From a93c50f68b2ccb3495880927bb478fcb4de029c5 Mon Sep 17 00:00:00 2001 From: yeettaIT Date: Thu, 11 Mar 2021 19:34:51 +0100 Subject: [PATCH 01/30] fix type in network.yaml.erb (#690) Co-authored-by: Florus Both --- templates/agent-conf.d/network.yaml.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/agent-conf.d/network.yaml.erb b/templates/agent-conf.d/network.yaml.erb index d224b458..17088a92 100644 --- a/templates/agent-conf.d/network.yaml.erb +++ b/templates/agent-conf.d/network.yaml.erb @@ -12,7 +12,7 @@ instances: <% end -%> <% if !@excluded_interface_re.empty? -%> excluded_interface_re: -<%- (@excluded_interfaces_re.each do |interface| -%> +<%- (@excluded_interface_re.each do |interface| -%> - <%= interface %> <% end ) -%> <% end -%> From acd6ed368c88f7dbac6c4029de3d787128d7b7ee Mon Sep 17 00:00:00 2001 From: Albert Vaca Cintora Date: Wed, 17 Mar 2021 12:04:05 +0100 Subject: [PATCH 02/30] Support for NPM on Windows (#688) Use MSI's standard ADDLOCAL to install optional components instead of the custom NPM=true. Allow creating the system-probe.yaml file on Windows as well. Allow setting the network_config.enabled option in system-probe.yaml. --- manifests/system_probe.pp | 73 ++++++++++++++++++------------ manifests/windows.pp | 2 +- spec/classes/datadog_agent_spec.rb | 2 +- 3 files changed, 45 insertions(+), 32 deletions(-) diff --git a/manifests/system_probe.pp b/manifests/system_probe.pp index 4f6cdc4a..742a5bbb 100644 --- a/manifests/system_probe.pp +++ b/manifests/system_probe.pp @@ -1,5 +1,6 @@ class datadog_agent::system_probe( Boolean $enabled = false, + Boolean $network_enabled = false, Optional[String] $log_file = undef, Optional[String] $sysprobe_socket = undef, Optional[Boolean] $enable_oom_kill = false, @@ -9,29 +10,6 @@ Optional[String] $service_provider = undef, ) inherits datadog_agent::params { - if $::operatingsystem == 'Windows' { - # Datadog does not currently support Windows and macOS platforms for Network Performance Monitoring - fail('Network performance monitoring is only supported on Linux.') - } - - if $service_provider { - service { $datadog_agent::params::sysprobe_service_name: - ensure => $service_ensure, - enable => $service_enable, - provider => $service_provider, - hasstatus => false, - pattern => 'dd-agent', - require => Package[$datadog_agent::params::package_name], - } - } else { - service { $datadog_agent::params::sysprobe_service_name: - ensure => $service_ensure, - enable => $service_enable, - hasstatus => false, - pattern => 'dd-agent', - require => Package[$datadog_agent::params::package_name], - } - } $sysprobe_config = { 'system_probe_config' => { @@ -39,16 +17,51 @@ 'sysprobe_socket' => $sysprobe_socket, 'log_file' => $log_file, 'enable_oom_kill' => $enable_oom_kill, + }, + 'network_config' => { + 'enabled' => $network_enabled, } } - file { '/etc/datadog-agent/system-probe.yaml': - owner => $datadog_agent::params::dd_user, - group => 'dd-agent', - mode => '0640', - content => template('datadog_agent/system_probe.yaml.erb'), - notify => Service[$datadog_agent::params::sysprobe_service_name], - require => File['/etc/datadog-agent'], + if $::operatingsystem == 'Windows' { + + file { 'C:/ProgramData/Datadog/system-probe.yaml': + owner => $datadog_agent::params::dd_user, + group => $datadog_agent::params::dd_group, + mode => '0640', + content => template('datadog_agent/system_probe.yaml.erb'), + require => File['C:/ProgramData/Datadog'], + } + + } else { + + if $service_provider { + service { $datadog_agent::params::sysprobe_service_name: + ensure => $service_ensure, + enable => $service_enable, + provider => $service_provider, + hasstatus => false, + pattern => 'dd-agent', + require => Package[$datadog_agent::params::package_name], + } + } else { + service { $datadog_agent::params::sysprobe_service_name: + ensure => $service_ensure, + enable => $service_enable, + hasstatus => false, + pattern => 'dd-agent', + require => Package[$datadog_agent::params::package_name], + } + } + + file { '/etc/datadog-agent/system-probe.yaml': + owner => $datadog_agent::params::dd_user, + group => $datadog_agent::params::dd_group, + mode => '0640', + content => template('datadog_agent/system_probe.yaml.erb'), + notify => Service[$datadog_agent::params::sysprobe_service_name], + require => File['/etc/datadog-agent'], + } } } diff --git a/manifests/windows.pp b/manifests/windows.pp index 20eff35a..0425b20a 100644 --- a/manifests/windows.pp +++ b/manifests/windows.pp @@ -67,7 +67,7 @@ } $hostname_option = $hostname ? { '' => {}, default => { 'HOSTNAME' => $hostname } } - $npm_install_option = $npm_install ? { false => {}, true => { 'NPM' => 'true' } } + $npm_install_option = $npm_install ? { false => {}, true => { 'ADDLOCAL' => 'MainApplication,NPM' } } package { $datadog_agent::params::package_name: ensure => $ensure_version, diff --git a/spec/classes/datadog_agent_spec.rb b/spec/classes/datadog_agent_spec.rb index 3acb8913..9fd94e8a 100644 --- a/spec/classes/datadog_agent_spec.rb +++ b/spec/classes/datadog_agent_spec.rb @@ -197,7 +197,7 @@ it do is_expected.to contain_package('Datadog Agent').with( ensure: 'installed', - install_options: ['/norestart', { 'APIKEY' => 'notakey', 'HOSTNAME' => 'notahost', 'TAGS' => '""', 'NPM' => 'true' }], + install_options: ['/norestart', { 'APIKEY' => 'notakey', 'HOSTNAME' => 'notahost', 'TAGS' => '""', 'ADDLOCAL' => 'MainApplication,NPM' }], ) end end From 66d346556cd8542d0f95c4cd070ff57b49be2e5e Mon Sep 17 00:00:00 2001 From: Slavek Kabrda Date: Fri, 26 Mar 2021 10:05:59 +0100 Subject: [PATCH 03/30] Add the 'current' gpg key, only use 1 gpgkey on suse < 15 (#687) * Get keys from keys.datadoghq.com --- manifests/redhat.pp | 9 ++- manifests/suse.pp | 13 ++-- spec/classes/datadog_agent_redhat_spec.rb | 19 +++-- spec/classes/datadog_agent_suse_spec.rb | 89 ++++++++++++++++++----- 4 files changed, 95 insertions(+), 35 deletions(-) diff --git a/manifests/redhat.pp b/manifests/redhat.pp index 939145ab..df19f884 100644 --- a/manifests/redhat.pp +++ b/manifests/redhat.pp @@ -14,9 +14,10 @@ if $manage_repo { $keys = [ - 'https://yum.datadoghq.com/DATADOG_RPM_KEY.public', - 'https://yum.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public', - 'https://yum.datadoghq.com/DATADOG_RPM_KEY_20200908.public', + 'https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public', + 'https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public', + 'https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public', + 'https://keys.datadoghq.com/DATADOG_RPM_KEY.public', ] case $agent_major_version { @@ -30,7 +31,7 @@ } 7 : { $defaulturl = "https://yum.datadoghq.com/stable/7/${::architecture}/" - $gpgkeys = $keys[1,2] + $gpgkeys = $keys[0,-2] } default: { fail('invalid agent_major_version') } } diff --git a/manifests/suse.pp b/manifests/suse.pp index 0835740d..bb739927 100644 --- a/manifests/suse.pp +++ b/manifests/suse.pp @@ -11,16 +11,18 @@ String $agent_flavor = $datadog_agent::params::package_name, ) inherits datadog_agent::params { + $current_key = 'https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public' $all_keys = [ - 'https://yum.datadoghq.com/DATADOG_RPM_KEY.public', - 'https://yum.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public', - 'https://yum.datadoghq.com/DATADOG_RPM_KEY_20200908.public', + $current_key, + 'https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public', + 'https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public', + 'https://keys.datadoghq.com/DATADOG_RPM_KEY.public', ] case $agent_major_version { 5 : { fail('Agent v5 package not available in SUSE') } 6 : { $gpgkeys = $all_keys } - 7 : { $gpgkeys = $all_keys[1,2] } + 7 : { $gpgkeys = $all_keys[0,-2] } default: { fail('invalid agent_major_version') } } @@ -59,7 +61,8 @@ autorefresh => 1, name => 'datadog', gpgcheck => 1, - gpgkey => join($gpgkeys, " "), + # zypper on SUSE < 15 only understands a single gpgkey value + gpgkey => (Float($::operatingsystemmajrelease) >= 15.0) ? { true => join($gpgkeys, "\n "), default => $current_key }, keeppackages => 1, } diff --git a/spec/classes/datadog_agent_redhat_spec.rb b/spec/classes/datadog_agent_redhat_spec.rb index 6d7ec966..c3aa12e3 100644 --- a/spec/classes/datadog_agent_redhat_spec.rb +++ b/spec/classes/datadog_agent_redhat_spec.rb @@ -27,9 +27,10 @@ is_expected.to contain_yumrepo('datadog') .with_enabled(1)\ .with_gpgcheck(1)\ - .with_gpgkey('https://yum.datadoghq.com/DATADOG_RPM_KEY.public - https://yum.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public - https://yum.datadoghq.com/DATADOG_RPM_KEY_20200908.public')\ + .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public + https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public + https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public + https://keys.datadoghq.com/DATADOG_RPM_KEY.public')\ .with_baseurl('https://yum.datadoghq.com/rpm/x86_64/') end end @@ -74,9 +75,10 @@ is_expected.to contain_yumrepo('datadog') .with_enabled(1)\ .with_gpgcheck(1)\ - .with_gpgkey('https://yum.datadoghq.com/DATADOG_RPM_KEY.public - https://yum.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public - https://yum.datadoghq.com/DATADOG_RPM_KEY_20200908.public')\ + .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public + https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public + https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public + https://keys.datadoghq.com/DATADOG_RPM_KEY.public')\ .with_baseurl('https://yum.datadoghq.com/stable/6/x86_64/') end end @@ -122,8 +124,9 @@ is_expected.to contain_yumrepo('datadog') .with_enabled(1)\ .with_gpgcheck(1)\ - .with_gpgkey('https://yum.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public - https://yum.datadoghq.com/DATADOG_RPM_KEY_20200908.public')\ + .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public + https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public + https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public')\ .with_baseurl('https://yum.datadoghq.com/stable/7/x86_64/') end end diff --git a/spec/classes/datadog_agent_suse_spec.rb b/spec/classes/datadog_agent_suse_spec.rb index 7309d4bb..4bb12e26 100644 --- a/spec/classes/datadog_agent_suse_spec.rb +++ b/spec/classes/datadog_agent_suse_spec.rb @@ -12,35 +12,88 @@ } end - context 'agent 6' do - let(:params) do + context 'suse >= 15' do + let(:facts) do { - agent_major_version: 6, + operatingsystemmajrelease: '15', } end - it do - is_expected.to contain_zypprepo('datadog') - .with_enabled(1)\ - .with_gpgcheck(1)\ - .with_gpgkey('https://yum.datadoghq.com/DATADOG_RPM_KEY.public https://yum.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public https://yum.datadoghq.com/DATADOG_RPM_KEY_20200908.public')\ - .with_baseurl('https://yum.datadoghq.com/suse/stable/6/x86_64') + context 'agent 6' do + let(:params) do + { + agent_major_version: 6, + } + end + + it do + is_expected.to contain_zypprepo('datadog') + .with_enabled(1)\ + .with_gpgcheck(1)\ + .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public + https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public + https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public + https://keys.datadoghq.com/DATADOG_RPM_KEY.public')\ + .with_baseurl('https://yum.datadoghq.com/suse/stable/6/x86_64') + end + end + + context 'agent 7' do + let(:params) do + { + agent_major_version: 7, + } + end + + it do + is_expected.to contain_zypprepo('datadog') + .with_enabled(1)\ + .with_gpgcheck(1)\ + .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public + https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public + https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public')\ + .with_baseurl('https://yum.datadoghq.com/suse/stable/7/x86_64') + end end end - context 'agent 7' do - let(:params) do + context 'suse < 15' do + let(:facts) do { - agent_major_version: 7, + operatingsystemmajrelease: '14', } end - it do - is_expected.to contain_zypprepo('datadog') - .with_enabled(1)\ - .with_gpgcheck(1)\ - .with_gpgkey('https://yum.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public https://yum.datadoghq.com/DATADOG_RPM_KEY_20200908.public')\ - .with_baseurl('https://yum.datadoghq.com/suse/stable/7/x86_64') + context 'agent 6' do + let(:params) do + { + agent_major_version: 6, + } + end + + it do + is_expected.to contain_zypprepo('datadog') + .with_enabled(1)\ + .with_gpgcheck(1)\ + .