Ansible Script 추가

ansible/01_old/roles/datadog.datadog/tasks/_agent-linux-macos-shared.yml

@@ -0,0 +1,91 @@
+---
+- name: Create Datadog agent config directory
+  file:
+    dest: "{{ _dd_config_dir }}"
+    state: directory
+    mode: 0755
+    owner: "{{ _dd_user }}"
+    group: "{{ _dd_group }}"
+  when: datadog_manage_config
+
+- name: Create main Datadog agent configuration file
+  template:
+    src: datadog.yaml.j2
+    dest: "{{ _dd_config_dir }}/datadog.yaml"
+    mode: 0640
+    owner: "{{ _dd_user }}"
+    group: "{{ _dd_group }}"
+  when: datadog_manage_config
+  notify: "{{ _dd_notify_agent }}"
+
+- name: Register all checks directories present in datadog
+  find:
+    paths: "{{ _dd_config_dir }}/conf.d/"
+    patterns:
+    - "*.d"
+    file_type: directory
+  register: datadog_conf_directories
+  when: datadog_manage_config and (datadog_disable_untracked_checks or datadog_disable_default_checks)
+
+- name: Delete checks not present in datadog_tracked_checks
+  file:
+    path: "{{ _dd_config_dir }}/conf.d/{{ item }}.d/conf.yaml"
+    state: absent
+  loop: "{{ datadog_conf_directories.files | map(attribute='path') | list | map('basename') | list | map('regex_replace', '^(.*).d$', '\\1') | list }}"
+  when: datadog_manage_config and datadog_disable_untracked_checks and item not in datadog_tracked_checks
+  notify: "{{ _dd_notify_agent }}"
+
+- name: Delete all default checks
+  file:
+    path: "{{ _dd_config_dir }}/conf.d/{{ item }}.d/conf.yaml.default"
+    state: absent
+  loop: "{{ datadog_conf_directories.files | map(attribute='path') | list | map('basename') | list | map('regex_replace', '^(.*).d$', '\\1') | list }}"
+  when: datadog_manage_config and datadog_disable_default_checks and item not in datadog_tracked_checks
+  notify: "{{ _dd_notify_agent }}"
+
+- name: Ensure configuration directories are present for each Datadog check
+  file:
+    dest: "{{ _dd_config_dir }}/conf.d/{{ item }}.d"
+    state: directory
+    owner: "{{ _dd_user }}"
+    group: "{{ _dd_group }}"
+    mode: 0755
+  with_items: '{{ datadog_checks|list }}'
+  when: datadog_manage_config
+
+- name: Create a configuration file for each Datadog check
+  template:
+    src: checks.yaml.j2
+    dest: "{{ _dd_config_dir }}/conf.d/{{ item }}.d/conf.yaml"
+    mode: 0640
+    owner: "{{ _dd_user }}"
+    group: "{{ _dd_group }}"
+  with_items: "{{ datadog_checks|list }}"
+  when: datadog_manage_config
+  notify: "{{ _dd_notify_agent }}"
+
+- name: Remove old configuration file for each Datadog check
+  file:
+    dest: "{{ _dd_config_dir }}/conf.d/{{ item }}.yaml"
+    state: absent
+  with_items: "{{ datadog_checks|list }}"
+  when: datadog_manage_config
+  notify: "{{ _dd_notify_agent }}"
+
+- name: Create custom check file for each custom check
+  copy:
+    src: "{{ datadog_custom_checks[item] }}"
+    dest: "{{ _dd_config_dir }}/checks.d/{{ item }}.py"
+    mode: 0755
+    owner: "{{ _dd_user }}"
+    group: "{{ _dd_group }}"
+  with_items: "{{ datadog_custom_checks|list }}"
+  notify: "{{ _dd_notify_agent }}"
+
+- name: Create installation information file
+  template:
+    src: install_info.j2
+    dest: "{{ _dd_config_dir }}/install_info"
+    owner: "{{ _dd_user }}"
+    group: "{{ _dd_group }}"
+    mode: 0644

ansible/01_old/roles/datadog.datadog/tasks/_apt-key-import.yml

@@ -0,0 +1,90 @@
+# We allow users to specify a file from which to import keys, so we expect
+# that to be a binary keyring; at the same time, we have ascii armored
+# individual keys at keys.datadoghq.com that we import. The below procedure
+# can be called for a URL pointing to a keyring or an ascii armored file
+# and extract and import a specific key from it (we specialcase the
+# DATADOG_APT_KEY_CURRENT value, which we always expect to be ascii
+# armored individual key).
+
+# NOTE: we use 'noqa risky-shell-pipe' throughout this file, because Debian's
+# default shell is /bin/sh which doesn't have a pipefail option and the
+# presence of a different shell isn't guaranteed.
+
+# NOTE: in order to display Ansible's `changed: [hostname]` properly throughout
+# tasks in this file, we added `changed_when: false` to a lot of them, even if
+# they actually run every time (e.g. importing the CURRENT key). The reason is
+# that they operate inside a temporary directory and they don't have a
+# permanent effect on the host (nothing will actually change on the host
+# whether these tasks run or not) except the last one - the actual import of
+# the key to `datadog_apt_usr_share_keyring`.
+
+- name: "Set local variables for processed key {{ item.key }}"
+  set_fact:
+    key_fingerprint: "{{ item.key }}"
+    keyring_url: "{{ item.value }}"
+
+- name: "Find out whether key {{ key_fingerprint }} is already imported"
+  shell: "gpg --no-default-keyring --keyring {{ datadog_apt_usr_share_keyring }} --list-keys --with-fingerprint --with-colons | grep {{ key_fingerprint }}"  # noqa risky-shell-pipe
+  register: key_exists_result
+  failed_when: false  # we expect the command to fail when the key is not found; we never want this task to fail
+  changed_when: key_exists_result.rc != 0
+  when: key_fingerprint != datadog_apt_key_current_name  # we always want to import the CURRENT key
+
+- name: "Set local helper variable for determining key import (when not {{ datadog_apt_key_current_name }})"
+  set_fact:
+    key_needs_import: "{{ 'false' if key_exists_result.rc == 0 else 'true' }}"
+  when: key_fingerprint != datadog_apt_key_current_name
+
+- name: "Set local helper variable for determining key import (when {{ datadog_apt_key_current_name }})"
+  set_fact:
+    key_needs_import: "true"
+  when: key_fingerprint == datadog_apt_key_current_name
+
+- name: "Create temporary directory for key manipulation"
+  tempfile:
+    state: directory
+    suffix: keys
+  register: tempdir
+  when: key_needs_import
+  changed_when: false
+
+- name: "Download {{ keyring_url }} to import key {{ key_fingerprint }}"
+  get_url:
+    url: "{{ keyring_url }}"
+    dest: "{{ tempdir.path }}/{{ key_fingerprint }}"
+    force: yes
+  when: key_needs_import
+  changed_when: false
+
+# gpg --dearmor called on a binary keyring does nothing
+- name: "Ensure downloaded file for {{ key_fingerprint }} is a binary keyring"
+  shell: "cat {{ tempdir.path }}/{{ key_fingerprint }} | gpg --dearmor > {{ tempdir.path }}/binary.gpg"  # noqa risky-shell-pipe
+  when: key_needs_import
+  changed_when: false
+
+- name: "Extract the required key from the binary keyring (when not {{ datadog_apt_key_current_name }})"
+  shell: "gpg --no-default-keyring --keyring {{ tempdir.path }}/binary.gpg --export {{ key_fingerprint }} > {{ tempdir.path }}/single.gpg"
+  when: key_fingerprint != datadog_apt_key_current_name and key_needs_import
+  changed_when: false
+
+- name: "Extract the required key from the binary keyring (when {{ datadog_apt_key_current_name }})"
+  copy:
+    src: "{{ tempdir.path }}/binary.gpg"
+    dest: "{{ tempdir.path }}/single.gpg"
+    mode: "0600"
+    remote_src: yes
+  when: key_fingerprint == datadog_apt_key_current_name and key_needs_import
+  changed_when: false
+
+- name: "Import key {{ key_fingerprint }} to {{ datadog_apt_usr_share_keyring }} keyring"
+  shell: "cat {{ tempdir.path }}/single.gpg | gpg --no-default-keyring --keyring {{ datadog_apt_usr_share_keyring }} --import --batch"  # noqa risky-shell-pipe
+  when: key_needs_import
+  register: key_import_result
+  changed_when: '"imported: 1" in key_import_result.stderr'
+
+- name: "Remove temporary directory for key manipulation"
+  file:
+    path: "{{ tempdir.path }}"
+    state: absent
+  when: key_needs_import
+  changed_when: false

ansible/01_old/roles/datadog.datadog/tasks/_remove_rpm_keys.yml

@@ -0,0 +1,5 @@
+- name: "Ensure GPG key {{ item }} is not present in the RPM db"
+  rpm_key:
+    state: absent
+    key: "{{ item }}"
+  when: not ansible_check_mode

