From be77dcfedfa83e2e4ca3a755a6a87283fc2c33b1 Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Fri, 26 Aug 2022 14:00:09 +0200 Subject: [PATCH 01/13] Prepare forced agent installation. Closes #104. This feature is yet untested. Additionally there seems to be no option for RedHat. --- roles/agent/README.md | 5 +++++ roles/agent/defaults/main.yml | 1 + roles/agent/tasks/Debian.yml | 1 + roles/agent/tasks/Suse.yml | 1 + 4 files changed, 8 insertions(+) diff --git a/roles/agent/README.md b/roles/agent/README.md index b321836bb..4ce54a12e 100644 --- a/roles/agent/README.md +++ b/roles/agent/README.md @@ -69,6 +69,11 @@ for automatic updates. Otherwise this will fail. Automatically configure the firewall to allow access to the Checkmk agent. + checkmk_agent_force_install: 'false' + +Force the installation of the agent package, no matter the constraints. +This means, downgrades become possible and unverified packages would be installed. + checkmk_agent_prep_legacy: 'false' Enable this to automatically install `xinetd` on hosts with systemd prior to version 220. diff --git a/roles/agent/defaults/main.yml b/roles/agent/defaults/main.yml index d78d1ebf8..86e87d155 100644 --- a/roles/agent/defaults/main.yml +++ b/roles/agent/defaults/main.yml @@ -15,6 +15,7 @@ checkmk_agent_discover: 'false' checkmk_agent_update: 'false' checkmk_agent_tls: 'false' checkmk_agent_configure_firewall: 'true' +checkmk_agent_force_install: 'false' checkmk_agent_prep_legacy: 'false' checkmk_agent_delegate_api_calls: localhost checkmk_agent_host_name: "{{ inventory_hostname }}" diff --git a/roles/agent/tasks/Debian.yml b/roles/agent/tasks/Debian.yml index 22064af2a..649b4a3a9 100644 --- a/roles/agent/tasks/Debian.yml +++ b/roles/agent/tasks/Debian.yml @@ -19,6 +19,7 @@ become: true ansible.builtin.apt: deb: "{{ checkmk_agent_agent.file.host }}" + force: "{{ checkmk_agent_force_install | bool }}" state: present when: | (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe") diff --git a/roles/agent/tasks/Suse.yml b/roles/agent/tasks/Suse.yml index ed41a9990..78bc2a455 100644 --- a/roles/agent/tasks/Suse.yml +++ b/roles/agent/tasks/Suse.yml @@ -19,6 +19,7 @@ become: true ansible.builtin.zypper: name: "{{ checkmk_agent_agent.file.host }}" + force: "{{ checkmk_agent_force_install | bool }}" state: present disable_gpg_check: true when: | From a49437927a0d962c18979ce3d3458a476546181e Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Fri, 26 Aug 2022 14:11:14 +0200 Subject: [PATCH 02/13] Enable Ubuntu 22 support. Closes #98 --- Vagrantfile | 2 +- roles/server/defaults/main.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/Vagrantfile b/Vagrantfile index a1f0c5256..d43bf1861 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -36,7 +36,7 @@ Vagrant.configure("2") do |config| # Ubuntu config.vm.define "ansibuntu", autostart: false , primary: false do |srv| - srv.vm.box = "ubuntu/focal64" + srv.vm.box = "ubuntu/jammy64" srv.vm.network "private_network", ip: "192.168.56.61" srv.ssh.insert_key = false srv.vm.provider "virtualbox" do |v| diff --git a/roles/server/defaults/main.yml b/roles/server/defaults/main.yml index fc182b4b9..21e7164eb 100644 --- a/roles/server/defaults/main.yml +++ b/roles/server/defaults/main.yml @@ -2,6 +2,7 @@ checkmk_server_server_stable_os: - Debian 11 - Ubuntu 20 + - Ubuntu 22 - CentOS 7 - CentOS 8 - RHEL 7 From 4a4f39e48a1de0539df4ae80aa192946ab321b7f Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Fri, 26 Aug 2022 14:21:20 +0200 Subject: [PATCH 03/13] Update missing tasks with force flag. --- roles/agent/tasks/Debian.yml | 2 ++ roles/agent/tasks/Suse.yml | 3 +++ 2 files changed, 5 insertions(+) diff --git a/roles/agent/tasks/Debian.yml b/roles/agent/tasks/Debian.yml index 649b4a3a9..f44a13b58 100644 --- a/roles/agent/tasks/Debian.yml +++ b/roles/agent/tasks/Debian.yml @@ -45,6 +45,7 @@ become: true ansible.builtin.apt: deb: "{{ checkmk_agent_agent.file.cee }}" + force: "{{ checkmk_agent_force_install | bool }}" state: present when: | (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe") @@ -56,6 +57,7 @@ become: true ansible.builtin.apt: deb: "{{ checkmk_agent_agent.file.cre }}" + force: "{{ checkmk_agent_force_install | bool }}" state: present when: checkmk_agent_edition == "cre" tags: diff --git a/roles/agent/tasks/Suse.yml b/roles/agent/tasks/Suse.yml index 78bc2a455..15114d351 100644 --- a/roles/agent/tasks/Suse.yml +++ b/roles/agent/tasks/Suse.yml @@ -46,6 +46,7 @@ become: true ansible.builtin.zypper: name: "{{ checkmk_agent_agent.file.cre }}" + force: "{{ checkmk_agent_force_install | bool }}" state: present disable_gpg_check: true when: checkmk_agent_edition == "cre" @@ -56,6 +57,7 @@ become: true ansible.builtin.zypper: name: "{{ checkmk_agent_agent.file.cee }}" + force: "{{ checkmk_agent_force_install | bool }}" state: present disable_gpg_check: true when: | @@ -68,6 +70,7 @@ become: true ansible.builtin.zypper: name: "{{ checkmk_agent_agent.file.cre }}" + force: "{{ checkmk_agent_force_install | bool }}" state: present disable_gpg_check: true when: checkmk_agent_edition == "cre" From 9d45f8992a74281b948845b3eea284da0eac1363 Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Fri, 26 Aug 2022 15:21:59 +0200 Subject: [PATCH 04/13] Fix setup file verification. --- changelogs/fragments/server_role.yml | 48 ++++++++++++++++++++++++++++ roles/server/tasks/main.yml | 10 +++--- roles/server/vars/Debian.yml | 2 +- 3 files changed, 54 insertions(+), 6 deletions(-) create mode 100644 changelogs/fragments/server_role.yml diff --git a/changelogs/fragments/server_role.yml b/changelogs/fragments/server_role.yml new file mode 100644 index 000000000..15aaa2169 --- /dev/null +++ b/changelogs/fragments/server_role.yml @@ -0,0 +1,48 @@ +# https://docs.ansible.com/ansible/latest/community/development_process.html#changelogs-how-to + +minor_changes: + - Server role - Fix setup file verification on Debian derivates. Using gpg instead dpkg-sig now. + +# known_issues: +# - This release is still in development and a heavy work in progress. +# - Discovery module is not feature complete yet. +# - Downtime module is not fully idempotent yet. This affects service downtimes and deletions. + +## Line Format +# When writing a changelog entry, use the following format: + +# - scope - description starting with a lowercase letter and ending with a period at the very end. Multiple sentences are allowed (https://github.com/reference/to/an/issue or, if there is no issue, reference to a pull request itself). + +# The scope is usually a module or plugin name or group of modules or plugins, for example, lookup plugins. While module names can (and should) be mentioned directly (foo_module), plugin names should always be followed by the type (foo inventory plugin). + +# For changes that are not really scoped (for example, which affect a whole collection), use the following format: + +# - Description starting with an uppercase letter and ending with a dot at the very end. Multiple sentences are allowed (https://github.com/reference/to/an/issue or, if there is no issue, reference to a pull request itself). + + +## Possible keys: + +# breaking_changes + +# Changes that break existing playbooks or roles. This includes any change to existing behavior that forces users to update tasks. Displayed in both the changelogs and the Porting Guides. +# major_changes + +# Major changes to Ansible itself. Generally does not include module or plugin changes. Displayed in both the changelogs and the Porting Guides. +# minor_changes + +# Minor changes to Ansible, modules, or plugins. This includes new features, new parameters added to modules, or behavior changes to existing parameters. +# deprecated_features + +# Features that have been deprecated and are scheduled for removal in a future release. Displayed in both the changelogs and the Porting Guides. +# removed_features + +# Features that were previously deprecated and are now removed. Displayed in both the changelogs and the Porting Guides. +# security_fixes + +# Fixes that address CVEs or resolve security concerns. Include links to CVE information. +# bugfixes + +# Fixes that resolve issues. +# known_issues + +# Known issues that are currently not fixed or will not be fixed. diff --git a/roles/server/tasks/main.yml b/roles/server/tasks/main.yml index 305b5a6c6..602a95232 100644 --- a/roles/server/tasks/main.yml +++ b/roles/server/tasks/main.yml @@ -58,15 +58,15 @@ - import-gpg-key - name: "Verify Checkmk Setup." - ansible.builtin.command: dpkg-sig --verify "/tmp/{{ checkmk_server_setup_file }}" + ansible.builtin.command: gpg --verify "/tmp/{{ checkmk_server_setup_file }}" register: checkmk_server_verify_state - changed_when: not checkmk_server_verify_state - failed_when: not checkmk_server_verify_state + changed_when: "'Good signature' in checkmk_server_verify_state.stderr" + failed_when: "'Bad signature' in checkmk_server_verify_state.stderr" - name: "Print Verification Output." ansible.builtin.debug: - msg: "{{ checkmk_server_verify_state.stdout_lines }} " - when: checkmk_server_verify_setup | bool and ansible_os_family == "Debian" + msg: "{{ checkmk_server_verify_state.stderr_lines }} " + when: checkmk_server_verify_setup | bool and ansible_os_family == "Debian" - name: "Import Checkmk GPG Key." become: true diff --git a/roles/server/vars/Debian.yml b/roles/server/vars/Debian.yml index 107573e05..daa296e26 100644 --- a/roles/server/vars/Debian.yml +++ b/roles/server/vars/Debian.yml @@ -3,4 +3,4 @@ checkmk_server_setup_file: "check-mk-{{ checkmk_server_edition_mapping[checkmk_s checkmk_server_prerequisites: - freeipmi - - dpkg-sig + - gpg From 9c1f3bf103f52438178a6450ad5021bd932b54b7 Mon Sep 17 00:00:00 2001 From: diademiemi Date: Tue, 30 Aug 2022 13:03:48 +0200 Subject: [PATCH 05/13] Add validate_certs option --- plugins/modules/activation.py | 5 +++++ plugins/modules/discovery.py | 5 +++++ plugins/modules/downtime.py | 5 +++++ plugins/modules/folder.py | 5 +++++ plugins/modules/host.py | 5 +++++ roles/agent/README.md | 4 ++++ roles/agent/defaults/main.yml | 1 + roles/agent/tasks/Debian.yml | 2 ++ roles/agent/tasks/RedHat.yml | 2 ++ roles/agent/tasks/Suse.yml | 2 ++ roles/agent/tasks/main.yml | 3 +++ 11 files changed, 39 insertions(+) diff --git a/plugins/modules/activation.py b/plugins/modules/activation.py index df6ac6f05..5ae090907 100644 --- a/plugins/modules/activation.py +++ b/plugins/modules/activation.py @@ -32,6 +32,10 @@ description: Wheather to active foreign changes. default: false type: bool + validate_certs: + description: Whether to validate the SSL certificate of the Checkmk server. + default: true + type: bool author: - Robin Gierse (@robin-tribe29) @@ -90,6 +94,7 @@ def run_module(): module_args = dict( server_url=dict(type="str", required=True), site=dict(type="str", required=True), + validate_certs=dict(type="bool", required=False, default=True), automation_user=dict(type="str", required=True), automation_secret=dict(type="str", required=True, no_log=True), sites=dict(type="raw", default=[]), diff --git a/plugins/modules/discovery.py b/plugins/modules/discovery.py index 93dd4f30f..099a195b6 100644 --- a/plugins/modules/discovery.py +++ b/plugins/modules/discovery.py @@ -32,6 +32,10 @@ type: str default: new choices: [new, remove, fix_all, refresh, only_host_labels] + validate_certs: + description: Whether to validate the SSL certificate of the Checkmk server. + default: true + type: bool author: - Robin Gierse (@robin-tribe29) @@ -80,6 +84,7 @@ def run_module(): module_args = dict( server_url=dict(type="str", required=True), site=dict(type="str", required=True), + validate_certs=dict(type="bool", required=False, default=True), automation_user=dict(type="str", required=True), automation_secret=dict(type="str", required=True, no_log=True), host_name=dict(type="str", required=True), diff --git a/plugins/modules/downtime.py b/plugins/modules/downtime.py index f31d0b51c..95b0a3607 100644 --- a/plugins/modules/downtime.py +++ b/plugins/modules/downtime.py @@ -88,6 +88,10 @@ type: str default: present choices: [present, absent] + validate_certs: + description: Whether to validate the SSL certificate of the Checkmk server. + default: true + type: bool author: - Oliver Gaida (@ogaida) @@ -405,6 +409,7 @@ def run_module(): module_args = dict( server_url=dict(type="str", required=True), site=dict(type="str", required=True), + validate_certs=dict(type="bool", required=False, default=True), automation_user=dict(type="str", required=True), automation_secret=dict(type="str", required=True, no_log=True), host_name=dict(type="str", required=True), diff --git a/plugins/modules/folder.py b/plugins/modules/folder.py index 228dd8887..37f91793a 100644 --- a/plugins/modules/folder.py +++ b/plugins/modules/folder.py @@ -39,6 +39,10 @@ type: str default: present choices: [present, absent] + validate_certs: + description: Whether to validate the SSL certificate of the Checkmk server. + default: true + type: bool author: - Robin Gierse (@robin-tribe29) @@ -229,6 +233,7 @@ def run_module(): module_args = dict( server_url=dict(type="str", required=True), site=dict(type="str", required=True), + validate_certs=dict(type="bool", required=False, default=True), automation_user=dict(type="str", required=True), automation_secret=dict(type="str", required=True, no_log=True), path=dict(type="str", required=True), diff --git a/plugins/modules/host.py b/plugins/modules/host.py index 895e170c4..b44920123 100644 --- a/plugins/modules/host.py +++ b/plugins/modules/host.py @@ -40,6 +40,10 @@ type: