xai-corp.net/provisioning
1
0
Fork 0
Code Issues 9 Releases Activity

setup datadog agent on each host.

Browse Source 
- set agent version to 7
This commit is contained in:
richard
2022-01-22 14:59:15 -05:00
parent 449eb42c36
commit f723e4ac2e
61 changed files with 3661 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
ansible-5/playbooks/update_hosts.yaml
View File

@@ -6,6 +6,8 @@
gather_facts: true gather_facts: true
vars: vars:
datadog_api_key: ca0faf176c4aedd4f547ed7cf85615eb
datadog_agent_major_version: 7
pre_tasks: pre_tasks:
@@ -14,5 +16,12 @@
become: true become: true
- role: rsyslog - role: rsyslog
become: true become: true
- role: datadog.datadog
become: true
when: ansible_architecture != 'armv7l'
- role: datadog.datadog
become: true
datadog_agent_flavor: datadog-iot-agent
when: ansible_architecture == 'armv7l'
tasks: tasks:

211
ansible-5/roles/datadog.datadog/.circleci/config.yml Normal file
View File

@@ -0,0 +1,211 @@
---
version: 2.1
commands:
dry_run:
parameters:
version:
type: string
python:
type: string
steps:
- run: ansible-playbook -i ./ci_test/inventory/ci.ini "./ci_test/install_agent_<<parameters.version>>.yaml" -e 'ansible_python_interpreter=/usr/bin/<<parameters.python>>' --check
- run: ansible-playbook -i ./ci_test/inventory/ci.ini "./ci_test/downgrade_to_5.yaml" -e 'ansible_python_interpreter=/usr/bin/<<parameters.python>>' --check
install_agent_5:
parameters:
python:
type: string
steps:
- run: ansible-playbook -i ./ci_test/inventory/ci.ini "./ci_test/install_agent_5.yaml" -e 'ansible_python_interpreter=/usr/bin/<<parameters.python>>'
- run: dd-agent info || true
- run: ps aux | grep -v grep | grep datadog-agent
install_agent:
parameters:
version:
type: string
python:
type: string
steps:
- run: ansible-playbook -i ./ci_test/inventory/ci.ini "./ci_test/install_agent_<<parameters.version>>.yaml" -e 'ansible_python_interpreter=/usr/bin/<<parameters.python>>'
- run: datadog-agent version
test_install_no_manage_config:
parameters:
version:
type: string
python:
type: string
steps:
- run: ansible-playbook -i ./ci_test/inventory/ci.ini "./ci_test/install_agent_<<parameters.version>>.yaml" -e '{"ansible_python_interpreter":"/usr/bin/<<parameters.python>>","datadog_manage_config":false}'
- run: bash -c '[ -f /etc/datadog-agent/datadog.yaml.example ] || [ -f /etc/dd-agent/datadog.conf.example ]'
- run: bash -c '[ ! -f /etc/datadog-agent/datadog.yaml ] && [ ! -f /etc/datadog-agent/system-probe.yaml ] && [ ! -f /etc/datadog-agent/security-agent.yaml ] && [ ! -f /etc/dd-agent/datadog.conf ]'
downgrade_agent_5_23_0:
parameters:
python:
type: string
steps:
- run: ansible-playbook -i ./ci_test/inventory/ci.ini "./ci_test/downgrade_to_5.yaml" -e 'ansible_python_interpreter=/usr/bin/<<parameters.python>>'
- run: dd-agent info || true
- run: ps aux | grep -v grep | grep datadog-agent
test_agent_install_downgrade:
parameters:
version:
type: string
python:
type: string
steps:
- checkout
- dry_run:
version: "<<parameters.version>>"
python: "<<parameters.python>>"
- install_agent_5:
python: "<<parameters.python>>"
- when:
condition:
not:
equal: [<<parameters.version>>, "5"]
steps:
- install_agent:
version: "<<parameters.version>>"
python: "<<parameters.python>>"
- downgrade_agent_5_23_0:
python: "<<parameters.python>>"
test_agent_install:
parameters:
version:
type: string
python:
type: string
steps:
- checkout
- install_agent:
version: "<<parameters.version>>"
python: "<<parameters.python>>"
jobs:
ansible_lint:
docker:
- image: datadog/docker-library:ansible_debian_2_10
steps:
- checkout
- run: pip install ansible-lint
- run: ansible-lint -v .
test_install_downgrade:
parameters:
ansible_version:
type: string
agent_version:
type: string
os:
type: string
python:
type: string
docker:
- image: datadog/docker-library:ansible_<<parameters.os>>_<<parameters.ansible_version>>
steps:
- checkout
- test_agent_install_downgrade:
version: "<<parameters.agent_version>>"
python: "<<parameters.python>>"
test_install:
parameters:
ansible_version:
type: string
agent_version:
type: string
os:
type: string
python:
type: string
docker:
- image: datadog/docker-library:ansible_<<parameters.os>>_<<parameters.ansible_version>>
steps:
- checkout
- test_agent_install:
version: "<<parameters.agent_version>>"
python: "<<parameters.python>>"
test_install_no_manage_config:
parameters:
ansible_version:
type: string
agent_version:
type: string
os:
type: string
python:
type: string
docker:
- image: datadog/docker-library:ansible_<<parameters.os>>_<<parameters.ansible_version>>
steps:
- checkout
- test_install_no_manage_config:
version: "<<parameters.agent_version>>"
python: "<<parameters.python>>"
workflows:
version: 2
test_datadog_role:
jobs:
- ansible_lint
- test_install_downgrade:
matrix:
parameters:
ansible_version: ["2_6", "2_7", "2_8"]
agent_version: ["5", "6", "7"]
os: ["debian"]
python: ["python2", "python3"]
# Newer debian images only have Pythpn 3 installed
- test_install_downgrade:
matrix:
parameters:
ansible_version: ["2_9", "2_10"]
agent_version: ["5", "6", "7"]
os: ["debian"]
python: ["python3"]
# Newer debian images only have Pythpn 3 installed
- test_install_no_manage_config:
matrix:
parameters:
ansible_version: ["2_10"]
agent_version: ["5", "7"]
os: ["debian"]
python: ["python3"]
# centos = CentOS 7. CentOS <= 7 + Python3 is not supported,
# as the yum module is Python2-only.
- test_install_downgrade:
matrix:
parameters:
ansible_version: ["2_6", "2_7", "2_8", "2_9", "2_10"]
agent_version: ["5", "6", "7"]
os: ["centos"]
python: ["python2"]
# We want to check that the dnf path works with CentOS 8
# Newer CentOS images only have Pythpn 3 installed
- test_install:
matrix:
parameters:
ansible_version: ["2_8", "2_9", "2_10"]
agent_version: ["6", "7"]
os: ["centos8"]
python: ["python3"]
# Newer suse images only have Python 3 installed
- test_install:
matrix:
parameters:
ansible_version: ["2_8", "2_9", "2_10"]
agent_version: ["6", "7"]
os: ["suse"]
python: ["python3"]

4
ansible-5/roles/datadog.datadog/.github/CODEOWNERS vendored Normal file
View File

@@ -0,0 +1,4 @@
* @DataDog/agent-platform
# Docs
*README.md @DataDog/agent-platform @DataDog/documentation

10
ansible-5/roles/datadog.datadog/.gitignore vendored Normal file
View File

@@ -0,0 +1,10 @@
*.retry
.venv
# pre and post tasks folders (user defined)
pre_tasks/
post_tasks/
# OSX github datastore
**/.DS_Store

