Unverified Commit 297e5bb0 authored by Philip Taron's avatar Philip Taron Committed by GitHub
Browse files

amazon-cloudwatch-agent: let users specify configuration file paths (#358559)

parents 4751b209 43caf2e0

ci/OWNERS

+10 −8
Original line number Diff line number Diff line
@@ -142,6 +142,8 @@ nixos/modules/installer/tools/nix-fallback-paths.nix @NixOS/nix-team @raitobeza 
/nixos/modules/services/misc/amazon-ssm-agent.nix              @arianvp

/nixos/tests/amazon-ssm-agent.nix                              @arianvp

/nixos/modules/system/boot/grow-partition.nix                  @arianvp

/nixos/modules/services/monitoring/amazon-cloudwatch-agent.nix @philipmw

/nixos/tests/amazon-cloudwatch-agent.nix                       @philipmw



# nixos-rebuild-ng

/pkgs/by-name/ni/nixos-rebuild-ng                 @thiagokokada

nixos/modules/services/monitoring/amazon-cloudwatch-agent.nix

+80 −37
Original line number Diff line number Diff line
@@ -10,8 +10,16 @@ let 
  tomlFormat = pkgs.formats.toml { };

  jsonFormat = pkgs.formats.json { };



  commonConfigurationFile = tomlFormat.generate "common-config.toml" cfg.commonConfiguration;

  configurationFile = jsonFormat.generate "amazon-cloudwatch-agent.json" cfg.configuration;

  commonConfigurationFile =

    if (cfg.commonConfigurationFile == null) then

      (tomlFormat.generate "common-config.toml" cfg.commonConfiguration)

    else

      cfg.commonConfigurationFile;

  configurationFile =

    if (cfg.configurationFile == null) then

      (jsonFormat.generate "amazon-cloudwatch-agent.json" cfg.configuration)

    else

      cfg.configurationFile;

  # See https://docs.aws.amazon.com/prescriptive-guidance/latest/implementing-logging-monitoring-cloudwatch/create-store-cloudwatch-configurations.html#store-cloudwatch-configuration-s3.

  #

  # We don't use the multiple JSON configuration files feature,
@@ -24,13 +32,30 @@ in 
  options.services.amazon-cloudwatch-agent = {

    enable = lib.mkEnableOption "Amazon CloudWatch Agent";

    package = lib.mkPackageOption pkgs "amazon-cloudwatch-agent" { };

    commonConfiguration = lib.mkOption {

      type = tomlFormat.type;

      default = { };

    commonConfigurationFile = lib.mkOption {

      type = lib.types.nullOr lib.types.path;

      default = null;

      description = ''

        Amazon CloudWatch Agent common configuration. See

        <https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/install-CloudWatch-Agent-commandline-fleet.html#CloudWatch-Agent-profile-instance-first>

        for supported values.



        {option}`commonConfigurationFile` takes precedence over {option}`commonConfiguration`.



        Note: Restricted evaluation blocks access to paths outside the Nix store.

        This means detecting content changes for mutable paths (i.e. not input or content-addressed) can't be done.

        As a result, `nixos-rebuild` won't reload/restart the systemd unit when mutable path contents change.

        `systemctl restart amazon-cloudwatch-agent.service` must be used instead.

      '';

      example = "/etc/amazon-cloudwatch-agent/amazon-cloudwatch-agent.json";

    };

    commonConfiguration = lib.mkOption {

      type = tomlFormat.type;

      default = { };

      description = ''

        See {option}`commonConfigurationFile`.



        {option}`commonConfigurationFile` takes precedence over {option}`commonConfiguration`.

      '';

      example = {

        credentials = {
@@ -44,13 +69,34 @@ in 
        };

      };

    };

    configurationFile = lib.mkOption {

      type = lib.types.nullOr lib.types.path;

      default = null;

      description = ''

        Amazon CloudWatch Agent configuration file. See

        <https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Agent-Configuration-File-Details.html>

        for supported values.



        The following options aren't supported:

        * `agent.run_as_user`

          * Use {option}`user` instead.



        {option}`configurationFile` takes precedence over {option}`configuration`.



        Note: Restricted evaluation blocks access to paths outside the Nix store.

        This means detecting content changes for mutable paths (i.e. not input or content-addressed) can't be done.

        As a result, `nixos-rebuild` won't reload/restart the systemd unit when mutable path contents change.

        `systemctl restart amazon-cloudwatch-agent.service` must be used instead.

      '';

      example = "/etc/amazon-cloudwatch-agent/amazon-cloudwatch-agent.json";

    };

    configuration = lib.mkOption {

      type = jsonFormat.type;

      default = { };

      description = ''

        Amazon CloudWatch Agent configuration. See

        <https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Agent-Configuration-File-Details.html>

        for supported values.

        See {option}`configurationFile`.



        {option}`configurationFile` takes precedence over {option}`configuration`.

      '';

      # Subset of "CloudWatch agent configuration file: Complete examples" and "CloudWatch agent configuration file: Traces section" in the description link.

      #
@@ -110,6 +156,15 @@ in 
        };

      };

    };

    # Replaces "agent.run_as_user" from the configuration file.

    user = lib.mkOption {

      type = lib.types.str;

      default = "root";

      description = ''

        The user that runs the Amazon CloudWatch Agent.