ansible/01_old/roles/datadog.datadog/tasks/agent-linux.yml

@@ -0,0 +1,161 @@
+---
+- name: Populate service facts
+  service_facts:
+
+- name: Set before 6/7.40.0 flag
+  set_fact:
+    datadog_before_7400: "{{ datadog_major is defined and datadog_minor is defined
+      and datadog_major | int < 8 and datadog_minor | int < 40 }}"
+
+- name: Set before 6/7.24.1 flag
+  set_fact:
+    datadog_before_7241: "{{ datadog_major is defined and datadog_minor is defined and datadog_bugfix is defined
+      and datadog_major | int < 8
+      and (datadog_minor | int < 24 or (datadog_minor | int == 24 and datadog_bugfix | int < 1)) }}"
+
+- name: Set before 6/7.18.0 flag
+  set_fact:
+    datadog_before_7180: "{{ datadog_major is defined and datadog_minor is defined
+      and datadog_major | int < 8 and datadog_minor | int < 18 }}"
+
+- name: Add "{{ datadog_user }}" user to additional groups
+  user: name="{{ datadog_user }}" groups="{{ datadog_additional_groups }}" append=yes
+  when: datadog_additional_groups | default([], true) | length > 0
+  notify: restart datadog-agent
+
+- name: Include configuration setup tasks
+  include_tasks: "_agent-linux-macos-shared.yml"
+  vars:
+    _dd_config_dir: /etc/datadog-agent
+    _dd_user: "{{ datadog_user }}"
+    _dd_group: "{{ datadog_group }}"
+    _dd_notify_agent: "restart datadog-agent"
+
+- name: Create system-probe configuration file
+  template:
+    src: system-probe.yaml.j2
+    dest: /etc/datadog-agent/system-probe.yaml
+    mode: 0640
+    owner: "root"
+    group: "{{ datadog_group }}"
+  when: datadog_manage_config
+  notify:
+    "{% if datadog_before_7180 %}restart datadog-agent-sysprobe{% else %}restart datadog-agent{% endif %}"
+
+- name: Set system probe installed
+  set_fact:
+    datadog_sysprobe_installed: "{{ ansible_facts.services['datadog-agent-sysprobe'] is defined
+      or ansible_facts.services['datadog-agent-sysprobe.service'] is defined }}"
+  when: not datadog_skip_running_check
+
+# Before 6/7.24.1, system_probe_config controls the system-probe service
+# datadog_minor is only defined when a specific Agent version is given
+# (see tasks/parse-version.yml)
+- name: Set system probe enabled (before 6/7.24.1)
+  set_fact:
+    datadog_sysprobe_enabled: "{{ system_probe_config is defined
+      and 'enabled' in (system_probe_config | default({}, true))
+      and system_probe_config['enabled']
+      and datadog_sysprobe_installed }}"
+  when: not datadog_skip_running_check
+    and datadog_before_7241
+
+# Since 6/7.24.1, setting enabled: true in network_config is enough to start the system-probe service:
+# https://docs.datadoghq.com/network_monitoring/performance/setup/?tab=agent#setup
+- name: Set system probe enabled (since 6/7.24.1)
+  set_fact:
+    datadog_sysprobe_enabled: "{{
+      ((system_probe_config is defined
+      and 'enabled' in (system_probe_config | default({}, true))
+      and system_probe_config['enabled'])
+      or (network_config is defined
+      and 'enabled' in (network_config | default({}, true))
+      and network_config['enabled']))
+      and datadog_sysprobe_installed }}"
+  when: not datadog_skip_running_check
+    and (not datadog_before_7241)
+
+# Since 6/7.40.0, setting enabled: true in service_monitoring_config is enough to start the system-probe service:
+# https://docs.datadoghq.com/tracing/universal_service_monitoring/?tab=configurationfiles#enabling-universal-service-monitoring
+- name: Set system probe enabled (since 6/7.40.0)
+  set_fact:
+    datadog_sysprobe_enabled: "{{
+      ((system_probe_config is defined
+      and 'enabled' in (system_probe_config | default({}, true))
+      and system_probe_config['enabled'])
+      or (network_config is defined
+      and 'enabled' in (network_config | default({}, true))
+      and network_config['enabled'])
+      or (service_monitoring_config is defined
+      and 'enabled' in (service_monitoring_config | default({}, true))
+      and service_monitoring_config['enabled']))
+      and datadog_sysprobe_installed }}"
+  when: not datadog_skip_running_check
+    and (not datadog_before_7400)
+
+- name: Ensure datadog-agent is running
+  service:
+    name: datadog-agent
+    state: started
+    enabled: yes
+  when: not datadog_skip_running_check and datadog_enabled and not ansible_check_mode
+
+- name: Ensure datadog-agent-sysprobe is running if enabled and installed
+  service:
+    name: datadog-agent-sysprobe
+    state: started
+    enabled: yes
+  when: not datadog_skip_running_check and datadog_enabled and not ansible_check_mode and datadog_sysprobe_enabled
+
+- name: Ensure datadog-agent, datadog-agent-process and datadog-agent-trace are not running
+  service:
+    name: "{{ item }}"
+    state: stopped
+    enabled: no
+  when: not datadog_skip_running_check and not datadog_enabled
+  with_list:
+    - datadog-agent
+    - datadog-agent-process
+    - datadog-agent-trace
+
+# Stop system-probe manually on Agent versions < 6/7.18, as it was not tied
+# to the main Agent service: https://github.com/DataDog/datadog-agent/pull/4883
+- name: Ensure datadog-agent-sysprobe is stopped if disabled or not installed (before 6/7.18.0)
+  service:
+    name: datadog-agent-sysprobe
+    state: stopped
+    enabled: no
+  when: not datadog_skip_running_check
+    and (not datadog_enabled or not datadog_sysprobe_enabled)
+    and datadog_before_7180
+    and datadog_sysprobe_installed
+
+- name: Ensure datadog-agent-security is not running
+  service:
+    name: datadog-agent-security
+    state: stopped
+    enabled: no
+  when: not datadog_skip_running_check and not datadog_enabled
+  failed_when: false # Since older versions of the Agent don't include the security agent
+
+- name: Create security-agent configuration file
+  template:
+    src: security-agent.yaml.j2
+    dest: /etc/datadog-agent/security-agent.yaml
+    mode: 0640
+    owner: "root"
+    group: "{{ datadog_group }}"
+  when: datadog_manage_config and (runtime_security_config is defined and runtime_security_config | default({}, true) | length > 0)
+  notify:
+    "{% if datadog_before_7180 %}restart datadog-agent-sysprobe{% else %}restart datadog-agent{% endif %}"
+
+# Templates don't support the "state: absent" argument, so if the file was created in a previous run
+# and then runtime_security_config was completely removed, this is the only way to ensure
+# we remove the leftover config file.
+- name: Remove security-agent configuration file if security-agent is no longer configured
+  file:
+    path: /etc/datadog-agent/security-agent.yaml
+    state: absent
+  when: datadog_manage_config and (runtime_security_config is not defined or runtime_security_config | default({}, true) | length == 0)
+  notify:
+    "{% if datadog_before_7180 %}restart datadog-agent-sysprobe{% else %}restart datadog-agent{% endif %}"

ansible/01_old/roles/datadog.datadog/tasks/agent-macos.yml

@@ -0,0 +1,93 @@
+---
+# NOTE: the DMG gets installed as ansible_user, but we then configure it to run
+# under datadog_macos_user and remove the user-specific config for ansible_user
+- name: Load user data
+  shell:
+    cmd: "dscacheutil -q user -a name {{ datadog_macos_user }} | awk 'BEGIN { RS=\"\\n\"; ORS=\" \" } /uid:/ { print \"{ \\\"uid\\\": \" $2\",\" } /gid:/ { print \"\\\"gid\\\": \" $2 \" }\"}'"
+    executable: /bin/bash
+  changed_when: false
+  register: macos_user_output
+  check_mode: no
+
+# This task is used to more cleanly format the variable contents.The ABOVE task's shell command returns a JSON
+# object as a string but nested in `.stdout`. Ansible has built in behavior that if it receives JSON data as
+# a string it will automatically convert it to the corresponding object. This enables us to get multiple values
+# out of the ABOVE task preventing us from having to run 2 similar commands.
+- name: Extract JSON user data as variable object
+  set_fact:
+    macos_user_data: "{{ macos_user_output.stdout }}"
+
+- name: Load user group data
+  shell:
+    cmd: "dscacheutil -q group -a gid {{ macos_user_data.gid }} | grep '^name: ' | awk '{ print $2 }'"
+  register: macos_user_group
+  changed_when: false
+
+# If the ansible_user was logged in via GUI during installation, the postinstall package script
+# created launchctl service for the user and also a login item
+
+- name: Find out if user LaunchAgent is running
+  shell:
+    cmd: "launchctl print gui/$(id -u)/{{ datadog_macos_service_name }}"
+  register: user_service_created
+  changed_when: false
+  failed_when: false
+
+- name: Unload and stop user LaunchAgent
+  shell:
+    cmd: "launchctl bootout gui/$(id -u)/{{ datadog_macos_service_name }}"
+  when: user_service_created.rc == 0
+
+- name: Remove user login item
+  command: |-
+      osascript -e 'tell application "System Events" to if login item "Datadog Agent" exists then delete login item "Datadog Agent"'
+  when: user_service_created.rc == 0
+
+- name: Remove user LaunchAgent plist file
+  file:
+    path: "/Users/{{ ansible_user }}/{{ datadog_macos_user_plist_file_path }}"
+    state: absent
+
+# We could take the plist file from user LaunchAgent location and just add UID/GID,
+# but when the version is pinned and agent is already installed, that file had
+# already been removed and won't be recreated and so we won't be able to use it.
+#
+# The disadvantage of using a template obviously is that if we changed the plist
+# file in the .dmg, we would also have to update this. Fortunately this seems
+# to basically never happen, so I think it's an acceptable downside.
+- name: Add system LaunchDaemon plist file
+  template:
+    src: com.datadoghq.agent.plist.j2
+    dest: "{{ datadog_macos_system_plist_file_path }}"
+    owner: 0
+    group: 0
+    mode: 0644
+  become: true
+  notify: restart datadog-agent-macos
+  vars:
+    # NOTE: https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html
+    # docs say both UID/GID and UserName/GroupName work, but only UserName/GroupName actually work.
+    username: "{{ datadog_macos_user }}"
+    groupname: "{{ macos_user_group.stdout }}"
+
+- name: Include configuration setup tasks
+  import_tasks: "_agent-linux-macos-shared.yml"
+  vars:
+    _dd_config_dir: "{{ datadog_macos_etc_dir }}"
+    _dd_user: "{{ macos_user_data.uid }}"
+    _dd_group: "{{ macos_user_data.gid }}"
+    _dd_notify_agent: "restart datadog-agent-macos"
+  become: true
+
+- name: Set permissions for DataDog Directories
+  file:
+    path: "{{ item }}"
+    owner: "{{ macos_user_data.uid }}"
+    group: "{{ macos_user_data.gid }}"
+    recurse: yes
+  with_items:
+    - "{{ datadog_macos_etc_dir }}"
+    - "{{ datadog_macos_logs_dir }}"
+    - "{{ datadog_macos_run_dir }}"
+  notify: restart datadog-agent-macos
+  become: true

