Skip to content

Commit 14e8592

Browse files
sigiliosogsanchezgavier
sigilioso
and
gsanchezgavier
authored
feat(agent-control): use agent-control-cli to generate configuration [NR-475245] (#1277)
* feat(agent-control): use agent-control-cli to generate configuration * feat: support set version from env var --------- Co-authored-by: Guillermo Sanchez Gavier <[email protected]>
1 parent 61738ed commit 14e8592

File tree

3 files changed

+132
-508
lines changed

3 files changed

+132
-508
lines changed

recipes/newrelic/infrastructure/agent-control/debian.yml

Lines changed: 44 additions & 170 deletions
Original file line numberDiff line numberDiff line change
@@ -96,12 +96,8 @@ install:
9696
- task: update_apt_nr_source
9797
- task: install_agent_control
9898
- task: update_otel_license_key
99-
- task: config_supervisors
100-
- task: config_fleet_id
101-
- task: config_fleet_control
102-
- task: config_agent_control_auth
99+
- task: config_agent_control
103100
- task: config_host_monitoring_otel
104-
- task: config_agent_control_proxy
105101
- task: update_otel_mem_limit
106102
- task: update_otel_end_point
107103
- task: migrate_newrelic_infra_config
@@ -381,7 +377,8 @@ install:
381377
fi
382378
fi
383379
vars:
384-
NEW_RELIC_AGENT_VERSION: "1.1.0"
380+
# Allows to set an specific version from the cli
381+
NEW_RELIC_AGENT_VERSION: '{{ .NEW_RELIC_AGENT_VERSION | default "1.2.0" }}'
385382
silent: true
386383

