cybercinch/ansible-role-checkmk-agent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

Initial project

Browse Source
This commit is contained in:
Aaron Guise
2024-01-09 14:33:55 +13:00
commit dfdd402158
44 changed files with 1179 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
tasks/Debian-register.yml Normal file
View File

@@ -0,0 +1,47 @@
---
- block:
- name: Register with CheckMK Update Server
shell: |
cmk-update-agent register -H {{ instance_name | default(inventory_hostname) }} \
--user {{ cmk_username }} \
--secret {{ cmk_secret }}
changed_when: false
notify: remove agent
tags: cmk_register
- name: Check-In with server
shell: |
cmk-update-agent -v
changed_when: false
notify: remove agent
tags: cmk_register
rescue:
- name: Gather facts of packages
package_facts:
manager: auto
tags: cmk_register
- name: Ensure check_mk_agent installed (again)
package:
deb: /tmp/check-mk-agent.deb
state: present
allow_unauthenticated: true
notify: [restart xinetd, ensure firewall open]
when: "'check-mk-agent' not in ansible_facts.packages"
tags: cmk_register
- name: Gather facts of packages (again)
package_facts:
manager: auto
tags: cmk_register
- name: Register with CheckMK Update Server (retry)
shell: |
cmk-update-agent register -H {{ instance_name | default(inventory_hostname) }} --user {{ cmk_username }} \
--secret {{ cmk_secret }}
changed_when: false
when: "'check-mk-agent' in ansible_facts.packages"
notify: remove agent
tags: cmk_register
- name: Check-In with server
shell: |
cmk-update-agent -v
changed_when: false
notify: remove agent
tags: cmk_register

83
tasks/Debian.yml Normal file
View File

@@ -0,0 +1,83 @@
---
# Tasks for installation on RedHat Family
- name: Ensure xinetd installed
package:
name: xinetd
state: present
notify: restart xinetd
- name: Ensure python openssl available
package:
name: python3-openssl,python3-requests
state: present
- name: Fix SeLinux Auto-Updates
when: ansible_selinux|bool
tags: selinux-pre
block:
- name: list installed selinux modules
command: /usr/sbin/semodule -l
register: installed_mods
- name: check_mk_mod_installed
set_fact:
cmk_mod_installed: true
when: '"checkmk-agent-autoupgrade" in installed_mods.stdout'
- name: copy file
copy:
src: files/checkmk-agent-autoupgrade.pp
dest: /tmp/checkmk-agent-autoupgrade.pp
when: cmk_mod_installed is not defined
- name: install the module
command: /usr/sbin/semodule -i /tmp/checkmk-agent-autoupgrade.pp
when: cmk_mod_installed is not defined
notify: remove selinux policy file
- name: Gather facts of packages
package_facts:
manager: auto
- name: Remove check-mk if force install
package:
name: check-mk-agent
state: absent
when: cmk_force_install and 'check-mk-agent' in ansible_facts.packages
- name: Re-check check-mk-agent status
package_facts:
manager: auto
when: cmk_force_install
# Download agent by samba share
- include_tasks: downloads/samba/main.yml
when: cmk_download_mode == 'samba'
- name: Copy installer to node
copy:
src: /tmp/dls/{{ cmk_installer }}
dest: /tmp/check-mk-agent.deb
- name: Install check-mk-agent
when: "'check-mk-agent' not in ansible_facts.packages or cmk_force_install"
tags: [check_mk_agent]
block:
- name: Check if check-mk-agent is present on server
stat:
path: /tmp/check-mk-agent.deb
register: cmkdeb
- name: Download the agent from Server
get_url:
url: '{{ cmk_deb_agent }}{{ cmk_auth }}'
dest: /tmp/check-mk-agent.deb
validate_certs: false
when: not cmkdeb.stat.exists and cmk_dl_needs_auth|bool
- name: Download the agent from Server
get_url:
url: '{{ cmk_deb_agent }}'
dest: /tmp/check-mk-agent.deb
validate_certs: false
when: not cmkdeb.stat.exists and not cmk_dl_needs_auth|bool
- name: Ensure check_mk_agent installed
package:
deb: /tmp/check-mk-agent.deb
state: present
allow_unauthenticated: true # Not gpg signed so bypass the check
notify:
- restart xinetd
- cmk fresh install
- ensure firewall open (debian)

