Upload files to "tasks"

2025-12-01 11:50:28 +01:00 · 2025-12-01 11:50:28 +01:00 · 6bc699f99c
parent 8ea0f387d1
commit 6bc699f99c
5 changed files with 687 additions and 0 deletions
--- a/tasks/Debian.yml
+++ b/tasks/Debian.yml
@ -0,0 +1,139 @@
+---
+# ============================================================================
+# Package Installation Tasks
+# ============================================================================
+
+- name: "{{ ansible_os_family }} Derivatives: Install host-specific {{ checkmk_agent_edition | upper }} Agent."
+  become: true
+  ansible.builtin.apt:
+    deb: "{{ __checkmk_agent_agent.file.host }}"
+    force: "{{ checkmk_agent_force_install | bool }}"
+    state: present
+  when: |
+    checkmk_agent_edition | lower != "cre"
+    and checkmk_agent_host_specific | bool
+  failed_when: false  # Ignore if a newer version is already installed
+  tags:
+    - install-package
+
+- name: "{{ ansible_os_family }} Derivatives: Install GENERIC or folder-specific {{ checkmk_agent_edition | upper }} Agent."
+  become: true
+  ansible.builtin.apt:
+    deb: "{{ __checkmk_agent_agent.file.cee }}"
+    force: "{{ checkmk_agent_force_install | bool }}"
+    state: present
+  when: |
+    checkmk_agent_edition | lower != "cre"
+    and not checkmk_agent_host_specific | bool
+  failed_when: false  # Ignore if a newer version is already installed
+  tags:
+    - install-package
+
+- name: "{{ ansible_os_family }} Derivatives: Transfer Vanilla agent."
+  ansible.builtin.copy:
+    src: "{{ __checkmk_agent_agent.file.cre }}"
+    dest: "{{ __checkmk_agent_agent.file.cre }}"
+    mode: "0644"
+  when: |
+    checkmk_agent_edition | lower == "cre"
+    and checkmk_agent_delegate_download != inventory_hostname
+  tags:
+    - download-package
+
+- name: "{{ ansible_os_family }} Derivatives: Install Vanilla agent."
+  become: true
+  ansible.builtin.apt:
+    deb: "{{ __checkmk_agent_agent.file.cre }}"
+    force: "{{ checkmk_agent_force_install | bool }}"
+    state: present
+  when: checkmk_agent_edition | lower == "cre"
+  failed_when: false  # Ignore if a newer version is already installed
+  tags:
+    - install-package
+
+# ============================================================================
+# Firewall Configuration Tasks
+# ============================================================================
+# These tasks only run if UFW is installed, enabled in config, AND already active.
+# We don't want to accidentally enable UFW if it's not currently running.
+# ============================================================================
+
+- name: "{{ ansible_os_family }}: Check if UFW is active."
+  become: true
+  ansible.builtin.command: ufw status
+  register: __checkmk_agent_ufw_status
+  changed_when: false  # Status check should never report as changed
+  failed_when: false   # Don't fail if UFW is not installed
+  when: checkmk_agent_configure_firewall | bool and "ufw" in ansible_facts.services
+  tags:
+    - configure-firewall
+
+- name: "{{ ansible_os_family }} Configure Firewall for Agent."
+  # Opens port 6556/tcp for CheckMK agent communication
+  # Only runs if UFW is already active to avoid accidentally enabling firewall
+  become: true
+  ansible.builtin.raw: |
+    ufw allow 6556/tcp
+    ufw reload
+  args:
+    executable: /bin/bash
+  register: __checkmk_agent_ufw_result
+  changed_when: "'Skipping' not in __checkmk_agent_ufw_result.stdout"
+  when: |
+    checkmk_agent_configure_firewall | bool 
+    and "ufw" in ansible_facts.services
+    and __checkmk_agent_ufw_status is defined
+    and 'Status: active' in __checkmk_agent_ufw_status.stdout
+  tags:
+    - configure-firewall
+
+- name: "{{ ansible_os_family }} Derivatives: Configure Firewall for Agent with IP restrictions."
