_prober-{{ smokeping_prober_version }}.linux-amd64.tar.gz" diff --git a/roles/smokeping_prober/molecule/default/tests/test_default.py b/roles/smokeping_prober/molecule/default/tests/test_default.py index a0ce3131c..b21018685 100644 --- a/roles/smokeping_prober/molecule/default/tests/test_default.py +++ b/roles/smokeping_prober/molecule/default/tests/test_default.py @@ -46,7 +46,6 @@ def test_user(host): assert host.group("smokeping").exists assert "smokeping" in host.user("smokeping").groups assert host.user("smokeping").shell == "/usr/sbin/nologin" - assert host.user("smokeping").home == "/" def test_service(host): diff --git a/roles/smokeping_prober/tasks/configure.yml b/roles/smokeping_prober/tasks/configure.yml index e036df8f8..42eb628ff 100644 --- a/roles/smokeping_prober/tasks/configure.yml +++ b/roles/smokeping_prober/tasks/configure.yml @@ -1,20 +1,19 @@ --- -- name: Copy the smokeping_prober systemd service file - ansible.builtin.template: - src: smokeping_prober.service.j2 - dest: /etc/systemd/system/smokeping_prober.service - owner: root - group: root - mode: 0644 - notify: restart smokeping_prober - -- name: Create smokeping_prober config directory - ansible.builtin.file: - path: "{{ smokeping_prober_config_dir }}" - state: directory - owner: root - group: root - mode: u+rwX,g+rwX,o=rX +- name: Configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: configure.yml + vars: + _common_system_user: "{{ smokeping_prober_system_user }}" + _common_system_group: "{{ smokeping_prober_system_group }}" + _common_config_dir: "{{ smokeping_prober_config_dir }}" + _common_tls_server_config: "{{ smokeping_prober_tls_server_config }}" + _common_http_server_config: "{{ smokeping_prober_http_server_config }}" + _common_basic_auth_users: "{{ smokeping_prober_basic_auth_users }}" + tags: + - smokeping_prober + - configure + - smokeping_prober_configure - name: Copy the smokeping_prober config file ansible.builtin.template: @@ -25,28 +24,8 @@ mode: 0644 no_log: "{{ false if (lookup('env', 'CI')) or (lookup('env', 'MOLECULE_PROVISIONER_NAME')) else true }}" notify: restart smokeping_prober - -- name: Configure smokeping_prober web config - when: - ( smokeping_prober_tls_server_config | length > 0 ) or - ( smokeping_prober_http_server_config | length > 0 ) or - ( smokeping_prober_basic_auth_users | length > 0 ) - block: - - name: Copy the smokeping_prober web config file - ansible.builtin.template: - src: web_config.yaml.j2 - dest: "{{ smokeping_prober_config_dir }}/web_config.yaml" - owner: root - group: root - mode: 0644 - notify: restart smokeping_prober - -- name: Allow smokeping_prober port in SELinux on RedHat OS family - community.general.seport: - ports: "{{ smokeping_prober_web_listen_address.split(':')[-1] }}" - proto: tcp - setype: http_port_t - state: present - when: - - ansible_version.full is version_compare('2.4', '>=') - - ansible_selinux.status == "enabled" + become: true + tags: + - smokeping_prober + - configure + - smokeping_prober_configure diff --git a/roles/smokeping_prober/tasks/install.yml b/roles/smokeping_prober/tasks/install.yml deleted file mode 100644 index cdf161ef4..000000000 --- a/roles/smokeping_prober/tasks/install.yml +++ /dev/null @@ -1,69 +0,0 @@ ---- -- name: Create the smokeping_prober group - ansible.builtin.group: - name: "{{ smokeping_prober_system_group }}" - state: present - system: true - when: smokeping_prober_system_group != "root" - -- name: Create the smokeping_prober user - ansible.builtin.user: - name: "{{ smokeping_prober_system_user }}" - groups: "{{ smokeping_prober_system_group }}" - append: true - shell: /usr/sbin/nologin - system: true - create_home: false - home: / - when: smokeping_prober_system_user != "root" - -- name: Get binary - when: - - smokeping_prober_binary_local_dir | length == 0 - - not smokeping_prober_skip_install - block: - - - name: Download smokeping_prober binary to local folder - become: false - ansible.builtin.get_url: - url: "{{ smokeping_prober_binary_url }}" - dest: "{{ smokeping_archive_path }}/smokeping_prober-{{ smokeping_prober_version }}.linux-{{ go_arch }}.tar.gz" - checksum: "sha256:{{ __smokeping_prober_checksum }}" - mode: '0644' - register: _download_binary - until: _download_binary is succeeded - retries: 5 - delay: 2 - delegate_to: localhost - check_mode: false - - - name: Unpack smokeping_prober binary - become: false - ansible.builtin.unarchive: - src: "{{ smokeping_archive_path }}/smokeping_prober-{{ smokeping_prober_version }}.linux-{{ go_arch }}.tar.gz" - dest: "{{ smokeping_archive_path }}" - creates: "{{ smokeping_archive_path }}/smokeping_prober-{{ smokeping_prober_version }}.linux-{{ go_arch }}/smokeping_prober" - delegate_to: localhost - check_mode: false - - - name: Propagate smokeping_prober binaries - ansible.builtin.copy: - src: "{{ smokeping_archive_path }}/smokeping_prober-{{ smokeping_prober_version }}.linux-{{ go_arch }}/smokeping_prober" - dest: "{{ smokeping_prober_binary_install_dir }}/smokeping_prober" - mode: 0755 - owner: root - group: root - notify: restart smokeping_prober - when: not ansible_check_mode - -- name: Propagate locally distributed smokeping_prober binary - ansible.builtin.copy: - src: "{{ smokeping_prober_binary_local_dir }}/smokeping_prober" - dest: "{{ smokeping_prober_binary_install_dir }}/smokeping_prober" - mode: 0755 - owner: root - group: root - when: - - smokeping_prober_binary_local_dir | length > 0 - - not smokeping_prober_skip_install - notify: restart smokeping_prober diff --git a/roles/smokeping_prober/tasks/main.yml b/roles/smokeping_prober/tasks/main.yml index a49265ffe..e2f118446 100644 --- a/roles/smokeping_prober/tasks/main.yml +++ b/roles/smokeping_prober/tasks/main.yml @@ -2,40 +2,34 @@ - name: Preflight ansible.builtin.include_tasks: file: preflight.yml - apply: - tags: - - smokeping_prober_install - - smokeping_prober_configure - - smokeping_prober_run tags: - smokeping_prober_install - smokeping_prober_configure - smokeping_prober_run - name: Install - ansible.builtin.include_tasks: - file: