refactor(otelcol): extract otelcol-contrib into reusable integration module

Move otelcol-contrib install/config out of IBM-specific cloud-configs into
pkg/integrations/otelcol. The module uses a binary tarball download instead
of apt-get/dnf so it works on any Linux distro without package-manager
dependency conflicts (avoids dpkg conffile prompt when config.yaml is
pre-written by cloud-init write_files before the package installs).

- New pkg/integrations/otelcol with types, snippet-linux.sh template, and
  GetSnippet/GetSnippetAsCloudInitWritableFile helpers
- IBM Z and IBM Power cloud-configs simplified to write/run the otelcol
  install script, removing all inline otelcol YAML
- Makefile ldflags consolidated to single otelcol.version override
- Tests updated to match new piUserData/izUserData signatures

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: adrianriobo

Makefile

@@ -28,8 +28,7 @@ VERSION_VARIABLES := -X $(MODULEPATH)/pkg/manager/context.OCI=$(IMG) \
 	-X $(MODULEPATH)/pkg/integrations/cirrus.version=$(CIRRUS_CLI) \
 	-X $(MODULEPATH)/pkg/integrations/github.runnerVersion=$(GITHUB_RUNNER) \
 	-X $(MODULEPATH)/pkg/integrations/gitlab.version=$(GITLAB_RUNNER) \
-	-X $(MODULEPATH)/pkg/provider/ibmcloud/action/ibm-power.otelColVersion=$(OTELCOL_VERSION) \
-	-X $(MODULEPATH)/pkg/provider/ibmcloud/action/ibm-z.otelColVersion=$(OTELCOL_VERSION)
+	-X $(MODULEPATH)/pkg/integrations/otelcol.version=$(OTELCOL_VERSION)
 LDFLAGS := $(VERSION_VARIABLES) ${GO_EXTRA_LDFLAGS}
 GCFLAGS := all=-N -l
 GOOS := $(shell go env GOOS)

pkg/integrations/otelcol/otelcol.go

@@ -0,0 +1,39 @@
+package otelcol
+
+import (
+	_ "embed"
+
+	cloudinit "github.com/redhat-developer/mapt/pkg/util/cloud-init"
+	"github.com/redhat-developer/mapt/pkg/util/file"
+)
+
+// version is overridden at build time via -ldflags.
+var version = "0.151.0"
+
+//go:embed snippet-linux.sh
+var snippetLinux []byte
+
+// GetSnippet renders the install script template with the provided args and
+// returns the shell script as a string. Returns an empty string when args is nil.
+func GetSnippet(args *OtelcolArgs) (*string, error) {
+	if args == nil {
+		empty := ""
+		return &empty, nil
+	}
+	if args.ColVersion == "" {
+		args.ColVersion = version
+	}
+	snippet, err := file.Template(args, string(snippetLinux))
+	return &snippet, err
+}
+
+// GetSnippetAsCloudInitWritableFile returns the rendered install script indented
+// with 6 spaces so it can be embedded directly as the content of a cloud-init
+// write_files entry.
+func GetSnippetAsCloudInitWritableFile(args *OtelcolArgs) (*string, error) {
+	snippet, err := GetSnippet(args)
+	if err != nil || len(*snippet) == 0 {
+		return snippet, err
+	}
+	return cloudinit.IndentWriteFile(snippet)
+}