387384
# If configured to do so, migrate the newrelic-infra configuration for usage with New Relic Agent Control
@@ -429,163 +426,60 @@ install:
429426
echo "OTEL_EXPORTER_OTLP_ENDPOINT=https://${url}:4317/" >> /etc/newrelic-agent-control/newrelic-agent-control.conf
430427
fi
431428
432-
config_supervisors:
429+
config_agent_control:
433430
status:
434431
- test -f /etc/newrelic-agent-control/.nr-cli
435432
cmds:
436433
- |
437-
# We install otel if explicitly requested, otherwise we install the infra agent
434+
# Local config for Agent Control (agents)
438435
if [ "{{.HOST_OTEL}}" == "true" ] ; then
439-
cp /etc/newrelic-agent-control/examples/agent-control-config-nr-otel-collector.yaml /etc/newrelic-agent-control/config.yaml
436+
AGENT_SET="otel"
440437
else
441-
cp /etc/newrelic-agent-control/examples/agent-control-config-nr-infra-agent.yaml /etc/newrelic-agent-control/config.yaml
438+
AGENT_SET="infra-agent"
442439
fi
443-
444-
config_fleet_id:
445-
status:
446-
- test -f /etc/newrelic-agent-control/.nr-cli
447-
cmds:
448-
- |
449-
if [ ! -z "{{.NR_CLI_FLEET_ID}}" ] ; then
450-
sed -i '/^\s*#\s*fleet_id:/s/# //' /etc/newrelic-agent-control/config.yaml
451-
sed -i 's/fleet_id: FLEET_ID_HERE/fleet_id: {{.NR_CLI_FLEET_ID}}/g' /etc/newrelic-agent-control/config.yaml
452-
fi
453-
454-
config_fleet_control:
455-
status:
456-
- test -f /etc/newrelic-agent-control/.nr-cli
457-
cmds:
458-
- |
459-
if [ "{{.NEW_RELIC_AGENT_CONTROL_FLEET_ENABLED}}" = "false" ]; then
460-
sed -i '/^\s*fleet_control:/s/^/#/' /etc/newrelic-agent-control/config.yaml
461-
sed -i '/^\s*endpoint: https:\/\/opamp/s/^/#/' /etc/newrelic-agent-control/config.yaml
440+
# Proxy configuration
441+
if [ ! -z "{{.NEW_RELIC_AGENT_CONTROL_PROXY_URL}}" ] ; then
442+
AC_PROXY_ARGS="--proxy-url {{.NEW_RELIC_AGENT_CONTROL_PROXY_URL}}"
443+
if [ ! -z "{{.NEW_RELIC_AGENT_CONTROL_PROXY_CA_BUNDLE_FILE}}" ] ; then
444+
AC_PROXY_ARGS="$AC_PROXY_ARGS --proxy-ca-bundle-file {{.NEW_RELIC_AGENT_CONTROL_PROXY_CA_BUNDLE_FILE}}"
445+
fi
446+
if [ ! -z "{{.NEW_RELIC_AGENT_CONTROL_PROXY_CA_BUNDLE_DIR}}" ] ; then
447+
AC_PROXY_ARGS="$AC_PROXY_ARGS --proxy-ca-bundle-dir {{.NEW_RELIC_AGENT_CONTROL_PROXY_CA_BUNDLE_DIR}}"
448+
fi
449+
if [ "{{.NEW_RELIC_AGENT_CONTROL_PROXY_IGNORE_SYSTEM}}" == "true" ] ; then
450+
AC_PROXY_ARGS="$AC_PROXY_ARGS --ignore-system-proxy"
451+
fi
462452
else
463-
sed -i 's/s*#\s*fleet_control:/fleet_control:/g' /etc/newrelic-agent-control/config.yaml
464-
sed -i '/^\s*#\s*endpoint: https:\/\/opamp/s/# //' /etc/newrelic-agent-control/config.yaml
453+
AC_PROXY_ARGS=""
465454
fi
466-
- |
455+
# Config generation
467456
if [ "{{.NEW_RELIC_AGENT_CONTROL_FLEET_ENABLED}}" = "false" ]; then
468-
sed -i '/^\s*api-key:/s/^/#/' /etc/newrelic-agent-control/config.yaml
469-
sed -i '/^\s*headers:/s/^/#/' /etc/newrelic-agent-control/config.yaml
470-
else
471-
sed -i '/^\s*#\s*api-key:/s/# //' /etc/newrelic-agent-control/config.yaml
472-
sed -i '/^\s*#\s*headers:/s/# //' /etc/newrelic-agent-control/config.yaml
473-
fi
474-
- |
475-
if [ "{{.NEW_RELIC_AGENT_CONTROL_FLEET_ENABLED}}" != "false" ] ; then