str default: present choices: [present, absent] + validate_certs: + description: Whether to validate the SSL certificate of the Checkmk server. + default: true + type: bool author: - Robin Gierse (@robin-tribe29) @@ -230,6 +234,7 @@ def run_module(): module_args = dict( server_url=dict(type="str", required=True), site=dict(type="str", required=True), + validate_certs=dict(type="bool", required=False, default=True), automation_user=dict(type="str", required=True), automation_secret=dict(type="str", required=True, no_log=True), host_name=dict(type="str", required=True), diff --git a/roles/agent/README.md b/roles/agent/README.md index 4ce54a12e..edc7d911e 100644 --- a/roles/agent/README.md +++ b/roles/agent/README.md @@ -29,6 +29,10 @@ The protocol used to connect to your Checkmk site. The FQDN or IP address of your Checkmk server. + checkmk_agent_server_validate_certs: 'true' + +Whether to validate the SSL certificate of the Checkmk server. + checkmk_agent_site: my_site The name of your Checkmk site. diff --git a/roles/agent/defaults/main.yml b/roles/agent/defaults/main.yml index 86e87d155..15e4cf877 100644 --- a/roles/agent/defaults/main.yml +++ b/roles/agent/defaults/main.yml @@ -3,6 +3,7 @@ checkmk_agent_version: "2.1.0p1" checkmk_agent_edition: cre checkmk_agent_protocol: http checkmk_agent_server: localhost +checkmk_agent_server_validate_certs: 'true' checkmk_agent_site: my_site checkmk_agent_user: "{{ automation_user | default('automation') }}" diff --git a/roles/agent/tasks/Debian.yml b/roles/agent/tasks/Debian.yml index f44a13b58..c85b0386a 100644 --- a/roles/agent/tasks/Debian.yml +++ b/roles/agent/tasks/Debian.yml @@ -2,6 +2,7 @@ - name: "Debian Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?host_name={{ inventory_hostname }}&os_type=linux_deb&agent_type=host_name" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" dest: "{{ checkmk_agent_agent.file.host }}" method: GET headers: @@ -30,6 +31,7 @@ - name: "Debian Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?os_type=linux_deb&agent_type=generic" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" dest: "{{ checkmk_agent_agent.file.cee }}" method: GET headers: diff --git a/roles/agent/tasks/RedHat.yml b/roles/agent/tasks/RedHat.yml index 58b70407d..10ef282a4 100644 --- a/roles/agent/tasks/RedHat.yml +++ b/roles/agent/tasks/RedHat.yml @@ -2,6 +2,7 @@ - name: "RedHat Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?host_name={{ inventory_hostname }}&os_type=linux_rpm&agent_type=host_name" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" dest: "{{ checkmk_agent_agent.file.host }}" method: GET headers: @@ -30,6 +31,7 @@ - name: "RedHat Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?os_type=linux_rpm&agent_type=generic" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" dest: "{{ checkmk_agent_agent.file.cee }}" method: GET headers: diff --git a/roles/agent/tasks/Suse.yml b/roles/agent/tasks/Suse.yml index 15114d351..539c83c97 100644 --- a/roles/agent/tasks/Suse.yml +++ b/roles/agent/tasks/Suse.yml @@ -2,6 +2,7 @@ - name: "Suse Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?host_name={{ inventory_hostname }}&os_type=linux_rpm&agent_type=host_name" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" dest: "{{ checkmk_agent_agent.file.host }}" method: GET headers: @@ -31,6 +32,7 @@ - name: "Suse Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent." ansible.builtin.uri: url: "{{ checkmk_agent_agent.url.cee }}?os_type=linux_rpm&agent_type=generic" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" dest: "{{ checkmk_agent_agent.file.cee }}" method: GET headers: diff --git a/roles/agent/tasks/main.yml b/roles/agent/tasks/main.yml index f4763433d..490e128ae 100644 --- a/roles/agent/tasks/main.yml +++ b/roles/agent/tasks/main.yml @@ -19,6 +19,7 @@ - name: "Download Checkmk CRE Agent." ansible.builtin.get_url: url: "{{ checkmk_agent_agent.url.cre }}" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" dest: "{{ checkmk_agent_agent.file.cre }}" mode: 0640 when: checkmk_agent_edition == "cre" @@ -34,6 +35,7 @@ tribe29.checkmk.host: server_url: "{{ checkmk_agent_protocol }}://{{ checkmk_agent_server }}/" site: "{{ checkmk_agent_site }}" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" automation_user: "{{ checkmk_agent_user }}" automation_secret: "{{ checkmk_agent_pass }}" folder: "{{ checkmk_agent_folder | default(omit) }}" @@ -112,6 +114,7 @@ tribe29.checkmk.discovery: server_url: "{{ checkmk_agent_protocol }}://{{ checkmk_agent_server }}/" site: "{{ checkmk_agent_site }}" + validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}" automation_user: "{{ checkmk_agent_user }}" automation_secret: "{{ checkmk_agent_pass }}" host_name: "{{ checkmk_agent_host_name }}" From 75e59e0170625fb627553c6457fee97b99d83af9 Mon Sep 17 00:00:00 2001 From: diademiemi Date: Tue, 30 Aug 2022 13:58:45 +0200 Subject: [PATCH 06/13] Add variable for port --- roles/agent/README.md | 4 ++++ roles/agent/defaults/main.yml | 1 + roles/agent/tasks/main.yml | 4 ++-- roles/agent/vars/main.yml | 2 +- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/roles/agent/README.md b/roles/agent/README.md index 4ce54a12e..762300f76 100644 --- a/roles/agent/README.md +++ b/roles/agent/README.md @@ -29,6 +29,10 @@ The protocol used to connect to your Checkmk site. The FQDN or IP address of your Checkmk server. + +checkmk_agent_port: "{% if checkmk_agent_protocol == 'https' %}443{% else %}80{% endif %}" + +The port of the web interface of your Checkmk server. + checkmk_agent_site: my_site The name of your Checkmk site. diff --git a/roles/agent/defaults/main.yml b/roles/agent/defaults/main.yml index 86e87d155..654a130f3 100644 --- a/roles/agent/defaults/main.yml +++ b/roles/agent/defaults/main.yml @@ -3,6 +3,7 @@ checkmk_agent_version: "2.1.0p1" checkmk_agent_edition: cre checkmk_agent_protocol: http checkmk_agent_server: localhost +checkmk_agent_port: "{% if checkmk_agent_protocol == 'https' %}443{% else %}80{% endif %}" checkmk_agent_site: my_site checkmk_agent_user: "{{ automation_user | default('automation') }}" diff --git a/roles/agent/tasks/main.yml b/roles/agent/tasks/main.yml index f4763433d..8d6ca7891 100644 --- a/roles/agent/tasks/main.yml +++ b/roles/agent/tasks/main.yml @@ -32,7 +32,7 @@ - name: "Create host on server." tribe29.checkmk.host: - server_url: "{{ checkmk_agent_protocol }}://{{ checkmk_agent_server }}/" + server_url: "{{ checkmk_agent_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_port }}/" site: "{{ checkmk_agent_site }}" automation_user: "{{ checkmk_agent_user }}" automation_secret: "{{ checkmk_agent_pass }}" @@ -110,7 +110,7 @@ - name: "Discover services and labels on host." tribe29.checkmk.discovery: - server_url: "{{ checkmk_agent_protocol }}://{{ checkmk_agent_server }}/" + server_url: "{{ checkmk_agent_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_port }}/" site: "{{ checkmk_agent_site }}" automation_user: "{{ checkmk_agent_user }}" automation_secret: "{{ checkmk_agent_pass }}" diff --git a/roles/agent/vars/main.yml b/roles/agent/vars/main.yml index 90d070012..15885782a 100644 --- a/roles/agent/vars/main.yml +++ b/roles/agent/vars/main.yml @@ -1,2 +1,2 @@ --- -checkmk_agent_site_url: "{{ checkmk_agent_protocol }}://{{ checkmk_agent_server }}/{{ checkmk_agent_site }}" +checkmk_agent_site_url: "{{ checkmk_agent_protocol }}://{{ checkmk_agent_server }}:{{ checkmk_agent_port }}/{{ checkmk_agent_site }}" From fd6c391e6815ba786bd43067c7ed3ad99747b28a Mon Sep 17 00:00:00 2001 From: diademiemi Date: Tue, 30 Aug 2022 14:03:48 +0200 Subject: [PATCH 07/13] Update README --- roles/agent/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/agent/README.md b/roles/agent/README.md index 762300f76..1faf69715 100644 --- a/roles/agent/README.md +++ b/roles/agent/README.md @@ -29,9 +29,9 @@ The protocol used to connect to your Checkmk site. The FQDN or IP address of your Checkmk server. - +checkmk_agent_port: "{% if checkmk_agent_protocol == 'https' %}443{% else %}80{% endif %}" + checkmk_agent_port: "{% if checkmk_agent_protocol == 'https' %}443{% else %}80{% endif %}" -The port of the web interface of your Checkmk server. +The port of the web interface of your Checkmk server. Defaults to port 80 for http and port 443 for https. checkmk_agent_site: my_site From c7bd96b7d314b024f5886c6ae7fed3f05f0e5b91 Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Thu, 1 Sep 2022 09:18:21 +0200 Subject: [PATCH 08/13] Add changelog. --- changelogs/fragments/agent_role.yml | 49 +++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 changelogs/fragments/agent_role.yml diff --git a/changelogs/fragments/agent_role.yml b/changelogs/fragments/agent_role.yml new file mode 100644 index 000000000..fca3f00f1 --- /dev/null +++ b/changelogs/fragments/agent_role.yml @@ -0,0 +1,49 @@ +# https://docs.ansible.com/ansible/latest/community/development_process.html#changelogs-how-to + +minor_changes: + - Agent role - Enable forced agent installation, skipping all possible constraints, like downgrades. + - Agent