Use yum command direct

.ansible-lint

@@ -0,0 +1,5 @@
+# .ansible-lint                                                                                                                                                                                                          │
+warn_list: []  # or 'skip_list' to silence them completely  
+skip_list:
+  - '403' 
+  - '106'

Centos7-Dockerfile

@@ -1,2 +1,3 @@
 FROM docker.io/pycontribs/centos:7
-RUN yum install -y iproute
+RUN yum install -y iproute firewalld python-firewall net-tools && \
+    systemctl enable firewalld

Centos8-Dockerfile

@@ -0,0 +1,7 @@
+# Centos8-Dockerfile
+FROM docker.io/pycontribs/centos:8
+RUN yum install -y iproute firewalld net-tools && \
+    sed -i 's/FirewallBackend=nftables/FirewallBackend=iptables/' /etc/firewalld/firewalld.conf && \
+    sed -i 's/IPv6_rpfilter=yes/IPv6_rpfilter=no/' /etc/firewalld/firewalld.conf && \
+    systemctl enable firewalld
+

defaults/main.yml

@@ -1,14 +1,24 @@
 ---
 cmk_add_host: false # Should be true/false whether we should automatically add host for monitoring.
+cmk_omd_protocol: http # Should be http or https
 cmk_omd_host: your-checkmk-hostname
 cmk_omd_site: your-checkmk-site # e.g the first piece after the / following your hostname
+
 # If you have created a folder in WATO already you want hosts to be put in when registered
 # uncomment cmk_folder below and specify the folder to use.  Otherwise the role creates and 
 # adds new hosts by default to Unsorted folder
 # cmk_folder: your_folder_in_WATO
+
+# Copy paste the link address for rpm agent from CheckMK
 cmk_rpm_agent: http://url-from-your-agent-bakery-in-checkmk.rpm
+# Copy paste the link address for MSI (Windows) agent from CheckMK
 cmk_msi_agent: http://url-from-your-agent-bakery-in-checkmk.msi
 
+# Check_MK GPG Key
+# Copy paste the link address from Signature Keys for Signing Agents page
+cmk_gpg_key_id: 1
+cmk_gpg_key_url: "{{ cmk_omd_protocol }}://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/wato.py?key={{ cmk_gpg_key_id }}&mode=download_signature_key"
+
 
 # Should be username of an automation user in checkmk
 cmk_username: some-username
@@ -17,9 +27,15 @@ cmk_username: some-username
 # I recommend encrypting this with ansible-vault. 
 # Example: ansible-vault encrypt_string somesecret_string --name cmk_secret
 cmk_secret: some-secret
+
 # Combined string required for unattended actions
 cmk_auth: "&_username={{ cmk_username }}&_secret={{ cmk_secret }}"
 
 # This variable is used to detect whether this is a fresh install
 # Is changed to true if check-mk-agent gets installed
-cmk_fresh_install: false
+cmk_fresh_install: false
+
+# This variable if set to true will force installation to run regardless of whether
+# CheckMK is already installed. 
+# Breaks idempotence but allows role to be used to force upgrade agents.
+cmk_force_install: false

handlers/main.yml

@@ -8,4 +8,16 @@
 
 - name: cmk fresh install
   set_fact:
-    cmk_fresh_install: True
+    cmk_fresh_install: True
+
+- name: ensure firewall open
+  firewalld:
+    port: 6556/tcp
+    state: enabled
+    permanent: yes
+    immediate: yes
+
+- name: remove agent
+  file:
+    path: /tmp/check-mk-agent.rpm
+    state: absent

meta/main.yml

@@ -5,7 +5,7 @@ galaxy_info:
   # If the issue tracker for your role is not on github, uncomment the
   # next line and provide a value
   # issue_tracker_url: http://example.com/issue/tracker
-  
+
   license: MIT
 
   min_ansible_version: 2.9
@@ -34,4 +34,3 @@ galaxy_info:
     #       Maximum 20 tags per role.
 
 dependencies: []
-  

molecule/default/molecule.yml

@@ -5,20 +5,21 @@ driver:
   name: docker
 platforms:
   - name: rhel8
-    image: docker.io/pycontribs/centos:8
+    image: guisea/centos8-ansible:latest
+    # dockerfile: Centos8-Dockerfile
     privileged: True
     volume_mounts:
       - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
     command: "/usr/sbin/init"
     pre_build_image: true
   - name: rhel7
-    image: docker.io/pycontribs/centos:7
+    image: guisea/centos7-ansible:latest
-    dockerfile: Centos7-Dockerfile
+    # dockerfile: Centos7-Dockerfile
     privileged: True
     volume_mounts:
       - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
     command: "/usr/sbin/init"
-    pre_build_image: false
+    pre_build_image: true
 provisioner:
   name: ansible
 verifier:
@@ -27,4 +28,4 @@ lint: |
   set -e
   yamllint .
   ansible-lint
-  flake8
+  flake8

tasks/RedHat-register.yml

@@ -1,4 +1,32 @@
-- name: Register with CheckMK Update Server
+- block:
-  shell: |
+    - name: Register with CheckMK Update Server
-    cmk-update-agent register -H $(hostname -s) --user {{ cmk_username }} \
+      shell: |
-    --secret {{ cmk_secret }}
+        cmk-update-agent register -H $(hostname -s) --user {{ cmk_username }} \
+        --secret {{ cmk_secret }}
+      changed_when: false
+      notify: remove agent
+  rescue:
+    - name: Gather facts of packages
+      package_facts:
+        manager: "auto"
+
+    - name: Ensure check_mk_agent installed (again)
+      command: /usr/bin/yum install --nogpgcheck -y /tmp/check-mk-agent.rpm
+      args:
+        warn: no
+      notify:
+        - restart xinetd
+        - ensure firewall open
+      when: "'check-mk-agent' not in ansible_facts.packages"
+
+    - name: Gather facts of packages (again)
+      package_facts:
+        manager: "auto"
+
+    - name: Register with CheckMK Update Server (retry)
+      shell: |
+        cmk-update-agent register -H $(hostname -s) --user {{ cmk_username }} \
+        --secret {{ cmk_secret }}
+      changed_when: false
+      when: "'check-mk-agent' in ansible_facts.packages"
+      notify: remove agent

tasks/RedHat.yml

@@ -1,9 +1,9 @@
 ---
 # Tasks for installation on RedHat Family
 - name: Ensure xinetd installed
-  yum:
+  package:
     name: xinetd
-    state: installed
+    state: present
   notify: restart xinetd
 
 - name: Gather facts of packages
@@ -18,17 +18,13 @@
         dest: /tmp/check-mk-agent.rpm
 
     - name: Ensure check_mk_agent installed
-      yum: 
+      command: /usr/bin/yum install --nogpgcheck -y /tmp/check-mk-agent.rpm
-        name: /tmp/check-mk-agent.rpm
+      args:
-        state: installed
+        warn: no
-      notify: 
+      notify:
         - restart xinetd
         - cmk fresh install
-
+        - ensure firewall open
-    - name: Remove agent Download
+  when: "'check-mk-agent' not in ansible_facts.packages or cmk_force_install"
-      file:
-        path: /tmp/check-mk-agent.rpm
-        state: absent
-  when: "'check-mk-agent' not in ansible_facts.packages"
   tags:
     - check_mk_agent

tasks/Windows-register.yml

@@ -1,5 +1,6 @@
 - name: Register with CheckMK Update Server
   win_shell: |
-    C:\ProgramData\checkmk\agent\plugins\cmk-update-agent.exe register -H $env:computername `
+    C:\ProgramData\checkmk\agent\plugins\cmk-update-agent.exe register `
+    -H $env:computername `
     --user {{ cmk_username }} `
     --secret {{ cmk_secret }}

tasks/Windows.yml

@@ -3,13 +3,13 @@
   win_file:
     path: "c:/temp/"
     state: directory
-    
+
 - name: Retrieve copy of agent
   win_get_url:
     url: "{{ cmk_msi_agent }}{{ cmk_auth }}"
     dest: "c:/temp/check-mk-agent.msi"
   changed_when: false
-  
+
 - name: Ensure agent is installed
   win_package:
     path: "c:/temp/check-mk-agent.msi"

tasks/host-management.yml

@@ -2,7 +2,7 @@
 - name: add host to omd
   uri:
     method: POST
-    url: "http://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=add_host{{ cmk_auth }}"
+    url: "{{ cmk_omd_protocol }}://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=add_host{{ cmk_auth }}"
     body: |
       request={
         "attributes": {
@@ -11,7 +11,7 @@
         "ipaddress": "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
       },
       "folder": "{{ cmk_folder | default('Unsorted') }}",
-      "hostname": "{{inventory_hostname}}"
+      "hostname": "{{ inventory_hostname }}"
       }
     body_format: raw
     return_content: yes
@@ -20,18 +20,15 @@
   delegate_to: localhost
   when: cmk_add_host
 
-- set_fact:
+- name: Parse result
+  set_fact:
     output: "{{ res.content | from_json }}"
   when: cmk_add_host
 
-# - debug:
-#     msg: "{{ output }}"
-#   when: cmk_add_host
-
 - name: cmk_discovery
   uri:
     method: POST
-    url: http://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=discover_services&mode=refresh{{ cmk_auth }}
+    url: "{{ cmk_omd_protocol }}://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=discover_services&mode=refresh{{ cmk_auth }}"
     body: 'request={"hostname":"{{ inventory_hostname }}"}'
     body_format: raw
     status_code: 200
@@ -42,7 +39,7 @@
 - name: cmk_apply
   uri:
     method: POST
-    url: http://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=activate_changes&mode=specific{{ cmk_auth }}
+    url: "{{ cmk_omd_protocol }}://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=activate_changes&mode=specific{{ cmk_auth }}"
     body: 'request={"sites":["{{ cmk_omd_site }}"]}'
     body_format: raw
     status_code: 200