From cf1a5dbece84ced1a75168e84d10eec9f71b82d3 Mon Sep 17 00:00:00 2001 From: Mahendra Paipuri <44365948+mahendrapaipuri@users.noreply.github.com> Date: Thu, 29 Feb 2024 09:50:15 +0100 Subject: [PATCH] chore: Configurable prometheus system user, group (#307) Signed-off-by: Mahendra Paipuri --- roles/prometheus/defaults/main.yml | 3 +++ roles/prometheus/meta/argument_specs.yml | 10 ++++++++++ roles/prometheus/tasks/configure.yml | 12 ++++++------ roles/prometheus/tasks/install.yml | 12 ++++++------ roles/prometheus/templates/prometheus.service.j2 | 4 ++-- 5 files changed, 27 insertions(+), 14 deletions(-) diff --git a/roles/prometheus/defaults/main.yml b/roles/prometheus/defaults/main.yml index 6ae28a3c..307921b8 100644 --- a/roles/prometheus/defaults/main.yml +++ b/roles/prometheus/defaults/main.yml @@ -227,4 +227,7 @@ prometheus_alert_rules: # noqa yaml[line-length] # noqa line-length severity: warning # yamllint enable rule:line-length +prometheus_system_group: 'prometheus' +prometheus_system_user: "{{ prometheus_system_group }}" + prometheus_stop_timeout: '600s' diff --git a/roles/prometheus/meta/argument_specs.yml b/roles/prometheus/meta/argument_specs.yml index 013aae52..2f9cf91c 100644 --- a/roles/prometheus/meta/argument_specs.yml +++ b/roles/prometheus/meta/argument_specs.yml @@ -150,6 +150,16 @@ argument_specs: default: - "prometheus/targets/*.yml" - "prometheus/targets/*.json" + prometheus_system_group: + description: + - "System group for Prometheus." + type: "str" + default: "prometheus" + prometheus_system_user: + description: + - "System user for Prometheus." + type: "str" + default: "prometheus" prometheus_stop_timeout: description: - "How long to wait for Prometheus to shutdown. This is passed as a systemd TimeoutStopSec time spec." diff --git a/roles/prometheus/tasks/configure.yml b/roles/prometheus/tasks/configure.yml index cd220f1c..48ef8d58 100644 --- a/roles/prometheus/tasks/configure.yml +++ b/roles/prometheus/tasks/configure.yml @@ -4,7 +4,7 @@ src: "alert.rules.j2" dest: "{{ prometheus_config_dir }}/rules/ansible_managed.rules" owner: root - group: prometheus + group: "{{ prometheus_system_group }}" mode: 0640 validate: "{{ _prometheus_binary_install_dir }}/promtool check rules %s" when: @@ -18,7 +18,7 @@ src: "{{ item }}" dest: "{{ prometheus_config_dir }}/rules/" owner: root - group: prometheus + group: "{{ prometheus_system_group }}" mode: 0640 validate: "{{ _prometheus_binary_install_dir }}/promtool check rules %s" with_fileglob: "{{ prometheus_alert_rules_files }}" @@ -33,7 +33,7 @@ dest: "{{ prometheus_config_dir }}/prometheus.yml" force: true owner: root - group: prometheus + group: "{{ prometheus_system_group }}" mode: 0640 validate: "{{ _prometheus_binary_install_dir }}/promtool check config %s" no_log: "{{ false if (lookup('env', 'CI')) or (lookup('env', 'MOLECULE_PROVISIONER_NAME')) else true }}" @@ -46,7 +46,7 @@ dest: "{{ prometheus_config_dir }}/web.yml" force: true owner: root - group: prometheus + group: "{{ prometheus_system_group }}" mode: 0640 - name: Configure prometheus static targets @@ -56,7 +56,7 @@ dest: "{{ prometheus_config_dir }}/file_sd/{{ item.key }}.yml" force: true owner: root - group: prometheus + group: "{{ prometheus_system_group }}" mode: 0640 with_dict: "{{ prometheus_targets }}" when: prometheus_targets != {} @@ -67,6 +67,6 @@ dest: "{{ prometheus_config_dir }}/file_sd/" force: true owner: root - group: prometheus + group: "{{ prometheus_system_group }}" mode: 0640 with_fileglob: "{{ prometheus_static_targets_files }}" diff --git a/roles/prometheus/tasks/install.yml b/roles/prometheus/tasks/install.yml index 47a87404..4193c4ce 100644 --- a/roles/prometheus/tasks/install.yml +++ b/roles/prometheus/tasks/install.yml @@ -1,16 +1,16 @@ --- - name: Create prometheus system group ansible.builtin.group: - name: prometheus + name: "{{ prometheus_system_group }}" system: true state: present - name: Create prometheus system user ansible.builtin.user: - name: prometheus + name: "{{ prometheus_system_user }}" system: true shell: "/usr/sbin/nologin" - group: prometheus + group: "{{ prometheus_system_group }}" createhome: false home: "{{ prometheus_db_dir }}" @@ -18,8 +18,8 @@ ansible.builtin.file: path: "{{ prometheus_db_dir }}" state: directory - owner: prometheus - group: prometheus + owner: "{{ prometheus_system_user }}" + group: "{{ prometheus_system_group }}" mode: 0755 - name: Create prometheus configuration directories @@ -27,7 +27,7 @@ path: "{{ item }}" state: directory owner: root - group: prometheus + group: "{{ prometheus_system_group }}" mode: 0770 with_items: - "{{ prometheus_config_dir }}" diff --git a/roles/prometheus/templates/prometheus.service.j2 b/roles/prometheus/templates/prometheus.service.j2 index b48a7b7b..d4fd0cee 100644 --- a/roles/prometheus/templates/prometheus.service.j2 +++ b/roles/prometheus/templates/prometheus.service.j2 @@ -9,8 +9,8 @@ After=local-fs.target [Service] Type=simple Environment="GOMAXPROCS={{ ansible_processor_vcpus|default(ansible_processor_count) }}" -User=prometheus -Group=prometheus +User={{ prometheus_system_user }} +Group={{ prometheus_system_group }} ExecReload=/bin/kill -HUP $MAINPID ExecStart={{ _prometheus_binary_install_dir }}/prometheus \ {% if not prometheus_agent_mode %}