Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: make sure binary install dir exists #423

Merged
merged 1 commit into from
Oct 24, 2024
Merged

fix: make sure binary install dir exists #423

merged 1 commit into from
Oct 24, 2024

Conversation

namsic
Copy link
Contributor

@namsic namsic commented Oct 4, 2024

I'm trying to install node_exporter on a remote host with a custom node_exporter_binary_install_dir.

- hosts: all
  roles:
    - prometheus.prometheus.node_exporter
  vars:
    node_exporter_binary_local_dir: /home/namsic/downloads/node_exporter-1.6.0.linux-amd64
    node_exporter_binary_install_dir: /home/namsic/tmp

But when I ran the above playbook, I got the following result:

TASK [prometheus.prometheus.node_exporter : Propagate locally distributed node_exporter binary] ****************************************************************************************************************************************************************************************************************************************************************************
fatal: [remote001]: FAILED! => {
    "changed": false,
    "checksum": "894db4cbc1bda8d686d73f33f22c57c861836c9d",
    "msg": "Destination directory /home/namsic/tmp does not exist"
}

If there are multiple target hosts, it would be nice to automatically create the directory if it does not exist.

If these changes are not appropriate, please let me know.

Thanks.

SuperQ
SuperQ requested changes Oct 17, 2024
View reviewed changes
Copy link
Contributor

@SuperQ SuperQ left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This has now been migrated to the _common role.

@namsic
Copy link
Contributor Author

namsic commented Oct 17, 2024

Can I just add the same change to every roles?

fix: ensure binary_install_dir before copy binary

Or should I do something else?

@gardar
Copy link
Member

gardar commented Oct 17, 2024

Can I just add the same change to every roles?

fix: ensure binary_install_dir before copy binary

Or should I do something else?

You can add a task to the install tasks file of the _common role which all the roles use.

Adding this task before the last task, the one named "Propagate binaries", in _common/tasks/install.yml would probably do the trick.

- name: "Make sure binary install dir exists"
  ansible.builtin.file:
    path: "{{ _common_binary_install_dir }}"
    mode: 0755
    owner: root
    group: root
  become: true
  tags:
    - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}"
    - install
    - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_install"

@namsic
Copy link
Contributor Author

namsic commented Oct 18, 2024

Thanks for the detailed explanation. I changed it according to your comment.

@namsic namsic changed the title fix: ensure node_exporter_binary_install_dir before copy binary fix: make sure binary install dir exists Oct 18, 2024
@github-actions github-actions bot added bugfix and removed bugfix labels Oct 18, 2024
SuperQ
SuperQ reviewed Oct 18, 2024
View reviewed changes
roles/_common/tasks/install.yml
Comment on lines +108 to +117
mode: 0755
owner: root
group: root
Copy link
Contributor

@SuperQ SuperQ Oct 18, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure we should be explicitly changing these permissions, given this is /usr/local/bin by default.

For example, if this is a symlink, I'm pretty sure this will break the system.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The mode/owner has to be set because of https://nvd.nist.gov/vuln/detail/CVE-2020-1736
But I agree that we should use stat first to be on the safe side.

@SuperQ
Copy link
Contributor

SuperQ commented Oct 18, 2024

I think we should use ansible.bultin.stat as a preflight check, rather than actually try and create the target directory.

@github-actions github-actions bot added bugfix and removed bugfix labels Oct 19, 2024
@github-actions github-actions bot added bugfix and removed bugfix labels Oct 19, 2024
namsic
namsic commented Oct 19, 2024
View reviewed changes
roles/_common/tasks/install.yml
Comment on lines +105 to +110
- name: "Check existence of binary install dir"
ansible.builtin.stat:
path: "{{ _common_binary_install_dir }}"
register: __common_binary_install_dir
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wrote this with reference to below format:

ansible/roles/systemd_exporter/tasks/preflight.yml

Lines 42 to 50 in f3514a9

- name: Check existence of TLS key file
ansible.builtin.stat:
path: "{{ systemd_exporter_tls_server_config.key_file }}"
register: __systemd_exporter_key_file
- name: Assert that TLS key and cert are present
ansible.builtin.assert:
that:
- "__systemd_exporter_cert_file.stat.exists"

@github-actions github-actions bot added bugfix and removed bugfix labels Oct 19, 2024
@namsic
Copy link
Contributor Author

namsic commented Oct 21, 2024

Can someone help me?