400
ansible-5/roles/datadog.datadog/CHANGELOG.md Normal file
View File

@@ -0,0 +1,400 @@
CHANGELOG
=========
# 4.13.0 / 2022-01-21
* [FEATURE] Add datadog_manage_config to disable changing the Agent config files. See [#375].
* [BUGFIX] Fix error: dict object has no attribute 'system'. See [#409]. Thanks [@stegar123].
# 4.12.0 / 2021-11-03
* [FEATURE] Add Cloud Workload Security Agent configuration. See [#375]. Thanks [@alsmola].
* [IMPROVEMENT] Avoid usage of `ansible_lsb` to not depend on `lsb-release` package on Debian. See [#377].
* [IMPROVEMENT] Check that `datadog_checks` is a mapping to avoid misconfiguration. See [#384]. Thanks [@soar].
* [IMPROVEMENT] Enable turning off the Agent 6.14 fix for Windows. See [#399].
* [DOCS] Mention limitations in enabling NPM on Windows. See [#396].
* [BUGFIX] Fix execution with `jinja2_native = True`. See [#383]. Thanks [@soar].
# 4.11.0 / 2021-07-05
* [IMPROVEMENT] Install datadog-signing-keys package on Debian/Ubuntu. See [#372].
* [IMPROVEMENT] Skip install on Linux systems when pinned version is already installed. See [#371].
* [IMPROVEMENT] Update 'http' URLs to 'https' wherever possible. See [#369].Thanks [@rossigee].
* [BUGFIX] Detect existing version in check mode on Windows. See [#364]. Thanks [@camjay].
# 4.10.0 / 2021-05-25
* [IMPROVEMENT] Make Windows package download behavior in check mode consistent with Linux. See [#359]. Thanks [@camjay].
* [BUGFIX] Remove `indentfirst` in system-probe.yaml.j2, making the role compatible with Jinja2 >= 3. See [#361]. Thanks [@tasktop-teho].
* [BUGFIX] Ensure gnupg is installed on Debian/Ubuntu. See [#358].
# 4.9.0 / 2021-05-06
* [IMPROVEMENT] Improvements for APT keys management. See [#351].
* By default, get keys from keys.datadoghq.com, not the Ubuntu keyserver.
* Always add the `DATADOG_APT_KEY_CURRENT.public` key (contains key used to sign current repodata).
* Add `signed-by` option to all sources list lines.
* On Debian >= 9 and Ubuntu >= 16, only add keys to `/usr/share/keyrings/datadog-archive-keyring.gpg`.
* On older systems, also add the same keyring to `/etc/apt/trusted.gpg.d`.
* [BUGFIX] Don't set `repo_gpgcheck=1` by default on RHEL/CentOS 8.1 and on custom repos. See [#352].
* [BUGFIX] Change RPM key URLs to non-SNI versions to ensure the role continues to work with Python <= 2.7.9. See [#353].
* [DOCS] Add a note about installing marketplace integrations. See [#354].
# 4.8.2 / 2021-04-21
* [BUGFIX] Another fix for agent not restarting after a configuration change on Windows. See [#349].
# 4.8.1 / 2021-04-19
* [BUGFIX] Fix Agent not restarting after a configuration change on Windows. See [#347].
# 4.8.0 / 2021-04-13
* [FEATURE] Add NPM support for Windows. See [#335].
* [IMPROVEMENT] Split Windows handler into its own file, so we don't include anything from ansible.windows on non-Windows; add a note about the dependency on `ansible.windows`. See [#337].
* [IMPROVEMENT] Turn on `repo_gpgcheck` on RPM repositories by default. See [#341].
* [IMPROVEMENT] Align Windows agent to Linux so that service is disabled when `datadog_enabled` is `false`. See [#338]. Thanks [@erikhjensen].
* [BUGFIX] Fix system-probe enablement conditions. See [#336].
* [CHORE] Fix issues found by linter (fix file permissions, add `role_name` and `namespace` to `galaxy_info`, remove pre/post tasks). See [#340].
# 4.7.1 / 2021-03-23
* [BUGFIX] Revert addition of NPM support for Windows, which introduced multiple issues. See [#333].
# 4.7.0 / 2021-03-23
* [FEATURE] Enable configuring `gpgcheck` option on RPM repofiles. See [#324].
* [FEATURE] Add NPM support for Windows. See [#326].
* [IMPROVEMENT] Implement usage of multiple GPG keys in repofiles, use keys from keys.datadoghq.com. See [#325].
* [BUGFIX] Use the `dnf` task instead of `yum` when we detect that a Python 3 interpreter is used on a target host. See [#301].
* [DOCS] Lint README for Documentation style. See [#327].
# 4.6.0 / 2021-01-11
* [FEATURE] Allow removing checks. See [#151] and [#320]. Thanks [@Jno21].
* [BUGFIX] Make security-agent also affected by datadog_enabled. See [#318].
* [BUGFIX] Change configuration perms on Linux. See [#313]. Thanks [@loliee].
* [CHORE] Do not name the RPM repo file differently depending on the Agent version. See [#311].
* [CHORE] Replace facts from 'ansible_*' to using 'ansible_facts' dictionary. See [#304]. Thanks to [@samasc30].
# 4.5.0 / 2020-11-06
* [FEATURE] (Windows) Adds support for non-default installation and configuration directories. See [#295][].
* [BUGFIX] Fixes handling of nil vs. defined but empty variables. See [#303][].
* [BUGFIX] (Windows) Fixes incorrect service name when validating services. See [#307][].
* [FEATURE] Adds support for the latest package signing keys. See [#308][].
* [FEATURE] Adds support for the Datadog IOT agent. See [#309][].
# 4.4.0 / 2020-09-30
* [BUGFIX] (Windows) Fix compatibility with Ansible 2.10. See [#289][].
* [FEATURE] Adds support for 3rd party integrations via the `datadog-agent integration` command. See [#291][].
* [BUGFIX] Updates apt cache prior to attempting install. See [#297][].
# 4.3.0 / 2020-07-07
* [FEATURE] Record installation information for telemetry and troubleshooting purposes. See [#281][].
* [BUGFIX] Fix error when facts value doesn't exist on Redhat OS family of the arm architecture. See [#283][]. Thanks to [@kanga333][].
* [BUGFIX] (Windows) Fix idempotence when reinstalling same pinned version. See [#269][].
# 4.2.1 / 2020-05-04
* [BUGFIX] Fix error when checking custom repository file on debian-based systems. See [#275][].
# 4.2.0 / 2020-04-08
* [FEATURE] Ensure the start mode when starting on Windows. See [#271][]. Thanks to [@DevKyleS][].
* The Agent service will now always be started on Windows at the end of an Ansible run
if `datadog_enabled` is set to `true`.
Previously, if the Agent was already installed, the start mode of the existing Agent
service was used (which meant a disabled Agent service would remain disabled
after an Ansible run, even with `datadog_enabled: true`).
If you manually disabled the Agent service and want it to remain disabled,
set `datadog_enabled` to `false`.
* [FEATURE] Remove old INI config files from v6/v7 configuration. See [#271][]. Thanks to [@b2jrock][].
* [FEATURE] Register result when Agent install task is run. See [#268][].
* [BUGFIX] Update `datadog_additional_groups` task & doc. See [#267][].
* [BUGFIX] Fix role idempotence on Debian. See [#262][]. Thanks to [@jharley][].
* [DOCS] README update: system-probe installation steps. See [#257][].
* [DOCS] README update: minimum Ansible version & various fixes. See [#264][].
* [DOCS] Documentation (README, CONTRIBUTING) overhaul. See [#270][].
# 4.1.1 / 2020-02-10
* [BUGFIX] Add skip check on sysprobe set_fact tasks. See [#259][]
* [BUGFIX] Only try to stop sysprobe if it is installed. See [#255][]. Thanks to [@dv9io0o][].
# 4.1.0 / 2020-01-20
* [FEATURE] Fail with explicit message if OS is not supported by the role. See [#247][]
* [BUGFIX] Ensure that system-probe is stopped if it is disabled or not installed. See [#249][]
* [BUGFIX] Change default datadog_agent group to dd-agent. See [#248][]
* [DOCS] Update instructions to use datadog.datadog as the role name. See [#246][]
* [DOCS] Add development guidelines & small kitchen dev environment. See [#243][]
# 4.0.1 / 2019-12-23
* [BUGFIX] Fix system-probe.yaml.j2 indent filter. See [#240][]
* [BUGFIX] Fix sysprobe service detection for systemd services. See [#242][]
* [OTHER] Improve ansible-galaxy score by following best practices. See [#236][]
* [OTHER] Include names for `include_tasks`. See [#226][]. Thanks to [@the-real-cphillips][].
# 4.0.0 / 2019-12-18
**This role will install Agent v7 by default.** Datadog Agent v7 runs checks with Python 3, so if you were running any custom checks written in Python, they must be compatible with Python 3. If you were not running any custom checks or if your custom checks are already compatible with Python 3, then it is safe to upgrade to Agent v7.
* [MAJOR] Agent 7 support. See [#220][].
* Refer to the [role upgrade section](README.md#role-upgrade-from-v3-to-v4) of the docs for the complete list of changes and instructions to upgrade this role from v3 to v4.
* [FEATURE] Infer major version from `datadog_agent_version`. See [#239][].
* [FEATURE] Allow pinned version install on multiple platforms at the same time. See [#235][].
# 3.4.0 / 2019-12-18
* [FEATURE] Reset pinned Windows version. See [#234][].
* [DOCS] Add README instructions for Windows hosts. See [#233][].
* [META] Update list of platforms supported by the role. See [#224][].
# 3.3.0 / 2019-11-18
* [FEATURE] Blacklist installation of 6.14.0 and 6.14.1 on Windows.
* [FEATURE] Run fix + sanity check script before agent install/upgrade on Windows.
* [FEATURE] Adding support for Datadog system-probe (thanks to [@jstoja][]).
# 3.2.0 / 2019-10-02
* [DEPRECATION] Drop support for EOL version of Ansible (2.5)
- [FEATURE] Add the `datadog_integration resource` to easily control installed integrations.
# 3.1.0 / 2019-08-30
- [FEATURE] Trust new RPM key on SUSE. See [#203][].
- [IMPROVEMENT] Windows: Add the ability to specify the 'ddagentuser' name and password in the configuration.
- [FEATURE] Add 'pre_task' and 'post_task' folder for custom user tasks.
# 3.0.0 / 2019-05-17
- [FEATURE] On Linux: you can now add the Agent's user to additionnal groups.
- [DEPRECATION] Bumping this minimum supported Ansible version from 2.2 to 2.5 (version prior from 2.5 are EOL).
- [IMPROVEMENT] Use 'include_tasks' instead of 'include' which bump minimum ansible version to 2.4 (thanks to [@rouge8][]).
- [FIX] Make sure the Live Process agent and APM agent aren't started when datadog_enabled is set to false (thanks to [@pdecat][]).
# 2.6.0 / 2019-03-05
* [FEATURE] Add support for managing Windows hosts.
# 2.5.0 / 2019-02-12
* [IMPROVEMENT] Allow the use of a backup keyserver for apt in case the main one is down.
* [IMPROVEMENT] Fix configuration items order to be the same between playbook runs (thanks to [@jpiron][]).
# 2.4.0 / 2018-10-25
* [FEATURE] Add support for "site" configuration.
* [IMPROVEMENT] Add retry policy when failing to pull GPG key from keyserver.ubuntu.com
# 2.3.1 / 2018-08-24
* [FIX] Disabling repo metadata signature check for SUSE/SLES.
# 2.3.0 / 2018-07-23
* [FEATURE] Add support for SUSE/SLES (thanks to [@enarciso][]).
# 2.2.0 / 2018-06-06
* [DEPRECATION] Drop support for EOL platform
* [IMPROVEMENT] Harmonize tasks names between agent5 and agent6 (thanks [@xp-1000][]).
# 2.1.0 / 2018-05-14
* [FEATURE] Support "--check" Ansible option for dry-run.
* [BUGFIX] Fix downgrade on centos.
* [IMPROVEMENT] Update conf paths to respect agent6 best practice (thanks [@dbr1993][]).
* [IMPROVEMENT] Fix YAML cosmetics: standardize syntax everywhere (thanks [@tomgoren][]).
* [DEPRECATION] Drop support for EOL versions of ansible (<2.2).
# 2.0.3 / 2018-04-13
* [BUGFIX] Removing legacy http apt repos pre-dating usage of HTTPS. See [#116][]
# 2.0.2 / 2018-03-27
* [BUGFIX] Remove empty brackets from datadog.yaml when datadog_config is empty. See [#107][]
# 2.0.1 / 2018-03-05
* [BUGFIX] Remove failing import of expired APT key. See [#105][]
# 1.6.1 / 2018-03-05
* [BUGFIX] Remove failing import of expired APT key. See [#105][]
# 2.0.0 / 2018-02-27
* [RELEASE] Make Agent6 the default version to install.
* [IMPROVEMENT] Defaulting to HTTPS for apt and yum repo.
# 1.6.0 / 2018-01-19
* [IMPROVEMENT] Refresh apt cache every hour. See [#98][]
# 1.5.0 / 2018-01-05
* [FEATURE] Add Agent6 (beta) support on RPM-based distros. See [#90][] (thanks [@brendanlong][])
# 1.4.0 / 2017-10-30
* [FEATURE] Allow specifying custom repo. See [#80][]
* [FEATURE] Add Agent6 (beta) support on debianoids. See [#81][]
* [BUGFIX] Fix incorrect handler name in process task. See [#68][] (thanks [@jeffwidman][])
* [SANITY] Improve agent service task name and handler formatting. See [#62][] and [#67][] (thanks [@jeffwidman][])
# 1.3.0 / 2017-04-04
* [FEATURE] Add support for configuring trace agent. See [#45][] and [#58][] (thanks [@pmbauer][])
* [FEATURE] Allow pinning the version of the Agent. See [#61][]
* [IMPROVEMENT] Pipe `datadog_checks` through list for python3 support. See [#51][] (thanks [@gtrummell][])
* [IMPROVEMENT] Use `ansible-lint` on the role and use names on all tasks. See [#50][] (thanks [@eplanet][])
* [BUGFIX] Fix `ini` format of the `datadog.conf` file. See [#59][]
# 1.2.0 / 2016-12-13
* [FEATURE] Trust new APT and RPM keys. See [#30][]
* [IMPROVEMENT] Change the `state` of `apt-transport-https` from `latest` to `present`. See [#36][]
* [IMPROVEMENT] Convert config file tasks to proper YAML formatting. See [#32][] (thanks [@jeffwidman][])
# 1.1.0 / 2016-06-27
* [FEATURE] Allow APT repo settings to be user-defined. See [#20][] (thanks [@geoffwright][])
# 1.0.0 / 2016-06-08
Initial release, compatible with Ansible v1 & v2
<!--- The following link definition list is generated by PimpMyChangelog --->
[#20]: https://github.com/DataDog/ansible-datadog/issues/20
[#30]: https://github.com/DataDog/ansible-datadog/issues/30
[#32]: https://github.com/DataDog/ansible-datadog/issues/32
[#36]: https://github.com/DataDog/ansible-datadog/issues/36
[#45]: https://github.com/DataDog/ansible-datadog/issues/45
[#50]: https://github.com/DataDog/ansible-datadog/issues/50
[#51]: https://github.com/DataDog/ansible-datadog/issues/51
[#58]: https://github.com/DataDog/ansible-datadog/issues/58
[#59]: https://github.com/DataDog/ansible-datadog/issues/59
[#61]: https://github.com/DataDog/ansible-datadog/issues/61
[#62]: https://github.com/DataDog/ansible-datadog/issues/62
[#67]: https://github.com/DataDog/ansible-datadog/issues/67
[#68]: https://github.com/DataDog/ansible-datadog/issues/68
[#80]: https://github.com/DataDog/ansible-datadog/issues/80
[#81]: https://github.com/DataDog/ansible-datadog/issues/81
[#90]: https://github.com/DataDog/ansible-datadog/issues/90
[#98]: https://github.com/DataDog/ansible-datadog/issues/98
[#105]: https://github.com/DataDog/ansible-datadog/issues/105
[#107]: https://github.com/DataDog/ansible-datadog/issues/107
[#116]: https://github.com/DataDog/ansible-datadog/issues/116
[#151]: https://github.com/DataDog/ansible-datadog/issues/151
[#203]: https://github.com/DataDog/ansible-datadog/issues/203
[#220]: https://github.com/DataDog/ansible-datadog/issues/220
[#224]: https://github.com/DataDog/ansible-datadog/issues/224
[#226]: https://github.com/DataDog/ansible-datadog/issues/226
[#233]: https://github.com/DataDog/ansible-datadog/issues/233
[#234]: https://github.com/DataDog/ansible-datadog/issues/234
[#235]: https://github.com/DataDog/ansible-datadog/issues/235
[#236]: https://github.com/DataDog/ansible-datadog/issues/236
[#239]: https://github.com/DataDog/ansible-datadog/issues/239
[#240]: https://github.com/DataDog/ansible-datadog/issues/240
[#242]: https://github.com/DataDog/ansible-datadog/issues/242
[#243]: https://github.com/DataDog/ansible-datadog/issues/243
[#246]: https://github.com/DataDog/ansible-datadog/issues/246
[#247]: https://github.com/DataDog/ansible-datadog/issues/247
[#248]: https://github.com/DataDog/ansible-datadog/issues/248
[#249]: https://github.com/DataDog/ansible-datadog/issues/249
[#255]: https://github.com/DataDog/ansible-datadog/issues/255
[#257]: https://github.com/DataDog/ansible-datadog/issues/257
[#259]: https://github.com/DataDog/ansible-datadog/issues/259
[#262]: https://github.com/DataDog/ansible-datadog/issues/262
[#264]: https://github.com/DataDog/ansible-datadog/issues/264
[#267]: https://github.com/DataDog/ansible-datadog/issues/267
[#268]: https://github.com/DataDog/ansible-datadog/issues/268
[#269]: https://github.com/DataDog/ansible-datadog/issues/269
[#270]: https://github.com/DataDog/ansible-datadog/issues/270
[#271]: https://github.com/DataDog/ansible-datadog/issues/271
[#275]: https://github.com/DataDog/ansible-datadog/issues/275
[#281]: https://github.com/DataDog/ansible-datadog/issues/281
[#283]: https://github.com/DataDog/ansible-datadog/issues/283
[#289]: https://github.com/DataDog/ansible-datadog/issues/289
[#291]: https://github.com/DataDog/ansible-datadog/issues/291
[#295]: https://github.com/DataDog/ansible-datadog/issues/295
[#297]: https://github.com/DataDog/ansible-datadog/issues/297
[#301]: https://github.com/DataDog/ansible-datadog/issues/301
[#303]: https://github.com/DataDog/ansible-datadog/issues/303
[#304]: https://github.com/DataDog/ansible-datadog/issues/304
[#307]: https://github.com/DataDog/ansible-datadog/issues/307
[#308]: https://github.com/DataDog/ansible-datadog/issues/308
[#309]: https://github.com/DataDog/ansible-datadog/issues/309
[#311]: https://github.com/DataDog/ansible-datadog/issues/311
[#313]: https://github.com/DataDog/ansible-datadog/issues/313
[#318]: https://github.com/DataDog/ansible-datadog/issues/318
[#320]: https://github.com/DataDog/ansible-datadog/issues/320
[#324]: https://github.com/DataDog/ansible-datadog/issues/324
[#325]: https://github.com/DataDog/ansible-datadog/issues/325
[#326]: https://github.com/DataDog/ansible-datadog/issues/326
[#327]: https://github.com/DataDog/ansible-datadog/issues/327
[#333]: https://github.com/DataDog/ansible-datadog/issues/333
[#335]: https://github.com/DataDog/ansible-datadog/issues/335
[#336]: https://github.com/DataDog/ansible-datadog/issues/336
[#337]: https://github.com/DataDog/ansible-datadog/issues/337
[#338]: https://github.com/DataDog/ansible-datadog/issues/338
[#340]: https://github.com/DataDog/ansible-datadog/issues/340
[#341]: https://github.com/DataDog/ansible-datadog/issues/341
[#347]: https://github.com/DataDog/ansible-datadog/issues/347
[#349]: https://github.com/DataDog/ansible-datadog/issues/349
[#351]: https://github.com/DataDog/ansible-datadog/issues/351
[#352]: https://github.com/DataDog/ansible-datadog/issues/352
[#353]: https://github.com/DataDog/ansible-datadog/issues/353
[#354]: https://github.com/DataDog/ansible-datadog/issues/354
[#358]: https://github.com/DataDog/ansible-datadog/issues/358
[#359]: https://github.com/DataDog/ansible-datadog/issues/359
[#361]: https://github.com/DataDog/ansible-datadog/issues/361
[#362]: https://github.com/DataDog/ansible-datadog/issues/362
[#364]: https://github.com/DataDog/ansible-datadog/issues/364
[#369]: https://github.com/DataDog/ansible-datadog/issues/369
[#371]: https://github.com/DataDog/ansible-datadog/issues/371
[#372]: https://github.com/DataDog/ansible-datadog/issues/372
[#375]: https://github.com/DataDog/ansible-datadog/issues/375
[#377]: https://github.com/DataDog/ansible-datadog/issues/377
[#383]: https://github.com/DataDog/ansible-datadog/issues/383
[#384]: https://github.com/DataDog/ansible-datadog/issues/384
[#396]: https://github.com/DataDog/ansible-datadog/issues/396
[#399]: https://github.com/DataDog/ansible-datadog/issues/399
[#409]: https://github.com/DataDog/ansible-datadog/issues/409
[@DevKyleS]: https://github.com/DevKyleS
[@Jno21]: https://github.com/Jno21
[@alsmola]: https://github.com/alsmola
[@b2jrock]: https://github.com/b2jrock
[@brendanlong]: https://github.com/brendanlong
[@camjay]: https://github.com/camjay
[@dbr1993]: https://github.com/dbr1993
[@dv9io0o]: https://github.com/dv9io0o
[@enarciso]: https://github.com/enarciso
[@eplanet]: https://github.com/eplanet
[@erikhjensen]: https://github.com/erikhjensen
[@geoffwright]: https://github.com/geoffwright
[@gtrummell]: https://github.com/gtrummell
[@jeffwidman]: https://github.com/jeffwidman
[@jharley]: https://github.com/jharley
[@jpiron]: https://github.com/jpiron
[@jstoja]: https://github.com/jstoja
[@kanga333]: https://github.com/kanga333
[@loliee]: https://github.com/loliee
[@pdecat]: https://github.com/pdecat
[@pmbauer]: https://github.com/pmbauer
[@rossigee]: https://github.com/rossigee
[@rouge8]: https://github.com/rouge8
[@samasc30]: https://github.com/samasc30
[@soar]: https://github.com/soar
[@stegar123]: https://github.com/stegar123
[@tasktop-teho]: https://github.com/tasktop-teho
[@the-real-cphillips]: https://github.com/the-real-cphillips
[@tomgoren]: https://github.com/tomgoren
[@xp-1000]: https://github.com/xp-1000

65
ansible-5/roles/datadog.datadog/CONTRIBUTING.md Normal file
View File

@@ -0,0 +1,65 @@
# Contributing
The code is licensed under the Apache License 2.0 (see LICENSE for details).
[![Ansible Galaxy](https://img.shields.io/badge/galaxy-Datadog.datadog-660198.svg)](https://galaxy.ansible.com/Datadog/datadog/)
[![Build Status](https://travis-ci.org/DataDog/ansible-datadog.svg?branch=master)](https://travis-ci.org/DataDog/ansible-datadog)
First of all, thanks for contributing!
This document provides some basic guidelines for contributing to this repository. To propose improvements, feel free to submit a PR.
## Submitting issues
* If you think you've found an issue, search the issue list to see if there's an existing issue.
* Then, if you find nothing, open a Github issue.
## Pull Requests
Have you fixed a bug or written a new feature and want to share it? Many thanks!
In order to ease/speed up our review, here are some items you can check/improve when submitting your PR:
* Have a proper commit history (we advise you to rebase if needed).
* Write tests for the code you wrote.
* Preferably, make sure that all unit tests pass locally and some relevant kitchen tests.
* Summarize your PR with an explanatory title and a message describing your changes, cross-referencing any related bugs/PRs.
* Open your PR against the `master` branch.
Your pull request must pass all CI tests before we merge it. If you see an error and don't think it's your fault, it may not be! [Join us on Slack][slack] or send us an email, and together we'll get it sorted out.
### Keep it small, focused
Avoid changing too many things at once. For instance if you're fixing a recipe and at the same time adding some code refactor, it makes reviewing harder and the _time-to-release_ longer.
### Commit messages
Please don't be this person: `git commit -m "Fixed stuff"`. Take a moment to write meaningful commit messages.
The commit message should describe the reason for the change and give extra details that will allow someone later on to understand in 5 seconds the thing you've been working on for a day.
If your commit is only shipping documentation changes or example files, and is a complete no-op for the test suite, add **[skip ci]** in the commit message body to skip the build and give that slot to someone else who does need it.
### Squash your commits
Rebase your changes on `master` and squash your commits whenever possible. This keeps history cleaner and easier to revert things. It also makes developers happier!
## Development
To contribute, follow the contributing guidelines above.
### Manual testing
To test the roles provided by this project, you can follow the instructions in the manual tests [readme.md][tests].
## Author Information
brian@akins.org
dustinjamesbrown@gmail.com --Forked from brian@akins.org
Datadog <info@datadoghq.com> --Forked from dustinjamesbrown@gmail.com
[slack]: https://datadoghq.slack.com
[tests]: https://github.com/DataDog/ansible-datadog/blob/master/manual_tests/readme.md

203
ansible-5/roles/datadog.datadog/LICENSE Normal file
View File

@@ -0,0 +1,203 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright 2014 Brian Akins brian@akins.org
Copyright 2015 Dustin Brown dustinjamesbrown@gmail.com
Copyright 2015 Datadog, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