476-
sed -i 's/api-key: API_KEY_HERE/api-key: {{ .NEW_RELIC_LICENSE_KEY }}/g' /etc/newrelic-agent-control/config.yaml
477-
fi
478-
- |
479-
if [ "{{.NEW_RELIC_REGION}}" = "STAGING" ]; then
480-
sed -i 's/\(endpoint: https:\/\/opamp.\).*/\1'"staging-service.newrelic.com\/v1\/opamp"'/' /etc/newrelic-agent-control/config.yaml
481-
sed -i '/^fleet_control:/a \ signature_validation:\n public_key_server_url: https:\/\/staging-publickeys.newrelic.com\/r\/blob-management\/global\/agentconfiguration\/jwks.json' /etc/newrelic-agent-control/config.yaml
482-
elif [ "{{.NEW_RELIC_REGION}}" = "EU" ]; then
483-
sed -i 's/\(endpoint: https:\/\/opamp.\).*/\1'"service.eu.newrelic.com\/v1\/opamp"'/' /etc/newrelic-agent-control/config.yaml
484-
sed -i '/^fleet_control:/a \ signature_validation:\n public_key_server_url: https:\/\/publickeys.eu.newrelic.com\/r\/blob-management\/global\/agentconfiguration\/jwks.json' /etc/newrelic-agent-control/config.yaml
485-
else
486-
sed -i 's/\(endpoint: https:\/\/opamp.\).*/\1'"service.newrelic.com\/v1\/opamp"'/' /etc/newrelic-agent-control/config.yaml
487-
sed -i '/^fleet_control:/a \ signature_validation:\n public_key_server_url: https:\/\/publickeys.newrelic.com\/r\/blob-management\/global\/agentconfiguration\/jwks.json' /etc/newrelic-agent-control/config.yaml
488-
fi
489-
490-
config_agent_control_auth:
491-
status:
492-
- test -f /etc/newrelic-agent-control/.nr-cli
493-
cmds:
494-
- |
495-
if [ "{{.NEW_RELIC_AGENT_CONTROL_FLEET_ENABLED}}" != "false" ] && [ "{{ .NEW_RELIC_ORGANIZATION }}" != "" ]; then
496-
sed -i '/^\s*#\s*auth_config:\s*$/s/# //' /etc/newrelic-agent-control/config.yaml
497-
sed -i '/^\s*#\s*token_url: PLACEHOLDER/s/# //' /etc/newrelic-agent-control/config.yaml
498-
sed -i '/^\s*#\s*client_id: PLACEHOLDER/s/# //' /etc/newrelic-agent-control/config.yaml
499-
sed -i '/^\s*#\s*provider: PLACEHOLDER/s/# //' /etc/newrelic-agent-control/config.yaml
500-
sed -i '/^\s*#\s*private_key_path: PLACEHOLDER/s/# //' /etc/newrelic-agent-control/config.yaml
457+
newrelic-agent-control-cli generate-config \
458+
--fleet-disabled \
459+
--output-path /etc/newrelic-agent-control/config.yaml \
460+
--region {{.NEW_RELIC_REGION}} \
461+
--agent-set $AGENT_SET $AC_PROXY_ARGS
501462
else
502-
sed -i '/^\s*auth_config:/s/^/#/' /etc/newrelic-agent-control/config.yaml
503-
sed -i '/^\s*token_url: PLACEHOLDER/s/^/#/' /etc/newrelic-agent-control/config.yaml
504-
sed -i '/^\s*client_id: PLACEHOLDER/s/^/#/' /etc/newrelic-agent-control/config.yaml
505-
sed -i '/^\s*provider: PLACEHOLDER/s/^/#/' /etc/newrelic-agent-control/config.yaml
506-
sed -i '/^\s*private_key_path: PLACEHOLDER/s/^/#/' /etc/newrelic-agent-control/config.yaml
507-
fi
508-
- |
509-
if [ "{{.NEW_RELIC_AGENT_CONTROL_FLEET_ENABLED}}" != "false" ] && [ "{{ .NEW_RELIC_ORGANIZATION }}" != "" ]; then
510-
set -uo pipefail
511-
512-
mkdir -p /etc/newrelic-agent-control/keys
513-
chown root:root /etc/newrelic-agent-control/keys
514-
chmod 700 /etc/newrelic-agent-control/keys
515-
516-
TEMPORAL_FOLDER=$(mktemp -d newrelic-agent-control.XXXXXXXXXX)
