From fa1ed8eb8bc5b2377c695508b9f7fd33e247f64e Mon Sep 17 00:00:00 2001 From: commiterate <111539270+commiterate@users.noreply.github.com> Date: Sat, 23 Nov 2024 14:26:07 -0500 Subject: [PATCH] amazon-cloudwatch-agent: let users specify configuration file paths --- ci/OWNERS | 18 +-- .../monitoring/amazon-cloudwatch-agent.nix | 117 ++++++++++++------ nixos/tests/amazon-cloudwatch-agent.nix | 1 - .../am/amazon-cloudwatch-agent/package.nix | 8 +- 4 files changed, 95 insertions(+), 49 deletions(-) diff --git a/ci/OWNERS b/ci/OWNERS index 35edeaf6cf7755..d4387057857234 100644 --- a/ci/OWNERS +++ b/ci/OWNERS @@ -134,14 +134,16 @@ nixos/modules/installer/tools/nix-fallback-paths.nix @NixOS/nix-team @raitobeza /nixos/modules/installer/sd-card/ # Amazon -/nixos/modules/virtualisation/amazon-init.nix @arianvp -/nixos/modules/virtualisation/ec2-data.nix @arianvp -/nixos/modules/virtualisation/amazon-options.nix @arianvp -/nixos/modules/virtualisation/amazon-image.nix @arianvp -/nixos/maintainers/scripts/ec2/ @arianvp -/nixos/modules/services/misc/amazon-ssm-agent.nix @arianvp -/nixos/tests/amazon-ssm-agent.nix @arianvp -/nixos/modules/system/boot/grow-partition.nix @arianvp +/nixos/modules/virtualisation/amazon-init.nix @arianvp +/nixos/modules/virtualisation/ec2-data.nix @arianvp +/nixos/modules/virtualisation/amazon-options.nix @arianvp +/nixos/modules/virtualisation/amazon-image.nix @arianvp +/nixos/maintainers/scripts/ec2/ @arianvp +/nixos/modules/services/misc/amazon-ssm-agent.nix @arianvp +/nixos/tests/amazon-ssm-agent.nix @arianvp +/nixos/modules/system/boot/grow-partition.nix @arianvp +/nixos/modules/services/monitoring/amazon-cloudwatch-agent.nix @philipmw +/nixos/tests/amazon-cloudwatch-agent.nix @philipmw # nixos-rebuild-ng /pkgs/by-name/ni/nixos-rebuild-ng @thiagokokada diff --git a/nixos/modules/services/monitoring/amazon-cloudwatch-agent.nix b/nixos/modules/services/monitoring/amazon-cloudwatch-agent.nix index fef2cfdd6fb5c0..c6f64b3754a67f 100644 --- a/nixos/modules/services/monitoring/amazon-cloudwatch-agent.nix +++ b/nixos/modules/services/monitoring/amazon-cloudwatch-agent.nix @@ -10,8 +10,16 @@ let tomlFormat = pkgs.formats.toml { }; jsonFormat = pkgs.formats.json { }; - commonConfigurationFile = tomlFormat.generate "common-config.toml" cfg.commonConfiguration; - configurationFile = jsonFormat.generate "amazon-cloudwatch-agent.json" cfg.configuration; + commonConfigurationFile = + if (cfg.commonConfigurationFile == null) then + (tomlFormat.generate "common-config.toml" cfg.commonConfiguration) + else + cfg.commonConfigurationFile; + configurationFile = + if (cfg.configurationFile == null) then + (jsonFormat.generate "amazon-cloudwatch-agent.json" cfg.configuration) + else + cfg.configurationFile; # See https://docs.aws.amazon.com/prescriptive-guidance/latest/implementing-logging-monitoring-cloudwatch/create-store-cloudwatch-configurations.html#store-cloudwatch-configuration-s3. # # We don't use the multiple JSON configuration files feature, @@ -24,13 +32,30 @@ in options.services.amazon-cloudwatch-agent = { enable = lib.mkEnableOption "Amazon CloudWatch Agent"; package = lib.mkPackageOption pkgs "amazon-cloudwatch-agent" { }; - commonConfiguration = lib.mkOption { - type = tomlFormat.type; - default = { }; + commonConfigurationFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; description = '' Amazon CloudWatch Agent common configuration. See for supported values. + + {option}`commonConfigurationFile` takes precedence over {option}`commonConfiguration`. + + Note: Restricted evaluation blocks access to paths outside the Nix store. + This means detecting content changes for mutable paths (i.e. not input or content-addressed) can't be done. + As a result, `nixos-rebuild` won't reload/restart the systemd unit when mutable path contents change. + `systemctl restart amazon-cloudwatch-agent.service` must be used instead. + ''; + example = "/etc/amazon-cloudwatch-agent/amazon-cloudwatch-agent.json"; + }; + commonConfiguration = lib.mkOption { + type = tomlFormat.type; + default = { }; + description = '' + See {option}`commonConfigurationFile`. + + {option}`commonConfigurationFile` takes precedence over {option}`commonConfiguration`. ''; example = { credentials = { @@ -44,13 +69,34 @@ in }; }; }; + configurationFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; + description = '' + Amazon CloudWatch Agent configuration file. See + + for supported values. + + The following options aren't supported: + * `agent.run_as_user` + * Use {option}`user` instead. + + {option}`configurationFile` takes precedence over {option}`configuration`. + + Note: Restricted evaluation blocks access to paths outside the Nix store. + This means detecting content changes for mutable paths (i.e. not input or content-addressed) can't be done. + As a result, `nixos-rebuild` won't reload/restart the systemd unit when mutable path contents change. + `systemctl restart amazon-cloudwatch-agent.service` must be used instead. + ''; + example = "/etc/amazon-cloudwatch-agent/amazon-cloudwatch-agent.json"; + }; configuration = lib.mkOption { type = jsonFormat.type; default = { }; description = '' - Amazon CloudWatch Agent configuration. See - - for supported values. + See {option}`configurationFile`. + + {option}`configurationFile` takes precedence over {option}`configuration`. ''; # Subset of "CloudWatch agent configuration file: Complete examples" and "CloudWatch agent configuration file: Traces section" in the description link. # @@ -110,6 +156,15 @@ in }; }; }; + # Replaces "agent.run_as_user" from the configuration file. + user = lib.mkOption { + type = lib.types.str; + default = "root"; + description = '' + The user that runs the Amazon CloudWatch Agent. + ''; + example = "amazon-cloudwatch-agent"; + }; mode = lib.mkOption { type = lib.types.str; default = "auto"; @@ -122,7 +177,7 @@ in }; config = lib.mkIf cfg.enable { - # See https://github.com/aws/amazon-cloudwatch-agent/blob/v1.300048.1/packaging/dependencies/amazon-cloudwatch-agent.service. + # See https://github.com/aws/amazon-cloudwatch-agent/blob/v1.300049.1/packaging/dependencies/amazon-cloudwatch-agent.service. systemd.services.amazon-cloudwatch-agent = { description = "Amazon CloudWatch Agent"; after = [ "network.target" ]; @@ -140,40 +195,28 @@ in # 3. Runs "amazon-cloudwatch-agent" with the paths to these generated files. # # Re-implementing with systemd options. - User = lib.attrByPath [ - "agent" - "run_as_user" - ] "root" cfg.configuration; + User = cfg.user; RuntimeDirectory = "amazon-cloudwatch-agent"; LogsDirectory = "amazon-cloudwatch-agent"; - ExecStartPre = '' - ${cfg.package}/bin/config-translator \ - -config ${commonConfigurationFile} \ - -input ${configurationFile} \ - -input-dir ${configurationDirectory} \ - -mode ${cfg.mode} \ - -output ''${RUNTIME_DIRECTORY}/amazon-cloudwatch-agent.toml - ''; - ExecStart = '' - ${cfg.package}/bin/amazon-cloudwatch-agent \ - -config ''${RUNTIME_DIRECTORY}/amazon-cloudwatch-agent.toml \ - -envconfig ''${RUNTIME_DIRECTORY}/env-config.json \ - -otelconfig ''${RUNTIME_DIRECTORY}/amazon-cloudwatch-agent.yaml \ - -pidfile ''${RUNTIME_DIRECTORY}/amazon-cloudwatch-agent.pid - ''; + ExecStartPre = builtins.concatStringsSep " " [ + "${cfg.package}/bin/config-translator" + "-config ${commonConfigurationFile}" + "-input ${configurationFile}" + "-input-dir ${configurationDirectory}" + "-mode ${cfg.mode}" + "-output \${RUNTIME_DIRECTORY}/amazon-cloudwatch-agent.toml" + ]; + ExecStart = builtins.concatStringsSep " " [ + "${cfg.package}/bin/amazon-cloudwatch-agent" + "-config \${RUNTIME_DIRECTORY}/amazon-cloudwatch-agent.toml" + "-envconfig \${RUNTIME_DIRECTORY}/env-config.json" + "-otelconfig \${RUNTIME_DIRECTORY}/amazon-cloudwatch-agent.yaml" + "-pidfile \${RUNTIME_DIRECTORY}/amazon-cloudwatch-agent.pid" + ]; KillMode = "process"; Restart = "on-failure"; RestartSec = 60; }; - restartTriggers = [ - cfg.package - commonConfigurationFile - configurationFile - configurationDirectory - cfg.mode - ]; }; }; - - meta.maintainers = pkgs.amazon-cloudwatch-agent.meta.maintainers; } diff --git a/nixos/tests/amazon-cloudwatch-agent.nix b/nixos/tests/amazon-cloudwatch-agent.nix index 2810ac0a72eacc..199f74c9b2a692 100644 --- a/nixos/tests/amazon-cloudwatch-agent.nix +++ b/nixos/tests/amazon-cloudwatch-agent.nix @@ -27,7 +27,6 @@ import ./make-test-python.nix ( in { name = "amazon-cloudwatch-agent"; - meta.maintainers = pkgs.amazon-cloudwatch-agent.meta.maintainers; nodes.machine = { config, pkgs, ... }: diff --git a/pkgs/by-name/am/amazon-cloudwatch-agent/package.nix b/pkgs/by-name/am/amazon-cloudwatch-agent/package.nix index 4ca8d31b14685a..c44f93213b79e3 100644 --- a/pkgs/by-name/am/amazon-cloudwatch-agent/package.nix +++ b/pkgs/by-name/am/amazon-cloudwatch-agent/package.nix @@ -16,13 +16,13 @@ buildGoModule rec { src = fetchFromGitHub { owner = "aws"; repo = "amazon-cloudwatch-agent"; - rev = "refs/tags/v${version}"; + tag = "v${version}"; hash = "sha256-546qUeRwaJ4iROf6kw/lnv/c7jSESP9yn3dXc7G/plI="; }; vendorHash = "sha256-de7F8tFv5C+lwUGrWHMK22Lynm0/4J0XH6mVryJtDjk="; - # See the list in https://github.com/aws/amazon-cloudwatch-agent/blob/v1.300048.1/Makefile#L68-L77. + # See the list in https://github.com/aws/amazon-cloudwatch-agent/blob/v1.300049.1/Makefile#L68-L77. subPackages = [ "cmd/config-downloader" "cmd/config-translator" @@ -32,7 +32,7 @@ buildGoModule rec { "cmd/amazon-cloudwatch-agent-config-wizard" ]; - # See https://github.com/aws/amazon-cloudwatch-agent/blob/v1.300048.1/Makefile#L57-L64. + # See https://github.com/aws/amazon-cloudwatch-agent/blob/v1.300049.1/Makefile#L57-L64. # # Needed for "amazon-cloudwatch-agent -version" to not show "Unknown". postInstall = '' @@ -43,6 +43,8 @@ buildGoModule rec { nativeInstallCheckInputs = [ versionCheckHook ]; + versionCheckProgram = "${builtins.placeholder "out"}/bin/${meta.mainProgram}"; + versionCheckProgramArg = "-version"; passthru = {