582
ansible-5/roles/datadog.datadog/README.md Normal file
View File

@@ -0,0 +1,582 @@
# Ansible Datadog Role
The Ansible Datadog role installs and configures the Datadog Agent and integrations. Version `4` of the role installs the Datadog Agent v7 by default.
## Setup
### Requirements
- Requires Ansible v2.6+.
- Supports most Debian and RHEL-based Linux distributions, and Windows.
- When using Ansible 2.10+ on Windows, requires the `ansible.windows` collection to be installed:
```shell
ansible-galaxy collection install ansible.windows
```
### Installation
Install the [Datadog role][1] from Ansible Galaxy on your Ansible server:
```shell
ansible-galaxy install datadog.datadog
```
To deploy the Datadog Agent on hosts, add the Datadog role and your API key to your playbook:
```text
- hosts: servers
roles:
- { role: datadog.datadog, become: yes }
vars:
datadog_api_key: "<YOUR_DD_API_KEY>"
```
#### Role variables
| Variable | Description |
|--------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `datadog_api_key` | Your Datadog API key. |
| `datadog_site` | The site of the Datadog intake to send Agent data to. Defaults to `datadoghq.com`, set to `datadoghq.eu` to send data to the EU site. This option is only available with Agent version >= 6.6.0. |
| `datadog_agent_flavor` | Override the default Debian / RedHat Package for IOT Installations on RPI. Defaults to "datadog-agent" - use "datadog-iot-agent" for RPI.
| `datadog_agent_version` | The pinned version of the Agent to install (optional, but recommended), for example: `7.16.0`. Setting `datadog_agent_major_version` is not needed if `datadog_agent_version` is used. **Note**: Downgrades are not supported on Windows platforms. |
| `datadog_agent_major_version` | The major version of the Agent to install. The possible values are 5, 6, or 7 (default). If `datadog_agent_version` is set, it takes precedence otherwise the latest version of the specified major is installed. Setting `datadog_agent_major_version` is not needed if `datadog_agent_version` is used. |
| `datadog_checks` | YAML configuration for Agent checks to drop into: <br> - `/etc/datadog-agent/conf.d/<check_name>.d/conf.yaml` for Agent v6 and v7, <br> - `/etc/dd-agent/conf.d` for Agent v5. |
| `datadog_disable_untracked_checks` | Set to `true` to remove all checks not present in `datadog_checks` and `datadog_additional_checks`. |
| `datadog_additional_checks` | List of additional checks that are not removed if `datadog_disable_untracked_checks` is set to `true`. |
| `datadog_disable_default_checks` | Set to `true` to remove all default checks. |
| `datadog_config` | Settings for the main Agent configuration file: <br> - `/etc/datadog-agent/datadog.yaml` for Agent v6 and v7,<br> - `/etc/dd-agent/datadog.conf` for Agent v5 (under the `[Main]` section). |
| `datadog_config_ex` | (Optional) Extra INI sections to go in `/etc/dd-agent/datadog.conf` (Agent v5 only). |
| `datadog_apt_repo` | Override the default Datadog `apt` repository. Make sure to use the `signed-by` option if repository metadata is signed using Datadog's signing keys: `deb [signed-by=/usr/share/keyrings/datadog-archive-keyring.gpg] https://yourrepo`. |
| `datadog_apt_cache_valid_time` | Override the default apt cache expiration time (defaults to 1 hour). |
| `datadog_apt_key_url_new` | Override the location from which to obtain Datadog `apt` key (the deprecated `datadog_apt_key_url` variable refers to an expired key that's been removed from the role). The URL is expected to be a GPG keyring containing keys `382E94DE` and `F14F620E`. |
| `datadog_yum_repo` | Override the default Datadog `yum` repository. |
| `datadog_yum_repo_gpgcheck` | Override the default `repo_gpgcheck` value (empty). If empty, value is dynamically set to `yes` when custom `datadog_yum_repo` is not used and system is not RHEL/CentOS 8.1 (due to [a bug](https://bugzilla.redhat.com/show_bug.cgi?id=1792506) in dnf), otherwise it's set to `no`. **Note**: repodata signature verification is always turned off for Agent 5. |
| `datadog_yum_gpgcheck` | Override the default `gpgcheck` value (`yes`) - use `no` to turn off package GPG signature verification. |
| `datadog_yum_gpgkey` | Override the default URL to the Datadog `yum` key used to verify Agent v5 and v6 (up to 6.13) packages (key ID `4172A230`). |
| `datadog_yum_gpgkey_e09422b3` | Override the default URL to the Datadog `yum` key used to verify Agent v6.14+ packages (key ID `E09422B3`). |
| `datadog_yum_gpgkey_e09422b3_sha256sum` | Override the default checksum of the `datadog_yum_gpgkey_e09422b3` key. |
| `datadog_zypper_repo` | Override the default Datadog `zypper` repository. |
| `datadog_zypper_repo_gpgcheck` | Override the default `repo_gpgcheck` value (empty). If empty, value is dynamically set to `yes` when custom `datadog_zypper_repo` is not used, otherwise it's set to `no`. **Note**: repodata signature verification is always turned off for Agent 5. |
| `datadog_zypper_gpgcheck` | Override the default `gpgcheck` value (`yes`) - use `no` to turn off package GPG signature verification. |
| `datadog_zypper_gpgkey` | Override the default URL to the Datadog `zypper` key used to verify Agent v5 and v6 (up to 6.13) packages (key ID `4172A230`). |
| `datadog_zypper_gpgkey_sha256sum` | Override the default checksum of the `datadog_zypper_gpgkey` key. |
| `datadog_zypper_gpgkey_e09422b3` | Override the default URL to the Datadog `zypper` key used to verify Agent v6.14+ packages (key ID `E09422B3`). |
| `datadog_zypper_gpgkey_e09422b3_sha256sum` | Override the default checksum of the `datadog_zypper_gpgkey_e09422b3` key. |
| `datadog_agent_allow_downgrade` | Set to `yes` to allow Agent downgrades on apt-based platforms (use with caution, see `defaults/main.yml` for details). **Note**: On Centos this only works with Ansible 2.4+. |
| `datadog_enabled` | Set to `false` to prevent `datadog-agent` service from starting (defaults to `true`). |
| `datadog_additional_groups` | Either a list, or a string containing a comma-separated list of additional groups for the `datadog_user` (Linux only). |
| `datadog_windows_ddagentuser_name` | The name of Windows user to create/use, in the format `<domain>\<user>` (Windows only). |
| `datadog_windows_ddagentuser_password` | The password used to create the user and/or register the service (Windows only). |
| `datadog_apply_windows_614_fix` | Whether or not to download and apply file referenced by `datadog_windows_614_fix_script_url` (Windows only). See https://dtdg.co/win-614-fix for more details. You can set this to `false` assuming your hosts aren't running Datadog Agent 6.14.\*. |
### Integrations
To configure a Datadog integration (check), add an entry to the `datadog_checks` section. The first level key is the name of the check, and the value is the YAML payload to write the configuration file. Examples are provided below.
#### Process check
To define two instances for the `process` check use the configuration below. This creates the corresponding configuration files:
* Agent v6 & v7: `/etc/datadog-agent/conf.d/process.d/conf.yaml`
* Agent v5: `/etc/dd-agent/conf.d/process.yaml`
```yml
datadog_checks:
process:
init_config:
instances:
- name: ssh
search_string: ['ssh', 'sshd']
- name: syslog
search_string: ['rsyslog']
cpu_check_interval: 0.2
exact_match: true
ignore_denied_access: true
```
#### Custom check
To configure a custom check use the configuration below. This creates the corresponding configuration files:
- Agent v6 & v7: `/etc/datadog-agent/conf.d/my_custom_check.d/conf.yaml`
- Agent v5: `/etc/dd-agent/conf.d/my_custom_check.yaml`
```yml
datadog_checks:
my_custom_check:
init_config:
instances:
- some_data: true
```
#### Autodiscovery
When using Autodiscovery, there is no pre-processing nor post-processing on the YAML. This means every YAML section is added to the final configuration file, including `autodiscovery identifiers`.
The example below configures the PostgreSQL check through **Autodiscovery**:
```yml
datadog_checks:
postgres:
ad_identifiers:
- db-master
- db-slave
init_config:
instances:
- host: %%host%%
port: %%port%%
username: username
password: password
```
Learn more about [Autodiscovery][3] in the Datadog documentation.
### Tracing
To enable trace collection with Agent v6 or v7 use the following configuration:
```yaml
datadog_config:
apm_config:
enabled: true
```
To enable trace collection with Agent v5 use the following configuration:
```yaml
datadog_config:
apm_enabled: "true" # has to be a string
```
### Live processes
To enable [live process][6] collection with Agent v6 or v7 use the following configuration:
```yml
datadog_config:
process_config:
enabled: "true" # type: string
```
The possible values for `enabled` are: `"true"`, `"false"` (only container collection), or `"disabled"` (disable live processes entirely).
#### Variables
The following variables are available for live processes:
* `scrub_args`: Enables the scrubbing of sensitive arguments from a process command line (defaults to `true`).
* `custom_sensitive_words`: Expands the default list of sensitive words used by the command line scrubber.
#### System probe
The system probe is configured under the `system_probe_config` variable. Any variables nested underneath are written to the `system-probe.yaml`, in the `system_probe_config` section.
[Network Performance Monitoring][7] (NPM) is configured under the `network_config` variable. Any variables nested underneath are written to the `system-probe.yaml`, in the `network_config` section.
[Cloud Workload Security][8] is configured under the `runtime_security_config` variable. Any variables nested underneath are written to the `system-probe.yaml` and `security-agent.yaml`, in the `runtime_security_config` section.
**Note for Windows users**: NPM is supported on Windows with Agent v6.27+ and v7.27+. It ships as an optional component that is only installed if `network_config.enabled` is set to true when the Agent is installed or upgraded. Because of this, existing installations might need to do an uninstall and reinstall of the Agent once to install the NPM component, unless the Agent is upgraded at the same time.
#### Example configuration
```yml
datadog_config:
process_config:
enabled: "true" # type: string
scrub_args: true
custom_sensitive_words: ['consul_token','dd_api_key']
system_probe_config:
sysprobe_socket: /opt/datadog-agent/run/sysprobe.sock
network_config:
enabled: true
runtime_security_config:
enabled: true
```
**Note**: This configuration works with Agent 6.24.1+ and 7.24.1+. For older Agent versions, see the [Network Performance Monitoring][9] documentation on how to enable system-probe.
On Linux, once this modification is complete, follow the steps below if you installed an Agent version older than 6.18.0 or 7.18.0:
1. Start the system-probe: `sudo service datadog-agent-sysprobe start` **Note**: If the service wrapper is not available on your system, run this command instead: `sudo initctl start datadog-agent-sysprobe`.
2. [Restart the Agent][10]: `sudo service datadog-agent restart`.
3. Enable the system-probe to start on boot: `sudo service enable datadog-agent-sysprobe`.
For manual setup, see the [NPM][9] documentation.
#### Agent v5
To enable [live process][6] collection with Agent v5, use the following configuration:
```yml
datadog_config:
process_agent_enabled: true
datadog_config_ex:
process.config:
scrub_args: true
custom_sensitive_words: "<FIRST_WORD>,<SECOND_WORD>"
```
## Versions
By default, the current major version of the Datadog Ansible role installs Agent v7. The variables `datadog_agent_version` and `datadog_agent_major_version` are available to control the Agent version installed.
For v4+ of this role, when `datadog_agent_version` is used to pin a specific Agent version, the role derives per-OS version names to comply with the version naming schemes of the supported operating systems, for example:
- `1:7.16.0-1` for Debian and SUSE based
- `7.16.0-1` for RedHat-based
- `7.16.0` for Windows.
This makes it possible to target hosts running different operating systems in the same Ansible run, for example:
| Provided | Installs | System |
|-------------------------------------|--------------|-----------------------|
| `datadog_agent_version: 7.16.0` | `1:7.16.0-1` | Debian and SUSE-based |
| `datadog_agent_version: 7.16.0` | `7.16.0-1` | RedHat-based |
| `datadog_agent_version: 7.16.0` | `7.16.0` | Windows |
| `datadog_agent_version: 1:7.16.0-1` | `1:7.16.0-1` | Debian and SUSE-based |
| `datadog_agent_version: 1:7.16.0-1` | `7.16.0-1` | RedHat-based |
| `datadog_agent_version: 1:7.16.0-1` | `7.16.0` | Windows |
**Note**: If the version is not provided, the role uses `1` as the epoch and `1` as the release number.
**Agent v5 (older version)**:
The Datadog Ansible role includes support for Datadog Agent v5 for Linux only. To install Agent v5, use `datadog_agent_major_version: 5` to install the latest version of Agent v5 or set `datadog_agent_version` to a specific version of Agent v5. **Note**: The `datadog_agent5` variable is obsolete and has been removed.
### Repositories
#### Linux
When the variables `datadog_apt_repo`, `datadog_yum_repo`, and `datadog_zypper_repo` are not set, the official Datadog repositories for the major version set in `datadog_agent_major_version` are used:
| # | Default apt repository | Default yum repository | Default zypper repository |
|---|-------------------------------------------|------------------------------------|-----------------------------------------|
| 5 | deb https://apt.datadoghq.com stable main | https://yum.datadoghq.com/rpm | https://yum.datadoghq.com/suse/rpm |
| 6 | deb https://apt.datadoghq.com stable 6 | https://yum.datadoghq.com/stable/6 | https://yum.datadoghq.com/suse/stable/6 |
| 7 | deb https://apt.datadoghq.com stable 7 | https://yum.datadoghq.com/stable/7 | https://yum.datadoghq.com/suse/stable/7 |
To override the default behavior, set these variables to something else than an empty string.
If you previously used the Agent v5 variables, use the **new** variables below with `datadog_agent_major_version` set to `5` or `datadog_agent_version` pinned to a specific Agent v5 version.
| Old | New |
|------------------------------|-----------------------|
| `datadog_agent5_apt_repo` | `datadog_apt_repo` |
| `datadog_agent5_yum_repo` | `datadog_yum_repo` |
| `datadog_agent5_zypper_repo` | `datadog_zypper_repo` |
Since version 4.9.0, the `use_apt_backup_keyserver` variable has been removed, as APT keys are obtained from https://keys.datadoghq.com.
#### Windows
When the variable `datadog_windows_download_url` is not set, the official Windows MSI package corresponding to the `datadog_agent_major_version` is used:
| # | Default Windows MSI package URL |
|---|----------------------------------------------------------------------------------|
| 6 | https://s3.amazonaws.com/ddagent-windows-stable/datadog-agent-6-latest.amd64.msi |
| 7 | https://s3.amazonaws.com/ddagent-windows-stable/datadog-agent-7-latest.amd64.msi |
To override the default behavior, set this variable to something else than an empty string.
### Upgrade
To upgrade from Agent v6 to v7, use `datadog_agent_major_version: 7` to install the latest version or set `datadog_agent_version` to a specific version of Agent v7. Use similar logic to upgrade from Agent v5 to v6.
#### Integrations
**Available for Agent v6.8+**
Use the `datadog_integration` resource to install a specific version of a Datadog integration. Keep in mind, the Agent comes with all the integrations already installed. This command is useful for upgrading a specific integration without upgrading the whole Agent. For more details, see [Integration Management][4].
Available actions:
- `install`: Installs a specific version of the integration.
- `remove`: Removes an integration.
##### Datadog Marketplace
[Datadog Marketplace](https://www.datadoghq.com/blog/datadog-marketplace/) integrations can be installed with the `datadog_integration` resource. **Note**: Marketplace integrations are considered to be "third party" and thus have to have `third_party: true` set - see the example below.
##### Syntax
```yml
datadog_integration:
<INTEGRATION_NAME>:
action: <ACTION>
version: <VERSION_TO_INSTALL>
```
To install third party integrations, set `third_party` to true:
```yml
datadog_integration:
<INTEGRATION_NAME>:
action: <ACTION>
version: <VERSION_TO_INSTALL>
third_party: true
```
##### Example
This example installs version `1.11.0` of the ElasticSearch integration and removes the `postgres` integration.
```yml
datadog_integration:
datadog-elastic:
action: install
version: 1.11.0
datadog-postgres:
action: remove
```
To see the available versions of Datadog integrations, see their `CHANGELOG.md` file in the [integrations-core repository][5].
### Downgrade
To downgrade to a prior version of the Agent:
1. Set `datadog_agent_version` to a specific version, for example: `5.32.5`.
2. Set `datadog_agent_allow_downgrade` to `yes`.
**Notes:**
- Downgrades are not supported for Windows platforms.
## Playbooks
Below are some sample playbooks to assist you with using the Datadog Ansible role.
The following example sends data to Datadog US (default), enables logs, NPM, and configures a few checks.
```yml
- hosts: servers
roles:
- { role: datadog.datadog, become: yes }
vars:
datadog_api_key: "<YOUR_DD_API_KEY>"
datadog_agent_version: "7.16.0"
datadog_config:
tags:
- "<KEY>:<VALUE>"
- "<KEY>:<VALUE>"
log_level: INFO
apm_config:
enabled: true
logs_enabled: true # available with Agent v6 and v7
datadog_checks:
process:
init_config:
instances:
- name: ssh
search_string: ['ssh', 'sshd' ]
- name: syslog
search_string: ['rsyslog' ]
cpu_check_interval: 0.2
exact_match: true
ignore_denied_access: true
ssh_check:
init_config:
instances:
- host: localhost
port: 22
username: root
password: <YOUR_PASSWORD>
sftp_check: True
private_key_file:
add_missing_keys: True
nginx:
init_config:
instances:
- nginx_status_url: http://example.com/nginx_status/
tags:
- "source:nginx"
- "instance:foo"
- nginx_status_url: http://example2.com:1234/nginx_status/
tags:
- "source:nginx"
- "<KEY>:<VALUE>"
#Log collection is available on Agent 6 and 7
logs:
- type: file
path: /var/log/access.log
service: myapp
source: nginx
sourcecategory: http_web_access
- type: file
path: /var/log/error.log
service: nginx
source: nginx
sourcecategory: http_web_access
# datadog_integration is available on Agent 6.8+
datadog_integration:
datadog-elastic:
action: install
version: 1.11.0
datadog-postgres:
action: remove
network_config:
enabled: true
```
### Agent v6
This example installs the latest Agent v6:
```yml
- hosts: servers
roles:
- { role: datadog.datadog, become: yes }
vars:
datadog_agent_major_version: 6
datadog_api_key: "<YOUR_DD_API_KEY>"
```
### Configuring the site
If using a site other than the default `datadoghq.com`, set the `datadog_site` var to the appropriate URL (eg: `datadoghq.eu`, `us3.datadoghq.com`).
This example sends data to the EU site:
```yml
- hosts: servers
roles:
- { role: datadog.datadog, become: yes }
vars:
datadog_site: "datadoghq.eu"
datadog_api_key: "<YOUR_DD_API_KEY>"
```
### Windows
On Windows, remove the `become: yes` option so the role does not fail. Below are two methods to make the example playbooks work with Windows hosts:
#### Inventory file
Using the inventory file is the recommended approach. Set the `ansible_become` option to `no` in the inventory file for each Windows host:
```ini
[servers]
linux1 ansible_host=127.0.0.1
linux2 ansible_host=127.0.0.2
windows1 ansible_host=127.0.0.3 ansible_become=no
windows2 ansible_host=127.0.0.4 ansible_become=no
```
To avoid repeating the same configuration for all Windows hosts, group them and set the variable at the group level:
```ini
[linux]
linux1 ansible_host=127.0.0.1
linux2 ansible_host=127.0.0.2
[windows]
windows1 ansible_host=127.0.0.3
windows2 ansible_host=127.0.0.4
[windows:vars]
ansible_become=no
```
#### Playbook file
Alternatively, if your playbook **only runs on Windows hosts**, use the following in the playbook file:
```yml
- hosts: servers
roles:
- { role: datadog.datadog }
vars:
...
```
**Note**: This configuration fails on Linux hosts. Only use it if the playbook is specific to Windows hosts. Otherwise, use the [inventory file method](#inventory-file).
### Uninstallation
On Windows it's possible to uninstall the Agent by using the following code in your Ansible role:
```yml
- name: Check If Datadog Agent is installed
win_shell: |
(get-wmiobject win32_product -Filter "Name LIKE '%datadog%'").IdentifyingNumber
register: agent_installed_result
- name: Set Datadog Agent installed fact
set_fact:
agent_installed: "{{ agent_installed_result.stdout | trim }}"
- name: Uninstall the Datadog Agent
win_package:
product_id: "{{ agent_installed }}"
state: absent
when: agent_installed != ""
```
However for more control over the uninstall parameters, the following code can be used.
In this example, the '/norestart' flag is added and a custom location for the uninstallation logs is specified:
```yml
- name: Check If Datadog Agent is installed
win_stat:
path: 'c:\Program Files\Datadog\Datadog Agent\bin\agent.exe'
register: stat_file
- name: Uninstall the Datadog Agent
win_shell: start-process msiexec -Wait -ArgumentList ('/log', 'C:\\uninst.log', '/norestart', '/q', '/x', (Get-WmiObject -Class Win32_Product -Filter "Name='Datadog Agent'" -ComputerName .).IdentifyingNumber)
when: stat_file.stat.exists == True
```
## Troubleshooting
### Debian stretch
**Note:** this information applies to versions of the role prior to 4.9.0. Since 4.9.0, the `apt_key` module is no longer used by the role.
On Debian Stretch, the `apt_key` module used by the role requires an additional system dependency to work correctly. The dependency (`dirmngr`) is not provided by the module. Add the following configuration to your playbooks to make use of the present role:
```yml
---
- hosts: all
pre_tasks:
- name: Debian Stretch requires the dirmngr package to use apt_key
become: yes
apt:
name: dirmngr
state: present
roles:
- { role: datadog.datadog, become: yes }
vars:
datadog_api_key: "<YOUR_DD_API_KEY>"
```
### CentOS 6/7 with Python 3 interpreter
The `yum` Python module, which is used in this role to install the Agent on CentOS-based hosts, is only available on Python 2. When a Python 3 interpreter is detected on a target host, the `dnf` package manager and the `dnf` Python module are used instead.
However, `dnf` and the `dnf` Python module are not installed by default on CentOS-based hosts before CentOS 8. In this case, it is not possible to install the Agent when a Python 3 interpreter is used. This role fails early when this situation is detected to indicate that a Python 2 interpreter is needed when installing the Agent on CentOS / RHEL < 8.
To bypass this early failure detection (for instance, if `dnf` and the `python3-dnf` package are available on your host), set the `datadog_ignore_old_centos_python3_error` variable to `true`.
### Windows
Due to a critical bug in Agent versions `6.14.0` and `6.14.1` on Windows, installation of these versions is blocked (starting with version `3.3.0` of this role).
**NOTE:** Ansible fails on Windows if `datadog_agent_version` is set to `6.14.0` or `6.14.1`. Use `6.14.2` or above.
If you are updating from **6.14.0 or 6.14.1 on Windows**, use the following steps:
1. Upgrade the present `datadog.datadog` Ansible role to the latest version (`>=3.3.0`).
2. Set the `datadog_agent_version` to `6.14.2` or above (defaults to latest).
For more details, see [Critical Bug in Uninstaller for Datadog Agent 6.14.0 and 6.14.1 on Windows][11].
[1]: https://galaxy.ansible.com/Datadog/datadog
[2]: https://github.com/DataDog/ansible-datadog
[3]: https://docs.datadoghq.com/agent/autodiscovery
[4]: https://docs.datadoghq.com/agent/guide/integration-management/
[5]: https://github.com/DataDog/integrations-core
[6]: https://docs.datadoghq.com/infrastructure/process/
[7]: https://docs.datadoghq.com/network_performance_monitoring/
[8]: https://docs.datadoghq.com/security_platform/cloud_workload_security/getting_started/
[9]: https://docs.datadoghq.com/network_performance_monitoring/installation/?tab=agent#setup
[10]: https://docs.datadoghq.com/agent/guide/agent-commands/#restart-the-agent
[11]: https://app.datadoghq.com/help/agent_fix

