Remove dnsbl_exporter; use FQCNs everywhere

2024-11-22 17:51:01 +01:00 · 2021-11-03 02:25:21 +01:00 · 2021-11-03 02:25:21 +01:00 · c6f6440598
commit c6f6440598
parent 6927906cbb
26 changed files with 111 additions and 177 deletions
--- a/roles/alertmanager/handlers/main.yml
+++ b/roles/alertmanager/handlers/main.yml
@ -1,11 +1,11 @@
 ---

 - name: restart alertmanager
-  service:
+  ansible.builtin.service:
    name: prometheus-alertmanager.service
    state: restarted

 - name: reload alertmanager
-  service:
+  ansible.builtin.service:
    name: prometheus-alertmanager.service
    state: reloaded
--- a/roles/alertmanager/tasks/config.yml
+++ b/roles/alertmanager/tasks/config.yml
@ -1,7 +1,7 @@
 ---

 - name: render alertmanager runtime arguments
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: /etc/default/prometheus-alertmanager
    regexp: "^ARGS=.*$"
    line: >-
@ -10,7 +10,7 @@
  notify: restart alertmanager

 - name: render alertmanager config template
-  template:
+  ansible.builtin.template:
    src: alertmanager.yml.j2
    dest: /etc/prometheus/alertmanager.yml
    owner: root
@ -20,7 +20,7 @@
  notify: reload alertmanager

 - name: render alertmanager notification templates
-  copy:
+  ansible.builtin.copy:
    content: "{{ item.content }}"
    dest: "{{ item.path }}"
    owner: root
--- a/roles/alertmanager/tasks/install.yml
+++ b/roles/alertmanager/tasks/install.yml
@ -1,13 +1,13 @@
 ---

 - name: install alertmanager
-  apt:
+  ansible.builtin.apt:
    name: prometheus-alertmanager
    state: present
    update_cache: yes

