From dfdd402158bd0bb7d7d6d59418744f571f33259a Mon Sep 17 00:00:00 2001 From: Aaron Guise Date: Tue, 9 Jan 2024 14:33:55 +1300 Subject: [PATCH] Initial project --- .ansible-lint | 10 ++ .woodpecker/cron.yml | 25 ++++ .woodpecker/lint.yml | 41 +++++++ .woodpecker/test.yml | 41 +++++++ .woodpecker/z.ntfy-cron.yml | 15 +++ .woodpecker/z.ntfy.yml | 18 +++ .woodpecker/zz.ntfy-cron-failed.yml | 15 +++ .yamllint | 35 ++++++ Makefile | 36 ++++++ README.md | 34 ++++++ defaults/main.yml | 60 +++++++++ files/.gitkeep | 0 files/checkmk-agent-autoupgrade.pp | Bin 0 -> 977 bytes .../__pycache__/reslash.cpython-39.pyc | Bin 0 -> 625 bytes filter_plugins/reslash.py | 11 ++ handlers/main.yml | 33 +++++ meta/main.yml | 34 ++++++ molecule/default/converge.yml | 11 ++ molecule/default/molecule.yml | 17 +++ molecule/default/verify.yml | 6 + molecule/http_direct/converge.yml | 17 +++ molecule/http_direct/molecule.yml | 24 ++++ molecule/http_direct/verify.yml | 9 ++ molecule/requirements.yml | 6 + molecule/yamllint.yml | 16 +++ requirements.txt | 6 + tasks/Debian-register.yml | 47 +++++++ tasks/Debian.yml | 83 +++++++++++++ tasks/RedHat-register.yml | 64 ++++++++++ tasks/RedHat.yml | 85 +++++++++++++ tasks/Windows-register.yml | 8 ++ tasks/Windows.yml | 28 +++++ tasks/downloads/http/.gitkeep | 0 tasks/downloads/samba/main.yml | 53 ++++++++ tasks/host-configure.yml | 62 ++++++++++ tasks/host-management.yml | 34 ++++++ tasks/host-management/legacy.yml | 52 ++++++++ tasks/host-management/modern.yml | 115 ++++++++++++++++++ tasks/main.yml | 17 +++ templates/.gitkeep | 0 vars/Debian.yml | 3 + vars/RedHat.yml | 3 + vars/Windows.yml | 3 + vars/main.yml | 2 + 44 files changed, 1179 insertions(+) create mode 100644 .ansible-lint create mode 100644 .woodpecker/cron.yml create mode 100644 .woodpecker/lint.yml create mode 100644 .woodpecker/test.yml create mode 100644 .woodpecker/z.ntfy-cron.yml create mode 100644 .woodpecker/z.ntfy.yml create mode 100644 .woodpecker/zz.ntfy-cron-failed.yml create mode 100644 .yamllint create mode 100644 Makefile create mode 100644 README.md create mode 100644 defaults/main.yml create mode 100644 files/.gitkeep create mode 100644 files/checkmk-agent-autoupgrade.pp create mode 100644 filter_plugins/__pycache__/reslash.cpython-39.pyc create mode 100644 filter_plugins/reslash.py create mode 100644 handlers/main.yml create mode 100644 meta/main.yml create mode 100644 molecule/default/converge.yml create mode 100644 molecule/default/molecule.yml create mode 100644 molecule/default/verify.yml create mode 100644 molecule/http_direct/converge.yml create mode 100644 molecule/http_direct/molecule.yml create mode 100644 molecule/http_direct/verify.yml create mode 100644 molecule/requirements.yml create mode 100644 molecule/yamllint.yml create mode 100644 requirements.txt create mode 100644 tasks/Debian-register.yml create mode 100644 tasks/Debian.yml create mode 100644 tasks/RedHat-register.yml create mode 100644 tasks/RedHat.yml create mode 100644 tasks/Windows-register.yml create mode 100644 tasks/Windows.yml create mode 100644 tasks/downloads/http/.gitkeep create mode 100644 tasks/downloads/samba/main.yml create mode 100644 tasks/host-configure.yml create mode 100644 tasks/host-management.yml create mode 100644 tasks/host-management/legacy.yml create mode 100644 tasks/host-management/modern.yml create mode 100644 tasks/main.yml create mode 100644 templates/.gitkeep create mode 100644 vars/Debian.yml create mode 100644 vars/RedHat.yml create mode 100644 vars/Windows.yml create mode 100644 vars/main.yml diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..0cdfec2 --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,10 @@ +# .ansible-lint +profile: basic + +skip_list: # or 'skip_list' to silence them completely + - experimental # all