install.yml - apply: - become: true - tags: - - smokeping_prober_install - when: - ( not __smokeping_prober_is_installed.stat.exists ) or - ( (__smokeping_prober_current_version_output.stderr_lines | length > 0) - and (__smokeping_prober_current_version_output.stderr_lines[0].split(" ")[2] != smokeping_prober_version) ) or - ( (__smokeping_prober_current_version_output.stdout_lines | length > 0) - and (__smokeping_prober_current_version_output.stdout_lines[0].split(" ")[2] != smokeping_prober_version) ) or - ( smokeping_prober_binary_local_dir | length > 0 ) + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: install.yml + vars: + _common_local_cache_path: "{{ smokeping_prober_local_cache_path }}" + _common_binaries: "{{ _smokeping_prober_binaries }}" + _common_binary_install_dir: "{{ smokeping_prober_binary_install_dir }}" + _common_binary_url: "{{ smokeping_prober_binary_url }}" + _common_checksums_url: "{{ smokeping_prober_checksums_url }}" + _common_system_group: "{{ smokeping_prober_system_group }}" + _common_system_user: "{{ smokeping_prober_system_user }}" + _common_config_dir: "{{ smokeping_prober_config_dir }}" + _common_binary_unarchive_opts: ['--strip-components=1'] tags: - smokeping_prober_install - name: SELinux - ansible.builtin.include_tasks: - file: selinux.yml - apply: - become: true - tags: - - smokeping_prober_configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: selinux.yml + vars: + _common_selinux_port: "{{ smokeping_prober_web_listen_address | urlsplit('port') }}" when: ansible_selinux.status == "enabled" tags: - smokeping_prober_configure @@ -43,10 +37,6 @@ - name: Configure ansible.builtin.include_tasks: file: configure.yml - apply: - become: true - tags: - - smokeping_prober_configure tags: - smokeping_prober_configure diff --git a/roles/smokeping_prober/tasks/preflight.yml b/roles/smokeping_prober/tasks/preflight.yml index e1bf6f75e..8a106b27b 100644 --- a/roles/smokeping_prober/tasks/preflight.yml +++ b/roles/smokeping_prober/tasks/preflight.yml @@ -1,24 +1,8 @@ --- -- name: Assert usage of systemd as an init system - ansible.builtin.assert: - that: ansible_service_mgr == 'systemd' - msg: "This role only works with systemd" - -- name: Install package fact dependencies - become: true - ansible.builtin.package: - name: "{{ _pkg_fact_req }}" - state: present - when: (_pkg_fact_req) - vars: - _pkg_fact_req: "{% if (ansible_pkg_mgr == 'apt') %}\ - {{ ('python-apt' if ansible_python_version is version('3', '<') else 'python3-apt') }} - {% else %}\ - {% endif %}" - -- name: Gather package facts - ansible.builtin.package_facts: - when: "not 'packages' in ansible_facts" +- name: Common preflight + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: preflight.yml - name: Assert that used version supports listen address type ansible.builtin.assert: @@ -66,23 +50,6 @@ - "__smokeping_prober_cert_file.stat.exists" - "__smokeping_prober_key_file.stat.exists" -- name: Check if smokeping_prober is installed - ansible.builtin.stat: - path: "{{ smokeping_prober_binary_install_dir }}/smokeping_prober" - register: __smokeping_prober_is_installed - check_mode: false - tags: - - smokeping_prober_install - -- name: Gather currently installed smokeping_prober version (if any) - ansible.builtin.command: "{{ smokeping_prober_binary_install_dir }}/smokeping_prober --version" - changed_when: false - register: __smokeping_prober_current_version_output - check_mode: false - when: __smokeping_prober_is_installed.stat.exists - tags: - - smokeping_prober_install - - name: Discover latest version ansible.builtin.set_fact: smokeping_prober_version: "{{ (lookup('url', 'https://api.github.com/repos/{{ _smokeping_prober_repo }}/releases/latest', headers=_github_api_headers, @@ -92,24 +59,9 @@ retries: 10 when: - smokeping_prober_version == "latest" - - smokeping_prober_binary_local_dir | length == 0 - - not smokeping_prober_skip_install - -- name: Get smokeping_prober binary checksum - when: - - smokeping_prober_binary_local_dir | length == 0 - - not smokeping_prober_skip_install - block: - - name: Get checksum list from github - ansible.builtin.set_fact: - __smokeping_prober_checksums: "{{ lookup('url', smokeping_prober_checksums_url, headers=_github_api_headers, wantlist=True) | list }}" - run_once: true - until: __smokeping_prober_checksums is search('linux-' + go_arch + '.tar.gz') - retries: 10 - - - name: "Get checksum for {{ go_arch }}" - ansible.builtin.set_fact: - __smokeping_prober_checksum: "{{ item.split(' ')[0] }}" - with_items: "{{ __smokeping_prober_checksums }}" - when: - - "('linux-' + go_arch + '.tar.gz') in item" + tags: + - smokeping_prober + - install + - smokeping_prober_install + - download + - smokeping_prober_download diff --git a/roles/smokeping_prober/tasks/selinux.yml b/roles/smokeping_prober/tasks/selinux.yml deleted file mode 100644 index 754cbd0a2..000000000 --- a/roles/smokeping_prober/tasks/selinux.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Install selinux python packages [RedHat] - ansible.builtin.package: - name: "{{ ['libselinux-python', 'policycoreutils-python'] - if ansible_python_version is version('3', '<') else - ['python3-libselinux', 'python3-policycoreutils'] }}" - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: ansible_os_family | lower == "redhat" - -- name: Install selinux python packages [clearlinux] - ansible.builtin.package: - name: sysadmin-basic - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: - - ansible_distribution | lower == "clearlinux" diff --git a/roles/smokeping_prober/templates/smokeping_prober.service.j2 b/roles/smokeping_prober/templates/smokeping_prober.service.j2 index 8fc1e216a..6ea9991ae 100644 --- a/roles/smokeping_prober/templates/smokeping_prober.service.j2 +++ b/roles/smokeping_prober/templates/smokeping_prober.service.j2 @@ -13,6 +13,9 @@ PermissionsStartOnly=true ExecReload=/bin/kill -HUP $MAINPID ExecStart={{ smokeping_prober_binary_install_dir }}/smokeping_prober \ --config.file={{ smokeping_prober_config_dir }}//{{ smokeping_prober_config_file }} \ +{% if smokeping_prober_tls_server_config | length > 0 or smokeping_prober_http_server_config | length > 0 or smokeping_prober_basic_auth_users | length > 0 %} + '--web.config.file={{ smokeping_prober_config_dir }}/web_config.yml' \ +{% endif %} {% if smokeping_prober_version is version('0.7.0', '>=') and smokeping_prober_web_listen_address is iterable and smokeping_prober_web_listen_address is not mapping and diff --git a/roles/smokeping_prober/templates/web_config.yaml.j2 b/roles/smokeping_prober/templates/web_config.yaml.j2 deleted file mode 100644 index 5b5c675fd..000000000 --- a/roles/smokeping_prober/templates/web_config.yaml.j2 +++ /dev/null @@ -1,18 +0,0 @@ ---- -{{ ansible_managed | comment }} -{% if smokeping_prober_tls_server_config | length > 0 %} -tls_server_config: -{{ smokeping_prober_tls_server_config | to_nice_yaml | indent(2, true) }} -{% endif %} - -{% if smokeping_prober_http_server_config | length > 0 %} -http_server_config: -{{ smokeping_prober_http_server_config | to_nice_yaml | indent(2, true) }} -{% endif %} - -{% if smokeping_prober_basic_auth_users | length > 0 %} -basic_auth_users: -{% for k, v in smokeping_prober_basic_auth_users.items() %} - {{ k }}: {{ v | string | password_hash('bcrypt', ('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890' | shuffle(seed=inventory_hostname) | join)[:22], rounds=9) }} -{% endfor %} -{% endif %} diff --git a/roles/smokeping_prober/vars/main.yml b/roles/smokeping_prober/vars/main.yml index ecbe80dfd..a432411ce 100644 --- a/roles/smokeping_prober/vars/main.yml +++ b/roles/smokeping_prober/vars/main.yml @@ -1,11 +1,9 @@ --- -go_arch_map: - i386: '386' - x86_64: 'amd64' - aarch64: 'arm64' - armv7l: 'armv7' - armv6l: 'armv6' - -go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}" +_smokeping_prober_go_ansible_arch: "{{ {'i386': '386', + 'x86_64': 'amd64', + 'aarch64': 'arm64', + 'armv7l': 'armv7', + 'armv6l': 'armv6'}.get(ansible_architecture, ansible_architecture) }}" _smokeping_prober_repo: "superq/smokeping_prober" _github_api_headers: "{{ {'GITHUB_TOKEN': lookup('ansible.builtin.env', 'GITHUB_TOKEN')} if (lookup('ansible.builtin.env', 'GITHUB_TOKEN')) else {} }}" +_smokeping_prober_binaries: ['smokeping_prober'] From 1173d1ada742eaf856fcc1f365b675dd90753a8a Mon Sep 17 00:00:00 2001 From: gardar Date: Tue, 15 Oct 2024 17:13:47 +0000 Subject: [PATCH 21/24] refactor(snmp_exporter): delegate common tasks to _common role Signed-off-by: gardar --- roles/snmp_exporter/defaults/main.yml | 9 ++-- roles/snmp_exporter/meta/argument_specs.yml | 30 ++++++----- roles/snmp_exporter/tasks/configure.yml | 42 +++++++-------- roles/snmp_exporter/tasks/install.yml | 51 ------------------- roles/snmp_exporter/tasks/main.yml | 38 ++++++++------ roles/snmp_exporter/tasks/preflight.yml | 31 ++++------- .../templates/snmp_exporter.service.j2 | 4 +- roles/snmp_exporter/vars/main.yml | 14 +++-- 8 files changed, 82 insertions(+), 137 deletions(-) delete mode 100644 roles/snmp_exporter/tasks/install.yml diff --git a/roles/snmp_exporter/defaults/main.yml b/roles/snmp_exporter/defaults/main.yml index e9b413aec..796cbb9fb 100644 --- a/roles/snmp_exporter/defaults/main.yml +++ b/roles/snmp_exporter/defaults/main.yml @@ -1,10 +1,8 @@ --- snmp_exporter_version: 0.26.0 -snmp_exporter_binary_local_dir: "" snmp_exporter_binary_url: "https://github.com/{{ _snmp_exporter_repo }}/releases/download/v{{ snmp_exporter_version }}/\ - snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}.tar.gz" + snmp_exporter-{{ snmp_exporter_version }}.{{ ansible_system | lower }}-{{ _snmp_exporter_go_ansible_arch }}.tar.gz" snmp_exporter_checksums_url: "https://github.com/{{ _snmp_exporter_repo }}/releases/download/v{{ snmp_exporter_version }}/sha256sums.txt" -snmp_exporter_skip_install: false snmp_exporter_web_listen_address: "0.0.0.0:9116" snmp_exporter_log_level: info @@ -12,6 +10,9 @@ snmp_exporter_log_level: info snmp_exporter_config_file: "" snmp_exporter_binary_install_dir: "/usr/local/bin" +snmp_exporter_config_dir: "/etc/snmp_exporter" # Local path to stash the archive and its extraction -snmp_exporter_archive_path: /tmp +snmp_exporter_local_cache_path: "/tmp/snmp_exporter-{{ ansible_system | lower }}-{{ _snmp_exporter_go_ansible_arch }}/{{ snmp_exporter_version }}" +snmp_exporter_system_user: snmp-exp +snmp_exporter_system_group: "{{ snmp_exporter_system_user }}" diff --git a/roles/snmp_exporter/meta/argument_specs.yml b/roles/snmp_exporter/meta/argument_specs.yml index 319a22b66..84ce318de 100644 --- a/roles/snmp_exporter/meta/argument_specs.yml +++ b/roles/snmp_exporter/meta/argument_specs.yml @@ -11,18 +11,9 @@ argument_specs: snmp_exporter_version: description: "SNMP exporter package version. Also accepts latest as parameter." default: "0.26.0" - snmp_exporter_skip_install: - description: "SNMP exporter installation tasks gets skipped when set to true." - type: bool - default: false - snmp_exporter_binary_local_dir: - description: - - "Enables the use of local packages instead of those distributed on github." - - "The parameter masnmp set to a directory where the C(snmp_exporter) binary is stored on the host where ansible is run." - - "This overrides the I(snmp_exporter_version) parameter" snmp_exporter_binary_url: description: "URL of the snmp exporter binaries .tar.gz file" - default: "https://github.com/{{ _snmp_exporter_repo }}/releases/download/v{{ snmp_exporter_version }}/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}.tar.gz" + default: "https://github.com/{{ _snmp_exporter_repo }}/releases/download/v{{ snmp_exporter_version }}/snmp_exporter-{{ snmp_exporter_version }}.