From 155378fa24ebf949736b1dba455254b5fcf9fc72 Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Wed, 21 Sep 2022 16:16:05 +0200 Subject: [PATCH 001/146] WIP: Add Windows files. --- roles/agent/tasks/Windows.yml | 25 +++++++++++++++++++++++++ roles/agent/vars/Windows.yml | 10 ++++++++++ 2 files changed, 35 insertions(+) create mode 100644 roles/agent/tasks/Windows.yml create mode 100644 roles/agent/vars/Windows.yml diff --git a/roles/agent/tasks/Windows.yml b/roles/agent/tasks/Windows.yml new file mode 100644 index 000000000..655a42bbe --- /dev/null +++ b/roles/agent/tasks/Windows.yml @@ -0,0 +1,25 @@ +--- +# Install Check_MK Agent on Windows + +- name: Get current agent version + ansible.builtin.win_shell: | + $checkmk = "C:\Program Files (x86)\check_mk\check_mk_agent.exe" + If (Test-Path $checkmk) { + (Get-Item $checkmk).VersionInfo.ProductVersion + } Else { + "No agent installed"} + register: checkmk_agent_agent_version + changed_when: checkmk_agent_agent_version.stdout_lines[0] != checkmk_agent_version + +- name: Download agent -> {{ checkmk_agent_agent.url }} + ansible.builtin.win_get_url: + url: "{{ checkmk_agent_agent.url }}" + dest: "{{ checkmk_agent_host_tmp_dir }}" + when: checkmk_agent_agent_version.changed + +- name: "Install Checkmk Agent." + ansible.builtin.win_package: + path: "{{ checkmk_agent_agent.file }}" + state: present + wait: true + when: checkmk_agent_agent_version.changed diff --git a/roles/agent/vars/Windows.yml b/roles/agent/vars/Windows.yml new file mode 100644 index 000000000..b488a71ca --- /dev/null +++ b/roles/agent/vars/Windows.yml @@ -0,0 +1,10 @@ +--- +checkmk_agent_host_tmp_dir: "C:\\Temp" + +checkmk_agent_agent: + url: + cre: "{{ checkmk_agent_site_url }}/check_mk/agents/windows/check_mk_agent.msi" + cee: "{{ checkmk_agent_site_url }}/check_mk/agents/windows/check_mk_agent.msi" + file: + cre: "{{ checkmk_agent_host_tmp_dir }}\\check_mk_agent.msi" + cee: "{{ checkmk_agent_host_tmp_dir }}\\check_mk_agent.msi" From 7c1a39df2058146880fee13beb5047075002aff0 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Fri, 14 Oct 2022 17:55:41 +0200 Subject: [PATCH 002/146] Add and change files of agent role Split task main.yml for [Linux|Win32NT].yml (ansible_system) and Windows.yml (ansible_os_family) --- roles/agent/README.md | 19 +++--- roles/agent/defaults/main.yml | 2 +- roles/agent/meta/main.yml | 3 + roles/agent/tasks/Debian.yml | 31 ++++++---- roles/agent/tasks/Linux.yml | 68 ++++++++++++++++++++++ roles/agent/tasks/RedHat.yml | 33 +++++++---- roles/agent/tasks/Suse.yml | 33 +++++++---- roles/agent/tasks/Win32NT.yml | 16 +++++ roles/agent/tasks/Windows.yml | 26 ++++++--- roles/agent/tasks/legacy.yml | 4 +- roles/agent/tasks/main.yml | 106 ++++------------------------------ roles/agent/vars/Windows.yml | 3 +- roles/agent/vars/main.yml | 2 + 13 files changed, 195 insertions(+), 151 deletions(-) create mode 100644 roles/agent/tasks/Linux.yml create mode 100644 roles/agent/tasks/Win32NT.yml diff --git a/roles/agent/README.md b/roles/agent/README.md index fe22d3a63..389ebcdbd 100644 --- a/roles/agent/README.md +++ b/roles/agent/README.md @@ -12,14 +12,19 @@ None. - checkmk_agent_version: "2.1.0p1" + checkmk_agent_version: "2.1.0p13" The Checkmk version of your site. checkmk_agent_edition: cre -The edition you are using. Valid values are `cre` and `cee`. -Note, that `cee` is not implemented yet. +The edition you are using. Valid values are `cre`, `cfe`, `cee` and `cme`. +- `cre`: Raw Edition, fully open source. +- `cfe`: Free Edition, enterprise features, but limited hosts. +- `cee`: Enterprise Edition, full enterprise features. +- `cme`: Managed Edition, for service providers. + +For details about the editions see: https://checkmk.com/product/editions checkmk_agent_protocol: http @@ -47,13 +52,13 @@ The user used to authenticate against your Checkmk site. checkmk_agent_pass: "{{ automation_secret }}" -The password for the normal user used to authenticate against your Checkmk site. -This is mutually exclusive with `checkmk_agent_secret`! +The password for the normal user used to authenticate against your Checkmk site. +This is mutually exclusive with `checkmk_agent_secret`. checkmk_agent_secret: "{{ automation_secret }}" -The secret for the automation user used to authenticate against your Checkmk site. -This is mutually exclusive with `checkmk_agent_pass`! +The secret for the automation user used to authenticate against your Checkmk site. +This is mutually exclusive with `checkmk_agent_pass`. checkmk_agent_add_host: 'false' diff --git a/roles/agent/defaults/main.yml b/roles/agent/defaults/main.yml index ee24e7cf5..ff51c5b4a 100644 --- a/roles/agent/defaults/main.yml +++ b/roles/agent/defaults/main.yml @@ -1,5 +1,5 @@ --- -checkmk_agent_version: "2.1.0p11" +checkmk_agent_version: "2.1.0p13" checkmk_agent_edition: cre checkmk_agent_protocol: http checkmk_agent_server: localhost diff --git a/roles/agent/meta/main.yml b/roles/agent/meta/main.yml index 1906ddc38..7126e0eb2 100644 --- a/roles/agent/meta/main.yml +++ b/roles/agent/meta/main.yml @@ -46,6 +46,9 @@ galaxy_info: - name: SLES versions: - all + - name: Windows + versions: + - all galaxy_tags: [tribe29, checkmk, monitoring, agent] # List tags for your role here, one per line. A tag is a keyword that describes diff --git a/roles/agent/tasks/Debian.yml b/roles/agent/tasks/Debian.yml index 1655b1ab6..49c73b3b3 100644 --- a/roles/agent/tasks/Debian.yml +++ b/roles/agent/tasks/Debian.yml @@ -1,14 +1,17 @@ --- -- name: "Debian Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?host_name={{ inventory_hostname }}&os_type=linux_deb&agent_type=host_name" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" dest: "{{ checkmk_agent_agent.file.host }}" method: GET headers: - Authorization: "Bearer {{ checkmk_agent_user }} {{ checkmk_agent_pass }}" + Authorization: "Bearer {{ checkmk_agent_user }} {{ checkmk_agent_auth }}" Accept: "application/octet-stream" - when: checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" + when: | + checkmk_agent_edition == "cee" or + checkmk_agent_edition == "cfe" or + checkmk_agent_edition == "cme" register: checkmk_agent_download_state # This task may fail, as we fall back to the generic agent in that case failed_when: 'false' @@ -16,47 +19,53 @@ tags: - download-package -- name: "Debian Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.apt: deb: "{{ checkmk_agent_agent.file.host }}" force: "{{ checkmk_agent_force_install | bool }}" state: present when: | - (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe") + (checkmk_agent_edition == "cee" or + checkmk_agent_edition == "cfe" or + checkmk_agent_edition == "cme") and checkmk_agent_download_state.status == 200 tags: - install-package -- name: "Debian Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?os_type=linux_deb&agent_type=generic" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" dest: "{{ checkmk_agent_agent.file.cee }}" method: GET headers: - Authorization: "Bearer {{ checkmk_agent_user }} {{ checkmk_agent_pass }}" + Authorization: "Bearer {{ checkmk_agent_user }} {{ checkmk_agent_auth }}" Accept: "application/octet-stream" when: | - (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe") + (checkmk_agent_edition == "cee" or + checkmk_agent_edition == "cfe" or + checkmk_agent_edition == "cme") and checkmk_agent_download_state.status != 200 retries: 3 tags: - download-package -- name: "Debian Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.apt: deb: "{{ checkmk_agent_agent.file.cee }}" force: "{{ checkmk_agent_force_install | bool }}" state: present when: | - (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe") + (checkmk_agent_edition == "cee" or + checkmk_agent_edition == "cfe" or + checkmk_agent_edition == "cme") and checkmk_agent_download_state.status != 200 tags: - install-package -- name: "Debian Derivates: Install Checkmk CRE Agent." +- name: "({{ansible_os_family}}) Derivates: Install Checkmk CRE Agent." become: true ansible.builtin.apt: deb: "{{ checkmk_agent_agent.file.cre }}" diff --git a/roles/agent/tasks/Linux.yml b/roles/agent/tasks/Linux.yml new file mode 100644 index 000000000..ee965391f --- /dev/null +++ b/roles/agent/tasks/Linux.yml @@ -0,0 +1,68 @@ +--- +- name: "({{ansible_system}}): Get RPM or APT package facts." + ansible.builtin.package_facts: + manager: "auto" + tags: + - get-package-facts + +- name: "({{ansible_system}}): Import Legacy agent tasks." + ansible.builtin.include_tasks: "legacy.yml" + when: | + checkmk_agent_prep_legacy | bool + and ansible_facts.packages['systemd'][0]['version'] | regex_search('\d{1,}') | int < 220 + +- name: "({{ansible_system}}): Download Checkmk CRE agent." + ansible.builtin.get_url: + url: "{{ checkmk_agent_agent.url.cre }}" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" + dest: "{{ checkmk_agent_agent.file.cre }}" + mode: 0640 + when: checkmk_agent_edition == "cre" + retries: 3 + tags: + - download-package + +- name: "({{ansible_os_family}}): Run OS Family specific tasks." + ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" + tags: + - include-os-family-tasks + +- name: "({{ansible_system}}): Check for Agent Updater Binary." + ansible.builtin.stat: + path: /usr/bin/cmk-update-agent + register: checkmk_agent_updater_binary + +- name: "({{ansible_system}}): Check for Agent Controller Binary." + ansible.builtin.stat: + path: /usr/bin/cmk-agent-ctl + register: checkmk_agent_controller_binary + +- name: "({{ansible_system}}): Register Agent for automatic Updates using User Password." + become: true + ansible.builtin.shell: | + cmk-update-agent register -H {{ checkmk_agent_host_name }} \ + -s {{ checkmk_agent_server }} -i {{ checkmk_agent_site }} -p {{ checkmk_agent_protocol }} \ + -U {{ checkmk_agent_user }} -P {{ checkmk_agent_auth }} + register: checkmk_agent_update_state + when: + (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme") and checkmk_agent_updater_binary.stat.exists and checkmk_agent_update and (checkmk_agent_pass is defined and checkmk_agent_pass) and (checkmk_agent_secret is not defined) + +- name: "({{ansible_system}}): Register Agent for automatic Updates using Automation Secret." + become: true + ansible.builtin.shell: | + cmk-update-agent register -H {{ checkmk_agent_host_name }} \ + -s {{ checkmk_agent_server }} -i {{ checkmk_agent_site }} -p {{ checkmk_agent_protocol }} \ + -U {{ checkmk_agent_user }} -S {{ checkmk_agent_auth }} + register: checkmk_agent_update_state + when: + (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme") and checkmk_agent_updater_binary.stat.exists and checkmk_agent_update and (checkmk_agent_secret is defined and checkmk_agent_secret) + +- name: "({{ansible_system}}): Register Agent for TLS." + become: true + ansible.builtin.shell: | + cmk-agent-ctl register -H {{ checkmk_agent_host_name }} \ + -s {{ checkmk_agent_server }} -i {{ checkmk_agent_site }} \ + -U {{ checkmk_agent_user }} -P {{ checkmk_agent_auth }} --trust-cert + register: checkmk_agent_tls_state + when: + (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme") and checkmk_agent_controller_binary.stat.exists and checkmk_agent_tls and (checkmk_agent_auth is defined and checkmk_agent_auth) diff --git a/roles/agent/tasks/RedHat.yml b/roles/agent/tasks/RedHat.yml index 17f5338e2..45953b052 100644 --- a/roles/agent/tasks/RedHat.yml +++ b/roles/agent/tasks/RedHat.yml @@ -1,14 +1,17 @@ --- -- name: "RedHat Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?host_name={{ inventory_hostname }}&os_type=linux_rpm&agent_type=host_name" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" dest: "{{ checkmk_agent_agent.file.host }}" method: GET headers: - Authorization: "Bearer {{ checkmk_agent_user }} {{ checkmk_agent_pass }}" + Authorization: "Bearer {{ checkmk_agent_user }} {{ checkmk_agent_auth }}" Accept: "application/octet-stream" - when: checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" + when: | + checkmk_agent_edition == "cee" or + checkmk_agent_edition == "cfe" or + checkmk_agent_edition == "cme" register: checkmk_agent_download_state # This task may fail, as we fall back to the generic agent in that case failed_when: 'false' @@ -16,35 +19,39 @@ tags: - download-package -- name: "RedHat Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.yum: name: "{{ checkmk_agent_agent.file.host }}" state: present disable_gpg_check: true when: | - (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe") + (checkmk_agent_edition == "cee" or + checkmk_agent_edition == "cfe" or + checkmk_agent_edition == "cme") and checkmk_agent_download_state.status == 200 tags: - install-package -- name: "RedHat Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?os_type=linux_rpm&agent_type=generic" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" dest: "{{ checkmk_agent_agent.file.cee }}" method: GET headers: - Authorization: "Bearer {{ checkmk_agent_user }} {{ checkmk_agent_pass }}" + Authorization: "Bearer {{ checkmk_agent_user }} {{ checkmk_agent_auth }}" Accept: "application/octet-stream" when: | - (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe") + (checkmk_agent_edition == "cee" or + checkmk_agent_edition == "cfe" or + checkmk_agent_edition == "cme") and checkmk_agent_download_state.status != 200 retries: 3 tags: - download-package -- name: "RedHat Derivates: Install Checkmk CRE Agent." +- name: "({{ansible_os_family}}) Derivates: Install Checkmk CRE Agent." become: true ansible.builtin.yum: name: "{{ checkmk_agent_agent.file.cre }}" @@ -54,19 +61,21 @@ tags: - install-package -- name: "RedHat Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.yum: name: "{{ checkmk_agent_agent.file.cee }}" state: present disable_gpg_check: true when: | - (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe") + (checkmk_agent_edition == "cee" or + checkmk_agent_edition == "cfe" or + checkmk_agent_edition == "cme") and checkmk_agent_download_state.status != 200 tags: - install-package -- name: "RedHat Derivates: Install Checkmk CRE Agent." +- name: "({{ansible_os_family}}) Derivates: Install Checkmk CRE Agent." become: true ansible.builtin.yum: name: "{{ checkmk_agent_agent.file.cre }}" diff --git a/roles/agent/tasks/Suse.yml b/roles/agent/tasks/Suse.yml index b286d575b..ed3b89d33 100644 --- a/roles/agent/tasks/Suse.yml +++ b/roles/agent/tasks/Suse.yml @@ -1,14 +1,17 @@ --- -- name: "Suse Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?host_name={{ inventory_hostname }}&os_type=linux_rpm&agent_type=host_name" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" dest: "{{ checkmk_agent_agent.file.host }}" method: GET headers: - Authorization: "Bearer {{ checkmk_agent_user }} {{ checkmk_agent_pass }}" + Authorization: "Bearer {{ checkmk_agent_user }} {{ checkmk_agent_auth }}" Accept: "application/octet-stream" - when: checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" + when: | + checkmk_agent_edition == "cee" or + checkmk_agent_edition == "cfe" or + checkmk_agent_edition == "cme" register: checkmk_agent_download_state # This task may fail, as we fall back to the generic agent in that case failed_when: 'false' @@ -16,7 +19,7 @@ tags: - download-package -- name: "Suse Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.zypper: name: "{{ checkmk_agent_agent.file.host }}" @@ -24,28 +27,32 @@ state: present disable_gpg_check: true when: | - (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe") + (checkmk_agent_edition == "cee" or + checkmk_agent_edition == "cfe" or + checkmk_agent_edition == "cme") and checkmk_agent_download_state.status == 200 tags: - install-package -- name: "Suse Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?os_type=linux_rpm&agent_type=generic" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" dest: "{{ checkmk_agent_agent.file.cee }}" method: GET headers: - Authorization: "Bearer {{ checkmk_agent_user }} {{ checkmk_agent_pass }}" + Authorization: "Bearer {{ checkmk_agent_user }} {{ checkmk_agent_auth }}" Accept: "application/octet-stream" when: | - (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe") + (checkmk_agent_edition == "cee" or + checkmk_agent_edition == "cfe" or + checkmk_agent_edition == "cme") and checkmk_agent_download_state.status != 200 retries: 3 tags: - download-package -- name: "Suse Derivates: Install Checkmk CRE Agent." +- name: "({{ansible_os_family}}) Derivates: Install Checkmk CRE Agent." become: true ansible.builtin.zypper: name: "{{ checkmk_agent_agent.file.cre }}" @@ -56,7 +63,7 @@ tags: - install-package -- name: "Suse Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.zypper: name: "{{ checkmk_agent_agent.file.cee }}" @@ -64,12 +71,14 @@ state: present disable_gpg_check: true when: | - (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe") + (checkmk_agent_edition == "cee" or + checkmk_agent_edition == "cfe" or + checkmk_agent_edition == "cme") and checkmk_agent_download_state.status != 200 tags: - install-package -- name: "Suse Derivates: Install Checkmk CRE Agent." +- name: "({{ansible_os_family}}) Derivates: Install Checkmk CRE Agent." become: true ansible.builtin.zypper: name: "{{ checkmk_agent_agent.file.cre }}" diff --git a/roles/agent/tasks/Win32NT.yml b/roles/agent/tasks/Win32NT.yml new file mode 100644 index 000000000..772b2629e --- /dev/null +++ b/roles/agent/tasks/Win32NT.yml @@ -0,0 +1,16 @@ +--- +- name: "({{ ansible_system }}): Download Checkmk CRE Agent." + ansible.builtin.win_get_url: + url: "{{ checkmk_agent_agent.url.cre }}" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" + dest: "{{ checkmk_agent_agent.file.cre }}" + when: checkmk_agent_edition == "cre" + retries: 3 + tags: + - download-package + +- name: "({{ ansible_os_family }}): Run OS Family specific tasks." + ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" + tags: + - include-os-family-tasks + diff --git a/roles/agent/tasks/Windows.yml b/roles/agent/tasks/Windows.yml index 655a42bbe..d4d48e453 100644 --- a/roles/agent/tasks/Windows.yml +++ b/roles/agent/tasks/Windows.yml @@ -1,9 +1,9 @@ --- # Install Check_MK Agent on Windows -- name: Get current agent version +- name: "({{ ansible_os_family }}): Get current Checkmk agent version." ansible.builtin.win_shell: | - $checkmk = "C:\Program Files (x86)\check_mk\check_mk_agent.exe" + $checkmk = "C:\Program Files (x86)\checkmk\service\check_mk_agent.exe" If (Test-Path $checkmk) { (Get-Item $checkmk).VersionInfo.ProductVersion } Else { @@ -11,15 +11,23 @@ register: checkmk_agent_agent_version changed_when: checkmk_agent_agent_version.stdout_lines[0] != checkmk_agent_version -- name: Download agent -> {{ checkmk_agent_agent.url }} +# Works with dedicated firewall rule or with transparent proxy +- name: "({{ ansible_os_family }}): Download Checkmk agent -> {{ checkmk_agent_agent.url.cee }}." ansible.builtin.win_get_url: - url: "{{ checkmk_agent_agent.url }}" + url: "{{ checkmk_agent_agent.url.cee }}" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" dest: "{{ checkmk_agent_host_tmp_dir }}" - when: checkmk_agent_agent_version.changed + method: GET + headers: + # Authorization: "Bearer {{ checkmk_agent_user }} {{ checkmk_agent_auth }}" + Accept: "application/octet-stream" -- name: "Install Checkmk Agent." + when: | + checkmk_agent_edition == "cee" or + checkmk_agent_edition == "cfe" or + checkmk_agent_edition == "cme" + +- name: "({{ ansible_os_family }}): Install Checkmk Agent." ansible.builtin.win_package: - path: "{{ checkmk_agent_agent.file }}" + path: "{{ checkmk_agent_agent.file.cee }}" state: present - wait: true - when: checkmk_agent_agent_version.changed diff --git a/roles/agent/tasks/legacy.yml b/roles/agent/tasks/legacy.yml index 85ad77dea..4623502a6 100644 --- a/roles/agent/tasks/legacy.yml +++ b/roles/agent/tasks/legacy.yml @@ -1,5 +1,5 @@ --- -- name: "Install xinetd" +- name: "({{ansible_system}}): Install xinetd" become: true ansible.builtin.package: name: xinetd @@ -8,7 +8,7 @@ - install-package - install-prerequisites -- name: "Enable xinetd" +- name: "({{ansible_system}}): Enable xinetd" become: true ansible.builtin.service: name: xinetd diff --git a/roles/agent/tasks/main.yml b/roles/agent/tasks/main.yml index 926c4cd29..7e3efaf4c 100644 --- a/roles/agent/tasks/main.yml +++ b/roles/agent/tasks/main.yml @@ -1,36 +1,13 @@ --- -- name: "Include Derivate specific Variables." +- name: "({{ ansible_os_family }}): Include Derivate specific vars." ansible.builtin.include_vars: "{{ ansible_os_family }}.yml" tags: - include-os-family-vars -- name: "Get RPM or APT package facts." - ansible.builtin.package_facts: - manager: "auto" +- name: "({{ ansible_system }}): Include OS specific tasks." + ansible.builtin.include_tasks: "{{ ansible_system }}.yml" tags: - - get-package-facts - -- name: "Import Legacy agent tasks." - ansible.builtin.include_tasks: "legacy.yml" - when: | - checkmk_agent_prep_legacy | bool - and ansible_facts.packages['systemd'][0]['version'] | regex_search('\d{1,}') | int < 220 - -- name: "Download Checkmk CRE Agent." - ansible.builtin.get_url: - url: "{{ checkmk_agent_agent.url.cre }}" - validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" - dest: "{{ checkmk_agent_agent.file.cre }}" - mode: 0640 - when: checkmk_agent_edition == "cre" - retries: 3 - tags: - - download-package - -- name: "Run OS Family specific Tasks." - ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" - tags: - - include-os-family-tasks + - include-system-tasks - name: "Create host on server." tribe29.checkmk.host: @@ -38,90 +15,27 @@ site: "{{ checkmk_agent_site }}" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" automation_user: "{{ checkmk_agent_user }}" - automation_secret: "{{ checkmk_agent_pass }}" + automation_secret: "{{ checkmk_agent_auth }}" folder: "{{ checkmk_agent_folder | default(omit) }}" host_name: "{{ checkmk_agent_host_name }}" attributes: "{{ checkmk_agent_host_attributes }}" state: "present" register: checkmk_agent_create_result failed_when: | - checkmk_agent_create_result.failed is true - and "The host is already part of the specified target folder" not in checkmk_agent_create_result.msg + (checkmk_agent_create_result.failed == true) and + ("The host is already part of the specified target folder" not in checkmk_agent_create_result.msg) delegate_to: "{{ checkmk_agent_delegate_api_calls }}" when: checkmk_agent_add_host | bool -- name: "Check for Agent Updater Binary." - ansible.builtin.stat: - path: /usr/bin/cmk-update-agent - register: checkmk_agent_updater_binary - -- name: "Check for Agent Controller Binary." - ansible.builtin.stat: - path: /usr/bin/cmk-agent-ctl - register: checkmk_agent_controller_binary - -- name: "Register Agent for automatic Upates using User Password." - become: true - ansible.builtin.shell: | - cmk-update-agent register -H {{ checkmk_agent_host_name }} \ - -s {{ checkmk_agent_server }} -i {{ checkmk_agent_site }} -p {{ checkmk_agent_protocol }} \ - -U {{ checkmk_agent_user }} -P {{ checkmk_agent_pass }} - register: checkmk_agent_update_state - when: | - (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe") - and checkmk_agent_updater_binary.stat.exists | bool - and checkmk_agent_update | bool - and (checkmk_agent_pass is defined and checkmk_agent_pass | length) - and (checkmk_agent_secret is not defined) - -- name: "Register Agent for automatic Upates using Automation Secret." - become: true - ansible.builtin.shell: | - cmk-update-agent register -H {{ checkmk_agent_host_name }} \ - -s {{ checkmk_agent_server }} -i {{ checkmk_agent_site }} -p {{ checkmk_agent_protocol }} \ - -U {{ checkmk_agent_user }} -S {{ checkmk_agent_pass }} - register: checkmk_agent_update_state - when: | - (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe") - and checkmk_agent_updater_binary.stat.exists | bool - and checkmk_agent_update | bool - and (checkmk_agent_secret is defined and checkmk_agent_secret | length) - -- name: "Register Agent for TLS using User Password." - become: true - ansible.builtin.shell: | - cmk-agent-ctl register -H {{ checkmk_agent_host_name }} \ - -s {{ checkmk_agent_server }} -i {{ checkmk_agent_site }} \ - -U {{ checkmk_agent_user }} -P {{ checkmk_agent_pass }} --trust-cert - register: checkmk_agent_tls_state - when: | - (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe") - and checkmk_agent_controller_binary.stat.exists | bool - and checkmk_agent_tls | bool - and (checkmk_agent_pass is defined and checkmk_agent_pass | length) - and (checkmk_agent_secret is not defined) - -- name: "Register Agent for TLS using Automation Secret." - become: true - ansible.builtin.shell: | - cmk-agent-ctl register -H {{ checkmk_agent_host_name }} \ - -s {{ checkmk_agent_server }} -i {{ checkmk_agent_site }} \ - -U {{ checkmk_agent_user }} -S {{ checkmk_agent_pass }} --trust-cert - register: checkmk_agent_tls_state - when: | - (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe") - and checkmk_agent_controller_binary.stat.exists | bool - and checkmk_agent_tls | bool - and (checkmk_agent_secret is defined and checkmk_agent_secret | length) - -- name: "Discover services and labels on host." +- name: "({{ ansible_os_family }}): Discover services and labels on host." tribe29.checkmk.discovery: server_url: "{{ checkmk_agent_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_port }}/" site: "{{ checkmk_agent_site }}" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" automation_user: "{{ checkmk_agent_user }}" - automation_secret: "{{ checkmk_agent_pass }}" + automation_secret: "{{ checkmk_agent_auth }}" host_name: "{{ checkmk_agent_host_name }}" state: "fix_all" delegate_to: "{{ checkmk_agent_delegate_api_calls }}" when: checkmk_agent_discover | bool + diff --git a/roles/agent/vars/Windows.yml b/roles/agent/vars/Windows.yml index b488a71ca..dffe9e69b 100644 --- a/roles/agent/vars/Windows.yml +++ b/roles/agent/vars/Windows.yml @@ -1,5 +1,5 @@ --- -checkmk_agent_host_tmp_dir: "C:\\Temp" +checkmk_agent_host_tmp_dir: "C:\\Windows\\Temp" checkmk_agent_agent: url: @@ -8,3 +8,4 @@ checkmk_agent_agent: file: cre: "{{ checkmk_agent_host_tmp_dir }}\\check_mk_agent.msi" cee: "{{ checkmk_agent_host_tmp_dir }}\\check_mk_agent.msi" + diff --git a/roles/agent/vars/main.yml b/roles/agent/vars/main.yml index 15885782a..f6a712bf6 100644 --- a/roles/agent/vars/main.yml +++ b/roles/agent/vars/main.yml @@ -1,2 +1,4 @@ --- checkmk_agent_site_url: "{{ checkmk_agent_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_port }}/{{ checkmk_agent_site }}" + +checkmk_agent_auth: "{% if checkmk_agent_secret is defined and checkmk_agent_secret | length %}{{ checkmk_agent_secret }}{% else %}{{ checkmk_agent_pass }}{% endif %}" # noqa yaml[line-length] From db7ac5dc0e7fda7ae981bbf583dd9aa6e7c90aa7 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Fri, 14 Oct 2022 18:12:11 +0200 Subject: [PATCH 003/146] Add example playbooks and inventories Use "ansible-playbook example-add_hosts.py -i example-*-inventory.yml" for test --- playbooks/example-add_hosts.py | 8 ++++ playbooks/example-linux-inventory.yml | 23 ++++++++++ playbooks/example-windows-inventory.yml | 56 +++++++++++++++++++++++++ 3 files changed, 87 insertions(+) create mode 100644 playbooks/example-add_hosts.py create mode 100644 playbooks/example-linux-inventory.yml create mode 100644 playbooks/example-windows-inventory.yml diff --git a/playbooks/example-add_hosts.py b/playbooks/example-add_hosts.py new file mode 100644 index 000000000..6c03aea1c --- /dev/null +++ b/playbooks/example-add_hosts.py @@ -0,0 +1,8 @@ +--- +- hosts: My_site # Sitename +# debugger: on_failed +# connection: local + + roles: + - tribe29.checkmk.agent + diff --git a/playbooks/example-linux-inventory.yml b/playbooks/example-linux-inventory.yml new file mode 100644 index 000000000..f701899f4 --- /dev/null +++ b/playbooks/example-linux-inventory.yml @@ -0,0 +1,23 @@ +My_Site: + hosts: + debian: + ansible_host: 127.0.0.1 + checkmk_agent_host_attributes: + ipaddress: '{{ansible_host}}' + # tag_Operating_System: Linux + + vars: + checkmk_agent_add_host: true + checkmk_agent_discover: true + checkmk_agent_edition: cme + checkmk_agent_host_ip: '{{ ansible_host }}' + checkmk_agent_host_name: '{{ inventory_hostname }}' + checkmk_agent_user: automation + checkmk_agent_pass: $AUTOMATION_SECRET + checkmk_agent_protocol: http + checkmk_agent_server: 127.0.0.1 + checkmk_agent_port: 80 + checkmk_agent_site: My_Site + checkmk_agent_version: 2.0.0p22 + ansible_user: root + ansible_password: $SECRET diff --git a/playbooks/example-windows-inventory.yml b/playbooks/example-windows-inventory.yml new file mode 100644 index 000000000..0a9cd2b09 --- /dev/null +++ b/playbooks/example-windows-inventory.yml @@ -0,0 +1,56 @@ +My_Site: + hosts: + win10: + ansible_host: 192.168.128.101 + checkmk_agent_host_attributes: + ipaddress: '{{ansible_host}}' + # tag_Operating_System: Windows + win11: + ansible_host: 192.168.128.100 + checkmk_agent_host_attributes: + ipaddress: '{{ansible_host}}' + # tag_Operating_System: Windows + win2k12: + ansible_host: 192.168.128.103 + checkmk_agent_host_attributes: + ipaddress: '{{ansible_host}}' + # tag_Operating_System: Windows + win2k16: + ansible_host: 192.168.128.102 + checkmk_agent_host_attributes: + ipaddress: '{{ansible_host}}' + # tag_Operating_System: Windows + win2k19: + ansible_host: 192.168.128.105 + checkmk_agent_host_attributes: + ipaddress: '{{ansible_host}}' + # tag_Operating_System: Windows + win2k22: + ansible_host: 192.168.128.104 + checkmk_agent_host_attributes: + ipaddress: '{{ansible_host}}' + # tag_Operating_System: Windows + + vars: + checkmk_agent_add_host: true + checkmk_agent_discover: true + checkmk_agent_edition: cre + checkmk_agent_host_ip: '{{ ansible_host }}' + checkmk_agent_host_name: '{{ inventory_hostname }}' + checkmk_agent_user: automation + checkmk_agent_pass: $AUTOMATION_SECRET + checkmk_agent_protocol: http + checkmk_agent_server: 127.0.0.1 + checkmk_agent_port: 80 + checkmk_agent_site: My_Site + checkmk_agent_version: 2.0.0p22 + ansible_user: Administrator + ansible_password: $SECRET + ansible_connection: winrm + ansible_winrm_transport: ntlm + ansible_winrm_server_cert_validation: ignore + +# Windows host (powershell): +# Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope CurrentUser +# .\ConfigureRemotingForAnsible.ps1 +# winrm quickconfig From b114bcdac4279b9363cd5085794cea733fbaa7ab Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Fri, 14 Oct 2022 18:16:18 +0200 Subject: [PATCH 004/146] Add preparation files for Windows systems Using https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1 --- preparation/ansible-winrm/00-ansible.cmd | 21 + .../ansible-winrm/01-winrm-quickconfig.cmd | 2 + .../ansible-winrm/02-ansible-winrm.cmd | 5 + preparation/ansible-winrm/03-allow-icmp.cmd | 1 + .../ConfigureRemotingForAnsible.ps1 | 435 ++++++++++++++++++ 5 files changed, 464 insertions(+) create mode 100644 preparation/ansible-winrm/00-ansible.cmd create mode 100644 preparation/ansible-winrm/01-winrm-quickconfig.cmd create mode 100644 preparation/ansible-winrm/02-ansible-winrm.cmd create mode 100644 preparation/ansible-winrm/03-allow-icmp.cmd create mode 100644 preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 diff --git a/preparation/ansible-winrm/00-ansible.cmd b/preparation/ansible-winrm/00-ansible.cmd new file mode 100644 index 000000000..eb33f6f1f --- /dev/null +++ b/preparation/ansible-winrm/00-ansible.cmd @@ -0,0 +1,21 @@ +@echo off +set CURRENT_PATH=%~dp0 +echo %CURRENT_PATH% + + +rem https://stackoverflow.com/questions/4051883/batch-script-how-to-check-for-admin-rights +goto check_Permissions + +:check_Permissions + echo Administrative permissions required. Detecting permissions... + + net session >nul 2>&1 + if %errorLevel% == 0 ( + echo Success: Administrative permissions confirmed. Setting up everything for Ansible... + %CURRENT_PATH%\01-winrm-quickconfig.cmd & %CURRENT_PATH%\02-ansible-winrm.cmd & %CURRENT_PATH%\03-allow-icmp.cmd +pause + ) else ( + echo Failure: Current permissions inadequate. You need to run this script as administrator! + ) + + pause >nul \ No newline at end of file diff --git a/preparation/ansible-winrm/01-winrm-quickconfig.cmd b/preparation/ansible-winrm/01-winrm-quickconfig.cmd new file mode 100644 index 000000000..315c28ea4 --- /dev/null +++ b/preparation/ansible-winrm/01-winrm-quickconfig.cmd @@ -0,0 +1,2 @@ +@echo off +winrm quickconfig diff --git a/preparation/ansible-winrm/02-ansible-winrm.cmd b/preparation/ansible-winrm/02-ansible-winrm.cmd new file mode 100644 index 000000000..9e210ac9c --- /dev/null +++ b/preparation/ansible-winrm/02-ansible-winrm.cmd @@ -0,0 +1,5 @@ +@echo off +set CURRENT_PATH=%~dp0 +echo %CURRENT_PATH% +powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope CurrentUser +powershell %CURRENT_PATH%\ConfigureRemotingForAnsible.ps1 \ No newline at end of file diff --git a/preparation/ansible-winrm/03-allow-icmp.cmd b/preparation/ansible-winrm/03-allow-icmp.cmd new file mode 100644 index 000000000..41dcfd898 --- /dev/null +++ b/preparation/ansible-winrm/03-allow-icmp.cmd @@ -0,0 +1 @@ +powershell Set-NetFirewallRule -name "FPS-ICMP4-ERQ-In*" -Enabled true \ No newline at end of file diff --git a/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 b/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 new file mode 100644 index 000000000..7cc86abd7 --- /dev/null +++ b/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 @@ -0,0 +1,435 @@ +#Requires -Version 3.0 + +# Configure a Windows host for remote management with Ansible +# ----------------------------------------------------------- +# +# This script checks the current WinRM (PS Remoting) configuration and makes +# the necessary changes to allow Ansible to connect, authenticate and +# execute PowerShell commands. +# +# IMPORTANT: This script uses self-signed certificates and authentication mechanisms +# that are intended for development environments and evaluation purposes only. +# Production environments and deployments that are exposed on the network should +# use CA-signed certificates and secure authentication mechanisms such as Kerberos. +# +# To run this script in Powershell: +# +# [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 +# $url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1" +# $file = "$env:temp\ConfigureRemotingForAnsible.ps1" +# +# (New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file) +# +# powershell.exe -ExecutionPolicy ByPass -File $file +# +# All events are logged to the Windows EventLog, useful for unattended runs. +# +# Use option -Verbose in order to see the verbose output messages. +# +# Use option -CertValidityDays to specify how long this certificate is valid +# starting from today. So you would specify -CertValidityDays 3650 to get +# a 10-year valid certificate. +# +# Use option -ForceNewSSLCert if the system has been SysPreped and a new +# SSL Certificate must be forced on the WinRM Listener when re-running this +# script. This is necessary when a new SID and CN name is created. +# +# Use option -EnableCredSSP to enable CredSSP as an authentication option. +# +# Use option -DisableBasicAuth to disable basic authentication. +# +# Use option -SkipNetworkProfileCheck to skip the network profile check. +# Without specifying this the script will only run if the device's interfaces +# are in DOMAIN or PRIVATE zones. Provide this switch if you want to enable +# WinRM on a device with an interface in PUBLIC zone. +# +# Use option -SubjectName to specify the CN name of the certificate. This +# defaults to the system's hostname and generally should not be specified. + +# Written by Trond Hindenes +# Updated by Chris Church +# Updated by Michael Crilly +# Updated by Anton Ouzounov +# Updated by Nicolas Simond +# Updated by Dag Wieërs +# Updated by Jordan Borean +# Updated by Erwan Quélin +# Updated by David Norman +# +# Version 1.0 - 2014-07-06 +# Version 1.1 - 2014-11-11 +# Version 1.2 - 2015-05-15 +# Version 1.3 - 2016-04-04 +# Version 1.4 - 2017-01-05 +# Version 1.5 - 2017-02-09 +# Version 1.6 - 2017-04-18 +# Version 1.7 - 2017-11-23 +# Version 1.8 - 2018-02-23 +# Version 1.9 - 2018-09-21 + +# Support -Verbose option +[CmdletBinding()] + +Param ( + [string]$SubjectName = $env:COMPUTERNAME, + [int]$CertValidityDays = 1095, + [switch]$SkipNetworkProfileCheck, + $CreateSelfSignedCert = $true, + [switch]$ForceNewSSLCert, + [switch]$GlobalHttpFirewallAccess, + [switch]$DisableBasicAuth = $false, + [switch]$EnableCredSSP +) + +Function Write-ProgressLog { + $Message = $args[0] + Write-EventLog -LogName Application -Source $EventSource -EntryType Information -EventId 1 -Message $Message +} + +Function Write-VerboseLog { + $Message = $args[0] + Write-Verbose $Message + Write-ProgressLog $Message +} + +Function Write-HostLog { + $Message = $args[0] + Write-Output $Message + Write-ProgressLog $Message +} + +Function New-LegacySelfSignedCert { + Param ( + [string]$SubjectName, + [int]$ValidDays = 1095 + ) + + $hostnonFQDN = $env:computerName + $hostFQDN = [System.Net.Dns]::GetHostByName(($env:computerName)).Hostname + $SignatureAlgorithm = "SHA256" + + $name = New-Object -COM "X509Enrollment.CX500DistinguishedName.1" + $name.Encode("CN=$SubjectName", 0) + + $key = New-Object -COM "X509Enrollment.CX509PrivateKey.1" + $key.ProviderName = "Microsoft Enhanced RSA and AES Cryptographic Provider" + $key.KeySpec = 1 + $key.Length = 4096 + $key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)" + $key.MachineContext = 1 + $key.Create() + + $serverauthoid = New-Object -COM "X509Enrollment.CObjectId.1" + $serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1") + $ekuoids = New-Object -COM "X509Enrollment.CObjectIds.1" + $ekuoids.Add($serverauthoid) + $ekuext = New-Object -COM "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1" + $ekuext.InitializeEncode($ekuoids) + + $cert = New-Object -COM "X509Enrollment.CX509CertificateRequestCertificate.1" + $cert.InitializeFromPrivateKey(2, $key, "") + $cert.Subject = $name + $cert.Issuer = $cert.Subject + $cert.NotBefore = (Get-Date).AddDays(-1) + $cert.NotAfter = $cert.NotBefore.AddDays($ValidDays) + + $SigOID = New-Object -ComObject X509Enrollment.CObjectId + $SigOID.InitializeFromValue(([Security.Cryptography.Oid]$SignatureAlgorithm).Value) + + [string[]] $AlternativeName += $hostnonFQDN + $AlternativeName += $hostFQDN + $IAlternativeNames = New-Object -ComObject X509Enrollment.CAlternativeNames + + foreach ($AN in $AlternativeName) { + $AltName = New-Object -ComObject X509Enrollment.CAlternativeName + $AltName.InitializeFromString(0x3, $AN) + $IAlternativeNames.Add($AltName) + } + + $SubjectAlternativeName = New-Object -ComObject X509Enrollment.CX509ExtensionAlternativeNames + $SubjectAlternativeName.InitializeEncode($IAlternativeNames) + + [String[]]$KeyUsage = ("DigitalSignature", "KeyEncipherment") + $KeyUsageObj = New-Object -ComObject X509Enrollment.CX509ExtensionKeyUsage + $KeyUsageObj.InitializeEncode([int][Security.Cryptography.X509Certificates.X509KeyUsageFlags]($KeyUsage)) + $KeyUsageObj.Critical = $true + + $cert.X509Extensions.Add($KeyUsageObj) + $cert.X509Extensions.Add($ekuext) + $cert.SignatureInformation.HashAlgorithm = $SigOID + $CERT.X509Extensions.Add($SubjectAlternativeName) + $cert.Encode() + + $enrollment = New-Object -COM "X509Enrollment.CX509Enrollment.1" + $enrollment.InitializeFromRequest($cert) + $certdata = $enrollment.CreateRequest(0) + $enrollment.InstallResponse(2, $certdata, 0, "") + + # extract/return the thumbprint from the generated cert + $parsed_cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 + $parsed_cert.Import([System.Text.Encoding]::UTF8.GetBytes($certdata)) + + return $parsed_cert.Thumbprint +} + +Function Enable-GlobalHttpFirewallAccess { + Write-Verbose "Forcing global HTTP firewall access" + # this is a fairly naive implementation; could be more sophisticated about rule matching/collapsing + $fw = New-Object -ComObject HNetCfg.FWPolicy2 + + # try to find/enable the default rule first + $add_rule = $false + $matching_rules = $fw.Rules | Where-Object { $_.Name -eq "Windows Remote Management (HTTP-In)" } + $rule = $null + If ($matching_rules) { + If ($matching_rules -isnot [Array]) { + Write-Verbose "Editing existing single HTTP firewall rule" + $rule = $matching_rules + } + Else { + # try to find one with the All or Public profile first + Write-Verbose "Found multiple existing HTTP firewall rules..." + $rule = $matching_rules | ForEach-Object { $_.Profiles -band 4 }[0] + + If (-not $rule -or $rule -is [Array]) { + Write-Verbose "Editing an arbitrary single HTTP firewall rule (multiple existed)" + # oh well, just pick the first one + $rule = $matching_rules[0] + } + } + } + + If (-not $rule) { + Write-Verbose "Creating a new HTTP firewall rule" + $rule = New-Object -ComObject HNetCfg.FWRule + $rule.Name = "Windows Remote Management (HTTP-In)" + $rule.Description = "Inbound rule for Windows Remote Management via WS-Management. [TCP 5985]" + $add_rule = $true + } + + $rule.Profiles = 0x7FFFFFFF + $rule.Protocol = 6 + $rule.LocalPorts = 5985 + $rule.RemotePorts = "*" + $rule.LocalAddresses = "*" + $rule.RemoteAddresses = "*" + $rule.Enabled = $true + $rule.Direction = 1 + $rule.Action = 1 + $rule.Grouping = "Windows Remote Management" + + If ($add_rule) { + $fw.Rules.Add($rule) + } + + Write-Verbose "HTTP firewall rule $($rule.Name) updated" +} + +# Setup error handling. +Trap { + $_ + Exit 1 +} +$ErrorActionPreference = "Stop" + +# Get the ID and security principal of the current user account +$myWindowsID = [System.Security.Principal.WindowsIdentity]::GetCurrent() +$myWindowsPrincipal = new-object System.Security.Principal.WindowsPrincipal($myWindowsID) + +# Get the security principal for the Administrator role +$adminRole = [System.Security.Principal.WindowsBuiltInRole]::Administrator + +# Check to see if we are currently running "as Administrator" +if (-Not $myWindowsPrincipal.IsInRole($adminRole)) { + Write-Output "ERROR: You need elevated Administrator privileges in order to run this script." + Write-Output " Start Windows PowerShell by using the Run as Administrator option." + Exit 2 +} + +$EventSource = $MyInvocation.MyCommand.Name +If (-Not $EventSource) { + $EventSource = "Powershell CLI" +} + +If ([System.Diagnostics.EventLog]::Exists('Application') -eq $False -or [System.Diagnostics.EventLog]::SourceExists($EventSource) -eq $False) { + New-EventLog -LogName Application -Source $EventSource +} + +# Detect PowerShell version. +If ($PSVersionTable.PSVersion.Major -lt 3) { + Write-ProgressLog "PowerShell version 3 or higher is required." + Throw "PowerShell version 3 or higher is required." +} + +# Find and start the WinRM service. +Write-Verbose "Verifying WinRM service." +If (!(Get-Service "WinRM")) { + Write-ProgressLog "Unable to find the WinRM service." + Throw "Unable to find the WinRM service." +} +ElseIf ((Get-Service "WinRM").Status -ne "Running") { + Write-Verbose "Setting WinRM service to start automatically on boot." + Set-Service -Name "WinRM" -StartupType Automatic + Write-ProgressLog "Set WinRM service to start automatically on boot." + Write-Verbose "Starting WinRM service." + Start-Service -Name "WinRM" -ErrorAction Stop + Write-ProgressLog "Started WinRM service." + +} + +# WinRM should be running; check that we have a PS session config. +If (!(Get-PSSessionConfiguration -Verbose:$false) -or (!(Get-ChildItem WSMan:\localhost\Listener))) { + If ($SkipNetworkProfileCheck) { + Write-Verbose "Enabling PS Remoting without checking Network profile." + Enable-PSRemoting -SkipNetworkProfileCheck -Force -ErrorAction Stop + Write-ProgressLog "Enabled PS Remoting without checking Network profile." + } + Else { + Write-Verbose "Enabling PS Remoting." + Enable-PSRemoting -Force -ErrorAction Stop + Write-ProgressLog "Enabled PS Remoting." + } +} +Else { + Write-Verbose "PS Remoting is already enabled." +} + +# Ensure LocalAccountTokenFilterPolicy is set to 1 +# https://github.com/ansible/ansible/issues/42978 +$token_path = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" +$token_prop_name = "LocalAccountTokenFilterPolicy" +$token_key = Get-Item -Path $token_path +$token_value = $token_key.GetValue($token_prop_name, $null) +if ($token_value -ne 1) { + Write-Verbose "Setting LocalAccountTOkenFilterPolicy to 1" + if ($null -ne $token_value) { + Remove-ItemProperty -Path $token_path -Name $token_prop_name + } + New-ItemProperty -Path $token_path -Name $token_prop_name -Value 1 -PropertyType DWORD > $null +} + +# Make sure there is a SSL listener. +$listeners = Get-ChildItem WSMan:\localhost\Listener +If (!