diff --git a/.circleci/config.yml b/.circleci/config.yml index cc94d820..b280b331 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -220,6 +220,13 @@ jobs: RUBY_VERSION: '2.6.3' PUPPET_VERSION: '6.5.0' + specs-ruby26-puppet79: + <<: *specs + environment: + STRICT_VARIABLES: 'yes' + RUBY_VERSION: '2.6.3' + PUPPET_VERSION: '7.9.0' + specs-ruby25-puppet65-windows: &windows-specs executor: name: win/default # Comes with ruby 2.6, which is not supported on Windows as of puppet 6.10.1 @@ -233,7 +240,7 @@ jobs: choco install ruby --allow-downgrade -y --version 2.5.3.101 # Keep version in sync with next command! export PATH=/c/tools/ruby25/bin:$PATH # Make Ruby 2.5 take precedence over the pre-installed 2.6 ruby --version - choco install msys2 --allow-downgrade -y --version 20200903.0.0 + choco install msys2 --allow-downgrade -y --version 20210604.0.0 ridk.cmd exec pacman -S --noconfirm --needed base-devel mingw-w64-x86_64-toolchain gem install bundler -v 1.17.3 rm Gemfile.lock && bundle install --path .bundle @@ -317,5 +324,6 @@ workflows: - specs-ruby25-puppet65-windows - specs-ruby26-puppet60 - specs-ruby26-puppet65 + - specs-ruby26-puppet79 - verify-gemfile-lock-dependencies - kitchen-tests diff --git a/.fixtures.yml b/.fixtures.yml index 949dda2e..706edda4 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -16,7 +16,9 @@ fixtures: forge_modules: yumrepo_core: "puppetlabs/yumrepo_core" powershell: "puppetlabs/powershell" - zypprepo: "puppet/zypprepo" + zypprepo: + repo: "puppet/zypprepo" + ref: "3.1.0" symlinks: custom_datadog: "#{source_dir}/spec/custom_fixtures/custom_datadog" datadog_agent: "#{source_dir}" diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 00000000..2d9e1f5c --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,46 @@ +name: "CodeQL" + +on: + push: + branches: [ main ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ main ] + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'ruby' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Learn more about CodeQL language support at https://git.io/codeql-language-support + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually + - name: Autobuild + uses: github/codeql-action/autobuild@v1 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 diff --git a/CHANGELOG.md b/CHANGELOG.md index 2f657199..f6a29bf9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,30 @@ Changes ======= +# 3.14.0 / 2021-09-29 + +* [FEATURE] Support Raspbian as debian-based systems ([#719][]) (Thanks [@Mstrodl]) +* [FEATURE] Add support for security-agent config ([#706][]) (Thanks [@florusboth]) +* [BUGFIX] Fix "Unable to locate package datadog-signing-keys" error on new installs ([#721][]) + +# 3.13.0 / 2021-08-11 + +* [CHORE] Run `bundle update` on Ruby 2.5.1 ([#712][]) +* [FEATURE] Install datadog-signing-keys on Debian based platforms ([#709][]) +* [BUGFIX] Do not add process integration configuration file if not configured ([#703][]) (Thanks [@yanjunding][]) +* [FEATURE] add support for `min_collection_interval` for HTTP check ([#699][]) (Thanks [@yanjunding][]) +* [FEATURE] Improvements for APT keys management ([#698][], [#700][], [#701][] and [#714][]) +* [FEATURE] Include 'datadog_agent' class in the catalog when using the generic integration ([#697][]) (Thanks [@stantona][]) +* [BUGFIX] Update `excluded_interface_re` type to String ([#696][]) (Thanks [@florusboth][]) + +# 3.12.0 / 2021-05-06 + +* [FEATURE] Support for NPM on Windows [#688][] +* [FEATURE] Enable repo_gpgcheck for RPM repositories by default [#693][] +* [FEATURE] Add the 'current' gpg key, only use 1 gpgkey on suse < 15 [#687][] +* [BUGFIX] Fix typo in network.yaml.erb [#690][] (Thanks [@florusboth][]) +* [BUGFIX] Fix tool_version being unknown in install_info [#692][] + # 3.11.0 / 2021-03-01 * [FEATURE] Add support for SUSE distros [#682][] @@ -824,6 +848,24 @@ Please read the [docs]() for more details. [#681]: https://github.com/DataDog/puppet-datadog-agent/issues/681 [#682]: https://github.com/DataDog/puppet-datadog-agent/issues/682 [#686]: https://github.com/DataDog/puppet-datadog-agent/issues/686 +[#687]: https://github.com/DataDog/puppet-datadog-agent/issues/687 +[#688]: https://github.com/DataDog/puppet-datadog-agent/issues/688 +[#690]: https://github.com/DataDog/puppet-datadog-agent/issues/690 +[#692]: https://github.com/DataDog/puppet-datadog-agent/issues/692 +[#693]: https://github.com/DataDog/puppet-datadog-agent/issues/693 +[#696]: https://github.com/DataDog/puppet-datadog-agent/issues/696 +[#697]: https://github.com/DataDog/puppet-datadog-agent/issues/697 +[#698]: https://github.com/DataDog/puppet-datadog-agent/issues/698 +[#699]: https://github.com/DataDog/puppet-datadog-agent/issues/699 +[#700]: https://github.com/DataDog/puppet-datadog-agent/issues/700 +[#701]: https://github.com/DataDog/puppet-datadog-agent/issues/701 +[#703]: https://github.com/DataDog/puppet-datadog-agent/issues/703 +[#706]: https://github.com/DataDog/puppet-datadog-agent/issues/706 +[#709]: https://github.com/DataDog/puppet-datadog-agent/issues/709 +[#712]: https://github.com/DataDog/puppet-datadog-agent/issues/712 +[#714]: https://github.com/DataDog/puppet-datadog-agent/issues/714 +[#719]: https://github.com/DataDog/puppet-datadog-agent/issues/719 +[#721]: https://github.com/DataDog/puppet-datadog-agent/issues/721 [@Aramack]: https://github.com/Aramack [@BIAndrews]: https://github.com/BIAndrews [@ChannoneArif-nbcuni]: https://github.com/ChannoneArif-nbcuni @@ -833,6 +875,7 @@ Please read the [docs]() for more details. [@IanCrouch]: https://github.com/IanCrouch [@LeoCavaille]: https://github.com/LeoCavaille [@MartinDelta]: https://github.com/MartinDelta +[@Mstrodl]: https://github.com/Mstrodl [@NoodlesNZ]: https://github.com/NoodlesNZ [@aaron-miller]: https://github.com/aaron-miller [@aepod]: https://github.com/aepod @@ -875,6 +918,7 @@ Please read the [docs]() for more details. [@ewansteele]: https://github.com/ewansteele [@ffleming]: https://github.com/ffleming [@ffrants]: https://github.com/ffrants +[@florusboth]: https://github.com/florusboth [@flyinbutrs]: https://github.com/flyinbutrs [@flyinprogrammer]: https://github.com/flyinprogrammer [@fr3nd]: https://github.com/fr3nd @@ -933,6 +977,7 @@ Please read the [docs]() for more details. [@turnopil]: https://github.com/turnopil [@tuxinaut]: https://github.com/tuxinaut [@vaisingh]: https://github.com/vaisingh +[@yanjunding]: https://github.com/yanjunding [@yrcjaya]: https://github.com/yrcjaya [@zabacad]: https://github.com/zabacad [@zickzackv]: https://github.com/zickzackv diff --git a/Gemfile b/Gemfile index 9f978f79..9d16b322 100644 --- a/Gemfile +++ b/Gemfile @@ -1,35 +1,40 @@ source "https://rubygems.org" -# Puppet 4.10.2 is the minimum version we support on Windows due to https://tickets.puppetlabs.com/browse/PUP-7383 -# On Linux we support down to 4.6 -gem "puppet", "~> #{ENV.fetch('PUPPET_VERSION', '4.10.2')}" +ruby_version = Gem::Version.new(RUBY_VERSION.dup) -ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments +# Each version of Puppet recommends a specific version of Ruby. Try to fetch the Puppet version that +# matches our Ruby (unless PUPPET_VERSION is defined). +matching_puppet_version = ruby_version > Gem::Version.new('2.5') ? (ruby_version > Gem::Version.new('2.7') ? '7.0.0' : '6.0.1') : '4.10.2' +gem "puppet", "~> #{ENV.fetch('PUPPET_VERSION', matching_puppet_version)}" + +ruby_version_segments = ruby_version.segments minor_version = ruby_version_segments[0..1].join('.') group :development do - gem "rake", "~> 12.3.3" if RUBY_VERSION < '2.6.0' # last version for ruby < 2.6 - gem "xmlrpc" if RUBY_VERSION >= '2.3' + gem "rake", "~> 12.3.3" if ruby_version < Gem::Version.new('2.6.0') # last version for ruby < 2.6 + gem "xmlrpc" if ruby_version >= Gem::Version.new('2.3') gem "ruby-pwsh", '~> 0.3.0', platforms: [:mswin, :mingw, :x64_mingw] - gem "fast_gettext", '1.1.0', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.1.0') - gem "fast_gettext", require: false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0') - gem "json_pure", '<= 2.0.1', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0') - gem "json", '= 1.8.1', require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.1.9') - gem "json", '= 2.0.4', require: false if Gem::Requirement.create('~> 2.4.2').satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "fast_gettext", '1.1.0', require: false if ruby_version < Gem::Version.new('2.1.0') + gem "fast_gettext", require: false if ruby_version >= Gem::Version.new('2.1.0') + gem "json_pure", '<= 2.0.1', require: false if ruby_version < Gem::Version.new('2.0.0') + gem "json", '= 1.8.1', require: false if ruby_version == Gem::Version.new('2.1.9') + gem "json", '= 2.0.4', require: false if Gem::Requirement.create('~> 2.4.2').satisfied_by?