64
tasks/RedHat-register.yml Normal file
View File

@@ -0,0 +1,64 @@
---
- when: cmk_add_host
block:
- name: Register with CheckMK Update Server
shell: |
cmk-update-agent register -H {{ instance_name | default(inventory_hostname) }} \
--user {{ cmk_username }} \
--secret {{ cmk_secret }}
changed_when: false
notify: remove agent
tags: cmk_register
- name: Check-In with server
shell: |
cmk-update-agent -v
changed_when: false
notify: remove agent
tags: cmk_register
rescue:
- name: Gather facts of packages
package_facts:
manager: auto
tags: cmk_register
- name: Check if dnf package manager is installed
command: which dnf
register: dnf_check
ignore_errors: true
- name: Ensure check_mk_agent installed (again) with dnf
package:
name: /tmp/check-mk-agent.rpm
state: latest
disable_gpg_check: true
notify: [restart xinetd, ensure firewall open]
when:
- "'check-mk-agent' not in ansible_facts.packages"
- dnf_check.rc == 0
tags: cmk_register
- name: Ensure check_mk_agent installed (again) with yum
package:
name: /tmp/check-mk-agent.rpm
state: latest
skip_gpg_check: true
notify: [restart xinetd, ensure firewall open]
when:
- "'check-mk-agent' not in ansible_facts.packages"
- dnf_check.rc != 0
tags: cmk_register
- name: Gather facts of packages (again)
package_facts:
manager: auto
tags: cmk_register
- name: Register with CheckMK Update Server (retry)
shell: |
cmk-update-agent register -H {{ instance_name | default(inventory_hostname) }} --user {{ cmk_username }} \
--secret {{ cmk_secret }}
changed_when: false
when: "'check-mk-agent' in ansible_facts.packages"
notify: remove agent
tags: cmk_register
- name: Check-In with server
shell: |
cmk-update-agent -v
changed_when: false
notify: remove agent
tags: cmk_register

85
tasks/RedHat.yml Normal file
View File

@@ -0,0 +1,85 @@
---
# Tasks for installation on RedHat Family
- name: Ensure xinetd installed
package:
name: xinetd
state: present
notify: restart xinetd
when: ansible_distribution_major_version != '9'
- name: Start xinetd
service:
name: xinetd
state: started
when: ansible_distribution_major_version != '9'
- name: Fix SeLinux Auto-Updates
when: ansible_selinux|bool
tags: selinux-pre
block:
- name: list installed selinux modules
command: /usr/sbin/semodule -l
register: installed_mods
- name: check_mk_mod_installed
set_fact:
cmk_mod_installed: true
when: '"checkmk-agent-autoupgrade" in installed_mods.stdout'
- name: copy file
copy:
src: files/checkmk-agent-autoupgrade.pp
dest: /tmp/checkmk-agent-autoupgrade.pp
when: cmk_mod_installed is not defined
- name: install the module
command: /usr/sbin/semodule -i /tmp/checkmk-agent-autoupgrade.pp
when: cmk_mod_installed is not defined
notify: remove selinux policy file
- name: Gather facts of packages
package_facts:
manager: auto
- name: Remove check-mk if force install
package:
name: check-mk-agent
state: absent
when: cmk_force_install and 'check-mk-agent' in ansible_facts.packages
- name: Re-check check-mk-agent status
package_facts:
manager: auto
when: cmk_force_install
# Download agent by samba share
- include_tasks: downloads/samba/main.yml
when: cmk_download_mode == 'samba'
- name: Copy installer to node
when: cmk_download_mode == 'samba'
copy:
src: /tmp/dls/{{ cmk_installer }}
dest: /tmp/check-mk-agent.rpm
- name: Install check-mk-agent
when: "'check-mk-agent' not in ansible_facts.packages or cmk_force_install"
tags: [check_mk_agent]
block:
- name: Check if check-mk-agent is present on server
stat:
path: /tmp/check-mk-agent.rpm
register: cmkrpm
- name: Download the agent from Server
get_url:
url: '{{ cmk_rpm_agent }}{{ cmk_auth }}'
dest: /tmp/check-mk-agent.rpm
validate_certs: false
when: not cmkrpm.stat.exists and cmk_dl_needs_auth|bool
- name: Download the agent from Server
get_url:
url: '{{ cmk_rpm_agent }}'
dest: /tmp/check-mk-agent.rpm
validate_certs: false
when: not cmkrpm.stat.exists and not cmk_dl_needs_auth|bool
- name: Ensure check_mk_agent installed
package:
name: /tmp/check-mk-agent.rpm
state: latest
disable_gpg_check: true # Not gpg signed so bypass the check
notify:
- restart xinetd
- cmk fresh install
- ensure firewall open (rhel)

