Add firewall allow functionality RHEL

.ansible-lint

@@ -0,0 +1,3 @@
+# .ansible-lint                                                                                                                                                                                                          │
+warn_list:  # or 'skip_list' to silence them completely                                                                                                                                                                  │
+  - '106'  # Role name {} does not match ``^[a-z][a-z0-9_]+$`` pattern     

Centos7-Dockerfile

@@ -1,2 +1,3 @@
 FROM docker.io/pycontribs/centos:7
-RUN yum install -y iproute
+RUN yum install -y iproute firewalld python-firewall net-tools && \
+    systemctl enable firewalld

Centos8-Dockerfile

@@ -0,0 +1,6 @@
+# Centos8-Dockerfile
+FROM docker.io/pycontribs/centos:8
+RUN yum install -y iproute firewalld net-tools && \
+    systemctl disable nftables && \
+    systemctl enable firewalld && \
+    

defaults/main.yml

@@ -1,12 +1,17 @@
 ---
 cmk_add_host: false # Should be true/false whether we should automatically add host for monitoring.
+cmk_omd_protocol: http # Should be http or https
 cmk_omd_host: your-checkmk-hostname
 cmk_omd_site: your-checkmk-site # e.g the first piece after the / following your hostname
+
 # If you have created a folder in WATO already you want hosts to be put in when registered
 # uncomment cmk_folder below and specify the folder to use.  Otherwise the role creates and 
 # adds new hosts by default to Unsorted folder
 # cmk_folder: your_folder_in_WATO
+
+# Copy paste the link address for rpm agent from CheckMK
 cmk_rpm_agent: http://url-from-your-agent-bakery-in-checkmk.rpm
+# Copy paste the link address for MSI (Windows) agent from CheckMK
 cmk_msi_agent: http://url-from-your-agent-bakery-in-checkmk.msi
 
 
@@ -17,9 +22,15 @@ cmk_username: some-username
 # I recommend encrypting this with ansible-vault. 
 # Example: ansible-vault encrypt_string somesecret_string --name cmk_secret
 cmk_secret: some-secret
+
 # Combined string required for unattended actions
 cmk_auth: "&_username={{ cmk_username }}&_secret={{ cmk_secret }}"
 
 # This variable is used to detect whether this is a fresh install
 # Is changed to true if check-mk-agent gets installed
 cmk_fresh_install: false
+
+# This variable if set to true will force installation to run regardless of whether
+# CheckMK is already installed. 
+# Breaks idempotence but allows role to be used to force upgrade agents.
+cmk_force_install: false

handlers/main.yml

@@ -9,3 +9,14 @@
 - name: cmk fresh install
   set_fact:
     cmk_fresh_install: True
+
+- name: ensure firewall open
+  firewalld:
+    port: 6556/tcp
+    state: enabled
+    permanent: yes
+    immediate: yes
+
+- name: ensure firewall reloaded
+  command: firewall-cmd --reload
+  changed_when: false

meta/main.yml

@@ -34,4 +34,3 @@ galaxy_info:
     #       Maximum 20 tags per role.
 
 dependencies: []
-  

tasks/RedHat-register.yml

@@ -2,3 +2,4 @@
   shell: |
     cmk-update-agent register -H $(hostname -s) --user {{ cmk_username }} \
     --secret {{ cmk_secret }}
+  changed_when: false

tasks/RedHat.yml

@@ -24,11 +24,13 @@
       notify:
         - restart xinetd
         - cmk fresh install
+        - ensure firewall open
+        - ensure firewall reloaded
 
     - name: Remove agent Download
       file:
         path: /tmp/check-mk-agent.rpm
         state: absent
-  when: "'check-mk-agent' not in ansible_facts.packages"
+  when: "'check-mk-agent' not in ansible_facts.packages or cmk_force_install"
   tags:
     - check_mk_agent

tasks/Windows-register.yml

@@ -1,5 +1,6 @@
 - name: Register with CheckMK Update Server
   win_shell: |
-    C:\ProgramData\checkmk\agent\plugins\cmk-update-agent.exe register -H $env:computername `
+    C:\ProgramData\checkmk\agent\plugins\cmk-update-agent.exe register `
+    -H $env:computername `
     --user {{ cmk_username }} `
     --secret {{ cmk_secret }}

tasks/host-management.yml

@@ -2,7 +2,7 @@
 - name: add host to omd
   uri:
     method: POST
-    url: "http://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=add_host{{ cmk_auth }}"
+    url: "{{ cmk_omd_protocol }}://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=add_host{{ cmk_auth }}"
     body: |
       request={
         "attributes": {
@@ -11,7 +11,7 @@
         "ipaddress": "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
       },
       "folder": "{{ cmk_folder | default('Unsorted') }}",
-      "hostname": "{{inventory_hostname}}"
+      "hostname": "{{ inventory_hostname }}"
       }
     body_format: raw
     return_content: yes
@@ -20,18 +20,15 @@
   delegate_to: localhost
   when: cmk_add_host
 
-- set_fact:
+- name: Parse result
+  set_fact:
     output: "{{ res.content | from_json }}"
   when: cmk_add_host
 
-# - debug:
-#     msg: "{{ output }}"
-#   when: cmk_add_host
-
 - name: cmk_discovery
   uri:
     method: POST
-    url: http://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=discover_services&mode=refresh{{ cmk_auth }}
+    url: "{{ cmk_omd_protocol }}://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=discover_services&mode=refresh{{ cmk_auth }}"
     body: 'request={"hostname":"{{ inventory_hostname }}"}'
     body_format: raw
     status_code: 200
@@ -42,7 +39,7 @@
 - name: cmk_apply
   uri:
     method: POST
-    url: http://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=activate_changes&mode=specific{{ cmk_auth }}
+    url: "{{ cmk_omd_protocol }}://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=activate_changes&mode=specific{{ cmk_auth }}"
     body: 'request={"sites":["{{ cmk_omd_site }}"]}'
     body_format: raw
     status_code: 200