(ruby_version) + gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(ruby_version) gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw] gem "librarian-puppet" gem "kitchen-puppet" gem "kitchen-docker" gem "kitchen-verifier-serverspec" gem "mixlib-shellout", "~> 2.2.7", platforms: [:ruby] + gem "rubocop-i18n", "~> 1.2.0" + gem "rubocop-rspec", "~> 1.16.0" - if RUBY_VERSION >= '2.3' + if ruby_version >= Gem::Version.new('2.3') gem "test-kitchen", '~> 2.5.4' - gem "puppet-module-posix-default-r#{minor_version}", '~> 0.3', require: false, platforms: [:ruby] - gem "puppet-module-posix-dev-r#{minor_version}", '~> 0.3', require: false, platforms: [:ruby] - gem "puppet-module-win-default-r#{minor_version}", '~> 0.3', require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "puppet-module-win-dev-r#{minor_version}", '~> 0.3', require: false, platforms: [:mswin, :mingw, :x64_mingw] + gem "puppet-module-posix-default-r#{minor_version}", require: false, platforms: [:ruby] + gem "puppet-module-posix-dev-r#{minor_version}", require: false, platforms: [:ruby] + gem "puppet-module-win-default-r#{minor_version}", require: false, platforms: [:mswin, :mingw, :x64_mingw] + gem "puppet-module-win-dev-r#{minor_version}", require: false, platforms: [:mswin, :mingw, :x64_mingw] else gem "test-kitchen", '~> 1.16.0' gem "puppetlabs_spec_helper", "~> 2.14.1" @@ -38,8 +43,6 @@ group :development do gem "puppet-syntax", "~> 2.5.0" gem "rspec-puppet", "~> 2.6.9" gem "rubocop", "~> 0.49.1" - gem "rubocop-i18n", "~> 1.2.0" - gem "rubocop-rspec", "~> 1.16.0" gem "artifactory", "~> 2.8.2" end end diff --git a/Gemfile.lock b/Gemfile.lock index 04b96051..b8f5be7f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,37 +1,76 @@ GEM remote: https://rubygems.org/ specs: - addressable (2.7.0) + CFPropertyList (2.3.6) + activesupport (5.2.6) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 0.7, < 2) + minitest (~> 5.1) + tzinfo (~> 1.1) + addressable (2.8.0) public_suffix (>= 2.0.2, < 5.0) ansi (1.5.0) - ast (2.4.1) - bcrypt_pbkdf (1.0.1) + ast (2.4.2) + awesome_print (1.9.2) + bcrypt_pbkdf (1.1.0) + bindata (2.4.10) + bolt (1.14.0) + CFPropertyList (~> 2.2) + addressable (~> 2.5) + concurrent-ruby (~> 1.0) + docker-api (~> 1.34) + logging (~> 2.2) + minitar (~> 0.6) + net-scp (~> 1.2) + net-ssh (>= 4.0) + orchestrator_client (~> 0.4) + puppet (>= 6.0.1, < 7) + puppet-resource_api (>= 1.8.1) + r10k (~> 3.1) + ruby_smb (~> 1.0) + terminal-table (~> 1.8) + winrm (~> 2.0) + winrm-fs (~> 1.3) builder (3.2.4) - codecov (0.1.21) + codecov (0.2.5) + colorize json simplecov coderay (1.1.3) + colored2 (3.1.2) + colorize (0.8.1) + concurrent-ruby (1.1.9) + connection_pool (2.2.5) + cri (2.15.10) dependency_checker (0.2.0) parallel puppet_forge (~> 2.2) rake (~> 12.3) semantic_puppet (~> 1.0) diff-lcs (1.4.4) - docile (1.3.2) + docile (1.4.0) + docker-api (1.34.2) + excon (>= 0.47.0) + multi_json domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) ed25519 (1.2.4) - erubi (1.9.0) + equatable (0.7.0) + erubi (1.10.0) + excon (0.85.0) facter (2.5.7) - facterdb (1.4.0) - facter (< 4.0.0) + facterdb (1.9.0) + facter (< 5.0.0) jgrep - faraday (0.17.3) + faraday (0.17.4) multipart-post (>= 1.2, < 3) faraday_middleware (0.14.0) faraday (>= 0.7.4, < 1.0) fast_gettext (1.1.2) - ffi (1.13.1) + ffi (1.15.4) + ffi-compiler (1.0.1) + ffi (>= 1.0.0) + rake gettext (3.2.9) locale (>= 2.0.5) text (>= 1.3.0) @@ -39,22 +78,35 @@ GEM fast_gettext (~> 1.1.0) gettext (>= 3.0.2, < 3.3.0) locale - gssapi (1.3.0) + gssapi (1.3.1) ffi (>= 1.0.1) gyoku (1.3.1) builder (>= 2.1.2) - hiera (3.6.0) + hiera (3.7.0) hirb (0.7.3) + hocon (1.3.1) + honeycomb-beeline (2.7.0) + libhoney (~> 1.14, >= 1.14.2) + http (4.4.1) + addressable (~> 2.3) + http-cookie (~> 1.0) + http-form_data (~> 2.2) + http-parser (~> 1.2.0) http-accept (1.7.0) - http-cookie (1.0.3) + http-cookie (1.0.4) domain_name (~> 0.5) + http-form_data (2.3.0) + http-parser (1.2.3) + ffi-compiler (>= 1.0, < 2.0) httpclient (2.8.3) + i18n (1.8.10) + concurrent-ruby (~> 1.0) jgrep (1.5.4) json (2.1.0) json-schema (2.8.1) addressable (>= 2.4) - json_pure (1.8.6) - kitchen-docker (2.10.0) + jwt (2.2.3) + kitchen-docker (2.11.0) test-kitchen (>= 1.0.0) kitchen-puppet (3.5.2) librarian-puppet (>= 3.0) @@ -63,11 +115,15 @@ GEM kitchen-verifier-serverspec (0.7.1) net-ssh (>= 3) test-kitchen (>= 1.4) - librarian-puppet (3.0.0) + libhoney (1.20.0) + addressable (~> 2.0) + excon + http (>= 2.0, < 5.0) + librarian-puppet (3.0.1) librarianp (>= 0.6.3) puppet_forge (~> 2.1) rsync - librarianp (1.0.0) + librarianp (1.1.1) thor (~> 1.0) license-acceptance (1.0.19) pastel (~> 0.7) @@ -76,6 +132,7 @@ GEM tty-prompt (~> 0.18) little-plugger (1.1.4) locale (2.1.3) + log4r (1.1.10) logging (2.3.0) little-plugger (~> 1.1) multi_json (~> 1.14) @@ -86,9 +143,10 @@ GEM method_source (0.8.2) mime-types (3.3.1) mime-types-data (~> 3.2015) - mime-types-data (3.2020.0512) + mime-types-data (3.2021.0901) minitar (0.9) - mixlib-install (3.12.3) + minitest (5.14.4) + mixlib-install (3.12.16) mixlib-shellout mixlib-versioning thor @@ -98,71 +156,102 @@ GEM metaclass (~> 0.0.1) multi_json (1.15.0) multipart-post (2.1.1) - net-scp (3.0.0) - net-ssh (>= 2.6.5, < 7.0.0) + necromancer (0.5.1) + net-http-persistent (4.0.1) + connection_pool (~> 2.2) + net-scp (1.2.1) + net-ssh (>= 2.6.5) net-ssh (6.1.0) net-ssh-gateway (2.0.0) net-ssh (>= 4.0.0) net-telnet (0.1.1) netrc (0.11.0) nori (2.6.0) - parallel (1.19.2) + orchestrator_client (0.5.2) + faraday + net-http-persistent + parallel (1.20.1) parallel_tests (2.14.2) parallel - parser (2.5.1.2) - ast (~> 2.4.0) - pastel (0.8.0) + parser (2.7.2.0) + ast (~> 2.4.1) + pastel (0.7.4) + equatable (~> 0.6) tty-color (~> 0.5) pathspec (0.2.1) - powerpack (0.1.2) + pluginator (1.5.0) + powerpack (0.1.3) pry (0.10.4) coderay (~> 1.1.0) method_source (~> 0.8.1) slop (~> 3.4) public_suffix (4.0.6) - puppet (4.10.12) - facter (> 2.0, < 4) - gettext-setup (>= 0.10, < 1) - hiera (>= 2.0, < 4) - json_pure (~> 1.8) + puppet (6.0.10) + facter (> 2.0.1, < 4) + fast_gettext (~> 1.1.2) + hiera (>= 3.2.1, < 4) + httpclient (~> 2.8) locale (~> 2.1) - puppet-blacksmith (6.0.0) - puppet-modulebuilder (~> 0.1) + multi_json (~> 1.10) + puppet-resource_api (~> 1.5) + semantic_puppet (~> 1.0) + puppet-blacksmith (6.1.1) + puppet-modulebuilder (~> 0.2) rest-client (~> 2.0) - puppet-lint (2.4.2) - puppet-module-posix-default-r2.5 (0.5.1) - puppet-module-posix-dev-r2.5 (0.3.15) - codecov (~> 0.1.10) + puppet-debugger (1.2.0) + awesome_print (~> 1.7) + bundler + facterdb (>= 0.4.0) + pluginator (~> 1.5.0) + puppet (>= 5.5) + rb-readline (>= 0.5.5) + table_print (>= 1.0.0) + tty-pager (~> 0.13.0) + puppet-lint (2.5.0) + puppet-module-posix-default-r2.5 (1.1.0) + puppet-module-posix-dev-r2.5 (0.5.3) + activesupport (>= 5.0.0, < 6.0.0) + bcrypt_pbkdf (~> 1.0) + codecov (>= 0.2, < 0.2.6) + concurrent-ruby (!= 1.1.6) dependency_checker (~> 0.2) + ed25519 (~> 1.2) + facterdb (>= 0.8.1, < 2.0.0) gettext-setup (~> 0.26) metadata-json-lint (>= 2.0.2, < 3.0.0) mocha (>= 1.0.0, < 1.2.0) parallel_tests (>= 2.14.1, < 2.14.3) - parser (~> 2.5.1.2) pry (~> 0.10.4) - puppet-blacksmith (>= 3.4.0) + puppet-blacksmith (~> 6.0) + puppet-debugger (~> 1.0) puppet-lint (>= 2.3.0, < 3.0.0) + puppet-resource_api (~> 1.8) puppet-strings (~> 2.0) puppet-syntax (>= 2.4.1, < 3.0.0) + puppet_litmus (>= 0.4.0, < 1.0.0) puppet_pot_generator (~> 1.0) puppetlabs_spec_helper (>= 2.9.0, < 3.0.0) rainbow (~> 2.0) rspec-puppet (>= 2.3.2, < 3.0.0) - rspec-puppet-facts (~> 1.8) + rspec-puppet-facts (>= 1.10.0, < 3) rspec_junit_formatter (~> 0.2) rubocop (~> 0.49.0) rubocop-i18n (~> 1.2.0) rubocop-rspec (~> 1.16.0) - simplecov (>= 0.14.1, < 1.0.0) + serverspec (~> 2.41) + simplecov (< 0.19.0) simplecov-console (~> 0.4.2) - specinfra (= 2.77.1) - puppet-modulebuilder (0.2.1) - minitar (~> 0.6) - pathspec (~> 0.2.1) - puppet-strings (2.5.0) + specinfra (= 2.82.2) + puppet-modulebuilder (0.3.0) + minitar (~> 0.9) + pathspec (>= 0.2.1, < 2.0.0) + puppet-resource_api (1.8.14) + hocon (>= 1.0) + puppet-strings (2.8.0) rgen yard (~> 0.9.5) - puppet-syntax (2.6.0) + puppet-syntax (2.6.1) + puppet (>= 5) rake puppet_forge (2.3.4) faraday (>= 0.9.0, < 0.18.0, != 0.13.1) @@ -170,43 +259,68 @@ GEM gettext-setup (~> 0.11) minitar semantic_puppet (~> 1.0) + puppet_litmus (0.17.0) + bolt (>= 1.13.1, < 2.0.0) + docker-api (>= 1.34, < 2.0.0) + honeycomb-beeline + parallel + puppet-modulebuilder (~> 0.1) + rspec + rspec_honeycomb_formatter + tty-spinner (>= 0.5.0, < 1.0.0) puppet_pot_generator (1.0.1) puppet - puppetlabs_spec_helper (2.15.0) + puppetlabs_spec_helper (2.16.0) mocha (~> 1.0) - pathspec (~> 0.2.1) + pathspec (>= 0.2.1, < 1.1.0) puppet-lint (~> 2.0) puppet-syntax (>= 2.0, < 4) rspec-puppet (~> 2.0) + r10k (3.11.0) + colored2 (= 3.1.2) + cri (= 2.15.10) + fast_gettext (~> 1.1.0) + gettext (>= 3.0.2, < 3.3.0) + gettext-setup (~> 0.24) + jwt (~> 2.2.3) + log4r (= 1.1.10) + multi_json (~> 1.10) + puppet_forge (~> 2.3.0) rainbow (2.2.2) rake rake (12.3.3) + rb-readline (0.5.5) rest-client (2.1.0) http-accept (>= 1.7.0, < 2.0) http-cookie (>= 1.0.2, < 2.0) mime-types (>= 1.16, < 4.0) netrc (~> 0.8) rgen (0.8.2) - rspec (3.9.0) - rspec-core (~> 3.9.0) - rspec-expectations (~> 3.9.0) - rspec-mocks (~> 3.9.0) - rspec-core (3.9.2) - rspec-support (~> 3.9.3) - rspec-expectations (3.9.2) + rspec (3.10.0) + rspec-core (~> 3.10.0) + rspec-expectations (~> 3.10.0) + rspec-mocks (~> 3.10.0) + rspec-core (3.10.1) + rspec-support (~> 3.10.0) + rspec-expectations (3.10.1) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.9.0) - rspec-mocks (3.9.1) + rspec-support (~> 3.10.0) + rspec-its (1.3.0) + rspec-core (>= 3.0.0) + rspec-expectations (>= 3.0.0) + rspec-mocks (3.10.2) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.9.0) - rspec-puppet (2.7.10) + rspec-support (~> 3.10.0) + rspec-puppet (2.10.0) rspec - rspec-puppet-facts (1.10.0) + rspec-puppet-facts (2.0.2) facter facterdb (>= 0.5.0) - json puppet - rspec-support (3.9.3) + rspec-support (3.10.2) + rspec_honeycomb_formatter (0.2.1) + honeycomb-beeline + rspec-core (~> 3.0) rspec_junit_formatter (0.4.1) rspec-core (>= 2, < 4, != 2.12.0) rsync (1.0.9) @@ -221,31 +335,43 @@ GEM rubocop (~> 0.49.0) rubocop-rspec (1.16.0) rubocop (>= 0.49.0) - ruby-progressbar (1.10.1) - rubyntlm (0.6.2) - rubyzip (2.3.0) - semantic_puppet (1.0.2) + ruby-progressbar (1.11.0) + ruby_smb (1.1.0) + bindata + rubyntlm + windows_error + rubyntlm (0.6.3) + rubyzip (2.3.2) + semantic_puppet (1.0.4) + serverspec (2.41.8) + multi_json + rspec (~> 3.0) + rspec-its + specinfra (~> 2.72) sfl (2.3) - simplecov (0.19.0) + simplecov (0.18.5) docile (~> 1.1) simplecov-html (~> 0.11) simplecov-console (0.4.2) ansi hirb simplecov - simplecov-html (0.12.2) + simplecov-html (0.12.3) slop (3.6.0) - spdx-licenses (1.2.0) - specinfra (2.77.1) + spdx-licenses (1.3.0) + specinfra (2.82.2) net-scp net-ssh (>= 2.7) net-telnet (= 0.1.1) sfl - strings (0.2.0) - strings-ansi (~> 0.2) + strings (0.1.8) + strings-ansi (~> 0.1) unicode-display_width (~> 1.5) unicode_utils (~> 1.4) strings-ansi (0.2.0) + table_print (1.5.7) + terminal-table (1.8.0) + unicode-display_width (~> 1.1, >= 1.1.1) test-kitchen (2.5.4) bcrypt_pbkdf (~> 1.0) ed25519 (~> 1.2) @@ -260,28 +386,39 @@ GEM winrm-elevated (~> 1.0) winrm-fs (~> 1.1) text (1.3.1) - thor (1.0.1) + thor (1.1.0) + thread_safe (0.3.6) tomlrb (1.3.0) - tty-box (0.6.0) - pastel (~> 0.8) - strings (~> 0.2.0) + tty-box (0.5.0) + pastel (~> 0.7.2) + strings (~> 0.1.6) tty-cursor (~> 0.7) - tty-color (0.5.2) + tty-color (0.6.0) tty-cursor (0.7.1) - tty-prompt (0.22.0) - pastel (~> 0.8) - tty-reader (~> 0.8) - tty-reader (0.8.0) - tty-cursor (~> 0.7) + tty-pager (0.13.0) + strings (~> 0.1.8) tty-screen (~> 0.8) - wisper (~> 2.0) + tty-prompt (0.21.0) + necromancer (~> 0.5.0) + pastel (~> 0.7.0) + tty-reader (~> 0.7.0) + tty-reader (0.7.0) + tty-cursor (~> 0.7) + tty-screen (~> 0.7) + wisper (~> 2.0.0) tty-screen (0.8.1) + tty-spinner (0.9.3) + tty-cursor (~> 0.7) + tzinfo (1.2.9) + thread_safe (~> 0.1) unf (0.1.4) unf_ext unf_ext (0.0.7.7) unicode-display_width (1.7.0) unicode_utils (1.4.0) - winrm (2.3.4) + webrick (1.7.0) + windows_error (0.1.2) + winrm (2.3.6) builder (>= 2.1.2) erubi (~> 1.8) gssapi (~> 1.2) @@ -289,8 +426,8 @@ GEM httpclient (~> 2.2, >= 2.2.0.2) logging (>= 1.6.1, < 3.0) nori (~> 2.0) - rubyntlm (~> 0.6.0, >= 0.6.1) - winrm-elevated (1.2.2) + rubyntlm (~> 0.6.0, >= 0.6.3) + winrm-elevated (1.2.3) erubi (~> 1.8) winrm (~> 2.0) winrm-fs (~> 1.0) @@ -300,8 +437,9 @@ GEM rubyzip (~> 2.0) winrm (~> 2.0) wisper (2.0.1) - xmlrpc (0.3.0) - yard (0.9.25) + xmlrpc (0.3.2) + webrick + yard (0.9.26) PLATFORMS ruby @@ -314,13 +452,15 @@ DEPENDENCIES kitchen-verifier-serverspec librarian-puppet mixlib-shellout (~> 2.2.7) - puppet (~> 4.10.2) - puppet-module-posix-default-r2.5 (~> 0.3) - puppet-module-posix-dev-r2.5 (~> 0.3) - puppet-module-win-default-r2.5 (~> 0.3) - puppet-module-win-dev-r2.5 (~> 0.3) + puppet (~> 6.0.1) + puppet-module-posix-default-r2.5 + puppet-module-posix-dev-r2.5 + puppet-module-win-default-r2.5 + puppet-module-win-dev-r2.5 rake (~> 12.3.3) rb-readline (= 0.5.5) + rubocop-i18n (~> 1.2.0) + rubocop-rspec (~> 1.16.0) ruby-pwsh (~> 0.3.0) test-kitchen (~> 2.5.4) xmlrpc diff --git a/README.md b/README.md index 723c8376..9ac7782e 100644 --- a/README.md +++ b/README.md @@ -18,11 +18,11 @@ puppet module install datadog-datadog_agent - By default Datadog Agent v7.x is installed. To use an earlier Agent version, change the setting `agent_major_version`. - `agent5_enable` is no longer used, as it has been replaced by `agent_major_version`. -- `agent6_extra_options` has been renamed to `agent_extra_options` since it now applies to both Agent v6 and v7. -- `agent6_log_file` has been renamed to `agent_log_file` since it now applies to both Agent v6 and v7. +- `agent6_extra_options` has been renamed to `agent_extra_options` since it applies to both Agent v6 and v7. +- `agent6_log_file` has been renamed to `agent_log_file` since it applies to both Agent v6 and v7. - `agent5_repo_uri` and `agent6_repo_uri` become `agent_repo_uri` for all Agent versions. - `conf_dir` and `conf6_dir` become `conf_dir` for all Agent versions. -- The repository file created on Linux is now named `datadog` for all Agent versions instead of `datadog5`/`datadog6`. +- The repository file created on Linux is named `datadog` for all Agent versions instead of `datadog5`/`datadog6`. ### Configuration @@ -65,7 +65,7 @@ Once the `datadog_agent` module is installed on your `puppetserver`/`puppetmaste } ``` - Refer to the [comments in code][6] for all arguments available for a given integration. + See the [comments in code][6] for all arguments available for a given integration. If an integration does not have a [manifest with a dedicated class][7], you can still add a configuration for it. Below is an example for the `ntp` check: @@ -83,7 +83,7 @@ Once the `datadog_agent` module is installed on your `puppetserver`/`puppetmaste } ``` -5. (Optional) To collect metrics and events about Puppet itself, refer to the section about [Reporting](#reporting). +5. (Optional) To collect metrics and events about Puppet itself, see the section about [Reporting](#reporting). ### Upgrading integrations @@ -111,15 +111,25 @@ Note it's not possible to downgrade an integration to a version older than the o To enable reporting of Puppet runs to your Datadog timeline, enable the report processor on your Puppet master and reporting for your clients. The clients send a run report after each check-in back to the master. -1. Install the [dogapi][3] gem on your system. +1. Install the [dogapi][3] gem on your system. Restart puppetserver after the gem is installed. + +If you're configuring the dogapi gem by code, you can do this with notify: + +```puppet +package { 'dogapi': + ensure => 'present', + provider => 'puppetserver_gem', + notify => Service['puppetserver'] +} +``` 2. Set the `puppet_run_reports` option to true in the node configuration manifest for your master: ```ruby - class { "datadog-agent": - api_key => "", - puppet_run_reports => true - # ... + class { 'datadog-agent': + api_key => '', + puppet_run_reports => true + # ... } ``` @@ -142,6 +152,22 @@ To enable reporting of Puppet runs to your Datadog timeline, enable the report p report=true ``` +With the [`ini_setting` module](https://forge.puppet.com/modules/puppetlabs/inifile): + +```puppet + ini_setting { 'puppet_conf_master_report_datadog_puppetdb': + ensure => present, + path => '/etc/puppetlabs/puppet/puppet.conf', + section => 'master', + setting => 'reports', + value => 'datadog_reports,puppetdb', + notify => [ + Service['puppet'], + Service['puppetserver'], + ], + } +``` + 4. On all of your Puppet client nodes, add the following in the same location: ```ini @@ -150,6 +176,21 @@ To enable reporting of Puppet runs to your Datadog timeline, enable the report p report=true ``` +With the [`ini_setting` module](https://forge.puppet.com/modules/puppetlabs/inifile): + +```puppet + ini_setting { 'puppet_conf_agent_report_true': + ensure => present, + path => '/etc/puppetlabs/puppet/puppet.conf', + section => 'agent', + setting => 'report', + value => 'true', + notify => [ + Service['puppet'], + ], + } +``` + 5. (Optional) Enable tagging of reports with facts: You can add tags to reports that are sent to Datadog as events. These tags can be sourced from Puppet facts for the given node the report is regarding. These should be 1:1 and not involve structured facts (hashes, arrays, etc.) to ensure readability. To enable