8
tasks/Windows-register.yml Normal file
View File

@@ -0,0 +1,8 @@
---
- name: Register with CheckMK Update Server
win_shell: |
C:\ProgramData\checkmk\agent\plugins\cmk-update-agent.exe register `
-H $env:computername `
--user {{ cmk_username }} `
--secret {{ cmk_secret }}
tags: cmk_register

28
tasks/Windows.yml Normal file
View File

@@ -0,0 +1,28 @@
---
- name: Ensure temp dir exists
win_file:
path: c:/temp/
state: directory
- name: Obtain information about a file
win_stat:
path: c:/temp/check-mk-agent.msi
register: cmkmsi
- name: Retrieve copy of agent
win_get_url:
url: '{{ cmk_msi_agent }}{{ cmk_auth }}'
dest: c:/temp/check-mk-agent.msi
changed_when: false
when: not cmkmsi.stat.exists
- name: Ensure agent is installed
win_package:
path: c:/temp/check-mk-agent.msi
ignore_errors: true
- name: Firewall rule to allow check_mk_agent on TCP port 6556
win_firewall_rule:
name: check_mk_agent
enabled: true
state: present
localport: 6556
action: allow
direction: in
protocol: tcp

0
tasks/downloads/http/.gitkeep Normal file
View File

53
tasks/downloads/samba/main.yml Normal file
View File

@@ -0,0 +1,53 @@
---
# These tasks will ensure the control node has the correct packages
# for talking Samba. And then download the required package files.
# Note: This is only to pull them to the control node.
#
# Still needs to be pushed to the guest
- name: Ensure Samba-related packages are installed.
package:
name: '{{ item }}'
state: present
become: true
with_items: [samba-client, cifs-utils]
delegate_to: localhost
- name: Ensure download path is present
file:
path: /tmp/dls
state: directory
delegate_to: localhost
- name: Set Facts
set_fact:
cmk_download_new: "{{ (cmk_download_path + '/' + cmk_installer) | reslash }}"
- name: Some Vars for debuggery
vars:
msg: |
CMK Download Path: {{ cmk_download_path }}
CMK Download Full: {{ cmk_download_new }}
CMK Installer: {{ cmk_installer }}
Username: {{ cmk_smb_username }}
Password: {{ cmk_smb_password }}
debug:
msg: "{{ msg.split('\n') }}"
when: cmk_debug
- name: Copy archive from samba_share. (No-Log)
command: >
smbget 'smb:{{ (cmk_download_path + '/' + cmk_installer) | reslash }}' -U
'{{ cmk_smb_username }}%{{ cmk_smb_password }}'
args:
chdir: /tmp/dls
creates: /tmp/dls/{{ cmk_installer }}
warn: false # Don't warn of other modules. I want to use smbget ;)
no_log: true # Turn off logging due to password exposure
when: not cmk_debug | bool
delegate_to: localhost
- name: Copy archive from samba_share. (Debug)
command: >
smbget 'smb:{{ (cmk_download_path + '/' + cmk_installer) | reslash }}' -U '{{ cmk_smb_username | trim }}%{{ cmk_smb_password | trim }}
args:
chdir: /tmp/dls
creates: /tmp/dls/{{ cmk_installer }}
warn: false # Don't warn of other modules. I want to use smbget ;)
no_log: false # Turn off logging due to password exposure
when: cmk_debug | bool
delegate_to: localhost

62
tasks/host-configure.yml Normal file
View File

@@ -0,0 +1,62 @@
---
- name: cmk_discovery
uri:
method: POST
url: '{{ cmk_omd_protocol }}://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=discover_services&mode=refresh{{
cmk_auth }}'
body: request={"hostname":"{{ instance_name | default(inventory_hostname) }}"}
body_format: raw
status_code: 200
validate_certs: false
follow_redirects: true
become: false
when: cmk_add_host and output.result_code == 0
delegate_to: localhost
tags: cmk_register
- name: cmk_apply
uri:
method: POST
url: '{{ cmk_omd_protocol }}://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=activate_changes&mode=specific{{
cmk_auth }}'
body: request={"sites":["{{ cmk_omd_site }}"]}
body_format: raw
status_code: 200
validate_certs: false
follow_redirects: true
become: false
run_once: true
when: cmk_add_host and output.result_code == 0
delegate_to: localhost
tags: cmk_register
- name: Wait some time
pause:
seconds: 10
- name: cmk_discovery x 2
uri:
method: POST
url: '{{ cmk_omd_protocol }}://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=discover_services&mode=refresh{{
cmk_auth }}'
body: request={"hostname":"{{ instance_name | default(inventory_hostname) }}"}
body_format: raw
status_code: 200
validate_certs: false
follow_redirects: true
become: false
when: cmk_add_host and output.result_code == 0
delegate_to: localhost
tags: cmk_register
- name: cmk_apply
uri:
method: POST
url: '{{ cmk_omd_protocol }}://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=activate_changes&mode=specific{{
cmk_auth }}'
body: request={"sites":["{{ cmk_omd_site }}"]}
body_format: raw
status_code: 200
validate_certs: false
follow_redirects: true
become: false
run_once: true
when: cmk_add_host and output.result_code == 0
delegate_to: localhost
tags: cmk_register