25
ansible-5/roles/datadog.datadog/ci_test/downgrade_to_5.yaml Normal file
View File

@@ -0,0 +1,25 @@
---
- hosts: all
roles:
- { role: '/root/project/'}
vars:
datadog_api_key: "11111111111111111111111111111111"
datadog_agent_major_version: 5
datadog_agent_version: 1:5.23.0-1
datadog_agent_allow_downgrade: yes
datadog_config:
tags: "mytag0, mytag1"
log_level: INFO
apm_enabled: "true" # has to be set as a string
datadog_config_ex:
trace.config:
env: dev
trace.concentrator:
extra_aggregators: version
datadog_checks:
process:
init_config:
instances:
- name: agent
search_string: ['agent']

25
ansible-5/roles/datadog.datadog/ci_test/install_agent_5.yaml Normal file
View File

@@ -0,0 +1,25 @@
---
- hosts: all
roles:
- { role: '/root/project/'}
vars:
datadog_api_key: "11111111111111111111111111111111"
datadog_agent_major_version: 5
# avoid checking that the agent is stopped for centos
datadog_skip_running_check: true
datadog_config:
tags: "mytag0, mytag1"
log_level: INFO
apm_enabled: "true" # has to be set as a string
datadog_config_ex:
trace.config:
env: dev
trace.concentrator:
extra_aggregators: version
datadog_checks:
process:
init_config:
instances:
- name: agent
search_string: ['agent' ]

30
ansible-5/roles/datadog.datadog/ci_test/install_agent_6.yaml Normal file
View File

@@ -0,0 +1,30 @@
---
- hosts: all
roles:
- { role: '/root/project/'}
vars:
datadog_api_key: "11111111111111111111111111111111"
datadog_enabled: false
datadog_agent_major_version: 6
# avoid checking that the agent is stopped for centos
datadog_skip_running_check: true
datadog_config:
tags: "mytag0, mytag1"
log_level: INFO
apm_enabled: "true" # has to be set as a string
datadog_config_ex:
trace.config:
env: dev
trace.concentrator:
extra_aggregators: version
system_probe_config:
sysprobe_socket: /opt/datadog-agent/run/sysprobe.sock
network_config:
enabled: true
datadog_checks:
process:
init_config:
instances:
- name: agent
search_string: ['agent', 'sshd' ]

32
ansible-5/roles/datadog.datadog/ci_test/install_agent_7.yaml Normal file
View File

@@ -0,0 +1,32 @@
---
- hosts: all
roles:
- { role: '/root/project/'}
vars:
datadog_api_key: "11111111111111111111111111111111"
datadog_enabled: false
datadog_agent_major_version: 7
# avoid checking that the agent is stopped for centos
datadog_skip_running_check: true
datadog_config:
tags: "mytag0, mytag1"
log_level: INFO
apm_enabled: "true" # has to be set as a string
datadog_config_ex:
trace.config:
env: dev
trace.concentrator:
extra_aggregators: version
system_probe_config:
sysprobe_socket: /opt/datadog-agent/run/sysprobe.sock
network_config:
enabled: true
runtime_security_config:
enabled: true
datadog_checks:
process:
init_config:
instances:
- name: agent
search_string: ['agent', 'sshd' ]

2
ansible-5/roles/datadog.datadog/ci_test/inventory/ci.ini Normal file
View File

@@ -0,0 +1,2 @@
[test]
127.0.0.1 ansible_connection=local

188
ansible-5/roles/datadog.datadog/defaults/main.yml Normal file
View File

@@ -0,0 +1,188 @@
---
role_version: 4.13.0
# define if the datadog-agent services should be enabled
datadog_enabled: yes
# Whether the datadog.conf / datadog.yaml, system-probe.yaml, security-agent.yaml and checks config under conf.d are managed by Ansible
datadog_manage_config: yes
# default datadog.conf / datadog.yaml options
datadog_config: {}
# default system-probe.yaml options
system_probe_config: {}
network_config: {}
# default checks enabled
datadog_checks: {}
# set this to `true` to delete untracked checks
datadog_disable_untracked_checks: false
# Add additional checks to keep when `datadog_disable_untracked_checks` is set to `true`
datadog_additional_checks: []
# set this to `true` to delete default checks
datadog_disable_default_checks: false
# default user/group
datadog_user: dd-agent
datadog_group: dd-agent
# agent integration variables
integration_command_user_linux: "dd-agent"
integration_command_user_windows: "administrator"
datadog_agent_binary_path_linux: /opt/datadog-agent/bin/agent/agent
datadog_agent_binary_path_windows: "C:\\Program Files\\Datadog\\Datadog Agent\\bin\\agent.exe"
# list of additional groups for datadog_user
datadog_additional_groups: {}
# Major version of the Agent that will be installed.
# Possible values: 5, 6, 7
# By default, version 7 will be installed.
# If datadog_agent_version is defined, the major version will be deduced from it.
datadog_agent_major_version: ""
# Pin agent to a version. Highly recommended.
# Defaults to the latest version of the major version chosen in datadog_agent_major_version
# If both datadog_agent_major_version and datadog_agent_version are set, they must be
# compatible (ie. the major version in datadog_agent_version must be datadog_agent_major_version)
datadog_agent_version: ""
# Default Package name for APT and RPM installs - can override in playbook for IOT Agent
datadog_agent_flavor: "datadog-agent"
# Default apt repo and keyserver
# By default, the role uses the official apt Datadog repository for the chosen major version
# Use the datadog_apt_repo variable to override the repository used.
datadog_apt_repo: ""
datadog_apt_cache_valid_time: 3600
datadog_apt_key_retries: 5
# Default yum repo and keys
# By default, the role uses the official yum Datadog repository for the chosen major version
# Use the datadog_yum_repo variable to override the repository used.
datadog_yum_repo: ""
datadog_yum_repo_gpgcheck: ""
datadog_yum_gpgcheck: yes
# NOTE: we don't use URLs starting with https://keys.datadoghq.com/, as Python
# on older CentOS/RHEL/SUSE doesn't support SNI and get_url would fail on them
datadog_yum_gpgkey: "https://s3.amazonaws.com/public-signing-keys/DATADOG_RPM_KEY.public"
# the CURRENT key always contains the key that is used to sign repodata and latest packages
datadog_yum_gpgkey_current: "https://s3.amazonaws.com/public-signing-keys/DATADOG_RPM_KEY_CURRENT.public"
# this key expires in 2022
datadog_yum_gpgkey_e09422b3: "https://s3.amazonaws.com/public-signing-keys/DATADOG_RPM_KEY_E09422B3.public"
datadog_yum_gpgkey_e09422b3_sha256sum: "694a2ffecff85326cc08e5f1a619937999a5913171e42f166e13ec802c812085"
# this key expires in 2024
datadog_yum_gpgkey_20200908: "https://s3.amazonaws.com/public-signing-keys/DATADOG_RPM_KEY_FD4BF915.public"
datadog_yum_gpgkey_20200908_sha256sum: "4d16c598d3635086762bd086074140d947370077607db6d6395b8523d5c23a7d"
# Default zypper repo and keys
# By default, we fail early & print a helpful message if a Python 3 interpreter is used on CentOS < 8, as
# the 'yum' module is only available on Python 2, and the 'python3-dnf' package is not available before
# CentOS 8.
# If set to true, this option removes this check and allows the install to proceed. Useful in specific setups
# where an old CentOS host using a Python 3 interpreter does have 'dnf' (eg. through backports).
datadog_ignore_old_centos_python3_error: false
# By default, the role uses the official zypper Datadog repository for the chosen major version
# Use the datadog_zypper_repo variable to override the repository used.
datadog_zypper_repo: ""
datadog_zypper_repo_gpgcheck: ""
datadog_zypper_gpgcheck: yes
datadog_zypper_gpgkey: "https://s3.amazonaws.com/public-signing-keys/DATADOG_RPM_KEY.public"
datadog_zypper_gpgkey_sha256sum: "00d6505c33fd95b56e54e7d91ad9bfb22d2af17e5480db25cba8fee500c80c46"
datadog_zypper_gpgkey_current: "https://s3.amazonaws.com/public-signing-keys/DATADOG_RPM_KEY_CURRENT.public"
datadog_zypper_gpgkey_e09422b3: "https://s3.amazonaws.com/public-signing-keys/DATADOG_RPM_KEY_E09422B3.public"
datadog_zypper_gpgkey_e09422b3_sha256sum: "694a2ffecff85326cc08e5f1a619937999a5913171e42f166e13ec802c812085"
datadog_zypper_gpgkey_20200908: "https://s3.amazonaws.com/public-signing-keys/DATADOG_RPM_KEY_FD4BF915.public"
datadog_zypper_gpgkey_20200908_sha256sum: "4d16c598d3635086762bd086074140d947370077607db6d6395b8523d5c23a7d"
# Avoid checking if the agent is running or not. This can be useful if you're
# using sysvinit and providing your own init script.
datadog_skip_running_check: false
# Set this to `yes` to allow agent downgrades on apt-based platforms.
# Internally, this uses `apt-get`'s `--force-yes` option. Use with caution.
# On centos this will only work with ansible 2.4 and up
datadog_agent_allow_downgrade: no
# Default windows latest msi package URL
# By default, will use the official latest msi package for the chosen major version.
# Use the datadog_windows_download_url option to override the msi package used.
datadog_windows_download_url: ""
# The default msi package for each major Agent version is specified in the following variables.
# These variables are for internal use only, do not modify them.
datadog_windows_agent6_latest_url: "https://s3.amazonaws.com/ddagent-windows-stable/datadog-agent-6-latest.amd64.msi"
datadog_windows_agent7_latest_url: "https://s3.amazonaws.com/ddagent-windows-stable/datadog-agent-7-latest.amd64.msi"
# If datadog_agent_version is set, the role will use the following url prefix instead, and append the version number to it
# in order to get the full url to the msi package.
datadog_windows_versioned_url: "https://s3.amazonaws.com/ddagent-windows-stable/ddagent-cli"
# url of the 6.14 fix script. See https://dtdg.co/win-614-fix for more details.
datadog_windows_614_fix_script_url: "https://s3.amazonaws.com/ddagent-windows-stable/scripts/fix_6_14.ps1"
# whether or not to download and apply the above fix
datadog_apply_windows_614_fix: true
# Override to change the name of the windows user to create
datadog_windows_ddagentuser_name: ""
# Override to change the password of the created windows user.
datadog_windows_ddagentuser_password: ""
# Override to change the binary installation directory (instead of default c:\program files\datadog\datadog agent)
datadog_windows_program_files_dir: ""
# Override to change the root of the configuration directory
datadog_windows_config_files_dir: ""
# Default configuration root. Do not modify
datadog_windows_config_root: "{{ ansible_facts.env['ProgramData'] }}\\Datadog"
# do not modify. Default empty value for constructing the list of optional
# arguments to supply to the windows installer.
win_install_args: " "
#
# Internal variables
# The following variables are for internal use only, do not modify them.
#
datadog_apt_trusted_d_keyring: "/etc/apt/trusted.gpg.d/datadog-archive-keyring.gpg"
datadog_apt_usr_share_keyring: "/usr/share/keyrings/datadog-archive-keyring.gpg"
datadog_apt_key_current_name: "DATADOG_APT_KEY_CURRENT"
# NOTE: we don't use URLs starting with https://keys.datadoghq.com/, as Python
# on older Debian/Ubuntu doesn't support SNI and get_url would fail on them
datadog_apt_default_keys:
- key: "{{ datadog_apt_key_current_name }}"
value: https://s3.amazonaws.com/public-signing-keys/DATADOG_APT_KEY_CURRENT.public
- key: A2923DFF56EDA6E76E55E492D3A80E30382E94DE
value: https://s3.amazonaws.com/public-signing-keys/DATADOG_APT_KEY_382E94DE.public
- key: D75CEA17048B9ACBF186794B32637D44F14F620E
value: https://s3.amazonaws.com/public-signing-keys/DATADOG_APT_KEY_F14F620E.public
# The default apt repository for each major Agent version is specified in the following variables.
datadog_agent5_apt_repo: "deb [signed-by={{ datadog_apt_usr_share_keyring }}] https://apt.datadoghq.com/ stable main"
datadog_agent6_apt_repo: "deb [signed-by={{ datadog_apt_usr_share_keyring }}] https://apt.datadoghq.com/ stable 6"
datadog_agent7_apt_repo: "deb [signed-by={{ datadog_apt_usr_share_keyring }}] https://apt.datadoghq.com/ stable 7"
# The default yum repository for each major Agent version is specified in the following variables.
datadog_agent5_yum_repo: "https://yum.datadoghq.com/rpm/{{ ansible_facts.architecture }}"
datadog_agent6_yum_repo: "https://yum.datadoghq.com/stable/6/{{ ansible_facts.architecture }}"
datadog_agent7_yum_repo: "https://yum.datadoghq.com/stable/7/{{ ansible_facts.architecture }}"
# The default zypper repository for each major Agent version is specified in the following variables.
datadog_agent5_zypper_repo: "https://yum.datadoghq.com/suse/rpm/{{ ansible_facts.architecture }}"
datadog_agent6_zypper_repo: "https://yum.datadoghq.com/suse/stable/6/{{ ansible_facts.architecture }}"
datadog_agent7_zypper_repo: "https://yum.datadoghq.com/suse/stable/7/{{ ansible_facts.architecture }}"

11
ansible-5/roles/datadog.datadog/handlers/main-win.yml Normal file
View File

@@ -0,0 +1,11 @@
---
# This file doesn't actually contain "handlers" in the Ansible sense: when running
# our role, Ansible only loads the contents of handlers/main.yml as handlers.
# However, this is here because this is a "handler-like" task that is dynamically
# included by a handler task in handlers/main.yml.
- name: Restart Windows datadogagent service
win_service:
name: datadogagent
state: restarted
force_dependent_services: true
when: datadog_enabled and not ansible_check_mode and ansible_facts.os_family == "Windows"

23
ansible-5/roles/datadog.datadog/handlers/main.yml Normal file
View File

@@ -0,0 +1,23 @@
---
- name: restart datadog-agent-sysprobe
service:
name: datadog-agent-sysprobe
state: restarted
when: datadog_enabled and datadog_sysprobe_enabled and not ansible_check_mode and not ansible_facts.os_family == "Windows"
- name: restart datadog-agent
service:
name: datadog-agent
state: restarted
when: datadog_enabled and not ansible_check_mode and not ansible_facts.os_family == "Windows"
# We can't add the Windows Agent service restart handler directly here because that makes the role require
# the ansible.windows collection on all platforms. We only want it to be needed on Windows.
# Therefore, what we do is the following: when needed, our Windows tasks call this handler to require a
# Windows Agent restart (through notify: restart datadog-agent-win).
# When notified, the below handler is executed at the end of the playbook run.
# The include_tasks loads the handlers/main-win.yml file, which contains the real service restart task
# (which depends on ansible.windows), and runs it, triggering the Windows Agent restart.
- name: restart datadog-agent-win
include_tasks: handlers/main-win.yml