ansible/01_old/roles/datadog.datadog/tasks/agent-win.yml

@@ -0,0 +1,103 @@
+---
+- name: Create main Datadog agent configuration file
+  win_template:
+    #FIXME: should have permissions set to only be readable by ddagentuser
+    src: datadog.yaml.j2
+    dest: "{{ datadog_windows_config_root }}\\datadog.yaml"
+  when: datadog_manage_config
+  notify: restart datadog-agent-win
+
+- name: Register all checks directories present in datadog
+  win_find:
+    paths: "{{ ansible_facts.env['ProgramData'] }}\\Datadog\\conf.d"
+    patterns:
+    - "*.d"
+    file_type: directory
+  register: datadog_conf_directories
+  when: datadog_manage_config and (datadog_disable_untracked_checks or datadog_disable_default_checks)
+
+- name: Delete checks not present in datadog_tracked_checks
+  win_file:
+    path: "{{ ansible_facts.env['ProgramData'] }}\\Datadog\\conf.d\\{{ item }}.d\\conf.yaml"
+    state: absent
+  loop: "{{ datadog_conf_directories.files | map(attribute='path') | list | map('win_basename') | list | map('regex_replace', '^(.*).d$', '\\1') | list }}"
+  when: datadog_manage_config and datadog_disable_untracked_checks and item not in datadog_tracked_checks
+  notify: restart datadog-agent-win
+
+- name: Delete default checks
+  win_file:
+    path: "{{ ansible_facts.env['ProgramData'] }}\\Datadog\\conf.d\\{{ item }}.d\\conf.yaml.default"
+    state: absent
+  loop: "{{ datadog_conf_directories.files | map(attribute='path') | list | map('win_basename') | list | map('regex_replace', '^(.*).d$', '\\1') | list }}"
+  when: datadog_manage_config and datadog_disable_default_checks and item not in datadog_tracked_checks
+  notify: restart datadog-agent-win
+
+- name: Ensure configuration directories are present for each Datadog check
+  win_file:
+    path: "{{ datadog_windows_config_root }}\\conf.d\\{{ item }}.d"
+    state: directory
+  with_items: '{{ datadog_checks|list }}'
+  when: datadog_manage_config
+
+- name: Create a configuration file for each Datadog check
+  win_template:
+    src: checks.yaml.j2
+    dest: "{{ datadog_windows_config_root }}\\conf.d\\{{ item }}.d\\conf.yaml"
+  with_items: "{{ datadog_checks|list }}"
+  when: datadog_manage_config
+  notify: restart datadog-agent-win
+
+- name: Remove old configuration file for each Datadog check
+  win_file:
+    path: "{{ datadog_windows_config_root }}\\conf.d\\{{ item }}.yaml"
+    state: absent
+  with_items: "{{ datadog_checks|list }}"
+  when: datadog_manage_config
+  notify: restart datadog-agent-win
+
+- name: Create custom check file for each custom check
+  win_copy:
+    src: "{{ datadog_custom_checks[item] }}"
+    dest: "{{ datadog_windows_config_root }}\\checks.d\\{{ item }}.py"
+  with_items: "{{ datadog_custom_checks|list }}"
+  notify: restart datadog-agent-win
+
+- name: Ensure datadog-trace-agent and datadog-process-agent are not disabled
+  win_service:
+    name: "{{ item }}"
+    start_mode: manual
+  when: not datadog_skip_running_check and datadog_enabled and not ansible_check_mode
+  with_list:
+    - datadog-trace-agent
+    - datadog-process-agent
+
+- name: Create system-probe configuration file
+  win_template:
+    src: system-probe.yaml.j2
+    dest: "{{ datadog_windows_config_root }}\\system-probe.yaml"
+  when: datadog_manage_config
+  notify: restart datadog-agent-win
+
+- name: Ensure datadog-agent is running
+  win_service:
+    name: datadogagent
+    state: started
+    start_mode: delayed
+  when: not datadog_skip_running_check and datadog_enabled and not ansible_check_mode
+
+- name: Ensure datadog-agent is disabled
+  win_service:
+    name: "{{ item }}"
+    state: stopped
+    start_mode: disabled
+  when: not datadog_skip_running_check and not datadog_enabled
+  with_list:
+    - datadog-trace-agent
+    - datadog-process-agent
+    - datadogagent    
+
+- name: Create installation information file
+  template:
+    src: install_info.j2
+    dest: "{{ datadog_windows_config_root }}\\install_info"
+    mode: 0644

ansible/01_old/roles/datadog.datadog/tasks/agent5-linux.yml

@@ -0,0 +1,77 @@
+---
+- name: (agent5) Create Datadog agent config directory
+  file:
+    dest: /etc/dd-agent
+    state: directory
+    mode: 0755
+  when: datadog_manage_config
+
+- name: (agent5) Create main Datadog agent configuration file
+  template:
+    src: datadog.conf.j2
+    dest: /etc/dd-agent/datadog.conf
+    owner: "{{ datadog_user }}"
+    group: "{{ datadog_group }}"
+    mode: 0644 #FIXME: should have permissions set to only be readable by owner
+  when: datadog_manage_config
+  notify: restart datadog-agent
+
+- name: (agent5) Ensure datadog-agent is running
+  service:
+    name: datadog-agent
+    state: started
+    enabled: yes
+  when: not datadog_skip_running_check and datadog_enabled and not ansible_check_mode
+
+- name: (agent5) Ensure datadog-agent is not running
+  service:
+    name: datadog-agent
+    state: stopped
+    enabled: no
+  when: not datadog_skip_running_check and not datadog_enabled
+
+- name: Register all checks files present in datadog
+  find:
+    paths: /etc/dd-agent/conf.d/
+    patterns:
+    - "*.yaml"
+    file_type: file
+  register: datadog_conf_files
+  when: datadog_manage_config and datadog_disable_untracked_checks
+
+- name: Register all checks files present in datadog
+  find:
+    paths: /etc/dd-agent/conf.d/
+    patterns:
+    - "*.yaml.default"
+    file_type: file
+  register: datadog_conf_files_default
+  when: datadog_manage_config and datadog_disable_default_checks
+
+- name: Delete checks not present in datadog_tracked_checks
+  file:
+    path: "/etc/dd-agent/conf.d/{{ item }}.yaml"
+    state: absent
+  loop: "{{ datadog_conf_files.files | map(attribute='path') | list | map('basename') | list | map('regex_replace', '^(.*).yaml$', '\\1') | list }}"
+  when: datadog_manage_config and datadog_disable_untracked_checks and item not in datadog_tracked_checks
+  notify: restart datadog-agent
+
+- name: Delete default checks
+  file:
+    path: "/etc/dd-agent/conf.d/{{ item }}.yaml.default"
+    state: absent
+  loop: "{{ datadog_conf_files_default.files | map(attribute='path') | list
+             | map('basename') | list | map('regex_replace', '^(.*).yaml.default$', '\\1') | list }}"
+  when: datadog_manage_config and datadog_disable_default_checks and item not in datadog_tracked_checks
+  notify: restart datadog-agent
+
+- name: (agent5) Create a configuration file for each Datadog check
+  template:
+    src: checks.yaml.j2
+    dest: "/etc/dd-agent/conf.d/{{ item }}.yaml"
+    owner: "{{ datadog_user }}"
+    group: "{{ datadog_group }}"
+    mode: 0644 #FIXME: should have permissions set to only be readable by owner
+  with_items: "{{ datadog_checks|list }}"
+  when: datadog_manage_config
+  notify: restart datadog-agent

ansible/01_old/roles/datadog.datadog/tasks/check-removed-config.yml

@@ -0,0 +1,9 @@
+- name: Ensure datadog_yum_gpgkey is not used
+  fail:
+    msg: datadog_yum_gpgkey configuration value was removed.
+  when: datadog_yum_gpgkey is defined and datadog_yum_gpgkey|length > 0
+
+- name: Ensure datadog_zypper_gpgkey is not used
+  fail:
+    msg: datadog_zypper_gpgkey configuration value was removed.
+  when: datadog_zypper_gpgkey is defined and datadog_zypper_gpgkey|length > 0

ansible/01_old/roles/datadog.datadog/tasks/facts-ansible10.yml

@@ -0,0 +1,3 @@
+---
+- name: Gather Ansible Facts
+  ansible.builtin.setup: # If the full prefix isn't specified in Ansible 2.10+, we might end up running `ansible.windows.setup` instead.

ansible/01_old/roles/datadog.datadog/tasks/facts-ansible9.yml

@@ -0,0 +1,3 @@
+---
+- name: Gather Ansible Facts
+  setup:

ansible/01_old/roles/datadog.datadog/tasks/integration.yml

@@ -0,0 +1,86 @@
+---
+- name: set agent binary path (windows)
+  set_fact:
+    datadog_agent_binary_path: "{{ datadog_agent_binary_path_windows }}"
+  when: ansible_facts.os_family == "Windows"
+
+- name: set agent binary path (unix)
+  set_fact:
+    datadog_agent_binary_path: "{{ datadog_agent_binary_path_linux }}"
+  when: ansible_facts.os_family != "Windows" and ansible_facts.os_family != "Darwin"
+
+- name: set agent binary path (macOS)
+  set_fact:
+    datadog_agent_binary_path: "{{ datadog_agent_binary_path_macos }}"
+  when: ansible_facts.os_family == "Darwin"
+
+- name: set agent user for integration commmand (windows)
+  set_fact:
+    integration_command_user: "{{ integration_command_user_windows }}"
+  when: ansible_facts.os_family == "Windows"
+
+- name: set agent user for integration commmand (unix)
+  set_fact:
+    integration_command_user: "{{ integration_command_user_linux }}"
+  when: ansible_facts.os_family != "Windows" and ansible_facts.os_family != "Darwin"
+
+- name: set agent user for integration commmand (macOS)
+  set_fact:
+    integration_command_user: "{{ integration_command_user_macos }}"
+  when: ansible_facts.os_family == "Darwin"
+
+- name: Validate integrations actions
+  fail:
+    msg: "Unkown action '{{ item.value.action }}' for integration command ({{ item.key }}). Valid actions are 'install' and 'remove'"
+  when: item.value.action != "install" and item.value.action != "remove"
+  loop: "{{ datadog_integration|dict2items }}"
+
+# Remove Integrations
+
+- name: Removing integrations (Unix, macOS)
+  command:
+    argv:
+      - "{{ datadog_agent_binary_path }}"
+      - integration
+      - remove
+      - "{{ item.key }}"
+  become: yes
+  become_user: "{{ integration_command_user }}"
+  loop: "{{ datadog_integration|dict2items }}"
+  when: item.value.action == "remove" and ansible_facts.os_family != "Windows"
+
+- name: Removing integrations (Windows)
+  win_command: "\"{{ datadog_agent_binary_path }}\" integration remove {{ item.key }}"
+  become: yes
+  become_user: "{{ integration_command_user }}"
+  loop: "{{ datadog_integration|dict2items }}"
+  when: item.value.action == "remove" and ansible_facts.os_family == "Windows"
+
+# Install integrations
+
+- name: Install pinned version of integrations (Unix)
+  command: "{{ datadog_agent_binary_path }} integration install {{ third_party }} {{ item.key }}=={{ item.value.version }}"
+  become: yes
+  become_user: "{{ integration_command_user }}"
+  vars:
+    third_party: "{% if 'third_party' in item.value and item.value.third_party | bool %}--third-party{% endif %}"
+  loop: "{{ datadog_integration|dict2items }}"
+  when: item.value.action == "install" and ansible_facts.os_family != "Windows" and ansible_facts.os_family != "Darwin"
+
+- name: Install pinned version of integrations (Windows)
+  win_command: "\"{{ datadog_agent_binary_path }}\" integration install {{ third_party }} {{ item.key }}=={{ item.value.version }}"
+  become: yes
+  vars:
+    third_party: "{% if 'third_party' in item.value and item.value.third_party | bool %}--third-party{% endif %}"
+  become_user: "{{ integration_command_user }}"
+  loop: "{{ datadog_integration|dict2items }}"
+  when: item.value.action == "install" and ansible_facts.os_family == "Windows"
+
+- name: Install pinned version of integrations (macOS)
+  command: "{{ datadog_agent_binary_path }} integration install {{ third_party }} {{ item.key }}=={{ item.value.version }}"
+  become: yes
+  become_user: "{{ integration_command_user }}"
+  vars:
+    third_party: "{% if 'third_party' in item.value and item.value.third_party | bool %}--third-party{% endif %}"
+  loop: "{{ datadog_integration|dict2items }}"
+  when: item.value.action == "install" and ansible_facts.os_family == "Darwin"

ansible/01_old/roles/datadog.datadog/tasks/main.yml

@@ -0,0 +1,71 @@
+---
+- name: Include Gather Ansible Facts task on Ansible >= 2.10
+  include_tasks: facts-ansible10.yml
+  when: ansible_version.major >= 2 and ansible_version.minor >= 10
+
+- name: Include Gather Ansible Facts task on Ansible < 2.10
+  include_tasks: facts-ansible9.yml
+  when: ansible_version.major == 2 and ansible_version.minor < 10
+
+- name: Check if OS is supported
+  include_tasks: os-check.yml
+
+- name: Resolve datadog_tracked_checks later to defend against variable presidence issues arising from dynamically included null datadog_checks 
+  include_tasks: sanitize-checks.yml
+
+# Also sets datadog_skip_install
+- name: Set Facts for Datadog Agent Major Version
+  include_tasks: set-parse-version.yml
+
+- name: Debian Install Tasks
+  include_tasks: pkg-debian.yml
+  when: ansible_facts.os_family == "Debian" and not datadog_skip_install
+
+- name: Include tasks to remove old GPG keys
+  include_tasks: "_remove_rpm_keys.yml"
+  when: ansible_facts.os_family in ["RedHat", "Rocky", "AlmaLinux", "Suse"]
+  loop: "{{ datadog_rpm_remove_keys }}"
+
+- name: Include tasks to check removed configuration value usage
+  include_tasks: check-removed-config.yml
+
+# Only Ansible >= 3.0 knows that AlmaLinux belongs to "RedHat" family
+# (and latest bugfix releases of some 2.X)
+# For Rocky it is some 4.X and >= 5.0
+- name: RedHat Install Tasks
+  include_tasks: pkg-redhat.yml
+  when: ansible_facts.os_family in ["RedHat", "Rocky", "AlmaLinux"] and not datadog_skip_install
+
+- name: Suse Install Tasks
+  include_tasks: pkg-suse.yml
+  when: ansible_facts.os_family == "Suse" and not datadog_skip_install
+
+# Note we don't check datadog_skip_install variable value for windows here,
+# because some tasks in pkg-windows.yml are carried out regardless of its value.
+- name: Windows Install Tasks
+  include_tasks: pkg-windows.yml
+  when: ansible_facts.os_family == "Windows"
+
+- name: macOS Install Tasks
+  include_tasks: pkg-macos.yml
+  when: ansible_facts.os_family == "Darwin" and not datadog_skip_install
+
+- name: Linux Configuration Tasks (Agent 5)
+  include_tasks: agent5-linux.yml
+  when: datadog_agent_major_version | int == 5 and ansible_facts.os_family != "Windows"  and ansible_facts.os_family != "Darwin"
+
+- name: Linux Configuration Tasks
+  include_tasks: agent-linux.yml
+  when: datadog_agent_major_version | int > 5 and ansible_facts.os_family != "Windows" and ansible_facts.os_family != "Darwin"
+
+- name: Windows Configuration Tasks
+  include_tasks: agent-win.yml
+  when: datadog_agent_major_version | int > 5 and ansible_facts.os_family == "Windows"
+
+- name: macOS Configuration Tasks
+  include_tasks: agent-macos.yml
+  when: ansible_facts.os_family == "Darwin"
+
+- name: Integrations Tasks
+  include_tasks: integration.yml
+  when: datadog_integration is defined

ansible/01_old/roles/datadog.datadog/tasks/os-check.yml

@@ -0,0 +1,5 @@
+---
+- name: Fail if OS is not supported
+  fail:
+    msg: "The Datadog Ansible role does not support your OS yet. Please email support@datadoghq.com to open a feature request."
+  when: ansible_facts.os_family not in ["RedHat", "Rocky", "AlmaLinux", "Debian", "Suse", "Windows", "Darwin"]

ansible/01_old/roles/datadog.datadog/tasks/parse-version-macos.yml

@@ -0,0 +1,7 @@
+- name: Get macOS Agent version
+  shell: "set -o pipefail && {{ datadog_agent_binary_path_macos }} version | grep 'Agent ' | awk '{print $2}'"
+  register: datadog_version_check_macos
+  changed_when: false
+  failed_when: false
+  check_mode: no
+  when: ansible_facts.os_family == "Darwin"

ansible/01_old/roles/datadog.datadog/tasks/parse-version-windows.yml

@@ -0,0 +1,18 @@
+# NOTE: This won't work with rc / beta builds.
+- name: Get Windows Agent version
+  win_shell: |
+    $product_name = "Datadog Agent"
+    $query = "Select Name,IdentifyingNumber,InstallDate,InstallLocation,ProductID,Version FROM Win32_Product where Name like '$product_name%'"
+    $installs = Get-WmiObject -query $query
+
+    if (!$installs -or ($installs.Count -eq 0) -or ($installs.Count -gt 1)) {
+      Write-Host ""
+    } else {
+      $ddmaj, $ddmin, $ddpatch, $ddbuild = $installs.Version.split(".")
+      Write-Host "$($ddmaj).$($ddmin).$($ddpatch)"
+    }
+  register: datadog_version_check_win
+  changed_when: false
+  failed_when: false
+  check_mode: no
+  when: ansible_facts.os_family == "Windows"