($listeners | Where-Object { $_.Keys -like "TRANSPORT=HTTPS" })) { + # We cannot use New-SelfSignedCertificate on 2012R2 and earlier + $thumbprint = New-LegacySelfSignedCert -SubjectName $SubjectName -ValidDays $CertValidityDays + Write-HostLog "Self-signed SSL certificate generated; thumbprint: $thumbprint" + + # Create the hashtables of settings to be used. + $valueset = @{ + Hostname = $SubjectName + CertificateThumbprint = $thumbprint + } + + $selectorset = @{ + Transport = "HTTPS" + Address = "*" + } + + Write-Verbose "Enabling SSL listener." + New-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset -ValueSet $valueset + Write-ProgressLog "Enabled SSL listener." +} +Else { + Write-Verbose "SSL listener is already active." + + # Force a new SSL cert on Listener if the $ForceNewSSLCert + If ($ForceNewSSLCert) { + + # We cannot use New-SelfSignedCertificate on 2012R2 and earlier + $thumbprint = New-LegacySelfSignedCert -SubjectName $SubjectName -ValidDays $CertValidityDays + Write-HostLog "Self-signed SSL certificate generated; thumbprint: $thumbprint" + + $valueset = @{ + CertificateThumbprint = $thumbprint + Hostname = $SubjectName + } + + # Delete the listener for SSL + $selectorset = @{ + Address = "*" + Transport = "HTTPS" + } + Remove-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset + + # Add new Listener with new SSL cert + New-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset -ValueSet $valueset + } +} + +# Check for basic authentication. +$basicAuthSetting = Get-ChildItem WSMan:\localhost\Service\Auth | Where-Object { $_.Name -eq "Basic" } + +If ($DisableBasicAuth) { + If (($basicAuthSetting.Value) -eq $true) { + Write-Verbose "Disabling basic auth support." + Set-Item -Path "WSMan:\localhost\Service\Auth\Basic" -Value $false + Write-ProgressLog "Disabled basic auth support." + } + Else { + Write-Verbose "Basic auth is already disabled." + } +} +Else { + If (($basicAuthSetting.Value) -eq $false) { + Write-Verbose "Enabling basic auth support." + Set-Item -Path "WSMan:\localhost\Service\Auth\Basic" -Value $true + Write-ProgressLog "Enabled basic auth support." + } + Else { + Write-Verbose "Basic auth is already enabled." + } +} + +# If EnableCredSSP if set to true +If ($EnableCredSSP) { + # Check for CredSSP authentication + $credsspAuthSetting = Get-ChildItem WSMan:\localhost\Service\Auth | Where-Object { $_.Name -eq "CredSSP" } + If (($credsspAuthSetting.Value) -eq $false) { + Write-Verbose "Enabling CredSSP auth support." + Enable-WSManCredSSP -role server -Force + Write-ProgressLog "Enabled CredSSP auth support." + } +} + +If ($GlobalHttpFirewallAccess) { + Enable-GlobalHttpFirewallAccess +} + +# Configure firewall to allow WinRM HTTPS connections. +$fwtest1 = netsh advfirewall firewall show rule name="Allow WinRM HTTPS" +$fwtest2 = netsh advfirewall firewall show rule name="Allow WinRM HTTPS" profile=any +If ($fwtest1.count -lt 5) { + Write-Verbose "Adding firewall rule to allow WinRM HTTPS." + netsh advfirewall firewall add rule profile=any name="Allow WinRM HTTPS" dir=in localport=5986 protocol=TCP action=allow + Write-ProgressLog "Added firewall rule to allow WinRM HTTPS." +} +ElseIf (($fwtest1.count -ge 5) -and ($fwtest2.count -lt 5)) { + Write-Verbose "Updating firewall rule to allow WinRM HTTPS for any profile." + netsh advfirewall firewall set rule name="Allow WinRM HTTPS" new profile=any + Write-ProgressLog "Updated firewall rule to allow WinRM HTTPS for any profile." +} +Else { + Write-Verbose "Firewall rule already exists to allow WinRM HTTPS." +} + +# Test a remoting connection to localhost, which should work. +$httpResult = Invoke-Command -ComputerName "localhost" -ScriptBlock { $using:env:COMPUTERNAME } -ErrorVariable httpError -ErrorAction SilentlyContinue +$httpsOptions = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck + +$httpsResult = New-PSSession -UseSSL -ComputerName "localhost" -SessionOption $httpsOptions -ErrorVariable httpsError -ErrorAction SilentlyContinue + +If ($httpResult -and $httpsResult) { + Write-Verbose "HTTP: Enabled | HTTPS: Enabled" +} +ElseIf ($httpsResult -and !$httpResult) { + Write-Verbose "HTTP: Disabled | HTTPS: Enabled" +} +ElseIf ($httpResult -and !$httpsResult) { + Write-Verbose "HTTP: Enabled | HTTPS: Disabled" +} +Else { + Write-ProgressLog "Unable to establish an HTTP or HTTPS remoting session." + Throw "Unable to establish an HTTP or HTTPS remoting session." +} +Write-VerboseLog "PS Remoting has been successfully configured for Ansible." From cd4b127517c965251d65defe09b2a997fec1c8f7 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Tue, 1 Nov 2022 13:17:01 +0100 Subject: [PATCH 005/146] Remove newlines --- roles/agent/tasks/Win32NT.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/agent/tasks/Win32NT.yml b/roles/agent/tasks/Win32NT.yml index 772b2629e..73a0bf34d 100644 --- a/roles/agent/tasks/Win32NT.yml +++ b/roles/agent/tasks/Win32NT.yml @@ -13,4 +13,3 @@ ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" tags: - include-os-family-tasks - From 55ae6f380326fea6627796de67d844b40d0f24a7 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Tue, 1 Nov 2022 13:17:31 +0100 Subject: [PATCH 006/146] Remove newlines --- roles/agent/tasks/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/agent/tasks/main.yml b/roles/agent/tasks/main.yml index 7e3efaf4c..224eb5ec9 100644 --- a/roles/agent/tasks/main.yml +++ b/roles/agent/tasks/main.yml @@ -38,4 +38,3 @@ state: "fix_all" delegate_to: "{{ checkmk_agent_delegate_api_calls }}" when: checkmk_agent_discover | bool - From c266d282b3aa999eb0dcc4da6dfd4748b2454d22 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Tue, 1 Nov 2022 13:18:07 +0100 Subject: [PATCH 007/146] Remove newline From 4c56046dfe8bffc36a205ee74b3c361ef7e4c9a9 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Tue, 1 Nov 2022 13:20:22 +0100 Subject: [PATCH 008/146] Change extension --- playbooks/{example-add_hosts.py => example-add_hosts.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename playbooks/{example-add_hosts.py => example-add_hosts.yml} (100%) diff --git a/playbooks/example-add_hosts.py b/playbooks/example-add_hosts.yml similarity index 100% rename from playbooks/example-add_hosts.py rename to playbooks/example-add_hosts.yml From da261e1ca5d69a4fdd6d8759ea2eb0ecd24b4013 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Tue, 1 Nov 2022 13:20:37 +0100 Subject: [PATCH 009/146] Update example-add_hosts.yml --- playbooks/example-add_hosts.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/playbooks/example-add_hosts.yml b/playbooks/example-add_hosts.yml index 6c03aea1c..1c4258975 100644 --- a/playbooks/example-add_hosts.yml +++ b/playbooks/example-add_hosts.yml @@ -5,4 +5,3 @@ roles: - tribe29.checkmk.agent - From 0af6e66fc331647e61025a1a1ddb9824cdf15f07 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Tue, 1 Nov 2022 13:22:52 +0100 Subject: [PATCH 010/146] Update 00-ansible.cmd --- preparation/ansible-winrm/00-ansible.cmd | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/preparation/ansible-winrm/00-ansible.cmd b/preparation/ansible-winrm/00-ansible.cmd index eb33f6f1f..663d8cf6b 100644 --- a/preparation/ansible-winrm/00-ansible.cmd +++ b/preparation/ansible-winrm/00-ansible.cmd @@ -2,7 +2,6 @@ set CURRENT_PATH=%~dp0 echo %CURRENT_PATH% - rem https://stackoverflow.com/questions/4051883/batch-script-how-to-check-for-admin-rights goto check_Permissions @@ -18,4 +17,4 @@ pause echo Failure: Current permissions inadequate. You need to run this script as administrator! ) - pause >nul \ No newline at end of file + pause >nul From 50b56dd4fdc3c3c6891d3e4b513fef836cce3ea1 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Tue, 1 Nov 2022 13:23:12 +0100 Subject: [PATCH 011/146] Update 01-winrm-quickconfig.cmd From 7ed245b613ed8c47701bee7dcf5f3028acfc4c1f Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Wed, 2 Nov 2022 09:32:51 +0100 Subject: [PATCH 012/146] Update Windows.yml --- roles/agent/vars/Windows.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/agent/vars/Windows.yml b/roles/agent/vars/Windows.yml index dffe9e69b..be8924891 100644 --- a/roles/agent/vars/Windows.yml +++ b/roles/agent/vars/Windows.yml @@ -8,4 +8,3 @@ checkmk_agent_agent: file: cre: "{{ checkmk_agent_host_tmp_dir }}\\check_mk_agent.msi" cee: "{{ checkmk_agent_host_tmp_dir }}\\check_mk_agent.msi" - From 19e2590126967244db2c7b47c32a46cb04e56a5b Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Wed, 2 Nov 2022 09:38:11 +0100 Subject: [PATCH 013/146] Change -Path to -LiteralPath --- preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 b/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 index 7cc86abd7..ecf84119b 100644 --- a/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 +++ b/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 @@ -298,14 +298,14 @@ Else { # https://github.com/ansible/ansible/issues/42978 $token_path = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" $token_prop_name = "LocalAccountTokenFilterPolicy" -$token_key = Get-Item -Path $token_path +$token_key = Get-Item -LiteralPath $token_path $token_value = $token_key.GetValue($token_prop_name, $null) if ($token_value -ne 1) { Write-Verbose "Setting LocalAccountTOkenFilterPolicy to 1" if ($null -ne $token_value) { - Remove-ItemProperty -Path $token_path -Name $token_prop_name + Remove-ItemProperty -LiteralPath $token_path -Name $token_prop_name } - New-ItemProperty -Path $token_path -Name $token_prop_name -Value 1 -PropertyType DWORD > $null + New-ItemProperty -LiteralPath $token_path -Name $token_prop_name -Value 1 -PropertyType DWORD > $null } # Make sure there is a SSL listener. From 2a9889a8d7382f00aef6e63d504cedacf159a4ea Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Wed, 2 Nov 2022 09:40:26 +0100 Subject: [PATCH 014/146] Update 00-ansible.cmd --- preparation/ansible-winrm/00-ansible.cmd | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/preparation/ansible-winrm/00-ansible.cmd b/preparation/ansible-winrm/00-ansible.cmd index 663d8cf6b..eccd681c1 100644 --- a/preparation/ansible-winrm/00-ansible.cmd +++ b/preparation/ansible-winrm/00-ansible.cmd @@ -16,5 +16,5 @@ pause ) else ( echo Failure: Current permissions inadequate. You need to run this script as administrator! ) - - pause >nul + +pause >nul From 02332b06d85070807c6a67debb09dab9d92dc42c Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Thu, 3 Nov 2022 09:10:32 +0100 Subject: [PATCH 015/146] Update .gitattributes Handle line endings in windows files --- .gitattributes | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitattributes b/.gitattributes index b2a76a893..f152d0d95 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1 +1,2 @@ -*.yml linguist-detectable \ No newline at end of file +*.yml linguist-detectable +*.cmd text eol=crlf From 903f7794ee8aee21b165f8d4fa377e56d75f78a1 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Thu, 3 Nov 2022 09:19:11 +0100 Subject: [PATCH 016/146] Update Linux.yml --- roles/agent/tasks/Linux.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/agent/tasks/Linux.yml b/roles/agent/tasks/Linux.yml index ee965391f..5c8fb197f 100644 --- a/roles/agent/tasks/Linux.yml +++ b/roles/agent/tasks/Linux.yml @@ -54,7 +54,7 @@ -s {{ checkmk_agent_server }} -i {{ checkmk_agent_site }} -p {{ checkmk_agent_protocol }} \ -U {{ checkmk_agent_user }} -S {{ checkmk_agent_auth }} register: checkmk_agent_update_state - when: + when: (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme") and checkmk_agent_updater_binary.stat.exists and checkmk_agent_update and (checkmk_agent_secret is defined and checkmk_agent_secret) - name: "({{ansible_system}}): Register Agent for TLS." @@ -64,5 +64,5 @@ -s {{ checkmk_agent_server }} -i {{ checkmk_agent_site }} \ -U {{ checkmk_agent_user }} -P {{ checkmk_agent_auth }} --trust-cert register: checkmk_agent_tls_state - when: + when: (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme") and checkmk_agent_controller_binary.stat.exists and checkmk_agent_tls and (checkmk_agent_auth is defined and checkmk_agent_auth) From 0a5ef793962a1867a48c2e84657ebcccb55d0a6c Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Thu, 3 Nov 2022 09:19:39 +0100 Subject: [PATCH 017/146] Update Windows.yml --- roles/agent/tasks/Windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/agent/tasks/Windows.yml b/roles/agent/tasks/Windows.yml index d4d48e453..d7e810a2c 100644 --- a/roles/agent/tasks/Windows.yml +++ b/roles/agent/tasks/Windows.yml @@ -26,7 +26,7 @@ checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme" - + - name: "({{ ansible_os_family }}): Install Checkmk Agent." ansible.builtin.win_package: path: "{{ checkmk_agent_agent.file.cee }}" From 0055678bf8d2715e650b6df2c508fa53141ae889 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Thu, 3 Nov 2022 09:23:19 +0100 Subject: [PATCH 018/146] Update example-linux-inventory.yml --- playbooks/example-linux-inventory.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/playbooks/example-linux-inventory.yml b/playbooks/example-linux-inventory.yml index f701899f4..d2ff3df18 100644 --- a/playbooks/example-linux-inventory.yml +++ b/playbooks/example-linux-inventory.yml @@ -1,10 +1,10 @@ +--- My_Site: hosts: debian: ansible_host: 127.0.0.1 checkmk_agent_host_attributes: ipaddress: '{{ansible_host}}' - # tag_Operating_System: Linux vars: checkmk_agent_add_host: true @@ -19,5 +19,5 @@ My_Site: checkmk_agent_port: 80 checkmk_agent_site: My_Site checkmk_agent_version: 2.0.0p22 - ansible_user: root + ansible_user: root ansible_password: $SECRET From 7b43cc5a9e3d1fa903b10fbc3928d75f909749be Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Thu, 3 Nov 2022 09:24:38 +0100 Subject: [PATCH 019/146] Update example-windows-inventory.yml --- playbooks/example-windows-inventory.yml | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/playbooks/example-windows-inventory.yml b/playbooks/example-windows-inventory.yml index 0a9cd2b09..001957fa1 100644 --- a/playbooks/example-windows-inventory.yml +++ b/playbooks/example-windows-inventory.yml @@ -1,35 +1,30 @@ +--- My_Site: hosts: win10: ansible_host: 192.168.128.101 checkmk_agent_host_attributes: ipaddress: '{{ansible_host}}' - # tag_Operating_System: Windows win11: ansible_host: 192.168.128.100 checkmk_agent_host_attributes: ipaddress: '{{ansible_host}}' - # tag_Operating_System: Windows win2k12: ansible_host: 192.168.128.103 checkmk_agent_host_attributes: ipaddress: '{{ansible_host}}' - # tag_Operating_System: Windows win2k16: ansible_host: 192.168.128.102 checkmk_agent_host_attributes: ipaddress: '{{ansible_host}}' - # tag_Operating_System: Windows win2k19: ansible_host: 192.168.128.105 checkmk_agent_host_attributes: ipaddress: '{{ansible_host}}' - # tag_Operating_System: Windows win2k22: ansible_host: 192.168.128.104 checkmk_agent_host_attributes: ipaddress: '{{ansible_host}}' - # tag_Operating_System: Windows vars: checkmk_agent_add_host: true @@ -45,12 +40,7 @@ My_Site: checkmk_agent_site: My_Site checkmk_agent_version: 2.0.0p22 ansible_user: Administrator - ansible_password: $SECRET + ansible_password: $SECRET ansible_connection: winrm - ansible_winrm_transport: ntlm + ansible_winrm_transport: ntlm ansible_winrm_server_cert_validation: ignore - -# Windows host (powershell): -# Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope CurrentUser -# .\ConfigureRemotingForAnsible.ps1 -# winrm quickconfig From 692b1f1193ac8ca916330ef5168a7f5ad6341bb2 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Thu, 3 Nov 2022 09:25:26 +0100 Subject: [PATCH 020/146] Update example-add_hosts.yml --- playbooks/example-add_hosts.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/playbooks/example-add_hosts.yml b/playbooks/example-add_hosts.yml index 1c4258975..820182a2d 100644 --- a/playbooks/example-add_hosts.yml +++ b/playbooks/example-add_hosts.yml @@ -1,7 +1,5 @@ --- - hosts: My_site # Sitename -# debugger: on_failed -# connection: local roles: - tribe29.checkmk.agent From 2c7d9f15b0de7e29b1c465761b9c1041b451147f Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Thu, 3 Nov 2022 09:38:41 +0100 Subject: [PATCH 021/146] Force LF line ending on windows files --- .gitattributes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitattributes b/.gitattributes index f152d0d95..e7f092344 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,2 +1,2 @@ *.yml linguist-detectable -*.cmd text eol=crlf +*.cmd text eol=lf From a0c97ba880b148af8ecfbebc136d90f63961fd8d Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Thu, 3 Nov 2022 09:41:40 +0100 Subject: [PATCH 022/146] Update 00-ansible.cmd From dc35e44dbf013f7af83aff8a6fbc00d8a6ffbc82 Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Fri, 4 Nov 2022 17:34:15 +0100 Subject: [PATCH 023/146] Trash --- preparation/ansible-winrm/00-ansible.cmd | 40 +++++++++---------- .../ansible-winrm/01-winrm-quickconfig.cmd | 4 +- .../ansible-winrm/02-ansible-winrm.cmd | 8 ++-- 3 files changed, 26 insertions(+), 26 deletions(-) diff --git a/preparation/ansible-winrm/00-ansible.cmd b/preparation/ansible-winrm/00-ansible.cmd index eccd681c1..b173c1b1e 100644 --- a/preparation/ansible-winrm/00-ansible.cmd +++ b/preparation/ansible-winrm/00-ansible.cmd @@ -1,20 +1,20 @@ -@echo off -set CURRENT_PATH=%~dp0 -echo %CURRENT_PATH% - -rem https://stackoverflow.com/questions/4051883/batch-script-how-to-check-for-admin-rights -goto check_Permissions - -:check_Permissions - echo Administrative permissions required. Detecting permissions... - - net session >nul 2>&1 - if %errorLevel% == 0 ( - echo Success: Administrative permissions confirmed. Setting up everything for Ansible... - %CURRENT_PATH%\01-winrm-quickconfig.cmd & %CURRENT_PATH%\02-ansible-winrm.cmd & %CURRENT_PATH%\03-allow-icmp.cmd -pause - ) else ( - echo Failure: Current permissions inadequate. You need to run this script as administrator! - ) - -pause >nul +@echo off +set CURRENT_PATH=%~dp0 +echo %CURRENT_PATH% + +rem https://stackoverflow.com/questions/4051883/batch-script-how-to-check-for-admin-rights +goto check_Permissions + +:check_Permissions + echo Administrative permissions required. Detecting permissions... + + net session >nul 2>&1 + if %errorLevel% == 0 ( + echo Success: Administrative permissions confirmed. Setting up everything for Ansible... + %CURRENT_PATH%\01-winrm-quickconfig.cmd & %CURRENT_PATH%\02-ansible-winrm.cmd & %CURRENT_PATH%\03-allow-icmp.cmd +pause + ) else ( + echo Failure: Current permissions inadequate. You need to run this script as administrator! + ) + +pause >nul diff --git a/preparation/ansible-winrm/01-winrm-quickconfig.cmd b/preparation/ansible-winrm/01-winrm-quickconfig.cmd index 315c28ea4..bb8142259 100644 --- a/preparation/ansible-winrm/01-winrm-quickconfig.cmd +++ b/preparation/ansible-winrm/01-winrm-quickconfig.cmd @@ -1,2 +1,2 @@ -@echo off -winrm quickconfig +@echo off +winrm quickconfig diff --git a/preparation/ansible-winrm/02-ansible-winrm.cmd b/preparation/ansible-winrm/02-ansible-winrm.cmd index 9e210ac9c..812d741c1 100644 --- a/preparation/ansible-winrm/02-ansible-winrm.cmd +++ b/preparation/ansible-winrm/02-ansible-winrm.cmd @@ -1,5 +1,5 @@ -@echo off -set CURRENT_PATH=%~dp0 -echo %CURRENT_PATH% -powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope CurrentUser +@echo off +set CURRENT_PATH=%~dp0 +echo %CURRENT_PATH% +powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope CurrentUser powershell %CURRENT_PATH%\ConfigureRemotingForAnsible.ps1 \ No newline at end of file From ea99fbbd91c5000048799b98fd8185f2ea0f2fac Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Mon, 7 Nov 2022 08:22:22 +0100 Subject: [PATCH 024/146] Delete example-add_hosts.yml --- playbooks/example-add_hosts.yml | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 playbooks/example-add_hosts.yml diff --git a/playbooks/example-add_hosts.yml b/playbooks/example-add_hosts.yml deleted file mode 100644 index 820182a2d..000000000 --- a/playbooks/example-add_hosts.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: My_site # Sitename - - roles: - - tribe29.checkmk.agent From b9101a0b0657a48955734dc343bb19886f272c64 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Mon, 7 Nov 2022 08:22:52 +0100 Subject: [PATCH 025/146] Delete example-linux-inventory.yml --- playbooks/example-linux-inventory.yml | 23 ----------------------- 1 file changed, 23 deletions(-) delete mode 100644 playbooks/example-linux-inventory.yml diff --git a/playbooks/example-linux-inventory.yml b/playbooks/example-linux-inventory.yml deleted file mode 100644 index d2ff3df18..000000000 --- a/playbooks/example-linux-inventory.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -My_Site: - hosts: - debian: - ansible_host: 127.0.0.1 - checkmk_agent_host_attributes: - ipaddress: '{{ansible_host}}' - - vars: - checkmk_agent_add_host: true - checkmk_agent_discover: true - checkmk_agent_edition: cme - checkmk_agent_host_ip: '{{ ansible_host }}' - checkmk_agent_host_name: '{{ inventory_hostname }}' - checkmk_agent_user: automation - checkmk_agent_pass: $AUTOMATION_SECRET - checkmk_agent_protocol: http - checkmk_agent_server: 127.0.0.1 - checkmk_agent_port: 80 - checkmk_agent_site: My_Site - checkmk_agent_version: 2.0.0p22 - ansible_user: root - ansible_password: $SECRET From 61a02f20ec023758993fe48bf70dca0b4e8f0e11 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Mon, 7 Nov 2022 08:23:00 +0100 Subject: [PATCH 026/146] Delete example-windows-inventory.yml --- playbooks/example-windows-inventory.yml | 46 ------------------------- 1 file changed, 46 deletions(-) delete mode 100644 playbooks/example-windows-inventory.yml diff --git a/playbooks/example-windows-inventory.yml b/playbooks/example-windows-inventory.yml deleted file mode 100644 index 001957fa1..000000000 --- a/playbooks/example-windows-inventory.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -My_Site: - hosts: - win10: - ansible_host: 192.168.128.101 - checkmk_agent_host_attributes: - ipaddress: '{{ansible_host}}' - win11: - ansible_host: 192.168.128.100 - checkmk_agent_host_attributes: - ipaddress: '{{ansible_host}}' - win2k12: - ansible_host: 192.168.128.103 - checkmk_agent_host_attributes: - ipaddress: '{{ansible_host}}' - win2k16: - ansible_host: 192.168.128.102 - checkmk_agent_host_attributes: - ipaddress: '{{ansible_host}}' - win2k19: - ansible_host: 192.168.128.105 - checkmk_agent_host_attributes: - ipaddress: '{{ansible_host}}' - win2k22: - ansible_host: 192.168.128.104 - checkmk_agent_host_attributes: - ipaddress: '{{ansible_host}}' - - vars: - checkmk_agent_add_host: true - checkmk_agent_discover: true - checkmk_agent_edition: cre - checkmk_agent_host_ip: '{{ ansible_host }}' - checkmk_agent_host_name: '{{ inventory_hostname }}' - checkmk_agent_user: automation - checkmk_agent_pass: $AUTOMATION_SECRET - checkmk_agent_protocol: http - checkmk_agent_server: 127.0.0.1 - checkmk_agent_port: 80 - checkmk_agent_site: My_Site - checkmk_agent_version: 2.0.0p22 - ansible_user: Administrator - ansible_password: $SECRET - ansible_connection: winrm - ansible_winrm_transport: ntlm - ansible_winrm_server_cert_validation: ignore From e49d331bec130372aceb9dac43df66118abbeecd Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Wed, 30 Nov 2022 17:01:34 +0100 Subject: [PATCH 027/146] Fix main.yml after merges. --- roles/agent/tasks/main.yml | 33 ++------------------------------- 1 file changed, 2 insertions(+), 31 deletions(-) diff --git a/roles/agent/tasks/main.yml b/roles/agent/tasks/main.yml index ecf012d2b..4124d8870 100644 --- a/roles/agent/tasks/main.yml +++ b/roles/agent/tasks/main.yml @@ -7,7 +7,7 @@ - name: "({{ ansible_system }}): Include OS specific tasks." ansible.builtin.include_tasks: "{{ ansible_system }}.yml" tags: - - get-package-facts + - include-system-tasks - name: "Import Legacy agent tasks." ansible.builtin.include_tasks: "legacy.yml" @@ -15,35 +15,6 @@ checkmk_agent_prep_legacy | bool and ansible_facts.packages['systemd'][0]['version'] | regex_search('\d{1,}') | int < 220 -- name: "Download Checkmk CRE Agent." - ansible.builtin.get_url: - url: "{{ checkmk_agent_agent.url.cre }}" - validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" - dest: "{{ checkmk_agent_agent.file.cre }}" - mode: 0640 - delegate_to: "{{ checkmk_agent_delegate_download }}" - become: false - when: checkmk_agent_edition == "cre" - retries: 3 - tags: - - download-package - -- name: "Transfer Checkmk CRE agent to remote node" - ansible.builtin.copy: - src: "{{ checkmk_agent_agent.file.cre }}" - dest: "{{ checkmk_agent_agent.file.cre }}" - mode: 0644 - when: - - checkmk_agent_edition == "cre" - - checkmk_agent_delegate_download != inventory_hostname - tags: - - download-package - -- name: "Run OS Family specific Tasks." - ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" - tags: - - include-os-family-tasks - - name: "Create host on server." tribe29.checkmk.host: server_url: "{{ checkmk_agent_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_port }}/" @@ -63,7 +34,7 @@ delegate_to: "{{ checkmk_agent_delegate_api_calls }}" when: checkmk_agent_add_host | bool -- name: "({{ ansible_os_family }}): Discover services and labels on host." +- name: "Discover services and labels on host." tribe29.checkmk.discovery: server_url: "{{ checkmk_agent_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_port }}/" site: "{{ checkmk_agent_site }}" From ce455048d516246cc64d67766b4438ee3b98ddc1 Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Wed, 30 Nov 2022 17:02:39 +0100 Subject: [PATCH 028/146] Clean up Jinja spacing in task names. --- roles/agent/tasks/Debian.yml | 12 ++++++------ roles/agent/tasks/Linux.yml | 2 +- roles/agent/tasks/RedHat.yml | 12 ++++++------ roles/agent/tasks/Suse.yml | 14 +++++++------- 4 files changed, 20 insertions(+), 20 deletions(-) diff --git a/roles/agent/tasks/Debian.yml b/roles/agent/tasks/Debian.yml index edfc66e3e..4cc487d3b 100644 --- a/roles/agent/tasks/Debian.yml +++ b/roles/agent/tasks/Debian.yml @@ -1,5 +1,5 @@ --- -- name: "({{ansible_os_family}}) Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?host_name={{ inventory_hostname }}&os_type=linux_deb&agent_type=host_name" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -21,7 +21,7 @@ tags: - download-package -- name: "({{ansible_os_family}}) Derivates: Transfer host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Transfer host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.copy: src: "{{ checkmk_agent_agent.file.host }}" dest: "{{ checkmk_agent_agent.file.host }}" @@ -35,7 +35,7 @@ tags: - download-package -- name: "({{ansible_os_family}}) Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.apt: deb: "{{ checkmk_agent_agent.file.host }}" @@ -49,7 +49,7 @@ tags: - install-package -- name: "({{ansible_os_family}}) Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?os_type=linux_deb&agent_type=generic" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -83,7 +83,7 @@ tags: - download-package -- name: "({{ansible_os_family}}) Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.apt: deb: "{{ checkmk_agent_agent.file.cee }}" @@ -97,7 +97,7 @@ tags: - install-package -- name: "({{ansible_os_family}}) Derivates: Install Checkmk CRE Agent." +- name: "{{ ansible_os_family }} Derivates: Install Checkmk CRE Agent." become: true ansible.builtin.apt: deb: "{{ checkmk_agent_agent.file.cre }}" diff --git a/roles/agent/tasks/Linux.yml b/roles/agent/tasks/Linux.yml index 5c8fb197f..465b12554 100644 --- a/roles/agent/tasks/Linux.yml +++ b/roles/agent/tasks/Linux.yml @@ -22,7 +22,7 @@ tags: - download-package -- name: "({{ansible_os_family}}): Run OS Family specific tasks." +- name: "{{ ansible_os_family }}: Run OS Family specific tasks." ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" tags: - include-os-family-tasks diff --git a/roles/agent/tasks/RedHat.yml b/roles/agent/tasks/RedHat.yml index 4fdf5bc7c..66ccc7e9a 100644 --- a/roles/agent/tasks/RedHat.yml +++ b/roles/agent/tasks/RedHat.yml @@ -1,5 +1,5 @@ --- -- name: "({{ansible_os_family}}) Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?host_name={{ inventory_hostname }}&os_type=linux_rpm&agent_type=host_name" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -21,7 +21,7 @@ tags: - download-package -- name: "({{ansible_os_family}}) Derivates: Transfer host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Transfer host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.copy: src: "{{ checkmk_agent_agent.file.host }}" dest: "{{ checkmk_agent_agent.file.host }}" @@ -35,7 +35,7 @@ tags: - download-package -- name: "({{ansible_os_family}}) Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.yum: name: "{{ checkmk_agent_agent.file.host }}" @@ -49,7 +49,7 @@ tags: - install-package -- name: "({{ansible_os_family}}) Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?os_type=linux_rpm&agent_type=generic" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -83,7 +83,7 @@ tags: - download-package -- name: "({{ansible_os_family}}) Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.yum: name: "{{ checkmk_agent_agent.file.cee }}" @@ -97,7 +97,7 @@ tags: - install-package -- name: "({{ansible_os_family}}) Derivates: Install Checkmk CRE Agent." +- name: "{{ ansible_os_family }} Derivates: Install Checkmk CRE Agent." become: true ansible.builtin.yum: name: "{{ checkmk_agent_agent.file.cre }}" diff --git a/roles/agent/tasks/Suse.yml b/roles/agent/tasks/Suse.yml index 643482e18..203629ca9 100644 --- a/roles/agent/tasks/Suse.yml +++ b/roles/agent/tasks/Suse.yml @@ -1,5 +1,5 @@ --- -- name: "({{ansible_os_family}}) Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?host_name={{ inventory_hostname }}&os_type=linux_rpm&agent_type=host_name" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -21,7 +21,7 @@ tags: - download-package -- name: "({{ansible_os_family}}) Derivates: Transfer host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Transfer host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.copy: src: "{{ checkmk_agent_agent.file.host }}" dest: "{{ checkmk_agent_agent.file.host }}" @@ -35,7 +35,7 @@ tags: - download-package -- name: "({{ansible_os_family}}) Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true community.general.packaging.os.zypper: name: "{{ checkmk_agent_agent.file.host }}" @@ -50,7 +50,7 @@ tags: - install-package -- name: "({{ansible_os_family}}) Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?os_type=linux_rpm&agent_type=generic" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -70,7 +70,7 @@ tags: - download-package -- name: "({{ansible_os_family}}) Derivates: Transfer GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Transfer GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.copy: src: "{{ checkmk_agent_agent.file.cee }}" dest: "{{ checkmk_agent_agent.file.cee }}" @@ -84,7 +84,7 @@ tags: - download-package -- name: "({{ansible_os_family}}) Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true community.general.packaging.os.zypper: name: "{{ checkmk_agent_agent.file.cee }}" @@ -99,7 +99,7 @@ tags: - install-package -- name: "({{ansible_os_family}}) Derivates: Install Checkmk CRE Agent." +- name: "{{ ansible_os_family }} Derivates: Install Checkmk CRE Agent." become: true community.general.packaging.os.zypper: name: "{{ checkmk_agent_agent.file.cre }}" From 64b8139beccc8237144193c1bac7b29650e34648 Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Wed, 21 Sep 2022 16:16:05 +0200 Subject: [PATCH 029/146] WIP: Add Windows files. --- roles/agent/tasks/Windows.yml | 25 +++++++++++++++++++++++++ roles/agent/vars/Windows.yml | 10 ++++++++++ 2 files changed, 35 insertions(+) create mode 100644 roles/agent/tasks/Windows.yml create mode 100644 roles/agent/vars/Windows.yml diff --git a/roles/agent/tasks/Windows.yml b/roles/agent/tasks/Windows.yml new file mode 100644 index 000000000..655a42bbe --- /dev/null +++ b/roles/agent/tasks/Windows.yml @@ -0,0 +1,25 @@ +--- +# Install Check_MK Agent on Windows + +- name: Get current agent version + ansible.builtin.win_shell: | + $checkmk = "C:\Program Files (x86)\check_mk\check_mk_agent.exe" + If (Test-Path $checkmk) { + (Get-Item $checkmk).VersionInfo.ProductVersion + } Else { + "No agent installed"} + register: checkmk_agent_agent_version + changed_when: checkmk_agent_agent_version.stdout_lines[0] != checkmk_agent_version + +- name: Download agent -> {{ checkmk_agent_agent.url }} + ansible.builtin.win_get_url: + url: "{{ checkmk_agent_agent.url }}" + dest: "{{ checkmk_agent_host_tmp_dir }}" + when: checkmk_agent_agent_version.changed + +- name: "Install Checkmk Agent." + ansible.builtin.win_package: + path: "{{ checkmk_agent_agent.file }}" + state: present + wait: true + when: checkmk_agent_agent_version.changed diff --git a/roles/agent/vars/Windows.yml b/roles/agent/vars/Windows.yml new file mode 100644 index 000000000..b488a71ca --- /dev/null +++ b/roles/agent/vars/Windows.yml @@ -0,0 +1,10 @@ +--- +checkmk_agent_host_tmp_dir: "C:\\Temp" + +checkmk_agent_agent: + url: + cre: "{{ checkmk_agent_site_url }}/check_mk/agents/windows/check_mk_agent.msi" + cee: "{{ checkmk_agent_site_url }}/check_mk/agents/windows/check_mk_agent.msi" + file: + cre: "{{ checkmk_agent_host_tmp_dir }}\\check_mk_agent.msi" + cee: "{{ checkmk_agent_host_tmp_dir }}\\check_mk_agent.msi" From de2f88d64182cb1a1088dbfa08c325ec528c893a Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Fri, 14 Oct 2022 17:55:41 +0200 Subject: [PATCH 030/146] Add and change files of agent role Split task main.yml for [Linux|Win32NT].yml (ansible_system) and Windows.yml (ansible_os_family) --- roles/agent/meta/main.yml | 3 ++ roles/agent/tasks/Debian.yml | 10 +++--- roles/agent/tasks/Linux.yml | 68 +++++++++++++++++++++++++++++++++++ roles/agent/tasks/RedHat.yml | 10 +++--- roles/agent/tasks/Suse.yml | 10 +++--- roles/agent/tasks/Win32NT.yml | 16 +++++++++ roles/agent/tasks/Windows.yml | 26 +++++++++----- roles/agent/tasks/legacy.yml | 4 +-- roles/agent/tasks/main.yml | 9 +++-- roles/agent/vars/Windows.yml | 3 +- 10 files changed, 127 insertions(+), 32 deletions(-) create mode 100644 roles/agent/tasks/Linux.yml create mode 100644 roles/agent/tasks/Win32NT.yml diff --git a/roles/agent/meta/main.yml b/roles/agent/meta/main.yml index 1906ddc38..7126e0eb2 100644 --- a/roles/agent/meta/main.yml +++ b/roles/agent/meta/main.yml @@ -46,6 +46,9 @@ galaxy_info: - name: SLES versions: - all + - name: Windows + versions: + - all galaxy_tags: [tribe29, checkmk, monitoring, agent] # List tags for your role here, one per line. A tag is a keyword that describes diff --git a/roles/agent/tasks/Debian.yml b/roles/agent/tasks/Debian.yml index ce744d20c..6192841c8 100644 --- a/roles/agent/tasks/Debian.yml +++ b/roles/agent/tasks/Debian.yml @@ -1,5 +1,5 @@ --- -- name: "Debian Derivatives: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?host_name={{ checkmk_agent_host_name }}&os_type=linux_deb&agent_type=host_name" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -35,7 +35,7 @@ tags: - download-package -- name: "Debian Derivatives: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.apt: deb: "{{ checkmk_agent_agent.file.host }}" @@ -49,7 +49,7 @@ tags: - install-package -- name: "Debian Derivatives: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?os_type=linux_deb&agent_type=generic" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -83,7 +83,7 @@ tags: - download-package -- name: "Debian Derivatives: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.apt: deb: "{{ checkmk_agent_agent.file.cee }}" @@ -97,7 +97,7 @@ tags: - install-package -- name: "Debian Derivatives: Install Checkmk CRE Agent." +- name: "({{ansible_os_family}}) Derivates: Install Checkmk CRE Agent." become: true ansible.builtin.apt: deb: "{{ checkmk_agent_agent.file.cre }}" diff --git a/roles/agent/tasks/Linux.yml b/roles/agent/tasks/Linux.yml new file mode 100644 index 000000000..ee965391f --- /dev/null +++ b/roles/agent/tasks/Linux.yml @@ -0,0 +1,68 @@ +--- +- name: "({{ansible_system}}): Get RPM or APT package facts." + ansible.builtin.package_facts: + manager: "auto" + tags: + - get-package-facts + +- name: "({{ansible_system}}): Import Legacy agent tasks." + ansible.builtin.include_tasks: "legacy.yml" + when: | + checkmk_agent_prep_legacy | bool + and ansible_facts.packages['systemd'][0]['version'] | regex_search('\d{1,}') | int < 220 + +- name: "({{ansible_system}}): Download Checkmk CRE agent." + ansible.builtin.get_url: + url: "{{ checkmk_agent_agent.url.cre }}" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" + dest: "{{ checkmk_agent_agent.file.cre }}" + mode: 0640 + when: checkmk_agent_edition == "cre" + retries: 3 + tags: + - download-package + +- name: "({{ansible_os_family}}): Run OS Family specific tasks." + ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" + tags: + - include-os-family-tasks + +- name: "({{ansible_system}}): Check for Agent Updater Binary." + ansible.builtin.stat: + path: /usr/bin/cmk-update-agent + register: checkmk_agent_updater_binary + +- name: "({{ansible_system}}): Check for Agent Controller Binary." + ansible.builtin.stat: + path: /usr/bin/cmk-agent-ctl + register: checkmk_agent_controller_binary + +- name: "({{ansible_system}}): Register Agent for automatic Updates using User Password." + become: true + ansible.builtin.shell: | + cmk-update-agent register -H {{ checkmk_agent_host_name }} \ + -s {{ checkmk_agent_server }} -i {{ checkmk_agent_site }} -p {{ checkmk_agent_protocol }} \ + -U {{ checkmk_agent_user }} -P {{ checkmk_agent_auth }} + register: checkmk_agent_update_state + when: + (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme") and checkmk_agent_updater_binary.stat.exists and checkmk_agent_update and (checkmk_agent_pass is defined and checkmk_agent_pass) and (checkmk_agent_secret is not defined) + +- name: "({{ansible_system}}): Register Agent for automatic Updates using Automation Secret." + become: true + ansible.builtin.shell: | + cmk-update-agent register -H {{ checkmk_agent_host_name }} \ + -s {{ checkmk_agent_server }} -i {{ checkmk_agent_site }} -p {{ checkmk_agent_protocol }} \ + -U {{ checkmk_agent_user }} -S {{ checkmk_agent_auth }} + register: checkmk_agent_update_state + when: + (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme") and checkmk_agent_updater_binary.stat.exists and checkmk_agent_update and (checkmk_agent_secret is defined and checkmk_agent_secret) + +- name: "({{ansible_system}}): Register Agent for TLS." + become: true + ansible.builtin.shell: | + cmk-agent-ctl register -H {{ checkmk_agent_host_name }} \ + -s {{ checkmk_agent_server }} -i {{ checkmk_agent_site }} \ + -U {{ checkmk_agent_user }} -P {{ checkmk_agent_auth }} --trust-cert + register: checkmk_agent_tls_state + when: + (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme") and checkmk_agent_controller_binary.stat.exists and checkmk_agent_tls and (checkmk_agent_auth is defined and checkmk_agent_auth) diff --git a/roles/agent/tasks/RedHat.yml b/roles/agent/tasks/RedHat.yml index 387cff085..278abbd25 100644 --- a/roles/agent/tasks/RedHat.yml +++ b/roles/agent/tasks/RedHat.yml @@ -1,5 +1,5 @@ --- -- name: "RedHat Derivatives: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?host_name={{ checkmk_agent_host_name }}&os_type=linux_rpm&agent_type=host_name" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -35,7 +35,7 @@ tags: - download-package -- name: "RedHat Derivatives: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.yum: name: "{{ checkmk_agent_agent.file.host }}" @@ -49,7 +49,7 @@ tags: - install-package -- name: "RedHat Derivatives: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?os_type=linux_rpm&agent_type=generic" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -83,7 +83,7 @@ tags: - download-package -- name: "RedHat Derivatives: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.yum: name: "{{ checkmk_agent_agent.file.cee }}" @@ -97,7 +97,7 @@ tags: - install-package -- name: "RedHat Derivatives: Install Checkmk CRE Agent." +- name: "({{ansible_os_family}}) Derivates: Install Checkmk CRE Agent." become: true ansible.builtin.yum: name: "{{ checkmk_agent_agent.file.cre }}" diff --git a/roles/agent/tasks/Suse.yml b/roles/agent/tasks/Suse.yml index 4ccaa9d3b..50892162d 100644 --- a/roles/agent/tasks/Suse.yml +++ b/roles/agent/tasks/Suse.yml @@ -1,5 +1,5 @@ --- -- name: "Suse Derivatives: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?host_name={{ checkmk_agent_host_name }}&os_type=linux_rpm&agent_type=host_name" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -35,7 +35,7 @@ tags: - download-package -- name: "Suse Derivatives: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true community.general.packaging.os.zypper: name: "{{ checkmk_agent_agent.file.host }}" @@ -50,7 +50,7 @@ tags: - install-package -- name: "Suse Derivatives: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?os_type=linux_rpm&agent_type=generic" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -84,7 +84,7 @@ tags: - download-package -- name: "Suse Derivatives: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true community.general.packaging.os.zypper: name: "{{ checkmk_agent_agent.file.cee }}" @@ -99,7 +99,7 @@ tags: - install-package -- name: "Suse Derivatives: Install Checkmk CRE Agent." +- name: "({{ansible_os_family}}) Derivates: Install Checkmk CRE Agent." become: true community.general.packaging.os.zypper: name: "{{ checkmk_agent_agent.file.cre }}" diff --git a/roles/agent/tasks/Win32NT.yml b/roles/agent/tasks/Win32NT.yml new file mode 100644 index 000000000..772b2629e --- /dev/null +++ b/roles/agent/tasks/Win32NT.yml @@ -0,0 +1,16 @@ +--- +- name: "({{ ansible_system }}): Download Checkmk CRE Agent." + ansible.builtin.win_get_url: + url: "{{ checkmk_agent_agent.url.cre }}" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" + dest: "{{ checkmk_agent_agent.file.cre }}" + when: checkmk_agent_edition == "cre" + retries: 3 + tags: + - download-package + +- name: "({{ ansible_os_family }}): Run OS Family specific tasks." + ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" + tags: + - include-os-family-tasks + diff --git a/roles/agent/tasks/Windows.yml b/roles/agent/tasks/Windows.yml index 655a42bbe..d4d48e453 100644 --- a/roles/agent/tasks/Windows.yml +++ b/roles/agent/tasks/Windows.yml @@ -1,9 +1,9 @@ --- # Install Check_MK Agent on Windows -- name: Get current agent version +- name: "({{ ansible_os_family }}): Get current Checkmk agent version." ansible.builtin.win_shell: | - $checkmk = "C:\Program Files (x86)\check_mk\check_mk_agent.exe" + $checkmk = "C:\Program Files (x86)\checkmk\service\check_mk_agent.exe" If (Test-Path $checkmk) { (Get-Item $checkmk).VersionInfo.ProductVersion } Else { @@ -11,15 +11,23 @@ register: checkmk_agent_agent_version changed_when: checkmk_agent_agent_version.stdout_lines[0] != checkmk_agent_version -- name: Download agent -> {{ checkmk_agent_agent.url }} +# Works with dedicated firewall rule or with transparent proxy +- name: "({{ ansible_os_family }}): Download Checkmk agent -> {{ checkmk_agent_agent.url.cee }}." ansible.builtin.win_get_url: - url: "{{ checkmk_agent_agent.url }}" + url: "{{ checkmk_agent_agent.url.cee }}" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" dest: "{{ checkmk_agent_host_tmp_dir }}" - when: checkmk_agent_agent_version.changed + method: GET + headers: + # Authorization: "Bearer {{ checkmk_agent_user }} {{ checkmk_agent_auth }}" + Accept: "application/octet-stream" -- name: "Install Checkmk Agent." + when: | + checkmk_agent_edition == "cee" or + checkmk_agent_edition == "cfe" or + checkmk_agent_edition == "cme" + +- name: "({{ ansible_os_family }}): Install Checkmk Agent." ansible.builtin.win_package: - path: "{{ checkmk_agent_agent.file }}" + path: "{{ checkmk_agent_agent.file.cee }}" state: present - wait: true - when: checkmk_agent_agent_version.changed diff --git a/roles/agent/tasks/legacy.yml b/roles/agent/tasks/legacy.yml index 85ad77dea..4623502a6 100644 --- a/roles/agent/tasks/legacy.yml +++ b/roles/agent/tasks/legacy.yml @@ -1,5 +1,5 @@ --- -- name: "Install xinetd" +- name: "({{ansible_system}}): Install xinetd" become: true ansible.builtin.package: name: xinetd @@ -8,7 +8,7 @@ - install-package - install-prerequisites -- name: "Enable xinetd" +- name: "({{ansible_system}}): Enable xinetd" become: true ansible.builtin.service: name: xinetd diff --git a/roles/agent/tasks/main.yml b/roles/agent/tasks/main.yml index ae5276524..2f548e4cc 100644 --- a/roles/agent/tasks/main.yml +++ b/roles/agent/tasks/main.yml @@ -1,12 +1,11 @@ --- -- name: "Include Derivative specific Variables." +- name: "({{ ansible_os_family }}): Include Derivate specific vars." ansible.builtin.include_vars: "{{ ansible_os_family }}.yml" tags: - include-os-family-vars -- name: "Get RPM or APT package facts." - ansible.builtin.package_facts: - manager: "auto" +- name: "({{ ansible_system }}): Include OS specific tasks." + ansible.builtin.include_tasks: "{{ ansible_system }}.yml" tags: - get-package-facts @@ -120,7 +119,7 @@ and checkmk_agent_tls | bool and (checkmk_agent_auth is defined and checkmk_agent_auth | length) -- name: "Discover services and labels on host." +- name: "({{ ansible_os_family }}): Discover services and labels on host." tribe29.checkmk.discovery: server_url: "{{ checkmk_agent_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_port }}/" site: "{{ checkmk_agent_site }}" diff --git a/roles/agent/vars/Windows.yml b/roles/agent/vars/Windows.yml index b488a71ca..dffe9e69b 100644 --- a/roles/agent/vars/Windows.yml +++ b/roles/agent/vars/Windows.yml @@ -1,5 +1,5 @@ --- -checkmk_agent_host_tmp_dir: "C:\\Temp" +checkmk_agent_host_tmp_dir: "C:\\Windows\\Temp" checkmk_agent_agent: url: @@ -8,3 +8,4 @@ checkmk_agent_agent: file: cre: "{{ checkmk_agent_host_tmp_dir }}\\check_mk_agent.msi" cee: "{{ checkmk_agent_host_tmp_dir }}\\check_mk_agent.msi" + From adff7252cbb7f7afc006f49e95c98ee1962ba79e Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Fri, 14 Oct 2022 18:12:11 +0200 Subject: [PATCH 031/146] Add example playbooks and inventories Use "ansible-playbook example-add_hosts.py -i example-*-inventory.yml" for test --- playbooks/example-add_hosts.py | 8 ++++ playbooks/example-linux-inventory.yml | 23 ++++++++++ playbooks/example-windows-inventory.yml | 56 +++++++++++++++++++++++++ 3 files changed, 87 insertions(+) create mode 100644 playbooks/example-add_hosts.py create mode 100644 playbooks/example-linux-inventory.yml create mode 100644 playbooks/example-windows-inventory.yml diff --git a/playbooks/example-add_hosts.py b/playbooks/example-add_hosts.py new file mode 100644 index 000000000..6c03aea1c --- /dev/null +++ b/playbooks/example-add_hosts.py @@ -0,0 +1,8 @@ +--- +- hosts: My_site # Sitename +# debugger: on_failed +# connection: local + + roles: + - tribe29.checkmk.agent + diff --git a/playbooks/example-linux-inventory.yml b/playbooks/example-linux-inventory.yml new file mode 100644 index 000000000..f701899f4 --- /dev/null +++ b/playbooks/example-linux-inventory.yml @@ -0,0 +1,23 @@ +My_Site: + hosts: + debian: + ansible_host: 127.0.0.1 + checkmk_agent_host_attributes: + ipaddress: '{{ansible_host}}' + # tag_Operating_System: Linux + + vars: + checkmk_agent_add_host: true + checkmk_agent_discover: true + checkmk_agent_edition: cme + checkmk_agent_host_ip: '{{ ansible_host }}' + checkmk_agent_host_name: '{{ inventory_hostname }}' + checkmk_agent_user: automation + checkmk_agent_pass: $AUTOMATION_SECRET + checkmk_agent_protocol: http + checkmk_agent_server: 127.0.0.1 + checkmk_agent_port: 80 + checkmk_agent_site: My_Site + checkmk_agent_version: 2.0.0p22 + ansible_user: root + ansible_password: $SECRET diff --git a/playbooks/example-windows-inventory.yml b/playbooks/example-windows-inventory.yml new file mode 100644 index 000000000..0a9cd2b09 --- /dev/null +++ b/playbooks/example-windows-inventory.yml @@ -0,0 +1,56 @@ +My_Site: + hosts: + win10: + ansible_host: 192.168.128.101 + checkmk_agent_host_attributes: + ipaddress: '{{ansible_host}}' + # tag_Operating_System: Windows + win11: + ansible_host: 192.168.128.100 + checkmk_agent_host_attributes: + ipaddress: '{{ansible_host}}' + # tag_Operating_System: Windows + win2k12: + ansible_host: 192.168.128.103 + checkmk_agent_host_attributes: + ipaddress: '{{ansible_host}}' + # tag_Operating_System: Windows + win2k16: + ansible_host: 192.168.128.102 + checkmk_agent_host_attributes: + ipaddress: '{{ansible_host}}' + # tag_Operating_System: Windows + win2k19: + ansible_host: 192.168.128.105 + checkmk_agent_host_attributes: + ipaddress: '{{ansible_host}}' + # tag_Operating_System: Windows + win2k22: + ansible_host: 192.168.128.104 + checkmk_agent_host_attributes: + ipaddress: '{{ansible_host}}' + # tag_Operating_System: Windows + + vars: + checkmk_agent_add_host: true + checkmk_agent_discover: true + checkmk_agent_edition: cre + checkmk_agent_host_ip: '{{ ansible_host }}' + checkmk_agent_host_name: '{{ inventory_hostname }}' + checkmk_agent_user: automation + checkmk_agent_pass: $AUTOMATION_SECRET + checkmk_agent_protocol: http + checkmk_agent_server: 127.0.0.1 + checkmk_agent_port: 80 + checkmk_agent_site: My_Site + checkmk_agent_version: 2.0.0p22 + ansible_user: Administrator + ansible_password: $SECRET + ansible_connection: winrm + ansible_winrm_transport: ntlm + ansible_winrm_server_cert_validation: ignore + +# Windows host (powershell): +# Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope CurrentUser +# .