Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add datadog user to groups through pillar config #66

Open
dmfay opened this issue Mar 23, 2021 · 4 comments
Open

add datadog user to groups through pillar config #66

dmfay opened this issue Mar 23, 2021 · 4 comments

Comments

@dmfay
Copy link

dmfay commented Mar 23, 2021

I'm managing several Ubuntu servers in AWS EC2 and want to ship /var/log/auth.log up to Datadog. However, the dd-agent user does not have permission to open the file since it does not belong to the adm group.

$ ls -al /var/log/auth.log
-rw-r----- 1 syslog adm 9824 Mar 22 17:50 /var/log/auth.log
$ sudo -u dd-agent groups
dd-agent

I can add dd-agent to the group on existing servers manually through Salt:

$ sudo salt 'targets' user.chgroups dd-agent adm append=True
$ sudo salt 'targets' service.restart datadog-agent

But it'd be nice to be able to specify the group membership in the pillar and avoid manual configuration steps (or an extra state across a bunch of minion classes in the topfile), especially as new minions come online.
@KSerrania
Copy link
Contributor

KSerrania commented Apr 21, 2021
edited
Loading

Hey @dmfay,

Thanks for the report! That would indeed be useful. It's also something we already do in the other configuration management tools (eg. in ansible-datadog), so it'd be nice to have the same capabilities here too. I'll add a task in our backlog to track this request.

@matthew-williams
Copy link

I would love this as well. Just had to override your init.sls to do this manually.

@matthew-williams
Copy link

matthew-williams commented May 17, 2022
edited
Loading

Tested on Ubuntu 18.04 && 20.04.3
My fix for now, I'll add it in a PR at some point:
useroverrides.sls

# Add dd-agent into the group adm so it can monitor the correct logs.
dd-agent-group:
  cmd.run:
    - name: usermod -a -G adm dd-agent
    - onlyif: id dd-agent|grep -v adm

add useroverrides.sls to your init.sls for datadog:

include:
  - datadog.install
  - datadog.config
  - datadog.useroverrides
  - datadog.service

NOTE: we use a gitfs so it might be added in a different place for you. Wherever you import your formulas in put it in there.

@far-blue
Copy link

far-blue commented Aug 9, 2022

it would be great if this functionality was added by default.

Regarding overriding, remember salt filesystems are merged in priority order so if you create a local datadog folder with am init.sls containing the above modified include statement, alongside whatever extra sls files you want, then in theory it should all just work :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@far-blue @dmfay @matthew-williams @KSerrania