+  # This block adds IP-specific firewall rules for the CheckMK server
+  # It handles both direct IP addresses and hostnames (which get resolved via DNS)
+  when: |
+    checkmk_agent_configure_firewall | bool 
+    and "ufw" in ansible_facts.services
+    and __checkmk_agent_ufw_status is defined
+    and 'Status: active' in __checkmk_agent_ufw_status.stdout
+  block:
+    - name: "{{ ansible_os_family }} Derivatives: Add Checkmk Server to Firewall Whitelist if it is an IP address."
+      # Uses regex to detect if checkmk_agent_server is already an IP (IPv4 or IPv6)
+      # Regex pattern matches: IPv4 (x.x.x.x) or IPv6 (xxxx:xxxx:...)
+      when: checkmk_agent_server | regex_search('^([0-9]{1,3}\.){3}[0-9]{1,3}$|^([0-9a-fA-F:]+:+)+[0-9a-fA-F]+$')
+      ansible.builtin.set_fact:
+        checkmk_agent_server_ips: "{{ checkmk_agent_server_ips | default([]) + [checkmk_agent_server] }}"
+
+    - name: "{{ ansible_os_family }} Derivatives: Resolve Checkmk Server hostname to IPs if it's not an IP."
+      # If checkmk_agent_server is a hostname (e.g., monitoring.gc-gruppe.net),
+      # resolve it to IP address(es) via getent (standard Linux tool, no extra dependencies)
+      # This ensures firewall rules work even when using hostnames
+      when: not (checkmk_agent_server | regex_search('^([0-9]{1,3}\.){3}[0-9]{1,3}$|^([0-9a-fA-F:]+:+)+[0-9a-fA-F]+$'))
+      become: true
+      ansible.builtin.shell: "getent hosts {{ checkmk_agent_server }} | awk '{ print $1 }' | head -n1"
+      register: __checkmk_agent_server_resolved
+      changed_when: false
+
+    - name: "{{ ansible_os_family }} Derivatives: Set resolved IP as fact."
+      # Store the resolved IP address for use in firewall rules
+      when: 
+        - __checkmk_agent_server_resolved is defined
+        - __checkmk_agent_server_resolved.stdout | length > 0
+      ansible.builtin.set_fact:
+        checkmk_agent_server_ips: "{{ checkmk_agent_server_ips | default([]) + [__checkmk_agent_server_resolved.stdout] }}"
+
+    - name: "{{ ansible_os_family }} Derivatives: Allow Checkmk services access to the agent."
+      # Creates UFW rules allowing each CheckMK server IP to connect to port 6556
+      # Loops through all resolved/provided IPs and adds individual rules
+      # Each rule gets a comment for easy identification in 'ufw status'
+      when: checkmk_agent_server_ips is defined and checkmk_agent_server_ips | length > 0
+      become: true
+      ansible.builtin.raw: |
+        ufw allow from {{ item }} to any port 6556 proto tcp comment 'Allow Checkmk'
+        ufw reload
+      args:
+        executable: /bin/bash
+      loop: "{{ checkmk_agent_server_ips }}"
+      register: __checkmk_agent_ufw_rich_result
+      changed_when: "'Skipping' not in __checkmk_agent_ufw_rich_result.stdout"
+  tags:
+    - configure-firewall
--- a/tasks/Linux-files.yml
+++ b/tasks/Linux-files.yml
@ -0,0 +1,136 @@
+---
+- name: "{{ ansible_system }}: Download Vanilla {{ checkmk_agent_edition | upper }} agent."
+  ansible.builtin.get_url:
+    url: "{{ __checkmk_agent_agent.url.cre }}"
+    validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}"
+    dest: "{{ __checkmk_agent_agent.file.cre }}"
+    mode: '0644'
+    timeout: "{{ checkmk_agent_download_timeout | default(omit) }}"
+  when: checkmk_agent_edition | lower == "cre"
+  register: __checkmk_agent_vanilla_download_state
+  retries: 3
+  delay: 10
+  until: "not __checkmk_agent_vanilla_download_state.failed | bool"
+  delegate_to: "{{ checkmk_agent_delegate_download }}"
+  tags:
+    - download-package
+
+- name: "{{ ansible_system }}: Download host-specific {{ checkmk_agent_edition | upper }} Agent."
