diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 50f8ff18a0c96..cb9a89ff310d8 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -148,7 +148,6 @@ /.gitlab/powershell_script_deploy @DataDog/agent-delivery @DataDog/windows-agent /.gitlab/choco_build/choco_build.yml @DataDog/agent-delivery @DataDog/windows-agent -/.gitlab/choco_deploy/choco_deploy.yml @DataDog/agent-delivery @DataDog/windows-agent /.gitlab/integration_test/windows.yml @DataDog/agent-devx-infra @DataDog/windows-agent diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 2038aa4649f91..753715d308c60 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -6,7 +6,6 @@ include: - .gitlab/check_deploy/check_deploy.yml - .gitlab/check_merge/do_not_merge.yml - .gitlab/choco_build/choco_build.yml - - .gitlab/choco_deploy/choco_deploy.yml - .gitlab/powershell_script_signing/powershell_script_signing.yml - .gitlab/powershell_script_deploy/powershell_script_deploy.yml - .gitlab/common/shared.yml @@ -86,7 +85,7 @@ stages: - deploy_dca - choco_and_install_script_build - trigger_release - - choco_and_install_script_deploy + - install_script_deploy - internal_image_deploy - e2e_deploy - install_script_testing diff --git a/.gitlab/.ci-linters.yml b/.gitlab/.ci-linters.yml index af5acfa72b74a..ef85f659c27b6 100644 --- a/.gitlab/.ci-linters.yml +++ b/.gitlab/.ci-linters.yml @@ -83,7 +83,6 @@ job-owners: - new-e2e-unit-tests - ot_agent_deb-arm64-a7 - ot_agent_deb-x64-a7 - - publish_choco_7_x64 - publish_fakeintake - publish_fakeintake_latest - rc_kubernetes_deploy diff --git a/.gitlab/choco_build/choco_build.yml b/.gitlab/choco_build/choco_build.yml index 8ec5bac814d18..06ff3c6bb5d0d 100644 --- a/.gitlab/choco_build/choco_build.yml +++ b/.gitlab/choco_build/choco_build.yml @@ -2,34 +2,8 @@ # choco_build stage # Contains jobs which build the chocolatey Agent package. -# Not currently used in the pipeline. -windows_choco_offline_7_x64: - rules: - !reference [.manual] - stage: choco_and_install_script_build - tags: ["runner:windows-docker", "windowsversion:1809"] - needs: ["windows_msi_and_bosh_zip_x64-a7"] - variables: - ARCH: "x64" - script: - - $ErrorActionPreference = "Stop" - - Get-ChildItem omnibus\pkg - - copy omnibus\pkg\*.msi .\chocolatey\datadog-agent\offline\tools\ - - > - docker run --rm - -v "$(Get-Location):c:\mnt" - -e AWS_NETWORKING=true - registry.ddbuild.io/ci/datadog-agent-buildimages/windows_1809_${ARCH}${Env:DATADOG_AGENT_WINBUILDIMAGES_SUFFIX}:${Env:DATADOG_AGENT_WINBUILDIMAGES} - powershell.exe -C "C:\mnt\tasks\winbuildscripts\Generate-Chocolatey-Package.ps1 -InstallMethod offline -Flavor $FLAVOR -InstallDeps 1" - - If ($lastExitCode -ne "0") { throw "Previous command returned $lastExitCode" } - - copy build-out\*.nupkg omnibus\pkg - artifacts: - expire_in: 2 weeks - paths: - - omnibus/pkg - -# The online version of the choco job gets the msi package through the gitlab artifacts -.windows_choco_online_7_x64: +# The choco job gets the msi package through the gitlab artifacts +.windows_choco_7_x64: rules: !reference [.on_deploy_stable_or_beta_repo_branch] stage: choco_and_install_script_build @@ -39,11 +13,7 @@ windows_choco_offline_7_x64: script: - '$_instance_id = (iwr -UseBasicParsing http://169.254.169.254/latest/meta-data/instance-id).content ; Write-Host "Running on instance $($_instance_id)"' - $ErrorActionPreference = "Stop" - - mkdir temp\ - - copy omnibus\pkg\*.msi temp\ - - if (Test-Path omnibus) { remove-item -recurse -force omnibus } - if (Test-Path build-out) { remove-item -recurse -force build-out } - - mkdir omnibus\pkg - > docker run --rm -v "$(Get-Location):c:\mnt" @@ -52,10 +22,8 @@ windows_choco_offline_7_x64: -e BUCKET_BRANCH="$BUCKET_BRANCH" -e AWS_NETWORKING=true registry.ddbuild.io/ci/datadog-agent-buildimages/windows_1809_${ARCH}${Env:DATADOG_AGENT_WINBUILDIMAGES_SUFFIX}:${Env:DATADOG_AGENT_WINBUILDIMAGES} - powershell.exe -C "C:\mnt\tasks\winbuildscripts\Generate-Chocolatey-Package.ps1 -InstallMethod online -MSIDirectory c:\mnt\temp -Flavor $FLAVOR -InstallDeps 1" + powershell.exe -C "C:\mnt\tasks\winbuildscripts\Generate-Chocolatey-Package.ps1 -MSIDirectory c:\mnt\omnibus\pkg -Flavor $FLAVOR -InstallDeps 1" - If ($lastExitCode -ne "0") { throw "Previous command returned $lastExitCode" } - - Remove-Item -Path "temp\" -Recurse -Force - - copy build-out\*.nupkg omnibus\pkg - $CopyNupkgToS3 = "$S3_CP_CMD --recursive --exclude '*' --include '*.nupkg' build-out $S3_RELEASE_ARTIFACTS_URI/choco/nupkg" - Invoke-Expression $CopyNupkgToS3 artifacts: @@ -65,8 +33,8 @@ windows_choco_offline_7_x64: # Sometimes Chocolatey is flakey retry: 2 -windows_choco_online_7_x64: - extends: .windows_choco_online_7_x64 +windows_choco_7_x64: + extends: .windows_choco_7_x64 # On dev/PR branches: # - if the job is run manually it will create a package, but before the # package can be installed, the deploy_windows_testing-a7 job must @@ -75,8 +43,8 @@ windows_choco_online_7_x64: variables: FLAVOR: "datadog-agent" -windows_choco_online_7_x64-fips: - extends: .windows_choco_online_7_x64 +windows_choco_7_x64-fips: + extends: .windows_choco_7_x64 # On dev/PR branches: # - if the job is run manually it will create a package, but before the # package can be installed, the deploy_windows_testing-a7-fips job must diff --git a/.gitlab/choco_deploy/choco_deploy.yml b/.gitlab/choco_deploy/choco_deploy.yml deleted file mode 100644 index 05b0f0d83eba6..0000000000000 --- a/.gitlab/choco_deploy/choco_deploy.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -# choco_build stage -# Contains a job which deploys the chocolatey Agent package. - -publish_choco_7_x64: - rules: !reference [.on_deploy_stable_or_beta_repo_branch_manual] - stage: choco_and_install_script_deploy - tags: ["runner:windows-docker", "windowsversion:1809"] - needs: ["windows_choco_online_7_x64"] - variables: - ARCH: "x64" - before_script: - - $tmpfile = [System.IO.Path]::GetTempFileName() - - (& "$CI_PROJECT_DIR\tools\ci\fetch_secret.ps1" -parameterName "$Env:CHOCOLATEY_API_KEY" -tempFile "$tmpfile") - - If ($lastExitCode -ne "0") { exit "$lastExitCode" } - - $chocolateyApiKey=$(cat "$tmpfile") - - Remove-Item "$tmpfile" - script: - - '$_instance_id = (iwr -UseBasicParsing http://169.254.169.254/latest/meta-data/instance-id).content ; Write-Host "Running on instance $($_instance_id)"' - - $ErrorActionPreference = "Stop" - - Get-ChildItem omnibus\pkg - - if (Test-Path nupkg) { remove-item -recurse -force nupkg } - - mkdir nupkg - - copy omnibus\pkg\*.nupkg nupkg\ - - Get-ChildItem nupkg - - > - docker run --rm - -v "$(Get-Location):c:\mnt" - -e CHOCOLATEY_API_KEY=${chocolateyApiKey} - registry.ddbuild.io/ci/datadog-agent-buildimages/windows_1809_${ARCH}${Env:DATADOG_AGENT_WINBUILDIMAGES_SUFFIX}:${Env:DATADOG_AGENT_WINBUILDIMAGES} - c:\mnt\tasks\winbuildscripts\chocopush.bat - - If ($lastExitCode -ne "0") { throw "Previous command returned $lastExitCode" } diff --git a/.gitlab/kernel_matrix_testing/security_agent.yml b/.gitlab/kernel_matrix_testing/security_agent.yml index b7f4b80cc6ed1..769ebe10138b8 100644 --- a/.gitlab/kernel_matrix_testing/security_agent.yml +++ b/.gitlab/kernel_matrix_testing/security_agent.yml @@ -216,26 +216,6 @@ kmt_run_secagent_tests_x64_ebpfless: - !reference [.collect_outcomes_kmt] - !reference [.upload_junit_kmt] -kmt_run_secagent_tests_x64_fentry: - extends: - - .kmt_run_secagent_tests - image: registry.ddbuild.io/ci/datadog-agent-buildimages/system-probe_x64$DATADOG_AGENT_SYSPROBE_BUILDIMAGES_SUFFIX:$DATADOG_AGENT_SYSPROBE_BUILDIMAGES - tags: ["arch:amd64"] - needs: - - kmt_setup_env_secagent_x64 - - upload_dependencies_secagent_x64 - - upload_secagent_tests_x64 - variables: - ARCH: "x86_64" - parallel: - matrix: - - TAG: - - "amazon_2023" - TEST_SET: [cws_fentry] - after_script: - - !reference [.collect_outcomes_kmt] - - !reference [.upload_junit_kmt] - kmt_run_secagent_tests_x64_docker: extends: - .kmt_run_secagent_tests @@ -350,26 +330,6 @@ kmt_run_secagent_tests_arm64_ebpfless: - !reference [.collect_outcomes_kmt] - !reference [.upload_junit_kmt] -kmt_run_secagent_tests_arm64_fentry: - extends: - - .kmt_run_secagent_tests - image: registry.ddbuild.io/ci/datadog-agent-buildimages/system-probe_arm64$DATADOG_AGENT_SYSPROBE_BUILDIMAGES_SUFFIX:$DATADOG_AGENT_SYSPROBE_BUILDIMAGES - tags: ["arch:arm64"] - needs: - - kmt_setup_env_secagent_arm64 - - upload_dependencies_secagent_arm64 - - upload_secagent_tests_arm64 - variables: - ARCH: "arm64" - parallel: - matrix: - - TAG: - - "ubuntu_24.04" - TEST_SET: [cws_fentry] - after_script: - - !reference [.collect_outcomes_kmt] - - !reference [.upload_junit_kmt] - kmt_run_secagent_tests_arm64_docker: extends: - .kmt_run_secagent_tests @@ -426,7 +386,6 @@ kmt_secagent_tests_join_arm64: - kmt_run_secagent_tests_arm64 - kmt_run_secagent_tests_arm64_ad - kmt_run_secagent_tests_arm64_ebpfless - - kmt_run_secagent_tests_arm64_fentry - kmt_run_secagent_tests_arm64_docker kmt_secagent_cleanup_arm64: @@ -449,7 +408,6 @@ kmt_secagent_tests_join_x64: - kmt_run_secagent_tests_x64_required - kmt_run_secagent_tests_x64_ad - kmt_run_secagent_tests_x64_ebpfless - - kmt_run_secagent_tests_x64_fentry - kmt_run_secagent_tests_x64_docker kmt_secagent_cleanup_x64: diff --git a/.gitlab/powershell_script_deploy/powershell_script_deploy.yml b/.gitlab/powershell_script_deploy/powershell_script_deploy.yml index 4760dfdf18030..5269045adde05 100644 --- a/.gitlab/powershell_script_deploy/powershell_script_deploy.yml +++ b/.gitlab/powershell_script_deploy/powershell_script_deploy.yml @@ -5,7 +5,7 @@ powershell_script_deploy: image: registry.ddbuild.io/ci/datadog-agent-buildimages/gitlab_agent_deploy$DATADOG_AGENT_BUILDIMAGES_SUFFIX:$DATADOG_AGENT_BUILDIMAGES tags: ["arch:amd64"] - stage: choco_and_install_script_deploy + stage: install_script_deploy rules: !reference [.manual] needs: ["powershell_script_signing"] @@ -19,7 +19,7 @@ powershell_script_deploy: windows_bootstrapper_deploy: image: registry.ddbuild.io/ci/datadog-agent-buildimages/gitlab_agent_deploy$DATADOG_AGENT_BUILDIMAGES_SUFFIX:$DATADOG_AGENT_BUILDIMAGES tags: ["arch:amd64"] - stage: choco_and_install_script_deploy + stage: install_script_deploy rules: !reference [.manual] needs: ["windows-installer-amd64"] diff --git a/chocolatey/datadog-agent/online/datadog-agent-online.nuspec b/chocolatey/datadog-agent/datadog-agent.nuspec similarity index 97% rename from chocolatey/datadog-agent/online/datadog-agent-online.nuspec rename to chocolatey/datadog-agent/datadog-agent.nuspec index 73f96bfb83871..f3d9ec86ca694 100644 --- a/chocolatey/datadog-agent/online/datadog-agent-online.nuspec +++ b/chocolatey/datadog-agent/datadog-agent.nuspec @@ -1,4 +1,4 @@ - + datadog-agent diff --git a/chocolatey/datadog-agent/offline/datadog-agent-offline.nuspec b/chocolatey/datadog-agent/offline/datadog-agent-offline.nuspec deleted file mode 100644 index aedf9555a1c51..0000000000000 --- a/chocolatey/datadog-agent/offline/datadog-agent-offline.nuspec +++ /dev/null @@ -1,31 +0,0 @@ - - - - datadog-agent-offline - $package_version$ - https://github.com/DataDog/datadog-agent/tree/main/chocolatey - Datadog - Datadog Agent Offline Install - Datadog - https://github.com/DataDog/datadog-agent - https://datadog-prod.imgix.net/img/dd_logo_70x75.png - $copyright$ - https://raw.githubusercontent.com/DataDog/datadog-agent/main/LICENSE - true - https://docs.datadoghq.com - datadog agent monitoring admin - The Datadog Agent for Microsoft Windows - The Datadog Agent faithfully collects events and metrics and brings them to Datadog on your behalf so that you can do something useful with your monitoring and performance data. - -## Package settings - -You may set [custom settings](https://docs.datadoghq.com/agent/basic_agent_usage/windows/?tab=commandline#installation) to the Agent when installing by using the [`--installer-arguments` option of `choco install`](https://chocolatey.org/docs/getting-started#overriding-default-install-directory-or-other-advanced-install-concepts). - -For example, to set the API key you may run: -`choco install -ia="APIKEY=""YOUR_DATADOG_API_KEY""" datadog-agent-offline` - $release_notes$ - - - - - diff --git a/chocolatey/datadog-agent/offline/tools/chocolateyinstall.ps1 b/chocolatey/datadog-agent/offline/tools/chocolateyinstall.ps1 deleted file mode 100644 index 98d39c92654e0..0000000000000 --- a/chocolatey/datadog-agent/offline/tools/chocolateyinstall.ps1 +++ /dev/null @@ -1,29 +0,0 @@ -$ErrorActionPreference = 'Stop'; - -$toolsDir = "$(Split-Path -parent $MyInvocation.MyCommand.Definition)" -$nupkgs = Get-ChildItem $toolsDir\datadog-agent*.msi -if (($nupkgs | Measure-Object).Count -gt 1) { - Write-Host "More than 1 MSI installer exists - aborting" - exit -2 -} -$packageArgs = @{ - packageName = $env:ChocolateyPackageName - unzipLocation = $toolsDir - fileType = 'msi' - file = $nupkgs[0].FullName - softwareName = 'Datadog Agent' - silentArgs = "/qn /norestart /l*v `"$($env:TEMP)\$($packageName).$($env:chocolateyPackageVersion).MsiInstall.log`"" - validExitCodes= @(0, 3010, 1641) -} -Install-ChocolateyInstallPackage @packageArgs - -$installInfo = @" ---- -install_method: - tool: chocolatey - tool_version: chocolatey-$($env:CHOCOLATEY_VERSION) - installer_version: chocolatey_package-offline -"@ - -$appDataDir = (Get-ItemProperty -Path "HKLM:\SOFTWARE\Datadog\Datadog Agent").ConfigRoot -Out-File -FilePath $appDataDir\install_info -InputObject $installInfo diff --git a/chocolatey/datadog-agent/online/tools/VERIFICATION.txt b/chocolatey/datadog-agent/online/tools/VERIFICATION.txt deleted file mode 100644 index 5ef7f466e2cd6..0000000000000 --- a/chocolatey/datadog-agent/online/tools/VERIFICATION.txt +++ /dev/null @@ -1,5 +0,0 @@ -VERIFICATION -Verification is intended to assist the Chocolatey moderators and community in verifying that this package's contents are trustworthy. - -This package is published by Datadog itself. -The binaries are identical to other package types for the Datadog Agent. diff --git a/chocolatey/datadog-agent/offline/tools/VERIFICATION.txt b/chocolatey/datadog-agent/tools/VERIFICATION.txt similarity index 100% rename from chocolatey/datadog-agent/offline/tools/VERIFICATION.txt rename to chocolatey/datadog-agent/tools/VERIFICATION.txt diff --git a/chocolatey/datadog-agent/online/tools/chocolateyinstall.ps1 b/chocolatey/datadog-agent/tools/chocolateyinstall.ps1 similarity index 100% rename from chocolatey/datadog-agent/online/tools/chocolateyinstall.ps1 rename to chocolatey/datadog-agent/tools/chocolateyinstall.ps1 diff --git a/chocolatey/datadog-fips-agent/online/datadog-fips-agent-online.nuspec b/chocolatey/datadog-fips-agent/datadog-fips-agent.nuspec similarity index 100% rename from chocolatey/datadog-fips-agent/online/datadog-fips-agent-online.nuspec rename to chocolatey/datadog-fips-agent/datadog-fips-agent.nuspec diff --git a/chocolatey/datadog-fips-agent/online/tools/VERIFICATION.txt b/chocolatey/datadog-fips-agent/tools/VERIFICATION.txt similarity index 100% rename from chocolatey/datadog-fips-agent/online/tools/VERIFICATION.txt rename to chocolatey/datadog-fips-agent/tools/VERIFICATION.txt diff --git a/chocolatey/datadog-fips-agent/online/tools/chocolateyinstall.ps1 b/chocolatey/datadog-fips-agent/tools/chocolateyinstall.ps1 similarity index 100% rename from chocolatey/datadog-fips-agent/online/tools/chocolateyinstall.ps1 rename to chocolatey/datadog-fips-agent/tools/chocolateyinstall.ps1 diff --git a/cmd/system-probe/api/debug/handlers_linux.go b/cmd/system-probe/api/debug/handlers_linux.go index d2bd7dfbd5f48..07ba06c49354f 100644 --- a/cmd/system-probe/api/debug/handlers_linux.go +++ b/cmd/system-probe/api/debug/handlers_linux.go @@ -17,19 +17,18 @@ import ( "time" ) -// HandleSelinuxSestatus reports the output of sestatus as an http result -func HandleSelinuxSestatus(w http.ResponseWriter, r *http.Request) { - ctx, cancel := context.WithTimeout(r.Context(), 5*time.Second) - defer cancel() - - cmd := exec.CommandContext(ctx, "sestatus") +// handleCommand runs commandName with the provided arguments and writes it to the HTTP response. +// If the command exits with a failure or doesn't exist in the PATH, it will still 200 but report the failure. +// Any other kind of error will 500. +func handleCommand(ctx context.Context, w http.ResponseWriter, commandName string, args ...string) { + cmd := exec.CommandContext(ctx, commandName, args...) output, err := cmd.CombinedOutput() var execError *exec.Error var exitErr *exec.ExitError if err != nil { - // don't 500 for ExitErrors etc, to report "normal" failures to the selinux_sestatus.log file + // don't 500 for ExitErrors etc, to report "normal" failures to the flare log file if !errors.As(err, &execError) && !errors.As(err, &exitErr) { w.WriteHeader(500) } @@ -39,3 +38,19 @@ func HandleSelinuxSestatus(w http.ResponseWriter, r *http.Request) { w.Write(output) } + +// HandleSelinuxSestatus reports the output of sestatus as an http result +func HandleSelinuxSestatus(w http.ResponseWriter, r *http.Request) { + ctx, cancel := context.WithTimeout(r.Context(), 5*time.Second) + defer cancel() + + handleCommand(ctx, w, "sestatus") +} + +// HandleSelinuxSemoduleList reports the output of semodule -l as an http result +func HandleSelinuxSemoduleList(w http.ResponseWriter, r *http.Request) { + ctx, cancel := context.WithTimeout(r.Context(), 5*time.Second) + defer cancel() + + handleCommand(ctx, w, "semodule", "-l") +} diff --git a/cmd/system-probe/api/debug/handlers_nolinux.go b/cmd/system-probe/api/debug/handlers_nolinux.go index 1475d821c1e6e..246f4a3a7c78a 100644 --- a/cmd/system-probe/api/debug/handlers_nolinux.go +++ b/cmd/system-probe/api/debug/handlers_nolinux.go @@ -18,3 +18,9 @@ func HandleSelinuxSestatus(w http.ResponseWriter, _ *http.Request) { w.WriteHeader(500) io.WriteString(w, "HandleSelinuxSestatus is not supported on this platform") } + +// HandleSelinuxSemoduleList is not supported +func HandleSelinuxSemoduleList(w http.ResponseWriter, _ *http.Request) { + w.WriteHeader(500) + io.WriteString(w, "HandleSelinuxSemoduleList is not supported on this platform") +} diff --git a/cmd/system-probe/api/server.go b/cmd/system-probe/api/server.go index d81007a0c8f0d..f4d9e85522d91 100644 --- a/cmd/system-probe/api/server.go +++ b/cmd/system-probe/api/server.go @@ -60,6 +60,7 @@ func StartServer(cfg *sysconfigtypes.Config, telemetry telemetry.Component, wmet if runtime.GOOS == "linux" { mux.HandleFunc("/debug/ebpf_btf_loader_info", ebpf.HandleBTFLoaderInfo) mux.HandleFunc("/debug/selinux_sestatus", debug.HandleSelinuxSestatus) + mux.HandleFunc("/debug/selinux_semodule_list", debug.HandleSelinuxSemoduleList) } go func() { diff --git a/pkg/config/setup/system_probe.go b/pkg/config/setup/system_probe.go index bdc97ee3d902a..1ca54550cec5a 100644 --- a/pkg/config/setup/system_probe.go +++ b/pkg/config/setup/system_probe.go @@ -371,9 +371,9 @@ func InitSystemProbeConfig(cfg pkgconfigmodel.Config) { eventMonitorBindEnvAndSetDefault(cfg, join(evNS, "network.classifier_handle"), 0) eventMonitorBindEnvAndSetDefault(cfg, join(evNS, "network.raw_classifier_handle"), 0) eventMonitorBindEnvAndSetDefault(cfg, join(evNS, "event_stream.use_ring_buffer"), true) - eventMonitorBindEnvAndSetDefault(cfg, join(evNS, "event_stream.use_fentry"), false) - eventMonitorBindEnvAndSetDefault(cfg, join(evNS, "event_stream.use_fentry_amd64"), false) - eventMonitorBindEnvAndSetDefault(cfg, join(evNS, "event_stream.use_fentry_arm64"), false) + eventMonitorBindEnvAndSetDefault(cfg, join(evNS, "event_stream.use_fentry"), true) + eventMonitorBindEnv(cfg, join(evNS, "event_stream.use_fentry_amd64")) + eventMonitorBindEnv(cfg, join(evNS, "event_stream.use_fentry_arm64")) eventMonitorBindEnv(cfg, join(evNS, "event_stream.buffer_size")) eventMonitorBindEnvAndSetDefault(cfg, join(evNS, "envs_with_value"), []string{"LD_PRELOAD", "LD_LIBRARY_PATH", "PATH", "HISTSIZE", "HISTFILESIZE", "GLIBC_TUNABLES"}) eventMonitorBindEnvAndSetDefault(cfg, join(evNS, "runtime_compilation.enabled"), false) diff --git a/pkg/flare/archive_linux.go b/pkg/flare/archive_linux.go index dafe8bd41d1bc..9a3aea87a0ac0 100644 --- a/pkg/flare/archive_linux.go +++ b/pkg/flare/archive_linux.go @@ -39,6 +39,7 @@ func addSystemProbePlatformSpecificEntries(fb flaretypes.FlareBuilder) { _ = fb.AddFileFromFunc(filepath.Join("system-probe", "conntrack_host.log"), getSystemProbeConntrackHost) _ = fb.AddFileFromFunc(filepath.Join("system-probe", "ebpf_btf_loader.log"), getSystemProbeBTFLoaderInfo) _ = fb.AddFileFromFunc(filepath.Join("system-probe", "selinux_sestatus.log"), getSystemProbeSelinuxSestatus) + _ = fb.AddFileFromFunc(filepath.Join("system-probe", "selinux_semodule_list.log"), getSystemProbeSelinuxSemoduleList) } } @@ -155,3 +156,9 @@ func getSystemProbeSelinuxSestatus() ([]byte, error) { url := sysprobeclient.DebugURL("/selinux_sestatus") return getHTTPData(sysProbeClient, url) } + +func getSystemProbeSelinuxSemoduleList() ([]byte, error) { + sysProbeClient := sysprobeclient.Get(getSystemProbeSocketPath()) + url := sysprobeclient.DebugURL("/selinux_semodule_list") + return getHTTPData(sysProbeClient, url) +} diff --git a/pkg/fleet/internal/cdn/cdn.go b/pkg/fleet/internal/cdn/cdn.go index f35418cc0b7bc..dcb57bf0ee17d 100644 --- a/pkg/fleet/internal/cdn/cdn.go +++ b/pkg/fleet/internal/cdn/cdn.go @@ -165,28 +165,17 @@ func (c *CDN) Close() error { } // writePolicyMetadata writes the policy metadata to the given directory -// and makes it readable to dd-agent +// and makes it world-readable func writePolicyMetadata(config Config, dir string) error { - ddAgentUID, ddAgentGID, err := getAgentIDs() - if err != nil { - return fmt.Errorf("error getting dd-agent user and group IDs: %w", err) - } - state := config.State() stateBytes, err := json.Marshal(state) if err != nil { return fmt.Errorf("could not marshal state: %w", err) } - err = os.WriteFile(filepath.Join(dir, policyMetadataFilename), stateBytes, 0440) + err = os.WriteFile(filepath.Join(dir, policyMetadataFilename), stateBytes, 0444) if err != nil { return fmt.Errorf("could not write %s: %w", policyMetadataFilename, err) } - if runtime.GOOS != "windows" { - err = os.Chown(filepath.Join(dir, policyMetadataFilename), ddAgentUID, ddAgentGID) - if err != nil { - return fmt.Errorf("could not chown %s: %w", policyMetadataFilename, err) - } - } return nil } diff --git a/pkg/metrics/metricsource.go b/pkg/metrics/metricsource.go index f3afa888d60b4..5fcc0ff956952 100644 --- a/pkg/metrics/metricsource.go +++ b/pkg/metrics/metricsource.go @@ -308,6 +308,7 @@ const ( MetricSourceAnyscale MetricSourceMilvus MetricSourceNvidiaNim + MetricSourceQuarkus ) // String returns a string representation of MetricSource @@ -879,6 +880,8 @@ func (ms MetricSource) String() string { return "aws_neuron" case MetricSourceMilvus: return "milvus" + case MetricSourceQuarkus: + return "quarkus" default: return "" } @@ -1421,6 +1424,8 @@ func CheckNameToMetricSource(name string) MetricSource { return MetricSourceTibcoEMS case "milvus": return MetricSourceMilvus + case "quarkus": + return MetricSourceQuarkus default: return MetricSourceUnknown } diff --git a/pkg/serializer/internal/metrics/origin_mapping.go b/pkg/serializer/internal/metrics/origin_mapping.go index 45e433d7135b5..02c54e1913363 100644 --- a/pkg/serializer/internal/metrics/origin_mapping.go +++ b/pkg/serializer/internal/metrics/origin_mapping.go @@ -308,6 +308,7 @@ func metricSourceToOriginCategory(ms metrics.MetricSource) int32 { metrics.MetricSourceZk, metrics.MetricSourceAwsNeuron, metrics.MetricSourceNvidiaNim, + metrics.MetricSourceQuarkus, metrics.MetricSourceMilvus: return 11 // integrationMetrics default: @@ -902,6 +903,8 @@ func metricSourceToOriginService(ms metrics.MetricSource) int32 { return 425 case metrics.MetricSourceNvidiaNim: return 426 + case metrics.MetricSourceQuarkus: + return 427 default: return 0 } diff --git a/releasenotes/notes/Add-metrics-origins-for-Quarkus-integration.-e2ff9ac00b7ea6df.yaml b/releasenotes/notes/Add-metrics-origins-for-Quarkus-integration.-e2ff9ac00b7ea6df.yaml new file mode 100644 index 0000000000000..6a23ab8155f8c --- /dev/null +++ b/releasenotes/notes/Add-metrics-origins-for-Quarkus-integration.-e2ff9ac00b7ea6df.yaml @@ -0,0 +1,11 @@ +# Each section from every release note are combined when the +# CHANGELOG.rst is rendered. So the text needs to be worded so that +# it does not depend on any information only available in another +# section. This may mean repeating some details, but each section +# must be readable independently of the other. +# +# Each section note must be formatted as reStructuredText. +--- +other: + - | + Add metrics origins for Quarkus integration. diff --git a/releasenotes/notes/flare-semodule-list-883aecc886cd62ac.yaml b/releasenotes/notes/flare-semodule-list-883aecc886cd62ac.yaml new file mode 100644 index 0000000000000..2baa2dea73281 --- /dev/null +++ b/releasenotes/notes/flare-semodule-list-883aecc886cd62ac.yaml @@ -0,0 +1,11 @@ +# Each section from every release note are combined when the +# CHANGELOG.rst is rendered. So the text needs to be worded so that +# it does not depend on any information only available in another +# section. This may mean repeating some details, but each section +# must be readable independently of the other. +# +# Each section note must be formatted as reStructuredText. +--- +enhancements: + - | + Added the output of ``semodule -l`` to the Agent flare; this information appears in ``system-probe/selinux_semodule_list.log``. diff --git a/tasks/winbuildscripts/Generate-Chocolatey-Package.ps1 b/tasks/winbuildscripts/Generate-Chocolatey-Package.ps1 index 991317602152f..41bf71748cc2b 100644 --- a/tasks/winbuildscripts/Generate-Chocolatey-Package.ps1 +++ b/tasks/winbuildscripts/Generate-Chocolatey-Package.ps1 @@ -2,11 +2,8 @@ .SYNOPSIS Generates a Chocolatey package for the Datadog Agent. -.PARAMETER installMethod -Specifies the installation method. Valid values are "offline" and "online". This parameter is mandatory. - .PARAMETER msiDirectory -Specifies the directory containing the MSI file that will be used to calculate the checksum. This parameter is mandatory when the installMethod is "online". +Specifies the directory containing the MSI file that will be used to calculate the checksum. .PARAMETER Flavor Specifies the flavor of the Datadog Agent. The default value is "datadog-agent". @@ -18,23 +15,18 @@ Overrides the Agent version when building packages locally for testing. Indicates whether to install dependencies. The default value is $true. .EXAMPLE -.\Generate-Chocolatey-Package.ps1 -installMethod online -Flavor datadog-agent -VersionOverride "7.62.0" -msiDirectory C:\mnt\omnibus\pkg\ +.\Generate-Chocolatey-Package.ps1 -Flavor datadog-agent -VersionOverride "7.62.0" -msiDirectory C:\mnt\omnibus\pkg Generates a chocolatey package for 7.62.0, requires the MSI file to be present in MSIDirectory. .EXAMPLE -$env:CI_PIPELINE_ID="50910739"; .\Generate-Chocolatey-Package.ps1 -installMethod online -Flavor datadog-agent -VersionOverride "7.62.0-devel.git.276.e59b1b3.pipeline.50910739" -msiDirectory C:\mnt\omnibus\pkg +$env:CI_PIPELINE_ID="50910739"; .