[PLAT-14974][PLAT-15045] Added prometheus user as part of yugabyte group

Summary: Added prometheus user as part of yugabyte group, & changed the permission of yb_home_dir to 750, so as to remove world executable permission.

Test Plan:
Manually created universe.
Verified that the metrics are working as expected.

Reviewers: amalyshev, anijhawan

Reviewed By: amalyshev, anijhawan

Subscribers: yugaware

Differential Revision: https://phorge.dev.yugabyte.com/D37533

managed/devops/roles/get_prometheus_user_group/tasks/main.yml

@@ -13,7 +13,7 @@
   failed_when: False
 
 - set_fact:
-    node_exporter_group: "prometheus"
+    node_exporter_group: "yugabyte"
   when: user_group.rc != 0
 
 - set_fact:

managed/devops/roles/provision-cluster-server/tasks/main.yml

@@ -124,7 +124,7 @@
 - name: Grant traverse permission on yb_home directory
   file:
     path: "{{ yb_home_dir }}"
-    mode: '0711'
+    mode: '0750'
   become: yes
   become_method: sudo
   when: (install_node_exporter is defined and install_node_exporter|bool) or

managed/node-agent/resources/ynp/modules/provision/node_exporter/templates/run.j2

@@ -13,7 +13,22 @@ fi
 
 # Check if the user "prometheus" already exists
 if ! id -u prometheus >/dev/null 2>&1; then
-    adduser --shell /bin/bash prometheus
+    os_type=$(grep -oP '(?<=^ID=).+' /etc/os-release | tr -d '"')
+    case "$os_type" in
+        ubuntu|debian)
+            adduser --no-create-home --disabled-password --shell /bin/bash --ingroup {{ yb_user }} \
+            --gecos "" prometheus
+            ;;
+        rhel|centos|fedora|rocky|alma)
+            useradd --shell /bin/bash --no-create-home -g {{ yb_user }} prometheus
+            ;;
+        *)
+            echo "Unsupported OS: $os_type"
+            exit 1
+            ;;
+    esac
+else
+    echo "User 'prometheus' already exists."
 fi
 
 # Set ownership and permissions
@@ -51,7 +66,9 @@ Restart=on-failure
 User=prometheus
 Group=prometheus
 
-ExecStart=/opt/prometheus/node_exporter-1.7.0.linux-amd64/node_exporter  --web.listen-address=:9300 --collector.textfile.directory={{ yb_home_dir }}/metrics
+ExecStart=/opt/prometheus/node_exporter-1.7.0.linux-amd64/node_exporter  \
+--web.listen-address=:9300 \
+--collector.textfile.directory={{ yb_home_dir }}/metrics
 EOL
 
 # Enable and start the node_exporter service

managed/node-agent/resources/ynp/modules/provision/yugabyte/templates/run.j2

@@ -79,5 +79,5 @@ if [ -z {{ public_key_filepath }} ]; then
     fi
 fi
 
-# Ensure the permissions for yb_home_dir are 711
-chmod -R 711 "{{ yb_home_dir }}"
+# Ensure the permissions for yb_home_dir are 750
+chmod 750 "{{ yb_home_dir }}"