+  ansible.builtin.uri:
+    url:
+      "{{ __checkmk_agent_agent.url.cee }}?\
+      host_name={{ checkmk_agent_host_name }}&\
+      os_type={{ __checkmk_agent_files_mapping[ansible_os_family] }}&\
+      agent_type=host_name"
+    validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}"
+    dest: "{{ __checkmk_agent_agent.file.host }}"
+    method: GET
+    headers:
+      Authorization: "Bearer {{ checkmk_agent_user }} {{ __checkmk_agent_auth }}"
+      Accept: "application/octet-stream"
+    timeout: "{{ checkmk_agent_download_timeout | default(omit) }}"
+  when: |
+    checkmk_agent_edition | lower != "cre"
+  become: false
+  register: __checkmk_agent_host_download_state
+  # This task may fail, as we fall back to the generic agent in that case
+  failed_when: 'false'
+  changed_when: __checkmk_agent_host_download_state.status is defined and __checkmk_agent_host_download_state.status == 200
+  delegate_to: "{{ checkmk_agent_delegate_download }}"
+  tags:
+    - download-package
+
+- name: "{{ ansible_system }}: Set Fact: Agent State: host-specific."
+  ansible.builtin.set_fact:
+    checkmk_agent_host_specific: >-
+      {{ (__checkmk_agent_host_download_state.status is defined and __checkmk_agent_host_download_state.status == 200) | bool }}
+  tags:
+    - download-package
+
+- name: "{{ ansible_system }}: Download folder-specific {{ checkmk_agent_edition | upper }} Agent."
+  ansible.builtin.uri:
+    url:
+      "{{ __checkmk_agent_agent.url.cee }}?\
+      os_type={{ __checkmk_agent_files_mapping[ansible_os_family] }}&\
+      folder_name={{ checkmk_agent_folder }}&\
+      agent_type=generic"
+    validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}"
+    dest: "{{ __checkmk_agent_agent.file.cee }}"
+    method: GET
+    headers:
+      Authorization: "Bearer {{ checkmk_agent_user }} {{ __checkmk_agent_auth }}"
+      Accept: "application/octet-stream"
+    timeout: "{{ checkmk_agent_download_timeout | default(omit) }}"
+  become: false
+  register: __checkmk_agent_folder_download_state
+  when: |
+    checkmk_agent_edition | lower != "cre"
+    and checkmk_agent_folder is defined
+    and not checkmk_agent_host_specific | bool
+  retries: 3
+  failed_when: 'false'
+  changed_when: __checkmk_agent_folder_download_state.status is defined and __checkmk_agent_folder_download_state.status == 200
+  delegate_to: "{{ checkmk_agent_delegate_download }}"
+  tags:
+    - download-package
+
+- name: "{{ ansible_system }}: Set Fact: Agent State: folder-specific."
+  ansible.builtin.set_fact:
+    checkmk_agent_folder_specific: >-
+      {{ (__checkmk_agent_folder_download_state.status is defined and __checkmk_agent_folder_download_state.status == 200) | bool }}
+  tags:
+    - download-package
+
+- name: "{{ ansible_system }}: Download GENERIC {{ checkmk_agent_edition | upper }} Agent."
+  shell: |
+    curl -H "Accept: application/octet-stream" \
+         -H "Authorization: Bearer {{ checkmk_agent_user }} {{ __checkmk_agent_auth }}" \
+         {% if not checkmk_agent_server_validate_certs | bool %}--insecure{% endif %} \
+         {% if checkmk_agent_download_timeout is defined %}--max-time {{ checkmk_agent_download_timeout }}{% endif %} \
+         -o "{{ __checkmk_agent_agent.file.cee }}" \
+         "{{ __checkmk_agent_agent.url.cee }}?os_type={{ __checkmk_agent_files_mapping[ansible_os_family] }}&agent_type=generic"
+  args:
+    creates: "{{ __checkmk_agent_agent.file.cee }}"
+  become: false
+  when: |
+    checkmk_agent_edition | lower != "cre"
+    and not (checkmk_agent_host_specific | bool or checkmk_agent_folder_specific | bool)
+  retries: 3
+  delegate_to: "{{ checkmk_agent_delegate_download }}"
+  tags:
+    - download-package
+
+- name: "{{ ansible_system }}: Transfer host-specific {{ checkmk_agent_edition | upper }} Agent."
