170 lines
6.3 KiB
YAML
170 lines
6.3 KiB
YAML
---
|
|
- name: Fail early if Python 3 is used on CentOS / RHEL < 8 with old Ansible
|
|
fail:
|
|
msg: "The installation of the Agent on RedHat family systems using yum is not compatible with Python 3 with older Ansible versions.
|
|
To run this role, use a Python 2 interpreter on hosts running CentOS / RHEL < 8 or upgrade Ansible to version 2.11+"
|
|
# We can't compare ansible_version.full with 2.11 in the condition below, because ansible's
|
|
# `semver` and `strict` version_type don't recognize it as a valid version and the `loose`
|
|
# version_type considers it to be a post-release. It seems that the best course of action
|
|
# is to explicitly use just major.minor for comparison with 2.11.
|
|
# See https://github.com/ansible/ansible/issues/78288
|
|
when: (not datadog_ignore_old_centos_python3_error)
|
|
and ("{}.{}".format(ansible_version.major, ansible_version.minor) is version("2.11", operator="lt", strict=True))
|
|
and (ansible_pkg_mgr == "yum")
|
|
and (ansible_facts.python.version.major | int >= 3)
|
|
|
|
- name: Find out whether to set repo_gpgcheck or not
|
|
# We turn off repo_gpgcheck on custom repos and on RHEL/CentOS 8.1 because
|
|
# of https://bugzilla.redhat.com/show_bug.cgi?id=1792506
|
|
set_fact:
|
|
do_yum_repo_gpgcheck: >-
|
|
{{ datadog_yum_repo_gpgcheck if datadog_yum_repo_gpgcheck != '' else (
|
|
'no' if (
|
|
ansible_facts.distribution_version.startswith('8.1.') or ansible_facts.distribution_version == '8.1' or
|
|
datadog_yum_repo != ''
|
|
) else 'yes'
|
|
) }}
|
|
|
|
- name: Download current RPM key
|
|
get_url:
|
|
url: "{{ datadog_yum_gpgkey_current }}"
|
|
dest: /tmp/DATADOG_RPM_KEY_CURRENT.public
|
|
force: yes
|
|
|
|
- name: Import current RPM key
|
|
rpm_key:
|
|
key: /tmp/DATADOG_RPM_KEY_CURRENT.public
|
|
state: present
|
|
when: not ansible_check_mode
|
|
|
|
- name: Download new RPM key (Expires in 2022)
|
|
get_url:
|
|
url: "{{ datadog_yum_gpgkey_e09422b3 }}"
|
|
dest: /tmp/DATADOG_RPM_KEY_E09422B3.public
|
|
checksum: "sha256:{{ datadog_yum_gpgkey_e09422b3_sha256sum }}"
|
|
|
|
- name: Import new RPM key (Expires in 2022)
|
|
rpm_key:
|
|
key: /tmp/DATADOG_RPM_KEY_E09422B3.public
|
|
state: present
|
|
when: not ansible_check_mode
|
|
|
|
- name: Download new RPM key (Expires in 2024)
|
|
get_url:
|
|
url: "{{ datadog_yum_gpgkey_20200908 }}"
|
|
dest: /tmp/DATADOG_RPM_KEY_20200908.public
|
|
checksum: "sha256:{{ datadog_yum_gpgkey_20200908_sha256sum }}"
|
|
|
|
- name: Import new RPM key (Expires in 2024)
|
|
rpm_key:
|
|
key: /tmp/DATADOG_RPM_KEY_20200908.public
|
|
state: present
|
|
when: not ansible_check_mode
|
|
|
|
- name: Set versioned includepkgs variable
|
|
set_fact:
|
|
datadog_includepkgs: "{{ datadog_agent_flavor }}-{{ datadog_agent_redhat_version | regex_replace('^\\d+:', '') }}"
|
|
when: datadog_agent_redhat_version is defined
|
|
|
|
- name: Set plain includepkgs variable
|
|
set_fact:
|
|
datadog_includepkgs: "{{ datadog_agent_flavor }}"
|
|
when: datadog_agent_redhat_version is not defined
|
|
|
|
- name: Install Datadog Agent 5 yum repo
|
|
yum_repository:
|
|
name: datadog
|
|
description: Datadog, Inc.
