From c6ffcfdef305c39273e7ab13bea69374c92eb171 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pawe=C5=82=20Krupa?= <pawel@krupa.net.pl>
Date: Fri, 31 Jan 2020 19:15:51 +0100
Subject: [PATCH] remove system user management and convert variables to
internal ones (#142)
* remove system user management and convert variables to internal ones
* molecule: remove testing for user creation as it is not easily possible due to ansible variable precedence
[minor] release
---
README.md | 2 --
defaults/main.yml | 3 ---
molecule/alternative/playbook.yml | 2 --
molecule/alternative/tests/test_alternative.py | 5 -----
tasks/configure.yml | 4 ++--
tasks/install.yml | 10 +++++-----
templates/node_exporter.service.j2 | 4 ++--
vars/main.yml | 2 ++
8 files changed, 11 insertions(+), 21 deletions(-)
diff --git a/README.md b/README.md
index ab3e482..6a261fd 100644
--- a/README.md
+++ b/README.md
@@ -25,8 +25,6 @@ All variables which can be overridden are stored in [defaults/main.yml](defaults
| `node_exporter_version` | 0.18.1 | Node exporter package version. Also accepts latest as parameter. |
| `node_exporter_binary_local_dir` | "" | Allows to use local packages instead of ones distributed on github. As parameter it takes a directory where `node_exporter` binary is stored on host on which ansible is ran. This overrides `node_exporter_version` parameter |
| `node_exporter_web_listen_address` | "0.0.0.0:9100" | Address on which node exporter will listen |
-| `node_exporter_system_group` | "node-exp" | System group used to run node_exporter |
-| `node_exporter_system_user` | "node-exp" | System user used to run node_exporter |
| `node_exporter_enabled_collectors` | [ systemd, textfile ] | List of additionally enabled collectors. It adds collectors to [those enabled by default](https://github.com/prometheus/node_exporter#enabled-by-default) |
| `node_exporter_disabled_collectors` | [] | List of disabled collectors. By default node_exporter disables collectors listed [here](https://github.com/prometheus/node_exporter#disabled-by-default). |
| `node_exporter_textfile_dir` | "/var/lib/node_exporter" | Directory used by the [Textfile Collector](https://github.com/prometheus/node_exporter#textfile-collector). To get permissions to write metrics in this directory, users must be in `node-exp` system group.
diff --git a/defaults/main.yml b/defaults/main.yml
index 723ffff..f6f549a 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -3,9 +3,6 @@ node_exporter_version: 0.18.1
node_exporter_binary_local_dir: ""
node_exporter_web_listen_address: "0.0.0.0:9100"
-node_exporter_system_group: "node-exp"
-node_exporter_system_user: "{{ node_exporter_system_group }}"
-
node_exporter_textfile_dir: "/var/lib/node_exporter"
node_exporter_enabled_collectors:
diff --git a/molecule/alternative/playbook.yml b/molecule/alternative/playbook.yml
index 238fbbd..ce51111 100644
--- a/molecule/alternative/playbook.yml
+++ b/molecule/alternative/playbook.yml
@@ -6,8 +6,6 @@
- ansible-node-exporter
vars:
node_exporter_binary_local_dir: "/tmp/node_exporter-linux-amd64"
- node_exporter_system_group: "root"
- node_exporter_system_user: "root"
node_exporter_textfile_dir: ""
node_exporter_enabled_collectors:
- entropy
diff --git a/molecule/alternative/tests/test_alternative.py b/molecule/alternative/tests/test_alternative.py
index 8b6237f..87cfc15 100644
--- a/molecule/alternative/tests/test_alternative.py
+++ b/molecule/alternative/tests/test_alternative.py
@@ -14,11 +14,6 @@ def test_directories(host):
assert not d.exists
-def test_user(host):
- assert not host.group("node-exp").exists
- assert not host.user("node-exp").exists
-
-
def test_service(host):
s = host.service("node_exporter")
# assert s.is_enabled
diff --git a/tasks/configure.yml b/tasks/configure.yml
index a77b19e..71b0de4 100644
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@@ -12,8 +12,8 @@
file:
path: "{{ node_exporter_textfile_dir }}"
state: directory
- owner: "{{ node_exporter_system_user }}"
- group: "{{ node_exporter_system_group }}"
+ owner: "{{ _node_exporter_system_user }}"
+ group: "{{ _node_exporter_system_group }}"
recurse: true
mode: 0775
when: node_exporter_textfile_dir | length > 0
diff --git a/tasks/install.yml b/tasks/install.yml
index d640ad1..195553f 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -1,21 +1,21 @@
---
- name: Create the node_exporter group
group:
- name: "{{ node_exporter_system_group }}"
+ name: "{{ _node_exporter_system_group }}"
state: present
system: true
- when: node_exporter_system_group != "root"
+ when: _node_exporter_system_group != "root"
- name: Create the node_exporter user
user:
- name: "{{ node_exporter_system_user }}"
- groups: "{{ node_exporter_system_group }}"
+ name: "{{ _node_exporter_system_user }}"
+ groups: "{{ _node_exporter_system_group }}"
append: true
shell: /usr/sbin/nologin
system: true
create_home: false
home: /
- when: node_exporter_system_user != "root"
+ when: _node_exporter_system_user != "root"
- block:
- name: Download node_exporter binary to local folder
diff --git a/templates/node_exporter.service.j2 b/templates/node_exporter.service.j2
index 7773c3f..559c409 100644
--- a/templates/node_exporter.service.j2
+++ b/templates/node_exporter.service.j2
@@ -7,8 +7,8 @@ StartLimitInterval=0
[Service]
Type=simple
-User={{ node_exporter_system_user }}
-Group={{ node_exporter_system_group }}
+User={{ _node_exporter_system_user }}
+Group={{ _node_exporter_system_group }}
ExecStart={{ _node_exporter_binary_install_dir }}/node_exporter \
{% for collector in node_exporter_enabled_collectors -%}
{% if not collector is mapping %}
diff --git a/vars/main.yml b/vars/main.yml
index 945db28..9758af1 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -9,3 +9,5 @@ go_arch_map:
go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}"
_node_exporter_binary_install_dir: "/usr/local/bin"
+_node_exporter_system_group: "node-exp"
+_node_exporter_system_user: "{{ _node_exporter_system_group }}"
--
GitLab