rules tagged as experimental + - unnamed-task # All tasks should be named + - fqcn-builtins + - name[casing] + +warn_list: [] # or 'skip_list' to silence them completely \ No newline at end of file diff --git a/.woodpecker/cron.yml b/.woodpecker/cron.yml new file mode 100644 index 0000000..0e34c58 --- /dev/null +++ b/.woodpecker/cron.yml @@ -0,0 +1,25 @@ +--- +matrix: + include: + - MOLECULE_DISTRO: centos7 + - MOLECULE_DISTRO: almalinux8 +clone: + git: + image: woodpeckerci/plugin-git + settings: + recursive: true + submodule_update_remote: true +when: + event: [cron] +steps: + test: + name: Test on ${MOLECULE_DISTRO} + image: guisea/ansible-molecule + pull: true + environment: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + volumes: [/var/run/docker.sock:/var/run/docker.sock] + commands: ['molecule test --scenario-name ${MOLECULE_SCENARIO:-default}'] + when: + event: [cron] diff --git a/.woodpecker/lint.yml b/.woodpecker/lint.yml new file mode 100644 index 0000000..7095b8a --- /dev/null +++ b/.woodpecker/lint.yml @@ -0,0 +1,41 @@ +--- +clone: + git: + image: woodpeckerci/plugin-git + settings: + recursive: true + submodule_update_remote: true +when: + event: [push, manual] +steps: + ansible-lint: + group: test + name: 'Lint: Ansible-lint' + image: guisea/ansible-molecule + environment: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + commands: [ansible-lint -c ".ansible-lint"] + when: + event: [push, manual] + yamllint: + group: test + name: 'Lint: Yamllint' + image: guisea/ansible-molecule + commands: [yamllint -f colored .] + when: + event: [push, manual] + ntfy: + image: codeberg.org/l-x/woodpecker-ntfy + settings: + url: https://ntfy.cybercinch.nz/ci-status + title: Lint failed for ${CI_REPO_NAME} + priority: urgent + icon: https://woodpecker-ci.org/img/logo.svg + tags: robot,warning,rotating_light,${CI_BUILD_EVENT},${CI_REPO_NAME} + message: > + 📝 Commit by ${CI_COMMIT_AUTHOR} on ${CI_COMMIT_BRANCH}: + ${CI_COMMIT_MESSAGE} + when: + event: [push, manual] + status: [failure] diff --git a/.woodpecker/test.yml b/.woodpecker/test.yml new file mode 100644 index 0000000..595fdec --- /dev/null +++ b/.woodpecker/test.yml @@ -0,0 +1,41 @@ +--- +matrix: + include: + - MOLECULE_DISTRO: almalinux8 + - MOLECULE_DISTRO: almalinux9 +clone: + git: + image: woodpeckerci/plugin-git + settings: + recursive: true + submodule_update_remote: true +when: + event: [push, manual] +steps: + test: + name: Test on ${MOLECULE_DISTRO} + image: guisea/ansible-molecule + pull: true + environment: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + volumes: [/var/run/docker.sock:/var/run/docker.sock] + commands: ['molecule test --scenario-name ${MOLECULE_SCENARIO:-default}'] + when: + event: [push, manual] + ntfy: + image: codeberg.org/l-x/woodpecker-ntfy + settings: + url: https://ntfy.cybercinch.nz/ci-status + title: 'Test failed for ${CI_REPO_NAME} - Distro: ${MOLECULE_DISTRO} Scenario: + ${MOLECULE_SCENARIO:-default}' + priority: urgent + icon: https://woodpecker-ci.org/img/logo.svg + tags: robot,warning,rotating_light,${CI_BUILD_EVENT},${CI_REPO_NAME} + message: > + 📝 Commit by ${CI_COMMIT_AUTHOR} on ${CI_COMMIT_BRANCH}: + ${CI_COMMIT_MESSAGE} + when: + event: [push, manual] + status: [failure] +depends_on: [lint] diff --git a/.woodpecker/z.ntfy-cron.yml b/.woodpecker/z.ntfy-cron.yml new file mode 100644 index 0000000..55424f7 --- /dev/null +++ b/.woodpecker/z.ntfy-cron.yml @@ -0,0 +1,15 @@ +--- +skip_clone: true +steps: + ntfy-success: + image: codeberg.org/l-x/woodpecker-ntfy + settings: + url: https://ntfy.cybercinch.nz/ci-status + title: Build succeeded on ${CI_REPO_NAME} + priority: urgent + icon: https://woodpecker-ci.org/img/logo.svg + tags: robot,white_check_mark,${CI_BUILD_EVENT},${CI_REPO_NAME} + message: > + Test success when