remove system user management and convert variables to internal ones (#142)

paulfantom · web-flow · commit c6ffcfdef305 · 2020-01-31T19:15:51.000+01:00
* remove system user management and convert variables to internal ones

* molecule: remove testing for user creation as it is not easily possible due to ansible variable precedence

[minor] release
diff --git a/README.md b/README.md
@@ -25,8 +25,6 @@ All variables which can be overridden are stored in [defaults/main.yml](defaults
 | `node_exporter_version` | 0.18.1 | Node exporter package version. Also accepts latest as parameter. |
 | `node_exporter_binary_local_dir` | "" | Allows to use local packages instead of ones distributed on github. As parameter it takes a directory where `node_exporter` binary is stored on host on which ansible is ran. This overrides `node_exporter_version` parameter |
 | `node_exporter_web_listen_address` | "0.0.0.0:9100" | Address on which node exporter will listen |
-| `node_exporter_system_group` | "node-exp" | System group used to run node_exporter |
-| `node_exporter_system_user` | "node-exp" | System user used to run node_exporter |
 | `node_exporter_enabled_collectors` | [ systemd, textfile ] | List of additionally enabled collectors. It adds collectors to [those enabled by default](https://github.com/prometheus/node_exporter#enabled-by-default) |
 | `node_exporter_disabled_collectors` | [] | List of disabled collectors. By default node_exporter disables collectors listed [here](https://github.com/prometheus/node_exporter#disabled-by-default). |
 | `node_exporter_textfile_dir` | "/var/lib/node_exporter" | Directory used by the [Textfile Collector](https://github.com/prometheus/node_exporter#textfile-collector). To get permissions to write metrics in this directory, users must be in `node-exp` system group.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -3,9 +3,6 @@ node_exporter_version: 0.18.1
 node_exporter_binary_local_dir: ""
 node_exporter_web_listen_address: "0.0.0.0:9100"
 
-node_exporter_system_group: "node-exp"
-node_exporter_system_user: "{{ node_exporter_system_group }}"
-
 node_exporter_textfile_dir: "/var/lib/node_exporter"
 
 node_exporter_enabled_collectors:
diff --git a/molecule/alternative/playbook.yml b/molecule/alternative/playbook.yml
@@ -6,8 +6,6 @@
     - ansible-node-exporter
   vars:
     node_exporter_binary_local_dir: "/tmp/node_exporter-linux-amd64"
-    node_exporter_system_group: "root"
-    node_exporter_system_user: "root"
     node_exporter_textfile_dir: ""
     node_exporter_enabled_collectors:
       - entropy
diff --git a/molecule/alternative/tests/test_alternative.py b/molecule/alternative/tests/test_alternative.py
@@ -14,11 +14,6 @@ def test_directories(host):
         assert not d.exists
 
 
-def test_user(host):
-    assert not host.group("node-exp").exists
-    assert not host.user("node-exp").exists
-
-
 def test_service(host):
     s = host.service("node_exporter")
 #    assert s.is_enabled
diff --git a/tasks/configure.yml b/tasks/configure.yml
@@ -12,8 +12,8 @@
   file:
     path: "{{ node_exporter_textfile_dir }}"
     state: directory
-    owner: "{{ node_exporter_system_user }}"
-    group: "{{ node_exporter_system_group }}"
+    owner: "{{ _node_exporter_system_user }}"
+    group: "{{ _node_exporter_system_group }}"
     recurse: true
     mode: 0775
   when: node_exporter_textfile_dir | length > 0
diff --git a/tasks/install.yml b/tasks/install.yml
@@ -1,21 +1,21 @@
 ---
 - name: Create the node_exporter group
   group:
-    name: "{{ node_exporter_system_group }}"
+    name: "{{ _node_exporter_system_group }}"
     state: present
     system: true
-  when: node_exporter_system_group != "root"
+  when: _node_exporter_system_group != "root"
 
 - name: Create the node_exporter user
   user:
-    name: "{{ node_exporter_system_user }}"
-    groups: "{{ node_exporter_system_group }}"
+    name: "{{ _node_exporter_system_user }}"
+    groups: "{{ _node_exporter_system_group }}"
     append: true
     shell: /usr/sbin/nologin
     system: true
     create_home: false
     home: /
-  when: node_exporter_system_user != "root"
+  when: _node_exporter_system_user != "root"
 
 - block:
     - name: Download node_exporter binary to local folder
diff --git a/templates/node_exporter.service.j2 b/templates/node_exporter.service.j2
@@ -7,8 +7,8 @@ StartLimitInterval=0
 
 [Service]
 Type=simple
-User={{ node_exporter_system_user }}
-Group={{ node_exporter_system_group }}
+User={{ _node_exporter_system_user }}
+Group={{ _node_exporter_system_group }}
 ExecStart={{ _node_exporter_binary_install_dir }}/node_exporter \
 {% for collector in node_exporter_enabled_collectors -%}
 {%   if not collector is mapping %}
diff --git a/vars/main.yml b/vars/main.yml
@@ -9,3 +9,5 @@ go_arch_map:
 go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}"
 
 _node_exporter_binary_install_dir: "/usr/local/bin"
+_node_exporter_system_group: "node-exp"
+_node_exporter_system_user: "{{ _node_exporter_system_group }}"