34
tasks/host-management.yml Normal file
View File

@@ -0,0 +1,34 @@
---
- name: Retrieve checkmk version
uri:
method: GET
headers:
Authorization: Bearer {{ cmk_username }} {{ cmk_secret }}
Accept: application/json
url: '{{ cmk_omd_protocol }}://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/api/1.0/version'
return_content: true
register: cmk_output
- name: Set facts # noqa jinja[spacing]
set_fact:
cmk_major: "{{ cmk_output.json.versions.checkmk | regex_search('(?P<major>\\\
d+)\\.(?P<minor>\\d+).(?P<patch>[\\d\\w]+).(?P<edition>[\\d\\w]+)','\\g<major>') | first | int }}"
cmk_minor: "{{ cmk_output.json.versions.checkmk |regex_search('(?P<major>\\\
d+)\\.(?P<minor>\\d+).(?P<patch>[\\d\\w]+).(?P<edition>[\\d\\w]+)', '\\g<minor>') | first |int }}"
cmk_patch: "{{ cmk_output.json.versions.checkmk | regex_search('(?P<major>\\\
d+)\\.(?P<minor>\\d+).(?P<patch>[\\d\\w]+).(?P<edition>\\w+)', '\\g<patch>') | first }}"
cmk_edition: "{{ cmk_output.json.versions.checkmk | regex_search('(?P<major>\\\
d+)\\.(?P<minor>\\d+).(?P<patch>[\\d\\w]+).(?P<edition>\\w+)','\\g<edition>') | first }}"
- name: Output vars
debug:
var: '{{ item }}'
with_items: [cmk_major, cmk_minor, cmk_patch, cmk_edition]
- include_tasks: host-management/legacy.yml
when: >
cmk_add_host and
(cmk_major | int <= 2 and
cmk_minor | int < 2 or cmk_force_install)
- include_tasks: host-management/modern.yml
when: >-
cmk_add_host and
(cmk_major | int >= 2 and
cmk_minor | int >= 2 or cmk_force_install)

52
tasks/host-management/legacy.yml Normal file
View File

@@ -0,0 +1,52 @@
---
- name: add host to omd (legacy)
uri:
method: POST
url: '{{ cmk_omd_protocol }}://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=add_host{{
cmk_auth }}'
body: |
request={
"attributes": {
"tag_criticality": "prod",
"tag_agent": "cmk-agent",
"ipaddress": "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
},
"folder": "{{ cmk_folder | default('Unsorted') }}",
"hostname": "{{ inventory_hostname | upper }}"
}
body_format: raw
return_content: true
register: res
become: false
delegate_to: localhost
when: >
cmk_add_host
- name: Parse result
set_fact:
output: '{{ res.content | from_json }}'
when: cmk_add_host
- name: cmk_discovery (legacy)
uri:
method: POST
url: '{{ cmk_omd_protocol }}://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=discover_services&mode=refresh{{
cmk_auth }}'
body: request={"hostname":"{{ inventory_hostname }}"}
body_format: raw
status_code: 200
become: false
when: >
cmk_add_host and output.result_code == 0 or cmk_force_install
delegate_to: localhost
- name: cmk_apply (legacy)
uri:
method: POST
url: '{{ cmk_omd_protocol }}://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/webapi.py?action=activate_changes&mode=specific{{
cmk_auth }}'
body: request={"sites":["{{ cmk_omd_site }}"]}
body_format: raw
status_code: 200
become: false
run_once: true
when: >
output.result_code == 0 or cmk_force_install
delegate_to: localhost