run by cron for ${CI_REPO_NAME}. +depends_on: [cron] +runs_on: [success] diff --git a/.woodpecker/z.ntfy.yml b/.woodpecker/z.ntfy.yml new file mode 100644 index 0000000..0acd6cf --- /dev/null +++ b/.woodpecker/z.ntfy.yml @@ -0,0 +1,18 @@ +--- +skip_clone: true +steps: + ntfy: + image: codeberg.org/l-x/woodpecker-ntfy + settings: + url: https://ntfy.cybercinch.nz/ci-status + title: Build completed for ${CI_REPO_NAME} + priority: urgent + icon: https://woodpecker-ci.org/img/logo.svg + tags: robot,tada,white_check_mark,${CI_BUILD_EVENT},${CI_REPO_NAME} + message: > + 📝 Commit by ${CI_COMMIT_AUTHOR} on ${CI_COMMIT_BRANCH}: + ${CI_COMMIT_MESSAGE} + when: + event: [push, manual] + status: [success] +depends_on: [lint, test] diff --git a/.woodpecker/zz.ntfy-cron-failed.yml b/.woodpecker/zz.ntfy-cron-failed.yml new file mode 100644 index 0000000..8f97c3c --- /dev/null +++ b/.woodpecker/zz.ntfy-cron-failed.yml @@ -0,0 +1,15 @@ +--- +skip_clone: true +steps: + ntfy-failed: + image: codeberg.org/l-x/woodpecker-ntfy + settings: + url: https://ntfy.cybercinch.nz/ci-status + title: Build failed on ${CI_REPO_NAME} + priority: urgent + icon: https://woodpecker-ci.org/img/logo.svg + tags: robot,rotating_light,no_entry,${CI_BUILD_EVENT},${CI_REPO_NAME} + message: > + Test failed when run by cron for ${CI_REPO_NAME}. +depends_on: [cron] +runs_on: [failure] diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..5175319 --- /dev/null +++ b/.yamllint @@ -0,0 +1,35 @@ +--- +# Based on ansible-lint config +extends: default + +ignore: | + .venv/ +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + colons: + max-spaces-after: -1 + level: error + commas: + max-spaces-after: -1 + level: error + comments: disable + comments-indentation: disable + document-start: disable + empty-lines: + max: 3 + level: error + hyphens: + level: error + indentation: disable + key-duplicates: enable + line-length: disable + new-line-at-end-of-file: enable + new-lines: + type: unix + trailing-spaces: enable + truthy: disable diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..cad5d11 --- /dev/null +++ b/Makefile @@ -0,0 +1,36 @@ +.PHONY: clean virtualenv lint test docker dist dist-upload + +clean: + find . -name '*.py[co]' -delete + +virtualenv: + virtualenv --prompt '|> check_mk_agent <| ' .venv + .venv/bin/pip install --upgrade pip + .venv/bin/pip install -r requirements.txt + .venv/bin/ansible-galaxy collection install -r molecule/requirements.yml + @echo + @echo "VirtualENV Setup Complete. Now run: source .venv/bin/activate" + @echo + +test: + for distro in almalinux8 ; do \ + MOLECULE_DISTRO=$$distro molecule test --scenario-name http_direct -- -vvv ; \ + done + +lint: + @echo "Linting with Ansible-lint" + @echo + ansible-lint -c ".ansible-lint" --exclude ".venv" + @echo + @echo "Linting with Yamllint" + @echo + yamllint . + @echo + +dist: clean + rm -rf dist/* + python setup.py sdist + python setup.py bdist_wheel + +dist-upload: + twine upload dist/* diff --git a/README.md b/README.md new file mode 100644 index 0000000..4798781 --- /dev/null +++ b/README.md @@ -0,0 +1,34 @@ +Check Mk Agent +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +| Name | Default Value | Description | +|-------------------|---------------------|----------------------| +| `` | `` | | + + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + + - hosts: all + roles: + - cybercinch.check_mk_agent + +License +------- + +Apache 2.0 diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..ec05230 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,60 @@ +--- +cmk_add_host: false # Should be true/false whether we should automatically add host for monitoring. +cmk_omd_protocol: http # Should be http or https +cmk_omd_host: your-checkmk-hostname +cmk_omd_site: your-checkmk-site # e.g the