Merge pull request #411 from Checkmk/devel

Release 3.1.0

.gitattributes

@@ -1 +1,2 @@
-*.yml linguist-detectable
+*.yml linguist-detectable
+*.cmd text eol=lf

.github/labels-prs.yml

@@ -46,3 +46,6 @@ module:tag_group:
 
 module:user:
   - 'plugins/modules/user.py'
+
+lookup:version:
+  - 'plugins/modules/lookup/version.py'

.github/workflows/labeler.yaml → .github/workflows/label-issues.yaml

@@ -1,20 +1,14 @@
-name: "Labeler"
+name: "Label Issues."
 on:
   issues:
     types: [opened, edited]
-  pull_request_target:
-    paths:
-      - 'plugins/**'
-      - 'roles/**'
 
 permissions:
   contents: read
   issues: write
-  pull-requests: write
 
 jobs:
-
-  issues:
+  label:
     runs-on: ubuntu-latest
     steps:
     - name: "Label Issues."
@@ -25,12 +19,3 @@ jobs:
         repo-token: ${{ github.token }}
         enable-versioned-regex: 0
         sync-labels: 0
-
-  pulls:
-    runs-on: ubuntu-latest
-    steps:
-    - name: "Label Pull Requests."
-      uses: actions/labeler@v4
-      with:
-        configuration-path: .github/labels-prs.yml
-        sync-labels: 0

.github/workflows/label-pulls.yaml

@@ -0,0 +1,20 @@
+name: "Label Pull Requests."
+on:
+  pull_request_target:
+    paths:
+      - 'plugins/**'
+      - 'roles/**'
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  label:
+    runs-on: ubuntu-latest
+    steps:
+    - name: "Label Pull Requests."
+      uses: actions/labeler@v4
+      with:
+        configuration-path: .github/labels-prs.yml
+        sync-labels: 0

.github/workflows/molecule-role-agent.yaml

@@ -75,6 +75,6 @@ jobs:
       - name: "Run Molecule."
         run: |
           cd roles/agent/
-          ln -s ../../requirements.yml requirements.yml
+          # ln -s ../../requirements.yml requirements.yml
           molecule test -s ${{ matrix.checkmk }}
         working-directory: ./ansible_collections/${{env.NAMESPACE}}/${{env.COLLECTION_NAME}}

.github/workflows/molecule-role-server.yaml

@@ -75,6 +75,6 @@ jobs:
       - name: "Run Molecule."
         run: |
           cd roles/server/
-          ln -s ../../requirements.yml requirements.yml
+          # ln -s ../../requirements.yml requirements.yml
           molecule test -s ${{ matrix.checkmk }}
         working-directory: ./ansible_collections/${{env.NAMESPACE}}/${{env.COLLECTION_NAME}}

CODEOWNERS

@@ -2,8 +2,12 @@
 /tests/ @robin-checkmk
 /roles/ @robin-checkmk
 /playbooks/ @robin-checkmk
+/plugins/lookup/version.py @lgetwan
 /plugins/modules/ @lgetwan
 /plugins/module_utils/ @godspeed-you
 /plugins/modules/user.py @lgetwan
 /plugins/modules/bakery.py @Max-checkmk
-/plugins/modules/password.py @Max-checkmk
+/plugins/modules/password.py @Max-checkmk
+/roles/agent/tasks/Windows.yml @Max-checkmk
+/roles/agent/vars/Windows.yml @Max-checkmk
+/roles/agent/tasks/Win32NT.yml @Max-checkmk

CONTRIBUTING.md

@@ -124,11 +124,11 @@ You can also run a subset by mentioning them as follows. See `tests/integration/
     ansible-test integration $TEST_CASE --docker
 
 ### Molecule
-To test our roles, we use [Molecule](https://www.jeffgeerling.com/blog/2018/testing-your-ansible-roles-molecule). It can be installed using the `requirements.txt`in this project or manually. The tests are crafted by the maintainers of this project to reflect real world scenarios a role would be used in. To run the tests, you need to navigate to the role directory and choose a scenario. At the time of writing those are named after the supported Checkmk versions: `2.0.0`and `2.1.0`.
+To test our roles, we use [Molecule](https://www.jeffgeerling.com/blog/2018/testing-your-ansible-roles-molecule). It can be installed using the `requirements.txt`in this project or manually. The tests are crafted by the maintainers of this project to reflect real world scenarios a role would be used in. To run the tests, you need to navigate to the role directory and choose a scenario. At the time of writing those are named after the supported Checkmk versions: `2.1.0`and `2.2.0`.
 
     cd roles/server/
-    molecule test -s 2.0.0
     molecule test -s 2.1.0
+    molecule test -s 2.2.0
 
