From e22ad0234f9e257bee28cc025768e0cf066387bd Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Wed, 24 Jan 2024 10:00:35 +0100 Subject: [PATCH] feat: add option to configure token auth --- defaults/main.yml | 19 +++++++++++++------ tasks/setup.yml | 14 +++++++------- templates/etc/sysconfig/pve_sd.j2 | 7 ++++++- .../etc/systemd/system/pve_sd.service.j2 | 4 ++-- 4 files changed, 28 insertions(+), 16 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index d57cb1d..5cf46e6 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -12,10 +12,10 @@ pve_sd_virtualenv: /opt/python3/pve_sd # @var pve_sd_virtualenv_umask: $ "_unset_" # @var pve_sd_virtualenv_umask:example: $ "0022" -pve_sd_user: "prometheus_adm" -pve_sd_user_comment: PVE SD -pve_sd_group: "{{ pve_sd_user }}" -pve_sd_extra_groups: [] +pve_sd_system_user: "prometheus_adm" +pve_sd_system_user_comment: PVE SD +pve_sd_system_group: "{{ pve_sd_system_user }}" +pve_sd_system_extra_groups: [] # @var pve_sd_interval:description: Interval for the systemd timer. pve_sd_interval: "*:0/15" @@ -28,9 +28,16 @@ pve_sd_output_file: /out/pve.json pve_sd_exclude_state: [] pve_sd_exclude_vmid: [] +pve_sd_exclude_tags: [] pve_sd_service: False pve_sd_pve_server: pve.example.com -pve_sd_pve_user: root -pve_sd_pve_password: secure +pve_sd_pve_user: username@pve +# @var pve_sd_pve_password:description: > +# If `pve_sd_pve_token_value` is set, the token authentication method is preferred, +# otherwise `pve_sd_pve_password` can be used for authentication with the username and password. +# @end +# @var pve_sd_pve_password:example: $ "secure" +pve_sd_pve_token_name: demo +pve_sd_pve_token_value: xxxx-xxxx-xxxx diff --git a/tasks/setup.yml b/tasks/setup.yml index 8db283d..59996b5 100644 --- a/tasks/setup.yml +++ b/tasks/setup.yml @@ -1,16 +1,16 @@ --- - block: - - name: Create group '{{ pve_sd_group }}' + - name: Create group '{{ pve_sd_system_group }}' group: - name: "{{ pve_sd_group }}" + name: "{{ pve_sd_system_group }}" state: present - - name: Create user '{{ pve_sd_user }}' + - name: Create user '{{ pve_sd_system_user }}' user: - comment: "{{ pve_sd_user_comment }}" - name: "{{ pve_sd_user }}" - group: "{{ pve_sd_group }}" - groups: "{{ pve_sd_extra_groups | join(',') }}" + comment: "{{ pve_sd_system_user_comment }}" + name: "{{ pve_sd_system_user }}" + group: "{{ pve_sd_system_group }}" + groups: "{{ pve_sd_system_extra_groups | join(',') }}" - name: Upgrade python dependencies pip: diff --git a/templates/etc/sysconfig/pve_sd.j2 b/templates/etc/sysconfig/pve_sd.j2 index c214e12..5251c52 100644 --- a/templates/etc/sysconfig/pve_sd.j2 +++ b/templates/etc/sysconfig/pve_sd.j2 @@ -4,14 +4,19 @@ PROMETHEUS_PVE_SD_LOG_LEVEL={{ pve_sd_log_level }} PROMETHEUS_PVE_SD_LOG_FORMAT={{ pve_sd_log_format }} PROMETHEUS_PVE_SD_OUTPUT_FILE={{ pve_sd_output_file }} - PROMETHEUS_PVE_SD_SERVICE={{ pve_sd_service | bool | lower }} PROMETHEUS_PVE_SD_EXCLUDE_STATE={{ pve_sd_exclude_state | join(",") }} PROMETHEUS_PVE_SD_EXCLUDE_VMID={{ pve_sd_exclude_vmid | join(",") }} +PROMETHEUS_PVE_SD_EXCLUDE_TAGS={{ pve_sd_exclude_tags | join(",") }} PROMETHEUS_PVE_SD_PVE_SERVER={{ pve_sd_pve_server }} PROMETHEUS_PVE_SD_PVE_USER={{ pve_sd_pve_user }} +{% if pve_sd_pve_token_value is defined %} +PROMETHEUS_PVE_SD_PVE_TOKEN_NAME={{ pve_sd_pve_token_name }} +PROMETHEUS_PVE_SD_PVE_TOKEN_VALUE={{ pve_sd_pve_token_value }} +{% else if pve_sd_pve_password is defined %} PROMETHEUS_PVE_SD_PVE_PASSWORD={{ pve_sd_pve_password }} +{% end %} PROMETHEUS_PVE_SD_PVE_AUTH_TIMEOUT=5 PROMETHEUS_PVE_SD_PVE_VERIFY_SSL=true diff --git a/templates/etc/systemd/system/pve_sd.service.j2 b/templates/etc/systemd/system/pve_sd.service.j2 index 58e16b5..f7497a8 100644 --- a/templates/etc/systemd/system/pve_sd.service.j2 +++ b/templates/etc/systemd/system/pve_sd.service.j2 @@ -9,8 +9,8 @@ After=local-fs.target [Service] Type=oneshot EnvironmentFile=/etc/sysconfig/pve_sd -User={{ pve_sd_user }} -Group={{ pve_sd_group }} +User={{ pve_sd_system_user }} +Group={{ pve_sd_system_user_group }} WorkingDirectory={{ pve_sd_output_file | dirname }} ExecStart=/usr/local/bin/prometheus-pve-sd -- 2.45.2