pkg/integrations/otelcol/snippet-linux.sh

@@ -0,0 +1,203 @@
+#!/bin/bash
+set -euo pipefail
+
+PROXY_URL=""
+if ! curl -sf --connect-timeout 5 --head {{.Endpoint}} > /dev/null 2>&1; then
+  PROXY_URL="http://squid.corp.redhat.com:3128"
+fi
+
+# Download binary tarball — works on any Linux distro, no package manager needed
+TAR_URL="https://github.com/open-telemetry/opentelemetry-collector-releases/releases/download/v{{.ColVersion}}/otelcol-contrib_{{.ColVersion}}_linux_{{.Arch}}.tar.gz"
+HTTPS_PROXY="$PROXY_URL" curl -fsSL -o /tmp/otelcol-contrib.tar.gz "$TAR_URL"
+tar -xzf /tmp/otelcol-contrib.tar.gz -C /tmp otelcol-contrib
+mv /tmp/otelcol-contrib /usr/local/bin/otelcol-contrib
+chmod 755 /usr/local/bin/otelcol-contrib
+chcon -t bin_t /usr/local/bin/otelcol-contrib 2>/dev/null || restorecon -v /usr/local/bin/otelcol-contrib 2>/dev/null || true
+rm -f /tmp/otelcol-contrib.tar.gz
+
+# Create dedicated system user (idempotent)
+useradd --system --no-create-home --shell /sbin/nologin otelcol-contrib 2>/dev/null || true
+
+# Create config and drop-in directories
+mkdir -p /etc/otelcol-contrib /etc/systemd/system/otelcol-contrib.service.d
+
+# Write systemd service unit
+cat > /etc/systemd/system/otelcol-contrib.service << 'SVCEOF'
+[Unit]
+Description=OpenTelemetry Collector Contrib
+After=network.target
+
+[Service]
+User=otelcol-contrib
+Group=otelcol-contrib
+EnvironmentFile=/etc/otelcol-contrib/otelcol-contrib.conf
+EnvironmentFile=/etc/otelcol-contrib/auth_token
+ExecStart=/usr/local/bin/otelcol-contrib $OTELCOL_OPTIONS
+Restart=on-failure
+RestartSec=5s
+KillMode=process
+SyslogIdentifier=otelcol-contrib
+
+[Install]
+WantedBy=multi-user.target
+SVCEOF
+
+# Drop-in: grant read access to all log files and expose hostname
+cat > /etc/systemd/system/otelcol-contrib.service.d/capabilities.conf << 'CAPEOF'
+[Service]
+AmbientCapabilities=CAP_DAC_READ_SEARCH
+Environment="HOSTNAME=%H"
+CAPEOF
+
+# Options file consumed by ExecStart
+printf 'OTELCOL_OPTIONS=--config /etc/otelcol-contrib/config.yaml\n' \
+  > /etc/otelcol-contrib/otelcol-contrib.conf
+chmod 640 /etc/otelcol-contrib/otelcol-contrib.conf
+
+# Auth token (mode 600 — readable only by otelcol-contrib user after chown)
+printf 'OTEL_AUTH_TOKEN={{.AuthToken}}\n' > /etc/otelcol-contrib/auth_token
+chmod 600 /etc/otelcol-contrib/auth_token
+
+# Collector configuration
+cat > /etc/otelcol-contrib/config.yaml << 'OTELEOF'
+receivers:
+  filelog/syslog:
+    include:
+    - {{.SyslogPath}}
+    start_at: end
+    include_file_path: true
+    include_file_name: true
+    exclude_older_than: 24h
+    operators:
+    - type: move
+      id: move_to_source_name
+      from: attributes["log.file.path"]
+      to: attributes["_sourceName"]
+    - type: remove
+      id: remove_file_name
+      field: attributes["log.file.name"]
+    - type: time_parser
+      id: parse_timestamp
+      layout: '%b %e %H:%M:%S'
+      parse_from: body
+      on_error: send
+    attributes:
+      index: "{{.Index}}"
+      _sourceCategory: syslog
+      _sourceHost: ${env:HOSTNAME}
+  filelog/secure:
+    include:
+    - {{.SecurePath}}
+    start_at: end
+    include_file_path: true
+    include_file_name: true
+    exclude_older_than: 24h
+    operators:
+    - type: move
+      id: move_to_source_name
+      from: attributes["log.file.path"]
+      to: attributes["_sourceName"]
+    - type: remove
+      id: remove_file_name
+      field: attributes["log.file.name"]
+    - type: time_parser
+      id: parse_timestamp
+      layout: '%b %e %H:%M:%S'
+      parse_from: body
+      on_error: send
+    attributes:
+      index: "{{.Index}}"