 - name: start and enable alertmanager
-  systemd:
+  ansible.builtin.systemd:
    name: prometheus-alertmanager.service
    state: started
    enabled: yes
--- a/roles/dnsbl_exporter/defaults/main.yml
+++ b/roles/dnsbl_exporter/defaults/main.yml
@ -1,4 +0,0 @@
---
-
-prometheus_dnsbl_exporter_rbls: []
-prometheus_dnsbl_exporter_args: ""
--- a/roles/dnsbl_exporter/handlers/main.yml
+++ b/roles/dnsbl_exporter/handlers/main.yml
@ -1,6 +0,0 @@
---
-
- name: restart prometheus-dnsbl-exporter
-  service:
-    name: prometheus-dnsbl-exporter
-    state: restarted
--- a/roles/dnsbl_exporter/tasks/config.yml
+++ b/roles/dnsbl_exporter/tasks/config.yml
@ -1,27 +0,0 @@
---
-
- name: render /etc/default/prometheus-dnsbl-exporter
-  template:
-    src: etc/default/prometheus-dnsbl-exporter.j2
-    dest: /etc/default/prometheus-dnsbl-exporter
-  notify: restart prometheus-dnsbl-exporter
-
- name: render rbls.ini
-  template:
-    src: etc/prometheus/dnsbl-exporter/rbls.ini.j2
-    dest: /etc/prometheus/dnsbl-exporter/rbls.ini
-  vars:
-    rbls: "{{ prometheus_dnsbl_exporter_rbls }}"
-  notify: restart prometheus-dnsbl-exporter
-
- name: render targets.ini
-  template:
-    src: etc/prometheus/dnsbl-exporter/targets.ini.j2
-    dest: /etc/prometheus/dnsbl-exporter/targets.ini
-  notify: restart prometheus-dnsbl-exporter
-
- name: start and enable prometheus-dnsbl-exporter
-  service:
-    name: prometheus-dnsbl-exporter
-    state: started
-    enabled: yes
--- a/roles/dnsbl_exporter/tasks/install.yml
+++ b/roles/dnsbl_exporter/tasks/install.yml
@ -1,26 +0,0 @@
---
-
- name: add s3lphrepo apt key
-  apt_key:
-    data: |
-      -----BEGIN PGP PUBLIC KEY BLOCK-----
-      
-      mDMEXu0vYhYJKwYBBAHaRw8BAQdAavB6HHoI15+Dh4ackdZuCjRkPzWcG64DHVxu
-      C2yDFfG0X3MzbHBoJ3MgQ3VzdG9tIERlYmlhbiBSZXBvc2l0b3J5IChBdXRvbWF0
-      ZWQgUGlwZWxpbmUpIDxhY2NvdW50LWdpdGxhYi1pZGV5bml6dkBrZXJuZWxwYW5p
-      Yy5sb2w+iJAEExYIADgWIQQ/Y+h7ABiB4vyzwPu8TSozeH+lRAUCXu0vYgIbAwUL
-      CQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRC8TSozeH+lRNzVAPsEKmhB0kl5Toyj
-      fBPUAJ6Fr+0ljZwoj1oR16Kl9GvkzQD/XqsZC+sYSImXhDTx6iDXm1WYycgB7Abt
-      1dm6aN640gU=
-      =YLAj
-      -----END PGP PUBLIC KEY BLOCK-----
-
- name: add s3lphrepo
-  apt_repository:
-    repo: deb https://kernelpanic.lol/repo stable main
-    filename: s3lphrepo
-    
- name: install prometheus-dnsbl-exporter
-  package:
-    name: prometheus-dnsbl-exporter
-    state: present
--- a/roles/dnsbl_exporter/tasks/main.yml
+++ b/roles/dnsbl_exporter/tasks/main.yml
@ -1,11 +0,0 @@
---
-
- import_tasks: install.yml
-  tags:
-    - "role::dnsbl_exporter"
-    - "role::dnsbl_exporter:install"
-
- import_tasks: config.yml
-  tags:
-    - "role::dnsbl_exporter"
-    - "role::dnsbl_exporter:config"
--- a/roles/dnsbl_exporter/templates/etc/default/prometheus-dnsbl-exporter.j2
+++ b/roles/dnsbl_exporter/templates/etc/default/prometheus-dnsbl-exporter.j2
@ -1,3 +0,0 @@
-{{ ansible_managed | comment }}
-
-ARGS="--config.rbls=/etc/prometheus/dnsbl-exporter/rbls.ini --config.targets=/etc/prometheus/dnsbl-exporter/targets.ini {{ prometheus_dnsbl_exporter_args }}"
--- a/roles/dnsbl_exporter/templates/etc/prometheus/dnsbl-exporter/rbls.ini.j2
+++ b/roles/dnsbl_exporter/templates/etc/prometheus/dnsbl-exporter/rbls.ini.j2
@ -1,6 +0,0 @@
-{{ ansible_managed | comment }}
-
-[rbl]
-{% for rbl in rbls %}
-server={{ rbl }}
-{% endfor %}
--- a/roles/dnsbl_exporter/templates/etc/prometheus/dnsbl-exporter/targets.ini.j2
+++ b/roles/dnsbl_exporter/templates/etc/prometheus/dnsbl-exporter/targets.ini.j2
@ -1,8 +0,0 @@
-{{ ansible_managed | comment }}
-
-[targets]
-{% for host in hostvars.keys() %}
-{% if hostvars[host].monitor_dnsbl | default('false') | bool %}
-server={{ host }}
-{% endif %}
-{% endfor %}
--- a/roles/prometheus/handlers/main.yml
+++ b/roles/prometheus/handlers/main.yml
@ -1,11 +1,11 @@
 ---

 - name: restart prometheus
-  systemd:
+  ansible.builtin.systemd:
    name: prometheus.service
    state: restarted