\ConfigureRemotingForAnsible.ps1 +# winrm quickconfig From c733671dafb089f4ac352285351a3f88c5ae4150 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Fri, 14 Oct 2022 18:16:18 +0200 Subject: [PATCH 032/146] Add preparation files for Windows systems Using https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1 --- preparation/ansible-winrm/00-ansible.cmd | 21 + .../ansible-winrm/01-winrm-quickconfig.cmd | 2 + .../ansible-winrm/02-ansible-winrm.cmd | 5 + preparation/ansible-winrm/03-allow-icmp.cmd | 1 + .../ConfigureRemotingForAnsible.ps1 | 435 ++++++++++++++++++ 5 files changed, 464 insertions(+) create mode 100644 preparation/ansible-winrm/00-ansible.cmd create mode 100644 preparation/ansible-winrm/01-winrm-quickconfig.cmd create mode 100644 preparation/ansible-winrm/02-ansible-winrm.cmd create mode 100644 preparation/ansible-winrm/03-allow-icmp.cmd create mode 100644 preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 diff --git a/preparation/ansible-winrm/00-ansible.cmd b/preparation/ansible-winrm/00-ansible.cmd new file mode 100644 index 000000000..eb33f6f1f --- /dev/null +++ b/preparation/ansible-winrm/00-ansible.cmd @@ -0,0 +1,21 @@ +@echo off +set CURRENT_PATH=%~dp0 +echo %CURRENT_PATH% + + +rem https://stackoverflow.com/questions/4051883/batch-script-how-to-check-for-admin-rights +goto check_Permissions + +:check_Permissions + echo Administrative permissions required. Detecting permissions... + + net session >nul 2>&1 + if %errorLevel% == 0 ( + echo Success: Administrative permissions confirmed. Setting up everything for Ansible... + %CURRENT_PATH%\01-winrm-quickconfig.cmd & %CURRENT_PATH%\02-ansible-winrm.cmd & %CURRENT_PATH%\03-allow-icmp.cmd +pause + ) else ( + echo Failure: Current permissions inadequate. You need to run this script as administrator! + ) + + pause >nul \ No newline at end of file diff --git a/preparation/ansible-winrm/01-winrm-quickconfig.cmd b/preparation/ansible-winrm/01-winrm-quickconfig.cmd new file mode 100644 index 000000000..315c28ea4 --- /dev/null +++ b/preparation/ansible-winrm/01-winrm-quickconfig.cmd @@ -0,0 +1,2 @@ +@echo off +winrm quickconfig diff --git a/preparation/ansible-winrm/02-ansible-winrm.cmd b/preparation/ansible-winrm/02-ansible-winrm.cmd new file mode 100644 index 000000000..9e210ac9c --- /dev/null +++ b/preparation/ansible-winrm/02-ansible-winrm.cmd @@ -0,0 +1,5 @@ +@echo off +set CURRENT_PATH=%~dp0 +echo %CURRENT_PATH% +powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope CurrentUser +powershell %CURRENT_PATH%\ConfigureRemotingForAnsible.ps1 \ No newline at end of file diff --git a/preparation/ansible-winrm/03-allow-icmp.cmd b/preparation/ansible-winrm/03-allow-icmp.cmd new file mode 100644 index 000000000..41dcfd898 --- /dev/null +++ b/preparation/ansible-winrm/03-allow-icmp.cmd @@ -0,0 +1 @@ +powershell Set-NetFirewallRule -name "FPS-ICMP4-ERQ-In*" -Enabled true \ No newline at end of file diff --git a/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 b/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 new file mode 100644 index 000000000..7cc86abd7 --- /dev/null +++ b/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 @@ -0,0 +1,435 @@ +#Requires -Version 3.0 + +# Configure a Windows host for remote management with Ansible +# ----------------------------------------------------------- +# +# This script checks the current WinRM (PS Remoting) configuration and makes +# the necessary changes to allow Ansible to connect, authenticate and +# execute PowerShell commands. +# +# IMPORTANT: This script uses self-signed certificates and authentication mechanisms +# that are intended for development environments and evaluation purposes only. +# Production environments and deployments that are exposed on the network should +# use CA-signed certificates and secure authentication mechanisms such as Kerberos. +# +# To run this script in Powershell: +# +# [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 +# $url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1" +# $file = "$env:temp\ConfigureRemotingForAnsible.ps1" +# +# (New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file) +# +# powershell.exe -ExecutionPolicy ByPass -File $file +# +# All events are logged to the Windows EventLog, useful for unattended runs. +# +# Use option -Verbose in order to see the verbose output messages. +# +# Use option -CertValidityDays to specify how long this certificate is valid +# starting from today. So you would specify -CertValidityDays 3650 to get +# a 10-year valid certificate. +# +# Use option -ForceNewSSLCert if the system has been SysPreped and a new +# SSL Certificate must be forced on the WinRM Listener when re-running this +# script. This is necessary when a new SID and CN name is created. +# +# Use option -EnableCredSSP to enable CredSSP as an authentication option. +# +# Use option -DisableBasicAuth to disable basic authentication. +# +# Use option -SkipNetworkProfileCheck to skip the network profile check. +# Without specifying this the script will only run if the device's interfaces +# are in DOMAIN or PRIVATE zones. Provide this switch if you want to enable +# WinRM on a device with an interface in PUBLIC zone. +# +# Use option -SubjectName to specify the CN name of the certificate. This +# defaults to the system's hostname and generally should not be specified. + +# Written by Trond Hindenes +# Updated by Chris Church +# Updated by Michael Crilly +# Updated by Anton Ouzounov +# Updated by Nicolas Simond +# Updated by Dag Wieërs +# Updated by Jordan Borean +# Updated by Erwan Quélin +# Updated by David Norman +# +# Version 1.0 - 2014-07-06 +# Version 1.1 - 2014-11-11 +# Version 1.2 - 2015-05-15 +# Version 1.3 - 2016-04-04 +# Version 1.4 - 2017-01-05 +# Version 1.5 - 2017-02-09 +# Version 1.6 - 2017-04-18 +# Version 1.7 - 2017-11-23 +# Version 1.8 - 2018-02-23 +# Version 1.9 - 2018-09-21 + +# Support -Verbose option +[CmdletBinding()] + +Param ( + [string]$SubjectName = $env:COMPUTERNAME, + [int]$CertValidityDays = 1095, + [switch]$SkipNetworkProfileCheck, + $CreateSelfSignedCert = $true, + [switch]$ForceNewSSLCert, + [switch]$GlobalHttpFirewallAccess, + [switch]$DisableBasicAuth = $false, + [switch]$EnableCredSSP +) + +Function Write-ProgressLog { + $Message = $args[0] + Write-EventLog -LogName Application -Source $EventSource -EntryType Information -EventId 1 -Message $Message +} + +Function Write-VerboseLog { + $Message = $args[0] + Write-Verbose $Message + Write-ProgressLog $Message +} + +Function Write-HostLog { + $Message = $args[0] + Write-Output $Message + Write-ProgressLog $Message +} + +Function New-LegacySelfSignedCert { + Param ( + [string]$SubjectName, + [int]$ValidDays = 1095 + ) + + $hostnonFQDN = $env:computerName + $hostFQDN = [System.Net.Dns]::GetHostByName(($env:computerName)).Hostname + $SignatureAlgorithm = "SHA256" + + $name = New-Object -COM "X509Enrollment.CX500DistinguishedName.1" + $name.Encode("CN=$SubjectName", 0) + + $key = New-Object -COM "X509Enrollment.CX509PrivateKey.1" + $key.ProviderName = "Microsoft Enhanced RSA and AES Cryptographic Provider" + $key.KeySpec = 1 + $key.Length = 4096 + $key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)" + $key.MachineContext = 1 + $key.Create() + + $serverauthoid = New-Object -COM "X509Enrollment.CObjectId.1" + $serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1") + $ekuoids = New-Object -COM "X509Enrollment.CObjectIds.1" + $ekuoids.Add($serverauthoid) + $ekuext = New-Object -COM "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1" + $ekuext.InitializeEncode($ekuoids) + + $cert = New-Object -COM "X509Enrollment.CX509CertificateRequestCertificate.1" + $cert.InitializeFromPrivateKey(2, $key, "") + $cert.Subject = $name + $cert.Issuer = $cert.Subject + $cert.NotBefore = (Get-Date).AddDays(-1) + $cert.NotAfter = $cert.NotBefore.AddDays($ValidDays) + + $SigOID = New-Object -ComObject X509Enrollment.CObjectId + $SigOID.InitializeFromValue(([Security.Cryptography.Oid]$SignatureAlgorithm).Value) + + [string[]] $AlternativeName += $hostnonFQDN + $AlternativeName += $hostFQDN + $IAlternativeNames = New-Object -ComObject X509Enrollment.CAlternativeNames + + foreach ($AN in $AlternativeName) { + $AltName = New-Object -ComObject X509Enrollment.CAlternativeName + $AltName.InitializeFromString(0x3, $AN) + $IAlternativeNames.Add($AltName) + } + + $SubjectAlternativeName = New-Object -ComObject X509Enrollment.CX509ExtensionAlternativeNames + $SubjectAlternativeName.InitializeEncode($IAlternativeNames) + + [String[]]$KeyUsage = ("DigitalSignature", "KeyEncipherment") + $KeyUsageObj = New-Object -ComObject X509Enrollment.CX509ExtensionKeyUsage + $KeyUsageObj.InitializeEncode([int][Security.Cryptography.X509Certificates.X509KeyUsageFlags]($KeyUsage)) + $KeyUsageObj.Critical = $true + + $cert.X509Extensions.Add($KeyUsageObj) + $cert.X509Extensions.Add($ekuext) + $cert.SignatureInformation.HashAlgorithm = $SigOID + $CERT.X509Extensions.Add($SubjectAlternativeName) + $cert.Encode() + + $enrollment = New-Object -COM "X509Enrollment.CX509Enrollment.1" + $enrollment.InitializeFromRequest($cert) + $certdata = $enrollment.CreateRequest(0) + $enrollment.InstallResponse(2, $certdata, 0, "") + + # extract/return the thumbprint from the generated cert + $parsed_cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 + $parsed_cert.Import([System.Text.Encoding]::UTF8.GetBytes($certdata)) + + return $parsed_cert.Thumbprint +} + +Function Enable-GlobalHttpFirewallAccess { + Write-Verbose "Forcing global HTTP firewall access" + # this is a fairly naive implementation; could be more sophisticated about rule matching/collapsing + $fw = New-Object -ComObject HNetCfg.FWPolicy2 + + # try to find/enable the default rule first + $add_rule = $false + $matching_rules = $fw.Rules | Where-Object { $_.Name -eq "Windows Remote Management (HTTP-In)" } + $rule = $null + If ($matching_rules) { + If ($matching_rules -isnot [Array]) { + Write-Verbose "Editing existing single HTTP firewall rule" + $rule = $matching_rules + } + Else { + # try to find one with the All or Public profile first + Write-Verbose "Found multiple existing HTTP firewall rules..." + $rule = $matching_rules | ForEach-Object { $_.Profiles -band 4 }[0] + + If (-not $rule -or $rule -is [Array]) { + Write-Verbose "Editing an arbitrary single HTTP firewall rule (multiple existed)" + # oh well, just pick the first one + $rule = $matching_rules[0] + } + } + } + + If (-not $rule) { + Write-Verbose "Creating a new HTTP firewall rule" + $rule = New-Object -ComObject HNetCfg.FWRule + $rule.Name = "Windows Remote Management (HTTP-In)" + $rule.Description = "Inbound rule for Windows Remote Management via WS-Management. [TCP 5985]" + $add_rule = $true + } + + $rule.Profiles = 0x7FFFFFFF + $rule.Protocol = 6 + $rule.LocalPorts = 5985 + $rule.RemotePorts = "*" + $rule.LocalAddresses = "*" + $rule.RemoteAddresses = "*" + $rule.Enabled = $true + $rule.Direction = 1 + $rule.Action = 1 + $rule.Grouping = "Windows Remote Management" + + If ($add_rule) { + $fw.Rules.Add($rule) + } + + Write-Verbose "HTTP firewall rule $($rule.Name) updated" +} + +# Setup error handling. +Trap { + $_ + Exit 1 +} +$ErrorActionPreference = "Stop" + +# Get the ID and security principal of the current user account +$myWindowsID = [System.Security.Principal.WindowsIdentity]::GetCurrent() +$myWindowsPrincipal = new-object System.Security.Principal.WindowsPrincipal($myWindowsID) + +# Get the security principal for the Administrator role +$adminRole = [System.Security.Principal.WindowsBuiltInRole]::Administrator + +# Check to see if we are currently running "as Administrator" +if (-Not $myWindowsPrincipal.IsInRole($adminRole)) { + Write-Output "ERROR: You need elevated Administrator privileges in order to run this script." + Write-Output " Start Windows PowerShell by using the Run as Administrator option." + Exit 2 +} + +$EventSource = $MyInvocation.MyCommand.Name +If (-Not $EventSource) { + $EventSource = "Powershell CLI" +} + +If ([System.Diagnostics.EventLog]::Exists('Application') -eq $False -or [System.Diagnostics.EventLog]::SourceExists($EventSource) -eq $False) { + New-EventLog -LogName Application -Source $EventSource +} + +# Detect PowerShell version. +If ($PSVersionTable.PSVersion.Major -lt 3) { + Write-ProgressLog "PowerShell version 3 or higher is required." + Throw "PowerShell version 3 or higher is required." +} + +# Find and start the WinRM service. +Write-Verbose "Verifying WinRM service." +If (!(Get-Service "WinRM")) { + Write-ProgressLog "Unable to find the WinRM service." + Throw "Unable to find the WinRM service." +} +ElseIf ((Get-Service "WinRM").Status -ne "Running") { + Write-Verbose "Setting WinRM service to start automatically on boot." + Set-Service -Name "WinRM" -StartupType Automatic + Write-ProgressLog "Set WinRM service to start automatically on boot." + Write-Verbose "Starting WinRM service." + Start-Service -Name "WinRM" -ErrorAction Stop + Write-ProgressLog "Started WinRM service." + +} + +# WinRM should be running; check that we have a PS session config. +If (!(Get-PSSessionConfiguration -Verbose:$false) -or (!(Get-ChildItem WSMan:\localhost\Listener))) { + If ($SkipNetworkProfileCheck) { + Write-Verbose "Enabling PS Remoting without checking Network profile." + Enable-PSRemoting -SkipNetworkProfileCheck -Force -ErrorAction Stop + Write-ProgressLog "Enabled PS Remoting without checking Network profile." + } + Else { + Write-Verbose "Enabling PS Remoting." + Enable-PSRemoting -Force -ErrorAction Stop + Write-ProgressLog "Enabled PS Remoting." + } +} +Else { + Write-Verbose "PS Remoting is already enabled." +} + +# Ensure LocalAccountTokenFilterPolicy is set to 1 +# https://github.com/ansible/ansible/issues/42978 +$token_path = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" +$token_prop_name = "LocalAccountTokenFilterPolicy" +$token_key = Get-Item -Path $token_path +$token_value = $token_key.GetValue($token_prop_name, $null) +if ($token_value -ne 1) { + Write-Verbose "Setting LocalAccountTOkenFilterPolicy to 1" + if ($null -ne $token_value) { + Remove-ItemProperty -Path $token_path -Name $token_prop_name + } + New-ItemProperty -Path $token_path -Name $token_prop_name -Value 1 -PropertyType DWORD > $null +} + +# Make sure there is a SSL listener. +$listeners = Get-ChildItem WSMan:\localhost\Listener +If (!($listeners | Where-Object { $_.Keys -like "TRANSPORT=HTTPS" })) { + # We cannot use New-SelfSignedCertificate on 2012R2 and earlier + $thumbprint = New-LegacySelfSignedCert -SubjectName $SubjectName -ValidDays $CertValidityDays + Write-HostLog "Self-signed SSL certificate generated; thumbprint: $thumbprint" + + # Create the hashtables of settings to be used. + $valueset = @{ + Hostname = $SubjectName + CertificateThumbprint = $thumbprint + } + + $selectorset = @{ + Transport = "HTTPS" + Address = "*" + } + + Write-Verbose "Enabling SSL listener." + New-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset -ValueSet $valueset + Write-ProgressLog "Enabled SSL listener." +} +Else { + Write-Verbose "SSL listener is already active." + + # Force a new SSL cert on Listener if the $ForceNewSSLCert + If ($ForceNewSSLCert) { + + # We cannot use New-SelfSignedCertificate on 2012R2 and earlier + $thumbprint = New-LegacySelfSignedCert -SubjectName $SubjectName -ValidDays $CertValidityDays + Write-HostLog "Self-signed SSL certificate generated; thumbprint: $thumbprint" + + $valueset = @{ + CertificateThumbprint = $thumbprint + Hostname = $SubjectName + } + + # Delete the listener for SSL + $selectorset = @{ + Address = "*" + Transport = "HTTPS" + } + Remove-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset + + # Add new Listener with new SSL cert + New-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset -ValueSet $valueset + } +} + +# Check for basic authentication. +$basicAuthSetting = Get-ChildItem WSMan:\localhost\Service\Auth | Where-Object { $_.Name -eq "Basic" } + +If ($DisableBasicAuth) { + If (($basicAuthSetting.Value) -eq $true) { + Write-Verbose "Disabling basic auth support." + Set-Item -Path "WSMan:\localhost\Service\Auth\Basic" -Value $false + Write-ProgressLog "Disabled basic auth support." + } + Else { + Write-Verbose "Basic auth is already disabled." + } +} +Else { + If (($basicAuthSetting.Value) -eq $false) { + Write-Verbose "Enabling basic auth support." + Set-Item -Path "WSMan:\localhost\Service\Auth\Basic" -Value $true + Write-ProgressLog "Enabled basic auth support." + } + Else { + Write-Verbose "Basic auth is already enabled." + } +} + +# If EnableCredSSP if set to true +If ($EnableCredSSP) { + # Check for CredSSP authentication + $credsspAuthSetting = Get-ChildItem WSMan:\localhost\Service\Auth | Where-Object { $_.Name -eq "CredSSP" } + If (($credsspAuthSetting.Value) -eq $false) { + Write-Verbose "Enabling CredSSP auth support." + Enable-WSManCredSSP -role server -Force + Write-ProgressLog "Enabled CredSSP auth support." + } +} + +If ($GlobalHttpFirewallAccess) { + Enable-GlobalHttpFirewallAccess +} + +# Configure firewall to allow WinRM HTTPS connections. +$fwtest1 = netsh advfirewall firewall show rule name="Allow WinRM HTTPS" +$fwtest2 = netsh advfirewall firewall show rule name="Allow WinRM HTTPS" profile=any +If ($fwtest1.count -lt 5) { + Write-Verbose "Adding firewall rule to allow WinRM HTTPS." + netsh advfirewall firewall add rule profile=any name="Allow WinRM HTTPS" dir=in localport=5986 protocol=TCP action=allow + Write-ProgressLog "Added firewall rule to allow WinRM HTTPS." +} +ElseIf (($fwtest1.count -ge 5) -and ($fwtest2.count -lt 5)) { + Write-Verbose "Updating firewall rule to allow WinRM HTTPS for any profile." + netsh advfirewall firewall set rule name="Allow WinRM HTTPS" new profile=any + Write-ProgressLog "Updated firewall rule to allow WinRM HTTPS for any profile." +} +Else { + Write-Verbose "Firewall rule already exists to allow WinRM HTTPS." +} + +# Test a remoting connection to localhost, which should work. +$httpResult = Invoke-Command -ComputerName "localhost" -ScriptBlock { $using:env:COMPUTERNAME } -ErrorVariable httpError -ErrorAction SilentlyContinue +$httpsOptions = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck + +$httpsResult = New-PSSession -UseSSL -ComputerName "localhost" -SessionOption $httpsOptions -ErrorVariable httpsError -ErrorAction SilentlyContinue + +If ($httpResult -and $httpsResult) { + Write-Verbose "HTTP: Enabled | HTTPS: Enabled" +} +ElseIf ($httpsResult -and !$httpResult) { + Write-Verbose "HTTP: Disabled | HTTPS: Enabled" +} +ElseIf ($httpResult -and !$httpsResult) { + Write-Verbose "HTTP: Enabled | HTTPS: Disabled" +} +Else { + Write-ProgressLog "Unable to establish an HTTP or HTTPS remoting session." + Throw "Unable to establish an HTTP or HTTPS remoting session." +} +Write-VerboseLog "PS Remoting has been successfully configured for Ansible." From da20d224e8a18b0d82947b6ffbf44e765a8af9b8 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Tue, 1 Nov 2022 13:17:01 +0100 Subject: [PATCH 033/146] Remove newlines --- roles/agent/tasks/Win32NT.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/agent/tasks/Win32NT.yml b/roles/agent/tasks/Win32NT.yml index 772b2629e..73a0bf34d 100644 --- a/roles/agent/tasks/Win32NT.yml +++ b/roles/agent/tasks/Win32NT.yml @@ -13,4 +13,3 @@ ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" tags: - include-os-family-tasks - From 618b0b6a4a3676fcb4bd1dd3a0a1730291487bdb Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Tue, 1 Nov 2022 13:18:07 +0100 Subject: [PATCH 034/146] Remove newline From 56908b9bfb3d2e111c4c85bc8ea680c28ab84249 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Tue, 1 Nov 2022 13:20:22 +0100 Subject: [PATCH 035/146] Change extension --- playbooks/{example-add_hosts.py => example-add_hosts.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename playbooks/{example-add_hosts.py => example-add_hosts.yml} (100%) diff --git a/playbooks/example-add_hosts.py b/playbooks/example-add_hosts.yml similarity index 100% rename from playbooks/example-add_hosts.py rename to playbooks/example-add_hosts.yml From bd9295d02249efff2b9e9a0f3f8b9ad52ba02954 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Tue, 1 Nov 2022 13:20:37 +0100 Subject: [PATCH 036/146] Update example-add_hosts.yml --- playbooks/example-add_hosts.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/playbooks/example-add_hosts.yml b/playbooks/example-add_hosts.yml index 6c03aea1c..1c4258975 100644 --- a/playbooks/example-add_hosts.yml +++ b/playbooks/example-add_hosts.yml @@ -5,4 +5,3 @@ roles: - tribe29.checkmk.agent - From af1fb8411b9b9cce037a2921044fda8ba32dd725 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Tue, 1 Nov 2022 13:22:52 +0100 Subject: [PATCH 037/146] Update 00-ansible.cmd --- preparation/ansible-winrm/00-ansible.cmd | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/preparation/ansible-winrm/00-ansible.cmd b/preparation/ansible-winrm/00-ansible.cmd index eb33f6f1f..663d8cf6b 100644 --- a/preparation/ansible-winrm/00-ansible.cmd +++ b/preparation/ansible-winrm/00-ansible.cmd @@ -2,7 +2,6 @@ set CURRENT_PATH=%~dp0 echo %CURRENT_PATH% - rem https://stackoverflow.com/questions/4051883/batch-script-how-to-check-for-admin-rights goto check_Permissions @@ -18,4 +17,4 @@ pause echo Failure: Current permissions inadequate. You need to run this script as administrator! ) - pause >nul \ No newline at end of file + pause >nul From 900524d3691f047900637dd90d4edac087145fd5 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Tue, 1 Nov 2022 13:23:12 +0100 Subject: [PATCH 038/146] Update 01-winrm-quickconfig.cmd From 8c0fd9ac4e9dcc46192496a9f2c6aaf3bcbb30dd Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Wed, 2 Nov 2022 09:32:51 +0100 Subject: [PATCH 039/146] Update Windows.yml --- roles/agent/vars/Windows.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/agent/vars/Windows.yml b/roles/agent/vars/Windows.yml index dffe9e69b..be8924891 100644 --- a/roles/agent/vars/Windows.yml +++ b/roles/agent/vars/Windows.yml @@ -8,4 +8,3 @@ checkmk_agent_agent: file: cre: "{{ checkmk_agent_host_tmp_dir }}\\check_mk_agent.msi" cee: "{{ checkmk_agent_host_tmp_dir }}\\check_mk_agent.msi" - From 75c396ab892651ac8b16ed1f3ff1dc594ea8e23b Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Wed, 2 Nov 2022 09:38:11 +0100 Subject: [PATCH 040/146] Change -Path to -LiteralPath --- preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 b/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 index 7cc86abd7..ecf84119b 100644 --- a/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 +++ b/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 @@ -298,14 +298,14 @@ Else { # https://github.com/ansible/ansible/issues/42978 $token_path = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" $token_prop_name = "LocalAccountTokenFilterPolicy" -$token_key = Get-Item -Path $token_path +$token_key = Get-Item -LiteralPath $token_path $token_value = $token_key.GetValue($token_prop_name, $null) if ($token_value -ne 1) { Write-Verbose "Setting LocalAccountTOkenFilterPolicy to 1" if ($null -ne $token_value) { - Remove-ItemProperty -Path $token_path -Name $token_prop_name + Remove-ItemProperty -LiteralPath $token_path -Name $token_prop_name } - New-ItemProperty -Path $token_path -Name $token_prop_name -Value 1 -PropertyType DWORD > $null + New-ItemProperty -LiteralPath $token_path -Name $token_prop_name -Value 1 -PropertyType DWORD > $null } # Make sure there is a SSL listener. From 2346eefffae48d502e4444538e45de4e9609a2e2 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Wed, 2 Nov 2022 09:40:26 +0100 Subject: [PATCH 041/146] Update 00-ansible.cmd --- preparation/ansible-winrm/00-ansible.cmd | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/preparation/ansible-winrm/00-ansible.cmd b/preparation/ansible-winrm/00-ansible.cmd index 663d8cf6b..eccd681c1 100644 --- a/preparation/ansible-winrm/00-ansible.cmd +++ b/preparation/ansible-winrm/00-ansible.cmd @@ -16,5 +16,5 @@ pause ) else ( echo Failure: Current permissions inadequate. You need to run this script as administrator! ) - - pause >nul + +pause >nul From 65c2c8e1148c67c9d29dbf622b5eda4230f756c4 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Thu, 3 Nov 2022 09:10:32 +0100 Subject: [PATCH 042/146] Update .gitattributes Handle line endings in windows files --- .gitattributes | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitattributes b/.gitattributes index b2a76a893..f152d0d95 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1 +1,2 @@ -*.yml linguist-detectable \ No newline at end of file +*.yml linguist-detectable +*.cmd text eol=crlf From f668adf09e1feecc1d6e2dd2302ce368ea0db789 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Thu, 3 Nov 2022 09:19:11 +0100 Subject: [PATCH 043/146] Update Linux.yml --- roles/agent/tasks/Linux.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/agent/tasks/Linux.yml b/roles/agent/tasks/Linux.yml index ee965391f..5c8fb197f 100644 --- a/roles/agent/tasks/Linux.yml +++ b/roles/agent/tasks/Linux.yml @@ -54,7 +54,7 @@ -s {{ checkmk_agent_server }} -i {{ checkmk_agent_site }} -p {{ checkmk_agent_protocol }} \ -U {{ checkmk_agent_user }} -S {{ checkmk_agent_auth }} register: checkmk_agent_update_state - when: + when: (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme") and checkmk_agent_updater_binary.stat.exists and checkmk_agent_update and (checkmk_agent_secret is defined and checkmk_agent_secret) - name: "({{ansible_system}}): Register Agent for TLS." @@ -64,5 +64,5 @@ -s {{ checkmk_agent_server }} -i {{ checkmk_agent_site }} \ -U {{ checkmk_agent_user }} -P {{ checkmk_agent_auth }} --trust-cert register: checkmk_agent_tls_state - when: + when: (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme") and checkmk_agent_controller_binary.stat.exists and checkmk_agent_tls and (checkmk_agent_auth is defined and checkmk_agent_auth) From ba18e5e4cd51ca6e82042af5340c24d7e28b44fb Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Thu, 3 Nov 2022 09:19:39 +0100 Subject: [PATCH 044/146] Update Windows.yml --- roles/agent/tasks/Windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/agent/tasks/Windows.yml b/roles/agent/tasks/Windows.yml index d4d48e453..d7e810a2c 100644 --- a/roles/agent/tasks/Windows.yml +++ b/roles/agent/tasks/Windows.yml @@ -26,7 +26,7 @@ checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme" - + - name: "({{ ansible_os_family }}): Install Checkmk Agent." ansible.builtin.win_package: path: "{{ checkmk_agent_agent.file.cee }}" From 5e7f16462e220d2241a7afb81108aae845d29e3f Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Thu, 3 Nov 2022 09:23:19 +0100 Subject: [PATCH 045/146] Update example-linux-inventory.yml --- playbooks/example-linux-inventory.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/playbooks/example-linux-inventory.yml b/playbooks/example-linux-inventory.yml index f701899f4..d2ff3df18 100644 --- a/playbooks/example-linux-inventory.yml +++ b/playbooks/example-linux-inventory.yml @@ -1,10 +1,10 @@ +--- My_Site: hosts: debian: ansible_host: 127.0.0.1 checkmk_agent_host_attributes: ipaddress: '{{ansible_host}}' - # tag_Operating_System: Linux vars: checkmk_agent_add_host: true @@ -19,5 +19,5 @@ My_Site: checkmk_agent_port: 80 checkmk_agent_site: My_Site checkmk_agent_version: 2.0.0p22 - ansible_user: root + ansible_user: root ansible_password: $SECRET From cf5c248acc828f6ebb39d1dd5673e474c8f9d463 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Thu, 3 Nov 2022 09:24:38 +0100 Subject: [PATCH 046/146] Update example-windows-inventory.yml --- playbooks/example-windows-inventory.yml | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/playbooks/example-windows-inventory.yml b/playbooks/example-windows-inventory.yml index 0a9cd2b09..001957fa1 100644 --- a/playbooks/example-windows-inventory.yml +++ b/playbooks/example-windows-inventory.yml @@ -1,35 +1,30 @@ +--- My_Site: hosts: win10: ansible_host: 192.168.128.101 checkmk_agent_host_attributes: ipaddress: '{{ansible_host}}' - # tag_Operating_System: Windows win11: ansible_host: 192.168.128.100 checkmk_agent_host_attributes: ipaddress: '{{ansible_host}}' - # tag_Operating_System: Windows win2k12: ansible_host: 192.168.128.103 checkmk_agent_host_attributes: ipaddress: '{{ansible_host}}' - # tag_Operating_System: Windows win2k16: ansible_host: 192.168.128.102 checkmk_agent_host_attributes: ipaddress: '{{ansible_host}}' - # tag_Operating_System: Windows win2k19: ansible_host: 192.168.128.105 checkmk_agent_host_attributes: ipaddress: '{{ansible_host}}' - # tag_Operating_System: Windows win2k22: ansible_host: 192.168.128.104 checkmk_agent_host_attributes: ipaddress: '{{ansible_host}}' - # tag_Operating_System: Windows vars: checkmk_agent_add_host: true @@ -45,12 +40,7 @@ My_Site: checkmk_agent_site: My_Site checkmk_agent_version: 2.0.0p22 ansible_user: Administrator - ansible_password: $SECRET + ansible_password: $SECRET ansible_connection: winrm - ansible_winrm_transport: ntlm + ansible_winrm_transport: ntlm ansible_winrm_server_cert_validation: ignore - -# Windows host (powershell): -# Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope CurrentUser -# .\ConfigureRemotingForAnsible.ps1 -# winrm quickconfig From c3190f47522c8529269c626c2a78b856f609332d Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Thu, 3 Nov 2022 09:25:26 +0100 Subject: [PATCH 047/146] Update example-add_hosts.yml --- playbooks/example-add_hosts.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/playbooks/example-add_hosts.yml b/playbooks/example-add_hosts.yml index 1c4258975..820182a2d 100644 --- a/playbooks/example-add_hosts.yml +++ b/playbooks/example-add_hosts.yml @@ -1,7 +1,5 @@ --- - hosts: My_site # Sitename -# debugger: on_failed -# connection: local roles: - tribe29.checkmk.agent From bb74f592036d8ddf40835598340f69dc0e51937e Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Thu, 3 Nov 2022 09:38:41 +0100 Subject: [PATCH 048/146] Force LF line ending on windows files --- .gitattributes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitattributes b/.gitattributes index f152d0d95..e7f092344 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,2 +1,2 @@ *.yml linguist-detectable -*.cmd text eol=crlf +*.cmd text eol=lf From 6b5d3d2adcf0eb24b131eb14f519f18cd1621ccc Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Thu, 3 Nov 2022 09:41:40 +0100 Subject: [PATCH 049/146] Update 00-ansible.cmd From 8592c815d6d9da82701a09f818f7786d134b9e28 Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Fri, 4 Nov 2022 17:34:15 +0100 Subject: [PATCH 050/146] Trash --- preparation/ansible-winrm/00-ansible.cmd | 40 +++++++++---------- .../ansible-winrm/01-winrm-quickconfig.cmd | 4 +- .../ansible-winrm/02-ansible-winrm.cmd | 8 ++-- 3 files changed, 26 insertions(+), 26 deletions(-) diff --git a/preparation/ansible-winrm/00-ansible.cmd b/preparation/ansible-winrm/00-ansible.cmd index eccd681c1..b173c1b1e 100644 --- a/preparation/ansible-winrm/00-ansible.cmd +++ b/preparation/ansible-winrm/00-ansible.cmd @@ -1,20 +1,20 @@ -@echo off -set CURRENT_PATH=%~dp0 -echo %CURRENT_PATH% - -rem https://stackoverflow.com/questions/4051883/batch-script-how-to-check-for-admin-rights -goto check_Permissions - -:check_Permissions - echo Administrative permissions required. Detecting permissions... - - net session >nul 2>&1 - if %errorLevel% == 0 ( - echo Success: Administrative permissions confirmed. Setting up everything for Ansible... - %CURRENT_PATH%\01-winrm-quickconfig.cmd & %CURRENT_PATH%\02-ansible-winrm.cmd & %CURRENT_PATH%\03-allow-icmp.cmd -pause - ) else ( - echo Failure: Current permissions inadequate. You need to run this script as administrator! - ) - -pause >nul +@echo off +set CURRENT_PATH=%~dp0 +echo %CURRENT_PATH% + +rem https://stackoverflow.com/questions/4051883/batch-script-how-to-check-for-admin-rights +goto check_Permissions + +:check_Permissions + echo Administrative permissions required. Detecting permissions... + + net session >nul 2>&1 + if %errorLevel% == 0 ( + echo Success: Administrative permissions confirmed. Setting up everything for Ansible... + %CURRENT_PATH%\01-winrm-quickconfig.cmd & %CURRENT_PATH%\02-ansible-winrm.cmd & %CURRENT_PATH%\03-allow-icmp.cmd +pause + ) else ( + echo Failure: Current permissions inadequate. You need to run this script as administrator! + ) + +pause >nul diff --git a/preparation/ansible-winrm/01-winrm-quickconfig.cmd b/preparation/ansible-winrm/01-winrm-quickconfig.cmd index 315c28ea4..bb8142259 100644 --- a/preparation/ansible-winrm/01-winrm-quickconfig.cmd +++ b/preparation/ansible-winrm/01-winrm-quickconfig.cmd @@ -1,2 +1,2 @@ -@echo off -winrm quickconfig +@echo off +winrm quickconfig diff --git a/preparation/ansible-winrm/02-ansible-winrm.cmd b/preparation/ansible-winrm/02-ansible-winrm.cmd index 9e210ac9c..812d741c1 100644 --- a/preparation/ansible-winrm/02-ansible-winrm.cmd +++ b/preparation/ansible-winrm/02-ansible-winrm.cmd @@ -1,5 +1,5 @@ -@echo off -set CURRENT_PATH=%~dp0 -echo %CURRENT_PATH% -powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope CurrentUser +@echo off +set CURRENT_PATH=%~dp0 +echo %CURRENT_PATH% +powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope CurrentUser powershell %CURRENT_PATH%\ConfigureRemotingForAnsible.ps1 \ No newline at end of file From cb044f1f27ad6ec50fd66b881e29c619c15ea80b Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Mon, 7 Nov 2022 08:22:22 +0100 Subject: [PATCH 051/146] Delete example-add_hosts.yml --- playbooks/example-add_hosts.yml | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 playbooks/example-add_hosts.yml diff --git a/playbooks/example-add_hosts.yml b/playbooks/example-add_hosts.yml deleted file mode 100644 index 820182a2d..000000000 --- a/playbooks/example-add_hosts.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: My_site # Sitename - - roles: - - tribe29.checkmk.agent From c0b7d3e2b96be6aa9aad8a9d4e649c7250510660 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Mon, 7 Nov 2022 08:22:52 +0100 Subject: [PATCH 052/146] Delete example-linux-inventory.yml --- playbooks/example-linux-inventory.yml | 23 ----------------------- 1 file changed, 23 deletions(-) delete mode 100644 playbooks/example-linux-inventory.yml diff --git a/playbooks/example-linux-inventory.yml b/playbooks/example-linux-inventory.yml deleted file mode 100644 index d2ff3df18..000000000 --- a/playbooks/example-linux-inventory.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -My_Site: - hosts: - debian: - ansible_host: 127.0.0.1 - checkmk_agent_host_attributes: - ipaddress: '{{ansible_host}}' - - vars: - checkmk_agent_add_host: true - checkmk_agent_discover: true - checkmk_agent_edition: cme - checkmk_agent_host_ip: '{{ ansible_host }}' - checkmk_agent_host_name: '{{ inventory_hostname }}' - checkmk_agent_user: automation - checkmk_agent_pass: $AUTOMATION_SECRET - checkmk_agent_protocol: http - checkmk_agent_server: 127.0.0.1 - checkmk_agent_port: 80 - checkmk_agent_site: My_Site - checkmk_agent_version: 2.0.0p22 - ansible_user: root - ansible_password: $SECRET From 96fbb394b2e3c3ae9325663666b0e2cbfb56bd29 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Mon, 7 Nov 2022 08:23:00 +0100 Subject: [PATCH 053/146] Delete example-windows-inventory.yml --- playbooks/example-windows-inventory.yml | 46 ------------------------- 1 file changed, 46 deletions(-) delete mode 100644 playbooks/example-windows-inventory.yml diff --git a/playbooks/example-windows-inventory.yml b/playbooks/example-windows-inventory.yml deleted file mode 100644 index 001957fa1..000000000 --- a/playbooks/example-windows-inventory.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -My_Site: - hosts: - win10: - ansible_host: 192.168.128.101 - checkmk_agent_host_attributes: - ipaddress: '{{ansible_host}}' - win11: - ansible_host: 192.168.128.100 - checkmk_agent_host_attributes: - ipaddress: '{{ansible_host}}' - win2k12: - ansible_host: 192.168.128.103 - checkmk_agent_host_attributes: - ipaddress: '{{ansible_host}}' - win2k16: - ansible_host: 192.168.128.102 - checkmk_agent_host_attributes: - ipaddress: '{{ansible_host}}' - win2k19: - ansible_host: 192.168.128.105 - checkmk_agent_host_attributes: - ipaddress: '{{ansible_host}}' - win2k22: - ansible_host: 192.168.128.104 - checkmk_agent_host_attributes: - ipaddress: '{{ansible_host}}' - - vars: - checkmk_agent_add_host: true - checkmk_agent_discover: true - checkmk_agent_edition: cre - checkmk_agent_host_ip: '{{ ansible_host }}' - checkmk_agent_host_name: '{{ inventory_hostname }}' - checkmk_agent_user: automation - checkmk_agent_pass: $AUTOMATION_SECRET - checkmk_agent_protocol: http - checkmk_agent_server: 127.0.0.1 - checkmk_agent_port: 80 - checkmk_agent_site: My_Site - checkmk_agent_version: 2.0.0p22 - ansible_user: Administrator - ansible_password: $SECRET - ansible_connection: winrm - ansible_winrm_transport: ntlm - ansible_winrm_server_cert_validation: ignore From 6210508c9fc62c087d7b74db172128f771b7fc80 Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Wed, 30 Nov 2022 17:01:34 +0100 Subject: [PATCH 054/146] Fix main.yml after merges. --- roles/agent/tasks/main.yml | 31 +------------------------------ 1 file changed, 1 insertion(+), 30 deletions(-) diff --git a/roles/agent/tasks/main.yml b/roles/agent/tasks/main.yml index 2f548e4cc..af65c166f 100644 --- a/roles/agent/tasks/main.yml +++ b/roles/agent/tasks/main.yml @@ -7,7 +7,7 @@ - name: "({{ ansible_system }}): Include OS specific tasks." ansible.builtin.include_tasks: "{{ ansible_system }}.yml" tags: - - get-package-facts + - include-system-tasks - name: "Import Legacy agent tasks." ansible.builtin.include_tasks: "legacy.yml" @@ -15,35 +15,6 @@ checkmk_agent_prep_legacy | bool and ansible_facts.packages['systemd'][0]['version'] | regex_search('\d{1,}') | int < 220 -- name: "Download Checkmk CRE Agent." - ansible.builtin.get_url: - url: "{{ checkmk_agent_agent.url.cre }}" - validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" - dest: "{{ checkmk_agent_agent.file.cre }}" - mode: 0640 - delegate_to: "{{ checkmk_agent_delegate_download }}" - become: false - when: checkmk_agent_edition == "cre" - retries: 3 - tags: - - download-package - -- name: "Transfer Checkmk CRE agent to remote node" - ansible.builtin.copy: - src: "{{ checkmk_agent_agent.file.cre }}" - dest: "{{ checkmk_agent_agent.file.cre }}" - mode: 0644 - when: - - checkmk_agent_edition == "cre" - - checkmk_agent_delegate_download != inventory_hostname - tags: - - download-package - -- name: "Run OS Family specific Tasks." - ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" - tags: - - include-os-family-tasks - - name: "Create host on server." tribe29.checkmk.host: server_url: "{{ checkmk_agent_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_port }}/" From e352bff1025a0fd137c41f3b45f106a1661599cf Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Wed, 30 Nov 2022 17:02:39 +0100 Subject: [PATCH 055/146] Clean up Jinja spacing in task names. --- roles/agent/tasks/Debian.yml | 12 ++++++------ roles/agent/tasks/Linux.yml | 2 +- roles/agent/tasks/RedHat.yml | 12 ++++++------ roles/agent/tasks/Suse.yml | 14 +++++++------- 4 files changed, 20 insertions(+), 20 deletions(-) diff --git a/roles/agent/tasks/Debian.yml b/roles/agent/tasks/Debian.yml index 6192841c8..b4af75887 100644 --- a/roles/agent/tasks/Debian.yml +++ b/roles/agent/tasks/Debian.yml @@ -1,5 +1,5 @@ --- -- name: "({{ansible_os_family}}) Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?host_name={{ checkmk_agent_host_name }}&os_type=linux_deb&agent_type=host_name" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -21,7 +21,7 @@ tags: - download-package -- name: "Debian Derivates: Transfer host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Transfer host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.copy: src: "{{ checkmk_agent_agent.file.host }}" dest: "{{ checkmk_agent_agent.file.host }}" @@ -35,7 +35,7 @@ tags: - download-package -- name: "({{ansible_os_family}}) Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.apt: deb: "{{ checkmk_agent_agent.file.host }}" @@ -49,7 +49,7 @@ tags: - install-package -- name: "({{ansible_os_family}}) Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?os_type=linux_deb&agent_type=generic" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -83,7 +83,7 @@ tags: - download-package -- name: "({{ansible_os_family}}) Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.apt: deb: "{{ checkmk_agent_agent.file.cee }}" @@ -97,7 +97,7 @@ tags: - install-package -- name: "({{ansible_os_family}}) Derivates: Install Checkmk CRE Agent." +- name: "{{ ansible_os_family }} Derivates: Install Checkmk CRE Agent." become: true ansible.builtin.apt: deb: "{{ checkmk_agent_agent.file.cre }}" diff --git a/roles/agent/tasks/Linux.yml b/roles/agent/tasks/Linux.yml index 5c8fb197f..465b12554 100644 --- a/roles/agent/tasks/Linux.yml +++ b/roles/agent/tasks/Linux.yml @@ -22,7 +22,7 @@ tags: - download-package -- name: "({{ansible_os_family}}): Run OS Family specific tasks." +- name: "{{ ansible_os_family }}: Run OS Family specific tasks." ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" tags: - include-os-family-tasks diff --git a/roles/agent/tasks/RedHat.yml b/roles/agent/tasks/RedHat.yml index 278abbd25..bdd0e3d5a 100644 --- a/roles/agent/tasks/RedHat.yml +++ b/roles/agent/tasks/RedHat.yml @@ -1,5 +1,5 @@ --- -- name: "({{ansible_os_family}}) Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?host_name={{ checkmk_agent_host_name }}&os_type=linux_rpm&agent_type=host_name" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -21,7 +21,7 @@ tags: - download-package -- name: "RedHat Derivates: Transfer host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Transfer host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.copy: src: "{{ checkmk_agent_agent.file.host }}" dest: "{{ checkmk_agent_agent.file.host }}" @@ -35,7 +35,7 @@ tags: - download-package -- name: "({{ansible_os_family}}) Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.yum: name: "{{ checkmk_agent_agent.file.host }}" @@ -49,7 +49,7 @@ tags: - install-package -- name: "({{ansible_os_family}}) Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?os_type=linux_rpm&agent_type=generic" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -83,7 +83,7 @@ tags: - download-package -- name: "({{ansible_os_family}}) Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.yum: name: "{{ checkmk_agent_agent.file.cee }}" @@ -97,7 +97,7 @@ tags: - install-package -- name: "({{ansible_os_family}}) Derivates: Install Checkmk CRE Agent." +- name: "{{ ansible_os_family }} Derivates: Install Checkmk CRE Agent." become: true ansible.builtin.yum: name: "{{ checkmk_agent_agent.file.cre }}" diff --git a/roles/agent/tasks/Suse.yml b/roles/agent/tasks/Suse.yml index 50892162d..a37db4dca 100644 --- a/roles/agent/tasks/Suse.yml +++ b/roles/agent/tasks/Suse.yml @@ -1,5 +1,5 @@ --- -- name: "({{ansible_os_family}}) Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?host_name={{ checkmk_agent_host_name }}&os_type=linux_rpm&agent_type=host_name" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -21,7 +21,7 @@ tags: - download-package -- name: "Suse Derivates: Transfer host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Transfer host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.copy: src: "{{ checkmk_agent_agent.file.host }}" dest: "{{ checkmk_agent_agent.file.host }}" @@ -35,7 +35,7 @@ tags: - download-package -- name: "({{ansible_os_family}}) Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true community.general.packaging.os.zypper: name: "{{ checkmk_agent_agent.file.host }}" @@ -50,7 +50,7 @@ tags: - install-package -- name: "({{ansible_os_family}}) Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?os_type=linux_rpm&agent_type=generic" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -70,7 +70,7 @@ tags: - download-package -- name: "Suse Derivates: Transfer GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Transfer GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.copy: src: "{{ checkmk_agent_agent.file.cee }}" dest: "{{ checkmk_agent_agent.file.cee }}" @@ -84,7 +84,7 @@ tags: - download-package -- name: "({{ansible_os_family}}) Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true community.general.packaging.os.zypper: name: "{{ checkmk_agent_agent.file.cee }}" @@ -99,7 +99,7 @@ tags: - install-package -- name: "({{ansible_os_family}}) Derivates: Install Checkmk CRE Agent." +- name: "{{ ansible_os_family }} Derivates: Install Checkmk CRE Agent." become: true community.general.packaging.os.zypper: name: "{{ checkmk_agent_agent.file.cre }}" From e28ff5483c2b63dce4d89f936d795973c4c60e0a Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Mon, 16 Jan 2023 18:16:55 +0100 Subject: [PATCH 056/146] Fix Jinja2 spacing. --- roles/agent/tasks/Linux.yml | 16 ++++++++-------- roles/agent/tasks/legacy.yml | 4 ++-- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/roles/agent/tasks/Linux.yml b/roles/agent/tasks/Linux.yml index 465b12554..0eb1e1d6d 100644 --- a/roles/agent/tasks/Linux.yml +++ b/roles/agent/tasks/Linux.yml @@ -1,17 +1,17 @@ --- -- name: "({{ansible_system}}): Get RPM or APT package facts." +- name: "({{ ansible_system }}): Get RPM or APT package facts." ansible.builtin.package_facts: manager: "auto" tags: - get-package-facts -- name: "({{ansible_system}}): Import Legacy agent tasks." +- name: "({{ ansible_system }}): Import Legacy agent tasks." ansible.builtin.include_tasks: "legacy.yml" when: | checkmk_agent_prep_legacy | bool and ansible_facts.packages['systemd'][0]['version'] | regex_search('\d{1,}') | int < 220 -- name: "({{ansible_system}}): Download Checkmk CRE agent." +- name: "({{ ansible_system }}): Download Checkmk CRE agent." ansible.builtin.get_url: url: "{{ checkmk_agent_agent.url.cre }}" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -27,17 +27,17 @@ tags: - include-os-family-tasks -- name: "({{ansible_system}}): Check for Agent Updater Binary." +- name: "({{ ansible_system }}): Check for Agent Updater Binary." ansible.builtin.stat: path: /usr/bin/cmk-update-agent register: checkmk_agent_updater_binary -- name: "({{ansible_system}}): Check for Agent Controller Binary." +- name: "({{ ansible_system }}): Check for Agent Controller Binary." ansible.builtin.stat: path: /usr/bin/cmk-agent-ctl register: checkmk_agent_controller_binary -- name: "({{ansible_system}}): Register Agent for automatic Updates using User Password." +- name: "({{ ansible_system }}): Register Agent for automatic Updates using User Password." become: true ansible.builtin.shell: | cmk-update-agent register -H {{ checkmk_agent_host_name }} \ @@ -47,7 +47,7 @@ when: (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme") and checkmk_agent_updater_binary.stat.exists and checkmk_agent_update and (checkmk_agent_pass is defined and checkmk_agent_pass) and (checkmk_agent_secret is not defined) -- name: "({{ansible_system}}): Register Agent for automatic Updates using Automation Secret." +- name: "({{ ansible_system }}): Register Agent for automatic Updates using Automation Secret." become: true ansible.builtin.shell: | cmk-update-agent register -H {{ checkmk_agent_host_name }} \ @@ -57,7 +57,7 @@ when: (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme") and checkmk_agent_updater_binary.stat.exists and checkmk_agent_update and (checkmk_agent_secret is defined and checkmk_agent_secret) -- name: "({{ansible_system}}): Register Agent for TLS." +- name: "({{ ansible_system }}): Register Agent for TLS." become: true ansible.builtin.shell: | cmk-agent-ctl register -H {{ checkmk_agent_host_name }} \ diff --git a/roles/agent/tasks/legacy.yml b/roles/agent/tasks/legacy.yml index 4623502a6..a9a87735f 100644 --- a/roles/agent/tasks/legacy.yml +++ b/roles/agent/tasks/legacy.yml @@ -1,5 +1,5 @@ --- -- name: "({{ansible_system}}): Install xinetd" +- name: "({{ ansible_system }}): Install xinetd" become: true ansible.builtin.package: name: xinetd @@ -8,7 +8,7 @@ - install-package - install-prerequisites -- name: "({{ansible_system}}): Enable xinetd" +- name: "({{ ansible_system }}): Enable xinetd" become: true ansible.builtin.service: name: xinetd From e0a464912870506c23bfc1d0ba64a1d827f3dfda Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Mon, 16 Jan 2023 18:28:28 +0100 Subject: [PATCH 057/146] Fix too long lines. --- roles/agent/tasks/Linux.yml | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/roles/agent/tasks/Linux.yml b/roles/agent/tasks/Linux.yml index 0eb1e1d6d..4788eef34 100644 --- a/roles/agent/tasks/Linux.yml +++ b/roles/agent/tasks/Linux.yml @@ -44,8 +44,14 @@ -s {{ checkmk_agent_server }} -i {{ checkmk_agent_site }} -p {{ checkmk_agent_protocol }} \ -U {{ checkmk_agent_user }} -P {{ checkmk_agent_auth }} register: checkmk_agent_update_state - when: - (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme") and checkmk_agent_updater_binary.stat.exists and checkmk_agent_update and (checkmk_agent_pass is defined and checkmk_agent_pass) and (checkmk_agent_secret is not defined) + when: | + (checkmk_agent_edition == "cee" or + checkmk_agent_edition == "cfe" or + checkmk_agent_edition == "cme") + and checkmk_agent_updater_binary.stat.exists + and checkmk_agent_update + and (checkmk_agent_pass is defined and checkmk_agent_pass) + and (checkmk_agent_secret is not defined) - name: "({{ ansible_system }}): Register Agent for automatic Updates using Automation Secret." become: true @@ -54,8 +60,13 @@ -s {{ checkmk_agent_server }} -i {{ checkmk_agent_site }} -p {{ checkmk_agent_protocol }} \ -U {{ checkmk_agent_user }} -S {{ checkmk_agent_auth }} register: checkmk_agent_update_state - when: - (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme") and checkmk_agent_updater_binary.stat.exists and checkmk_agent_update and (checkmk_agent_secret is defined and checkmk_agent_secret) + when: | + (checkmk_agent_edition == "cee" or + checkmk_agent_edition == "cfe" or + checkmk_agent_edition == "cme") + and checkmk_agent_updater_binary.stat.exists + and checkmk_agent_update + and (checkmk_agent_secret is defined and checkmk_agent_secret) - name: "({{ ansible_system }}): Register Agent for TLS." become: true @@ -64,5 +75,10 @@ -s {{ checkmk_agent_server }} -i {{ checkmk_agent_site }} \ -U {{ checkmk_agent_user }} -P {{ checkmk_agent_auth }} --trust-cert register: checkmk_agent_tls_state - when: - (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme") and checkmk_agent_controller_binary.stat.exists and checkmk_agent_tls and (checkmk_agent_auth is defined and checkmk_agent_auth) + when: | + (checkmk_agent_edition == "cee" or + checkmk_agent_edition == "cfe" or + checkmk_agent_edition == "cme") + and checkmk_agent_controller_binary.stat.exists + and checkmk_agent_tls + and (checkmk_agent_auth is defined and checkmk_agent_auth) From 9e55097a2ad9e4065d96ac970b24e5c69b11d541 Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Mon, 16 Jan 2023 18:33:36 +0100 Subject: [PATCH 058/146] Change -Path to -LiteralPath. --- preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 b/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 index ecf84119b..2096311d8 100644 --- a/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 +++ b/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 @@ -363,7 +363,7 @@ $basicAuthSetting = Get-ChildItem WSMan:\localhost\Service\Auth | Where-Object { If ($DisableBasicAuth) { If (($basicAuthSetting.Value) -eq $true) { Write-Verbose "Disabling basic auth support." - Set-Item -Path "WSMan:\localhost\Service\Auth\Basic" -Value $false + Set-Item -LiteralPath "WSMan:\localhost\Service\Auth\Basic" -Value $false Write-ProgressLog "Disabled basic auth support." } Else { @@ -373,7 +373,7 @@ If ($DisableBasicAuth) { Else { If (($basicAuthSetting.Value) -eq $false) { Write-Verbose "Enabling basic auth support." - Set-Item -Path "WSMan:\localhost\Service\Auth\Basic" -Value $true + Set-Item -LiteralPath "WSMan:\localhost\Service\Auth\Basic" -Value $true Write-ProgressLog "Enabled basic auth support." } Else { From c802a7215e0a2641b664f5273d50272fbedebd8b Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Mon, 16 Jan 2023 18:56:11 +0100 Subject: [PATCH 059/146] Add Windows vagrant box. --- Vagrantfile | 26 ++++++++++++++++++++++++-- playbooks/hosts | 1 + 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/Vagrantfile b/Vagrantfile index 314f05dd9..561775e17 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -20,8 +20,8 @@ Vagrant.configure("2") do |config| $script = <<-SCRIPT apt-get update apt-get install -y python3-pip ca-certificates curl gnupg lsb-release - wget "https://download.checkmk.com/checkmk/2.1.0p18/check-mk-raw-2.1.0p18_0.focal_amd64.deb" -O /tmp/checkmk-stable.deb - wget "https://download.checkmk.com/checkmk/2.1.0p18/check-mk-raw-2.1.0p18_0.focal_amd64.deb" -O /tmp/checkmk-beta.deb + wget "https://download.checkmk.com/checkmk/2.1.0p19/check-mk-raw-2.1.0p19_0.focal_amd64.deb" -O /tmp/checkmk-stable.deb + wget "https://download.checkmk.com/checkmk/2.1.0p19/check-mk-raw-2.1.0p19_0.focal_amd64.deb" -O /tmp/checkmk-beta.deb apt-get install -y /tmp/checkmk-stable.deb omd create --admin-password 'd7589df1-01db-4eda-9858-dbcff8d0c361' stable apt-get install -y /tmp/checkmk-beta.deb @@ -112,4 +112,26 @@ end inline: "zypper --quiet up -y" end + # Windows + config.vm.define "ansidows", autostart: false , primary: false do |srv| + srv.vm.box = "gusztavvargadr/windows-10" + srv.vm.network "private_network", ip: "192.168.56.66" + srv.vm.boot_timeout = 180 + srv.vm.guest = :windows + srv.winrm.username = "vagrant" + srv.winrm.password = "vagrant" + srv.vm.communicator = "winrm" + srv.vm.hostname = "ansidows" + srv.vm.network "forwarded_port", guest: 3389, host: 3391 + srv.vm.network "forwarded_port", guest: 5985, host: 5987, id: "winrm", auto_correct: true + srv.winrm.timeout = 1800 # 30 minutes + srv.vm.provider "virtualbox" do |srv| + srv.name = 'ansidows' + srv.memory = 4096 + srv.cpus = 4 + srv.gui = true + end + srv.vm.provision "shell", path: "./preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1", privileged: true + end + end diff --git a/playbooks/hosts b/playbooks/hosts index b567767a6..72ca1a8b7 100644 --- a/playbooks/hosts +++ b/playbooks/hosts @@ -16,6 +16,7 @@ debsible ansible_host=192.168.56.62 anstream ansible_host=192.168.56.63 ansuse ansible_host=192.168.56.64 ansles ansible_host=192.168.56.65 +ansidows ansible_host=192.168.56.66 ansible_password=vagrant ansible_connection=winrm ansible_winrm_transport=basic ansible_winrm_server_cert_validation=ignore [vagrant:vars] ansible_user=vagrant From 42de2bce17578caa78162b0e4fc0a54af8f27604 Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Mon, 16 Jan 2023 18:56:44 +0100 Subject: [PATCH 060/146] Update Python dependencies. --- requirements.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index e434c1bc0..aad81c434 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,4 +4,5 @@ antsibull-docs >= 1.1.0 ansible-lint >= 5.4.0 jinja2 >= 3.0.0 molecule >= 3.5.0 -molecule-docker >= 1.1.0 \ No newline at end of file +molecule-docker >= 1.1.0 +pywinrm>=0.3.0 \ No newline at end of file From 453243331ff1374a18bdcfd0ff7f420fc2c17b0a Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Mon, 16 Jan 2023 19:18:59 +0100 Subject: [PATCH 061/146] Clean up rebase gotchas. --- roles/agent/tasks/Linux.yml | 18 ++++----- roles/agent/tasks/main.yml | 74 +++---------------------------------- 2 files changed, 15 insertions(+), 77 deletions(-) diff --git a/roles/agent/tasks/Linux.yml b/roles/agent/tasks/Linux.yml index 4788eef34..22448066a 100644 --- a/roles/agent/tasks/Linux.yml +++ b/roles/agent/tasks/Linux.yml @@ -48,9 +48,9 @@ (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme") - and checkmk_agent_updater_binary.stat.exists - and checkmk_agent_update - and (checkmk_agent_pass is defined and checkmk_agent_pass) + and checkmk_agent_updater_binary.stat.exists | bool + and checkmk_agent_update | bool + and (checkmk_agent_pass is defined and checkmk_agent_pass | length) and (checkmk_agent_secret is not defined) - name: "({{ ansible_system }}): Register Agent for automatic Updates using Automation Secret." @@ -64,9 +64,9 @@ (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme") - and checkmk_agent_updater_binary.stat.exists - and checkmk_agent_update - and (checkmk_agent_secret is defined and checkmk_agent_secret) + and checkmk_agent_updater_binary.stat.exists | bool + and checkmk_agent_update | bool + and (checkmk_agent_secret is defined and checkmk_agent_secret | length) - name: "({{ ansible_system }}): Register Agent for TLS." become: true @@ -79,6 +79,6 @@ (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme") - and checkmk_agent_controller_binary.stat.exists - and checkmk_agent_tls - and (checkmk_agent_auth is defined and checkmk_agent_auth) + and checkmk_agent_controller_binary.stat.exists | bool + and checkmk_agent_tls | bool + and (checkmk_agent_auth is defined and checkmk_agent_auth | length) diff --git a/roles/agent/tasks/main.yml b/roles/agent/tasks/main.yml index af65c166f..58aa7e347 100644 --- a/roles/agent/tasks/main.yml +++ b/roles/agent/tasks/main.yml @@ -1,20 +1,9 @@ --- -- name: "({{ ansible_os_family }}): Include Derivate specific vars." +- name: "({{ ansible_os_family }}): Include Derivate specific variables." ansible.builtin.include_vars: "{{ ansible_os_family }}.yml" tags: - include-os-family-vars -- name: "({{ ansible_system }}): Include OS specific tasks." - ansible.builtin.include_tasks: "{{ ansible_system }}.yml" - tags: - - include-system-tasks - -- name: "Import Legacy agent tasks." - ansible.builtin.include_tasks: "legacy.yml" - when: | - checkmk_agent_prep_legacy | bool - and ansible_facts.packages['systemd'][0]['version'] | regex_search('\d{1,}') | int < 220 - - name: "Create host on server." tribe29.checkmk.host: server_url: "{{ checkmk_agent_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_port }}/" @@ -34,63 +23,12 @@ delegate_to: "{{ checkmk_agent_delegate_api_calls }}" when: checkmk_agent_add_host | bool -- name: "Check for Agent Updater Binary." - ansible.builtin.stat: - path: /usr/bin/cmk-update-agent - register: checkmk_agent_updater_binary - -- name: "Check for Agent Controller Binary." - ansible.builtin.stat: - path: /usr/bin/cmk-agent-ctl - register: checkmk_agent_controller_binary - -- name: "Register Agent for automatic Upates using User Password." - become: true - ansible.builtin.shell: | - cmk-update-agent register -H {{ checkmk_agent_host_name }} \ - -s {{ checkmk_agent_server }} -i {{ checkmk_agent_site }} -p {{ checkmk_agent_protocol }} \ - -U {{ checkmk_agent_user }} -P {{ checkmk_agent_auth }} - register: checkmk_agent_update_state - when: | - (checkmk_agent_edition == "cee" or - checkmk_agent_edition == "cfe" or - checkmk_agent_edition == "cme") - and checkmk_agent_updater_binary.stat.exists | bool - and checkmk_agent_update | bool - and (checkmk_agent_pass is defined and checkmk_agent_pass | length) - and (checkmk_agent_secret is not defined) - -- name: "Register Agent for automatic Upates using Automation Secret." - become: true - ansible.builtin.shell: | - cmk-update-agent register -H {{ checkmk_agent_host_name }} \ - -s {{ checkmk_agent_server }} -i {{ checkmk_agent_site }} -p {{ checkmk_agent_protocol }} \ - -U {{ checkmk_agent_user }} -S {{ checkmk_agent_auth }} - register: checkmk_agent_update_state - when: | - (checkmk_agent_edition == "cee" or - checkmk_agent_edition == "cfe" or - checkmk_agent_edition == "cme") - and checkmk_agent_updater_binary.stat.exists | bool - and checkmk_agent_update | bool - and (checkmk_agent_secret is defined and checkmk_agent_secret | length) - -- name: "Register Agent for TLS." - become: true - ansible.builtin.shell: | - cmk-agent-ctl register -H {{ checkmk_agent_host_name }} \ - -s {{ checkmk_agent_server }} -i {{ checkmk_agent_site }} \ - -U {{ checkmk_agent_user }} -P {{ checkmk_agent_auth }} --trust-cert - register: checkmk_agent_tls_state - when: | - (checkmk_agent_edition == "cee" or - checkmk_agent_edition == "cfe" or - checkmk_agent_edition == "cme") - and checkmk_agent_controller_binary.stat.exists | bool - and checkmk_agent_tls | bool - and (checkmk_agent_auth is defined and checkmk_agent_auth | length) +- name: "({{ ansible_system }}): Include OS specific tasks." + ansible.builtin.include_tasks: "{{ ansible_system }}.yml" + tags: + - include-system-tasks -- name: "({{ ansible_os_family }}): Discover services and labels on host." +- name: "Discover services and labels on host." tribe29.checkmk.discovery: server_url: "{{ checkmk_agent_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_port }}/" site: "{{ checkmk_agent_site }}" From f80e057ba732b90085592d8875fe688336fe0a39 Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Wed, 21 Sep 2022 16:16:05 +0200 Subject: [PATCH 062/146] WIP: Add Windows files. --- roles/agent/tasks/Windows.yml | 25 +++++++++++++++++++++++++ roles/agent/vars/Windows.yml | 10 ++++++++++ 2 files changed, 35 insertions(+) create mode 100644 roles/agent/tasks/Windows.yml create mode 100644 roles/agent/vars/Windows.yml diff --git a/roles/agent/tasks/Windows.yml b/roles/agent/tasks/Windows.yml new file mode 100644 index 000000000..655a42bbe --- /dev/null +++ b/roles/agent/tasks/Windows.yml @@ -0,0 +1,25 @@ +--- +# Install Check_MK Agent on Windows + +- name: Get current agent version + ansible.builtin.win_shell: | + $checkmk = "C:\Program Files (x86)\check_mk\check_mk_agent.exe" + If (Test-Path $checkmk) { + (Get-Item $checkmk).VersionInfo.ProductVersion + } Else { + "No agent installed"} + register: checkmk_agent_agent_version + changed_when: checkmk_agent_agent_version.stdout_lines[0] != checkmk_agent_version + +- name: Download agent -> {{ checkmk_agent_agent.url }} + ansible.builtin.win_get_url: + url: "{{ checkmk_agent_agent.url }}" + dest: "{{ checkmk_agent_host_tmp_dir }}" + when: checkmk_agent_agent_version.changed + +- name: "Install Checkmk Agent." + ansible.builtin.win_package: + path: "{{ checkmk_agent_agent.file }}" + state: present + wait: true + when: checkmk_agent_agent_version.changed diff --git a/roles/agent/vars/Windows.yml b/roles/agent/vars/Windows.yml new file mode 100644 index 000000000..b488a71ca --- /dev/null +++ b/roles/agent/vars/Windows.yml @@ -0,0 +1,10 @@ +--- +checkmk_agent_host_tmp_dir: "C:\\Temp" + +checkmk_agent_agent: + url: + cre: "{{ checkmk_agent_site_url }}/check_mk/agents/windows/check_mk_agent.msi" + cee: "{{ checkmk_agent_site_url }}/check_mk/agents/windows/check_mk_agent.msi" + file: + cre: "{{ checkmk_agent_host_tmp_dir }}\\check_mk_agent.msi" + cee: "{{ checkmk_agent_host_tmp_dir }}\\check_mk_agent.msi" From 0396aa31f262e02259215318451639b063b71c01 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Fri, 14 Oct 2022 17:55:41 +0200 Subject: [PATCH 063/146] Add and change files of agent role Split task main.yml for [Linux|Win32NT].yml (ansible_system) and Windows.yml (ansible_os_family) --- roles/agent/meta/main.yml | 3 ++ roles/agent/tasks/Debian.yml | 10 +++--- roles/agent/tasks/Linux.yml | 68 +++++++++++++++++++++++++++++++++++ roles/agent/tasks/RedHat.yml | 10 +++--- roles/agent/tasks/Suse.yml | 10 +++--- roles/agent/tasks/Win32NT.yml | 16 +++++++++ roles/agent/tasks/Windows.yml | 26 +++++++++----- roles/agent/tasks/legacy.yml | 4 +-- roles/agent/tasks/main.yml | 9 +++-- roles/agent/vars/Windows.yml | 3 +- 10 files changed, 127 insertions(+), 32 deletions(-) create mode 100644 roles/agent/tasks/Linux.yml create mode 100644 roles/agent/tasks/Win32NT.yml diff --git a/roles/agent/meta/main.yml b/roles/agent/meta/main.yml index ebd08576f..599b003eb 100644 --- a/roles/agent/meta/main.yml +++ b/roles/agent/meta/main.yml @@ -46,6 +46,9 @@ galaxy_info: - name: SLES versions: - all + - name: Windows + versions: + - all galaxy_tags: [checkmk, monitoring, agent] # List tags for your role here, one per line. A tag is a keyword that describes diff --git a/roles/agent/tasks/Debian.yml b/roles/agent/tasks/Debian.yml index c872e4edd..840fa2620 100644 --- a/roles/agent/tasks/Debian.yml +++ b/roles/agent/tasks/Debian.yml @@ -1,5 +1,5 @@ --- -- name: "Debian Derivatives: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?host_name={{ checkmk_agent_host_name }}&os_type=linux_deb&agent_type=host_name" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -37,7 +37,7 @@ tags: - download-package -- name: "Debian Derivatives: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.apt: deb: "{{ checkmk_agent_agent.file.host }}" @@ -52,7 +52,7 @@ tags: - install-package -- name: "Debian Derivatives: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?os_type=linux_deb&agent_type=generic" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -88,7 +88,7 @@ tags: - download-package -- name: "Debian Derivatives: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.apt: deb: "{{ checkmk_agent_agent.file.cee }}" @@ -103,7 +103,7 @@ tags: - install-package -- name: "Debian Derivatives: Install Checkmk CRE Agent." +- name: "({{ansible_os_family}}) Derivates: Install Checkmk CRE Agent." become: true ansible.builtin.apt: deb: "{{ checkmk_agent_agent.file.cre }}" diff --git a/roles/agent/tasks/Linux.yml b/roles/agent/tasks/Linux.yml new file mode 100644 index 000000000..ee965391f --- /dev/null +++ b/roles/agent/tasks/Linux.yml @@ -0,0 +1,68 @@ +--- +- name: "({{ansible_system}}): Get RPM or APT package facts." + ansible.builtin.package_facts: + manager: "auto" + tags: + - get-package-facts + +- name: "({{ansible_system}}): Import Legacy agent tasks." + ansible.builtin.include_tasks: "legacy.yml" + when: | + checkmk_agent_prep_legacy | bool + and ansible_facts.packages['systemd'][0]['version'] | regex_search('\d{1,}') | int < 220 + +- name: "({{ansible_system}}): Download Checkmk CRE agent." + ansible.builtin.get_url: + url: "{{ checkmk_agent_agent.url.cre }}" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" + dest: "{{ checkmk_agent_agent.file.cre }}" + mode: 0640 + when: checkmk_agent_edition == "cre" + retries: 3 + tags: + - download-package + +- name: "({{ansible_os_family}}): Run OS Family specific tasks." + ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" + tags: + - include-os-family-tasks + +- name: "({{ansible_system}}): Check for Agent Updater Binary." + ansible.builtin.stat: + path: /usr/bin/cmk-update-agent + register: checkmk_agent_updater_binary + +- name: "({{ansible_system}}): Check for Agent Controller Binary." + ansible.builtin.stat: + path: /usr/bin/cmk-agent-ctl + register: checkmk_agent_controller_binary + +- name: "({{ansible_system}}): Register Agent for automatic Updates using User Password." + become: true + ansible.builtin.shell: | + cmk-update-agent register -H {{ checkmk_agent_host_name }} \ + -s {{ checkmk_agent_server }} -i {{ checkmk_agent_site }} -p {{ checkmk_agent_protocol }} \ + -U {{ checkmk_agent_user }} -P {{ checkmk_agent_auth }} + register: checkmk_agent_update_state + when: + (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme") and checkmk_agent_updater_binary.stat.exists and checkmk_agent_update and (checkmk_agent_pass is defined and checkmk_agent_pass) and (checkmk_agent_secret is not defined) + +- name: "({{ansible_system}}): Register Agent for automatic Updates using Automation Secret." + become: true + ansible.builtin.shell: | + cmk-update-agent register -H {{ checkmk_agent_host_name }} \ + -s {{ checkmk_agent_server }} -i {{ checkmk_agent_site }} -p {{ checkmk_agent_protocol }} \ + -U {{ checkmk_agent_user }} -S {{ checkmk_agent_auth }} + register: checkmk_agent_update_state + when: + (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme") and checkmk_agent_updater_binary.stat.exists and checkmk_agent_update and (checkmk_agent_secret is defined and checkmk_agent_secret) + +- name: "({{ansible_system}}): Register Agent for TLS." + become: true + ansible.builtin.shell: | + cmk-agent-ctl register -H {{ checkmk_agent_host_name }} \ + -s {{ checkmk_agent_server }} -i {{ checkmk_agent_site }} \ + -U {{ checkmk_agent_user }} -P {{ checkmk_agent_auth }} --trust-cert + register: checkmk_agent_tls_state + when: + (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme") and checkmk_agent_controller_binary.stat.exists and checkmk_agent_tls and (checkmk_agent_auth is defined and checkmk_agent_auth) diff --git a/roles/agent/tasks/RedHat.yml b/roles/agent/tasks/RedHat.yml index 5a2074cc0..f39a51732 100644 --- a/roles/agent/tasks/RedHat.yml +++ b/roles/agent/tasks/RedHat.yml @@ -1,5 +1,5 @@ --- -- name: "RedHat Derivatives: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?host_name={{ checkmk_agent_host_name }}&os_type=linux_rpm&agent_type=host_name" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -37,7 +37,7 @@ tags: - download-package -- name: "RedHat Derivatives: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.yum: name: "{{ checkmk_agent_agent.file.host }}" @@ -52,7 +52,7 @@ tags: - install-package -- name: "RedHat Derivatives: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?os_type=linux_rpm&agent_type=generic" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -88,7 +88,7 @@ tags: - download-package -- name: "RedHat Derivatives: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.yum: name: "{{ checkmk_agent_agent.file.cee }}" @@ -103,7 +103,7 @@ tags: - install-package -- name: "RedHat Derivatives: Install Checkmk CRE Agent." +- name: "({{ansible_os_family}}) Derivates: Install Checkmk CRE Agent." become: true ansible.builtin.yum: name: "{{ checkmk_agent_agent.file.cre }}" diff --git a/roles/agent/tasks/Suse.yml b/roles/agent/tasks/Suse.yml index b0445b0aa..0c0f4458f 100644 --- a/roles/agent/tasks/Suse.yml +++ b/roles/agent/tasks/Suse.yml @@ -1,5 +1,5 @@ --- -- name: "Suse Derivatives: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?host_name={{ checkmk_agent_host_name }}&os_type=linux_rpm&agent_type=host_name" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -37,7 +37,7 @@ tags: - download-package -- name: "Suse Derivatives: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true community.general.zypper: name: "{{ checkmk_agent_agent.file.host }}" @@ -53,7 +53,7 @@ tags: - install-package -- name: "Suse Derivatives: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?os_type=linux_rpm&agent_type=generic" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -89,7 +89,7 @@ tags: - download-package -- name: "Suse Derivatives: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "({{ansible_os_family}}) Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true community.general.zypper: name: "{{ checkmk_agent_agent.file.cee }}" @@ -105,7 +105,7 @@ tags: - install-package -- name: "Suse Derivatives: Install Checkmk CRE Agent." +- name: "({{ansible_os_family}}) Derivates: Install Checkmk CRE Agent." become: true community.general.zypper: name: "{{ checkmk_agent_agent.file.cre }}" diff --git a/roles/agent/tasks/Win32NT.yml b/roles/agent/tasks/Win32NT.yml new file mode 100644 index 000000000..772b2629e --- /dev/null +++ b/roles/agent/tasks/Win32NT.yml @@ -0,0 +1,16 @@ +--- +- name: "({{ ansible_system }}): Download Checkmk CRE Agent." + ansible.builtin.win_get_url: + url: "{{ checkmk_agent_agent.url.cre }}" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" + dest: "{{ checkmk_agent_agent.file.cre }}" + when: checkmk_agent_edition == "cre" + retries: 3 + tags: + - download-package + +- name: "({{ ansible_os_family }}): Run OS Family specific tasks." + ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" + tags: + - include-os-family-tasks + diff --git a/roles/agent/tasks/Windows.yml b/roles/agent/tasks/Windows.yml index 655a42bbe..d4d48e453 100644 --- a/roles/agent/tasks/Windows.yml +++ b/roles/agent/tasks/Windows.yml @@ -1,9 +1,9 @@ --- # Install Check_MK Agent on Windows -- name: Get current agent version +- name: "({{ ansible_os_family }}): Get current Checkmk agent version." ansible.builtin.win_shell: | - $checkmk = "C:\Program Files (x86)\check_mk\check_mk_agent.exe" + $checkmk = "C:\Program Files (x86)\checkmk\service\check_mk_agent.exe" If (Test-Path $checkmk) { (Get-Item $checkmk).VersionInfo.ProductVersion } Else { @@ -11,15 +11,23 @@ register: checkmk_agent_agent_version changed_when: checkmk_agent_agent_version.stdout_lines[0] != checkmk_agent_version -- name: Download agent -> {{ checkmk_agent_agent.url }} +# Works with dedicated firewall rule or with transparent proxy +- name: "({{ ansible_os_family }}): Download Checkmk agent -> {{ checkmk_agent_agent.url.cee }}." ansible.builtin.win_get_url: - url: "{{ checkmk_agent_agent.url }}" + url: "{{ checkmk_agent_agent.url.cee }}" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" dest: "{{ checkmk_agent_host_tmp_dir }}" - when: checkmk_agent_agent_version.changed + method: GET + headers: + # Authorization: "Bearer {{ checkmk_agent_user }} {{ checkmk_agent_auth }}" + Accept: "application/octet-stream" -- name: "Install Checkmk Agent." + when: | + checkmk_agent_edition == "cee" or + checkmk_agent_edition == "cfe" or + checkmk_agent_edition == "cme" + +- name: "({{ ansible_os_family }}): Install Checkmk Agent." ansible.builtin.win_package: - path: "{{ checkmk_agent_agent.file }}" + path: "{{ checkmk_agent_agent.file.cee }}" state: present - wait: true - when: checkmk_agent_agent_version.changed diff --git a/roles/agent/tasks/legacy.yml b/roles/agent/tasks/legacy.yml index 85ad77dea..4623502a6 100644 --- a/roles/agent/tasks/legacy.yml +++ b/roles/agent/tasks/legacy.yml @@ -1,5 +1,5 @@ --- -- name: "Install xinetd" +- name: "({{ansible_system}}): Install xinetd" become: true ansible.builtin.package: name: xinetd @@ -8,7 +8,7 @@ - install-package - install-prerequisites -- name: "Enable xinetd" +- name: "({{ansible_system}}): Enable xinetd" become: true ansible.builtin.service: name: xinetd diff --git a/roles/agent/tasks/main.yml b/roles/agent/tasks/main.yml index 65fa1e185..fb3b2d5cf 100644 --- a/roles/agent/tasks/main.yml +++ b/roles/agent/tasks/main.yml @@ -1,12 +1,11 @@ --- -- name: "Include Derivative specific Variables." +- name: "({{ ansible_os_family }}): Include Derivate specific vars." ansible.builtin.include_vars: "{{ ansible_os_family }}.yml" tags: - include-os-family-vars -- name: "Get RPM or APT package facts." - ansible.builtin.package_facts: - manager: "auto" +- name: "({{ ansible_system }}): Include OS specific tasks." + ansible.builtin.include_tasks: "{{ ansible_system }}.yml" tags: - get-package-facts @@ -127,7 +126,7 @@ and checkmk_agent_tls | bool and (checkmk_agent_auth is defined and checkmk_agent_auth | length) -- name: "Discover services and labels on host." +- name: "({{ ansible_os_family }}): Discover services and labels on host." become: false checkmk.general.discovery: server_url: "{{ checkmk_agent_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_port }}/" diff --git a/roles/agent/vars/Windows.yml b/roles/agent/vars/Windows.yml index b488a71ca..dffe9e69b 100644 --- a/roles/agent/vars/Windows.yml +++ b/roles/agent/vars/Windows.yml @@ -1,5 +1,5 @@ --- -checkmk_agent_host_tmp_dir: "C:\\Temp" +checkmk_agent_host_tmp_dir: "C:\\Windows\\Temp" checkmk_agent_agent: url: @@ -8,3 +8,4 @@ checkmk_agent_agent: file: cre: "{{ checkmk_agent_host_tmp_dir }}\\check_mk_agent.msi" cee: "{{ checkmk_agent_host_tmp_dir }}\\check_mk_agent.msi" + From 70705bd9910916dc4901553ec2f1d5c4eb74bea1 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Fri, 14 Oct 2022 18:12:11 +0200 Subject: [PATCH 064/146] Add example playbooks and inventories Use "ansible-playbook example-add_hosts.py -i example-*-inventory.yml" for test --- playbooks/example-add_hosts.py | 8 ++++ playbooks/example-linux-inventory.yml | 23 ++++++++++ playbooks/example-windows-inventory.yml | 56 +++++++++++++++++++++++++ 3 files changed, 87 insertions(+) create mode 100644 playbooks/example-add_hosts.py create mode 100644 playbooks/example-linux-inventory.yml create mode 100644 playbooks/example-windows-inventory.yml diff --git a/playbooks/example-add_hosts.py b/playbooks/example-add_hosts.py new file mode 100644 index 000000000..6c03aea1c --- /dev/null +++ b/playbooks/example-add_hosts.py @@ -0,0 +1,8 @@ +--- +- hosts: My_site # Sitename +# debugger: on_failed +# connection: local + + roles: + - tribe29.checkmk.agent + diff --git a/playbooks/example-linux-inventory.yml b/playbooks/example-linux-inventory.yml new file mode 100644 index 000000000..f701899f4 --- /dev/null +++ b/playbooks/example-linux-inventory.yml @@ -0,0 +1,23 @@ +My_Site: + hosts: + debian: + ansible_host: 127.0.0.1 + checkmk_agent_host_attributes: + ipaddress: '{{ansible_host}}' + # tag_Operating_System: Linux + + vars: + checkmk_agent_add_host: true + checkmk_agent_discover: true + checkmk_agent_edition: cme + checkmk_agent_host_ip: '{{ ansible_host }}' + checkmk_agent_host_name: '{{ inventory_hostname }}' + checkmk_agent_user: automation + checkmk_agent_pass: $AUTOMATION_SECRET + checkmk_agent_protocol: http + checkmk_agent_server: 127.0.0.1 + checkmk_agent_port: 80 + checkmk_agent_site: My_Site + checkmk_agent_version: 2.0.0p22 + ansible_user: root + ansible_password: $SECRET diff --git a/playbooks/example-windows-inventory.yml b/playbooks/example-windows-inventory.yml new file mode 100644 index 000000000..0a9cd2b09 --- /dev/null +++ b/playbooks/example-windows-inventory.yml @@ -0,0 +1,56 @@ +My_Site: + hosts: + win10: + ansible_host: 192.168.128.101 + checkmk_agent_host_attributes: + ipaddress: '{{ansible_host}}' + # tag_Operating_System: Windows + win11: + ansible_host: 192.168.128.100 + checkmk_agent_host_attributes: + ipaddress: '{{ansible_host}}' + # tag_Operating_System: Windows + win2k12: + ansible_host: 192.168.128.103 + checkmk_agent_host_attributes: + ipaddress: '{{ansible_host}}' + # tag_Operating_System: Windows + win2k16: + ansible_host: 192.168.128.102 + checkmk_agent_host_attributes: + ipaddress: '{{ansible_host}}' + # tag_Operating_System: Windows + win2k19: + ansible_host: 192.168.128.105 + checkmk_agent_host_attributes: + ipaddress: '{{ansible_host}}' + # tag_Operating_System: Windows + win2k22: + ansible_host: 192.168.128.104 + checkmk_agent_host_attributes: + ipaddress: '{{ansible_host}}' + # tag_Operating_System: Windows + + vars: + checkmk_agent_add_host: true + checkmk_agent_discover: true + checkmk_agent_edition: cre + checkmk_agent_host_ip: '{{ ansible_host }}' + checkmk_agent_host_name: '{{ inventory_hostname }}' + checkmk_agent_user: automation + checkmk_agent_pass: $AUTOMATION_SECRET + checkmk_agent_protocol: http + checkmk_agent_server: 127.0.0.1 + checkmk_agent_port: 80 + checkmk_agent_site: My_Site + checkmk_agent_version: 2.0.0p22 + ansible_user: Administrator + ansible_password: $SECRET + ansible_connection: winrm + ansible_winrm_transport: ntlm + ansible_winrm_server_cert_validation: ignore + +# Windows host (powershell): +# Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope CurrentUser +# .\ConfigureRemotingForAnsible.ps1 +# winrm quickconfig From 8297e9bbfa780dfb4c6733710e2817eec0e9cc3f Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Fri, 14 Oct 2022 18:16:18 +0200 Subject: [PATCH 065/146] Add preparation files for Windows systems Using https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1 --- preparation/ansible-winrm/00-ansible.cmd | 21 + .../ansible-winrm/01-winrm-quickconfig.cmd | 2 + .../ansible-winrm/02-ansible-winrm.cmd | 5 + preparation/ansible-winrm/03-allow-icmp.cmd | 1 + .../ConfigureRemotingForAnsible.ps1 | 435 ++++++++++++++++++ 5 files changed, 464 insertions(+) create mode 100644 preparation/ansible-winrm/00-ansible.cmd create mode 100644 preparation/ansible-winrm/01-winrm-quickconfig.cmd create mode 100644 preparation/ansible-winrm/02-ansible-winrm.cmd create mode 100644 preparation/ansible-winrm/03-allow-icmp.cmd create mode 100644 preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 diff --git a/preparation/ansible-winrm/00-ansible.cmd b/preparation/ansible-winrm/00-ansible.cmd new file mode 100644 index 000000000..eb33f6f1f --- /dev/null +++ b/preparation/ansible-winrm/00-ansible.cmd @@ -0,0 +1,21 @@ +@echo off +set CURRENT_PATH=%~dp0 +echo %CURRENT_PATH% + + +rem https://stackoverflow.com/questions/4051883/batch-script-how-to-check-for-admin-rights +goto check_Permissions + +:check_Permissions + echo Administrative permissions required. Detecting permissions... + + net session >nul 2>&1 + if %errorLevel% == 0 ( + echo Success: Administrative permissions confirmed. Setting up everything for Ansible... + %CURRENT_PATH%\01-winrm-quickconfig.cmd & %CURRENT_PATH%\02-ansible-winrm.cmd & %CURRENT_PATH%\03-allow-icmp.cmd +pause + ) else ( + echo Failure: Current permissions inadequate. You need to run this script as administrator! + ) + + pause >nul \ No newline at end of file diff --git a/preparation/ansible-winrm/01-winrm-quickconfig.cmd b/preparation/ansible-winrm/01-winrm-quickconfig.cmd new file mode 100644 index 000000000..315c28ea4 --- /dev/null +++ b/preparation/ansible-winrm/01-winrm-quickconfig.cmd @@ -0,0 +1,2 @@ +@echo off +winrm quickconfig diff --git a/preparation/ansible-winrm/02-ansible-winrm.cmd b/preparation/ansible-winrm/02-ansible-winrm.cmd new file mode 100644 index 000000000..9e210ac9c --- /dev/null +++ b/preparation/ansible-winrm/02-ansible-winrm.cmd @@ -0,0 +1,5 @@ +@echo off +set CURRENT_PATH=%~dp0 +echo %CURRENT_PATH% +powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope CurrentUser +powershell %CURRENT_PATH%\ConfigureRemotingForAnsible.ps1 \ No newline at end of file diff --git a/preparation/ansible-winrm/03-allow-icmp.cmd b/preparation/ansible-winrm/03-allow-icmp.cmd new file mode 100644 index 000000000..41dcfd898 --- /dev/null +++ b/preparation/ansible-winrm/03-allow-icmp.cmd @@ -0,0 +1 @@ +powershell Set-NetFirewallRule -name "FPS-ICMP4-ERQ-In*" -Enabled true \ No newline at end of file diff --git a/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 b/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 new file mode 100644 index 000000000..7cc86abd7 --- /dev/null +++ b/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 @@ -0,0 +1,435 @@ +#Requires -Version 3.0 + +# Configure a Windows host for remote management with Ansible +# ----------------------------------------------------------- +# +# This script checks the current WinRM (PS Remoting) configuration and makes +# the necessary changes to allow Ansible to connect, authenticate and +# execute PowerShell commands. +# +# IMPORTANT: This script uses self-signed certificates and authentication mechanisms +# that are intended for development environments and evaluation purposes only. +# Production environments and deployments that are exposed on the network should +# use CA-signed certificates and secure authentication mechanisms such as Kerberos. +# +# To run this script in Powershell: +# +# [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 +# $url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1" +# $file = "$env:temp\ConfigureRemotingForAnsible.ps1" +# +# (New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file) +# +# powershell.exe -ExecutionPolicy ByPass -File $file +# +# All events are logged to the Windows EventLog, useful for unattended runs. +# +# Use option -Verbose in order to see the verbose output messages. +# +# Use option -CertValidityDays to specify how long this certificate is valid +# starting from today. So you would specify -CertValidityDays 3650 to get +# a 10-year valid certificate. +# +# Use option -ForceNewSSLCert if the system has been SysPreped and a new +# SSL Certificate must be forced on the WinRM Listener when re-running this +# script. This is necessary when a new SID and CN name is created. +# +# Use option -EnableCredSSP to enable CredSSP as an authentication option. +# +# Use option -DisableBasicAuth to disable basic authentication. +# +# Use option -SkipNetworkProfileCheck to skip the network profile check. +# Without specifying this the script will only run if the device's interfaces +# are in DOMAIN or PRIVATE zones. Provide this switch if you want to enable +# WinRM on a device with an interface in PUBLIC zone. +# +# Use option -SubjectName to specify the CN name of the certificate. This +# defaults to the system's hostname and generally should not be specified. + +# Written by Trond Hindenes +# Updated by Chris Church +# Updated by Michael Crilly +# Updated by Anton Ouzounov +# Updated by Nicolas Simond +# Updated by Dag Wieërs +# Updated by Jordan Borean +# Updated by Erwan Quélin +# Updated by David Norman +# +# Version 1.0 - 2014-07-06 +# Version 1.1 - 2014-11-11 +# Version 1.2 - 2015-05-15 +# Version 1.3 - 2016-04-04 +# Version 1.4 - 2017-01-05 +# Version 1.5 - 2017-02-09 +# Version 1.6 - 2017-04-18 +# Version 1.7 - 2017-11-23 +# Version 1.8 - 2018-02-23 +# Version 1.9 - 2018-09-21 + +# Support -Verbose option +[CmdletBinding()] + +Param ( + [string]$SubjectName = $env:COMPUTERNAME, + [int]$CertValidityDays = 1095, + [switch]$SkipNetworkProfileCheck, + $CreateSelfSignedCert = $true, + [switch]$ForceNewSSLCert, + [switch]$GlobalHttpFirewallAccess, + [switch]$DisableBasicAuth = $false, + [switch]$EnableCredSSP +) + +Function Write-ProgressLog { + $Message = $args[0] + Write-EventLog -LogName Application -Source $EventSource -EntryType Information -EventId 1 -Message $Message +} + +Function Write-VerboseLog { + $Message = $args[0] + Write-Verbose $Message + Write-ProgressLog $Message +} + +Function Write-HostLog { + $Message = $args[0] + Write-Output $Message + Write-ProgressLog $Message +} + +Function New-LegacySelfSignedCert { + Param ( + [string]$SubjectName, + [int]$ValidDays = 1095 + ) + + $hostnonFQDN = $env:computerName + $hostFQDN = [System.Net.Dns]::GetHostByName(($env:computerName)).Hostname + $SignatureAlgorithm = "SHA256" + + $name = New-Object -COM "X509Enrollment.CX500DistinguishedName.1" + $name.Encode("CN=$SubjectName", 0) + + $key = New-Object -COM "X509Enrollment.CX509PrivateKey.1" + $key.ProviderName = "Microsoft Enhanced RSA and AES Cryptographic Provider" + $key.KeySpec = 1 + $key.Length = 4096 + $key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)" + $key.MachineContext = 1 + $key.Create() + + $serverauthoid = New-Object -COM "X509Enrollment.CObjectId.1" + $serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1") + $ekuoids = New-Object -COM "X509Enrollment.CObjectIds.1" + $ekuoids.Add($serverauthoid) + $ekuext = New-Object -COM "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1" + $ekuext.InitializeEncode($ekuoids) + + $cert = New-Object -COM "X509Enrollment.CX509CertificateRequestCertificate.1" + $cert.InitializeFromPrivateKey(2, $key, "") + $cert.Subject = $name + $cert.Issuer = $cert.Subject + $cert.NotBefore = (Get-Date).AddDays(-1) + $cert.NotAfter = $cert.NotBefore.AddDays($ValidDays) + + $SigOID = New-Object -ComObject X509Enrollment.CObjectId + $SigOID.InitializeFromValue(([Security.Cryptography.Oid]$SignatureAlgorithm).Value) + + [string[]] $AlternativeName += $hostnonFQDN + $AlternativeName += $hostFQDN + $IAlternativeNames = New-Object -ComObject X509Enrollment.CAlternativeNames + + foreach ($AN in $AlternativeName) { + $AltName = New-Object -ComObject X509Enrollment.CAlternativeName + $AltName.InitializeFromString(0x3, $AN) + $IAlternativeNames.Add($AltName) + } + + $SubjectAlternativeName = New-Object -ComObject X509Enrollment.CX509ExtensionAlternativeNames + $SubjectAlternativeName.InitializeEncode($IAlternativeNames) + + [String[]]$KeyUsage = ("DigitalSignature", "KeyEncipherment") + $KeyUsageObj = New-Object -ComObject X509Enrollment.CX509ExtensionKeyUsage + $KeyUsageObj.InitializeEncode([int][Security.Cryptography.X509Certificates.X509KeyUsageFlags]($KeyUsage)) + $KeyUsageObj.Critical = $true + + $cert.X509Extensions.Add($KeyUsageObj) + $cert.X509Extensions.Add($ekuext) + $cert.SignatureInformation.HashAlgorithm = $SigOID + $CERT.X509Extensions.Add($SubjectAlternativeName) + $cert.Encode() + + $enrollment = New-Object -COM "X509Enrollment.CX509Enrollment.1" + $enrollment.InitializeFromRequest($cert) + $certdata = $enrollment.CreateRequest(0) + $enrollment.InstallResponse(2, $certdata, 0, "") + + # extract/return the thumbprint from the generated cert + $parsed_cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 + $parsed_cert.Import([System.Text.Encoding]::UTF8.GetBytes($certdata)) + + return $parsed_cert.Thumbprint +} + +Function Enable-GlobalHttpFirewallAccess { + Write-Verbose "Forcing global HTTP firewall access" + # this is a fairly naive implementation; could be more sophisticated about rule matching/collapsing + $fw = New-Object -ComObject HNetCfg.FWPolicy2 + + # try to find/enable the default rule first + $add_rule = $false + $matching_rules = $fw.Rules | Where-Object { $_.Name -eq "Windows Remote Management (HTTP-In)" } + $rule = $null + If ($matching_rules) { + If ($matching_rules -isnot [Array]) { + Write-Verbose "Editing existing single HTTP firewall rule" + $rule = $matching_rules + } + Else { + # try to find one with the All or Public profile first + Write-Verbose "Found multiple existing HTTP firewall rules..." + $rule = $matching_rules | ForEach-Object { $_.Profiles -band 4 }[0] + + If (-not $rule -or $rule -is [Array]) { + Write-Verbose "Editing an arbitrary single HTTP firewall rule (multiple existed)" + # oh well, just pick the first one + $rule = $matching_rules[0] + } + } + } + + If (-not $rule) { + Write-Verbose "Creating a new HTTP firewall rule" + $rule = New-Object -ComObject HNetCfg.FWRule + $rule.Name = "Windows Remote Management (HTTP-In)" + $rule.Description = "Inbound rule for Windows Remote Management via WS-Management. [TCP 5985]" + $add_rule = $true + } + + $rule.Profiles = 0x7FFFFFFF + $rule.Protocol = 6 + $rule.LocalPorts = 5985 + $rule.RemotePorts = "*" + $rule.LocalAddresses = "*" + $rule.RemoteAddresses = "*" + $rule.Enabled = $true + $rule.Direction = 1 + $rule.Action = 1 + $rule.Grouping = "Windows Remote Management" + + If ($add_rule) { + $fw.Rules.Add($rule) + } + + Write-Verbose "HTTP firewall rule $($rule.Name) updated" +} + +# Setup error handling. +Trap { + $_ + Exit 1 +} +$ErrorActionPreference = "Stop" + +# Get the ID and security principal of the current user account +$myWindowsID = [System.Security.Principal.WindowsIdentity]::GetCurrent() +$myWindowsPrincipal = new-object System.Security.Principal.WindowsPrincipal($myWindowsID) + +# Get the security principal for the Administrator role +$adminRole = [System.Security.Principal.WindowsBuiltInRole]::Administrator + +# Check to see if we are currently running "as Administrator" +if (-Not $myWindowsPrincipal.IsInRole($adminRole)) { + Write-Output "ERROR: You need elevated Administrator privileges in order to run this script." + Write-Output " Start Windows PowerShell by using the Run as Administrator option." + Exit 2 +} + +$EventSource = $MyInvocation.MyCommand.Name +If (-Not $EventSource) { + $EventSource = "Powershell CLI" +} + +If ([System.Diagnostics.EventLog]::Exists('Application') -eq $False -or [System.Diagnostics.EventLog]::SourceExists($EventSource) -eq $False) { + New-EventLog -LogName Application -Source $EventSource +} + +# Detect PowerShell version. +If ($PSVersionTable.PSVersion.Major -lt 3) { + Write-ProgressLog "PowerShell version 3 or higher is required." + Throw "PowerShell version 3 or higher is required." +} + +# Find and start the WinRM service. +Write-Verbose "Verifying WinRM service." +If (!