{{ ansible_system | lower }}-{{ _snmp_exporter_go_ansible_arch }}.tar.gz" snmp_exporter_checksums_url: description: "URL of the snmp exporter checksums file" default: "https://github.com/{{ _snmp_exporter_repo }}/releases/download/v{{ snmp_exporter_version }}/sha256sums.txt" @@ -41,6 +32,19 @@ argument_specs: - "I(Advanced)" - "Directory to install snmp_exporter binary" default: "/usr/local/bin" - snmp_exporter_archive_path: - description: 'Local path to stash the archive and its extraction' - default: "/tmp" + snmp_exporter_system_user: + description: + - "I(Advanced)" + - "snmp_exporter system user" + default: snmp-exp + snmp_exporter_system_group: + description: + - "I(Advanced)" + - "System group for snmp_exporter" + default: snmp-exp + snmp_exporter_local_cache_path: + description: "Local path to stash the archive and its extraction" + default: "/tmp/snmp_exporter-{{ ansible_system | lower }}-{{ _snmp_exporter_go_ansible_arch }}/{{ snmp_exporter_version }}" + snmp_exporter_config_dir: + description: "Path to directory with snmp_exporter configuration" + default: "/etc/snmp_exporter" diff --git a/roles/snmp_exporter/tasks/configure.yml b/roles/snmp_exporter/tasks/configure.yml index d6031d8a5..910796899 100644 --- a/roles/snmp_exporter/tasks/configure.yml +++ b/roles/snmp_exporter/tasks/configure.yml @@ -1,33 +1,29 @@ --- -- name: Create configuration directory - ansible.builtin.file: - path: "/etc/snmp_exporter" - state: directory - owner: root - group: root - mode: 0755 - -- name: Copy the SNMP Exporter systemd service file - ansible.builtin.template: - src: snmp_exporter.service.j2 - dest: /etc/systemd/system/snmp_exporter.service - owner: root - group: root - mode: 0644 - notify: - - restart snmp_exporter +- name: Configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: configure.yml + vars: + _common_system_user: "{{ snmp_exporter_system_user }}" + _common_system_group: "{{ snmp_exporter_system_group }}" + _common_config_dir: "{{ snmp_exporter_config_dir }}" + tags: + - snmp_exporter + - configure + - snmp_exporter_configure - name: Copy configuration file ansible.builtin.template: - src: "{{ snmp_exporter_config_file | default(__snmp_exporter_config_file, true) }}" - dest: /etc/snmp_exporter/snmp.yml + src: "{{ snmp_exporter_config_file | default(snmp_exporter_local_cache_path ~ '/snmp.yml', true) }}" + dest: "{{ snmp_exporter_config_dir }}/snmp.yml" owner: root group: root mode: 0644 no_log: "{{ false if (lookup('env', 'CI')) or (lookup('env', 'MOLECULE_PROVISIONER_NAME')) else true }}" notify: - reload snmp_exporter - vars: - __snmp_exporter_config_file: "{{ (snmp_exporter_binary_local_dir) | - ternary(snmp_exporter_binary_local_dir ~ '/snmp.yml', - snmp_exporter_archive_path ~ '/snmp_exporter-' ~ snmp_exporter_version ~ '.linux-' ~ go_arch ~ '/snmp.yml') }}" + become: true + tags: + - snmp_exporter + - configure + - snmp_exporter_configure diff --git a/roles/snmp_exporter/tasks/install.yml b/roles/snmp_exporter/tasks/install.yml deleted file mode 100644 index bcfb47dcf..000000000 --- a/roles/snmp_exporter/tasks/install.yml +++ /dev/null @@ -1,51 +0,0 @@ ---- -- name: Get binary - when: - - snmp_exporter_binary_local_dir | length == 0 - - not snmp_exporter_skip_install - block: - - - name: Download snmp_exporter binary to local folder - become: false - ansible.builtin.get_url: - url: "{{ snmp_exporter_binary_url }}" - dest: "{{ snmp_exporter_archive_path }}/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch }}.tar.gz" - checksum: "sha256:{{ __snmp_exporter_checksum }}" - mode: '0644' - register: _download_binary - until: _download_binary is succeeded - retries: 5 - delay: 2 - delegate_to: localhost - check_mode: false - - - name: Unpack snmp_exporter binary - become: false - ansible.builtin.unarchive: - src: "{{ snmp_exporter_archive_path }}/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch }}.tar.gz" - dest: "{{ snmp_exporter_archive_path }}" - creates: "{{ snmp_exporter_archive_path }}/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch }}/snmp_exporter" - delegate_to: localhost - check_mode: false - - - name: Propagate snmp_exporter binaries - ansible.builtin.copy: - src: "{{ snmp_exporter_archive_path }}/snmp_exporter-{{ snmp_exporter_version }}.linux-{{ go_arch }}/snmp_exporter" - dest: "{{ snmp_exporter_binary_install_dir }}/snmp_exporter" - mode: 0755 - owner: root - group: root - notify: restart snmp_exporter - when: not ansible_check_mode - -- name: Propagate locally distributed snmp_exporter binary - ansible.builtin.copy: - src: "{{ snmp_exporter_binary_local_dir }}/snmp_exporter" - dest: "{{ snmp_exporter_binary_install_dir }}/snmp_exporter" - mode: 0755 - owner: root - group: root - when: - - snmp_exporter_binary_local_dir | length > 0 - - not snmp_exporter_skip_install - notify: restart snmp_exporter diff --git a/roles/snmp_exporter/tasks/main.yml b/roles/snmp_exporter/tasks/main.yml index b815c0100..7ce6a5624 100644 --- a/roles/snmp_exporter/tasks/main.yml +++ b/roles/snmp_exporter/tasks/main.yml @@ -2,33 +2,41 @@ - name: Preflight ansible.builtin.include_tasks: file: preflight.yml - apply: - tags: - - snmp_exporter_install - - snmp_exporter_configure - - snmp_exporter_run tags: - snmp_exporter_install - snmp_exporter_configure - snmp_exporter_run - name: Install - ansible.builtin.include_tasks: - file: install.yml - apply: - become: true - tags: - - snmp_exporter_install + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: install.yml + vars: + _common_local_cache_path: "{{ snmp_exporter_local_cache_path }}" + _common_binaries: "{{ _snmp_exporter_binaries }}" + _common_binary_install_dir: "{{ snmp_exporter_binary_install_dir }}" + _common_binary_url: "{{ snmp_exporter_binary_url }}" + _common_checksums_url: "{{ snmp_exporter_checksums_url }}" + _common_system_group: "{{ snmp_exporter_system_group }}" + _common_system_user: "{{ snmp_exporter_system_user }}" + _common_config_dir: "{{ snmp_exporter_config_dir }}" + _common_binary_unarchive_opts: ['--strip-components=1'] tags: - snmp_exporter_install +- name: SELinux + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: selinux.yml + vars: + _common_selinux_port: "{{ snmp_exporter_web_listen_address | urlsplit('port') }}" + when: ansible_selinux.status == "enabled" + tags: + - snmp_exporter_configure + - name: Configure ansible.builtin.include_tasks: file: configure.yml - apply: - become: true - tags: - - snmp_exporter_configure tags: - snmp_exporter_configure