role - Make Checkmk server port for API calls configurable. By default the ports 80 and 443 are used according to the configured protocol. + +# known_issues: +# - This release is still in development and a heavy work in progress. +# - Discovery module is not feature complete yet. +# - Downtime module is not fully idempotent yet. This affects service downtimes and deletions. + +## Line Format +# When writing a changelog entry, use the following format: + +# - scope - description starting with a lowercase letter and ending with a period at the very end. Multiple sentences are allowed (https://github.com/reference/to/an/issue or, if there is no issue, reference to a pull request itself). + +# The scope is usually a module or plugin name or group of modules or plugins, for example, lookup plugins. While module names can (and should) be mentioned directly (foo_module), plugin names should always be followed by the type (foo inventory plugin). + +# For changes that are not really scoped (for example, which affect a whole collection), use the following format: + +# - Description starting with an uppercase letter and ending with a dot at the very end. Multiple sentences are allowed (https://github.com/reference/to/an/issue or, if there is no issue, reference to a pull request itself). + + +## Possible keys: + +# breaking_changes + +# Changes that break existing playbooks or roles. This includes any change to existing behavior that forces users to update tasks. Displayed in both the changelogs and the Porting Guides. +# major_changes + +# Major changes to Ansible itself. Generally does not include module or plugin changes. Displayed in both the changelogs and the Porting Guides. +# minor_changes + +# Minor changes to Ansible, modules, or plugins. This includes new features, new parameters added to modules, or behavior changes to existing parameters. +# deprecated_features + +# Features that have been deprecated and are scheduled for removal in a future release. Displayed in both the changelogs and the Porting Guides. +# removed_features + +# Features that were previously deprecated and are now removed. Displayed in both the changelogs and the Porting Guides. +# security_fixes + +# Fixes that address CVEs or resolve security concerns. Include links to CVE information. +# bugfixes + +# Fixes that resolve issues. +# known_issues + +# Known issues that are currently not fixed or will not be fixed. From 3bb1998bcf318c0a1f26e29fc6b1509300ca1f19 Mon Sep 17 00:00:00 2001 From: diademiemi Date: Thu, 1 Sep 2022 09:32:39 +0200 Subject: [PATCH 09/13] Add changelog --- changelogs/fragments/agent_role.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/changelogs/fragments/agent_role.yml b/changelogs/fragments/agent_role.yml index fca3f00f1..04739413b 100644 --- a/changelogs/fragments/agent_role.yml +++ b/changelogs/fragments/agent_role.yml @@ -3,6 +3,7 @@ minor_changes: - Agent role - Enable forced agent installation, skipping all possible constraints, like downgrades. - Agent role - Make Checkmk server port for API calls configurable. By default the ports 80 and 443 are used according to the configured protocol. + - Agent role - Add a boolean for whether to validate the SSL certificate of the Checkmk server used to retrieve agent packages. # known_issues: # - This release is still in development and a heavy work in progress. From 3ff2fe100d4267e06c4386801cdaca2a40ede7da Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Thu, 1 Sep 2022 09:33:53 +0200 Subject: [PATCH 10/13] Add changelogs. --- changelogs/fragments/agent_role.yml | 1 + changelogs/fragments/modules.yml | 52 +++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+) create mode 100644 changelogs/fragments/modules.yml diff --git a/changelogs/fragments/agent_role.yml b/changelogs/fragments/agent_role.yml index fca3f00f1..88046007e 100644 --- a/changelogs/fragments/agent_role.yml +++ b/changelogs/fragments/agent_role.yml @@ -3,6 +3,7 @@ minor_changes: - Agent role - Enable forced agent installation, skipping all possible constraints, like downgrades. - Agent role - Make Checkmk server port for API calls configurable. By default the ports 80 and 443 are used according to the configured protocol. + - Agent role - Enable usage of the `validate_certs` option, available in all modules. # known_issues: # - This release is still in development and a heavy work in progress. diff --git a/changelogs/fragments/modules.yml b/changelogs/fragments/modules.yml new file mode 100644 index 