1
ansible-5/roles/datadog.datadog/manual_tests/.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
.vagrant

3
ansible-5/roles/datadog.datadog/manual_tests/Vagrantfile vendored Normal file
View File

@@ -0,0 +1,3 @@
Vagrant.configure("2") do |config|
config.vm.box = "ubuntu/trusty64"
end

2
ansible-5/roles/datadog.datadog/manual_tests/inventory Normal file
View File

@@ -0,0 +1,2 @@
[test_host]
127.0.0.1 ansible_ssh_host=localhost ansible_ssh_user=vagrant ansible_ssh_port=2222 ansible_ssh_private_key_file=./ansible-datadog/manual_tests/.vagrant/machines/default/virtualbox/private_key

9
ansible-5/roles/datadog.datadog/manual_tests/inventory_win Normal file
View File

@@ -0,0 +1,9 @@
[windows]
win ansible_host=127.0.0.1
[windows:vars]
ansible_user=Administrator
ansible_become=no
ansible_connection=winrm
ansible_port=5986
ansible_winrm_server_cert_validation=ignore

44
ansible-5/roles/datadog.datadog/manual_tests/readme.md Normal file
View File

@@ -0,0 +1,44 @@
# Linux test setup with Vagrant
This is an example setup, based on vagrant + virtualbox, that allows to easily run ansible commands to test the module.
## Requirements
- vagrant > 2.0.0
- virtualbox > 5.1.28
## Setup
Run the Vagrantfile defined in `ansible-datadog/manual_tests`:
- provision VM: `vagrant up`
- connect to the VM to check the configuration: `vagrant ssh`
- when done, destroy VM when needed: `vagrant destroy -f`
- From `ansible-datadog`'s parent directory, run:
```shell
ansible-playbook ansible-datadog/manual_tests/test_7_full.yml -i ansible-datadog/manual_tests/inventory
```
Note: Replace `test_7_full.yml` with any of the other yaml files on this directory.
Note: If getting access denied errors, make sure Vagrant is forwarding the VM port 22 to the local port 2222. If using a different port, update the 'inventory' file
# Windows test setup from WSL
## Requirements
- Install Ansible and `pywinrm` inside WSL: `sudo python3 -m pip install ansible pywinrm`
- From an elevated Powershell terminal (outside WSL), run the following script to setup WinRM so Ansible can connect:
https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1
- Make sure the Administrator account is enabled and you know the password (or use a different account in the `inventory_win` file).
## Setup
- From `ansible-datadog`'s parent directory, run in a WSL console (it will ask for the Administrator password each time):
```shell
ansible-playbook -k ansible-datadog/manual_tests/test_7_full.yml -i ansible-datadog/manual_tests/inventory_win
```
Note: Replace `test_7_full.yml` with any of the other yaml files on this directory.

6
ansible-5/roles/datadog.datadog/manual_tests/test_5_default.yml Normal file
View File

@@ -0,0 +1,6 @@
---
- hosts: all
roles:
- { role: ansible-datadog, become: yes }
vars:
datadog_agent_major_version: 5

47
ansible-5/roles/datadog.datadog/manual_tests/test_5_full.yml Normal file
View File

@@ -0,0 +1,47 @@
- hosts: all
roles:
- { role: ansible-datadog, become: yes } # On Ansible < 1.9, use `sudo: yes` instead of `become: yes`
vars:
datadog_agent_major_version: 5
datadog_api_key: "123456"
datadog_agent_version: "1:5.18.0-1" # for apt-based platforms, use a `5.12.3-1` format on yum-based platforms
datadog_agent_allow_downgrade: true
datadog_config:
tags: "mytag0, mytag1"
log_level: INFO
apm_enabled: "true" # has to be set as a string
datadog_config_ex:
trace.config:
env: dev
trace.concentrator:
extra_aggregators: version
datadog_checks:
process:
init_config:
instances:
- name: ssh
search_string: ['ssh', 'sshd' ]
- name: syslog
search_string: ['rsyslog' ]
cpu_check_interval: 0.2
exact_match: true
ignore_denied_access: true
ssh_check:
init_config:
instances:
- host: localhost
port: 22
username: root
password: changeme
sftp_check: True
private_key_file:
add_missing_keys: True
nginx:
init_config:
instances:
- nginx_status_url: http://example.com/nginx_status/
tags:
- instance:foo
- nginx_status_url: http://example2.com:1234/nginx_status/
tags:
- instance:bar

6
ansible-5/roles/datadog.datadog/manual_tests/test_6_default.yml Normal file
View File

@@ -0,0 +1,6 @@
---
- hosts: all
roles:
- { role: ansible-datadog, become: yes }
vars:
datadog_agent_major_version: 6

75
ansible-5/roles/datadog.datadog/manual_tests/test_6_full.yml Normal file
View File

@@ -0,0 +1,75 @@
- hosts: all
roles:
- { role: ansible-datadog, become: yes } # On Ansible < 1.9, use `sudo: yes` instead of `become: yes`
vars:
datadog_agent_major_version: 6
datadog_api_key: "123456"
datadog_agent_allow_downgrade: true
system_probe_config:
source_excludes:
"*":
- 8301
dest_excludes:
"*":
- 8301
network_config:
enabled: true
datadog_config:
tags: "mytag0, mytag1"
log_level: INFO
apm_enabled: "true" # has to be set as a string
# logs related config
logs_enabled: true
logset: main
datadog_config_ex:
trace.config:
env: dev
trace.concentrator:
extra_aggregators: version
datadog_checks:
process:
init_config:
instances:
- name: ssh
search_string: ['ssh', 'sshd' ]
- name: syslog
search_string: ['rsyslog' ]
cpu_check_interval: 0.2
exact_match: true
ignore_denied_access: true
ssh_check:
init_config:
instances:
- host: localhost
port: 22
username: root
password: changeme
sftp_check: True
private_key_file:
add_missing_keys: True
nginx:
init_config:
instances:
- nginx_status_url: http://example.com/nginx_status/
tags:
- instance:foo
- nginx_status_url: http://example2.com:1234/nginx_status/
tags:
- instance:bar
logs:
- type: file
path: /var/log/nginx.log
service: nginx
source: nginx
sourcecategory: webapp
tags: env:prod
- type: tcp
port: 10514
service: webapp
source: php
sourcecategory: front
log_processing_rules:
- type: exclude_at_match
name: exclude_datadoghq_users
# Regexp can be anything
pattern: User=\w+@datadoghq.com

4
ansible-5/roles/datadog.datadog/manual_tests/test_7_default.yml Normal file
View File

@@ -0,0 +1,4 @@
---
- hosts: all
roles:
- { role: ansible-datadog, become: yes }

80
ansible-5/roles/datadog.datadog/manual_tests/test_7_full.yml Normal file
View File

@@ -0,0 +1,80 @@
- hosts: all
roles:
- { role: ansible-datadog, become: yes } # On Ansible < 1.9, use `sudo: yes` instead of `become: yes`
vars:
datadog_agent_major_version: 7
datadog_api_key: "123456"
datadog_agent_allow_downgrade: true
system_probe_config:
source_excludes:
"*":
- 8301
dest_excludes:
"*":
- 8301
network_config:
enabled: true
datadog_config:
tags: "mytag0, mytag1"
log_level: INFO
apm_enabled: "true" # has to be set as a string
# logs related config
logs_enabled: true
logset: main
datadog_config_ex:
trace.config:
env: dev
trace.concentrator:
extra_aggregators: version
datadog_integration:
datadog-aqua:
action: 'install'
version: '1.0.0'
third_party: true
datadog_checks:
process:
init_config:
instances:
- name: ssh
search_string: ['ssh', 'sshd' ]
- name: syslog
search_string: ['rsyslog' ]
cpu_check_interval: 0.2
exact_match: true
ignore_denied_access: true
ssh_check:
init_config:
instances:
- host: localhost
port: 22
username: root
password: changeme
sftp_check: True
private_key_file:
add_missing_keys: True
nginx:
init_config:
instances:
- nginx_status_url: http://example.com/nginx_status/
tags:
- instance:foo
- nginx_status_url: http://example2.com:1234/nginx_status/
tags:
- instance:bar
logs:
- type: file
path: /var/log/nginx.log
service: nginx
source: nginx
sourcecategory: webapp
tags: env:prod
- type: tcp
port: 10514
service: webapp
source: php
sourcecategory: front
log_processing_rules:
- type: exclude_at_match
name: exclude_datadoghq_users
# Regexp can be anything
pattern: User=\w+@datadoghq.com

2
ansible-5/roles/datadog.datadog/meta/.galaxy_install_info Normal file
View File

@@ -0,0 +1,2 @@
install_date: Sat 22 Jan 2022 05:30:07 PM
version: 4.13.0

52
ansible-5/roles/datadog.datadog/meta/main.yml Normal file
View File

@@ -0,0 +1,52 @@
---
galaxy_info:
role_name: datadog
namespace: datadog
author: 'Brian Akins, Dustin Brown & Datadog'
description: Install Datadog agent and configure checks
license: Apache2
min_ansible_version: 2.6
github_branch: main
platforms:
- name: Ubuntu
versions:
- trusty
- xenial
- artful
- bionic
- name: Debian
versions:
- wheezy
- jessie
- stretch
- buster
- name: EL
versions:
- 8
- 7
- 6
- name: opensuse
versions:
- 12.1
- 12.2
- 12.3
- 13.1
- 13.2
- name: SLES
versions:
- 11SP3
- 11SP4
- 12
- 12SP1
- 15
- name: Windows
versions:
- 2008x64
- 2008R2
- 2012
- 2012R2
- 2016
- 2019
galaxy_tags:
- monitoring
dependencies: []

83
ansible-5/roles/datadog.datadog/tasks/_apt-key-import.yml Normal file
View File

@@ -0,0 +1,83 @@
# We allow users to specify a file from which to import keys, so we expect
# that to be a binary keyring; at the same time, we have ascii armored
# individual keys at keys.datadoghq.com that we import. The below procedure
# can be called for a URL pointing to a keyring or an ascii armored file
# and extract and import a specific key from it (we specialcase the
# DATADOG_APT_KEY_CURRENT value, which we always expect to be ascii
# armored individual key).
# NOTE: we use 'noqa risky-shell-pipe' throughout this file, because Debian's
# default shell is /bin/sh which doesn't have a pipefail option and the
# presence of a different shell isn't guaranteed.
# NOTE: in order to display Ansible's `changed: [hostname]` properly throughout
# tasks in this file, we added `changed_when: false` to a lot of them, even if
# they actually run every time (e.g. importing the CURRENT key). The reason is
# that they operate inside a temporary directory and they don't have a
# permanent effect on the host (nothing will actually change on the host
# whether these tasks run or not) except the last one - the actual import of
# the key to `datadog_apt_usr_share_keyring`.
- name: "Set local variables for processed key {{ item.key }}"
set_fact:
key_fingerprint: "{{ item.key }}"
keyring_url: "{{ item.value }}"
- name: "Find out whether key {{ key_fingerprint }} is already imported"
shell: "gpg --no-default-keyring --keyring {{ datadog_apt_usr_share_keyring }} --list-keys --with-fingerprint --with-colons | grep {{ key_fingerprint }}" # noqa risky-shell-pipe
register: key_exists_result
failed_when: false # we expect the command to fail when the key is not found; we never want this task to fail
changed_when: key_exists_result.rc != 0
when: key_fingerprint != datadog_apt_key_current_name # we always want to import the CURRENT key
- name: "Set local helper variable for determining key import (when not {{ datadog_apt_key_current_name }})"
set_fact:
key_needs_import: "{{ 'false' if key_exists_result.rc == 0 else 'true' }}"
when: key_fingerprint != datadog_apt_key_current_name
- name: "Set local helper variable for determining key import (when {{ datadog_apt_key_current_name }})"
set_fact:
key_needs_import: "true"
when: key_fingerprint == datadog_apt_key_current_name
- name: "Create temporary directory for key manipulation"
tempfile:
state: directory
suffix: keys
register: tempdir
when: key_needs_import
changed_when: false
- name: "Download {{ keyring_url }} to import key {{ key_fingerprint }}"
get_url:
url: "{{ keyring_url }}"
dest: "{{ tempdir.path }}/{{ key_fingerprint }}"
force: yes
when: key_needs_import
changed_when: false
# gpg --dearmor called on a binary keyring does nothing
- name: "Ensure downloaded file for {{ key_fingerprint }} is a binary keyring"
shell: "cat {{ tempdir.path }}/{{ key_fingerprint }} | gpg --dearmor > {{ tempdir.path }}/binary.gpg" # noqa risky-shell-pipe
when: key_needs_import
changed_when: false
- name: "Extract the required key from the binary keyring (when not {{ datadog_apt_key_current_name }})"
shell: "gpg --no-default-keyring --keyring {{ tempdir.path }}/binary.gpg --export {{ key_fingerprint }} > {{ tempdir.path }}/single.gpg"
when: key_fingerprint != datadog_apt_key_current_name and key_needs_import
changed_when: false
- name: "Extract the required key from the binary keyring (when {{ datadog_apt_key_current_name }})"
copy:
src: "{{ tempdir.path }}/binary.gpg"
dest: "{{ tempdir.path }}/single.gpg"
mode: "0600"
remote_src: yes
when: key_fingerprint == datadog_apt_key_current_name and key_needs_import
changed_when: false
- name: "Import key {{ key_fingerprint }} to {{ datadog_apt_usr_share_keyring }} keyring"
shell: "cat {{ tempdir.path }}/single.gpg | gpg --no-default-keyring --keyring {{ datadog_apt_usr_share_keyring }} --import --batch" # noqa risky-shell-pipe
when: key_needs_import
register: key_import_result
changed_when: '"imported: 1" in key_import_result.stderr'

198
ansible-5/roles/datadog.datadog/tasks/agent-linux.yml Normal file
View File

@@ -0,0 +1,198 @@
---
- name: Populate service facts
service_facts:
- name: Set before 6/7.24.1 flag
set_fact:
datadog_before_7241: "{{ datadog_major is defined and datadog_minor is defined and datadog_bugfix is defined
and datadog_major | int < 8
and (datadog_minor | int < 24 or (datadog_minor | int == 24 and datadog_bugfix | int < 1)) }}"
- name: Set before 6/7.18.0 flag
set_fact:
datadog_before_7180: "{{ datadog_major is defined and datadog_minor is defined
and datadog_major | int < 8 and datadog_minor | int < 18 }}"
- name: Add "{{ datadog_user }}" user to additional groups
user: name="{{ datadog_user }}" groups="{{ datadog_additional_groups }}" append=yes
when: datadog_additional_groups | default([], true) | length > 0
notify: restart datadog-agent
- name: Create Datadog agent config directory
file:
dest: /etc/datadog-agent
state: directory
mode: 0755
when: datadog_manage_config
- name: Create main Datadog agent configuration file
template:
src: datadog.yaml.j2
dest: /etc/datadog-agent/datadog.yaml
mode: 0640
owner: "{{ datadog_user }}"
group: "{{ datadog_group }}"
when: datadog_manage_config
notify: restart datadog-agent
- name: Register all checks directories present in datadog
find:
paths: /etc/datadog-agent/conf.d/
patterns:
- "*.d"
file_type: directory
register: datadog_conf_directories
when: datadog_manage_config and (datadog_disable_untracked_checks or datadog_disable_default_checks)
- name: Delete checks not present in datadog_tracked_checks
file:
path: "/etc/datadog-agent/conf.d/{{ item }}.d/conf.yaml"
state: absent
loop: "{{ datadog_conf_directories.files | map(attribute='path') | list | map('basename') | list | map('regex_replace', '^(.*).d$', '\\1') | list }}"
when: datadog_manage_config and datadog_disable_untracked_checks and item not in datadog_tracked_checks
notify: restart datadog-agent
- name: Delete all default checks
file:
path: "/etc/datadog-agent/conf.d/{{ item }}.d/conf.yaml.default"
state: absent
loop: "{{ datadog_conf_directories.files | map(attribute='path') | list | map('basename') | list | map('regex_replace', '^(.*).d$', '\\1') | list }}"
when: datadog_manage_config and datadog_disable_default_checks and item not in datadog_tracked_checks
notify: restart datadog-agent
- name: Ensure configuration directories are present for each Datadog check
file:
dest: "/etc/datadog-agent/conf.d/{{ item }}.d"
state: directory
owner: "{{ datadog_user }}"
group: "{{ datadog_group }}"
mode: 0755
with_items: '{{ datadog_checks|list }}'
when: datadog_manage_config
- name: Create a configuration file for each Datadog check
template:
src: checks.yaml.j2
dest: "/etc/datadog-agent/conf.d/{{ item }}.d/conf.yaml"
mode: 0640
owner: "{{ datadog_user }}"
group: "{{ datadog_group }}"
with_items: "{{ datadog_checks|list }}"
when: datadog_manage_config
notify: restart datadog-agent
- name: Remove old configuration file for each Datadog check
file:
dest: "/etc/datadog-agent/conf.d/{{ item }}.yaml"
state: absent
with_items: "{{ datadog_checks|list }}"
when: datadog_manage_config
notify: restart datadog-agent
- name: Create system-probe configuration file
template:
src: system-probe.yaml.j2
dest: /etc/datadog-agent/system-probe.yaml
mode: 0640
owner: "root"
group: "{{ datadog_group }}"
when: datadog_manage_config
notify:
"{% if datadog_before_7180 %}restart datadog-agent-sysprobe{% else %}restart datadog-agent{% endif %}"
- name: Set system probe installed
set_fact:
datadog_sysprobe_installed: "{{ ansible_facts.services['datadog-agent-sysprobe'] is defined
or ansible_facts.services['datadog-agent-sysprobe.service'] is defined }}"
when: not datadog_skip_running_check
# Before 6/7.24.1, system_probe_config controls the system-probe service
# datadog_minor is only defined when a specific Agent version is given
# (see tasks/parse-version.yml)
- name: Set system probe enabled (before 6/7.24.1)
set_fact:
datadog_sysprobe_enabled: "{{ system_probe_config is defined
and 'enabled' in (system_probe_config | default({}, true))
and system_probe_config['enabled']
and datadog_sysprobe_installed }}"
when: not datadog_skip_running_check
and datadog_before_7241
# Since 6/7.24.1, setting enabled: true in network_config is enough to start the system-probe service:
# https://docs.datadoghq.com/network_monitoring/performance/setup/?tab=agent#setup
- name: Set system probe enabled (since 6/7.24.1)
set_fact:
datadog_sysprobe_enabled: "{{
((system_probe_config is defined
and 'enabled' in (system_probe_config | default({}, true))
and system_probe_config['enabled'])
or (network_config is defined
and 'enabled' in (network_config | default({}, true))
and network_config['enabled']))
and datadog_sysprobe_installed }}"
when: not datadog_skip_running_check
and (not datadog_before_7241)
- name: Ensure datadog-agent is running
service:
name: datadog-agent
state: started
enabled: yes
when: not datadog_skip_running_check and datadog_enabled and not ansible_check_mode
- name: Ensure datadog-agent-sysprobe is running if enabled and installed
service:
name: datadog-agent-sysprobe
state: started
enabled: yes
when: not datadog_skip_running_check and datadog_enabled and not ansible_check_mode and datadog_sysprobe_enabled
- name: Ensure datadog-agent, datadog-agent-process and datadog-agent-trace are not running
service:
name: "{{ item }}"
state: stopped
enabled: no
when: not datadog_skip_running_check and not datadog_enabled
with_list:
- datadog-agent
- datadog-agent-process
- datadog-agent-trace
# Stop system-probe manually on Agent versions < 6/7.18, as it was not tied
# to the main Agent service: https://github.com/DataDog/datadog-agent/pull/4883
- name: Ensure datadog-agent-sysprobe is stopped if disabled or not installed (before 6/7.18.0)
service:
name: datadog-agent-sysprobe
state: stopped
enabled: no
when: not datadog_skip_running_check
and (not datadog_enabled or not datadog_sysprobe_enabled)
and datadog_before_7180
and datadog_sysprobe_installed
- name: Ensure datadog-agent-security is not running
service:
name: datadog-agent-security
state: stopped
enabled: no
when: not datadog_skip_running_check and not datadog_enabled
ignore_errors: yes # Since older versions of the Agent don't include the security agent
- name: Create security-agent configuration file
template:
src: security-agent.yaml.j2
dest: /etc/datadog-agent/security-agent.yaml
mode: 0640
owner: "root"
group: "{{ datadog_group }}"
when: datadog_manage_config
notify:
"{% if datadog_before_7180 %}restart datadog-agent-sysprobe{% else %}restart datadog-agent{% endif %}"
- name: Create installation information file
template:
src: install_info.j2
dest: /etc/datadog-agent/install_info
owner: "{{ datadog_user }}"
group: "{{ datadog_group }}"
mode: 0644