+  ansible.builtin.copy:
+    src: "{{ __checkmk_agent_agent.file.host }}"
+    dest: "{{ __checkmk_agent_agent.file.host }}"
+    mode: "0644"
+  when: |
+    checkmk_agent_edition | lower != "cre"
+    and checkmk_agent_host_specific | bool
+    and checkmk_agent_delegate_download != inventory_hostname
+  tags:
+    - download-package
+
+- name: "{{ ansible_system }}: Transfer GENERIC or folder-specific {{ checkmk_agent_edition | upper }} Agent."
+  ansible.builtin.copy:
+    src: "{{ __checkmk_agent_agent.file.cee }}"
+    dest: "{{ __checkmk_agent_agent.file.cee }}"
+    mode: "0644"
+  when: |
+    checkmk_agent_edition | lower != "cre"
+    and not checkmk_agent_host_specific | bool
+    and checkmk_agent_delegate_download != inventory_hostname
+  tags:
+    - download-package
+
+- name: "{{ ansible_system }}: Transfer Vanilla {{ checkmk_agent_edition | upper }} Agent."
+  ansible.builtin.copy:
+    src: "{{ __checkmk_agent_agent.file.cre }}"
+    dest: "{{ __checkmk_agent_agent.file.cre }}"
+    mode: "0644"
+  when: |
+    checkmk_agent_edition | lower == "cre"
+    and checkmk_agent_delegate_download != inventory_hostname
+  tags:
+    - download-package
--- a/tasks/Linux.yml
+++ b/tasks/Linux.yml
@ -0,0 +1,318 @@
+---
+- name: "{{ ansible_system }}: Get installed packages using native commands (RedHat)."
+  become: true
+  ansible.builtin.shell: rpm -qa --qf '%{NAME}\n'
+  register: __checkmk_agent_rpm_packages
+  changed_when: false
+  when: ansible_os_family == "RedHat"
+  no_log: true
+  tags:
+    - get-package-facts
+
+- name: "{{ ansible_system }}: Get installed packages using native commands (Debian)."
+  become: true
+  ansible.builtin.shell: dpkg-query -W -f='${Package}\n'
+  register: __checkmk_agent_deb_packages
+  changed_when: false
+  when: ansible_os_family == "Debian"
+  no_log: true
+  tags:
+    - get-package-facts
+
+- name: "{{ ansible_system }}: Create simple package list from RPM output."
+  ansible.builtin.set_fact:
+    __checkmk_agent_installed_packages: "{{ __checkmk_agent_rpm_packages.stdout_lines }}"
+  when: ansible_os_family == "RedHat" and __checkmk_agent_rpm_packages is defined
+  tags:
+    - get-package-facts
+
+- name: "{{ ansible_system }}: Create simple package list from DEB output."
+  ansible.builtin.set_fact:
+    __checkmk_agent_installed_packages: "{{ __checkmk_agent_deb_packages.stdout_lines }}"
+  when: ansible_os_family == "Debian" and __checkmk_agent_deb_packages is defined
+  tags:
+    - get-package-facts
+
+- name: "{{ ansible_system }}: Populate service facts."
+  ansible.builtin.service_facts:
+
+- name: "{{ ansible_system }}: Check if systemd version requires xinetd."
+  become: true
+  ansible.builtin.shell: |
+    if command -v rpm >/dev/null 2>&1; then
+      rpm -q systemd --qf '%{VERSION}\n' | head -n1
+    elif command -v dpkg-query >/dev/null 2>&1; then
+      dpkg-query -W -f='${Version}\n' systemd | cut -d- -f1
+    else
+      systemctl --version | head -n1 | awk '{print $2}'
+    fi
+  register: __checkmk_agent_systemd_version
+  changed_when: false
+  failed_when: false
+  when: checkmk_agent_prep_legacy | bool
+  tags:
+    - check-systemd
+
+- name: "{{ ansible_system }}: Run Legacy agent tasks."
