From bf077a1cca6dc884f2cacb2618ab0478bceb5af0 Mon Sep 17 00:00:00 2001 From: n07070 Date: Fri, 1 Mar 2024 11:01:15 +0100 Subject: [PATCH] Add basis of the role --- defaults/main.yml | 16 ++++++++++ handlers/main.yml | 2 ++ tasks/check_rapl.yml | 9 ++++++ tasks/install.yml | 7 +++++ tasks/main.yml | 14 +++++++++ tasks/systemd-service.yml | 39 +++++++++++++++++++++++ templates/scaphandre.service.j2 | 55 +++++++++++++++++++++++++++++++++ tests/inventory | 2 ++ tests/test.yml | 5 +++ vars/main.yml | 2 ++ 10 files changed, 151 insertions(+) create mode 100644 defaults/main.yml create mode 100644 handlers/main.yml create mode 100644 tasks/check_rapl.yml create mode 100644 tasks/install.yml create mode 100644 tasks/main.yml create mode 100644 tasks/systemd-service.yml create mode 100644 templates/scaphandre.service.j2 create mode 100644 tests/inventory create mode 100644 tests/test.yml create mode 100644 vars/main.yml diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..e450f04 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,16 @@ +--- +# defaults file for hubblo.scaphandre + +scaphandre_arch: deb12-arm64 + +scaphandre_version: 1.0.0 + +scaphandre_home_dir: /opt/scaphandre + +scaphandre_exporter: prometheus + +scaphandre_exporter_web_listen_address: localhost + +scaphandre_exporter_web_listen_port: "8085" + +scaphandre_web_telemetry_path: power-metrics diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..81ac06f --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for hubblo.scaphandre diff --git a/tasks/check_rapl.yml b/tasks/check_rapl.yml new file mode 100644 index 0000000..9d2e484 --- /dev/null +++ b/tasks/check_rapl.yml @@ -0,0 +1,9 @@ +--- +# This file checks for the presence of the intel_rapl_common kernel module, and tries to install it if +# it's not present on the host machine. + +- name: Check for RAPL module + community.general.modprobe: + name: intel_rapl_common + state: present + persistent: present diff --git a/tasks/install.yml b/tasks/install.yml new file mode 100644 index 0000000..eb47273 --- /dev/null +++ b/tasks/install.yml @@ -0,0 +1,7 @@ +--- +# Installs the scaphandre package and setups the user. + +- name: Install the scaphandre package + ansible.builtin.apt: + deb: https://github.com/hubblo-org/scaphandre/releases/download/v{{ scaphandre_version }}/scaphandre_v{{ scaphandre_version }}-{{ scaphandre_arch }}.deb + state: present diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..32598b6 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,14 @@ +--- +# tasks file for hubblo.scaphandre + +- name: Import the tasks to check for RAPL kernel module presence + ansible.builtin.import_tasks: + file: check_rapl.yml + +- name: Install scaphandre packages + ansible.builtin.import_tasks: + file: install.yml + +- name: Configure and install the systemD service + ansible.builtin.import_tasks: + file: systemd-service.yml diff --git a/tasks/systemd-service.yml b/tasks/systemd-service.yml new file mode 100644 index 0000000..e848dca --- /dev/null +++ b/tasks/systemd-service.yml @@ -0,0 +1,39 @@ +--- +# Creates the user and setups the systemD service. + +- name: Ensure group "scaphandre" exists + ansible.builtin.group: + name: scaphandre + state: present + +- name: Create scaphandre user + ansible.builtin.user: + name: scaphandre + groups: + - scaphandre + append: true + create_home: true + home: "{{ scaphandre_home_dir }}" + +- name: Setup systemD service + ansible.builtin.template: + src: scaphandre.service.j2 + dest: /etc/systemd/system/scaphandre.service + owner: root + group: root + mode: "644" + +- name: Ensure proper permissions + ansible.builtin.file: + path: "{{ scaphandre_home_dir }}" + state: directory + recurse: true + owner: scaphandre + group: scaphandre + mode: u+rwx,g-wx,o-rwx + +- name: Ensure scaphandre is running + ansible.builtin.systemd_service: + state: restarted + daemon_reload: true + name: scaphandre diff --git a/templates/scaphandre.service.j2 b/templates/scaphandre.service.j2 new file mode 100644 index 0000000..5a8e20a --- /dev/null +++ b/templates/scaphandre.service.j2 @@ -0,0 +1,55 @@ +[Unit] +Description=Scaphandre +Documentation=https://github.com/hubblo-org/scaphandre +Wants=network.target +After=network.target + +[Service] +IPAddressAllow=localhost +IPAddressDeny=any + +ExecStartPre=-+/usr/sbin/modprobe intel_rapl_common +ExecStartPre=+/usr/bin/find /sys/devices/virtual/powercap -name energy_uj -exec chmod g+r -R {} + -exec chown root:powercap {} + +ExecStart=scaphandre {{ scaphandre_exporter }} -a {{ scaphandre_exporter_web_listen_address }} -p {{ scaphandre_exporter_web_listen_port }} -s {{ scaphandre_web_telemetry_path }} + +CapabilityBoundingSet=CAP_NET_BIND_SERVICE +DevicePolicy=closed +DynamicUser=yes +Group=powercap +IPAccounting=yes +LockPersonality=yes +MemoryDenyWriteExecute=yes +MemoryMax=100M +NoNewPrivileges=yes +PrivateDevices=yes +PrivateTmp=yes +PrivateUsers=yes +ProtectClock=yes +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectSystem=strict +RestrictAddressFamilies=AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SyslogIdentifier=scaphandre +SystemCallFilter=~@cpu-emulation +SystemCallFilter=~@debug +SystemCallFilter=~@keyring +SystemCallFilter=~@module +SystemCallFilter=~@mount +SystemCallFilter=~@obsolete +SystemCallFilter=~@privileged +SystemCallFilter=~@raw-io +SystemCallFilter=~@reboot +SystemCallFilter=~@resources +SystemCallFilter=~@swap +UMask=0777 +Restart=on-failure + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/tests/inventory b/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/tests/test.yml b/tests/test.yml new file mode 100644 index 0000000..e2a0315 --- /dev/null +++ b/tests/test.yml @@ -0,0 +1,5 @@ +--- +# - hosts: localhost +# remote_user: root +# roles: +# - hubblo.scaphandre diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..3e24ce3 --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for hubblo.scaphandre