115
tasks/host-management/modern.yml Normal file
View File

@@ -0,0 +1,115 @@
---
- name: add host to omd (new)
uri:
method: POST
headers:
Authorization: Bearer {{ cmk_username }} {{ cmk_secret }}
Accept: application/json
url: '{{ cmk_omd_protocol }}://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/api/1.0/domain-types/host_config/collections/all'
body:
folder: "{{ cmk_folder | default('~Unsorted') }}"
host_name: '{{ inventory_hostname | upper }}'
attributes:
tag_criticality: prod
tag_agent: cmk-agent
ipaddress: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
body_format: json
return_content: true
status_code: [200, 400]
register: res
become: false
delegate_to: localhost
when: >
cmk_add_host and cmk_major | int >= 2 and cmk_minor | int >= 2
- name: Parse result
set_fact:
output: '{{ res.content | from_json }}'
when: cmk_add_host
- name: Host exists fetch etag (new) # noqa command-instead-of-module
shell: |
curl \
-G \
-i \
--request GET \
--write-out "\nxxx-status_code=%{http_code}\n" \
--header "Authorization: Bearer {{ cmk_username }} {{ cmk_secret }}" \
--header "Accept: application/json" \
"{{ cmk_omd_protocol }}://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/api/v0/objects/host_config/{{ inventory_hostname | upper }}"
register: res
become: false
delegate_to: localhost
when: >
cmk_add_host and (cmk_major | int >= 2 and cmk_minor | int >= 2) and
(output.status == 400 and output.fields.host_name | first | regex_search('already
exists.$'))
- debug:
var: res
- name: Unpick response
set_fact:
etag: "{{ res.stdout | regex_search('.*etag:.\"(?P<etag>.+)\".*', '\\g<etag>') | first }}"
when: >
cmk_add_host and (cmk_major | int >= 2 and cmk_minor | int >= 2) and
(output.status == 400 and output.fields.host_name | first | regex_search('already
exists.$'))
- name: Update host as already exists? (new)
uri:
method: PUT
headers:
Authorization: Bearer {{ cmk_username }} {{ cmk_secret }}
Accept: application/json
If-Match: '{{ etag }}'
url: '{{ cmk_omd_protocol }}://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/api/v0/objects/host_config/{{
inventory_hostname | upper }}'
body:
update_attributes:
ipaddress: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
body_format: json
return_content: true
status_code: [200]
register: res
become: false
delegate_to: localhost
when: >
cmk_add_host and (cmk_major | int >= 2 and cmk_minor | int >= 2) and
(output.status == 400 and output.fields.host_name | first | regex_search('already
exists.$'))
- name: Parse result
set_fact:
output: '{{ res.content | from_json }}'
when: cmk_add_host
- name: cmk_discovery (new)
uri:
method: POST
headers:
Authorization: Bearer {{ cmk_username }} {{ cmk_secret }}
Accept: application/json
url: '{{ cmk_omd_protocol }}://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/api/1.0/domain-types/service_discovery_run/actions/start/invoke'
body:
host_name: '{{ inventory_hostname | upper }}'
mode: refresh
body_format: json
status_code: [200, 302]
become: false
when: >
cmk_add_host and cmk_major | int >= 2 and
cmk_minor | int >= 2 or
cmk_force_install
delegate_to: localhost
- name: cmk_apply (new)
uri:
method: POST
headers:
Authorization: Bearer {{ cmk_username }} {{ cmk_secret }}
Accept: application/json
url: '{{ cmk_omd_protocol }}://{{ cmk_omd_host }}/{{ cmk_omd_site }}/check_mk/api/1.0/domain-types/activation_run/actions/activate-changes/invoke'
body:
redirect: 'False'
sites: ['{{ cmk_omd_site }}']
force_foreign_changes: 'False'
body_format: json
status_code: 200
become: false
run_once: true
when: >
cmk_add_host and cmk_major | int >= 2 and cmk_minor | int >= 2 and cmk_force_install
delegate_to: localhost

17
tasks/main.yml Normal file
View File

@@ -0,0 +1,17 @@
---
# tasks file for ansible-role-cmk-agent
# Include OS Variables
- include_vars: '{{ ansible_os_family }}.yml'
- include_tasks: '{{ ansible_os_family }}.yml'
- meta: flush_handlers
# Add host to checkmk
- include_tasks: host-management.yml
when: cmk_fresh_install
# Register for automatic agent updates
- include_tasks: '{{ ansible_os_family }}-register.yml'
when: cmk_fresh_install
# Finalize things and collect all available services
- include_tasks: host-configure.yml
when: cmk_fresh_install