diff --git a/molecule/agent-local-forwarder/Dockerfile.j2 b/molecule/agent-local-forwarder/Dockerfile.j2 deleted file mode 100644 index 77cc15bf0..000000000 --- a/molecule/agent-local-forwarder/Dockerfile.j2 +++ /dev/null @@ -1,22 +0,0 @@ -# Molecule managed - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -{% if item.env is defined %} -{% for var, value in item.env.items() %} -{% if value %} -ENV {{ var }} {{ value }} -{% endif %} -{% endfor %} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then export DEBIAN_FRONTEND=noninteractive && apt-get update && apt-get install -y python3 sudo bash ca-certificates iproute2 python3-apt aptitude rsync && apt-get clean && rm -rf /var/lib/apt/lists/*; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install /usr/bin/python3 /usr/bin/python3-config /usr/bin/dnf-3 sudo bash iproute rsync && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y /usr/bin/python /usr/bin/python2-config sudo yum-plugin-ovl bash iproute rsync && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python3 sudo bash iproute2 rsync && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python3 sudo bash ca-certificates rsync; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python3 sudo bash ca-certificates iproute2 rsync && xbps-remove -O; fi diff --git a/molecule/agent-local-forwarder/converge.yml.template b/molecule/agent-local-forwarder/converge.yml.template index 9c45564d8..2169a80ee 100644 --- a/molecule/agent-local-forwarder/converge.yml.template +++ b/molecule/agent-local-forwarder/converge.yml.template @@ -2,6 +2,7 @@ - name: Converge hosts: all strategy: free + become: true roles: - role: sysdig.agent.agent_install vars: diff --git a/molecule/agent-local-forwarder/create.yml b/molecule/agent-local-forwarder/create.yml deleted file mode 100644 index b6e3b0eea..000000000 --- a/molecule/agent-local-forwarder/create.yml +++ /dev/null @@ -1,202 +0,0 @@ ---- -- name: Create - hosts: localhost - connection: local - gather_facts: false - no_log: "{{ molecule_no_log }}" - vars: - molecule_labels: - owner: molecule - tags: - - always - tasks: - - name: Set async_dir for HOME env - ansible.builtin.set_fact: - ansible_async_dir: "{{ lookup('env', 'HOME') }}/.ansible_async/" - when: (lookup('env', 'HOME')) - - - name: Log into a Docker registry - community.docker.docker_login: - username: "{{ item.registry.credentials.username }}" - password: "{{ item.registry.credentials.password }}" - email: "{{ item.registry.credentials.email | default(omit) }}" - registry: "{{ item.registry.url }}" - docker_host: "{{ item.docker_host | default(lookup('env', 'DOCKER_HOST') or 'unix://var/run/docker.sock') }}" - cacert_path: "{{ item.cacert_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/ca.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}" - cert_path: "{{ item.cert_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/cert.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}" - key_path: "{{ item.key_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/key.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}" - tls_verify: "{{ item.tls_verify | default(lookup('env', 'DOCKER_TLS_VERIFY')) or false }}" - with_items: "{{ molecule_yml.platforms }}" - when: - - item.registry is defined - - item.registry.url is defined and item.registry.url - - item.registry.credentials is defined - - item.registry.credentials.username is defined - no_log: true - - - name: Check presence of custom Dockerfiles - ansible.builtin.stat: - path: "{{ molecule_scenario_directory + '/' + (item.dockerfile | default('Dockerfile.j2')) }}" - loop: "{{ molecule_yml.platforms }}" - register: dockerfile_stats - - - name: Create Dockerfiles from image names - ansible.builtin.template: - # when using