prometheus-community · gardar · Aug 12, 2025 · Aug 12, 2025
diff --git a/galaxy.yml b/galaxy.yml
@@ -20,6 +20,7 @@ tags:
   - cloud
 dependencies:
   community.general: '>=1.0.0'
+  ans2dev.general: '0.2.0'
 repository: "https://github.com/prometheus-community/ansible"
 documentation: "https://prometheus-community.github.io/ansible"
 homepage: "https://prometheus.io"

diff --git a/requirements.yml b/requirements.yml
@@ -4,3 +4,5 @@ collections:
     type: git
   - name: https://github.com/ansible-collections/community.crypto.git
     type: git
+  - name: ans2dev.general
+    version: 0.2.0
diff --git a/roles/smartctl_exporter/handlers/main.yml b/roles/smartctl_exporter/handlers/main.yml
@@ -8,3 +8,20 @@
     state: restarted
   when:
     - not ansible_check_mode
+
+- name: Reload udev rules
+  listen: "udev reload"
+  become: true
+  ans2dev.general.udevadm_control:
+    reload: true
+  when:
+    - not ansible_check_mode
+
+- name: Trigger udev (apply new perms)
+  listen: "udev apply"
+  become: true
+  ans2dev.general.udevadm_trigger:
+    action: change
+    type: devices
+  when:
+    - not ansible_check_mode
diff --git a/roles/smartctl_exporter/tasks/configure.yml b/roles/smartctl_exporter/tasks/configure.yml
@@ -0,0 +1,50 @@
+---
+- name: Configure
+  ansible.builtin.include_role:
+    name: prometheus.prometheus._common
+    tasks_from: configure.yml
+  vars:
+    _common_system_user: "{{ smartctl_exporter_system_user }}"
+    _common_system_group: "{{ smartctl_exporter_system_group }}"
+    _common_config_dir: "{{ smartctl_exporter_config_dir }}"
+    _common_tls_server_config: "{{ smartctl_exporter_tls_server_config }}"
+    _common_http_server_config: "{{ smartctl_exporter_http_server_config }}"
+    _common_basic_auth_users: "{{ smartctl_exporter_basic_auth_users }}"
+  tags:
+    - smartctl_exporter
+    - configure
+    - smartctl_exporter_configure
+
+- name: Install udev rules for S.M.A.R.T access
+  ansible.builtin.template:
+    src: "{{ _smartctl_exporter_udev_filename }}.j2"
+    dest: "/etc/udev/rules.d/{{ _smartctl_exporter_udev_filename }}"
+    owner: root
+    group: root
+    mode: '0644'
+    validate: 'udevadm verify %s'
+  become: true
+  when:
+    - smartctl_exporter_system_user != 'root'
+    - smartctl_exporter_system_group != 'root'
+  notify:
+    - "udev reload"
+    - "udev apply"
+  tags:
+    - smartctl_exporter
+    - configure
+    - smartctl_exporter_configure
+
+- name: Ensure smartctl has needed file capabilities
+  community.general.capabilities:
+    path: "{{ smartctl_exporter_smartctl_path }}"
+    capability: "cap_sys_rawio,cap_sys_admin+ep"
+    state: present
+  become: true
+  when:
+    - smartctl_exporter_system_user != 'root'
+    - smartctl_exporter_system_group != 'root'
+  tags:
+    - smartctl_exporter
+    - configure
+    - smartctl_exporter_configure
diff --git a/roles/smartctl_exporter/tasks/main.yml b/roles/smartctl_exporter/tasks/main.yml
@@ -3,8 +3,12 @@
   ansible.builtin.include_tasks:
     file: preflight.yml
   tags:
+    - smartctl_exporter
+    - install
     - smartctl_exporter_install
+    - configure
     - smartctl_exporter_configure
+    - run
     - smartctl_exporter_run
 
 - name: Install
@@ -22,6 +26,8 @@
     _common_config_dir: "{{ smartctl_exporter_config_dir }}"
     _common_binary_unarchive_opts: ['--strip-components=1']
   tags:
+    - smartctl_exporter
+    - install
     - smartctl_exporter_install
 
 - name: SELinux
@@ -32,20 +38,16 @@
     _common_selinux_port: "{{ smartctl_exporter_web_listen_address | urlsplit('port') }}"
   when: ansible_facts['selinux'].status == "enabled"
   tags:
+    - smartctl_exporter
+    - configure
     - smartctl_exporter_configure
 
 - name: Configure
-  ansible.builtin.include_role:
-    name: prometheus.prometheus._common
-    tasks_from: configure.yml
-  vars:
-    _common_system_user: "{{ smartctl_exporter_system_user }}"
-    _common_system_group: "{{ smartctl_exporter_system_group }}"
-    _common_config_dir: "{{ smartctl_exporter_config_dir }}"
-    _common_tls_server_config: "{{ smartctl_exporter_tls_server_config }}"
-    _common_http_server_config: "{{ smartctl_exporter_http_server_config }}"
-    _common_basic_auth_users: "{{ smartctl_exporter_basic_auth_users }}"
+  ansible.builtin.include_tasks:
+    file: configure.yml
   tags:
+    - smartctl_exporter
+    - configure
     - smartctl_exporter_configure
 
 - name: Ensure Smartctl Exporter is enabled on boot
@@ -58,4 +60,6 @@
   when:
     - not ansible_check_mode
   tags:
+    - smartctl_exporter
+    - run
     - smartctl_exporter_run
diff --git a/roles/smartctl_exporter/templates/99-smartctl-exporter.rules.j2 b/roles/smartctl_exporter/templates/99-smartctl-exporter.rules.j2
@@ -0,0 +1,14 @@
+{{ ansible_managed | comment }}
+
+# SCSI/SATA disks (e.g., /dev/sdX)
+SUBSYSTEM=="block", KERNEL=="sd[a-z]*", GROUP="{{ smartctl_exporter_system_group }}", MODE="{{ _smartctl_exporter_udev_mode }}"
+
+# SCSI generic (e.g., /dev/sg0)
+KERNEL=="sg[0-9]*", GROUP="{{ smartctl_exporter_system_group }}", MODE="{{ _smartctl_exporter_udev_mode }}"
+
+# Block SCSI generic (bsg)
+KERNEL=="bsg", GROUP="{{ smartctl_exporter_system_group }}", MODE="{{ _smartctl_exporter_udev_mode }}"
+
+# NVMe controllers and namespaces
+KERNEL=="nvme[0-9]*", GROUP="{{ smartctl_exporter_system_group }}", MODE="{{ _smartctl_exporter_udev_mode }}"
+KERNEL=="nvme[0-9]*n[0-9]*", GROUP="{{ smartctl_exporter_system_group }}", MODE="{{ _smartctl_exporter_udev_mode }}"
diff --git a/roles/smartctl_exporter/vars/main.yml b/roles/smartctl_exporter/vars/main.yml
@@ -7,3 +7,5 @@ _smartctl_exporter_go_ansible_arch: "{{ {'i386': '386',
 _smartctl_exporter_repo: "prometheus-community/smartctl_exporter"
 _github_api_headers: "{{ {'GITHUB_TOKEN': lookup('ansible.builtin.env', 'GITHUB_TOKEN')} if (lookup('ansible.builtin.env', 'GITHUB_TOKEN')) else {} }}"
 _smartctl_exporter_binaries: ['smartctl_exporter']
+_smartctl_exporter_udev_filename: "99-smartctl-exporter.rules"
+_smartctl_exporter_udev_mode: "0660"