diff --git a/roles/snmp_exporter/tasks/preflight.yml b/roles/snmp_exporter/tasks/preflight.yml index b20098012..ba3ba66c3 100644 --- a/roles/snmp_exporter/tasks/preflight.yml +++ b/roles/snmp_exporter/tasks/preflight.yml @@ -1,4 +1,8 @@ --- +- name: Common preflight + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: preflight.yml - name: Assert that used version supports listen address type ansible.builtin.assert: @@ -30,24 +34,9 @@ retries: 10 when: - snmp_exporter_version == "latest" - - snmp_exporter_binary_local_dir | length == 0 - - not snmp_exporter_skip_install - -- name: Get snmp_exporter binary checksum - when: - - snmp_exporter_binary_local_dir | length == 0 - - not snmp_exporter_skip_install - block: - - name: Get checksum list from github - ansible.builtin.set_fact: - __snmp_exporter_checksums: "{{ lookup('url', snmp_exporter_checksums_url, headers=_github_api_headers, wantlist=True) | list }}" - run_once: true - until: __snmp_exporter_checksums is search('linux-' + go_arch + '.tar.gz') - retries: 10 - - - name: "Get checksum for {{ go_arch }}" - ansible.builtin.set_fact: - __snmp_exporter_checksum: "{{ item.split(' ')[0] }}" - with_items: "{{ __snmp_exporter_checksums }}" - when: - - "('linux-' + go_arch + '.tar.gz') in item" + tags: + - snmp_exporter + - install + - snmp_exporter_install + - download + - snmp_exporter_download diff --git a/roles/snmp_exporter/templates/snmp_exporter.service.j2 b/roles/snmp_exporter/templates/snmp_exporter.service.j2 index 50e0c0092..e22803265 100644 --- a/roles/snmp_exporter/templates/snmp_exporter.service.j2 +++ b/roles/snmp_exporter/templates/snmp_exporter.service.j2 @@ -8,7 +8,7 @@ Type=simple User=nobody Group={{ 'nogroup' if ansible_os_family == 'Debian' else 'nobody' }} ExecReload=/bin/kill -HUP $MAINPID -ExecStart=/usr/local/bin/snmp_exporter \ +ExecStart={{ snmp_exporter_binary_install_dir }}/snmp_exporter \ {% if snmp_exporter_version is version('0.21.0', '>=') and snmp_exporter_web_listen_address is iterable and snmp_exporter_web_listen_address is not mapping and @@ -20,7 +20,7 @@ ExecStart=/usr/local/bin/snmp_exporter \ --web.listen-address={{ snmp_exporter_web_listen_address }} \ {% endif %} --log.level={{ snmp_exporter_log_level }} \ - --config.file=/etc/snmp_exporter/snmp.yml + --config.file={{ snmp_exporter_config_dir }}/snmp.yml KillMode=process diff --git a/roles/snmp_exporter/vars/main.yml b/roles/snmp_exporter/vars/main.yml index 9de953784..139d62a5d 100644 --- a/roles/snmp_exporter/vars/main.yml +++ b/roles/snmp_exporter/vars/main.yml @@ -1,11 +1,9 @@ --- -go_arch_map: - i386: '386' - x86_64: 'amd64' - aarch64: 'arm64' - armv7l: 'armv7' - armv6l: 'armv6' - -go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}" +_snmp_exporter_go_ansible_arch: "{{ {'i386': '386', + 'x86_64': 'amd64', + 'aarch64': 'arm64', + 'armv7l': 'armv7', + 'armv6l': 'armv6'}.get(ansible_architecture, ansible_architecture) }}" _snmp_exporter_repo: "prometheus/snmp_exporter" _github_api_headers: "{{ {'GITHUB_TOKEN': lookup('ansible.builtin.env', 'GITHUB_TOKEN')} if (lookup('ansible.builtin.env', 'GITHUB_TOKEN')) else {} }}" +_snmp_exporter_binaries: ['snmp_exporter'] From 5e220e5f400fbfd69c2cb99ad217193bf41c4ce9 Mon Sep 17 00:00:00 2001 From: gardar Date: Tue, 15 Oct 2024 17:15:24 +0000 Subject: [PATCH 22/24] refactor(systemd_exporter): delegate common tasks to _common role Signed-off-by: gardar --- roles/systemd_exporter/defaults/main.yml | 7 +- .../systemd_exporter/meta/argument_specs.yml | 20 ++---- .../molecule/alternative/molecule.yml | 5 +- .../molecule/default/tests/test_default.py | 1 - roles/systemd_exporter/tasks/configure.yml | 36 ---------- roles/systemd_exporter/tasks/install.yml | 68 ------------------ roles/systemd_exporter/tasks/main.yml | 53 +++++++------- roles/systemd_exporter/tasks/preflight.yml | 69 +++---------------- roles/systemd_exporter/tasks/selinux.yml | 23 ------- .../systemd_exporter/templates/config.yaml.j2 | 6 -- .../templates/systemd_exporter.service.j2 | 2 +- roles/systemd_exporter/vars/main.yml | 14 ++-- 12 files changed, 55 insertions(+), 249 deletions(-) delete mode 100644 roles/systemd_exporter/tasks/configure.yml delete mode 100644 roles/systemd_exporter/tasks/install.yml delete mode 100644 roles/systemd_exporter/tasks/selinux.yml delete mode 100644 roles/systemd_exporter/templates/config.yaml.j2 diff --git a/roles/systemd_exporter/defaults/main.yml b/roles/systemd_exporter/defaults/main.yml index ffad95e84..c14fba5ca 100644 --- a/roles/systemd_exporter/defaults/main.yml +++ b/roles/systemd_exporter/defaults/main.yml @@ -1,10 +1,8 @@ --- systemd_exporter_version: 0.6.0 -systemd_exporter_binary_local_dir: "" systemd_exporter_binary_url: "https://github.com/{{ _systemd_exporter_repo }}/releases/download/v{{ systemd_exporter_version }}/\ - systemd_exporter-{{ systemd_exporter_version }}.linux-{{ go_arch }}.tar.gz" + systemd_exporter-{{ systemd_exporter_version }}.{{ ansible_system | lower }}-{{ _systemd_exporter_go_ansible_arch }}.tar.gz" systemd_exporter_checksums_url: "https://github.com/{{ _systemd_exporter_repo }}/releases/download/v{{ systemd_exporter_version }}/sha256sums.txt" -systemd_exporter_skip_install: false systemd_exporter_web_listen_address: "0.0.0.0:9558" systemd_exporter_tls_server_config: {} @@ -19,8 +17,9 @@ systemd_exporter_unit_exclude: "" systemd_exporter_binary_install_dir: "/usr/local/bin" systemd_exporter_system_group: "systemd-exporter" systemd_exporter_system_user: "{{ systemd_exporter_system_group }}" +systemd_exporter_config_dir: "/etc/systemd_exporter" systemd_exporter_log_level: info # Local path to stash the archive and its extraction -systemd_exporter_archive_path: /tmp +systemd_exporter_local_cache_path: "/tmp/systemd_exporter-{{ ansible_system | lower }}-{{ _systemd_exporter_go_ansible_arch }}/{{ systemd_exporter_version }}" diff --git a/roles/systemd_exporter/meta/argument_specs.yml b/roles/systemd_exporter/meta/argument_specs.yml index ec96c2da3..3208219ed 100644 --- a/roles/systemd_exporter/meta/argument_specs.yml +++ b/roles/systemd_exporter/meta/argument_specs.yml @@ -11,18 +11,9 @@ argument_specs: systemd_exporter_version: description: "SystemD exporter package version. Also accepts latest as parameter." default: "0.6.0" - systemd_exporter_skip_install: - description: "SystemD exporter installation tasks gets skipped when set to true." - type: bool - default: false - systemd_exporter_binary_local_dir: - description: - - "Allows to use local packages instead of ones distributed on github." - - "As parameter it takes a directory where C(systemd_exporter) binary is stored on host on which ansible is run." - - "This overrides I(systemd_exporter_version) parameter" systemd_exporter_binary_url: description: URL of the systemd exporter binaries .tar.gz file" - default: "https://github.com/{{ _systemd_exporter_repo }}/releases/download/v{{ systemd_exporter_version }}/systemd_exporter-{{ systemd_exporter_version }}.linux-{{ go_arch }}.tar.gz" + default: "https://github.com/{{ _systemd_exporter_repo }}/releases/download/v{{ systemd_exporter_version }}/systemd_exporter-{{ systemd_exporter_version }}.{{ ansible_system | lower }}-{{ _systemd_exporter_go_ansible_arch }}.tar.gz" systemd_exporter_checksums_url: description: "URL of the systemd exporter checksums file" default: "https://github.com/{{ _systemd_exporter_repo }}/releases/download/v{{ systemd_exporter_version }}/sha256sums.txt" @@ -67,6 +58,9 @@ argument_specs: default: "systemd-exporter" systemd_exporter_log_level: description: Only log messages with the given severity or above. - systemd_exporter_archive_path: - description: 'Local path to stash the archive and its extraction' - default: "/tmp" + systemd_exporter_local_cache_path: + description: "Local path to stash the archive and its extraction" + default: "/tmp/systemd_exporter-{{ ansible_system | lower }}-{{ _systemd_exporter_go_ansible_arch }}/{{ systemd_exporter_version }}" + systemd_exporter_config_dir: + description: "Path to directory with systemd_exporter configuration" + default: "/etc/systemd_exporter" diff --git a/roles/systemd_exporter/molecule/alternative/molecule.yml b/roles/systemd_exporter/molecule/alternative/molecule.yml index d33138d8f..edc035a3b 100644 --- a/roles/systemd_exporter/molecule/alternative/molecule.yml +++ b/roles/systemd_exporter/molecule/alternative/molecule.yml @@ -5,9 +5,8 @@ provisioner: inventory: group_vars: all: - systemd_exporter_binary_local_dir: "/tmp/systemd_exporter-linux-amd64" + systemd_exporter_local_cache_path: "/tmp/systemd_exporter-linux-amd64" systemd_exporter_web_listen_address: "127.0.0.1:9000" - go_arch: amd64 systemd_exporter_version: 0.5.0 systemd_exporter_tls_server_config: cert_file: /etc/systemd_exporter/tls.cert @@ -15,4 +14,4 @@ provisioner: systemd_exporter_enable_file_descriptor_size: true systemd_exporter_binary_url: "https://github.com/prometheus-community/systemd_exporter/releases/download/v{{\ \ systemd_exporter_version }}/systemd_exporter-{{ systemd_exporter_version\ - \ }}.linux-{{ go_arch }}.tar.gz" + \ }}.linux-amd64.tar.gz" diff --git a/roles/systemd_exporter/molecule/default/tests/test_default.py b/roles/systemd_exporter/molecule/default/tests/test_default.py index 75c9cb9e7..7e03493a0 100644 --- a/roles/systemd_exporter/molecule/default/tests/test_default.py +++ b/roles/systemd_exporter/molecule/default/tests/test_default.py @@ -36,7 +36,6 @@ def test_user(host): assert host.group("systemd-exporter").exists assert "systemd-exporter" in host.user("systemd-exporter").groups assert host.user("systemd-exporter").shell == "/usr/sbin/nologin" - assert host.user("systemd-exporter").home == "/" def test_service(host): diff --git a/roles/systemd_exporter/tasks/configure.yml b/roles/systemd_exporter/tasks/configure.yml deleted file mode 100644 index 58f5428e2..000000000 --- a/roles/systemd_exporter/tasks/configure.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- name: Copy the systemd_exporter systemd service file - ansible.builtin.template: - src: systemd_exporter.service.j2 - dest: /etc/systemd/system/systemd_exporter.service - owner: root - group: root - mode: 0644 - notify: restart systemd_exporter - -- name: Create systemd_exporter config directory - ansible.builtin.file: - path: "/etc/systemd_exporter" - state: directory - owner: root - group: root - mode: u+rwX,g+rwX,o=rX - -- name: Copy the systemd_exporter config file - ansible.builtin.template: - src: config.yaml.j2 - dest: /etc/systemd_exporter/config.yaml - owner: root - group: root - mode: 0644 - notify: restart systemd_exporter - -- name: Allow systemd_exporter port in SELinux on RedHat OS family - community.general.seport: - ports: "{{ systemd_exporter_web_listen_address.split(':')[-1] }}" - proto: tcp - setype: http_port_t - state: present - when: - - ansible_version.full is version_compare('2.4', '>=') - - ansible_selinux.status == "enabled" diff --git a/roles/systemd_exporter/tasks/install.yml b/roles/systemd_exporter/tasks/install.yml deleted file mode 100644 index 5236206e0..000000000 --- a/roles/systemd_exporter/tasks/install.yml +++ /dev/null @@ -1,68 +0,0 @@ ---- -- name: Create the systemd_exporter group - ansible.builtin.group: - name: "{{ systemd_exporter_system_group }}" - state: present - system: true - when: systemd_exporter_system_group != "root" - -- name: Create the systemd_exporter user - ansible.builtin.user: - name: "{{ systemd_exporter_system_user }}" - groups: "{{ systemd_exporter_system_group }}" - append: true - shell: /usr/sbin/nologin - system: true - create_home: false - home: / - when: systemd_exporter_system_user != "root" - -- name: Get systemd exporter binary - when: - - systemd_exporter_binary_local_dir | length == 0 - - not systemd_exporter_skip_install - block: - - name: Download systemd_exporter binary to local folder - become: false - ansible.builtin.get_url: - url: "{{ systemd_exporter_binary_url }}" - dest: "{{ systemd_exporter_archive_path }}/systemd_exporter-{{ systemd_exporter_version }}.linux-{{ go_arch }}.tar.gz" - checksum: "sha256:{{ _systemd_exporter_checksum }}" - mode: '0644' - register: _download_binary - until: _download_binary is succeeded - retries: 5 - delay: 2 - delegate_to: localhost - check_mode: false - - - name: Unpack systemd_exporter binary - become: false - ansible.builtin.unarchive: - src: "{{ systemd_exporter_archive_path }}/systemd_exporter-{{ systemd_exporter_version }}.linux-{{ go_arch }}.tar.gz" - dest: "{{ systemd_exporter_archive_path }}" - creates: "{{ systemd_exporter_archive_path }}/systemd_exporter-{{ systemd_exporter_version }}.linux-{{ go_arch }}/systemd_exporter" - delegate_to: localhost - check_mode: false - - - name: Propagate systemd_exporter binaries - ansible.builtin.copy: - src: "{{ systemd_exporter_archive_path }}/systemd_exporter-{{ systemd_exporter_version }}.linux-{{ go_arch }}/systemd_exporter" - dest: "{{ systemd_exporter_binary_install_dir }}/systemd_exporter" - mode: 0755 - owner: root - group: root - notify: restart systemd_exporter - when: not ansible_check_mode - -- name: Propagate locally distributed systemd_exporter binary - ansible.builtin.copy: - src: "{{ systemd_exporter_binary_local_dir }}/systemd_exporter" - dest: "{{ systemd_exporter_binary_install_dir }}/systemd_exporter" - mode: 0755 - owner: root - group: root - when: - - systemd_exporter_binary_local_dir | length > 0 - - not systemd_exporter_skip_install - notify: restart systemd_exporter diff --git a/roles/systemd_exporter/tasks/main.yml b/roles/systemd_exporter/tasks/main.yml index 1e918a33e..faa7fe402 100644 --- a/roles/systemd_exporter/tasks/main.yml +++ b/roles/systemd_exporter/tasks/main.yml @@ -2,48 +2,47 @@ - name: Preflight ansible.builtin.include_tasks: file: preflight.yml - apply: - tags: - - systemd_exporter_install - - systemd_exporter_configure - - systemd_exporter_run tags: - systemd_exporter_install - systemd_exporter_configure - systemd_exporter_run - name: Install - ansible.builtin.include_tasks: - file: install.yml - apply: - become: true - tags: - - systemd_exporter_install - when: - ( not __systemd_exporter_is_installed.stat.exists ) or - ( __systemd_exporter_current_version_output.stderr_lines[0].split(" ")[2] != systemd_exporter_version ) or - ( systemd_exporter_binary_local_dir | length > 0 ) + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: install.yml + vars: + _common_local_cache_path: "{{ systemd_exporter_local_cache_path }}" + _common_binaries: "{{ _systemd_exporter_binaries }}" + _common_binary_install_dir: "{{ systemd_exporter_binary_install_dir }}" + _common_binary_url: "{{ systemd_exporter_binary_url }}" + _common_checksums_url: "{{ systemd_exporter_checksums_url }}" + _common_system_group: "{{ systemd_exporter_system_group }}" + _common_system_user: "{{ systemd_exporter_system_user }}" + _common_config_dir: "{{ systemd_exporter_config_dir }}" + _common_binary_unarchive_opts: ['--strip-components=1'] tags: - systemd_exporter_install - name: SELinux - ansible.builtin.include_tasks: - file: selinux.yml - apply: - become: true - tags: - - systemd_exporter_configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: selinux.yml + vars: + _common_selinux_port: "{{ systemd_exporter_web_listen_address | urlsplit('port') }}" when: ansible_selinux.status == "enabled" tags: - systemd_exporter_configure - name: Configure - ansible.builtin.include_tasks: - file: configure.yml - apply: - become: true - tags: - - systemd_exporter_configure + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: configure.yml + vars: + _common_system_user: "{{ systemd_exporter_system_user }}" + _common_system_group: "{{ systemd_exporter_system_group }}" + _common_config_dir: "{{ systemd_exporter_config_dir }}" + _common_tls_server_config: "{{ systemd_exporter_tls_server_config }}" tags: - systemd_exporter_configure diff --git a/roles/systemd_exporter/tasks/preflight.yml b/roles/systemd_exporter/tasks/preflight.yml index 1e02da96b..adec0f3a9 100644 --- a/roles/systemd_exporter/tasks/preflight.yml +++ b/roles/systemd_exporter/tasks/preflight.yml @@ -1,24 +1,8 @@ --- -- name: Assert usage of systemd as an init system - ansible.builtin.assert: - that: ansible_service_mgr == 'systemd' - msg: "This role only works with systemd" - -- name: Install package fact dependencies - become: true - ansible.builtin.package: - name: "{{ _pkg_fact_req }}" - state: present - when: (_pkg_fact_req) - vars: - _pkg_fact_req: "{% if (ansible_pkg_mgr == 'apt') %}\ - {{ ('python-apt' if ansible_python_version is version('3', '<') else 'python3-apt') }} - {% else %}\ - {% endif %}" - -- name: Gather package facts - ansible.builtin.package_facts: - when: "not 'packages' in ansible_facts" +- name: Common preflight + ansible.builtin.include_role: + name: prometheus.prometheus._common + tasks_from: preflight.yml - name: Assert that used version supports listen address type ansible.builtin.assert: @@ -78,24 +62,6 @@ systemd_exporter_system_user: "root" when: systemd_exporter_enable_file_descriptor_size -- name: Check if systemd_exporter is installed - ansible.builtin.stat: - path: "{{ systemd_exporter_binary_install_dir }}/systemd_exporter" - register: __systemd_exporter_is_installed - check_mode: false - tags: - - systemd_exporter_install - -- name: Gather currently installed systemd_exporter version (if any) - command: "{{ systemd_exporter_binary_install_dir }}/systemd_exporter --version" - changed_when: false - register: __systemd_exporter_current_version_output - check_mode: false - when: __systemd_exporter_is_installed.stat.exists - tags: - - systemd_exporter_install - - skip_ansible_lint - - name: Discover latest version ansible.builtin.set_fact: systemd_exporter_version: "{{ (lookup('url', 'https://api.github.com/repos/{{ _systemd_exporter_repo }}/releases/latest', @@ -105,24 +71,9 @@ retries: 10 when: - systemd_exporter_version == "latest" - - systemd_exporter_binary_local_dir | length == 0 - - not systemd_exporter_skip_install - -- name: Get systemd exporter binary checksum - when: - - systemd_exporter_binary_local_dir | length == 0 - - not systemd_exporter_skip_install - block: - - name: Get checksum list from github - ansible.builtin.set_fact: - _systemd_exporter_checksums: "{{ lookup('url', systemd_exporter_checksums_url, headers=_github_api_headers, wantlist=True) | list }}" - run_once: true - until: _systemd_exporter_checksums is search('linux-' + go_arch + '.tar.gz') - retries: 10 - - - name: "Get checksum for {{ go_arch }}" - ansible.builtin.set_fact: - _systemd_exporter_checksum: "{{ item.split(' ')[0] }}" - with_items: "{{ _systemd_exporter_checksums }}" - when: - - "('linux-' + go_arch + '.tar.gz') in item" + tags: + - systemd_exporter + - install + - systemd_exporter_install + - download + - systemd_exporter_download diff --git a/roles/systemd_exporter/tasks/selinux.yml b/roles/systemd_exporter/tasks/selinux.yml deleted file mode 100644 index 754cbd0a2..000000000 --- a/roles/systemd_exporter/tasks/selinux.