      '';

      example = "amazon-cloudwatch-agent";

    };

    mode = lib.mkOption {

      type = lib.types.str;

      default = "auto";
@@ -122,7 +177,7 @@ in 
  };



  config = lib.mkIf cfg.enable {

    # See https://github.com/aws/amazon-cloudwatch-agent/blob/v1.300048.1/packaging/dependencies/amazon-cloudwatch-agent.service.

    # See https://github.com/aws/amazon-cloudwatch-agent/blob/v1.300049.1/packaging/dependencies/amazon-cloudwatch-agent.service.

    systemd.services.amazon-cloudwatch-agent = {

      description = "Amazon CloudWatch Agent";

      after = [ "network.target" ];
@@ -140,40 +195,28 @@ in 
        # 3. Runs "amazon-cloudwatch-agent" with the paths to these generated files.

        #

        # Re-implementing with systemd options.

        User = lib.attrByPath [

          "agent"

          "run_as_user"

        ] "root" cfg.configuration;

        User = cfg.user;

        RuntimeDirectory = "amazon-cloudwatch-agent";

        LogsDirectory = "amazon-cloudwatch-agent";

        ExecStartPre = ''

          ${cfg.package}/bin/config-translator \

            -config ${commonConfigurationFile} \

            -input ${configurationFile} \

            -input-dir ${configurationDirectory} \

            -mode ${cfg.mode} \

            -output ''${RUNTIME_DIRECTORY}/amazon-cloudwatch-agent.toml

        '';

        ExecStart = ''

          ${cfg.package}/bin/amazon-cloudwatch-agent \

            -config ''${RUNTIME_DIRECTORY}/amazon-cloudwatch-agent.toml \

            -envconfig ''${RUNTIME_DIRECTORY}/env-config.json \

            -otelconfig ''${RUNTIME_DIRECTORY}/amazon-cloudwatch-agent.yaml \

            -pidfile ''${RUNTIME_DIRECTORY}/amazon-cloudwatch-agent.pid

        '';

        ExecStartPre = builtins.concatStringsSep " " [

          "${cfg.package}/bin/config-translator"

          "-config ${commonConfigurationFile}"

          "-input ${configurationFile}"

          "-input-dir ${configurationDirectory}"

          "-mode ${cfg.mode}"

          "-output \${RUNTIME_DIRECTORY}/amazon-cloudwatch-agent.toml"

        ];

        ExecStart = builtins.concatStringsSep " " [

          "${cfg.package}/bin/amazon-cloudwatch-agent"

          "-config \${RUNTIME_DIRECTORY}/amazon-cloudwatch-agent.toml"

          "-envconfig \${RUNTIME_DIRECTORY}/env-config.json"

          "-otelconfig \${RUNTIME_DIRECTORY}/amazon-cloudwatch-agent.yaml"

          "-pidfile \${RUNTIME_DIRECTORY}/amazon-cloudwatch-agent.pid"

        ];

        KillMode = "process";

        Restart = "on-failure";

        RestartSec = 60;

      };

      restartTriggers = [

        cfg.package

        commonConfigurationFile

        configurationFile

        configurationDirectory

        cfg.mode

      ];

    };

  };



  meta.maintainers = pkgs.amazon-cloudwatch-agent.meta.maintainers;

}

nixos/tests/amazon-cloudwatch-agent.nix

+0 −1
Original line number Diff line number Diff line
@@ -27,7 +27,6 @@ import ./make-test-python.nix ( 
  in

  {

    name = "amazon-cloudwatch-agent";

    meta.maintainers = pkgs.amazon-cloudwatch-agent.meta.maintainers;



    nodes.machine =

      { config, pkgs, ... }:

pkgs/by-name/am/amazon-cloudwatch-agent/package.nix

+5 −3
Original line number Diff line number Diff line
@@ -16,13 +16,13 @@ buildGoModule rec { 
  src = fetchFromGitHub {

    owner = "aws";

    repo = "amazon-cloudwatch-agent";

    rev = "refs/tags/v${version}";

    tag = "v${version}";

    hash = "sha256-gJrK+ai+EEKvBErjOyvu677WykUPuxYy9NrR+qV2yyo=";

  };



  vendorHash = "sha256-OQSl7nFvnDjJbs756QN5ZE/Dx/AZqxsijG0Ks7FYCB8=";



  # See the list in https://github.com/aws/amazon-cloudwatch-agent/blob/v1.300048.1/Makefile#L68-L77.

  # See the list in https://github.com/aws/amazon-cloudwatch-agent/blob/v1.300049.1/Makefile#L68-L77.

  subPackages = [

    "cmd/config-downloader"

    "cmd/config-translator"
@@ -32,7 +32,7 @@ buildGoModule rec { 
    "cmd/amazon-cloudwatch-agent-config-wizard"

  ];



  # See https://github.com/aws/amazon-cloudwatch-agent/blob/v1.300048.1/Makefile#L57-L64.

  # See https://github.com/aws/amazon-cloudwatch-agent/blob/v1.300049.1/Makefile#L57-L64.

  #

  # Needed for "amazon-cloudwatch-agent -version" to not show "Unknown".

  postInstall = ''
@@ -43,6 +43,8 @@ buildGoModule rec { 


  nativeInstallCheckInputs = [ versionCheckHook ];



  versionCheckProgram = "${builtins.placeholder "out"}/bin/amazon-cloudwatch-agent";



  versionCheckProgramArg = "-version";



  passthru = {