2024-01-24 09:10:44 +00:00
4 changed files with 28 additions and 16 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -12,10 +12,10 @@ pve_sd_virtualenv: /opt/python3/pve_sd
 # @var pve_sd_virtualenv_umask: $ "_unset_"
 # @var pve_sd_virtualenv_umask:example: $ "0022"
-pve_sd_user: "prometheus_adm"
+pve_sd_system_user: "prometheus_adm"
-pve_sd_user_comment: PVE SD
+pve_sd_system_user_comment: PVE SD
-pve_sd_group: "{{ pve_sd_user }}"
+pve_sd_system_group: "{{ pve_sd_system_user }}"
-pve_sd_extra_groups: []
+pve_sd_system_extra_groups: []
 # @var pve_sd_interval:description: Interval for the systemd timer.
 pve_sd_interval: "*:0/15"
@ -28,9 +28,16 @@ pve_sd_output_file: /out/pve.json
 pve_sd_exclude_state: []
 pve_sd_exclude_vmid: []
 pve_sd_exclude_tags: []
 pve_sd_service: False
 pve_sd_pve_server: pve.example.com
-pve_sd_pve_user: root
+pve_sd_pve_user: username@pve
-pve_sd_pve_password: secure
+# @var pve_sd_pve_password:description: >
 # If `pve_sd_pve_token_value` is set, the token authentication method is preferred,
 # otherwise `pve_sd_pve_password` can be used for authentication with the username and password.
 # @end
 # @var pve_sd_pve_password:example: $ "secure"
 pve_sd_pve_token_name: demo
 pve_sd_pve_token_value: xxxx-xxxx-xxxx
--- a/tasks/setup.yml
+++ b/tasks/setup.yml
@ -1,16 +1,16 @@
 ---
 - block:
-    - name: Create group '{{ pve_sd_group }}'
+    - name: Create group '{{ pve_sd_system_group }}'
      group:
-        name: "{{ pve_sd_group }}"
+        name: "{{ pve_sd_system_group }}"
        state: present
-    - name: Create user '{{ pve_sd_user }}'
+    - name: Create user '{{ pve_sd_system_user }}'
      user:
-        comment: "{{ pve_sd_user_comment }}"
+        comment: "{{ pve_sd_system_user_comment }}"
-        name: "{{ pve_sd_user }}"
+        name: "{{ pve_sd_system_user }}"
-        group: "{{ pve_sd_group }}"
+        group: "{{ pve_sd_system_group }}"
-        groups: "{{ pve_sd_extra_groups | join(',') }}"
+        groups: "{{ pve_sd_system_extra_groups | join(',') }}"
    - name: Upgrade python dependencies
      pip:
--- a/templates/etc/sysconfig/pve_sd.j2
+++ b/templates/etc/sysconfig/pve_sd.j2
@ -4,14 +4,19 @@ PROMETHEUS_PVE_SD_LOG_LEVEL={{ pve_sd_log_level }}
 PROMETHEUS_PVE_SD_LOG_FORMAT={{ pve_sd_log_format }}
 PROMETHEUS_PVE_SD_OUTPUT_FILE={{ pve_sd_output_file }}
 PROMETHEUS_PVE_SD_SERVICE={{ pve_sd_service | bool | lower }}
 PROMETHEUS_PVE_SD_EXCLUDE_STATE={{ pve_sd_exclude_state | join(",") }}
 PROMETHEUS_PVE_SD_EXCLUDE_VMID={{ pve_sd_exclude_vmid | join(",") }}
 PROMETHEUS_PVE_SD_EXCLUDE_TAGS={{ pve_sd_exclude_tags | join(",") }}
 PROMETHEUS_PVE_SD_PVE_SERVER={{ pve_sd_pve_server }}
 PROMETHEUS_PVE_SD_PVE_USER={{ pve_sd_pve_user }}
 {% if pve_sd_pve_token_value is defined %}
 PROMETHEUS_PVE_SD_PVE_TOKEN_NAME={{ pve_sd_pve_token_name }}
 PROMETHEUS_PVE_SD_PVE_TOKEN_VALUE={{ pve_sd_pve_token_value }}
 {% else if pve_sd_pve_password is defined %}
 PROMETHEUS_PVE_SD_PVE_PASSWORD={{ pve_sd_pve_password }}
 {% end %}
 PROMETHEUS_PVE_SD_PVE_AUTH_TIMEOUT=5
 PROMETHEUS_PVE_SD_PVE_VERIFY_SSL=true
--- a/templates/etc/systemd/system/pve_sd.service.j2
+++ b/templates/etc/systemd/system/pve_sd.service.j2
@ -9,8 +9,8 @@ After=local-fs.target
 [Service]
 Type=oneshot
 EnvironmentFile=/etc/sysconfig/pve_sd
-User={{ pve_sd_user }}
+User={{ pve_sd_system_user }}
-Group={{ pve_sd_group }}
+Group={{ pve_sd_system_user_group }}
 WorkingDirectory={{ pve_sd_output_file | dirname }}
 ExecStart=/usr/local/bin/prometheus-pve-sd