 - name: restart blackbox exporter
-  systemd:
+  ansible.builtin.systemd:
    name: prometheus-blackbox-exporter-local.service
    state: restarted
--- a/roles/prometheus/tasks/blackbox.yml
+++ b/roles/prometheus/tasks/blackbox.yml
@ -1,16 +1,16 @@
 ---

 - name: initialize list of blackbox modules
-  set_fact:
+  ansible.builtin.set_fact:
    _blackbox_modules: {}

 - name: build list of blackbox modules
-  set_fact:
+  ansible.builtin.set_fact:
    _blackbox_modules: "{% set _ = _blackbox_modules.update(item) %}{{ _blackbox_modules }}"
  loop: "{{ hostvars[inventory_hostname] | dict2items | selectattr('key', 'match', '^prometheus_job_.+$') | map(attribute='value') | map(attribute='blackbox') | map(attribute='modules') | select('defined') | list }}"

 - name: render blackbox exporter configuration
-  template:
+  ansible.builtin.template:
    src: blackbox.yml
    dest: /etc/prometheus/blackbox.yml
    owner: root
--- a/roles/prometheus/tasks/flush.yml
+++ b/roles/prometheus/tasks/flush.yml
@ -1,7 +1,7 @@
 ---

 - name: enable prometheus admin api
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: /etc/default/prometheus
    regexp: "^ARGS=.*$"
    line: >-
@ -10,14 +10,14 @@
  notify: restart prometheus

 - name: flush handlers
-  meta: flush_handlers
+  ansible.builtin.meta: flush_handlers

 - name: wait
-  pause:
+  ansible.builtin.pause:
    seconds: 15

 - name: clear prometheus time series database
-  uri:
+  ansible.builtin.uri:
    url: http://127.0.0.1:9090/api/v1/admin/tsdb/delete_series?match[]=%7B__name__%3D~%22.%2B%22%7D
    method: POST
    status_code:
@ -25,11 +25,11 @@
      - 204

 - name: wait
-  pause:
+  ansible.builtin.pause:
    seconds: 5

 - name: disable prometheus admin api
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: /etc/default/prometheus
    regexp: "^ARGS=.*$"
    line: >-
@ -38,4 +38,4 @@
  notify: restart prometheus

 - name: flush handlers
-  meta: flush_handlers
+  ansible.builtin.meta: flush_handlers
--- a/roles/prometheus/tasks/install.yml
+++ b/roles/prometheus/tasks/install.yml
@ -1,30 +1,30 @@
 ---

 - name: install prometheus
-  apt:
+  ansible.builtin.apt:
    name: prometheus
    state: present
    update_cache: yes

 - name: start and enable prometheus
-  systemd:
+  ansible.builtin.systemd:
    name: prometheus.service
    state: started
    enabled: yes

 - name: download blackbox exporter
-  get_url:
+  ansible.builtin.get_url:
    url: "https://github.com/prometheus/blackbox_exporter/releases/download/v{{ prometheus_blackbox_exporter_version }}/blackbox_exporter-{{ prometheus_blackbox_exporter_version }}.linux-amd64.tar.gz"  # noqa 204
    dest: "/root/blackbox_exporter-{{ prometheus_blackbox_exporter_version }}.tar.gz"

 - name: unpack blackbox exporter
-  unarchive:
+  ansible.builtin.unarchive:
    src: "/root/blackbox_exporter-{{ prometheus_blackbox_exporter_version }}.tar.gz"
    dest: "/root"
    remote_src: yes

 - name: install blackbox exporter
-  copy:
+  ansible.builtin.copy:
    src: "/root/blackbox_exporter-{{ prometheus_blackbox_exporter_version }}.linux-amd64/blackbox_exporter"
    dest: /usr/local/bin/prometheus-blackbox-exporter
    remote_src: yes
@ -33,7 +33,7 @@
    mode: 0755

 - name: install blackbox exporter defaults file
-  template:
+  ansible.builtin.template:
    src: etc-defaults-blackbox
    dest: /etc/default/prometheus-blackbox-exporter
    owner: root
@ -41,7 +41,7 @@
    mode: 0644

