-
Notifications
You must be signed in to change notification settings - Fork 27
/
Copy pathmain.yml
188 lines (167 loc) · 5.46 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
---
# tasks file for check_mk agent
- name: Install check_mk_agent
package:
name: "{{ check_mk_agent_package_name }}"
state: present
when: not check_mk_agent_manual_install
- name: Install plugin requirements
package:
name: "{{ item }}"
state: present
with_items: "{{ check_mk_agent_plugins_requirements }}"
- name: Create plugins repository
file:
path: /usr/lib/check_mk_agent/plugins/
owner: root
group: root
state: directory
- name: Copy plugins
copy:
src: plugins/{{ item }}
dest: /usr/lib/check_mk_agent/plugins/{{ item }}
owner: root
group: root
mode: 0755
with_items: "{{ check_mk_agent_plugins }}"
- name: Create cache time directories
file:
name: /usr/lib/check_mk_agent/local/{{ item.value.cache_time }}
state: directory
owner: root
group: root
mode: 0755
with_dict: "{{ check_mk_agent_local_checks }}"
when: item.value.cache_time is defined
- name: Copy local checks
copy:
src: "{{ item.value.src }}"
dest: /usr/lib/check_mk_agent/local/{{ item.value.cache_time | default(omit) }}/{{ item.key }}
owner: root
group: root
mode: 0755
with_dict: "{{ check_mk_agent_local_checks }}"
- name: systemd socket activation
block:
- name: Start and enable check_mk.socket (use systemd-socket)
systemd:
name: check_mk.socket
daemon_reload: true
state: started
enabled: true
- name: Allow check_mk.socket (ufw)
ufw:
rule: allow
port: 6556
proto: tcp
when: check_mk_agent_setup_firewall and ansible_os_family == "Debian"
- name: Allow check_mk.socket (firewalld)
firewalld:
port: 6556/tcp
zone: public
permanent: true
state: enabled
when: check_mk_agent_setup_firewall and ansible_os_family == "RedHat"
notify:
- Restart firewalld
when:
- not check_mk_agent_over_ssh
- not check_mk_agent_over_xinetd
- name: xinetd service activation
block:
- name: Install xinetd package
package:
name: xinetd
state: present
- name: Start and enable xinetd
service:
name: xinetd
state: started
enabled: true
- name: Allow check_mk.socket (ufw)
ufw:
rule: allow
port: 6556
proto: tcp
when: check_mk_agent_setup_firewall and ansible_os_family == "Debian"
- name: Allow check_mk.socket (firewalld)
firewalld:
port: 6556/tcp
zone: public
permanent: true
state: enabled
when: check_mk_agent_setup_firewall and ansible_os_family == "RedHat"
notify:
- Restart firewalld
when:
- not check_mk_agent_over_ssh
- check_mk_agent_over_xinetd
- name: Setup SSH key
authorized_key:
user: root
key_options: 'command="/usr/bin/check_mk_agent",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-user-rc'
key: "{{ lookup('file', check_mk_agent_pubkey_file) }}"
when: check_mk_agent_over_ssh and check_mk_agent_pubkey_file and not check_mk_agent_with_sudo
- name: check_mk_agent with sudo
block:
- name: Add check_mk user for use with sudo
user:
name: checkmk_agent
system: true
home: /usr/lib/check_mk_agent/local
createhome: false
state: present
- name: Allow checkmk_agent user to run /usr/bin/check_mk_agent with sudo
copy:
src: sudoers_check_mk_agent
dest: /etc/sudoers.d/check_mk_agent
- name: Setup SSH key with sudo
authorized_key:
user: checkmk_agent
key_options: 'command="sudo /usr/bin/check_mk_agent",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-user-rc'
key: "{{ lookup('file', check_mk_agent_pubkey_file) }}"
when: check_mk_agent_over_ssh and check_mk_agent_pubkey_file and check_mk_agent_with_sudo
- name: Add SSH host key
block:
- name: Scan SSH host pubkey
shell: ssh-keyscan -T 10 {{ inventory_hostname }}
changed_when: false
register: check_mk_agent_host_ssh_pubkey
tags:
- skip_ansible_lint
- name: Add known_host entry to monitoring instance
known_hosts:
name: "{{ inventory_hostname }}"
key: "{{ item }}"
state: present
with_items: "{{ check_mk_agent_host_ssh_pubkey.stdout_lines }}"
when: check_mk_agent_over_ssh and check_mk_agent_add_host_pubkey
delegate_to: "{{ check_mk_agent_monitoring_host }}"
become_user: "{{ check_mk_agent_monitoring_user }}"
become: true
- name: Add host to check_mk instance via WATO API
check_mk:
server_url: "{{ check_mk_agent_monitoring_host_url }}"
username: "{{ check_mk_agent_monitoring_host_wato_username }}"
secret: "{{ check_mk_agent_monitoring_host_wato_secret }}"
hostname: "{{ inventory_hostname }}"
folder: "{{ check_mk_agent_monitoring_host_folder }}"
state: present
when: check_mk_agent_add_to_wato
register: check_mk_agent_add_host_wato
delegate_to: localhost
tags:
- skip_ansible_lint
- name: Discover services via WATO API
check_mk:
server_url: "{{ check_mk_agent_monitoring_host_url }}"
username: "{{ check_mk_agent_monitoring_host_wato_username }}"
secret: "{{ check_mk_agent_monitoring_host_wato_secret }}"
hostname: "{{ inventory_hostname }}"
discover_services: "{{ check_mk_agent_monitoring_host_discovery_mode }}"
when: check_mk_agent_add_host_wato.changed
notify:
- Check_mk activate changes via WATO API
delegate_to: localhost
tags:
- skip_ansible_lint