[CECO-1804] Add remote policies (#821)

* add remote_policies * define service with installer
DataDog · Dec 2, 2024 · 61b1de0 · 61b1de0
1 parent da74780
commit 61b1de0
Show file tree

Hide file tree

Showing 5 changed files with 41 additions and 10 deletions.
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -256,6 +256,9 @@
 #   $remote_updates
 #       Boolean to enable or disable Agent remote updates.
 #       Boolean. Default: false
+#   $remote_policies
+#       Boolean to enable or disable Agent remote policies.
+#       Boolean. Default: false
 #
 # Sample Usage:
 #
@@ -384,6 +387,7 @@
   Optional[String] $windows_ddagentuser_name = undef,
   Optional[String] $windows_ddagentuser_password = undef,
   Boolean $remote_updates = $datadog_agent::params::remote_updates,
+  Boolean $remote_policies = $datadog_agent::params::remote_policies,
   Optional[Enum['host', 'docker', 'all']] $apm_instrumentation_enabled = undef,
   Optional[Array[String]] $apm_instrumentation_libraries = undef,
 ) inherits datadog_agent::params {
@@ -493,6 +497,7 @@
           apm_instrumentation_enabled       => $apm_instrumentation_enabled,
           apm_instrumentation_libraries_str => $apm_instrumentation_libraries_str,
           remote_updates                    => $remote_updates,
+          remote_policies                   => $remote_policies,
         }
       }
       'RedHat','CentOS','Fedora','Amazon','Scientific','OracleLinux','AlmaLinux','Rocky' : {
@@ -506,6 +511,7 @@
           apm_instrumentation_enabled       => $apm_instrumentation_enabled,
           apm_instrumentation_libraries_str => $apm_instrumentation_libraries_str,
           remote_updates                    => $remote_updates,
+          remote_policies                   => $remote_policies,
         }
       }
       'OpenSuSE', 'SLES' : {
@@ -519,6 +525,7 @@
           apm_instrumentation_enabled       => $apm_instrumentation_enabled,
           apm_instrumentation_libraries_str => $apm_instrumentation_libraries_str,
           remote_updates                    => $remote_updates,
+          remote_policies                   => $remote_policies,
         }
       }
       default: { fail("Class[datadog_agent::installer]: Unsupported operatingsystem: ${facts['os']['name']}") }
@@ -623,13 +630,28 @@
       }
     }
   } else {
-    # required to manage config and install info files even with installer
-    file { '/etc/datadog-agent':
-      ensure  => directory,
-      owner   => $dd_user,
-      group   => $dd_group,
-      mode    => $datadog_agent::params::permissions_directory,
-      require => Package['datadog-installer'],
+    class { 'datadog_agent::service' :
+      # Declare service for agent managed by installer with installer flavor
+      agent_flavor     => 'datadog-installer',
+      service_ensure   => $service_ensure,
+      service_enable   => $service_enable,
+      service_provider => $service_provider,
+    }
+    if ($facts['os']['name'] != 'Windows') {
+      if ($dd_groups) {
+        user { $dd_user:
+          groups => $dd_groups,
+          notify => Service[$datadog_agent::params::service_name],
+        }
+      }
+      # required to manage config and install info files even with installer
+      file { '/etc/datadog-agent':
+        ensure  => directory,
+        owner   => $dd_user,
+        group   => $dd_group,
+        mode    => $datadog_agent::params::permissions_directory,
+        require => Package['datadog-installer'],
+      }
     }
   }
 
@@ -891,6 +913,7 @@
       'log_file' => $agent_log_file,
       'log_level' => $log_level,
       'remote_updates' => $remote_updates,
+      'remote_policies' => $remote_policies,
       'tags' => unique(flatten(union($_local_tags, $_facts_tags, $_trusted_facts_tags))),
     }
 
@@ -929,11 +952,9 @@
         mode      => '0640',
         content   => template('datadog_agent/datadog.yaml.erb'),
         show_diff => false,
+        notify    => Service[$datadog_agent::params::service_name],
         require   => File['/etc/datadog-agent'],
       }
-      if ! $_agent_managed_by_installer {
-        File['/etc/datadog-agent/datadog.yaml']  ~> Service[$datadog_agent::params::service_name]
-      }
 
       file { '/etc/datadog-agent/install_info':
         owner   => $dd_user,

diff --git a/manifests/params.pp b/manifests/params.pp
@@ -19,6 +19,7 @@
   $logs_enabled                   = false
   $logs_open_files_limit          = undef
   $remote_updates                 = false
+  $remote_policies                = false
   $container_collect_all          = false
   $sysprobe_service_name          = 'datadog-agent-sysprobe'
   $securityagent_service_name     = 'datadog-agent-security'

