Configurable agent user groups

This commit is contained in:
Norman 2023-04-10 01:39:52 -04:00 committed by GitHub
parent b07cd09ceb
commit bd351c719e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 6 additions and 2 deletions

View File

@ -26,6 +26,7 @@ All variables which can be overridden are stored in [./defaults/main.yaml](./def
| `grafana_agent_mode` | `static` | mode to run Grafana Agent in. Can be "flow" or "static", [Flow Docs](https://grafana.com/docs/agent/latest/flow/) | | `grafana_agent_mode` | `static` | mode to run Grafana Agent in. Can be "flow" or "static", [Flow Docs](https://grafana.com/docs/agent/latest/flow/) |
| `grafana_agent_user` | `grafana-agent` | os user to create for the agent to run as | | `grafana_agent_user` | `grafana-agent` | os user to create for the agent to run as |
| `grafana_agent_user_group` | `grafana-agent` | os user group to create for the agent | | `grafana_agent_user_group` | `grafana-agent` | os user group to create for the agent |
| `grafana_agent_user_groups` | `[]` | Configurable user groups that the grafana agent can be put in so that it can access logs |
| `grafana_agent_user_shell` | `/usr/sbin/nologin` | the shell for the user | | `grafana_agent_user_shell` | `/usr/sbin/nologin` | the shell for the user |
| `grafana_agent_user_createhome` | `false` | whether or not to create a home directory for the user | | `grafana_agent_user_createhome` | `false` | whether or not to create a home directory for the user |
| `grafana_agent_local_binary_file` | `""` | full path to the local binary if already downloaded or built on the controller, this should only be set, if ansible is not downloading the binary and you have manually downloaded the binary | | `grafana_agent_local_binary_file` | `""` | full path to the local binary if already downloaded or built on the controller, this should only be set, if ansible is not downloading the binary and you have manually downloaded the binary |

View File

@ -39,6 +39,10 @@ grafana_agent_user: grafana-agent
# os user group to create for the agent # os user group to create for the agent
grafana_agent_user_group: grafana-agent grafana_agent_user_group: grafana-agent
# Configurable user groups that the grafana agent can be put in so that it can access logs
# (See https://github.com/grafana/grafana-ansible-collection/issues/40)
grafana_agent_user_groups: []
# the shell for the user # the shell for the user
grafana_agent_user_shell: /usr/sbin/nologin grafana_agent_user_shell: /usr/sbin/nologin

View File

@ -41,8 +41,7 @@
ansible.builtin.user: ansible.builtin.user:
name: "{{ grafana_agent_user }}" name: "{{ grafana_agent_user }}"
comment: "Grafana Agent Account" comment: "Grafana Agent Account"
groups: groups: "{{ [ grafana_agent_user_group ] + grafana_agent_user_groups }}"
- "{{ grafana_agent_user_group }}"
system: true system: true
shell: "{{ grafana_agent_user_shell }}" shell: "{{ grafana_agent_user_shell }}"
createhome: "{{ grafana_agent_user_createhome }}" createhome: "{{ grafana_agent_user_createhome }}"