ansible/01_old/roles/datadog.datadog/tasks/parse-version.yml

@@ -0,0 +1,104 @@
+---
+- name: Parse Agent version
+  set_fact:
+    agent_version: "{{ datadog_agent_version | regex_search(regexp, '\\g<epoch>', '\\g<major>', '\\g<minor>', '\\g<bugfix>', '\\g<suffix>', '\\g<release>') }}"
+  vars:
+    regexp: '(?:(?P<epoch>[0-9]+):)?(?P<major>[0-9]+)\.(?P<minor>[0-9]+)\.(?P<bugfix>[0-9]+)(?P<suffix>(?:~|-)[^0-9\s-]+[^-\s]*)?(?:-(?P<release>[0-9]+))?'
+
+- name: Set version vars
+  set_fact:
+    datadog_epoch: "{{ agent_version.0 | default('', true) | string }}"
+    datadog_major: "{{ agent_version.1 | default('', true) | string }}"
+    datadog_minor: "{{ agent_version.2 | default('', true) | string }}"
+    datadog_bugfix: "{{ agent_version.3 | default('', true) | string }}"
+    datadog_suffix: "{{ agent_version.4 | default('', true) | string }}"
+    datadog_release: "{{ agent_version.5 | default('', true) | string }}"
+
+- name: Fill empty version epoch with default
+  set_fact:
+    datadog_epoch: "1"
+  when: datadog_epoch | length == 0
+
+- name: Fill empty version release with default
+  set_fact:
+    datadog_release: "1"
+  when: datadog_release | length == 0
+
+- name: Stop play if datadog_agent_version and datadog_agent_major_version are not compatible
+  fail:
+    msg: "The provided major version {{ datadog_agent_major_version }} is not compatible with the
+      version {{ datadog_major }} deduced from datadog_agent_version ({{ datadog_agent_version }}).
+      Aborting play."
+  when: datadog_agent_major_version | length > 0 and datadog_major != datadog_agent_major_version
+
+- name: Set datadog_agent_major_version to deduced value from datadog_agent_version
+  set_fact:
+    datadog_agent_major_version: "{{ datadog_major }}"
+
+- name: Set helper variables
+  set_fact:
+    datadog_agent_linux_version: "{{ datadog_epoch }}:{{ datadog_major }}.{{ datadog_minor }}.{{ datadog_bugfix }}{{ datadog_suffix }}-{{ datadog_release }}"
+    datadog_rpm_version_finding_cmd: "rpm -q --qf '%{EPOCH}:%{VERSION}-%{RELEASE}' {{ datadog_agent_flavor }}"
+
+- name: Set OS-specific versions
+  # NOTE: if changing these, make sure the format correspond with values in datadog_version_finding_cmds below
+  set_fact:
+    datadog_agent_debian_version: "{{ datadog_agent_linux_version }}"
+    datadog_agent_redhat_version: "{{ datadog_agent_linux_version }}"
+    datadog_agent_suse_version: "{{ datadog_agent_linux_version }}"
+    datadog_agent_windows_version: "{{ datadog_major }}.{{ datadog_minor }}.{{ datadog_bugfix }}{{ datadog_suffix }}"
+    datadog_agent_macos_version: "{{ datadog_major }}.{{ datadog_minor }}.{{ datadog_bugfix }}{{ datadog_suffix }}"
+
+- name: Construct commands to find Agent version
+  set_fact:
+    datadog_version_finding_cmds:
+      Debian: "dpkg -s {{ datadog_agent_flavor }} | grep '^Version:' | awk '{print $2}'"
+      RedHat: "{{ datadog_rpm_version_finding_cmd }}"
+      Rocky: "{{ datadog_rpm_version_finding_cmd }}"
+      AlmaLinux: "{{ datadog_rpm_version_finding_cmd }}"
+      Suse: "{{ datadog_rpm_version_finding_cmd }}"
+
+- name: Create OS-specific version dict
+  set_fact:
+    datadog_agent_os2version:
+      Debian: "{{ datadog_agent_debian_version }}"
+      RedHat: "{{ datadog_agent_redhat_version }}"
+      Rocky: "{{ datadog_agent_redhat_version }}"
+      AlmaLinux: "{{ datadog_agent_redhat_version }}"
+      Suse: "{{ datadog_agent_suse_version }}"
+      Windows: "{{ datadog_agent_windows_version }}"
+      Darwin: "{{ datadog_agent_macos_version }}"
+
+- name: Get Linux Agent version
+  shell: "{{ datadog_version_finding_cmds[ansible_facts.os_family] }}"  # noqa 305 - Ansible lint thinks we could use command, but we need shell because some of the cmds have pipes
+  register: datadog_version_check_linux
+  changed_when: false
+  failed_when: false
+  check_mode: no
+  when: ansible_facts.system is defined and ansible_facts.system == "Linux"
+
+# The task is win_shell, so if users don't have the "ansible.windows" collection installed,
+# parsing the task would fail even if the host is not Windows. By hiding the task inside
+# a conditionally included file, we can prevent this.
+- name: Include Windows Agent version tasks
+  include_tasks: parse-version-windows.yml
+  when: ansible_facts.os_family == "Windows"
+
+- name: Include macOS Agent version tasks
+  include_tasks: parse-version-macos.yml
+  when: ansible_facts.os_family == "Darwin"
+
+- name: Set skip install flag if version already installed (Linux)
+  set_fact:
+    datadog_skip_install: "{{ datadog_version_check_linux.stdout | trim == datadog_agent_os2version[ansible_facts.os_family] }}"
+  when: ansible_facts.system is defined and ansible_facts.system == "Linux"
+
+- name: Set skip install flag if version already installed (Windows)
+  set_fact:
+    datadog_skip_install: "{{ datadog_version_check_win.stdout | trim == datadog_agent_os2version[ansible_facts.os_family] }}"
+  when: ansible_facts.os_family == "Windows"
+
+- name: Set skip install flag if version already installed (macOS)
+  set_fact:
+    datadog_skip_install: "{{ datadog_version_check_macos.stdout | trim == datadog_agent_os2version[ansible_facts.os_family] }}"
+  when: ansible_facts.os_family == "Darwin"

ansible/01_old/roles/datadog.datadog/tasks/pkg-debian.yml

@@ -0,0 +1,127 @@
+---
+- name: Install apt-transport-https
+  apt:
+    update_cache: yes
+    name: apt-transport-https
+    state: present
+  when: not ansible_check_mode
+
+- name: Install gnupg
+  apt:
+    update_cache: yes
+    name: gnupg
+    state: present
+  when: not ansible_check_mode
+
+- name: "Check if {{ datadog_apt_usr_share_keyring }} exists with correct mode"
+  stat:
+    path: "{{ datadog_apt_usr_share_keyring }}"
+  register: apt_keyring_file
+
+- name: "Ensure {{ datadog_apt_usr_share_keyring }} exists"
+  file:
+    path: "{{ datadog_apt_usr_share_keyring }}"
+    owner: root
+    group: root
+    mode: "0644"
+    state: touch
+  when: not ansible_check_mode and (not apt_keyring_file.stat.exists or not apt_keyring_file.stat.mode == "0644")
+
+- name: Install apt keys from default URLs
+  include_tasks: _apt-key-import.yml
+  with_items:
+    "{{ datadog_apt_default_keys }}"
+  when: datadog_apt_key_url_new is not defined and not ansible_check_mode
+
+- name: Install apt keys from custom URL
+  include_tasks: _apt-key-import.yml
+  with_items:
+    - key: A2923DFF56EDA6E76E55E492D3A80E30382E94DE
+      value: "{{ datadog_apt_key_url_new }}"
+    - key: D75CEA17048B9ACBF186794B32637D44F14F620E
+      value: "{{ datadog_apt_key_url_new }}"
+  when: datadog_apt_key_url_new is defined and not ansible_check_mode
+
+- name: "Ensure {{ datadog_apt_trusted_d_keyring }} exists with same contents as {{ datadog_apt_usr_share_keyring }} for older distro versions"
+  copy:
+    src: "{{ datadog_apt_usr_share_keyring }}"
+    dest: "{{ datadog_apt_trusted_d_keyring }}"
+    mode: "0644"
+    remote_src: yes
+  when: ((ansible_distribution == 'Debian' and ansible_distribution_major_version|int < 9) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version|int < 16)) and not ansible_check_mode
+
+- name: Ensure Datadog non-https repositories and repositories not using signed-by option are deprecated
+  apt_repository:
+    repo: "{{ item }}"
+    state: "absent"
+    update_cache: yes
+  with_items:
+    - "deb http://apt.datadoghq.com/ stable main"
+    - "deb http://apt.datadoghq.com/ stable 6"
+    - "deb http://apt.datadoghq.com/ stable 7"
+    - "deb https://apt.datadoghq.com/ stable main"
+    - "deb https://apt.datadoghq.com/ stable 6"
+    - "deb https://apt.datadoghq.com/ stable 7"
+  when: not ansible_check_mode
+
+- name: Ensure Datadog repository is up-to-date
+  apt_repository:
+    filename: "ansible_datadog_{{ item.key }}"
+    repo: "{{ item.value }}"
+    state: "{% if item.key == datadog_agent_major_version|int and datadog_apt_repo | length == 0 %}present{% else %}absent{% endif %}"
+    update_cache: yes
+  when: (not ansible_check_mode)
+  with_dict:
+    5: '{{ datadog_agent5_apt_repo }}'
+    6: '{{ datadog_agent6_apt_repo }}'
+    7: '{{ datadog_agent7_apt_repo }}'
+
+- name: Initialize custom repo file deletion flag to False
+  set_fact:
+    datadog_remove_custom_repo_file: "False"
+
+- name: Check if custom repository file exists
+  stat:
+    path: /etc/apt/sources.list.d/ansible_datadog_custom.list
+  register: datadog_custom_repo_file
+
+- name: Fetch custom repository file
+  slurp:
+    src: /etc/apt/sources.list.d/ansible_datadog_custom.list
+  register: datadog_custom_repo_file_contents
+  when: datadog_custom_repo_file.stat.exists
+
+- name: Flag custom repository file for deletion if different from current repository config
+  set_fact:
+    datadog_remove_custom_repo_file: "{{ datadog_repo_file_contents != datadog_apt_repo }}"
+  vars:
+    datadog_repo_file_contents: "{{ datadog_custom_repo_file_contents['content'] | b64decode | trim }}"
+  when: datadog_custom_repo_file.stat.exists
+
+- name: (Custom) Remove Datadog custom repository file when not set or updated
+  file:
+    path: /etc/apt/sources.list.d/ansible_datadog_custom.list
+    state: absent
+  when: (datadog_apt_repo | length == 0) or datadog_remove_custom_repo_file and (not ansible_check_mode)
+
+- name: (Custom) Ensure Datadog repository is up-to-date
+  apt_repository:
+    filename: ansible_datadog_custom
+    repo: "{{ datadog_apt_repo }}"
+    state: present
+    update_cache: yes
+  when: (datadog_apt_repo | length > 0) and (not ansible_check_mode)
+
+- include_tasks: pkg-debian/install-pinned.yml
+  when: datadog_agent_debian_version is defined
+
+- include_tasks: pkg-debian/install-latest.yml
+  when: datadog_agent_debian_version is not defined
+
+- name: Install latest datadog-signing-keys package
+  apt:
+    name: datadog-signing-keys
+    state: latest  # noqa 403
+    # we don't use update_cache: yes, as that was just done by the install-pinned/install-latest
+  register: datadog_signing_keys_install
+  when: not ansible_check_mode

ansible/01_old/roles/datadog.datadog/tasks/pkg-debian/install-latest.yml

@@ -0,0 +1,9 @@
+---
+- name: Install latest datadog-agent package
+  apt:
+    name: "{{ datadog_agent_flavor }}"
+    state: latest  # noqa 403
+    update_cache: yes
+    cache_valid_time: "{{ datadog_apt_cache_valid_time }}"
+  register: datadog_agent_install
+  when: not ansible_check_mode

ansible/01_old/roles/datadog.datadog/tasks/pkg-debian/install-pinned.yml

@@ -0,0 +1,10 @@
+---
+- name: Install pinned datadog-agent package
+  apt:
+    name: "{{ datadog_agent_flavor }}={{ datadog_agent_debian_version }}"
+    state: present
+    force: "{{ datadog_agent_allow_downgrade }}"
+    update_cache: yes
+    cache_valid_time: "{{ datadog_apt_cache_valid_time }}"
+  register: datadog_agent_install
+  when: not ansible_check_mode

