From b4ec5cc637ae6261b80bd1e1f11925ee03a1de34 Mon Sep 17 00:00:00 2001 From: Leo Covarrubias <47985943+lc-applause@users.noreply.github.com> Date: Thu, 14 Apr 2022 08:34:24 -0400 Subject: [PATCH 1/5] Add support for installing Datadog Agent on macOS (#426) --- .circleci/config.yml | 55 ++++++++- .gitignore | 1 + README.md | 102 +++++++++------- ci_test/install_agent_6_macos.yaml | 26 +++++ ci_test/install_agent_7_macos.yaml | 28 +++++ ci_test/inventory/ci_macos.ini | 2 + defaults/main.yml | 25 +++- handlers/main-macos.yml | 12 ++ handlers/main.yml | 12 +- meta/main.yml | 3 + tasks/agent-macos.yml | 179 +++++++++++++++++++++++++++++ tasks/integration.yml | 29 ++++- tasks/macos_agent_latest.yml | 12 ++ tasks/macos_agent_version.yml | 5 + tasks/main.yml | 12 +- tasks/os-check.yml | 2 +- tasks/parse-version-macos.yml | 7 ++ tasks/parse-version.yml | 11 ++ tasks/pkg-macos.yml | 73 ++++++++++++ 19 files changed, 542 insertions(+), 54 deletions(-) create mode 100644 ci_test/install_agent_6_macos.yaml create mode 100644 ci_test/install_agent_7_macos.yaml create mode 100644 ci_test/inventory/ci_macos.ini create mode 100644 handlers/main-macos.yml create mode 100644 tasks/agent-macos.yml create mode 100644 tasks/macos_agent_latest.yml create mode 100644 tasks/macos_agent_version.yml create mode 100644 tasks/parse-version-macos.yml create mode 100644 tasks/pkg-macos.yml diff --git a/.circleci/config.yml b/.circleci/config.yml index 2d4c9af7..3b2a7ccf 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -30,8 +30,11 @@ commands: jinja2_native: type: string default: "false" + inventory: + type: string + default: "ci.ini" steps: - - run: ANSIBLE_JINJA2_NATIVE="<>" ansible-playbook -i ./ci_test/inventory/ci.ini "./ci_test/install_agent_<>.yaml" -e 'ansible_python_interpreter=/usr/bin/<>' + - run: ANSIBLE_JINJA2_NATIVE="<>" ansible-playbook -i ./ci_test/inventory/<> "./ci_test/install_agent_<>.yaml" -e 'ansible_python_interpreter=/usr/bin/<>' - run: datadog-agent version test_install_no_manage_config: @@ -94,6 +97,23 @@ commands: python: "<>" jinja2_native: "<>" + test_agent_install_macos: + parameters: + version: + type: string + python: + type: string + jinja2_native: + type: string + default: "false" + steps: + - checkout + - install_agent: + version: "<>" + python: "<>" + jinja2_native: "<>" + inventory: "ci_macos.ini" + jobs: ansible_lint: docker: @@ -162,6 +182,32 @@ jobs: version: "<>" python: "<>" + test_install_macos: + parameters: + ansible_version: + type: string + agent_version: + type: string + python: + type: string + jinja2_native: + type: string + default: "false" + macos: + xcode: 13.3.0 + steps: + - checkout + - run: + name: Install Python3 + command: brew install python3 + - run: + name: Install Ansible + command: pip3 install ansible~=<> + - test_agent_install_macos: + version: "<>" + python: "<>" + jinja2_native: "<>" + workflows: version: 2 test_datadog_role: @@ -244,3 +290,10 @@ workflows: agent_version: ["6", "7"] os: ["amazonlinux2"] python: ["python3"] + + - test_install_macos: + matrix: + parameters: + ansible_version: ["2.8", "2.9", "2.10", "3.4", "4.10"] + agent_version: ["6_macos", "7_macos"] + python: ["python3"] diff --git a/.gitignore b/.gitignore index 26d84700..aca3bea1 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +.idea/ *.retry .venv diff --git a/README.md b/README.md index ba623a51..eba07620 100644 --- a/README.md +++ b/README.md @@ -7,12 +7,17 @@ The Ansible Datadog role installs and configures the Datadog Agent and integrati ### Requirements - Requires Ansible v2.6+. -- Supports most Debian and RHEL-based Linux distributions, and Windows. +- Supports most Debian and RHEL-based Linux distributions, macOS, and Windows. - When using Ansible 2.10+ on Windows, requires the `ansible.windows` collection to be installed: - + ```shell ansible-galaxy collection install ansible.windows ``` +- When using Ansible on macOS, you may require the `community.general`collection (not included in `ansible-core`) to be installed for access to `community.general.launchd`: + + ```shell + ansible-galaxy collection install community.general + ``` ### Installation @@ -34,41 +39,41 @@ To deploy the Datadog Agent on hosts, add the Datadog role and your API key to y #### Role variables -| Variable | Description | -|--------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `datadog_api_key` | Your Datadog API key. | -| `datadog_site` | The site of the Datadog intake to send Agent data to. Defaults to `datadoghq.com`, set to `datadoghq.eu` to send data to the EU site. This option is only available with Agent version >= 6.6.0. | -| `datadog_agent_flavor` | Override the default Debian / RedHat Package for IOT Installations on RPI. Defaults to "datadog-agent" - use "datadog-iot-agent" for RPI. -| `datadog_agent_version` | The pinned version of the Agent to install (optional, but recommended), for example: `7.16.0`. Setting `datadog_agent_major_version` is not needed if `datadog_agent_version` is used. **Note**: Downgrades are not supported on Windows platforms. | -| `datadog_agent_major_version` | The major version of the Agent to install. The possible values are 5, 6, or 7 (default). If `datadog_agent_version` is set, it takes precedence otherwise the latest version of the specified major is installed. Setting `datadog_agent_major_version` is not needed if `datadog_agent_version` is used. | -| `datadog_checks` | YAML configuration for Agent checks to drop into:
- `/etc/datadog-agent/conf.d/.d/conf.yaml` for Agent v6 and v7,
- `/etc/dd-agent/conf.d` for Agent v5. | -| `datadog_disable_untracked_checks` | Set to `true` to remove all checks not present in `datadog_checks` and `datadog_additional_checks`. | -| `datadog_additional_checks` | List of additional checks that are not removed if `datadog_disable_untracked_checks` is set to `true`. | -| `datadog_disable_default_checks` | Set to `true` to remove all default checks. | -| `datadog_config` | Settings for the main Agent configuration file:
- `/etc/datadog-agent/datadog.yaml` for Agent v6 and v7,
- `/etc/dd-agent/datadog.conf` for Agent v5 (under the `[Main]` section). | -| `datadog_config_ex` | (Optional) Extra INI sections to go in `/etc/dd-agent/datadog.conf` (Agent v5 only). | -| `datadog_apt_repo` | Override the default Datadog `apt` repository. Make sure to use the `signed-by` option if repository metadata is signed using Datadog's signing keys: `deb [signed-by=/usr/share/keyrings/datadog-archive-keyring.gpg] https://yourrepo`. | -| `datadog_apt_cache_valid_time` | Override the default apt cache expiration time (defaults to 1 hour). | -| `datadog_apt_key_url_new` | Override the location from which to obtain Datadog `apt` key (the deprecated `datadog_apt_key_url` variable refers to an expired key that's been removed from the role). The URL is expected to be a GPG keyring containing keys `382E94DE` and `F14F620E`. | -| `datadog_yum_repo` | Override the default Datadog `yum` repository. | -| `datadog_yum_repo_gpgcheck` | Override the default `repo_gpgcheck` value (empty). If empty, value is dynamically set to `yes` when custom `datadog_yum_repo` is not used and system is not RHEL/CentOS 8.1 (due to [a bug](https://bugzilla.redhat.com/show_bug.cgi?id=1792506) in dnf), otherwise it's set to `no`. **Note**: repodata signature verification is always turned off for Agent 5. | -| `datadog_yum_gpgcheck` | Override the default `gpgcheck` value (`yes`) - use `no` to turn off package GPG signature verification. | -| `datadog_yum_gpgkey` | Override the default URL to the Datadog `yum` key used to verify Agent v5 and v6 (up to 6.13) packages (key ID `4172A230`). | -| `datadog_yum_gpgkey_e09422b3` | Override the default URL to the Datadog `yum` key used to verify Agent v6.14+ packages (key ID `E09422B3`). | -| `datadog_yum_gpgkey_e09422b3_sha256sum` | Override the default checksum of the `datadog_yum_gpgkey_e09422b3` key. | -| `datadog_zypper_repo` | Override the default Datadog `zypper` repository. | -| `datadog_zypper_repo_gpgcheck` | Override the default `repo_gpgcheck` value (empty). If empty, value is dynamically set to `yes` when custom `datadog_zypper_repo` is not used, otherwise it's set to `no`. **Note**: repodata signature verification is always turned off for Agent 5. | -| `datadog_zypper_gpgcheck` | Override the default `gpgcheck` value (`yes`) - use `no` to turn off package GPG signature verification. | -| `datadog_zypper_gpgkey` | Override the default URL to the Datadog `zypper` key used to verify Agent v5 and v6 (up to 6.13) packages (key ID `4172A230`). | -| `datadog_zypper_gpgkey_sha256sum` | Override the default checksum of the `datadog_zypper_gpgkey` key. | -| `datadog_zypper_gpgkey_e09422b3` | Override the default URL to the Datadog `zypper` key used to verify Agent v6.14+ packages (key ID `E09422B3`). | -| `datadog_zypper_gpgkey_e09422b3_sha256sum` | Override the default checksum of the `datadog_zypper_gpgkey_e09422b3` key. | -| `datadog_agent_allow_downgrade` | Set to `yes` to allow Agent downgrades on apt-based platforms (use with caution, see `defaults/main.yml` for details). **Note**: On Centos this only works with Ansible 2.4+. | -| `datadog_enabled` | Set to `false` to prevent `datadog-agent` service from starting (defaults to `true`). | -| `datadog_additional_groups` | Either a list, or a string containing a comma-separated list of additional groups for the `datadog_user` (Linux only). | -| `datadog_windows_ddagentuser_name` | The name of Windows user to create/use, in the format `\` (Windows only). | -| `datadog_windows_ddagentuser_password` | The password used to create the user and/or register the service (Windows only). | -| `datadog_apply_windows_614_fix` | Whether or not to download and apply file referenced by `datadog_windows_614_fix_script_url` (Windows only). See https://dtdg.co/win-614-fix for more details. You can set this to `false` assuming your hosts aren't running Datadog Agent 6.14.