embedded playbooks the dockerfile is alongside them - src: "{%- if dockerfile_stats.results[i].stat.exists -%}\ - {{ molecule_scenario_directory + '/' + (item.dockerfile | default('Dockerfile.j2')) }}\ - {%- else -%}\ - {{ playbook_dir + '/Dockerfile.j2' }}\ - {%- endif -%}" - dest: "{{ molecule_ephemeral_directory }}/Dockerfile_{{ item.image | regex_replace('[^a-zA-Z0-9_]', '_') }}" - mode: "0600" - loop: "{{ molecule_yml.platforms }}" - loop_control: - index_var: i - when: not item.pre_build_image | default(false) - register: platforms - - - name: Synchronization the context - ansible.posix.synchronize: - src: "{%- if dockerfile_stats.results[i].stat.exists -%}\ - {{ molecule_scenario_directory + '/' }}\ - {%- else -%}\ - {{ playbook_dir + '/' }}\ - {%- endif -%}" - dest: "{{ molecule_ephemeral_directory }}" - rsync_opts: - - "--exclude=molecule.yml" - loop: "{{ molecule_yml.platforms }}" - loop_control: - index_var: i - when: not item.pre_build_image | default(false) - delegate_to: localhost - - - name: Discover local Docker images - community.docker.docker_image_info: - name: "molecule_local/{{ item.item.name }}" - docker_host: "{{ item.item.docker_host | default(lookup('env', 'DOCKER_HOST') or 'unix://var/run/docker.sock') }}" - cacert_path: "{{ item.cacert_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/ca.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}" - cert_path: "{{ item.cert_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/cert.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}" - key_path: "{{ item.key_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/key.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}" - tls_verify: "{{ item.tls_verify | default(lookup('env', 'DOCKER_TLS_VERIFY')) or false }}" - with_items: "{{ platforms.results }}" - when: - - not item.pre_build_image | default(false) - register: docker_images - - - name: Create docker network(s) - ansible.builtin.include_tasks: tasks/create_network.yml - with_items: "{{ molecule_yml.platforms | molecule_get_docker_networks(molecule_labels) }}" - loop_control: - label: "{{ item.name }}" - no_log: false - - - name: Build an Ansible compatible image (new) # noqa: no-handler - when: - - platforms.changed or docker_images.results | map(attribute='images') | select('equalto', []) | list | count >= 0 - - not item.item.pre_build_image | default(false) - community.docker.docker_image: - build: - path: "{{ molecule_ephemeral_directory }}" - dockerfile: "{{ item.invocation.module_args.dest }}" - pull: "{{ item.item.pull | default(true) }}" - network: "{{ item.item.network_mode | default(omit) }}" - args: "{{ item.item.buildargs | default(omit) }}" - platform: "{{ item.item.platform | default(omit) }}" - name: "molecule_local/{{ item.item.image }}" - docker_host: "{{ item.item.docker_host | default(lookup('env', 'DOCKER_HOST') or 'unix://var/run/docker.sock') }}" - cacert_path: "{{ item.cacert_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/ca.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}" - cert_path: "{{ item.cert_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/cert.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}" - key_path: "{{ item.key_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/key.