(Get-Service "WinRM")) { + Write-ProgressLog "Unable to find the WinRM service." + Throw "Unable to find the WinRM service." +} +ElseIf ((Get-Service "WinRM").Status -ne "Running") { + Write-Verbose "Setting WinRM service to start automatically on boot." + Set-Service -Name "WinRM" -StartupType Automatic + Write-ProgressLog "Set WinRM service to start automatically on boot." + Write-Verbose "Starting WinRM service." + Start-Service -Name "WinRM" -ErrorAction Stop + Write-ProgressLog "Started WinRM service." + +} + +# WinRM should be running; check that we have a PS session config. +If (!(Get-PSSessionConfiguration -Verbose:$false) -or (!(Get-ChildItem WSMan:\localhost\Listener))) { + If ($SkipNetworkProfileCheck) { + Write-Verbose "Enabling PS Remoting without checking Network profile." + Enable-PSRemoting -SkipNetworkProfileCheck -Force -ErrorAction Stop + Write-ProgressLog "Enabled PS Remoting without checking Network profile." + } + Else { + Write-Verbose "Enabling PS Remoting." + Enable-PSRemoting -Force -ErrorAction Stop + Write-ProgressLog "Enabled PS Remoting." + } +} +Else { + Write-Verbose "PS Remoting is already enabled." +} + +# Ensure LocalAccountTokenFilterPolicy is set to 1 +# https://github.com/ansible/ansible/issues/42978 +$token_path = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" +$token_prop_name = "LocalAccountTokenFilterPolicy" +$token_key = Get-Item -Path $token_path +$token_value = $token_key.GetValue($token_prop_name, $null) +if ($token_value -ne 1) { + Write-Verbose "Setting LocalAccountTOkenFilterPolicy to 1" + if ($null -ne $token_value) { + Remove-ItemProperty -Path $token_path -Name $token_prop_name + } + New-ItemProperty -Path $token_path -Name $token_prop_name -Value 1 -PropertyType DWORD > $null +} + +# Make sure there is a SSL listener. +$listeners = Get-ChildItem WSMan:\localhost\Listener +If (!($listeners | Where-Object { $_.Keys -like "TRANSPORT=HTTPS" })) { + # We cannot use New-SelfSignedCertificate on 2012R2 and earlier + $thumbprint = New-LegacySelfSignedCert -SubjectName $SubjectName -ValidDays $CertValidityDays + Write-HostLog "Self-signed SSL certificate generated; thumbprint: $thumbprint" + + # Create the hashtables of settings to be used. + $valueset = @{ + Hostname = $SubjectName + CertificateThumbprint = $thumbprint + } + + $selectorset = @{ + Transport = "HTTPS" + Address = "*" + } + + Write-Verbose "Enabling SSL listener." + New-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset -ValueSet $valueset + Write-ProgressLog "Enabled SSL listener." +} +Else { + Write-Verbose "SSL listener is already active." + + # Force a new SSL cert on Listener if the $ForceNewSSLCert + If ($ForceNewSSLCert) { + + # We cannot use New-SelfSignedCertificate on 2012R2 and earlier + $thumbprint = New-LegacySelfSignedCert -SubjectName $SubjectName -ValidDays $CertValidityDays + Write-HostLog "Self-signed SSL certificate generated; thumbprint: $thumbprint" + + $valueset = @{ + CertificateThumbprint = $thumbprint + Hostname = $SubjectName + } + + # Delete the listener for SSL + $selectorset = @{ + Address = "*" + Transport = "HTTPS" + } + Remove-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset + + # Add new Listener with new SSL cert + New-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset -ValueSet $valueset + } +} + +# Check for basic authentication. +$basicAuthSetting = Get-ChildItem WSMan:\localhost\Service\Auth | Where-Object { $_.Name -eq "Basic" } + +If ($DisableBasicAuth) { + If (($basicAuthSetting.Value) -eq $true) { + Write-Verbose "Disabling basic auth support." + Set-Item -Path "WSMan:\localhost\Service\Auth\Basic" -Value $false + Write-ProgressLog "Disabled basic auth support." + } + Else { + Write-Verbose "Basic auth is already disabled." + } +} +Else { + If (($basicAuthSetting.Value) -eq $false) { + Write-Verbose "Enabling basic auth support." + Set-Item -Path "WSMan:\localhost\Service\Auth\Basic" -Value $true + Write-ProgressLog "Enabled basic auth support." + } + Else { + Write-Verbose "Basic auth is already enabled." + } +} + +# If EnableCredSSP if set to true +If ($EnableCredSSP) { + # Check for CredSSP authentication + $credsspAuthSetting = Get-ChildItem WSMan:\localhost\Service\Auth | Where-Object { $_.Name -eq "CredSSP" } + If (($credsspAuthSetting.Value) -eq $false) { + Write-Verbose "Enabling CredSSP auth support." + Enable-WSManCredSSP -role server -Force + Write-ProgressLog "Enabled CredSSP auth support." + } +} + +If ($GlobalHttpFirewallAccess) { + Enable-GlobalHttpFirewallAccess +} + +# Configure firewall to allow WinRM HTTPS connections. +$fwtest1 = netsh advfirewall firewall show rule name="Allow WinRM HTTPS" +$fwtest2 = netsh advfirewall firewall show rule name="Allow WinRM HTTPS" profile=any +If ($fwtest1.count -lt 5) { + Write-Verbose "Adding firewall rule to allow WinRM HTTPS." + netsh advfirewall firewall add rule profile=any name="Allow WinRM HTTPS" dir=in localport=5986 protocol=TCP action=allow + Write-ProgressLog "Added firewall rule to allow WinRM HTTPS." +} +ElseIf (($fwtest1.count -ge 5) -and ($fwtest2.count -lt 5)) { + Write-Verbose "Updating firewall rule to allow WinRM HTTPS for any profile." + netsh advfirewall firewall set rule name="Allow WinRM HTTPS" new profile=any + Write-ProgressLog "Updated firewall rule to allow WinRM HTTPS for any profile." +} +Else { + Write-Verbose "Firewall rule already exists to allow WinRM HTTPS." +} + +# Test a remoting connection to localhost, which should work. +$httpResult = Invoke-Command -ComputerName "localhost" -ScriptBlock { $using:env:COMPUTERNAME } -ErrorVariable httpError -ErrorAction SilentlyContinue +$httpsOptions = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck + +$httpsResult = New-PSSession -UseSSL -ComputerName "localhost" -SessionOption $httpsOptions -ErrorVariable httpsError -ErrorAction SilentlyContinue + +If ($httpResult -and $httpsResult) { + Write-Verbose "HTTP: Enabled | HTTPS: Enabled" +} +ElseIf ($httpsResult -and !$httpResult) { + Write-Verbose "HTTP: Disabled | HTTPS: Enabled" +} +ElseIf ($httpResult -and !$httpsResult) { + Write-Verbose "HTTP: Enabled | HTTPS: Disabled" +} +Else { + Write-ProgressLog "Unable to establish an HTTP or HTTPS remoting session." + Throw "Unable to establish an HTTP or HTTPS remoting session." +} +Write-VerboseLog "PS Remoting has been successfully configured for Ansible." From 9d2030fbdddf3b73771255b4f89df255f2a1283f Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Tue, 1 Nov 2022 13:17:01 +0100 Subject: [PATCH 066/146] Remove newlines --- roles/agent/tasks/Win32NT.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/agent/tasks/Win32NT.yml b/roles/agent/tasks/Win32NT.yml index 772b2629e..73a0bf34d 100644 --- a/roles/agent/tasks/Win32NT.yml +++ b/roles/agent/tasks/Win32NT.yml @@ -13,4 +13,3 @@ ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" tags: - include-os-family-tasks - From 9f65e6d9ab8ecc399152d27d6c6aee332fd8cbfd Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Tue, 1 Nov 2022 13:18:07 +0100 Subject: [PATCH 067/146] Remove newline From 9d26c6ed57fb327cf2154de143d741483b0968dd Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Tue, 1 Nov 2022 13:20:22 +0100 Subject: [PATCH 068/146] Change extension --- playbooks/{example-add_hosts.py => example-add_hosts.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename playbooks/{example-add_hosts.py => example-add_hosts.yml} (100%) diff --git a/playbooks/example-add_hosts.py b/playbooks/example-add_hosts.yml similarity index 100% rename from playbooks/example-add_hosts.py rename to playbooks/example-add_hosts.yml From 09a695fa257762bd156b1f68b0993b092c998e3e Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Tue, 1 Nov 2022 13:20:37 +0100 Subject: [PATCH 069/146] Update example-add_hosts.yml --- playbooks/example-add_hosts.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/playbooks/example-add_hosts.yml b/playbooks/example-add_hosts.yml index 6c03aea1c..1c4258975 100644 --- a/playbooks/example-add_hosts.yml +++ b/playbooks/example-add_hosts.yml @@ -5,4 +5,3 @@ roles: - tribe29.checkmk.agent - From 29b825e98e7b6e28329477b4bff627a7a78004ac Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Tue, 1 Nov 2022 13:22:52 +0100 Subject: [PATCH 070/146] Update 00-ansible.cmd --- preparation/ansible-winrm/00-ansible.cmd | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/preparation/ansible-winrm/00-ansible.cmd b/preparation/ansible-winrm/00-ansible.cmd index eb33f6f1f..663d8cf6b 100644 --- a/preparation/ansible-winrm/00-ansible.cmd +++ b/preparation/ansible-winrm/00-ansible.cmd @@ -2,7 +2,6 @@ set CURRENT_PATH=%~dp0 echo %CURRENT_PATH% - rem https://stackoverflow.com/questions/4051883/batch-script-how-to-check-for-admin-rights goto check_Permissions @@ -18,4 +17,4 @@ pause echo Failure: Current permissions inadequate. You need to run this script as administrator! ) - pause >nul \ No newline at end of file + pause >nul From ae64e92c833545e1df1435db19e6199facb6d636 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Tue, 1 Nov 2022 13:23:12 +0100 Subject: [PATCH 071/146] Update 01-winrm-quickconfig.cmd From 8f18dc0ed005d807c40dd9be3c07092ee41ed455 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Wed, 2 Nov 2022 09:32:51 +0100 Subject: [PATCH 072/146] Update Windows.yml --- roles/agent/vars/Windows.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/agent/vars/Windows.yml b/roles/agent/vars/Windows.yml index dffe9e69b..be8924891 100644 --- a/roles/agent/vars/Windows.yml +++ b/roles/agent/vars/Windows.yml @@ -8,4 +8,3 @@ checkmk_agent_agent: file: cre: "{{ checkmk_agent_host_tmp_dir }}\\check_mk_agent.msi" cee: "{{ checkmk_agent_host_tmp_dir }}\\check_mk_agent.msi" - From 64bc98101b3fdbb9be1644642dcdaf536958c0ee Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Wed, 2 Nov 2022 09:38:11 +0100 Subject: [PATCH 073/146] Change -Path to -LiteralPath --- preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 b/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 index 7cc86abd7..ecf84119b 100644 --- a/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 +++ b/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 @@ -298,14 +298,14 @@ Else { # https://github.com/ansible/ansible/issues/42978 $token_path = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" $token_prop_name = "LocalAccountTokenFilterPolicy" -$token_key = Get-Item -Path $token_path +$token_key = Get-Item -LiteralPath $token_path $token_value = $token_key.GetValue($token_prop_name, $null) if ($token_value -ne 1) { Write-Verbose "Setting LocalAccountTOkenFilterPolicy to 1" if ($null -ne $token_value) { - Remove-ItemProperty -Path $token_path -Name $token_prop_name + Remove-ItemProperty -LiteralPath $token_path -Name $token_prop_name } - New-ItemProperty -Path $token_path -Name $token_prop_name -Value 1 -PropertyType DWORD > $null + New-ItemProperty -LiteralPath $token_path -Name $token_prop_name -Value 1 -PropertyType DWORD > $null } # Make sure there is a SSL listener. From 06e65ed48874c364b457c62774e7b6b1840b9688 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Wed, 2 Nov 2022 09:40:26 +0100 Subject: [PATCH 074/146] Update 00-ansible.cmd --- preparation/ansible-winrm/00-ansible.cmd | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/preparation/ansible-winrm/00-ansible.cmd b/preparation/ansible-winrm/00-ansible.cmd index 663d8cf6b..eccd681c1 100644 --- a/preparation/ansible-winrm/00-ansible.cmd +++ b/preparation/ansible-winrm/00-ansible.cmd @@ -16,5 +16,5 @@ pause ) else ( echo Failure: Current permissions inadequate. You need to run this script as administrator! ) - - pause >nul + +pause >nul From c1fd6332b5bcb69d46a6f7c5fe90c0e0b972e445 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Thu, 3 Nov 2022 09:10:32 +0100 Subject: [PATCH 075/146] Update .gitattributes Handle line endings in windows files --- .gitattributes | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitattributes b/.gitattributes index b2a76a893..f152d0d95 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1 +1,2 @@ -*.yml linguist-detectable \ No newline at end of file +*.yml linguist-detectable +*.cmd text eol=crlf From c16b970298e040d534a2db64f25f7f5d5baccea0 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Thu, 3 Nov 2022 09:19:11 +0100 Subject: [PATCH 076/146] Update Linux.yml --- roles/agent/tasks/Linux.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/agent/tasks/Linux.yml b/roles/agent/tasks/Linux.yml index ee965391f..5c8fb197f 100644 --- a/roles/agent/tasks/Linux.yml +++ b/roles/agent/tasks/Linux.yml @@ -54,7 +54,7 @@ -s {{ checkmk_agent_server }} -i {{ checkmk_agent_site }} -p {{ checkmk_agent_protocol }} \ -U {{ checkmk_agent_user }} -S {{ checkmk_agent_auth }} register: checkmk_agent_update_state - when: + when: (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme") and checkmk_agent_updater_binary.stat.exists and checkmk_agent_update and (checkmk_agent_secret is defined and checkmk_agent_secret) - name: "({{ansible_system}}): Register Agent for TLS." @@ -64,5 +64,5 @@ -s {{ checkmk_agent_server }} -i {{ checkmk_agent_site }} \ -U {{ checkmk_agent_user }} -P {{ checkmk_agent_auth }} --trust-cert register: checkmk_agent_tls_state - when: + when: (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme") and checkmk_agent_controller_binary.stat.exists and checkmk_agent_tls and (checkmk_agent_auth is defined and checkmk_agent_auth) From 712d283af027daf5b89e4a71813177bcfb2be330 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Thu, 3 Nov 2022 09:19:39 +0100 Subject: [PATCH 077/146] Update Windows.yml --- roles/agent/tasks/Windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/agent/tasks/Windows.yml b/roles/agent/tasks/Windows.yml index d4d48e453..d7e810a2c 100644 --- a/roles/agent/tasks/Windows.yml +++ b/roles/agent/tasks/Windows.yml @@ -26,7 +26,7 @@ checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme" - + - name: "({{ ansible_os_family }}): Install Checkmk Agent." ansible.builtin.win_package: path: "{{ checkmk_agent_agent.file.cee }}" From d21ab95094cc82b3d8876fb7c69ea95d86eee002 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Thu, 3 Nov 2022 09:23:19 +0100 Subject: [PATCH 078/146] Update example-linux-inventory.yml --- playbooks/example-linux-inventory.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/playbooks/example-linux-inventory.yml b/playbooks/example-linux-inventory.yml index f701899f4..d2ff3df18 100644 --- a/playbooks/example-linux-inventory.yml +++ b/playbooks/example-linux-inventory.yml @@ -1,10 +1,10 @@ +--- My_Site: hosts: debian: ansible_host: 127.0.0.1 checkmk_agent_host_attributes: ipaddress: '{{ansible_host}}' - # tag_Operating_System: Linux vars: checkmk_agent_add_host: true @@ -19,5 +19,5 @@ My_Site: checkmk_agent_port: 80 checkmk_agent_site: My_Site checkmk_agent_version: 2.0.0p22 - ansible_user: root + ansible_user: root ansible_password: $SECRET From a75af5a543acbced75c66a643bad7afe772c95fa Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Thu, 3 Nov 2022 09:24:38 +0100 Subject: [PATCH 079/146] Update example-windows-inventory.yml --- playbooks/example-windows-inventory.yml | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/playbooks/example-windows-inventory.yml b/playbooks/example-windows-inventory.yml index 0a9cd2b09..001957fa1 100644 --- a/playbooks/example-windows-inventory.yml +++ b/playbooks/example-windows-inventory.yml @@ -1,35 +1,30 @@ +--- My_Site: hosts: win10: ansible_host: 192.168.128.101 checkmk_agent_host_attributes: ipaddress: '{{ansible_host}}' - # tag_Operating_System: Windows win11: ansible_host: 192.168.128.100 checkmk_agent_host_attributes: ipaddress: '{{ansible_host}}' - # tag_Operating_System: Windows win2k12: ansible_host: 192.168.128.103 checkmk_agent_host_attributes: ipaddress: '{{ansible_host}}' - # tag_Operating_System: Windows win2k16: ansible_host: 192.168.128.102 checkmk_agent_host_attributes: ipaddress: '{{ansible_host}}' - # tag_Operating_System: Windows win2k19: ansible_host: 192.168.128.105 checkmk_agent_host_attributes: ipaddress: '{{ansible_host}}' - # tag_Operating_System: Windows win2k22: ansible_host: 192.168.128.104 checkmk_agent_host_attributes: ipaddress: '{{ansible_host}}' - # tag_Operating_System: Windows vars: checkmk_agent_add_host: true @@ -45,12 +40,7 @@ My_Site: checkmk_agent_site: My_Site checkmk_agent_version: 2.0.0p22 ansible_user: Administrator - ansible_password: $SECRET + ansible_password: $SECRET ansible_connection: winrm - ansible_winrm_transport: ntlm + ansible_winrm_transport: ntlm ansible_winrm_server_cert_validation: ignore - -# Windows host (powershell): -# Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope CurrentUser -# .\ConfigureRemotingForAnsible.ps1 -# winrm quickconfig From 68f9163c53a535c91950047351c752f21898a1f1 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Thu, 3 Nov 2022 09:25:26 +0100 Subject: [PATCH 080/146] Update example-add_hosts.yml --- playbooks/example-add_hosts.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/playbooks/example-add_hosts.yml b/playbooks/example-add_hosts.yml index 1c4258975..820182a2d 100644 --- a/playbooks/example-add_hosts.yml +++ b/playbooks/example-add_hosts.yml @@ -1,7 +1,5 @@ --- - hosts: My_site # Sitename -# debugger: on_failed -# connection: local roles: - tribe29.checkmk.agent From aceef8462ee05277f28fb0f04a499fab4dd573b0 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Thu, 3 Nov 2022 09:38:41 +0100 Subject: [PATCH 081/146] Force LF line ending on windows files --- .gitattributes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitattributes b/.gitattributes index f152d0d95..e7f092344 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,2 +1,2 @@ *.yml linguist-detectable -*.cmd text eol=crlf +*.cmd text eol=lf From 28f160a708c76ddf232215cb21d1e0794b1fa7e0 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Thu, 3 Nov 2022 09:41:40 +0100 Subject: [PATCH 082/146] Update 00-ansible.cmd From 083ff3156bd83a8f59dc8c8c003afc5f22f663b5 Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Fri, 4 Nov 2022 17:34:15 +0100 Subject: [PATCH 083/146] Trash --- preparation/ansible-winrm/00-ansible.cmd | 40 +++++++++---------- .../ansible-winrm/01-winrm-quickconfig.cmd | 4 +- .../ansible-winrm/02-ansible-winrm.cmd | 8 ++-- 3 files changed, 26 insertions(+), 26 deletions(-) diff --git a/preparation/ansible-winrm/00-ansible.cmd b/preparation/ansible-winrm/00-ansible.cmd index eccd681c1..b173c1b1e 100644 --- a/preparation/ansible-winrm/00-ansible.cmd +++ b/preparation/ansible-winrm/00-ansible.cmd @@ -1,20 +1,20 @@ -@echo off -set CURRENT_PATH=%~dp0 -echo %CURRENT_PATH% - -rem https://stackoverflow.com/questions/4051883/batch-script-how-to-check-for-admin-rights -goto check_Permissions - -:check_Permissions - echo Administrative permissions required. Detecting permissions... - - net session >nul 2>&1 - if %errorLevel% == 0 ( - echo Success: Administrative permissions confirmed. Setting up everything for Ansible... - %CURRENT_PATH%\01-winrm-quickconfig.cmd & %CURRENT_PATH%\02-ansible-winrm.cmd & %CURRENT_PATH%\03-allow-icmp.cmd -pause - ) else ( - echo Failure: Current permissions inadequate. You need to run this script as administrator! - ) - -pause >nul +@echo off +set CURRENT_PATH=%~dp0 +echo %CURRENT_PATH% + +rem https://stackoverflow.com/questions/4051883/batch-script-how-to-check-for-admin-rights +goto check_Permissions + +:check_Permissions + echo Administrative permissions required. Detecting permissions... + + net session >nul 2>&1 + if %errorLevel% == 0 ( + echo Success: Administrative permissions confirmed. Setting up everything for Ansible... + %CURRENT_PATH%\01-winrm-quickconfig.cmd & %CURRENT_PATH%\02-ansible-winrm.cmd & %CURRENT_PATH%\03-allow-icmp.cmd +pause + ) else ( + echo Failure: Current permissions inadequate. You need to run this script as administrator! + ) + +pause >nul diff --git a/preparation/ansible-winrm/01-winrm-quickconfig.cmd b/preparation/ansible-winrm/01-winrm-quickconfig.cmd index 315c28ea4..bb8142259 100644 --- a/preparation/ansible-winrm/01-winrm-quickconfig.cmd +++ b/preparation/ansible-winrm/01-winrm-quickconfig.cmd @@ -1,2 +1,2 @@ -@echo off -winrm quickconfig +@echo off +winrm quickconfig diff --git a/preparation/ansible-winrm/02-ansible-winrm.cmd b/preparation/ansible-winrm/02-ansible-winrm.cmd index 9e210ac9c..812d741c1 100644 --- a/preparation/ansible-winrm/02-ansible-winrm.cmd +++ b/preparation/ansible-winrm/02-ansible-winrm.cmd @@ -1,5 +1,5 @@ -@echo off -set CURRENT_PATH=%~dp0 -echo %CURRENT_PATH% -powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope CurrentUser +@echo off +set CURRENT_PATH=%~dp0 +echo %CURRENT_PATH% +powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope CurrentUser powershell %CURRENT_PATH%\ConfigureRemotingForAnsible.ps1 \ No newline at end of file From 8aeb082dbadd47c059290d50c1f76daf460954ac Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Mon, 7 Nov 2022 08:22:22 +0100 Subject: [PATCH 084/146] Delete example-add_hosts.yml --- playbooks/example-add_hosts.yml | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 playbooks/example-add_hosts.yml diff --git a/playbooks/example-add_hosts.yml b/playbooks/example-add_hosts.yml deleted file mode 100644 index 820182a2d..000000000 --- a/playbooks/example-add_hosts.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: My_site # Sitename - - roles: - - tribe29.checkmk.agent From 5acbf19ec74bb856ac006700a5f5cea3a3352559 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Mon, 7 Nov 2022 08:22:52 +0100 Subject: [PATCH 085/146] Delete example-linux-inventory.yml --- playbooks/example-linux-inventory.yml | 23 ----------------------- 1 file changed, 23 deletions(-) delete mode 100644 playbooks/example-linux-inventory.yml diff --git a/playbooks/example-linux-inventory.yml b/playbooks/example-linux-inventory.yml deleted file mode 100644 index d2ff3df18..000000000 --- a/playbooks/example-linux-inventory.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -My_Site: - hosts: - debian: - ansible_host: 127.0.0.1 - checkmk_agent_host_attributes: - ipaddress: '{{ansible_host}}' - - vars: - checkmk_agent_add_host: true - checkmk_agent_discover: true - checkmk_agent_edition: cme - checkmk_agent_host_ip: '{{ ansible_host }}' - checkmk_agent_host_name: '{{ inventory_hostname }}' - checkmk_agent_user: automation - checkmk_agent_pass: $AUTOMATION_SECRET - checkmk_agent_protocol: http - checkmk_agent_server: 127.0.0.1 - checkmk_agent_port: 80 - checkmk_agent_site: My_Site - checkmk_agent_version: 2.0.0p22 - ansible_user: root - ansible_password: $SECRET From a28fd9f858a57140400b2a06aba220e24b056fa1 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Mon, 7 Nov 2022 08:23:00 +0100 Subject: [PATCH 086/146] Delete example-windows-inventory.yml --- playbooks/example-windows-inventory.yml | 46 ------------------------- 1 file changed, 46 deletions(-) delete mode 100644 playbooks/example-windows-inventory.yml diff --git a/playbooks/example-windows-inventory.yml b/playbooks/example-windows-inventory.yml deleted file mode 100644 index 001957fa1..000000000 --- a/playbooks/example-windows-inventory.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -My_Site: - hosts: - win10: - ansible_host: 192.168.128.101 - checkmk_agent_host_attributes: - ipaddress: '{{ansible_host}}' - win11: - ansible_host: 192.168.128.100 - checkmk_agent_host_attributes: - ipaddress: '{{ansible_host}}' - win2k12: - ansible_host: 192.168.128.103 - checkmk_agent_host_attributes: - ipaddress: '{{ansible_host}}' - win2k16: - ansible_host: 192.168.128.102 - checkmk_agent_host_attributes: - ipaddress: '{{ansible_host}}' - win2k19: - ansible_host: 192.168.128.105 - checkmk_agent_host_attributes: - ipaddress: '{{ansible_host}}' - win2k22: - ansible_host: 192.168.128.104 - checkmk_agent_host_attributes: - ipaddress: '{{ansible_host}}' - - vars: - checkmk_agent_add_host: true - checkmk_agent_discover: true - checkmk_agent_edition: cre - checkmk_agent_host_ip: '{{ ansible_host }}' - checkmk_agent_host_name: '{{ inventory_hostname }}' - checkmk_agent_user: automation - checkmk_agent_pass: $AUTOMATION_SECRET - checkmk_agent_protocol: http - checkmk_agent_server: 127.0.0.1 - checkmk_agent_port: 80 - checkmk_agent_site: My_Site - checkmk_agent_version: 2.0.0p22 - ansible_user: Administrator - ansible_password: $SECRET - ansible_connection: winrm - ansible_winrm_transport: ntlm - ansible_winrm_server_cert_validation: ignore From 66dc98a52207978e29fecba1a2fb7865f1d69200 Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Wed, 30 Nov 2022 17:01:34 +0100 Subject: [PATCH 087/146] Fix main.yml after merges. --- roles/agent/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/agent/tasks/main.yml b/roles/agent/tasks/main.yml index fb3b2d5cf..40f72a71d 100644 --- a/roles/agent/tasks/main.yml +++ b/roles/agent/tasks/main.yml @@ -7,7 +7,7 @@ - name: "({{ ansible_system }}): Include OS specific tasks." ansible.builtin.include_tasks: "{{ ansible_system }}.yml" tags: - - get-package-facts + - include-system-tasks - name: Populate service facts. ansible.builtin.service_facts: From fd894b4e30afb2ac89a5b4c3552fca12dc7e8bf2 Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Wed, 30 Nov 2022 17:02:39 +0100 Subject: [PATCH 088/146] Clean up Jinja spacing in task names. --- roles/agent/tasks/Debian.yml | 12 ++++++------ roles/agent/tasks/Linux.yml | 2 +- roles/agent/tasks/RedHat.yml | 12 ++++++------ roles/agent/tasks/Suse.yml | 14 +++++++------- 4 files changed, 20 insertions(+), 20 deletions(-) diff --git a/roles/agent/tasks/Debian.yml b/roles/agent/tasks/Debian.yml index 840fa2620..72669ca56 100644 --- a/roles/agent/tasks/Debian.yml +++ b/roles/agent/tasks/Debian.yml @@ -1,5 +1,5 @@ --- -- name: "({{ansible_os_family}}) Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?host_name={{ checkmk_agent_host_name }}&os_type=linux_deb&agent_type=host_name" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -22,7 +22,7 @@ tags: - download-package -- name: "Debian Derivates: Transfer host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Transfer host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.copy: src: "{{ checkmk_agent_agent.file.host }}" dest: "{{ checkmk_agent_agent.file.host }}" @@ -37,7 +37,7 @@ tags: - download-package -- name: "({{ansible_os_family}}) Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.apt: deb: "{{ checkmk_agent_agent.file.host }}" @@ -52,7 +52,7 @@ tags: - install-package -- name: "({{ansible_os_family}}) Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?os_type=linux_deb&agent_type=generic" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -88,7 +88,7 @@ tags: - download-package -- name: "({{ansible_os_family}}) Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.apt: deb: "{{ checkmk_agent_agent.file.cee }}" @@ -103,7 +103,7 @@ tags: - install-package -- name: "({{ansible_os_family}}) Derivates: Install Checkmk CRE Agent." +- name: "{{ ansible_os_family }} Derivates: Install Checkmk CRE Agent." become: true ansible.builtin.apt: deb: "{{ checkmk_agent_agent.file.cre }}" diff --git a/roles/agent/tasks/Linux.yml b/roles/agent/tasks/Linux.yml index 5c8fb197f..465b12554 100644 --- a/roles/agent/tasks/Linux.yml +++ b/roles/agent/tasks/Linux.yml @@ -22,7 +22,7 @@ tags: - download-package -- name: "({{ansible_os_family}}): Run OS Family specific tasks." +- name: "{{ ansible_os_family }}: Run OS Family specific tasks." ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" tags: - include-os-family-tasks diff --git a/roles/agent/tasks/RedHat.yml b/roles/agent/tasks/RedHat.yml index f39a51732..34f13ef53 100644 --- a/roles/agent/tasks/RedHat.yml +++ b/roles/agent/tasks/RedHat.yml @@ -1,5 +1,5 @@ --- -- name: "({{ansible_os_family}}) Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?host_name={{ checkmk_agent_host_name }}&os_type=linux_rpm&agent_type=host_name" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -22,7 +22,7 @@ tags: - download-package -- name: "RedHat Derivates: Transfer host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Transfer host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.copy: src: "{{ checkmk_agent_agent.file.host }}" dest: "{{ checkmk_agent_agent.file.host }}" @@ -37,7 +37,7 @@ tags: - download-package -- name: "({{ansible_os_family}}) Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.yum: name: "{{ checkmk_agent_agent.file.host }}" @@ -52,7 +52,7 @@ tags: - install-package -- name: "({{ansible_os_family}}) Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?os_type=linux_rpm&agent_type=generic" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -88,7 +88,7 @@ tags: - download-package -- name: "({{ansible_os_family}}) Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.yum: name: "{{ checkmk_agent_agent.file.cee }}" @@ -103,7 +103,7 @@ tags: - install-package -- name: "({{ansible_os_family}}) Derivates: Install Checkmk CRE Agent." +- name: "{{ ansible_os_family }} Derivates: Install Checkmk CRE Agent." become: true ansible.builtin.yum: name: "{{ checkmk_agent_agent.file.cre }}" diff --git a/roles/agent/tasks/Suse.yml b/roles/agent/tasks/Suse.yml index 0c0f4458f..955bde4bd 100644 --- a/roles/agent/tasks/Suse.yml +++ b/roles/agent/tasks/Suse.yml @@ -1,5 +1,5 @@ --- -- name: "({{ansible_os_family}}) Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?host_name={{ checkmk_agent_host_name }}&os_type=linux_rpm&agent_type=host_name" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -22,7 +22,7 @@ tags: - download-package -- name: "Suse Derivates: Transfer host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Transfer host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.copy: src: "{{ checkmk_agent_agent.file.host }}" dest: "{{ checkmk_agent_agent.file.host }}" @@ -37,7 +37,7 @@ tags: - download-package -- name: "({{ansible_os_family}}) Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true community.general.zypper: name: "{{ checkmk_agent_agent.file.host }}" @@ -53,7 +53,7 @@ tags: - install-package -- name: "({{ansible_os_family}}) Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?os_type=linux_rpm&agent_type=generic" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -74,7 +74,7 @@ tags: - download-package -- name: "Suse Derivates: Transfer GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Transfer GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.copy: src: "{{ checkmk_agent_agent.file.cee }}" dest: "{{ checkmk_agent_agent.file.cee }}" @@ -89,7 +89,7 @@ tags: - download-package -- name: "({{ansible_os_family}}) Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true community.general.zypper: name: "{{ checkmk_agent_agent.file.cee }}" @@ -105,7 +105,7 @@ tags: - install-package -- name: "({{ansible_os_family}}) Derivates: Install Checkmk CRE Agent." +- name: "{{ ansible_os_family }} Derivates: Install Checkmk CRE Agent." become: true community.general.zypper: name: "{{ checkmk_agent_agent.file.cre }}" From 573aafd9d0c8bc2188a3926977524a6cf19c6be7 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Fri, 14 Oct 2022 17:55:41 +0200 Subject: [PATCH 089/146] Add and change files of agent role Split task main.yml for [Linux|Win32NT].yml (ansible_system) and Windows.yml (ansible_os_family) --- roles/agent/vars/Windows.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/agent/vars/Windows.yml b/roles/agent/vars/Windows.yml index be8924891..dffe9e69b 100644 --- a/roles/agent/vars/Windows.yml +++ b/roles/agent/vars/Windows.yml @@ -8,3 +8,4 @@ checkmk_agent_agent: file: cre: "{{ checkmk_agent_host_tmp_dir }}\\check_mk_agent.msi" cee: "{{ checkmk_agent_host_tmp_dir }}\\check_mk_agent.msi" + From 5117fe462d782bbd124b457436e770792d6a4494 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Fri, 14 Oct 2022 18:12:11 +0200 Subject: [PATCH 090/146] Add example playbooks and inventories Use "ansible-playbook example-add_hosts.py -i example-*-inventory.yml" for test --- playbooks/example-add_hosts.py | 8 ++++ playbooks/example-linux-inventory.yml | 23 ++++++++++ playbooks/example-windows-inventory.yml | 56 +++++++++++++++++++++++++ 3 files changed, 87 insertions(+) create mode 100644 playbooks/example-add_hosts.py create mode 100644 playbooks/example-linux-inventory.yml create mode 100644 playbooks/example-windows-inventory.yml diff --git a/playbooks/example-add_hosts.py b/playbooks/example-add_hosts.py new file mode 100644 index 000000000..6c03aea1c --- /dev/null +++ b/playbooks/example-add_hosts.py @@ -0,0 +1,8 @@ +--- +- hosts: My_site # Sitename +# debugger: on_failed +# connection: local + + roles: + - tribe29.checkmk.agent + diff --git a/playbooks/example-linux-inventory.yml b/playbooks/example-linux-inventory.yml new file mode 100644 index 000000000..f701899f4 --- /dev/null +++ b/playbooks/example-linux-inventory.yml @@ -0,0 +1,23 @@ +My_Site: + hosts: + debian: + ansible_host: 127.0.0.1 + checkmk_agent_host_attributes: + ipaddress: '{{ansible_host}}' + # tag_Operating_System: Linux + + vars: + checkmk_agent_add_host: true + checkmk_agent_discover: true + checkmk_agent_edition: cme + checkmk_agent_host_ip: '{{ ansible_host }}' + checkmk_agent_host_name: '{{ inventory_hostname }}' + checkmk_agent_user: automation + checkmk_agent_pass: $AUTOMATION_SECRET + checkmk_agent_protocol: http + checkmk_agent_server: 127.0.0.1 + checkmk_agent_port: 80 + checkmk_agent_site: My_Site + checkmk_agent_version: 2.0.0p22 + ansible_user: root + ansible_password: $SECRET diff --git a/playbooks/example-windows-inventory.yml b/playbooks/example-windows-inventory.yml new file mode 100644 index 000000000..0a9cd2b09 --- /dev/null +++ b/playbooks/example-windows-inventory.yml @@ -0,0 +1,56 @@ +My_Site: + hosts: + win10: + ansible_host: 192.168.128.101 + checkmk_agent_host_attributes: + ipaddress: '{{ansible_host}}' + # tag_Operating_System: Windows + win11: + ansible_host: 192.168.128.100 + checkmk_agent_host_attributes: + ipaddress: '{{ansible_host}}' + # tag_Operating_System: Windows + win2k12: + ansible_host: 192.168.128.103 + checkmk_agent_host_attributes: + ipaddress: '{{ansible_host}}' + # tag_Operating_System: Windows + win2k16: + ansible_host: 192.168.128.102 + checkmk_agent_host_attributes: + ipaddress: '{{ansible_host}}' + # tag_Operating_System: Windows + win2k19: + ansible_host: 192.168.128.105 + checkmk_agent_host_attributes: + ipaddress: '{{ansible_host}}' + # tag_Operating_System: Windows + win2k22: + ansible_host: 192.168.128.104 + checkmk_agent_host_attributes: + ipaddress: '{{ansible_host}}' + # tag_Operating_System: Windows + + vars: + checkmk_agent_add_host: true + checkmk_agent_discover: true + checkmk_agent_edition: cre + checkmk_agent_host_ip: '{{ ansible_host }}' + checkmk_agent_host_name: '{{ inventory_hostname }}' + checkmk_agent_user: automation + checkmk_agent_pass: $AUTOMATION_SECRET + checkmk_agent_protocol: http + checkmk_agent_server: 127.0.0.1 + checkmk_agent_port: 80 + checkmk_agent_site: My_Site + checkmk_agent_version: 2.0.0p22 + ansible_user: Administrator + ansible_password: $SECRET + ansible_connection: winrm + ansible_winrm_transport: ntlm + ansible_winrm_server_cert_validation: ignore + +# Windows host (powershell): +# Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope CurrentUser +# .\ConfigureRemotingForAnsible.ps1 +# winrm quickconfig From 739a7b288d669e288ab5beea7325706f2c339bb0 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Tue, 1 Nov 2022 13:18:07 +0100 Subject: [PATCH 091/146] Remove newline From 58592815133cda55c241849e7458ac0d6e8fa08a Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Tue, 1 Nov 2022 13:20:22 +0100 Subject: [PATCH 092/146] Change extension --- playbooks/{example-add_hosts.py => example-add_hosts.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename playbooks/{example-add_hosts.py => example-add_hosts.yml} (100%) diff --git a/playbooks/example-add_hosts.py b/playbooks/example-add_hosts.yml similarity index 100% rename from playbooks/example-add_hosts.py rename to playbooks/example-add_hosts.yml From eb1957de9a18b8eef1ce6c13034721aafd515135 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Tue, 1 Nov 2022 13:20:37 +0100 Subject: [PATCH 093/146] Update example-add_hosts.yml --- playbooks/example-add_hosts.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/playbooks/example-add_hosts.yml b/playbooks/example-add_hosts.yml index 6c03aea1c..1c4258975 100644 --- a/playbooks/example-add_hosts.yml +++ b/playbooks/example-add_hosts.yml @@ -5,4 +5,3 @@ roles: - tribe29.checkmk.agent - From 041b37906536ca4df538ad5dc75ecf44a694aafe Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Tue, 1 Nov 2022 13:23:12 +0100 Subject: [PATCH 094/146] Update 01-winrm-quickconfig.cmd From 82d1abcd291a40675da55ca4d7de7998cd2a81a7 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Wed, 2 Nov 2022 09:32:51 +0100 Subject: [PATCH 095/146] Update Windows.yml --- roles/agent/vars/Windows.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/agent/vars/Windows.yml b/roles/agent/vars/Windows.yml index dffe9e69b..be8924891 100644 --- a/roles/agent/vars/Windows.yml +++ b/roles/agent/vars/Windows.yml @@ -8,4 +8,3 @@ checkmk_agent_agent: file: cre: "{{ checkmk_agent_host_tmp_dir }}\\check_mk_agent.msi" cee: "{{ checkmk_agent_host_tmp_dir }}\\check_mk_agent.msi" - From 01ab008683aa421100152c3e7de1197e682c9916 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Thu, 3 Nov 2022 09:23:19 +0100 Subject: [PATCH 096/146] Update example-linux-inventory.yml --- playbooks/example-linux-inventory.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/playbooks/example-linux-inventory.yml b/playbooks/example-linux-inventory.yml index f701899f4..d2ff3df18 100644 --- a/playbooks/example-linux-inventory.yml +++ b/playbooks/example-linux-inventory.yml @@ -1,10 +1,10 @@ +--- My_Site: hosts: debian: ansible_host: 127.0.0.1 checkmk_agent_host_attributes: ipaddress: '{{ansible_host}}' - # tag_Operating_System: Linux vars: checkmk_agent_add_host: true @@ -19,5 +19,5 @@ My_Site: checkmk_agent_port: 80 checkmk_agent_site: My_Site checkmk_agent_version: 2.0.0p22 - ansible_user: root + ansible_user: root ansible_password: $SECRET From d1bbfa81dc4efb9fc9e52cbce9528bf008de8189 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Thu, 3 Nov 2022 09:24:38 +0100 Subject: [PATCH 097/146] Update example-windows-inventory.yml --- playbooks/example-windows-inventory.yml | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/playbooks/example-windows-inventory.yml b/playbooks/example-windows-inventory.yml index 0a9cd2b09..001957fa1 100644 --- a/playbooks/example-windows-inventory.yml +++ b/playbooks/example-windows-inventory.yml @@ -1,35 +1,30 @@ +--- My_Site: hosts: win10: ansible_host: 192.168.128.101 checkmk_agent_host_attributes: ipaddress: '{{ansible_host}}' - # tag_Operating_System: Windows win11: ansible_host: 192.168.128.100 checkmk_agent_host_attributes: ipaddress: '{{ansible_host}}' - # tag_Operating_System: Windows win2k12: ansible_host: 192.168.128.103 checkmk_agent_host_attributes: ipaddress: '{{ansible_host}}' - # tag_Operating_System: Windows win2k16: ansible_host: 192.168.128.102 checkmk_agent_host_attributes: ipaddress: '{{ansible_host}}' - # tag_Operating_System: Windows win2k19: ansible_host: 192.168.128.105 checkmk_agent_host_attributes: ipaddress: '{{ansible_host}}' - # tag_Operating_System: Windows win2k22: ansible_host: 192.168.128.104 checkmk_agent_host_attributes: ipaddress: '{{ansible_host}}' - # tag_Operating_System: Windows vars: checkmk_agent_add_host: true @@ -45,12 +40,7 @@ My_Site: checkmk_agent_site: My_Site checkmk_agent_version: 2.0.0p22 ansible_user: Administrator - ansible_password: $SECRET + ansible_password: $SECRET ansible_connection: winrm - ansible_winrm_transport: ntlm + ansible_winrm_transport: ntlm ansible_winrm_server_cert_validation: ignore - -# Windows host (powershell): -# Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope CurrentUser -# .