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public')\ + .with_baseurl('https://yum.datadoghq.com/suse/stable/6/x86_64') + end + end + + context 'agent 7' do + let(:params) do + { + agent_major_version: 7, + } + end + + it do + is_expected.to contain_zypprepo('datadog') + .with_enabled(1)\ + .with_gpgcheck(1)\ + .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public')\ + .with_baseurl('https://yum.datadoghq.com/suse/stable/7/x86_64') + end end end From 7bd38d140b52d3c7742b1799f490537897e9e5df Mon Sep 17 00:00:00 2001 From: Albert Vaca Cintora Date: Fri, 23 Apr 2021 18:31:04 +0200 Subject: [PATCH 04/30] Fix tool_version being unknown in install_info (#692) --- manifests/init.pp | 2 -- spec/classes/datadog_agent_spec.rb | 2 +- templates/install_info.erb | 2 +- 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 9b51cd04..18fb833d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -400,8 +400,6 @@ $local_integrations = $integrations } - $_puppetversion = lookup({ 'name' => '::puppetversion', 'default_value' => 'unknown'}) - include datadog_agent::params case upcase($log_level) { 'CRITICAL': { $_loglevel = 'CRITICAL' } diff --git a/spec/classes/datadog_agent_spec.rb b/spec/classes/datadog_agent_spec.rb index 9fd94e8a..b5ce9713 100644 --- a/spec/classes/datadog_agent_spec.rb +++ b/spec/classes/datadog_agent_spec.rb @@ -1701,7 +1701,7 @@ it 'adds an install_info' do expect(install_info['install_method']).to match( 'tool' => 'puppet', - 'tool_version' => %r{^puppet-(\d+\.\d+\.\d+|unknown)$}, + 'tool_version' => %r{^puppet-unknown$}, # puppetversion is not set in tests, this field has to be tested manually 'installer_version' => %r{^datadog_module-\d+\.\d+\.\d+$}, ) end diff --git a/templates/install_info.erb b/templates/install_info.erb index 8036d7db..fa2c7c25 100644 --- a/templates/install_info.erb +++ b/templates/install_info.erb @@ -1,5 +1,5 @@ --- install_method: tool: puppet - tool_version: puppet-<%= @_puppetversion %> + tool_version: puppet-<%= @facts['puppetversion'] or 'unknown' %> installer_version: datadog_module-<%= @module_metadata['version'] %> From 1504454627fc53721058acfa342286d54875d712 Mon Sep 17 00:00:00 2001 From: Slavek Kabrda Date: Wed, 28 Apr 2021 15:34:56 +0200 Subject: [PATCH 05/30] Enable repo_gpgcheck for RPM repositories by default (#693) --- .fixtures.yml | 4 +- kitchen.yml | 4 ++ manifests/init.pp | 10 +++ manifests/redhat.pp | 34 +++++++++-- manifests/suse.pp | 17 ++++++ spec/classes/datadog_agent_redhat_spec.rb | 74 ++++++++++++++++++++++- spec/classes/datadog_agent_suse_spec.rb | 4 ++ 7 files changed, 138 insertions(+), 9 deletions(-) diff --git a/.fixtures.yml b/.fixtures.yml index 949dda2e..706edda4 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -16,7 +16,9 @@ fixtures: forge_modules: yumrepo_core: "puppetlabs/yumrepo_core" powershell: "puppetlabs/powershell" - zypprepo: "puppet/zypprepo" + zypprepo: + repo: "puppet/zypprepo" + ref: "3.1.0" symlinks: custom_datadog: "#{source_dir}/spec/custom_fixtures/custom_datadog" datadog_agent: "#{source_dir}" diff --git a/kitchen.yml b/kitchen.yml index 23292d84..4528387a 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -68,6 +68,10 @@ platforms: - cd /home/kitchen/puppet && r10k puppetfile install --moduledir=/tmp/modules - name: opensuse/leap-15 + # Workaround for flakes on initializing opensuse/leap-15: + # => SCP did not finish successfully (255): (Net::SCP::Error) + transport: + max_ssh_sessions: 1 driver_config: # we use a custom image that runs systemd image: 'datadog/docker-library:chef_kitchen_systemd_opensuse_leap_15' diff --git a/manifests/init.pp b/manifests/init.pp index 18fb833d..264ca41e 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -221,6 +221,13 @@ # RPM: https://yum.datadoghq.com/stable/7/x86_64/ (with matching agent version and architecture) # Windows: https://https://s3.amazonaws.com/ddagent-windows-stable/ # String. Default: undef +# $rpm_repo_gpgcheck +# Whether or not to perform repodata signature check for RPM repositories. +# Applies to Red Hat and SUSE platforms. When set to `undef`, this is activated +# for all Agent versions other than 5 when `agent_repo_uri` is also undefinded. +# The `undef` value also translates to `false` on RHEL/CentOS 8.1 because +# of a bug in libdnf: https://bugzilla.redhat.com/show_bug.cgi?id=1792506 +# Boolean. Default: undef # $apt_release # The distribution channel to be used for the APT repo. Eg: 'stable' or 'beta'. # String. Default: stable @@ -334,6 +341,7 @@ Boolean $container_collect_all = $datadog_agent::params::container_collect_all, Hash[String[1], Data] $agent_extra_options = {}, Optional[String] $agent_repo_uri = undef, + Optional[Boolean] $rpm_repo_gpgcheck = undef, Optional[Boolean] $use_apt_backup_keyserver = $datadog_agent::params::use_apt_backup_keyserver, String $apt_backup_keyserver = $datadog_agent::params::apt_backup_keyserver, String $apt_keyserver = $datadog_agent::params::apt_keyserver, @@ -438,6 +446,7 @@ agent_repo_uri => $agent_repo_uri, manage_repo => $manage_repo, agent_version => $agent_version, + rpm_repo_gpgcheck => $rpm_repo_gpgcheck, } } 'Windows' : { @@ -462,6 +471,7 @@ agent_flavor => $agent_flavor, agent_repo_uri => $agent_repo_uri, agent_version => $agent_version, + rpm_repo_gpgcheck => $rpm_repo_gpgcheck, } } default: { fail("Class[datadog_agent]: Unsupported operatingsystem: ${::operatingsystem}") } diff --git a/manifests/redhat.pp b/manifests/redhat.pp index df19f884..fbd0b765 100644 --- a/manifests/redhat.pp +++ b/manifests/redhat.pp @@ -9,6 +9,7 @@ Boolean $manage_repo = true, String $agent_version = $datadog_agent::params::agent_version, String $agent_flavor = $datadog_agent::params::package_name, + Optional[Boolean] $rpm_repo_gpgcheck = undef, ) inherits datadog_agent::params { if $manage_repo { @@ -19,6 +20,28 @@ 'https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public', 'https://keys.datadoghq.com/DATADOG_RPM_KEY.public', ] + if ($rpm_repo_gpgcheck != undef) { + $repo_gpgcheck = $rpm_repo_gpgcheck + } else { + if ($agent_repo_uri == undef) and ($agent_major_version > 5) { + case $::operatingsystem { + 'RedHat', 'CentOS', 'OracleLinux': { + # disable repo_gpgcheck on 8.1 because of https://bugzilla.redhat.com/show_bug.cgi?id=1792506 + if $::operatingsystemrelease =~ /^8.1/ { + $repo_gpgcheck = false + } else { + $repo_gpgcheck = true + } + } + default: { + $repo_gpgcheck = true + } + } + } else { + $repo_gpgcheck = false + } + + } case $agent_major_version { 5 : { @@ -55,11 +78,12 @@ } yumrepo {'datadog': - enabled => 1, - gpgcheck => 1, - gpgkey => join($gpgkeys, "\n "), - descr => 'Datadog, Inc.', - baseurl => $baseurl, + enabled => 1, + gpgcheck => 1, + gpgkey => join($gpgkeys, "\n "), + repo_gpgcheck => $repo_gpgcheck, + descr => 'Datadog, Inc.', + baseurl => $baseurl, } package { $agent_flavor: diff --git a/manifests/suse.pp b/manifests/suse.pp index bb739927..12fab0b8 100644 --- a/manifests/suse.pp +++ b/manifests/suse.pp @@ -9,6 +9,7 @@ String $release = $datadog_agent::params::apt_default_release, Optional[String] $agent_repo_uri = undef, String $agent_flavor = $datadog_agent::params::package_name, + Optional[Boolean] $rpm_repo_gpgcheck = undef, ) inherits datadog_agent::params { $current_key = 'https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public' @@ -19,6 +20,16 @@ 'https://keys.datadoghq.com/DATADOG_RPM_KEY.public', ] + if ($rpm_repo_gpgcheck != undef) { + $repo_gpgcheck = $rpm_repo_gpgcheck + } else { + if ($agent_repo_uri == undef) { + $repo_gpgcheck = true + } else { + $repo_gpgcheck = false + } + } + case $agent_major_version { 5 : { fail('Agent v5 package not available in SUSE') } 6 : { $gpgkeys = $all_keys } @@ -63,6 +74,12 @@ gpgcheck => 1, # zypper on SUSE < 15 only understands a single gpgkey value gpgkey => (Float($::operatingsystemmajrelease) >= 15.0) ? { true => join($gpgkeys, "\n "), default => $current_key }, + # TODO: when updating zypprepo to 4.0.0, uncomment the repo_gpgcheck line + # For now, we can leave this commented, as zypper by default does repodata + # signature checks if the repomd.xml.asc is present, so repodata checks + # are effective for most users anyway. We'll make this explicit when we + # update zypprepo version. + # repo_gpgcheck => $repo_gpgcheck, keeppackages => 1, } diff --git a/spec/classes/datadog_agent_redhat_spec.rb b/spec/classes/datadog_agent_redhat_spec.rb index c3aa12e3..cbc4263c 100644 --- a/spec/classes/datadog_agent_redhat_spec.rb +++ b/spec/classes/datadog_agent_redhat_spec.rb @@ -31,7 +31,8 @@ https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public https://keys.datadoghq.com/DATADOG_RPM_KEY.public')\ - .with_baseurl('https://yum.datadoghq.com/rpm/x86_64/') + .with_baseurl('https://yum.datadoghq.com/rpm/x86_64/')\ + .with_repo_gpgcheck(false) end end context 'with manage_repo => false' do @@ -79,7 +80,8 @@ https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public https://keys.datadoghq.com/DATADOG_RPM_KEY.public')\ - .with_baseurl('https://yum.datadoghq.com/stable/6/x86_64/') + .with_baseurl('https://yum.datadoghq.com/stable/6/x86_64/')\ + .with_repo_gpgcheck(true) end end context 'with manage_repo => false' do @@ -127,7 +129,8 @@ .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public')\ - .with_baseurl('https://yum.datadoghq.com/stable/7/x86_64/') + .with_baseurl('https://yum.datadoghq.com/stable/7/x86_64/')\ + .with_repo_gpgcheck(true) end end context 'with manage_repo => false' do @@ -151,4 +154,69 @@ .with_ensure('latest') end end + + context 'rhel 8.1' do + # we expect repo_gpgcheck to be false on 8.1 + let(:facts) do + { + osfamily: 'redhat', + operatingsystem: 'RedHat', + operatingsystemrelease: '8.1', + architecture: 'x86_64', + } + end + + # it should install the mirror + context 'with manage_repo => true' do + let(:params) do + { + manage_repo: true, agent_major_version: 7 + } + end + + it do + is_expected.to contain_yumrepo('datadog') + .with_enabled(1)\ + .with_gpgcheck(1)\ + .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public + https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public + https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public')\ + .with_baseurl('https://yum.datadoghq.com/stable/7/x86_64/')\ + .with_repo_gpgcheck(false) + end + end + end + + context 'rhel 8.2' do + # we expect repo_gpgcheck to be true on 8.2 (and later) + let(:facts) do + { + osfamily: 'redhat', + operatingsystem: 'RedHat', + operatingsystemrelease: '8.2', + architecture: 'x86_64', + } + end + + # it should install the mirror + context 'with manage_repo => true' do + let(:params) do + { + manage_repo: true, agent_major_version: 7 + } + end + + it do + # we expect repo_gpgcheck to be false on 8.1 + is_expected.to contain_yumrepo('datadog') + .with_enabled(1)\ + .with_gpgcheck(1)\ + .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public + https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public + https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public')\ + .with_baseurl('https://yum.datadoghq.com/stable/7/x86_64/')\ + .with_repo_gpgcheck(true) + end + end + end end diff --git a/spec/classes/datadog_agent_suse_spec.rb b/spec/classes/datadog_agent_suse_spec.rb index 4bb12e26..23ea3433 100644 --- a/spec/classes/datadog_agent_suse_spec.rb +++ b/spec/classes/datadog_agent_suse_spec.rb @@ -35,6 +35,7 @@ https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public https://keys.datadoghq.com/DATADOG_RPM_KEY.public')\ .with_baseurl('https://yum.datadoghq.com/suse/stable/6/x86_64') + # .with_repo_gpgcheck(true) end end @@ -53,6 +54,7 @@ https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public')\ .with_baseurl('https://yum.datadoghq.com/suse/stable/7/x86_64') + # .with_repo_gpgcheck(true) end end end @@ -77,6 +79,7 @@ .with_gpgcheck(1)\ .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public')\ .with_baseurl('https://yum.datadoghq.com/suse/stable/6/x86_64') + # .with_repo_gpgcheck(true) end end @@ -93,6 +96,7 @@ .with_gpgcheck(1)\ .