feat: add Datadog APM integration for distributed tracing#1303
feat: add Datadog APM integration for distributed tracing#1303AlejandroMinaya wants to merge 2 commits into
Conversation
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Repository UI Review profile: CHILL Plan: Enterprise Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Integrate Datadog APM to provide distributed tracing and performance monitoring across Django web service, Celery workers, and Celery beat scheduler. This enables end-to-end visibility of requests, database queries, and async task execution. Changes: - Add ddtrace dependency (>=4.10.4<5.0) to pyproject.toml - Add Datadog TraceMiddleware to Django middleware stack - Configure Datadog agent container in docker-compose.yml - Add DD_* environment variables to all service containers - Update startup scripts to use ddtrace-run wrapper: - Django runserver (osidb-service) - Celery workers (celery, celery-fifo-1, celery-fifo-2) - Celery beat (celery_beat) - Flower monitoring - Add comprehensive documentation in docs/developer/DATADOG_APM.md Service names for trace organization: - osidb-service: Django web application - osidb-celery: Celery workers - osidb-celery-beat: Celery beat scheduler Tracing is enabled by default in local environment with 100% sample rate and can be controlled via environment variables. Assisted-By: Claude Sonnet 4.5 <[email protected]>
AlejandroMinaya
force-pushed
the
OSIDB-5107-add-datadog-apm-to-osidb
branch
from
ebb68e8 to
c0b4837
Compare
| - DD_AGENT_HOST=datadog-agent | ||
| - DD_SITE=datadoghq.com # determines datadog instance to send data to (e.g change to datadoghq.eu for EU1) | ||
| volumes: | ||
| - ${HOME}/.local/share/containers:/var/lib/containers:ro |
There was a problem hiding this comment.
Datadog Agent needs access to either the container dir (for rootless containers) or to the Podman socket (for rootful containers), i.e. /run/podman/podman.sock
I'm not sure if we should include both since we don't know how people plan to deploy it or if rootless is generally preferred
osoukup
left a comment
osoukup
left a comment
There was a problem hiding this comment.
I do not know much about Datadog and would this do so I will start with a general question. ddtrace-run with the default datadoghq.com server sends all the logs to this external URL? OSIDB contains embargoed information and we can never know what ends up in the logs (eg. due to a bug) so we need this to be safe.
Also I know in the past with the Splunk we had to use some side-car pods, looks like we need it no more. I am not an expert on this (@JakubFrejlach would know better), maybe it was Splunk specifics, but I think the reason was to be able to send the data a safe and infosec-approved way. Changing that to some other mechanism would I think require consulting either infosec or some security experts in ProdSec so we know we are not shooting ourselves in a foot.
Good catch! Datadog documentation makes a distinction between APM traces and logs, although I am not certain that it would not accidentally keep track of embargoed information. I will look into how we can have a finer-grain control and research what is advised by infosec. Thank you! |
2 participants
Integrates Datadog APM for distributed tracing across Django, Celery workers, and Celery
beat. See docs/developer/DATADOG_APM.md for details.