000000000..92138e57e --- /dev/null +++ b/changelogs/fragments/modules.yml @@ -0,0 +1,52 @@ +# https://docs.ansible.com/ansible/latest/community/development_process.html#changelogs-how-to + +minor_changes: + - Activation module - Make certificate validation of the Checkmk server configurable. + - Discovery module - Make certificate validation of the Checkmk server configurable. + - Downtime module - Make certificate validation of the Checkmk server configurable. + - Folder module - Make certificate validation of the Checkmk server configurable. + - Host module - Make certificate validation of the Checkmk server configurable. + +# known_issues: +# - This release is still in development and a heavy work in progress. +# - Discovery module is not feature complete yet. +# - Downtime module is not fully idempotent yet. This affects service downtimes and deletions. + +## Line Format +# When writing a changelog entry, use the following format: + +# - scope - description starting with a lowercase letter and ending with a period at the very end. Multiple sentences are allowed (https://github.com/reference/to/an/issue or, if there is no issue, reference to a pull request itself). + +# The scope is usually a module or plugin name or group of modules or plugins, for example, lookup plugins. While module names can (and should) be mentioned directly (foo_module), plugin names should always be followed by the type (foo inventory plugin). + +# For changes that are not really scoped (for example, which affect a whole collection), use the following format: + +# - Description starting with an uppercase letter and ending with a dot at the very end. Multiple sentences are allowed (https://github.com/reference/to/an/issue or, if there is no issue, reference to a pull request itself). + + +## Possible keys: + +# breaking_changes + +# Changes that break existing playbooks or roles. This includes any change to existing behavior that forces users to update tasks. Displayed in both the changelogs and the Porting Guides. +# major_changes + +# Major changes to Ansible itself. Generally does not include module or plugin changes. Displayed in both the changelogs and the Porting Guides. +# minor_changes + +# Minor changes to Ansible, modules, or plugins. This includes new features, new parameters added to modules, or behavior changes to existing parameters. +# deprecated_features + +# Features that have been deprecated and are scheduled for removal in a future release. Displayed in both the changelogs and the Porting Guides. +# removed_features + +# Features that were previously deprecated and are now removed. Displayed in both the changelogs and the Porting Guides. +# security_fixes + +# Fixes that address CVEs or resolve security concerns. Include links to CVE information. +# bugfixes + +# Fixes that resolve issues. +# known_issues + +# Known issues that are currently not fixed or will not be fixed. From 823bc01418ca7e21a47c070b5568d6b95b65019e Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Thu, 1 Sep 2022 10:59:38 +0200 Subject: [PATCH 11/13] Bump Checkmk versions. --- tests/integration/targets/activation/vars/main.yml | 4 ++-- tests/integration/targets/discovery/vars/main.yml | 4 ++-- tests/integration/targets/downtime/vars/main.yml | 4 ++-- tests/integration/targets/folder/vars/main.yml | 4 ++-- tests/integration/targets/host/vars/main.yml | 4 ++-- tests/inventory | 11 +++++++++++ 6 files changed, 21 insertions(+), 10 deletions(-) create mode 100644 tests/inventory diff --git a/tests/integration/targets/activation/vars/main.yml b/tests/integration/targets/activation/vars/main.yml index a0221a300..aac4d7b05 100644 --- a/tests/integration/targets/activation/vars/main.yml +++ b/tests/integration/targets/activation/vars/main.yml @@ -1,8 +1,8 @@ --- checkmk_versions: - - version: "2.1.0p10" + - version: "2.1.0p11" site: "stable" - - version: "2.0.0p27" + - version: "2.0.0p28" site: "oldstable" download_url: "https://download.checkmk.com/checkmk/{{ item.version }}/check-mk-raw-{{ item.version }}_0.{{ ansible_distribution_release }}_amd64.deb" server_url: "http://127.0.0.1/" diff --git a/tests/integration/targets/discovery/vars/main.yml b/tests/integration/targets/discovery/vars/main.yml index a0221a300..aac4d7b05 100644 --- a/tests/integration/targets/discovery/vars/main.yml +++ b/tests/integration/targets/discovery/vars/main.yml @@ -1,8 +1,8 @@ --- checkmk_versions: - - version: "2.1.0p10" + - version: "2.1.0p11" site: "stable" - - version: "2.0.0p27" + - version: "2.0.0p28" site: "oldstable" download_url: "https://download.checkmk.com/checkmk/{{ item.version }}/check-mk-raw-{{ item.version }}_0.