+  block:
+    - name: "{{ ansible_system }}: Install xinetd"
+      become: true
+      ansible.builtin.package:
+        name: xinetd
+        state: present
+      tags:
+        - install-package
+        - install-prerequisites
+
+    - name: "{{ ansible_system }}: Enable xinetd"
+      become: true
+      ansible.builtin.service:
+        name: xinetd
+        state: started
+        enabled: true
+      tags:
+        - enable-xinetd
+  when: |
+    checkmk_agent_prep_legacy | bool
+    and __checkmk_agent_systemd_version is defined
+    and __checkmk_agent_systemd_version.stdout is defined
+    and __checkmk_agent_systemd_version.stdout | int < 220
+
+- name: "{{ ansible_system }}: Download Vanilla agent."
+  ansible.builtin.get_url:
+    url: "{{ __checkmk_agent_agent.url.cre }}"
+    validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}"
+    dest: "{{ __checkmk_agent_agent.file.cre }}"
+    mode: '0640'
+    timeout: "{{ checkmk_agent_download_timeout | default(omit) }}"
+  when: checkmk_agent_edition | lower == "cre"
+  register: __checkmk_agent_download_state
+  retries: 3
+  delay: 10
+  until: "not __checkmk_agent_download_state.failed | bool"
+  delegate_to: "{{ checkmk_agent_delegate_download }}"
+  tags:
+    - download-package
+
+- name: "{{ ansible_os_family }}: Run OS Family specific tasks."
+  ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml"
+  tags:
+    - include-os-family-tasks
+
+- name: "{{ ansible_system }}: Create host on server."
+  checkmk.general.host:
+    server_url: "{{ checkmk_agent_server_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_server_port }}/"
+    site: "{{ checkmk_agent_site }}"
+    validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}"
+    automation_user: "{{ checkmk_agent_user }}"
+    automation_secret: "{{ __checkmk_agent_auth }}"
+    folder: "{{ checkmk_agent_folder | default(omit) }}"
+    name: "{{ checkmk_agent_host_name }}"
+    attributes: "{{ checkmk_agent_host_attributes }}"
+    state: "present"
+  become: false
+  register: __checkmk_agent_create_result
+  failed_when: |
+    (__checkmk_agent_create_result.failed == true) and
+    ("The host is already part of the specified target folder" not in __checkmk_agent_create_result.msg)
+  delegate_to: "{{ checkmk_agent_delegate_api_calls }}"
+  when: checkmk_agent_add_host | bool
+  notify: "Activate changes"
+
+# ============================================================
+# HIER IST DIE ÄNDERUNG! Diese Zeile wurde geändert:
+# VORHER: when: __checkmk_agent_create_result.changed | bool
+# JETZT:  when: checkmk_agent_add_host | bool
+# ============================================================
+- name: "Ensure registration readyness."  # noqa no-handler
+  when: checkmk_agent_add_host | bool
+  block:
+    - name: "Trigger activation of changes."
+      ansible.builtin.meta: flush_handlers
+
+- name: "{{ ansible_system }}: Check for Agent Updater Binary."
+  ansible.builtin.stat:
+    path: /usr/bin/cmk-update-agent
+  register: __checkmk_agent_updater_binary
+
+- name: "{{ ansible_system }}: Check for Agent Controller Binary."
+  ansible.builtin.stat:
+    path: /usr/bin/cmk-agent-ctl
+  register: __checkmk_agent_controller_binary
+
+- name: "{{ ansible_system }}: Override binary checks for unsupported architectures."
+  ansible.builtin.set_fact:
+    __checkmk_agent_updater_binary:
+      stat:
+        exists: false
+    __checkmk_agent_controller_binary:
+      stat:
+        exists: false
+  when: ansible_architecture not in ['x86_64', 'aarch64']
+
+- name: "{{ ansible_system }}: Read Updater State."
+  become: true
+  ansible.builtin.command: cat /var/lib/check_mk_agent/cache/plugins_cmk-update-agent.cache
+  register: __checkmk_agent_updater_state
+  changed_when: false
+  failed_when: |
+    not __checkmk_agent_updater_state.rc == 0
+    and not __checkmk_agent_updater_state.rc == 1
+
+- name: "{{ ansible_system }}: Read Agent Controller State."
+  become: true
+  ansible.builtin.command: cat /var/lib/cmk-agent/registered_connections.json
+  register: __checkmk_agent_registered_connections
+  changed_when: false
+  failed_when: |
+    not __checkmk_agent_registered_connections.rc == 0
+    and not __checkmk_agent_registered_connections.rc == 1
+
+- name: "{{ ansible_system }}: Register Agent for automatic Updates using User Password."
