Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Proposal] Launch Alertmanager and snmp_exporter with the account created by the _common module #491

Open
umatare5 opened this issue Dec 10, 2024 · 1 comment

Comments

@umatare5
Copy link

umatare5 commented Dec 10, 2024

Description

Currently, Ansible creates a dedicated user for each daemon using the central _common module. Most daemons use this user to start itself. However, only alertmanager and snmp_exporter use the independent user, not this dedicated user.

User=alertmanager
Group=alertmanager

User=nobody
Group={{ 'nogroup' if ansible_os_family == 'Debian' else 'nobody' }}

From my understanding,

  • In the current design, daemons are started using the user created with _common.
  • Other exporters are started by the user created with _common as mentioned in the Reference.

How do you think about changing the account used to start alertmanager and snmp_exporter to one created by _common?

Background

Collection Version

❯ ansible-galaxy collection list prometheus.prometheus --format yaml | grep prometheus.prometheus -A 1
  prometheus.prometheus:
    version: 0.23.0

Affected Role

  • alertmanager
  • snmp_exporter

Reference

Click to show User and Group in all unit files

❯ grep -rE 'User=|Group=' --include='*.service.j2' . | sort
./roles/alertmanager/templates/alertmanager.service.j2:Group=alertmanager
./roles/alertmanager/templates/alertmanager.service.j2:User=alertmanager
./roles/bind_exporter/templates/bind_exporter.service.j2:Group={{ bind_exporter_system_group }}
./roles/bind_exporter/templates/bind_exporter.service.j2:User={{ bind_exporter_system_user }}
./roles/blackbox_exporter/templates/blackbox_exporter.service.j2:Group={{ blackbox_exporter_system_group }}
./roles/blackbox_exporter/templates/blackbox_exporter.service.j2:User={{ blackbox_exporter_system_user }}
./roles/cadvisor/templates/cadvisor.service.j2:Group={{ cadvisor_system_group }}
./roles/cadvisor/templates/cadvisor.service.j2:User={{ cadvisor_system_user }}
./roles/chrony_exporter/templates/chrony_exporter.service.j2:Group={{ chrony_exporter_system_group }}
./roles/chrony_exporter/templates/chrony_exporter.service.j2:User={{ chrony_exporter_system_user }}
./roles/fail2ban_exporter/templates/fail2ban_exporter.service.j2:Group={{ fail2ban_exporter_system_group }}
./roles/fail2ban_exporter/templates/fail2ban_exporter.service.j2:User={{ fail2ban_exporter_system_user }}
./roles/influxdb_exporter/templates/influxdb_exporter.service.j2:Group={{ influxdb_exporter_system_group }}
./roles/influxdb_exporter/templates/influxdb_exporter.service.j2:User={{ influxdb_exporter_system_user }}
./roles/ipmi_exporter/templates/ipmi_exporter.service.j2:Group={{ ipmi_exporter_system_group }}
./roles/ipmi_exporter/templates/ipmi_exporter.service.j2:User={{ ipmi_exporter_system_user }}
./roles/memcached_exporter/templates/memcached_exporter.service.j2:Group={{ memcached_exporter_system_group }}
./roles/memcached_exporter/templates/memcached_exporter.service.j2:User={{ memcached_exporter_system_user }}
./roles/mongodb_exporter/templates/mongodb_exporter.service.j2:Group={{ mongodb_exporter_system_group }}
./roles/mongodb_exporter/templates/mongodb_exporter.service.j2:User={{ mongodb_exporter_system_user }}
./roles/mysqld_exporter/templates/mysqld_exporter.service.j2:Group={{ mysqld_exporter_system_group }}
./roles/mysqld_exporter/templates/mysqld_exporter.service.j2:User={{ mysqld_exporter_system_user }}
./roles/nginx_exporter/templates/nginx_exporter.service.j2:Group={{ nginx_exporter_system_group }}
./roles/nginx_exporter/templates/nginx_exporter.service.j2:User={{ nginx_exporter_system_user }}
./roles/node_exporter/templates/node_exporter.service.j2:Group={{ node_exporter_system_group }}
./roles/node_exporter/templates/node_exporter.service.j2:User={{ node_exporter_system_user }}
./roles/nvidia_gpu_exporter/templates/nvidia_gpu_exporter.service.j2:Group={{ nvidia_gpu_exporter_system_group }}
./roles/nvidia_gpu_exporter/templates/nvidia_gpu_exporter.service.j2:User={{ nvidia_gpu_exporter_system_user }}
./roles/postgres_exporter/templates/postgres_exporter.service.j2:Group={{ postgres_exporter_system_group }}
./roles/postgres_exporter/templates/postgres_exporter.service.j2:User={{ postgres_exporter_system_user }}
./roles/process_exporter/templates/process_exporter.service.j2:Group={{ process_exporter_system_group }}
./roles/process_exporter/templates/process_exporter.service.j2:User={{ process_exporter_system_user }}
./roles/prometheus/templates/prometheus.service.j2:Group={{ prometheus_system_group }}
./roles/prometheus/templates/prometheus.service.j2:User={{ prometheus_system_user }}
./roles/pushgateway/templates/pushgateway.service.j2:Group={{ pushgateway_system_group }}
./roles/pushgateway/templates/pushgateway.service.j2:User={{ pushgateway_system_user }}
./roles/redis_exporter/templates/redis_exporter.service.j2:Group={{ redis_exporter_system_group }}
./roles/redis_exporter/templates/redis_exporter.service.j2:User={{ redis_exporter_system_user }}
./roles/smartctl_exporter/templates/smartctl_exporter.service.j2:Group={{ smartctl_exporter_system_group }}
./roles/smartctl_exporter/templates/smartctl_exporter.service.j2:User={{ smartctl_exporter_system_user }}
./roles/smokeping_prober/templates/smokeping_prober.service.j2:Group={{ smokeping_prober_system_group }}
./roles/smokeping_prober/templates/smokeping_prober.service.j2:User={{ smokeping_prober_system_user }}
./roles/snmp_exporter/templates/snmp_exporter.service.j2:Group={{ 'nogroup' if ansible_os_family == 'Debian' else 'nobody' }}
./roles/snmp_exporter/templates/snmp_exporter.service.j2:User=nobody
./roles/systemd_exporter/templates/systemd_exporter.service.j2:Group={{ systemd_exporter_system_group }}
./roles/systemd_exporter/templates/systemd_exporter.service.j2:User={{ systemd_exporter_system_user }}

@umatare5 umatare5 changed the title [Proposal] Launch Alertmanager and snmp_exporter with the account created by the `_common module [Proposal] Launch Alertmanager and snmp_exporter with the account created by the _common module Dec 10, 2024
@umatare5
Copy link
Author

Hi @gardar @SuperQ, Would you please take a look at this issue and PR when you have time? Thank you in advance!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant