Add conf.d-available, set CAP_DAC_READ_SEARCH (#112)

* set CAP_DAC_READ_SEARCH during install Signed-off-by: Justin Kolberg <[email protected]> * add conf.d-available directory Signed-off-by: Justin Kolberg <[email protected]> * add missing expected pkg files Signed-off-by: Justin Kolberg <[email protected]> * move examples to conf.d-available Signed-off-by: Justin Kolberg <[email protected]> * fix verify_installer.sh Signed-off-by: Justin Kolberg <[email protected]> --------- Signed-off-by: Justin Kolberg <[email protected]>
SumoLogic · Sep 3, 2024 · f939d71 · f939d71
1 parent 1e2db51
commit f939d71
Show file tree

Hide file tree

Showing 19 changed files with 61 additions and 12 deletions.
diff --git a/assets/productbuild/uninstall.sh b/assets/productbuild/uninstall.sh
@@ -42,6 +42,7 @@ collector_files=(
   "/Library/LaunchDaemons/com.sumologic.otelcol-sumo.plist"
   "/etc/otelcol-sumo/sumologic.yaml"
   "/etc/otelcol-sumo/conf.d"
+  "/etc/otelcol-sumo/conf.d-available"
   "/etc/otelcol-sumo"
   "/usr/local/bin/otelcol-config"
   "/usr/local/bin/otelcol-sumo"
@@ -52,7 +53,7 @@ collector_files=(
 
 # A list of files & directories to remove for hostmetrics
 hostmetrics_files=(
-  "/etc/otelcol-sumo/conf.d/hostmetrics.yaml"
+  "/etc/otelcol-sumo/conf.d-available/hostmetrics.yaml"
 )
 
 function package_is_registered() {

diff --git a/ci/verify_installer.sh b/ci/verify_installer.sh
@@ -47,7 +47,8 @@ expected_collector_files=(
   "etc/otelcol-sumo"
   "etc/otelcol-sumo/conf.d"
   "etc/otelcol-sumo/conf.d/common.yaml"
-  "etc/otelcol-sumo/conf.d/examples"
+  "etc/otelcol-sumo/conf.d-available"
+  "etc/otelcol-sumo/conf.d-available/examples"
   "etc/otelcol-sumo/sumologic.yaml"
   "Library/Application Support/otelcol-sumo"
   "Library/Application Support/otelcol-sumo/uninstall.sh"
@@ -61,7 +62,7 @@ expected_collector_files=(
 
 # a list of files that the hostmetrics package should install
 expected_hostmetrics_files=(
-  "etc/otelcol-sumo/conf.d/hostmetrics.yaml"
+  "etc/otelcol-sumo/conf.d-available/hostmetrics.yaml"
 )
 
 function install_package() {
@@ -229,7 +230,7 @@ for f in "${all_collector_files[@]}"; do
     continue
   fi
 
-  if [[ " $(dirname "${collector_file}") " == " etc/otelcol-sumo/conf.d/examples " ]]; then
+  if [[ " $(dirname "${collector_file}") " == " etc/otelcol-sumo/conf.d-available/examples " ]]; then
     continue
   fi
 

diff --git a/components/otelcol-sumo.cmake b/components/otelcol-sumo.cmake
@@ -79,16 +79,31 @@ macro(install_otc_config_fragment_directory)
   )
 endmacro()
 
-# e.g. /etc/otelcol-sumo/conf.d/examples
+# e.g. /etc/otelcol-sumo/conf.d-available
+macro(install_otc_config_fragments_available_directory)
+  require_variables(
+    "OTC_CONFIG_FRAGMENTS_AVAILABLE_DIR"
+  )
+  install(
+    DIRECTORY
+    DESTINATION "${OTC_CONFIG_FRAGMENTS_AVAILABLE_DIR}"
+    DIRECTORY_PERMISSIONS
+      OWNER_READ OWNER_WRITE OWNER_EXECUTE
+      GROUP_READ GROUP_WRITE GROUP_EXECUTE
+    COMPONENT otelcol-sumo
+  )
+endmacro()
+
+# e.g. /etc/otelcol-sumo/conf.d-available/examples
 macro(install_otc_config_examples)
   require_variables(
-    "OTC_CONFIG_FRAGMENTS_DIR"
+    "OTC_CONFIG_FRAGMENTS_AVAILABLE_DIR"
     "ASSETS_DIR"
   )
 
   install(
     DIRECTORY
-    DESTINATION "${OTC_CONFIG_FRAGMENTS_DIR}/examples"
+    DESTINATION "${OTC_CONFIG_FRAGMENTS_AVAILABLE_DIR}/examples"
     DIRECTORY_PERMISSIONS
       OWNER_READ OWNER_WRITE OWNER_EXECUTE
       GROUP_READ GROUP_WRITE GROUP_EXECUTE
@@ -100,7 +115,7 @@ macro(install_otc_config_examples)
   foreach(example ${examples})
     install(
       FILES "${example}"
-      DESTINATION "${OTC_CONFIG_FRAGMENTS_DIR}/examples"
+      DESTINATION "${OTC_CONFIG_FRAGMENTS_AVAILABLE_DIR}/examples"
       PERMISSIONS
         OWNER_READ OWNER_WRITE OWNER_EXECUTE
         GROUP_READ GROUP_WRITE GROUP_EXECUTE
@@ -282,11 +297,11 @@ endmacro()
 macro(install_otc_darwin_hostmetrics_yaml)
   require_variables(
     "ASSETS_DIR"
-    "OTC_CONFIG_FRAGMENTS_DIR"
+    "OTC_CONFIG_FRAGMENTS_AVAILABLE_DIR"
   )
   install(
     FILES "${ASSETS_DIR}/conf.d/darwin.yaml"
-    DESTINATION "${OTC_CONFIG_FRAGMENTS_DIR}"
+    DESTINATION "${OTC_CONFIG_FRAGMENTS_AVAILABLE_DIR}"
     RENAME "hostmetrics.yaml"
     PERMISSIONS
       OWNER_READ OWNER_WRITE
@@ -300,11 +315,11 @@ endmacro()
 macro(install_otc_linux_hostmetrics_yaml)
   require_variables(
     "ASSETS_DIR"
-    "OTC_CONFIG_FRAGMENTS_DIR"
+    "OTC_CONFIG_FRAGMENTS_AVAILABLE_DIR"
   )
   install(
     FILES "${ASSETS_DIR}/conf.d/linux.yaml"
-    DESTINATION "${OTC_CONFIG_FRAGMENTS_DIR}"
+    DESTINATION "${OTC_CONFIG_FRAGMENTS_AVAILABLE_DIR}"
     RENAME "hostmetrics.yaml"
     PERMISSIONS
       OWNER_READ OWNER_WRITE

diff --git a/settings/otc.cmake b/settings/otc.cmake
@@ -29,6 +29,7 @@ macro(set_otc_settings)
   set(OTC_BIN_DIR "usr/local/bin")
   set(OTC_CONFIG_DIR "etc/otelcol-sumo")
   set(OTC_CONFIG_FRAGMENTS_DIR "${OTC_CONFIG_DIR}/conf.d")
+  set(OTC_CONFIG_FRAGMENTS_AVAILABLE_DIR "${OTC_CONFIG_DIR}/conf.d-available")
   set(OTC_USER_ENV_DIR "${OTC_CONFIG_DIR}/env")
   set(OTC_STATE_DIR "var/lib/otelcol-sumo")
   set(OTC_FILESTORAGE_STATE_DIR "${OTC_STATE_DIR}/file_storage")
@@ -37,6 +38,7 @@ macro(set_otc_settings)
   set(OTC_LOG_DIR "var/log/otelcol-sumo")
 
   # File paths
+  set(OTC_BIN_PATH "${OTC_BIN_DIR}/${OTC_BINARY}")
   set(OTC_SUMOLOGIC_CONFIG_PATH "${OTC_CONFIG_DIR}/${OTC_SUMOLOGIC_CONFIG}")
 
   ##

diff --git a/templates/hooks/common.cmake b/templates/hooks/common.cmake
@@ -15,6 +15,7 @@ function(render_common_hook_templates)
     "OTC_CONFIG_PATH"
     "OTC_USER_ENV_DIR"
     "OTC_CONFIG_FRAGMENT_DIR"
+    "OTC_BIN_PATH"
   )
 
   set(file_names

diff --git a/templates/hooks/common/darwin-functions.in b/templates/hooks/common/darwin-functions.in
@@ -1,3 +1,4 @@
+# -*- mode: sh; -*- vim: ft=sh :
 # shellcheck disable=SC2148
 
 # get_uid will print a user's id if found or nothing if not found

diff --git a/templates/hooks/common/linux-functions.in b/templates/hooks/common/linux-functions.in
@@ -1,3 +1,4 @@
+# -*- mode: sh; -*- vim: ft=sh :
 # shellcheck disable=SC2148
 