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Install selinux python packages [RedHat] - ansible.builtin.package: - name: "{{ ['libselinux-python', 'policycoreutils-python'] - if ansible_python_version is version('3', '<') else - ['python3-libselinux', 'python3-policycoreutils'] }}" - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: ansible_os_family | lower == "redhat" - -- name: Install selinux python packages [clearlinux] - ansible.builtin.package: - name: sysadmin-basic - state: present - register: _install_selinux_packages - until: _install_selinux_packages is success - retries: 5 - delay: 2 - when: - - ansible_distribution | lower == "clearlinux" diff --git a/roles/systemd_exporter/templates/config.yaml.j2 b/roles/systemd_exporter/templates/config.yaml.j2 deleted file mode 100644 index 682b16ce8..000000000 --- a/roles/systemd_exporter/templates/config.yaml.j2 +++ /dev/null @@ -1,6 +0,0 @@ ---- -{{ ansible_managed | comment }} -{% if systemd_exporter_tls_server_config | length > 0 %} -tls_server_config: -{{ systemd_exporter_tls_server_config | to_nice_yaml | indent(2, true) }} -{% endif %} diff --git a/roles/systemd_exporter/templates/systemd_exporter.service.j2 b/roles/systemd_exporter/templates/systemd_exporter.service.j2 index 5d179362b..191d8772d 100644 --- a/roles/systemd_exporter/templates/systemd_exporter.service.j2 +++ b/roles/systemd_exporter/templates/systemd_exporter.service.j2 @@ -37,7 +37,7 @@ ExecStart={{ systemd_exporter_binary_install_dir }}/systemd_exporter \ --systemd.collector.unit-exclude={{ systemd_exporter_unit_exclude }} \ {% endif %} {% if systemd_exporter_tls_server_config | length > 0 %} - --web.config.file=/etc/systemd_exporter/config.yaml \ + --web.config.file={{ systemd_exporter_config_dir }}/web_config.yml \ {% endif %} --log.level={{ systemd_exporter_log_level }} \ --web.listen-address={{ systemd_exporter_web_listen_address }} diff --git a/roles/systemd_exporter/vars/main.yml b/roles/systemd_exporter/vars/main.yml index 0b4f45887..966be4a00 100644 --- a/roles/systemd_exporter/vars/main.yml +++ b/roles/systemd_exporter/vars/main.yml @@ -1,11 +1,9 @@ --- -go_arch_map: - i386: '386' - x86_64: 'amd64' - aarch64: 'arm64' - armv7l: 'armv7' - armv6l: 'armv6' - -go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}" +_systemd_exporter_go_ansible_arch: "{{ {'i386': '386', + 'x86_64': 'amd64', + 'aarch64': 'arm64', + 'armv7l': 'armv7', + 'armv6l': 'armv6'}.get(ansible_architecture, ansible_architecture) }}" _systemd_exporter_repo: "prometheus-community/systemd_exporter" _github_api_headers: "{{ {'GITHUB_TOKEN': lookup('ansible.builtin.env', 'GITHUB_TOKEN')} if (lookup('ansible.builtin.env', 'GITHUB_TOKEN')) else {} }}" +_systemd_exporter_binaries: ['systemd_exporter'] From b028c8f9d86031649f4053c0903730ff853b580e Mon Sep 17 00:00:00 2001 From: gardar Date: Tue, 15 Oct 2024 17:19:04 +0000 Subject: [PATCH 23/24] fix: align to _common role Signed-off-by: gardar --- .config/molecule/alternative/prepare.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.config/molecule/alternative/prepare.yml b/.config/molecule/alternative/prepare.yml index 217187288..73bcb4dbf 100644 --- a/.config/molecule/alternative/prepare.yml +++ b/.config/molecule/alternative/prepare.yml @@ -6,26 +6,26 @@ __role_name: "{{ lookup('ansible.builtin.env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" __binary_name: "{{ __role_name }}" __binary_url: "{{ lookup('ansible.builtin.vars', __role_name ~ '_binary_url', default='') }}" - __binary_local_dir: "{{ lookup('ansible.builtin.vars', __role_name ~ '_binary_local_dir', default='') }}" + __cache_path: "{{ lookup('ansible.builtin.vars', __role_name ~ '_local_cache_path', default='') }}" __tls_server_config: "{{ lookup('ansible.builtin.vars', __role_name ~ '_tls_server_config', default={}) }}" tasks: - name: "Create local binary directory" ansible.builtin.file: - path: "{{ __binary_local_dir }}" + path: "{{ __cache_path }}" state: directory mode: 0755 - when: (__binary_local_dir) + when: (__cache_path) - name: "Fetch binary" become: false ansible.builtin.unarchive: src: "{{ __binary_url }}" - dest: "{{ __binary_local_dir }}" + dest: "{{ __cache_path }}" remote_src: true list_files: true extra_opts: - "--strip-components=1" - creates: "{{ __binary_local_dir }}/{{ __binary_name }}" + creates: "{{ __cache_path }}/{{ __binary_name }}" check_mode: false register: __download_binary when: (__binary_url) From dc2007fab593bfc4d5e4797a21562c47054c73a9 Mon Sep 17 00:00:00 2001 From: gardar Date: Tue, 15 Oct 2024 17:53:17 +0000 Subject: [PATCH 24/24] skip_changelog(ci): bump parallelism to speed up tests without hitting api limits Signed-off-by: gardar --- .github/workflows/ansible-test-integration.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ansible-test-integration.yml b/.github/workflows/ansible-test-integration.yml index e05dd12d6..632537082 100644 --- a/.github/workflows/ansible-test-integration.yml +++ b/.github/workflows/ansible-test-integration.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest strategy: fail-fast: false - max-parallel: 4 + max-parallel: 10 matrix: targets: ${{ fromJson(inputs.targets) }} ansible-core-versions: ${{ fromJson(inputs.ansible-core-versions) }}