+  become: true
+  ansible.builtin.shell: |
+    cmk-update-agent register -H {{ checkmk_agent_host_name }} \
+    -s {{ checkmk_agent_registration_server }} -i {{ checkmk_agent_registration_site }} -p {{ checkmk_agent_registration_server_protocol }} \
+    -U {{ checkmk_agent_user }} -P {{ __checkmk_agent_auth | ansible.builtin.quote }}
+  no_log: "{{ checkmk_agent_no_log | bool }}"
+  register: __checkmk_agent_update_state
+  when: |
+    checkmk_agent_edition | lower != "cre"
+    and __checkmk_agent_updater_binary.stat.exists | bool
+    and checkmk_agent_update | bool
+    and (checkmk_agent_pass is defined and checkmk_agent_pass | length)
+    and (checkmk_agent_secret is not defined)
+    and not (
+      (checkmk_agent_registration_server + '/' + checkmk_agent_registration_site in __checkmk_agent_updater_state.stdout)
+      and ('"error": null' in __checkmk_agent_updater_state.stdout)
+    )
+  changed_when: "'Successfully registered agent of host' in __checkmk_agent_update_state.stderr"
+
+- name: "{{ ansible_system }}: Register Agent for automatic Updates using Automation Secret."
+  become: true
+  ansible.builtin.shell: |
+    cmk-update-agent register -H {{ checkmk_agent_host_name }} \
+    -s {{ checkmk_agent_registration_server }} -i {{ checkmk_agent_registration_site }} -p {{ checkmk_agent_registration_server_protocol }} \
+    -U {{ checkmk_agent_user }} -S {{ __checkmk_agent_auth | ansible.builtin.quote }}
+  no_log: "{{ checkmk_agent_no_log | bool }}"
+  register: __checkmk_agent_update_state
+  when: |
+    checkmk_agent_edition | lower != "cre"
+    and __checkmk_agent_updater_binary.stat.exists | bool
+    and checkmk_agent_update | bool
+    and (checkmk_agent_secret is defined and checkmk_agent_secret | length)
+    and not (
+      (checkmk_agent_registration_server + '/' + checkmk_agent_registration_site in __checkmk_agent_updater_state.stdout)
+      and ('"error": null' in __checkmk_agent_updater_state.stdout)
+    )
+  changed_when: "'Successfully registered agent of host' in __checkmk_agent_update_state.stderr"
+
+- name: "{{ ansible_system }}: Register Agent for TLS directly."
+  become: true
+  ansible.builtin.shell: |
+    cmk-agent-ctl register -H {{ checkmk_agent_host_name }} \
+    -s {{ checkmk_agent_registration_server }} -i {{ checkmk_agent_registration_site }} \
+    -U {{ checkmk_agent_user }} -P {{ __checkmk_agent_auth }} --trust-cert
+  no_log: "{{ checkmk_agent_no_log | bool }}"
+  register: __checkmk_agent_tls_state
+  retries: 3
+  delay: 5
+  until: __checkmk_agent_tls_state.rc == 0
+  failed_when: false
+  when: |
+    __checkmk_agent_controller_binary.stat.exists | bool
+    and checkmk_agent_tls | bool
+  changed_when: "'Registration complete' in __checkmk_agent_tls_state.stdout"
+
+- name: "{{ ansible_system }}: Log registration failure details."
+  ansible.builtin.debug:
+    msg: |
+      ========================================
+      REGISTRATION FAILED AFTER 3 RETRIES
+      ========================================
+      Host: {{ checkmk_agent_host_name }}
+      Server: {{ checkmk_agent_registration_server }}
+      Site: {{ checkmk_agent_registration_site }}
+      
+      Return Code: {{ __checkmk_agent_tls_state.rc | default('N/A') }}
+      
+      STDOUT:
+      {{ __checkmk_agent_tls_state.stdout | default('No output') }}
+      
+      STDERR:
+      {{ __checkmk_agent_tls_state.stderr | default('No errors') }}
+      
+      Possible causes:
+      - Agent receiver service not running on monitoring server
+      - Network connectivity issues (firewall, routing)
+      - Authentication failed (check username/password)
+      - Host not created in CheckMK yet
+      - TLS certificate issues
+      - Timing issue (agent controller not fully started)
+      
+      Troubleshooting steps:
+      1. Check agent receiver logs on monitoring server
+      2. Verify host exists in CheckMK: Setup -> Hosts
+      3. Test connection: curl -k https://{{ checkmk_agent_registration_server }}:8000/{{ checkmk_agent_registration_site }}/agent-receiver/register_existing
+      4. Check cmk-agent-ctl status on this host
+      ========================================
+  when: |
+    __checkmk_agent_tls_state is defined
+    and __checkmk_agent_tls_state.rc is defined
+    and __checkmk_agent_tls_state.rc != 0
+
+- name: "{{ ansible_system }}: Create temporary proxy-register file."