 - name: install blackbox exporter service
-  template:
+  ansible.builtin.template:
    src: prometheus-blackbox-exporter-local.service
    dest: /etc/systemd/system/prometheus-blackbox-exporter-local.service
    owner: root
@ -49,13 +49,13 @@
    mode: 0644

 - name: stop and diable native blackbox exporter
-  systemd:
+  ansible.builtin.systemd:
    name: prometheus-blackbox-exporter.service
    state: stopped
    enabled: no

 - name: start and enable blackbox exporter
-  systemd:
+  ansible.builtin.systemd:
    name: prometheus-blackbox-exporter-local.service
    state: started
    enabled: yes
--- a/roles/prometheus/tasks/prometheus.yml
+++ b/roles/prometheus/tasks/prometheus.yml
@ -3,16 +3,17 @@
 - name: create config fragment directory
  delegate_to: localhost
  run_once: yes
-  file:
+  ansible.builtin.file:
    path: "{{ playbook_dir }}/.prometheus/{{ item }}.d"
    state: directory
+    mode: 0755
  loop:
    - conf
    - alerts

 - name: list current config fragments
  delegate_to: localhost
-  find:
+  ansible.builtin.find:
    paths:
      - "{{ playbook_dir }}/.prometheus/conf.d/"
      - "{{ playbook_dir }}/.prometheus/alerts.d/"
@ -22,23 +23,25 @@
  register: prometheus_register_current_fragments

 - name: process current config fragments
-  set_fact:
+  ansible.builtin.set_fact:
    prometheus_register_current_fragments:
      "{{ prometheus_register_current_fragments.files | map(attribute='path') | list }}"

 - name: render prometheus base config
  delegate_to: localhost
  run_once: yes
-  template:
+  ansible.builtin.template:
    src: prometheus-base.yml
    dest: "{{ playbook_dir }}/.prometheus/conf.d/00-base.yml"
+    mode: 0644

 - name: render prometheus job configs
  delegate_to: localhost
  run_once: yes
-  template:
+  ansible.builtin.template:
    src: prometheus-job.yml
    dest: "{{ playbook_dir }}/.prometheus/conf.d/{{ '%02d' | format(counter+1) }}-job-{{ item.name }}.yml"
+    mode: 0644
  vars:
    job: "{{ item }}"
  loop: "{{ hostvars[inventory_hostname] | dict2items | selectattr('key', 'match', '^prometheus_job_.+$') | map(attribute='value') | list }}"
@ -47,60 +50,64 @@
  register: prometheus_register_new_config_fragments

 - name: remove newly created files from deletion list
-  set_fact:
+  ansible.builtin.set_fact:
    prometheus_register_current_fragments:
      "{{ prometheus_register_current_fragments | difference(prometheus_register_new_config_fragments.results | map(attribute='dest') | list) }}"

 - name: render prometheus alert base config
  delegate_to: localhost
  run_once: yes
-  template:
+  ansible.builtin.template:
    src: prometheus-alert-base.yml
    dest: .prometheus/alerts.d/00-base.yml
+    mode: 0644

 - name: render prometheus alert configs
  delegate_to: localhost
  run_once: yes
-  copy:
+  ansible.builtin.copy:
    content: "{{ item.alerts | to_nice_yaml(indent=2) | indent(2, first=true) }}"
    dest: "{{ playbook_dir }}/.prometheus/alerts.d/{{ '%02d' | format(counter+1) }}-alert-{{ item.name }}.yml"
+    mode: 0644
  loop: "{{ hostvars[inventory_hostname] | dict2items | selectattr('key', 'match', '^prometheus_job_.+$') | map(attribute='value') | list }}"
  loop_control:
    index_var: counter
  register: prometheus_register_new_alert_fragments