ansible/01_old/roles/datadog.datadog/tasks/pkg-macos.yml

@@ -0,0 +1,86 @@
+---
+# NOTE: the DMG gets installed as ansible_user, but we then configure it to run
+# under datadog_macos_user and remove the user-specific config for ansible_user
+- name: Fail if Agent 5
+  fail:
+    msg: "The Datadog ansible role does not currently support Agent 5 on macOS"
+  when: datadog_agent_major_version|int == 5
+
+- name: Check if the macOS user for Agent service exists
+  command: id -u "{{ datadog_macos_user }}"
+  register: mac_user_check
+  changed_when: false
+  ignore_errors: true
+
+- name: Fail if the macOS user for Agent service doesn't exist
+  fail:
+    msg: "The Datadog ansible role wasn't able to find the user : {{ datadog_macos_user }}"
+  when: mac_user_check.rc != 0
+
+- include_tasks: pkg-macos/macos_agent_latest.yml
+  when: (not datadog_skip_install) and (datadog_agent_macos_version is not defined)
+
+- include_tasks: pkg-macos/macos_agent_version.yml
+  when: (not datadog_skip_install) and (datadog_agent_macos_version is defined)
+
+- name: Display macOS download URL
+  debug:
+    var: dd_download_url
+  when: not datadog_skip_install
+
+- name: pre-Delete temporary dmg
+  file:
+    path: '/tmp/datadog-agent.dmg'
+    state: absent
+  become: yes
+  when: not datadog_skip_install
+
+- name: Create temporary datadog install user file
+  copy:
+    dest: "/tmp/datadog-install-user"
+    content: "{{ datadog_macos_user }}"
+    mode: 0554
+  when: (not datadog_skip_install) and (not ansible_check_mode)
+
+- name: Download macOS datadog agent
+  get_url:
+    url: "{{ dd_download_url }}"
+    dest: '/tmp/datadog-agent.dmg'
+    mode: 0750
+  register: download_dmg_result
+  when: (not datadog_skip_install) and (not ansible_check_mode)
+
+- name: Detach agent dmg if already mounted
+  shell: 'hdiutil detach "/Volumes/datadog_agent" >/dev/null 2>&1 || true'
+  when: (not datadog_skip_install) and (not ansible_check_mode)
+
+- name: Attach agent dmg
+  command: 'hdiutil attach /tmp/datadog-agent.dmg -mountpoint "/Volumes/datadog_agent"'
+  when: (not datadog_skip_install) and (not ansible_check_mode) and (download_dmg_result.status_code == 200)
+
+- name: Unpack and copy Datadog Agent files
+  shell:
+    cmd: '/usr/sbin/installer -pkg "`find "/Volumes/datadog_agent" -name \*.pkg 2>/dev/null`" -target /'
+    chdir: '/'
+  become: yes
+  register: datadog_agent_install
+  when: (not datadog_skip_install) and (not ansible_check_mode) and (download_dmg_result.status_code == 200)
+  notify: restart datadog-agent-macos
+
+- name: Detach mounted dmg
+  command: 'hdiutil detach "/Volumes/datadog_agent"'
+  when: (not datadog_skip_install) and (not ansible_check_mode) and (download_dmg_result.status_code == 200)
+
+- name: Delete temporary dmg
+  file:
+    path: "{{ download_dmg_result.dest }}"
+    state: absent
+  become: yes
+  when: (not datadog_skip_install) and (not ansible_check_mode) and (download_dmg_result.status_code == 200)
+
+- name: Delete temporary datadog install user file
+  file:
+    path: "/tmp/datadog-install-user"
+    state: absent
+  become: yes
+  when: (not datadog_skip_install) and (not ansible_check_mode)

ansible/01_old/roles/datadog.datadog/tasks/pkg-macos/macos_agent_latest.yml

@@ -0,0 +1,12 @@
+---
+
+- name: Set agent download filename to custom URL
+  set_fact:
+    dd_download_url: "{{ datadog_macos_download_url }}"
+  when: datadog_macos_download_url | default('', true) | length > 0
+
+- name: Set agent download filename to latest
+  set_fact:
+    dd_download_url: "{% if datadog_agent_major_version|int == 7 %}{{ datadog_macos_agent7_latest_url }}
+      {% else %}{{ datadog_macos_agent6_latest_url }}{% endif %}"
+  when: datadog_macos_download_url | default('', true) | length == 0

ansible/01_old/roles/datadog.datadog/tasks/pkg-macos/macos_agent_version.yml

@@ -0,0 +1,5 @@
+---
+
+- name: Set agent download filename to a specific version
+  set_fact:
+    dd_download_url: "{{ datadog_macos_versioned_url }}-{{ datadog_agent_macos_version }}-1.dmg"

ansible/01_old/roles/datadog.datadog/tasks/pkg-redhat.yml

@@ -0,0 +1,169 @@
+---
+- name: Fail early if Python 3 is used on CentOS / RHEL < 8 with old Ansible
+  fail:
+    msg: "The installation of the Agent on RedHat family systems using yum is not compatible with Python 3 with older Ansible versions.
+          To run this role, use a Python 2 interpreter on hosts running CentOS / RHEL < 8 or upgrade Ansible to version 2.11+"
+  # We can't compare ansible_version.full with 2.11 in the condition below, because ansible's
+  # `semver` and `strict` version_type don't recognize it as a valid version and the `loose`
+  # version_type considers it to be a post-release. It seems that the best course of action
+  # is to explicitly use just major.minor for comparison with 2.11.
+  # See https://github.com/ansible/ansible/issues/78288
+  when: (not datadog_ignore_old_centos_python3_error)
+        and ("{}.{}".format(ansible_version.major, ansible_version.minor) is version("2.11", operator="lt", strict=True))
+        and (ansible_pkg_mgr == "yum")
+        and (ansible_facts.python.version.major | int >= 3)
+
+- name: Find out whether to set repo_gpgcheck or not
+  # We turn off repo_gpgcheck on custom repos and on RHEL/CentOS 8.1 because
+  # of https://bugzilla.redhat.com/show_bug.cgi?id=1792506
+  set_fact:
+    do_yum_repo_gpgcheck: >-
+      {{ datadog_yum_repo_gpgcheck if datadog_yum_repo_gpgcheck != '' else (
+        'no' if (
+          ansible_facts.distribution_version.startswith('8.1.') or ansible_facts.distribution_version == '8.1' or
+          datadog_yum_repo != ''
+        ) else 'yes'
+      ) }}
+
+- name: Download current RPM key
+  get_url:
+    url: "{{ datadog_yum_gpgkey_current }}"
+    dest: /tmp/DATADOG_RPM_KEY_CURRENT.public
+    force: yes
+
+- name: Import current RPM key
+  rpm_key:
+    key: /tmp/DATADOG_RPM_KEY_CURRENT.public
+    state: present
+  when: not ansible_check_mode
+
+- name: Download new RPM key (Expires in 2022)
+  get_url:
+    url: "{{ datadog_yum_gpgkey_e09422b3 }}"
+    dest: /tmp/DATADOG_RPM_KEY_E09422B3.public
+    checksum: "sha256:{{ datadog_yum_gpgkey_e09422b3_sha256sum }}"
+
+- name: Import new RPM key (Expires in 2022)
+  rpm_key:
+    key: /tmp/DATADOG_RPM_KEY_E09422B3.public
+    state: present
+  when: not ansible_check_mode
+
+- name: Download new RPM key (Expires in 2024)
+  get_url:
+    url: "{{ datadog_yum_gpgkey_20200908 }}"
+    dest: /tmp/DATADOG_RPM_KEY_20200908.public
+    checksum: "sha256:{{ datadog_yum_gpgkey_20200908_sha256sum }}"
+
+- name: Import new RPM key (Expires in 2024)
+  rpm_key:
+    key: /tmp/DATADOG_RPM_KEY_20200908.public
+    state: present
+  when: not ansible_check_mode
+  
+- name: Set versioned includepkgs variable
+  set_fact:
+    datadog_includepkgs: "{{ datadog_agent_flavor }}-{{ datadog_agent_redhat_version | regex_replace('^\\d+:', '') }}"
+  when: datadog_agent_redhat_version is defined
+
+- name: Set plain includepkgs variable
+  set_fact:
+    datadog_includepkgs: "{{ datadog_agent_flavor }}"
+  when: datadog_agent_redhat_version is not defined
+
+- name: Install Datadog Agent 5 yum repo
+  yum_repository:
+    name: datadog
+    description: Datadog, Inc.
+    baseurl: "{{ datadog_agent5_yum_repo }}"
+    enabled: yes
+    includepkgs: "{{ datadog_includepkgs }}"
+    repo_gpgcheck: no  # we don't sign Agent 5 repodata
+    gpgcheck: "{{ datadog_yum_gpgcheck }}"
+    gpgkey: [
+      "{{ datadog_yum_gpgkey_current }}",
+      "{{ datadog_yum_gpgkey_20200908 }}",
+      "{{ datadog_yum_gpgkey_e09422b3 }}",
+    ]
+  register: repofile5
+  when: (datadog_agent_major_version|int == 5) and (datadog_yum_repo | length == 0) and (not ansible_check_mode)
+
+- name: Install Datadog Agent 6 yum repo
+  yum_repository:
+    name: datadog
+    description: Datadog, Inc.
+    baseurl: "{{ datadog_agent6_yum_repo }}"
+    enabled: yes
+    includepkgs: "{{ datadog_includepkgs }}"
+    repo_gpgcheck: "{{ do_yum_repo_gpgcheck }}"
+    gpgcheck: "{{ datadog_yum_gpgcheck }}"
+    gpgkey: [
+      "{{ datadog_yum_gpgkey_current }}",
+      "{{ datadog_yum_gpgkey_20200908 }}",
+      "{{ datadog_yum_gpgkey_e09422b3 }}",
+    ]
+  register: repofile6
+  when: (datadog_agent_major_version|int == 6) and (datadog_yum_repo | length == 0) and (not ansible_check_mode)
+
+- name: Install Datadog Agent 7 yum repo
+  yum_repository:
+    name: datadog
+    description: Datadog, Inc.
+    baseurl: "{{ datadog_agent7_yum_repo }}"
+    enabled: yes
+    includepkgs: "{{ datadog_includepkgs }}"
+    repo_gpgcheck: "{{ do_yum_repo_gpgcheck }}"
+    gpgcheck: "{{ datadog_yum_gpgcheck }}"
+    gpgkey: [
+      "{{ datadog_yum_gpgkey_current }}",
+      "{{ datadog_yum_gpgkey_20200908 }}",
+      "{{ datadog_yum_gpgkey_e09422b3 }}",
+    ]
+  register: repofile7
+  when: (datadog_agent_major_version|int == 7) and (datadog_yum_repo | length == 0) and (not ansible_check_mode)
+
+- name: Install Datadog Custom yum repo
+  yum_repository:
+    name: datadog
+    description: Datadog, Inc.
+    baseurl: "{{ datadog_yum_repo }}"
+    enabled: yes
+    includepkgs: "{{ datadog_includepkgs }}"
+    repo_gpgcheck: "{{ do_yum_repo_gpgcheck }}"
+    gpgcheck: "{{ datadog_yum_gpgcheck }}"
+    gpgkey: [
+      "{{ datadog_yum_gpgkey_current }}",
+      "{{ datadog_yum_gpgkey_20200908 }}",
+      "{{ datadog_yum_gpgkey_e09422b3 }}",
+    ]
+  register: repofilecustom
+  when: (datadog_yum_repo | length > 0) and (not ansible_check_mode)
+
+- name: Clean repo metadata if repo changed # noqa 503
+  command: yum clean metadata --disablerepo="*" --enablerepo=datadog
+  failed_when: false # Cleaning the metadata is only needed when downgrading a major version of the Agent, don't fail because of this
+  args:
+    warn: no
+  when: repofile5.changed or repofile6.changed or repofile7.changed or repofilecustom.changed
+
+# On certain version of dnf, gpg keys aren't imported into the local db with the package install task.
+# This rule assures that they are correctly imported into the local db and users won't have to manually accept
+# them if running dnf commands on the hosts.
+- name: Refresh Datadog repository cache # noqa 503
+  command: yum -y makecache --disablerepo="*" --enablerepo=datadog
+  failed_when: false
+  args:
+    warn: no
+  when: repofile5.changed or repofile6.changed or repofile7.changed or repofilecustom.changed
+
+- name: Remove old yum repo files
+  yum_repository:
+    name: "ansible_datadog_{{ item }}"
+    state: absent
+  with_items: [ 5, 6, 7, "custom" ]
+
+- include_tasks: pkg-redhat/install-pinned.yml
+  when: datadog_agent_redhat_version is defined
+
+- include_tasks: pkg-redhat/install-latest.yml
+  when: datadog_agent_redhat_version is not defined

