Upload files to "tasks"

2025-12-01 11:50:37 +01:00 · 2025-12-01 11:50:37 +01:00 · d3c10762ea
parent 6bc699f99c
commit d3c10762ea
5 changed files with 428 additions and 0 deletions
--- a/tasks/RedHat.yml-bak
+++ b/tasks/RedHat.yml-bak
@ -0,0 +1,64 @@
+---
+- name: "{{ ansible_os_family }} Derivatives: Install host-specific {{ checkmk_agent_edition | upper }} Agent."
+  become: true
+  ansible.builtin.dnf:
+    name: "{{ __checkmk_agent_agent.file.host }}"
+    state: present
+    disable_gpg_check: true
+  when: |
+    checkmk_agent_edition | lower != "cre"
+    and checkmk_agent_host_specific | bool
+  tags:
+    - install-package
+
+- name: "{{ ansible_os_family }} Derivatives: Install GENERIC or folder-specific {{ checkmk_agent_edition | upper }} Agent."
+  become: true
+  ansible.builtin.dnf:
+    name: "{{ __checkmk_agent_agent.file.cee }}"
+    state: present
+    disable_gpg_check: true
+  when: |
+    checkmk_agent_edition | lower != "cre"
+    and not checkmk_agent_host_specific | bool
+  tags:
+    - install-package
+
+- name: "{{ ansible_os_family }} Derivatives: Transfer Vanilla agent."
+  ansible.builtin.copy:
+    src: "{{ __checkmk_agent_agent.file.cre }}"
+    dest: "{{ __checkmk_agent_agent.file.cre }}"
+    mode: "0644"
+  when: |
+    checkmk_agent_edition | lower == "cre"
+    and checkmk_agent_delegate_download != inventory_hostname
+  tags:
+    - download-package
+
+- name: "{{ ansible_os_family }} Derivatives: Install Vanilla agent."
+  become: true
+  ansible.builtin.dnf:
+    name: "{{ __checkmk_agent_agent.file.cre }}"
+    state: present
+    disable_gpg_check: true
+  when: checkmk_agent_edition | lower == "cre"
+  tags:
+    - install-package
+
+- name: "{{ ansible_os_family }} Derivatives: Configure Firewall for Agent."
+  when: checkmk_agent_configure_firewall | bool and "firewalld.service" in ansible_facts.services
+  block:
+    - name: "{{ ansible_os_family }} Derivatives: Add Checkmk Server to Firewall Whitelist if it is an IP address."
+      when: checkmk_agent_server | ansible.utils.ipaddr()
+      ansible.builtin.set_fact:
+        checkmk_agent_server_ips: "{{ checkmk_agent_server_ips + [checkmk_agent_server] }}"
+
+    - name: "{{ ansible_os_family }} Derivatives: Allow Checkmk services access to the agent."
+      when: checkmk_agent_server_ips is defined
+      ansible.posix.firewalld:
+        permanent: 'yes'
+        immediate: 'yes'
+        state: enabled
+        rich_rule: 'rule family="ipv4" source address={{ item }} port port="{{ checkmk_agent_port }}" protocol="tcp" accept'
+        zone: "{{ checkmk_agent_configure_firewall_zone | default('public') }}"
+      loop: "{{ checkmk_agent_server_ips }}"
+      become: true
--- a/tasks/Suse.yml
+++ b/tasks/Suse.yml
@ -0,0 +1,57 @@
+---
+- name: "{{ ansible_os_family }} Derivatives: Install host-specific {{ checkmk_agent_edition | upper }} Agent."
+  become: true
+  community.general.zypper:
+    name: "{{ __checkmk_agent_agent.file.host }}"
+    force: "{{ checkmk_agent_force_install | bool }}"
+    state: present
+    disable_gpg_check: true
+  when: |
+    checkmk_agent_edition | lower != "cre"
+    and checkmk_agent_host_specific | bool
+  tags:
+    - install-package
+
+- name: "{{ ansible_os_family }} Derivatives: Install GENERIC or folder-specific {{ checkmk_agent_edition | upper }} Agent."
+  become: true
+  community.general.zypper:
+    name: "{{ __checkmk_agent_agent.file.cee }}"
+    force: "{{ checkmk_agent_force_install | bool }}"
+    state: present
+    disable_gpg_check: true
+  when: |
+    checkmk_agent_edition | lower != "cre"
+    and not checkmk_agent_host_specific | bool
+  tags:
+    - install-package
+
+- name: "{{ ansible_os_family }} Derivatives: Transfer Vanilla agent."