diff --git a/manifests/redhat_installer.pp b/manifests/redhat_installer.pp
@@ -10,6 +10,7 @@
 # @param apm_instrumentation_enabled Optional[Enum['host', 'docker', 'all']]: Enable APM instrumentation for the specified environment (host, docker, or all).
 # @param apm_instrumentation_libraries_str Optional[String]: APM instrumentation libraries as a comma-separated string.
 # @param remote_updates Boolean: Whether to enable Agent remote updates. Default: false.
+# @param remote_policies Boolean: Whether to enable Agent remote policies. Default: false.
 #
 class datadog_agent::redhat_installer (
   String $api_key = 'your_API_key',
@@ -21,6 +22,7 @@
   Optional[Enum['host', 'docker', 'all']] $apm_instrumentation_enabled = undef,
   Optional[String] $apm_instrumentation_libraries_str = undef,
   Boolean $remote_updates = $datadog_agent::params::remote_updates,
+  Boolean $remote_policies = $datadog_agent::params::remote_policies,
 ) inherits datadog_agent::params {
   # Generate installer trace ID as a random 64-bit integer (Puppet does not support 128-bit integers)
   # Note: we cannot use fqdn_rand as the seed is dependent on the node, meaning the same trace ID would be generated on each run (for the same node)
@@ -108,6 +110,7 @@
       "DD_AGENT_MAJOR_VERSION=${agent_major_version}",
       "DD_AGENT_MINOR_VERSION=${agent_minor_version}",
       "DD_REMOTE_UPDATES=${remote_updates}",
+      "DD_REMOTE_POLICIES=${remote_policies}",
       "DD_APM_INSTRUMENTATION_ENABLED=${apm_instrumentation_enabled}",
       "DD_APM_INSTRUMENTATION_LIBRARIES=${apm_instrumentation_libraries_str}",
     ],

diff --git a/manifests/suse_installer.pp b/manifests/suse_installer.pp
@@ -10,6 +10,7 @@
 # @param apm_instrumentation_enabled Optional[Enum['host', 'docker', 'all']]: Enable APM instrumentation for the specified environment (host, docker, or all).
 # @param apm_instrumentation_libraries_str Optional[String]: APM instrumentation libraries as a comma-separated string.
 # @param remote_updates Boolean: Whether to enable Agent remote updates. Default: false.
+# @param remote_policies Boolean: Whether to enable Agent remote policies. Default: false.
 #
 class datadog_agent::suse_installer (
   String $api_key = 'your_API_key',
@@ -21,6 +22,7 @@
   Optional[Enum['host', 'docker', 'all']] $apm_instrumentation_enabled = undef,
   Optional[String] $apm_instrumentation_libraries_str = undef,
   Boolean $remote_updates = $datadog_agent::params::remote_updates,
+  Boolean $remote_policies = $datadog_agent::params::remote_policies,
 ) inherits datadog_agent::params {
   # Generate installer trace ID as a random 64-bit integer (Puppet does not support 128-bit integers)
   # Note: we cannot use fqdn_rand as the seed is dependent on the node, meaning the same trace ID would be generated on each run (for the same node)
@@ -121,6 +123,7 @@
       "DD_AGENT_MAJOR_VERSION=${agent_major_version}",
       "DD_AGENT_MINOR_VERSION=${agent_minor_version}",
       "DD_REMOTE_UPDATES=${remote_updates}",
+      "DD_REMOTE_POLICIES=${remote_policies}",
       "DD_APM_INSTRUMENTATION_ENABLED=${apm_instrumentation_enabled}",
       "DD_APM_INSTRUMENTATION_LIBRARIES=${apm_instrumentation_libraries_str}",
     ],

diff --git a/manifests/ubuntu_installer.pp b/manifests/ubuntu_installer.pp
@@ -15,6 +15,7 @@
 # @param apm_instrumentation_enabled Optional[Enum['host', 'docker', 'all']]: Enable APM instrumentation for the specified environment (host, docker, or all).
 # @param apm_instrumentation_libraries_str Optional[String]: APM instrumentation libraries as a comma-separated string.
 # @param remote_updates Boolean: Whether to enable Agent remote updates. Default: false.
+# @param remote_policies Boolean: Whether to enable Agent remote policies. Default: false.
 #
 class datadog_agent::ubuntu_installer (
   String $api_key = 'your_API_key',
@@ -43,6 +44,7 @@
   Optional[Enum['host', 'docker', 'all']] $apm_instrumentation_enabled = undef,
   Optional[String] $apm_instrumentation_libraries_str = undef,
   Boolean $remote_updates = $datadog_agent::params::remote_updates,
+  Boolean $remote_policies = $datadog_agent::params::remote_policies,
 ) inherits datadog_agent::params {
   # Generate installer trace ID as a random 64-bit integer (Puppet does not support 128-bit integers)
   # Note: we cannot use fqdn_rand as the seed is dependent on the node, meaning the same trace ID would be generated on each run (for the same node)
@@ -134,6 +136,7 @@
       "DD_AGENT_MAJOR_VERSION=${agent_major_version}",
       "DD_AGENT_MINOR_VERSION=${agent_minor_version}",
       "DD_REMOTE_UPDATES=${remote_updates}",
+      "DD_REMOTE_POLICIES=${remote_policies}",
       "DD_APM_INSTRUMENTATION_ENABLED=${apm_instrumentation_enabled}",
       "DD_APM_INSTRUMENTATION_LIBRARIES=${apm_instrumentation_libraries_str}",
     ],