ansible/01_old/roles/datadog.datadog/tasks/pkg-redhat/install-latest.yml

@@ -0,0 +1,18 @@
+---
+- name: Install latest datadog-agent package (dnf)
+  dnf:
+    name: "{{ datadog_agent_flavor }}"
+    update_cache: yes
+    state: latest  # noqa 403
+  register: datadog_agent_install
+  when: not ansible_check_mode and ansible_pkg_mgr == "dnf"
+  notify: restart datadog-agent
+
+- name: Install latest datadog-agent package (yum)
+  yum:
+    name: "{{ datadog_agent_flavor }}"
+    update_cache: yes
+    state: latest  # noqa 403
+  register: datadog_agent_install
+  when: not ansible_check_mode and ansible_pkg_mgr == "yum"
+  notify: restart datadog-agent

ansible/01_old/roles/datadog.datadog/tasks/pkg-redhat/install-pinned.yml

@@ -0,0 +1,21 @@
+---
+- name: Install pinned datadog-agent package (dnf)
+  dnf:
+    name: "{{ datadog_agent_flavor }}-{{ datadog_agent_redhat_version }}"
+    update_cache: yes
+    state: present
+    allow_downgrade: "{{ datadog_agent_allow_downgrade }}"
+  register: datadog_agent_install
+  when: not ansible_check_mode and ansible_pkg_mgr == "dnf"
+  notify: restart datadog-agent
+
+- name: Install pinned datadog-agent package (yum)
+  yum:
+    # We have to add architecture, because yum only understands epoch when architecture is also specified
+    name: "{{ datadog_agent_flavor }}-{{ datadog_agent_redhat_version }}.{{ ansible_facts.architecture }}"
+    update_cache: yes
+    state: present
+    allow_downgrade: "{{ datadog_agent_allow_downgrade }}"
+  register: datadog_agent_install
+  when: not ansible_check_mode and ansible_pkg_mgr == "yum"
+  notify: restart datadog-agent

ansible/01_old/roles/datadog.datadog/tasks/pkg-suse.yml

@@ -0,0 +1,107 @@
+---
+- name: Find out whether to set repo_gpgcheck or not
+  set_fact:
+    do_zypper_repo_gpgcheck: >-
+      {{ datadog_zypper_repo_gpgcheck if datadog_zypper_repo_gpgcheck != '' else (
+        'yes' if datadog_zypper_repo == '' and datadog_agent_major_version|int != 5 else 'no'
+      ) }}
+
+- block:  # Work around due to SNI check for SLES11
+  - name: Stat if current RPM key already exists
+    stat:
+      path: /tmp/DATADOG_RPM_KEY_CURRENT.public
+    register: ddkeycurrent
+  - name: Download current RPM key (SLES11)
+    get_url:
+      url: "{{ datadog_zypper_gpgkey_current }}"
+      dest: /tmp/DATADOG_RPM_KEY_CURRENT.public
+      force: yes
+    when: not ddkeycurrent.stat.exists
+  when: ansible_distribution_version|int == 11
+
+- name: Download current RPM key
+  get_url:
+    url: "{{ datadog_zypper_gpgkey_current }}"
+    dest: /tmp/DATADOG_RPM_KEY_CURRENT.public
+    force: yes
+  when: ansible_distribution_version|int >= 12
+
+- name: Import current RPM key
+  rpm_key:
+    key: /tmp/DATADOG_RPM_KEY_CURRENT.public
+    state: present
+  when: not ansible_check_mode
+
+- block:  # Work around due to SNI check for SLES11
+  - name: Stat if E09422B3 key (Expires 2022) RPM key already exists
+    stat:
+      path: /tmp/DATADOG_RPM_KEY_E09422B3.public
+    register: ddnewkey
+  - name: Download E09422B3 key (Expires 2022) RPM key (SLES11)
+    get_url:
+      url: "{{ datadog_zypper_gpgkey_e09422b3 }}"
+      dest: /tmp/DATADOG_RPM_KEY_E09422B3.public
+    when: not ddnewkey.stat.exists
+  when: ansible_distribution_version|int == 11
+
+- name: Download E09422B3 key (Expires 2022) RPM key
+  get_url:
+    url: "{{ datadog_zypper_gpgkey_e09422b3 }}"
+    dest: /tmp/DATADOG_RPM_KEY_E09422B3.public
+    checksum: "sha256:{{ datadog_zypper_gpgkey_e09422b3_sha256sum }}"
+  when: ansible_distribution_version|int >= 12
+
+- name: Import E09422B3 key (Expires 2022) RPM key
+  rpm_key:
+    key: /tmp/DATADOG_RPM_KEY_E09422B3.public
+    state: present
+  when: not ansible_check_mode
+
+- block:  # Work around due to SNI check for SLES11
+  - name: Stat if 20200908 key (Expires 2024) RPM key already exists
+    stat:
+      path: /tmp/DATADOG_RPM_KEY_20200908.public
+    register: ddnewkey_20200908
+  - name: Download 20200908 key (Expires 2024) RPM key (SLES11)
+    get_url:
+      url: "{{ datadog_zypper_gpgkey_20200908 }}"
+      dest: /tmp/DATADOG_RPM_KEY_20200908.public
+    when: not  ddnewkey_20200908.stat.exists
+  when: ansible_distribution_version|int == 11
+
+- name: Download 20200908 key (Expires 2024) RPM key
+  get_url:
+    url: "{{ datadog_zypper_gpgkey_20200908 }}"
+    dest: /tmp/DATADOG_RPM_KEY_20200908.public
+    checksum: "sha256:{{ datadog_zypper_gpgkey_20200908_sha256sum }}"
+  when: ansible_distribution_version|int >= 12
+
+- name: Import 20200908 key (Expires 2024) RPM key
+  rpm_key:
+    key: /tmp/DATADOG_RPM_KEY_20200908.public
+    state: present
+  when: not ansible_check_mode
+
+# ansible don't allow repo_gpgcheck to be set, we have to create the repo file manually
+- name: Install DataDog zypper repo
+  template:
+    src: zypper.repo.j2
+    dest: /etc/zypp/repos.d/datadog.repo
+    owner: "root"
+    group: "root"
+    mode: 0644
+  register: datadog_zypper_repo_template
+  when: datadog_manage_zypper_repofile
+
+# refresh zypper repos only if the template changed
+- name: refresh Datadog zypper_repos  # noqa 503
+  command: zypper refresh datadog
+  when: datadog_zypper_repo_template.changed and not ansible_check_mode
+  args:
+    warn: false  # silence warning about using zypper directly
+
+- include_tasks: pkg-suse/install-pinned.yml
+  when: datadog_agent_suse_version is defined
+
+- include_tasks: pkg-suse/install-latest.yml
+  when: datadog_agent_suse_version is not defined

ansible/01_old/roles/datadog.datadog/tasks/pkg-suse/install-latest.yml

@@ -0,0 +1,8 @@
+---
+- name: Ensure Datadog agent is installed
+  zypper:
+    name: datadog-agent
+    state: latest  # noqa 403
+  register: datadog_agent_install
+  when: not ansible_check_mode
+  notify: restart datadog-agent

ansible/01_old/roles/datadog.datadog/tasks/pkg-suse/install-pinned.yml

@@ -0,0 +1,9 @@
+---
+- name: Install pinned datadog-agent package
+  zypper:
+    name: "datadog-agent={{ datadog_agent_suse_version }}"
+    state: present
+    oldpackage: "{{ datadog_agent_allow_downgrade }}"
+  register: datadog_agent_install
+  when: not ansible_check_mode
+  notify: restart datadog-agent