 ### Unit
 There are currently no unit tests.

SUPPORT.md

@@ -36,3 +36,4 @@ Collection Version | Checkmk Versions | Ansible Versions | Remarks
 2.4.0 | 2.0.0p37, 2.1.0p31, 2.2.0p7 | 2.13, 2.14, 2.15 | None
 2.4.1 | 2.0.0p37, 2.1.0p31, 2.2.0p7 | 2.13, 2.14, 2.15 | None
 3.0.0 | 2.0.0p38, 2.1.0p32, 2.2.0p7 | 2.13, 2.14, 2.15 | Breaking changes to the following modules: `folder`, `host`, `host_group`, `rule`.
+3.1.0 | 2.0.0p38, 2.1.0p32, 2.2.0p7 | 2.13, 2.14, 2.15 | None

Vagrantfile

@@ -171,4 +171,20 @@ Vagrant.configure("2") do |config|
       inline: "dnf --quiet check-update ; dnf -y install vim curl wget git"
   end
 
+  # Windows
+  config.vm.define "ansidows", autostart: false , primary: false do |srv|
+    srv.vm.box = "gusztavvargadr/windows-server-2019-standard"
+    srv.vm.network "private_network", ip: "192.168.56.67"
+    srv.vm.communicator = "winrm"
+    srv.vm.hostname = "ansidows"
+    srv.vm.provider "virtualbox" do |srv|
+      srv.name = 'ansidows'
+      srv.memory = 4096
+      srv.cpus = 2
+      srv.gui = false
+    end
+    srv.vm.provision "shell",
+      inline: "powershell Set-NetFirewallRule -name 'FPS-ICMP4-ERQ-In*' -Enabled true"
+  end
+
 end

changelogs/fragments/discovery.yml

@@ -0,0 +1,2 @@
+minor_changes:
+  - Discovery module - Add handling for 409 response.

changelogs/fragments/lookup.yml

@@ -0,0 +1,2 @@
+major_changes:
+  - Version lookup plugin - Add Version lookup plugin.

changelogs/fragments/release_summary.yml

@@ -0,0 +1 @@
+release_summary: "It is summer and you want to look outside, so we added Windows."

changelogs/fragments/windows.yml

@@ -0,0 +1,2 @@
+major_changes:
+  - Agent role - Add support for Windows.

galaxy.yml

@@ -10,7 +10,7 @@ name: general
 
 # The version of the collection. Must be compatible with semantic versioning
 
-version: 3.0.0
+version: 3.1.0
 
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md
@@ -37,7 +37,7 @@ license_file: LICENSE
 
 # A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character
 # requirements as 'namespace' and 'name'
-tags: [checkmk, monitoring, check_mk, check, discovery, ubuntu, debian, sles, rhel]
+tags: [checkmk, monitoring, check_mk, check, discovery, ubuntu, debian, sles, rhel, rocky, rockylinux, oraclelinux, windows]
 
 # Collections that this collection requires to be installed for it to be usable. The key of the dict is the
 # collection label 'namespace.name'. The value is a version range

playbooks/demo/full.yml

@@ -1,4 +1,6 @@
 ---
+- name: "Lookup."
+  ansible.builtin.import_playbook: lookup.yml
 - name: "Hosts and Folders."
   ansible.builtin.import_playbook: hosts-and-folders.yml
 - name: "Groups."

playbooks/demo/lookup.yml

@@ -0,0 +1,22 @@
+---
+- name: "Showcase Lookup Plugins."
+  hosts: test
+  strategy: linear
+  gather_facts: false
+  vars_files:
+    - ../vars/auth.yml      # This vars file provides details about your site
+
+  tasks:
+
+    - name: "Get Checkmk version."
+      ansible.builtin.debug:
+        msg: "Version is {{ version }}"
+      vars:
+        version: "{{ lookup('checkmk.general.version',
+                       server_url + '/' + site,
+                       validate_certs=False,
+                       automation_user=automation_user,
+                       automation_secret=automation_secret)
+                  }}"
+      delegate_to: localhost
+      run_once: true  # noqa run-once[task]

playbooks/hosts

@@ -5,13 +5,26 @@ test3.tld checkmk_folder_path="/bar"
 test4.tld checkmk_folder_path="/" 
 test5.tld checkmk_folder_path="/foo/bar" 
 
-[vagrant]
+[linux]
 ansibuntu ansible_host=192.168.56.61 checkmk_folder_path="/test"
 debsible ansible_host=192.168.56.62 checkmk_folder_path="/foo"
 anstream ansible_host=192.168.56.63 checkmk_folder_path="foo/bar"
 ansuse ansible_host=192.168.56.64 checkmk_folder_path="/bar"
 ansles ansible_host=192.168.56.65 checkmk_folder_path="/bar/foo"
 ansoracle ansible_host=192.168.56.66 checkmk_folder_path="/foo"
 
