From 612721a0ccad5206fdbe07b75ee5a403ad314842 Mon Sep 17 00:00:00 2001 From: commiterate <111539270+commiterate@users.noreply.github.com> Date: Sat, 23 Nov 2024 14:26:07 -0500 Subject: [PATCH] amazon-cloudwatch-agent: let users specify configuration file paths --- .../monitoring/amazon-cloudwatch-agent.nix | 112 +++++++++++++----- .../am/amazon-cloudwatch-agent/package.nix | 4 +- 2 files changed, 85 insertions(+), 31 deletions(-) diff --git a/nixos/modules/services/monitoring/amazon-cloudwatch-agent.nix b/nixos/modules/services/monitoring/amazon-cloudwatch-agent.nix index fef2cfdd6fb5c0..62d383f44629e9 100644 --- a/nixos/modules/services/monitoring/amazon-cloudwatch-agent.nix +++ b/nixos/modules/services/monitoring/amazon-cloudwatch-agent.nix @@ -10,8 +10,16 @@ let tomlFormat = pkgs.formats.toml { }; jsonFormat = pkgs.formats.json { }; - commonConfigurationFile = tomlFormat.generate "common-config.toml" cfg.commonConfiguration; - configurationFile = jsonFormat.generate "amazon-cloudwatch-agent.json" cfg.configuration; + commonConfigurationFile = + if (cfg.commonConfigurationFile == null) then + (tomlFormat.generate "common-config.toml" cfg.commonConfiguration) + else + cfg.commonConfigurationFile; + configurationFile = + if (cfg.configurationFile == null) then + (jsonFormat.generate "amazon-cloudwatch-agent.json" cfg.configuration) + else + cfg.configurationFile; # See https://docs.aws.amazon.com/prescriptive-guidance/latest/implementing-logging-monitoring-cloudwatch/create-store-cloudwatch-configurations.html#store-cloudwatch-configuration-s3. # # We don't use the multiple JSON configuration files feature, @@ -24,6 +32,18 @@ in options.services.amazon-cloudwatch-agent = { enable = lib.mkEnableOption "Amazon CloudWatch Agent"; package = lib.mkPackageOption pkgs "amazon-cloudwatch-agent" { }; + commonConfigurationFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; + description = '' + Amazon CloudWatch Agent common configuration. See + + for supported values. + + {option}`commonConfigurationFile` takes precedence over {option}`commonConfiguration`. + ''; + example = /etc/amazon-cloudwatch-agent/amazon-cloudwatch-agent.json; + }; commonConfiguration = lib.mkOption { type = tomlFormat.type; default = { }; @@ -31,6 +51,8 @@ in Amazon CloudWatch Agent common configuration. See for supported values. + + {option}`commonConfigurationFile` takes precedence over {option}`commonConfiguration`. ''; example = { credentials = { @@ -44,6 +66,22 @@ in }; }; }; + configurationFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; + description = '' + Amazon CloudWatch Agent configuration file. See + + for supported values. + + The following options aren't supported: + * `agent.run_as_user` + * Use {option}`user` instead. + + {option}`configurationFile` takes precedence over {option}`configuration`. + ''; + example = /etc/amazon-cloudwatch-agent/amazon-cloudwatch-agent.json; + }; configuration = lib.mkOption { type = jsonFormat.type; default = { }; @@ -51,6 +89,12 @@ in Amazon CloudWatch Agent configuration. See for supported values. + + The following options aren't supported: + * `agent.run_as_user` + * Use {option}`user` instead. + + {option}`configurationFile` takes precedence over {option}`configuration`. ''; # Subset of "CloudWatch agent configuration file: Complete examples" and "CloudWatch agent configuration file: Traces section" in the description link. # @@ -110,6 +154,15 @@ in }; }; }; + # Replaces "agent.run_as_user" from the configuration file. + user = lib.mkOption { + type = lib.types.str; + default = "root"; + description = '' + The user that runs the Amazon