feat: setup datadog user and schema for mysql monitoring

edx · Nov 13, 2024 · b9c6881 · b9c6881
1 parent e56e280
commit b9c6881
Showing 1 changed file with 73 additions and 0 deletions.
diff --git a/playbooks/create_db_and_users.yml b/playbooks/create_db_and_users.yml
@@ -115,3 +115,76 @@
       when: RDS_BINLOG_RETENTION_HOURS is defined
       tags:
         - users
+
+    - name: Ensure Datadog user exists
+      mysql_user:
+        name: "{{ datadog_user }}"
+        host: '%'
+        password: "{{ datadog_user_password }}"
+        priv: "*.*:REPLICATION CLIENT,PROCESS"
+        append_privs: yes
+        login_host: "{{ db_host }}"
+        login_user: "{{ db_user }}"
+        login_password: "{{ db_password }}"
+
+    - name: Set max connections for Datadog user
+      mysql_user:
+        name: "{{ datadog_user }}"
+        host: '%'
+        max_user_connections: 5
+        login_host: "{{ db_host }}"
+        login_user: "{{ db_user }}"
+        login_password: "{{ db_password }}"
+        state: present
+
+    - name: Grant SELECT on performance_schema to Datadog user
+      mysql_user:
+        name: "{{ datadog_user }}"
+        host: '%'
+        priv: "performance_schema.*:SELECT"
+        append_privs: yes
+        login_host: "{{ db_host }}"
+        login_user: "{{ db_user }}"
+        login_password: "{{ db_password }}"
+
+    - name: Create Datadog schema if it does not exist
+      mysql_db:
+        name: "{{ datadog_schema }}"
+        state: present
+        login_host: "{{ db_host }}"
+        login_user: "{{ db_user }}"
+        login_password: "{{ db_password }}"
+
+    - name: Grant EXECUTE on Datadog schema to Datadog user
+      mysql_user:
+        name: "{{ datadog_user }}"
+        host: '%'
+        priv: "{{ datadog_schema }}.*:EXECUTE,CREATE TEMPORARY TABLES"
+        append_privs: yes
+        login_host: "{{ db_host }}"
+        login_user: "{{ db_user }}"
+        login_password: "{{ db_password }}"
+
+    - name: Create explain_statement procedure in {{ datadog_procedure_schema }}
+      mysql_query:
+        query: |
+          DELIMITER $$
+          CREATE PROCEDURE {{ datadog_procedure_schema }}.explain_statement(IN query TEXT)
+              SQL SECURITY DEFINER
+          BEGIN
+              SET @explain := CONCAT('EXPLAIN FORMAT=json ', query);
+              PREPARE stmt FROM @explain;
+              EXECUTE stmt;
+              DEALLOCATE PREPARE stmt;
+          END $$
+          DELIMITER ;
+        login_host: "{{ db_host }}"
+        login_user: "{{ db_user }}"
+        login_password: "{{ db_password }}"
+
+    - name: Grant EXECUTE on explain_statement procedure to Datadog user
+      mysql_query:
+        query: "GRANT EXECUTE ON PROCEDURE {{ datadog_procedure_schema }}.explain_statement TO {{ datadog_user }}@'%';"
+        login_host: "{{ db_host }}"
+        login_user: "{{ db_user }}"
+        login_password: "{{ db_password }}"