regular fact tagging, set the parameter `datadog_agent::reports::report_fact_tags` to the array value of facts—for example `["virtual","operatingsystem"]`. To enable trusted fact tagging, set the parameter `datadog_agent::reports::report_trusted_fact_tags` to the array value of facts—for example `["certname","extensions.pp_role","hostname"]`. @@ -189,6 +230,8 @@ If you see the following error, ensure `reports=datadog_reports` is defined in ` Class Datadog_reports is already defined in Puppet::Reports ``` +If you don't see any reports coming in, check your Puppet server logs. + ### Masterless Puppet 1. The Datadog module and its dependencies have to be installed on all nodes running masterless. @@ -222,13 +265,15 @@ class { "datadog_agent": facts_to_tags => ["osfamily","networking.domain","my_custom_fact"], } ``` -Tips: -1. For structured facts index into the specific fact value otherwise the entire array will come over as a string and ultimately be difficult to use. -2. Dynamic facts such as CPU usage, Uptime, and others that are expected to change each run are not ideal for tagging. Static facts that are expected to stay for the life of a node are best candidates for tagging. + +Tips: + +1. For structured facts index into the specific fact value otherwise the entire array comes over as a string and ultimately be difficult to use. +2. Dynamic facts such as CPU usage, Uptime, and others that are expected to change each run are not ideal for tagging. Static facts that are expected to stay for the life of a node are best candidates for tagging. ### Configuration variables -These variables can be set in the `datadog_agent` class to control settings in the Agent. Refer to the [comments in code][8] for the full list of supported arguments. +These variables can be set in the `datadog_agent` class to control settings in the Agent. See the [comments in code][8] for the full list of supported arguments. | variable name | description | |-----------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| @@ -236,13 +281,12 @@ These variables can be set in the `datadog_agent` class to control settings in t | `agent_version` | Lets you pin a specific minor version of the Agent to install, for example: `1:7.16.0-1`. Leave empty to install the latest version. | | `collect_ec2_tags` | Collect an instance's custom EC2 tags as Agent tags by using `true`. | | `collect_instance_metadata` | Collect an instance's EC2 metadata as Agent tags by using `true`. | -| `datadog_site` | The Datadog site to report to (Agent v6 and v7 only). Defaults to `datadoghq.com`, can be set to `datadoghq.eu` or `us3.datadoghq.com`. | +| `datadog_site` | The Datadog site to report to (Agent v6 and v7 only). Defaults to `datadoghq.com`, eg: `datadoghq.eu` or `us3.datadoghq.com`. | | `dd_url` | The Datadog intake server URL. You are unlikely to need to change this. Overrides `datadog_site` | | `host` | Overrides the node's host name. | | `local_tags` | An array of `` strings that are set as tags for the node. | | `non_local_traffic` | Allow other nodes to relay their traffic through this node. | | `apm_enabled` | A boolean to enable the APM Agent (defaults to false). | -| `apm_analyzed_spans` | A hash to add APM events for trace search & analytics (defaults to undef), for example:
`{ 'app\|rails.request' => 1, 'service-name\|operation-name' => 0.8 }` | | `process_enabled` | A boolean to enable the process Agent (defaults to false). | | `scrub_args` | A boolean to enable the process cmdline scrubbing (defaults to true). | | `custom_sensitive_words` | An array to add more words beyond the default ones used by the scrubbing feature (defaults to `[]`). | @@ -267,7 +311,7 @@ class { "datadog_agent": (2) `hostname_extraction_regex` is useful when the Puppet module and the Datadog Agent are reporting different host names for the same host in the infrastructure list. [1]: https://forge.puppet.com/datadog/datadog_agent -[2]: https://app.datadoghq.com/account/settings#api +[2]: https://app.datadoghq.com/organization-settings/api-keys [3]: https://github.com/DataDog/dogapi-rb [4]: https://app.datadoghq.com/account/settings#integrations [5]: https://app.datadoghq.com/event/stream diff --git a/kitchen.yml b/kitchen.yml index 23292d84..4528387a 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -68,6 +68,10 @@ platforms: - cd /home/kitchen/puppet && r10k puppetfile install --moduledir=/tmp/modules - name: opensuse/leap-15 + # Workaround for flakes on initializing opensuse/leap-15: + # => SCP did not finish successfully (255): (Net::SCP::Error) + transport: + max_ssh_sessions: 1 driver_config: # we use a custom image that runs systemd image: 'datadog/docker-library:chef_kitchen_systemd_opensuse_leap_15' diff --git a/manifests/init.pp b/manifests/init.pp index 9b51cd04..a3ab89ac 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -221,6 +221,13 @@ # RPM: https://yum.datadoghq.com/stable/7/x86_64/ (with matching agent version and architecture) # Windows: https://https://s3.amazonaws.com/ddagent-windows-stable/ # String. Default: undef +# $rpm_repo_gpgcheck +# Whether or not to perform repodata signature check for RPM repositories. +# Applies to Red Hat and SUSE platforms. When set to `undef`, this is activated +# for all Agent versions other than 5 when `agent_repo_uri` is also undefinded. +# The `undef` value also translates to `false` on RHEL/CentOS 8.1 because +# of a bug in libdnf: https://bugzilla.redhat.com/show_bug.cgi?id=1792506 +# Boolean. Default: undef # $apt_release # The distribution channel to be used for the APT repo. Eg: 'stable' or 'beta'. # String. Default: stable @@ -334,9 +341,12 @@ Boolean $container_collect_all = $datadog_agent::params::container_collect_all, Hash[String[1], Data] $agent_extra_options = {}, Optional[String] $agent_repo_uri = undef, - Optional[Boolean] $use_apt_backup_keyserver = $datadog_agent::params::use_apt_backup_keyserver, - String $apt_backup_keyserver = $datadog_agent::params::apt_backup_keyserver, - String $apt_keyserver = $datadog_agent::params::apt_keyserver, + Optional[Boolean] $rpm_repo_gpgcheck = undef, + # TODO: $use_apt_backup_keyserver, $apt_backup_keyserver and $apt_keyserver can be + # removed in the next major version; they're kept now for backwards compatibility + Optional[Boolean] $use_apt_backup_keyserver = undef, + Optional[String] $apt_backup_keyserver = undef, + Optional[String] $apt_keyserver = undef, String $apt_release = $datadog_agent::params::apt_default_release, String $win_msi_location = 'C:/Windows/temp', # Temporary directory where the msi file is downloaded, must exist Enum['present', 'absent'] $win_ensure = 'present', #TODO: Implement uninstall also for apt and rpm install methods @@ -400,8 +410,6 @@ $local_integrations = $integrations } - $_puppetversion = lookup({ 'name' => '::puppetversion', 'default_value' => 'unknown'}) - include datadog_agent::params case upcase($log_level) { 'CRITICAL': { $_loglevel = 'CRITICAL' } @@ -417,11 +425,12 @@ # Install agent if $manage_install { case $::operatingsystem { - 'Ubuntu','Debian' : { - if $use_apt_backup_keyserver { - $_apt_keyserver = $apt_backup_keyserver - } else { - $_apt_keyserver = $apt_keyserver + 'Ubuntu','Debian','Raspbian' : { + if $use_apt_backup_keyserver != undef or $apt_backup_keyserver != undef or $apt_keyserver != undef { + notify { 'apt keyserver arguments deprecation': + message => '$use_apt_backup_keyserver, $apt_backup_keyserver and $apt_keyserver are deprecated since version 3.13.0', + loglevel => 'warning', + } } class { 'datadog_agent::ubuntu': agent_major_version => $_agent_major_version, @@ -430,7 +439,6 @@ agent_repo_uri => $agent_repo_uri, release => $apt_release, skip_apt_key_trusting => $skip_apt_key_trusting, - apt_keyserver => $_apt_keyserver, } } 'RedHat','CentOS','Fedora','Amazon','Scientific','OracleLinux' : { @@ -440,6 +448,7 @@ agent_repo_uri => $agent_repo_uri, manage_repo => $manage_repo, agent_version => $agent_version, + rpm_repo_gpgcheck => $rpm_repo_gpgcheck, } } 'Windows' : { @@ -464,6 +473,7 @@ agent_flavor => $agent_flavor, agent_repo_uri => $agent_repo_uri, agent_version => $agent_version, + rpm_repo_gpgcheck => $rpm_repo_gpgcheck, } } default: { fail("Class[datadog_agent]: Unsupported operatingsystem: ${::operatingsystem}") } diff --git a/manifests/integrations/generic.pp b/manifests/integrations/generic.pp index 3835b8d7..880f1722 100644 --- a/manifests/integrations/generic.pp +++ b/manifests/integrations/generic.pp @@ -21,6 +21,7 @@ Optional[String] $integration_name = undef, Optional[String] $integration_contents = undef, ) inherits datadog_agent::params { + include datadog_agent $legacy_dst = "${datadog_agent::params::legacy_conf_dir}/${integration_name}.yaml" if $::datadog_agent::_agent_major_version > 5 { diff --git