Check that TLS cert and key can be read

[volcan01010]

Summary

This pull request adds an extra assertion to the preflight checks to confirm that the node_exporter process has read permission on the TLS key and certificate.

Background

When we tried setting up the node exporter with TLS we found that the playbook ran successfully but that the node exporter was not running on the target server. The error messages from systemctl status node_exporter did not contain useful information. Eventually we traced the problem to the TLS certificate having r-------- root root permissions and therefore not being accessible to the node-exp system account. Adding this extra check will prevent this happening to others.

To test

I have not updated the molecule tests as there were no equivalent tests on the other preflight assertions. To trigger the assertion manually, you can run chmod 0000 /path/to/your/tls.key and then apply the role. It should fail during the preflight tests.

Thank you for your work on this role!

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[volcan01010]

Please keep this issue open. The pull request remains valid, it just hasn't been checked yet.

[SuperQ]

This role has been deprecated in favor of a the prometheus-community/ansible collection.