+[windows]
+ansidows ansible_host=192.168.56.67 checkmk_folder_path="/"
+
+[windows:vars]
+ansible_shell_type = cmd
+ansible_winrm_scheme = http
+ansible_winrm_transport = basic
+ansible_winrm_server_cert_validation = ignore
+
+[vagrant:children]
+linux
+windows
+
 [vagrant:vars]
 ansible_user=vagrant

playbooks/usecases/remote-registration.yml

@@ -9,7 +9,7 @@
   vars:
     # Basic server and authentication information.
     # You have to provide the distributed setup yourself.
-    checkmk_agent_version: "2.1.0p19"
+    checkmk_agent_version: "2.2.0p7"
     checkmk_agent_edition: "cre"
     checkmk_agent_user: "cmkadmin"
     checkmk_agent_pass: "password"

plugins/lookup/version.py

@@ -0,0 +1,110 @@
+# Copyright: (c) 2023, Lars Getwan <[email protected]>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+DOCUMENTATION = """
+    name: version
+    author: Lars Getwan (@lgetwan)
+    version_added: "3.1.0"
+    short_description: Get the version of a Checkmk server
+    description:
+      - Returns the version of a Checkmk server as a string, e.g. '2.1.0p31.cre'
+    options:
+      _terms:
+        description: site url
+        required: True
+      automation_user:
+        description: automation user for the REST API access
+        required: True
+      automation_secret:
+        description: automation secret for the REST API access
+        required: True
+      validate_certs:
+        description: Wether or not to validate TLS cerificates
+        type: boolean
+        required: False
+        default: True
+"""
+
+EXAMPLES = """
+- name: "Show Checkmk version"
+  debug:
+    msg: "Server version is {{ version }}"
+  vars:
+    version: "{{ lookup('checkmk.general.version',
+                   server_url + '/' + site,
+                   validate_certs=False,
+                   automation_user=automation_user,
+                   automation_secret=automation_secret
+               )}}"
+"""
+
+RETURN = """
+  _list:
+    description:
+      - server Checkmk version
+    type: list
+    elements: str
+"""
+
+import json
+from urllib.error import HTTPError, URLError
+
+from ansible.errors import AnsibleError
+from ansible.module_utils.common.text.converters import to_native, to_text
+from ansible.module_utils.urls import ConnectionError, SSLValidationError, open_url
+from ansible.plugins.lookup import LookupBase
+
+
+class LookupModule(LookupBase):
+    def run(self, terms, variables, **kwargs):
+
+        self.set_options(var_options=variables, direct=kwargs)
+        user = self.get_option("automation_user")
+        secret = self.get_option("automation_secret")
+        validate_certs = self.get_option("validate_certs")
+
+        ret = []
+        for term in terms:
+            base_url = term + "/check_mk/api/1.0"
+            api_endpoint = "/version"
+            url = base_url + api_endpoint
+
+            headers = {
+                "Accept": "application/json",
+                "Content-Type": "application/json",
+                "Authorization": "Bearer %s %s" % (user, secret),
+            }
+
+            try:
+                response = open_url(
+                    url,
+                    data=None,
+                    headers=headers,
+                    method="GET",
+                    validate_certs=validate_certs,
+                )
+
+            except HTTPError as e:
+                raise AnsibleError(
+                    "Received HTTP error for %s : %s" % (url, to_native(e))
+                )
+            except URLError as e:
+                raise AnsibleError(
+                    "Failed lookup url for %s : %s" % (url, to_native(e))
+                )
+            except SSLValidationError as e:
+                raise AnsibleError(
+                    "Error validating the server's certificate for %s: %s"
+                    % (url, to_native(e))
+                )
+            except ConnectionError as e:
+                raise AnsibleError("Error connecting to %s: %s" % (url, to_native(e)))
+
+            checkmkinfo = json.loads(to_text(response.read()))
+            ret.append(checkmkinfo.get("versions").get("checkmk"))
+
+        return ret

plugins/modules/discovery.py

@@ -129,6 +129,7 @@
     403: (False, True, "Forbidden: Configuration via WATO is disabled."),
     404: (False, True, "Not Found: Host could not be found."),
     406: (False, True, "Not Acceptable."),
+    409: (False, False, "Conflict: A discovery background job is already running"),
     415: (False, True, "Unsupported Media Type."),
     500: (False, True, "General Server Error."),
 }
@@ -153,7 +154,7 @@
     400: (False, True, "Bad Request."),
     403: (False, True, "Forbidden: Configuration via WATO is disabled."),
     406: (False, True, "Not Acceptable."),
-    409: (False, True, "Conflict: A bulk discovery job is already active"),
+    409: (False, False, "Conflict: A bulk discovery job is already active"),
     415: (False, True, "Unsupported Media Type."),
     500: (False, True, "General Server Error."),
 }
@@ -352,6 +353,18 @@ def run_module():
 
     result = discovery.post()
 
+    # In case the API returns 409 (discovery running) we wait and try again.
+    # This can happen as example in versions where the endpoint doesn't respond with the correct redirect.
+    while (single_mode and result.http_code == 409) or (
+        len(module.params.get("hosts", [])) > 0 and result.http_code == 409
+    ):
+        if single_mode:
+            time.sleep(1)
+        else:
+            time.sleep(10)
+
+        result = discovery.post()
+
     # If single_mode and the API returns 302, check the service completion endpoint
     # If not single_mode and the API returns 200, check the service completion endpoint
     if (single_mode and result.http_code == 302) or (

requirements.txt

@@ -5,4 +5,5 @@ ansible-lint
 jinja2
 molecule >= 5.0.1
 molecule-plugins[docker]
-yamllint
+yamllint
+pywinrm