From 31ed33688092dfdea8df9426b728a8ef94c87dd6 Mon Sep 17 00:00:00 2001
From: richard <r_morgan@sympatico.ca>
Date: Fri, 25 Mar 2022 21:48:12 -0400
Subject: [PATCH] setup datadog agent on each host.

---
 .idea/misc.xml                                |  5 ++
 ansible-5/playbooks/home.xai-corp.net.yaml    | 70 +++++++++++++++++++
 ansible-5/playbooks/update_hosts.yaml         | 46 +++++++++++-
 .../roles/common/tasks/install_tools.yml      |  2 +
 .../templates/named.conf.options.j2           |  4 ++
 .../templates/xai-corp.net.internal.j2        |  1 +
 6 files changed, 126 insertions(+), 2 deletions(-)
 create mode 100644 ansible-5/playbooks/home.xai-corp.net.yaml

diff --git a/.idea/misc.xml b/.idea/misc.xml
index 28a804d..d7c5271 100644
--- a/.idea/misc.xml
+++ b/.idea/misc.xml
@@ -3,4 +3,9 @@
   <component name="JavaScriptSettings">
     <option name="languageLevel" value="ES6" />
   </component>
+  <component name="SwUserDefinedSpecifications">
+    <option name="specTypeByUrl">
+      <map />
+    </option>
+  </component>
 </project>
\ No newline at end of file
diff --git a/ansible-5/playbooks/home.xai-corp.net.yaml b/ansible-5/playbooks/home.xai-corp.net.yaml
new file mode 100644
index 0000000..9e1e4d0
--- /dev/null
+++ b/ansible-5/playbooks/home.xai-corp.net.yaml
@@ -0,0 +1,70 @@
+---
+# update the managed host machines
+
+- name: updates
+  hosts: home
+  gather_facts: true
+
+  vars:
+    datadog_api_key: ca0faf176c4aedd4f547ed7cf85615eb
+    datadog_agent_major_version: 7
+    datadog_config:
+      apm_config:
+        enabled: true
+      process_config:
+        enabled: "true" # type: string
+        scrub_args: true
+        custom_sensitive_words: ['consul_token','dd_api_key']
+      system_probe_config:
+        sysprobe_socket: /opt/datadog-agent/run/sysprobe.sock
+      network_config:
+        enabled: true
+    datadog_disable_untracked_checks: false
+    datadog_checks:
+      reboot_required:
+        init_config:
+        instances:
+          -
+      oom_kill:
+        init_config:
+        instances:
+          -
+      systemd:
+        - unit_names:
+            - cron.service
+            - k3s.service
+            - named.service
+            - ssh.servce
+            - apt-daily-upgrade.timer
+
+      bind9:
+        init_config:
+        instances:
+          - url: "http://ns01:8053/"
+          - url: "http://ns02:8053/"
+
+    datadog_integration:
+      datadog-reboot_required:
+        action: install
+        version: 1.0.0
+        third_party: true
+      datadog-bind9:
+        action: install
+        version: 1.0.0
+        third_party: true
+
+  pre_tasks:
+
+  roles:
+    - role: datadog.datadog
+      become: true
+
+#  tasks:
+#    - name: enable datadog-agent-sysprobe
+#      systemd:
+#        name: datadog-agent-sysprobe.service
+#        state: started
+#        enabled: True
+#      when: ansible_architecture != 'armv7l'
+#      become: true
+#      notify: restart datadog-agent
diff --git a/ansible-5/playbooks/update_hosts.yaml b/ansible-5/playbooks/update_hosts.yaml
index 9d01201..a194810 100644
--- a/ansible-5/playbooks/update_hosts.yaml
+++ b/ansible-5/playbooks/update_hosts.yaml
@@ -8,6 +8,17 @@
   vars:
     datadog_api_key: ca0faf176c4aedd4f547ed7cf85615eb
     datadog_agent_major_version: 7
+    datadog_config:
+      apm_config:
+        enabled: true
+      process_config:
+        enabled: "true" # type: string
+        scrub_args: true
+        custom_sensitive_words: ['consul_token','dd_api_key']
+      system_probe_config:
+        sysprobe_socket: /opt/datadog-agent/run/sysprobe.sock
+      network_config:
+        enabled: true
 
   pre_tasks:
 
@@ -19,9 +30,40 @@
     - role: datadog.datadog
       become: true
       when: ansible_architecture != 'armv7l'
+      datadog_checks:
+        reboot_required:
+          init_config:
+          instances:
+            -
+        oom_kill:
+          init_config:
+          instances:
+            -
+        systemd:
+          - unit_names:
+              - cron.service
+              - k3s.service
+              - named.service
+              - ssh.servce
+              - apt-daily-upgrade.timer
+
+        bind9:
+          init_config:
+          instances:
+            - url: "http://ns01:8053/"
+            - url: "http://ns02:8053/"
+
+      datadog_integration:
+        datadog-reboot_required:
+          action: install
+          version: 1.0.0
+          third_party: true
+        datadog-bind9:
+          action: install
+          version: 1.0.0
+          third_party: true
+
     - role: datadog.datadog
       become: true
       datadog_agent_flavor: datadog-iot-agent
       when: ansible_architecture == 'armv7l'
-
-  tasks:
diff --git a/ansible-5/roles/common/tasks/install_tools.yml b/ansible-5/roles/common/tasks/install_tools.yml
index 0d12b6a..c174a04 100644
--- a/ansible-5/roles/common/tasks/install_tools.yml
+++ b/ansible-5/roles/common/tasks/install_tools.yml
@@ -9,4 +9,6 @@
   with_items:
     - htop
     - attr
+    - python3-psutil
+    - acl
   when: ansible_os_family == "Debian"
diff --git a/ansible-5/roles/ns.xai-corp.net/templates/named.conf.options.j2 b/ansible-5/roles/ns.xai-corp.net/templates/named.conf.options.j2
index e375664..07104f3 100644
--- a/ansible-5/roles/ns.xai-corp.net/templates/named.conf.options.j2
+++ b/ansible-5/roles/ns.xai-corp.net/templates/named.conf.options.j2
@@ -27,6 +27,10 @@ acl "trusted" {
     ::1/128;
 };
 
+statistics-channels {
+    inet * port 8053 allow { trusted; };
+};
+
 options {
         directory "/var/cache/bind";
 
diff --git a/ansible-5/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2 b/ansible-5/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2
index 6d1f92a..99e762d 100644
--- a/ansible-5/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2
+++ b/ansible-5/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2
@@ -34,6 +34,7 @@ dkhost05                IN A    192.168.4.55
 
 ; dns servers
 ns                      IN A    192.168.4.11
+ns01                    IN CNAME    ns
 ns02                    IN CNAME    cubox-i
 
 ; gluster servers