\*. | +| Variable | Description | +|--------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `datadog_api_key` | Your Datadog API key. | +| `datadog_site` | The site of the Datadog intake to send Agent data to. Defaults to `datadoghq.com`, set to `datadoghq.eu` to send data to the EU site. This option is only available with Agent version >= 6.6.0. | +| `datadog_agent_flavor` | Override the default Debian / RedHat Package for IOT Installations on RPI. Defaults to "datadog-agent" - use "datadog-iot-agent" for RPI. | +| `datadog_agent_version` | The pinned version of the Agent to install (optional, but recommended), for example: `7.16.0`. Setting `datadog_agent_major_version` is not needed if `datadog_agent_version` is used. **Note**: Downgrades are not supported on Windows platforms. | +| `datadog_agent_major_version` | The major version of the Agent to install. The possible values are 5, 6, or 7 (default). If `datadog_agent_version` is set, it takes precedence otherwise the latest version of the specified major is installed. Setting `datadog_agent_major_version` is not needed if `datadog_agent_version` is used. | +| `datadog_checks` | YAML configuration for Agent checks to drop into:
- `/etc/datadog-agent/conf.d/.d/conf.yaml` for Agent v6 and v7,
- `/etc/dd-agent/conf.d` for Agent v5. | +| `datadog_disable_untracked_checks` | Set to `true` to remove all checks not present in `datadog_checks` and `datadog_additional_checks`. | +| `datadog_additional_checks` | List of additional checks that are not removed if `datadog_disable_untracked_checks` is set to `true`. | +| `datadog_disable_default_checks` | Set to `true` to remove all default checks. | +| `datadog_config` | Settings for the main Agent configuration file:
- `/etc/datadog-agent/datadog.yaml` for Agent v6 and v7,
- `/etc/dd-agent/datadog.conf` for Agent v5 (under the `[Main]` section). | +| `datadog_config_ex` | (Optional) Extra INI sections to go in `/etc/dd-agent/datadog.conf` (Agent v5 only). | +| `datadog_apt_repo` | Override the default Datadog `apt` repository. Make sure to use the `signed-by` option if repository metadata is signed using Datadog's signing keys: `deb [signed-by=/usr/share/keyrings/datadog-archive-keyring.gpg] https://yourrepo`. | +| `datadog_apt_cache_valid_time` | Override the default apt cache expiration time (defaults to 1 hour). | +| `datadog_apt_key_url_new` | Override the location from which to obtain Datadog `apt` key (the deprecated `datadog_apt_key_url` variable refers to an expired key that's been removed from the role). The URL is expected to be a GPG keyring containing keys `382E94DE` and `F14F620E`. | +| `datadog_yum_repo` | Override the default Datadog `yum` repository. | +| `datadog_yum_repo_gpgcheck` | Override the default `repo_gpgcheck` value (empty). If empty, value is dynamically set to `yes` when custom `datadog_yum_repo` is not used and system is not RHEL/CentOS 8.1 (due to [a bug](https://bugzilla.redhat.com/show_bug.cgi?id=1792506) in dnf), otherwise it's set to `no`. **Note**: repodata signature verification is always turned off for Agent 5. | +| `datadog_yum_gpgcheck` | Override the default `gpgcheck` value (`yes`) - use `no` to turn off package GPG signature verification. | +| `datadog_yum_gpgkey` | Override the default URL to the Datadog `yum` key used to verify Agent v5 and v6 (up to 6.13) packages (key ID `4172A230`). | +| `datadog_yum_gpgkey_e09422b3` | Override the default URL to the Datadog `yum` key used to verify Agent v6.14+ packages (key ID `E09422B3`). | +| `datadog_yum_gpgkey_e09422b3_sha256sum` | Override the default checksum of the `datadog_yum_gpgkey_e09422b3` key. | +| `datadog_zypper_repo` | Override the default Datadog `zypper` repository. | +| `datadog_zypper_repo_gpgcheck` | Override the default `repo_gpgcheck` value (empty). If empty, value is dynamically set to `yes` when custom `datadog_zypper_repo` is not used, otherwise it's set to `no`. **Note**: repodata signature verification is always turned off for Agent 5. | +| `datadog_zypper_gpgcheck` | Override the default `gpgcheck` value (`yes`) - use `no` to turn off package GPG signature verification. | +| `datadog_zypper_gpgkey` | Override the default URL to the Datadog `zypper` key used to verify Agent v5 and v6 (up to 6.13) packages (key ID `4172A230`). | +| `datadog_zypper_gpgkey_sha256sum` | Override the default checksum of the `datadog_zypper_gpgkey` key. | +| `datadog_zypper_gpgkey_e09422b3` | Override the default URL to the Datadog `zypper` key used to verify Agent v6.14+ packages (key ID `E09422B3`). | +| `datadog_zypper_gpgkey_e09422b3_sha256sum` | Override the default checksum of the `datadog_zypper_gpgkey_e09422b3` key. | +| `datadog_agent_allow_downgrade` | Set to `yes` to allow Agent downgrades on apt-based platforms (use with caution, see `defaults/main.yml` for details). **Note**: On Centos this only works with Ansible 2.4+. | +| `datadog_enabled` | Set to `false` to prevent `datadog-agent` service from starting (defaults to `true`). | +| `datadog_additional_groups` | Either a list, or a string containing a comma-separated list of additional groups for the `datadog_user` (Linux only). | +| `datadog_windows_ddagentuser_name` | The name of Windows user to create/use, in the format `\` (Windows only). | +| `datadog_windows_ddagentuser_password` | The password used to create the user and/or register the service (Windows only). | +| `datadog_apply_windows_614_fix` | Whether or not to download and apply file referenced by `datadog_windows_614_fix_script_url` (Windows only). See https://dtdg.co/win-614-fix for more details. You can set this to `false` assuming your hosts aren't running Datadog Agent 6.14.\*. | ### Integrations @@ -245,6 +250,7 @@ For v4+ of this role, when `datadog_agent_version` is used to pin a specific Age - `1:7.16.0-1` for Debian and SUSE based - `7.16.0-1` for RedHat-based +- `7.16.0-1` for macOS - `7.16.0` for Windows. This makes it possible to target hosts running different operating systems in the same Ansible run, for example: @@ -253,6 +259,7 @@ This makes it possible to target hosts running different operating systems in th |-------------------------------------|--------------|-----------------------| | `datadog_agent_version: 7.16.0` | `1:7.16.0-1` | Debian and SUSE-based | | `datadog_agent_version: 7.16.0` | `7.16.0-1` | RedHat-based | +| `datadog_agent_version: 7.16.0` | `7.16.0-1` | macOS | | `datadog_agent_version: 7.16.0` | `7.16.0` | Windows | | `datadog_agent_version: 1:7.16.0-1` | `1:7.16.0-1` | Debian and SUSE-based | | `datadog_agent_version: 1:7.16.0-1` | `7.16.0-1` | RedHat-based | @@ -292,12 +299,23 @@ Since version 4.9.0, the `use_apt_backup_keyserver` variable has been removed, a When the variable `datadog_windows_download_url` is not set, the official Windows MSI package corresponding to the `datadog_agent_major_version` is used: -| # | Default Windows MSI package URL | -|---|----------------------------------------------------------------------------------| -| 6 | https://s3.amazonaws.com/ddagent-windows-stable/datadog-agent-6-latest.amd64.msi | -| 7 | https://s3.amazonaws.com/ddagent-windows-stable/datadog-agent-7-latest.amd64.msi | +| Agent version | Default Windows MSI package URL | +|---------------|----------------------------------------------------------------------------------| +| 6 | https://s3.amazonaws.com/ddagent-windows-stable/datadog-agent-6-latest.amd64.msi | +| 7 | https://s3.amazonaws.com/ddagent-windows-stable/datadog-agent-7-latest.amd64.msi | + +To override the default behavior, set this variable to something other than an empty string. + +#### macOS + +When the variable `datadog_macos_download_url` is not set, the official macOS DMG package corresponding to the `datadog_agent_major_version` is used: + +| Agent version | Default macOS DMG package URL | +|---------------|--------------------------------------------------------------| +| 