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public')\ .with_baseurl('https://yum.datadoghq.com/suse/stable/7/x86_64') + # .with_repo_gpgcheck(true) end end end From b9e8d150f13c667a7202bd2ea03afbcaf30f4553 Mon Sep 17 00:00:00 2001 From: Albert Vaca Cintora Date: Thu, 6 May 2021 15:48:05 +0200 Subject: [PATCH 06/30] Release 3.12.0 (#694) Update metadata and changelog. --- CHANGELOG.md | 16 +++++++++++++++- metadata.json | 2 +- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2f657199..8f41283a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,14 @@ Changes ======= +# 3.12.0 / 2021-05-06 + +* [FEATURE] Support for NPM on Windows [#688][] +* [FEATURE] Enable repo_gpgcheck for RPM repositories by default [#693][] +* [FEATURE] Add the 'current' gpg key, only use 1 gpgkey on suse < 15 [#687][] +* [BUGFIX] Fix typo in network.yaml.erb [#690][] (Thanks [@florusboth][]) +* [BUGFIX] Fix tool_version being unknown in install_info [#692][] + # 3.11.0 / 2021-03-01 * [FEATURE] Add support for SUSE distros [#682][] @@ -824,6 +832,11 @@ Please read the [docs]() for more details. [#681]: https://github.com/DataDog/puppet-datadog-agent/issues/681 [#682]: https://github.com/DataDog/puppet-datadog-agent/issues/682 [#686]: https://github.com/DataDog/puppet-datadog-agent/issues/686 +[#687]: https://github.com/DataDog/puppet-datadog-agent/issues/687 +[#688]: https://github.com/DataDog/puppet-datadog-agent/issues/688 +[#690]: https://github.com/DataDog/puppet-datadog-agent/issues/690 +[#692]: https://github.com/DataDog/puppet-datadog-agent/issues/692 +[#693]: https://github.com/DataDog/puppet-datadog-agent/issues/693 [@Aramack]: https://github.com/Aramack [@BIAndrews]: https://github.com/BIAndrews [@ChannoneArif-nbcuni]: https://github.com/ChannoneArif-nbcuni @@ -875,6 +888,7 @@ Please read the [docs]() for more details. [@ewansteele]: https://github.com/ewansteele [@ffleming]: https://github.com/ffleming [@ffrants]: https://github.com/ffrants +[@florusboth]: https://github.com/florusboth [@flyinbutrs]: https://github.com/flyinbutrs [@flyinprogrammer]: https://github.com/flyinprogrammer [@fr3nd]: https://github.com/fr3nd @@ -936,4 +950,4 @@ Please read the [docs]() for more details. [@yrcjaya]: https://github.com/yrcjaya [@zabacad]: https://github.com/zabacad [@zickzackv]: https://github.com/zickzackv -[@zoom-kris-anderson]: https://github.com/zoom-kris-anderson \ No newline at end of file +[@zoom-kris-anderson]: https://github.com/zoom-kris-anderson diff --git a/metadata.json b/metadata.json index 23a3f677..54bf4a22 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "datadog-datadog_agent", - "version": "3.11.0", + "version": "3.12.0", "author": "James Turnbull , Rob Terhaar , Jaime Fullaondo , Albert Vaca ", "summary": "Install the Datadog monitoring agent and report Puppet runs to Datadog", "license": "Apache-2.0", From 47741efca92d2af17927e827a89db72b5d7df4e3 Mon Sep 17 00:00:00 2001 From: florusboth Date: Fri, 7 May 2021 15:40:42 +0200 Subject: [PATCH 07/30] update excluded_interface_re type to String (#696) Current version expected an array of strings which broke the network/conf.yaml file as datadog-agent threw an error. --- manifests/integrations/network.pp | 6 ++---- templates/agent-conf.d/network.yaml.erb | 5 +---- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/manifests/integrations/network.pp b/manifests/integrations/network.pp index 0ef6389d..1ee813a2 100644 --- a/manifests/integrations/network.pp +++ b/manifests/integrations/network.pp @@ -14,9 +14,7 @@ # 'lo0', # 'lo', # ], -# excluded_interface_re => [ -# 'eth1.*' -# ] +# excluded_interface_re = 'eth1.*', # combine_connection_states => true # } # @@ -24,7 +22,7 @@ class datadog_agent::integrations::network( Boolean $collect_connection_state = false, Array[String] $excluded_interfaces = ['lo','lo0'], - Array $excluded_interface_re = [], + String $excluded_interface_re = '', Boolean $combine_connection_states = true, ) inherits datadog_agent::params { include ::datadog_agent diff --git a/templates/agent-conf.d/network.yaml.erb b/templates/agent-conf.d/network.yaml.erb index 17088a92..00de0563 100644 --- a/templates/agent-conf.d/network.yaml.erb +++ b/templates/agent-conf.d/network.yaml.erb @@ -11,9 +11,6 @@ instances: <% end ) -%> <% end -%> <% if !@excluded_interface_re.empty? -%> - excluded_interface_re: -<%- (@excluded_interface_re.each do |interface| -%> - - <%= interface %> -<% end ) -%> + excluded_interface_re: <%= @excluded_interface_re %> <% end -%> combine_connection_states: <%= @combine_connection_states %> From 93ed6a6c846fb2e8f177519ab1a737e13506b694 Mon Sep 17 00:00:00 2001 From: Adam Stanton Date: Wed, 12 May 2021 09:17:36 -0700 Subject: [PATCH 08/30] Include 'datadog_agent' class in the catalog when using the generic integration (#697) We encountered an issue when using `datadog_agent::integrations::generic` where the `::datadog_agent::_agent_major_version` variable was undefined. It looks like the class was not including the `datadog_agent` class in the catalog like all other integrations: This commit simply adds the include, bringing this integration in line with the rest. --- manifests/integrations/generic.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/integrations/generic.pp b/manifests/integrations/generic.pp index 3835b8d7..880f1722 100644 --- a/manifests/integrations/generic.pp +++ b/manifests/integrations/generic.pp @@ -21,6 +21,7 @@ Optional[String] $integration_name = undef, Optional[String] $integration_contents = undef, ) inherits datadog_agent::params { + include datadog_agent $legacy_dst = "${datadog_agent::params::legacy_conf_dir}/${integration_name}.yaml" if $::datadog_agent::_agent_major_version > 5 { From ea4d9b17790097969c2d0bf52ee586e3f145057a Mon Sep 17 00:00:00 2001 From: Slavek Kabrda Date: Thu, 13 May 2021 14:54:44 +0200 Subject: [PATCH 09/30] Improvements for APT keys management (#698) * By default, get keys from keys.datadoghq.com, not Ubuntu keyserver * Always add the DATADOG_APT_KEY_CURRENT.public key (contains key used to sign current repodata) * Add 'signed-by' option to all sources list lines * On Debian >= 9 and Ubuntu >= 16, only add keys to /usr/share/keyrings/datadog-archive-keyring.gpg * On older systems, also add the same keyring to /etc/apt/trusted.gpg.d --- manifests/init.pp | 18 ++-- manifests/params.pp | 3 - manifests/ubuntu.pp | 41 +++++-- spec/classes/datadog_agent_spec.rb | 32 ++---- spec/classes/datadog_agent_ubuntu_spec.rb | 125 ++++++++++++++++------ 5 files changed, 146 insertions(+), 73 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 264ca41e..9804bf76 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -342,9 +342,11 @@ Hash[String[1], Data] $agent_extra_options = {}, Optional[String] $agent_repo_uri = undef, Optional[Boolean] $rpm_repo_gpgcheck = undef, - Optional[Boolean] $use_apt_backup_keyserver = $datadog_agent::params::use_apt_backup_keyserver, - String $apt_backup_keyserver = $datadog_agent::params::apt_backup_keyserver, - String $apt_keyserver = $datadog_agent::params::apt_keyserver, + # TODO: $use_apt_backup_keyserver, $apt_backup_keyserver and $apt_keyserver can be + # removed in the next major version; they're kept now for backwards compatibility + Optional[Boolean] $use_apt_backup_keyserver = undef, + Optional[String] $apt_backup_keyserver = undef, + Optional[String] $apt_keyserver = undef, String $apt_release = $datadog_agent::params::apt_default_release, String $win_msi_location = 'C:/Windows/temp', # Temporary directory where the msi file is downloaded, must exist Enum['present', 'absent'] $win_ensure = 'present', #TODO: Implement uninstall also for apt and rpm install methods @@ -424,10 +426,11 @@ if $manage_install { case $::operatingsystem { 'Ubuntu','Debian' : { - if $use_apt_backup_keyserver { - $_apt_keyserver = $apt_backup_keyserver - } else { - $_apt_keyserver = $apt_keyserver + if $use_apt_backup_keyserver != undef or $apt_backup_keyserver != undef or $apt_keyserver != undef { + notify { 'apt keyserver arguments deprecation': + message => '$use_apt_backup_keyserver, $apt_backup_keyserver and $apt_keyserver are deprecated since version 3.13.0', + loglevel => 'warning', + } } class { 'datadog_agent::ubuntu': agent_major_version => $_agent_major_version, @@ -436,7 +439,6 @@ agent_repo_uri => $agent_repo_uri, release => $apt_release, skip_apt_key_trusting => $skip_apt_key_trusting, - apt_keyserver => $_apt_keyserver, } } 'RedHat','CentOS','Fedora','Amazon','Scientific','OracleLinux' : { diff --git a/manifests/params.pp b/manifests/params.pp index 0b7b9294..afe8d1e1 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -19,9 +19,6 @@ $logs_enabled = false $logs_open_files_limit = undef $container_collect_all = false - $use_apt_backup_keyserver = false - $apt_backup_keyserver = 'hkp://pool.sks-keyservers.net:80' - $apt_keyserver = 'hkp://keyserver.ubuntu.com:80' $sysprobe_service_name = 'datadog-agent-sysprobe' $module_metadata = load_module_metadata($module_name) diff --git a/manifests/ubuntu.pp b/manifests/ubuntu.pp index 7f1b83b1..20e2b6c6 100644 --- a/manifests/ubuntu.pp +++ b/manifests/ubuntu.pp @@ -5,13 +5,18 @@ class datadog_agent::ubuntu( Integer $agent_major_version = $datadog_agent::params::default_agent_major_version, - Array[String] $apt_keys = ['A2923DFF56EDA6E76E55E492D3A80E30382E94DE', 'D75CEA17048B9ACBF186794B32637D44F14F620E'], String $agent_version = $datadog_agent::params::agent_version, Optional[String] $agent_repo_uri = undef, String $release = $datadog_agent::params::apt_default_release, Boolean $skip_apt_key_trusting = false, - String $apt_keyserver = $datadog_agent::params::apt_keyserver, String $agent_flavor = $datadog_agent::params::package_name, + Optional[String] $apt_trusted_d_keyring = '/etc/apt/trusted.gpg.d/datadog-archive-keyring.gpg', + Optional[String] $apt_usr_share_keyring = '/usr/share/keyrings/datadog-archive-keyring.gpg', + Optional[Hash[String, String]] $apt_default_keys = { + 'DATADOG_APT_KEY_CURRENT.public' => 'https://keys.datadoghq.com/DATADOG_APT_KEY_CURRENT.public', + 'D75CEA17048B9ACBF186794B32637D44F14F620E' => 'https://keys.datadoghq.com/DATADOG_APT_KEY_F14F620E.public', + 'A2923DFF56EDA6E76E55E492D3A80E30382E94DE' => 'https://keys.datadoghq.com/DATADOG_APT_KEY_382E94DE.public', + }, ) inherits datadog_agent::params { if $agent_version =~ /^[0-9]+\.[0-9]+\.[0-9]+((?:~|-)[^0-9\s-]+[^-\s]*)?$/ { @@ -29,10 +34,32 @@ } if !$skip_apt_key_trusting { - $apt_keys.each |String $apt_key| { - apt::key { $apt_key: - id => $apt_key, - server => $apt_keyserver, + file { $apt_usr_share_keyring: + ensure => file, + mode => '0644', + } + + $apt_default_keys.each |String $key_fingerprint, String $key_url| { + $key_path = "/tmp/${key_fingerprint}" + + file { $key_path: + owner => root, + group => root, + mode => '0600', + source => $key_url, + } + + exec { "ensure key ${key_fingerprint} is imported in APT keyring": + command => "/bin/cat /tmp/${key_fingerprint} | gpg --import --batch --no-default-keyring --keyring ${apt_usr_share_keyring}", + unless => "/bin/cat /tmp/${key_fingerprint} | gpg --dry-run --import --batch --no-default-keyring --keyring ${apt_usr_share_keyring} 2>&1 | grep 'unchanged: 1'", + } + } + + if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '16') == -1) or + ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') == -1) { + file { $apt_trusted_d_keyring: + mode => '0644', + source => "file://${apt_usr_share_keyring}", } } } @@ -40,7 +67,7 @@ if ($agent_repo_uri != undef) { $location = $agent_repo_uri } else { - $location = 'https://apt.datadoghq.com/' + $location = "[signed-by=${apt_usr_share_keyring}] https://apt.datadoghq.com/" } apt::source { 'datadog-beta': diff --git a/spec/classes/datadog_agent_spec.rb b/spec/classes/datadog_agent_spec.rb index b5ce9713..c0ffa73c 100644 --- a/spec/classes/datadog_agent_spec.rb +++ b/spec/classes/datadog_agent_spec.rb @@ -34,7 +34,7 @@ it do is_expected.to contain_file('/etc/apt/sources.list.d/datadog.list')\ - .with_content(%r{deb\s+https://apt.datadoghq.com/\s+stable\s+main}) + .with_content(%r{deb\s+\[signed-by=/usr/share/keyrings/datadog-archive-keyring.gpg\]\s+https://apt.datadoghq.com/\s+stable\s+main}) end end @@ -53,7 +53,7 @@ it do is_expected.to contain_file('/etc/apt/sources.list.d/datadog.list')\ - .with_content(%r{deb\s+https://apt.datadoghq.com/\s+stable\s+6}) + .with_content(%r{deb\s+\[signed-by=/usr/share/keyrings/datadog-archive-keyring.gpg\]\s+https://apt.datadoghq.com/\s+stable\s+6}) end end @@ -72,7 +72,7 @@ it do is_expected.to contain_file('/etc/apt/sources.list.d/datadog.list')\ - .with_content(%r{deb\s+https://apt.datadoghq.com/\s+stable\s+7}) + .with_content(%r{deb\s+\[signed-by=/usr/share/keyrings/datadog-archive-keyring.gpg\]\s+https://apt.datadoghq.com/\s+stable\s+7}) end end @@ -91,7 +91,7 @@ it do is_expected.to contain_file('/etc/apt/sources.list.d/datadog.list')\ - .with_content(%r{deb\s+https://apt.datadoghq.com/\s+stable\s+6}) + .with_content(%r{deb\s+\[signed-by=/usr/share/keyrings/datadog-archive-keyring.gpg\]\s+https://apt.datadoghq.com/\s+stable\s+6}) end end @@ -110,7 +110,7 @@ it do is_expected.to contain_file('/etc/apt/sources.list.d/datadog.list')\ - .with_content(%r{deb\s+https://apt.datadoghq.com/\s+stable\s+6}) + .with_content(%r{deb\s+\[signed-by=/usr/share/keyrings/datadog-archive-keyring.gpg\]\s+https://apt.datadoghq.com/\s+stable\s+6}) end end @@ -129,7 +129,7 @@ it do is_expected.to contain_file('/etc/apt/sources.list.d/datadog.list')\ - .with_content(%r{deb\s+https://apt.datadoghq.com/\s+stable\s+6}) + .with_content(%r{deb\s+\[signed-by=/usr/share/keyrings/datadog-archive-keyring.gpg\]\s+https://apt.datadoghq.com/\s+stable\s+6}) end end @@ -1606,25 +1606,7 @@ end end - if DEBIAN_OS.include?