+  become: true
+  ansible.builtin.copy:
+    dest: "{{ __checkmk_agent_host_tmp_dir }}/checkmk-import"
+    mode: u=r,g=,o=
+    owner: cmk-agent
+    group: cmk-agent
+    content: "{{ __checkmk_agent_proxy_registration_state.stdout }}"
+  no_log: "{{ checkmk_agent_no_log | bool }}"
+  when: |
+    __checkmk_agent_controller_binary.stat.exists | bool
+    and checkmk_agent_tls | bool
+    and checkmk_agent_delegate_registration | bool
+    and (__checkmk_agent_auth is defined and __checkmk_agent_auth | length)
+    and not checkmk_agent_registration_server + '/' + checkmk_agent_registration_site in __checkmk_agent_registered_connections.stdout
+    and __checkmk_agent_proxy_registration_state is defined
+
+- name: "{{ ansible_system }}: Import proxy-register file."
+  become: true
+  ansible.builtin.command: "cmk-agent-ctl import {{ __checkmk_agent_host_tmp_dir }}/checkmk-import"
+  no_log: "{{ checkmk_agent_no_log | bool }}"
+  register: __checkmk_agent_import_result
+  when: |
+    __checkmk_agent_controller_binary.stat.exists | bool
+    and checkmk_agent_tls | bool
+    and checkmk_agent_delegate_registration | bool
+    and (__checkmk_agent_auth is defined and __checkmk_agent_auth | length)
+    and not checkmk_agent_registration_server + '/' + checkmk_agent_registration_site in __checkmk_agent_registered_connections.stdout
+    and __checkmk_agent_proxy_registration_state is defined
+  changed_when: __checkmk_agent_import_result.rc == 0
+
+- name: "{{ ansible_system }}: Clean-up proxy-register temporary file."
+  become: true
+  ansible.builtin.file:
+    path: "{{ __checkmk_agent_host_tmp_dir }}/checkmk-import"
+    state: absent
+  no_log: "{{ checkmk_agent_no_log | bool }}"
+  when: |
+    __checkmk_agent_controller_binary.stat.exists | bool
+    and checkmk_agent_tls | bool
+    and checkmk_agent_delegate_registration | bool
+    and (__checkmk_agent_auth is defined and __checkmk_agent_auth | length)
+    and not checkmk_agent_registration_server + '/' + checkmk_agent_registration_site in __checkmk_agent_registered_connections.stdout
+    and __checkmk_agent_proxy_registration_state is defined
+
+- name: "{{ ansible_system }}: Verify Checkmk Agent Port is open."
+  ansible.builtin.wait_for:
+    port: "{{ checkmk_agent_port }}"
+    timeout: 60
+  when: checkmk_agent_mode == 'pull'
+
+- name: "{{ ansible_system }}: Initial push of data for push agent"  # noqa no-changed-when
+  become: true
+  ansible.builtin.command: cmk-agent-ctl push
+  when: checkmk_agent_mode == 'push'
--- a/tasks/RedHat.yml
+++ b/tasks/RedHat.yml
@ -0,0 +1,11 @@
+---
+__checkmk_agent_host_tmp_dir: "/tmp"
+
+__checkmk_agent_agent:
+  url:
+    cre: "{{ __checkmk_agent_site_url }}/check_mk/agents/check-mk-agent-{{ checkmk_agent_version }}-1.noarch.rpm"
+    cee: "{{ __checkmk_agent_site_url }}/check_mk/api/1.0/domain-types/agent/actions/download_by_host/invoke"
+  file:
+    cre: "{{ __checkmk_agent_host_tmp_dir }}/check-mk-agent-{{ checkmk_agent_version }}-1.noarch-vanilla.rpm"
+    cee: "{{ __checkmk_agent_host_tmp_dir }}/check-mk-agent-{{ checkmk_agent_version }}-1.noarch-generic.rpm"
+    host: "{{ __checkmk_agent_host_tmp_dir }}/check-mk-agent-{{ checkmk_agent_version }}-1.noarch-{{ inventory_hostname }}.rpm"
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,83 @@
+---
+- name: "Preflight - Fail if Checkmk Edition is incorrect."