\Generate-Chocolatey-Package.ps1 -Flavor datadog-agent -VersionOverride "7.62.0-devel.git.276.e59b1b3.pipeline.50910739" -msiDirectory C:\mnt\omnibus\pkg Generates a chocolatey package for PR/devel build 7.62.0-devel.git.276.e59b1b3.pipeline.50910739, requires the MSI file to be present in MSIDirectory. The generated chocolatey package requires the MSI be uploaded to the dd-agent-mstesting bucket. #> Param( [Parameter(Mandatory=$true)] - [ValidateSet("offline", "online")] - [String] - $installMethod, - - [Parameter(Mandatory=$false)] [String] $msiDirectory, @@ -69,9 +61,9 @@ if (![string]::IsNullOrEmpty($VersionOverride)) { } $copyright = "Datadog {0}" -f (Get-Date).Year -$releasePattern = "(\d+\.\d+\.\d+)" -$releaseCandidatePattern = "(\d+\.\d+\.\d+)-rc\.(\d+)" -$develPattern = "(\d+\.\d+\.\d+)-devel\.git\.\d+\.(.+)" +$releasePattern = "^(\d+\.\d+\.\d+)$" +$releaseCandidatePattern = "^(\d+\.\d+\.\d+)-rc\.(\d+)$" +$develPattern = "^(\d+\.\d+\.\d+)-devel\.git\.\d+\.(.+)" # Build the package in a temporary directory # Some of the build steps modify the package source, so we don't want to do this in the source directory @@ -87,21 +79,16 @@ try { # For historical reasons, use a different artifact name for the datadog-agent flavor # See agent-release-management for more details $artifactName = "ddagent-cli" - $packageSource = "$repoRoot\chocolatey\datadog-agent\$installMethod" - $nuspecFile = "datadog-agent-$installMethod.nuspec" } elseif ($Flavor -eq "datadog-fips-agent") { - if ($installMethod -eq "offline") { - Write-Error "Offline install method not supported for flavor $Flavor" - exit 1 - } $artifactName = "datadog-fips-agent" - $packageSource = "$repoRoot\chocolatey\datadog-fips-agent\online" - $nuspecFile = "datadog-fips-agent-online.nuspec" } else { Write-Error "Unknown flavor $Flavor" exit 1 } + $packageSource = "$repoRoot\chocolatey\$Flavor" + $nuspecFile = "$Flavor.nuspec" + # These files/directories are referenced in the nuspec file $licensePath = "tools\LICENSE.txt" $installScript = "tools\chocolateyinstall.ps1" @@ -118,24 +105,22 @@ try { $releaseNotes = "https://github.com/DataDog/datadog-agent/releases/tag/{0}-rc.{1}" -f $agentVersionMatches.Matches.Groups[1], $agentVersionMatches.Matches.Groups[2] $url = "https://s3.amazonaws.com/dd-agent-mstesting/builds/beta/$artifactName-$($agentVersionMatches.Matches.Groups[1])-rc.$($agentVersionMatches.Matches.Groups[2]).msi" } elseif ($rawAgentVersion -match $develPattern) { - if ($installMethod -eq "online") { - # For devel builds/branches, use the dd-agent-mstesting bucket URL - # This allows us to build and test the package in PRs, and locally - # by using the `-VersionOverride` param. - if ([string]::IsNullOrEmpty($env:CI_PIPELINE_ID)) { - Write-Error "CI_PIPELINE_ID is not set, aborting" - exit 1 - } else { - if ($rawAgentVersion -notmatch $env:CI_PIPELINE_ID) { - Write-Error "CI_PIPELINE_ID is not found in the agent version, aborting" -ErrorAction Continue - if ([string]::IsNullOrEmpty($env:BUCKET_BRANCH)) { - # inv agent.version requires BUCKET_BRANCH to be set when including pipeline in version - Write-Error "BUCKET_BRANCH is not set, if you are running this locally, set `$env:BUCKET_BRANCH='dev' or pass the -VersionOverride parameter" -ErrorAction Continue - } - exit 1 + # For devel builds/branches, use the dd-agent-mstesting bucket URL + # This allows us to build and test the package in PRs, and locally + # by using the `-VersionOverride` param. + if ([string]::IsNullOrEmpty($env:CI_PIPELINE_ID)) { + Write-Error "CI_PIPELINE_ID is not set, aborting" + exit 1 + } else { + if ($rawAgentVersion -notmatch $env:CI_PIPELINE_ID) { + Write-Error "CI_PIPELINE_ID is not found in the agent version, aborting" -ErrorAction Continue + if ([string]::IsNullOrEmpty($env:BUCKET_BRANCH)) { + # inv agent.version requires BUCKET_BRANCH to be set when including pipeline in version + Write-Error "BUCKET_BRANCH is not set, if you are running this locally, set `$env:BUCKET_BRANCH='dev' or pass the -VersionOverride parameter" -ErrorAction Continue } - $url = "https://s3.amazonaws.com/dd-agent-mstesting/pipelines/A7/$env:CI_PIPELINE_ID/$flavor-$rawAgentVersion-1-x86_64.msi" + exit 1 } + $url = "https://s3.amazonaws.com/dd-agent-mstesting/pipelines/A7/$env:CI_PIPELINE_ID/$flavor-$rawAgentVersion-1-x86_64.msi" } $agentVersionMatches = $rawAgentVersion | Select-String -Pattern $develPattern $agentVersion = "{0}-devel-{1}" -f $agentVersionMatches.Matches.Groups[1], $agentVersionMatches.Matches.Groups[2].Value @@ -151,26 +136,24 @@ try { exit 1 } - Write-Host "Generating Chocolatey $installMethod package $flavor version $agentVersion in $(Get-Location)" + Write-Host "Generating Chocolatey package $flavor version $agentVersion in $(Get-Location)" # Template the install script with the URL and checksum - if ($installMethod -eq "online") { - try { - $tempMsi = Join-Path -Path "$msiDirectory" "$flavor-$rawAgentVersion-1-x86_64.msi" - if (!