(operatingsystem) - it do - is_expected.to contain_class('datadog_agent::ubuntu')\ - .with_apt_keyserver('hkp://keyserver.ubuntu.com:80') - end - context 'use backup keyserver' do - let(:params) do - { - use_apt_backup_keyserver: true, - agent_major_version: 5, - } - end - - it do - is_expected.to contain_class('datadog_agent::ubuntu')\ - .with_apt_keyserver('hkp://pool.sks-keyservers.net:80') - end - end - elsif REDHAT_OS.include?(operatingsystem) + if REDHAT_OS.include?(operatingsystem) it { is_expected.to contain_class('datadog_agent::redhat') } end end diff --git a/spec/classes/datadog_agent_ubuntu_spec.rb b/spec/classes/datadog_agent_ubuntu_spec.rb index 3676ba25..c3a498c6 100644 --- a/spec/classes/datadog_agent_ubuntu_spec.rb +++ b/spec/classes/datadog_agent_ubuntu_spec.rb @@ -1,5 +1,25 @@ require 'spec_helper' +shared_examples 'old debianoid' do + it do + is_expected.to contain_file('/usr/share/keyrings/datadog-archive-keyring.gpg') + is_expected.to contain_file('/etc/apt/trusted.gpg.d/datadog-archive-keyring.gpg') + is_expected.to contain_exec('ensure key DATADOG_APT_KEY_CURRENT.public is imported in APT keyring') + is_expected.to contain_exec('ensure key D75CEA17048B9ACBF186794B32637D44F14F620E is imported in APT keyring') + is_expected.to contain_exec('ensure key A2923DFF56EDA6E76E55E492D3A80E30382E94DE is imported in APT keyring') + end +end + +shared_examples 'new debianoid' do + it do + is_expected.to contain_file('/usr/share/keyrings/datadog-archive-keyring.gpg') + is_expected.not_to contain_file('/etc/apt/trusted.gpg.d/datadog-archive-keyring.gpg') + is_expected.to contain_exec('ensure key DATADOG_APT_KEY_CURRENT.public is imported in APT keyring') + is_expected.to contain_exec('ensure key D75CEA17048B9ACBF186794B32637D44F14F620E is imported in APT keyring') + is_expected.to contain_exec('ensure key A2923DFF56EDA6E76E55E492D3A80E30382E94DE is imported in APT keyring') + end +end + describe 'datadog_agent::ubuntu' do context 'agent 5' do if RSpec::Support::OS.windows? @@ -23,30 +43,11 @@ is_expected.to contain_file('/etc/apt/sources.list.d/datadog6.list') .with_ensure('absent') is_expected.to contain_file('/etc/apt/sources.list.d/datadog.list')\ - .with_content(%r{deb\s+https://apt.datadoghq.com/\s+stable\s+main}) + .with_content(%r{deb\s+\[signed-by=/usr/share/keyrings/datadog-archive-keyring.gpg\]\s+https://apt.datadoghq.com/\s+stable\s+main}) end # it should install the mirror it { is_expected.not_to contain_apt__key('935F5A436A5A6E8788F0765B226AE980C7A7DA52') } - it do - is_expected.to contain_apt__key('A2923DFF56EDA6E76E55E492D3A80E30382E94DE') - is_expected.to contain_apt__key('D75CEA17048B9ACBF186794B32637D44F14F620E') - end - - context 'overriding keyserver' do - let(:params) do - { - apt_keyserver: 'hkp://pool.sks-keyservers.net:80', - } - end - - it do - is_expected.to contain_apt__key('A2923DFF56EDA6E76E55E492D3A80E30382E94DE')\ - .with_server('hkp://pool.sks-keyservers.net:80') - is_expected.to contain_apt__key('D75CEA17048B9ACBF186794B32637D44F14F620E')\ - .with_server('hkp://pool.sks-keyservers.net:80') - end - end it do is_expected.to contain_file('/etc/apt/sources.list.d/datadog.list')\ @@ -87,15 +88,11 @@ is_expected.to contain_file('/etc/apt/sources.list.d/datadog6.list') .with_ensure('absent') is_expected.to contain_file('/etc/apt/sources.list.d/datadog.list')\ - .with_content(%r{deb\s+https://apt.datadoghq.com/\s+stable\s+6}) + .with_content(%r{deb\s+\[signed-by=/usr/share/keyrings/datadog-archive-keyring.gpg\]\s+https://apt.datadoghq.com/\s+stable\s+6}) end # it should install the mirror it { is_expected.not_to contain_apt__key('935F5A436A5A6E8788F0765B226AE980C7A7DA52') } - it do - is_expected.to contain_apt__key('A2923DFF56EDA6E76E55E492D3A80E30382E94DE') - is_expected.to contain_apt__key('D75CEA17048B9ACBF186794B32637D44F14F620E') - end it do is_expected.to contain_file('/etc/apt/sources.list.d/datadog6.list')\ @@ -136,13 +133,9 @@ is_expected.to contain_file('/etc/apt/sources.list.d/datadog6.list') .with_ensure('absent') is_expected.to contain_file('/etc/apt/sources.list.d/datadog.list')\ - .with_content(%r{deb\s+https://apt.datadoghq.com/\s+stable\s+7}) + .with_content(%r{deb\s+\[signed-by=/usr/share/keyrings/datadog-archive-keyring.gpg\]\s+https://apt.datadoghq.com/\s+stable\s+7}) end - # it should install the mirror - it { is_expected.not_to contain_apt__key('935F5A436A5A6E8788F0765B226AE980C7A7DA52') } - it { is_expected.to contain_apt__key('A2923DFF56EDA6E76E55E492D3A80E30382E94DE') } - it do is_expected.to contain_file('/etc/apt/sources.list.d/datadog6.list')\ .that_notifies('exec[apt_update]') @@ -161,4 +154,76 @@ .that_requires('exec[apt_update]') end end + + context 'ubuntu < 16' do + let(:params) do + { + agent_major_version: 7, + } + end + + let(:facts) do + { + osfamily: 'debian', + operatingsystem: 'Ubuntu', + operatingsystemrelease: '14.04', + } + end + + include_examples 'old debianoid' + end + + context 'ubuntu >= 16' do + let(:params) do + { + agent_major_version: 7, + } + end + + let(:facts) do + { + osfamily: 'debian', + operatingsystem: 'Ubuntu', + operatingsystemrelease: '16.04', + } + end + + include_examples 'new debianoid' + end + + context 'debian < 9' do + let(:params) do + { + agent_major_version: 7, + } + end + + let(:facts) do + { + osfamily: 'debian', + operatingsystem: 'Debian', + operatingsystemrelease: '8.0', + } + end + + include_examples 'old debianoid' + end + + context 'debian >= 9' do + let(:params) do + { + agent_major_version: 7, + } + end + + let(:facts) do + { + osfamily: 'debian', + operatingsystem: 'Debian', + operatingsystemrelease: '9.0', + } + end + + include_examples 'new debianoid' + end end From e5ab07f57691ceb0b243f68f74a47ee5f0a23ce1 Mon Sep 17 00:00:00 2001 From: Adrian Ding Date: Fri, 14 May 2021 23:36:55 +1200 Subject: [PATCH 10/30] add support for `min_collection_interval` for HTTP check (#699) --- manifests/integrations/http_check.pp | 6 ++++++ spec/classes/datadog_agent_integrations_http_check_spec.rb | 2 ++ templates/agent-conf.d/http_check.yaml.erb | 3 +++ 3 files changed, 11 insertions(+) diff --git a/manifests/integrations/http_check.pp b/manifests/integrations/http_check.pp index 4f1c3155..61c740fc 100644 --- a/manifests/integrations/http_check.pp +++ b/manifests/integrations/http_check.pp @@ -15,6 +15,10 @@ # method # The (optional) HTTP method. This setting defaults to GET, though many # other HTTP methods are supported, including POST and PUT. +# min_collection_interval +# The (optional) collection interval of the check. +# default: 15 +# https://docs.datadoghq.com/developers/write_agent_check/#collection-interval # data # The (optional) data option. Data should be a string or an array of # 'key: value' pairs and will be sent in the body of the request. @@ -170,6 +174,7 @@ $password = undef, $timeout = 1, $method = 'get', + $min_collection_interval = undef, $data = undef, $threshold = undef, $window = undef, @@ -204,6 +209,7 @@ 'password' => $password, 'timeout' => $timeout, 'method' => $method, + 'min_collection_interval' => $min_collection_interval, 'data' => $data, 'threshold' => $threshold, 'window' => $window, diff --git a/spec/classes/datadog_agent_integrations_http_check_spec.rb b/spec/classes/datadog_agent_integrations_http_check_spec.rb index 4de07344..c0eeeb82 100644 --- a/spec/classes/datadog_agent_integrations_http_check_spec.rb +++ b/spec/classes/datadog_agent_integrations_http_check_spec.rb @@ -55,6 +55,7 @@ password: 'barpassword', timeout: 123, method: 'post', + min_collection_interval: 30, data: 'key=value', threshold: 456, window: 789, @@ -80,6 +81,7 @@ it { is_expected.to contain_file(conf_file).with_content(%r{password: barpassword}) } it { is_expected.to contain_file(conf_file).with_content(%r{timeout: 123}) } it { is_expected.to contain_file(conf_file).with_content(%r{method: post}) } + it { is_expected.to contain_file(conf_file).with_content(%r{min_collection_interval: 30}) } it { is_expected.to contain_file(conf_file).with_content(%r{data: key=value}) } it { is_expected.to contain_file(conf_file).with_content(%r{threshold: 456}) } it { is_expected.to contain_file(conf_file).with_content(%r{window: 789}) } diff --git a/templates/agent-conf.d/http_check.yaml.erb b/templates/agent-conf.d/http_check.yaml.erb index 30ebdbb2..46487072 100644 --- a/templates/agent-conf.d/http_check.yaml.erb +++ b/templates/agent-conf.d/http_check.yaml.erb @@ -12,6 +12,9 @@ instances: <% if instance['method'] -%> method: <%= instance['method'] %> <% end -%> +<% if instance['min_collection_interval'] -%> + min_collection_interval: <%= instance['min_collection_interval'] %> +<% end -%> <% if instance['data'].is_a?(String) -%> data: <%= instance['data'] %> <% elsif instance['data'].is_a?(Array) -%> From 6c34e03dc7436351834438bdb221849c1d9476dd Mon Sep 17 00:00:00 2001 From: Slavek Kabrda Date: Tue, 18 May 2021 09:09:10 +0200 Subject: [PATCH 11/30] Ensure gnupg is installed on Debian/Ubuntu (#700) --- manifests/ubuntu.pp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/manifests/ubuntu.pp b/manifests/ubuntu.pp index 20e2b6c6..678a86f2 100644 --- a/manifests/ubuntu.pp +++ b/manifests/ubuntu.pp @@ -34,6 +34,10 @@ } if !$skip_apt_key_trusting { + package { 'gnupg': + ensure => installed + } + file { $apt_usr_share_keyring: ensure => file, mode => '0644', From fe5861b6ca58350bb63acb32e64495509492c303 Mon Sep 17 00:00:00 2001 From: Slavek Kabrda Date: Thu, 20 May 2021 10:33:23 +0200 Subject: [PATCH 12/30] Fix condition for adding gpg key to work with all gpg versions (#701) --- manifests/ubuntu.pp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/manifests/ubuntu.pp b/manifests/ubuntu.pp index 678a86f2..cdd37546 100644 --- a/manifests/ubuntu.pp +++ b/manifests/ubuntu.pp @@ -55,7 +55,11 @@ exec { "ensure key ${key_fingerprint} is imported in APT keyring": command => "/bin/cat /tmp/${key_fingerprint} | gpg --import --batch --no-default-keyring --keyring ${apt_usr_share_keyring}", - unless => "/bin/cat /tmp/${key_fingerprint} | gpg --dry-run --import --batch --no-default-keyring --keyring ${apt_usr_share_keyring} 2>&1 | grep 'unchanged: 1'", + # the second part extracts the fingerprint of the key from output like "fpr::::A2923DFF56EDA6E76E55E492D3A80E30382E94DE:" + unless => @("CMD"/L) + /usr/bin/gpg --no-default-keyring --keyring ${apt_usr_share_keyring} --list-keys --with-fingerprint --with-colons | grep \ + $(cat /tmp/${key_fingerprint} | gpg --with-colons --with-fingerprint 2>/dev/null | grep 'fpr:' | sed 's|^fpr||' | tr -d ':') + | CMD } } From f48eb2899c155fa72b60d14d9b2dabebb63dad85 Mon Sep 17 00:00:00 2001 From: Adrian Ding Date: Tue, 25 May 2021 22:03:13 +1200 Subject: [PATCH 13/30] Do not add process integration configuration file if not configured (#703) --- manifests/integrations/process.