6 | https://s3.amazonaws.com/dd-agent/datadogagent.dmg | +| 7 | https://s3.amazonaws.com/dd-agent/datadog-agent-7-latest.dmg | -To override the default behavior, set this variable to something else than an empty string. +To override the default behavior, set this variable to something other than an empty string. ### Upgrade diff --git a/ci_test/install_agent_6_macos.yaml b/ci_test/install_agent_6_macos.yaml new file mode 100644 index 00000000..3eab1828 --- /dev/null +++ b/ci_test/install_agent_6_macos.yaml @@ -0,0 +1,26 @@ +--- + +- hosts: all + roles: + - { role: '/Users/distiller/project/' } + vars: + datadog_api_key: "11111111111111111111111111111111" + datadog_enabled: false + datadog_agent_major_version: 6 + # avoid checking that the agent is stopped for centos + datadog_skip_running_check: true + datadog_config: + tags: "mytag0, mytag1" + log_level: INFO + apm_enabled: "true" # has to be set as a string + datadog_config_ex: + trace.config: + env: dev + trace.concentrator: + extra_aggregators: version + datadog_checks: + process: + init_config: + instances: + - name: agent + search_string: ['agent', 'sshd' ] diff --git a/ci_test/install_agent_7_macos.yaml b/ci_test/install_agent_7_macos.yaml new file mode 100644 index 00000000..a97304ca --- /dev/null +++ b/ci_test/install_agent_7_macos.yaml @@ -0,0 +1,28 @@ +--- + +- hosts: all + roles: + - { role: '/Users/distiller/project/' } + vars: + datadog_api_key: "11111111111111111111111111111111" + datadog_enabled: false + datadog_agent_major_version: 7 + # avoid checking that the agent is stopped for centos + datadog_skip_running_check: true + datadog_config: + tags: "mytag0, mytag1" + log_level: INFO + apm_enabled: "true" # has to be set as a string + datadog_config_ex: + trace.config: + env: dev + trace.concentrator: + extra_aggregators: version + runtime_security_config: + enabled: true + datadog_checks: + process: + init_config: + instances: + - name: agent + search_string: ['agent', 'sshd' ] diff --git a/ci_test/inventory/ci_macos.ini b/ci_test/inventory/ci_macos.ini new file mode 100644 index 00000000..a0d67335 --- /dev/null +++ b/ci_test/inventory/ci_macos.ini @@ -0,0 +1,2 @@ +[test] +127.0.0.1 ansible_connection=local ansible_user=distiller diff --git a/defaults/main.yml b/defaults/main.yml index b6934573..57f6e979 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -36,8 +36,10 @@ datadog_group: dd-agent # agent integration variables integration_command_user_linux: "dd-agent" integration_command_user_windows: "administrator" +integration_command_user_macos: "dd-agent" datadog_agent_binary_path_linux: /opt/datadog-agent/bin/agent/agent datadog_agent_binary_path_windows: "C:\\Program Files\\Datadog\\Datadog Agent\\bin\\agent.exe" +datadog_agent_binary_path_macos: "/opt/datadog-agent/bin/agent/agent" # list of additional groups for datadog_user datadog_additional_groups: {} @@ -57,7 +59,6 @@ datadog_agent_version: "" # Default Package name for APT and RPM installs - can override in playbook for IOT Agent datadog_agent_flavor: "datadog-agent" - # Default apt repo and keyserver # By default, the role uses the official apt Datadog repository for the chosen major version @@ -189,3 +190,25 @@ datadog_agent7_yum_repo: "https://yum.datadoghq.com/stable/7/{{ ansible_facts.ar datadog_agent5_zypper_repo: "https://yum.datadoghq.com/suse/rpm/{{ ansible_facts.architecture }}" datadog_agent6_zypper_repo: "https://yum.datadoghq.com/suse/stable/6/{{ ansible_facts.architecture }}" datadog_agent7_zypper_repo: "https://yum.datadoghq.com/suse/stable/7/{{ ansible_facts.architecture }}" + +# Default macOS latest dmg package URL + +# By default, will use the official latest dmg package for the chosen major version. +# Use the datadog_macos_download_url option to override the dmg package used. +datadog_macos_download_url: "" + +# The default dmg package for each major Agent version is specified in the following variables. +# These variables are for internal use only, do not modify them. +datadog_macos_agent6_latest_url: "https://s3.amazonaws.com/dd-agent/datadog-agent-6-latest.dmg" +datadog_macos_agent7_latest_url: "https://s3.amazonaws.com/dd-agent/datadog-agent-7-latest.dmg" + +# If datadog_agent_version is set, the role will use the following url prefix instead, and append the version number to it +# in order to get the full url to the dmg package. +datadog_macos_versioned_url: "https://s3.amazonaws.com/dd-agent/datadog-agent" + +datadog_macos_service_name: "com.datadoghq.agent" +datadog_macos_user_plist_file_path: "Library/LaunchAgents/{{ datadog_macos_service_name }}.plist" +datadog_macos_system_plist_file_path: "/Library/LaunchDaemons/{{ datadog_macos_service_name }}.plist" +datadog_macos_etc_dir: "/opt/datadog-agent/etc" +datadog_macos_logs_dir: "/opt/datadog-agent/logs" +datadog_macos_run_dir: "/opt/datadog-agent/run" diff --git a/handlers/main-macos.yml b/handlers/main-macos.yml new file mode 100644 index 00000000..1c44bd60 --- /dev/null +++ b/handlers/main-macos.yml @@ -0,0 +1,12 @@ +--- +# This file doesn't actually contain "handlers" in the Ansible sense: when running +# our role, Ansible only loads the contents of handlers/main.yml as handlers. +# However, this is here because this is a "handler-like" task that is dynamically +# included by a handler task in handlers/main.yml. + +- name: Restart datadog-agent service + command: "launchctl kickstart -k system/{{ datadog_macos_service_name }}" + become: yes + register: command_result + check_mode: no + when: datadog_enabled and not ansible_check_mode and ansible_facts.os_family == "Darwin" diff --git a/handlers/main.yml b/handlers/main.yml index a6cbdb29..54b0b317 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -4,13 +4,13 @@ service: name: datadog-agent-sysprobe state: restarted - when: datadog_enabled and datadog_sysprobe_enabled and not ansible_check_mode and not ansible_facts.os_family == "Windows" + when: datadog_enabled and datadog_sysprobe_enabled and not ansible_check_mode and not ansible_facts.os_family == "Windows" and not ansible_facts.os_family == "Darwin" - name: restart datadog-agent service: name: datadog-agent state: restarted - when: datadog_enabled and not ansible_check_mode and not ansible_facts.os_family == "Windows" + when: datadog_enabled and not ansible_check_mode and not ansible_facts.os_family == "Windows" and not ansible_facts.os_family == "Darwin" # We can't add the Windows Agent service restart handler directly here because that makes the role require # the ansible.windows collection on all platforms. We only want it to be needed on Windows. @@ -21,3 +21,11 @@ # (which depends on ansible.windows), and runs it, triggering the Windows Agent restart. - name: restart datadog-agent-win include_tasks: handlers/main-win.yml + +# When needed, our macOS tasks call this handler to require a +# macOS Agent restart (through notify: restart datadog-agent-macos). +# When notified, the below handler is executed at the end of the playbook run. +# The include_tasks loads the handlers/main-macos.yml file, which contains the real service restart task +# and runs it, triggering the macOS Agent restart. +- name: restart datadog-agent-macos + include_tasks: handlers/main-macos.yml diff --git a/meta/main.yml b/meta/main.yml index 1890b6d5..b2494e9d 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -59,6 +59,9 @@ galaxy_info: - 2012R2 - 2016 - 2019 + - name: Darwin + versions: + - any galaxy_tags: - monitoring dependencies: [] diff --git a/tasks/agent-macos.yml b/tasks/agent-macos.yml new file mode 100644 index 00000000..7d903930 --- /dev/null +++ b/tasks/agent-macos.yml @@ -0,0 +1,179 @@ +--- +- name: 'Load user data into JSON string {"uid": , "gid": }' + shell: + cmd: "dscacheutil -q user -a name {{ ansible_user }} | awk 'BEGIN { RS=\"\\n\"; ORS=\" \" } /uid:/ { print \"{ \\\"uid\\\": \" $2\",\" } /gid:/ { print \"\\\"gid\\\": \" $2 \" }\"}'" + executable: /bin/bash + changed_when: false + register: macos_user_output + +# this task is used to more cleanly format the variable contents +# the ABOVE task's shell command returns a JSON object as a string but nested in `.stdout` +# ansible has built in behavior that if it receives JSON data as a string it will automatically convert it to the corresponding object +# this enables us to get multiple values out of the ABOVE task preventing us from having to run 2 similar commands +- name: Extract JSON user data as variable object + set_fact: + macos_user_data: "{{ macos_user_output.stdout }}" + +- name: Check if system plist file already exists + stat: + path: "{{ datadog_macos_system_plist_file_path }}" + register: macos_system_plist_file_stat + +- name: Execute Block when system plist file did not already exist + block: + - name: Move plist file to system location + command: + cmd: "mv /Users/{{ ansible_user }}/{{ datadog_macos_user_plist_file_path }} {{ datadog_macos_system_plist_file_path }}" + removes: "/Users/{{ ansible_user }}/{{ datadog_macos_user_plist_file_path }}" + creates: "{{ datadog_macos_system_plist_file_path }}" + become: true + + - name: Inject user and group data into system plist file + shell: + cmd: "cp -f {{ datadog_macos_system_plist_file_path }} /tmp/.plist.backup + && + awk -v d=\"\" + -v lines=\" UID<\/key>\\n {{ macos_user_data.uid }}<\/string>\\n GID<\/key>\\n {{ macos_user_data.gid }}<\/string>\" + 'NR==FNR{if ($0~d) nr=NR; next}; FNR==nr{print lines} 1' + /tmp/.plist.backup + /tmp/.plist.backup + > {{ datadog_macos_system_plist_file_path }}" + executable: /bin/bash + changed_when: false + become: yes + + - name: Set owner on system plist file + file: + path: "{{ datadog_macos_system_plist_file_path }}" + owner: 0 + group: 0 + become: yes + when: macos_system_plist_file_stat.stat.exists is not defined or (macos_system_plist_file_stat.stat.exists is defined and not macos_system_plist_file_stat.stat.exists) + +- name: Create Datadog agent config directory + file: + dest: "{{ datadog_macos_etc_dir }}" + state: directory + mode: 0750 + group: "{{ macos_user_data.gid }}" + become: yes + when: datadog_manage_config + +- name: Create main Datadog agent configuration file + template: + src: datadog.yaml.j2 + dest: "{{ datadog_macos_etc_dir }}/datadog.yaml" + mode: 0640 + group: "{{ macos_user_data.gid }}" + become: yes + when: datadog_manage_config + notify: restart datadog-agent-macos + +- name: Register all checks directories present in datadog + find: + paths: "{{ datadog_macos_etc_dir }}/conf.d/" + patterns: + - "*.d" + file_type: directory + become: yes + register: datadog_conf_directories + when: datadog_manage_config and (datadog_disable_untracked_checks or datadog_disable_default_checks) + +- name: Delete checks not present in datadog_tracked_checks + file: + path: "{{ datadog_macos_etc_dir }}/conf.d/{{ item }}.d/conf.yaml" + state: absent + become: yes + loop: "{{ datadog_conf_directories.files | map(attribute='path') | list | map('basename') | list | map('regex_replace', '^(.*).d$', '\\1') | list }}" + when: datadog_manage_config and datadog_disable_untracked_checks and item not in datadog_tracked_checks + notify: restart datadog-agent-macos + +- name: Delete all default checks + file: + path: "{{ datadog_macos_etc_dir }}/conf.d/{{ item }}.d/conf.yaml.default" + state: absent + become: yes + loop: "{{ datadog_conf_directories.files | map(attribute='path') | list | map('basename') | list | map('regex_replace', '^(.*).d$', '\\1') | list }}" + when: datadog_manage_config and datadog_disable_default_checks and item not in datadog_tracked_checks + notify: restart datadog-agent-macos + +- name: Ensure configuration directories are present for each Datadog check + file: + dest: "{{ datadog_macos_etc_dir }}/conf.d/{{ item }}.d" + state: directory + mode: 0755 + become: yes + with_items: '{{ datadog_checks|list }}' + when: datadog_manage_config + +- name: Create a configuration file for each Datadog check + template: + src: checks.yaml.j2 + dest: "{{ datadog_macos_etc_dir }}/conf.d/{{ item }}.d/conf.yaml" + mode: 0640 + group: "{{ macos_user_data.gid }}" + become: yes + with_items: "{{ datadog_checks|list }}" + when: datadog_manage_config + notify: restart datadog-agent-macos + +- name: Remove old configuration file for each Datadog check + file: + dest: "{{ datadog_macos_etc_dir }}/conf.d/{{ item }}.yaml" + state: absent + become: yes + with_items: "{{ datadog_checks|list }}" + when: datadog_manage_config + notify: restart datadog-agent-macos + +- name: Create custom check file for each custom check + copy: + src: "{{ datadog_custom_checks[item] }}" + dest: "{{ datadog_macos_etc_dir }}/checks.d/{{ item }}.py" + mode: 0750 + group: "{{ macos_user_data.gid }}" + become: yes + with_items: "{{ datadog_custom_checks|list }}" + notify: restart datadog-agent-macos + +- name: Unload {{ datadog_macos_service_name }}.plist + command: "launchctl bootout system/{{ datadog_macos_service_name }}" + become: yes + failed_when: false + check_mode: no + when: not datadog_skip_running_check and datadog_enabled + +- name: Create security-agent configuration file + template: + src: security-agent.yaml.j2 + dest: "{{ datadog_macos_etc_dir }}/security-agent.yaml" + mode: 0640 + group: "{{ macos_user_data.gid }}" + become: yes + when: datadog_manage_config + notify: restart datadog-agent-macos + +- name: Create installation information file + template: + src: install_info.j2 + dest: "{{ datadog_macos_etc_dir }}/install_info" + mode: 0644 + group: "{{ macos_user_data.gid }}" + become: yes + +- name: Set permissions for DataDog Directories + file: + path: "{{ item }}" + group: "{{ macos_user_data.gid }}" + recurse: yes + with_items: + - "datadog_macos_etc_dir" + - "datadog_macos_logs_dir" + - "datadog_macos_run_dir" + + +- name: Bootstrap {{ datadog_macos_service_name }}.plist + command: "launchctl bootstrap system {{ datadog_macos_system_plist_file_path }}" + become: yes + check_mode: no + when: not datadog_skip_running_check and datadog_enabled diff --git a/tasks/integration.yml b/tasks/integration.yml index 0c99acab..00e598db 100644 --- a/tasks/integration.yml +++ b/tasks/integration.yml @@ -7,17 +7,27 @@ - name: set agent binary path (unix) set_fact: datadog_agent_binary_path: "{{ datadog_agent_binary_path_linux }}" - when: ansible_facts.os_family != "Windows" + when: ansible_facts.os_family != "Windows" and ansible_facts.os_family != "Darwin" + +- name: set agent binary path (macOS) + set_fact: + datadog_agent_binary_path: "{{ datadog_agent_binary_path_macos }}" + when: ansible_facts.os_family == "Darwin" - name: set agent user for integration commmand (windows) set_fact: integration_command_user: "{{ integration_command_user_windows }}" when: ansible_facts.os_family == "Windows" -- name: set agent agent binary path (unix) +- name: set agent user for integration commmand (unix) set_fact: integration_command_user: "{{ integration_command_user_linux }}" - when: ansible_facts.os_family != "Windows" + when: ansible_facts.os_family != "Windows" and ansible_facts.os_family != "Darwin" + +- name: set agent user for integration commmand (macOS) + set_fact: + integration_command_user: "{{ integration_command_user_macos }}" + when: ansible_facts.os_family == "Darwin" - name: Validate integrations actions fail: @@ -27,7 +37,7 @@ # Remove Integrations -- name: Removing integrations (Unix) +- name: Removing integrations (Unix, macOS) command: argv: - "{{ datadog_agent_binary_path }}" @@ -55,7 +65,7 @@ vars: third_party: "{% if 'third_party' in item.value and item.value.third_party | bool %}--third-party{% endif %}" loop: "{{ datadog_integration|dict2items }}" - when: item.value.action == "install" and ansible_facts.os_family != "Windows" + when: item.value.action == "install" and ansible_facts.os_family != "Windows" and ansible_facts.os_family != "Darwin" - name: Install pinned version of integrations (Windows) win_command: "\"{{ datadog_agent_binary_path }}\" integration install {{ third_party }} {{ item.key }}=={{ item.value.version }}" @@ -65,3 +75,12 @@ become_user: "{{ integration_command_user }}" loop: "{{ datadog_integration|dict2items }}" when: item.value.action == "install" and ansible_facts.os_family == "Windows" + +- name: Install pinned version of integrations (macOS) + command: "{{ datadog_agent_binary_path }} integration install {{ third_party }} {{ item.key }}=={{ item.value.version }}" + become: yes + become_user: "{{ integration_command_user }}" + vars: + third_party: "{% if 'third_party' in item.value and item.value.third_party | bool %}--third-party{% endif %}" + loop: "{{ datadog_integration|dict2items }}" + when: item.value.action == "install" and ansible_facts.os_family == "Darwin" diff --git a/tasks/macos_agent_latest.yml b/tasks/macos_agent_latest.yml new file mode 100644 index 00000000..24941429 --- /dev/null +++ b/tasks/macos_agent_latest.yml @@ -0,0 +1,12 @@ +--- + +- name: (Custom) Set agent download filename to latest + set_fact: + dd_download_url: "{{ datadog_macos_download_url }}" + when: datadog_macos_download_url | default('', true) | length > 0 + +- name: Set agent download filename to latest + set_fact: + dd_download_url: "{% if datadog_agent_major_version|int == 7 %}{{ datadog_macos_agent7_latest_url }} + {% else %}{{ datadog_macos_agent6_latest_url }}{% endif %}" + when: datadog_macos_download_url | default('', true) | length == 0 diff --git a/tasks/macos_agent_version.yml b/tasks/macos_agent_version.yml new file mode 100644 index 00000000..31df2257 --- /dev/null +++ b/tasks/macos_agent_version.yml @@ -0,0 +1,5 @@ +--- + +- name: set agent download filename to a specific version + set_fact: + dd_download_url: "{{ datadog_macos_versioned_url }}-{{ datadog_agent_macos_version }}-1.dmg" diff --git a/tasks/main.yml b/tasks/main.yml index 4006440e..38ce60db 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -38,18 +38,26 @@ include_tasks: pkg-windows.yml when: ansible_facts.os_family == "Windows" +- name: macOS Install Tasks + include_tasks: pkg-macos.yml + when: ansible_facts.os_family == "Darwin" and not datadog_skip_install + - name: Linux Configuration Tasks (Agent 5) include_tasks: agent5-linux.yml - when: datadog_agent_major_version | int == 5 and ansible_facts.os_family != "Windows" + when: datadog_agent_major_version | int == 5 and ansible_facts.os_family != "Windows" and ansible_facts.os_family != "Darwin" - name: Linux Configuration Tasks include_tasks: agent-linux.yml - when: datadog_agent_major_version | int > 5 and ansible_facts.os_family != "Windows" + when: datadog_agent_major_version | int > 5 and ansible_facts.os_family != "Windows" and ansible_facts.os_family != "Darwin" - name: Windows Configuration Tasks include_tasks: agent-win.yml when: datadog_agent_major_version | int > 5 and ansible_facts.os_family == "Windows" +- name: macOS Configuration Tasks + include_tasks: agent-macos.yml + when: ansible_facts.os_family == "Darwin" + - name: Integrations Tasks include_tasks: integration.yml when: datadog_integration is defined diff --git a/tasks/os-check.yml b/tasks/os-check.yml index e1f62cdb..1ec5898c 100644 --- a/tasks/os-check.yml +++ b/tasks/os-check.yml @@ -2,4 +2,4 @@ - name: Fail if OS is not supported fail: msg: "The Datadog Ansible role does not support your OS yet. Please email support@datadoghq.com to open a feature request." - when: ansible_facts.os_family not in ["RedHat", "Rocky", "AlmaLinux", "Debian", "Suse", "Windows"] + when: ansible_facts.os_family not in ["RedHat", "Rocky", "AlmaLinux", "Debian", "Suse", "Windows", "Darwin"] diff --git a/tasks/parse-version-macos.yml b/tasks/parse-version-macos.yml new file mode 100644 index 00000000..4d43cb76 --- /dev/null +++ b/tasks/parse-version-macos.yml @@ -0,0 +1,7 @@ +- name: Get macOS Agent version + shell: "set -o pipefail && datadog-agent version | grep 'Agent ' | awk '{print $2}'" + register: datadog_version_check_macos + changed_when: false + failed_when: false + check_mode: no + when: ansible_facts.os_family == "Darwin" diff --git a/tasks/parse-version.yml b/tasks/parse-version.yml index 2027868e..95608601 100644 --- a/tasks/parse-version.yml +++ b/tasks/parse-version.yml @@ -47,6 +47,7 @@ datadog_agent_redhat_version: "{{ datadog_agent_linux_version }}" datadog_agent_suse_version: "{{ datadog_agent_linux_version }}" datadog_agent_windows_version: "{{ datadog_major }}.{{ datadog_minor }}.{{ datadog_bugfix }}{{ datadog_suffix }}" + datadog_agent_macos_version: "{{ datadog_major }}.{{ datadog_minor }}.{{ datadog_bugfix }}{{ datadog_suffix }}" - name: Construct commands to find Agent version set_fact: @@ -66,6 +67,7 @@ AlmaLinux: "{{ datadog_agent_redhat_version }}" Suse: "{{ datadog_agent_suse_version }}" Windows: "{{ datadog_agent_windows_version }}" + Darwin: "{{ datadog_agent_macos_version }}" - name: Get Linux Agent version shell: "{{ datadog_version_finding_cmds[ansible_facts.os_family] }}" # noqa 305 - Ansible lint thinks we could use command, but we need shell because some of the cmds have pipes @@ -82,6 +84,10 @@ include_tasks: parse-version-windows.yml when: ansible_facts.os_family == "Windows" +- name: Include macOS Agent version tasks + include_tasks: parse-version-macos.yml + when: ansible_facts.os_family == "Darwin" + - name: Set skip install flag if version already installed (Linux) set_fact: datadog_skip_install: "{{ datadog_version_check_linux.stdout | trim == datadog_agent_os2version[ansible_facts.os_family] }}" @@ -91,3 +97,8 @@ set_fact: datadog_skip_install: "{{ datadog_version_check_win.stdout | trim == datadog_agent_os2version[ansible_facts.os_family] }}" when: ansible_facts.os_family == "Windows" + +- name: Set skip install flag if version already installed (macOS) + set_fact: + datadog_skip_install: "{{ datadog_version_check_macos.stdout | trim == datadog_agent_os2version[ansible_facts.os_family] }}" + when: ansible_facts.os_family == "Darwin" diff --git a/tasks/pkg-macos.yml b/tasks/pkg-macos.yml new file mode 100644 index 00000000..b3c5a19e --- /dev/null +++ b/tasks/pkg-macos.yml @@ -0,0 +1,73 @@ +--- +- name: Fail if Agent 5 + fail: + msg: "The Datadog ansible role does not currently support Agent 5 on macOS" + when: datadog_agent_major_version|int == 5 + +- include_tasks: macos_agent_latest.yml + when: (not datadog_skip_install) and (datadog_agent_macos_version is not defined) + +- include_tasks: macos_agent_version.yml + when: (not datadog_skip_install) and (datadog_agent_macos_version is defined) + +- name: show URL var + debug: + var: dd_download_url + when: not datadog_skip_install + +- name: pre-Delete temporary dmg + file: + path: '/tmp/datadog-agent.dmg' + state: absent + become: yes + when: not datadog_skip_install + +- name: Create temp datadog install user file + copy: + dest: "/tmp/datadog-install-user" + content: "{{ ansible_user }}" + mode: 0554 + when: (not datadog_skip_install) and (not ansible_check_mode) + +- name: Download macOS datadog agent + get_url: + url: "{{ dd_download_url }}" + dest: '/tmp/datadog-agent.dmg' + mode: 0750 + register: download_dmg_result + when: (not datadog_skip_install) and (not ansible_check_mode) + +- name: Detach any existing mounted dmg if able + shell: 'hdiutil detach "/Volumes/datadog_agent" >/dev/null 2>&1 || true' + when: (not datadog_skip_install) and (not ansible_check_mode) + +- name: Attach dmg + command: 'hdiutil attach /tmp/datadog-agent.dmg -mountpoint "/Volumes/datadog_agent"' + when: (not datadog_skip_install) and (not ansible_check_mode) and (download_dmg_result.status_code == 200) + +- name: Unpack and copy Datadog Agent files + shell: + cmd: '/usr/sbin/installer -pkg "`find "/Volumes/datadog_agent" -name \*.pkg 2>/dev/null`" -target /' + chdir: '/' + become: yes + register: datadog_agent_install + when: (not datadog_skip_install) and (not ansible_check_mode) and (download_dmg_result.status_code == 200) + notify: restart datadog-agent-macos + +- name: Detach mounted dmg + command: 'hdiutil detach "/Volumes/datadog_agent"' + when: (not datadog_skip_install) and (not ansible_check_mode) and (download_dmg_result.status_code == 200) + +- name: Delete temporary dmg + file: + path: "{{ download_dmg_result.dest }}" + state: absent + become: yes + when: (not datadog_skip_install) and (not ansible_check_mode) and (download_dmg_result.status_code == 200) + +- name: Delete temp datadog install user file + file: + path: "/tmp/datadog-install-user" + state: absent + become: yes + when: (not datadog_skip_install) and (not ansible_check_mode) From f1a47908927293d3bf5e7bb003c02fb5f33271de Mon Sep 17 00:00:00 2001 From: Slavek Kabrda Date: Thu, 28 Apr 2022 10:53:37 +0200 Subject: [PATCH 2/5] macOS support improvements (#436) --- README.md | 9 +- defaults/main.yml | 1 + handlers/main-macos.yml | 15 ++ tasks/_agent-linux-macos-shared.yml | 91 ++++++++ tasks/agent-linux.yml | 95 +------- tasks/agent-macos.yml | 211 +++++------------- tasks/parse-version-macos.yml | 2 +- tasks/pkg-macos.yml | 18 +- tasks/{ => pkg-macos}/macos_agent_latest.yml | 2 +- tasks/{ => pkg-macos}/macos_agent_version.yml | 2 +- templates/com.datadoghq.agent.plist.j2 | 33 +++ 11 files changed, 225 insertions(+), 254 deletions(-) create mode 100644 tasks/_agent-linux-macos-shared.yml rename tasks/{ => pkg-macos}/macos_agent_latest.yml (88%) rename tasks/{ => pkg-macos}/macos_agent_version.yml (66%) create mode 100644 templates/com.datadoghq.agent.plist.j2 diff --git a/README.md b/README.md index eba07620..7f2d7ab1 100644 --- a/README.md +++ b/README.md @@ -9,15 +9,10 @@ The Ansible Datadog role installs and configures the Datadog Agent and integrati - Requires Ansible v2.6+. - Supports most Debian and RHEL-based Linux distributions, macOS, and Windows. - When using Ansible 2.10+ on Windows, requires the `ansible.windows` collection to be installed: - + ```shell ansible-galaxy collection install ansible.windows ``` -- When using Ansible on macOS, you may require the `community.general`collection (not included in `ansible-core`) to be installed for access to `community.general.launchd`: - - ```shell - ansible-galaxy collection install community.general - ``` ### Installation @@ -74,6 +69,8 @@ To deploy the Datadog Agent on hosts, add the Datadog role and your API key to y | `datadog_windows_ddagentuser_name` | The name of Windows user to create/use, in the format `\` (Windows only). | | `datadog_windows_ddagentuser_password` | The password used to create the user and/or register the service (Windows only). | | `datadog_apply_windows_614_fix` | Whether or not to download and apply file referenced by `datadog_windows_614_fix_script_url` (Windows only). See https://dtdg.co/win-614-fix for more details. You can set this to `false` assuming your hosts aren't running Datadog Agent 6.14.