Initial Commit

.travis.yml

@@ -0,0 +1,29 @@
+---
+language: python
+python: "2.7"
+
+# Use the new container infrastructure
+sudo: false
+
+# Install ansible
+addons:
+  apt:
+    packages:
+    - python-pip
+
+install:
+  # Install ansible
+  - pip install ansible
+
+  # Check ansible version
+  - ansible --version
+
+  # Create ansible.cfg with correct roles_path
+  - printf '[defaults]\nroles_path=../' >ansible.cfg
+
+script:
+  # Basic role syntax check
+  - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
+
+notifications:
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/

.yamllint

@@ -0,0 +1,33 @@
+---
+# Based on ansible-lint config
+extends: default
+
+rules:
+  braces:
+    max-spaces-inside: 1
+    level: error
+  brackets:
+    max-spaces-inside: 1
+    level: error
+  colons:
+    max-spaces-after: -1
+    level: error
+  commas:
+    max-spaces-after: -1
+    level: error
+  comments: disable
+  comments-indentation: disable
+  document-start: disable
+  empty-lines:
+    max: 3
+    level: error
+  hyphens:
+    level: error
+  indentation: disable
+  key-duplicates: enable
+  line-length: disable
+  new-line-at-end-of-file: disable
+  new-lines:
+    type: unix
+  trailing-spaces: disable
+  truthy: disable

Centos7-Dockerfile

@@ -0,0 +1,2 @@
+FROM docker.io/pycontribs/centos:7
+RUN yum install -y iproute

README.md

@@ -0,0 +1,34 @@
+CheckMK Agent
+=========
+
+This role will download and install a CheckMK Updating agent from CheckMK Enterprise.
+Also configurable to automatically add the host to CheckMK. 
+
+Requirements
+------------
+
+The only requirements for this role to function are a CheckMK Enterprise instance.  Configured with a baked updating agent.
+
+Role Variables
+--------------
+
+For all the configurable role variables please take a look in the [defaults](defaults/main.yml)
+
+Dependencies
+------------
+
+This role is not dependant on any other. 
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+MIT

defaults/main.yml

@@ -0,0 +1,25 @@
+---
+cmk_add_host: false # Should be true/false whether we should automatically add host for monitoring.
+cmk_omd_host: your-checkmk-hostname
+cmk_omd_site: your-checkmk-site # e.g the first piece after the / following your hostname
+# If you have created a folder in WATO already you want hosts to be put in when registered
+# uncomment cmk_folder below and specify the folder to use.  Otherwise the role creates and 
+# adds new hosts by default to Unsorted folder
+# cmk_folder: your_folder_in_WATO
+cmk_rpm_agent: http://url-from-your-agent-bakery-in-checkmk.rpm
+cmk_msi_agent: http://url-from-your-agent-bakery-in-checkmk.msi
+
+
+# Should be username of an automation user in checkmk
+cmk_username: some-username
+
+# This should be populated with the secret for your automation user 
+# I recommend encrypting this with ansible-vault. 
+# Example: ansible-vault encrypt_string somesecret_string --name cmk_secret
+cmk_secret: some-secret
+# Combined string required for unattended actions
+cmk_auth: "&_username={{ cmk_username }}&_secret={{ cmk_secret }}"
+
+# This variable is used to detect whether this is a fresh install
+# Is changed to true if check-mk-agent gets installed
+cmk_fresh_install: false

handlers/main.yml

@@ -0,0 +1,11 @@
+---
+# handlers file for ansible-role-cmk-agent
+- name: restart xinetd
+  service:
+    name: xinetd
+    state: restarted
+    enabled: yes
+
+- name: cmk fresh install
+  set_fact:
+    cmk_fresh_install: True

meta/main.yml

@@ -0,0 +1,37 @@
+galaxy_info:
+  author: Aaron Guise
+  description: Install checkmk agent with Enterprise Baked Agent
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+  
+  license: MIT
+
+  min_ansible_version: 2.9
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  platforms:
+    - name: EL
+      versions:
+      - 7
+      - 8
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  

