remove system user management and convert variables to internal ones (#142)

* remove system user management and convert variables to internal ones * molecule: remove testing for user creation as it is not easily possible due to ansible variable precedence [minor] release

remove system user management and convert variables to internal ones (#142)
c6ffcfde · Paweł Krupa · GitHub · 5344748b · c6ffcfde · c6ffcfde
Unverified Commit c6ffcfde authored 5 years ago by Paweł Krupa Committed by GitHub 5 years ago
--- a/README.md
+++ b/README.md
@@ -25,8 +25,6 @@ All variables which can be overridden are stored in [defaults/main.yml](defaults
 | `node_exporter_version` | 0.18.1 | Node exporter package version. Also accepts latest as parameter. |
 | `node_exporter_binary_local_dir` | "" | Allows to use local packages instead of ones distributed on github. As parameter it takes a directory where `node_exporter` binary is stored on host on which ansible is ran. This overrides `node_exporter_version` parameter |
 | `node_exporter_web_listen_address` | "0.0.0.0:9100" | Address on which node exporter will listen |
-| `node_exporter_system_group` | "node-exp" | System group used to run node_exporter |
-| `node_exporter_system_user` | "node-exp" | System user used to run node_exporter |
 | `node_exporter_enabled_collectors` | [ systemd, textfile ] | List of additionally enabled collectors. It adds collectors to [those enabled by default](https://github.com/prometheus/node_exporter#enabled-by-default) |
 | `node_exporter_disabled_collectors` | [] | List of disabled collectors. By default node_exporter disables collectors listed [here](https://github.com/prometheus/node_exporter#disabled-by-default). |
 | `node_exporter_textfile_dir` | "/var/lib/node_exporter" | Directory used by the [Textfile Collector](https://github.com/prometheus/node_exporter#textfile-collector). To get permissions to write metrics in this directory, users must be in `node-exp` system group.

--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -3,9 +3,6 @@ node_exporter_version: 0.18.1
 node_exporter_binary_local_dir: ""
 node_exporter_web_listen_address: "0.0.0.0:9100"
-node_exporter_system_group: "node-exp"
-node_exporter_system_user: "{{ node_exporter_system_group }}"
 node_exporter_textfile_dir: "/var/lib/node_exporter"
 node_exporter_enabled_collectors:

--- a/molecule/alternative/playbook.yml
+++ b/molecule/alternative/playbook.yml
@@ -6,8 +6,6 @@
    - ansible-node-exporter
  vars:
    node_exporter_binary_local_dir: "/tmp/node_exporter-linux-amd64"
-    node_exporter_system_group: "root"
-    node_exporter_system_user: "root"
    node_exporter_textfile_dir: ""
    node_exporter_enabled_collectors:
      - entropy

--- a/molecule/alternative/tests/test_alternative.py
+++ b/molecule/alternative/tests/test_alternative.py
@@ -14,11 +14,6 @@ def test_directories(host):
        assert not d.exists
-def test_user(host):
-    assert not host.group("node-exp").exists
-    assert not host.user("node-exp").exists
 def test_service(host):
    s = host.service("node_exporter")
 #    assert s.is_enabled

--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@@ -12,8 +12,8 @@
  file:
    path: "{{ node_exporter_textfile_dir }}"
    state: directory
-    owner: "{{ node_exporter_system_user }}"
+    owner: "{{ _node_exporter_system_user }}"
-    group: "{{ node_exporter_system_group }}"
+    group: "{{ _node_exporter_system_group }}"
    recurse: true
    mode: 0775
  when: node_exporter_textfile_dir | length > 0

--- a/tasks/install.yml
+++ b/tasks/install.yml
 ---
 - name: Create the node_exporter group
  group:
-    name: "{{ node_exporter_system_group }}"
+    name: "{{ _node_exporter_system_group }}"
    state: present
    system: true
-  when: node_exporter_system_group != "root"
+  when: _node_exporter_system_group != "root"
 - name: Create the node_exporter user
  user:
-    name: "{{ node_exporter_system_user }}"
+    name: "{{ _node_exporter_system_user }}"
-    groups: "{{ node_exporter_system_group }}"
+    groups: "{{ _node_exporter_system_group }}"
    append: true
    shell: /usr/sbin/nologin
    system: true
    create_home: false
    home: /
-  when: node_exporter_system_user != "root"
+  when: _node_exporter_system_user != "root"
 - block:
    - name: Download node_exporter binary to local folder

--- a/templates/node_exporter.service.j2
+++ b/templates/node_exporter.service.j2
@@ -7,8 +7,8 @@ StartLimitInterval=0
 [Service]
 Type=simple
-User={{ node_exporter_system_user }}
+User={{ _node_exporter_system_user }}
-Group={{ node_exporter_system_group }}
+Group={{ _node_exporter_system_group }}
 ExecStart={{ _node_exporter_binary_install_dir }}/node_exporter \
 {% for collector in node_exporter_enabled_collectors -%}
 {%   if not collector is mapping %}

--- a/vars/main.yml
+++ b/vars/main.yml
@@ -9,3 +9,5 @@ go_arch_map:
 go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}"
 _node_exporter_binary_install_dir: "/usr/local/bin"
+_node_exporter_system_group: "node-exp"
+_node_exporter_system_user: "{{ _node_exporter_system_group }}"