\ConfigureRemotingForAnsible.ps1 -# winrm quickconfig From 0893717e6fdffe0d7a0c3808ffc358193da27580 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Thu, 3 Nov 2022 09:25:26 +0100 Subject: [PATCH 098/146] Update example-add_hosts.yml --- playbooks/example-add_hosts.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/playbooks/example-add_hosts.yml b/playbooks/example-add_hosts.yml index 1c4258975..820182a2d 100644 --- a/playbooks/example-add_hosts.yml +++ b/playbooks/example-add_hosts.yml @@ -1,7 +1,5 @@ --- - hosts: My_site # Sitename -# debugger: on_failed -# connection: local roles: - tribe29.checkmk.agent From 243781efc2cd786d8869ad454c412f40f505bcdf Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Thu, 3 Nov 2022 09:41:40 +0100 Subject: [PATCH 099/146] Update 00-ansible.cmd From 4aa632ab3c35fc199d536accbfd50c3ed788b2d0 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Mon, 7 Nov 2022 08:22:22 +0100 Subject: [PATCH 100/146] Delete example-add_hosts.yml --- playbooks/example-add_hosts.yml | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 playbooks/example-add_hosts.yml diff --git a/playbooks/example-add_hosts.yml b/playbooks/example-add_hosts.yml deleted file mode 100644 index 820182a2d..000000000 --- a/playbooks/example-add_hosts.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: My_site # Sitename - - roles: - - tribe29.checkmk.agent From b250dde355128582fb3cd0dcf9433f5d8cb9e7a6 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Mon, 7 Nov 2022 08:22:52 +0100 Subject: [PATCH 101/146] Delete example-linux-inventory.yml --- playbooks/example-linux-inventory.yml | 23 ----------------------- 1 file changed, 23 deletions(-) delete mode 100644 playbooks/example-linux-inventory.yml diff --git a/playbooks/example-linux-inventory.yml b/playbooks/example-linux-inventory.yml deleted file mode 100644 index d2ff3df18..000000000 --- a/playbooks/example-linux-inventory.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -My_Site: - hosts: - debian: - ansible_host: 127.0.0.1 - checkmk_agent_host_attributes: - ipaddress: '{{ansible_host}}' - - vars: - checkmk_agent_add_host: true - checkmk_agent_discover: true - checkmk_agent_edition: cme - checkmk_agent_host_ip: '{{ ansible_host }}' - checkmk_agent_host_name: '{{ inventory_hostname }}' - checkmk_agent_user: automation - checkmk_agent_pass: $AUTOMATION_SECRET - checkmk_agent_protocol: http - checkmk_agent_server: 127.0.0.1 - checkmk_agent_port: 80 - checkmk_agent_site: My_Site - checkmk_agent_version: 2.0.0p22 - ansible_user: root - ansible_password: $SECRET From 1c45228821e8d44b793e128ffd2fd34fad0bb3e3 Mon Sep 17 00:00:00 2001 From: muehlings <80385927+muehlings@users.noreply.github.com> Date: Mon, 7 Nov 2022 08:23:00 +0100 Subject: [PATCH 102/146] Delete example-windows-inventory.yml --- playbooks/example-windows-inventory.yml | 46 ------------------------- 1 file changed, 46 deletions(-) delete mode 100644 playbooks/example-windows-inventory.yml diff --git a/playbooks/example-windows-inventory.yml b/playbooks/example-windows-inventory.yml deleted file mode 100644 index 001957fa1..000000000 --- a/playbooks/example-windows-inventory.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -My_Site: - hosts: - win10: - ansible_host: 192.168.128.101 - checkmk_agent_host_attributes: - ipaddress: '{{ansible_host}}' - win11: - ansible_host: 192.168.128.100 - checkmk_agent_host_attributes: - ipaddress: '{{ansible_host}}' - win2k12: - ansible_host: 192.168.128.103 - checkmk_agent_host_attributes: - ipaddress: '{{ansible_host}}' - win2k16: - ansible_host: 192.168.128.102 - checkmk_agent_host_attributes: - ipaddress: '{{ansible_host}}' - win2k19: - ansible_host: 192.168.128.105 - checkmk_agent_host_attributes: - ipaddress: '{{ansible_host}}' - win2k22: - ansible_host: 192.168.128.104 - checkmk_agent_host_attributes: - ipaddress: '{{ansible_host}}' - - vars: - checkmk_agent_add_host: true - checkmk_agent_discover: true - checkmk_agent_edition: cre - checkmk_agent_host_ip: '{{ ansible_host }}' - checkmk_agent_host_name: '{{ inventory_hostname }}' - checkmk_agent_user: automation - checkmk_agent_pass: $AUTOMATION_SECRET - checkmk_agent_protocol: http - checkmk_agent_server: 127.0.0.1 - checkmk_agent_port: 80 - checkmk_agent_site: My_Site - checkmk_agent_version: 2.0.0p22 - ansible_user: Administrator - ansible_password: $SECRET - ansible_connection: winrm - ansible_winrm_transport: ntlm - ansible_winrm_server_cert_validation: ignore From eeeff5192dc5484724020ac0cabbbf65f4109251 Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Mon, 16 Jan 2023 18:16:55 +0100 Subject: [PATCH 103/146] Fix Jinja2 spacing. --- roles/agent/tasks/Linux.yml | 16 ++++++++-------- roles/agent/tasks/legacy.yml | 4 ++-- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/roles/agent/tasks/Linux.yml b/roles/agent/tasks/Linux.yml index 465b12554..0eb1e1d6d 100644 --- a/roles/agent/tasks/Linux.yml +++ b/roles/agent/tasks/Linux.yml @@ -1,17 +1,17 @@ --- -- name: "({{ansible_system}}): Get RPM or APT package facts." +- name: "({{ ansible_system }}): Get RPM or APT package facts." ansible.builtin.package_facts: manager: "auto" tags: - get-package-facts -- name: "({{ansible_system}}): Import Legacy agent tasks." +- name: "({{ ansible_system }}): Import Legacy agent tasks." ansible.builtin.include_tasks: "legacy.yml" when: | checkmk_agent_prep_legacy | bool and ansible_facts.packages['systemd'][0]['version'] | regex_search('\d{1,}') | int < 220 -- name: "({{ansible_system}}): Download Checkmk CRE agent." +- name: "({{ ansible_system }}): Download Checkmk CRE agent." ansible.builtin.get_url: url: "{{ checkmk_agent_agent.url.cre }}" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -27,17 +27,17 @@ tags: - include-os-family-tasks -- name: "({{ansible_system}}): Check for Agent Updater Binary." +- name: "({{ ansible_system }}): Check for Agent Updater Binary." ansible.builtin.stat: path: /usr/bin/cmk-update-agent register: checkmk_agent_updater_binary -- name: "({{ansible_system}}): Check for Agent Controller Binary." +- name: "({{ ansible_system }}): Check for Agent Controller Binary." ansible.builtin.stat: path: /usr/bin/cmk-agent-ctl register: checkmk_agent_controller_binary -- name: "({{ansible_system}}): Register Agent for automatic Updates using User Password." +- name: "({{ ansible_system }}): Register Agent for automatic Updates using User Password." become: true ansible.builtin.shell: | cmk-update-agent register -H {{ checkmk_agent_host_name }} \ @@ -47,7 +47,7 @@ when: (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme") and checkmk_agent_updater_binary.stat.exists and checkmk_agent_update and (checkmk_agent_pass is defined and checkmk_agent_pass) and (checkmk_agent_secret is not defined) -- name: "({{ansible_system}}): Register Agent for automatic Updates using Automation Secret." +- name: "({{ ansible_system }}): Register Agent for automatic Updates using Automation Secret." become: true ansible.builtin.shell: | cmk-update-agent register -H {{ checkmk_agent_host_name }} \ @@ -57,7 +57,7 @@ when: (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme") and checkmk_agent_updater_binary.stat.exists and checkmk_agent_update and (checkmk_agent_secret is defined and checkmk_agent_secret) -- name: "({{ansible_system}}): Register Agent for TLS." +- name: "({{ ansible_system }}): Register Agent for TLS." become: true ansible.builtin.shell: | cmk-agent-ctl register -H {{ checkmk_agent_host_name }} \ diff --git a/roles/agent/tasks/legacy.yml b/roles/agent/tasks/legacy.yml index 4623502a6..a9a87735f 100644 --- a/roles/agent/tasks/legacy.yml +++ b/roles/agent/tasks/legacy.yml @@ -1,5 +1,5 @@ --- -- name: "({{ansible_system}}): Install xinetd" +- name: "({{ ansible_system }}): Install xinetd" become: true ansible.builtin.package: name: xinetd @@ -8,7 +8,7 @@ - install-package - install-prerequisites -- name: "({{ansible_system}}): Enable xinetd" +- name: "({{ ansible_system }}): Enable xinetd" become: true ansible.builtin.service: name: xinetd From 73f0b683433c57fb41bf43b5d3632f97e2bdbdb7 Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Mon, 16 Jan 2023 18:28:28 +0100 Subject: [PATCH 104/146] Fix too long lines. --- roles/agent/tasks/Linux.yml | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/roles/agent/tasks/Linux.yml b/roles/agent/tasks/Linux.yml index 0eb1e1d6d..4788eef34 100644 --- a/roles/agent/tasks/Linux.yml +++ b/roles/agent/tasks/Linux.yml @@ -44,8 +44,14 @@ -s {{ checkmk_agent_server }} -i {{ checkmk_agent_site }} -p {{ checkmk_agent_protocol }} \ -U {{ checkmk_agent_user }} -P {{ checkmk_agent_auth }} register: checkmk_agent_update_state - when: - (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme") and checkmk_agent_updater_binary.stat.exists and checkmk_agent_update and (checkmk_agent_pass is defined and checkmk_agent_pass) and (checkmk_agent_secret is not defined) + when: | + (checkmk_agent_edition == "cee" or + checkmk_agent_edition == "cfe" or + checkmk_agent_edition == "cme") + and checkmk_agent_updater_binary.stat.exists + and checkmk_agent_update + and (checkmk_agent_pass is defined and checkmk_agent_pass) + and (checkmk_agent_secret is not defined) - name: "({{ ansible_system }}): Register Agent for automatic Updates using Automation Secret." become: true @@ -54,8 +60,13 @@ -s {{ checkmk_agent_server }} -i {{ checkmk_agent_site }} -p {{ checkmk_agent_protocol }} \ -U {{ checkmk_agent_user }} -S {{ checkmk_agent_auth }} register: checkmk_agent_update_state - when: - (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme") and checkmk_agent_updater_binary.stat.exists and checkmk_agent_update and (checkmk_agent_secret is defined and checkmk_agent_secret) + when: | + (checkmk_agent_edition == "cee" or + checkmk_agent_edition == "cfe" or + checkmk_agent_edition == "cme") + and checkmk_agent_updater_binary.stat.exists + and checkmk_agent_update + and (checkmk_agent_secret is defined and checkmk_agent_secret) - name: "({{ ansible_system }}): Register Agent for TLS." become: true @@ -64,5 +75,10 @@ -s {{ checkmk_agent_server }} -i {{ checkmk_agent_site }} \ -U {{ checkmk_agent_user }} -P {{ checkmk_agent_auth }} --trust-cert register: checkmk_agent_tls_state - when: - (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme") and checkmk_agent_controller_binary.stat.exists and checkmk_agent_tls and (checkmk_agent_auth is defined and checkmk_agent_auth) + when: | + (checkmk_agent_edition == "cee" or + checkmk_agent_edition == "cfe" or + checkmk_agent_edition == "cme") + and checkmk_agent_controller_binary.stat.exists + and checkmk_agent_tls + and (checkmk_agent_auth is defined and checkmk_agent_auth) From 609e0da49c1ac2a7e0d22d7bf8151f175768dbfa Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Mon, 16 Jan 2023 18:33:36 +0100 Subject: [PATCH 105/146] Change -Path to -LiteralPath. --- preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 b/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 index ecf84119b..2096311d8 100644 --- a/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 +++ b/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 @@ -363,7 +363,7 @@ $basicAuthSetting = Get-ChildItem WSMan:\localhost\Service\Auth | Where-Object { If ($DisableBasicAuth) { If (($basicAuthSetting.Value) -eq $true) { Write-Verbose "Disabling basic auth support." - Set-Item -Path "WSMan:\localhost\Service\Auth\Basic" -Value $false + Set-Item -LiteralPath "WSMan:\localhost\Service\Auth\Basic" -Value $false Write-ProgressLog "Disabled basic auth support." } Else { @@ -373,7 +373,7 @@ If ($DisableBasicAuth) { Else { If (($basicAuthSetting.Value) -eq $false) { Write-Verbose "Enabling basic auth support." - Set-Item -Path "WSMan:\localhost\Service\Auth\Basic" -Value $true + Set-Item -LiteralPath "WSMan:\localhost\Service\Auth\Basic" -Value $true Write-ProgressLog "Enabled basic auth support." } Else { From 71de04a486edb570db337587d6c549a055543056 Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Mon, 16 Jan 2023 18:56:11 +0100 Subject: [PATCH 106/146] Add Windows vagrant box. --- Vagrantfile | 30 ++++++++++++++++++++++++++---- playbooks/hosts | 1 + 2 files changed, 27 insertions(+), 4 deletions(-) diff --git a/Vagrantfile b/Vagrantfile index d47e37647..e47903c59 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -18,10 +18,10 @@ Vagrant.configure("2") do |config| v.cpus = 4 end $script = <<-SCRIPT - apt-get -y update --quiet - apt-get -y install python3.9 python3-pip ca-certificates curl gnupg lsb-release - wget "https://download.checkmk.com/checkmk/2.1.0p24/check-mk-raw-2.1.0p24_0.focal_amd64.deb" -O /tmp/checkmk-stable.deb - wget "https://download.checkmk.com/checkmk/2.2.0-$(date +%Y.%m.%d)/check-mk-raw-2.2.0-$(date +%Y.%m.%d)_0.focal_amd64.deb" -O /tmp/checkmk-beta.deb + apt-get update + apt-get install -y python3-pip ca-certificates curl gnupg lsb-release + wget "https://download.checkmk.com/checkmk/2.1.0p19/check-mk-raw-2.1.0p19_0.focal_amd64.deb" -O /tmp/checkmk-stable.deb + wget "https://download.checkmk.com/checkmk/2.1.0p19/check-mk-raw-2.1.0p19_0.focal_amd64.deb" -O /tmp/checkmk-beta.deb apt-get install -y /tmp/checkmk-stable.deb omd create --admin-password 'd7589df1-01db-4eda-9858-dbcff8d0c361' stable apt-get install -y /tmp/checkmk-beta.deb @@ -114,4 +114,26 @@ end inline: "zypper --quiet up -y" end + # Windows + config.vm.define "ansidows", autostart: false , primary: false do |srv| + srv.vm.box = "gusztavvargadr/windows-10" + srv.vm.network "private_network", ip: "192.168.56.66" + srv.vm.boot_timeout = 180 + srv.vm.guest = :windows + srv.winrm.username = "vagrant" + srv.winrm.password = "vagrant" + srv.vm.communicator = "winrm" + srv.vm.hostname = "ansidows" + srv.vm.network "forwarded_port", guest: 3389, host: 3391 + srv.vm.network "forwarded_port", guest: 5985, host: 5987, id: "winrm", auto_correct: true + srv.winrm.timeout = 1800 # 30 minutes + srv.vm.provider "virtualbox" do |srv| + srv.name = 'ansidows' + srv.memory = 4096 + srv.cpus = 4 + srv.gui = true + end + srv.vm.provision "shell", path: "./preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1", privileged: true + end + end diff --git a/playbooks/hosts b/playbooks/hosts index 68784a0d2..76b49658e 100644 --- a/playbooks/hosts +++ b/playbooks/hosts @@ -11,6 +11,7 @@ debsible ansible_host=192.168.56.62 anstream ansible_host=192.168.56.63 ansuse ansible_host=192.168.56.64 ansles ansible_host=192.168.56.65 +ansidows ansible_host=192.168.56.66 ansible_password=vagrant ansible_connection=winrm ansible_winrm_transport=basic ansible_winrm_server_cert_validation=ignore [vagrant:vars] ansible_user=vagrant From 01bc32deabbc6d9606abef15ae7245e633aa6d88 Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Mon, 16 Jan 2023 18:56:44 +0100 Subject: [PATCH 107/146] Update Python dependencies. --- requirements.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 43c8b9656..deca44a19 100644 --- a/requirements.txt +++ b/requirements.txt @@ -5,4 +5,5 @@ ansible-lint >= 6.0.0 jinja2 >= 3.0.0 molecule >= 4.0.4 molecule-plugins[docker] >= 23.0.0 -yamllint >=1.0.0 \ No newline at end of file +yamllint >=1.0.0 +pywinrm>=0.3.0 \ No newline at end of file From cd2524cb35dc627ea38917ae77ec0c9df2644ce5 Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Mon, 16 Jan 2023 19:18:59 +0100 Subject: [PATCH 108/146] Clean up rebase gotchas. --- roles/agent/tasks/Linux.yml | 18 +++--- roles/agent/tasks/main.yml | 112 +++--------------------------------- 2 files changed, 16 insertions(+), 114 deletions(-) diff --git a/roles/agent/tasks/Linux.yml b/roles/agent/tasks/Linux.yml index 4788eef34..22448066a 100644 --- a/roles/agent/tasks/Linux.yml +++ b/roles/agent/tasks/Linux.yml @@ -48,9 +48,9 @@ (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme") - and checkmk_agent_updater_binary.stat.exists - and checkmk_agent_update - and (checkmk_agent_pass is defined and checkmk_agent_pass) + and checkmk_agent_updater_binary.stat.exists | bool + and checkmk_agent_update | bool + and (checkmk_agent_pass is defined and checkmk_agent_pass | length) and (checkmk_agent_secret is not defined) - name: "({{ ansible_system }}): Register Agent for automatic Updates using Automation Secret." @@ -64,9 +64,9 @@ (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme") - and checkmk_agent_updater_binary.stat.exists - and checkmk_agent_update - and (checkmk_agent_secret is defined and checkmk_agent_secret) + and checkmk_agent_updater_binary.stat.exists | bool + and checkmk_agent_update | bool + and (checkmk_agent_secret is defined and checkmk_agent_secret | length) - name: "({{ ansible_system }}): Register Agent for TLS." become: true @@ -79,6 +79,6 @@ (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme") - and checkmk_agent_controller_binary.stat.exists - and checkmk_agent_tls - and (checkmk_agent_auth is defined and checkmk_agent_auth) + and checkmk_agent_controller_binary.stat.exists | bool + and checkmk_agent_tls | bool + and (checkmk_agent_auth is defined and checkmk_agent_auth | length) diff --git a/roles/agent/tasks/main.yml b/roles/agent/tasks/main.yml index 40f72a71d..8f24c5fd9 100644 --- a/roles/agent/tasks/main.yml +++ b/roles/agent/tasks/main.yml @@ -1,52 +1,9 @@ --- -- name: "({{ ansible_os_family }}): Include Derivate specific vars." +- name: "({{ ansible_os_family }}): Include Derivate specific variables." ansible.builtin.include_vars: "{{ ansible_os_family }}.yml" tags: - include-os-family-vars -- name: "({{ ansible_system }}): Include OS specific tasks." - ansible.builtin.include_tasks: "{{ ansible_system }}.yml" - tags: - - include-system-tasks - -- name: Populate service facts. - ansible.builtin.service_facts: - -- name: "Import Legacy agent tasks." - ansible.builtin.include_tasks: "legacy.yml" - when: | - checkmk_agent_prep_legacy | bool - and ansible_facts.packages['systemd'][0]['version'] | regex_search('\d{1,}') | int < 220 - -- name: "Download Checkmk CRE Agent." - ansible.builtin.get_url: - url: "{{ checkmk_agent_agent.url.cre }}" - validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" - dest: "{{ checkmk_agent_agent.file.cre }}" - mode: "0640" - delegate_to: "{{ checkmk_agent_delegate_download }}" - become: false - when: checkmk_agent_edition == "cre" - retries: 3 - tags: - - download-package - -- name: "Transfer Checkmk CRE agent to remote node" - ansible.builtin.copy: - src: "{{ checkmk_agent_agent.file.cre }}" - dest: "{{ checkmk_agent_agent.file.cre }}" - mode: "0644" - when: - - checkmk_agent_edition == "cre" - - checkmk_agent_delegate_download != inventory_hostname - tags: - - download-package - -- name: "Run OS Family specific Tasks." - ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" - tags: - - include-os-family-tasks - - name: "Create host on server." checkmk.general.host: server_url: "{{ checkmk_agent_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_port }}/" @@ -67,68 +24,13 @@ when: checkmk_agent_add_host | bool notify: "activate changes" -- name: "Check for Agent Updater Binary." - ansible.builtin.stat: - path: /usr/bin/cmk-update-agent - register: checkmk_agent_updater_binary - -- name: "Check for Agent Controller Binary." - ansible.builtin.stat: - path: /usr/bin/cmk-agent-ctl - register: checkmk_agent_controller_binary - -- name: "Register Agent for automatic Upates using User Password." # noqa no-changed-when - become: true - ansible.builtin.shell: | - cmk-update-agent register -H {{ checkmk_agent_host_name }} \ - -s {{ checkmk_agent_registration_server }} -i {{ checkmk_agent_registration_site }} -p {{ checkmk_agent_protocol }} \ - -U {{ checkmk_agent_user }} -P {{ checkmk_agent_auth }} - register: checkmk_agent_update_state - when: | - (checkmk_agent_edition == "cee" or - checkmk_agent_edition == "cce" or - checkmk_agent_edition == "cfe" or - checkmk_agent_edition == "cme") - and checkmk_agent_updater_binary.stat.exists | bool - and checkmk_agent_update | bool - and (checkmk_agent_pass is defined and checkmk_agent_pass | length) - and (checkmk_agent_secret is not defined) - -- name: "Register Agent for automatic Upates using Automation Secret." # noqa no-changed-when - become: true - ansible.builtin.shell: | - cmk-update-agent register -H {{ checkmk_agent_host_name }} \ - -s {{ checkmk_agent_registration_server }} -i {{ checkmk_agent_registration_site }} -p {{ checkmk_agent_protocol }} \ - -U {{ checkmk_agent_user }} -S {{ checkmk_agent_auth }} - register: checkmk_agent_update_state - when: | - (checkmk_agent_edition == "cee" or - checkmk_agent_edition == "cce" or - checkmk_agent_edition == "cfe" or - checkmk_agent_edition == "cme") - and checkmk_agent_updater_binary.stat.exists | bool - and checkmk_agent_update | bool - and (checkmk_agent_secret is defined and checkmk_agent_secret | length) - -- name: "Trigger Activate Changes to enable TLS registration." - ansible.builtin.meta: - flush_handlers - -- name: "Register Agent for TLS." # noqa no-changed-when - become: true - ansible.builtin.shell: | - cmk-agent-ctl register -H {{ checkmk_agent_host_name }} \ - -s {{ checkmk_agent_registration_server }} -i {{ checkmk_agent_registration_site }} \ - -U {{ checkmk_agent_user }} -P {{ checkmk_agent_auth }} --trust-cert - register: checkmk_agent_tls_state - when: | - checkmk_agent_controller_binary.stat.exists | bool - and checkmk_agent_tls | bool - and (checkmk_agent_auth is defined and checkmk_agent_auth | length) +- name: "({{ ansible_system }}): Include OS specific tasks." + ansible.builtin.include_tasks: "{{ ansible_system }}.yml" + tags: + - include-system-tasks -- name: "({{ ansible_os_family }}): Discover services and labels on host." - become: false - checkmk.general.discovery: +- name: "Discover services and labels on host." + tribe29.checkmk.discovery: server_url: "{{ checkmk_agent_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_port }}/" site: "{{ checkmk_agent_site }}" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" From bcd434042cd57c4c215ad80b6c6ead701f91f2d2 Mon Sep 17 00:00:00 2001 From: "max.sickora" Date: Tue, 25 Jul 2023 14:43:59 +0200 Subject: [PATCH 109/146] Harmonized Windows Agentrole with Linux --- roles/agent/tasks/Linux.yml | 20 ++++++++ roles/agent/tasks/Win32NT.yml | 92 +++++++++++++++++++++++++++++++---- roles/agent/tasks/Windows.yml | 91 ++++++++++++++++++++++++++-------- roles/agent/tasks/main.yml | 20 -------- roles/agent/vars/Windows.yml | 9 ++-- 5 files changed, 180 insertions(+), 52 deletions(-) diff --git a/roles/agent/tasks/Linux.yml b/roles/agent/tasks/Linux.yml index 22448066a..a09310458 100644 --- a/roles/agent/tasks/Linux.yml +++ b/roles/agent/tasks/Linux.yml @@ -27,6 +27,26 @@ tags: - include-os-family-tasks +- name: "Create host on server." + checkmk.general.host: + server_url: "{{ checkmk_agent_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_port }}/" + site: "{{ checkmk_agent_site }}" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" + automation_user: "{{ checkmk_agent_user }}" + automation_secret: "{{ checkmk_agent_auth }}" + folder: "{{ checkmk_agent_folder | default(omit) }}" + name: "{{ checkmk_agent_host_name }}" + attributes: "{{ checkmk_agent_host_attributes }}" + state: "present" + become: false + register: checkmk_agent_create_result + failed_when: | + (checkmk_agent_create_result.failed == true) and + ("The host is already part of the specified target folder" not in checkmk_agent_create_result.msg) + delegate_to: "{{ checkmk_agent_delegate_api_calls }}" + when: checkmk_agent_add_host | bool + notify: "activate changes" + - name: "({{ ansible_system }}): Check for Agent Updater Binary." ansible.builtin.stat: path: /usr/bin/cmk-update-agent diff --git a/roles/agent/tasks/Win32NT.yml b/roles/agent/tasks/Win32NT.yml index 73a0bf34d..6e1ec7579 100644 --- a/roles/agent/tasks/Win32NT.yml +++ b/roles/agent/tasks/Win32NT.yml @@ -1,15 +1,87 @@ --- -- name: "({{ ansible_system }}): Download Checkmk CRE Agent." - ansible.builtin.win_get_url: - url: "{{ checkmk_agent_agent.url.cre }}" - validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" - dest: "{{ checkmk_agent_agent.file.cre }}" - when: checkmk_agent_edition == "cre" - retries: 3 - tags: - - download-package - - name: "({{ ansible_os_family }}): Run OS Family specific tasks." ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" tags: - include-os-family-tasks + +- name: "Create host on server." + checkmk.general.host: + server_url: "{{ checkmk_agent_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_port }}/" + site: "{{ checkmk_agent_site }}" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" + automation_user: "{{ checkmk_agent_user }}" + automation_secret: "{{ checkmk_agent_auth }}" + folder: "{{ checkmk_agent_folder | default(omit) }}" + name: "{{ checkmk_agent_host_name }}" + attributes: "{{ checkmk_agent_host_attributes }}" + state: "present" + become: false + register: checkmk_agent_create_result + failed_when: | + (checkmk_agent_create_result.failed == true) and + ("The host is already part of the specified target folder" not in checkmk_agent_create_result.msg) + delegate_to: "{{ checkmk_agent_delegate_api_calls }}" + when: checkmk_agent_add_host | bool + notify: "activate changes" + +- name: "Check for Agent Controller Binary." + ansible.windows.win_stat: + path: "{{ checkmk_agent_controller_binary_path }}" + register: checkmk_agent_controller_binary + +- name: "Check for Agent Binary." + ansible.windows.win_stat: + path: "{{ checkmk_agent_binary_path }}" + register: checkmk_agent_binary + +- name: "Register Agent for automatic Updates using User Password." # noqa no-changed-when + ansible.windows.win_command: | + check_mk_agent.exe updater register -H {{ checkmk_agent_host_name }} \ + -s {{ checkmk_agent_registration_server }} -i {{ checkmk_agent_registration_site }} -p {{ checkmk_agent_protocol }} \ + -U {{ checkmk_agent_user }} -P {{ checkmk_agent_auth }} + register: checkmk_agent_update_state + args: + chdir: "C:\\Program Files (x86)\\checkmk\\service\\" + when: | + (checkmk_agent_edition == "cee" or + checkmk_agent_edition == "cce" or + checkmk_agent_edition == "cfe" or + checkmk_agent_edition == "cme") + and checkmk_agent_binary.stat.exists | bool + and checkmk_agent_update | bool + and (checkmk_agent_pass is defined and checkmk_agent_pass | length) + and (checkmk_agent_secret is not defined) + +- name: "Register Agent for automatic Updates using Automation Secret." # noqa no-changed-when + ansible.windows.win_command: | + check_mk_agent.exe updater register -H {{ checkmk_agent_host_name }} \ + -s {{ checkmk_agent_registration_server }} -i {{ checkmk_agent_registration_site }} -p {{ checkmk_agent_protocol }} \ + -U {{ checkmk_agent_user }} -S {{ checkmk_agent_auth }} + register: checkmk_agent_update_state + args: + chdir: "C:\\Program Files (x86)\\checkmk\\service\\" + when: | + (checkmk_agent_edition == "cee" or + checkmk_agent_edition == "cce" or + checkmk_agent_edition == "cfe" or + checkmk_agent_edition == "cme") + and checkmk_agent_binary.stat.exists | bool + and checkmk_agent_update | bool + and (checkmk_agent_secret is defined and checkmk_agent_secret | length) + +- name: "Trigger Activate Changes to enable TLS registration." + ansible.builtin.meta: + flush_handlers + +- name: "Register Agent for TLS." # noqa no-changed-when + ansible.windows.win_command: | + cmk-agent-ctl.exe register -H {{ checkmk_agent_host_name }} \ + -s {{ checkmk_agent_registration_server }} -i {{ checkmk_agent_registration_site }} \ + -U {{ checkmk_agent_user }} -P {{ checkmk_agent_auth }} --trust-cert + register: checkmk_agent_tls_state + args: + chdir: "C:\\Program Files (x86)\\checkmk\\service\\" + when: | + checkmk_agent_controller_binary.stat.exists | bool + and checkmk_agent_tls | bool + and (checkmk_agent_auth is defined and checkmk_agent_auth | length) diff --git a/roles/agent/tasks/Windows.yml b/roles/agent/tasks/Windows.yml index d7e810a2c..eaa33ab27 100644 --- a/roles/agent/tasks/Windows.yml +++ b/roles/agent/tasks/Windows.yml @@ -1,33 +1,86 @@ --- -# Install Check_MK Agent on Windows - -- name: "({{ ansible_os_family }}): Get current Checkmk agent version." - ansible.builtin.win_shell: | - $checkmk = "C:\Program Files (x86)\checkmk\service\check_mk_agent.exe" - If (Test-Path $checkmk) { - (Get-Item $checkmk).VersionInfo.ProductVersion - } Else { - "No agent installed"} - register: checkmk_agent_agent_version - changed_when: checkmk_agent_agent_version.stdout_lines[0] != checkmk_agent_version - -# Works with dedicated firewall rule or with transparent proxy -- name: "({{ ansible_os_family }}): Download Checkmk agent -> {{ checkmk_agent_agent.url.cee }}." +- name: "{{ ansible_os_family }} Derivatives: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.win_get_url: - url: "{{ checkmk_agent_agent.url.cee }}" + url: "{{ checkmk_agent_agent.url.cee }}?host_name={{ checkmk_agent_host_name }}&os_type=windows_msi&agent_type=host_name" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" - dest: "{{ checkmk_agent_host_tmp_dir }}" + dest: "{{ checkmk_agent_agent.file.host }}" method: GET headers: - # Authorization: "Bearer {{ checkmk_agent_user }} {{ checkmk_agent_auth }}" + Authorization: "Bearer {{ checkmk_agent_user }} {{ checkmk_agent_auth }}" Accept: "application/octet-stream" - when: | checkmk_agent_edition == "cee" or + checkmk_agent_edition == "cce" or checkmk_agent_edition == "cfe" or checkmk_agent_edition == "cme" + register: checkmk_agent_download_state + # This task may fail, as we fall back to the generic agent in that case + failed_when: 'false' + changed_when: 'false' + delegate_to: "{{ checkmk_agent_delegate_download }}" + tags: + - download-package + +- name: "{{ ansible_os_family }} Derivatives: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." + ansible.builtin.win_package: + path: "{{ checkmk_agent_agent.file.host }}" + state: present + when: | + (checkmk_agent_edition == "cee" or + checkmk_agent_edition == "cce" or + checkmk_agent_edition == "cfe" or + checkmk_agent_edition == "cme") + and checkmk_agent_download_state.status_code == 200 + tags: + - install-package + +- name: "{{ ansible_os_family }} Derivatives: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." + ansible.builtin.win_get_url: + url: "{{ checkmk_agent_agent.url.cee }}?os_type=windows_msi&agent_type=generic" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" + dest: "{{ checkmk_agent_agent.file.cee }}" + method: GET + headers: + Authorization: "Bearer {{ checkmk_agent_user }} {{ checkmk_agent_auth }}" + Accept: "application/octet-stream" + when: | + (checkmk_agent_edition == "cee" or + checkmk_agent_edition == "cce" or + checkmk_agent_edition == "cfe" or + checkmk_agent_edition == "cme") + and checkmk_agent_download_state.status_code != 200 + retries: 3 + delegate_to: "{{ checkmk_agent_delegate_download }}" + tags: + - download-package -- name: "({{ ansible_os_family }}): Install Checkmk Agent." +- name: "{{ ansible_os_family }} Derivatives: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.win_package: path: "{{ checkmk_agent_agent.file.cee }}" state: present + when: | + (checkmk_agent_edition == "cee" or + checkmk_agent_edition == "cce" or + checkmk_agent_edition == "cfe" or + checkmk_agent_edition == "cme") + and checkmk_agent_download_state.status_code != 200 + tags: + - install-package + +- name: "{{ ansible_os_family }} Derivatives: Download Checkmk CRE Agent." + ansible.builtin.win_get_url: + url: "{{ checkmk_agent_agent.url.cre }}" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" + dest: "{{ checkmk_agent_agent.file.cre }}" + when: checkmk_agent_edition == "cre" + retries: 3 + tags: + - download-package + +- name: "{{ ansible_os_family }} Derivatives: Install Checkmk CRE Agent." + ansible.builtin.win_package: + path: "{{ checkmk_agent_agent.file.cre }}" + state: present + when: checkmk_agent_edition == "cre" + tags: + - install-package \ No newline at end of file diff --git a/roles/agent/tasks/main.yml b/roles/agent/tasks/main.yml index 8f24c5fd9..056ed217b 100644 --- a/roles/agent/tasks/main.yml +++ b/roles/agent/tasks/main.yml @@ -4,26 +4,6 @@ tags: - include-os-family-vars -- name: "Create host on server." - checkmk.general.host: - server_url: "{{ checkmk_agent_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_port }}/" - site: "{{ checkmk_agent_site }}" - validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" - automation_user: "{{ checkmk_agent_user }}" - automation_secret: "{{ checkmk_agent_auth }}" - folder: "{{ checkmk_agent_folder | default(omit) }}" - name: "{{ checkmk_agent_host_name }}" - attributes: "{{ checkmk_agent_host_attributes }}" - state: "present" - become: false - register: checkmk_agent_create_result - failed_when: | - (checkmk_agent_create_result.failed == true) and - ("The host is already part of the specified target folder" not in checkmk_agent_create_result.msg) - delegate_to: "{{ checkmk_agent_delegate_api_calls }}" - when: checkmk_agent_add_host | bool - notify: "activate changes" - - name: "({{ ansible_system }}): Include OS specific tasks." ansible.builtin.include_tasks: "{{ ansible_system }}.yml" tags: diff --git a/roles/agent/vars/Windows.yml b/roles/agent/vars/Windows.yml index be8924891..0bc4c5194 100644 --- a/roles/agent/vars/Windows.yml +++ b/roles/agent/vars/Windows.yml @@ -1,10 +1,13 @@ --- checkmk_agent_host_tmp_dir: "C:\\Windows\\Temp" +checkmk_agent_controller_binary_path: "C:\\Program Files (x86)\\checkmk\\service\\cmk-agent-ctl.exe" +checkmk_agent_binary_path: "C:\\Program Files (x86)\\checkmk\\service\\check_mk_agent.exe" checkmk_agent_agent: url: cre: "{{ checkmk_agent_site_url }}/check_mk/agents/windows/check_mk_agent.msi" - cee: "{{ checkmk_agent_site_url }}/check_mk/agents/windows/check_mk_agent.msi" + cee: "{{ checkmk_agent_site_url }}/check_mk/api/1.0/domain-types/agent/actions/download_by_host/invoke" file: - cre: "{{ checkmk_agent_host_tmp_dir }}\\check_mk_agent.msi" - cee: "{{ checkmk_agent_host_tmp_dir }}\\check_mk_agent.msi" + cre: "{{ checkmk_agent_host_tmp_dir }}\\check-mk-agent_{{ checkmk_agent_version }}.msi" + cee: "{{ checkmk_agent_host_tmp_dir }}\\check-mk-agent_{{ checkmk_agent_version }}.msi" + host: "{{ checkmk_agent_host_tmp_dir }}\\check-mk-agent_{{ checkmk_agent_version }}-{{ inventory_hostname }}.msi" From 1172f7ed5f069b355fa15eda82a8c6bfb7bbcdff Mon Sep 17 00:00:00 2001 From: "max.sickora" Date: Tue, 25 Jul 2023 15:02:15 +0200 Subject: [PATCH 110/146] pslint --- preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 b/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 index 2096311d8..f1c1b4ceb 100644 --- a/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 +++ b/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 @@ -278,7 +278,7 @@ ElseIf ((Get-Service "WinRM").Status -ne "Running") { } # WinRM should be running; check that we have a PS session config. -If (!(Get-PSSessionConfiguration -Verbose:$false) -or (!(Get-ChildItem WSMan:\localhost\Listener))) { +If (!(Get-PSSessionConfiguration -Verbose:$false) -or (!(Get-ChildItem -LiteralPath WSMan:\localhost\Listener))) { If ($SkipNetworkProfileCheck) { Write-Verbose "Enabling PS Remoting without checking Network profile." Enable-PSRemoting -SkipNetworkProfileCheck -Force -ErrorAction Stop @@ -309,7 +309,7 @@ if ($token_value -ne 1) { } # Make sure there is a SSL listener. -$listeners = Get-ChildItem WSMan:\localhost\Listener +$listeners = Get-ChildItem -LiteralPath WSMan:\localhost\Listener If (!($listeners | Where-Object { $_.Keys -like "TRANSPORT=HTTPS" })) { # We cannot use New-SelfSignedCertificate on 2012R2 and earlier $thumbprint = New-LegacySelfSignedCert -SubjectName $SubjectName -ValidDays $CertValidityDays @@ -358,7 +358,7 @@ Else { } # Check for basic authentication. -$basicAuthSetting = Get-ChildItem WSMan:\localhost\Service\Auth | Where-Object { $_.Name -eq "Basic" } +$basicAuthSetting = Get-ChildItem -LiteralPath WSMan:\localhost\Service\Auth | Where-Object { $_.Name -eq "Basic" } If ($DisableBasicAuth) { If (($basicAuthSetting.Value) -eq $true) { @@ -384,7 +384,7 @@ Else { # If EnableCredSSP if set to true If ($EnableCredSSP) { # Check for CredSSP authentication - $credsspAuthSetting = Get-ChildItem WSMan:\localhost\Service\Auth | Where-Object { $_.Name -eq "CredSSP" } + $credsspAuthSetting = Get-ChildItem -LiteralPath WSMan:\localhost\Service\Auth | Where-Object { $_.Name -eq "CredSSP" } If (($credsspAuthSetting.Value) -eq $false) { Write-Verbose "Enabling CredSSP auth support." Enable-WSManCredSSP -role server -Force From c98d3f7a9e3cd8f82a03222eff9d0619252417a4 Mon Sep 17 00:00:00 2001 From: "max.sickora" Date: Tue, 25 Jul 2023 15:12:42 +0200 Subject: [PATCH 111/146] AnsibleLinting --- roles/agent/tasks/Windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/agent/tasks/Windows.yml b/roles/agent/tasks/Windows.yml index eaa33ab27..4a013dd6e 100644 --- a/roles/agent/tasks/Windows.yml +++ b/roles/agent/tasks/Windows.yml @@ -83,4 +83,4 @@ state: present when: checkmk_agent_edition == "cre" tags: - - install-package \ No newline at end of file + - install-package From 35e8b9971c99d3fdbcce57848b669df6a58fc950 Mon Sep 17 00:00:00 2001 From: "max.sickora" Date: Tue, 25 Jul 2023 15:30:10 +0200 Subject: [PATCH 112/146] AnsibleLint --- roles/agent/tasks/Linux.yml | 8 ++++---- roles/agent/tasks/main.yml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/agent/tasks/Linux.yml b/roles/agent/tasks/Linux.yml index a09310458..3f4915f41 100644 --- a/roles/agent/tasks/Linux.yml +++ b/roles/agent/tasks/Linux.yml @@ -16,7 +16,7 @@ url: "{{ checkmk_agent_agent.url.cre }}" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" dest: "{{ checkmk_agent_agent.file.cre }}" - mode: 0640 + mode: '0640' when: checkmk_agent_edition == "cre" retries: 3 tags: @@ -57,7 +57,7 @@ path: /usr/bin/cmk-agent-ctl register: checkmk_agent_controller_binary -- name: "({{ ansible_system }}): Register Agent for automatic Updates using User Password." +- name: "({{ ansible_system }}): Register Agent for automatic Updates using User Password." # noqa no-changed-when become: true ansible.builtin.shell: | cmk-update-agent register -H {{ checkmk_agent_host_name }} \ @@ -73,7 +73,7 @@ and (checkmk_agent_pass is defined and checkmk_agent_pass | length) and (checkmk_agent_secret is not defined) -- name: "({{ ansible_system }}): Register Agent for automatic Updates using Automation Secret." +- name: "({{ ansible_system }}): Register Agent for automatic Updates using Automation Secret." # noqa no-changed-when become: true ansible.builtin.shell: | cmk-update-agent register -H {{ checkmk_agent_host_name }} \ @@ -88,7 +88,7 @@ and checkmk_agent_update | bool and (checkmk_agent_secret is defined and checkmk_agent_secret | length) -- name: "({{ ansible_system }}): Register Agent for TLS." +- name: "({{ ansible_system }}): Register Agent for TLS." # noqa no-changed-when become: true ansible.builtin.shell: | cmk-agent-ctl register -H {{ checkmk_agent_host_name }} \ diff --git a/roles/agent/tasks/main.yml b/roles/agent/tasks/main.yml index 056ed217b..7b31e5409 100644 --- a/roles/agent/tasks/main.yml +++ b/roles/agent/tasks/main.yml @@ -10,7 +10,7 @@ - include-system-tasks - name: "Discover services and labels on host." - tribe29.checkmk.discovery: + checkmk.general.discovery: server_url: "{{ checkmk_agent_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_port }}/" site: "{{ checkmk_agent_site }}" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" From da5bbf1afd611a2f337d384d7a7b4f09227e94ef Mon Sep 17 00:00:00 2001 From: "max.sickora" Date: Tue, 25 Jul 2023 16:05:22 +0200 Subject: [PATCH 113/146] AnsibleLint_again --- roles/agent/tasks/Windows.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/agent/tasks/Windows.yml b/roles/agent/tasks/Windows.yml index 4a013dd6e..9a1c96e4b 100644 --- a/roles/agent/tasks/Windows.yml +++ b/roles/agent/tasks/Windows.yml @@ -1,6 +1,6 @@ --- - name: "{{ ansible_os_family }} Derivatives: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." - ansible.builtin.win_get_url: + ansible.windows.win_get_url: url: "{{ checkmk_agent_agent.url.cee }}?host_name={{ checkmk_agent_host_name }}&os_type=windows_msi&agent_type=host_name" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" dest: "{{ checkmk_agent_agent.file.host }}" @@ -22,7 +22,7 @@ - download-package - name: "{{ ansible_os_family }} Derivatives: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." - ansible.builtin.win_package: + ansible.windows.win_package: path: "{{ checkmk_agent_agent.file.host }}" state: present when: | @@ -35,7 +35,7 @@ - install-package - name: "{{ ansible_os_family }} Derivatives: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." - ansible.builtin.win_get_url: + ansible.windows.win_get_url: url: "{{ checkmk_agent_agent.url.cee }}?os_type=windows_msi&agent_type=generic" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" dest: "{{ checkmk_agent_agent.file.cee }}" @@ -55,7 +55,7 @@ - download-package - name: "{{ ansible_os_family }} Derivatives: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." - ansible.builtin.win_package: + ansible.windows.win_package: path: "{{ checkmk_agent_agent.file.cee }}" state: present when: | @@ -68,7 +68,7 @@ - install-package - name: "{{ ansible_os_family }} Derivatives: Download Checkmk CRE Agent." - ansible.builtin.win_get_url: + ansible.windows.win_get_url: url: "{{ checkmk_agent_agent.url.cre }}" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" dest: "{{ checkmk_agent_agent.file.cre }}" @@ -78,7 +78,7 @@ - download-package - name: "{{ ansible_os_family }} Derivatives: Install Checkmk CRE Agent." - ansible.builtin.win_package: + ansible.windows.win_package: path: "{{ checkmk_agent_agent.file.cre }}" state: present when: checkmk_agent_edition == "cre" From 7a26200940a023fc6e76b4de29d67e805c7b00bd Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Thu, 27 Jul 2023 11:26:12 +0200 Subject: [PATCH 114/146] Fix indentation in Vagrantfile and IP collision. --- Vagrantfile | 40 ++++++++++++++++++++-------------------- playbooks/hosts | 2 +- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/Vagrantfile b/Vagrantfile index 88df329ff..d782c0c93 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -132,26 +132,26 @@ Vagrant.configure("2") do |config| inline: "dnf --quiet check-update ; dnf -y install vim curl wget git" end - # Windows - config.vm.define "ansidows", autostart: false , primary: false do |srv| - srv.vm.box = "gusztavvargadr/windows-10" - srv.vm.network "private_network", ip: "192.168.56.66" - srv.vm.boot_timeout = 180 - srv.vm.guest = :windows - srv.winrm.username = "vagrant" - srv.winrm.password = "vagrant" - srv.vm.communicator = "winrm" - srv.vm.hostname = "ansidows" - srv.vm.network "forwarded_port", guest: 3389, host: 3391 - srv.vm.network "forwarded_port", guest: 5985, host: 5987, id: "winrm", auto_correct: true - srv.winrm.timeout = 1800 # 30 minutes - srv.vm.provider "virtualbox" do |srv| - srv.name = 'ansidows' - srv.memory = 4096 - srv.cpus = 4 - srv.gui = true - end - srv.vm.provision "shell", path: "./preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1", privileged: true + # Windows + config.vm.define "ansidows", autostart: false , primary: false do |srv| + srv.vm.box = "gusztavvargadr/windows-10" + srv.vm.network "private_network", ip: "192.168.56.67" + srv.vm.boot_timeout = 180 + srv.vm.guest = :windows + srv.winrm.username = "vagrant" + srv.winrm.password = "vagrant" + srv.vm.communicator = "winrm" + srv.vm.hostname = "ansidows" + srv.vm.network "forwarded_port", guest: 3389, host: 3391 + srv.vm.network "forwarded_port", guest: 5985, host: 5987, id: "winrm", auto_correct: true + srv.winrm.timeout = 1800 # 30 minutes + srv.vm.provider "virtualbox" do |srv| + srv.name = 'ansidows' + srv.memory = 4096 + srv.cpus = 4 + srv.gui = true end + srv.vm.provision "shell", path: "./preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1", privileged: true + end end diff --git a/playbooks/hosts b/playbooks/hosts index 362ee424f..bc1bd541e 100644 --- a/playbooks/hosts +++ b/playbooks/hosts @@ -12,7 +12,7 @@ anstream ansible_host=192.168.56.63 checkmk_folder_path="foo/bar" ansuse ansible_host=192.168.56.64 checkmk_folder_path="/bar" ansles ansible_host=192.168.56.65 checkmk_folder_path="/bar/foo" ansoracle ansible_host=192.168.56.66 checkmk_folder_path="/foo" -ansidows ansible_host=192.168.56.66 checkmk_folder_path="/" ansible_password=vagrant ansible_connection=winrm ansible_winrm_transport=basic ansible_winrm_server_cert_validation=ignore +ansidows ansible_host=192.168.56.67 checkmk_folder_path="/" ansible_password=vagrant ansible_connection=winrm ansible_winrm_transport=basic ansible_winrm_server_cert_validation=ignore [vagrant:vars] ansible_user=vagrant From 1107737370e59c634a15038106b4e05701094f0b Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Thu, 27 Jul 2023 11:38:46 +0200 Subject: [PATCH 115/146] Improve task title. --- roles/agent/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/agent/tasks/main.yml b/roles/agent/tasks/main.yml index 7b31e5409..b7cd79794 100644 --- a/roles/agent/tasks/main.yml +++ b/roles/agent/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: "({{ ansible_os_family }}): Include Derivate specific variables." +- name: "Include OS family specific variables." ansible.builtin.include_vars: "{{ ansible_os_family }}.yml" tags: - include-os-family-vars From ca075c0dafcd5eda03936714f2783e7ecbe5cec1 Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Thu, 27 Jul 2023 11:39:03 +0200 Subject: [PATCH 116/146] Fix missing service facts gathering. --- roles/agent/tasks/Linux.