517-
chown root:root "${TEMPORAL_FOLDER}"
518-
chmod 700 "${TEMPORAL_FOLDER}"
519-
trap "rm -rf $TEMPORAL_FOLDER" EXIT
520-
openssl genrsa -out "$TEMPORAL_FOLDER/key" 4096
521-
openssl rsa -in "$TEMPORAL_FOLDER/key" -pubout -out "$TEMPORAL_FOLDER/pub"
522-
523-
if [ "{{.NEW_RELIC_REGION}}" = "STAGING" ]; then
524-
REGISTRATION_ENDPOINT=https://staging-api.newrelic.com/graphql
525-
TOKEN_RENEWAL_ENDPOINT=https://system-identity-oauth.staging-service.newrelic.com/oauth2/token
526-
IDENTITY_CREATION_ENDPOINT=https://staging-api.newrelic.com/graphql
527-
elif [ "{{.NEW_RELIC_REGION}}" = "EU" ]; then
528-
REGISTRATION_ENDPOINT=https://api.eu.newrelic.com/graphql
529-
TOKEN_RENEWAL_ENDPOINT=https://system-identity-oauth.service.newrelic.com/oauth2/token
530-
IDENTITY_CREATION_ENDPOINT=https://api.eu.newrelic.com/graphql
463+
if [ -z "{{ .NEW_RELIC_AUTH_PRIVATE_KEY_PATH }}" ]; then
464+
mkdir -p /etc/newrelic-agent-control/keys
465+
AC_AUTH_PRIVATE_KEY_PATH="/etc/newrelic-agent-control/keys/agent-control-identity.key"
531466
else
532-
REGISTRATION_ENDPOINT=https://api.newrelic.com/graphql
533-
TOKEN_RENEWAL_ENDPOINT=https://system-identity-oauth.service.newrelic.com/oauth2/token
534-
IDENTITY_CREATION_ENDPOINT=https://api.newrelic.com/graphql
467+
AC_AUTH_PRIVATE_KEY_PATH="{{ .NEW_RELIC_AUTH_PRIVATE_KEY_PATH }}"
468+
fi
469+
newrelic-agent-control-cli generate-config \
470+
--output-path /etc/newrelic-agent-control/config.yaml \
471+
--region {{.NEW_RELIC_REGION}} \
472+
--agent-set $AGENT_SET \
473+
--fleet-id {{.NR_CLI_FLEET_ID}} \
474+
--organization-id "{{.NEW_RELIC_ORGANIZATION}}" \
475+
--auth-client-id "{{.NEW_RELIC_AUTH_PROVISIONED_CLIENT_ID}}" \
476+
--auth-parent-token "{{.NEW_RELIC_AUTH_TOKEN}}" \
477+
--auth-parent-client-id "{{.NEW_RELIC_AUTH_CLIENT_ID}}" \
478+
--auth-parent-client-secret "{{.NEW_RELIC_AUTH_CLIENT_SECRET}}" \
479+
--auth-private-key-path $AC_AUTH_PRIVATE_KEY_PATH $AC_PROXY_ARGS
480+
if [ -z "{{ .NEW_RELIC_AUTH_PRIVATE_KEY_PATH }}" ]; then
481+
chmod 600 /etc/newrelic-agent-control/keys/agent-control-identity.key
535482
fi
536-
537-
############################################################
538-
# Get the L1 Access Token
539-
############################################################
540-
echo Requesting Token for System Identity Creation...
541-
for RETRY in 1 2 3; do
542-
ACCESS_TOKEN=$(newrelic-auth-cli authenticate --client-id "{{.NEW_RELIC_AUTH_CLIENT_ID}}" --environment "{{.NEW_RELIC_REGION}}" --client-secret "{{.NEW_RELIC_AUTH_CLIENT_SECRET}}" --output-token-format Plain)
543-
544-
if [[ -n "$ACCESS_TOKEN" ]]; then
545-
echo "Access token retrieved successfully"
546-
break
547-
else
548-
echo "Failed to retrieve access token, retrying ($RETRY/3)..."
549-
sleep 2
550-
fi
551-
552-
if [[ -z "$ACCESS_TOKEN" ]]; then
553-
echo "ERROR: Unable to retrieve access token after three attempts."
554-
exit 1
555-
fi
556-
done
557-
558-
############################################################
559-
# Create System Identity
560-
############################################################
