diff --git a/attributes/default.rb b/attributes/default.rb index c37eec76..086eeebf 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -367,6 +367,10 @@ default['datadog']['system_probe']['debug_port'] = 0 default['datadog']['system_probe']['bpf_debug'] = false default['datadog']['system_probe']['enable_conntrack'] = false +# Enable this switch will install NPM driver and sysprobe, as well as generate the config file. +# Turning on this setting will effectively turn on the setting(s) automatically: +# ['datadog']['system_probe']['enabled'] +default['datadog']['system_probe']['network_enabled'] = false # Logs functionality settings (Agent 6/7 only) # Set `enable_logs_agent` to: diff --git a/libraries/recipe_helpers.rb b/libraries/recipe_helpers.rb index b93e6004..37b38150 100644 --- a/libraries/recipe_helpers.rb +++ b/libraries/recipe_helpers.rb @@ -95,7 +95,7 @@ def ddagentuser_password(node) end def npm_install(node) - run_state_or_attribute(node, 'windows_npm_install') + run_state_or_attribute(node, 'windows_npm_install') || run_state_or_attribute_system_probe(node, 'network_enabled') end def cookbook_version(run_context) @@ -130,6 +130,14 @@ def run_state_or_attribute(node, attribute) node['datadog'][attribute] end end + + def run_state_or_attribute_system_probe(node, attribute) + if node.run_state.key?('datadog') && node.run_state['datadog'].key?('system_probe') && node.run_state['datadog']['system_probe'].key?(attribute) + node.run_state['datadog']['system_probe'][attribute] + else + node['datadog']['system_probe'][attribute] + end + end end module WindowsInstallHelpers diff --git a/recipes/_install-windows.rb b/recipes/_install-windows.rb index 0223e452..6dd51b97 100644 --- a/recipes/_install-windows.rb +++ b/recipes/_install-windows.rb @@ -105,7 +105,7 @@ def unmute_host(context) install_options.concat(' DDAGENTUSER_NAME=%DDAGENTUSER_NAME%') if ddagentuser_name install_options.concat(' DDAGENTUSER_PASSWORD=%DDAGENTUSER_PASSWORD%') if ddagentuser_password - install_options.concat(" NPM=#{dd_agent_install_npm}") if dd_agent_install_npm + install_options.concat(' ADDLOCAL=MainApplication,NPM') if dd_agent_install_npm end package 'Datadog Agent removal' do diff --git a/recipes/dd-agent.rb b/recipes/dd-agent.rb index e0e616e2..27672ba0 100644 --- a/recipes/dd-agent.rb +++ b/recipes/dd-agent.rb @@ -158,11 +158,12 @@ def template_vars system_probe_managed = node['datadog']['system_probe']['manage_config'] agent_version_greater_than_6_11 = agent_major_version > 5 && (agent_minor_version.nil? || agent_minor_version > 11) || agent_major_version > 6 +agent_version_greater_than_6_26 = agent_major_version > 5 && (agent_minor_version.nil? || agent_minor_version > 26) -# System probe requires at least agent 6.12, before that it was called the network-tracer -system_probe_supported = agent_version_greater_than_6_11 && !is_windows +# System probe requires at least agent 6.12 on Linux or 6.27 on Windows, before that it was called the network-tracer or unsupported. +system_probe_supported = (agent_version_greater_than_6_11 && !is_windows) || (agent_version_greater_than_6_26 && is_windows) -# system-probe is a dependency of the agent on Linux +# system-probe is a dependency of the agent on Linux or Windows include_recipe 'datadog::system-probe' if system_probe_managed && system_probe_supported # Installation metadata to let know the agent about installation method and its version diff --git a/recipes/system-probe.rb b/recipes/system-probe.rb index 04392061..155b4724 100644 --- a/recipes/system-probe.rb +++ b/recipes/system-probe.rb @@ -17,13 +17,21 @@ # limitations under the License. # +is_windows = platform_family?