+      _sourceCategory: secure
+      _sourceHost: ${env:HOSTNAME}
+  filelog/audit:
+    include:
+    - /var/log/audit/audit.log
+    start_at: end
+    include_file_path: true
+    include_file_name: true
+    exclude_older_than: 24h
+    operators:
+    - type: move
+      id: move_to_source_name
+      from: attributes["log.file.path"]
+      to: attributes["_sourceName"]
+    - type: remove
+      id: remove_file_name
+      field: attributes["log.file.name"]
+    attributes:
+      index: "{{.Index}}"
+      _sourceCategory: audit
+      _sourceHost: ${env:HOSTNAME}
+{{- if .MonitorGitLabRunner}}
+  filelog/gitlab-runner:
+    include:
+    - /var/log/gitlab-runner/runner.log
+    start_at: end
+    include_file_path: true
+    include_file_name: true
+    operators:
+    - type: move
+      id: move_to_source_name
+      from: attributes["log.file.path"]
+      to: attributes["_sourceName"]
+    - type: remove
+      id: remove_file_name
+      field: attributes["log.file.name"]
+    attributes:
+      index: "{{.Index}}"
+      _sourceCategory: gitlab-runner
+      _sourceHost: ${env:HOSTNAME}
+{{- end}}
+processors:
+  filter/drop_null_bytes:
+    logs:
+      log_record:
+        - 'IsMatch(body, "^\x00+$")'
+  batch:
+    timeout: "1s"
+    send_batch_size: 1024
+  resource:
+    attributes:
+      - key: appcode
+        value: "{{.AppCode}}"
+        action: upsert
+      - key: com.redhat.otel.auth_token
+        value: "${env:OTEL_AUTH_TOKEN}"
+        action: upsert
+      - key: arch
+        value: "{{.Arch}}"
+        action: upsert
+{{- range $k, $v := .ExtraAttrs}}
+      - key: {{$k}}
+        value: "{{$v}}"
+        action: upsert
+{{- end}}
+exporters:
+  otlphttp:
+    endpoint: "{{.Endpoint}}"
+    tls:
+      insecure_skip_verify: true
+service:
+  telemetry:
+    logs:
+      level: "fatal"
+    metrics:
+      level: "basic"
+  pipelines:
+    logs:
+      receivers: [filelog/syslog, filelog/secure, filelog/audit{{if .MonitorGitLabRunner}}, filelog/gitlab-runner{{end}}]
+      processors: [filter/drop_null_bytes, resource, batch]
+      exporters: [otlphttp]
+OTELEOF
+
+# Transfer ownership to the service user
+chown -R otelcol-contrib:otelcol-contrib /etc/otelcol-contrib
+
+# Set up proxy drop-in if direct access to the endpoint was unavailable
+if [ -n "$PROXY_URL" ]; then
+  printf '[Service]\nEnvironment="HTTPS_PROXY=%s/"\nEnvironment="NO_PROXY=10.*,192.168.*,localhost,127.0.0.1"\n' "$PROXY_URL" \
+    > /etc/systemd/system/otelcol-contrib.service.d/proxy.conf
+fi
+
+systemctl daemon-reload
+systemctl enable --now otelcol-contrib

pkg/integrations/otelcol/types.go

@@ -0,0 +1,29 @@
+package otelcol
+
+// Arch is a Linux architecture identifier used for binary download URLs.
+type Arch string
+
+var (
+	Ppc64le Arch = "ppc64le"
+	S390x   Arch = "s390x"
+	Amd64   Arch = "amd64"
+	Arm64   Arch = "arm64"
+)
+
+// OtelcolArgs holds all parameters needed to install and configure the
+// otelcol-contrib filelog collector on a Linux host.
+type OtelcolArgs struct {
+	AppCode    string
+	AuthToken  string
+	Index      string
+	Endpoint   string
+	ColVersion string            // overridden from module var if empty
+	Arch       Arch              // target linux arch (ppc64le, s390x, amd64, arm64)
+	SyslogPath string            // distro-specific syslog path
+	SecurePath string            // distro-specific auth/secure log path
+	ExtraAttrs map[string]string // additional resource attributes
+
+	// MonitorGitLabRunner adds a filelog/gitlab-runner receiver that tails
+	// /var/log/gitlab-runner/runner.log when set to true.
+	MonitorGitLabRunner bool
+}