\*. | +| `datadog_macos_user` | The name of the user to run Agent under. The user has to exist, it won't be created automatically. Defaults to `ansible_user` (macOS only). | +| `datadog_macos_download_url` | Override the URL to download the DMG installer from (macOS only). | ### Integrations diff --git a/defaults/main.yml b/defaults/main.yml index 57f6e979..0443b7b1 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -206,6 +206,7 @@ datadog_macos_agent7_latest_url: "https://s3.amazonaws.com/dd-agent/datadog-agen # in order to get the full url to the dmg package. datadog_macos_versioned_url: "https://s3.amazonaws.com/dd-agent/datadog-agent" +datadog_macos_user: "{{ ansible_user }}" datadog_macos_service_name: "com.datadoghq.agent" datadog_macos_user_plist_file_path: "Library/LaunchAgents/{{ datadog_macos_service_name }}.plist" datadog_macos_system_plist_file_path: "/Library/LaunchDaemons/{{ datadog_macos_service_name }}.plist" diff --git a/handlers/main-macos.yml b/handlers/main-macos.yml index 1c44bd60..1bc1c7cf 100644 --- a/handlers/main-macos.yml +++ b/handlers/main-macos.yml @@ -4,6 +4,21 @@ # However, this is here because this is a "handler-like" task that is dynamically # included by a handler task in handlers/main.yml. +# NOTE: We don't use bootout/bootstrap here, because bootout can't wait for the operation +# to finish and if it's in progress for a longer time, bootstrap fails. We use the old +# unload/load combo because they actually wait. +- name: Unload datadog-agent service + command: "launchctl unload -wF {{ datadog_macos_system_plist_file_path }}" + become: yes + check_mode: no + when: datadog_enabled and not ansible_check_mode and ansible_facts.os_family == "Darwin" + +- name: Load datadog-agent service + command: "launchctl load -wF {{ datadog_macos_system_plist_file_path }}" + become: yes + check_mode: no + when: datadog_enabled and not ansible_check_mode and ansible_facts.os_family == "Darwin" + - name: Restart datadog-agent service command: "launchctl kickstart -k system/{{ datadog_macos_service_name }}" become: yes diff --git a/tasks/_agent-linux-macos-shared.yml b/tasks/_agent-linux-macos-shared.yml new file mode 100644 index 00000000..e17b0dbe --- /dev/null +++ b/tasks/_agent-linux-macos-shared.yml @@ -0,0 +1,91 @@ +--- +- name: Create Datadog agent config directory + file: + dest: "{{ _dd_config_dir }}" + state: directory + mode: 0755 + owner: "{{ _dd_user }}" + group: "{{ _dd_group }}" + when: datadog_manage_config + +- name: Create main Datadog agent configuration file + template: + src: datadog.yaml.j2 + dest: "{{ _dd_config_dir }}/datadog.yaml" + mode: 0640 + owner: "{{ _dd_user }}" + group: "{{ _dd_group }}" + when: datadog_manage_config + notify: "{{ _dd_notify_agent }}" + +- name: Register all checks directories present in datadog + find: + paths: "{{ _dd_config_dir }}/conf.d/" + patterns: + - "*.d" + file_type: directory + register: datadog_conf_directories + when: datadog_manage_config and (datadog_disable_untracked_checks or datadog_disable_default_checks) + +- name: Delete checks not present in datadog_tracked_checks + file: + path: "{{ _dd_config_dir }}/conf.d/{{ item }}.d/conf.yaml" + state: absent + loop: "{{ datadog_conf_directories.files | map(attribute='path') | list | map('basename') | list | map('regex_replace', '^(.*).d$', '\\1') | list }}" + when: datadog_manage_config and datadog_disable_untracked_checks and item not in datadog_tracked_checks + notify: "{{ _dd_notify_agent }}" + +- name: Delete all default checks + file: + path: "{{ _dd_config_dir }}/conf.d/{{ item }}.d/conf.yaml.default" + state: absent + loop: "{{ datadog_conf_directories.files | map(attribute='path') | list | map('basename') | list | map('regex_replace', '^(.*).d$', '\\1') | list }}" + when: datadog_manage_config and datadog_disable_default_checks and item not in datadog_tracked_checks + notify: "{{ _dd_notify_agent }}" + +- name: Ensure configuration directories are present for each Datadog check + file: + dest: "{{ _dd_config_dir }}/conf.d/{{ item }}.d" + state: directory + owner: "{{ _dd_user }}" + group: "{{ _dd_group }}" + mode: 0755 + with_items: '{{ datadog_checks|list }}' + when: datadog_manage_config + +- name: Create a configuration file for each Datadog check + template: + src: checks.yaml.j2 + dest: "{{ _dd_config_dir }}/conf.d/{{ item }}.d/conf.yaml" + mode: 0640 + owner: "{{ _dd_user }}" + group: "{{ _dd_group }}" + with_items: "{{ datadog_checks|list }}" + when: datadog_manage_config + notify: "{{ _dd_notify_agent }}" + +- name: Remove old configuration file for each Datadog check + file: + dest: "{{ _dd_config_dir }}/conf.d/{{ item }}.yaml" + state: absent + with_items: "{{ datadog_checks|list }}" + when: datadog_manage_config + notify: "{{ _dd_notify_agent }}" + +- name: Create custom check file for each custom check + copy: + src: "{{ datadog_custom_checks[item] }}" + dest: "{{ _dd_config_dir }}/checks.d/{{ item }}.py" + mode: 0755 + owner: "{{ _dd_user }}" + group: "{{ _dd_group }}" + with_items: "{{ datadog_custom_checks|list }}" + notify: "{{ _dd_notify_agent }}" + +- name: Create installation information file + template: + src: install_info.j2 + dest: "{{ _dd_config_dir }}/install_info" + owner: "{{ _dd_user }}" + group: "{{ _dd_group }}" + mode: 0644 diff --git a/tasks/agent-linux.yml b/tasks/agent-linux.yml index c0609ac8..83536b73 100644 --- a/tasks/agent-linux.yml +++ b/tasks/agent-linux.yml @@ -18,86 +18,13 @@ when: datadog_additional_groups | default([], true) | length > 0 notify: restart datadog-agent -- name: Create Datadog agent config directory - file: - dest: /etc/datadog-agent - state: directory - mode: 0755 - when: datadog_manage_config - -- name: Create main Datadog agent configuration file - template: - src: datadog.yaml.j2 - dest: /etc/datadog-agent/datadog.yaml - mode: 0640 - owner: "{{ datadog_user }}" - group: "{{ datadog_group }}" - when: datadog_manage_config - notify: restart datadog-agent - -- name: Register all checks directories present in datadog - find: - paths: /etc/datadog-agent/conf.d/ - patterns: - - "*.d" - file_type: directory - register: datadog_conf_directories - when: datadog_manage_config and (datadog_disable_untracked_checks or datadog_disable_default_checks) - -- name: Delete checks not present in datadog_tracked_checks - file: - path: "/etc/datadog-agent/conf.d/{{ item }}.d/conf.yaml" - state: absent - loop: "{{ datadog_conf_directories.files | map(attribute='path') | list | map('basename') | list | map('regex_replace', '^(.*).d$', '\\1') | list }}" - when: datadog_manage_config and datadog_disable_untracked_checks and item not in datadog_tracked_checks - notify: restart datadog-agent - -- name: Delete all default checks - file: - path: "/etc/datadog-agent/conf.d/{{ item }}.d/conf.yaml.default" - state: absent - loop: "{{ datadog_conf_directories.files | map(attribute='path') | list | map('basename') | list | map('regex_replace', '^(.*).d$', '\\1') | list }}" - when: datadog_manage_config and datadog_disable_default_checks and item not in datadog_tracked_checks - notify: restart datadog-agent - -- name: Ensure configuration directories are present for each Datadog check - file: - dest: "/etc/datadog-agent/conf.d/{{ item }}.d" - state: directory - owner: "{{ datadog_user }}" - group: "{{ datadog_group }}" - mode: 0755 - with_items: '{{ datadog_checks|list }}' - when: datadog_manage_config - -- name: Create a configuration file for each Datadog check - template: - src: checks.yaml.j2 - dest: "/etc/datadog-agent/conf.d/{{ item }}.d/conf.yaml" - mode: 0640 - owner: "{{ datadog_user }}" - group: "{{ datadog_group }}" - with_items: "{{ datadog_checks|list }}" - when: datadog_manage_config - notify: restart datadog-agent - -- name: Remove old configuration file for each Datadog check - file: - dest: "/etc/datadog-agent/conf.d/{{ item }}.yaml" - state: absent - with_items: "{{ datadog_checks|list }}" - when: datadog_manage_config - notify: restart datadog-agent - -- name: Create custom check file for each custom check - copy: - src: "{{ datadog_custom_checks[item] }}" - dest: "/etc/datadog-agent/checks.d/{{ item }}.py" - mode: 0755 - owner: "{{ datadog_user }}" - group: "{{ datadog_group }}" - with_items: "{{ datadog_custom_checks|list }}" - notify: restart datadog-agent +- name: Include configuration setup tasks + include_tasks: "_agent-linux-macos-shared.yml" + vars: + _dd_config_dir: /etc/datadog-agent + _dd_user: "{{ datadog_user }}" + _dd_group: "{{ datadog_group }}" + _dd_notify_agent: "restart datadog-agent" - name: Create system-probe configuration file template: @@ -198,11 +125,3 @@ when: datadog_manage_config notify: "{% if datadog_before_7180 %}restart datadog-agent-sysprobe{% else %}restart datadog-agent{% endif %}" - -- name: Create installation information file - template: - src: install_info.j2 - dest: /etc/datadog-agent/install_info - owner: "{{ datadog_user }}" - group: "{{ datadog_group }}" - mode: 0644 diff --git a/tasks/agent-macos.yml b/tasks/agent-macos.yml index 7d903930..6e2fe0b5 100644 --- a/tasks/agent-macos.yml +++ b/tasks/agent-macos.yml @@ -1,179 +1,92 @@ --- -- name: 'Load user data into JSON string {"uid": , "gid": }' +# NOTE: the DMG gets installed as ansible_user, but we then configure it to run +# under datadog_macos_user and remove the user-specific config for ansible_user +- name: Load user data shell: - cmd: "dscacheutil -q user -a name {{ ansible_user }} | awk 'BEGIN { RS=\"\\n\"; ORS=\" \" } /uid:/ { print \"{ \\\"uid\\\": \" $2\",\" } /gid:/ { print \"\\\"gid\\\": \" $2 \" }\"}'" + cmd: "dscacheutil -q user -a name {{ datadog_macos_user }} | awk 'BEGIN { RS=\"\\n\"; ORS=\" \" } /uid:/ { print \"{ \\\"uid\\\": \" $2\",\" } /gid:/ { print \"\\\"gid\\\": \" $2 \" }\"}'" executable: /bin/bash changed_when: false register: macos_user_output -# this task is used to more cleanly format the variable contents -# the ABOVE task's shell command returns a JSON object as a string but nested in `.stdout` -# ansible has built in behavior that if it receives JSON data as a string it will automatically convert it to the corresponding object -# this enables us to get multiple values out of the ABOVE task preventing us from having to run 2 similar commands +# This task is used to more cleanly format the variable contents.The ABOVE task's shell command returns a JSON +# object as a string but nested in `.stdout`. Ansible has built in behavior that if it receives JSON data as +# a string it will automatically convert it to the corresponding object. This enables us to get multiple values +# out of the ABOVE task preventing us from having to run 2 similar commands. - name: Extract JSON user data as variable object set_fact: macos_user_data: "{{ macos_user_output.stdout }}" -- name: Check if system plist file already exists - stat: - path: "{{ datadog_macos_system_plist_file_path }}" - register: macos_system_plist_file_stat - -- name: Execute Block when system plist file did not already exist - block: - - name: Move plist file to system location - command: - cmd: "mv /Users/{{ ansible_user }}/{{ datadog_macos_user_plist_file_path }} {{ datadog_macos_system_plist_file_path }}" - removes: "/Users/{{ ansible_user }}/{{ datadog_macos_user_plist_file_path }}" - creates: "{{ datadog_macos_system_plist_file_path }}" - become: true - - - name: Inject user and group data into system plist file - shell: - cmd: "cp -f {{ datadog_macos_system_plist_file_path }} /tmp/.plist.backup - && - awk -v d=\"\" - -v lines=\" UID<\/key>\\n {{ macos_user_data.uid }}<\/string>\\n GID<\/key>\\n {{ macos_user_data.gid }}<\/string>\" - 'NR==FNR{if ($0~d) nr=NR; next}; FNR==nr{print lines} 1' - /tmp/.plist.backup - /tmp/.plist.backup - > {{ datadog_macos_system_plist_file_path }}" - executable: /bin/bash - changed_when: false - become: yes - - - name: Set owner on system plist file - file: - path: "{{ datadog_macos_system_plist_file_path }}" - owner: 0 - group: 0 - become: yes - when: macos_system_plist_file_stat.stat.exists is not defined or (macos_system_plist_file_stat.stat.exists is defined and not macos_system_plist_file_stat.stat.exists) - -- name: Create Datadog agent config directory - file: - dest: "{{ datadog_macos_etc_dir }}" - state: directory - mode: 0750 - group: "{{ macos_user_data.gid }}" - become: yes - when: datadog_manage_config - -- name: Create main Datadog agent configuration file - template: - src: datadog.yaml.j2 - dest: "{{ datadog_macos_etc_dir }}/datadog.yaml" - mode: 0640 - group: "{{ macos_user_data.gid }}" - become: yes - when: datadog_manage_config - notify: restart datadog-agent-macos - -- name: Register all checks directories present in datadog - find: - paths: "{{ datadog_macos_etc_dir }}/conf.d/" - patterns: - - "*.d" - file_type: directory - become: yes - register: datadog_conf_directories - when: datadog_manage_config and (datadog_disable_untracked_checks or datadog_disable_default_checks) +- name: Load user group data + shell: + cmd: "dscacheutil -q group -a gid {{ macos_user_data.gid }} | grep '^name: ' | awk '{ print $2 }'" + register: macos_user_group + changed_when: false -- name: Delete checks not present in datadog_tracked_checks - file: - path: "{{ datadog_macos_etc_dir }}/conf.d/{{ item }}.d/conf.yaml" - state: absent - become: yes - loop: "{{ datadog_conf_directories.files | map(attribute='path') | list | map('basename') | list | map('regex_replace', '^(.*).d$', '\\1') | list }}" - when: datadog_manage_config and datadog_disable_untracked_checks and item not in datadog_tracked_checks - notify: restart datadog-agent-macos +# If the ansible_user was logged in via GUI during installation, the postinstall package script +# created launchctl service for the user and also a login item -- name: Delete all default checks - file: - path: "{{ datadog_macos_etc_dir }}/conf.d/{{ item }}.d/conf.yaml.default" - state: absent - become: yes - loop: "{{ datadog_conf_directories.files | map(attribute='path') | list | map('basename') | list | map('regex_replace', '^(.*).d$', '\\1') | list }}" - when: datadog_manage_config and datadog_disable_default_checks and item not in datadog_tracked_checks - notify: restart datadog-agent-macos +- name: Find out if user LaunchAgent is running + shell: + cmd: "launchctl print gui/$(id -u)/{{ datadog_macos_service_name }}" + register: user_service_created + changed_when: false + failed_when: false -- name: Ensure configuration directories are present for each Datadog check - file: - dest: "{{ datadog_macos_etc_dir }}/conf.d/{{ item }}.d" - state: directory - mode: 0755 - become: yes - with_items: '{{ datadog_checks|list }}' - when: datadog_manage_config +- name: Unload and stop user LaunchAgent + shell: + cmd: "launchctl bootout gui/$(id -u)/{{ datadog_macos_service_name }}" + when: user_service_created.rc == 0 -- name: Create a configuration file for each Datadog check - template: - src: checks.yaml.j2 - dest: "{{ datadog_macos_etc_dir }}/conf.d/{{ item }}.d/conf.yaml" - mode: 0640 - group: "{{ macos_user_data.gid }}" - become: yes - with_items: "{{ datadog_checks|list }}" - when: datadog_manage_config - notify: restart datadog-agent-macos +- name: Remove user login item + shell: + cmd: |- + osascript -e 'tell application "System Events" to if login item "Datadog Agent" exists then delete login item "Datadog Agent"' + when: user_service_created.rc == 0 -- name: Remove old configuration file for each Datadog check +- name: Remove user LaunchAgent plist file file: - dest: "{{ datadog_macos_etc_dir }}/conf.d/{{ item }}.yaml" + path: "/Users/{{ ansible_user }}/{{ datadog_macos_user_plist_file_path }}" state: absent - become: yes - with_items: "{{ datadog_checks|list }}" - when: datadog_manage_config - notify: restart datadog-agent-macos - -- name: Create custom check file for each custom check - copy: - src: "{{ datadog_custom_checks[item] }}" - dest: "{{ datadog_macos_etc_dir }}/checks.d/{{ item }}.py" - mode: 0750 - group: "{{ macos_user_data.gid }}" - become: yes - with_items: "{{ datadog_custom_checks|list }}" - notify: restart datadog-agent-macos - -- name: Unload {{ datadog_macos_service_name }}.plist - command: "launchctl bootout system/{{ datadog_macos_service_name }}" - become: yes - failed_when: false - check_mode: no - when: not datadog_skip_running_check and datadog_enabled -- name: Create security-agent configuration file +# We could take the plist file from user LaunchAgent location and just add UID/GID, +# but when the version is pinned and agent is already installed, that file had +# already been removed and won't be recreated and so we won't be able to use it. +# +# The disadvantage of using a template obviously is that if we changed the plist +# file in the .dmg, we would also have to update this. Fortunately this seems +# to basically never happen, so I think it's an acceptable downside. +- name: Add system LaunchDaemon plist file template: - src: security-agent.yaml.j2 - dest: "{{ datadog_macos_etc_dir }}/security-agent.yaml" - mode: 0640 - group: "{{ macos_user_data.gid }}" - become: yes - when: datadog_manage_config + src: com.datadoghq.agent.plist.j2 + dest: "{{ datadog_macos_system_plist_file_path }}" + owner: 0 + group: 0 + become: true notify: restart datadog-agent-macos - -- name: Create installation information file - template: - src: install_info.j2 - dest: "{{ datadog_macos_etc_dir }}/install_info" - mode: 0644 - group: "{{ macos_user_data.gid }}" - become: yes + vars: + # NOTE: https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html + # docs say both UID/GID and UserName/GroupName work, but only UserName/GroupName actually work. + username: "{{ datadog_macos_user }}" + groupname: "{{ macos_user_group.stdout }}" + +- name: Include configuration setup tasks + import_tasks: "_agent-linux-macos-shared.yml" + vars: + _dd_config_dir: "{{ datadog_macos_etc_dir }}" + _dd_user: "{{ macos_user_data.uid }}" + _dd_group: "{{ macos_user_data.gid }}" + _dd_notify_agent: "restart datadog-agent-macos" + become: true - name: Set permissions