561-
echo Starting with System Identity Creation...
562-
DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
563-
NAME="System Identity for $(hostname) - $DATE"
564-
565-
for RETRY in 1 2 3; do
566-
IDENTITY=$(newrelic-auth-cli create-identity key --client-id "{{.NEW_RELIC_AUTH_CLIENT_ID}}" --environment "{{.NEW_RELIC_REGION}}" --organization-id "{{ .NEW_RELIC_ORGANIZATION }}" --bearer-access-token "${ACCESS_TOKEN}" --output-platform local-file --output-local-filepath "${TEMPORAL_FOLDER}/identity")
567-
568-
if [[ -n "$IDENTITY" ]]; then
569-
echo "System Identity created successfully"
570-
break
571-
else
572-
echo "Failed to create System Identity, retrying ($RETRY/3)..."
573-
sleep 2
574-
fi
575-
576-
if [[ -z "$IDENTITY" ]]; then
577-
echo "ERROR: Unable to create System Identity after three attempts."
578-
exit 1
579-
fi
580-
done
581-
582-
CLIENT_ID=$(echo "$IDENTITY" | /usr/local/bin/newrelic utils jq '.client_id' | tr -d '"')
583-
mv "$TEMPORAL_FOLDER/identity" "/etc/newrelic-agent-control/keys/$CLIENT_ID.key"
584-
chmod 600 "/etc/newrelic-agent-control/keys/$CLIENT_ID.key"
585-
sed -i 's~token_url: PLACEHOLDER~token_url: '"$TOKEN_RENEWAL_ENDPOINT"'~g' /etc/newrelic-agent-control/config.yaml
586-
sed -i 's/client_id: PLACEHOLDER/client_id: '"$CLIENT_ID"'/g' /etc/newrelic-agent-control/config.yaml
587-
sed -i 's/provider: PLACEHOLDER/provider: local/g' /etc/newrelic-agent-control/config.yaml
588-
sed -i 's~private_key_path: PLACEHOLDER~private_key_path: '"/etc/newrelic-agent-control/keys/$CLIENT_ID.key"'~g' /etc/newrelic-agent-control/config.yaml
589483
fi
590484
591485
config_host_monitoring_otel:
@@ -598,26 +492,6 @@ install:
598492
cp /etc/newrelic-agent-control/examples/values-nr-otel-collector-agent-linux.yaml /etc/newrelic-agent-control/fleet/agents.d/nr-otel-collector/values/values.yaml
599493
fi
600494
601-
config_agent_control_proxy:
602-
status:
603-
- test -f /etc/newrelic-agent-control/.nr-cli
604-
cmds:
605-
- |
606-
if [ ! -z "{{.NEW_RELIC_AGENT_CONTROL_PROXY_URL}}" ] ; then
607-
sed -i '/^proxy:/,/^\S/{ /^\S/!d }' /etc/newrelic-agent-control/config.yaml
608-
sed -i '/^proxy:/d' /etc/newrelic-agent-control/config.yaml
609-
printf "proxy:\n url: %s\n" "{{.NEW_RELIC_AGENT_CONTROL_PROXY_URL}}" >> /etc/newrelic-agent-control/config.yaml
610-
if [ ! -z "{{.NEW_RELIC_AGENT_CONTROL_PROXY_CA_BUNDLE_FILE}}" ] ; then
611-
printf " ca_bundle_file: %s\n" "{{.NEW_RELIC_AGENT_CONTROL_PROXY_CA_BUNDLE_FILE}}" >> /etc/newrelic-agent-control/config.yaml
612-
fi
613-
if [ ! -z "{{.NEW_RELIC_AGENT_CONTROL_PROXY_CA_BUNDLE_DIR}}" ] ; then
614-
printf " ca_bundle_dir: %s\n" "{{.NEW_RELIC_AGENT_CONTROL_PROXY_CA_BUNDLE_DIR}}" >> /etc/newrelic-agent-control/config.yaml
615-
fi
616-
if [ ! -z "{{.NEW_RELIC_AGENT_CONTROL_PROXY_IGNORE_SYSTEM}}" ] ; then
617-
printf " ignore_system_proxy: %s\n" "{{.NEW_RELIC_AGENT_CONTROL_PROXY_IGNORE_SYSTEM}}" >> /etc/newrelic-agent-control/config.yaml
618-
fi
619-
fi
620-
621495
restart_agent_control:
622496
cmds:
623497
- |

0 commit comments

Comments
 (0)