 - name: remove newly created files from deletion list
-  set_fact:
+  ansible.builtin.set_fact:
    prometheus_register_current_fragments:
      "{{ prometheus_register_current_fragments | difference(prometheus_register_new_alert_fragments.results | map(attribute='dest') | list) }}"

 - name: render host-specific prometheus alert configs
  delegate_to: localhost
-  copy:
+  ansible.builtin.copy:
    content: "{{  hostvars[item].prometheus_host_specific_alerts | to_nice_yaml(indent=2) | indent(2, first=true) }}"
    dest: "{{ playbook_dir }}/.prometheus/alerts.d/{{ '99-host-%s' | format(hostvars[item].inventory_hostname) }}-alerts.yml"
+    mode: 0644
  when: "'prometheus_host_specific_alerts' in hostvars[item]"
  loop: "{{ hostvars.keys() | list }}"
  register: prometheus_register_new_host_specific_alert_fragments

 - name: remove newly created files from deletion list
-  set_fact:
+  ansible.builtin.set_fact:
    prometheus_register_current_fragments:
      "{{ prometheus_register_current_fragments | difference(prometheus_register_new_host_specific_alert_fragments.results | selectattr('dest', 'defined') | map(attribute='dest') | list) }}"  # noqa 204

 - name: delete old config fragments
  delegate_to: localhost
-  file:
+  ansible.builtin.file:
    path: "{{ item }}"
    state: absent
  loop: "{{ prometheus_register_current_fragments }}"

 - name: assemble fragment directories
  delegate_to: localhost
-  assemble:
+  ansible.builtin.assemble:
    src: "{{ playbook_dir }}/.prometheus/{{ item.local }}.d/"
    dest: "{{ playbook_dir }}/.prometheus/{{ item.remote }}.yml"
    delimiter: "\n\n"
+    mode: 0644
  loop:
    - local: conf
      remote: prometheus
@ -108,7 +115,7 @@
      remote: alert_rules

 - name: upload config files to host
-  copy:
+  ansible.builtin.copy:
    src: "{{ playbook_dir }}/.prometheus/prometheus.yml"
    dest: "/etc/prometheus/prometheus.yml"
    owner: root
@ -118,7 +125,7 @@
  notify: restart prometheus

 - name: upload alert config file to host
-  copy:
+  ansible.builtin.copy:
    src: "{{ playbook_dir }}/.prometheus/alert_rules.yml"
    dest: "/etc/prometheus/alert_rules.yml"
    owner: root
@ -128,7 +135,7 @@
  notify: restart prometheus

 - name: configure prometheus lookback delta
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: /etc/default/prometheus
    regexp: "^ARGS=.*$"
    line: >-
--- a/roles/prometheus_node/handlers/main.yml
+++ b/roles/prometheus_node/handlers/main.yml
@ -1,18 +1,18 @@
 ---

 - name: ucr commit
-  command: /usr/sbin/ucr commit
+  ansible.builtin.command: /usr/sbin/ucr commit

 - name: systemctl daemon-reload
-  systemd:
+  ansible.builtin.systemd:
    daemon_reload: yes

 - name: restart prometheus-zpool-collector
-  systemd:
+  ansible.builtin.systemd:
    name: prometheus-node-exporter-zpool.timer
    state: restarted

 - name: restart prometheus-node-exporter
-  systemd:
+  ansible.builtin.systemd:
    name: prometheus-node-exporter.service
    state: restarted
--- a/roles/prometheus_node/tasks/collectors.yml
+++ b/roles/prometheus_node/tasks/collectors.yml
@ -1,25 +1,33 @@
 ---

 - name: install collector script
-  template:
+  ansible.builtin.template:
    src: "{{ basename }}.j2"
    dest: "/usr/local/bin/{{ basename }}"
+    owner: root
+    group: prometheus
    mode: 0750
  vars:
    basename: "{{ item.value.template_base_name | default('prometheus-node-exporter-' + item.key + '.sh') }}"
  loop: "{{ prometheus_textfile_collectors | dict2items }}"

