ansible-datadog icon indicating copy to clipboard operation
ansible-datadog copied to clipboard
verified publisher icon DataDog

Compatibility for containerized agent

Open dysonfrost opened this issue 6 years ago • 4 comments

This PR fixes an issue with datadog-agent.service using a containerized agent. By default Ansible will handle the service as root. In a containerized environment datadog.service needs to be manipulated as dd-agent, else it will result in a failed state and leave a zombie process.

dysonfrost avatar Apr 25 '19 13:04 dysonfrost

Thanks @dysonfrost. We'll need to test this before considering adding this change to an upcoming version of the role. In order for us to test this, could you tell us which Ansible version you are running?

In a containerized environment datadog.service needs to be manipulated as dd-agent, else it will result in a failed state and leave a zombie process.

It would be good if you could add any specific information regarding the setup you are currently using, so that we can follow up appropriately.

dabcoder avatar Apr 30 '19 15:04 dabcoder

Hey @dabcoder, I've ran this role on my local machine using Ansible and deployed the agent within a docker container. Below the specific informations about my setup:

Host informations:

$ cat /etc/*release LSB_VERSION=1.4 DISTRIB_ID=Arch DISTRIB_RELEASE=rolling DISTRIB_DESCRIPTION="Arch Linux"

Ansible version:

$ ansible --version ansible 2.7.10 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/myuser/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.7/site-packages/ansible executable location = /usr/bin/ansible python version = 3.7.3 (default, Mar 26 2019, 21:43:19) [GCC 8.2.1 20181127]

Container informations:

$ cat /etc/*release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=18.04 DISTRIB_CODENAME=bionic DISTRIB_DESCRIPTION="Ubuntu 18.04.2 LTS"

I'm also using the AWS CodeBuild service to build Ansible and installed the datadog-agent within the same container.

CodeBuild docker image version:

Ubuntu 14.04 or Ubuntu 18.04

CodeBuild Ansible version:

$ ansible --version ansible 2.5.1 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/dist-packages/ansible executable location = /usr/bin/ansible python version = 2.7.15rc1 (default, Nov 12 2018, 14:31:15) [GCC 7.3.0]

I hope I have provided you with sufficient information.

dysonfrost avatar Apr 30 '19 16:04 dysonfrost

Hi @dabcoder

I just made some changes to my initial commit as I encountered various compatibility issues wether I was using a virtual machine, a container or a physical host.

To verify if the agent is installed in a container, the simplest way is to check the file path of /.dockerenv. If the file exists, it's a container.

The datadog-agent service is now handled using a dict to differentiate which user should restart it, based on the stat path result of .dockerenv.

I made sure that the acl package is installed, otherwise ansible returns the following error message when dd-agent tries to restart the service as an unprivileged user:

"msg": "Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 1, err: chown: changing ownership of '/var/tmp/ansible-tmp-1557241743.4241443-65026615924143/': Operation not permitted\nchown: changing ownership of '/var/tmp/ansible-tmp-1557241743.4241443-65026615924143/AnsiballZ_sysvinit.py': Operation not permitted\n}). For information on working around this, see https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user"

I also moved the services used by datadog as a list in defaults/main.yml.

dysonfrost avatar May 07 '19 16:05 dysonfrost

@dysonfrost Thanks a lot! Haven't had a chance to review that but will do it asap and will get back to you.

dabcoder avatar May 14 '19 16:05 dabcoder