feat: add users and schemas for mysql monitoring

edx · Nov 13, 2024 · f61ad50 · f61ad50
1 parent e56e280
commit f61ad50
Showing 1 changed file with 103 additions and 0 deletions.
diff --git a/playbooks/create_db_and_users.yml b/playbooks/create_db_and_users.yml
@@ -115,3 +115,106 @@
       when: RDS_BINLOG_RETENTION_HOURS is defined
       tags:
         - users
+
+    - name: Ensure Datadog user exists
+      mysql_user:
+        name: "{{ datadog_user }}"
+        host: '%'
+        password: "{{ datadog_user_password }}"
+        priv: "*.*:REPLICATION CLIENT,PROCESS"
+        append_privs: yes
+        login_host: "{{ database_connection.login_host }}"
+        login_user: "{{ database_connection.login_user }}"
+        login_password: "{{ database_connection.login_password }}"
+      when: datadog_mysql_monitoring_enabled | default(false) 
+
+    - name: Set max connections for Datadog user
+      mysql_query:
+        query: "ALTER USER '{{ datadog_user }}'@'%' WITH MAX_USER_CONNECTIONS {{ datadog_max_connections }};"
+        login_host: "{{ database_connection.login_host }}"
+        login_user: "{{ database_connection.login_user }}"
+        login_password: "{{ database_connection.login_password }}"
+      when: datadog_mysql_monitoring_enabled | default(false)
+
+    - name: Grant SELECT on performance_schema to Datadog user
+      mysql_user:
+        name: "{{ datadog_user }}"
+        host: '%'
+        priv: "performance_schema.*:SELECT"
+        append_privs: yes
+        login_host: "{{ database_connection.login_host }}"
+        login_user: "{{ database_connection.login_user }}"
+        login_password: "{{ database_connection.login_password }}"
+      when: datadog_mysql_monitoring_enabled | default(false)
+
+    - name: Create Datadog schema if it does not exist
+      mysql_db:
+        name: "{{ datadog_schema }}"
+        state: present
+        login_host: "{{ database_connection.login_host }}"
+        login_user: "{{ database_connection.login_user }}"
+        login_password: "{{ database_connection.login_password }}"
+      when: datadog_mysql_monitoring_enabled | default(false)
+
+    - name: Grant EXECUTE on Datadog schema to Datadog user
+      mysql_user:
+        name: "{{ datadog_user }}"
+        host: '%'
+        priv: "{{ datadog_schema }}.*:EXECUTE,CREATE TEMPORARY TABLES"
+        append_privs: yes
+        login_host: "{{ database_connection.login_host }}"
+        login_user: "{{ database_connection.login_user }}"
+        login_password: "{{ database_connection.login_password }}"
+      when: datadog_mysql_monitoring_enabled | default(false)
+
+    - name: Create the explain_statement procedure in datadog schema
+      mysql_query:
+        query: |
+         CREATE PROCEDURE {{ datadog_schema }}.explain_statement(IN query TEXT)
+             SQL SECURITY DEFINER
+         BEGIN
+             SET @explain := CONCAT('EXPLAIN FORMAT=json ', query);
+             PREPARE stmt FROM @explain;
+             EXECUTE stmt;
+             DEALLOCATE PREPARE stmt;
+         END
+        login_host: "{{ database_connection.login_host }}"
+        login_user: "{{ database_connection.login_user }}"
+        login_password: "{{ database_connection.login_password }}"
+      when: datadog_mysql_monitoring_enabled | default(false)
+      ignore_errors: yes
+
+    - name: Grant EXECUTE on explain_statement procedure to Datadog user
+      mysql_query:
+        query: "GRANT EXECUTE ON PROCEDURE {{ datadog_procedure_schema }}.explain_statement TO {{ datadog_user }}@'%';"
+        login_host: "{{ database_connection.login_host }}"
+        login_user: "{{ database_connection.login_user }}"
+        login_password: "{{ database_connection.login_password }}"
+      when: datadog_mysql_monitoring_enabled | default(false)
+
+    - name: Grant EXECUTE on explain_statement procedure in database {{ item }} to Datadog user
+      mysql_query:
+        query: |
+         CREATE PROCEDURE {{ item }}.explain_statement(IN query TEXT)
+             SQL SECURITY DEFINER
+         BEGIN
+             SET @explain := CONCAT('EXPLAIN FORMAT=json ', query);
+             PREPARE stmt FROM @explain;
+             EXECUTE stmt;
+             DEALLOCATE PREPARE stmt;
+         END
+        login_host: "{{ database_connection.login_host }}"
+        login_user: "{{ database_connection.login_user }}"
+        login_password: "{{ database_connection.login_password }}"
+      with_items: "{{ datadog_monitored_dbs }}" 
+      when: datadog_mysql_monitoring_enabled | default(false)
+      ignore_errors: yes
+
+    - name: Grant EXECUTE on explain_statement procedure in database {{ item }} to Datadog user
+      mysql_query:
+        query: "GRANT EXECUTE ON PROCEDURE {{ item }}.explain_statement TO {{ datadog_user }}@'%';"
+        login_host: "{{ database_connection.login_host }}"
+        login_user: "{{ database_connection.login_user }}"
+        login_password: "{{ database_connection.login_password }}"
+      with_items: "{{ datadog_monitored_dbs }}"
+      when: datadog_mysql_monitoring_enabled | default(false)