--- # NOTE: the DMG gets installed as ansible_user, but we then configure it to run # under datadog_macos_user and remove the user-specific config for ansible_user - name: Load user data shell: cmd: "dscacheutil -q user -a name {{ datadog_macos_user }} | awk 'BEGIN { RS=\"\\n\"; ORS=\" \" } /uid:/ { print \"{ \\\"uid\\\": \" $2\",\" } /gid:/ { print \"\\\"gid\\\": \" $2 \" }\"}'" executable: /bin/bash changed_when: false register: macos_user_output check_mode: no # This task is used to more cleanly format the variable contents.The ABOVE task's shell command returns a JSON # object as a string but nested in `.stdout`. Ansible has built in behavior that if it receives JSON data as # a string it will automatically convert it to the corresponding object. This enables us to get multiple values # out of the ABOVE task preventing us from having to run 2 similar commands. - name: Extract JSON user data as variable object set_fact: macos_user_data: "{{ macos_user_output.stdout }}" - name: Load user group data shell: cmd: "dscacheutil -q group -a gid {{ macos_user_data.gid }} | grep '^name: ' | awk '{ print $2 }'" register: macos_user_group changed_when: false # If the ansible_user was logged in via GUI during installation, the postinstall package script # created launchctl service for the user and also a login item - name: Find out if user LaunchAgent is running shell: cmd: "launchctl print gui/$(id -u)/{{ datadog_macos_service_name }}" register: user_service_created changed_when: false failed_when: false - name: Unload and stop user LaunchAgent shell: cmd: "launchctl bootout gui/$(id -u)/{{ datadog_macos_service_name }}" when: user_service_created.rc == 0 - name: Remove user login item command: |- osascript -e 'tell application "System Events" to if login item "Datadog Agent" exists then delete login item "Datadog Agent"' when: user_service_created.rc == 0 - name: Remove user LaunchAgent plist file file: path: "/Users/{{ ansible_user }}/{{ datadog_macos_user_plist_file_path }}" state: absent # We could take the plist file from user LaunchAgent location and just add UID/GID, # but when the version is pinned and agent is already installed, that file had # already been removed and won't be recreated and so we won't be able to use it. # # The disadvantage of using a template obviously is that if we changed the plist # file in the .dmg, we would also have to update this. Fortunately this seems # to basically never happen, so I think it's an acceptable downside. - name: Add system LaunchDaemon plist file template: src: com.datadoghq.agent.plist.j2 dest: "{{ datadog_macos_system_plist_file_path }}" owner: 0 group: 0 mode: 0644 become: true notify: restart datadog-agent-macos vars: # NOTE: https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html # docs say both UID/GID and UserName/GroupName work, but only UserName/GroupName actually work. username: "{{ datadog_macos_user }}" groupname: "{{ macos_user_group.stdout }}" - name: Include configuration setup tasks import_tasks: "_agent-linux-macos-shared.yml" vars: _dd_config_dir: "{{ datadog_macos_etc_dir }}" _dd_user: "{{ macos_user_data.uid }}" _dd_group: "{{ macos_user_data.gid }}" _dd_notify_agent: "restart datadog-agent-macos" become: true - name: Set permissions for DataDog Directories file: path: "{{ item }}" owner: "{{ macos_user_data.uid }}" group: "{{ macos_user_data.gid }}" recurse: yes with_items: - "{{ datadog_macos_etc_dir }}" - "{{ datadog_macos_logs_dir }}" - "{{ datadog_macos_run_dir }}" notify: restart datadog-agent-macos become: true