{{ ansible_distribution_release }}_amd64.deb" server_url: "http://127.0.0.1/" diff --git a/tests/integration/targets/downtime/vars/main.yml b/tests/integration/targets/downtime/vars/main.yml index 131f5fe3d..6548b9b0e 100644 --- a/tests/integration/targets/downtime/vars/main.yml +++ b/tests/integration/targets/downtime/vars/main.yml @@ -1,8 +1,8 @@ --- checkmk_versions: - - version: "2.1.0p10" + - version: "2.1.0p11" site: "stable" - - version: "2.0.0p27" + - version: "2.0.0p28" site: "oldstable" download_url: "https://download.checkmk.com/checkmk/{{ item.version }}/check-mk-raw-{{ item.version }}_0.{{ ansible_distribution_release }}_amd64.deb" site: "test" diff --git a/tests/integration/targets/folder/vars/main.yml b/tests/integration/targets/folder/vars/main.yml index f9615b50b..6d3c60c45 100644 --- a/tests/integration/targets/folder/vars/main.yml +++ b/tests/integration/targets/folder/vars/main.yml @@ -1,8 +1,8 @@ --- checkmk_versions: - - version: "2.1.0p10" + - version: "2.1.0p11" site: "stable" - - version: "2.0.0p27" + - version: "2.0.0p28" site: "oldstable" download_url: "https://download.checkmk.com/checkmk/{{ item.version }}/check-mk-raw-{{ item.version }}_0.{{ ansible_distribution_release }}_amd64.deb" site: "test" diff --git a/tests/integration/targets/host/vars/main.yml b/tests/integration/targets/host/vars/main.yml index 131f5fe3d..6548b9b0e 100644 --- a/tests/integration/targets/host/vars/main.yml +++ b/tests/integration/targets/host/vars/main.yml @@ -1,8 +1,8 @@ --- checkmk_versions: - - version: "2.1.0p10" + - version: "2.1.0p11" site: "stable" - - version: "2.0.0p27" + - version: "2.0.0p28" site: "oldstable" download_url: "https://download.checkmk.com/checkmk/{{ item.version }}/check-mk-raw-{{ item.version }}_0.{{ ansible_distribution_release }}_amd64.deb" site: "test" diff --git a/tests/inventory b/tests/inventory new file mode 100644 index 000000000..b1512e380 --- /dev/null +++ b/tests/inventory @@ -0,0 +1,11 @@ +[testgroup] +test1.tld folder="/" +test2.tld folder="/" +test3.tld folder="/" +test4.tld folder="/" +test5.tld folder="/" +test6.tld folder="/" +test7.tld folder="/" +test8.tld folder="/" +test9.tld folder="/" +test10.tld folder="/" \ No newline at end of file From c76abb98ff2392ed6a7501ee582b2b7f8aa0ec86 Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Thu, 1 Sep 2022 11:03:26 +0200 Subject: [PATCH 12/13] Prepare release. --- changelogs/fragments/server_role.yml | 2 +- galaxy.yml | 2 +- requirements.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/changelogs/fragments/server_role.yml b/changelogs/fragments/server_role.yml index 15aaa2169..75087dd87 100644 --- a/changelogs/fragments/server_role.yml +++ b/changelogs/fragments/server_role.yml @@ -1,7 +1,7 @@ # https://docs.ansible.com/ansible/latest/community/development_process.html#changelogs-how-to minor_changes: - - Server role - Fix setup file verification on Debian derivates. Using gpg instead dpkg-sig now. + - Server role - Fix setup file verification on Debian derivates. Using gpg instead of dpkg-sig now. # known_issues: # - This release is still in development and a heavy work in progress. diff --git a/galaxy.yml b/galaxy.yml index a0c28b9c9..911df2f67 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -9,7 +9,7 @@ namespace: tribe29 name: checkmk # The version of the collection. Must be compatible with semantic versioning -version: 0.7.0 +version: 0.8.0 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: README.md diff --git a/requirements.yml b/requirements.yml index c5ee1c7a9..11aa38111 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,4 +1,4 @@ --- collections: - name: tribe29.checkmk - version: 0.7.0 + version: 0.8.0 From 299da0fa4c5747f297874ba3d1aa4ff2ea936254 Mon Sep 17 00:00:00 2001 From: Robin Gierse Date: Thu, 1 Sep 2022 12:18:56 +0200 Subject: [PATCH 13/13] Delete obsolete file. --- tests/inventory | 11 ----------- 1 file changed, 11 deletions(-) delete mode 100644 tests/inventory diff --git a/tests/inventory b/tests/inventory deleted file mode 100644 index b1512e380..000000000 --- a/tests/inventory +++ /dev/null @@ -1,11 +0,0 @@ -[testgroup] -test1.tld folder="/" -test2.tld folder="/" -test3.tld folder="/" -test4.tld folder="/" -test5.tld folder="/" -test6.tld folder="/" -test7.tld folder="/" -test8.tld folder="/" -test9.tld folder="/" -test10.tld folder="/" \ No newline at end of file