 - name: install collector config
-  copy:
+  ansible.builtin.copy:
    content: "{{ item.value.config.content }}"
    dest: "{{ item.value.config.filename }}"
+    owner: root
+    group: prometheus
+    mode: 0640
  when: "'config' in item.value"
  loop: "{{ prometheus_textfile_collectors | dict2items }}"

 - name: install collector service
-  template:
+  ansible.builtin.template:
    src: "prometheus-collector.service.j2"
    dest: "/etc/systemd/system/prometheus-node-exporter-{{ item.key }}.service"
+    owner: root
+    group: root
+    mode: 0644
  vars:
    basename: "{{ item.value.template_base_name | default('prometheus-node-exporter-' + item.key + '.sh') }}"
  loop: "{{ prometheus_textfile_collectors | dict2items }}"
@ -27,15 +35,18 @@
    - systemctl daemon-reload

 - name: install collector timer
-  template:
+  ansible.builtin.template:
    src: "prometheus-collector.timer.j2"
    dest: "/etc/systemd/system/prometheus-node-exporter-{{ item.key }}.timer"
+    owner: root
+    group: root
+    mode: 0644
  loop: "{{ prometheus_textfile_collectors | dict2items }}"
  notify:
    - systemctl daemon-reload

 - name: start and enable collector timer
-  systemd:
+  ansible.builtin.systemd:
    name: "prometheus-node-exporter-{{ item.key }}.timer"
    state: started
    enabled: yes
--- a/roles/prometheus_node/tasks/config.yml
+++ b/roles/prometheus_node/tasks/config.yml
@ -1,24 +1,29 @@
 ---

 - name: create /etc/prometheus/node-exporter/tls
-  file:
+  ansible.builtin.file:
    path: /etc/prometheus/node-exporter/tls
    state: directory
    owner: prometheus
    group: prometheus
+    mode: 0750

 - name: render /etc/prometheus/node-exporter/tls/config.yml
-  template:
+  ansible.builtin.template:
    src: prometheus-node-exporter-webconfig.yml.j2
    dest: /etc/prometheus/node-exporter/tls/config.yml
    owner: prometheus
    group: prometheus
+    mode: 0640
  notify: restart prometheus-node-exporter

 - name: render /etc/default/prometheus-node-exporter
-  template:
+  ansible.builtin.template:
    src: prometheus-node-exporter.default.j2
    dest: /etc/default/prometheus-node-exporter
+    owner: root
+    group: prometheus
+    mode: 0640
  vars:
    args: "{{ prometheus_node_exporter_args }}"
  notify: restart prometheus-node-exporter
--- a/roles/prometheus_node/tasks/debian10.yml
+++ b/roles/prometheus_node/tasks/debian10.yml
@ -2,7 +2,7 @@


 - name: check if package files already exist
-  stat:
+  ansible.builtin.stat:
    path: "/root/{{ item.name }}_{{ item.version }}_{{ item.arch }}.deb"
  loop:
    - name: prometheus-node-exporter
@ -14,7 +14,7 @@
  register: prometheus_node_register_ucs_deb_stat

 - name: download packages
-  get_url:
+  ansible.builtin.get_url:
    url: "https://{{ debian_mirror }}/debian/pool/main/{{ pfirst | urlencode() }}/{{ package | urlencode() }}/{{ package | urlencode() }}_{{ version | urlencode() }}_{{ arch | urlencode() }}.deb"  # noqa 204
    dest: "/root/{{ package }}_{{ version }}_{{ arch }}.deb"
  vars:
@ -26,31 +26,31 @@
  loop: "{{ prometheus_node_register_ucs_deb_stat.results }}"

 - name: install packages
-  apt:
+  ansible.builtin.apt:
    deb: "/root/{{ item.item.name }}_{{ item.item.version }}_{{ item.item.arch }}.deb"
  loop: "{{ prometheus_node_register_ucs_deb_stat.results }}"

