Readme is inaccurate w.r.t windows from the perspective of NPM #370
Comments
I believe this is accurate. @derekwbrown can you confirm? |
|
You need admin rights to install the NPM driver but also to install the base Agent. Using This is something that probably needs to be clarified in the docs, but if I'm not mistaken it shouldn't make any difference between installing just the Agent or the Agent + NPM. |
|
Based on my understanding of Ansible on Windows.. become is required for escalation - not only impersonation of another identity. To use WinRM to connect for windows the identity must be an administrator but, by default, they don't operate in an elevated context unless the become verb is used.
At my organization - we connect as UserA - which is local admin, and it fails NPM unless you "become" that same user, at which point you can successfully install the agent w/ NPM.
FWIW, we also use become verb to ensure %WINDIR%\Installer folder exists because for some reason, some of our machines are missing that folder and that affects windows installer's ability to install the agent.
I'm about to be OOO for 10 days but I'd be happy to submit a PR with a proposal for updated content on the readme upon my return if you'd like that.
Erik
From: Albert Vaca Cintora ***@***.***>
Sent: Wednesday, July 7, 2021 8:51 AM
To: DataDog/ansible-datadog ***@***.***>
Cc: Erik Jensen ***@***.***>; Author ***@***.***>
Subject: Re: [DataDog/ansible-datadog] Readme is inaccurate w.r.t windows from the perspective of NPM (#370)
EXTERNAL EMAIL: Always be cautious. COURRIEL EXTERNE : Il faut toujours être prudent.
You need admin rights to install the NPM driver but also to install the base Agent.
Using become needs some extra config as you pointed out, so we recommend not using it (but we assume your Ansible user will have admin rights).
This is something that probably needs to be clarified in the docs, but if I'm not mistaken it shouldn't make any difference between installing just the Agent or the Agent + NPM.
-
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FDataDog%2Fansible-datadog%2Fissues%2F370%23issuecomment-875670181&data=04%7C01%7Cejensen%40suncor.com%7C82b75d14135749b8e42e08d941569473%7C1aa5106811a64bd286461fff31a30ffc%7C1%7C0%7C637612662386097087%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=JTvRUPGG3IYId4FaigS3Z2mqY%2BYVVCX2T6EQYRNMy8g%3D&reserved=0>, or unsubscribe<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAID7KREINKMJAZNCRWDJT23TWRSTVANCNFSM47GITHQQ&data=04%7C01%7Cejensen%40suncor.com%7C82b75d14135749b8e42e08d941569473%7C1aa5106811a64bd286461fff31a30ffc%7C1%7C0%7C637612662386107043%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=GZSFGVsxyi7l1mnaEFVsPicO7DCRDAlMjG6OQh3UeJk%3D&reserved=0>.
…________________________________
---------------------------------------------------------
If you wish to no longer receive electronic messages from this sender, please respond and advise accordingly in your return email.
This email and its contents are private and confidential, for the sole use of the addressees. If you are not an intended recipient, copying, forwarding or other distribution of this email or its contents by any means is prohibited. If you believe that you received this email in error please notify the original sender and delete this communication and any copies immediately.
Petro-Canada is a Suncor Energy business.
150 - 6th Avenue S.W., Calgary, Alberta, Canada, T2P 3E3 (Corporate Head Office) / www.suncor.com
------------------------
Si vous ne voulez plus recevoir de messages électroniques de cet expéditeur, veuillez l'en aviser en répondant à ce courriel.
Ce courriel et son contenu sont privés et confidentiels, et sont destinés à l'usage exclusif des destinataires. Si vous n'êtes pas le destinataire prévu, toute reproduction, transfert ou autre forme de diffusion de ce courriel ou de son contenu par quelque moyen que ce soit est interdit. Si vous croyez avoir reçu ce courriel par erreur, veuillez en aviser l'expéditeur original et supprimer cette communication et toutes ses copies immédiatement.
Petro-Canada est une entreprise de Suncor Énergie.
150 - 6th Avenue S.W., Calgary, Alberta, Canada, T2P 3E3 (siège social) / www.suncor.com
|
|
Thanks Erik! Better docs around the use of |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In the readme file, under the heading Windows, it suggests we have to not use the become flag else the playbook will fail. I wanted to suggest that this is not universally accurate.
I can create a branch to propose a clarification. Here is the background.
Initially, I took that statement at face value and the agent does install correctly. However, when I added the network performance monitoring, NPM, I believe the become flag is critical because you need privilege escalation to install the NPM driver.
now mind you, in windows, other ansible variables are critical to getting become to work properly for example, the become_method, become_user and whatnot. so there are extra requirements.
if you agree in principle with the above issue, then I can write up some content and then optionally, we could use become for the required tasks or, just coach users to use become at the role-inclusion within their main/invoking playbook.
The text was updated successfully, but these errors were encountered: