From d646952ef5ad1672cddf555ddb524e36e9151cba Mon Sep 17 00:00:00 2001 From: Aaron Guise Date: Tue, 13 Oct 2020 16:33:32 +1300 Subject: [PATCH] Initial Commit --- .travis.yml | 29 +++++++++++++++++++ .yamllint | 33 ++++++++++++++++++++++ Centos7-Dockerfile | 2 ++ README.md | 34 +++++++++++++++++++++++ defaults/main.yml | 25 +++++++++++++++++ files/.gitkeep | 0 handlers/main.yml | 11 ++++++++ meta/main.yml | 37 +++++++++++++++++++++++++ molecule/default/INSTALL.rst | 22 +++++++++++++++ molecule/default/cleanup.yml | 30 ++++++++++++++++++++ molecule/default/converge.yml | 14 ++++++++++ molecule/default/molecule.yml | 30 ++++++++++++++++++++ molecule/default/verify.yml | 23 ++++++++++++++++ tasks/RedHat-register.yml | 4 +++ tasks/RedHat.yml | 34 +++++++++++++++++++++++ tasks/Windows-register.yml | 5 ++++ tasks/Windows.yml | 26 ++++++++++++++++++ tasks/host-management.yml | 52 +++++++++++++++++++++++++++++++++++ tasks/main.yml | 9 ++++++ templates/.gitkeep | 0 tests/inventory | 2 ++ tests/test.yml | 5 ++++ vars/main.yml | 2 ++ 23 files changed, 429 insertions(+) create mode 100644 .travis.yml create mode 100644 .yamllint create mode 100644 Centos7-Dockerfile create mode 100644 README.md create mode 100644 defaults/main.yml create mode 100644 files/.gitkeep create mode 100644 handlers/main.yml create mode 100644 meta/main.yml create mode 100644 molecule/default/INSTALL.rst create mode 100644 molecule/default/cleanup.yml create mode 100644 molecule/default/converge.yml create mode 100644 molecule/default/molecule.yml create mode 100644 molecule/default/verify.yml create mode 100644 tasks/RedHat-register.yml create mode 100644 tasks/RedHat.yml create mode 100644 tasks/Windows-register.yml create mode 100644 tasks/Windows.yml create mode 100644 tasks/host-management.yml create mode 100644 tasks/main.yml create mode 100644 templates/.gitkeep create mode 100644 tests/inventory create mode 100644 tests/test.yml create mode 100644 vars/main.yml diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..36bbf62 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..8827676 --- /dev/null +++ b/.yamllint @@ -0,0 +1,33 @@ +--- +# Based on ansible-lint config +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + colons: + max-spaces-after: -1 + level: error + commas: + max-spaces-after: -1 + level: error + comments: disable + comments-indentation: disable + document-start: disable + empty-lines: + max: 3 + level: error + hyphens: + level: error + indentation: disable + key-duplicates: enable + line-length: disable + new-line-at-end-of-file: disable + new-lines: + type: unix + trailing-spaces: disable + truthy: disable diff --git a/Centos7-Dockerfile b/Centos7-Dockerfile new file mode 100644 index 0000000..dfbd115 --- /dev/null +++ b/Centos7-Dockerfile @@ -0,0 +1,2 @@ +FROM docker.io/pycontribs/centos:7 +RUN yum install -y iproute \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..1b6d2a9 --- /dev/null +++ b/README.md @@ -0,0 +1,34 @@ +CheckMK Agent +========= + +This role will download and install a CheckMK Updating agent from CheckMK Enterprise. +Also configurable to automatically add the host to CheckMK. + +Requirements +------------ + +The only requirements for this role to function are a CheckMK Enterprise instance. Configured with a baked updating agent. + +Role Variables +-------------- + +For all the configurable role variables please take a look in the [defaults](defaults/main.yml) + +Dependencies +------------ + +This role is not dependant on any other. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +MIT diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..55e6cfe --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,25 @@ +--- +cmk_add_host: false # Should be true/false whether we should automatically add host for monitoring. +cmk_omd_host: your-checkmk-hostname +cmk_omd_site: your-checkmk-site # e.g the first piece after the / following your hostname +# If you have created a folder in WATO already you want hosts to be put in when registered +# uncomment cmk_folder below and specify the folder to use. Otherwise the role creates and +# adds new hosts by default to Unsorted folder +# cmk_folder: your_folder_in_WATO +cmk_rpm_agent: http://url-from-your-agent-bakery-in-checkmk.rpm +cmk_msi_agent: http://url-from-your-agent-bakery-in-checkmk.msi + + +# Should be username of an automation user in checkmk +cmk_username: some-username + +# This should be populated with the secret for your automation user +# I recommend encrypting this with ansible-vault. +# Example: ansible-vault encrypt_string somesecret_string --name cmk_secret +cmk_secret: some-secret +# Combined string required for unattended actions +cmk_auth: "&_username={{ cmk_username }}&_secret={{ cmk_secret }}" + +# This variable is used to detect whether this is a fresh install +# Is changed to true if check-mk-agent gets installed +cmk_fresh_install: false \ No newline at end of file diff --git a/files/.gitkeep b/files/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..c06eae5 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,11 @@ +--- +# handlers file for ansible-role-cmk-agent +- name: restart xinetd + service: + name: xinetd + state: restarted + enabled: yes + +- name: cmk fresh install + set_fact: + cmk_fresh_install: True \ No newline at end of file diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..9b0350d --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,37 @@ +galaxy_info: + author: Aaron Guise + description: Install checkmk agent with Enterprise Baked Agent + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + license: MIT + + min_ansible_version: 2.9 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + platforms: + - name: EL + versions: + - 7 + - 8 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + \ No newline at end of file diff --git a/molecule/default/INSTALL.rst b/molecule/default/INSTALL.rst new file mode 100644 index 0000000..d926ca2 --- /dev/null +++ b/molecule/default/INSTALL.rst @@ -0,0 +1,22 @@ +******* +Docker driver installation guide +******* + +Requirements +============ + +* Docker Engine + +Install +======= + +Please refer to the `Virtual environment`_ documentation for installation best +practices. If not using a virtual environment, please consider passing the +widely recommended `'--user' flag`_ when invoking ``pip``. + +.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ +.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site + +.. code-block:: bash + + $ python3 -m pip install 'molecule[docker]' diff --git a/molecule/default/cleanup.yml b/molecule/default/cleanup.yml new file mode 100644 index 0000000..bc20980 --- /dev/null +++ b/molecule/default/cleanup.yml @@ -0,0 +1,30 @@ +--- +- name: Cleanup + hosts: localhost + gather_facts: false + become: no + vars: + cmk_rpm_agent: "{{ lookup('env', 'CMK_RPM_AGENT') }}" + cmk_omd_host: "{{ lookup('env', 'CMK_OMD_HOST') }}" + cmk_omd_site: "{{ lookup('env', 'CMK_OMD_SITE') }}" + cmk_username: "{{ lookup('env', 'CMK_USERNAME') }}" + cmk_secret: "{{ lookup('env', 'CMK_SECRET') }}" + cmk_auth: "&_username={{ cmk_username }}&_secret={{ cmk_secret }}" + tasks: + - name: Delete Host + uri: + method: POST + url: http://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=delete_host{{ cmk_auth }} + body: 'request={"hostname":"{{ item.name }}"}' + body_format: raw + status_code: 200 + no_log: true + with_items: "{{ molecule_yml.platforms }}" + + - name: cmk_apply + uri: + method: POST + url: http://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=activate_changes&mode=specific{{ cmk_auth }} + body: 'request={"sites":["{{ cmk_omd_site }}"]}' + body_format: raw + status_code: 200 \ No newline at end of file diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml new file mode 100644 index 0000000..caf6aa1 --- /dev/null +++ b/molecule/default/converge.yml @@ -0,0 +1,14 @@ +--- +- name: Converge + hosts: all + vars: + cmk_rpm_agent: "{{ lookup('env', 'CMK_RPM_AGENT') }}" + cmk_add_host: "{{ lookup('env', 'CMK_ADD_HOST') | bool }}" + cmk_omd_host: "{{ lookup('env', 'CMK_OMD_HOST') }}" + cmk_omd_site: "{{ lookup('env', 'CMK_OMD_SITE') }}" + cmk_username: "{{ lookup('env', 'CMK_USERNAME') }}" + cmk_secret: "{{ lookup('env', 'CMK_SECRET') }}" + tasks: + - name: "Include ansible-role-cmk-agent" + include_role: + name: "ansible-role-cmk-agent" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..64acf48 --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,30 @@ +--- +dependency: + name: galaxy +driver: + name: docker +platforms: + - name: rhel8 + image: docker.io/pycontribs/centos:8 + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + pre_build_image: true + - name: rhel7 + image: docker.io/pycontribs/centos:7 + dockerfile: Centos7-Dockerfile + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + pre_build_image: false +provisioner: + name: ansible +verifier: + name: ansible +lint: | + set -e + yamllint . + ansible-lint + flake8 diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml new file mode 100644 index 0000000..495dae1 --- /dev/null +++ b/molecule/default/verify.yml @@ -0,0 +1,23 @@ +--- +# This is an example playbook to execute Ansible tests. + +- name: Verify + hosts: all + pre_tasks: + - name: Gather facts of packages + package_facts: + manager: "auto" + - name: Populate service facts + service_facts: + tasks: + - name: check-mk-agent is installed + assert: + that: "'check-mk-agent' in ansible_facts.packages" + quiet: true + + - name: xinetd is running and enabled + assert: + that: + - ansible_facts.services["xinetd.service"].state == "running" + - ansible_facts.services["xinetd.service"].status == "enabled" + quiet: true