From 689580de5fecf29dd55a5def1fd2de3406f0803b Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@thegeeklab.de>
Date: Sat, 29 May 2021 15:02:57 +0200
Subject: [PATCH] fix setup issues and cleanup vars

---
 defaults/main.yml                             |  6 ++--
 molecule/centos7/destroy.yml                  |  4 +--
 molecule/centos7/tests/test_default.py        | 13 ++++++--
 tasks/selinux.yml                             |  2 +-
 tasks/setup.yml                               | 32 +++++++++++++------
 templates/conf/rules/alert.rules.j2           |  2 +-
 .../etc/systemd/system/prometheus.service.j2  |  2 +-
 7 files changed, 42 insertions(+), 19 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 56724c0..83e183c 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -12,8 +12,10 @@ prometheus_config_dir: "{{ prometheus_base_dir }}/conf"
 prometheus_rules_dir: "{{ prometheus_config_dir }}/rules"
 prometheus_file_sd_dir: "{{ prometheus_config_dir }}/file_sd"
 prometheus_data_dir: "{{ prometheus_base_dir }}/data"
+prometheus_read_only_dirs: []
 
-prometheus_web_listen_address: "0.0.0.0:9090"
+prometheus_web_bind_ip: 127.0.0.1
+prometheus_web_bind_port: 9090
 prometheus_web_external_url: ""
 
 # @var prometheus_web_config:description: See official [documentation](https://github.com/prometheus/exporter-toolkit/blob/master/docs/web-configuration.md).
@@ -98,7 +100,7 @@ prometheus_scrape_configs:
           - "{{ ansible_fqdn | default(ansible_host) | default('localhost') }}:9090"
 
 prometheus_alert_rules_files:
-  - "{{ prometheus_rules_dir }}/*.rules"
+  - "prometheus/rules/*.rules"
 
 prometheus_static_targets_files:
   - prometheus/targets/*.yml
diff --git a/molecule/centos7/destroy.yml b/molecule/centos7/destroy.yml
index 943c288..6454c71 100644
--- a/molecule/centos7/destroy.yml
+++ b/molecule/centos7/destroy.yml
@@ -1,4 +1,3 @@
-
 ---
 - name: Destroy
   hosts: localhost
@@ -74,7 +73,6 @@
         content: |
           # Molecule managed
 
-          {{ instance_conf | to_json | from_json | to_yaml }}
+          {{ instance_conf | to_nice_yaml(indent=2) }}
         dest: "{{ molecule_instance_config }}"
       when: server.changed | bool
-
diff --git a/molecule/centos7/tests/test_default.py b/molecule/centos7/tests/test_default.py
index 7339d3f..c08b312 100644
--- a/molecule/centos7/tests/test_default.py
+++ b/molecule/centos7/tests/test_default.py
@@ -1,11 +1,20 @@
 import os
+import warnings
 
 import testinfra.utils.ansible_runner
 
-import warnings
 warnings.filterwarnings("ignore", category=DeprecationWarning)
 
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
-    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+    os.environ["MOLECULE_INVENTORY_FILE"]).get_hosts("all")
+
+
+def test_prometheus_running_and_enabled(host):
+    prometheus = host.service("prometheus")
+    assert prometheus.is_running
+    assert prometheus.is_enabled
 
 
+def test_prometheus_socket(host):
+    # Verify the socket is listening for HTTP traffic
+    assert host.socket("tcp://127.0.0.1:61000").is_listening
diff --git a/tasks/selinux.yml b/tasks/selinux.yml
index 6b710ff..1a634d3 100644
--- a/tasks/selinux.yml
+++ b/tasks/selinux.yml
@@ -2,7 +2,7 @@
 - block:
     - name: Allow prometheus to bind to port in SELinux
       seport:
-        ports: "{{ prometheus_web_listen_address.split(':')[1] }}"
+        ports: "{{ prometheus_web_bind_port }}"
         proto: tcp
         setype: http_port_t
         state: present
diff --git a/tasks/setup.yml b/tasks/setup.yml
index 895478d..9defb1b 100644
--- a/tasks/setup.yml
+++ b/tasks/setup.yml
@@ -24,18 +24,25 @@
       unarchive:
         src: "https://github.com/prometheus/prometheus/releases/download/v{{ prometheus_version }}/prometheus-{{ prometheus_version }}.linux-amd64.tar.gz"
         dest: "{{ prometheus_base_dir }}"
+        extra_opts:
+          - --strip-components=1
         remote_src: yes
-        # include:
-        #   - consoles/
-        #   - console_libraries/
-        #   - prometheus
-        #   - promtool
+        include:
+          - prometheus-{{ prometheus_version }}.linux-amd64/consoles/
+          - prometheus-{{ prometheus_version }}.linux-amd64/console_libraries/
+          - prometheus-{{ prometheus_version }}.linux-amd64/prometheus
+          - prometheus-{{ prometheus_version }}.linux-amd64/promtool
       notify: __prometheus_restart
+  become: True
+  become_user: "{{ prometheus_user }}"
 