+  ansible.builtin.copy:
+    src: "{{ __checkmk_agent_agent.file.cre }}"
+    dest: "{{ __checkmk_agent_agent.file.cre }}"
+    mode: "0644"
+  when: |
+    checkmk_agent_edition | lower == "cre"
+    and checkmk_agent_delegate_download != inventory_hostname
+  tags:
+    - download-package
+
+- name: "{{ ansible_os_family }} Derivatives: Install Vanilla agent."
+  become: true
+  community.general.zypper:
+    name: "{{ __checkmk_agent_agent.file.cre }}"
+    force: "{{ checkmk_agent_force_install | bool }}"
+    state: present
+    disable_gpg_check: true
+  when: checkmk_agent_edition | lower == "cre"
+  tags:
+    - install-package
+
+- name: "{{ ansible_os_family }} Derivatives: Allow access to the Checkmk agent on port {{ checkmk_agent_port }}/tcp."
+  when: checkmk_agent_configure_firewall | bool and "firewalld.service" in ansible_facts.services
+  ansible.posix.firewalld:
+    permanent: true
+    immediate: "{% if ansible_facts['services']['firewalld.service']['state'] == 'running' %}true{% else %}false{% endif %}"
+    port: "{{ checkmk_agent_port }}/tcp"
+    state: "enabled"
+  become: true
--- a/tasks/Win32NT-files.yml
+++ b/tasks/Win32NT-files.yml
@ -0,0 +1,136 @@
+---
+- name: "{{ ansible_system }}: Download Vanilla {{ checkmk_agent_edition | upper }} Agent."
+  ansible.windows.win_get_url:
+    url: "{{ __checkmk_agent_agent.url.cre }}"
+    validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}"
+    dest: "{{ __checkmk_agent_agent.file.cre }}"
+    timeout: "{{ checkmk_agent_download_timeout | default(omit) }}"
+  when: checkmk_agent_edition | lower == "cre"
+  register: __checkmk_agent_vanilla_download_state
+  retries: 3
+  delay: 10
+  until: "not __checkmk_agent_vanilla_download_state.failed | bool"
+  delegate_to: "{{ checkmk_agent_delegate_download }}"
+  tags:
+    - download-package
+
+- name: "{{ ansible_system }}: Download host-specific {{ checkmk_agent_edition | upper }} Agent."
+  ansible.windows.win_get_url:
+    url:
+      "{{ __checkmk_agent_agent.url.cee }}?\
+      host_name={{ checkmk_agent_host_name }}&\
+      os_type={{ __checkmk_agent_files_mapping[ansible_os_family] }}&\
+      agent_type=host_name"
+    validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}"
+    dest: "{{ __checkmk_agent_agent.file.host }}"
+    method: GET
+    headers:
+      Authorization: "Bearer {{ checkmk_agent_user }} {{ __checkmk_agent_auth }}"
+      Accept: "application/octet-stream"
+    timeout: "{{ checkmk_agent_download_timeout | default(omit) }}"
+  when: |
+    checkmk_agent_edition | lower != "cre"
+  become: false
+  register: __checkmk_agent_host_download_state
+  # This task may fail, as we fall back to the generic agent in that case
+  failed_when: 'false'
+  changed_when: __checkmk_agent_host_download_state.status_code is defined and __checkmk_agent_host_download_state.status_code == 200
+  delegate_to: "{{ checkmk_agent_delegate_download }}"
+  tags:
+    - download-package
+
+- name: "{{ ansible_system }}: Set Fact: Agent State: host-specific."
+  ansible.builtin.set_fact:
+    checkmk_agent_host_specific: >-
+      {{ (__checkmk_agent_host_download_state.status_code is defined and __checkmk_agent_host_download_state.status_code == 200) | bool }}
+  tags:
+    - download-package
+
+- name: "{{ ansible_system }}: Download folder-specific {{ checkmk_agent_edition | upper }} Agent."