molecule/default/INSTALL.rst

@@ -0,0 +1,22 @@
+*******
+Docker driver installation guide
+*******
+
+Requirements
+============
+
+* Docker Engine
+
+Install
+=======
+
+Please refer to the `Virtual environment`_ documentation for installation best
+practices. If not using a virtual environment, please consider passing the
+widely recommended `'--user' flag`_ when invoking ``pip``.
+
+.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
+.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
+
+.. code-block:: bash
+
+    $ python3 -m pip install 'molecule[docker]'

molecule/default/cleanup.yml

@@ -0,0 +1,30 @@
+---
+- name: Cleanup
+  hosts: localhost
+  gather_facts: false
+  become: no
+  vars:
+    cmk_rpm_agent: "{{ lookup('env', 'CMK_RPM_AGENT') }}"
+    cmk_omd_host: "{{ lookup('env', 'CMK_OMD_HOST') }}"
+    cmk_omd_site: "{{ lookup('env', 'CMK_OMD_SITE') }}"
+    cmk_username: "{{ lookup('env', 'CMK_USERNAME') }}"
+    cmk_secret: "{{ lookup('env', 'CMK_SECRET') }}"
+    cmk_auth: "&_username={{ cmk_username }}&_secret={{ cmk_secret }}"
+  tasks:
+    - name: Delete Host
+      uri:
+        method: POST
+        url: http://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=delete_host{{ cmk_auth }}
+        body: 'request={"hostname":"{{ item.name }}"}'
+        body_format: raw
+        status_code: 200
+      no_log: true
+      with_items: "{{ molecule_yml.platforms }}"
+
+    - name: cmk_apply
+      uri:
+        method: POST
+        url: http://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=activate_changes&mode=specific{{ cmk_auth }}
+        body: 'request={"sites":["{{ cmk_omd_site }}"]}'
+        body_format: raw
+        status_code: 200

molecule/default/converge.yml

@@ -0,0 +1,14 @@
+---
+- name: Converge
+  hosts: all
+  vars:
+    cmk_rpm_agent: "{{ lookup('env', 'CMK_RPM_AGENT') }}"
+    cmk_add_host: "{{ lookup('env', 'CMK_ADD_HOST') | bool }}"
+    cmk_omd_host: "{{ lookup('env', 'CMK_OMD_HOST') }}"
+    cmk_omd_site: "{{ lookup('env', 'CMK_OMD_SITE') }}"
+    cmk_username: "{{ lookup('env', 'CMK_USERNAME') }}"
+    cmk_secret: "{{ lookup('env', 'CMK_SECRET') }}"
+  tasks:
+    - name: "Include ansible-role-cmk-agent"
+      include_role:
+        name: "ansible-role-cmk-agent"

molecule/default/molecule.yml

@@ -0,0 +1,30 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: rhel8
+    image: docker.io/pycontribs/centos:8
+    privileged: True
+    volume_mounts:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/usr/sbin/init"
+    pre_build_image: true
+  - name: rhel7
+    image: docker.io/pycontribs/centos:7
+    dockerfile: Centos7-Dockerfile
+    privileged: True
+    volume_mounts:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/usr/sbin/init"
+    pre_build_image: false
+provisioner:
+  name: ansible
+verifier:
+  name: ansible
+lint: |
+  set -e
+  yamllint .
+  ansible-lint
+  flake8

molecule/default/verify.yml

@@ -0,0 +1,23 @@
+---
+# This is an example playbook to execute Ansible tests.
+
+- name: Verify
+  hosts: all
+  pre_tasks:
+    - name: Gather facts of packages
+      package_facts:
+        manager: "auto"
+    - name: Populate service facts
+      service_facts:
+  tasks:
+  - name: check-mk-agent is installed
+    assert:
+      that: "'check-mk-agent' in ansible_facts.packages"
+      quiet: true
+
+  - name: xinetd is running and enabled
+    assert:
+      that:
+        - ansible_facts.services["xinetd.service"].state == "running"
+        - ansible_facts.services["xinetd.service"].status == "enabled"
+      quiet: true

tasks/RedHat-register.yml

@@ -0,0 +1,4 @@
+- name: Register with CheckMK Update Server
+  shell: |
+    cmk-update-agent register -H $(hostname -s) --user {{ cmk_username }} \
+    --secret {{ cmk_secret }}