diff --git a/tasks/RedHat-register.yml b/tasks/RedHat-register.yml new file mode 100644 index 0000000..672953d --- /dev/null +++ b/tasks/RedHat-register.yml @@ -0,0 +1,4 @@ +- name: Register with CheckMK Update Server + shell: | + cmk-update-agent register -H $(hostname -s) --user {{ cmk_username }} \ + --secret {{ cmk_secret }} diff --git a/tasks/RedHat.yml b/tasks/RedHat.yml new file mode 100644 index 0000000..7f44b97 --- /dev/null +++ b/tasks/RedHat.yml @@ -0,0 +1,34 @@ +--- +# Tasks for installation on RedHat Family +- name: Ensure xinetd installed + yum: + name: xinetd + state: installed + notify: restart xinetd + +- name: Gather facts of packages + package_facts: + manager: "auto" + +- name: Install check-mk-agent + block: + - name: Download the agent from Server + get_url: + url: "{{ cmk_rpm_agent }}{{ cmk_auth }}" + dest: /tmp/check-mk-agent.rpm + + - name: Ensure check_mk_agent installed + yum: + name: /tmp/check-mk-agent.rpm + state: installed + notify: + - restart xinetd + - cmk fresh install + + - name: Remove agent Download + file: + path: /tmp/check-mk-agent.rpm + state: absent + when: "'check-mk-agent' not in ansible_facts.packages" + tags: + - check_mk_agent diff --git a/tasks/Windows-register.yml b/tasks/Windows-register.yml new file mode 100644 index 0000000..e9b3f4f --- /dev/null +++ b/tasks/Windows-register.yml @@ -0,0 +1,5 @@ +- name: Register with CheckMK Update Server + win_shell: | + C:\ProgramData\checkmk\agent\plugins\cmk-update-agent.exe register -H $env:computername ` + --user {{ cmk_username }} ` + --secret {{ cmk_secret }} \ No newline at end of file diff --git a/tasks/Windows.yml b/tasks/Windows.yml new file mode 100644 index 0000000..d379812 --- /dev/null +++ b/tasks/Windows.yml @@ -0,0 +1,26 @@ +--- +- name: Ensure temp dir exists + win_file: + path: "c:/temp/" + state: directory + +- name: Retrieve copy of agent + win_get_url: + url: "{{ cmk_msi_agent }}{{ cmk_auth }}" + dest: "c:/temp/check-mk-agent.msi" + changed_when: false + +- name: Ensure agent is installed + win_package: + path: "c:/temp/check-mk-agent.msi" + ignore_errors: yes + +- name: Firewall rule to allow check_mk_agent on TCP port 6556 + win_firewall_rule: + name: check_mk_agent + enabled: yes + state: present + localport: 6556 + action: allow + direction: in + protocol: tcp \ No newline at end of file diff --git a/tasks/host-management.yml b/tasks/host-management.yml new file mode 100644 index 0000000..4dfb394 --- /dev/null +++ b/tasks/host-management.yml @@ -0,0 +1,52 @@ +--- +- name: add host to omd + uri: + method: POST + url: "http://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=add_host{{ cmk_auth }}" + body: | + request={ + "attributes": { + "tag_criticality": "prod", + "tag_agent": "cmk-agent", + "ipaddress": "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" + }, + "folder": "{{ cmk_folder | default('Unsorted') }}", + "hostname": "{{inventory_hostname}}" + } + body_format: raw + return_content: yes + register: res + become: no + delegate_to: localhost + when: cmk_add_host + +- set_fact: + output: "{{ res.content | from_json }}" + when: cmk_add_host + +# - debug: +# msg: "{{ output }}" +# when: cmk_add_host + +- name: cmk_discovery + uri: + method: POST + url: http://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=discover_services&mode=refresh{{ cmk_auth }} + body: 'request={"hostname":"{{ inventory_hostname }}"}' + body_format: raw + status_code: 200 + become: no + when: "cmk_add_host and output.result_code == 0" + delegate_to: localhost + +- name: cmk_apply + uri: + method: POST + url: http://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=activate_changes&mode=specific{{ cmk_auth }} + body: 'request={"sites":["{{ cmk_omd_site }}"]}' + body_format: raw + status_code: 200 + become: no + run_once: true + when: "cmk_add_host and output.result_code == 0" + delegate_to: localhost diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..4d822ca --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,9 @@ +--- +# tasks file for ansible-role-cmk-agent +- include_tasks: "{{ ansible_os_family }}.yml" +- meta: flush_handlers + +- include_tasks: host-management.yml + when: cmk_fresh_install +- include_tasks: "{{ ansible_os_family }}-register.yml" + when: cmk_fresh_install \ No newline at end of file diff --git a/templates/.gitkeep b/templates/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/tests/inventory b/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/tests/test.yml b/tests/test.yml new file mode 100644 index 0000000..2a8acfc --- /dev/null +++ b/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - ansible-role-cmk-agent \ No newline at end of file diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..4cdb91b --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for ansible-role-cmk-agent \ No newline at end of file