+  ansible.windows.win_get_url:
+    url:
+      "{{ __checkmk_agent_agent.url.cee }}?\
+      os_type={{ __checkmk_agent_files_mapping[ansible_os_family] }}&\
+      folder_name={{ checkmk_agent_folder }}&\
+      agent_type=generic"
+    validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}"
+    dest: "{{ __checkmk_agent_agent.file.cee }}"
+    method: GET
+    headers:
+      Authorization: "Bearer {{ checkmk_agent_user }} {{ __checkmk_agent_auth }}"
+      Accept: "application/octet-stream"
+    timeout: "{{ checkmk_agent_download_timeout | default(omit) }}"
+  become: false
+  register: __checkmk_agent_folder_download_state
+  when: |
+    checkmk_agent_edition | lower != "cre"
+    and checkmk_agent_folder is defined
+    and not checkmk_agent_host_specific | bool
+  retries: 3
+  # This task may fail, as we fall back to the generic agent in that case
+  failed_when: 'false'
+  changed_when: __checkmk_agent_folder_download_state.status_code is defined and __checkmk_agent_folder_download_state.status_code == 200
+  delegate_to: "{{ checkmk_agent_delegate_download }}"
+  tags:
+    - download-package
+
+- name: "{{ ansible_system }}: Set Fact: Agent State: folder-specific."
+  ansible.builtin.set_fact:
+    checkmk_agent_folder_specific: >-
+      {{ (__checkmk_agent_folder_download_state.status_code is defined and __checkmk_agent_folder_download_state.status_code == 200) | bool }}
+  tags:
+    - download-package
+
+- name: "{{ ansible_system }}: Download GENERIC {{ checkmk_agent_edition | upper }} Agent."
+  ansible.windows.win_get_url:
+    url:
+      "{{ __checkmk_agent_agent.url.cee }}?\
+      os_type={{ __checkmk_agent_files_mapping[ansible_os_family] }}&\
+      agent_type=generic"
+    validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}"
+    dest: "{{ __checkmk_agent_agent.file.cee }}"
+    method: GET
+    headers:
+      Authorization: "Bearer {{ checkmk_agent_user }} {{ __checkmk_agent_auth }}"
+      Accept: "application/octet-stream"
+    timeout: "{{ checkmk_agent_download_timeout | default(omit) }}"
+  become: false
+  when: |
+    checkmk_agent_edition | lower != "cre"
+    and not (checkmk_agent_host_specific | bool or checkmk_agent_folder_specific | bool)
+  retries: 3
+  delegate_to: "{{ checkmk_agent_delegate_download }}"
+  tags:
+    - download-package
+
+- name: "{{ ansible_system }}: Transfer host-specific {{ checkmk_agent_edition | upper }} Agent."
+  ansible.windows.win_copy:
+    src: "{{ __checkmk_agent_agent.file.host }}"
+    dest: "{{ __checkmk_agent_agent.file.host }}"
+  when: |
+    checkmk_agent_edition | lower != "cre"
+    and checkmk_agent_host_specific | bool
+    and checkmk_agent_delegate_download != inventory_hostname
+  tags:
+    - download-package
+
+- name: "{{ ansible_system }}: Transfer GENERIC or folder-specific {{ checkmk_agent_edition | upper }} Agent."
+  ansible.windows.win_copy:
+    src: "{{ __checkmk_agent_agent.file.cee }}"
+    dest: "{{ __checkmk_agent_agent.file.cee }}"
+  when: |
+    checkmk_agent_edition | lower != "cre"
+    and not checkmk_agent_host_specific | bool
+    and checkmk_agent_delegate_download != inventory_hostname
+  tags:
+    - download-package
+
+- name: "{{ ansible_system }}: Transfer Vanilla {{ checkmk_agent_edition | upper }} Agent."
+  ansible.windows.win_copy:
+    src: "{{ __checkmk_agent_agent.file.cre }}"
+    dest: "{{ __checkmk_agent_agent.file.cre }}"
+  when: |
+    checkmk_agent_edition | lower == "cre"
+    and checkmk_agent_delegate_download != inventory_hostname
+  tags:
+    - download-package
--- a/tasks/Win32NT.yml
+++ b/tasks/Win32NT.yml
@ -0,0 +1,132 @@
+---
+- name: "{{ ansible_system }}: Run OS Family specific tasks."
+  ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml"
+  tags:
+    - include-os-family-tasks
+
+
+- name: "{{ ansible_system }}: Ensure Host is present in the correct Folder."