+- block:
     - name: Copy prometheus config file
       template:
         src: "conf/prometheus.yml.j2"
         dest: "{{ prometheus_config_dir }}/prometheus.yml"
+        owner: "{{ prometheus_user }}"
+        group: "{{ prometheus_user }}"
         mode: 0640
         validate: "{{ prometheus_base_dir }}/promtool check config %s"
       notify: __prometheus_reload
@@ -44,12 +51,16 @@
       copy:
         content: "{{ prometheus_web_config | to_nice_yaml(indent=2) }}"
         dest: "{{ prometheus_config_dir }}/web.yml"
+        owner: "{{ prometheus_user }}"
+        group: "{{ prometheus_user }}"
         mode: 0640
 
     - name: Configure prometheus static targets
       template:
         src: "conf/file_sd/sd.yml.j2"
         dest: "{{ prometheus_file_sd_dir }}/{{ item.name }}.yml"
+        owner: "{{ prometheus_user }}"
+        group: "{{ prometheus_user }}"
         mode: 0640
       loop: "{{ prometheus_targets }}"
 
@@ -57,6 +68,8 @@
       copy:
         src: "{{ item }}"
         dest: "{{ prometheus_file_sd_dir }}"
+        owner: "{{ prometheus_user }}"
+        group: "{{ prometheus_user }}"
         mode: 0640
       with_fileglob: "{{ prometheus_static_targets_files }}"
 
@@ -64,23 +77,24 @@
       template:
         src: "conf/rules/alert.rules.j2"
         dest: "{{ prometheus_rules_dir }}/default.rules"
+        owner: "{{ prometheus_user }}"
+        group: "{{ prometheus_user }}"
         mode: 0640
         validate: "{{ prometheus_base_dir }}/promtool check rules %s"
-      when: prometheus_alert_rules + prometheus_alert_rules_extra | length > 0
+      when: (prometheus_alert_rules + prometheus_alert_rules_extra) | length > 0
       notify: __prometheus_reload
 
     - name: Copy custom alerting rule files
       copy:
         src: "{{ item }}"
         dest: "{{ prometheus_rules_dir }}/"
+        owner: "{{ prometheus_user }}"
+        group: "{{ prometheus_user }}"
         mode: 0640
         validate: "{{ prometheus_base_dir }}/promtool check rules %s"
       with_fileglob: "{{ prometheus_alert_rules_files }}"
       notify: __prometheus_reload
-  become: True
-  become_user: "{{ prometheus_user }}"
 
-- block:
     - name: Copy systemd unit file
       template:
         src: "etc/systemd/system/prometheus.service.j2"
diff --git a/templates/conf/rules/alert.rules.j2 b/templates/conf/rules/alert.rules.j2
index 07b7ade..e45a4c3 100644
--- a/templates/conf/rules/alert.rules.j2
+++ b/templates/conf/rules/alert.rules.j2
@@ -4,4 +4,4 @@
 groups:
 - name: Ansible managed alert rules
   rules:
-  {{ prometheus_alert_rules + prometheus_alert_rules_extra | to_nice_yaml(indent=2) | indent(2,False) }}
+  {{ (prometheus_alert_rules + prometheus_alert_rules_extra) | to_nice_yaml(indent=2) | indent(2, False) }}
diff --git a/templates/etc/systemd/system/prometheus.service.j2 b/templates/etc/systemd/system/prometheus.service.j2
index cc24ae7..7ce9a2d 100644
--- a/templates/etc/systemd/system/prometheus.service.j2
+++ b/templates/etc/systemd/system/prometheus.service.j2
@@ -19,7 +19,7 @@ ExecStart={{ prometheus_base_dir }}/prometheus \
   --web.config.file={{ prometheus_config_dir }}/web.yml \
   --web.console.libraries={{ prometheus_base_dir }}/console_libraries \
   --web.console.templates={{ prometheus_base_dir }}/consoles \
-  --web.listen-address={{ prometheus_web_listen_address }} \
+  --web.listen-address={{ prometheus_web_bind_ip }}:{{ prometheus_web_bind_port }} \
   --web.external-url={{ prometheus_web_external_url }} \
 {% for flag in prometheus_config_flags_extra %}
 {% if flag.value is not defined %}