[chef] fips-proxy package support #853
Conversation
attributes/default.rb
Outdated
| @@ -42,18 +42,27 @@ | |||
| default['datadog']['agent_version'] = nil # nil to install latest | |||
| # Agent flavor to install, acceptable values are "datadog-agent", "datadog-iot-agent" | |||
| default['datadog']['agent_flavor'] = 'datadog-agent' # "datadog-agent" to install the datadog-agent package | |||
| # default['datadog']['fips_proxy_version'] = '0.1.0' | |||
There was a problem hiding this comment.
Is there a reason why this line is commented out? I think we should do the same thing as we do for agent_version by default, which would be setting it to nil.
| group 'root' | ||
| mode 0766 | ||
| content lazy { ::File.open('/etc/datadog-fips-proxy/datadog-fips-proxy.cfg.example').read } | ||
| not_if { ::File.exist?('/etc/datadog-fips-proxy/datadog-fips-proxy.cfg') } |
There was a problem hiding this comment.
Is the intention here to not overwrite the config file if it already exists? Most config management tools intentionally ensure that a file has specified contents. I'd prefer if we introduced config variables for what is supposed to go in this file (with the option to using "default" which would use the example file contents).
There was a problem hiding this comment.
Yes, that's the intention.
The complexity of this file is high, and should not really ever be touched by customers, hence the original decision. The number of potential HAproxy config changes a customer could implement in that file is really quite insane.
truthbk
force-pushed
the
jaime/fips-proxy
branch
from
3cb7340 to
c8a457d
Compare
attributes/default.rb
Outdated
| @@ -42,18 +42,27 @@ | |||
| default['datadog']['agent_version'] = nil # nil to install latest | |||
| # Agent flavor to install, acceptable values are "datadog-agent", "datadog-iot-agent" | |||
| default['datadog']['agent_flavor'] = 'datadog-agent' # "datadog-agent" to install the datadog-agent package | |||
| default['datadog']['fips_proxy_version'] = nil | |||
| default['datadog']['agent_version'] = nil # nil to install latest | |||
There was a problem hiding this comment.
This already exists above on line 42, I think this line was added by mistake?
attributes/default.rb
Outdated
|
|
||
| # Agent package options | ||
| # retries and retry_delay for package download/install | ||
| default['datadog']['agent_package_retries'] = nil | ||
| default['datadog']['agent_package_retry_delay'] = nil | ||
| default['datadog']['fips_proxy_package_retries'] = nil | ||
| default['datadog']['fips_proxy_package_retry_delay'] = nil |
There was a problem hiding this comment.
I would probably suggest using agent_package_retries and agent_package_retry_delay for both the Agent and the FIPS proxy. I know that the naming suggests that this would only apply to Agent, but I find it hard to believe that people would make these values different for Agent and FIPS proxy - most of the time, people will have to set both to exactly the same value and I don't think that's a great user experience. WDYT?
metadata.rb
Outdated
| @@ -3,7 +3,7 @@ | |||
| maintainer_email '[email protected]' | |||
| license 'Apache-2.0' | |||
| description 'Installs/Configures datadog components' | |||
| version '4.18.0' | |||
| version '4.20.0' | |||
There was a problem hiding this comment.
Version shouldn't be updated as part of a feature PR.
recipes/dd-fips-proxy.rb
Outdated
|
|
||
| is_windows = platform_family?('windows') | ||
|
|
||
| # Install the agent |
There was a problem hiding this comment.
| # Install the agent | |
| # Install the fips-proxy |
truthbk
force-pushed
the
jaime/fips-proxy
branch
from
ac751d0 to
8774594
Compare
This is barebones package support for a potential
datadog-fips-proxypackage.