+  checkmk.general.host:
+    server_url: "{{ checkmk_agent_server_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_server_port }}/"
+    site: "{{ checkmk_agent_site }}"
+    validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}"
+    automation_user: "{{ checkmk_agent_user }}"
+    automation_secret: "{{ __checkmk_agent_auth }}"
+    folder: "{{ checkmk_agent_folder }}"
+    name: "{{ checkmk_agent_host_name }}"
+    state: "present"
+  become: false
+  register: __checkmk_agent_create_result
+  delegate_to: "{{ checkmk_agent_delegate_api_calls }}"
+  when: checkmk_agent_add_host | bool
+  notify: "Activate changes"
+
+- name: "{{ ansible_system }}: Update Host Attributes."
+  checkmk.general.host:
+    server_url: "{{ checkmk_agent_server_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_server_port }}/"
+    site: "{{ checkmk_agent_site }}"
+    validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}"
+    automation_user: "{{ checkmk_agent_user }}"
+    automation_secret: "{{ __checkmk_agent_auth }}"
+    name: "{{ checkmk_agent_host_name }}"
+    attributes: "{{ checkmk_agent_host_attributes }}"
+    state: "present"
+  become: false
+  register: __checkmk_agent_create_result
+  delegate_to: "{{ checkmk_agent_delegate_api_calls }}"
+  when: checkmk_agent_add_host | bool
+  notify: "Activate changes"
+
+- name: "Ensure registration readyness."  # noqa no-handler
+  when: __checkmk_agent_create_result.changed | bool
+  block:
+    - name: "Trigger activation of changes."
+      ansible.builtin.meta: flush_handlers
+
+- name: "Check for Agent Controller Binary."
+  ansible.windows.win_stat:
+    path: "{{ __checkmk_agent_controller_binary_path }}"
+  register: __checkmk_agent_controller_binary
+
+- name: "{{ ansible_system }}: Check for Agent Binary."
+  ansible.windows.win_stat:
+    path: "{{ __checkmk_agent_binary_path }}"
+  register: __checkmk_agent_binary
+
+- name: "{{ ansible_system }}: Read Updater State."
+  ansible.windows.win_command: powershell.exe -
+  args:
+    stdin: Get-Content -ErrorAction Ignore -LiteralPath C:\ProgramData\checkmk\agent\config\cmk-update-agent.state ; Exit 0
+  register: __checkmk_agent_updater_state
+  changed_when: false
+
+- name: "{{ ansible_system }}: Read Agent Controller State."
+  ansible.windows.win_command: powershell.exe -
+  args:
+    stdin: Get-Content -ErrorAction Ignore -LiteralPath C:\ProgramData\checkmk\agent\registered_connections.json ; Exit 0
+  register: __checkmk_agent_registered_connections
+  changed_when: false
+
+- name: "{{ ansible_system }}: Register Agent for automatic Updates using User Password."
+  ansible.windows.win_command: |
+    check_mk_agent.exe updater register -H {{ checkmk_agent_host_name }} \
+    -s {{ checkmk_agent_registration_server }} -i {{ checkmk_agent_registration_site }} -p {{ checkmk_agent_server_protocol }} \
+    -U {{ checkmk_agent_user }} -P {{ __checkmk_agent_auth | ansible.windows.quote }}
+  no_log: "{{ checkmk_agent_no_log | bool }}"
+  register: __checkmk_agent_update_state
+  args:
+    chdir: "C:\\Program Files (x86)\\checkmk\\service\\"
+  when: |
+    checkmk_agent_edition | lower != "cre"
+    and __checkmk_agent_binary.stat.exists | bool
+    and checkmk_agent_update | bool
+    and (checkmk_agent_pass is defined and checkmk_agent_pass | length > 0)
+    and (checkmk_agent_secret is not defined)
+    and not (('\'server\': \'' + checkmk_agent_registration_server + '\', \'site\': \'' + checkmk_agent_registration_site + '\'' in __checkmk_agent_updater_state.stdout)
+    and ('\'last_error\': None' in __checkmk_agent_updater_state.stdout))
+  changed_when: "'Successfully registered agent of host' in __checkmk_agent_update_state.stderr"
+
+- name: "{{ ansible_system }}: Register Agent for automatic Updates using Automation Secret."
