162 lines
6.5 KiB
YAML
162 lines
6.5 KiB
YAML
---
|
|
- name: Populate service facts
|
|
service_facts:
|
|
|
|
- name: Set before 6/7.40.0 flag
|
|
set_fact:
|
|
datadog_before_7400: "{{ datadog_major is defined and datadog_minor is defined
|
|
and datadog_major | int < 8 and datadog_minor | int < 40 }}"
|
|
|
|
- name: Set before 6/7.24.1 flag
|
|
set_fact:
|
|
datadog_before_7241: "{{ datadog_major is defined and datadog_minor is defined and datadog_bugfix is defined
|
|
and datadog_major | int < 8
|
|
and (datadog_minor | int < 24 or (datadog_minor | int == 24 and datadog_bugfix | int < 1)) }}"
|
|
|
|
- name: Set before 6/7.18.0 flag
|
|
set_fact:
|
|
datadog_before_7180: "{{ datadog_major is defined and datadog_minor is defined
|
|
and datadog_major | int < 8 and datadog_minor | int < 18 }}"
|
|
|
|
- name: Add "{{ datadog_user }}" user to additional groups
|
|
user: name="{{ datadog_user }}" groups="{{ datadog_additional_groups }}" append=yes
|
|
when: datadog_additional_groups | default([], true) | length > 0
|
|
notify: restart datadog-agent
|
|
|
|
- name: Include configuration setup tasks
|
|
include_tasks: "_agent-linux-macos-shared.yml"
|
|
vars:
|
|
_dd_config_dir: /etc/datadog-agent
|
|
_dd_user: "{{ datadog_user }}"
|
|
_dd_group: "{{ datadog_group }}"
|
|
_dd_notify_agent: "restart datadog-agent"
|
|
|
|
- name: Create system-probe configuration file
|
|
template:
|
|
src: system-probe.yaml.j2
|
|
dest: /etc/datadog-agent/system-probe.yaml
|
|
mode: 0640
|
|
owner: "root"
|
|
group: "{{ datadog_group }}"
|
|
when: datadog_manage_config
|
|
notify:
|
|
"{% if datadog_before_7180 %}restart datadog-agent-sysprobe{% else %}restart datadog-agent{% endif %}"
|
|
|
|
- name: Set system probe installed
|
|
set_fact:
|
|
datadog_sysprobe_installed: "{{ ansible_facts.services['datadog-agent-sysprobe'] is defined
|
|
or ansible_facts.services['datadog-agent-sysprobe.service'] is defined }}"
|
|
when: not datadog_skip_running_check
|
|
|
|
# Before 6/7.24.1, system_probe_config controls the system-probe service
|
|
# datadog_minor is only defined when a specific Agent version is given
|
|
# (see tasks/parse-version.yml)
|
|
- name: Set system probe enabled (before 6/7.24.1)
|
|
set_fact:
|
|
datadog_sysprobe_enabled: "{{ system_probe_config is defined
|
|
and 'enabled' in (system_probe_config | default({}, true))
|
|
and system_probe_config['enabled']
|
|
and datadog_sysprobe_installed }}"
|
|
when: not datadog_skip_running_check
|
|
and datadog_before_7241
|
|
|
|
# Since 6/7.24.1, setting enabled: true in network_config is enough to start the system-probe service:
|
|
# https://docs.datadoghq.com/network_monitoring/performance/setup/?tab=agent#setup
|
|
- name: Set system probe enabled (since 6/7.24.1)
|
|
set_fact:
|
|
datadog_sysprobe_enabled: "{{
|
|
((system_probe_config is defined
|
|
and 'enabled' in (system_probe_config | default({}, true))
|
|
and system_probe_config['enabled'])
|
|
or (network_config is defined
|
|
and 'enabled' in (network_config | default({}, true))
|
|
and network_config['enabled']))
|
|
and datadog_sysprobe_installed }}"
|
|
when: not datadog_skip_running_check
|
|
and (not datadog_before_7241)
|
|
|
|
# Since 6/7.40.0, setting enabled: true in service_monitoring_config is enough to start the system-probe service:
|
|
# https://docs.datadoghq.com/tracing/universal_service_monitoring/?tab=configurationfiles#enabling-universal-service-monitoring
|
