DataDog / dd-trace-php

Datadog PHP Clients
https://docs.datadoghq.com/tracing/setup/php
Other
504 stars 158 forks source link

[Feature] Add deb package to apt repos #1548

Open ToonSpinISAAC opened 2 years ago

ToonSpinISAAC commented 2 years ago

Is your feature request related to a problem? Please describe.

I'm installing DataDog on some PHP application servers, and am doing this manually with configuration management software. I've configured the DD agent repository and GPG keys, but now that I want to trace PHP applications I find that I have to manually download and then install a .deb file. This is cumbersome when what I want is just to do the configuration management equivalent of apt install datadog-php-tracer, which is much easier and more intuitive.

Also, since this software is not in DataDog's APT repos, that means I can't keep track of any security updates to the PHP tracer as part of my normal workflow - instead I will have to subscribe to this GitHub repository and manually keep track of any updates, also I have to document this and spread the knowledge on how DataDog PHP tracing works.

Describe the solution you'd like

I would like these packages to be available and maintained in APT repos and/or RPM repos.

Describe alternatives you've considered

None

Additional context None

labbati commented 2 years ago

Hello @ToonSpinISAAC and thank you for the feature request. We can use this to start a conversation, as in our original intents we were trying to move away from native packages in favor of a custom installer. Let me explain.

The installation process for us is a little complex, with the 'worst' part being to identify all the correct PHP binaries we could potentially install to, on all the thousands of different environments and combinations we have to install on.

Specifically, the most popular native packages formats (.deb, .rpm, .apk) don't give you access to the real $PATH (that we use in our post-install script), and thus we miss binaries especially in popular/custom installations (e.g. some magento/drupal images). Even worse, .apk blocks arbitrary environment variables to even reach the post install script, so you cannot even provide us the 'custom' $DD_TRACE_PHP_BIN that we use to be pointed to the correct binary. On top of that, we have optional modules (e.g. appsec and profiles that have not to be installed by default) that would require apt install switches (for example an ENV variable to be set? something else? for sure something to document).

For these reasons we were discussing moving away from native packages in favor of a custom installation script (that we already release in beta, see datadog-setup.php).

My feeling is that with this new installer (and even an improved version we plan to work on), things should be pretty easy to use and document, but I wanted to hear your opinion about that.

ToonSpinISAAC commented 2 years ago

Hi @labbati thanks for responding. This is a lot to think about and I think that informs my initial reaction.

What strikes me about your response, is that what seems to be your goal is to have people just install Datadog tracing by running a single script and have it work instantly in any environment. That's a laudable goal but it's also very ambitious and I wonder how robust that is against change.

For instance if the Debian team decided to place the PHP files in a different location in Bookworm, you'd have to adapt and support both setups, given that you support Wheezy and up (IIRC). Also you mention things like certain Magento or Drupal Docker images - if a new one comes along that gets traction, you're now forced to support and follow it to meet your goal.

You seem to have made the decision to keep things "central" and not have too many different install scripts. I can certainly see why that would make you want to ditch Linux packaging. I can also see why you might not want to abandon this approach willy-nilly.

From my perspective as an ops/infra engineer, on the other hand, installing with a script, especially on many machines, presents a bit of a challenge. I can have Puppet, which is what I use, run your script and probably also examine its output, but that's not really how Puppet works.

I am not really familiar with other configuration management software but I expect the following is the same for Chef, Salt, Ansible, and what have you: what Puppet does is examine the state of your system, examine what you want it to be, and apply the difference. This is why I like Debian packages: I can tell Puppet to make sure a package is installed and it will "make it so".

However, automatically downloading and running a script on what might be dozens of machines kind of feels like not a very smart thing to do. In this sort of situation I tend to reverse engineer what the script does, and make Puppet do that, but that PHP script is 1400 lines long and I can't really grok what it does quickly. Add to that that Puppet checks the state every 30 minutes in our setup, so now I have to either reverse engineer the script or have Puppet run it every 30 minutes...

All of this is meant mostly as an insight into my thought process. I leave it to you if this is something you want to act on / support / take seriously.

Installing the Datadog agent with Puppet was a bit easier, because there's an easy script way to do that, but in addition to that, there's also some documentation on how to install and configure it by hand if you want. So I was able to Puppetize those instructions and I am set in terms of the Datadog agent.

I have in fact been able to figure out the PHP agent because I have added the .deb to our internal APT repo, and will manually update it, so that's fine. Also if there were no Debian package I might have Puppet run the script unless php -i says dd-tracer is already installed - this can be done using the unless keyword of the exec resource, so it's not like this challenge cannot be overcome.

Perhaps some instructions on how to manually install the tracer might be helpful? Of course I don't really understand how complex it is, but if it amounts just to putting an .so and .ini file in the proper place, for example, then that would be very helpful for me personally, because I can easily Puppetize that.

Edited to mention that Datadog does in fact provide manual installation instructions.

Thanks for indulging me in this epic tale,

Toon Spin

razvanphp commented 1 year ago

Ok, I understand the packages limitations, but what about providing a docker container?

This one is very old, not sure why it was not maintained anymore: https://hub.docker.com/r/datadog/dd-trace-php/tags

Currently we have to do this on our own and takes FOREVER, especially with the rust cargo dependancy added.

FROM rust:latest as ddtrace-build

ARG DDTRACE_VERSION="0.89.0"

RUN apt-get update \
    && apt-get -y install \
        php7.4-cli \
        php-dev \
        make \
        php-pear

# install dd-trace
RUN pecl install datadog_trace-${DDTRACE_VERSION}
# install ddtrace extension from builder layer
COPY --from=ddtrace-build /usr/lib/php/20190902/ddtrace.so /usr/lib/php/20190902/ddtrace.so
RUN printf "[datadog]\nextension=ddtrace.so\n" >> /etc/php/7.4/mods-available/ddtrace.ini && phpenmod ddtrace