for DataDog Directories file: path: "{{ item }}" + owner: "{{ macos_user_data.uid }}" group: "{{ macos_user_data.gid }}" recurse: yes with_items: - "datadog_macos_etc_dir" - "datadog_macos_logs_dir" - "datadog_macos_run_dir" - - -- name: Bootstrap {{ datadog_macos_service_name }}.plist - command: "launchctl bootstrap system {{ datadog_macos_system_plist_file_path }}" - become: yes - check_mode: no - when: not datadog_skip_running_check and datadog_enabled + notify: restart datadog-agent-macos + become: true diff --git a/tasks/parse-version-macos.yml b/tasks/parse-version-macos.yml index 4d43cb76..7ac8c796 100644 --- a/tasks/parse-version-macos.yml +++ b/tasks/parse-version-macos.yml @@ -1,5 +1,5 @@ - name: Get macOS Agent version - shell: "set -o pipefail && datadog-agent version | grep 'Agent ' | awk '{print $2}'" + shell: "set -o pipefail && {{ datadog_agent_binary_path_macos }} version | grep 'Agent ' | awk '{print $2}'" register: datadog_version_check_macos changed_when: false failed_when: false diff --git a/tasks/pkg-macos.yml b/tasks/pkg-macos.yml index b3c5a19e..fb17f24f 100644 --- a/tasks/pkg-macos.yml +++ b/tasks/pkg-macos.yml @@ -1,16 +1,18 @@ --- +# NOTE: the DMG gets installed as ansible_user, but we then configure it to run +# under datadog_macos_user and remove the user-specific config for ansible_user - name: Fail if Agent 5 fail: msg: "The Datadog ansible role does not currently support Agent 5 on macOS" when: datadog_agent_major_version|int == 5 -- include_tasks: macos_agent_latest.yml +- include_tasks: pkg-macos/macos_agent_latest.yml when: (not datadog_skip_install) and (datadog_agent_macos_version is not defined) -- include_tasks: macos_agent_version.yml +- include_tasks: pkg-macos/macos_agent_version.yml when: (not datadog_skip_install) and (datadog_agent_macos_version is defined) -- name: show URL var +- name: Display macOS download URL debug: var: dd_download_url when: not datadog_skip_install @@ -22,10 +24,10 @@ become: yes when: not datadog_skip_install -- name: Create temp datadog install user file +- name: Create temporary datadog install user file copy: dest: "/tmp/datadog-install-user" - content: "{{ ansible_user }}" + content: "{{ datadog_macos_user }}" mode: 0554 when: (not datadog_skip_install) and (not ansible_check_mode) @@ -37,11 +39,11 @@ register: download_dmg_result when: (not datadog_skip_install) and (not ansible_check_mode) -- name: Detach any existing mounted dmg if able +- name: Detach agent dmg if already mounted shell: 'hdiutil detach "/Volumes/datadog_agent" >/dev/null 2>&1 || true' when: (not datadog_skip_install) and (not ansible_check_mode) -- name: Attach dmg +- name: Attach agent dmg command: 'hdiutil attach /tmp/datadog-agent.dmg -mountpoint "/Volumes/datadog_agent"' when: (not datadog_skip_install) and (not ansible_check_mode) and (download_dmg_result.status_code == 200) @@ -65,7 +67,7 @@ become: yes when: (not datadog_skip_install) and (not ansible_check_mode) and (download_dmg_result.status_code == 200) -- name: Delete temp datadog install user file +- name: Delete temporary datadog install user file file: path: "/tmp/datadog-install-user" state: absent diff --git a/tasks/macos_agent_latest.yml b/tasks/pkg-macos/macos_agent_latest.yml similarity index 88% rename from tasks/macos_agent_latest.yml rename to tasks/pkg-macos/macos_agent_latest.yml index 24941429..64ab51e8 100644 --- a/tasks/macos_agent_latest.yml +++ b/tasks/pkg-macos/macos_agent_latest.yml @@ -1,6 +1,6 @@ --- -- name: (Custom) Set agent download filename to latest +- name: Set agent download filename to custom URL set_fact: dd_download_url: "{{ datadog_macos_download_url }}" when: datadog_macos_download_url | default('', true) | length > 0 diff --git a/tasks/macos_agent_version.yml b/tasks/pkg-macos/macos_agent_version.yml similarity index 66% rename from tasks/macos_agent_version.yml rename to tasks/pkg-macos/macos_agent_version.yml index 31df2257..2acfbac8 100644 --- a/tasks/macos_agent_version.yml +++ b/tasks/pkg-macos/macos_agent_version.yml @@ -1,5 +1,5 @@ --- -- name: set agent download filename to a specific version +- name: Set agent download filename to a specific version set_fact: dd_download_url: "{{ datadog_macos_versioned_url }}-{{ datadog_agent_macos_version }}-1.dmg" diff --git a/templates/com.datadoghq.agent.plist.j2 b/templates/com.datadoghq.agent.plist.j2 new file mode 100644 index 00000000..9bfc447c --- /dev/null +++ b/templates/com.datadoghq.agent.plist.j2 @@ -0,0 +1,33 @@ + + + + + KeepAlive + + SuccessfulExit + + + Label + com.datadoghq.agent + EnvironmentVariables + + DD_LOG_TO_CONSOLE + false + + ProgramArguments + + /opt/datadog-agent/bin/agent/agent + run + + StandardOutPath + /opt/datadog-agent/logs/launchd.log + StandardErrorPath + /opt/datadog-agent/logs/launchd.log + ExitTimeOut + 10 + UserName + {{ username }} + GroupName + {{ groupname }} + + From e05910099ea934e6f6e4dbc120d143acde0fe6bd Mon Sep 17 00:00:00 2001 From: Slavek Kabrda Date: Fri, 29 Apr 2022 11:21:49 +0200 Subject: [PATCH 3/5] Fix ansible-lint issues --- tasks/agent-linux.yml | 2 +- tasks/agent-macos.yml | 4 ++-- tasks/agent-win.yml | 2 +- tasks/pkg-redhat.yml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/tasks/agent-linux.yml b/tasks/agent-linux.yml index 83536b73..657d0c5d 100644 --- a/tasks/agent-linux.yml +++ b/tasks/agent-linux.yml @@ -113,7 +113,7 @@ state: stopped enabled: no when: not datadog_skip_running_check and not datadog_enabled - ignore_errors: yes # Since older versions of the Agent don't include the security agent + failed_when: false # Since older versions of the Agent don't include the security agent - name: Create security-agent configuration file template: diff --git a/tasks/agent-macos.yml b/tasks/agent-macos.yml index 6e2fe0b5..761b58c4 100644 --- a/tasks/agent-macos.yml +++ b/tasks/agent-macos.yml @@ -38,8 +38,7 @@ when: user_service_created.rc == 0 - name: Remove user login item - shell: - cmd: |- + command: |- osascript -e 'tell application "System Events" to if login item "Datadog Agent" exists then delete login item "Datadog Agent"' when: user_service_created.rc == 0 @@ -61,6 +60,7 @@ dest: "{{ datadog_macos_system_plist_file_path }}" owner: 0 group: 0 + mode: 0644 become: true notify: restart datadog-agent-macos vars: diff --git a/tasks/agent-win.yml b/tasks/agent-win.yml index eb9d7ee8..761ccedb 100644 --- a/tasks/agent-win.yml +++ b/tasks/agent-win.yml @@ -56,7 +56,7 @@ notify: restart datadog-agent-win - name: Create custom check file for each custom check - copy: + win_copy: src: "{{ datadog_custom_checks[item] }}" dest: "{{ datadog_windows_config_root }}\\checks.d\\{{ item }}.py" with_items: "{{ datadog_custom_checks|list }}" diff --git a/tasks/pkg-redhat.yml b/tasks/pkg-redhat.yml index c6c1eadf..91f33f2a 100644 --- a/tasks/pkg-redhat.yml +++ b/tasks/pkg-redhat.yml @@ -125,7 +125,7 @@ - name: Clean repo metadata if repo changed # noqa 503 command: yum clean metadata --disablerepo="*" --enablerepo=datadog - ignore_errors: yes # Cleaning the metadata is only needed when downgrading a major version of the Agent, don't fail because of this + failed_when: false # Cleaning the metadata is only needed when downgrading a major version of the Agent, don't fail because of this args: warn: no when: repofile5.changed or repofile6.changed or repofile7.changed or repofilecustom.changed From 02d0363ca3bea700c6c34d5a510c15e213b8abb5 Mon Sep 17 00:00:00 2001 From: Slavek Kabrda Date: Thu, 5 May 2022 10:27:37 +0200 Subject: [PATCH 4/5] Update README.md Co-authored-by: Albert Vaca Cintora --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7f2d7ab1..5518357c 100644 --- a/README.md +++ b/README.md @@ -309,7 +309,7 @@ When the variable `datadog_macos_download_url` is not set, the official macOS DM | Agent version | Default macOS DMG package URL | |---------------|--------------------------------------------------------------| -| 6 | https://s3.amazonaws.com/dd-agent/datadogagent.dmg | +| 6 | https://s3.amazonaws.com/dd-agent/datadog-agent-6-latest.dmg | | 7 | https://s3.amazonaws.com/dd-agent/datadog-agent-7-latest.dmg | To override the default behavior, set this variable to something other than an empty string. From df679104fbfb52a20b4c901e786cc84c5befabe2 Mon Sep 17 00:00:00 2001 From: Slavek Kabrda Date: Thu, 5 May 2022 11:09:44 +0200 Subject: [PATCH 5/5] Update tasks/agent-macos.yml Co-authored-by: Albert Vaca Cintora --- tasks/agent-macos.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tasks/agent-macos.yml b/tasks/agent-macos.yml index 761b58c4..75ad19b3 100644 --- a/tasks/agent-macos.yml +++ b/tasks/agent-macos.yml @@ -85,8 +85,8 @@ group: "{{ macos_user_data.gid }}" recurse: yes with_items: - - "datadog_macos_etc_dir" - - "datadog_macos_logs_dir" - - "datadog_macos_run_dir" + - "{{ datadog_macos_etc_dir }}" + - "{{ datadog_macos_logs_dir }}" + - "{{ datadog_macos_run_dir }}" notify: restart datadog-agent-macos become: true