 - name: start prometheus-node-exporter.service
-  systemd:
+  ansible.builtin.systemd:
    name: prometheus-node-exporter.service
    state: started
    enabled: yes

 - name: start prometheus-node-exporter-apt.timer
-  systemd:
+  ansible.builtin.systemd:
    name: prometheus-node-exporter-apt.timer
    state: started
    enabled: yes

 - name: install smartmontools
-  apt:
+  ansible.builtin.apt:
    name: smartmontools
    state: present
  when:
    - ansible_virtualization_role == 'host'

 - name: start prometheus-node-exporter-smartmon.timer
-  systemd:
+  ansible.builtin.systemd:
    name: prometheus-node-exporter-smartmon.timer
    state: "{{ (ansible_virtualization_role == 'host' and not smartmon_exporter_force_off) | ternary('started', 'stopped') }}"
    enabled: "{{ ansible_virtualization_role == 'host' }}"
--- a/roles/prometheus_node/tasks/debian11.yml
+++ b/roles/prometheus_node/tasks/debian11.yml
@ -1,7 +1,7 @@
 ---

 - name: install prometheus-node-exporter
-  apt:
+  ansible.builtin.apt:
    name: "{{ item }}"
    state: present
    update_cache: yes
@ -10,26 +10,26 @@
    - prometheus-node-exporter-collectors

 - name: start prometheus-node-exporter.service
-  systemd:
+  ansible.builtin.systemd:
    name: prometheus-node-exporter.service
    state: started
    enabled: yes

 - name: start prometheus-node-exporter-apt.timer
-  systemd:
+  ansible.builtin.systemd:
    name: prometheus-node-exporter-apt.timer
    state: started
    enabled: yes

 - name: install smartmontools
-  apt:
+  ansible.builtin.apt:
    name: smartmontools
    state: present
  when:
    - ansible_virtualization_role == 'host'

 - name: start prometheus-node-exporter-smartmon.timer
-  systemd:
+  ansible.builtin.systemd:
    name: prometheus-node-exporter-smartmon.timer
    state: "{{ (ansible_virtualization_role == 'host' and not smartmon_exporter_force_off) | ternary('started', 'stopped') }}"
    enabled: "{{ ansible_virtualization_role == 'host' }}"
--- a/roles/prometheus_node/tasks/ucs.yml
+++ b/roles/prometheus_node/tasks/ucs.yml
@ -1,7 +1,7 @@
 ---

 - name: check if package files already exist
-  stat:
+  ansible.builtin.stat:
    path: "/root/{{ item.name }}_{{ item.version }}_{{ item.arch }}.deb"
  loop:
    - name: prometheus-node-exporter
@ -16,7 +16,7 @@
  register: prometheus_node_register_ucs_deb_stat

 - name: download packages
-  get_url:
+  ansible.builtin.get_url:
    url: "https://{{ debian_mirror }}/debian/pool/main/{{ pfirst | urlencode() }}/{{ package | urlencode() }}/{{ package | urlencode() }}_{{ version | urlencode() }}_{{ arch | urlencode() }}.deb"  # noqa 204
    dest: "/root/{{ package }}_{{ version }}_{{ arch }}.deb"
  vars:
@ -28,37 +28,37 @@
  loop: "{{ prometheus_node_register_ucs_deb_stat.results }}"

 - name: install packages
-  apt:
+  ansible.builtin.apt:
    deb: "/root/{{ item.item.name }}_{{ item.item.version }}_{{ item.item.arch }}.deb"
  loop: "{{ prometheus_node_register_ucs_deb_stat.results }}"

 - name: start prometheus-node-exporter.service
-  systemd:
+  ansible.builtin.systemd:
    name: prometheus-node-exporter.service
    state: started
    enabled: yes

 - name: start prometheus-node-exporter-apt.timer
-  systemd:
+  ansible.builtin.systemd:
    name: prometheus-node-exporter-apt.timer
    state: started
    enabled: yes

