diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2021-10-15 18:24:52 +0200 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2021-10-15 18:24:52 +0200 |
| commit | d83c9a50fa29f51e3195929c62f4946cab8c50c5 (patch) | |
| tree | b8b8a01a4e1db5bbc6a0004315efeca2aabe0688 | |
| parent | fix group_vars precedence for accesspoints (diff) | |
prometheus: fix smartmon textfile collector
| -rw-r--r-- | inventory/host_vars/ch-prometheus.yml | 4 | ||||
| -rw-r--r-- | roles/monitoring/prometheus/exporter/node/tasks/main.yml | 4 | ||||
| -rw-r--r-- | roles/monitoring/prometheus/exporter/node/tasks/textfile_collector_generic.yml (renamed from roles/monitoring/prometheus/exporter/node/tasks/textfile_collector_script.yml) | 0 | ||||
| -rw-r--r-- | roles/monitoring/prometheus/exporter/node/tasks/textfile_collector_smartmon.yml | 21 | ||||
| -rw-r--r-- | roles/monitoring/prometheus/exporter/node/templates/textfile-collector-scripts/smartmon.service.j2 | 4 |
5 files changed, 29 insertions, 4 deletions
diff --git a/inventory/host_vars/ch-prometheus.yml b/inventory/host_vars/ch-prometheus.yml index 1779c602..d217de07 100644 --- a/inventory/host_vars/ch-prometheus.yml +++ b/inventory/host_vars/ch-prometheus.yml @@ -49,6 +49,10 @@ spreadspace_apt_repo_components: - main - prometheus +prometheus_exporter_node_textfile_collector_scripts: + - deleted-libraries + - smartmon + prometheus_exporters_extra: - ipmi diff --git a/roles/monitoring/prometheus/exporter/node/tasks/main.yml b/roles/monitoring/prometheus/exporter/node/tasks/main.yml index 2811c759..27bf3a4d 100644 --- a/roles/monitoring/prometheus/exporter/node/tasks/main.yml +++ b/roles/monitoring/prometheus/exporter/node/tasks/main.yml @@ -43,10 +43,10 @@ when: ansible_pkg_mgr == "apt" vars: textfile_collector_name: "apt" - include_tasks: textfile_collector_script.yml + include_tasks: textfile_collector_generic.yml - name: install all other textfile collector scripts loop: "{{ prometheus_exporter_node_textfile_collector_scripts }}" loop_control: loop_var: textfile_collector_name - include_tasks: textfile_collector_script.yml + include_tasks: "{{ q('first_found', ['textfile_collector_' + textfile_collector_name + '.yml', 'textfile_collector_generic.yml'] ) | first }}" diff --git a/roles/monitoring/prometheus/exporter/node/tasks/textfile_collector_script.yml b/roles/monitoring/prometheus/exporter/node/tasks/textfile_collector_generic.yml index 80390a15..80390a15 100644 --- a/roles/monitoring/prometheus/exporter/node/tasks/textfile_collector_script.yml +++ b/roles/monitoring/prometheus/exporter/node/tasks/textfile_collector_generic.yml diff --git a/roles/monitoring/prometheus/exporter/node/tasks/textfile_collector_smartmon.yml b/roles/monitoring/prometheus/exporter/node/tasks/textfile_collector_smartmon.yml new file mode 100644 index 00000000..8da763cd --- /dev/null +++ b/roles/monitoring/prometheus/exporter/node/tasks/textfile_collector_smartmon.yml @@ -0,0 +1,21 @@ +--- +- name: install smartmontools + apt: + name: smartmontools + state: present + +- name: make sure smartd service is stopped and masked + when: (ansible_distribution == 'Debian' and (ansible_distribution_major_version | int) < 11) or (ansible_distribution == 'Ubuntu' and (ansible_distribution_major_version | int) < 20) + systemd: + name: smartd.service + state: stopped + masked: yes + +- name: make sure smartmontools service is stopped and masked + systemd: + name: smartmontools.service + state: stopped + masked: yes + +- name: install the smartmon textfile collector script + include_tasks: textfile_collector_generic.yml diff --git a/roles/monitoring/prometheus/exporter/node/templates/textfile-collector-scripts/smartmon.service.j2 b/roles/monitoring/prometheus/exporter/node/templates/textfile-collector-scripts/smartmon.service.j2 index fc7c9f3f..0b826fc6 100644 --- a/roles/monitoring/prometheus/exporter/node/templates/textfile-collector-scripts/smartmon.service.j2 +++ b/roles/monitoring/prometheus/exporter/node/templates/textfile-collector-scripts/smartmon.service.j2 @@ -8,8 +8,8 @@ Environment=LC_NUMERIC=C ExecStart=bash -c "/usr/local/share/prometheus-node-exporter/smartmon | sponge /var/lib/prometheus-node-exporter/textfile-collector/smartmon.prom" # systemd hardening-options -AmbientCapabilities= -CapabilityBoundingSet= +AmbientCapabilities=CAP_SYS_RAWIO +CapabilityBoundingSet=CAP_SYS_RAWIO LockPersonality=true MemoryDenyWriteExecute=true NoNewPrivileges=true |