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/integrations/process.pp b/manifests/integrations/process.pp index fbebeaee..1a31137b 100644 --- a/manifests/integrations/process.pp +++ b/manifests/integrations/process.pp @@ -74,7 +74,7 @@ } file { $dst: - ensure => file, + ensure => $local_processes.length ? { 0 => absent, default => file}, owner => $datadog_agent::params::dd_user, group => $datadog_agent::params::dd_group, mode => $datadog_agent::params::permissions_protected_file, From 2af71fb1204b33fcb9a38e50ab48e1279ee958c7 Mon Sep 17 00:00:00 2001 From: Peter Souter Date: Mon, 21 Jun 2021 10:42:57 +0100 Subject: [PATCH 14/30] Add notes to docs around installing the gem (#708) - Note it requires restarting puppet server - Give example code on report configuration Co-authored-by: Sarina Bloodgood <57639676+sarina-dd@users.noreply.github.com> --- README.md | 53 ++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 48 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 723c8376..88314c20 100644 --- a/README.md +++ b/README.md @@ -111,15 +111,25 @@ Note it's not possible to downgrade an integration to a version older than the o To enable reporting of Puppet runs to your Datadog timeline, enable the report processor on your Puppet master and reporting for your clients. The clients send a run report after each check-in back to the master. -1. Install the [dogapi][3] gem on your system. +1. Install the [dogapi][3] gem on your system. You'll need to restart puppetserver after the gem has been installed for it to be loaded. + +If you're configuring the dogapi gem by code, you can do this with notify: + +```puppet +package { 'dogapi': + ensure => 'present', + provider => 'puppetserver_gem', + notify => Service['puppetserver'] +} +``` 2. Set the `puppet_run_reports` option to true in the node configuration manifest for your master: ```ruby - class { "datadog-agent": - api_key => "", - puppet_run_reports => true - # ... + class { 'datadog-agent': + api_key => '', + puppet_run_reports => true + # ... } ``` @@ -142,6 +152,22 @@ To enable reporting of Puppet runs to your Datadog timeline, enable the report p report=true ``` +With the [`ini_setting` module](https://forge.puppet.com/modules/puppetlabs/inifile): + +```puppet + ini_setting { 'puppet_conf_master_report_datadog_puppetdb': + ensure => present, + path => '/etc/puppetlabs/puppet/puppet.conf', + section => 'master', + setting => 'reports', + value => 'datadog_reports,puppetdb', + notify => [ + Service['puppet'], + Service['puppetserver'], + ], + } +``` + 4. On all of your Puppet client nodes, add the following in the same location: ```ini @@ -150,6 +176,21 @@ To enable reporting of Puppet runs to your Datadog timeline, enable the report p report=true ``` +With the [`ini_setting` module](https://forge.puppet.com/modules/puppetlabs/inifile): + +```puppet + ini_setting { 'puppet_conf_agent_report_true': + ensure => present, + path => '/etc/puppetlabs/puppet/puppet.conf', + section => 'agent', + setting => 'report', + value => 'true', + notify => [ + Service['puppet'], + ], + } +``` + 5. (Optional) Enable tagging of reports with facts: You can add tags to reports that are sent to Datadog as events. These tags can be sourced from Puppet facts for the given node the report is regarding. These should be 1:1 and not involve structured facts (hashes, arrays, etc.) to ensure readability. To enable regular fact tagging, set the parameter `datadog_agent::reports::report_fact_tags` to the array value of facts—for example `["virtual","operatingsystem"]`. To enable trusted fact tagging, set the parameter `datadog_agent::reports::report_trusted_fact_tags` to the array value of facts—for example `["certname","extensions.pp_role","hostname"]`. @@ -189,6 +230,8 @@ If you see the following error, ensure `reports=datadog_reports` is defined in ` Class Datadog_reports is already defined in Puppet::Reports ``` +If you don't see any reports coming in, check your Puppet server logs. + ### Masterless Puppet 1. The Datadog module and its dependencies have to be installed on all nodes running masterless. From 13271994add406e9bcf479dbbd987102db6e6858 Mon Sep 17 00:00:00 2001 From: Albert Vaca Cintora Date: Wed, 30 Jun 2021 13:39:26 +0200 Subject: [PATCH 15/30] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 88314c20..566cd8f9 100644 --- a/README.md +++ b/README.md @@ -279,7 +279,7 @@ These variables can be set in the `datadog_agent` class to control settings in t | `agent_version` | Lets you pin a specific minor version of the Agent to install, for example: `1:7.16.0-1`. Leave empty to install the latest version. | | `collect_ec2_tags` | Collect an instance's custom EC2 tags as Agent tags by using `true`. | | `collect_instance_metadata` | Collect an instance's EC2 metadata as Agent tags by using `true`. | -| `datadog_site` | The Datadog site to report to (Agent v6 and v7 only). Defaults to `datadoghq.com`, can be set to `datadoghq.eu` or `us3.datadoghq.com`. | +| `datadog_site` | The Datadog site to report to (Agent v6 and v7 only). Defaults to `datadoghq.com`, eg: `datadoghq.eu` or `us3.datadoghq.com`. | | `dd_url` | The Datadog intake server URL. You are unlikely to need to change this. Overrides `datadog_site` | | `host` | Overrides the node's host name. | | `local_tags` | An array of `` strings that are set as tags for the node. | From 2d4ae324b3ff211a8d9f1fe0d3ba35839da925a9 Mon Sep 17 00:00:00 2001 From: Slavek Kabrda Date: Thu, 15 Jul 2021 12:57:32 +0200 Subject: [PATCH 16/30] Upgrade msys2 to prevent PGP errors (#710) --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index cc94d820..17f83517 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -233,7 +233,7 @@ jobs: choco install ruby --allow-downgrade -y --version 2.5.3.101 # Keep version in sync with next command! export PATH=/c/tools/ruby25/bin:$PATH # Make Ruby 2.5 take precedence over the pre-installed 2.6 ruby --version - choco install msys2 --allow-downgrade -y --version 20200903.0.0 + choco install msys2 --allow-downgrade -y --version 20210604.0.0 ridk.cmd exec pacman -S --noconfirm --needed base-devel mingw-w64-x86_64-toolchain gem install bundler -v 1.17.3 rm Gemfile.lock && bundle install --path .bundle From bc3747820dc6f933114c87f956e6d18ccb2c4c37 Mon Sep 17 00:00:00 2001 From: Slavek Kabrda Date: Thu, 15 Jul 2021 12:58:02 +0200 Subject: [PATCH 17/30] Install datadog-signing-keys on Debian based platforms (#709) --- manifests/ubuntu.pp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/manifests/ubuntu.pp b/manifests/ubuntu.pp index cdd37546..d7c37d42 100644 --- a/manifests/ubuntu.pp +++ b/manifests/ubuntu.pp @@ -107,4 +107,8 @@ require => [Apt::Source['datadog'], Class['apt::update']], } + + package { 'datadog-signing-keys': + ensure => 'latest', + } } From 531d11aafc431caad1ebd21a9d9a8161cb236535 Mon Sep 17 00:00:00 2001 From: ruthnaebeck <19349244+ruthnaebeck@users.noreply.github.com> Date: Wed, 4 Aug 2021 18:51:00 -0400 Subject: [PATCH 18/30] DOCS-2275 Lint README (#711) * DOCS-2275 Lint README * Apply suggestions from code review Co-authored-by: Kari Halsted <12926135+kayayarai@users.noreply.github.com> --- README.md | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 566cd8f9..6388e274 100644 --- a/README.md +++ b/README.md @@ -18,11 +18,11 @@ puppet module install datadog-datadog_agent - By default Datadog Agent v7.x is installed. To use an earlier Agent version, change the setting `agent_major_version`. - `agent5_enable` is no longer used, as it has been replaced by `agent_major_version`. -- `agent6_extra_options` has been renamed to `agent_extra_options` since it now applies to both Agent v6 and v7. -- `agent6_log_file` has been renamed to `agent_log_file` since it now applies to both Agent v6 and v7. +- `agent6_extra_options` has been renamed to `agent_extra_options` since it applies to both Agent v6 and v7. +- `agent6_log_file` has been renamed to `agent_log_file` since it applies to both Agent v6 and v7. - `agent5_repo_uri` and `agent6_repo_uri` become `agent_repo_uri` for all Agent versions. - `conf_dir` and `conf6_dir` become `conf_dir` for all Agent versions. -- The repository file created on Linux is now named `datadog` for all Agent versions instead of `datadog5`/`datadog6`. +- The repository file created on Linux is named `datadog` for all Agent versions instead of `datadog5`/`datadog6`. ### Configuration @@ -65,7 +65,7 @@ Once the `datadog_agent` module is installed on your `puppetserver`/`puppetmaste } ``` - Refer to the [comments in code][6] for all arguments available for a given integration. + See the [comments in code][6] for all arguments available for a given integration. If an integration does not have a [manifest with a dedicated class][7], you can still add a configuration for it. Below is an example for the `ntp` check: @@ -83,7 +83,7 @@ Once the `datadog_agent` module is installed on your `puppetserver`/`puppetmaste } ``` -5. (Optional) To collect metrics and events about Puppet itself, refer to the section about [Reporting](#reporting). +5. (Optional) To collect metrics and events about Puppet itself, see the section about [Reporting](#reporting). ### Upgrading integrations @@ -111,7 +111,7 @@ Note it's not possible to downgrade an integration to a version older than the o To enable reporting of Puppet runs to your Datadog timeline, enable the report processor on your Puppet master and reporting for your clients. The clients send a run report after each check-in back to the master. -1. Install the [dogapi][3] gem on your system. You'll need to restart puppetserver after the gem has been installed for it to be loaded. +1. Install the [dogapi][3] gem on your system. Restart puppetserver after the gem is installed. If you're configuring the dogapi gem by code, you can do this with notify: @@ -265,13 +265,15 @@ class { "datadog_agent": facts_to_tags => ["osfamily","networking.domain","my_custom_fact"], } ``` -Tips: -1. For structured facts index into the specific fact value otherwise the entire array will come over as a string and ultimately be difficult to use. -2. Dynamic facts such as CPU usage, Uptime, and others that are expected to change each run are not ideal for tagging. Static facts that are expected to stay for the life of a node are best candidates for tagging. + +Tips: + +1. For structured facts index into the specific fact value otherwise the entire array comes over as a string and ultimately be difficult to use. +2. Dynamic facts such as CPU usage, Uptime, and others that are expected to change each run are not ideal for tagging. Static facts that are expected to stay for the life of a node are best candidates for tagging. ### Configuration variables -These variables can be set in the `datadog_agent` class to control settings in the Agent. Refer to the [comments in code][8] for the full list of supported arguments. +These variables can be set in the `datadog_agent` class to control settings in the Agent. See the [comments in code][8] for the full list of supported arguments. | variable name | description | |-----------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| From 415d254627f510673feaa47bedfc8858e4b46047 Mon Sep 17 00:00:00 2001 From: Pablo Baeyens Date: Tue, 10 Aug 2021 14:27:34 +0200 Subject: [PATCH 19/30] Run `bundle update` on Ruby 2.5.1 (#712) --- Gemfile.lock | 122 ++++++++++++++++++++++++++------------------------- 1 file changed, 63 insertions(+), 59 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 04b96051..aa1e2dbe 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,11 +1,11 @@ GEM remote: https://rubygems.org/ specs: - addressable (2.7.0) + addressable (2.8.0) public_suffix (>= 2.0.2, < 5.0) ansi (1.5.0) - ast (2.4.1) - bcrypt_pbkdf (1.0.1) + ast (2.4.2) + bcrypt_pbkdf (1.1.0) builder (3.2.4) codecov (0.1.21) json @@ -17,21 +17,21 @@ GEM rake (~> 12.3) semantic_puppet (~> 1.0) diff-lcs (1.4.4) - docile (1.3.2) + docile (1.4.0) domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) ed25519 (1.2.4) - erubi (1.9.0) + erubi (1.10.0) facter (2.5.7) - facterdb (1.4.0) - facter (< 4.0.0) + facterdb (1.8.0) + facter (< 5.0.0) jgrep - faraday (0.17.3) + faraday (0.17.4) multipart-post (>= 1.2, < 3) faraday_middleware (0.14.0) faraday (>= 0.7.4, < 1.0) fast_gettext (1.1.2) - ffi (1.13.1) + ffi (1.15.3) gettext (3.2.9) locale (>= 2.0.5) text (>= 1.3.0) @@ -39,14 +39,14 @@ GEM fast_gettext (~> 1.1.0) gettext (>= 3.0.2, < 3.3.0) locale - gssapi (1.3.0) + gssapi (1.3.1) ffi (>= 1.0.1) gyoku (1.3.1) builder (>= 2.1.2) - hiera (3.6.0) + hiera (3.7.0) hirb (0.7.3) http-accept (1.7.0) - http-cookie (1.0.3) + http-cookie (1.0.4) domain_name (~> 0.5) httpclient (2.8.3) jgrep (1.5.4) @@ -54,7 +54,7 @@ GEM json-schema (2.8.1) addressable (>= 2.4) json_pure (1.8.6) - kitchen-docker (2.10.0) + kitchen-docker (2.11.0) test-kitchen (>= 1.0.0) kitchen-puppet (3.5.2) librarian-puppet (>= 3.0) @@ -63,7 +63,7 @@ GEM kitchen-verifier-serverspec (0.7.1) net-ssh (>= 3) test-kitchen (>= 1.4) - librarian-puppet (3.0.0) + librarian-puppet (3.0.1) librarianp (>= 0.6.3) puppet_forge (~> 2.1) rsync @@ -86,9 +86,9 @@ GEM method_source (0.8.2) mime-types (3.3.1) mime-types-data (~> 3.2015) - mime-types-data (3.2020.0512) + mime-types-data (3.2021.0704) minitar (0.9) - mixlib-install (3.12.3) + mixlib-install (3.12.11) mixlib-shellout mixlib-versioning