first piece after the / following your hostname + +# If you have created a folder in WATO already you want hosts to be put in when registered +# uncomment cmk_folder below and specify the folder to use. Otherwise the role creates and +# adds new hosts by default to Unsorted folder +# p.s: Folders created in the CMK UI are all lower case even if you enter them in capitals :( +# cmk_folder: your_folder_in_WATO +cmk_download_mode: samba +cmk_smb_password: +cmk_smb_username: +# If using direct download (http) from CMK set below +# # Copy paste the link address for rpm agent from CheckMK +# cmk_rpm_agent_x86_64: http://url-from-your-agent-bakery-in-checkmk.rpm +# # Copy paste the link address for MSI (Windows) agent from CheckMK +# cmk_msi_agent_x86_64: http://url-from-your-agent-bakery-in-checkmk.msi +# # Copy paste from cmk server +# cmk_deb_agent_x86_64: http://url-from-your-agent-bakery-in-checkmk.deb +# # Copy paste from cmk server +# cmk_rpm_agent_aarch64: http://url-from-your-agent-bakery-in-checkmk.rpm +# # Copy paste from cmk server +# cmk_deb_agent_aarch64: http://url-from-your-agent-bakery-in-checkmk.deb + +# Want to use Samba to download the pre-prepared agents +cmk_download_path: \\fileserver\Software\checkmk-agents\{{ cmk_os_family }}\{{ ansible_architecture }}\ +cmk_rpm_agent: check-mk-agent-2.0.0p11.noarch.rpm +cmk_deb_agent: check-mk-agent-2.0.0p11_all.deb +cmk_msi_agent: check-mk-agent-2.0.0p11.msi + +# Check_MK GPG Key +# Copy paste the link address from Signature Keys for Signing Agents page +cmk_gpg_key_id: 1 +cmk_gpg_key_url: '{{ cmk_omd_protocol }}://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/wato.py?key={{ + cmk_gpg_key_id }}&mode=download_signature_key' + +# Should be username of an automation user in checkmk +cmk_username: some-username + +# This should be populated with the secret for your automation user +# I recommend encrypting this with ansible-vault. +# Example: ansible-vault encrypt_string somesecret_string --name cmk_secret +cmk_secret: some-secret + +# Combined string required for unattended actions +cmk_auth: '&_username={{ cmk_username }}&_secret={{ cmk_secret }}' + +# This variable is used to detect whether this is a fresh install +# Is changed to true if check-mk-agent gets installed +cmk_fresh_install: false + +# This variable if set to true will force installation to run regardless of whether +# CheckMK is already installed. +# Breaks idempotence but allows role to be used to force upgrade agents. +cmk_force_install: false +cmk_host_ip: '{{ ansible_host }}' +cmk_dl_needs_auth: true +cmk_debug: true diff --git a/files/.gitkeep b/files/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/files/checkmk-agent-autoupgrade.pp b/files/checkmk-agent-autoupgrade.pp new file mode 100644 index 0000000000000000000000000000000000000000..0fd89b3113c156fc959827207ad21eb7033b9973 GIT binary patch literal 977 zcmb_aK~BRk5Deu2LLiVhaq9<);0Jr*1}7d61;=VlTRU|?h?_F}ivk(tpad>*RCe=~Y zBZNX@scDxUJ`6m~k$32J)Em2X-J9sTRHrk|v5xN$G-Nn$Q(K#bTeWqf`CHsQ2zB(J zC6gC1!Y?7Z0hz}~0kT=Q3(scVHZ!h8AILgJc!a0`nZr*9WV3!Rf6?ei9mum7;SoZi pabLPP@?R3~#YE@n#kM47ma{r3a?qH)a=yww%-U$4%B1Fg;0xP|M2i3b literal 0 HcmV?d00001 diff --git a/filter_plugins/__pycache__/reslash.cpython-39.pyc b/filter_plugins/__pycache__/reslash.cpython-39.pyc new file mode 100644 index 0000000000000000000000000000000000000000..659100dc253c02cde1a1d4ed74037119a2553675 GIT binary patch literal 625 zcmZWmy-ve05VqsA4W(sb!z5Z3 z8ALm=&?4VNr7l*GY)m9_lg<=Gx=>)EWC_WdXKOANfUJ3{HlTT_wu>}3kp`oLS&qub z>ZG}9Ql6d40-?Hxm{_-M_HK;F$p#WrNl+#QmeSa-#mAjmb~U(mZ6}4?Du_{!>-ujS zb|Y>ZU3B(jMQ{&vin9C7Y?