+  ansible.builtin.fail:
+    msg: "The provided Checkmk Edition '{{ checkmk_agent_edition }}' does  not exist or is not supported by this role."
+  when: checkmk_agent_edition | lower not in __checkmk_agent_edition_mapping
+
+- name: "{{ ansible_os_family }}: Include OS family specific variables."
+  ansible.builtin.include_vars: "{{ ansible_os_family }}.yml"
+  tags:
+    - include-os-family-vars
+
+- name: "{{ ansible_system }}: Include File Management."
+  ansible.builtin.include_tasks: "{{ ansible_system }}-files.yml"
+  tags:
+    - include-system-tasks
+    - download-package
+
+- name: "{{ ansible_system }}: Include OS specific tasks."
+  ansible.builtin.include_tasks: "{{ ansible_system }}.yml"
+  tags:
+    - include-system-tasks
+
+- name: "Activate pending CheckMK configuration changes before discovery."
+  become: false
+  checkmk.general.activation:
+    server_url: "{{ checkmk_agent_server_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_server_port }}/"
+    site: "{{ checkmk_agent_site }}"
+    validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}"
+    automation_user: "{{ checkmk_agent_user }}"
+    automation_secret: "{{ __checkmk_agent_auth }}"
+    force_foreign_changes: true
+    sites:
+      - "{{ checkmk_agent_site }}"
+  delegate_to: "{{ checkmk_agent_delegate_api_calls }}"
+  run_once: true
+  when: checkmk_agent_discover | bool
+  register: __checkmk_agent_activation
+  ignore_errors: true
+
+- name: "Wait for activation to complete."
+  ansible.builtin.pause:
+    seconds: "{{ checkmk_agent_activation_wait_seconds | default(60) }}"
+  run_once: true
+  when: 
+    - checkmk_agent_discover | bool
+    - __checkmk_agent_activation is changed
+
+- name: "Fetch fresh monitoring data from host."
+  become: false
+  checkmk.general.discovery:
+    server_url: "{{ checkmk_agent_server_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_server_port }}/"
+    site: "{{ checkmk_agent_site }}"
+    validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}"
+    automation_user: "{{ checkmk_agent_user }}"
+    automation_secret: "{{ __checkmk_agent_auth }}"
+    host_name: "{{ checkmk_agent_host_name }}"
+    state: "refresh"
+  throttle: "{{ checkmk_agent_discover_max_parallel_tasks }}"
+  delegate_to: "{{ checkmk_agent_delegate_api_calls }}"
+  when: checkmk_agent_discover | bool
+  register: __checkmk_agent_refresh_state
+  retries: 3
+  delay: 10
+  until: "__checkmk_agent_refresh_state.changed | bool"
+
+- name: "Update monitored services and labels on host."
+  become: false
+  checkmk.general.discovery:
+    server_url: "{{ checkmk_agent_server_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_server_port }}/"
+    site: "{{ checkmk_agent_site }}"
+    validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}"
+    automation_user: "{{ checkmk_agent_user }}"
+    automation_secret: "{{ __checkmk_agent_auth }}"
+    host_name: "{{ checkmk_agent_host_name }}"
+    state: "tabula_rasa"
+  throttle: "{{ checkmk_agent_discover_max_parallel_tasks }}"
+  delegate_to: "{{ checkmk_agent_delegate_api_calls }}"
+  when: checkmk_agent_discover | bool
+  register: __checkmk_agent_discovery_state
+  retries: 3
+  delay: 10
+  until: "__checkmk_agent_discovery_state.changed | bool"
+  notify: "Activate changes"