ansible/01_old/roles/datadog.datadog/tasks/pkg-windows-opts.yml

@@ -0,0 +1,92 @@
+- name: Set DD Username Arg
+  set_fact:
+    win_install_args: "{{ win_install_args }} DDAGENTUSER_NAME={{ datadog_windows_ddagentuser_name }}"
+  when: datadog_windows_ddagentuser_name | default('', true) | length > 0
+
+# NOTE: We don't set DD Password Arg here to prevent it from being printed;
+# we set it right before using win_install_args
+
+# check the registry. On upgrade, the location of the config file root will 
+# be set here.  
+- name: Check existing config file Directory
+  win_reg_stat:
+    path: HKLM:\SOFTWARE\Datadog\Datadog Agent
+    name: ConfigRoot
+  register: config_root_from_registry
+
+# check the registry. On upgrade, the location of the installation root directory will
+# be set here.  
+
+- name: Check existing installPath Directory
+  win_reg_stat:
+    path: HKLM:\SOFTWARE\Datadog\Datadog Agent
+    name: InstallPath
+  register: install_path_from_registry
+
+## validate the config path.  Only necessary if it's set in the registry alread (i.e. upgrade)
+## Will fail the install if the caller has set the config root to a non-standard root, and that
+## root is different than what's already present.
+- name: Validate config path
+  fail:
+    msg: "Incompatible configuration option {{ config_root_from_registry.value }} != {{ datadog_windows_config_files_dir }}"
+  when: ( (config_root_from_registry.exists) and
+          (datadog_windows_config_files_dir | length > 0 ) and
+          (config_root_from_registry.value | regex_replace('\\\\$','') | lower != datadog_windows_config_files_dir | lower ) )
+
+- name: Validated config path
+  debug:
+    msg: "Allowing configuration option {{ config_root_from_registry.value }} == {{ datadog_windows_config_files_dir }}"
+  when: ( (config_root_from_registry.exists) and
+          (datadog_windows_config_files_dir | length > 0 ) and
+          (config_root_from_registry.value | regex_replace('\\\\$','') | lower == datadog_windows_config_files_dir | lower ) )
+
+## validate the binary install path.  Only necessary if it's set in the registry alread (i.e. upgrade)
+## Will fail the install if the caller has set the binary install path to a non-standard root, and that
+## root is different than what's already present.
+- name: Validate install path
+  fail:
+    msg: "Incompatible configuration option {{ install_path_from_registry.value }} != {{ datadog_windows_program_files_dir }}"
+  when: ( (install_path_from_registry.exists) and
+          (datadog_windows_program_files_dir | length > 0 ) and
+          (install_path_from_registry.value | regex_replace('\\\\$','') | lower != datadog_windows_program_files_dir | lower ) )
+
+- name: Validated install path
+  debug:
+    msg: "Allowing configuration option {{ install_path_from_registry.value }} == {{ datadog_windows_program_files_dir }}"
+  when: ( (install_path_from_registry.exists) and
+          (datadog_windows_program_files_dir | length > 0 ) and
+          (install_path_from_registry.value | regex_replace('\\\\$','') | lower == datadog_windows_program_files_dir | lower ) )
+
+
+- name: Set Program Files Target Directory
+  set_fact:
+    win_install_args: "{{ win_install_args }} PROJECTLOCATION=\"{{ datadog_windows_program_files_dir }}\" "
+  when: datadog_windows_program_files_dir | length > 0
+
+- name: Set Config Files Target Directory
+  set_fact:
+    win_install_args: "{{ win_install_args }} APPLICATIONDATADIRECTORY=\"{{ datadog_windows_config_files_dir }}\" "
+  when: datadog_windows_config_files_dir | length > 0
+
+# if the current installation was set to a non-standard config root, and that config root is not
+# presented here, then update accordingly, so that any config file modifications will be made
+# in the right place
+- name: Set config root for config Files
+  set_fact:
+    datadog_windows_config_root: "{{ datadog_windows_config_files_dir }}"
+  when: ((datadog_windows_config_files_dir | length > 0) and (not config_root_from_registry.exists))
+
+- name: Set config root for config files from current location
+  set_fact:
+    datadog_windows_config_root: "{{ config_root_from_registry.value | regex_replace('\\\\$','') }}"
+  when: config_root_from_registry.exists
+
+- name: Set Test
+  set_fact:
+    win_install_args: "{{ win_install_args }}"
+
+# Add the installation arguments to install Windows NPM.
+- name: Set Windows NPM flag
+  set_fact:
+    win_install_args: "{{ win_install_args }} ADDLOCAL=MainApplication,NPM"
+  when: datadog_sysprobe_enabled

ansible/01_old/roles/datadog.datadog/tasks/pkg-windows.yml

@@ -0,0 +1,87 @@
+---
+- name: Fail if Agent 5
+  fail:
+    msg: "The Datadog ansible role does not currently support Agent 5"
+  when: datadog_agent_major_version|int == 5
+
+- name: Download windows datadog agent 614 fix script
+  win_get_url:
+    url: "{{ datadog_windows_614_fix_script_url }}"
+    dest: '%TEMP%\fix_6_14.ps1'
+  when: not datadog_skip_install and datadog_apply_windows_614_fix
+
+- name: Run 6.14.0/1 PowerShell fix
+  win_shell: |
+    Set-ExecutionPolicy Bypass -Scope Process -Force
+    &$env:temp\fix_6_14.ps1
+  when: not datadog_skip_install and datadog_apply_windows_614_fix
+
+- include_tasks: win_agent_latest.yml
+  when: (not datadog_skip_install) and (datadog_agent_windows_version is not defined)
+
+- include_tasks: win_agent_version.yml
+  when: (not datadog_skip_install) and (datadog_agent_windows_version is defined)
+
+- name: show URL var
+  debug:
+    var: dd_download_url
+  when: not datadog_skip_install
+
+## must be prior to `pkg-windows-opts.yml`, because the variable is used inside
+- name: Set windows NPM installed
+  set_fact:
+    datadog_sysprobe_enabled: "{{ network_config is defined and 'enabled' in (network_config | default({}, true)) and network_config['enabled'] }}"
+- include_tasks: pkg-windows-opts.yml
+
+- name: pre-Delete temporary msi
+  win_file:
+    path: '%TEMP%\ddagent.msi'
+    state: absent
+  when: not datadog_skip_install
+
+- name: Download windows datadog agent
+  win_get_url:
+    url: "{{ dd_download_url }}"
+    dest: '%TEMP%\ddagent.msi'
+  register: download_msi_result
+  when: (not datadog_skip_install) and (not ansible_check_mode)
+
+- name: Create Binary directory root (if not default)
+  win_file:
+    path: "{{ datadog_windows_program_files_dir }}"
+    state: directory
+  when: datadog_windows_program_files_dir | length > 0
+
+- name: Set default permissions on binary directory root (if not default)
+  win_acl:
+    path: "{{ datadog_windows_program_files_dir }}"
+    inherit: ContainerInherit,ObjectInherit
+    user: "BUILTIN\\USERS"
+    rights: ReadAndExecute
+    type: allow
+    state: present
+    propagation: None
+  when: datadog_windows_program_files_dir | length > 0
+
+- name: Show installation flags
+  debug:
+    msg: "{{ win_install_args }}{% if datadog_windows_ddagentuser_password | default('', true) | length > 0 %} DDAGENTUSER_PASSWORD=<REDACTED>{% endif %}"
+
+# We set DD Password Arg here to prevent it from being printed in any kind of debug logs/messages prior usage
+- name: Set DD Password Arg
+  set_fact:
+    win_install_args: "{{ win_install_args }} DDAGENTUSER_PASSWORD={{ datadog_windows_ddagentuser_password }}"
+  when: datadog_windows_ddagentuser_password | default('', true) | length > 0
+
+- name: Install downloaded agent
+  win_package:
+    path: "{{ download_msi_result.dest }}"
+    arguments: "{{ win_install_args }}"
+  register: datadog_agent_install
+  when: (not datadog_skip_install) and (not ansible_check_mode)
+
+- name: Delete temporary msi
+  win_file:
+    path: "{{ download_msi_result.dest }}"
+    state: absent
+  when: (not datadog_skip_install) and (not ansible_check_mode) and (download_msi_result.status_code == 200)

ansible/01_old/roles/datadog.datadog/tasks/sanitize-checks.yml

@@ -0,0 +1,12 @@
+- name: Defend against defined but null datadog_checks variable
+  set_fact:
+      datadog_checks: "{{ datadog_checks | default({}, true) }}"
+
+- name: Resolve datadog_tracked_checks
+  set_fact:
+    datadog_tracked_checks: "{{ datadog_checks | list + datadog_additional_checks | default([], true) }}"
+
+- name: Check that datadog_checks is a mapping
+  assert:
+    that:
+      - datadog_checks is mapping

ansible/01_old/roles/datadog.datadog/tasks/set-parse-version.yml

@@ -0,0 +1,16 @@
+---
+- name: Convert datadog_agent_major_version to string
+  set_fact:
+    datadog_agent_major_version: "{{ datadog_agent_major_version | default('', true) | string }}"
+
+- name: Initialize skip install flag to false
+  set_fact:
+    datadog_skip_install: no
+
+- include_tasks: parse-version.yml
+  when: datadog_agent_version | default('', true) | length > 0
+
+- name: Set Agent default major version
+  set_fact:
+    datadog_agent_major_version: "7"
+  when: datadog_agent_major_version | length == 0

ansible/01_old/roles/datadog.datadog/tasks/win_agent_latest.yml

@@ -0,0 +1,12 @@
+---
+
+- name: (Custom) Set agent download filename to latest
+  set_fact:
+    dd_download_url: "{{ datadog_windows_download_url }}"
+  when: datadog_windows_download_url | default('', true) | length > 0
+
+- name: Set agent download filename to latest
+  set_fact:
+    dd_download_url: "{% if datadog_agent_major_version|int == 7 %}{{ datadog_windows_agent7_latest_url }}
+      {% else %}{{ datadog_windows_agent6_latest_url }}{% endif %}"
+  when: datadog_windows_download_url | default('', true) | length == 0

ansible/01_old/roles/datadog.datadog/tasks/win_agent_version.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Check agent pinned version on Windows
+  fail:
+    msg: "The Agent versions you pinned (6.14.0 or 6.14.1) have been blacklisted, please use 6.14.2 instead. See https://dtdg.co/win-614-fix."
+  when: datadog_agent_version == "6.14.0" or datadog_agent_version == "6.14.1"
+
+- name: set agent download filename to a specific version
+  set_fact:
+    dd_download_url: "{{ datadog_windows_versioned_url }}-{{ datadog_agent_windows_version }}.msi"