&xA@(rlD+d&PMUG-{;v2WGP{dC%HJ8B5iuv-P3=OP2n zt3KzMn+p8_=l5Ho>Ki9oAK~Bhu?4&G7TBITK(KjZqrmgOec$D#A#>$bx0u;CamiM( Q` + smbget 'smb:{{ (cmk_download_path + '/' + cmk_installer) | reslash }}' -U + '{{ cmk_smb_username }}%{{ cmk_smb_password }}' + args: + chdir: /tmp/dls + creates: /tmp/dls/{{ cmk_installer }} + warn: false # Don't warn of other modules. I want to use smbget ;) + no_log: true # Turn off logging due to password exposure + when: not cmk_debug | bool + delegate_to: localhost +- name: Copy archive from samba_share. (Debug) + command: > + smbget 'smb:{{ (cmk_download_path + '/' + cmk_installer) | reslash }}' -U '{{ cmk_smb_username | trim }}%{{ cmk_smb_password | trim }} + args: + chdir: /tmp/dls + creates: /tmp/dls/{{ cmk_installer }} + warn: false # Don't warn of other modules. I want to use smbget ;) + no_log: false # Turn off logging due to password exposure + when: cmk_debug | bool + delegate_to: localhost diff --git a/tasks/host-configure.yml b/tasks/host-configure.yml new file mode 100644 index 0000000..646aaf1 --- /dev/null +++ b/tasks/host-configure.yml @@ -0,0 +1,62 @@ +--- +- name: cmk_discovery + uri: + method: POST + url: '{{ cmk_omd_protocol }}://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=discover_services&mode=refresh{{ + cmk_auth }}' + body: request={"hostname":"{{ instance_name | default(inventory_hostname) }}"} + body_format: raw + status_code: 200 + validate_certs: false + follow_redirects: true + become: false + when: cmk_add_host and output.result_code == 0 + delegate_to: localhost + tags: cmk_register +- name: cmk_apply + uri: + method: POST + url: '{{ cmk_omd_protocol }}://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=activate_changes&mode=specific{{ + cmk_auth }}' + body: request={"sites":["{{ cmk_omd_site }}"]} + body_format: raw + status_code: 200 + validate_certs: false + follow_redirects: true + become: false + run_once: true + when: cmk_add_host and output.result_code == 0 + delegate_to: localhost + tags: cmk_register +- name: Wait some time + pause: + seconds: 10 +- name: cmk_discovery x 2 + uri: + method: POST + url: '{{ cmk_omd_protocol }}://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=discover_services&mode=refresh{{ + cmk_auth }}' + body: request={"hostname":"{{ instance_name | default(inventory_hostname) }}"} + body_format: raw + status_code: 200 + validate_certs: false + follow_redirects: true + become: false + when: cmk_add_host and output.result_code == 0 + delegate_to: localhost + tags: cmk_register +- name: cmk_apply + uri: + method: POST + url: '{{ cmk_omd_protocol }}://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=activate_changes&mode=specific{{ + cmk_auth }}' + body: request={"sites":["{{ cmk_omd_site }}"]} + body_format: raw + status_code: 200 + validate_certs: false + follow_redirects: true + become: false + run_once: true + when: cmk_add_host and output.result_code == 0 + delegate_to: localhost + tags: cmk_register diff --git a/tasks/host-management.yml b/tasks/host-management.yml new file mode 100644 index 0000000..38890d0 --- /dev/null +++ b/tasks/host-management.yml @@ -0,0 +1,34 @@ +--- +- name: Retrieve checkmk version + uri: + method: GET + headers: + Authorization: Bearer {{ cmk_username }} {{ cmk_secret }} + Accept: application/json + url: '{{ cmk_omd_protocol }}://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/api/1.0/version' + return_content: true + register: cmk_output +- name: Set facts # noqa jinja[spacing] + set_fact: + cmk_major: "{{ cmk_output.json.versions.checkmk | regex_search('(?P\\\ + d+)\\.(?P\\d+).(?P[\\d\\w]+).(?P[\\d\\w]+)','\\g') | first | int }}" + cmk_minor: "{{ cmk_output.json.versions.checkmk |regex_search('(?P\\\ + d+)\\.(?P\\d+).(?P[\\d\\w]+).(?P[\\d\\w]+)', '\\g') | first |int }}" + cmk_patch: "{{ cmk_output.json.versions.checkmk | regex_search('(?P\\\ + d+)\\.(?P\\d+).(?P[\\d\\w]+).(?P\\w+)', '\\g') | first }}" + cmk_edition: "{{ cmk_output.json.versions.checkmk | regex_search('(?P\\\ + d+)\\.