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/agent/tasks/Linux.yml b/roles/agent/tasks/Linux.yml index 3f4915f41..a06b8f61e 100644 --- a/roles/agent/tasks/Linux.yml +++ b/roles/agent/tasks/Linux.yml @@ -5,6 +5,9 @@ tags: - get-package-facts +- name: "({{ ansible_system }}): Populate service facts." + ansible.builtin.service_facts: + - name: "({{ ansible_system }}): Import Legacy agent tasks." ansible.builtin.include_tasks: "legacy.yml" when: | From 13c8df15b729beed94ef58d6ee5891ec31e46e95 Mon Sep 17 00:00:00 2001 From: "max.sickora" Date: Mon, 31 Jul 2023 15:25:53 +0200 Subject: [PATCH 117/146] Small improvements and cleanup of PR --- Vagrantfile | 14 +- playbooks/hosts | 2 +- preparation/ansible-winrm/00-ansible.cmd | 20 - .../ansible-winrm/01-winrm-quickconfig.cmd | 2 - .../ansible-winrm/02-ansible-winrm.cmd | 5 - preparation/ansible-winrm/03-allow-icmp.cmd | 1 - .../ConfigureRemotingForAnsible.ps1 | 435 ------------------ roles/agent/tasks/Windows.yml | 12 +- 8 files changed, 11 insertions(+), 480 deletions(-) delete mode 100644 preparation/ansible-winrm/00-ansible.cmd delete mode 100644 preparation/ansible-winrm/01-winrm-quickconfig.cmd delete mode 100644 preparation/ansible-winrm/02-ansible-winrm.cmd delete mode 100644 preparation/ansible-winrm/03-allow-icmp.cmd delete mode 100644 preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 diff --git a/Vagrantfile b/Vagrantfile index d782c0c93..8f1265765 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -134,24 +134,18 @@ Vagrant.configure("2") do |config| # Windows config.vm.define "ansidows", autostart: false , primary: false do |srv| - srv.vm.box = "gusztavvargadr/windows-10" + srv.vm.box = "gusztavvargadr/windows-server-2019-standard" srv.vm.network "private_network", ip: "192.168.56.67" - srv.vm.boot_timeout = 180 - srv.vm.guest = :windows - srv.winrm.username = "vagrant" - srv.winrm.password = "vagrant" srv.vm.communicator = "winrm" srv.vm.hostname = "ansidows" - srv.vm.network "forwarded_port", guest: 3389, host: 3391 - srv.vm.network "forwarded_port", guest: 5985, host: 5987, id: "winrm", auto_correct: true - srv.winrm.timeout = 1800 # 30 minutes srv.vm.provider "virtualbox" do |srv| srv.name = 'ansidows' srv.memory = 4096 - srv.cpus = 4 + srv.cpus = 2 srv.gui = true end - srv.vm.provision "shell", path: "./preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1", privileged: true + vmx.vm.provision "shell", + inline: "powershell Set-NetFirewallRule -name 'FPS-ICMP4-ERQ-In*' -Enabled true" end end diff --git a/playbooks/hosts b/playbooks/hosts index bc1bd541e..bef7dd7e6 100644 --- a/playbooks/hosts +++ b/playbooks/hosts @@ -12,7 +12,7 @@ anstream ansible_host=192.168.56.63 checkmk_folder_path="foo/bar" ansuse ansible_host=192.168.56.64 checkmk_folder_path="/bar" ansles ansible_host=192.168.56.65 checkmk_folder_path="/bar/foo" ansoracle ansible_host=192.168.56.66 checkmk_folder_path="/foo" -ansidows ansible_host=192.168.56.67 checkmk_folder_path="/" ansible_password=vagrant ansible_connection=winrm ansible_winrm_transport=basic ansible_winrm_server_cert_validation=ignore +ansidows ansible_host=192.168.56.67 checkmk_folder_path="/" ansible_winrm_scheme=http ansible_winrm_transport=basic ansible_winrm_server_cert_validation=ignore [vagrant:vars] ansible_user=vagrant diff --git a/preparation/ansible-winrm/00-ansible.cmd b/preparation/ansible-winrm/00-ansible.cmd deleted file mode 100644 index b173c1b1e..000000000 --- a/preparation/ansible-winrm/00-ansible.cmd +++ /dev/null @@ -1,20 +0,0 @@ -@echo off -set CURRENT_PATH=%~dp0 -echo %CURRENT_PATH% - -rem https://stackoverflow.com/questions/4051883/batch-script-how-to-check-for-admin-rights -goto check_Permissions - -:check_Permissions - echo Administrative permissions required. Detecting permissions... - - net session >nul 2>&1 - if %errorLevel% == 0 ( - echo Success: Administrative permissions confirmed. Setting up everything for Ansible... - %CURRENT_PATH%\01-winrm-quickconfig.cmd & %CURRENT_PATH%\02-ansible-winrm.cmd & %CURRENT_PATH%\03-allow-icmp.cmd -pause - ) else ( - echo Failure: Current permissions inadequate. You need to run this script as administrator! - ) - -pause >nul diff --git a/preparation/ansible-winrm/01-winrm-quickconfig.cmd b/preparation/ansible-winrm/01-winrm-quickconfig.cmd deleted file mode 100644 index bb8142259..000000000 --- a/preparation/ansible-winrm/01-winrm-quickconfig.cmd +++ /dev/null @@ -1,2 +0,0 @@ -@echo off -winrm quickconfig diff --git a/preparation/ansible-winrm/02-ansible-winrm.cmd b/preparation/ansible-winrm/02-ansible-winrm.cmd deleted file mode 100644 index 812d741c1..000000000 --- a/preparation/ansible-winrm/02-ansible-winrm.cmd +++ /dev/null @@ -1,5 +0,0 @@ -@echo off -set CURRENT_PATH=%~dp0 -echo %CURRENT_PATH% -powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope CurrentUser -powershell %CURRENT_PATH%\ConfigureRemotingForAnsible.ps1 \ No newline at end of file diff --git a/preparation/ansible-winrm/03-allow-icmp.cmd b/preparation/ansible-winrm/03-allow-icmp.cmd deleted file mode 100644 index 41dcfd898..000000000 --- a/preparation/ansible-winrm/03-allow-icmp.cmd +++ /dev/null @@ -1 +0,0 @@ -powershell Set-NetFirewallRule -name "FPS-ICMP4-ERQ-In*" -Enabled true \ No newline at end of file diff --git a/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 b/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 deleted file mode 100644 index f1c1b4ceb..000000000 --- a/preparation/ansible-winrm/ConfigureRemotingForAnsible.ps1 +++ /dev/null @@ -1,435 +0,0 @@ -#Requires -Version 3.0 - -# Configure a Windows host for remote management with Ansible -# ----------------------------------------------------------- -# -# This script checks the current WinRM (PS Remoting) configuration and makes -# the necessary changes to allow Ansible to connect, authenticate and -# execute PowerShell commands. -# -# IMPORTANT: This script uses self-signed certificates and authentication mechanisms -# that are intended for development environments and evaluation purposes only. -# Production environments and deployments that are exposed on the network should -# use CA-signed certificates and secure authentication mechanisms such as Kerberos. -# -# To run this script in Powershell: -# -# [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 -# $url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1" -# $file = "$env:temp\ConfigureRemotingForAnsible.ps1" -# -# (New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file) -# -# powershell.exe -ExecutionPolicy ByPass -File $file -# -# All events are logged to the Windows EventLog, useful for unattended runs. -# -# Use option -Verbose in order to see the verbose output messages. -# -# Use option -CertValidityDays to specify how long this certificate is valid -# starting from today. So you would specify -CertValidityDays 3650 to get -# a 10-year valid certificate. -# -# Use option -ForceNewSSLCert if the system has been SysPreped and a new -# SSL Certificate must be forced on the WinRM Listener when re-running this -# script. This is necessary when a new SID and CN name is created. -# -# Use option -EnableCredSSP to enable CredSSP as an authentication option. -# -# Use option -DisableBasicAuth to disable basic authentication. -# -# Use option -SkipNetworkProfileCheck to skip the network profile check. -# Without specifying this the script will only run if the device's interfaces -# are in DOMAIN or PRIVATE zones. Provide this switch if you want to enable -# WinRM on a device with an interface in PUBLIC zone. -# -# Use option -SubjectName to specify the CN name of the certificate. This -# defaults to the system's hostname and generally should not be specified. - -# Written by Trond Hindenes -# Updated by Chris Church -# Updated by Michael Crilly -# Updated by Anton Ouzounov -# Updated by Nicolas Simond -# Updated by Dag Wieërs -# Updated by Jordan Borean -# Updated by Erwan Quélin -# Updated by David Norman -# -# Version 1.0 - 2014-07-06 -# Version 1.1 - 2014-11-11 -# Version 1.2 - 2015-05-15 -# Version 1.3 - 2016-04-04 -# Version 1.4 - 2017-01-05 -# Version 1.5 - 2017-02-09 -# Version 1.6 - 2017-04-18 -# Version 1.7 - 2017-11-23 -# Version 1.8 - 2018-02-23 -# Version 1.9 - 2018-09-21 - -# Support -Verbose option -[CmdletBinding()] - -Param ( - [string]$SubjectName = $env:COMPUTERNAME, - [int]$CertValidityDays = 1095, - [switch]$SkipNetworkProfileCheck, - $CreateSelfSignedCert = $true, - [switch]$ForceNewSSLCert, - [switch]$GlobalHttpFirewallAccess, - [switch]$DisableBasicAuth = $false, - [switch]$EnableCredSSP -) - -Function Write-ProgressLog { - $Message = $args[0] - Write-EventLog -LogName Application -Source $EventSource -EntryType Information -EventId 1 -Message $Message -} - -Function Write-VerboseLog { - $Message = $args[0] - Write-Verbose $Message - Write-ProgressLog $Message -} - -Function Write-HostLog { - $Message = $args[0] - Write-Output $Message - Write-ProgressLog $Message -} - -Function New-LegacySelfSignedCert { - Param ( - [string]$SubjectName, - [int]$ValidDays = 1095 - ) - - $hostnonFQDN = $env:computerName - $hostFQDN = [System.Net.Dns]::GetHostByName(($env:computerName)).Hostname - $SignatureAlgorithm = "SHA256" - - $name = New-Object -COM "X509Enrollment.CX500DistinguishedName.1" - $name.Encode("CN=$SubjectName", 0) - - $key = New-Object -COM "X509Enrollment.CX509PrivateKey.1" - $key.ProviderName = "Microsoft Enhanced RSA and AES Cryptographic Provider" - $key.KeySpec = 1 - $key.Length = 4096 - $key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)" - $key.MachineContext = 1 - $key.Create() - - $serverauthoid = New-Object -COM "X509Enrollment.CObjectId.1" - $serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1") - $ekuoids = New-Object -COM "X509Enrollment.CObjectIds.1" - $ekuoids.Add($serverauthoid) - $ekuext = New-Object -COM "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1" - $ekuext.InitializeEncode($ekuoids) - - $cert = New-Object -COM "X509Enrollment.CX509CertificateRequestCertificate.1" - $cert.InitializeFromPrivateKey(2, $key, "") - $cert.Subject = $name - $cert.Issuer = $cert.Subject - $cert.NotBefore = (Get-Date).AddDays(-1) - $cert.NotAfter = $cert.NotBefore.AddDays($ValidDays) - - $SigOID = New-Object -ComObject X509Enrollment.CObjectId - $SigOID.InitializeFromValue(([Security.Cryptography.Oid]$SignatureAlgorithm).Value) - - [string[]] $AlternativeName += $hostnonFQDN - $AlternativeName += $hostFQDN - $IAlternativeNames = New-Object -ComObject X509Enrollment.CAlternativeNames - - foreach ($AN in $AlternativeName) { - $AltName = New-Object -ComObject X509Enrollment.CAlternativeName - $AltName.InitializeFromString(0x3, $AN) - $IAlternativeNames.Add($AltName) - } - - $SubjectAlternativeName = New-Object -ComObject X509Enrollment.CX509ExtensionAlternativeNames - $SubjectAlternativeName.InitializeEncode($IAlternativeNames) - - [String[]]$KeyUsage = ("DigitalSignature", "KeyEncipherment") - $KeyUsageObj = New-Object -ComObject X509Enrollment.CX509ExtensionKeyUsage - $KeyUsageObj.InitializeEncode([int][Security.Cryptography.X509Certificates.X509KeyUsageFlags]($KeyUsage)) - $KeyUsageObj.Critical = $true - - $cert.X509Extensions.Add($KeyUsageObj) - $cert.X509Extensions.Add($ekuext) - $cert.SignatureInformation.HashAlgorithm = $SigOID - $CERT.X509Extensions.Add($SubjectAlternativeName) - $cert.Encode() - - $enrollment = New-Object -COM "X509Enrollment.CX509Enrollment.1" - $enrollment.InitializeFromRequest($cert) - $certdata = $enrollment.CreateRequest(0) - $enrollment.InstallResponse(2, $certdata, 0, "") - - # extract/return the thumbprint from the generated cert - $parsed_cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 - $parsed_cert.Import([System.Text.Encoding]::UTF8.GetBytes($certdata)) - - return $parsed_cert.Thumbprint -} - -Function Enable-GlobalHttpFirewallAccess { - Write-Verbose "Forcing global HTTP firewall access" - # this is a fairly naive implementation; could be more sophisticated about rule matching/collapsing - $fw = New-Object -ComObject HNetCfg.FWPolicy2 - - # try to find/enable the default rule first - $add_rule = $false - $matching_rules = $fw.Rules | Where-Object { $_.Name -eq "Windows Remote Management (HTTP-In)" } - $rule = $null - If ($matching_rules) { - If ($matching_rules -isnot [Array]) { - Write-Verbose "Editing existing single HTTP firewall rule" - $rule = $matching_rules - } - Else { - # try to find one with the All or Public profile first - Write-Verbose "Found multiple existing HTTP firewall rules..." - $rule = $matching_rules | ForEach-Object { $_.Profiles -band 4 }[0] - - If (-not $rule -or $rule -is [Array]) { - Write-Verbose "Editing an arbitrary single HTTP firewall rule (multiple existed)" - # oh well, just pick the first one - $rule = $matching_rules[0] - } - } - } - - If (-not $rule) { - Write-Verbose "Creating a new HTTP firewall rule" - $rule = New-Object -ComObject HNetCfg.FWRule - $rule.Name = "Windows Remote Management (HTTP-In)" - $rule.Description = "Inbound rule for Windows Remote Management via WS-Management. [TCP 5985]" - $add_rule = $true - } - - $rule.Profiles = 0x7FFFFFFF - $rule.Protocol = 6 - $rule.LocalPorts = 5985 - $rule.RemotePorts = "*" - $rule.LocalAddresses = "*" - $rule.RemoteAddresses = "*" - $rule.Enabled = $true - $rule.Direction = 1 - $rule.Action = 1 - $rule.Grouping = "Windows Remote Management" - - If ($add_rule) { - $fw.Rules.Add($rule) - } - - Write-Verbose "HTTP firewall rule $($rule.Name) updated" -} - -# Setup error handling. -Trap { - $_ - Exit 1 -} -$ErrorActionPreference = "Stop" - -# Get the ID and security principal of the current user account -$myWindowsID = [System.Security.Principal.WindowsIdentity]::GetCurrent() -$myWindowsPrincipal = new-object System.Security.Principal.WindowsPrincipal($myWindowsID) - -# Get the security principal for the Administrator role -$adminRole = [System.Security.Principal.WindowsBuiltInRole]::Administrator - -# Check to see if we are currently running "as Administrator" -if (-Not $myWindowsPrincipal.IsInRole($adminRole)) { - Write-Output "ERROR: You need elevated Administrator privileges in order to run this script." - Write-Output " Start Windows PowerShell by using the Run as Administrator option." - Exit 2 -} - -$EventSource = $MyInvocation.MyCommand.Name -If (-Not $EventSource) { - $EventSource = "Powershell CLI" -} - -If ([System.Diagnostics.EventLog]::Exists('Application') -eq $False -or [System.Diagnostics.EventLog]::SourceExists($EventSource) -eq $False) { - New-EventLog -LogName Application -Source $EventSource -} - -# Detect PowerShell version. -If ($PSVersionTable.PSVersion.Major -lt 3) { - Write-ProgressLog "PowerShell version 3 or higher is required." - Throw "PowerShell version 3 or higher is required." -} - -# Find and start the WinRM service. -Write-Verbose "Verifying WinRM service." -If (!(Get-Service "WinRM")) { - Write-ProgressLog "Unable to find the WinRM service." - Throw "Unable to find the WinRM service." -} -ElseIf ((Get-Service "WinRM").Status -ne "Running") { - Write-Verbose "Setting WinRM service to start automatically on boot." - Set-Service -Name "WinRM" -StartupType Automatic - Write-ProgressLog "Set WinRM service to start automatically on boot." - Write-Verbose "Starting WinRM service." - Start-Service -Name "WinRM" -ErrorAction Stop - Write-ProgressLog "Started WinRM service." - -} - -# WinRM should be running; check that we have a PS session config. -If (!(Get-PSSessionConfiguration -Verbose:$false) -or (!(Get-ChildItem -LiteralPath WSMan:\localhost\Listener))) { - If ($SkipNetworkProfileCheck) { - Write-Verbose "Enabling PS Remoting without checking Network profile." - Enable-PSRemoting -SkipNetworkProfileCheck -Force -ErrorAction Stop - Write-ProgressLog "Enabled PS Remoting without checking Network profile." - } - Else { - Write-Verbose "Enabling PS Remoting." - Enable-PSRemoting -Force -ErrorAction Stop - Write-ProgressLog "Enabled PS Remoting." - } -} -Else { - Write-Verbose "PS Remoting is already enabled." -} - -# Ensure LocalAccountTokenFilterPolicy is set to 1 -# https://github.com/ansible/ansible/issues/42978 -$token_path = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -$token_prop_name = "LocalAccountTokenFilterPolicy" -$token_key = Get-Item -LiteralPath $token_path -$token_value = $token_key.GetValue($token_prop_name, $null) -if ($token_value -ne 1) { - Write-Verbose "Setting LocalAccountTOkenFilterPolicy to 1" - if ($null -ne $token_value) { - Remove-ItemProperty -LiteralPath $token_path -Name $token_prop_name - } - New-ItemProperty -LiteralPath $token_path -Name $token_prop_name -Value 1 -PropertyType DWORD > $null -} - -# Make sure there is a SSL listener. -$listeners = Get-ChildItem -LiteralPath WSMan:\localhost\Listener -If (!($listeners | Where-Object { $_.Keys -like "TRANSPORT=HTTPS" })) { - # We cannot use New-SelfSignedCertificate on 2012R2 and earlier - $thumbprint = New-LegacySelfSignedCert -SubjectName $SubjectName -ValidDays $CertValidityDays - Write-HostLog "Self-signed SSL certificate generated; thumbprint: $thumbprint" - - # Create the hashtables of settings to be used. - $valueset = @{ - Hostname = $SubjectName - CertificateThumbprint = $thumbprint - } - - $selectorset = @{ - Transport = "HTTPS" - Address = "*" - } - - Write-Verbose "Enabling SSL listener." - New-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset -ValueSet $valueset - Write-ProgressLog "Enabled SSL listener." -} -Else { - Write-Verbose "SSL listener is already active." - - # Force a new SSL cert on Listener if the $ForceNewSSLCert - If ($ForceNewSSLCert) { - - # We cannot use New-SelfSignedCertificate on 2012R2 and earlier - $thumbprint = New-LegacySelfSignedCert -SubjectName $SubjectName -ValidDays $CertValidityDays - Write-HostLog "Self-signed SSL certificate generated; thumbprint: $thumbprint" - - $valueset = @{ - CertificateThumbprint = $thumbprint - Hostname = $SubjectName - } - - # Delete the listener for SSL - $selectorset = @{ - Address = "*" - Transport = "HTTPS" - } - Remove-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset - - # Add new Listener with new SSL cert - New-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset -ValueSet $valueset - } -} - -# Check for basic authentication. -$basicAuthSetting = Get-ChildItem -LiteralPath WSMan:\localhost\Service\Auth | Where-Object { $_.Name -eq "Basic" } - -If ($DisableBasicAuth) { - If (($basicAuthSetting.Value) -eq $true) { - Write-Verbose "Disabling basic auth support." - Set-Item -LiteralPath "WSMan:\localhost\Service\Auth\Basic" -Value $false - Write-ProgressLog "Disabled basic auth support." - } - Else { - Write-Verbose "Basic auth is already disabled." - } -} -Else { - If (($basicAuthSetting.Value) -eq $false) { - Write-Verbose "Enabling basic auth support." - Set-Item -LiteralPath "WSMan:\localhost\Service\Auth\Basic" -Value $true - Write-ProgressLog "Enabled basic auth support." - } - Else { - Write-Verbose "Basic auth is already enabled." - } -} - -# If EnableCredSSP if set to true -If ($EnableCredSSP) { - # Check for CredSSP authentication - $credsspAuthSetting = Get-ChildItem -LiteralPath WSMan:\localhost\Service\Auth | Where-Object { $_.Name -eq "CredSSP" } - If (($credsspAuthSetting.Value) -eq $false) { - Write-Verbose "Enabling CredSSP auth support." - Enable-WSManCredSSP -role server -Force - Write-ProgressLog "Enabled CredSSP auth support." - } -} - -If ($GlobalHttpFirewallAccess) { - Enable-GlobalHttpFirewallAccess -} - -# Configure firewall to allow WinRM HTTPS connections. -$fwtest1 = netsh advfirewall firewall show rule name="Allow WinRM HTTPS" -$fwtest2 = netsh advfirewall firewall show rule name="Allow WinRM HTTPS" profile=any -If ($fwtest1.count -lt 5) { - Write-Verbose "Adding firewall rule to allow WinRM HTTPS." - netsh advfirewall firewall add rule profile=any name="Allow WinRM HTTPS" dir=in localport=5986 protocol=TCP action=allow - Write-ProgressLog "Added firewall rule to allow WinRM HTTPS." -} -ElseIf (($fwtest1.count -ge 5) -and ($fwtest2.count -lt 5)) { - Write-Verbose "Updating firewall rule to allow WinRM HTTPS for any profile." - netsh advfirewall firewall set rule name="Allow WinRM HTTPS" new profile=any - Write-ProgressLog "Updated firewall rule to allow WinRM HTTPS for any profile." -} -Else { - Write-Verbose "Firewall rule already exists to allow WinRM HTTPS." -} - -# Test a remoting connection to localhost, which should work. -$httpResult = Invoke-Command -ComputerName "localhost" -ScriptBlock { $using:env:COMPUTERNAME } -ErrorVariable httpError -ErrorAction SilentlyContinue -$httpsOptions = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck - -$httpsResult = New-PSSession -UseSSL -ComputerName "localhost" -SessionOption $httpsOptions -ErrorVariable httpsError -ErrorAction SilentlyContinue - -If ($httpResult -and $httpsResult) { - Write-Verbose "HTTP: Enabled | HTTPS: Enabled" -} -ElseIf ($httpsResult -and !$httpResult) { - Write-Verbose "HTTP: Disabled | HTTPS: Enabled" -} -ElseIf ($httpResult -and !$httpsResult) { - Write-Verbose "HTTP: Enabled | HTTPS: Disabled" -} -Else { - Write-ProgressLog "Unable to establish an HTTP or HTTPS remoting session." - Throw "Unable to establish an HTTP or HTTPS remoting session." -} -Write-VerboseLog "PS Remoting has been successfully configured for Ansible." diff --git a/roles/agent/tasks/Windows.yml b/roles/agent/tasks/Windows.yml index 9a1c96e4b..fbd5bbb58 100644 --- a/roles/agent/tasks/Windows.yml +++ b/roles/agent/tasks/Windows.yml @@ -1,5 +1,5 @@ --- -- name: "{{ ansible_os_family }} Derivatives: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }}: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.windows.win_get_url: url: "{{ checkmk_agent_agent.url.cee }}?host_name={{ checkmk_agent_host_name }}&os_type=windows_msi&agent_type=host_name" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -21,7 +21,7 @@ tags: - download-package -- name: "{{ ansible_os_family }} Derivatives: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }}: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.windows.win_package: path: "{{ checkmk_agent_agent.file.host }}" state: present @@ -34,7 +34,7 @@ tags: - install-package -- name: "{{ ansible_os_family }} Derivatives: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }}: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.windows.win_get_url: url: "{{ checkmk_agent_agent.url.cee }}?os_type=windows_msi&agent_type=generic" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -54,7 +54,7 @@ tags: - download-package -- name: "{{ ansible_os_family }} Derivatives: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }}: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.windows.win_package: path: "{{ checkmk_agent_agent.file.cee }}" state: present @@ -67,7 +67,7 @@ tags: - install-package -- name: "{{ ansible_os_family }} Derivatives: Download Checkmk CRE Agent." +- name: "{{ ansible_os_family }}: Download Checkmk CRE Agent." ansible.windows.win_get_url: url: "{{ checkmk_agent_agent.url.cre }}" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -77,7 +77,7 @@ tags: - download-package -- name: "{{ ansible_os_family }} Derivatives: Install Checkmk CRE Agent." +- name: "{{ ansible_os_family }}: Install Checkmk CRE Agent." ansible.windows.win_package: path: "{{ checkmk_agent_agent.file.cre }}" state: present From b01a8e7b2f74ad686f04c4fa35f7251a9f41f962 Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Mon, 31 Jul 2023 16:28:28 +0200 Subject: [PATCH 118/146] Bugfix Vagrantfile. --- Vagrantfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Vagrantfile b/Vagrantfile index 8f1265765..74927bc0a 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -142,9 +142,9 @@ Vagrant.configure("2") do |config| srv.name = 'ansidows' srv.memory = 4096 srv.cpus = 2 - srv.gui = true + srv.gui = false end - vmx.vm.provision "shell", + srv.vm.provision "shell", inline: "powershell Set-NetFirewallRule -name 'FPS-ICMP4-ERQ-In*' -Enabled true" end From 65ef9ebeb774b702062fd9a626a5faa24d8e0f1f Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Thu, 3 Aug 2023 11:06:08 +0200 Subject: [PATCH 119/146] Bugfix TLS registration conditional. --- roles/agent/tasks/Linux.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/roles/agent/tasks/Linux.yml b/roles/agent/tasks/Linux.yml index a06b8f61e..8a4a56851 100644 --- a/roles/agent/tasks/Linux.yml +++ b/roles/agent/tasks/Linux.yml @@ -99,9 +99,6 @@ -U {{ checkmk_agent_user }} -P {{ checkmk_agent_auth }} --trust-cert register: checkmk_agent_tls_state when: | - (checkmk_agent_edition == "cee" or - checkmk_agent_edition == "cfe" or - checkmk_agent_edition == "cme") - and checkmk_agent_controller_binary.stat.exists | bool + checkmk_agent_controller_binary.stat.exists | bool and checkmk_agent_tls | bool and (checkmk_agent_auth is defined and checkmk_agent_auth | length) From 3ede06201876227643cf54123fca58e5da0f48b9 Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Thu, 3 Aug 2023 11:31:29 +0200 Subject: [PATCH 120/146] Update meta data. --- CODEOWNERS | 5 ++++- galaxy.yml | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CODEOWNERS b/CODEOWNERS index 13f817399..de2199cf1 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -6,4 +6,7 @@ /plugins/module_utils/ @godspeed-you /plugins/modules/user.py @lgetwan /plugins/modules/bakery.py @Max-checkmk -/plugins/modules/password.py @Max-checkmk \ No newline at end of file +/plugins/modules/password.py @Max-checkmk +/roles/agent/tasks/Windows.yml @Max-checkmk +/roles/agent/vars/Windows.yml @Max-checkmk +/roles/agent/tasks/Win32NT.yml @Max-checkmk \ No newline at end of file diff --git a/galaxy.yml b/galaxy.yml index c202d5c9e..dc1f61342 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -37,7 +37,7 @@ license_file: LICENSE # A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character # requirements as 'namespace' and 'name' -tags: [checkmk, monitoring, check_mk, check, discovery, ubuntu, debian, sles, rhel] +tags: [checkmk, monitoring, check_mk, check, discovery, ubuntu, debian, sles, rhel, rocky, rockylinux, oraclelinux, windows] # Collections that this collection requires to be installed for it to be usable. The key of the dict is the # collection label 'namespace.name'. The value is a version range From b52bec7aeb09577a05360d9729d59eb8601dac4c Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Thu, 3 Aug 2023 11:31:44 +0200 Subject: [PATCH 121/146] Update READMEs. --- CONTRIBUTING.md | 4 ++-- roles/agent/README.md | 16 ++++++++-------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 3aa59343f..1d54fc293 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -124,11 +124,11 @@ You can also run a subset by mentioning them as follows. See `tests/integration/ ansible-test integration $TEST_CASE --docker ### Molecule -To test our roles, we use [Molecule](https://www.jeffgeerling.com/blog/2018/testing-your-ansible-roles-molecule). It can be installed using the `requirements.txt`in this project or manually. The tests are crafted by the maintainers of this project to reflect real world scenarios a role would be used in. To run the tests, you need to navigate to the role directory and choose a scenario. At the time of writing those are named after the supported Checkmk versions: `2.0.0`and `2.1.0`. +To test our roles, we use [Molecule](https://www.jeffgeerling.com/blog/2018/testing-your-ansible-roles-molecule). It can be installed using the `requirements.txt`in this project or manually. The tests are crafted by the maintainers of this project to reflect real world scenarios a role would be used in. To run the tests, you need to navigate to the role directory and choose a scenario. At the time of writing those are named after the supported Checkmk versions: `2.1.0`and `2.2.0`. cd roles/server/ - molecule test -s 2.0.0 molecule test -s 2.1.0 + molecule test -s 2.2.0 ### Unit There are currently no unit tests. diff --git a/roles/agent/README.md b/roles/agent/README.md index 6ed1b8020..75531299b 100644 --- a/roles/agent/README.md +++ b/roles/agent/README.md @@ -50,11 +50,11 @@ The name of your Checkmk site. checkmk_agent_registration_server: "{{ checkmk_agent_server }}" -The server you want to use for registration tasks (Agent updates and TLS encryption). Defaults to {{ checkmk_agent_server }}. +The server you want to use for registration tasks (Agent updates and TLS encryption). Defaults to `{{ checkmk_agent_server }}`. checkmk_agent_registration_site: "{{ checkmk_agent_site }}" -The site you want to use for registration tasks (Agent updates and TLS encryption). Defaults to {{ checkmk_agent_site }}. +The site you want to use for registration tasks (Agent updates and TLS encryption). Defaults to `{{ checkmk_agent_site }}`. checkmk_agent_user: automation @@ -75,6 +75,10 @@ This is mutually exclusive with `checkmk_agent_pass`. Enable automatic activation of changes on all sites. This is disabled by default, as it might be unexpected. + checkmk_agent_force_foreign_changes: 'false' + +Allow forcing foreign changes on activation by handler. + checkmk_agent_add_host: 'false' Automatically add the host where the agent was installed to Checkmk. @@ -103,11 +107,11 @@ for automatic updates. Otherwise this will fail. checkmk_agent_configure_firewall: 'true' -Automatically configure the firewall to allow access to the Checkmk agent. +Automatically configure the firewall (*currently only on RedHat derivatives*) to allow access to the Checkmk agent. checkmk_agent_configure_firewall_zone: 'public' -When checkmk_agent_configure_firewall then configure firewall zone on RedHat systems. Defaults to 'public'. +When checkmk_agent_configure_firewall is set to `true` then configure the firewall zone on RedHat derivatives. Defaults to 'public'. checkmk_agent_force_install: 'false' @@ -136,13 +140,9 @@ Define an IP address which will be added to the host in Checkmk. This is optiona checkmk_agent_host_attributes: ipaddress: "{{ checkmk_agent_host_ip | default(omit) }}" - tag_agent: 'cmk-agent' Define attributes with which the host will be added to Checkmk. - checkmk_agent_force_foreign_changes: 'false' - -Allow forcing foreign changes on activation by handler. ## Tags Tasks are tagged with the following tags: From c3277639472d7201c67f61f4009a245bb6fbda9c Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Thu, 3 Aug 2023 11:31:57 +0200 Subject: [PATCH 122/146] Add changelog. --- changelogs/fragments/windows.yml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 changelogs/fragments/windows.yml diff --git a/changelogs/fragments/windows.yml b/changelogs/fragments/windows.yml new file mode 100644 index 000000000..2ed286b03 --- /dev/null +++ b/changelogs/fragments/windows.yml @@ -0,0 +1,2 @@ +major_changes: + - Agent role - Add support for Windows. From 3e845ef180cf6107cbf82eea47f9dcb951b3cabf Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Thu, 3 Aug 2023 11:33:40 +0200 Subject: [PATCH 123/146] Harmonize task titles. --- roles/agent/tasks/Debian.yml | 2 +- roles/agent/tasks/Linux.yml | 18 +++++++++--------- roles/agent/tasks/RedHat.yml | 8 ++++---- roles/agent/tasks/legacy.yml | 4 ++-- roles/agent/tasks/main.yml | 5 ++--- 5 files changed, 18 insertions(+), 19 deletions(-) diff --git a/roles/agent/tasks/Debian.yml b/roles/agent/tasks/Debian.yml index 72669ca56..a9152e961 100644 --- a/roles/agent/tasks/Debian.yml +++ b/roles/agent/tasks/Debian.yml @@ -73,7 +73,7 @@ tags: - download-package -- name: "Debian Derivates: Transfer GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Transfer GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.copy: src: "{{ checkmk_agent_agent.file.cee }}" dest: "{{ checkmk_agent_agent.file.cee }}" diff --git a/roles/agent/tasks/Linux.yml b/roles/agent/tasks/Linux.yml index 8a4a56851..be8e89642 100644 --- a/roles/agent/tasks/Linux.yml +++ b/roles/agent/tasks/Linux.yml @@ -1,20 +1,20 @@ --- -- name: "({{ ansible_system }}): Get RPM or APT package facts." +- name: "{{ ansible_system }}: Get RPM or APT package facts." ansible.builtin.package_facts: manager: "auto" tags: - get-package-facts -- name: "({{ ansible_system }}): Populate service facts." +- name: "{{ ansible_system }}: Populate service facts." ansible.builtin.service_facts: -- name: "({{ ansible_system }}): Import Legacy agent tasks." +- name: "{{ ansible_system }}: Import Legacy agent tasks." ansible.builtin.include_tasks: "legacy.yml" when: | checkmk_agent_prep_legacy | bool and ansible_facts.packages['systemd'][0]['version'] | regex_search('\d{1,}') | int < 220 -- name: "({{ ansible_system }}): Download Checkmk CRE agent." +- name: "{{ ansible_system }}: Download Checkmk CRE agent." ansible.builtin.get_url: url: "{{ checkmk_agent_agent.url.cre }}" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -50,17 +50,17 @@ when: checkmk_agent_add_host | bool notify: "activate changes" -- name: "({{ ansible_system }}): Check for Agent Updater Binary." +- name: "{{ ansible_system }}: Check for Agent Updater Binary." ansible.builtin.stat: path: /usr/bin/cmk-update-agent register: checkmk_agent_updater_binary -- name: "({{ ansible_system }}): Check for Agent Controller Binary." +- name: "{{ ansible_system }}: Check for Agent Controller Binary." ansible.builtin.stat: path: /usr/bin/cmk-agent-ctl register: checkmk_agent_controller_binary -- name: "({{ ansible_system }}): Register Agent for automatic Updates using User Password." # noqa no-changed-when +- name: "{{ ansible_system }}: Register Agent for automatic Updates using User Password." # noqa no-changed-when become: true ansible.builtin.shell: | cmk-update-agent register -H {{ checkmk_agent_host_name }} \ @@ -76,7 +76,7 @@ and (checkmk_agent_pass is defined and checkmk_agent_pass | length) and (checkmk_agent_secret is not defined) -- name: "({{ ansible_system }}): Register Agent for automatic Updates using Automation Secret." # noqa no-changed-when +- name: "{{ ansible_system }}: Register Agent for automatic Updates using Automation Secret." # noqa no-changed-when become: true ansible.builtin.shell: | cmk-update-agent register -H {{ checkmk_agent_host_name }} \ @@ -91,7 +91,7 @@ and checkmk_agent_update | bool and (checkmk_agent_secret is defined and checkmk_agent_secret | length) -- name: "({{ ansible_system }}): Register Agent for TLS." # noqa no-changed-when +- name: "{{ ansible_system }}: Register Agent for TLS." # noqa no-changed-when become: true ansible.builtin.shell: | cmk-agent-ctl register -H {{ checkmk_agent_host_name }} \ diff --git a/roles/agent/tasks/RedHat.yml b/roles/agent/tasks/RedHat.yml index 34f13ef53..d559e4cf5 100644 --- a/roles/agent/tasks/RedHat.yml +++ b/roles/agent/tasks/RedHat.yml @@ -73,7 +73,7 @@ tags: - download-package -- name: "RedHat Derivates: Transfer GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivates: Transfer GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.copy: src: "{{ checkmk_agent_agent.file.cee }}" dest: "{{ checkmk_agent_agent.file.cee }}" @@ -113,15 +113,15 @@ tags: - install-package -- name: "RedHat Derivatives: Configure Firewall for Agent." +- name: "{{ ansible_os_family }} Derivatives: Configure Firewall for Agent." when: checkmk_agent_configure_firewall | bool and "firewalld.service" in ansible_facts.services block: - - name: "RedHat Derivatives: Check if checkmk_agent_server is an IP address." + - name: "{{ ansible_os_family }} Derivatives: Check if checkmk_agent_server is an IP address." ansible.builtin.set_fact: checkmk_agent_server_ip: "{{ checkmk_agent_server }}" when: checkmk_agent_server_ip is not defined and checkmk_agent_server | ansible.utils.ipaddr() - - name: "RedHat Derivatives: Allow Checkmk services access to the agent." + - name: "{{ ansible_os_family }} Derivatives: Allow Checkmk services access to the agent." ansible.posix.firewalld: permanent: 'yes' immediate: 'yes' diff --git a/roles/agent/tasks/legacy.yml b/roles/agent/tasks/legacy.yml index a9a87735f..adc3c38be 100644 --- a/roles/agent/tasks/legacy.yml +++ b/roles/agent/tasks/legacy.yml @@ -1,5 +1,5 @@ --- -- name: "({{ ansible_system }}): Install xinetd" +- name: "{{ ansible_system }}: Install xinetd" become: true ansible.builtin.package: name: xinetd @@ -8,7 +8,7 @@ - install-package - install-prerequisites -- name: "({{ ansible_system }}): Enable xinetd" +- name: "{{ ansible_system }}: Enable xinetd" become: true ansible.builtin.service: name: xinetd diff --git a/roles/agent/tasks/main.yml b/roles/agent/tasks/main.yml index 8fedec18c..86e5f1d32 100644 --- a/roles/agent/tasks/main.yml +++ b/roles/agent/tasks/main.yml @@ -4,12 +4,12 @@ tags: - include-os-family-vars -- name: "({{ ansible_system }}): Include OS specific tasks." +- name: "{{ ansible_system }}: Include OS specific tasks." ansible.builtin.include_tasks: "{{ ansible_system }}.yml" tags: - include-system-tasks -- name: "Fetch fresh monitoring data from the added host." +- name: "Fetch fresh monitoring data from host." become: false checkmk.general.discovery: server_url: "{{ checkmk_agent_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_port }}/" @@ -24,7 +24,6 @@ - name: "Update monitored services and labels on host." become: false - checkmk.general.discovery: server_url: "{{ checkmk_agent_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_port }}/" site: "{{ checkmk_agent_site }}" From a5c3f94aa29a2f484f880fd8a5059e961001c646 Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Thu, 3 Aug 2023 11:42:41 +0200 Subject: [PATCH 124/146] Fix spelling. --- roles/agent/tasks/Debian.yml | 14 +++++++------- roles/agent/tasks/RedHat.yml | 14 +++++++------- roles/agent/tasks/Suse.yml | 14 +++++++------- 3 files changed, 21 insertions(+), 21 deletions(-) diff --git a/roles/agent/tasks/Debian.yml b/roles/agent/tasks/Debian.yml index a9152e961..e10458bdf 100644 --- a/roles/agent/tasks/Debian.yml +++ b/roles/agent/tasks/Debian.yml @@ -1,5 +1,5 @@ --- -- name: "{{ ansible_os_family }} Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivatives: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?host_name={{ checkmk_agent_host_name }}&os_type=linux_deb&agent_type=host_name" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -22,7 +22,7 @@ tags: - download-package -- name: "{{ ansible_os_family }} Derivates: Transfer host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivatives: Transfer host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.copy: src: "{{ checkmk_agent_agent.file.host }}" dest: "{{ checkmk_agent_agent.file.host }}" @@ -37,7 +37,7 @@ tags: - download-package -- name: "{{ ansible_os_family }} Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivatives: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.apt: deb: "{{ checkmk_agent_agent.file.host }}" @@ -52,7 +52,7 @@ tags: - install-package -- name: "{{ ansible_os_family }} Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivatives: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?os_type=linux_deb&agent_type=generic" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -73,7 +73,7 @@ tags: - download-package -- name: "{{ ansible_os_family }} Derivates: Transfer GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivatives: Transfer GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.copy: src: "{{ checkmk_agent_agent.file.cee }}" dest: "{{ checkmk_agent_agent.file.cee }}" @@ -88,7 +88,7 @@ tags: - download-package -- name: "{{ ansible_os_family }} Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivatives: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.apt: deb: "{{ checkmk_agent_agent.file.cee }}" @@ -103,7 +103,7 @@ tags: - install-package -- name: "{{ ansible_os_family }} Derivates: Install Checkmk CRE Agent." +- name: "{{ ansible_os_family }} Derivatives: Install Checkmk CRE Agent." become: true ansible.builtin.apt: deb: "{{ checkmk_agent_agent.file.cre }}" diff --git a/roles/agent/tasks/RedHat.yml b/roles/agent/tasks/RedHat.yml index d559e4cf5..83e48a906 100644 --- a/roles/agent/tasks/RedHat.yml +++ b/roles/agent/tasks/RedHat.yml @@ -1,5 +1,5 @@ --- -- name: "{{ ansible_os_family }} Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivatives: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?host_name={{ checkmk_agent_host_name }}&os_type=linux_rpm&agent_type=host_name" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -22,7 +22,7 @@ tags: - download-package -- name: "{{ ansible_os_family }} Derivates: Transfer host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivatives: Transfer host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.copy: src: "{{ checkmk_agent_agent.file.host }}" dest: "{{ checkmk_agent_agent.file.host }}" @@ -37,7 +37,7 @@ tags: - download-package -- name: "{{ ansible_os_family }} Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivatives: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.yum: name: "{{ checkmk_agent_agent.file.host }}" @@ -52,7 +52,7 @@ tags: - install-package -- name: "{{ ansible_os_family }} Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivatives: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?os_type=linux_rpm&agent_type=generic" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -73,7 +73,7 @@ tags: - download-package -- name: "{{ ansible_os_family }} Derivates: Transfer GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivatives: Transfer GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.copy: src: "{{ checkmk_agent_agent.file.cee }}" dest: "{{ checkmk_agent_agent.file.cee }}" @@ -88,7 +88,7 @@ tags: - download-package -- name: "{{ ansible_os_family }} Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivatives: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true ansible.builtin.yum: name: "{{ checkmk_agent_agent.file.cee }}" @@ -103,7 +103,7 @@ tags: - install-package -- name: "{{ ansible_os_family }} Derivates: Install Checkmk CRE Agent." +- name: "{{ ansible_os_family }} Derivatives: Install Checkmk CRE Agent." become: true ansible.builtin.yum: name: "{{ checkmk_agent_agent.file.cre }}" diff --git a/roles/agent/tasks/Suse.yml b/roles/agent/tasks/Suse.yml index 955bde4bd..35204a235 100644 --- a/roles/agent/tasks/Suse.yml +++ b/roles/agent/tasks/Suse.yml @@ -1,5 +1,5 @@ --- -- name: "{{ ansible_os_family }} Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivatives: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?host_name={{ checkmk_agent_host_name }}&os_type=linux_rpm&agent_type=host_name" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -22,7 +22,7 @@ tags: - download-package -- name: "{{ ansible_os_family }} Derivates: Transfer host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivatives: Transfer host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.copy: src: "{{ checkmk_agent_agent.file.host }}" dest: "{{ checkmk_agent_agent.file.host }}" @@ -37,7 +37,7 @@ tags: - download-package -- name: "{{ ansible_os_family }} Derivates: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivatives: Install host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true community.general.zypper: name: "{{ checkmk_agent_agent.file.host }}" @@ -53,7 +53,7 @@ tags: - install-package -- name: "{{ ansible_os_family }} Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivatives: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?os_type=linux_rpm&agent_type=generic" validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" @@ -74,7 +74,7 @@ tags: - download-package -- name: "{{ ansible_os_family }} Derivates: Transfer GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivatives: Transfer GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.copy: src: "{{ checkmk_agent_agent.file.cee }}" dest: "{{ checkmk_agent_agent.file.cee }}" @@ -89,7 +89,7 @@ tags: - download-package -- name: "{{ ansible_os_family }} Derivates: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." +- name: "{{ ansible_os_family }} Derivatives: Install GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." become: true community.general.zypper: name: "{{ checkmk_agent_agent.file.cee }}" @@ -105,7 +105,7 @@ tags: - install-package -- name: "{{ ansible_os_family }} Derivates: Install Checkmk CRE Agent." +- name: "{{ ansible_os_family }} Derivatives: Install Checkmk CRE Agent." become: true community.general.zypper: name: "{{ checkmk_agent_agent.file.cre }}" From 57f3a1a69e90abf3e536b9cc546d3a058b24afcf Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Mon, 7 Aug 2023 15:25:21 +0200 Subject: [PATCH 125/146] Add proper retry mechanics. --- roles/agent/tasks/Linux.yml | 3 +++ roles/agent/tasks/Windows.yml | 23 +++++++++++++---------- roles/agent/tasks/main.yml | 8 ++++++++ 3 files changed, 24 insertions(+), 10 deletions(-) diff --git a/roles/agent/tasks/Linux.yml