tasks/RedHat.yml

@@ -0,0 +1,34 @@
+---
+# Tasks for installation on RedHat Family
+- name: Ensure xinetd installed
+  yum:
+    name: xinetd
+    state: installed
+  notify: restart xinetd
+
+- name: Gather facts of packages
+  package_facts:
+    manager: "auto"
+
+- name: Install check-mk-agent
+  block:
+    - name: Download the agent from Server
+      get_url:
+        url: "{{ cmk_rpm_agent }}{{ cmk_auth }}"
+        dest: /tmp/check-mk-agent.rpm
+
+    - name: Ensure check_mk_agent installed
+      yum: 
+        name: /tmp/check-mk-agent.rpm
+        state: installed
+      notify: 
+        - restart xinetd
+        - cmk fresh install
+
+    - name: Remove agent Download
+      file:
+        path: /tmp/check-mk-agent.rpm
+        state: absent
+  when: "'check-mk-agent' not in ansible_facts.packages"
+  tags:
+    - check_mk_agent

tasks/Windows-register.yml

@@ -0,0 +1,5 @@
+- name: Register with CheckMK Update Server
+  win_shell: |
+    C:\ProgramData\checkmk\agent\plugins\cmk-update-agent.exe register -H $env:computername `
+    --user {{ cmk_username }} `
+    --secret {{ cmk_secret }}

tasks/Windows.yml

@@ -0,0 +1,26 @@
+---
+- name: Ensure temp dir exists
+  win_file:
+    path: "c:/temp/"
+    state: directory
+    
+- name: Retrieve copy of agent
+  win_get_url:
+    url: "{{ cmk_msi_agent }}{{ cmk_auth }}"
+    dest: "c:/temp/check-mk-agent.msi"
+  changed_when: false
+  
+- name: Ensure agent is installed
+  win_package:
+    path: "c:/temp/check-mk-agent.msi"
+  ignore_errors: yes
+
+- name: Firewall rule to allow check_mk_agent on TCP port 6556
+  win_firewall_rule:
+    name: check_mk_agent
+    enabled: yes
+    state: present
+    localport: 6556
+    action: allow
+    direction: in
+    protocol: tcp

tasks/host-management.yml

@@ -0,0 +1,52 @@
+---
+- name: add host to omd
+  uri:
+    method: POST
+    url: "http://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=add_host{{ cmk_auth }}"
+    body: |
+      request={
+        "attributes": {
+        "tag_criticality": "prod",
+        "tag_agent": "cmk-agent",
+        "ipaddress": "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
+      },
+      "folder": "{{ cmk_folder | default('Unsorted') }}",
+      "hostname": "{{inventory_hostname}}"
+      }
+    body_format: raw
+    return_content: yes
+  register: res
+  become: no
+  delegate_to: localhost
+  when: cmk_add_host
+
+- set_fact:
+    output: "{{ res.content | from_json }}"
+  when: cmk_add_host
+
+# - debug:
+#     msg: "{{ output }}"
+#   when: cmk_add_host
+
+- name: cmk_discovery
+  uri:
+    method: POST
+    url: http://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=discover_services&mode=refresh{{ cmk_auth }}
+    body: 'request={"hostname":"{{ inventory_hostname }}"}'
+    body_format: raw
+    status_code: 200
+  become: no
+  when: "cmk_add_host and output.result_code == 0"
+  delegate_to: localhost
+
+- name: cmk_apply
+  uri:
+    method: POST
+    url: http://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=activate_changes&mode=specific{{ cmk_auth }}
+    body: 'request={"sites":["{{ cmk_omd_site }}"]}'
+    body_format: raw
+    status_code: 200
+  become: no
+  run_once: true
+  when: "cmk_add_host and output.result_code == 0"
+  delegate_to: localhost

tasks/main.yml

@@ -0,0 +1,9 @@
+---
+# tasks file for ansible-role-cmk-agent
+- include_tasks: "{{ ansible_os_family }}.yml"
+- meta: flush_handlers
+
+- include_tasks: host-management.yml
+  when: cmk_fresh_install
+- include_tasks: "{{ ansible_os_family }}-register.yml"
+  when: cmk_fresh_install

tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - ansible-role-cmk-agent

vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for ansible-role-cmk-agent