a/manifests/integrations/http_check.pp b/manifests/integrations/http_check.pp index 326863ef..8c4be8da 100644 --- a/manifests/integrations/http_check.pp +++ b/manifests/integrations/http_check.pp @@ -15,6 +15,10 @@ # method # The (optional) HTTP method. This setting defaults to GET, though many # other HTTP methods are supported, including POST and PUT. +# min_collection_interval +# The (optional) collection interval of the check. +# default: 15 +# https://docs.datadoghq.com/developers/write_agent_check/#collection-interval # data # The (optional) data option. Data should be a string or an array of # 'key: value' pairs and will be sent in the body of the request. @@ -164,37 +168,38 @@ class datadog_agent::integrations::http_check ( - $sitename = undef, - $url = undef, - $username = undef, - $password = undef, - $timeout = 1, - $method = 'get', - $data = undef, - $threshold = undef, - $window = undef, - $content_match = undef, - $reverse_content_match = false, - $include_content = false, - $http_response_status_code = undef, - $collect_response_time = true, - $disable_ssl_validation = false, - $ignore_ssl_warning = false, - $skip_event = true, - $no_proxy = false, - $check_certificate_expiration = true, - $days_warning = undef, - $days_critical = undef, + $sitename = undef, + $url = undef, + $username = undef, + $password = undef, + $timeout = 1, + $method = 'get', + $min_collection_interval = undef, + $data = undef, + $threshold = undef, + $window = undef, + $content_match = undef, + $reverse_content_match = false, + $include_content = false, + $http_response_status_code = undef, + $collect_response_time = true, + $disable_ssl_validation = false, + $ignore_ssl_warning = false, + $skip_event = true, + $no_proxy = false, + $check_certificate_expiration = true, + $days_warning = undef, + $days_critical = undef, Optional[Boolean] $check_hostname = undef, Optional[String] $ssl_server_name = undef, - $headers = [], - $allow_redirects = true, - $tags = [], - $contact = [], + $headers = [], + $allow_redirects = true, + $tags = [], + $contact = [], Optional[Hash] $init_config = undef, Optional[Array] $instances = undef, Optional[Array] $logs = undef, - $ca_certs = undef, + $ca_certs = undef, ) inherits datadog_agent::params { include datadog_agent @@ -206,6 +211,7 @@ 'password' => $password, 'timeout' => $timeout, 'method' => $method, + 'min_collection_interval' => $min_collection_interval, 'data' => $data, 'threshold' => $threshold, 'window' => $window, @@ -229,7 +235,7 @@ 'contact' => $contact, 'ca_certs' => $ca_certs, }] - } elsif !$instances { + } elsif !$instances{ $_instances = [] } else { $_instances = $instances diff --git a/manifests/integrations/network.pp b/manifests/integrations/network.pp index 0ef6389d..1ee813a2 100644 --- a/manifests/integrations/network.pp +++ b/manifests/integrations/network.pp @@ -14,9 +14,7 @@ # 'lo0', # 'lo', # ], -# excluded_interface_re => [ -# 'eth1.*' -# ] +# excluded_interface_re = 'eth1.*', # combine_connection_states => true # } # @@ -24,7 +22,7 @@ class datadog_agent::integrations::network( Boolean $collect_connection_state = false, Array[String] $excluded_interfaces = ['lo','lo0'], - Array $excluded_interface_re = [], + String $excluded_interface_re = '', Boolean $combine_connection_states = true, ) inherits datadog_agent::params { include ::datadog_agent diff --git a/manifests/integrations/process.pp b/manifests/integrations/process.pp index fbebeaee..1a31137b 100644 --- a/manifests/integrations/process.pp +++ b/manifests/integrations/process.pp @@ -74,7 +74,7 @@ } file { $dst: - ensure => file, + ensure => $local_processes.length ? { 0 => absent, default => file}, owner => $datadog_agent::params::dd_user, group => $datadog_agent::params::dd_group, mode => $datadog_agent::params::permissions_protected_file, diff --git a/manifests/params.pp b/manifests/params.pp index 0b7b9294..d6299f73 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -19,14 +19,12 @@ $logs_enabled = false $logs_open_files_limit = undef $container_collect_all = false - $use_apt_backup_keyserver = false - $apt_backup_keyserver = 'hkp://pool.sks-keyservers.net:80' - $apt_keyserver = 'hkp://keyserver.ubuntu.com:80' $sysprobe_service_name = 'datadog-agent-sysprobe' + $securityagent_service_name = 'datadog-agent-security' $module_metadata = load_module_metadata($module_name) case $::operatingsystem { - 'Ubuntu','Debian' : { + 'Ubuntu','Debian','Raspbian' : { $rubydev_package = 'ruby-dev' $legacy_conf_dir = '/etc/dd-agent/conf.d' $conf_dir = '/etc/datadog-agent/conf.d' diff --git a/manifests/redhat.pp b/manifests/redhat.pp index 939145ab..fbd0b765 100644 --- a/manifests/redhat.pp +++ b/manifests/redhat.pp @@ -9,15 +9,39 @@ Boolean $manage_repo = true, String $agent_version = $datadog_agent::params::agent_version, String $agent_flavor = $datadog_agent::params::package_name, + Optional[Boolean] $rpm_repo_gpgcheck = undef, ) inherits datadog_agent::params { if $manage_repo { $keys = [ - 'https://yum.datadoghq.com/DATADOG_RPM_KEY.public', - 'https://yum.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public', - 'https://yum.datadoghq.com/DATADOG_RPM_KEY_20200908.public', + 'https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public', + 'https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public', + 'https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public', + 'https://keys.datadoghq.com/DATADOG_RPM_KEY.public', ] + if ($rpm_repo_gpgcheck != undef) { + $repo_gpgcheck = $rpm_repo_gpgcheck + } else { + if ($agent_repo_uri == undef) and ($agent_major_version > 5) { + case $::operatingsystem { + 'RedHat', 'CentOS', 'OracleLinux': { + # disable repo_gpgcheck on 8.1 because of https://bugzilla.redhat.com/show_bug.cgi?id=1792506 + if $::operatingsystemrelease =~ /^8.1/ { + $repo_gpgcheck = false + } else { + $repo_gpgcheck = true + } + } + default: { + $repo_gpgcheck = true + } + } + } else { + $repo_gpgcheck = false + } + + } case $agent_major_version { 5 : { @@ -30,7 +54,7 @@ } 7 : { $defaulturl = "https://yum.datadoghq.com/stable/7/${::architecture}/" - $gpgkeys = $keys[1,2] + $gpgkeys = $keys[0,-2] } default: { fail('invalid agent_major_version') } } @@ -54,11 +78,12 @@ } yumrepo {'datadog': - enabled => 1, - gpgcheck => 1, - gpgkey => join($gpgkeys, "\n "), - descr => 'Datadog, Inc.', - baseurl => $baseurl, + enabled => 1, + gpgcheck => 1, + gpgkey => join($gpgkeys, "\n "), + repo_gpgcheck => $repo_gpgcheck, + descr => 'Datadog, Inc.', + baseurl => $baseurl, } package { $agent_flavor: diff --git a/manifests/security_agent.pp b/manifests/security_agent.pp new file mode 100644 index 00000000..d68a8548 --- /dev/null +++ b/manifests/security_agent.pp @@ -0,0 +1,59 @@ +class datadog_agent::security_agent( + Boolean $enabled = false, + Optional[String] $socket = undef, + + Boolean $service_enable = true, + String $service_ensure = 'running', + Optional[String] $service_provider = undef, + +) inherits datadog_agent::params { + + $securityagent_config = { + 'runtime_security_config' => { + 'enabled' => $enabled, + 'socket' => $socket, + }, + } + + if $::operatingsystem == 'Windows' { + + file { 'C:/ProgramData/Datadog/security-agent.yaml': + owner => $datadog_agent::params::dd_user, + group => $datadog_agent::params::dd_group, + mode => '0640', + content => template('datadog_agent/security-agent.yaml.erb'), + require => File['C:/ProgramData/Datadog'], + } + + } else { + + if $service_provider { + service { $datadog_agent::params::securityagent_service_name: + ensure => $service_ensure, + enable => $service_enable, + provider => $service_provider, + hasstatus => false, + pattern => 'dd-agent', + require => Package[$datadog_agent::params::package_name], + } + } else { + service { $datadog_agent::params::securityagent_service_name: + ensure => $service_ensure, + enable => $service_enable, + hasstatus => false, + pattern => 'dd-agent', + require => Package[$datadog_agent::params::package_name], + } + } + + file { '/etc/datadog-agent/security-agent.yaml': + owner => $datadog_agent::params::dd_user, + group => $datadog_agent::params::dd_group, + mode => '0640', + content => template('datadog_agent/security-agent.yaml.erb'), + notify => Service[$datadog_agent::params::securityagent_service_name], + require => File['/etc/datadog-agent'], + } + } + +} diff --git a/manifests/suse.pp b/manifests/suse.pp index 0835740d..12fab0b8 100644 --- a/manifests/suse.pp +++ b/manifests/suse.pp @@ -9,18 +9,31 @@ String $release = $datadog_agent::params::apt_default_release, Optional[String] $agent_repo_uri = undef, String $agent_flavor = $datadog_agent::params::package_name, + Optional[Boolean] $rpm_repo_gpgcheck = undef, ) inherits datadog_agent::params { + $current_key = 'https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public' $all_keys = [ - 'https://yum.datadoghq.com/DATADOG_RPM_KEY.public', - 'https://yum.