diff --git a/tasks/RedHat.yml-bak b/tasks/RedHat.yml-bak new file mode 100644 index 0000000..034e003 --- /dev/null +++ b/tasks/RedHat.yml-bak @@ -0,0 +1,64 @@ +--- +- name: "{{ ansible_os_family }} Derivatives: Install host-specific {{ checkmk_agent_edition | upper }} Agent." + become: true + ansible.builtin.dnf: + name: "{{ __checkmk_agent_agent.file.host }}" + state: present + disable_gpg_check: true + when: | + checkmk_agent_edition | lower != "cre" + and checkmk_agent_host_specific | bool + tags: + - install-package + +- name: "{{ ansible_os_family }} Derivatives: Install GENERIC or folder-specific {{ checkmk_agent_edition | upper }} Agent." + become: true + ansible.builtin.dnf: + name: "{{ __checkmk_agent_agent.file.cee }}" + state: present + disable_gpg_check: true + when: | + checkmk_agent_edition | lower != "cre" + and not checkmk_agent_host_specific | bool + tags: + - install-package + +- name: "{{ ansible_os_family }} Derivatives: Transfer Vanilla agent." + ansible.builtin.copy: + src: "{{ __checkmk_agent_agent.file.cre }}" + dest: "{{ __checkmk_agent_agent.file.cre }}" + mode: "0644" + when: | + checkmk_agent_edition | lower == "cre" + and checkmk_agent_delegate_download != inventory_hostname + tags: + - download-package + +- name: "{{ ansible_os_family }} Derivatives: Install Vanilla agent." + become: true + ansible.builtin.dnf: + name: "{{ __checkmk_agent_agent.file.cre }}" + state: present + disable_gpg_check: true + when: checkmk_agent_edition | lower == "cre" + tags: + - install-package + +- name: "{{ ansible_os_family }} Derivatives: Configure Firewall for Agent." + when: checkmk_agent_configure_firewall | bool and "firewalld.service" in ansible_facts.services + block: + - name: "{{ ansible_os_family }} Derivatives: Add Checkmk Server to Firewall Whitelist if it is an IP address." + when: checkmk_agent_server | ansible.utils.ipaddr() + ansible.builtin.set_fact: + checkmk_agent_server_ips: "{{ checkmk_agent_server_ips + [checkmk_agent_server] }}" + + - name: "{{ ansible_os_family }} Derivatives: Allow Checkmk services access to the agent." + when: checkmk_agent_server_ips is defined + ansible.posix.firewalld: + permanent: 'yes' + immediate: 'yes' + state: enabled + rich_rule: 'rule family="ipv4" source address={{ item }} port port="{{ checkmk_agent_port }}" protocol="tcp" accept' + zone: "{{ checkmk_agent_configure_firewall_zone | default('public') }}" + loop: "{{ checkmk_agent_server_ips }}" + become: true \ No newline at end of file diff --git a/tasks/Suse.yml b/tasks/Suse.yml new file mode 100644 index 0000000..446569f --- /dev/null +++ b/tasks/Suse.yml @@ -0,0 +1,57 @@ +--- +- name: "{{ ansible_os_family }} Derivatives: Install host-specific {{ checkmk_agent_edition | upper }} Agent." + become: true + community.general.zypper: + name: "{{ __checkmk_agent_agent.file.host }}" + force: "{{ checkmk_agent_force_install | bool }}" + state: present + disable_gpg_check: true + when: | + checkmk_agent_edition | lower != "cre" + and checkmk_agent_host_specific | bool + tags: + - install-package + +- name: "{{ ansible_os_family }} Derivatives: Install GENERIC or folder-specific {{ checkmk_agent_edition | upper }} Agent." + become: true + community.general.zypper: + name: "{{ __checkmk_agent_agent.file.cee }}" + force: "{{ checkmk_agent_force_install | bool }}" + state: present + disable_gpg_check: true + when: | + checkmk_agent_edition | lower != "cre" + and not checkmk_agent_host_specific | bool + tags: + - install-package + +- name: "{{ ansible_os_family }} Derivatives: Transfer Vanilla agent." + ansible.builtin.copy: + src: "{{ __checkmk_agent_agent.file.cre }}" + dest: "{{ __checkmk_agent_agent.file.cre }}" + mode: "0644" + when: | + checkmk_agent_edition | lower == "cre" + and checkmk_agent_delegate_download != inventory_hostname + tags: + - download-package + +- name: "{{ ansible_os_family }} Derivatives: Install Vanilla agent." + become: true + community.general.zypper: + name: "{{ __checkmk_agent_agent.file.cre }}" + force: "{{ checkmk_agent_force_install | bool }}" + state: present + disable_gpg_check: true + when: checkmk_agent_edition | lower == "cre" + tags: + - install-package + +- name: "{{ ansible_os_family }} Derivatives: Allow access to the Checkmk agent on port {{ checkmk_agent_port }}/tcp." + when: checkmk_agent_configure_firewall | bool and "firewalld.service" in ansible_facts.services + ansible.posix.firewalld: + permanent: true + immediate: "{% if ansible_facts['services']['firewalld.service']['state'] == 'running' %}true{% else %}false{% endif %}" + port: "{{ checkmk_agent_port }}/tcp" + state: "enabled" + become: true \ No newline at end of file diff --git a/tasks/Win32NT-files.yml b/tasks/Win32NT-files.yml new file mode 100644 index 0000000..e96d520 --- /dev/null +++ b/tasks/Win32NT-files.yml @@ -0,0 +1,136 @@ +--- +- name: "{{ ansible_system }}: Download Vanilla {{ checkmk_agent_edition | upper }} Agent." + ansible.windows.win_get_url: + url: "{{ __checkmk_agent_agent.url.cre }}" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" + dest: "{{ __checkmk_agent_agent.file.cre }}" + timeout: "{{ checkmk_agent_download_timeout | default(omit) }}" + when: checkmk_agent_edition | lower == "cre" + register: __checkmk_agent_vanilla_download_state + retries: 3 + delay: 10 + until: "not __checkmk_agent_vanilla_download_state.failed | bool" + delegate_to: "{{ checkmk_agent_delegate_download }}" + tags: + - download-package + +- name: "{{ ansible_system }}: Download host-specific {{ checkmk_agent_edition | upper }} Agent." + ansible.windows.win_get_url: + url: + "{{ __checkmk_agent_agent.url.cee }}?\ + host_name={{ checkmk_agent_host_name }}&\ + os_type={{ __checkmk_agent_files_mapping[ansible_os_family] }}&\ + agent_type=host_name" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" + dest: "{{ __checkmk_agent_agent.file.host }}" + method: GET + headers: + Authorization: "Bearer {{ checkmk_agent_user }} {{ __checkmk_agent_auth }}" + Accept: "application/octet-stream" + timeout: "{{ checkmk_agent_download_timeout | default(omit) }}" + when: | + checkmk_agent_edition | lower != "cre" + become: false + register: __checkmk_agent_host_download_state + # This task may fail, as we fall back to the generic agent in that case + failed_when: 'false' + changed_when: __checkmk_agent_host_download_state.status_code is defined and __checkmk_agent_host_download_state.status_code == 200 + delegate_to: "{{ checkmk_agent_delegate_download }}" + tags: + - download-package + +- name: "{{ ansible_system }}: Set Fact: Agent State: host-specific." + ansible.builtin.set_fact: + checkmk_agent_host_specific: >- + {{ (__checkmk_agent_host_download_state.status_code is defined and __checkmk_agent_host_download_state.status_code == 200) | bool }} + tags: + - download-package + +- name: "{{ ansible_system }}: Download folder-specific {{ checkmk_agent_edition | upper }} Agent." + ansible.windows.win_get_url: + url: + "{{ __checkmk_agent_agent.url.cee }}?