|
- name: Set system probe enabled (since 6/7.40.0)
|
|
set_fact:
|
|
datadog_sysprobe_enabled: "{{
|
|
((system_probe_config is defined
|
|
and 'enabled' in (system_probe_config | default({}, true))
|
|
and system_probe_config['enabled'])
|
|
or (network_config is defined
|
|
and 'enabled' in (network_config | default({}, true))
|
|
and network_config['enabled'])
|
|
or (service_monitoring_config is defined
|
|
and 'enabled' in (service_monitoring_config | default({}, true))
|
|
and service_monitoring_config['enabled']))
|
|
and datadog_sysprobe_installed }}"
|
|
when: not datadog_skip_running_check
|
|
and (not datadog_before_7400)
|
|
|
|
- name: Ensure datadog-agent is running
|
|
service:
|
|
name: datadog-agent
|
|
state: started
|
|
enabled: yes
|
|
when: not datadog_skip_running_check and datadog_enabled and not ansible_check_mode
|
|
|
|
- name: Ensure datadog-agent-sysprobe is running if enabled and installed
|
|
service:
|
|
name: datadog-agent-sysprobe
|
|
state: started
|
|
enabled: yes
|
|
when: not datadog_skip_running_check and datadog_enabled and not ansible_check_mode and datadog_sysprobe_enabled
|
|
|
|
- name: Ensure datadog-agent, datadog-agent-process and datadog-agent-trace are not running
|
|
service:
|
|
name: "{{ item }}"
|
|
state: stopped
|
|
enabled: no
|
|
when: not datadog_skip_running_check and not datadog_enabled
|
|
with_list:
|
|
- datadog-agent
|
|
- datadog-agent-process
|
|
- datadog-agent-trace
|
|
|
|
# Stop system-probe manually on Agent versions < 6/7.18, as it was not tied
|
|
# to the main Agent service: https://github.com/DataDog/datadog-agent/pull/4883
|
|
- name: Ensure datadog-agent-sysprobe is stopped if disabled or not installed (before 6/7.18.0)
|
|
service:
|
|
name: datadog-agent-sysprobe
|
|
state: stopped
|
|
enabled: no
|
|
when: not datadog_skip_running_check
|
|
and (not datadog_enabled or not datadog_sysprobe_enabled)
|
|
and datadog_before_7180
|
|
and datadog_sysprobe_installed
|
|
|
|
- name: Ensure datadog-agent-security is not running
|
|
service:
|
|
name: datadog-agent-security
|
|
state: stopped
|
|
enabled: no
|
|
when: not datadog_skip_running_check and not datadog_enabled
|
|
failed_when: false # Since older versions of the Agent don't include the security agent
|
|
|
|
- name: Create security-agent configuration file
|
|
template:
|
|
src: security-agent.yaml.j2
|
|
dest: /etc/datadog-agent/security-agent.yaml
|
|
mode: 0640
|
|
owner: "root"
|
|
group: "{{ datadog_group }}"
|
|
when: datadog_manage_config and (runtime_security_config is defined and runtime_security_config | default({}, true) | length > 0)
|
|
notify:
|
|
"{% if datadog_before_7180 %}restart datadog-agent-sysprobe{% else %}restart datadog-agent{% endif %}"
|
|
|
|
# Templates don't support the "state: absent" argument, so if the file was created in a previous run
|
|
# and then runtime_security_config was completely removed, this is the only way to ensure
|
|
# we remove the leftover config file.
|
|
- name: Remove security-agent configuration file if security-agent is no longer configured
|
|
file:
|
|
path: /etc/datadog-agent/security-agent.yaml
|
|
state: absent
|
|
when: datadog_manage_config and (runtime_security_config is not defined or runtime_security_config | default({}, true) | length == 0)
|
|
notify:
|
|
"{% if datadog_before_7180 %}restart datadog-agent-sysprobe{% else %}restart datadog-agent{% endif %}"
|