('windows') + # Set the correct agent startup action -sysprobe_enabled = node['datadog']['system_probe']['enabled'] +sysprobe_enabled = node['datadog']['system_probe']['enabled'] || node['datadog']['system_probe']['network_enabled'] sysprobe_agent_start = sysprobe_enabled ? :start : :stop # # Configures system-probe agent -system_probe_config_file = '/etc/datadog-agent/system-probe.yaml' +system_probe_config_file = + if is_windows + 'C:/ProgramData/Datadog/system-probe.yaml' + else + '/etc/datadog-agent/system-probe.yaml' + end + system_probe_config_file_exists = ::File.exist?(system_probe_config_file) template system_probe_config_file do @@ -44,12 +52,20 @@ enable_conntrack: node['datadog']['system_probe']['enable_conntrack'], extra_config: extra_config ) - owner 'root' - group 'dd-agent' - mode '640' - notifies :restart, 'service[datadog-agent-sysprobe]', :delayed if node['datadog']['system_probe']['enabled'] + + if is_windows + owner 'Administrators' + rights :full_control, 'Administrators' + inherits false + else + owner 'root' + group 'dd-agent' + mode '640' + end + + notifies :restart, 'service[datadog-agent-sysprobe]', :delayed if sysprobe_enabled # since process-agent collects network info through system-probe, enabling system-probe should also restart process-agent - notifies :restart, 'service[datadog-agent]', :delayed if node['datadog']['system_probe']['enabled'] + notifies :restart, 'service[datadog-agent]', :delayed if sysprobe_enabled # System probe is not enabled and the file doesn't exists, don't create it not_if { !sysprobe_enabled && !system_probe_config_file_exists } @@ -58,9 +74,19 @@ # Common configuration service_provider = Chef::Datadog.service_provider(node) +service_name = is_windows ? 'datadog-system-probe' : 'datadog-agent-sysprobe' + service 'datadog-agent-sysprobe' do + service_name service_name action [sysprobe_agent_start] provider service_provider unless service_provider.nil? + if is_windows + supports :restart => true, :start => true, :stop => true + restart_command "powershell restart-service #{service_name} -Force" + stop_command "powershell stop-service #{service_name} -Force" + else + supports :restart => true, :status => true, :start => true, :stop => true + end supports :restart => true, :status => true, :start => true, :stop => true - subscribes :restart, "template[#{system_probe_config_file}]", :delayed if node['datadog']['system_probe']['enabled'] + subscribes :restart, "template[#{system_probe_config_file}]", :delayed if sysprobe_enabled end diff --git a/spec/system-probe_spec.rb b/spec/system-probe_spec.rb index 26cc9fd8..bb94f14e 100644 --- a/spec/system-probe_spec.rb +++ b/spec/system-probe_spec.rb @@ -65,6 +65,8 @@ it 'contains expected YAML configuration' do expected_yaml = <<-EOF + network_config: + enabled: false system_probe_config: bpf_debug: true debug_port: 123 @@ -114,6 +116,8 @@ it 'contains expected YAML configuration' do expected_yaml = <<-EOF + network_config: + enabled: false system_probe_config: bpf_debug: false debug_port: 0 diff --git a/templates/default/system_probe.yaml.erb b/templates/default/system_probe.yaml.erb index c205ffc1..84545271 100644 --- a/templates/default/system_probe.yaml.erb +++ b/templates/default/system_probe.yaml.erb @@ -1,13 +1,16 @@ <% ## Populate system_probe_config ## system_probe_config = { - system_probe_config: @extra_config.merge({ - enabled: node['datadog']['system_probe']["enabled"], - sysprobe_socket: node['datadog']['system_probe']['sysprobe_socket'], - debug_port: node['datadog']['system_probe']['debug_port'], - bpf_debug: node['datadog']['system_probe']['bpf_debug'], - enable_conntrack: node['datadog']['system_probe']['enable_conntrack'], - }) + system_probe_config: { + enabled: @enabled, + sysprobe_socket: @sysprobe_socket, + debug_port: @debug_port, + bpf_debug: @bpf_debug, + enable_conntrack: @enable_conntrack, + }.merge(@extra_config), + network_config: { + enabled: node['datadog']['system_probe']['network_enabled'], + } } -%> # Generated by Chef, local modifications will be overwritten