96
ansible-5/roles/datadog.datadog/tasks/agent-win.yml Normal file
View File

@@ -0,0 +1,96 @@
---
- name: Create main Datadog agent configuration file
win_template:
#FIXME: should have permissions set to only be readable by ddagentuser
src: datadog.yaml.j2
dest: "{{ datadog_windows_config_root }}\\datadog.yaml"
when: datadog_manage_config
notify: restart datadog-agent-win
- name: Register all checks directories present in datadog
win_find:
paths: "{{ ansible_facts.env['ProgramData'] }}\\Datadog\\conf.d"
patterns:
- "*.d"
file_type: directory
register: datadog_conf_directories
when: datadog_manage_config and (datadog_disable_untracked_checks or datadog_disable_default_checks)
- name: Delete checks not present in datadog_tracked_checks
win_file:
path: "{{ ansible_facts.env['ProgramData'] }}\\Datadog\\conf.d\\{{ item }}.d\\conf.yaml"
state: absent
loop: "{{ datadog_conf_directories.files | map(attribute='path') | list | map('win_basename') | list | map('regex_replace', '^(.*).d$', '\\1') | list }}"
when: datadog_manage_config and datadog_disable_untracked_checks and item not in datadog_tracked_checks
notify: restart datadog-agent-win
- name: Delete default checks
win_file:
path: "{{ ansible_facts.env['ProgramData'] }}\\Datadog\\conf.d\\{{ item }}.d\\conf.yaml.default"
state: absent
loop: "{{ datadog_conf_directories.files | map(attribute='path') | list | map('win_basename') | list | map('regex_replace', '^(.*).d$', '\\1') | list }}"
when: datadog_manage_config and datadog_disable_default_checks and item not in datadog_tracked_checks
notify: restart datadog-agent-win
- name: Ensure configuration directories are present for each Datadog check
win_file:
path: "{{ datadog_windows_config_root }}\\conf.d\\{{ item }}.d"
state: directory
with_items: '{{ datadog_checks|list }}'
when: datadog_manage_config
- name: Create a configuration file for each Datadog check
win_template:
src: checks.yaml.j2
dest: "{{ datadog_windows_config_root }}\\conf.d\\{{ item }}.d\\conf.yaml"
with_items: "{{ datadog_checks|list }}"
when: datadog_manage_config
notify: restart datadog-agent-win
- name: Remove old configuration file for each Datadog check
win_file:
path: "{{ datadog_windows_config_root }}\\conf.d\\{{ item }}.yaml"
state: absent
with_items: "{{ datadog_checks|list }}"
when: datadog_manage_config
notify: restart datadog-agent-win
- name: Ensure datadog-trace-agent and datadog-process-agent are not disabled
win_service:
name: "{{ item }}"
start_mode: manual
when: not datadog_skip_running_check and datadog_enabled and not ansible_check_mode
with_list:
- datadog-trace-agent
- datadog-process-agent
- name: Create system-probe configuration file
win_template:
src: system-probe.yaml.j2
dest: "{{ datadog_windows_config_root }}\\system-probe.yaml"
when: datadog_manage_config
notify: restart datadog-agent-win
- name: Ensure datadog-agent is running
win_service:
name: datadogagent
state: started
start_mode: auto
when: not datadog_skip_running_check and datadog_enabled and not ansible_check_mode
- name: Ensure datadog-agent is disabled
win_service:
name: "{{ item }}"
state: stopped
start_mode: disabled
when: not datadog_skip_running_check and not datadog_enabled
with_list:
- datadog-trace-agent
- datadog-process-agent
- datadogagent
- name: Create installation information file
template:
src: install_info.j2
dest: "{{ datadog_windows_config_root }}\\install_info"
mode: 0644

77
ansible-5/roles/datadog.datadog/tasks/agent5-linux.yml Normal file
View File

@@ -0,0 +1,77 @@
---
- name: (agent5) Create Datadog agent config directory
file:
dest: /etc/dd-agent
state: directory
mode: 0755
when: datadog_manage_config
- name: (agent5) Create main Datadog agent configuration file
template:
src: datadog.conf.j2
dest: /etc/dd-agent/datadog.conf
owner: "{{ datadog_user }}"
group: "{{ datadog_group }}"
mode: 0644 #FIXME: should have permissions set to only be readable by owner
when: datadog_manage_config
notify: restart datadog-agent
- name: (agent5) Ensure datadog-agent is running
service:
name: datadog-agent
state: started
enabled: yes
when: not datadog_skip_running_check and datadog_enabled and not ansible_check_mode
- name: (agent5) Ensure datadog-agent is not running
service:
name: datadog-agent
state: stopped
enabled: no
when: not datadog_skip_running_check and not datadog_enabled
- name: Register all checks files present in datadog
find:
paths: /etc/dd-agent/conf.d/
patterns:
- "*.yaml"
file_type: file
register: datadog_conf_files
when: datadog_manage_config and datadog_disable_untracked_checks
- name: Register all checks files present in datadog
find:
paths: /etc/dd-agent/conf.d/
patterns:
- "*.yaml.default"
file_type: file
register: datadog_conf_files_default
when: datadog_manage_config and datadog_disable_default_checks
- name: Delete checks not present in datadog_tracked_checks
file:
path: "/etc/dd-agent/conf.d/{{ item }}.yaml"
state: absent
loop: "{{ datadog_conf_files.files | map(attribute='path') | list | map('basename') | list | map('regex_replace', '^(.*).yaml$', '\\1') | list }}"
when: datadog_manage_config and datadog_disable_untracked_checks and item not in datadog_tracked_checks
notify: restart datadog-agent
- name: Delete default checks
file:
path: "/etc/dd-agent/conf.d/{{ item }}.yaml.default"
state: absent
loop: "{{ datadog_conf_files_default.files | map(attribute='path') | list
| map('basename') | list | map('regex_replace', '^(.*).yaml.default$', '\\1') | list }}"
when: datadog_manage_config and datadog_disable_default_checks and item not in datadog_tracked_checks
notify: restart datadog-agent
- name: (agent5) Create a configuration file for each Datadog check
template:
src: checks.yaml.j2
dest: "/etc/dd-agent/conf.d/{{ item }}.yaml"
owner: "{{ datadog_user }}"
group: "{{ datadog_group }}"
mode: 0644 #FIXME: should have permissions set to only be readable by owner
with_items: "{{ datadog_checks|list }}"
when: datadog_manage_config
notify: restart datadog-agent

3
ansible-5/roles/datadog.datadog/tasks/facts-ansible10.yml Normal file
View File

@@ -0,0 +1,3 @@
---
- name: Gather Ansible Facts
ansible.builtin.setup: # If the full prefix isn't specified in Ansible 2.10+, we might end up running `ansible.windows.setup` instead.

3
ansible-5/roles/datadog.datadog/tasks/facts-ansible9.yml Normal file
View File

@@ -0,0 +1,3 @@
---
- name: Gather Ansible Facts
setup:

67
ansible-5/roles/datadog.datadog/tasks/integration.yml Normal file
View File

@@ -0,0 +1,67 @@
---
- name: set agent binary path (windows)
set_fact:
datadog_agent_binary_path: "{{ datadog_agent_binary_path_windows }}"
when: ansible_facts.os_family == "Windows"
- name: set agent binary path (unix)
set_fact:
datadog_agent_binary_path: "{{ datadog_agent_binary_path_linux }}"
when: ansible_facts.os_family != "Windows"
- name: set agent user for integration commmand (windows)
set_fact:
integration_command_user: "{{ integration_command_user_windows }}"
when: ansible_facts.os_family == "Windows"
- name: set agent agent binary path (unix)
set_fact:
integration_command_user: "{{ integration_command_user_linux }}"
when: ansible_facts.os_family != "Windows"
- name: Validate integrations actions
fail:
msg: "Unkown action '{{ item.value.action }}' for integration command ({{ item.key }}). Valid actions are 'install' and 'remove'"
when: item.value.action != "install" and item.value.action != "remove"
loop: "{{ datadog_integration|dict2items }}"
# Remove Integrations
- name: Removing integrations (Unix)
command:
argv:
- "{{ datadog_agent_binary_path }}"
- integration
- remove
- "{{ item.key }}"
become: yes
become_user: "{{ integration_command_user }}"
loop: "{{ datadog_integration|dict2items }}"
when: item.value.action == "remove" and ansible_facts.os_family != "Windows"
- name: Removing integrations (Windows)
win_command: "\"{{ datadog_agent_binary_path }}\" integration remove {{ item.key }}"
become: yes
become_user: "{{ integration_command_user }}"
loop: "{{ datadog_integration|dict2items }}"
when: item.value.action == "remove" and ansible_facts.os_family == "Windows"
# Install integrations
- name: Install pinned version of integrations (Unix)
command: "{{ datadog_agent_binary_path }} integration install {{ third_party }} {{ item.key }}=={{ item.value.version }}"
become: yes
become_user: "{{ integration_command_user }}"
vars:
third_party: "{% if 'third_party' in item.value and item.value.third_party | bool %}--third-party{% endif %}"
loop: "{{ datadog_integration|dict2items }}"
when: item.value.action == "install" and ansible_facts.os_family != "Windows"
- name: Install pinned version of integrations (Windows)
win_command: "\"{{ datadog_agent_binary_path }}\" integration install {{ third_party }} {{ item.key }}=={{ item.value.version }}"
become: yes
vars:
third_party: "{% if 'third_party' in item.value and item.value.third_party | bool %}--third-party{% endif %}"
become_user: "{{ integration_command_user }}"
loop: "{{ datadog_integration|dict2items }}"
when: item.value.action == "install" and ansible_facts.os_family == "Windows"

52
ansible-5/roles/datadog.datadog/tasks/main.yml Normal file
View File

@@ -0,0 +1,52 @@
---
- name: Include Gather Ansible Facts task on Ansible >= 2.10
include_tasks: facts-ansible10.yml
when: ansible_version.major >= 2 and ansible_version.minor >= 10
- name: Include Gather Ansible Facts task on Ansible < 2.10
include_tasks: facts-ansible9.yml
when: ansible_version.major == 2 and ansible_version.minor < 10
- name: Check if OS is supported
include_tasks: os-check.yml
- name: Resolve datadog_tracked_checks later to defend against variable presidence issues arising from dynamically included null datadog_checks
include_tasks: sanitize-checks.yml
# Also sets datadog_skip_install
- name: Set Facts for Datadog Agent Major Version
include_tasks: set-parse-version.yml
- name: Debian Install Tasks
include_tasks: pkg-debian.yml
when: ansible_facts.os_family == "Debian" and not datadog_skip_install
- name: RedHat Install Tasks
include_tasks: pkg-redhat.yml
when: ansible_facts.os_family == "RedHat" and not datadog_skip_install
- name: Suse Install Tasks
include_tasks: pkg-suse.yml
when: ansible_facts.os_family == "Suse" and not datadog_skip_install
# Note we don't check datadog_skip_install variable value for windows here,
# because some tasks in pkg-windows.yml are carried out regardless of its value.
- name: Windows Install Tasks
include_tasks: pkg-windows.yml
when: ansible_facts.os_family == "Windows"
- name: Linux Configuration Tasks (Agent 5)
include_tasks: agent5-linux.yml
when: datadog_agent_major_version | int == 5 and ansible_facts.os_family != "Windows"
- name: Linux Configuration Tasks
include_tasks: agent-linux.yml
when: datadog_agent_major_version | int > 5 and ansible_facts.os_family != "Windows"
- name: Windows Configuration Tasks
include_tasks: agent-win.yml
when: datadog_agent_major_version | int > 5 and ansible_facts.os_family == "Windows"
- name: Integrations Tasks
include_tasks: integration.yml
when: datadog_integration is defined

5
ansible-5/roles/datadog.datadog/tasks/os-check.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- name: Fail if OS is not supported
fail:
msg: "The Datadog Ansible role does not support your OS yet. Please email support@datadoghq.com to open a feature request."
when: ansible_facts.os_family not in ["RedHat", "Debian", "Suse", "Windows"]

96
ansible-5/roles/datadog.datadog/tasks/parse-version.yml Normal file
View File

@@ -0,0 +1,96 @@
---
- name: Parse Agent version
set_fact:
agent_version: "{{ datadog_agent_version | regex_search(regexp, '\\g<epoch>', '\\g<major>', '\\g<minor>', '\\g<bugfix>', '\\g<suffix>', '\\g<release>') }}"
vars:
regexp: '(?:(?P<epoch>[0-9]+):)?(?P<major>[0-9]+)\.(?P<minor>[0-9]+)\.(?P<bugfix>[0-9]+)(?P<suffix>(?:~|-)[^0-9\s-]+[^-\s]*)?(?:-(?P<release>[0-9]+))?'
- name: Set version vars
set_fact:
datadog_epoch: "{{ agent_version.0 }}"
datadog_major: "{{ agent_version.1 }}"
datadog_minor: "{{ agent_version.2 }}"
datadog_bugfix: "{{ agent_version.3 }}"
datadog_suffix: "{{ agent_version.4 }}"
datadog_release: "{{ agent_version.5 }}"
- name: Fill empty version epoch with default
set_fact:
datadog_epoch: "1"
when: datadog_epoch | length == 0
- name: Fill empty version release with default
set_fact:
datadog_release: "1"
when: datadog_release | length == 0
- name: Stop play if datadog_agent_version and datadog_agent_major_version are not compatible
fail:
msg: "The provided major version {{ datadog_agent_major_version }} is not compatible with the
version {{ datadog_major }} deduced from datadog_agent_version ({{ datadog_agent_version }}).
Aborting play."
when: datadog_agent_major_version | length > 0 and datadog_major != datadog_agent_major_version
- name: Set datadog_agent_major_version to deduced value from datadog_agent_version
set_fact:
datadog_agent_major_version: "{{ datadog_major }}"
- name: Set OS-specific versions
# NOTE: if changing these, make sure the format correspond with values in datadog_version_finding_cmds below
set_fact:
datadog_agent_debian_version: "{{ datadog_epoch }}:{{ datadog_major }}.{{ datadog_minor }}.{{ datadog_bugfix }}{{ datadog_suffix }}-{{ datadog_release }}"
datadog_agent_redhat_version: "{{ datadog_major }}.{{ datadog_minor }}.{{ datadog_bugfix }}{{ datadog_suffix }}-{{ datadog_release }}"
datadog_agent_suse_version: "{{ datadog_epoch }}:{{ datadog_major }}.{{ datadog_minor }}.{{ datadog_bugfix }}{{ datadog_suffix }}-{{ datadog_release }}"
datadog_agent_windows_version: "{{ datadog_major }}.{{ datadog_minor }}.{{ datadog_bugfix }}{{ datadog_suffix }}"
- name: Construct commands to find Agent version
set_fact:
datadog_version_finding_cmds:
Debian: "dpkg -s {{ datadog_agent_flavor }} | grep '^Version:' | awk '{print $2}'"
RedHat: "rpm -q --qf '%{VERSION}-%{RELEASE}' {{ datadog_agent_flavor }}"
Suse: "rpm -q --qf '%{EPOCH}:%{VERSION}-%{RELEASE}' {{ datadog_agent_flavor }}"
- name: Create OS-specific version dict
set_fact:
datadog_agent_os2version:
Debian: "{{ datadog_agent_debian_version }}"
RedHat: "{{ datadog_agent_redhat_version }}"
Suse: "{{ datadog_agent_suse_version }}"
Windows: "{{ datadog_agent_windows_version }}"
- name: Get Linux Agent version
shell: "{{ datadog_version_finding_cmds[ansible_facts.os_family] }}" # noqa 305 - Ansible lint thinks we could use command, but we need shell because some of the cmds have pipes
register: datadog_version_check_linux
changed_when: false
failed_when: false
check_mode: no
when: ansible_facts.system is defined and ansible_facts.system == "Linux"
# NOTE: This won't work with rc / beta builds.
- name: Get Windows Agent version
win_shell: |
$product_name = "Datadog Agent"
$query = "Select Name,IdentifyingNumber,InstallDate,InstallLocation,ProductID,Version FROM Win32_Product where Name like '$product_name%'"
$installs = Get-WmiObject -query $query
if (!$installs -or ($installs.Count -eq 0) -or ($installs.Count -gt 1)) {
Write-Host ""
} else {
$ddmaj, $ddmin, $ddpatch, $ddbuild = $installs.Version.split(".")
Write-Host "$($ddmaj).$($ddmin).$($ddpatch)"
}
register: datadog_version_check_win
changed_when: false
failed_when: false
check_mode: no
when: ansible_facts.os_family == "Windows"
- name: Set skip install flag if version already installed (Linux)
set_fact:
datadog_skip_install: "{{ datadog_version_check_linux.stdout | trim == datadog_agent_os2version[ansible_facts.os_family] }}"
when: ansible_facts.system is defined and ansible_facts.system == "Linux"
- name: Set skip install flag if version already installed (Windows)
set_fact:
datadog_skip_install: "{{ datadog_version_check_win.stdout | trim == datadog_agent_os2version[ansible_facts.os_family] }}"
when: ansible_facts.os_family == "Windows"

