grafana-ansible-collection
grafana-ansible-collection copied to clipboard
grafana
Alloy role - Add user to additional groups
Some logs on linux machines are not readable by anyone. They are either owned by root or another group. For example, on debian based systems, they are owned by the 'adm' group.
It would be great, if we were able to assign the alloy user to those groups using the 'alloy' role of this collection.
I am looking forward to your responses to that topic. Thank you very much!
You should be able to pass a custom service_group and service_user as role arguments. Have you tried that?
Hi @ishanjainn and thank you for the quick response.
According to the ansible documentation, that would only set the primary group. -> ansible.builtin.user
When we want to add the user to additional groups, we would have to use the groups statement.
Currently, this parameter is not set:
- name: Create alloy user
ansible.builtin.user:
name: "{{ service_user }}"
group: "{{ service_group }}"
system: true
create_home: false # Appropriate for a system user, usually doesn't need a home directory
become: true
Gotcha, Yeah multiple groups might not be supported natively in the role, Ill have to check on what could be done
I'm having issues also with this. No matter what I place on alloy_user_groups, it doesn't get respected. It always places alloy user onto just the alloy group. I want alloy to also belong to the Docker group so that it can do SD and read logs. @ishanjainn
@cardasac at the current state of the repository, this is the intended functionality. There is no variable "alloy_user_groups" that could be picked up or assigned.
Significant changes have been made to the Alloy role. You can read more about the changes here: https://github.com/grafana/grafana-ansible-collection/issues/280. This has already been implemented in the new Alloy role.
Example:
alloy_user_groups:
- "systemd-journal"
- "adm"