I can't figure out how my ansible.builtin.stat changes relate to the error below.

INFO     Running alternative > destroy
INFO     Sanity checks: 'docker'
[WARNING]: Collection community.docker does not support Ansible version
2.11.12.post0

PLAY [Destroy] *****************************************************************

TASK [Destroy molecule instance(s)] ********************************************
fatal: [localhost]: FAILED! => {
   "msg": "Could not find imported module support code for ansible_collections.community.docker.plugins.modules.docker_container.
           Looked for (['ansible.module_utils.compat.version.LooseVersion', 'ansible.module_utils.compat.version'])"
}

PLAY RECAP *********************************************************************
localhost                  : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

WARNING  Retrying execution failure 2 of: ansible-playbook --inventory /root/.cache/molecule/alertmanager/alternative/inventory --skip-tags molecule-notest,notest /usr/local/lib/python3.6/dist-packages/molecule_docker/playbooks/destroy.yml
CRITICAL Ansible return code was 2, command was: ['ansible-playbook', '--inventory', '/root/.cache/molecule/alertmanager/alternative/inventory', '--skip-tags', 'molecule-notest,notest', '/usr/local/lib/python3.6/dist-packages/molecule_docker/playbooks/destroy.yml']

@github-actions github-actions bot added bugfix and removed bugfix labels Oct 21, 2024
@gardar
Copy link
Member

gardar commented Oct 23, 2024

Can someone help me?

I can't figure out how my ansible.builtin.stat changes relate to the error below.

INFO     Running alternative > destroy
INFO     Sanity checks: 'docker'
[WARNING]: Collection community.docker does not support Ansible version
2.11.12.post0

PLAY [Destroy] *****************************************************************

TASK [Destroy molecule instance(s)] ********************************************
fatal: [localhost]: FAILED! => {
   "msg": "Could not find imported module support code for ansible_collections.community.docker.plugins.modules.docker_container.
           Looked for (['ansible.module_utils.compat.version.LooseVersion', 'ansible.module_utils.compat.version'])"
}

PLAY RECAP *********************************************************************
localhost                  : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

WARNING  Retrying execution failure 2 of: ansible-playbook --inventory /root/.cache/molecule/alertmanager/alternative/inventory --skip-tags molecule-notest,notest /usr/local/lib/python3.6/dist-packages/molecule_docker/playbooks/destroy.yml
CRITICAL Ansible return code was 2, command was: ['ansible-playbook', '--inventory', '/root/.cache/molecule/alertmanager/alternative/inventory', '--skip-tags', 'molecule-notest,notest', '/usr/local/lib/python3.6/dist-packages/molecule_docker/playbooks/destroy.yml']

That issue is unrelated to your change, the docker ansible collection which is used for the tests was updated recently and that broke compatibility with old ansible versions.
I fixed the issue in #440

@github-actions github-actions bot added bugfix and removed bugfix labels Oct 23, 2024
@gardar gardar merged commit dfd5600 into prometheus-community:main Oct 24, 2024
635 checks passed
@github-actions GitHub Actions
Copy link
Contributor

Docs Build 📝

Thank you for contribution!✨

This PR has been merged and the docs are now incorporated into main:
https://prometheus-community.github.io/ansible/branch/main

@namsic namsic deleted the node_exporter_dir branch October 25, 2024 00:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gardar gardar gardar approved these changes

@SuperQ SuperQ SuperQ approved these changes

Assignees
No one assigned
Labels
bugfix roles/alertmanager roles/bind_exporter roles/blackbox_exporter roles/cadvisor roles/chrony_exporter roles/_common roles/fail2ban_exporter roles/gitlab_ci_pipelines_exporter roles/influxdb_exporter roles/ipmi_exporter roles/memcached_exporter roles/mongodb_exporter roles/mysqld_exporter roles/nginx_exporter roles/node_exporter roles/nvidia_gpu_exporter roles/postgres_exporter roles/process_exporter roles/prometheus roles/pushgateway roles/redis_exporter roles/smartctl_exporter roles/smokeping_prober roles/snmp_exporter roles/systemd_exporter
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@namsic @gardar @SuperQ