127
ansible-5/roles/datadog.datadog/tasks/pkg-debian.yml Normal file
View File

@@ -0,0 +1,127 @@
---
- name: Install apt-transport-https
apt:
update_cache: yes
name: apt-transport-https
state: present
when: not ansible_check_mode
- name: Install gnupg
apt:
update_cache: yes
name: gnupg
state: present
when: not ansible_check_mode
- name: "Check if {{ datadog_apt_usr_share_keyring }} exists with correct mode"
stat:
path: "{{ datadog_apt_usr_share_keyring }}"
register: apt_keyring_file
- name: "Ensure {{ datadog_apt_usr_share_keyring }} exists"
file:
path: "{{ datadog_apt_usr_share_keyring }}"
owner: root
group: root
mode: "0644"
state: touch
when: not ansible_check_mode and (not apt_keyring_file.stat.exists or not apt_keyring_file.stat.mode == "0644")
- name: Install apt keys from default URLs
include_tasks: _apt-key-import.yml
with_items:
"{{ datadog_apt_default_keys }}"
when: datadog_apt_key_url_new is not defined and not ansible_check_mode
- name: Install apt keys from custom URL
include_tasks: _apt-key-import.yml
with_items:
- key: A2923DFF56EDA6E76E55E492D3A80E30382E94DE
value: "{{ datadog_apt_key_url_new }}"
- key: D75CEA17048B9ACBF186794B32637D44F14F620E
value: "{{ datadog_apt_key_url_new }}"
when: datadog_apt_key_url_new is defined and not ansible_check_mode
- name: "Ensure {{ datadog_apt_trusted_d_keyring }} exists with same contents as {{ datadog_apt_usr_share_keyring }} for older distro versions"
copy:
src: "{{ datadog_apt_usr_share_keyring }}"
dest: "{{ datadog_apt_trusted_d_keyring }}"
mode: "0644"
remote_src: yes
when: ((ansible_distribution == 'Debian' and ansible_distribution_major_version|int < 9) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version|int < 16)) and not ansible_check_mode
- name: Ensure Datadog non-https repositories and repositories not using signed-by option are deprecated
apt_repository:
repo: "{{ item }}"
state: "absent"
update_cache: yes
with_items:
- "deb http://apt.datadoghq.com/ stable main"
- "deb http://apt.datadoghq.com/ stable 6"
- "deb http://apt.datadoghq.com/ stable 7"
- "deb https://apt.datadoghq.com/ stable main"
- "deb https://apt.datadoghq.com/ stable 6"
- "deb https://apt.datadoghq.com/ stable 7"
when: not ansible_check_mode
- name: Ensure Datadog repository is up-to-date
apt_repository:
filename: "ansible_datadog_{{ item.key }}"
repo: "{{ item.value }}"
state: "{% if item.key == datadog_agent_major_version|int and datadog_apt_repo | length == 0 %}present{% else %}absent{% endif %}"
update_cache: yes
when: (not ansible_check_mode)
with_dict:
5: '{{ datadog_agent5_apt_repo }}'
6: '{{ datadog_agent6_apt_repo }}'
7: '{{ datadog_agent7_apt_repo }}'
- name: Initialize custom repo file deletion flag to False
set_fact:
datadog_remove_custom_repo_file: "False"
- name: Check if custom repository file exists
stat:
path: /etc/apt/sources.list.d/ansible_datadog_custom.list
register: datadog_custom_repo_file
- name: Fetch custom repository file
slurp:
src: /etc/apt/sources.list.d/ansible_datadog_custom.list
register: datadog_custom_repo_file_contents
when: datadog_custom_repo_file.stat.exists
- name: Flag custom repository file for deletion if different from current repository config
set_fact:
datadog_remove_custom_repo_file: "{{ datadog_repo_file_contents != datadog_apt_repo }}"
vars:
datadog_repo_file_contents: "{{ datadog_custom_repo_file_contents['content'] | b64decode | trim }}"
when: datadog_custom_repo_file.stat.exists
- name: (Custom) Remove Datadog custom repository file when not set or updated
file:
path: /etc/apt/sources.list.d/ansible_datadog_custom.list
state: absent
when: (datadog_apt_repo | length == 0) or datadog_remove_custom_repo_file and (not ansible_check_mode)
- name: (Custom) Ensure Datadog repository is up-to-date
apt_repository:
filename: ansible_datadog_custom
repo: "{{ datadog_apt_repo }}"
state: present
update_cache: yes
when: (datadog_apt_repo | length > 0) and (not ansible_check_mode)
- include_tasks: pkg-debian/install-pinned.yml
when: datadog_agent_debian_version is defined
- include_tasks: pkg-debian/install-latest.yml
when: datadog_agent_debian_version is not defined
- name: Install latest datadog-signing-keys package
apt:
name: datadog-signing-keys
state: latest # noqa 403
# we don't use update_cache: yes, as that was just done by the install-pinned/install-latest
register: datadog_signing_keys_install
when: not ansible_check_mode

9
ansible-5/roles/datadog.datadog/tasks/pkg-debian/install-latest.yml Normal file
View File

@@ -0,0 +1,9 @@
---
- name: Install latest datadog-agent package
apt:
name: "{{ datadog_agent_flavor }}"
state: latest # noqa 403
update_cache: yes
cache_valid_time: "{{ datadog_apt_cache_valid_time }}"
register: datadog_agent_install
when: not ansible_check_mode

10
ansible-5/roles/datadog.datadog/tasks/pkg-debian/install-pinned.yml Normal file
View File

@@ -0,0 +1,10 @@
---
- name: Install pinned datadog-agent package
apt:
name: "{{ datadog_agent_flavor }}={{ datadog_agent_debian_version }}"
state: present
force: "{{ datadog_agent_allow_downgrade }}"
update_cache: yes
cache_valid_time: "{{ datadog_apt_cache_valid_time }}"
register: datadog_agent_install
when: not ansible_check_mode

142
ansible-5/roles/datadog.datadog/tasks/pkg-redhat.yml Normal file
View File

@@ -0,0 +1,142 @@
---
- name: Fail early if Python 3 is used on CentOS / RHEL < 8
fail:
msg: "The installation of the Agent on CentOS / RHEL versions < 8 requires the 'yum' module, which is not compatible with Python 3.
To run this role, use a Python 2 interpreter on hosts running CentOS / RHEL < 8."
when: (not datadog_ignore_old_centos_python3_error)
and (ansible_facts.distribution_major_version | int <= 7)
and (ansible_facts.python.version.major | int >= 3)
- name: Find out whether to set repo_gpgcheck or not
# We turn off repo_gpgcheck on custom repos and on RHEL/CentOS 8.1 because
# of https://bugzilla.redhat.com/show_bug.cgi?id=1792506
set_fact:
do_yum_repo_gpgcheck: >-
{{ datadog_yum_repo_gpgcheck if datadog_yum_repo_gpgcheck != '' else (
'no' if (
ansible_facts.distribution_version.startswith('8.1.') or ansible_facts.distribution_version == '8.1' or
datadog_yum_repo != ''
) else 'yes'
) }}
- name: Download current RPM key
get_url:
url: "{{ datadog_yum_gpgkey_current }}"
dest: /tmp/DATADOG_RPM_KEY_CURRENT.public
force: yes
- name: Import current RPM key
rpm_key:
key: /tmp/DATADOG_RPM_KEY_CURRENT.public
state: present
when: not ansible_check_mode
- name: Download new RPM key (Expires in 2022)
get_url:
url: "{{ datadog_yum_gpgkey_e09422b3 }}"
dest: /tmp/DATADOG_RPM_KEY_E09422B3.public
checksum: "sha256:{{ datadog_yum_gpgkey_e09422b3_sha256sum }}"
- name: Import new RPM key (Expires in 2022)
rpm_key:
key: /tmp/DATADOG_RPM_KEY_E09422B3.public
state: present
when: not ansible_check_mode
- name: Download new RPM key (Expires in 2024)
get_url:
url: "{{ datadog_yum_gpgkey_20200908 }}"
dest: /tmp/DATADOG_RPM_KEY_20200908.public
checksum: "sha256:{{ datadog_yum_gpgkey_20200908_sha256sum }}"
- name: Import new RPM key (Expires in 2024)
rpm_key:
key: /tmp/DATADOG_RPM_KEY_20200908.public
state: present
when: not ansible_check_mode
- name: Install Datadog Agent 5 yum repo
yum_repository:
name: datadog
description: Datadog, Inc.
baseurl: "{{ datadog_agent5_yum_repo }}"
enabled: yes
repo_gpgcheck: no # we don't sign Agent 5 repodata
gpgcheck: "{{ datadog_yum_gpgcheck }}"
gpgkey: [
"{{ datadog_yum_gpgkey_current }}",
"{{ datadog_yum_gpgkey_20200908 }}",
"{{ datadog_yum_gpgkey_e09422b3 }}",
"{{ datadog_yum_gpgkey }}",
]
register: repofile5
when: (datadog_agent_major_version|int == 5) and (datadog_yum_repo | length == 0) and (not ansible_check_mode)
- name: Install Datadog Agent 6 yum repo
yum_repository:
name: datadog
description: Datadog, Inc.
baseurl: "{{ datadog_agent6_yum_repo }}"
enabled: yes
repo_gpgcheck: "{{ do_yum_repo_gpgcheck }}"
gpgcheck: "{{ datadog_yum_gpgcheck }}"
gpgkey: [
"{{ datadog_yum_gpgkey_current }}",
"{{ datadog_yum_gpgkey_20200908 }}",
"{{ datadog_yum_gpgkey_e09422b3 }}",
"{{ datadog_yum_gpgkey }}",
]
register: repofile6
when: (datadog_agent_major_version|int == 6) and (datadog_yum_repo | length == 0) and (not ansible_check_mode)
- name: Install Datadog Agent 7 yum repo
yum_repository:
name: datadog
description: Datadog, Inc.
baseurl: "{{ datadog_agent7_yum_repo }}"
enabled: yes
repo_gpgcheck: "{{ do_yum_repo_gpgcheck }}"
gpgcheck: "{{ datadog_yum_gpgcheck }}"
gpgkey: [
"{{ datadog_yum_gpgkey_current }}",
"{{ datadog_yum_gpgkey_20200908 }}",
"{{ datadog_yum_gpgkey_e09422b3 }}",
]
register: repofile7
when: (datadog_agent_major_version|int == 7) and (datadog_yum_repo | length == 0) and (not ansible_check_mode)
- name: Install Datadog Custom yum repo
yum_repository:
name: datadog
description: Datadog, Inc.
baseurl: "{{ datadog_yum_repo }}"
enabled: yes
repo_gpgcheck: "{{ do_yum_repo_gpgcheck }}"
gpgcheck: "{{ datadog_yum_gpgcheck }}"
gpgkey: [
"{{ datadog_yum_gpgkey_current }}",
"{{ datadog_yum_gpgkey_20200908 }}",
"{{ datadog_yum_gpgkey_e09422b3 }}",
"{{ datadog_yum_gpgkey }}",
]
register: repofilecustom
when: (datadog_yum_repo | length > 0) and (not ansible_check_mode)
- name: Clean repo metadata if repo changed # noqa 503
command: yum clean metadata --disablerepo="*" --enablerepo=datadog
ignore_errors: yes # Cleaning the metadata is only needed when downgrading a major version of the Agent, don't fail because of this
args:
warn: no
when: repofile5.changed or repofile6.changed or repofile7.changed or repofilecustom.changed
- name: Remove old yum repo files
yum_repository:
name: "ansible_datadog_{{ item }}"
state: absent
with_items: [ 5, 6, 7, "custom" ]
- include_tasks: pkg-redhat/install-pinned.yml
when: datadog_agent_redhat_version is defined
- include_tasks: pkg-redhat/install-latest.yml
when: datadog_agent_redhat_version is not defined

18
ansible-5/roles/datadog.datadog/tasks/pkg-redhat/install-latest.yml Normal file
View File

@@ -0,0 +1,18 @@
---
- name: Install latest datadog-agent package (dnf)
dnf:
name: "{{ datadog_agent_flavor }}"
update_cache: yes
state: latest # noqa 403
register: datadog_agent_install
when: not ansible_check_mode and ansible_facts.python.version.major | int >= 3
notify: restart datadog-agent
- name: Install latest datadog-agent package (yum)
yum:
name: "{{ datadog_agent_flavor }}"
update_cache: yes
state: latest # noqa 403
register: datadog_agent_install
when: not ansible_check_mode and ansible_facts.python.version.major | int < 3
notify: restart datadog-agent

20
ansible-5/roles/datadog.datadog/tasks/pkg-redhat/install-pinned.yml Normal file
View File

@@ -0,0 +1,20 @@
---
- name: Install pinned datadog-agent package (dnf)
dnf:
name: "{{ datadog_agent_flavor }}-{{ datadog_agent_redhat_version }}"
update_cache: yes
state: present
allow_downgrade: "{{ datadog_agent_allow_downgrade }}"
register: datadog_agent_install
when: not ansible_check_mode and ansible_facts.python.version.major | int >= 3
notify: restart datadog-agent
- name: Install pinned datadog-agent package (yum)
yum:
name: "{{ datadog_agent_flavor }}-{{ datadog_agent_redhat_version }}"
update_cache: yes
state: present
allow_downgrade: "{{ datadog_agent_allow_downgrade }}"
register: datadog_agent_install
when: not ansible_check_mode and ansible_facts.python.version.major | int < 3
notify: restart datadog-agent

133
ansible-5/roles/datadog.datadog/tasks/pkg-suse.yml Normal file
View File

@@ -0,0 +1,133 @@
---
- name: Find out whether to set repo_gpgcheck or not
set_fact:
do_zypper_repo_gpgcheck: >-
{{ datadog_zypper_repo_gpgcheck if datadog_zypper_repo_gpgcheck != '' else (
'yes' if datadog_zypper_repo == '' and datadog_agent_major_version|int != 5 else 'no'
) }}
- block: # Work around due to SNI check for SLES11
- name: Stat if current RPM key already exists
stat:
path: /tmp/DATADOG_RPM_KEY_CURRENT.public
register: ddkeycurrent
- name: Download current RPM key (SLES11)
get_url:
url: "{{ datadog_zypper_gpgkey_current }}"
dest: /tmp/DATADOG_RPM_KEY_CURRENT.public
force: yes
when: not ddkeycurrent.stat.exists
when: ansible_distribution_version|int == 11
- name: Download current RPM key
get_url:
url: "{{ datadog_zypper_gpgkey_current }}"
dest: /tmp/DATADOG_RPM_KEY_CURRENT.public
force: yes
when: ansible_distribution_version|int >= 12
- name: Import current RPM key
rpm_key:
key: /tmp/DATADOG_RPM_KEY_CURRENT.public
state: present
when: not ansible_check_mode
# Do not import old key if installing Agent 7, as all Agent 7 packages are signed with the new key
- block: # Work around due to SNI check for SLES11
- name: Stat if RPM key already exists
stat:
path: /tmp/DATADOG_RPM_KEY.public
register: ddkey
- name: Download RPM key (SLES11)
get_url:
url: "{{ datadog_zypper_gpgkey }}"
dest: /tmp/DATADOG_RPM_KEY.public
when: not ddkey.stat.exists
when: datadog_agent_major_version|int < 7 and ansible_distribution_version|int == 11
# Do not import old key if installing Agent 7, as all Agent 7 packages are signed with the new key
- name: Download RPM key
get_url:
url: "{{ datadog_zypper_gpgkey }}"
dest: /tmp/DATADOG_RPM_KEY.public
checksum: "sha256:{{ datadog_zypper_gpgkey_sha256sum }}"
when: datadog_agent_major_version|int < 7 and ansible_distribution_version|int >= 12
- name: Import RPM key
rpm_key:
key: /tmp/DATADOG_RPM_KEY.public
state: present
when: datadog_agent_major_version|int < 7 and not ansible_check_mode
- block: # Work around due to SNI check for SLES11
- name: Stat if E09422B3 key (Expires 2022) RPM key already exists
stat:
path: /tmp/DATADOG_RPM_KEY_E09422B3.public
register: ddnewkey
- name: Download E09422B3 key (Expires 2022) RPM key (SLES11)
get_url:
url: "{{ datadog_zypper_gpgkey_e09422b3 }}"
dest: /tmp/DATADOG_RPM_KEY_E09422B3.public
when: not ddnewkey.stat.exists
when: ansible_distribution_version|int == 11
- name: Download E09422B3 key (Expires 2022) RPM key
get_url:
url: "{{ datadog_zypper_gpgkey_e09422b3 }}"
dest: /tmp/DATADOG_RPM_KEY_E09422B3.public
checksum: "sha256:{{ datadog_zypper_gpgkey_e09422b3_sha256sum }}"
when: ansible_distribution_version|int >= 12
- name: Import E09422B3 key (Expires 2022) RPM key
rpm_key:
key: /tmp/DATADOG_RPM_KEY_E09422B3.public
state: present
when: not ansible_check_mode
- block: # Work around due to SNI check for SLES11
- name: Stat if 20200908 key (Expires 2024) RPM key already exists
stat:
path: /tmp/DATADOG_RPM_KEY_20200908.public
register: ddnewkey_20200908
- name: Download 20200908 key (Expires 2024) RPM key (SLES11)
get_url:
url: "{{ datadog_zypper_gpgkey_20200908 }}"
dest: /tmp/DATADOG_RPM_KEY_20200908.public
when: not ddnewkey_20200908.stat.exists
when: ansible_distribution_version|int == 11
- name: Download 20200908 key (Expires 2024) RPM key
get_url:
url: "{{ datadog_zypper_gpgkey_20200908 }}"
dest: /tmp/DATADOG_RPM_KEY_20200908.public
checksum: "sha256:{{ datadog_zypper_gpgkey_20200908_sha256sum }}"
when: ansible_distribution_version|int >= 12
- name: Import 20200908 key (Expires 2024) RPM key
rpm_key:
key: /tmp/DATADOG_RPM_KEY_20200908.public
state: present
when: not ansible_check_mode
# ansible don't allow repo_gpgcheck to be set, we have to create the repo file manually
- name: Install DataDog zypper repo
template:
src: zypper.repo.j2
dest: /etc/zypp/repos.d/datadog.repo
owner: "root"
group: "root"
mode: 0644
register: datadog_zypper_repo
# refresh zypper repos only if the template changed
- name: refresh Datadog zypper_repos # noqa 503
command: zypper refresh datadog
when: datadog_zypper_repo.changed and not ansible_check_mode
args:
warn: false # silence warning about using zypper directly
- include_tasks: pkg-suse/install-pinned.yml
when: datadog_agent_suse_version is defined
- include_tasks: pkg-suse/install-latest.yml
when: datadog_agent_suse_version is not defined