\ + os_type={{ __checkmk_agent_files_mapping[ansible_os_family] }}&\ + folder_name={{ checkmk_agent_folder }}&\ + agent_type=generic" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" + dest: "{{ __checkmk_agent_agent.file.cee }}" + method: GET + headers: + Authorization: "Bearer {{ checkmk_agent_user }} {{ __checkmk_agent_auth }}" + Accept: "application/octet-stream" + timeout: "{{ checkmk_agent_download_timeout | default(omit) }}" + become: false + register: __checkmk_agent_folder_download_state + when: | + checkmk_agent_edition | lower != "cre" + and checkmk_agent_folder is defined + and not checkmk_agent_host_specific | bool + retries: 3 + # This task may fail, as we fall back to the generic agent in that case + failed_when: 'false' + changed_when: __checkmk_agent_folder_download_state.status_code is defined and __checkmk_agent_folder_download_state.status_code == 200 + delegate_to: "{{ checkmk_agent_delegate_download }}" + tags: + - download-package + +- name: "{{ ansible_system }}: Set Fact: Agent State: folder-specific." + ansible.builtin.set_fact: + checkmk_agent_folder_specific: >- + {{ (__checkmk_agent_folder_download_state.status_code is defined and __checkmk_agent_folder_download_state.status_code == 200) | bool }} + tags: + - download-package + +- name: "{{ ansible_system }}: Download GENERIC {{ checkmk_agent_edition | upper }} Agent." + ansible.windows.win_get_url: + url: + "{{ __checkmk_agent_agent.url.cee }}?\ + os_type={{ __checkmk_agent_files_mapping[ansible_os_family] }}&\ + agent_type=generic" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" + dest: "{{ __checkmk_agent_agent.file.cee }}" + method: GET + headers: + Authorization: "Bearer {{ checkmk_agent_user }} {{ __checkmk_agent_auth }}" + Accept: "application/octet-stream" + timeout: "{{ checkmk_agent_download_timeout | default(omit) }}" + become: false + when: | + checkmk_agent_edition | lower != "cre" + and not (checkmk_agent_host_specific | bool or checkmk_agent_folder_specific | bool) + retries: 3 + delegate_to: "{{ checkmk_agent_delegate_download }}" + tags: + - download-package + +- name: "{{ ansible_system }}: Transfer host-specific {{ checkmk_agent_edition | upper }} Agent." + ansible.windows.win_copy: + src: "{{ __checkmk_agent_agent.file.host }}" + dest: "{{ __checkmk_agent_agent.file.host }}" + when: | + checkmk_agent_edition | lower != "cre" + and checkmk_agent_host_specific | bool + and checkmk_agent_delegate_download != inventory_hostname + tags: + - download-package + +- name: "{{ ansible_system }}: Transfer GENERIC or folder-specific {{ checkmk_agent_edition | upper }} Agent." + ansible.windows.win_copy: + src: "{{ __checkmk_agent_agent.file.cee }}" + dest: "{{ __checkmk_agent_agent.file.cee }}" + when: | + checkmk_agent_edition | lower != "cre" + and not checkmk_agent_host_specific | bool + and checkmk_agent_delegate_download != inventory_hostname + tags: + - download-package + +- name: "{{ ansible_system }}: Transfer Vanilla {{ checkmk_agent_edition | upper }} Agent." + ansible.windows.win_copy: + src: "{{ __checkmk_agent_agent.file.cre }}" + dest: "{{ __checkmk_agent_agent.file.cre }}" + when: | + checkmk_agent_edition | lower == "cre" + and checkmk_agent_delegate_download != inventory_hostname + tags: + - download-package diff --git a/tasks/Win32NT.yml b/tasks/Win32NT.yml new file mode 100644 index 0000000..7d8f8dd --- /dev/null +++ b/tasks/Win32NT.yml @@ -0,0 +1,132 @@ +--- +- name: "{{ ansible_system }}: Run OS Family specific tasks." + ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" + tags: + - include-os-family-tasks + + +- name: "{{ ansible_system }}: Ensure Host is present in the correct Folder." + checkmk.general.host: + server_url: "{{ checkmk_agent_server_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_server_port }}/" + site: "{{ checkmk_agent_site }}" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" + automation_user: "{{ checkmk_agent_user }}" + automation_secret: "{{ __checkmk_agent_auth }}" + folder: "{{ checkmk_agent_folder }}" + name: "{{ checkmk_agent_host_name }}" + state: "present" + become: false + register: __checkmk_agent_create_result + delegate_to: "{{ checkmk_agent_delegate_api_calls }}" + when: checkmk_agent_add_host | bool + notify: "Activate changes" + +- name: "{{ ansible_system }}: Update Host Attributes." + checkmk.general.host: + server_url: "{{ checkmk_agent_server_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_server_port }}/" + site: "{{ checkmk_agent_site }}" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" + automation_user: "{{ checkmk_agent_user }}" + automation_secret: "{{ __checkmk_agent_auth }}" + name: "{{ checkmk_agent_host_name }}" + attributes: "{{ checkmk_agent_host_attributes }}" + state: "present" + become: false + register: __checkmk_agent_create_result + delegate_to: "{{ checkmk_agent_delegate_api_calls }}" + when: checkmk_agent_add_host | bool + notify: "Activate changes" + +- name: "Ensure registration readyness." # noqa no-handler + when: __checkmk_agent_create_result.changed | bool + block: + - name: "Trigger activation of changes." + ansible.builtin.meta: flush_handlers + +- name: "Check for Agent Controller Binary." + ansible.windows.win_stat: + path: "{{ __checkmk_agent_controller_binary_path }}" + register: __checkmk_agent_controller_binary + +- name: "{{ ansible_system }}: Check for Agent Binary." + ansible.windows.win_stat: + path: "{{ __checkmk_agent_binary_path }}" + register: __checkmk_agent_binary + +- name: "{{ ansible_system }}: Read Updater State." + ansible.windows.win_command: powershell.exe - + args: + stdin: Get-Content -ErrorAction Ignore -LiteralPath C:\ProgramData\checkmk\agent\config\cmk-update-agent.state ; Exit 0 + register: __checkmk_agent_updater_state + changed_when: false + +- name: "{{ ansible_system }}: Read Agent Controller State." + ansible.windows.win_command: powershell.exe - + args: + stdin: Get-Content -ErrorAction Ignore -LiteralPath C:\ProgramData\checkmk\agent\registered_connections.json ; Exit 0 + register: __checkmk_agent_registered_connections + changed_when: false + +- name: "{{ ansible_system }}: Register Agent for automatic Updates using User Password." + ansible.windows.win_command: | + check_mk_agent.exe updater register -H {{ checkmk_agent_host_name }} \ + -s {{ checkmk_agent_registration_server }} -i {{ checkmk_agent_registration_site }} -p {{ checkmk_agent_server_protocol }} \ + -U {{ checkmk_agent_user }} -P {{ __checkmk_agent_auth | ansible.windows.quote }} + no_log: "{{ checkmk_agent_no_log | bool }}" + register: __checkmk_agent_update_state + args: + chdir: "C:\\Program Files (x86)\\checkmk\\service\\" + when: | + checkmk_agent_edition | lower != "cre" + and __checkmk_agent_binary.stat.exists | bool + and checkmk_agent_update | bool + and (checkmk_agent_pass is defined and checkmk_agent_pass | length > 0) + and (checkmk_agent_secret is not defined) + and not (('\'server\': \'' + checkmk_agent_registration_server + '\', \'site\': \'' + checkmk_agent_registration_site + '\'' in __checkmk_agent_updater_state.stdout) + and ('\'last_error\': None' in __checkmk_agent_updater_state.stdout)) + changed_when: "'Successfully registered agent of host' in __checkmk_agent_update_state.stderr" + +- name: "{{ ansible_system }}: Register Agent for automatic Updates using Automation Secret." + ansible.windows.win_command: | + check_mk_agent.exe updater register -H {{ checkmk_agent_host_name }} \ + -s {{ checkmk_agent_registration_server }} -i {{ checkmk_agent_registration_site }} -p {{ checkmk_agent_registration_server_protocol }} \ + -U {{ checkmk_agent_user }} -S {{ __checkmk_agent_auth | ansible.windows.quote }} + no_log: "{{ checkmk_agent_no_log | bool }}" + register: __checkmk_agent_update_state + args: + chdir: "C:\\Program Files (x86)\\checkmk\\service\\" + when: | + checkmk_agent_edition | lower != "cre" + and __checkmk_agent_binary.stat.exists | bool + and checkmk_agent_update | bool + and (checkmk_agent_secret is defined and checkmk_agent_secret | length > 0) + and not (('\'server\': \'' + checkmk_agent_registration_server + '\', \'site\': \'' + checkmk_agent_registration_site + '\'' in __checkmk_agent_updater_state.stdout) + and ('\'last_error\': None' in __checkmk_agent_updater_state.stdout)) + changed_when: "'Successfully registered agent of host' in __checkmk_agent_update_state.stderr" + +- name: "{{ ansible_system }}: Register Agent for TLS." + ansible.windows.win_command: | + cmk-agent-ctl.exe register -H {{ checkmk_agent_host_name }} \ + -s {{ checkmk_agent_registration_server }} -i {{ checkmk_agent_registration_site }} \ + -U {{ checkmk_agent_user }} -P {{ __checkmk_agent_auth | ansible.windows.quote }} --trust-cert + no_log: "{{ checkmk_agent_no_log | bool }}" + register: __checkmk_agent_tls_state + args: + chdir: "C:\\Program Files (x86)\\checkmk\\service\\" + when: | + __checkmk_agent_controller_binary.stat.exists | bool + and checkmk_agent_tls | bool + and (__checkmk_agent_auth is defined and __checkmk_agent_auth | length > 0) + and not checkmk_agent_registration_server + '/' + checkmk_agent_registration_site in __checkmk_agent_registered_connections.stdout + changed_when: "'Registration complete' in __checkmk_agent_tls_state.stdout" + +- name: "{{ ansible_system }}: Verify Checkmk Agent Port is open." + ansible.windows.win_wait_for: + port: "{{ checkmk_agent_port }}" + timeout: 60 + when: checkmk_agent_mode == 'pull' + +- name: "{{ ansible_system }}: Initial push of data for push agent" # noqa no-changed-when + become: true + ansible.windows.win_command: cmk-agent-ctl.exe push + when: checkmk_agent_mode == 'push' diff --git a/tasks/Windows.yml b/tasks/Windows.yml new file mode 100644 index 0000000..ce0f69f --- /dev/null +++ b/tasks/Windows.yml @@ -0,0 +1,39 @@ +--- +- name: "{{ ansible_os_family }}: Install host-specific {{ checkmk_agent_edition | upper }} Agent." + ansible.windows.win_package: + path: "{{ __checkmk_agent_agent.file.host }}" + state: present + when: | + checkmk_agent_edition | lower != "cre" + and checkmk_agent_host_specific | bool + tags: + - install-package + +- name: "{{ ansible_os_family }}: Install GENERIC or folder-specific {{ checkmk_agent_edition | upper }} Agent." + ansible.windows.win_package: + path: "{{ __checkmk_agent_agent.file.cee }}" + state: present + when: | + checkmk_agent_edition | lower != "cre" + and not checkmk_agent_host_specific | bool + tags: + - install-package + +- name: "{{ ansible_os_family }}: Install Vanilla agent." + ansible.windows.win_package: + path: "{{ __checkmk_agent_agent.file.cre }}" + state: present + when: checkmk_agent_edition | lower == "cre" + tags: + - install-package + +- name: "Cleanup Checkmk Agent Setups." + ansible.windows.win_file: + path: "{{ item }}" + state: absent + loop: + - "{{ __checkmk_agent_agent.file.cre }}" + - "{{ __checkmk_agent_agent.file.cee }}" + - "{{ __checkmk_agent_agent.file.host }}" + tags: + - download-package