b/roles/agent/tasks/Linux.yml index be8e89642..7fe9cc3f1 100644 --- a/roles/agent/tasks/Linux.yml +++ b/roles/agent/tasks/Linux.yml @@ -21,7 +21,10 @@ dest: "{{ checkmk_agent_agent.file.cre }}" mode: '0640' when: checkmk_agent_edition == "cre" + register: result retries: 3 + delay: 10 + until: "result.changed | bool" tags: - download-package diff --git a/roles/agent/tasks/Windows.yml b/roles/agent/tasks/Windows.yml index fbd5bbb58..0ef34edb1 100644 --- a/roles/agent/tasks/Windows.yml +++ b/roles/agent/tasks/Windows.yml @@ -1,4 +1,17 @@ --- +- name: "{{ ansible_os_family }}: Download Checkmk CRE Agent." + ansible.windows.win_get_url: + url: "{{ checkmk_agent_agent.url.cre }}" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" + dest: "{{ checkmk_agent_agent.file.cre }}" + when: checkmk_agent_edition == "cre" + register: result + retries: 3 + delay: 10 + until: "result.changed | bool" + tags: + - download-package + - name: "{{ ansible_os_family }}: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.windows.win_get_url: url: "{{ checkmk_agent_agent.url.cee }}?host_name={{ checkmk_agent_host_name }}&os_type=windows_msi&agent_type=host_name" @@ -67,16 +80,6 @@ tags: - install-package -- name: "{{ ansible_os_family }}: Download Checkmk CRE Agent." - ansible.windows.win_get_url: - url: "{{ checkmk_agent_agent.url.cre }}" - validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" - dest: "{{ checkmk_agent_agent.file.cre }}" - when: checkmk_agent_edition == "cre" - retries: 3 - tags: - - download-package - - name: "{{ ansible_os_family }}: Install Checkmk CRE Agent." ansible.windows.win_package: path: "{{ checkmk_agent_agent.file.cre }}" diff --git a/roles/agent/tasks/main.yml b/roles/agent/tasks/main.yml index 86e5f1d32..14f2df9b3 100644 --- a/roles/agent/tasks/main.yml +++ b/roles/agent/tasks/main.yml @@ -21,6 +21,10 @@ state: "refresh" delegate_to: "{{ checkmk_agent_delegate_api_calls }}" when: checkmk_agent_discover | bool + register: result + retries: 3 + delay: 10 + until: "result.changed | bool" - name: "Update monitored services and labels on host." become: false @@ -34,4 +38,8 @@ state: "fix_all" delegate_to: "{{ checkmk_agent_delegate_api_calls }}" when: checkmk_agent_discover | bool + register: result + retries: 3 + delay: 10 + until: "result.changed | bool" notify: "activate changes" From 12b360fffcfff74b0b0168cba0814fb28a35f324 Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Thu, 10 Aug 2023 18:01:12 +0200 Subject: [PATCH 126/146] Reorganize inventory for better overview and add ansible_shell_type for Windows hosts. --- playbooks/hosts | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/playbooks/hosts b/playbooks/hosts index bef7dd7e6..717cdbd23 100644 --- a/playbooks/hosts +++ b/playbooks/hosts @@ -5,14 +5,26 @@ test3.tld checkmk_folder_path="/bar" test4.tld checkmk_folder_path="/" test5.tld checkmk_folder_path="/foo/bar" -[vagrant] +[linux] ansibuntu ansible_host=192.168.56.61 checkmk_folder_path="/test" debsible ansible_host=192.168.56.62 checkmk_folder_path="/foo" anstream ansible_host=192.168.56.63 checkmk_folder_path="foo/bar" ansuse ansible_host=192.168.56.64 checkmk_folder_path="/bar" ansles ansible_host=192.168.56.65 checkmk_folder_path="/bar/foo" ansoracle ansible_host=192.168.56.66 checkmk_folder_path="/foo" -ansidows ansible_host=192.168.56.67 checkmk_folder_path="/" ansible_winrm_scheme=http ansible_winrm_transport=basic ansible_winrm_server_cert_validation=ignore + +[windows] +ansidows ansible_host=192.168.56.67 checkmk_folder_path="/" + +[windows:vars] +ansible_shell_type = cmd +ansible_winrm_scheme = http +ansible_winrm_transport = basic +ansible_winrm_server_cert_validation = ignore + +[vagrant:children] +linux +windows [vagrant:vars] ansible_user=vagrant From 782476443b4517317273b79365447a38dc9068d6 Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Thu, 10 Aug 2023 18:02:12 +0200 Subject: [PATCH 127/146] Add verification task for open agent port before discovering services. --- roles/agent/tasks/Linux.yml | 5 +++++ roles/agent/tasks/Win32NT.yml | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/roles/agent/tasks/Linux.yml b/roles/agent/tasks/Linux.yml index be8e89642..d05ffef9d 100644 --- a/roles/agent/tasks/Linux.yml +++ b/roles/agent/tasks/Linux.yml @@ -102,3 +102,8 @@ checkmk_agent_controller_binary.stat.exists | bool and checkmk_agent_tls | bool and (checkmk_agent_auth is defined and checkmk_agent_auth | length) + +- name: "Verify Checkmk Agent Port is open." + ansible.builtin.wait_for: + port: 6556 + timeout: 60 diff --git a/roles/agent/tasks/Win32NT.yml b/roles/agent/tasks/Win32NT.yml index 6e1ec7579..4560a0d2c 100644 --- a/roles/agent/tasks/Win32NT.yml +++ b/roles/agent/tasks/Win32NT.yml @@ -85,3 +85,8 @@ checkmk_agent_controller_binary.stat.exists | bool and checkmk_agent_tls | bool and (checkmk_agent_auth is defined and checkmk_agent_auth | length) + +- name: "Verify Checkmk Agent Port is open." + ansible.windows.win_wait_for: + port: 6556 + timeout: 60 From 1bcea19727a5ba6116d54c12a94ad5b8c498f3b0 Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Mon, 14 Aug 2023 13:53:38 +0200 Subject: [PATCH 128/146] Fix dummy key for bakery integration tests. --- .../bakery/files/agent_signature_keys.mk | 166 +++++++++--------- 1 file changed, 83 insertions(+), 83 deletions(-) diff --git a/tests/integration/targets/bakery/files/agent_signature_keys.mk b/tests/integration/targets/bakery/files/agent_signature_keys.mk index 2a4cd9ebb..61c2b3eb2 100644 --- a/tests/integration/targets/bakery/files/agent_signature_keys.mk +++ b/tests/integration/targets/bakery/files/agent_signature_keys.mk @@ -1,91 +1,91 @@ # Written by Checkmk store (actually Ansible) -agent_signature_keys.update({1: {'alias': 'test_key', +agent_signature_keys.update({1: {'alias': 'ansible_collection', 'certificate': '-----BEGIN CERTIFICATE-----\n' - 'MIIFUzCCAzugAwIBAgIUH/fvbU7RLhm6METjrUvx/Xhr4cMwDQYJKoZIhvcNAQEN\n' - 'BQAwQzERMA8GA1UEAwwIdGVzdF9rZXkxGzAZBgNVBAoMEkNoZWNrbWsgU2l0ZSBs\n' - 'b2NhbDERMA8GA1UECwwIY21rYWRtaW4wHhcNMjMwNTE2MTI1MzUyWhcNMjUwNTE2\n' - 'MTI1MzUyWjBDMREwDwYDVQQDDAh0ZXN0X2tleTEbMBkGA1UECgwSQ2hlY2ttayBT\n' - 'aXRlIGxvY2FsMREwDwYDVQQLDAhjbWthZG1pbjCCAiIwDQYJKoZIhvcNAQEBBQAD\n' - 'ggIPADCCAgoCggIBAKxdBrzxkAeUGBDjio6l2q9Q1NhK8xWAnH/Lo+eIDWu3Gy8j\n' - 'Wnlnfj2He5uWHZ1aIE90sGDZbd51G75Uc0UM2APkhq6iOVn8VZdxIJ5fUsfB1NMM\n' - 'qizaiLIe5Yl9lQD1ffYRrOWF2cPg0rifEZtqawB2umTiRMlATG8PNAsF2coTuYzh\n' - 'iNVJUySYT256MKN6ybut5AWaHO+Oka5IknknW4q7dNjStxIgi7BybunTGzvKCjY6\n' - 'LRKMQtxvhu3pxgmwJ8J20gbuXs+pt7isMzvGrBGavvCHMgNZfGeLlGvnx5ScvrOO\n' - 'AFpbeQd4fVbs0Vi31v1V3ufpazA/D//Y3K7byUUGB5dg1mBM4AMW1y0Q+Mk9LQYD\n' - 'gHRJ5THwFdx8+NkeoIX9PDVGUxVsiNwJ6wp1rCJ7T+J351svGvKuY7nZflwfxRzQ\n' - 'j549ZUJG3SMAeh6lSmPXNgMK5gIpKSXNukxaB6gepsGtDpdMHxlR4ulnUGs/29u/\n' - 'Qh7YCabrzJRsdys/MiwnDLJCPlVwnb2tZTVwZMekCL16hQEbWGPA5AvKbaM8KyaL\n' - '/rV7jQaZESgvfFBxsoFq1ZKIvX9Q/pJvM9DgU1vjIV0E5b9zbk4mdbEBJ+oArV+0\n' - 'jrCVJZilfLF0xxQZ7kP9SCi2u3s+sc9BNlyehae3ykkz267LkyGc6QyfFws9AgMB\n' - 'AAGjPzA9MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFCa8C1f2XP3tRnmbFB4AUB2G\n' - '88BrMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQ0FAAOCAgEAWlBudYWDj9+q\n' - 'qsERE3DL7yKSKVE5sJbSCkJ4ZxUtuCI6tXe+vykBTh4c++uizen6vX8NG9WnuGDx\n' - 'Wo1zjHuiQCduorMMuwKnqV+VUgnSk6BF6YnUxE4rnw9t6Rp+GK+2FDYTAi6CXx/v\n' - 'hzxxSefdx67J5hLpLtgCFcwLJe+uf26OvQNTMmgiHDHas07cNKh6At68DCZNmkau\n' - 'PETrrwCHVt75OopAfydejp+u0j/nig3/lyflpDKxjXh6h4uhoGRa4QFQUETyYYrw\n' - 'sgalhk1SopLL65uP0KxZjEkbVBhuIX/x5lCGtuNJt9cFLFACkkjvLEw1+5GtNTNk\n' - '7rBr5Q+P5lqbsIqckcms2Pecqy/KmF1+FY1f5TnfrlyQ/6I1/XyYaWJ8Bwz60uDN\n' - 'deB0xq8Sikd5SkluhvmCl/FDu2T50fu5wAQ2Y/XHub1hdKCjbcRnw+1i3eUu7hso\n' - 'KiVKYDNMzCAl1q0RPHHlUFfAx0uFBINRR6sGuu44CxLPTKPpXj+BZLWD9buPi8U6\n' - 'vCYuRvdM6AvKJFuFo39CBDRwVFXyPYKgD8HWKczkrjIgvhrOk7pw2hGhmg1h5Bib\n' - 'e23QLEM4wvLRvK4QWzAcJSTahuQVtiX6+Lt7g82aGm2oZXC1TeWPbsJD+od4D3yG\n' - 'IcHJbqKvCxWBU+JbVqWifkxhiEX0kEM=\n' + 'MIIFZzCCA0+gAwIBAgIUZgnYcA4yerR7bDBuB6+3RXCK4dEwDQYJKoZIhvcNAQEN\n' + 'BQAwTTEbMBkGA1UEAwwSYW5zaWJsZV9jb2xsZWN0aW9uMRswGQYDVQQKDBJDaGVj\n' + 'a21rIFNpdGUgbG9jYWwxETAPBgNVBAsMCGNta2FkbWluMB4XDTIzMDgxNDExNDgw\n' + 'NloXDTI1MDgxNDExNDgwNlowTTEbMBkGA1UEAwwSYW5zaWJsZV9jb2xsZWN0aW9u\n' + 'MRswGQYDVQQKDBJDaGVja21rIFNpdGUgbG9jYWwxETAPBgNVBAsMCGNta2FkbWlu\n' + 'MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwN+Jo6Ia6iJ26yRFlgGb\n' + 'GrodmwGitV+SjQt0qo92AwRdKh4Ws7hmSmN352ZvEzcsEJaTG4yVCTsfwcg3DGgf\n' + 'Iiu/Zc/7vniqrifdS/Z+VYDSb6kaC0vAft91CijyxnQvzbh7htbz+zVxxd6SUd2V\n' + 'xkhn5fYe3ynbyRQZciFa0fZu+Jpg6oKw1Oz/oymhnAiAFmSiXsdEP9HruHtyAOqF\n' + 'j2qcPneIW5xfGp+Fx/flK2F/Ntk6TTkjViC+dun+d9BzdAofxGW8mSjdD/upyE9Y\n' + 'lrjqmQfenRQLFPs+qZYf7uZeEu6ilrxesv/KY1tct1tSKKn198fR3X4vbRbJG6cL\n' + 'tz39Q6VzjoerHuZLEsioJYj+2msgjvIcsWur/MeIgeGVx6ZPpw47JbcJbWRzgnGc\n' + 'RYcUW85mHInNU8YechZqI3TzqXS6gClTwPvGWVh66XRR4c2AxA4wpKJFfKbvMNdH\n' + 'MM02RqDOXO8OAUm4p1TZ3YUP24BZCJ8gVRzK8sgjY2CMWv6O+uiBMDrWWm7CSc33\n' + 'BETxFzqDToJrnYU8IBp8+bOL7AJF5eEs0p9ofLVANHfLXL6BbeS+6W/NzzhkIt2d\n' + 'DLTdgbQnWm6K/BfCZ6n9nxpBGENzzdvB/4x8637KyQL06rZ7z7UiJS6vXZgdbSGY\n' + 'FyxFBkRtDyid8Zvf7ImcSlcCAwEAAaM/MD0wDAYDVR0TAQH/BAIwADAdBgNVHQ4E\n' + 'FgQUUaeTaQ7D9Wx3LWr0w16uNCN0m8gwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3\n' + 'DQEBDQUAA4ICAQBIWgVnD+CPKbpWha/KIka90rLfDyQtgItuAqNb6z14OI/l7sya\n' + 'XIbVtgAcnGBPlJBeXcd70njrQOsjLIniTL1UMoTJW2AFYe1qcTZmRD3QK+piVR3S\n' + 'yYj4PgMR1zdLxPv8iTX50DcLh7fGB3dNdA5VSF3Zax/0/ijkcqXsfaeJJ/ffQwpQ\n' + 'X3Lk5+6ub4q3AGjyUELw8IJajkWGu9j8EehE/2cXYpwYoOjICzht9PmX/u2dNu9T\n' + 'teKCu5lPpTnl/9yO3upZsBeP1LVr4RCWBgGYcjT3Ht4JqzcSkt4Vc5bNeP1U3oL8\n' + 'a5Qec4TgcBaOMrECGEGES9ieQsJ6aGK5qQMR3ymnD9kUUv7qWv0uX4C3iUQRY9yz\n' + '115wxR3oFiUgO4SgrphPXResAvI3V5aWxFONbY60m5hxOjaKfNGqySXUNfLyzjxz\n' + 'PCsZOGCze1kpSIrCStGAvZxsAGtjEaCNx3dHZamUD09k68L67TNL/m3UBzOv+hPd\n' + 'tQlU+E0vr9hbH44BJoV56TVL27+m6TbuLEDPudtoPJFqSCsD9DKMTwqQDuaruwYk\n' + 'xCNz7RbPeWGMTo+MSse0j2Al7XPV8bXz/wAr4TiDvX2JPk0+41WNiZD5RtLiDdai\n' + '5aRxNM/8UEsn/byEzZb1lv2CF3f5MQ1LMRu7GrQvjlaqhaoO2lG+8ZapiQ==\n' '-----END CERTIFICATE-----\n', - 'date': 1684241632.3241942, + 'date': 1692013686.5423424, 'not_downloaded': True, 'owner': 'cmkadmin', 'private_key': '-----BEGIN ENCRYPTED PRIVATE KEY-----\n' - 'MIIJrTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQItIV9A8Gte68CAggA\n' - 'MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBBJRHrWeaU57vPhRR2X/vBhBIIJ\n' - 'UCZbfLTKnffrE33AxBlOesWTBGjABZXB4vGGQGHqPvUyvf7FsP0kyiOnjN0hf3vw\n' - 'Cdm/qhm0iN74iKaKAhsk87ZjBVs6Y3DhxtOQRxuWKmZieJcrsMBfDMKVl/jQ/3g0\n' - 'vg1Ac92atqmZLqNZWS5AMP7wTM/4crVYOVrgoE1FoNuX1Ik0Ku/E9HKEliH7jURY\n' - 'x4zLvYpL8sS8lRT7B9jTEP0HOrMI9QCq8ddzSfztsz4ou6z0thpHfZ2M4pE9QTOO\n' - 'dhC247QqhzhQRObSB58tse5SrONhue58VNnn2NFfNIxuhYRf8sqgVS0sl5TL2SIM\n' - 'zG3pdNNksxZk5tVNe48t3VRFkBYZUckCxdGa+3iKsyFwZJD/FOIgUrEoFKkl6CLA\n' - 'Guq8qn4r3UluvFAnGgbMKcSD943VKQdvrwP9gqjJG8f76qbCF5Rl9jeDDbPLs1Fg\n' - 'fVRxj5fA/vt3byUi9dn890EdYEHxt8RacUDkGe6IytZu8IndO9uE6pxyijJWZbLW\n' - 'wr4j6z1EcCoVnqgpok2MZMo0OQ5Srs9yzfottp3P+WILsZA2cgCFcuGjBYo0hrqh\n' - '0woORtVHusZsQdt6fkg/tWfaqcPrA6GKHn86YIfBG64pinnINCSAtAOju8lA6VH/\n' - 'gb4KID2TpebZWiV24S57km5qGFwKFkf/6oq+UEfZc2cIuIMUq30oZR8WngNN3NUz\n' - 'EMKHrtd1RudBffsTcihQhQqnbvStgdRl9gFgzlgx4VahUtKRQJd+fmqfIqJ5SEZG\n' - 'eiwoKyUPPHkaIzuijkblG3Yvow4Vxh6UIJENX2w7Po5oGlCU0TLakXevSqDIL0+l\n' - 'Bu8iYI63vEEd5WRiihfLg1kq/A4QxY1uX8iOP1Y/QacsW8R8a7mMp77rY4pjGrHs\n' - 'GKXjQJF8T3DiGdIXTGaWjgzcEvb2n8vneNJQQQ1blRcvX0Ua63jMKOxC/E0E/cxa\n' - 'UD7iXxHE3omeWQ7l/5rOO6eXltIDC74aYaJrJUolOxQo3hKPIKv2qshrE4rlmJSN\n' - '/nlzB8tD/KgX8p7j8dRvjOQum3VKiE9ZRsP3egty8kl+9Qgr0hXaRqPjQdmCi2UI\n' - 'dy2cYnyFLMt8PfWUeBb1dBmudxAVYGn7pz7VKpy2K4CKO8alR5gC+YRBGSzy8qPE\n' - 'yKL/gR1olnsr9Fb4GaBb0oPR/ndFHOs44v+wGt7yRM2LPwZpf/YU32CKD+Cq4K3J\n' - '/Y3Ug1vOE1D37YC9AMgwore0hXByxiGsI0eG06SJur+fF6xtzUsnT1ApPj6CHkQM\n' - 'dL1ZNMjsp0JpnRa9MywcUzJkUEGPx/BTRvJp3EdzFj6HKUQVB/4+N/5zPxMRa3sJ\n' - 'XXGL8/xHuAyQVVAdeKtCrJWZBLKiz0WCaoWTMkCZwRPmoEbswlgc4XHcLwCW7WOm\n' - '5ypo4coVaXLCLIiOBHeMSJfZBq+DkZoztSzUtEXKn1vurmggUk5s/XaQsrh94jKN\n' - 'o5qDQWCJigctQrljNj5WNxpc++ux7qj9qC8Y1GSEhuWeigSevdB8JA4vaZH4kXnQ\n' - 'zX9+3crSvsvEddmtW3GCwC08xp4mdxjEFJjQ6+L5gf9pJg8aqT9Wd/6pHtt7zS/C\n' - 'OpaSnAz5pCFXA5Ip1WsxnrQwqMwU1iilIAWtKFcokwhUpLqtnd8qMOoCq+t2MiZq\n' - 'VwQEeRJEJ8tKQjtEibwUIkZuBA4lQ9tFHBychlFsa93o2Glxtit8VFtssBK4sG4M\n' - 'J5Wdwd6/6j27r2sKDnfqX68n56w8hqAlixV+74oTC9kEK/S9ROCExGNxBFHbxvW1\n' - 'B56YBj4rbP6cyxq+mVmaddcB0oD3KZXx5xMU8AojyGiy0bhBqj4qmLDxO58tH6g4\n' - 'e5vAeYcuaknSUTSkzbVgzcsn4d+iUxWJNouvsF1xT0+UDqT+Wf662cKqHCZwdfJU\n' - 's8c2bgrg0P9W2T3tZ7xwkIcvBOPNDQZu32gO45ye3Ui8/9fp7Mw/81HEOBfeyNT6\n' - 'SNSs6ZLVsfWxGClgzlEJP6Ul21VIY3lw6CkKDOzlJjSMkRBoFWz0Ffqwkz9wsJOe\n' - '9y+gEQIoBJwAUeIgOLyBq1bTYiis9TAePxpS4sh4H+ZNYrzMaDD+fTRkC1+dt17I\n' - 'U+4OWZMOLB1sbonkfHM4yaBt8kjasUjorVuFTNmhHb4FDQgYvHpabM/lNJoz4EG1\n' - 'cUnOk5YEj16XKIP3ICvkbopryhXgVlwPGfHJPgiicDA/Gs1hdusYz3Vfu1hu7MJ8\n' - 'LQwrkDjfG0aS7efiMwMdrQA/JD3NbubvDzVSRmTfNbkU2NEcrXXADCkr9KBTDor+\n' - 'xJGi/I2h7JBWQC88+VqzlivCZF+1ZLeZgtu3Sd1UtEHoXh+czfbMvW+HhRHFERim\n' - 'CEu9kWAmejzNAUL3XpQqTXSCdW7igiHUau3F7UtY0SuAGOGebC0xhZQOUlAVxyq1\n' - 'mbnSSv+MaKTKakYcmfK2djm+MVooL+GUkkFaDJDcP3NU9sSjt3whIvjxJG/JK001\n' - 'KtDDdMzKDvO+GDjFCrzm7eeEFu8tpj0I/VN72VT3EtR5yN36xOSbaxI3TvS++htU\n' - 'i3DzBxQ97h+CT8C9inCX+qYolBU6oV8b24BQIbNlcWmkci8xclg3SdUTbmPle0rd\n' - '3uHBfW8lKLc4FQalBIXeADfDH0XV3FU7WOVevcTQusWQr5S3F8dV6KLyIdsvHNRv\n' - 'apOaxqo7VaetBdifqls6/+RuSvKgdNZNpb24bJpJrwJ7ctkHyVDsh2+R92+HKQ6U\n' - '+7zNeT8n5+IHTRJfWDApvgtDr318COUYO/8rRNvM8hQW5tC/Umods0ZZTlv71fkY\n' - 'D73bZmoBQVwq9wEUJXymCSxwKBvIMWGdA4DrHtwAQ0buxCpktajhLzPAmbXos9Z7\n' - '6LJpC+aCcLO2cYNgZtGqiGhuG0WuquHWh4/76AJ58GoFBJstjMDYrwtHBfa/ciXj\n' - '4GetbLsfvFyg1+S+Fx7UBki5h1sTxWo5FvCiHazK02ARkSuj0nZp2HS+U7tEQr69\n' - 'he9dEqeQiazhOC8PIIBeWEIc2AumbBsHkyrLaYoKxuCLj45NypGfFmCNzdB1IlU0\n' - 'M3AeIoaCIqYApn/3yjwbJ3fw7sLPmXe+072ZS+MkDHjQz1B/fZtVvPgDH1xncmsP\n' - 'jVEOrjjEvPgjxh5qTKcnRk7IDrVphN+yueD+C3RhE8Hb\n' + 'MIIJrTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIWYm0HAdMN4oCAggA\n' + 'MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBCRS4eQmm1Od053ZwlDWnzjBIIJ\n' + 'UPpZz/9lJiA9M1r6XUon59zO+/rhWCQe1c6J1xBQec1GeGcMPok0Roq7j3j8O0zC\n' + '1VGxSUcXpF8EENY1sT28uvyuuqD4h6659Gz08f9nEsL+CChvd/z6MD4ac7jKwlmf\n' + 'mU7wKZYTha24V0iHvimtFA+ygWWiJyLZ7AzGHNm9CNN7C/TyAkaqiCBncM0uKmNz\n' + 'ppQV8hgm9Wv/PcqheVeGP0feZaW3jcwqvzXrCfdTHqYIhvo91i4Zf8dnwWE/kcRn\n' + 'TUGZ5tQakIyN8uW9dY4YyOzrw28bOqaakusNRJbfem8PazRNedDhfeb14sQWLTGI\n' + 'v8IkZJrPGfM1PIxEZXGsfjISagpw6st8BQMsPyhieawD1wr+kLZrAsQ1sLcLWUgU\n' + 'C8A3L0Gp0d4BZa3gHeIZEztxsVKBu/9N17srBLvRHQnpM7DYrL/XtP4LjbxNmnOI\n' + 'zOP8Pl8dCeJjGrYLEleF4u4qkLR43dl6xwdAhudQsQeBeM5ognxTkEbsZG/FTWmL\n' + 'boH6DYdEZz2dr1cPK6T00BJA49t9RGauTXyY8gtIa2Cdk/PAXPre0RKzUHHWqj2V\n' + 'c/dBIXWtuiZgto9RTKd1mT0ErI94okgySVNjUw+4yI94gxRHyNxgB3M2cMQ/rgVl\n' + 'eDeSLQ0d1VpROh2DGl0I3JGjVprXydTaMVuFtzk9UgBcbX2Lgtloqk/YXnOYHQ8d\n' + '2l42HQIPpHIL0X2w6DMGfoEK9NZPKzkv8EmGba7zeItoLPv97+Z1rZP9HL8u2czH\n' + 'dkMVnj3sUpGK31pN50s+hwXoxnwoih9sugDcKzNxQnSqOe2Y34iAtcMcDg6D5Fq3\n' + 'd2pEu4AoQRkzASHED/wH1mETfLtVm8HxVEOog4LMU+JKbLkiU5i5zh3UjyLrEJmB\n' + 'kJdhrx2Xdfyc5QJZeLdGVKy+3gv9n1W0wwoHmQi+QVp77/xXz3vVW+Tfk0aqIb42\n' + 'LyYlqZwsP2HggoJFKVlo7YuEBNX2/ctJGuufslTVkzSAUq99+rxnVniCK4es3kME\n' + 'stpgG11khMnK92Dpnrv17g8I0LTVVGsSbC6pZgIC9kPStDN/ilRd2DipCyM7Q9G0\n' + '32DSr1ukN3VSsMz6t0A+lGD3PWcwCuhXbgSafGmmYEyYBWu20s+zud4C/hHp4W7j\n' + '7t5wDl6ZoweleqMWj7GBmttKX3S7gZBbfcsN4pGOAWprIt8ADhfCK0ag1aHtZjYF\n' + 'QAaF9sJu/HjX8fyh7xT2MUNTzlLWVbhqzT8jWFGthNdt+uT/Fv5tFoZ8E0tTbOP/\n' + 'C7Z2XB3V34opahCno4ss4urMF28drGKu2KaECOcSE7iCQdaAz2quPfkXwymbRiVt\n' + 'adMZGU37lyWBBn2df9kUV1pfjSm+KcAVOWMiQYpyNCiHkO4lbdUkRMQnEmuk+yeF\n' + 'Yah2iHl8zCspoqxuBDiGlPTZkReXoGfTfZKIx5AZt6iLlQ/bq8I1C9vTUrtfTVx2\n' + 'RMISnTlEH5bWpCyxnwLRBIWSwtzRNngB3P4huk5Vh0c8Q5scjLXCG5pk1uFjoPoA\n' + 'xmLojoRZLa09SNBPzZAHX8SIATj9pvBkBJCqx8gXEtW88j6/J0q16499p3U6zljH\n' + 'ec5y2kr064nEoX1i4WiuV8PxtOK86zJP1w2lwLvjqZ2o1RGhX/05mYPrIAyCzzhT\n' + 'uQ77W3lALtWzBZ87kWlwgGGHRddyQBVa2PqRUHpYJqhANVYQOrkSJQdgKN66xqbc\n' + 'UBjlFroWktYxzZMrxPSI/R5Fm72w+toDlGxiU4GIgXAwxcWjmHI/O70lxqwwC+EV\n' + 'XnFGPXWfvZYTSteO5hSviIVcxiJq/G66D7L7VByuP4TjH6VMNKN1UFyIjD7jT5OJ\n' + '5y4Zx25mZ6ulTAnkYMLnC7KXcCT4sehmx38KjDDsx+waZbbmyGygFe6bIMX60Mz/\n' + 'hvuRcJTzWMSRhaDekxP6ivYx8RSJEhFlZnqfuKmSN0TGE8JjTTBjTE7CYKsNGa/N\n' + '598xQmFNxHV8hjtQqADIhHgMZ+rxQATgP4jUxgOh9xo4sDMFLUcL+wiaorl5vNfl\n' + 'cf3dE9eQ9ULt8dOjKqIXpw4T/6J6iMgOoAWFVhu6XpZeOQX7tfD3xk3ht/OC6sV7\n' + '3FDjEL6rSVbOi999Y4nvaCWreKBUBdAOtsq5aqKgU15Awd9kIkfIFbbblvoGHvxs\n' + '8mX6HTVXnrlMX2qKtmFjynzerR0qDZruD95+4FFI4JtwNuMnRAOjsaKu3VT4Hfkx\n' + 'KQBxOqLaKIOPXfoeT4H098FCSP8QojMZfpqbJdNs2KcjM8131bIvIQRyRZlBY5C8\n' + '33NnDx7IxOhIx1wqjbohLfPs1wAWXdBuuul3YP5K7Kx9VetbfYP6IEp02XjG2XvG\n' + 'GchTQ4IPQRRnuY+3cgv4XGFbI4xKc+9CnHgjLA2cgNdruVuUv9qBjEhpA5j7L845\n' + 'w2Y1tOa+ApgawYxvh4rqM29+GnXDreucySwuy+iofXxuQm4SDYdquMzDcQyQ36fk\n' + 'afexK0PT9SGE8U/xtVDPc0EDe5ZrTymglf4pB0/rzpgvGFDot+wdzNXhygpz2Cfq\n' + 'TGRDj0Fg9rbwZr9bX4lBy/bqaCzjIa6rbnDJRtLloi7NXNFoUja6zHnDunbZAQC2\n' + 'rHn9Z0KAeN1jnsB6L57b9jukfZUJgwi7k7aSf6Nh6zOZcZDctGvGJ9ky6TQI0K9s\n' + '9SPsKumK9dDjh1jrXHYxVA+PKjNilza9MUnLwWzOmzIfLaCOgWoanymeOwbm7t/h\n' + '1Cg+rk5Whmk7mdv9H/Kj11DnSR620DktEQAuDw6oB8rdF0M1SxD/titol0U+lOpp\n' + '3mSFP4DMPDuP/rn+aCJaUUKoBrk/17jl3esbkGbqauB2NqieS7/CSVfse/BNqVeG\n' + 'oWId00lqYJSkrhDP5X0WdK3EZSrq4BCu7ynDN06gFfu5dj//1pO0WpP87bCAK3hl\n' + 'U3wkppegmaKZZ4XB28l9uX1fMkIXBf63u+UMC8PkjRzrXX2xC+sUTaaAmbYgWELJ\n' + 'U8sJe5t4bcUtpZbxreDGFHb1IONnp5H7d8yE0Qol/jCt9voklc8AdFG414qZxDsL\n' + 'WM3QD15Sq/H5f8i8qe4B9SH0FAmGY14s0W5fZL4Z4os2vBfzLpWZWCXgP6YmWVJG\n' + 'jgeR+zh52RajaGqEvCNmvvBVovKLLTQ/ds/KCctHd3zL\n' '-----END ENCRYPTED PRIVATE KEY-----\n'}}) \ No newline at end of file From 7233d35a86c7a8b11f152d3e9aef3b83c5c0c485 Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Tue, 15 Aug 2023 08:39:25 +0200 Subject: [PATCH 129/146] Split labeling action in two to avoid errors. --- .../{labeler.yaml => label-issues.yaml} | 19 ++---------------- .github/workflows/label-pulls.yaml | 20 +++++++++++++++++++ 2 files changed, 22 insertions(+), 17 deletions(-) rename .github/workflows/{labeler.yaml => label-issues.yaml} (54%) create mode 100644 .github/workflows/label-pulls.yaml diff --git a/.github/workflows/labeler.yaml b/.github/workflows/label-issues.yaml similarity index 54% rename from .github/workflows/labeler.yaml rename to .github/workflows/label-issues.yaml index 41fe68ef6..947386948 100644 --- a/.github/workflows/labeler.yaml +++ b/.github/workflows/label-issues.yaml @@ -1,20 +1,14 @@ -name: "Labeler" +name: "Label Issues." on: issues: types: [opened, edited] - pull_request_target: - paths: - - 'plugins/**' - - 'roles/**' permissions: contents: read issues: write - pull-requests: write jobs: - - issues: + label: runs-on: ubuntu-latest steps: - name: "Label Issues." @@ -25,12 +19,3 @@ jobs: repo-token: ${{ github.token }} enable-versioned-regex: 0 sync-labels: 0 - - pulls: - runs-on: ubuntu-latest - steps: - - name: "Label Pull Requests." - uses: actions/labeler@v4 - with: - configuration-path: .github/labels-prs.yml - sync-labels: 0 diff --git a/.github/workflows/label-pulls.yaml b/.github/workflows/label-pulls.yaml new file mode 100644 index 000000000..4eaa025d2 --- /dev/null +++ b/.github/workflows/label-pulls.yaml @@ -0,0 +1,20 @@ +name: "Label Pull Requests." +on: + pull_request_target: + paths: + - 'plugins/**' + - 'roles/**' + +permissions: + contents: read + pull-requests: write + +jobs: + label: + runs-on: ubuntu-latest + steps: + - name: "Label Pull Requests." + uses: actions/labeler@v4 + with: + configuration-path: .github/labels-prs.yml + sync-labels: 0 From 79271966887b375d9ea7bdac33b653d67e5e7a40 Mon Sep 17 00:00:00 2001 From: Lars Getwan Date: Thu, 17 Aug 2023 15:04:49 +0200 Subject: [PATCH 130/146] Introducing a lookup plugin to get the CMK version of a server --- playbooks/demo/full.yml | 2 + playbooks/demo/lookup.yml | 14 ++++++ plugins/lookup/version.py | 96 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 112 insertions(+) create mode 100644 playbooks/demo/lookup.yml create mode 100644 plugins/lookup/version.py diff --git a/playbooks/demo/full.yml b/playbooks/demo/full.yml index a7b54fb69..ea035c64d 100644 --- a/playbooks/demo/full.yml +++ b/playbooks/demo/full.yml @@ -1,4 +1,6 @@ --- +- name: "Lookup." + ansible.builtin.import_playbook: lookup.yml - name: "Hosts and Folders." ansible.builtin.import_playbook: hosts-and-folders.yml - name: "Groups." diff --git a/playbooks/demo/lookup.yml b/playbooks/demo/lookup.yml new file mode 100644 index 000000000..8eb82b6ce --- /dev/null +++ b/playbooks/demo/lookup.yml @@ -0,0 +1,14 @@ +--- +- name: "Showcase Lookup Plugins." + hosts: test + strategy: linear + gather_facts: false + vars_files: + - ../vars/auth.yml # This vars file provides details about your site + tasks: + + - name: "Get CMK version." + debug: + msg: "Version is {{ lookup('checkmk.general.version', server_url+'/'+site, validate_certs=False, automation_user=automation_user, automation_secret=automation_secret)}}" + delegate_to: localhost + run_once: 'true' diff --git a/plugins/lookup/version.py b/plugins/lookup/version.py new file mode 100644 index 000000000..2aee48d49 --- /dev/null +++ b/plugins/lookup/version.py @@ -0,0 +1,96 @@ +#!/usr/bin/python +# -*- encoding: utf-8; py-indent-offset: 4 -*- + +# Copyright: (c) 2023, Lars Getwan +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +DOCUMENTATION = """ + name: version + author: Lars Getwan + version_added: "3.1" + short_description: Get the version of a CMK server + description: + - Returns the version of a CMK server as a string, e.g. '2.1.0p31.cre' + options: + _terms: + description: site url + required: True + automation_user: + description: automation user for the REST API access + required: True + automation_secret: + description: automation secret for the REST API access + required: True + validate_certs: + description: Wether or not to validate TLS cerificates + type: boolean + required: False + default: True + notes: + - Like all lookups, this runs on the Ansible controller and is unaffected by other keywords such as 'become'. + If you need to use different permissions, you must change the command or run Ansible as another user. + - Alternatively, you can use a shell/command task that runs against localhost and registers the result. + - The directory of the play is used as the current working directory. +""" + +EXAMPLES = """ +- name: We could read the file directly, but this shows output from command +ansible.builtin.debug: msg="CMK version installed is{{ lookup('checkmk.general.version', 'https://myserver/mysite' }}." +""" + +RETURN = """ + _list: + description: + - server CMK version + type: list + elements: str +""" + +import json +from ansible.errors import AnsibleError +from ansible.module_utils.common.text.converters import to_text, to_native +from ansible.module_utils.urls import open_url, ConnectionError, SSLValidationError +from ansible.plugins.lookup import LookupBase +from urllib.error import HTTPError, URLError + + +class LookupModule(LookupBase): + + def run(self, terms, variables, **kwargs): + + self.set_options(var_options=variables, direct=kwargs) + user = self.get_option("automation_user") + secret = self.get_option("automation_secret") + validate_certs = self.get_option("validate_certs") + + ret = [] + for term in terms: + base_url = term + "/check_mk/api/1.0" + api_endpoint = "/version" + url = base_url + api_endpoint + + headers = { + "Accept": "application/json", + "Content-Type": "application/json", + "Authorization": "Bearer %s %s" % (user, secret), + } + + try: + response = open_url(url, data=None, headers=headers, method="GET", validate_certs=validate_certs) + + except HTTPError as e: + raise AnsibleError("Received HTTP error for %s : %s" % (url, to_native(e))) + except URLError as e: + raise AnsibleError("Failed lookup url for %s : %s" % (url, to_native(e))) + except SSLValidationError as e: + raise AnsibleError("Error validating the server's certificate for %s: %s" % (url, to_native(e))) + except ConnectionError as e: + raise AnsibleError("Error connecting to %s: %s" % (url, to_native(e))) + + checkmkinfo = json.loads(to_text(response.read())) + ret.append(checkmkinfo.get("versions").get("checkmk")) + + return ret From 20aac4631ec0d16c3e85634dd1fe461f8c3e316a Mon Sep 17 00:00:00 2001 From: Lars Getwan Date: Thu, 17 Aug 2023 15:10:06 +0200 Subject: [PATCH 131/146] Added changelog fragment. --- changelogs/fragments/lookup.yml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 changelogs/fragments/lookup.yml diff --git a/changelogs/fragments/lookup.yml b/changelogs/fragments/lookup.yml new file mode 100644 index 000000000..e163aaa17 --- /dev/null +++ b/changelogs/fragments/lookup.yml @@ -0,0 +1,2 @@ +major_changes: + - Version lookup plugin - Add Version lookup plugin. From 67a5bf6031a8b7685c7012c540d505d2ad5a1146 Mon Sep 17 00:00:00 2001 From: Lars Getwan Date: Thu, 17 Aug 2023 15:44:59 +0200 Subject: [PATCH 132/146] sanity, part 1. --- plugins/lookup/version.py | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/plugins/lookup/version.py b/plugins/lookup/version.py index 2aee48d49..c80a1dcb8 100644 --- a/plugins/lookup/version.py +++ b/plugins/lookup/version.py @@ -1,6 +1,3 @@ -#!/usr/bin/python -# -*- encoding: utf-8; py-indent-offset: 4 -*- - # Copyright: (c) 2023, Lars Getwan # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) @@ -9,7 +6,7 @@ DOCUMENTATION = """ name: version - author: Lars Getwan + author: Lars Getwan (@lgetwan) version_added: "3.1" short_description: Get the version of a CMK server description: @@ -38,7 +35,8 @@ EXAMPLES = """ - name: We could read the file directly, but this shows output from command -ansible.builtin.debug: msg="CMK version installed is{{ lookup('checkmk.general.version', 'https://myserver/mysite' }}." + ansible.builtin.debug: + msg: "CMK version installed is{{ lookup('checkmk.general.version', 'https://myserver/mysite', automation_user='automation', automation_secret='$SECRET'}}." """ RETURN = """ From 5194936ac282ad60883ae9b40137d16f7a439e60 Mon Sep 17 00:00:00 2001 From: Lars Getwan Date: Thu, 17 Aug 2023 15:49:28 +0200 Subject: [PATCH 133/146] QA --- plugins/lookup/version.py | 34 ++++++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 10 deletions(-) diff --git a/plugins/lookup/version.py b/plugins/lookup/version.py index c80a1dcb8..a10dfa37d 100644 --- a/plugins/lookup/version.py +++ b/plugins/lookup/version.py @@ -1,7 +1,7 @@ # Copyright: (c) 2023, Lars Getwan # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type DOCUMENTATION = """ @@ -48,15 +48,15 @@ """ import json +from urllib.error import HTTPError, URLError + from ansible.errors import AnsibleError -from ansible.module_utils.common.text.converters import to_text, to_native -from ansible.module_utils.urls import open_url, ConnectionError, SSLValidationError +from ansible.module_utils.common.text.converters import to_native, to_text +from ansible.module_utils.urls import ConnectionError, SSLValidationError, open_url from ansible.plugins.lookup import LookupBase -from urllib.error import HTTPError, URLError class LookupModule(LookupBase): - def run(self, terms, variables, **kwargs): self.set_options(var_options=variables, direct=kwargs) @@ -77,16 +77,30 @@ def run(self, terms, variables, **kwargs): } try: - response = open_url(url, data=None, headers=headers, method="GET", validate_certs=validate_certs) + response = open_url( + url, + data=None, + headers=headers, + method="GET", + validate_certs=validate_certs, + ) except HTTPError as e: - raise AnsibleError("Received HTTP error for %s : %s" % (url, to_native(e))) + raise AnsibleError( + "Received HTTP error for %s : %s" % (url, to_native(e)) + ) except URLError as e: - raise AnsibleError("Failed lookup url for %s : %s" % (url, to_native(e))) + raise AnsibleError( + "Failed lookup url for %s : %s" % (url, to_native(e)) + ) except SSLValidationError as e: - raise AnsibleError("Error validating the server's certificate for %s: %s" % (url, to_native(e))) + raise AnsibleError( + "Error validating the server's certificate for %s: %s" % (url, to_native(e)) + ) except ConnectionError as e: - raise AnsibleError("Error connecting to %s: %s" % (url, to_native(e))) + raise AnsibleError( + "Error connecting to %s: %s" % (url, to_native(e)) + ) checkmkinfo = json.loads(to_text(response.read())) ret.append(checkmkinfo.get("versions").get("checkmk")) From 8ab2850aeb7657043b0ee14d5b29d54647aff507 Mon Sep 17 00:00:00 2001 From: Lars Getwan Date: Thu, 17 Aug 2023 15:51:24 +0200 Subject: [PATCH 134/146] sanity, part 2. --- plugins/lookup/version.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/lookup/version.py b/plugins/lookup/version.py index a10dfa37d..5d2d59b2b 100644 --- a/plugins/lookup/version.py +++ b/plugins/lookup/version.py @@ -7,7 +7,7 @@ DOCUMENTATION = """ name: version author: Lars Getwan (@lgetwan) - version_added: "3.1" + version_added: "3.1.0" short_description: Get the version of a CMK server description: - Returns the version of a CMK server as a string, e.g. '2.1.0p31.cre' From 0d925422be0a7fc9211b07b910276c3dc1107f88 Mon Sep 17 00:00:00 2001 From: Lars Getwan Date: Thu, 17 Aug 2023 15:59:42 +0200 Subject: [PATCH 135/146] sanity, part 3 & QA, part 2. --- plugins/lookup/version.py | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/plugins/lookup/version.py b/plugins/lookup/version.py index 5d2d59b2b..b01c7cda4 100644 --- a/plugins/lookup/version.py +++ b/plugins/lookup/version.py @@ -2,6 +2,7 @@ # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) from __future__ import absolute_import, division, print_function + __metaclass__ = type DOCUMENTATION = """ @@ -35,8 +36,8 @@ EXAMPLES = """ - name: We could read the file directly, but this shows output from command - ansible.builtin.debug: - msg: "CMK version installed is{{ lookup('checkmk.general.version', 'https://myserver/mysite', automation_user='automation', automation_secret='$SECRET'}}." + ansible.builtin.debug: + msg: "CMK version: {{ lookup('checkmk.general.version', 'https://myserver/mysite', automation_user='automation', automation_secret='$SECRET'}}." """ RETURN = """ @@ -78,10 +79,10 @@ def run(self, terms, variables, **kwargs): try: response = open_url( - url, - data=None, - headers=headers, - method="GET", + url, + data=None, + headers=headers, + method="GET", validate_certs=validate_certs, ) @@ -95,12 +96,11 @@ def run(self, terms, variables, **kwargs): ) except SSLValidationError as e: raise AnsibleError( - "Error validating the server's certificate for %s: %s" % (url, to_native(e)) + "Error validating the server's certificate for %s: %s" + % (url, to_native(e)) ) except ConnectionError as e: - raise AnsibleError( - "Error connecting to %s: %s" % (url, to_native(e)) - ) + raise AnsibleError("Error connecting to %s: %s" % (url, to_native(e))) checkmkinfo = json.loads(to_text(response.read())) ret.append(checkmkinfo.get("versions").get("checkmk")) From 91371b750c81e2fb949f861f4d5a3c227f574ce3 Mon Sep 17 00:00:00 2001 From: Lars Getwan Date: Fri, 18 Aug 2023 09:21:09 +0200 Subject: [PATCH 136/146] Apply Robin's complaints. --- playbooks/demo/lookup.yml | 12 ++++++++++-- plugins/lookup/version.py | 24 +++++++++++++----------- 2 files changed, 23 insertions(+), 13 deletions(-) diff --git a/playbooks/demo/lookup.yml b/playbooks/demo/lookup.yml index 8eb82b6ce..118b565f1 100644 --- a/playbooks/demo/lookup.yml +++ b/playbooks/demo/lookup.yml @@ -7,8 +7,16 @@ - ../vars/auth.yml # This vars file provides details about your site tasks: - - name: "Get CMK version." + - name: "Get Checkmk version." debug: - msg: "Version is {{ lookup('checkmk.general.version', server_url+'/'+site, validate_certs=False, automation_user=automation_user, automation_secret=automation_secret)}}" + msg: "Version is {{ version }}" + vars: + version: "{{ lookup('checkmk.general.version', + server_url + '/' + site, + validate_certs=False, + automation_user=automation_user, + automation_secret=automation_secret + )}}" + delegate_to: localhost run_once: 'true' diff --git a/plugins/lookup/version.py b/plugins/lookup/version.py index b01c7cda4..6defdb10b 100644 --- a/plugins/lookup/version.py +++ b/plugins/lookup/version.py @@ -9,9 +9,9 @@ name: version author: Lars Getwan (@lgetwan) version_added: "3.1.0" - short_description: Get the version of a CMK server + short_description: Get the version of a Checkmk server description: - - Returns the version of a CMK server as a string, e.g. '2.1.0p31.cre' + - Returns the version of a Checkmk server as a string, e.g. '2.1.0p31.cre' options: _terms: description: site url @@ -27,23 +27,25 @@ type: boolean required: False default: True - notes: - - Like all lookups, this runs on the Ansible controller and is unaffected by other keywords such as 'become'. - If you need to use different permissions, you must change the command or run Ansible as another user. - - Alternatively, you can use a shell/command task that runs against localhost and registers the result. - - The directory of the play is used as the current working directory. """ EXAMPLES = """ -- name: We could read the file directly, but this shows output from command - ansible.builtin.debug: - msg: "CMK version: {{ lookup('checkmk.general.version', 'https://myserver/mysite', automation_user='automation', automation_secret='$SECRET'}}." +- name: "Show Checkmk version" + debug: + msg: "Server version is {{ version }}" + vars: + version: "{{ lookup('checkmk.general.version', + server_url + '/' + site, + validate_certs=False, + automation_user=automation_user, + automation_secret=automation_secret + )}}" """ RETURN = """ _list: description: - - server CMK version + - server Checkmk version type: list elements: str """ From e5a3613c50f512009859a52b1ca1b84f463f7d39 Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Mon, 21 Aug 2023 10:26:59 +0200 Subject: [PATCH 137/146] Update labelling. --- .github/labels-prs.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/labels-prs.yml b/.github/labels-prs.yml index 32289258a..47fc9ddca 100644 --- a/.github/labels-prs.yml +++ b/.github/labels-prs.yml @@ -46,3 +46,6 @@ module:tag_group: module:user: - 'plugins/modules/user.py' + +lookup:version: + - 'plugins/modules/lookup/version.py' From 89058d063d7a6d03b4fa5d85c745514b85be60de Mon Sep 17 00:00:00 2001 From: "max.sickora" Date: Mon, 21 Aug 2023 10:31:52 +0200 Subject: [PATCH 138/146] Added check for 409 response --- plugins/modules/discovery.py | 11 ++++++++++- tests/integration/targets/discovery/tasks/test.yml | 4 ++-- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/plugins/modules/discovery.py b/plugins/modules/discovery.py index e918b6b57..f6043e53b 100644 --- a/plugins/modules/discovery.py +++ b/plugins/modules/discovery.py @@ -129,6 +129,7 @@ 403: (False, True, "Forbidden: Configuration via WATO is disabled."), 404: (False, True, "Not Found: Host could not be found."), 406: (False, True, "Not Acceptable."), + 409: (False, False, "Conflict: A discovery background job is already running"), 415: (False, True, "Unsupported Media Type."), 500: (False, True, "General Server Error."), } @@ -153,7 +154,7 @@ 400: (False, True, "Bad Request."), 403: (False, True, "Forbidden: Configuration via WATO is disabled."), 406: (False, True, "Not Acceptable."), - 409: (False, True, "Conflict: A bulk discovery job is already active"), + 409: (False, False, "Conflict: A bulk discovery job is already active"), 415: (False, True, "Unsupported Media Type."), 500: (False, True, "General Server Error."), } @@ -352,6 +353,14 @@ def run_module(): result = discovery.post() + # In any case the API returns 409 (discovery running) we wait for half a second and try again. + # This can happen as example in versions where the endpoint doesn't respond with the correct redirect. + while (single_mode and result.http_code == 409) or ( + len(module.params.get("hosts", [])) > 0 and result.http_code == 409 + ): + time.sleep(0.5) + result = discovery.post() + # If single_mode and the API returns 302, check the service completion endpoint # If not single_mode and the API returns 200, check the service completion endpoint if (single_mode and result.http_code == 302) or ( diff --git a/tests/integration/targets/discovery/tasks/test.yml b/tests/integration/targets/discovery/tasks/test.yml index e51c461f3..638276b21 100644 --- a/tests/integration/targets/discovery/tasks/test.yml +++ b/tests/integration/targets/discovery/tasks/test.yml @@ -17,7 +17,7 @@ - name: "Run Single Discoveries." block: - - name: "{{ outer_item.version }} - Refresh (Tabula Rasa in 2.1 and before, Rescan in 2.2 and newer)." + - name: "{{ outer_item.version }} - Rescan services." discovery: server_url: "{{ server_url }}" site: "{{ outer_item.site }}" @@ -145,7 +145,7 @@ run_once: true # noqa run-once[task] loop: "{{ checkmk_hosts }}" - - name: "{{ outer_item.version }} - Bulk: Refresh (Tabula Rasa in 2.1 and before, Rescan in 2.2 and newer)." + - name: "{{ outer_item.version }} - Bulk: Rescan services." discovery: server_url: "{{ server_url }}" site: "{{ outer_item.site }}" From 57f5e8e136478c8e186b678570d9c284ccc8883a Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Mon, 21 Aug 2023 11:26:17 +0200 Subject: [PATCH 139/146] Fix linting findings. --- playbooks/demo/lookup.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/playbooks/demo/lookup.yml b/playbooks/demo/lookup.yml index 118b565f1..4e5224ae2 100644 --- a/playbooks/demo/lookup.yml +++ b/playbooks/demo/lookup.yml @@ -5,18 +5,18 @@ gather_facts: false vars_files: - ../vars/auth.yml # This vars file provides details about your site + tasks: - name: "Get Checkmk version." - debug: + ansible.builtin.debug: msg: "Version is {{ version }}" vars: version: "{{ lookup('checkmk.general.version', server_url + '/' + site, validate_certs=False, automation_user=automation_user, - automation_secret=automation_secret - )}}" - + automation_secret=automation_secret) + }}" delegate_to: localhost - run_once: 'true' + run_once: true # noqa run-once[task] From 2fd573d617b21e19fb69efa9e47786572d7a98c4 Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Mon, 21 Aug 2023 11:27:19 +0200 Subject: [PATCH 140/146] Bump Checkmk version. --- playbooks/usecases/remote-registration.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/usecases/remote-registration.yml b/playbooks/usecases/remote-registration.yml index ded1ce7aa..a4b204786 100644 --- a/playbooks/usecases/remote-registration.yml +++ b/playbooks/usecases/remote-registration.yml @@ -9,7 +9,7 @@ vars: # Basic server and authentication information. # You have to provide the distributed setup yourself. - checkmk_agent_version: "2.1.0p19" + checkmk_agent_version: "2.2.0p7" checkmk_agent_edition: "cre" checkmk_agent_user: "cmkadmin" checkmk_agent_pass: "password" From 10e31eae84354e44c721313a7215a57d6f6f70be Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Mon, 21 Aug 2023 11:30:32 +0200 Subject: [PATCH 141/146] Bump collection version. --- SUPPORT.md | 1 + galaxy.yml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/SUPPORT.md b/SUPPORT.md index 0d71b993d..8491d0770 100644 --- a/SUPPORT.md +++ b/SUPPORT.md @@ -36,3 +36,4 @@ Collection Version | Checkmk Versions | Ansible Versions | Remarks 2.4.0 | 2.0.0p37, 2.1.0p31, 2.2.0p7 | 2.13, 2.14, 2.15 | None 2.4.1 | 2.0.0p37, 2.1.0p31, 2.2.0p7 | 2.13, 2.14, 2.15 | None 3.0.0 | 2.0.0p38, 2.1.0p32, 2.2.0p7 | 2.13, 2.14, 2.15 | Breaking changes to the following modules: `folder`, `host`, `host_group`, `rule`. +3.1.0 | 2.0.0p38, 2.1.0p32, 2.2.0p7 | 2.13, 2.14, 2.15 | None diff --git a/galaxy.yml b/galaxy.yml index 8759c683b..36827f9a5 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -10,7 +10,7 @@ name: general # The version of the collection. Must be compatible with semantic versioning -version: 3.0.0 +version: 3.1.0 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: README.md From e5b6a5e2a49eee5f9587ba4c53a7ad068a184c72 Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Mon, 21 Aug 2023 11:33:25 +0200 Subject: [PATCH 142/146] Add release summary. --- changelogs/fragments/release_summary.yml | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelogs/fragments/release_summary.yml diff --git a/changelogs/fragments/release_summary.yml b/changelogs/fragments/release_summary.yml new file mode 100644 index 000000000..8ac63ea7d --- /dev/null +++ b/changelogs/fragments/release_summary.yml @@ -0,0 +1 @@ +release_summary: "It is summer and you want to look outside, so we added Windows." From 0b88146529b1af59f3a857247eb1eadd7cb1257a Mon Sep 17 00:00:00 2001 From: "max.sickora" Date: Mon, 21 Aug 2023 12:05:21 +0200 Subject: [PATCH 143/146] Separate sleeptimes for single and bulk --- changelogs/fragments/discovery.yml | 2 ++ plugins/modules/discovery.py | 8 ++++++-- 2 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 changelogs/fragments/discovery.yml diff --git a/changelogs/fragments/discovery.yml b/changelogs/fragments/discovery.yml new file mode 100644 index 000000000..4f179df9f --- /dev/null +++ b/changelogs/fragments/discovery.yml @@ -0,0 +1,2 @@ +minor_changes: + - Discovery module - Added handling of 409 response. \ No newline at end of file diff --git a/plugins/modules/discovery.py b/plugins/modules/discovery.py index f6043e53b..c5aaa310c 100644 --- a/plugins/modules/discovery.py +++ b/plugins/modules/discovery.py @@ -353,12 +353,16 @@ def run_module(): result = discovery.post() - # In any case the API returns 409 (discovery running) we wait for half a second and try again. + # In case the API returns 409 (discovery running) we wait and try again. # This can happen as example in versions where the endpoint doesn't respond with the correct redirect. while (single_mode and result.http_code == 409) or ( len(module.params.get("hosts", [])) > 0 and result.http_code == 409 ): - time.sleep(0.5) + if single_mode: + time.sleep(1) + else: + time.sleep(10) + result = discovery.post() # If single_mode and the API returns 302, check the service completion endpoint From 6bf3935cb3ec9ee2337babc071b91229738aa65d Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Mon, 21 Aug 2023 13:03:23 +0200 Subject: [PATCH 144/146] Add requirement to make molecule happy again. --- requirements.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements.yml b/requirements.yml index fea66ba04..f028cc114 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,3 +1,4 @@ --- collections: - name: checkmk.general + - name: community.docker From d86d020d743c2cff5aa9488e094470d96011dbd5 Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Tue, 22 Aug 2023 11:27:06 +0200 Subject: [PATCH 145/146] Minor changes. --- CODEOWNERS | 1 + changelogs/fragments/discovery.yml | 2 +- requirements.yml | 1 - 3 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CODEOWNERS b/CODEOWNERS index de2199cf1..7ae68dc25 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -2,6 +2,7 @@ /tests/ @robin-checkmk /roles/ @robin-checkmk /playbooks/ @robin-checkmk +/plugins/lookup/version.py @lgetwan /plugins/modules/ @lgetwan /plugins/module_utils/ @godspeed-you /plugins/modules/user.py @lgetwan diff --git a/changelogs/fragments/discovery.yml b/changelogs/fragments/discovery.yml index 4f179df9f..2a6e23bdc 100644 --- a/changelogs/fragments/discovery.yml +++ b/changelogs/fragments/discovery.yml @@ -1,2 +1,2 @@ minor_changes: - - Discovery module - Added handling of 409 response. \ No newline at end of file + - Discovery module - Add handling for 409 response. diff --git a/requirements.yml b/requirements.yml index f028cc114..fea66ba04 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,4 +1,3 @@ --- collections: - name: checkmk.general - - name: community.docker From 47d12aa98549355dd94ce7ff15d11b49df4284be Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Tue, 22 Aug 2023 12:14:16 +0200 Subject: [PATCH 146/146] Try to fix molecule. --- .github/workflows/molecule-role-agent.yaml | 2 +- .github/workflows/molecule-role-server.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/molecule-role-agent.yaml b/.github/workflows/molecule-role-agent.yaml index f257e5740..cdbc517ae 100644 --- a/.github/workflows/molecule-role-agent.yaml +++ b/.github/workflows/molecule-role-agent.yaml @@ -75,6 +75,6 @@ jobs: - name: "Run Molecule." run: | cd roles/agent/ - ln -s ../../requirements.yml requirements.yml + # ln -s ../../requirements.yml requirements.yml molecule test -s ${{ matrix.checkmk }} working-directory: ./ansible_collections/${{env.NAMESPACE}}/${{env.COLLECTION_NAME}} diff --git a/.github/workflows/molecule-role-server.yaml b/.github/workflows/molecule-role-server.yaml index ac3bd8250..a49472cea 100644 --- a/.github/workflows/molecule-role-server.yaml +++ b/.github/workflows/molecule-role-server.yaml @@ -75,6 +75,6 @@ jobs: - name: "Run Molecule." run: | cd roles/server/ - ln -s ../../requirements.yml requirements.yml + # ln -s ../../requirements.yml requirements.yml molecule test -s ${{ matrix.checkmk }} working-directory: ./ansible_collections/${{env.NAMESPACE}}/${{env.COLLECTION_NAME}}