Updates checkMK for move to production (#5389)

* update checkmk playbook to use Enterprise edition Co-authored-by: Beck Davis <[email protected]> Co-authored-by: Denzil Phillips <[email protected]> Co-authored-by: Francis Kayiwa <[email protected]> Co-authored-by: Vickie Karasic <[email protected]> * use same version as on OOBM monitoring system Co-authored-by: Beck Davis <[email protected]> Co-authored-by: Denzil Phillips <[email protected]> Co-authored-by: Francis Kayiwa <[email protected]> Co-authored-by: Vickie Karasic <[email protected]> * change the server version to cee also change the version to match OOBM Co-authored-by: Alicia Cozine <[email protected]> Co-authored-by: Beck Davis <[email protected]> Co-authored-by: Denzil Phillips <[email protected]> Co-authored-by: Vickie Karasic <[email protected]> * pull shared values out so it is easier to see variance from prod to staging * add new nginx config Co-authored-by: Alicia Cozine <[email protected]> Co-authored-by: Angel Ruiz <[email protected]> Co-authored-by: Beck Davis <[email protected]> Co-authored-by: Denzil Phillips <[email protected]> Co-authored-by: John Kazmierski <[email protected]> Co-authored-by: Vickie Karasic <[email protected]> * add the download users credentials * add download user credentials Co-authored-by: Angel Ruiz <[email protected]> Co-authored-by: Beck Davis <[email protected]> Co-authored-by: Denzil Phillips <[email protected]> Co-authored-by: Vickie Karasic <[email protected]> --------- Co-authored-by: Alicia Cozine <[email protected]> Co-authored-by: Beck Davis <[email protected]> Co-authored-by: Denzil Phillips <[email protected]> Co-authored-by: Francis Kayiwa <[email protected]> Co-authored-by: Vickie Karasic <[email protected]> Co-authored-by: Francis Kayiwa <[email protected]> Co-authored-by: Angel Ruiz <[email protected]> Co-authored-by: John Kazmierski <[email protected]>
pulibrary · Jan 23, 2025 · 3774658 · 3774658
1 parent c7e99b9
commit 3774658
Show file tree

Hide file tree

Showing 7 changed files with 111 additions and 67 deletions.
diff --git a/group_vars/checkmk/production.yml b/group_vars/checkmk/production.yml
@@ -1,60 +1,16 @@
 ---
-server_url: "pulcheck-prod1.princeton.edu"
-site: "pulmonitor"
-automation_user: "ansible_automation"
-automation_secret: "{{ vault_ansible_automation_secret }}"
+# Agent role
+checkmk_agent_edition: cee
+# what is 'agent_prep_legacy' for?
+# we only set it in production
+checkmk_agent_prep_legacy: 'false'
+checkmk_agent_server: "pulcheck-prod1.princeton.edu"
+checkmk_agent_version: "2.3.0p15"
 
