setup datadog agent on each host.

- set agent version to 7
2022-01-22 14:59:15 -05:00
parent 449eb42c36
commit f723e4ac2e
61 changed files with 3661 additions and 0 deletions
--- a/ansible-5/roles/datadog.datadog/tasks/pkg-debian.yml
+++ b/ansible-5/roles/datadog.datadog/tasks/pkg-debian.yml
@@ -0,0 +1,127 @@
+---
+- name: Install apt-transport-https
+  apt:
+    update_cache: yes
+    name: apt-transport-https
+    state: present
+  when: not ansible_check_mode
+
+- name: Install gnupg
+  apt:
+    update_cache: yes
+    name: gnupg
+    state: present
+  when: not ansible_check_mode
+
+- name: "Check if {{ datadog_apt_usr_share_keyring }} exists with correct mode"
+  stat:
+    path: "{{ datadog_apt_usr_share_keyring }}"
+  register: apt_keyring_file
+
+- name: "Ensure {{ datadog_apt_usr_share_keyring }} exists"
+  file:
+    path: "{{ datadog_apt_usr_share_keyring }}"
+    owner: root
+    group: root
+    mode: "0644"
+    state: touch
+  when: not ansible_check_mode and (not apt_keyring_file.stat.exists or not apt_keyring_file.stat.mode == "0644")
+
+- name: Install apt keys from default URLs
+  include_tasks: _apt-key-import.yml
+  with_items:
+    "{{ datadog_apt_default_keys }}"
+  when: datadog_apt_key_url_new is not defined and not ansible_check_mode
+
+- name: Install apt keys from custom URL
+  include_tasks: _apt-key-import.yml
+  with_items:
+    - key: A2923DFF56EDA6E76E55E492D3A80E30382E94DE
+      value: "{{ datadog_apt_key_url_new }}"
+    - key: D75CEA17048B9ACBF186794B32637D44F14F620E
+      value: "{{ datadog_apt_key_url_new }}"
+  when: datadog_apt_key_url_new is defined and not ansible_check_mode
+
+- name: "Ensure {{ datadog_apt_trusted_d_keyring }} exists with same contents as {{ datadog_apt_usr_share_keyring }} for older distro versions"
+  copy:
+    src: "{{ datadog_apt_usr_share_keyring }}"
+    dest: "{{ datadog_apt_trusted_d_keyring }}"
+    mode: "0644"
+    remote_src: yes
+  when: ((ansible_distribution == 'Debian' and ansible_distribution_major_version|int < 9) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version|int < 16)) and not ansible_check_mode
+
+- name: Ensure Datadog non-https repositories and repositories not using signed-by option are deprecated
+  apt_repository:
+    repo: "{{ item }}"
+    state: "absent"
+    update_cache: yes
+  with_items:
+    - "deb http://apt.datadoghq.com/ stable main"
+    - "deb http://apt.datadoghq.com/ stable 6"
+    - "deb http://apt.datadoghq.com/ stable 7"
+    - "deb https://apt.datadoghq.com/ stable main"
+    - "deb https://apt.datadoghq.com/ stable 6"
+    - "deb https://apt.datadoghq.com/ stable 7"
+  when: not ansible_check_mode
+
+- name: Ensure Datadog repository is up-to-date
+  apt_repository:
+    filename: "ansible_datadog_{{ item.key }}"
+    repo: "{{ item.value }}"
+    state: "{% if item.key == datadog_agent_major_version|int and datadog_apt_repo | length == 0 %}present{% else %}absent{% endif %}"
+    update_cache: yes
+  when: (not ansible_check_mode)
+  with_dict:
+    5: '{{ datadog_agent5_apt_repo }}'
+    6: '{{ datadog_agent6_apt_repo }}'
+    7: '{{ datadog_agent7_apt_repo }}'
+
+- name: Initialize custom repo file deletion flag to False
+  set_fact:
+    datadog_remove_custom_repo_file: "False"
+
+- name: Check if custom repository file exists
+  stat:
+    path: /etc/apt/sources.list.d/ansible_datadog_custom.list
+  register: datadog_custom_repo_file
+
+- name: Fetch custom repository file
+  slurp:
+    src: /etc/apt/sources.list.d/ansible_datadog_custom.list
+  register: datadog_custom_repo_file_contents
+  when: datadog_custom_repo_file.stat.exists
+
+- name: Flag custom repository file for deletion if different from current repository config
+  set_fact:
+    datadog_remove_custom_repo_file: "{{ datadog_repo_file_contents != datadog_apt_repo }}"
+  vars:
+    datadog_repo_file_contents: "{{ datadog_custom_repo_file_contents['content'] | b64decode | trim }}"
+  when: datadog_custom_repo_file.stat.exists
+
+- name: (Custom) Remove Datadog custom repository file when not set or updated
+  file:
+    path: /etc/apt/sources.list.d/ansible_datadog_custom.list
+    state: absent
+  when: (datadog_apt_repo | length == 0) or datadog_remove_custom_repo_file and (not ansible_check_mode)
+
+- name: (Custom) Ensure Datadog repository is up-to-date
+  apt_repository:
+    filename: ansible_datadog_custom
+    repo: "{{ datadog_apt_repo }}"
+    state: present
+    update_cache: yes
+  when: (datadog_apt_repo | length > 0) and (not ansible_check_mode)
+
+- include_tasks: pkg-debian/install-pinned.yml
+  when: datadog_agent_debian_version is defined
+
+- include_tasks: pkg-debian/install-latest.yml
+  when: datadog_agent_debian_version is not defined
+
+- name: Install latest datadog-signing-keys package
+  apt:
+    name: datadog-signing-keys
+    state: latest  # noqa 403
+    # we don't use update_cache: yes, as that was just done by the install-pinned/install-latest
+  register: datadog_signing_keys_install
+  when: not ansible_check_mode