|
|
baseurl: "{{ datadog_agent5_yum_repo }}"
|
|
enabled: yes
|
|
includepkgs: "{{ datadog_includepkgs }}"
|
|
repo_gpgcheck: no # we don't sign Agent 5 repodata
|
|
gpgcheck: "{{ datadog_yum_gpgcheck }}"
|
|
gpgkey: [
|
|
"{{ datadog_yum_gpgkey_current }}",
|
|
"{{ datadog_yum_gpgkey_20200908 }}",
|
|
"{{ datadog_yum_gpgkey_e09422b3 }}",
|
|
]
|
|
register: repofile5
|
|
when: (datadog_agent_major_version|int == 5) and (datadog_yum_repo | length == 0) and (not ansible_check_mode)
|
|
|
|
- name: Install Datadog Agent 6 yum repo
|
|
yum_repository:
|
|
name: datadog
|
|
description: Datadog, Inc.
|
|
baseurl: "{{ datadog_agent6_yum_repo }}"
|
|
enabled: yes
|
|
includepkgs: "{{ datadog_includepkgs }}"
|
|
repo_gpgcheck: "{{ do_yum_repo_gpgcheck }}"
|
|
gpgcheck: "{{ datadog_yum_gpgcheck }}"
|
|
gpgkey: [
|
|
"{{ datadog_yum_gpgkey_current }}",
|
|
"{{ datadog_yum_gpgkey_20200908 }}",
|
|
"{{ datadog_yum_gpgkey_e09422b3 }}",
|
|
]
|
|
register: repofile6
|
|
when: (datadog_agent_major_version|int == 6) and (datadog_yum_repo | length == 0) and (not ansible_check_mode)
|
|
|
|
- name: Install Datadog Agent 7 yum repo
|
|
yum_repository:
|
|
name: datadog
|
|
description: Datadog, Inc.
|
|
baseurl: "{{ datadog_agent7_yum_repo }}"
|
|
enabled: yes
|
|
includepkgs: "{{ datadog_includepkgs }}"
|
|
repo_gpgcheck: "{{ do_yum_repo_gpgcheck }}"
|
|
gpgcheck: "{{ datadog_yum_gpgcheck }}"
|
|
gpgkey: [
|
|
"{{ datadog_yum_gpgkey_current }}",
|
|
"{{ datadog_yum_gpgkey_20200908 }}",
|
|
"{{ datadog_yum_gpgkey_e09422b3 }}",
|
|
]
|
|
register: repofile7
|
|
when: (datadog_agent_major_version|int == 7) and (datadog_yum_repo | length == 0) and (not ansible_check_mode)
|
|
|
|
- name: Install Datadog Custom yum repo
|
|
yum_repository:
|
|
name: datadog
|
|
description: Datadog, Inc.
|
|
baseurl: "{{ datadog_yum_repo }}"
|
|
enabled: yes
|
|
includepkgs: "{{ datadog_includepkgs }}"
|
|
repo_gpgcheck: "{{ do_yum_repo_gpgcheck }}"
|
|
gpgcheck: "{{ datadog_yum_gpgcheck }}"
|
|
gpgkey: [
|
|
"{{ datadog_yum_gpgkey_current }}",
|
|
"{{ datadog_yum_gpgkey_20200908 }}",
|
|
"{{ datadog_yum_gpgkey_e09422b3 }}",
|
|
]
|
|
register: repofilecustom
|
|
when: (datadog_yum_repo | length > 0) and (not ansible_check_mode)
|
|
|
|
- name: Clean repo metadata if repo changed # noqa 503
|
|
command: yum clean metadata --disablerepo="*" --enablerepo=datadog
|
|
failed_when: false # Cleaning the metadata is only needed when downgrading a major version of the Agent, don't fail because of this
|
|
args:
|
|
warn: no
|
|
when: repofile5.changed or repofile6.changed or repofile7.changed or repofilecustom.changed
|
|
|
|
# On certain version of dnf, gpg keys aren't imported into the local db with the package install task.
|
|
# This rule assures that they are correctly imported into the local db and users won't have to manually accept
|
|
# them if running dnf commands on the hosts.
|
|
- name: Refresh Datadog repository cache # noqa 503
|
|
command: yum -y makecache --disablerepo="*" --enablerepo=datadog
|
|
failed_when: false
|
|
args:
|
|
warn: no
|
|
when: repofile5.changed or repofile6.changed or repofile7.changed or repofilecustom.changed
|
|
|
|
- name: Remove old yum repo files
|
|
yum_repository:
|
|
name: "ansible_datadog_{{ item }}"
|
|
state: absent
|
|
with_items: [ 5, 6, 7, "custom" ]
|
|
|
|
- include_tasks: pkg-redhat/install-pinned.yml
|
|
when: datadog_agent_redhat_version is defined
|
|
|
|
- include_tasks: pkg-redhat/install-latest.yml
|
|
when: datadog_agent_redhat_version is not defined
|