thor @@ -106,7 +106,7 @@ GEM net-telnet (0.1.1) netrc (0.11.0) nori (2.6.0) - parallel (1.19.2) + parallel (1.20.1) parallel_tests (2.14.2) parallel parser (2.5.1.2) @@ -114,7 +114,7 @@ GEM pastel (0.8.0) tty-color (~> 0.5) pathspec (0.2.1) - powerpack (0.1.2) + powerpack (0.1.3) pry (0.10.4) coderay (~> 1.1.0) method_source (~> 0.8.1) @@ -126,11 +126,11 @@ GEM hiera (>= 2.0, < 4) json_pure (~> 1.8) locale (~> 2.1) - puppet-blacksmith (6.0.0) - puppet-modulebuilder (~> 0.1) + puppet-blacksmith (6.1.1) + puppet-modulebuilder (~> 0.2) rest-client (~> 2.0) - puppet-lint (2.4.2) - puppet-module-posix-default-r2.5 (0.5.1) + puppet-lint (2.5.0) + puppet-module-posix-default-r2.5 (0.5.3) puppet-module-posix-dev-r2.5 (0.3.15) codecov (~> 0.1.10) dependency_checker (~> 0.2) @@ -156,10 +156,10 @@ GEM simplecov (>= 0.14.1, < 1.0.0) simplecov-console (~> 0.4.2) specinfra (= 2.77.1) - puppet-modulebuilder (0.2.1) - minitar (~> 0.6) - pathspec (~> 0.2.1) - puppet-strings (2.5.0) + puppet-modulebuilder (0.3.0) + minitar (~> 0.9) + pathspec (>= 0.2.1, < 2.0.0) + puppet-strings (2.8.0) rgen yard (~> 0.9.5) puppet-syntax (2.6.0) @@ -172,9 +172,9 @@ GEM semantic_puppet (~> 1.0) puppet_pot_generator (1.0.1) puppet - puppetlabs_spec_helper (2.15.0) + puppetlabs_spec_helper (2.16.0) mocha (~> 1.0) - pathspec (~> 0.2.1) + pathspec (>= 0.2.1, < 1.1.0) puppet-lint (~> 2.0) puppet-syntax (>= 2.0, < 4) rspec-puppet (~> 2.0) @@ -187,26 +187,26 @@ GEM mime-types (>= 1.16, < 4.0) netrc (~> 0.8) rgen (0.8.2) - rspec (3.9.0) - rspec-core (~> 3.9.0) - rspec-expectations (~> 3.9.0) - rspec-mocks (~> 3.9.0) - rspec-core (3.9.2) - rspec-support (~> 3.9.3) - rspec-expectations (3.9.2) + rspec (3.10.0) + rspec-core (~> 3.10.0) + rspec-expectations (~> 3.10.0) + rspec-mocks (~> 3.10.0) + rspec-core (3.10.1) + rspec-support (~> 3.10.0) + rspec-expectations (3.10.1) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.9.0) - rspec-mocks (3.9.1) + rspec-support (~> 3.10.0) + rspec-mocks (3.10.2) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.9.0) - rspec-puppet (2.7.10) + rspec-support (~> 3.10.0) + rspec-puppet (2.10.0) rspec rspec-puppet-facts (1.10.0) facter facterdb (>= 0.5.0) json puppet - rspec-support (3.9.3) + rspec-support (3.10.2) rspec_junit_formatter (0.4.1) rspec-core (>= 2, < 4, != 2.12.0) rsync (1.0.9) @@ -221,29 +221,31 @@ GEM rubocop (~> 0.49.0) rubocop-rspec (1.16.0) rubocop (>= 0.49.0) - ruby-progressbar (1.10.1) - rubyntlm (0.6.2) - rubyzip (2.3.0) - semantic_puppet (1.0.2) + ruby-progressbar (1.11.0) + rubyntlm (0.6.3) + rubyzip (2.3.2) + semantic_puppet (1.0.4) sfl (2.3) - simplecov (0.19.0) + simplecov (0.21.2) docile (~> 1.1) simplecov-html (~> 0.11) + simplecov_json_formatter (~> 0.1) simplecov-console (0.4.2) ansi hirb simplecov - simplecov-html (0.12.2) + simplecov-html (0.12.3) + simplecov_json_formatter (0.1.3) slop (3.6.0) - spdx-licenses (1.2.0) + spdx-licenses (1.3.0) specinfra (2.77.1) net-scp net-ssh (>= 2.7) net-telnet (= 0.1.1) sfl - strings (0.2.0) + strings (0.2.1) strings-ansi (~> 0.2) - unicode-display_width (~> 1.5) + unicode-display_width (>= 1.5, < 3.0) unicode_utils (~> 1.4) strings-ansi (0.2.0) test-kitchen (2.5.4) @@ -260,18 +262,18 @@ GEM winrm-elevated (~> 1.0) winrm-fs (~> 1.1) text (1.3.1) - thor (1.0.1) + thor (1.1.0) tomlrb (1.3.0) - tty-box (0.6.0) + tty-box (0.7.0) pastel (~> 0.8) strings (~> 0.2.0) tty-cursor (~> 0.7) - tty-color (0.5.2) + tty-color (0.6.0) tty-cursor (0.7.1) - tty-prompt (0.22.0) + tty-prompt (0.23.1) pastel (~> 0.8) tty-reader (~> 0.8) - tty-reader (0.8.0) + tty-reader (0.9.0) tty-cursor (~> 0.7) tty-screen (~> 0.8) wisper (~> 2.0) @@ -281,7 +283,8 @@ GEM unf_ext (0.0.7.7) unicode-display_width (1.7.0) unicode_utils (1.4.0) - winrm (2.3.4) + webrick (1.7.0) + winrm (2.3.6) builder (>= 2.1.2) erubi (~> 1.8) gssapi (~> 1.2) @@ -289,8 +292,8 @@ GEM httpclient (~> 2.2, >= 2.2.0.2) logging (>= 1.6.1, < 3.0) nori (~> 2.0) - rubyntlm (~> 0.6.0, >= 0.6.1) - winrm-elevated (1.2.2) + rubyntlm (~> 0.6.0, >= 0.6.3) + winrm-elevated (1.2.3) erubi (~> 1.8) winrm (~> 2.0) winrm-fs (~> 1.0) @@ -300,8 +303,9 @@ GEM rubyzip (~> 2.0) winrm (~> 2.0) wisper (2.0.1) - xmlrpc (0.3.0) - yard (0.9.25) + xmlrpc (0.3.2) + webrick + yard (0.9.26) PLATFORMS ruby From 2656a6d69a644ba959ab0f984f589bdf29341212 Mon Sep 17 00:00:00 2001 From: Pablo Baeyens Date: Wed, 11 Aug 2021 11:57:50 +0200 Subject: [PATCH 20/30] 3.13 release changelog and metadata (#713) * 3.13 release changelog * Bump version in metadata * Update date --- CHANGELOG.md | 20 ++++++++++++++++++++ metadata.json | 2 +- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8f41283a..615228f4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,16 @@ Changes ======= +# 3.13.0 / 2021-08-11 + +* [CHORE] Run `bundle update` on Ruby 2.5.1 ([#712][]) +* [FEATURE] Install datadog-signing-keys on Debian based platforms ([#709][]) +* [BUGFIX] Do not add process integration configuration file if not configured ([#703][]) (Thanks [@yanjunding][]) +* [FEATURE] add support for `min_collection_interval` for HTTP check ([#699][]) (Thanks [@yanjunding][]) +* [FEATURE] Improvements for APT keys management ([#698][], [#700][] and [#701][]) +* [FEATURE] Include 'datadog_agent' class in the catalog when using the generic integration ([#697][]) (Thanks [@stantona][]) +* [BUGFIX] Update `excluded_interface_re` type to String ([#696][]) (Thanks [@florusboth][]) + # 3.12.0 / 2021-05-06 * [FEATURE] Support for NPM on Windows [#688][] @@ -837,6 +847,15 @@ Please read the [docs]() for more details. [#690]: https://github.com/DataDog/puppet-datadog-agent/issues/690 [#692]: https://github.com/DataDog/puppet-datadog-agent/issues/692 [#693]: https://github.com/DataDog/puppet-datadog-agent/issues/693 +[#696]: https://github.com/DataDog/puppet-datadog-agent/issues/696 +[#697]: https://github.com/DataDog/puppet-datadog-agent/issues/697 +[#698]: https://github.com/DataDog/puppet-datadog-agent/issues/698 +[#699]: https://github.com/DataDog/puppet-datadog-agent/issues/699 +[#700]: https://github.com/DataDog/puppet-datadog-agent/issues/700 +[#701]: https://github.com/DataDog/puppet-datadog-agent/issues/701 +[#703]: https://github.com/DataDog/puppet-datadog-agent/issues/703 +[#709]: https://github.com/DataDog/puppet-datadog-agent/issues/709 +[#712]: https://github.com/DataDog/puppet-datadog-agent/issues/712 [@Aramack]: https://github.com/Aramack [@BIAndrews]: https://github.com/BIAndrews [@ChannoneArif-nbcuni]: https://github.com/ChannoneArif-nbcuni @@ -947,6 +966,7 @@ Please read the [docs]() for more details. [@turnopil]: https://github.com/turnopil [@tuxinaut]: https://github.com/tuxinaut [@vaisingh]: https://github.com/vaisingh +[@yanjunding]: https://github.com/yanjunding [@yrcjaya]: https://github.com/yrcjaya [@zabacad]: https://github.com/zabacad [@zickzackv]: https://github.com/zickzackv diff --git a/metadata.json b/metadata.json index 54bf4a22..d8fd544f 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "datadog-datadog_agent", - "version": "3.12.0", + "version": "3.13.0", "author": "James Turnbull , Rob Terhaar , Jaime Fullaondo , Albert Vaca ", "summary": "Install the Datadog monitoring agent and report Puppet runs to Datadog", "license": "Apache-2.0", From 9aa9bc8095bc0dbc2d688ffc14487ca52f386156 Mon Sep 17 00:00:00 2001 From: Pablo Baeyens Date: Wed, 11 Aug 2021 12:39:34 +0200 Subject: [PATCH 21/30] Use `ensure_packages` to install `gnupg` (#714) * Use `ensure_packages` to install `gnupg` The `apt` module requires this since v7.2.0 which would make the module fail under certain situations on Ubuntu * Add to changelog --- CHANGELOG.md | 5 +++-- manifests/ubuntu.pp | 4 +--- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 615228f4..4d2bfd75 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,7 @@ Changes * [FEATURE] Install datadog-signing-keys on Debian based platforms ([#709][]) * [BUGFIX] Do not add process integration configuration file if not configured ([#703][]) (Thanks [@yanjunding][]) * [FEATURE] add support for `min_collection_interval` for HTTP check ([#699][]) (Thanks [@yanjunding][]) -* [FEATURE] Improvements for APT keys management ([#698][], [#700][] and [#701][]) +* [FEATURE] Improvements for APT keys management ([#698][], [#700][], [#701][] and [#714][]) * [FEATURE] Include 'datadog_agent' class in the catalog when using the generic integration ([#697][]) (Thanks [@stantona][]) * [BUGFIX] Update `excluded_interface_re` type to String ([#696][]) (Thanks [@florusboth][]) @@ -856,6 +856,7 @@ Please read the [docs]() for more details. [#703]: https://github.com/DataDog/puppet-datadog-agent/issues/703 [#709]: https://github.com/DataDog/puppet-datadog-agent/issues/709 [#712]: https://github.com/DataDog/puppet-datadog-agent/issues/712 +[#714]: https://github.com/DataDog/puppet-datadog-agent/issues/714 [@Aramack]: https://github.com/Aramack [@BIAndrews]: https://github.com/BIAndrews [@ChannoneArif-nbcuni]: https://github.com/ChannoneArif-nbcuni @@ -970,4 +971,4 @@ Please read the [docs]() for more details. [@yrcjaya]: https://github.com/yrcjaya [@zabacad]: https://github.com/zabacad [@zickzackv]: https://github.com/zickzackv -[@zoom-kris-anderson]: https://github.com/zoom-kris-anderson +[@zoom-kris-anderson]: https://github.com/zoom-kris-anderson \ No newline at end of file diff --git a/manifests/ubuntu.pp b/manifests/ubuntu.pp index d7c37d42..daeebeab 100644 --- a/manifests/ubuntu.pp +++ b/manifests/ubuntu.pp @@ -34,9 +34,7 @@ } if !$skip_apt_key_trusting { - package { 'gnupg': - ensure => installed - } + ensure_packages(['gnupg']) file { $apt_usr_share_keyring: ensure => file, From 23e70ddc768cc3b8bf889c88c0470e1be9642b0b Mon Sep 17 00:00:00 2001 From: florusboth Date: Wed, 18 Aug 2021 14:51:08 +0200 Subject: [PATCH 22/30] Add security-agent config (#706) Add the security-agent. config file and the needed update to system-probe.yaml --- manifests/params.pp | 1 + manifests/security_agent.pp | 59 +++++++++++++++++++++++++++++++ manifests/system_probe.pp | 4 ++- templates/security-agent.yaml.erb | 6 ++++ 4 files changed, 69 insertions(+), 1 deletion(-) create mode 100644 manifests/security_agent.pp create mode 100644 templates/security-agent.yaml.erb diff --git a/manifests/params.pp b/manifests/params.pp index afe8d1e1..d8d8c62d 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -20,6 +20,7 @@ $logs_open_files_limit = undef $container_collect_all = false $sysprobe_service_name = 'datadog-agent-sysprobe' + $securityagent_service_name = 'datadog-agent-security' $module_metadata = load_module_metadata($module_name) case $::operatingsystem { diff --git a/manifests/security_agent.pp b/manifests/security_agent.pp new file mode 100644 index 00000000..d68a8548 --- /dev/null +++ b/manifests/security_agent.pp @@ -0,0 +1,59 @@ +class datadog_agent::security_agent( + Boolean $enabled = false, + Optional[String] $socket = undef, + + Boolean $service_enable = true, + String $service_ensure = 'running', + Optional[String] $service_provider = undef, + +) inherits datadog_agent::params { + + $securityagent_config = { + 'runtime_security_config' => { + 'enabled' => $enabled, + 'socket' => $socket, + }, + } + + if $::operatingsystem == 'Windows' { + + file { 'C:/ProgramData/Datadog/security-agent.yaml': + owner => $datadog_agent::params::dd_user, + group => $datadog_agent::params::dd_group, + mode => '0640', + content => template('datadog_agent/security-agent.yaml.erb'), + require => File['C:/ProgramData/Datadog'], + } + + } else { + + if $service_provider { + service { $datadog_agent::params::securityagent_service_name: + ensure => $service_ensure, + enable => $service_enable, + provider => $service_provider, + hasstatus => false, + pattern => 'dd-agent', + require => Package[$datadog_agent::params::package_name], + } + } else { + service { $datadog_agent::params::securityagent_service_name: + ensure => $service_ensure, + enable => $service_enable, + hasstatus => false, + pattern => 'dd-agent', + require => Package[$datadog_agent::params::package_name], + } + } + + file { '/etc/datadog-agent/security-agent.yaml': + owner => $datadog_agent::params::dd_user, + group => $datadog_agent::params::dd_group, + mode => '0640', + content => template('datadog_agent/security-agent.yaml.erb'), + notify => Service[$datadog_agent::params::securityagent_service_name], + require => File['/etc/datadog-agent'], + } + } + +} diff --git a/manifests/system_probe.pp b/manifests/system_probe.pp index 742a5bbb..9a1d0837 100644 --- a/manifests/system_probe.pp +++ b/manifests/system_probe.pp @@ -4,6 +4,7 @@ Optional[String] $log_file = undef, Optional[String] $sysprobe_socket = undef, Optional[Boolean] $enable_oom_kill = false, + Optional[Hash] $runtime_security_config = undef, Boolean $service_enable = true, String $service_ensure = 'running', @@ -20,7 +21,8 @@ }, 'network_config' => { 'enabled' => $network_enabled, - } + }, + 'runtime_security_config' => $runtime_security_config, } if $::operatingsystem == 'Windows' { diff --git a/templates/security-agent.yaml.erb b/templates/security-agent.yaml.erb new file mode 100644 index 00000000..2e4902d5 --- /dev/null +++ b/templates/security-agent.yaml.erb @@ -0,0 +1,6 @@ +### MANAGED BY PUPPET + +<% +require 'yaml' +%> +<%= @securityagent_config.to_yaml %> From 338053294b8404ce12b6fc0081ff05e3bf2a73fa Mon Sep 17 00:00:00 2001 From: Cecile <32452337+cecile75@users.noreply.github.com> Date: Thu, 19 Aug 2021 11:28:57 +0200 Subject: [PATCH 23/30] Remove analyzed span conf (#715) Remove analyzed span conf as we want to encourage customers TwL --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 6388e274..cb2a4917 100644 --- a/README.md +++ b/README.md @@ -287,7 +287,6 @@ These variables can be set in the `datadog_agent` class to control settings in t | `local_tags` | An array of `` strings that are set as tags for the node. | | `non_local_traffic` | Allow other nodes to relay their traffic through this node. | | `apm_enabled` | A boolean to enable the APM Agent (defaults to false). | -| `apm_analyzed_spans` | A hash to add APM events for trace search & analytics (defaults to undef), for example:
`{ 'app\|rails.request' => 1, 'service-name\|operation-name' => 0.8 }` | | `process_enabled` | A boolean to enable the process Agent (defaults to false). | | `scrub_args` | A boolean to enable the process cmdline scrubbing (defaults to true). | | `custom_sensitive_words` | An array to add more words beyond the default ones used by the scrubbing feature (defaults to `[]`). | From 2204f9e9d0a3b7a9065d56f1276bce8d353963b2 Mon Sep 17 00:00:00 2001 From: Albert Vaca Cintora Date: Fri, 10 Sep 2021 16:21:12 +0200 Subject: [PATCH 24/30] Make Gemfile work with modern Ruby versions (#716) * Fix Gemfile for ruby 2.5 and 2.7 * Regenerate Gemfile.lock using Ruby 2.5.1 * Use Gem::Version to compare versions --- Gemfile | 41 ++++----- Gemfile.lock | 234 ++++++++++++++++++++++++++++++++++++++++----------- 2 files changed, 207 insertions(+), 68 deletions(-) diff --git a/Gemfile b/Gemfile index 9f978f79..9d16b322 100644 --- a/Gemfile +++ b/Gemfile @@ -1,35 +1,40 @@ source "https://rubygems.org" -# Puppet 4.10.2 is the minimum version we support on Windows due to https://tickets.puppetlabs.com/browse/PUP-7383 -# On Linux we support down to 4.6 -gem "puppet", "~> #{ENV.fetch('PUPPET_VERSION', '4.10.2')}" +ruby_version = Gem::Version.new(RUBY_VERSION.dup) -ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments +# Each version of Puppet recommends a specific version of Ruby. Try to fetch the Puppet version that +# matches our Ruby (unless PUPPET_VERSION is defined). +matching_puppet_version = ruby_version > Gem::Version.new('2.5') ? (ruby_version > Gem::Version.new('2.7') ? '7.0.0' : '6.0.1') : '4.10.2' +gem "puppet", "~> #{ENV.fetch('PUPPET_VERSION', matching_puppet_version)}" + +ruby_version_segments = ruby_version.segments minor_version = ruby_version_segments[0..1].join('.') group :development do - gem "rake", "~> 12.3.3" if RUBY_VERSION < '2.6.0' # last version for ruby < 2.6 - gem "xmlrpc" if RUBY_VERSION >= '2.3' + gem "rake", "~> 12.3.3" if ruby_version < Gem::Version.new('2.6.0') # last version for ruby < 2.6 + gem "xmlrpc" if ruby_version >= Gem::Version.new('2.3') gem "ruby-pwsh", '~> 0.3.0', platforms: [:mswin, :mingw, :x64_mingw] - gem "fast_gettext", '1.1.0', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.1.0') - gem "fast_gettext", require: false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0') - gem "json_pure", '<= 2.0.1', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0') - gem "json", '= 1.8.1', require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.1.9') - gem "json", '= 2.0.4', require: false if Gem::Requirement.create('~> 2.4.2').satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "fast_gettext", '1.1.0', require: false if ruby_version < Gem::Version.new('2.1.0') + gem "fast_gettext", require: false if ruby_version >= Gem::Version.new('2.1.0') + gem "json_pure", '<= 2.0.1', require: false if ruby_version < Gem::Version.new('2.0.0') + gem "json", '= 1.8.1', require: false if ruby_version == Gem::Version.new('2.1.9') + gem "json", '= 2.0.4', require: false if Gem::Requirement.create('~> 2.4.2').satisfied_by?(ruby_version) + gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(ruby_version) gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw] gem "librarian-puppet" gem "kitchen-puppet" gem "kitchen-docker" gem "kitchen-verifier-serverspec" gem "mixlib-shellout", "~> 2.2.7", platforms: [:ruby] + gem "rubocop-i18n", "~> 1.2.0" + gem "rubocop-rspec", "~> 1.16.0" - if RUBY_VERSION >= '2.3' + if ruby_version >= Gem::Version.new('2.3') gem "test-kitchen", '~> 2.5.4' - gem "puppet-module-posix-default-r#{minor_version}", '~> 0.3', require: false, platforms: [:ruby] - gem "puppet-module-posix-dev-r#{minor_version}", '~> 0.3', require: false, platforms: [:ruby] - gem "puppet-module-win-default-r#{minor_version}", '~> 0.3', require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "puppet-module-win-dev-r#{minor_version}", '~> 0.3', require: false, platforms: [:mswin, :mingw, :x64_mingw] + gem "puppet-module-posix-default-r#{minor_version}", require: false, platforms: [:ruby] + gem "puppet-module-posix-dev-r#{minor_version}", require: false, platforms: [:ruby] + gem "puppet-module-win-default-r#{minor_version}", require: false, platforms: [:mswin, :mingw, :x64_mingw] + gem "puppet-module-win-dev-r#{minor_version}", require: false, platforms: [:mswin, :mingw, :x64_mingw] else gem "test-kitchen", '~> 1.16.0' gem "puppetlabs_spec_helper", "~> 2.14.1" @@ -38,8 +43,6 @@ group :development do gem "puppet-syntax", "~> 2.5.0" gem "rspec-puppet", "~> 2.6.9" gem "rubocop", "~> 0.49.1" - gem "rubocop-i18n", "~> 1.2.0" - gem "rubocop-rspec", "~> 1.16.0" gem "artifactory", "~> 2.8.2" end end diff --git a/Gemfile.lock b/Gemfile.lock index aa1e2dbe..b8f5be7f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,16 +1,47 @@ GEM remote: https://rubygems.org/ specs: + CFPropertyList (2.3.6) + activesupport (5.2.6) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 0.7, < 2) + minitest (~> 5.1) + tzinfo (~> 1.1) addressable (2.8.0) public_suffix (>= 2.0.2, < 5.0) ansi (1.5.0) ast (2.4.2) + awesome_print (1.9.2) bcrypt_pbkdf (1.1.0) + bindata (2.4.10) + bolt (1.14.0) + CFPropertyList (~> 2.2) + addressable (~> 2.5) + concurrent-ruby (~> 1.0) + docker-api (~> 1.34) + logging (~> 2.2) + minitar (~> 0.6) + net-scp (~> 1.2) + net-ssh (>= 4.0) + orchestrator_client (~> 0.4) + puppet (>= 6.0.1, < 7) + puppet-resource_api (>= 1.8.1) + r10k (~> 3.1) + ruby_smb (~> 1.0) + terminal-table (~> 1.8) + winrm (~> 2.0) + winrm-fs (~> 1.3) builder (3.2.4) - codecov (0.1.21) + codecov (0.2.5) + colorize json simplecov coderay (1.1.3) + colored2 (3.1.2) + colorize (0.8.1) + concurrent-ruby (1.1.9) + connection_pool (2.2.5) + cri (2.15.10) dependency_checker (0.2.0) parallel puppet_forge (~> 2.2) @@ -18,12 +49,17 @@ GEM semantic_puppet (~> 1.0) diff-lcs (1.4.4) docile (1.4.0) + docker-api (1.34.2) + excon (>= 0.47.0) + multi_json domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) ed25519 (1.2.4) + equatable (0.7.0) erubi (1.10.0) + excon (0.85.0) facter (2.5.7) - facterdb (1.8.0) + facterdb (1.9.0) facter (< 5.0.0) jgrep faraday (0.17.4) @@ -31,7 +67,10 @@ GEM faraday_middleware (0.14.0) faraday (>= 0.7.4, < 1.0) fast_gettext (1.1.2) - ffi (1.15.3) + ffi (1.15.4) + ffi-compiler (1.0.1) + ffi (>= 1.0.0) + rake gettext (3.2.9) locale (>= 2.0.5) text (>= 1.3.0) @@ -45,15 +84,28 @@ GEM builder (>= 2.1.2) hiera (3.7.0) hirb (0.7.3) + hocon (1.3.1) + honeycomb-beeline (2.7.0) + libhoney (~> 1.14, >= 1.14.2) + http (4.4.1) + addressable (~> 2.3) + http-cookie (~> 1.0) + http-form_data (~> 2.2) + http-parser (~> 1.2.0) http-accept (1.7.0) http-cookie (1.0.4) domain_name (~> 0.5) + http-form_data (2.3.0) + http-parser (1.2.3) + ffi-compiler (>= 1.0, < 2.0) httpclient (2.8.3) + i18n (1.8.10) + concurrent-ruby (~> 1.0) jgrep (1.5.4) json (2.1.0) json-schema (2.8.1) addressable (>= 2.4) - json_pure (1.8.6) + jwt (2.2.3) kitchen-docker (2.11.0) test-kitchen (>= 1.0.0) kitchen-puppet (3.5.2) @@ -63,11 +115,15 @@ GEM kitchen-verifier-serverspec (0.7.1) net-ssh (>= 3) test-kitchen (>= 1.4) + libhoney (1.20.0) + addressable (~> 2.0) + excon + http (>= 2.0, < 5.0) librarian-puppet (3.0.1) librarianp (>= 0.6.3) puppet_forge (~> 2.1) rsync - librarianp (1.0.0) + librarianp (1.1.1) thor (~> 1.0) license-acceptance (1.0.19) pastel (~> 0.7) @@ -76,6 +132,7 @@ GEM tty-prompt (~> 0.18) little-plugger (1.1.4) locale (2.1.3) + log4r (1.1.10) logging (2.3.0) little-plugger (~> 1.1) multi_json (~> 1.14) @@ -86,9 +143,10 @@ GEM method_source (0.8.2) mime-types (3.3.1) mime-types-data (~> 3.2015) - mime-types-data (3.2021.0704) + mime-types-data (3.2021.0901) minitar (0.9) - mixlib-install (3.12.11) + minitest (5.14.4) + mixlib-install (3.12.16) mixlib-shellout mixlib-versioning thor @@ -98,71 +156,102 @@ GEM metaclass (~> 0.0.1) multi_json (1.15.0) multipart-post (2.1.1) - net-scp (3.0.0) - net-ssh (>= 2.6.5, < 7.0.0) + necromancer (0.5.1) + net-http-persistent (4.0.1) + connection_pool (~> 2.2) + net-scp (1.2.1) + net-ssh (>= 2.6.5) net-ssh (6.1.0) net-ssh-gateway (2.0.0) net-ssh (>= 4.0.0) net-telnet (0.1.1) netrc (0.11.0) nori (2.6.0) + orchestrator_client (0.5.2) + faraday + net-http-persistent parallel (1.20.1) parallel_tests (2.14.2) parallel - parser (2.5.1.2) - ast (~> 2.4.0) - pastel (0.8.0) + parser (2.7.2.0) + ast (~> 2.4.1) + pastel (0.7.4) + equatable (~> 0.6) tty-color (~> 0.5) pathspec (0.2.1) + pluginator (1.5.0) powerpack (0.1.3) pry (0.10.4) coderay (~> 1.1.0) method_source (~> 0.8.1) slop (~> 3.4) public_suffix (4.0.6) - puppet (4.10.12) - facter (> 2.0, < 4) - gettext-setup (>= 0.10, < 1) - hiera (>= 2.0, < 4) - json_pure (~> 1.8) + puppet (6.0.10) + facter (> 2.0.1, < 4) + fast_gettext (~> 1.1.2) + hiera (>= 3.2.1, < 4) + httpclient (~> 2.8) locale (~> 2.1) + multi_json (~> 1.10) + puppet-resource_api (~> 1.5) + semantic_puppet (~> 1.0) puppet-blacksmith (6.1.1) puppet-modulebuilder (~> 0.2) rest-client (~> 2.0) + puppet-debugger (1.2.0) + awesome_print (~> 1.7) + bundler + facterdb (>= 0.4.0) + pluginator (~> 1.5.0) + puppet (>= 5.5) + rb-readline (>= 0.5.5) + table_print (>= 1.0.0) + tty-pager (~> 0.13.0) puppet-lint (2.5.0) - puppet-module-posix-default-r2.5 (0.5.3) - puppet-module-posix-dev-r2.5 (0.3.15) - codecov (~> 0.1.10) + puppet-module-posix-default-r2.5 (1.1.0) + puppet-module-posix-dev-r2.5 (0.5.3) + activesupport (>= 5.0.0, < 6.0.0) + bcrypt_pbkdf (~> 1.0) + codecov (>= 0.2, < 0.2.6) + concurrent-ruby (!