(?P\\d+).(?P[\\d\\w]+).(?P\\w+)','\\g') | first }}" +- name: Output vars + debug: + var: '{{ item }}' + with_items: [cmk_major, cmk_minor, cmk_patch, cmk_edition] +- include_tasks: host-management/legacy.yml + when: > + cmk_add_host and + (cmk_major | int <= 2 and + cmk_minor | int < 2 or cmk_force_install) +- include_tasks: host-management/modern.yml + when: >- + cmk_add_host and + (cmk_major | int >= 2 and + cmk_minor | int >= 2 or cmk_force_install) diff --git a/tasks/host-management/legacy.yml b/tasks/host-management/legacy.yml new file mode 100644 index 0000000..cea255e --- /dev/null +++ b/tasks/host-management/legacy.yml @@ -0,0 +1,52 @@ +--- +- name: add host to omd (legacy) + uri: + method: POST + url: '{{ cmk_omd_protocol }}://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=add_host{{ + cmk_auth }}' + body: | + request={ + "attributes": { + "tag_criticality": "prod", + "tag_agent": "cmk-agent", + "ipaddress": "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" + }, + "folder": "{{ cmk_folder | default('Unsorted') }}", + "hostname": "{{ inventory_hostname | upper }}" + } + body_format: raw + return_content: true + register: res + become: false + delegate_to: localhost + when: > + cmk_add_host +- name: Parse result + set_fact: + output: '{{ res.content | from_json }}' + when: cmk_add_host +- name: cmk_discovery (legacy) + uri: + method: POST + url: '{{ cmk_omd_protocol }}://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=discover_services&mode=refresh{{ + cmk_auth }}' + body: request={"hostname":"{{ inventory_hostname }}"} + body_format: raw + status_code: 200 + become: false + when: > + cmk_add_host and output.result_code == 0 or cmk_force_install + delegate_to: localhost +- name: cmk_apply (legacy) + uri: + method: POST + url: '{{ cmk_omd_protocol }}://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=activate_changes&mode=specific{{ + cmk_auth }}' + body: request={"sites":["{{ cmk_omd_site }}"]} + body_format: raw + status_code: 200 + become: false + run_once: true + when: > + output.result_code == 0 or cmk_force_install + delegate_to: localhost diff --git a/tasks/host-management/modern.yml b/tasks/host-management/modern.yml new file mode 100644 index 0000000..9696e64 --- /dev/null +++ b/tasks/host-management/modern.yml @@ -0,0 +1,115 @@ +--- +- name: add host to omd (new) + uri: + method: POST + headers: + Authorization: Bearer {{ cmk_username }} {{ cmk_secret }} + Accept: application/json + url: '{{ cmk_omd_protocol }}://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/api/1.0/domain-types/host_config/collections/all' + body: + folder: "{{ cmk_folder | default('~Unsorted') }}" + host_name: '{{ inventory_hostname | upper }}' + attributes: + tag_criticality: prod + tag_agent: cmk-agent + ipaddress: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" + body_format: json + return_content: true + status_code: [200, 400] + register: res + become: false + delegate_to: localhost + when: > + cmk_add_host and cmk_major | int >= 2 and cmk_minor | int >= 2 +- name: Parse result + set_fact: + output: '{{ res.content | from_json }}' + when: cmk_add_host +- name: Host exists fetch etag (new) # noqa command-instead-of-module + shell: | + curl \ + -G \ + -i \ + --request GET \ + --write-out "\nxxx-status_code=%{http_code}\n" \ + --header "Authorization: Bearer {{ cmk_username }} {{ cmk_secret }}" \ + --header "Accept: application/json" \ + "{{ cmk_omd_protocol }}://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/api/v0/objects/host_config/{{ inventory_hostname | upper }}" + register: res + become: false + delegate_to: localhost + when: > + cmk_add_host and (cmk_major | int >= 2 and cmk_minor | int >= 2) and + (output.status == 400 and output.fields.host_name | first | regex_search('already + exists.