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public', - 'https://yum.datadoghq.com/DATADOG_RPM_KEY_20200908.public', + $current_key, + 'https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public', + 'https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public', + 'https://keys.datadoghq.com/DATADOG_RPM_KEY.public', ] + if ($rpm_repo_gpgcheck != undef) { + $repo_gpgcheck = $rpm_repo_gpgcheck + } else { + if ($agent_repo_uri == undef) { + $repo_gpgcheck = true + } else { + $repo_gpgcheck = false + } + } + case $agent_major_version { 5 : { fail('Agent v5 package not available in SUSE') } 6 : { $gpgkeys = $all_keys } - 7 : { $gpgkeys = $all_keys[1,2] } + 7 : { $gpgkeys = $all_keys[0,-2] } default: { fail('invalid agent_major_version') } } @@ -59,7 +72,14 @@ autorefresh => 1, name => 'datadog', gpgcheck => 1, - gpgkey => join($gpgkeys, " "), + # zypper on SUSE < 15 only understands a single gpgkey value + gpgkey => (Float($::operatingsystemmajrelease) >= 15.0) ? { true => join($gpgkeys, "\n "), default => $current_key }, + # TODO: when updating zypprepo to 4.0.0, uncomment the repo_gpgcheck line + # For now, we can leave this commented, as zypper by default does repodata + # signature checks if the repomd.xml.asc is present, so repodata checks + # are effective for most users anyway. We'll make this explicit when we + # update zypprepo version. + # repo_gpgcheck => $repo_gpgcheck, keeppackages => 1, } diff --git a/manifests/system_probe.pp b/manifests/system_probe.pp index 4f6cdc4a..9a1d0837 100644 --- a/manifests/system_probe.pp +++ b/manifests/system_probe.pp @@ -1,37 +1,16 @@ class datadog_agent::system_probe( Boolean $enabled = false, + Boolean $network_enabled = false, Optional[String] $log_file = undef, Optional[String] $sysprobe_socket = undef, Optional[Boolean] $enable_oom_kill = false, + Optional[Hash] $runtime_security_config = undef, Boolean $service_enable = true, String $service_ensure = 'running', Optional[String] $service_provider = undef, ) inherits datadog_agent::params { - if $::operatingsystem == 'Windows' { - # Datadog does not currently support Windows and macOS platforms for Network Performance Monitoring - fail('Network performance monitoring is only supported on Linux.') - } - - if $service_provider { - service { $datadog_agent::params::sysprobe_service_name: - ensure => $service_ensure, - enable => $service_enable, - provider => $service_provider, - hasstatus => false, - pattern => 'dd-agent', - require => Package[$datadog_agent::params::package_name], - } - } else { - service { $datadog_agent::params::sysprobe_service_name: - ensure => $service_ensure, - enable => $service_enable, - hasstatus => false, - pattern => 'dd-agent', - require => Package[$datadog_agent::params::package_name], - } - } $sysprobe_config = { 'system_probe_config' => { @@ -39,16 +18,52 @@ 'sysprobe_socket' => $sysprobe_socket, 'log_file' => $log_file, 'enable_oom_kill' => $enable_oom_kill, - } + }, + 'network_config' => { + 'enabled' => $network_enabled, + }, + 'runtime_security_config' => $runtime_security_config, } - file { '/etc/datadog-agent/system-probe.yaml': - owner => $datadog_agent::params::dd_user, - group => 'dd-agent', - mode => '0640', - content => template('datadog_agent/system_probe.yaml.erb'), - notify => Service[$datadog_agent::params::sysprobe_service_name], - require => File['/etc/datadog-agent'], + if $::operatingsystem == 'Windows' { + + file { 'C:/ProgramData/Datadog/system-probe.yaml': + owner => $datadog_agent::params::dd_user, + group => $datadog_agent::params::dd_group, + mode => '0640', + content => template('datadog_agent/system_probe.yaml.erb'), + require => File['C:/ProgramData/Datadog'], + } + + } else { + + if $service_provider { + service { $datadog_agent::params::sysprobe_service_name: + ensure => $service_ensure, + enable => $service_enable, + provider => $service_provider, + hasstatus => false, + pattern => 'dd-agent', + require => Package[$datadog_agent::params::package_name], + } + } else { + service { $datadog_agent::params::sysprobe_service_name: + ensure => $service_ensure, + enable => $service_enable, + hasstatus => false, + pattern => 'dd-agent', + require => Package[$datadog_agent::params::package_name], + } + } + + file { '/etc/datadog-agent/system-probe.yaml': + owner => $datadog_agent::params::dd_user, + group => $datadog_agent::params::dd_group, + mode => '0640', + content => template('datadog_agent/system_probe.yaml.erb'), + notify => Service[$datadog_agent::params::sysprobe_service_name], + require => File['/etc/datadog-agent'], + } } } diff --git a/manifests/ubuntu.pp b/manifests/ubuntu.pp index 7f1b83b1..0b5e30fe 100644 --- a/manifests/ubuntu.pp +++ b/manifests/ubuntu.pp @@ -5,13 +5,18 @@ class datadog_agent::ubuntu( Integer $agent_major_version = $datadog_agent::params::default_agent_major_version, - Array[String] $apt_keys = ['A2923DFF56EDA6E76E55E492D3A80E30382E94DE', 'D75CEA17048B9ACBF186794B32637D44F14F620E'], String $agent_version = $datadog_agent::params::agent_version, Optional[String] $agent_repo_uri = undef, String $release = $datadog_agent::params::apt_default_release, Boolean $skip_apt_key_trusting = false, - String $apt_keyserver = $datadog_agent::params::apt_keyserver, String $agent_flavor = $datadog_agent::params::package_name, + Optional[String] $apt_trusted_d_keyring = '/etc/apt/trusted.gpg.d/datadog-archive-keyring.gpg', + Optional[String] $apt_usr_share_keyring = '/usr/share/keyrings/datadog-archive-keyring.gpg', + Optional[Hash[String, String]] $apt_default_keys = { + 'DATADOG_APT_KEY_CURRENT.public' => 'https://keys.datadoghq.com/DATADOG_APT_KEY_CURRENT.public', + 'D75CEA17048B9ACBF186794B32637D44F14F620E' => 'https://keys.datadoghq.com/DATADOG_APT_KEY_F14F620E.public', + 'A2923DFF56EDA6E76E55E492D3A80E30382E94DE' => 'https://keys.datadoghq.com/DATADOG_APT_KEY_382E94DE.public', + }, ) inherits datadog_agent::params { if $agent_version =~ /^[0-9]+\.[0-9]+\.[0-9]+((?:~|-)[^0-9\s-]+[^-\s]*)?$/ { @@ -29,10 +34,38 @@ } if !$skip_apt_key_trusting { - $apt_keys.each |String $apt_key| { - apt::key { $apt_key: - id => $apt_key, - server => $apt_keyserver, + ensure_packages(['gnupg']) + + file { $apt_usr_share_keyring: + ensure => file, + mode => '0644', + } + + $apt_default_keys.each |String $key_fingerprint, String $key_url| { + $key_path = "/tmp/${key_fingerprint}" + + file { $key_path: + owner => root, + group => root, + mode => '0600', + source => $key_url, + } + + exec { "ensure key ${key_fingerprint} is imported in APT keyring": + command => "/bin/cat /tmp/${key_fingerprint} | gpg --import --batch --no-default-keyring --keyring ${apt_usr_share_keyring}", + # the second part extracts the fingerprint of the key from output like "fpr::::A2923DFF56EDA6E76E55E492D3A80E30382E94DE:" + unless => @("CMD"/L) + /usr/bin/gpg --no-default-keyring --keyring ${apt_usr_share_keyring} --list-keys --with-fingerprint --with-colons | grep \ + $(cat /tmp/${key_fingerprint} | gpg --with-colons --with-fingerprint 2>/dev/null | grep 'fpr:' | sed 's|^fpr||' | tr -d ':') + | CMD + } + } + + if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '16') == -1) or + ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') == -1) { + file { $apt_trusted_d_keyring: + mode => '0644', + source => "file://${apt_usr_share_keyring}", } } } @@ -40,7 +73,7 @@ if ($agent_repo_uri != undef) { $location = $agent_repo_uri } else { - $location = 'https://apt.datadoghq.com/' + $location = "[signed-by=${apt_usr_share_keyring}] https://apt.datadoghq.com/" } apt::source { 'datadog-beta': @@ -72,4 +105,10 @@ require => [Apt::Source['datadog'], Class['apt::update']], } + + package { 'datadog-signing-keys': + ensure => 'latest', + require => [Apt::Source['datadog'], + Class['apt::update']], + } } diff --git a/manifests/windows.pp b/manifests/windows.pp index 20eff35a..0425b20a 100644 --- a/manifests/windows.pp +++ b/manifests/windows.pp @@ -67,7 +67,7 @@ } $hostname_option = $hostname ? { '' => {}, default => { 'HOSTNAME' => $hostname } } - $npm_install_option = $npm_install ? { false => {}, true => { 'NPM' => 'true' } } + $npm_install_option = $npm_install ? { false => {}, true => { 'ADDLOCAL' => 'MainApplication,NPM' } } package { $datadog_agent::params::package_name: ensure => $ensure_version, diff --git a/metadata.json b/metadata.json index 23a3f677..b8dd1508 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "datadog-datadog_agent", - "version": "3.11.0", + "version": "3.14.0", "author": "James Turnbull , Rob Terhaar , Jaime Fullaondo , Albert Vaca ", "summary": "Install the Datadog monitoring agent and report Puppet runs to Datadog", "license": "Apache-2.0", diff --git a/spec/classes/datadog_agent_integrations_http_check_spec.rb