= 1.1.6) dependency_checker (~> 0.2) + ed25519 (~> 1.2) + facterdb (>= 0.8.1, < 2.0.0) gettext-setup (~> 0.26) metadata-json-lint (>= 2.0.2, < 3.0.0) mocha (>= 1.0.0, < 1.2.0) parallel_tests (>= 2.14.1, < 2.14.3) - parser (~> 2.5.1.2) pry (~> 0.10.4) - puppet-blacksmith (>= 3.4.0) + puppet-blacksmith (~> 6.0) + puppet-debugger (~> 1.0) puppet-lint (>= 2.3.0, < 3.0.0) + puppet-resource_api (~> 1.8) puppet-strings (~> 2.0) puppet-syntax (>= 2.4.1, < 3.0.0) + puppet_litmus (>= 0.4.0, < 1.0.0) puppet_pot_generator (~> 1.0) puppetlabs_spec_helper (>= 2.9.0, < 3.0.0) rainbow (~> 2.0) rspec-puppet (>= 2.3.2, < 3.0.0) - rspec-puppet-facts (~> 1.8) + rspec-puppet-facts (>= 1.10.0, < 3) rspec_junit_formatter (~> 0.2) rubocop (~> 0.49.0) rubocop-i18n (~> 1.2.0) rubocop-rspec (~> 1.16.0) - simplecov (>= 0.14.1, < 1.0.0) + serverspec (~> 2.41) + simplecov (< 0.19.0) simplecov-console (~> 0.4.2) - specinfra (= 2.77.1) + specinfra (= 2.82.2) puppet-modulebuilder (0.3.0) minitar (~> 0.9) pathspec (>= 0.2.1, < 2.0.0) + puppet-resource_api (1.8.14) + hocon (>= 1.0) puppet-strings (2.8.0) rgen yard (~> 0.9.5) - puppet-syntax (2.6.0) + puppet-syntax (2.6.1) + puppet (>= 5) rake puppet_forge (2.3.4) faraday (>= 0.9.0, < 0.18.0, != 0.13.1) @@ -170,6 +259,15 @@ GEM gettext-setup (~> 0.11) minitar semantic_puppet (~> 1.0) + puppet_litmus (0.17.0) + bolt (>= 1.13.1, < 2.0.0) + docker-api (>= 1.34, < 2.0.0) + honeycomb-beeline + parallel + puppet-modulebuilder (~> 0.1) + rspec + rspec_honeycomb_formatter + tty-spinner (>= 0.5.0, < 1.0.0) puppet_pot_generator (1.0.1) puppet puppetlabs_spec_helper (2.16.0) @@ -178,9 +276,20 @@ GEM puppet-lint (~> 2.0) puppet-syntax (>= 2.0, < 4) rspec-puppet (~> 2.0) + r10k (3.11.0) + colored2 (= 3.1.2) + cri (= 2.15.10) + fast_gettext (~> 1.1.0) + gettext (>= 3.0.2, < 3.3.0) + gettext-setup (~> 0.24) + jwt (~> 2.2.3) + log4r (= 1.1.10) + multi_json (~> 1.10) + puppet_forge (~> 2.3.0) rainbow (2.2.2) rake rake (12.3.3) + rb-readline (0.5.5) rest-client (2.1.0) http-accept (>= 1.7.0, < 2.0) http-cookie (>= 1.0.2, < 2.0) @@ -196,17 +305,22 @@ GEM rspec-expectations (3.10.1) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.10.0) + rspec-its (1.3.0) + rspec-core (>= 3.0.0) + rspec-expectations (>= 3.0.0) rspec-mocks (3.10.2) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.10.0) rspec-puppet (2.10.0) rspec - rspec-puppet-facts (1.10.0) + rspec-puppet-facts (2.0.2) facter facterdb (>= 0.5.0) - json puppet rspec-support (3.10.2) + rspec_honeycomb_formatter (0.2.1) + honeycomb-beeline + rspec-core (~> 3.0) rspec_junit_formatter (0.4.1) rspec-core (>= 2, < 4, != 2.12.0) rsync (1.0.9) @@ -222,32 +336,42 @@ GEM rubocop-rspec (1.16.0) rubocop (>= 0.49.0) ruby-progressbar (1.11.0) + ruby_smb (1.1.0) + bindata + rubyntlm + windows_error rubyntlm (0.6.3) rubyzip (2.3.2) semantic_puppet (1.0.4) + serverspec (2.41.8) + multi_json + rspec (~> 3.0) + rspec-its + specinfra (~> 2.72) sfl (2.3) - simplecov (0.21.2) + simplecov (0.18.5) docile (~> 1.1) simplecov-html (~> 0.11) - simplecov_json_formatter (~> 0.1) simplecov-console (0.4.2) ansi hirb simplecov simplecov-html (0.12.3) - simplecov_json_formatter (0.1.3) slop (3.6.0) spdx-licenses (1.3.0) - specinfra (2.77.1) + specinfra (2.82.2) net-scp net-ssh (>= 2.7) net-telnet (= 0.1.1) sfl - strings (0.2.1) - strings-ansi (~> 0.2) - unicode-display_width (>= 1.5, < 3.0) + strings (0.1.8) + strings-ansi (~> 0.1) + unicode-display_width (~> 1.5) unicode_utils (~> 1.4) strings-ansi (0.2.0) + table_print (1.5.7) + terminal-table (1.8.0) + unicode-display_width (~> 1.1, >= 1.1.1) test-kitchen (2.5.4) bcrypt_pbkdf (~> 1.0) ed25519 (~> 1.2) @@ -263,27 +387,37 @@ GEM winrm-fs (~> 1.1) text (1.3.1) thor (1.1.0) + thread_safe (0.3.6) tomlrb (1.3.0) - tty-box (0.7.0) - pastel (~> 0.8) - strings (~> 0.2.0) + tty-box (0.5.0) + pastel (~> 0.7.2) + strings (~> 0.1.6) tty-cursor (~> 0.7) tty-color (0.6.0) tty-cursor (0.7.1) - tty-prompt (0.23.1) - pastel (~> 0.8) - tty-reader (~> 0.8) - tty-reader (0.9.0) - tty-cursor (~> 0.7) + tty-pager (0.13.0) + strings (~> 0.1.8) tty-screen (~> 0.8) - wisper (~> 2.0) + tty-prompt (0.21.0) + necromancer (~> 0.5.0) + pastel (~> 0.7.0) + tty-reader (~> 0.7.0) + tty-reader (0.7.0) + tty-cursor (~> 0.7) + tty-screen (~> 0.7) + wisper (~> 2.0.0) tty-screen (0.8.1) + tty-spinner (0.9.3) + tty-cursor (~> 0.7) + tzinfo (1.2.9) + thread_safe (~> 0.1) unf (0.1.4) unf_ext unf_ext (0.0.7.7) unicode-display_width (1.7.0) unicode_utils (1.4.0) webrick (1.7.0) + windows_error (0.1.2) winrm (2.3.6) builder (>= 2.1.2) erubi (~> 1.8) @@ -318,13 +452,15 @@ DEPENDENCIES kitchen-verifier-serverspec librarian-puppet mixlib-shellout (~> 2.2.7) - puppet (~> 4.10.2) - puppet-module-posix-default-r2.5 (~> 0.3) - puppet-module-posix-dev-r2.5 (~> 0.3) - puppet-module-win-default-r2.5 (~> 0.3) - puppet-module-win-dev-r2.5 (~> 0.3) + puppet (~> 6.0.1) + puppet-module-posix-default-r2.5 + puppet-module-posix-dev-r2.5 + puppet-module-win-default-r2.5 + puppet-module-win-dev-r2.5 rake (~> 12.3.3) rb-readline (= 0.5.5) + rubocop-i18n (~> 1.2.0) + rubocop-rspec (~> 1.16.0) ruby-pwsh (~> 0.3.0) test-kitchen (~> 2.5.4) xmlrpc From aadbc88dc644454c574d48dd5ed800c1b0fae06b Mon Sep 17 00:00:00 2001 From: Albert Vaca Cintora Date: Fri, 17 Sep 2021 11:32:18 +0200 Subject: [PATCH 25/30] Add test jobs using Puppet 7 (#718) Add a CircleCI job that runs tests against Puppet 7 using Ruby 2.6. --- .circleci/config.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 17f83517..b280b331 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -220,6 +220,13 @@ jobs: RUBY_VERSION: '2.6.3' PUPPET_VERSION: '6.5.0' + specs-ruby26-puppet79: + <<: *specs + environment: + STRICT_VARIABLES: 'yes' + RUBY_VERSION: '2.6.3' + PUPPET_VERSION: '7.9.0' + specs-ruby25-puppet65-windows: &windows-specs executor: name: win/default # Comes with ruby 2.6, which is not supported on Windows as of puppet 6.10.1 @@ -317,5 +324,6 @@ workflows: - specs-ruby25-puppet65-windows - specs-ruby26-puppet60 - specs-ruby26-puppet65 + - specs-ruby26-puppet79 - verify-gemfile-lock-dependencies - kitchen-tests From b05d9bd9c4d3e81fb9f4ddd3270ca88767bbed91 Mon Sep 17 00:00:00 2001 From: Mary Date: Wed, 29 Sep 2021 10:13:45 -0400 Subject: [PATCH 26/30] Support Raspbian as debian-based systems (#719) --- manifests/init.pp | 2 +- manifests/params.pp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 9804bf76..a3ab89ac 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -425,7 +425,7 @@ # Install agent if $manage_install { case $::operatingsystem { - 'Ubuntu','Debian' : { + 'Ubuntu','Debian','Raspbian' : { if $use_apt_backup_keyserver != undef or $apt_backup_keyserver != undef or $apt_keyserver != undef { notify { 'apt keyserver arguments deprecation': message => '$use_apt_backup_keyserver, $apt_backup_keyserver and $apt_keyserver are deprecated since version 3.13.0', diff --git a/manifests/params.pp b/manifests/params.pp index d8d8c62d..d6299f73 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -24,7 +24,7 @@ $module_metadata = load_module_metadata($module_name) case $::operatingsystem { - 'Ubuntu','Debian' : { + 'Ubuntu','Debian','Raspbian' : { $rubydev_package = 'ruby-dev' $legacy_conf_dir = '/etc/dd-agent/conf.d' $conf_dir = '/etc/datadog-agent/conf.d' From ed4eeab12dadfe8880dfb1f8a560ebfee5cffdce Mon Sep 17 00:00:00 2001 From: Albert Vaca Cintora Date: Wed, 29 Sep 2021 16:37:54 +0200 Subject: [PATCH 27/30] Release 3.14.0 (#720) --- CHANGELOG.md | 10 +++++++++- metadata.json | 2 +- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4d2bfd75..4c7e80fc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,11 @@ Changes ======= +# 3.14.0 / 2021-09-29 + +* [FEATURE] Support Raspbian as debian-based systems ([#719][]) (Thanks [@Mstrodl]) +* [BUGFIX] Add support for security-agent config ([#706][]) (Thanks [@florusboth]) + # 3.13.0 / 2021-08-11 * [CHORE] Run `bundle update` on Ruby 2.5.1 ([#712][]) @@ -854,9 +859,11 @@ Please read the [docs]() for more details. [#700]: https://github.com/DataDog/puppet-datadog-agent/issues/700 [#701]: https://github.com/DataDog/puppet-datadog-agent/issues/701 [#703]: https://github.com/DataDog/puppet-datadog-agent/issues/703 +[#706]: https://github.com/DataDog/puppet-datadog-agent/issues/706 [#709]: https://github.com/DataDog/puppet-datadog-agent/issues/709 [#712]: https://github.com/DataDog/puppet-datadog-agent/issues/712 [#714]: https://github.com/DataDog/puppet-datadog-agent/issues/714 +[#719]: https://github.com/DataDog/puppet-datadog-agent/issues/719 [@Aramack]: https://github.com/Aramack [@BIAndrews]: https://github.com/BIAndrews [@ChannoneArif-nbcuni]: https://github.com/ChannoneArif-nbcuni @@ -866,6 +873,7 @@ Please read the [docs]() for more details. [@IanCrouch]: https://github.com/IanCrouch [@LeoCavaille]: https://github.com/LeoCavaille [@MartinDelta]: https://github.com/MartinDelta +[@Mstrodl]: https://github.com/Mstrodl [@NoodlesNZ]: https://github.com/NoodlesNZ [@aaron-miller]: https://github.com/aaron-miller [@aepod]: https://github.com/aepod @@ -971,4 +979,4 @@ Please read the [docs]() for more details. [@yrcjaya]: https://github.com/yrcjaya [@zabacad]: https://github.com/zabacad [@zickzackv]: https://github.com/zickzackv -[@zoom-kris-anderson]: https://github.com/zoom-kris-anderson \ No newline at end of file +[@zoom-kris-anderson]: https://github.com/zoom-kris-anderson diff --git a/metadata.json b/metadata.json index d8fd544f..b8dd1508 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "datadog-datadog_agent", - "version": "3.13.0", + "version": "3.14.0", "author": "James Turnbull , Rob Terhaar , Jaime Fullaondo , Albert Vaca ", "summary": "Install the Datadog monitoring agent and report Puppet runs to Datadog", "license": "Apache-2.0", From fb08421f3fe666c7dce159e512952b6f36337f58 Mon Sep 17 00:00:00 2001 From: Albert Vaca Cintora Date: Wed, 29 Sep 2021 17:01:45 +0200 Subject: [PATCH 28/30] datadog-signing-keys install: fix order of execution (#721) Fix error "Unable to locate package datadog-signing-keys" on machines that still didn't have the datadog repo because "apt install" was triggered before "apt update". This doesn't make "apt update" trigger twice. --- CHANGELOG.md | 6 ++++-- manifests/ubuntu.pp | 4 +++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4c7e80fc..f6a29bf9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,8 @@ Changes # 3.14.0 / 2021-09-29 * [FEATURE] Support Raspbian as debian-based systems ([#719][]) (Thanks [@Mstrodl]) -* [BUGFIX] Add support for security-agent config ([#706][]) (Thanks [@florusboth]) +* [FEATURE] Add support for security-agent config ([#706][]) (Thanks [@florusboth]) +* [BUGFIX] Fix "Unable to locate package datadog-signing-keys" error on new installs ([#721][]) # 3.13.0 / 2021-08-11 @@ -864,6 +865,7 @@ Please read the [docs]() for more details. [#712]: https://github.com/DataDog/puppet-datadog-agent/issues/712 [#714]: https://github.com/DataDog/puppet-datadog-agent/issues/714 [#719]: https://github.com/DataDog/puppet-datadog-agent/issues/719 +[#721]: https://github.com/DataDog/puppet-datadog-agent/issues/721 [@Aramack]: https://github.com/Aramack [@BIAndrews]: https://github.com/BIAndrews [@ChannoneArif-nbcuni]: https://github.com/ChannoneArif-nbcuni @@ -979,4 +981,4 @@ Please read the [docs]() for more details. [@yrcjaya]: https://github.com/yrcjaya [@zabacad]: https://github.com/zabacad [@zickzackv]: https://github.com/zickzackv -[@zoom-kris-anderson]: https://github.com/zoom-kris-anderson +[@zoom-kris-anderson]: https://github.com/zoom-kris-anderson \ No newline at end of file diff --git a/manifests/ubuntu.pp b/manifests/ubuntu.pp index daeebeab..0b5e30fe 100644 --- a/manifests/ubuntu.pp +++ b/manifests/ubuntu.pp @@ -107,6 +107,8 @@ } package { 'datadog-signing-keys': - ensure => 'latest', + ensure => 'latest', + require => [Apt::Source['datadog'], + Class['apt::update']], } } From 2a6e87477ab96570d6ade52f14647f780aab1d7a Mon Sep 17 00:00:00 2001 From: ruthnaebeck <19349244+ruthnaebeck@users.noreply.github.com> Date: Fri, 22 Oct 2021 09:59:08 -0400 Subject: [PATCH 29/30] DOCS-2614 Update Datadog API page link (#723) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index cb2a4917..9ac7782e 100644 --- a/README.md +++ b/README.md @@ -311,7 +311,7 @@ class { "datadog_agent": (2) `hostname_extraction_regex` is useful when the Puppet module and the Datadog Agent are reporting different host names for the same host in the infrastructure list. [1]: https://forge.puppet.com/datadog/datadog_agent -[2]: https://app.datadoghq.com/account/settings#api +[2]: https://app.datadoghq.com/organization-settings/api-keys [3]: https://github.com/DataDog/dogapi-rb [4]: https://app.datadoghq.com/account/settings#integrations [5]: https://app.datadoghq.com/event/stream From afc6a51af19d850eab969190bd1448f0b4d12a45 Mon Sep 17 00:00:00 2001 From: ganeshkumarsv <53483484+ganeshkumarsv@users.noreply.github.com> Date: Thu, 6 Jan 2022 05:34:56 -0500 Subject: [PATCH 30/30] Setting up codescanning for puppet-datadog-agent (#724) --- .github/workflows/codeql-analysis.yml | 46 +++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 .github/workflows/codeql-analysis.yml diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 00000000..2d9e1f5c --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,46 @@ +name: "CodeQL" + +on: + push: + branches: [ main ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ main ] + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'ruby' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Learn more about CodeQL language support at https://git.io/codeql-language-support + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually + - name: Autobuild + uses: github/codeql-action/autobuild@v1 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1