+  ansible.windows.win_command: |
+    check_mk_agent.exe updater register -H {{ checkmk_agent_host_name }} \
+    -s {{ checkmk_agent_registration_server }} -i {{ checkmk_agent_registration_site }} -p {{ checkmk_agent_registration_server_protocol }} \
+    -U {{ checkmk_agent_user }} -S {{ __checkmk_agent_auth | ansible.windows.quote }}
+  no_log: "{{ checkmk_agent_no_log | bool }}"
+  register: __checkmk_agent_update_state
+  args:
+    chdir: "C:\\Program Files (x86)\\checkmk\\service\\"
+  when: |
+    checkmk_agent_edition | lower != "cre"
+    and __checkmk_agent_binary.stat.exists | bool
+    and checkmk_agent_update | bool
+    and (checkmk_agent_secret is defined and checkmk_agent_secret | length > 0)
+    and not (('\'server\': \'' + checkmk_agent_registration_server + '\', \'site\': \'' + checkmk_agent_registration_site + '\'' in __checkmk_agent_updater_state.stdout)
+    and ('\'last_error\': None' in __checkmk_agent_updater_state.stdout))
+  changed_when: "'Successfully registered agent of host' in __checkmk_agent_update_state.stderr"
+
+- name: "{{ ansible_system }}: Register Agent for TLS."
+  ansible.windows.win_command: |
+    cmk-agent-ctl.exe register -H {{ checkmk_agent_host_name }} \
+    -s {{ checkmk_agent_registration_server }} -i {{ checkmk_agent_registration_site }} \
+    -U {{ checkmk_agent_user }} -P {{ __checkmk_agent_auth | ansible.windows.quote }} --trust-cert
+  no_log: "{{ checkmk_agent_no_log | bool }}"
+  register: __checkmk_agent_tls_state
+  args:
+    chdir: "C:\\Program Files (x86)\\checkmk\\service\\"
+  when: |
+    __checkmk_agent_controller_binary.stat.exists | bool
+    and checkmk_agent_tls | bool
+    and (__checkmk_agent_auth is defined and __checkmk_agent_auth | length > 0)
+    and not checkmk_agent_registration_server + '/' + checkmk_agent_registration_site in __checkmk_agent_registered_connections.stdout
+  changed_when: "'Registration complete' in __checkmk_agent_tls_state.stdout"
+
+- name: "{{ ansible_system }}: Verify Checkmk Agent Port is open."
+  ansible.windows.win_wait_for:
+    port: "{{ checkmk_agent_port }}"
+    timeout: 60
+  when: checkmk_agent_mode == 'pull'
+
+- name: "{{ ansible_system }}: Initial push of data for push agent"  # noqa no-changed-when
+  become: true
+  ansible.windows.win_command: cmk-agent-ctl.exe push
+  when: checkmk_agent_mode == 'push'
--- a/tasks/Windows.yml
+++ b/tasks/Windows.yml
@ -0,0 +1,39 @@
+---
+- name: "{{ ansible_os_family }}: Install host-specific {{ checkmk_agent_edition | upper }} Agent."
+  ansible.windows.win_package:
+    path: "{{ __checkmk_agent_agent.file.host }}"
+    state: present
+  when: |
+    checkmk_agent_edition | lower != "cre"
+    and checkmk_agent_host_specific | bool
+  tags:
+    - install-package
+
+- name: "{{ ansible_os_family }}: Install GENERIC or folder-specific  {{ checkmk_agent_edition | upper }} Agent."
+  ansible.windows.win_package:
+    path: "{{ __checkmk_agent_agent.file.cee }}"
+    state: present
+  when: |
+    checkmk_agent_edition | lower != "cre"
+    and not checkmk_agent_host_specific | bool
+  tags:
+    - install-package
+
+- name: "{{ ansible_os_family }}: Install Vanilla agent."
+  ansible.windows.win_package:
+    path: "{{ __checkmk_agent_agent.file.cre }}"
+    state: present
+  when: checkmk_agent_edition | lower == "cre"
+  tags:
+    - install-package
+
+- name: "Cleanup Checkmk Agent Setups."
+  ansible.windows.win_file:
+    path: "{{ item }}"
+    state: absent
+  loop:
+    - "{{ __checkmk_agent_agent.file.cre }}"
+    - "{{ __checkmk_agent_agent.file.cee }}"
+    - "{{ __checkmk_agent_agent.file.host }}"
+  tags:
+    - download-package