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}" - tls_verify: "{{ item.tls_verify | default(lookup('env', 'DOCKER_TLS_VERIFY')) or false }}" - force_source: "{{ item.item.force | default(true) }}" - source: build - with_items: "{{ platforms.results }}" - loop_control: - label: "molecule_local/{{ item.item.image }}" - no_log: false - register: result - until: result is not failed - retries: 3 - delay: 30 - - - name: Determine the CMD directives - ansible.builtin.set_fact: - command_directives_dict: >- - {{ command_directives_dict | default({}) | - combine({item.name: item.command | default('bash -c "while true; do sleep 10000; done"')}) - }} - with_items: "{{ molecule_yml.platforms }}" - when: item.override_command | default(true) - - - name: Create molecule instance(s) - community.docker.docker_container: - name: "{{ item.name }}" - docker_host: "{{ item.docker_host | default(lookup('env', 'DOCKER_HOST') or 'unix://var/run/docker.sock') }}" - cacert_path: "{{ item.cacert_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/ca.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}" - cert_path: "{{ item.cert_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/cert.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}" - key_path: "{{ item.key_path | default((lookup('env', 'DOCKER_CERT_PATH') + '/key.pem') if lookup('env', 'DOCKER_CERT_PATH') else omit) }}" - tls_verify: "{{ item.tls_verify | default(lookup('env', 'DOCKER_TLS_VERIFY')) or false }}" - hostname: "{{ item.hostname | default(item.name) }}" - image: "{{ item.pre_build_image | default(false) | ternary('', 'molecule_local/') }}{{ item.image }}" - pull: "{{ item.pull | default(omit) }}" - memory: "{{ item.memory | default(omit) }}" - memory_swap: "{{ item.memory_swap | default(omit) }}" - state: started - recreate: false - log_driver: json-file - command: "{{ (command_directives_dict | default({}))[item.name] | default(omit) }}" - command_handling: "{{ item.command_handling | default('compatibility') }}" - user: "{{ item.user | default(omit) }}" - pid_mode: "{{ item.pid_mode | default(omit) }}" - runtime: "{{ item.runtime | default(omit) }}" - privileged: "{{ item.privileged | default(omit) }}" - security_opts: "{{ item.security_opts | default(omit) }}" - devices: "{{ item.devices | default(omit) }}" - links: "{{ item.links | default(omit) }}" - volumes: "{{ item.volumes | default(omit) }}" - mounts: "{{ item.mounts | default(omit) }}" - tmpfs: "{{ item.tmpfs | default(omit) }}" - capabilities: "{{ item.capabilities | default(omit) }}" - sysctls: "{{ item.sysctls | default(omit) }}" - exposed_ports: "{{ item.exposed_ports | default(omit) }}" - published_ports: "{{ item.published_ports | default(omit) }}" - ulimits: "{{ item.ulimits | default(omit) }}" - networks: "{{ item.networks | default(omit) }}" - network_mode: "{{ item.network_mode | default(omit) }}" - networks_cli_compatible: "{{ item.networks_cli_compatible | default(true) }}" - purge_networks: "{{ item.purge_networks | default(omit) }}" - dns_servers: "{{ item.dns_servers | default(omit) }}" - etc_hosts: "{{ item.etc_hosts | default(omit) }}" - env: "{{ item.env | default(omit) }}" - restart_policy: "{{ item.restart_policy | default(omit) }}" - restart_retries: "{{ item.restart_retries | default(omit) }}" - tty: "{{ item.tty | default(omit) }}" - labels: "{{ molecule_labels | combine(item.labels | default({})) }}" - container_default_behavior: >- - {{ item.container_default_behavior - | default('compatibility' if ansible_version.full is version_compare('2.10', '>=') else omit) }} - stop_signal: "{{ item.stop_signal | default(omit) }}" - kill_signal: "{{ item.kill_signal | default(omit) }}" - cgroupns_mode: "{{ item.cgroupns_mode | default(omit) }}" - shm_size: "{{ item.shm_size | default(omit) }}" - platform: "{{ item.platform | default(omit) }}" - comparisons: - platform: ignore - register: server - with_items: "{{ molecule_yml.platforms }}" - loop_control: - label: "{{ item.name }}" - no_log: false - async: 7200 - poll: 0 - - - name: Wait for instance(s) creation to complete - ansible.builtin.async_status: - jid: "{{ item.ansible_job_id }}" - register: docker_jobs - until: docker_jobs.finished - retries: 300 - with_items: "{{ server.results }}" - diff --git a/molecule/agent-local-forwarder/molecule.yml b/molecule/agent-local-forwarder/molecule.yml.template similarity index 54% rename from molecule/agent-local-forwarder/molecule.yml rename to molecule/agent-local-forwarder/molecule.yml.template index a25d68461..810a81d26 100644 --- a/molecule/agent-local-forwarder/molecule.yml +++ b/molecule/agent-local-forwarder/molecule.yml.template @@ -2,14 +2,19 @@ dependency: name: galaxy driver: - name: docker + name: ec2 platforms: - - name: centos-stream8 - image: quay.io/centos/centos:stream8 - pre_build_image: true - privileged: true + - name: amazon-2023-x86_64 + image: ami-05f216df7591e93b1 + instance_type: ${INSTANCE_TYPE_X86} + region: ${REGION} + vpc_subnet_id: ${VPC_SUBNET_ID} provisioner: name: ansible + playbooks: + create: ../resources/playbooks/create.yml + destroy: ../resources/playbooks/destroy.yml + prepare: ../resources/playbooks/prepare.yml scenario: create_sequence: - create diff --git a/molecule/agent-local-forwarder/tasks/create_network.yml b/molecule/agent-local-forwarder/tasks/create_network.yml deleted file mode 100644 index 794745a0d..000000000 --- a/molecule/agent-local-forwarder/tasks/create_network.yml +++ /dev/null @@ -1,35 +0,0 @@ -- name: Check if network exist - community.docker.docker_network_info: - name: "{{ item.name }}" - register: docker_netname - -- name: Create docker network(s) - community.docker.docker_network: - api_version: "{{ item.api_version | default(omit) }}" - appends: "{{ item.appends | default(omit) }}" - attachable: "{{ item.attachable | default(omit) }}" - ca_cert: "{{ item.ca_cert | default(omit) }}" - client_cert: "{{ item.client_cert | default(omit) }}" - client_key: "{{ item.client_key | default(omit) }}" - connected: "{{ item.connected | default(omit) }}" - debug: "{{ item.debug | default(omit) }}" - docker_host: "{{ item.docker_host | default(omit) }}" - driver: "{{ item.driver | default(omit) }}" - driver_options: "{{ item.driver_options | default(omit) }}" - enable_ipv6: "{{ item.enable_ipv6 | default(omit) }}" - force: "{{ item.force | default(omit) }}" - internal: "{{ item.internal | default(omit) }}" - ipam_config: "{{ item.ipam_config | default(omit) }}" - ipam_driver: "{{ item.ipam_driver | default(omit) }}" - ipam_driver_options: "{{ item.ipam_driver_options | default(omit) }}" - key_path: "{{ item.key_path | default(omit) }}" - labels: "{{ item.labels }}" - name: "{{ item.name }}" - scope: "{{ item.scope | default(omit) }}" - ssl_version: "{{ item.ssl_version | default(omit) }}" - state: "present" - timeout: "{{ item.timeout | default(omit) }}" - tls: "{{ item.tls | default(omit) }}" - tls_hostname: "{{ item.tls_hostname | default(omit) }}" - validate_certs: "{{ item.validate_certs | default(omit) }}" - when: not docker_netname.exists diff --git a/molecule/agent-local-forwarder/tasks/delete_network.yml b/molecule/agent-local-forwarder/tasks/delete_network.yml deleted file mode 100644 index cf3815fa7..000000000 --- a/molecule/agent-local-forwarder/tasks/delete_network.yml +++ /dev/null @@ -1,13 +0,0 @@ -- name: Retrieve network info - community.docker.docker_network_info: - name: "{{ item.name }}" - register: docker_netname - -- name: Delete docker network(s) - community.docker.docker_network: - name: "{{ item.name }}" - state: "absent" - when: - - docker_netname.exists - - docker_netname.network.Labels.owner is defined - - docker_netname.network.Labels.owner == 'molecule' diff --git a/molecule/agent-local-forwarder/tests/test_local_forwarder.py b/molecule/agent-local-forwarder/tests/test_local_forwarder.py index 8ff8ea69b..a280b4900 100644 --- a/molecule/agent-local-forwarder/tests/test_local_forwarder.py +++ b/molecule/agent-local-forwarder/tests/test_local_forwarder.py @@ -1,3 +1,4 @@ def test_forwarder_emitter(host): - f = host.file("/opt/draios/logs/draios.log") - assert f.contains("local forwarder enabled: true") + with host.sudo(): + f = host.file("/opt/draios/logs/draios.log") + assert f.contains("local forwarder enabled: true") diff --git a/molecule/agent-local-forwarder/validate-dockerfile.yml b/molecule/agent-local-forwarder/validate-dockerfile.yml deleted file mode 100644 index 9b4cf081e..000000000 --- a/molecule/agent-local-forwarder/validate-dockerfile.yml +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/env ansible-playbook ---- -- name: Validate dockerfile - hosts: localhost - connection: local - gather_facts: false - vars: - platforms: - # platforms supported as being managed by molecule/ansible, this does - # not mean molecule itself can run on them. - - image: alpine:edge - - image: quay.io/centos/centos:stream8 - - image: ubuntu:latest - - image: debian:latest - tags: - - always - tasks: - - name: Assure we have docker module installed - ansible.builtin.pip: - name: docker - - - name: Create temporary dockerfiles - ansible.builtin.tempfile: - prefix: "molecule-dockerfile-{{ item.image | replace('/', '-') }}" - suffix: build - register: temp_dockerfiles - with_items: "{{ platforms }}" - loop_control: - label: "{{ item.image }}" - - - name: Expand Dockerfile templates - ansible.builtin.template: - src: Dockerfile.j2 - dest: "{{ temp_dockerfiles.results[index].path }}" - mode: "0600" - register: result - with_items: "{{ platforms }}" - loop_control: - index_var: index - label: "{{ item.image }}" - - - name: Test Dockerfile template - community.docker.docker_image: - name: "{{ item.item.image }}" - build: - path: "." - dockerfile: "{{ item.dest }}" - pull: true - nocache: true - source: build - state: present - debug: true - force_source: true - with_items: "{{ result.results }}" - loop_control: - label: "{{ item.item.image }}" - register: result - - - name: Clean up temporary Dockerfile's - ansible.builtin.file: - path: "{{ item }}" - state: absent - mode: "0600" - loop: "{{ temp_dockerfiles.results | map(attribute='path') | list }}" - - - name: Display results - ansible.builtin.debug: - var: result diff --git a/molecule/agent-smoke-kmodule/molecule.yml.template b/molecule/agent-smoke-kmodule/molecule.yml.template index 8b528b667..a70d89352 100644 --- a/molecule/agent-smoke-kmodule/molecule.yml.template +++ b/molecule/agent-smoke-kmodule/molecule.yml.template @@ -45,11 +45,11 @@ platforms: instance_type: ${INSTANCE_TYPE_X86} region: ${REGION} vpc_subnet_id: ${VPC_SUBNET_ID} - - name: ubuntu-1804-x86_64 - image: ami-055744c75048d8296 - instance_type: ${INSTANCE_TYPE_X86} - region: ${REGION} - vpc_subnet_id: ${VPC_SUBNET_ID} +# - name: ubuntu-1804-x86_64 +# image: ami-055744c75048d8296 +# instance_type: ${INSTANCE_TYPE_X86} +# region: ${REGION} +# vpc_subnet_id: ${VPC_SUBNET_ID} - name: ubuntu-2004-x86_64 image: ami-06f8dce63a6b60467 instance_type: ${INSTANCE_TYPE_X86} diff --git a/molecule/agent-smoke-legacy-ebpf/molecule.yml.template b/molecule/agent-smoke-legacy-ebpf/molecule.yml.template index 8f04a815e..8b1d7c922 100644 --- a/molecule/agent-smoke-legacy-ebpf/molecule.yml.template +++ b/molecule/agent-smoke-legacy-ebpf/molecule.yml.template @@ -45,11 +45,11 @@ platforms: instance_type: ${INSTANCE_TYPE_X86} region: ${REGION} vpc_subnet_id: ${VPC_SUBNET_ID} - - name: ubuntu-1804-x86_64 - image: ami-055744c75048d8296 - instance_type: ${INSTANCE_TYPE_X86} - region: ${REGION} - vpc_subnet_id: ${VPC_SUBNET_ID} +# - name: ubuntu-1804-x86_64 +# image: ami-055744c75048d8296 +# instance_type: ${INSTANCE_TYPE_X86} +# region: ${REGION} +# vpc_subnet_id: ${VPC_SUBNET_ID} - name: ubuntu-2004-x86_64 image: ami-06f8dce63a6b60467 instance_type: ${INSTANCE_TYPE_X86} diff --git a/molecule/agent-uninstall-clean-all/molecule.yml.template b/molecule/agent-uninstall-clean-all/molecule.yml.template index c3f089a66..d7bc7cc25 100644 --- a/molecule/agent-uninstall-clean-all/molecule.yml.template +++ b/molecule/agent-uninstall-clean-all/molecule.yml.template @@ -45,11 +45,11 @@ platforms: instance_type: ${INSTANCE_TYPE_X86} region: ${REGION} vpc_subnet_id: ${VPC_SUBNET_ID} - - name: ubuntu-1804-x86_64 - image: ami-055744c75048d8296 - instance_type: ${INSTANCE_TYPE_X86} - region: ${REGION} - vpc_subnet_id: ${VPC_SUBNET_ID} +# - name: ubuntu-1804-x86_64 +# image: ami-055744c75048d8296 +# instance_type: ${INSTANCE_TYPE_X86} +# region: ${REGION} +# vpc_subnet_id: ${VPC_SUBNET_ID} - name: ubuntu-2004-x86_64 image: ami-06f8dce63a6b60467 instance_type: ${INSTANCE_TYPE_X86} diff --git a/plugins/filter/agent.py b/plugins/filter/agent.py index 4cb6682bc..1bceab959 100644 --- a/plugins/filter/agent.py +++ b/plugins/filter/agent.py @@ -1,4 +1,6 @@ from ansible.utils.display import Display +from distutils.version import LooseVersion + def to_agent_driver_type(data): """ Return the desired Sysdig Agent driver type """ try: @@ -24,6 +26,39 @@ def to_agent_version(data): return "latest" +def to_agent_version_pinned(data): + """ Returns True when the agent version to install is pinned, False otherwise + """ + v = to_agent_version(data) + if v and v != '' and v != "latest": + return True + return False + +def to_agent_install_packages(data): + """ Returns the agent packages to install + """ + pinned = to_agent_version_pinned(data) + older = False + if pinned: + version = to_agent_version(data) + minver = LooseVersion("1.0.0") + maxver = LooseVersion("13.1.0") + older = minver < LooseVersion(version) < maxver + if older: + return ["draios-agent"] + package_map = { + "universal_ebpf": ["draios-agent-slim"], + "legacy_ebpf": ["draios-agent-slim", "draios-agent-legacy-ebpf"], + "kmod": ["draios-agent", "draios-agent-slim", "draios-agent-kmodule"] + } + return package_map[to_agent_driver_type(data)] + +def to_agent_uninstall_packages(data): + """ Return the list of packages to be uninstalled + """ + all_packages = ["draios-agent", "draios-agent-legacy-ebpf", "draios-agent-slim", "draios-agent-kmodule"] + return [p for p in all_packages if p not in to_agent_install_packages(data)] + def to_agent_install_probe_build_dependencies(data): """ Return true or false depending on if the probe (legacy_ebpf|kmod) build dependencies should be installed @@ -39,5 +74,8 @@ def filters(self): return { "toAgentDriverType": to_agent_driver_type, "toAgentVersion": to_agent_version, + "toAgentVersionPinned": to_agent_version_pinned, + "toAgentInstallPackages": to_agent_install_packages, + "toAgentUninstallPackages": to_agent_uninstall_packages, "toAgentInstallProbeBuildDependencies": to_agent_install_probe_build_dependencies } diff --git a/roles/agent_install/tasks/main.yml b/roles/agent_install/tasks/main.yml index 9cfa6daf3..cfb77836d 100644 --- a/roles/agent_install/tasks/main.yml +++ b/roles/agent_install/tasks/main.yml @@ -3,6 +3,9 @@ ansible.builtin.set_fact: agent_install_version: "{{ configuration | sysdig.agent.toAgentVersion }}" agent_install_driver_type: "{{ configuration | sysdig.agent.toAgentDriverType | lower }}" + agent_install_pinned: "{{ configuration | sysdig.agent.toAgentVersionPinned }}" + agent_install_packages: "{{ configuration | sysdig.agent.toAgentInstallPackages }}" + agent_uninstall_packages: "{{ configuration | sysdig.agent.toAgentUninstallPackages }}" agent_install_probe_build_dependencies: "{{ configuration | sysdig.agent.toAgentInstallProbeBuildDependencies | bool }}" agent_install_deb_repository_url: "{{ configuration | sysdig.agent.toDebUrl | default('https://download.sysdig.com/stable/deb', true) }}" agent_install_deb_repository_gpgkey: "{{ configuration | sysdig.agent.toDebGpgKey | default('https://download.sysdig.com/DRAIOS-GPG-KEY.public', true) }}" @@ -10,6 +13,16 @@ agent_install_rpm_repository_gpgkey: "{{ configuration | sysdig.agent.toRpmGpgKey | default('https://download.sysdig.com/DRAIOS-GPG-KEY.public', true) }}" agent_install_local_forwarder_enabled: "{{ configuration | sysdig.agent.toLocalForwarderEnabled | bool }}" + +- name: Build versions suffix + ansible.builtin.set_fact: + agent_install_version_suffix: "{% if agent_install_pinned %}{% if ansible_pkg_mgr == 'apt' %}={{ agent_install_version }}{% else %}-{{ agent_install_version }}{% endif %}{% endif %}" + +- name: Build install package list + ansible.builtin.set_fact: + agent_install_package_list: "{{ agent_install_package_list | default([]) + [item + agent_install_version_suffix] }}" + with_items: "{{ agent_install_packages }}" + - name: Install Sysdig Agent block: - name: Validate Environment @@ -22,20 +35,16 @@ - name: Configure Sysdig Agent Repository ansible.builtin.include_tasks: "agent/configure-{{ 'rpm' if ansible_pkg_mgr in ['dnf', 'yum'] else 'deb' }}-repository.yml" - - name: Install Sysdig Agent (latest) + - name: Uninstall Unneeded Sysdig Agent Packages {{ agent_uninstall_packages }} ansible.builtin.package: - name: draios-agent - state: latest - when: (not agent_install_version) or - (agent_install_version and (agent_install_version == 'latest' or agent_install_version == "")) + name: "{{ agent_uninstall_packages }}" + state: absent + failed_when: false - - name: Install Sysdig Agent (pinned) + - name: Install Sysdig Agent Packages {{ agent_install_package_list }} ansible.builtin.package: - name: "draios-agent{% if agent_install_version != 'latest' %}{% if ansible_pkg_mgr == 'apt' %}={% else %}-{% endif %}{{ agent_install_version }}{% endif %}" + name: "{{ agent_install_package_list }}" state: present - when: - - agent_install_version - - agent_install_version != 'latest' - name: Create dragent.yaml file ansible.builtin.template: @@ -54,17 +63,17 @@ mode: 0644 when: agent_install_local_forwarder_enabled + - name: Create dragent env file + ansible.builtin.template: + src: dragent_ebpf_env_file.j2 + dest: "/etc/{% if ansible_pkg_mgr == 'apt' %}default{% else %}sysconfig{% endif %}/dragent" + owner: root + group: root + mode: 0o644 + - name: Enable Universal / Legacy eBPF when: agent_install_driver_type == "universal_ebpf" or agent_install_driver_type == "legacy_ebpf" block: - - name: (eBPF) Enable Universal / Legacy eBPF driver - ansible.builtin.template: - src: dragent_ebpf_env_file.j2 - dest: "/etc/{% if ansible_pkg_mgr == 'apt' %}default{% else %}sysconfig{% endif %}/dragent" - owner: root - group: root - mode: 0o644 - - name: (eBPF) Determine if sysdigcloud_probe module is loaded ansible.builtin.shell: cmd: | @@ -98,12 +107,6 @@ when: agent_install_probe_loaded_after_stop.stdout == 'LOADED' changed_when: agent_install_probe_removed.rc == 0 - - name: (kmod) Disable eBPF - ansible.builtin.file: - path: "/etc/{% if ansible_pkg_mgr == 'apt' %}default{% else %}sysconfig{% endif %}/dragent" - state: absent - when: agent_install_driver_type == "kmod" - - name: Start dragent Service block: - name: Start dragent Service diff --git a/roles/agent_uninstall/tasks/main.yml b/roles/agent_uninstall/tasks/main.yml index 9a3f158e1..576e3193e 100644 --- a/roles/agent_uninstall/tasks/main.yml +++ b/roles/agent_uninstall/tasks/main.yml @@ -13,7 +13,11 @@ - name: Remove Sysdig Agent Package ansible.builtin.package: - name: draios-agent + name: + - draios-agent + - draios-agent-slim + - draios-agent-kmodule + - draios-agent-legacy-ebpf state: absent - name: Cleanup Sysdig Agent Service Files