 # user_missing will return 0 if the user exists, non-zero if it does not

diff --git a/templates/hooks/common/otc-darwin-functions.in b/templates/hooks/common/otc-darwin-functions.in
@@ -1,3 +1,4 @@
+# -*- mode: sh; -*- vim: ft=sh :
 # shellcheck disable=SC2148
 # $0 - path to this script
 # $1 - path to the package

diff --git a/templates/hooks/common/otc-linux-functions.in b/templates/hooks/common/otc-linux-functions.in
@@ -1,3 +1,4 @@
+# -*- mode: sh; -*- vim: ft=sh :
 # shellcheck disable=SC2148
 
 set_file_ownership()
@@ -11,3 +12,15 @@ set_file_ownership()
           @OTC_USER_ENV_DIR@ \
           @OTC_CONFIG_FRAGMENTS_DIR@
 }
+
+set_capabilities()
+{
+    echo -e "Setting the CAP_DAC_READ_SEARCH Linux capability on the " \
+        "collector binary to allow it to read host metrics from /proc " \
+        "directory: setcap 'cap_dac_read_search=ep' \"@OTC_BIN_PATH@\""
+    echo -e "You can remove it with the following command: " \
+        "sudo setcap -r \"@OTC_BIN_PATH@\""
+    echo -e "Without this capability, the collector will not be able to " \
+        "collect some of the host metrics."
+    setcap 'cap_dac_read_search=ep' "@OTC_BIN_PATH@"
+}
diff --git a/templates/hooks/deb/postinst.in b/templates/hooks/deb/postinst.in
@@ -1,10 +1,12 @@
 #!/bin/sh
+# -*- mode: sh; -*- vim: ft=sh :
 
 @otc_linux_functions@
 
 case "$1" in
     configure)
     set_file_ownership
+    set_capabilities
     ;;
 
     abort-upgrade|abort-remove|abort-deconfigure)

diff --git a/templates/hooks/deb/postrm.in b/templates/hooks/deb/postrm.in
@@ -1,4 +1,5 @@
 #!/bin/sh
+# -*- mode: sh; -*- vim: ft=sh :
 
 case "$1" in
     purge)

diff --git a/templates/hooks/deb/preinst.in b/templates/hooks/deb/preinst.in
@@ -1,4 +1,5 @@
 #!/bin/sh
+# -*- mode: sh; -*- vim: ft=sh :
 
 @common_linux_functions@
 

diff --git a/templates/hooks/deb/prerm.in b/templates/hooks/deb/prerm.in
@@ -1,4 +1,5 @@
 #!/bin/sh
+# -*- mode: sh; -*- vim: ft=sh :
 
 case "$1" in
     remove)

diff --git a/templates/hooks/productbuild/postflight.in b/templates/hooks/productbuild/postflight.in
@@ -1,4 +1,5 @@
 #!/bin/sh
+# -*- mode: sh; -*- vim: ft=sh :
 
 # $0 - path to this script
 # $1 - path to the package

diff --git a/templates/hooks/productbuild/preflight.in b/templates/hooks/productbuild/preflight.in
@@ -1,4 +1,5 @@
 #!/bin/sh
+# -*- mode: sh; -*- vim: ft=sh :
 
 # $0 - path to this script
 # $1 - path to the package

diff --git a/templates/hooks/rpm/after-install.in b/templates/hooks/rpm/after-install.in
@@ -1,13 +1,16 @@
 #!/bin/sh
+# -*- mode: sh; -*- vim: ft=sh :
 
 @otc_linux_functions@
 
 case "$1" in
     1) # initial install
     set_file_ownership
+    set_capabilities
     ;;
     2) # upgrade
     set_file_ownership
+    set_capabilities
     ;;
 
 esac

diff --git a/templates/hooks/rpm/after-remove.in b/templates/hooks/rpm/after-remove.in
@@ -1,4 +1,5 @@
 #!/bin/sh
+# -*- mode: sh; -*- vim: ft=sh :
 
 case "$1" in
     0) # uninstall

diff --git a/templates/hooks/rpm/before-install.in b/templates/hooks/rpm/before-install.in
@@ -1,4 +1,5 @@
 #!/bin/sh
+# -*- mode: sh; -*- vim: ft=sh :
 
 @common_linux_functions@
 

diff --git a/templates/hooks/rpm/before-remove.in b/templates/hooks/rpm/before-remove.in
@@ -1,4 +1,5 @@
 #!/bin/sh
+# -*- mode: sh; -*- vim: ft=sh :
 
 case "$1" in
     0) # uninstall