$')) +- debug: + var: res +- name: Unpick response + set_fact: + etag: "{{ res.stdout | regex_search('.*etag:.\"(?P.+)\".*', '\\g') | first }}" + when: > + cmk_add_host and (cmk_major | int >= 2 and cmk_minor | int >= 2) and + (output.status == 400 and output.fields.host_name | first | regex_search('already + exists.$')) +- name: Update host as already exists? (new) + uri: + method: PUT + headers: + Authorization: Bearer {{ cmk_username }} {{ cmk_secret }} + Accept: application/json + If-Match: '{{ etag }}' + url: '{{ cmk_omd_protocol }}://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/api/v0/objects/host_config/{{ + inventory_hostname | upper }}' + body: + update_attributes: + ipaddress: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" + body_format: json + return_content: true + status_code: [200] + register: res + become: false + delegate_to: localhost + when: > + cmk_add_host and (cmk_major | int >= 2 and cmk_minor | int >= 2) and + (output.status == 400 and output.fields.host_name | first | regex_search('already + exists.$')) +- name: Parse result + set_fact: + output: '{{ res.content | from_json }}' + when: cmk_add_host +- name: cmk_discovery (new) + uri: + method: POST + headers: + Authorization: Bearer {{ cmk_username }} {{ cmk_secret }} + Accept: application/json + url: '{{ cmk_omd_protocol }}://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/api/1.0/domain-types/service_discovery_run/actions/start/invoke' + body: + host_name: '{{ inventory_hostname | upper }}' + mode: refresh + body_format: json + status_code: [200, 302] + become: false + when: > + cmk_add_host and cmk_major | int >= 2 and + cmk_minor | int >= 2 or + cmk_force_install + delegate_to: localhost +- name: cmk_apply (new) + uri: + method: POST + headers: + Authorization: Bearer {{ cmk_username }} {{ cmk_secret }} + Accept: application/json + url: '{{ cmk_omd_protocol }}://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/api/1.0/domain-types/activation_run/actions/activate-changes/invoke' + body: + redirect: 'False' + sites: ['{{ cmk_omd_site }}'] + force_foreign_changes: 'False' + body_format: json + status_code: 200 + become: false + run_once: true + when: > + cmk_add_host and cmk_major | int >= 2 and cmk_minor | int >= 2 and cmk_force_install + delegate_to: localhost diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..27ac209 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,17 @@ +--- +# tasks file for ansible-role-cmk-agent + +# Include OS Variables +- include_vars: '{{ ansible_os_family }}.yml' +- include_tasks: '{{ ansible_os_family }}.yml' +- meta: flush_handlers + +# Add host to checkmk +- include_tasks: host-management.yml + when: cmk_fresh_install +# Register for automatic agent updates +- include_tasks: '{{ ansible_os_family }}-register.yml' + when: cmk_fresh_install +# Finalize things and collect all available services +- include_tasks: host-configure.yml + when: cmk_fresh_install diff --git a/templates/.gitkeep b/templates/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/vars/Debian.yml b/vars/Debian.yml new file mode 100644 index 0000000..5a2f5ae --- /dev/null +++ b/vars/Debian.yml @@ -0,0 +1,3 @@ +--- +cmk_os_family: linux +cmk_installer: '{{ cmk_deb_agent }}' diff --git a/vars/RedHat.yml b/vars/RedHat.yml new file mode 100644 index 0000000..80c006c --- /dev/null +++ b/vars/RedHat.yml @@ -0,0 +1,3 @@ +--- +cmk_os_family: linux +cmk_installer: '{{ cmk_rpm_agent }}' diff --git a/vars/Windows.yml b/vars/Windows.yml new file mode 100644 index 0000000..74b32ea --- /dev/null +++ b/vars/Windows.yml @@ -0,0 +1,3 @@ +--- +cmk_os_family: windows +cmk_installer: '{{ cmk_msi_agent }}' diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..91da2a7 --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,2 @@ +--- +...