-
Notifications
You must be signed in to change notification settings - Fork 222
/
agent-linux.yml
140 lines (124 loc) · 6.72 KB
/
agent-linux.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
---
- name: Populate service facts
service_facts:
- name: Set before 6/7.40.0 flag
set_fact:
agent_datadog_before_7400: "{{ agent_datadog_major is defined and agent_datadog_minor is defined and agent_datadog_major
| int < 8 and agent_datadog_minor | int < 40 }}"
- name: Set before 6/7.24.1 flag
set_fact:
agent_datadog_before_7241: "{{ agent_datadog_major is defined and agent_datadog_minor is defined and agent_datadog_bugfix is defined
and agent_datadog_major | int < 8 and (agent_datadog_minor | int < 24 or (agent_datadog_minor | int == 24 and agent_datadog_bugfix | int < 1)) }}"
- name: Set before 6/7.18.0 flag
set_fact:
agent_datadog_before_7180: "{{ agent_datadog_major is defined and agent_datadog_minor is defined and agent_datadog_major
| int < 8 and agent_datadog_minor | int < 18 }}"
- name: Add user to additional groups, user="{{ datadog_user }}"
user:
name: "{{ datadog_user }}"
groups: "{{ datadog_additional_groups }}"
append: true
when: datadog_additional_groups | default([], true) | length > 0
notify: restart datadog-agent
- name: Include configuration setup tasks
include_tasks: _agent-linux-macos-shared.yml
vars:
agent_dd_config_dir: /etc/datadog-agent
agent_dd_user: "{{ datadog_user }}"
agent_dd_group: "{{ datadog_group }}"
agent_dd_notify_agent: [restart datadog-agent, restart datadog-installer]
- name: Set system probe installed
set_fact:
agent_datadog_sysprobe_installed: "{{ ansible_facts.services['datadog-agent-sysprobe'] is defined or
ansible_facts.services['datadog-agent-sysprobe.service'] is defined }}"
when: not datadog_skip_running_check
# Before 6/7.24.1, system_probe_config controls the system-probe service
# agent_datadog_minor is only defined when a specific Agent version is given
# (see tasks/parse-version.yml)
- name: Set system probe enabled (before 6/7.24.1)
set_fact:
agent_datadog_sysprobe_enabled: "{{ system_probe_config is defined and 'enabled' in (system_probe_config | default({}, true)) and
system_probe_config['enabled'] and agent_datadog_sysprobe_installed }}"
when: not datadog_skip_running_check and agent_datadog_before_7241
# Since 6/7.24.1, setting enabled: true in network_config is enough to start the system-probe service:
# https://docs.datadoghq.com/network_monitoring/performance/setup/?tab=agent#setup
- name: Set system probe enabled (since 6/7.24.1)
set_fact:
agent_datadog_sysprobe_enabled: "{{ ((system_probe_config is defined and 'enabled' in (system_probe_config | default({}, true)) and
system_probe_config['enabled']) or (network_config is defined and 'enabled' in (network_config | default({}, true)) and
network_config['enabled'])) and agent_datadog_sysprobe_installed }}"
when: not datadog_skip_running_check and (not agent_datadog_before_7241)
# Since 6/7.40.0, setting enabled: true in service_monitoring_config is enough to start the system-probe service:
# https://docs.datadoghq.com/tracing/universal_service_monitoring/?tab=configurationfiles#enabling-universal-service-monitoring
- name: Set system probe enabled (since 6/7.40.0)
set_fact:
agent_datadog_sysprobe_enabled: "{{ ((system_probe_config is defined and 'enabled' in (system_probe_config | default({}, true)) and
system_probe_config['enabled']) or (network_config is defined and 'enabled' in (network_config | default({}, true)) and
network_config['enabled']) or (service_monitoring_config is defined and
'enabled' in (service_monitoring_config | default({}, true)) and service_monitoring_config['enabled'])) and agent_datadog_sysprobe_installed }}"
when: not datadog_skip_running_check and (not agent_datadog_before_7400)
- name: Create system-probe configuration file
template:
src: system-probe.yaml.j2
dest: /etc/datadog-agent/system-probe.yaml
mode: "0640"
owner: root
group: "{{ datadog_group }}"
when: datadog_manage_config and not datadog_skip_running_check and agent_datadog_sysprobe_enabled
notify: "{% if agent_datadog_before_7180 %}restart datadog-agent-sysprobe{% else %}restart datadog-agent{% endif %}"
- name: Ensure datadog-agent is running
service:
name: datadog-agent
state: started
enabled: true
when: not datadog_skip_running_check and datadog_enabled and not ansible_check_mode
- name: Ensure datadog-agent-sysprobe is running if enabled and installed
service:
name: datadog-agent-sysprobe
state: started
enabled: true
when: not datadog_skip_running_check and datadog_enabled and not ansible_check_mode and agent_datadog_sysprobe_enabled
- name: Ensure datadog-agent, datadog-agent-process and datadog-agent-trace are not running
service:
name: "{{ item }}"
state: stopped
enabled: false
when: not datadog_skip_running_check and not datadog_enabled and not ansible_check_mode
with_list:
- datadog-agent
- datadog-agent-process
- datadog-agent-trace
# Stop system-probe manually on Agent versions < 6/7.18, as it was not tied
# to the main Agent service: https://github.com/DataDog/datadog-agent/pull/4883
- name: Ensure datadog-agent-sysprobe is stopped if disabled or not installed (before 6/7.18.0)
service:
name: datadog-agent-sysprobe
state: stopped
enabled: false
when: not datadog_skip_running_check and (not datadog_enabled or not agent_datadog_sysprobe_enabled)
and agent_datadog_before_7180 and agent_datadog_sysprobe_installed
- name: Ensure datadog-agent-security is not running
service:
name: datadog-agent-security
state: stopped
enabled: false
when: not datadog_skip_running_check and not datadog_enabled
failed_when: false # Since older versions of the Agent don't include the security agent
- name: Create security-agent configuration file
template:
src: security-agent.yaml.j2
dest: /etc/datadog-agent/security-agent.yaml
mode: "0640"
owner: root
group: "{{ datadog_group }}"
when: datadog_manage_config and (runtime_security_config is defined and runtime_security_config | default({}, true) | length > 0)
notify: "{% if agent_datadog_before_7180 %}restart datadog-agent-sysprobe{% else %}restart datadog-agent{% endif %}"
# Templates don't support the "state: absent" argument, so if the file was created in a previous run
# and then runtime_security_config was completely removed, this is the only way to ensure
# we remove the leftover config file.
- name: Remove security-agent configuration file if security-agent is no longer configured
file:
path: /etc/datadog-agent/security-agent.yaml
state: absent
when: datadog_manage_config and (runtime_security_config is not defined or runtime_security_config | default({}, true) | length == 0)
notify: "{% if agent_datadog_before_7180 %}restart datadog-agent-sysprobe{% else %}restart datadog-agent{% endif %}"