b/spec/classes/datadog_agent_integrations_http_check_spec.rb index c985823b..5ae9b6cb 100644 --- a/spec/classes/datadog_agent_integrations_http_check_spec.rb +++ b/spec/classes/datadog_agent_integrations_http_check_spec.rb @@ -55,6 +55,7 @@ password: 'barpassword', timeout: 123, method: 'post', + min_collection_interval: 30, data: 'key=value', threshold: 456, window: 789, @@ -80,6 +81,7 @@ it { is_expected.to contain_file(conf_file).with_content(%r{password: barpassword}) } it { is_expected.to contain_file(conf_file).with_content(%r{timeout: 123}) } it { is_expected.to contain_file(conf_file).with_content(%r{method: post}) } + it { is_expected.to contain_file(conf_file).with_content(%r{min_collection_interval: 30}) } it { is_expected.to contain_file(conf_file).with_content(%r{data: key=value}) } it { is_expected.to contain_file(conf_file).with_content(%r{threshold: 456}) } it { is_expected.to contain_file(conf_file).with_content(%r{window: 789}) } diff --git a/spec/classes/datadog_agent_redhat_spec.rb b/spec/classes/datadog_agent_redhat_spec.rb index 6d7ec966..cbc4263c 100644 --- a/spec/classes/datadog_agent_redhat_spec.rb +++ b/spec/classes/datadog_agent_redhat_spec.rb @@ -27,10 +27,12 @@ is_expected.to contain_yumrepo('datadog') .with_enabled(1)\ .with_gpgcheck(1)\ - .with_gpgkey('https://yum.datadoghq.com/DATADOG_RPM_KEY.public - https://yum.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public - https://yum.datadoghq.com/DATADOG_RPM_KEY_20200908.public')\ - .with_baseurl('https://yum.datadoghq.com/rpm/x86_64/') + .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public + https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public + https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public + https://keys.datadoghq.com/DATADOG_RPM_KEY.public')\ + .with_baseurl('https://yum.datadoghq.com/rpm/x86_64/')\ + .with_repo_gpgcheck(false) end end context 'with manage_repo => false' do @@ -74,10 +76,12 @@ is_expected.to contain_yumrepo('datadog') .with_enabled(1)\ .with_gpgcheck(1)\ - .with_gpgkey('https://yum.datadoghq.com/DATADOG_RPM_KEY.public - https://yum.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public - https://yum.datadoghq.com/DATADOG_RPM_KEY_20200908.public')\ - .with_baseurl('https://yum.datadoghq.com/stable/6/x86_64/') + .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public + https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public + https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public + https://keys.datadoghq.com/DATADOG_RPM_KEY.public')\ + .with_baseurl('https://yum.datadoghq.com/stable/6/x86_64/')\ + .with_repo_gpgcheck(true) end end context 'with manage_repo => false' do @@ -122,9 +126,11 @@ is_expected.to contain_yumrepo('datadog') .with_enabled(1)\ .with_gpgcheck(1)\ - .with_gpgkey('https://yum.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public - https://yum.datadoghq.com/DATADOG_RPM_KEY_20200908.public')\ - .with_baseurl('https://yum.datadoghq.com/stable/7/x86_64/') + .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public + https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public + https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public')\ + .with_baseurl('https://yum.datadoghq.com/stable/7/x86_64/')\ + .with_repo_gpgcheck(true) end end context 'with manage_repo => false' do @@ -148,4 +154,69 @@ .with_ensure('latest') end end + + context 'rhel 8.1' do + # we expect repo_gpgcheck to be false on 8.1 + let(:facts) do + { + osfamily: 'redhat', + operatingsystem: 'RedHat', + operatingsystemrelease: '8.1', + architecture: 'x86_64', + } + end + + # it should install the mirror + context 'with manage_repo => true' do + let(:params) do + { + manage_repo: true, agent_major_version: 7 + } + end + + it do + is_expected.to contain_yumrepo('datadog') + .with_enabled(1)\ + .with_gpgcheck(1)\ + .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public + https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public + https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public')\ + .with_baseurl('https://yum.datadoghq.com/stable/7/x86_64/')\ + .with_repo_gpgcheck(false) + end + end + end + + context 'rhel 8.2' do + # we expect repo_gpgcheck to be true on 8.2 (and later) + let(:facts) do + { + osfamily: 'redhat', + operatingsystem: 'RedHat', + operatingsystemrelease: '8.2', + architecture: 'x86_64', + } + end + + # it should install the mirror + context 'with manage_repo => true' do + let(:params) do + { + manage_repo: true, agent_major_version: 7 + } + end + + it do + # we expect repo_gpgcheck to be false on 8.1 + is_expected.to contain_yumrepo('datadog') + .with_enabled(1)\ + .with_gpgcheck(1)\ + .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public + https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public + https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public')\ + .with_baseurl('https://yum.datadoghq.com/stable/7/x86_64/')\ + .with_repo_gpgcheck(true) + end + end + end end diff --git a/spec/classes/datadog_agent_spec.rb b/spec/classes/datadog_agent_spec.rb index 3acb8913..c0ffa73c 100644 --- a/spec/classes/datadog_agent_spec.rb +++ b/spec/classes/datadog_agent_spec.rb @@ -34,7 +34,7 @@ it do is_expected.to contain_file('/etc/apt/sources.list.d/datadog.list')\ - .with_content(%r{deb\s+https://apt.datadoghq.com/\s+stable\s+main}) + .with_content(%r{deb\s+\[signed-by=/usr/share/keyrings/datadog-archive-keyring.gpg\]\s+https://apt.datadoghq.com/\s+stable\s+main}) end end @@ -53,7 +53,7 @@ it do is_expected.to contain_file('/etc/apt/sources.list.d/datadog.list')\ - .with_content(%r{deb\s+https://apt.datadoghq.com/\s+stable\s+6}) + .with_content(%r{deb\s+\[signed-by=/usr/share/keyrings/datadog-archive-keyring.gpg\]\s+https://apt.datadoghq.com/\s+stable\s+6}) end end @@ -72,7 +72,7 @@ it do is_expected.to contain_file('/etc/apt/sources.list.d/datadog.list')\ - .with_content(%r{deb\s+https://apt.datadoghq.com/\s+stable\s+7}) + .with_content(%r{deb\s+\[signed-by=/usr/share/keyrings/datadog-archive-keyring.gpg\]\s+https://apt.datadoghq.com/\s+stable\s+7}) end end @@ -91,7 +91,7 @@ it do is_expected.to contain_file('/etc/apt/sources.list.d/datadog.list')\ - .with_content(%r{deb\s+https://apt.datadoghq.com/\s+stable\s+6}) + .with_content(%r{deb\s+\[signed-by=/usr/share/keyrings/datadog-archive-keyring.gpg\]\s+https://apt.datadoghq.com/\s+stable\s+6}) end end @@ -110,7 +110,7 @@ it do is_expected.to contain_file('/etc/apt/sources.list.d/datadog.list')\ - .with_content(%r{deb\s+https://apt.datadoghq.com/\s+stable\s+6}) + .with_content(%r{deb\s+\[signed-by=/usr/share/keyrings/datadog-archive-keyring.gpg\]\s+https://apt.datadoghq.com/\s+stable\s+6}) end end @@ -129,7 +129,7 @@ it do is_expected.to contain_file('/etc/apt/sources.list.d/datadog.list')\ - .with_content(%r{deb\s+https://apt.datadoghq.com/\s+stable\s+6}) + .with_content(%r{deb\s+\[signed-by=/usr/share/keyrings/datadog-archive-keyring.gpg\]\s+https://apt.datadoghq.com/\s+stable\s+6}) end end @@ -197,7 +197,7 @@ it do is_expected.to contain_package('Datadog Agent').with( ensure: 'installed', - install_options: ['/norestart', { 'APIKEY' => 'notakey', 'HOSTNAME' => 'notahost', 'TAGS' => '""', 'NPM' => 'true' }], + install_options: ['/norestart', { 'APIKEY' => 'notakey', 'HOSTNAME' => 'notahost', 'TAGS' => '""', 'ADDLOCAL' => 'MainApplication,NPM' }], ) end end @@ -1606,25 +1606,7 @@ end end - if DEBIAN_OS.include?(operatingsystem) - it do - is_expected.to contain_class('datadog_agent::ubuntu')\ - .with_apt_keyserver('hkp://keyserver.ubuntu.com:80') - end - context 'use backup keyserver' do - let(:params) do - { - use_apt_backup_keyserver: true, - agent_major_version: 5, - } - end - - it do - is_expected.to contain_class('datadog_agent::ubuntu')\ - .with_apt_keyserver('hkp://pool.sks-keyservers.net:80') - end - end - elsif REDHAT_OS.include?(operatingsystem) + if REDHAT_OS.include?(operatingsystem) it { is_expected.to contain_class('datadog_agent::redhat') } end end @@ -1701,7 +1683,7 @@ it 'adds an install_info' do expect(install_info['install_method']).to match( 'tool' => 'puppet', - 'tool_version' => %r{^puppet-(\d+\.\d+\.\d+|unknown)$}, + 'tool_version' => %r{^puppet-unknown$}, # puppetversion is not set in tests, this field has to be tested manually 'installer_version' => %r{^datadog_module-\d+\.\d+\.\d+$}, ) end diff --git a/spec/classes/datadog_agent_suse_spec.rb b/spec/classes/datadog_agent_suse_spec.rb index 7309d4bb..23ea3433 100644 --- a/spec/classes/datadog_agent_suse_spec.rb +++ b/spec/classes/datadog_agent_suse_spec.rb @@ -12,35 +12,92 @@ } end - context 'agent 6' do - let(:params) do + context 'suse >= 15' do + let(:facts) do { - agent_major_version: 6, + operatingsystemmajrelease: '15', } end - it do - is_expected.to contain_zypprepo('datadog') - .with_enabled(1)\ - .with_gpgcheck(1)\ - .with_gpgkey('https://yum.datadoghq.com/DATADOG_RPM_KEY.public https://yum.