(Test-Path $tempMsi)) { - Write-Host "Error: Could not find MSI file in $tempMsi" - Get-ChildItem "$msiDirectory" - exit 1 - } - $checksum = (Get-FileHash $tempMsi -Algorithm SHA256).Hash - } - catch { - Write-Host "Error: Could not generate checksum for package $($tempMsi): $($_)" + try { + $msiPath = Join-Path -Path "$msiDirectory" "$flavor-$rawAgentVersion-1-x86_64.msi" + if (!(Test-Path $msiPath)) { + Write-Host "Error: Could not find MSI file in $msiPath" + Get-ChildItem "$msiDirectory" exit 1 } - # Set the $url in the install script - (Get-Content $installScript).replace('$__url_from_ci__', '"' + $url + '"').replace('$__checksum_from_ci__', '"' + $checksum + '"') | Set-Content $installScript + $checksum = (Get-FileHash $msiPath -Algorithm SHA256).Hash + } + catch { + Write-Host "Error: Could not generate checksum for package $($msiPath): $($_)" + exit 1 } + # Set the $url in the install script + (Get-Content $installScript).replace('$__url_from_ci__', '"' + $url + '"').replace('$__checksum_from_ci__', '"' + $checksum + '"') | Set-Content $installScript Write-Host "Generated nuspec file:" Write-Host (Get-Content $installScript | Out-String) diff --git a/tasks/winbuildscripts/Publish-Chocolatey-Package.ps1 b/tasks/winbuildscripts/Publish-Chocolatey-Package.ps1 deleted file mode 100644 index e8879285da1ee..0000000000000 --- a/tasks/winbuildscripts/Publish-Chocolatey-Package.ps1 +++ /dev/null @@ -1,12 +0,0 @@ -$ErrorActionPreference = 'Stop'; - -# Install chocolatey binary -$env:chocolateyUseWindowsCompression = 'true'; Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')) - -Set-Location c:\mnt -$nupkgs = Get-ChildItem .\nupkg\datadog-agent*.nupkg -foreach($nupkg in $nupkgs) { - Write-Host "Publishing Chocolatey package $($nupkg.Name) for agent version $agentVersion" - choco push $nupkg.FullName --verbose --key $env:CHOCOLATEY_API_KEY --source https://push.chocolatey.org/ - If ($lastExitCode -ne "0") { throw "Previous command returned $lastExitCode" } -} diff --git a/tasks/winbuildscripts/chocopush.bat b/tasks/winbuildscripts/chocopush.bat deleted file mode 100644 index d359e3c5c2dec..0000000000000 --- a/tasks/winbuildscripts/chocopush.bat +++ /dev/null @@ -1,11 +0,0 @@ -if not exist c:\mnt\ goto nomntdir - -@echo c:\mnt found, continuing - -Powershell -C "C:\mnt\tasks\winbuildscripts\Publish-Chocolatey-Package.ps1" || exit /b 1 -goto :EOF - -:nomntdir -@echo directory not mounted, parameters incorrect -exit /b 2 -goto :EOF \ No newline at end of file diff --git a/test/new-e2e/system-probe/test-runner/files/cws_fentry.json b/test/new-e2e/system-probe/test-runner/files/cws_fentry.json deleted file mode 100644 index 8330f6d6048af..0000000000000 --- a/test/new-e2e/system-probe/test-runner/files/cws_fentry.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "filters": { - "*": { - "exclude": false - } - }, - "additional_env_vars": [ - "DD_EVENT_MONITORING_CONFIG_EVENT_STREAM_USE_FENTRY=true" - ] -} diff --git a/test/new-e2e/tests/installer/unix/upgrade_scenario_test.go b/test/new-e2e/tests/installer/unix/upgrade_scenario_test.go index 6230ef741410c..5fdf6a24c60eb 100644 --- a/test/new-e2e/tests/installer/unix/upgrade_scenario_test.go +++ b/test/new-e2e/tests/installer/unix/upgrade_scenario_test.go @@ -410,8 +410,8 @@ func (s *upgradeScenarioSuite) TestConfigUpgradeSuccessful() { state.AssertDirExists("/etc/datadog-agent/managed/datadog-agent", 0755, "root", "root") state.AssertSymlinkExists("/etc/datadog-agent/managed/datadog-agent/stable", "/etc/datadog-agent/managed/datadog-agent/e94406c45ae766b7d34d2793e4759b9c4d15ed5d5e2b7f73ce1bf0e6836f728d", "root", "root") // Verify metadata - state.AssertFileExists("/etc/datadog-agent/managed/datadog-agent/e94406c45ae766b7d34d2793e4759b9c4d15ed5d5e2b7f73ce1bf0e6836f728d/policy.metadata", 0440, "dd-agent", "dd-agent") - file := s.Env().RemoteHost.MustExecute("sudo cat /etc/datadog-agent/managed/datadog-agent/e94406c45ae766b7d34d2793e4759b9c4d15ed5d5e2b7f73ce1bf0e6836f728d/policy.metadata") + state.AssertFileExists("/etc/datadog-agent/managed/datadog-agent/e94406c45ae766b7d34d2793e4759b9c4d15ed5d5e2b7f73ce1bf0e6836f728d/policy.metadata", 0444, "root", "root") + file := s.Env().RemoteHost.MustExecute("cat /etc/datadog-agent/managed/datadog-agent/e94406c45ae766b7d34d2793e4759b9c4d15ed5d5e2b7f73ce1bf0e6836f728d/policy.metadata") policiesState := &pbgo.PoliciesState{} err := json.Unmarshal([]byte(file), policiesState) require.NoError(s.T(), err)