CloudWatch Agent. + ''; + example = "amazon-cloudwatch-agent"; + }; mode = lib.mkOption { type = lib.types.str; default = "auto"; @@ -122,7 +175,7 @@ in }; config = lib.mkIf cfg.enable { - # See https://github.com/aws/amazon-cloudwatch-agent/blob/v1.300048.1/packaging/dependencies/amazon-cloudwatch-agent.service. + # See https://github.com/aws/amazon-cloudwatch-agent/blob/v1.300049.1/packaging/dependencies/amazon-cloudwatch-agent.service. systemd.services.amazon-cloudwatch-agent = { description = "Amazon CloudWatch Agent"; after = [ "network.target" ]; @@ -140,38 +193,39 @@ in # 3. Runs "amazon-cloudwatch-agent" with the paths to these generated files. # # Re-implementing with systemd options. - User = lib.attrByPath [ - "agent" - "run_as_user" - ] "root" cfg.configuration; + User = cfg.user; RuntimeDirectory = "amazon-cloudwatch-agent"; LogsDirectory = "amazon-cloudwatch-agent"; - ExecStartPre = '' - ${cfg.package}/bin/config-translator \ - -config ${commonConfigurationFile} \ - -input ${configurationFile} \ - -input-dir ${configurationDirectory} \ - -mode ${cfg.mode} \ - -output ''${RUNTIME_DIRECTORY}/amazon-cloudwatch-agent.toml - ''; - ExecStart = '' - ${cfg.package}/bin/amazon-cloudwatch-agent \ - -config ''${RUNTIME_DIRECTORY}/amazon-cloudwatch-agent.toml \ - -envconfig ''${RUNTIME_DIRECTORY}/env-config.json \ - -otelconfig ''${RUNTIME_DIRECTORY}/amazon-cloudwatch-agent.yaml \ - -pidfile ''${RUNTIME_DIRECTORY}/amazon-cloudwatch-agent.pid - ''; + ExecStartPre = builtins.concatStringsSep " " [ + "${cfg.package}/bin/config-translator" + "-config ${commonConfigurationFile}" + "-input ${configurationFile}" + "-input-dir ${configurationDirectory}" + "-mode ${cfg.mode}" + "-output \${RUNTIME_DIRECTORY}/amazon-cloudwatch-agent.toml" + ]; + ExecStart = builtins.concatStringsSep " " [ + "${cfg.package}/bin/amazon-cloudwatch-agent" + "-config \${RUNTIME_DIRECTORY}/amazon-cloudwatch-agent.toml" + "-envconfig \${RUNTIME_DIRECTORY}/env-config.json" + "-otelconfig \${RUNTIME_DIRECTORY}/amazon-cloudwatch-agent.yaml" + "-pidfile \${RUNTIME_DIRECTORY}/amazon-cloudwatch-agent.pid" + ]; KillMode = "process"; Restart = "on-failure"; RestartSec = 60; }; - restartTriggers = [ - cfg.package - commonConfigurationFile - configurationFile - configurationDirectory - cfg.mode - ]; + restartTriggers = + [ + cfg.package + cfg.mode + configurationDirectory + ] + # If the file exists, use hashes instead of contents since contents may be long. + ++ (map (file: if (builtins.pathExists file) then (builtins.hashFile "sha256" file) else file) [ + commonConfigurationFile + configurationFile + ]); }; }; diff --git a/pkgs/by-name/am/amazon-cloudwatch-agent/package.nix b/pkgs/by-name/am/amazon-cloudwatch-agent/package.nix index 38d8136f127a6c..ed213acf4e12cd 100644 --- a/pkgs/by-name/am/amazon-cloudwatch-agent/package.nix +++ b/pkgs/by-name/am/amazon-cloudwatch-agent/package.nix @@ -22,7 +22,7 @@ buildGoModule rec { vendorHash = "sha256-zsASHuTXL3brRlgLPNb4wFPHkYpUWbOdRDCXQUwZjIY="; - # See the list in https://github.com/aws/amazon-cloudwatch-agent/blob/v1.300048.1/Makefile#L68-L77. + # See the list in https://github.com/aws/amazon-cloudwatch-agent/blob/v1.300049.1/Makefile#L68-L77. subPackages = [ "cmd/config-downloader" "cmd/config-translator" @@ -32,7 +32,7 @@ buildGoModule rec { "cmd/amazon-cloudwatch-agent-config-wizard" ]; - # See https://github.com/aws/amazon-cloudwatch-agent/blob/v1.300048.1/Makefile#L57-L64. + # See https://github.com/aws/amazon-cloudwatch-agent/blob/v1.300049.1/Makefile#L57-L64. # # Needed for "amazon-cloudwatch-agent -version" to not show "Unknown". postInstall = ''