8
ansible-5/roles/datadog.datadog/tasks/pkg-suse/install-latest.yml Normal file
View File

@@ -0,0 +1,8 @@
---
- name: Ensure Datadog agent is installed
zypper:
name: datadog-agent
state: latest # noqa 403
register: datadog_agent_install
when: not ansible_check_mode
notify: restart datadog-agent

9
ansible-5/roles/datadog.datadog/tasks/pkg-suse/install-pinned.yml Normal file
View File

@@ -0,0 +1,9 @@
---
- name: Install pinned datadog-agent package
zypper:
name: "datadog-agent={{ datadog_agent_suse_version }}"
state: present
oldpackage: "{{ datadog_agent_allow_downgrade }}"
register: datadog_agent_install
when: not ansible_check_mode
notify: restart datadog-agent

94
ansible-5/roles/datadog.datadog/tasks/pkg-windows-opts.yml Normal file
View File

@@ -0,0 +1,94 @@
- name: Set DD Username Arg
set_fact:
win_install_args: "{{ win_install_args }} DDAGENTUSER_NAME={{ datadog_windows_ddagentuser_name }}"
when: datadog_windows_ddagentuser_name | default('', true) | length > 0
- name: Set DD Password Arg
set_fact:
win_install_args: "{{ win_install_args }} DDAGENTUSER_PASSWORD={{ datadog_windows_ddagentuser_password }}"
when: datadog_windows_ddagentuser_password | default('', true) | length > 0
# check the registry. On upgrade, the location of the config file root will
# be set here.
- name: Check existing config file Directory
win_reg_stat:
path: HKLM:\SOFTWARE\Datadog\Datadog Agent
name: ConfigRoot
register: config_root_from_registry
# check the registry. On upgrade, the location of the installation root directory will
# be set here.
- name: Check existing installPath Directory
win_reg_stat:
path: HKLM:\SOFTWARE\Datadog\Datadog Agent
name: InstallPath
register: install_path_from_registry
## validate the config path. Only necessary if it's set in the registry alread (i.e. upgrade)
## Will fail the install if the caller has set the config root to a non-standard root, and that
## root is different than what's already present.
- name: Validate config path
fail:
msg: "Incompatible configuration option {{ config_root_from_registry.value }} != {{ datadog_windows_config_files_dir }}"
when: ( (config_root_from_registry.exists) and
(datadog_windows_config_files_dir | length > 0 ) and
(config_root_from_registry.value | regex_replace('\\\\$','') | lower != datadog_windows_config_files_dir | lower ) )
- name: Validated config path
debug:
msg: "Allowing configuration option {{ config_root_from_registry.value }} == {{ datadog_windows_config_files_dir }}"
when: ( (config_root_from_registry.exists) and
(datadog_windows_config_files_dir | length > 0 ) and
(config_root_from_registry.value | regex_replace('\\\\$','') | lower == datadog_windows_config_files_dir | lower ) )
## validate the binary install path. Only necessary if it's set in the registry alread (i.e. upgrade)
## Will fail the install if the caller has set the binary install path to a non-standard root, and that
## root is different than what's already present.
- name: Validate install path
fail:
msg: "Incompatible configuration option {{ install_path_from_registry.value }} != {{ datadog_windows_program_files_dir }}"
when: ( (install_path_from_registry.exists) and
(datadog_windows_program_files_dir | length > 0 ) and
(install_path_from_registry.value | regex_replace('\\\\$','') | lower != datadog_windows_program_files_dir | lower ) )
- name: Validated install path
debug:
msg: "Allowing configuration option {{ install_path_from_registry.value }} == {{ datadog_windows_program_files_dir }}"
when: ( (install_path_from_registry.exists) and
(datadog_windows_program_files_dir | length > 0 ) and
(install_path_from_registry.value | regex_replace('\\\\$','') | lower == datadog_windows_program_files_dir | lower ) )
- name: Set Program Files Target Directory
set_fact:
win_install_args: "{{ win_install_args }} PROJECTLOCATION=\"{{ datadog_windows_program_files_dir }}\" "
when: datadog_windows_program_files_dir | length > 0
- name: Set Config Files Target Directory
set_fact:
win_install_args: "{{ win_install_args }} APPLICATIONDATADIRECTORY=\"{{ datadog_windows_config_files_dir }}\" "
when: datadog_windows_config_files_dir | length > 0
# if the current installation was set to a non-standard config root, and that config root is not
# presented here, then update accordingly, so that any config file modifications will be made
# in the right place
- name: Set config root for config Files
set_fact:
datadog_windows_config_root: "{{ datadog_windows_config_files_dir }}"
when: ((datadog_windows_config_files_dir | length > 0) and (not config_root_from_registry.exists))
- name: Set config root for config files from current location
set_fact:
datadog_windows_config_root: "{{ config_root_from_registry.value | regex_replace('\\\\$','') }}"
when: config_root_from_registry.exists
- name: Set Test
set_fact:
win_install_args: "{{ win_install_args }}"
# Add the installation arguments to install Windows NPM.
- name: Set Windows NPM flag
set_fact:
win_install_args: "{{ win_install_args }} ADDLOCAL=MainApplication,NPM"
when: datadog_sysprobe_enabled

81
ansible-5/roles/datadog.datadog/tasks/pkg-windows.yml Normal file
View File

@@ -0,0 +1,81 @@
---
- name: Fail if Agent 5
fail:
msg: "The Datadog ansible role does not currently support Agent 5"
when: datadog_agent_major_version|int == 5
- name: Download windows datadog agent 614 fix script
win_get_url:
url: "{{ datadog_windows_614_fix_script_url }}"
dest: '%TEMP%\fix_6_14.ps1'
when: not datadog_skip_install and datadog_apply_windows_614_fix
- name: Run 6.14.0/1 PowerShell fix
win_shell: |
Set-ExecutionPolicy Bypass -Scope Process -Force
&$env:temp\fix_6_14.ps1
when: not datadog_skip_install and datadog_apply_windows_614_fix
- include_tasks: win_agent_latest.yml
when: (not datadog_skip_install) and (datadog_agent_windows_version is not defined)
- include_tasks: win_agent_version.yml
when: (not datadog_skip_install) and (datadog_agent_windows_version is defined)
- name: show URL var
debug:
var: dd_download_url
when: not datadog_skip_install
## must be prior to `pkg-windows-opts.yml`, because the variable is used inside
- name: Set windows NPM installed
set_fact:
datadog_sysprobe_enabled: "{{ network_config is defined and 'enabled' in (network_config | default({}, true)) and network_config['enabled'] }}"
- include_tasks: pkg-windows-opts.yml
- name: pre-Delete temporary msi
win_file:
path: '%TEMP%\ddagent.msi'
state: absent
when: not datadog_skip_install
- name: Download windows datadog agent
win_get_url:
url: "{{ dd_download_url }}"
dest: '%TEMP%\ddagent.msi'
register: download_msi_result
when: (not datadog_skip_install) and (not ansible_check_mode)
- name: Create Binary directory root (if not default)
win_file:
path: "{{ datadog_windows_program_files_dir }}"
state: directory
when: datadog_windows_program_files_dir | length > 0
- name: Set default permissions on binary directory root (if not default)
win_acl:
path: "{{ datadog_windows_program_files_dir }}"
inherit: ContainerInherit,ObjectInherit
user: "BUILTIN\\USERS"
rights: ReadAndExecute
type: allow
state: present
propagation: None
when: datadog_windows_program_files_dir | length > 0
- name: Show installation flags
debug:
var: win_install_args
- name: Install downloaded agent
win_package:
path: "{{ download_msi_result.dest }}"
arguments: "{{ win_install_args }}"
register: datadog_agent_install
when: (not datadog_skip_install) and (not ansible_check_mode)
- name: Delete temporary msi
win_file:
path: "{{ download_msi_result.dest }}"
state: absent
when: (not datadog_skip_install) and (not ansible_check_mode) and (download_msi_result.status_code == 200)

12
ansible-5/roles/datadog.datadog/tasks/sanitize-checks.yml Normal file
View File

@@ -0,0 +1,12 @@
- name: Defend against defined but null datadog_checks variable
set_fact:
datadog_checks: "{{ datadog_checks | default({}, true) }}"
- name: Resolve datadog_tracked_checks
set_fact:
datadog_tracked_checks: "{{ datadog_checks | list + datadog_additional_checks | default([], true) }}"
- name: Check that datadog_checks is a mapping
assert:
that:
- datadog_checks is mapping

16
ansible-5/roles/datadog.datadog/tasks/set-parse-version.yml Normal file
View File

@@ -0,0 +1,16 @@
---
- name: Convert datadog_agent_major_version to string
set_fact:
datadog_agent_major_version: "{{ datadog_agent_major_version | default('', true) | string }}"
- name: Initialize skip install flag to false
set_fact:
datadog_skip_install: no
- include_tasks: parse-version.yml
when: datadog_agent_version | default('', true) | length > 0
- name: Set Agent default major version
set_fact:
datadog_agent_major_version: "7"
when: datadog_agent_major_version | length == 0

12
ansible-5/roles/datadog.datadog/tasks/win_agent_latest.yml Normal file
View File

@@ -0,0 +1,12 @@
---
- name: (Custom) Set agent download filename to latest
set_fact:
dd_download_url: "{{ datadog_windows_download_url }}"
when: datadog_windows_download_url | default('', true) | length > 0
- name: Set agent download filename to latest
set_fact:
dd_download_url: "{% if datadog_agent_major_version|int == 7 %}{{ datadog_windows_agent7_latest_url }}
{% else %}{{ datadog_windows_agent6_latest_url }}{% endif %}"
when: datadog_windows_download_url | default('', true) | length == 0

10
ansible-5/roles/datadog.datadog/tasks/win_agent_version.yml Normal file
View File

@@ -0,0 +1,10 @@
---
- name: Check agent pinned version on Windows
fail:
msg: "The Agent versions you pinned (6.14.0 or 6.14.1) have been blacklisted, please use 6.14.2 instead. See https://dtdg.co/win-614-fix."
when: datadog_agent_version == "6.14.0" or datadog_agent_version == "6.14.1"
- name: set agent download filename to a specific version
set_fact:
dd_download_url: "{{ datadog_windows_versioned_url }}-{{ datadog_agent_windows_version }}.msi"

1
ansible-5/roles/datadog.datadog/templates/checks.yaml.j2 Normal file
View File

@@ -0,0 +1 @@
{{ datadog_checks[item] | to_nice_yaml }}

31
ansible-5/roles/datadog.datadog/templates/datadog.conf.j2 Normal file
View File

@@ -0,0 +1,31 @@
# Managed by Ansible
[Main]
{% if datadog_config["dd_url"] is not defined -%}
dd_url: {{ datadog_url | default('https://app.datadoghq.com') }}
{% endif %}
{% if datadog_config["api_key"] is not defined -%}
api_key: {{ datadog_api_key | default('youshouldsetthis') }}
{% endif %}
{% if datadog_config["use_mount"] is not defined -%}
use_mount: {{ datadog_use_mount | default('no') }}
{% endif %}
{# These variables are free-style, passed through a hash -#}
{% if datadog_config -%}
{% for key, value in datadog_config | dictsort -%}
{{ key }}: {{ value }}
{% endfor -%}
{% endif %}
{% if datadog_config_ex is defined -%}
{% for section, keyvals in datadog_config_ex | dictsort %}
[{{ section }}]
{% for key, value in keyvals | dictsort -%}
{{ key }}: {{ value }}
{% endfor -%}
{% endfor %}
{% endif %}

19
ansible-5/roles/datadog.datadog/templates/datadog.yaml.j2 Normal file
View File

@@ -0,0 +1,19 @@
# Managed by Ansible
{% if datadog_site is defined
and datadog_config["site"] is not defined -%}
site: {{ datadog_site }}
{% endif %}
{% if datadog_config["dd_url"] is not defined
and datadog_url is defined -%}
dd_url: {{ datadog_url }}
{% endif %}
{% if datadog_config["api_key"] is not defined -%}
api_key: {{ datadog_api_key | default('youshouldsetthis') }}
{% endif %}
{% if datadog_config | default({}, true) | length > 0 -%}
{{ datadog_config | to_nice_yaml }}
{% endif %}

5
ansible-5/roles/datadog.datadog/templates/install_info.j2 Normal file
View File

@@ -0,0 +1,5 @@
---
install_method:
tool: ansible
tool_version: ansible-{{ ansible_version.full }}
installer_version: datadog_role-{{ role_version }}

12
ansible-5/roles/datadog.datadog/templates/security-agent.yaml.j2 Normal file
View File

@@ -0,0 +1,12 @@
# Managed by Ansible
{% if runtime_security_config is defined and runtime_security_config | default({}, true) | length > 0 -%}
runtime_security_config:
{# The "first" option in indent() is only supported by jinja 2.10+
while the old equivalent option "indentfirst" is removed in jinja 3.
Using non-keyword argument in indent() to be backward compatible.
#}
{% filter indent(2, True) %}
{{ runtime_security_config | to_nice_yaml }}
{% endfilter %}
{% endif %}

34
ansible-5/roles/datadog.datadog/templates/system-probe.yaml.j2 Normal file
View File

@@ -0,0 +1,34 @@
# Managed by Ansible
{% if system_probe_config is defined and system_probe_config | default({}, true) | length > 0 -%}
system_probe_config:
{# The "first" option in indent() is only supported by jinja 2.10+
while the old equivalent option "indentfirst" is removed in jinja 3.
Using non-keyword argument in indent() to be backward compatible.
#}
{% filter indent(2, True) %}
{{ system_probe_config | to_nice_yaml }}
{% endfilter %}
{% endif %}
{% if network_config is defined and network_config | default({}, true) | length > 0 -%}
network_config:
{# The "first" option in indent() is only supported by jinja 2.10+
while the old equivalent option "indentfirst" is removed in jinja 3.
Using non-keyword argument in indent() to be backward compatible.
#}
{% filter indent(2, True) %}
{{ network_config | to_nice_yaml }}
{% endfilter %}
{% endif %}
{% if runtime_security_config is defined and runtime_security_config | default({}, true) | length > 0 -%}
runtime_security_config:
{# The "first" option in indent() is only supported by jinja 2.10+
while the old equivalent option "indentfirst" is removed in jinja 3.
Using non-keyword argument in indent() to be backward compatible.
#}
{% filter indent(2, True) %}
{{ runtime_security_config | to_nice_yaml }}
{% endfilter %}
{% endif %}

27
ansible-5/roles/datadog.datadog/templates/zypper.repo.j2 Normal file
View File

@@ -0,0 +1,27 @@
{% if datadog_zypper_repo | length > 0 %}
{% set baseurl = datadog_zypper_repo %}
{% elif datadog_agent_major_version|int == 5 %}
{% set baseurl = datadog_agent5_zypper_repo %}
{% elif datadog_agent_major_version|int == 6 %}
{% set baseurl = datadog_agent6_zypper_repo %}
{% elif datadog_agent_major_version|int == 7 %}
{% set baseurl = datadog_agent7_zypper_repo %}
{% endif %}
[datadog]
name=Datadog, Inc.
enabled=1
autorefresh=1
baseurl={{ baseurl }}
type=rpm-md
gpgcheck={{ datadog_zypper_gpgcheck|int }}
repo_gpgcheck={{ do_zypper_repo_gpgcheck|int }}
{# zypper in SUSE < 15 will not parse (SUSE 11) or respect (SUSE 12 - 14) mutliple entries in gpgkey #}
{% if ansible_distribution_version|int < 15 %}
gpgkey={{ datadog_zypper_gpgkey_current }}
{% else %}
gpgkey={{ datadog_zypper_gpgkey_current }}
{{ datadog_zypper_gpgkey_20200908 }}
{{ datadog_zypper_gpgkey_e09422b3 }}
{% endif %}