search

patrickjahns / ansible-role-promtail

🔧 Ansible role for deploying promtail
MIT License
101 stars 59 forks source link

Set promtail user home to install directory #138

Closed hafu closed 1 year ago

hafu commented 1 year ago

This PR sets the home directory of the promtail user to the promtail_install_dir (/opt/promtail).

When reverting the installation with ansible a / as home could lead to the deletion of the whole system when using ansible.builtin.user module with:

# revert promtail installation …
- name: "Remove promtail"
  # …

  vars:
    # …
    promtail_system_user: promtail

  tasks:
    # … 
    - name: "Remove promtail user"
      ansible.builtin.user:
        name: "{{ promtail_system_user }}"
        state: absent
        remove: true  # defaults: false
        force: true   # defaults: false
    # …

This may be a edge case, since ansible defaults are safe. But setting the home to a safer location prevents from deleting the whole root.

patrickjahns commented 1 year ago

Thank you for the contribution 🚀

shinebayar-g commented 1 year ago

This is a regression! See https://github.com/patrickjahns/ansible-role-promtail/issues/140

shinebayar-g commented 1 year ago

In fact, is home really needed? Since we already have createhome: False. I don't know why it's needed at all.

hafu commented 1 year ago

In fact, is home really needed? Since we already have createhome: False. I don't know why it's needed at all.

This is a good point. The home parameter in the Ansible user module is optional. Would be interesting to what it will be set on new installations. I guess /home/promtail. On existing installations it won't be touched. Sounds like a good solution. I will check this the next days.