From d0a44e3ff8c63905ab8d47b5d61816f8e5f07852 Mon Sep 17 00:00:00 2001
From: Thomas Schneider <thomas@fsmpi.rwth-aachen.de>
Date: Fri, 3 Mar 2023 23:34:21 +0100
Subject: [PATCH] *: Fix risky-file-permissions ansible-lint issues

---
 alertmanager/tasks/main.yml    |  6 ++++++
 mysqld_exporter/tasks/main.yml |  6 ++++++
 node_exporter/tasks/main.yml   |  6 ++++++
 prometheus/tasks/main.yml      | 12 ++++++++++++
 4 files changed, 30 insertions(+)

diff --git a/alertmanager/tasks/main.yml b/alertmanager/tasks/main.yml
index 71f6185..a878955 100644
--- a/alertmanager/tasks/main.yml
+++ b/alertmanager/tasks/main.yml
@@ -9,6 +9,9 @@
   template:
     src: default.j2
     dest: /etc/default/prometheus-alertmanager
+    owner: root
+    group: root
+    mode: "0644"
   notify:
     - Restart alertmanager
   tags:
@@ -18,6 +21,9 @@
   template:
     src: alertmanager.yml.j2
     dest: /etc/prometheus/alertmanager.yml
+    owner: root
+    group: root
+    mode: "0644"
   notify:
     - Reload alertmanager
   tags:
diff --git a/mysqld_exporter/tasks/main.yml b/mysqld_exporter/tasks/main.yml
index e84070c..9d8d2ed 100644
--- a/mysqld_exporter/tasks/main.yml
+++ b/mysqld_exporter/tasks/main.yml
@@ -23,6 +23,9 @@
   template:
     src: prometheus-mysqld-exporter.j2
     dest: /etc/default/prometheus-mysqld-exporter
+    owner: root
+    group: root
+    mode: "0644"
   notify:
     - Restart mysqld_exporter
   tags:
@@ -34,6 +37,9 @@
   template:
     src: scrape.yml.j2
     dest: "/etc/prometheus/scrape/mysqld_{{ ansible_fqdn }}.yml"
+    owner: root
+    group: root
+    mode: "0644"
   delegate_to: "{{ prometheus_host }}"
   tags:
     - prometheus
diff --git a/node_exporter/tasks/main.yml b/node_exporter/tasks/main.yml
index 4f18777..26a48cd 100644
--- a/node_exporter/tasks/main.yml
+++ b/node_exporter/tasks/main.yml
@@ -44,6 +44,9 @@
   template:
     src: prometheus-node-exporter.j2
     dest: /etc/default/prometheus-node-exporter
+    owner: root
+    group: root
+    mode: "0644"
   notify:
     - Restart node_exporter
   tags:
@@ -55,6 +58,9 @@
   template:
     src: scrape.yml.j2
     dest: "/etc/prometheus/scrape/node_{{ ansible_fqdn }}.yml"
+    owner: root
+    group: root
+    mode: "0644"
   delegate_to: "{{ prometheus_host }}"
   tags:
     - prometheus
diff --git a/prometheus/tasks/main.yml b/prometheus/tasks/main.yml
index ce4f8e2..0e5b619 100644
--- a/prometheus/tasks/main.yml
+++ b/prometheus/tasks/main.yml
@@ -12,6 +12,9 @@
   template:
     src: default-prometheus.j2
     dest: /etc/default/prometheus
+    owner: root
+    group: root
+    mode: "0644"
   notify:
     - Restart prometheus
   tags:
@@ -23,6 +26,9 @@
     src: prometheus.yml.j2
     dest: /etc/prometheus/prometheus.yml
     validate: "promtool check config %s"
+    owner: root
+    group: root
+    mode: "0644"
   notify:
     - Reload prometheus
   tags:
@@ -33,6 +39,9 @@
   file:
     path: "/etc/prometheus/{{ item }}"
     state: directory
+    owner: root
+    group: root
+    mode: "0755"
   with_items:
     - alertmanagers
     - rules
@@ -46,6 +55,9 @@
     src: "rules.yml.j2"
     dest: "/etc/prometheus/rules/ansible_rules.yml"
     validate: "promtool check rules %s"
+    owner: root
+    group: root
+    mode: "0644"
   notify:
     - Reload prometheus
   tags:
-- 
GitLab