 - name: install smartmontools
-  apt:
+  ansible.builtin.apt:
    name: smartmontools
    state: present
  when:
    - ansible_virtualization_role == 'host'

 - name: start prometheus-node-exporter-smartmon.timer
-  systemd:
+  ansible.builtin.systemd:
    name: prometheus-node-exporter-smartmon.timer
    state: "{{ (ansible_virtualization_role == 'host' and not smartmon_exporter_force_off) | ternary('started', 'stopped') }}"
    enabled: "{{ ansible_virtualization_role == 'host' }}"

 - name: check firewall settings in ucr
-  command: "/usr/sbin/ucr get {{ item.name }}"
+  ansible.builtin.command: "/usr/sbin/ucr get {{ item.name }}"
  changed_when: no
  check_mode: no
  loop:
@ -69,7 +69,7 @@
  register: prometheus_node_register_ucs_ucr

 - name: set firewall settings in ucr
-  command: "/usr/sbin/ucr set {{ item.item.name }}={{ item.item.value }}"
+  ansible.builtin.command: "/usr/sbin/ucr set {{ item.item.name }}={{ item.item.value }}"
  changed_when: yes
  notify:
    - ucr commit
--- a/roles/prometheus_node_openbsd/handlers/main.yml
+++ b/roles/prometheus_node_openbsd/handlers/main.yml
@ -1,7 +1,7 @@
 ---

 - name: start node exporter
-  command: /usr/sbin/rcctl start node_exporter
+  ansible.builtin.command: /usr/sbin/rcctl start node_exporter

 - name: restart node exporter
-  command: /usr/sbin/rcctl restart node_exporter
+  ansible.builtin.command: /usr/sbin/rcctl restart node_exporter
--- a/roles/prometheus_node_openbsd/tasks/config.yml
+++ b/roles/prometheus_node_openbsd/tasks/config.yml
@ -1,22 +1,24 @@
 ---

 - name: create /etc/prometheus/node-exporter/tls
-  file:
+  ansible.builtin.file:
    path: /etc/prometheus/node-exporter/tls
    state: directory
    owner: _nodeexporter
    group: _nodeexporter
+    mode: 0750

 - name: render /etc/prometheus/node-exporter/tls/config.yml
-  template:
+  ansible.builtin.template:
    src: prometheus-node-exporter-webconfig.yml.j2
    dest: /etc/prometheus/node-exporter/tls/config.yml
    owner: _nodeexporter
    group: _nodeexporter
+    mode: 0640
  notify: restart node exporter

 - name: configure node exporter
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: /etc/rc.conf.local
    line: >-
      node_exporter_flags=--collector.textfile.directory={{ node_exporter_textfile_dir }}
--- a/roles/prometheus_node_openbsd/tasks/install.yml
+++ b/roles/prometheus_node_openbsd/tasks/install.yml
@ -1,11 +1,11 @@
 ---

 - name: install prometheus node exporter
-  openbsd_pkg:
+  community.general.openbsd_pkg:
    name: node_exporter

 - name: create textfile collector directory
-  file:
+  ansible.builtin.file:
    path: "{{ node_exporter_textfile_dir }}"
    state: directory
    owner: root
--- a/roles/prometheus_node_openbsd/tasks/syspatch.yml
+++ b/roles/prometheus_node_openbsd/tasks/syspatch.yml
@ -1,7 +1,7 @@
 ---

 - name: create syspatch check script
-  template:
+  ansible.builtin.template:
    src: syspatch.sh.j2
    dest: /usr/local/bin/prometheus-node-exporter-syspatch.sh
    owner: root
@ -9,7 +9,7 @@
    mode: 0755

 - name: register syspatch check script in cron
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: /etc/daily.local
    regexp: '^/usr/local/bin/prometheus-node-exporter-syspatch.sh$'
    line: '/usr/local/bin/prometheus-node-exporter-syspatch.sh'