search

signalfx / signalfx-agent

The SignalFx Smart Agent
https://signalfx.com
Apache License 2.0
124 stars 183 forks source link

Ansible Role #261

Closed camdixon closed 6 years ago

camdixon commented 6 years ago

The Ansible Role is not in Ansible Galaxy or mentioned on the main README.md page.

1) deployments/ansible/meta/main.yml you should change the author line to:

---
galaxy_info:
  author: signalfx
  description: Ansible role to install and configure the SignalFx Smart Agent
  company: SignalFx, Inc.
  license: Apache-2.0
  min_ansible_version: 1.9

This will allow you to submit your Smart Agent for SignalFx to Ansible Galaxy for easier adoption by Ansible users. Also, your docs do not say how to install the role, but it would be helpful to other users. I had to actually manually put the files there - or someone would need to install the Ansible specific folder by using the Github method described when Installing SignalFx for Ansible

After you're in Ansible Galaxy it would be the preferred method in the README.md of Ansible to show a simple role installation, and then playbook use. I realize you already have a sample playbook - the idea I'm suggesting is to make this a simpler install for onboarding new clients you prospect.

ansible-galaxy --install signalfx.signalfx-agent

The above command assumes Ansible Galaxy submission, and meta/main.yaml edit of "author" line to suggestion above.

camdixon commented 6 years ago

Also,

In your meta file you mention min_ansible_version: 1.9 however use import_tasks functionality in the role based on OS Family. This will need to be updated to min_ansible_version: 2.4.

http://docs.ansible.com/ansible/latest/modules/import_tasks_module.html

As an example in your role -> tasks/main.yaml 

- name: Import signalfx-agent deploy for CentOS or RHEL
  import_tasks: yum_repo.yml
  when: ansible_os_family in rhel_distro
camdixon commented 6 years ago

TASK [signalfx-agent-install : Add an Apt signing key for Signalfx Agent] *** fatal: [sc-cbs-hub01]: FAILED! => {"changed": false, "cmd": "/usr/bin/apt-key --keyring /etc/apt/trusted.gpg.d/signalfx.gpg add -", "msg": "ERROR: This command can only be used by root.", "rc": 1, "stderr": "ERROR: This command can only be used by root.\n", "stderr_lines": ["ERROR: This command can only be used by root."], "stdout": "", "stdout_lines": []}

In the roles -> signalfx-agent/tasks/debian_repo.yml

---
- name: Add an Apt signing key for Signalfx Agent
  apt_key:
    url: "{{ repo_base_url }}/debian.gpg"
    keyring: /etc/apt/trusted.gpg.d/signalfx.gpg
    state: present
  become: yes

Adding become: yes fixes this, and allows use of a vault password or ansible-playbook -K playbook-name.yml This will use the sudo user specified in your example playbook

Also applied to other 2 tasks in this file, because permission denied error received with these tasks.

rmfitzpatrick commented 6 years ago

@camdixon, we've updated the ansible role and uploaded it to Galaxy with corrected version information. Thank you for your notes and patience.

ansible-galaxy install signalfx.smart_agent

You can invoke the role by the same name (as opposed to signalfx-agent if using the source tree).

As far as adding explicit privilege escalation for the yum/apt tasks, I'm opting for that to be left to the user in their role or ansible-playbook invocation. If you feel this is an oversight, please open another issue and include your use case and why global or role-level directives aren't acceptable.