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public https://yum.datadoghq.com/DATADOG_RPM_KEY_20200908.public')\ - .with_baseurl('https://yum.datadoghq.com/suse/stable/6/x86_64') + context 'agent 6' do + let(:params) do + { + agent_major_version: 6, + } + end + + it do + is_expected.to contain_zypprepo('datadog') + .with_enabled(1)\ + .with_gpgcheck(1)\ + .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public + https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public + https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public + https://keys.datadoghq.com/DATADOG_RPM_KEY.public')\ + .with_baseurl('https://yum.datadoghq.com/suse/stable/6/x86_64') + # .with_repo_gpgcheck(true) + end + end + + context 'agent 7' do + let(:params) do + { + agent_major_version: 7, + } + end + + it do + is_expected.to contain_zypprepo('datadog') + .with_enabled(1)\ + .with_gpgcheck(1)\ + .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public + https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public + https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public')\ + .with_baseurl('https://yum.datadoghq.com/suse/stable/7/x86_64') + # .with_repo_gpgcheck(true) + end end end - context 'agent 7' do - let(:params) do + context 'suse < 15' do + let(:facts) do { - agent_major_version: 7, + operatingsystemmajrelease: '14', } end - it do - is_expected.to contain_zypprepo('datadog') - .with_enabled(1)\ - .with_gpgcheck(1)\ - .with_gpgkey('https://yum.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public https://yum.datadoghq.com/DATADOG_RPM_KEY_20200908.public')\ - .with_baseurl('https://yum.datadoghq.com/suse/stable/7/x86_64') + context 'agent 6' do + let(:params) do + { + agent_major_version: 6, + } + end + + it do + is_expected.to contain_zypprepo('datadog') + .with_enabled(1)\ + .with_gpgcheck(1)\ + .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public')\ + .with_baseurl('https://yum.datadoghq.com/suse/stable/6/x86_64') + # .with_repo_gpgcheck(true) + end + end + + context 'agent 7' do + let(:params) do + { + agent_major_version: 7, + } + end + + it do + is_expected.to contain_zypprepo('datadog') + .with_enabled(1)\ + .with_gpgcheck(1)\ + .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public')\ + .with_baseurl('https://yum.datadoghq.com/suse/stable/7/x86_64') + # .with_repo_gpgcheck(true) + end end end diff --git a/spec/classes/datadog_agent_ubuntu_spec.rb b/spec/classes/datadog_agent_ubuntu_spec.rb index 3676ba25..c3a498c6 100644 --- a/spec/classes/datadog_agent_ubuntu_spec.rb +++ b/spec/classes/datadog_agent_ubuntu_spec.rb @@ -1,5 +1,25 @@ require 'spec_helper' +shared_examples 'old debianoid' do + it do + is_expected.to contain_file('/usr/share/keyrings/datadog-archive-keyring.gpg') + is_expected.to contain_file('/etc/apt/trusted.gpg.d/datadog-archive-keyring.gpg') + is_expected.to contain_exec('ensure key DATADOG_APT_KEY_CURRENT.public is imported in APT keyring') + is_expected.to contain_exec('ensure key D75CEA17048B9ACBF186794B32637D44F14F620E is imported in APT keyring') + is_expected.to contain_exec('ensure key A2923DFF56EDA6E76E55E492D3A80E30382E94DE is imported in APT keyring') + end +end + +shared_examples 'new debianoid' do + it do + is_expected.to contain_file('/usr/share/keyrings/datadog-archive-keyring.gpg') + is_expected.not_to contain_file('/etc/apt/trusted.gpg.d/datadog-archive-keyring.gpg') + is_expected.to contain_exec('ensure key DATADOG_APT_KEY_CURRENT.public is imported in APT keyring') + is_expected.to contain_exec('ensure key D75CEA17048B9ACBF186794B32637D44F14F620E is imported in APT keyring') + is_expected.to contain_exec('ensure key A2923DFF56EDA6E76E55E492D3A80E30382E94DE is imported in APT keyring') + end +end + describe 'datadog_agent::ubuntu' do context 'agent 5' do if RSpec::Support::OS.windows? @@ -23,30 +43,11 @@ is_expected.to contain_file('/etc/apt/sources.list.d/datadog6.list') .with_ensure('absent') is_expected.to contain_file('/etc/apt/sources.list.d/datadog.list')\ - .with_content(%r{deb\s+https://apt.datadoghq.com/\s+stable\s+main}) + .with_content(%r{deb\s+\[signed-by=/usr/share/keyrings/datadog-archive-keyring.gpg\]\s+https://apt.datadoghq.com/\s+stable\s+main}) end # it should install the mirror it { is_expected.not_to contain_apt__key('935F5A436A5A6E8788F0765B226AE980C7A7DA52') } - it do - is_expected.to contain_apt__key('A2923DFF56EDA6E76E55E492D3A80E30382E94DE') - is_expected.to contain_apt__key('D75CEA17048B9ACBF186794B32637D44F14F620E') - end - - context 'overriding keyserver' do - let(:params) do - { - apt_keyserver: 'hkp://pool.sks-keyservers.net:80', - } - end - - it do - is_expected.to contain_apt__key('A2923DFF56EDA6E76E55E492D3A80E30382E94DE')\ - .with_server('hkp://pool.sks-keyservers.net:80') - is_expected.to contain_apt__key('D75CEA17048B9ACBF186794B32637D44F14F620E')\ - .with_server('hkp://pool.sks-keyservers.net:80') - end - end it do is_expected.to contain_file('/etc/apt/sources.list.d/datadog.list')\ @@ -87,15 +88,11 @@ is_expected.to contain_file('/etc/apt/sources.list.d/datadog6.list') .with_ensure('absent') is_expected.to contain_file('/etc/apt/sources.list.d/datadog.list')\ - .with_content(%r{deb\s+https://apt.datadoghq.com/\s+stable\s+6}) + .with_content(%r{deb\s+\[signed-by=/usr/share/keyrings/datadog-archive-keyring.gpg\]\s+https://apt.datadoghq.com/\s+stable\s+6}) end # it should install the mirror it { is_expected.not_to contain_apt__key('935F5A436A5A6E8788F0765B226AE980C7A7DA52') } - it do - is_expected.to contain_apt__key('A2923DFF56EDA6E76E55E492D3A80E30382E94DE') - is_expected.to contain_apt__key('D75CEA17048B9ACBF186794B32637D44F14F620E') - end it do is_expected.to contain_file('/etc/apt/sources.list.d/datadog6.list')\ @@ -136,13 +133,9 @@ is_expected.to contain_file('/etc/apt/sources.list.d/datadog6.list') .with_ensure('absent') is_expected.to contain_file('/etc/apt/sources.list.d/datadog.list')\ - .with_content(%r{deb\s+https://apt.datadoghq.com/\s+stable\s+7}) + .with_content(%r{deb\s+\[signed-by=/usr/share/keyrings/datadog-archive-keyring.gpg\]\s+https://apt.datadoghq.com/\s+stable\s+7}) end - # it should install the mirror - it { is_expected.not_to contain_apt__key('935F5A436A5A6E8788F0765B226AE980C7A7DA52') } - it { is_expected.to contain_apt__key('A2923DFF56EDA6E76E55E492D3A80E30382E94DE') } - it do is_expected.to contain_file('/etc/apt/sources.list.d/datadog6.list')\ .that_notifies('exec[apt_update]') @@ -161,4 +154,76 @@ .that_requires('exec[apt_update]') end end + + context 'ubuntu < 16' do + let(:params) do + { + agent_major_version: 7, + } + end + + let(:facts) do + { + osfamily: 'debian', + operatingsystem: 'Ubuntu', + operatingsystemrelease: '14.04', + } + end + + include_examples 'old debianoid' + end + + context 'ubuntu >= 16' do + let(:params) do + { + agent_major_version: 7, + } + end + + let(:facts) do + { + osfamily: 'debian', + operatingsystem: 'Ubuntu', + operatingsystemrelease: '16.04', + } + end + + include_examples 'new debianoid' + end + + context 'debian < 9' do + let(:params) do + { + agent_major_version: 7, + } + end + + let(:facts) do + { + osfamily: 'debian', + operatingsystem: 'Debian', + operatingsystemrelease: '8.0', + } + end + + include_examples 'old debianoid' + end + + context 'debian >= 9' do + let(:params) do + { + agent_major_version: 7, + } + end + + let(:facts) do + { + osfamily: 'debian', + operatingsystem: 'Debian', + operatingsystemrelease: '9.0', + } + end + + include_examples 'new debianoid' + end end diff --git a/templates/agent-conf.d/network.yaml.erb b/templates/agent-conf.d/network.yaml.erb index d224b458..00de0563 100644 --- a/templates/agent-conf.d/network.yaml.erb +++ b/templates/agent-conf.d/network.yaml.erb @@ -11,9 +11,6 @@ instances: <% end ) -%> <% end -%> <% if !@excluded_interface_re.empty? -%> - excluded_interface_re: -<%- (@excluded_interfaces_re.each do |interface| -%> - - <%= interface %> -<% end ) -%> + excluded_interface_re: <%= @excluded_interface_re %> <% end -%> combine_connection_states: <%= @combine_connection_states %> diff --git a/templates/install_info.erb b/templates/install_info.erb index 8036d7db..fa2c7c25 100644 --- a/templates/install_info.erb +++ b/templates/install_info.erb @@ -1,5 +1,5 @@ --- install_method: tool: puppet - tool_version: puppet-<%= @_puppetversion %> + tool_version: puppet-<%= @facts['puppetversion'] or 'unknown' %> installer_version: datadog_module-<%= @module_metadata['version'] %> diff --git a/templates/security-agent.yaml.erb b/templates/security-agent.yaml.erb new file mode 100644 index 00000000..2e4902d5 --- /dev/null +++ b/templates/security-agent.yaml.erb @@ -0,0 +1,6 @@ +### MANAGED BY PUPPET + +<% +require 'yaml' +%> +<%= @securityagent_config.to_yaml %>