 checkmk_folders:
   - path: /linux/sandboxes
     title: Sandboxes
 
-# Agent role
-checkmk_agent_add_host: 'true'
-checkmk_agent_auto_activate: "true" # set this to 'true' to run the handler
-checkmk_agent_configure_firewall: 'false'
-checkmk_agent_delegate_api_calls: "{{ inventory_hostname }}"
-checkmk_agent_discover: 'true'
-checkmk_agent_edition: cre
-checkmk_agent_force_foreign_changes: "true"
-checkmk_agent_host_name: "{{ inventory_hostname }}"
-checkmk_agent_port: 6556
-checkmk_agent_prep_legacy: 'false'
-checkmk_agent_protocol: http
-checkmk_agent_receiver_port: 8000
-checkmk_agent_registration_server: "{{ checkmk_agent_server }}"
-checkmk_agent_registration_site: "{{ checkmk_agent_site }}"
-checkmk_agent_server: "{{ server_url }}"
-checkmk_agent_server_port: 80
-checkmk_agent_server_protocol: http
-checkmk_agent_server_validate_certs: "true"
-checkmk_agent_site: pulmonitor
-checkmk_agent_tls: 'true'
-checkmk_agent_update: 'true'
-checkmk_agent_version: "2.3.0"
-
-# in theory, we can use secrets or passwords
-# only passwords seem to work at the command line
-# checkmk_agent_user: "{{ automation_user | default('automation') }}"
-# checkmk_agent_pass: "{{ automation_secret }}"
-checkmk_agent_user: troubleshooting
-checkmk_agent_pass: "{{ vault_checkmk_pass }}"
-checkmk_agent_auth: "{{ checkmk_agent_pass }}"
 # Server Role
-checkmk_server_edition: cre
-checkmk_server_version: 2.3.0
-checkmk_server_verify_setup: 'true'
-checkmk_server_configure_firewall: 'false'
-
-
-checkmk_server_sites:
-  - name: pulmonitor
-    version: "{{ checkmk_server_version }}"
-    state: started
-    admin_pw: "{{ vault_admin_pw }}"
-    update_conflict_resolution: install
-    omd_auto_restart: 'false'
-    omd_config:
-      - var: LIVESTATUS_TCP
-        value: "on"
-      - var: LIVESTATUS_TCP_PORT
-        value: "6557"
+checkmk_server_edition: cee
+checkmk_server_version: 2.3.0p15
diff --git a/group_vars/checkmk/shared.yml b/group_vars/checkmk/shared.yml
@@ -0,0 +1,61 @@
+---
+# these vars are set per environment
+# server_url:
+# checkmk_folders:
+#   - path: /linux/sandboxes
+#     title: Sandboxes
+# checkmk_agent_server: "{{ server_url }}"
+# SOON TO BE SHARED
+# checkmk_agent_edition: cee
+# checkmk_agent_version: "2.3.0p15" / 2.2.0p9
+# checkmk_agent_update: 'true' / not listed
+# checkmk_server_edition: cee / cre
+# checkmk_server_version: 2.3.0p15 / 2.2.0p9
+
+# These values are shared
+site: "pulmonitor"
+# agent auth
+checkmk_agent_user: troubleshooting
+checkmk_agent_pass: "{{ vault_checkmk_pass }}"
+checkmk_agent_auth: "{{ checkmk_agent_pass }}"
+# other agent settings, alphabetized
+checkmk_agent_add_host: 'true'
+checkmk_agent_auto_activate: "true" # set this to 'true' to run the handler
+checkmk_agent_configure_firewall: 'false'
+checkmk_agent_delegate_api_calls: "{{ inventory_hostname }}"
+checkmk_agent_discover: 'true'
+checkmk_agent_folder: "{{ checkmk_folder }}" # all lowercase, for example: /linux/rdss
+checkmk_agent_force_foreign_changes: "true"
+# we may want to remove this, I think we override it in the playbook
+# to strip 'princeton.edu' from the hostnames
+checkmk_agent_host_name: "{{ inventory_hostname }}"
+checkmk_agent_port: 6556
+checkmk_agent_protocol: http
+checkmk_agent_receiver_port: 8000
+checkmk_agent_registration_server: "{{ checkmk_agent_server }}"
+checkmk_agent_registration_site: "{{ checkmk_agent_site }}"
+checkmk_agent_server_port: 80
+checkmk_agent_server_protocol: http
+checkmk_agent_server_validate_certs: "true"
+checkmk_agent_site: pulmonitor
+checkmk_agent_tls: 'true'
+checkmk_agent_update: 'true'
+
+# Server Role
+checkmk_server_configure_firewall: 'false'
+checkmk_server_download_pass: "{{ vault_checkmk_download_pass }}"
+checkmk_server_download_user: "{{ vault_checkmk_download_user }}"
+checkmk_server_verify_setup: 'true'
+# sites listing
+checkmk_server_sites:
+  - name: pulmonitor
+    version: "{{ checkmk_server_version }}"
+    state: started
+    admin_pw: "{{ vault_admin_pw }}"
+    update_conflict_resolution: install
+    omd_auto_restart: 'false'
+    omd_config:
+      - var: LIVESTATUS_TCP
+        value: "on"
+      - var: LIVESTATUS_TCP_PORT
+        value: "6557"
diff --git a/group_vars/checkmk/staging.yml b/group_vars/checkmk/staging.yml
@@ -1,10 +1,16 @@
 ---
-checkmk_agent_version: "2.2.0p9"
+# agent vars
 checkmk_agent_edition: cre
+checkmk_agent_server: pulmonitor-staging1.princeton.edu
+checkmk_agent_version: "2.2.0p9"
+# server vars
+checkmk_server_edition: cre
+checkmk_server_version: 2.2.0p9
 checkmk_agent_server_protocol: http
-checkmk_agent_server: pulcheck-staging1.princeton.edu
 checkmk_agent_server_validate_certs: "true"
 checkmk_agent_server_port: 80
+checkmk_server_download_user: "{{ vault_checkmk_download_user }}"
+checkmk_server_download_pass: "{{ vault_checkmk_download_pass }}"
 # the receiver_port var is not used in the collection role
 # we added it in our copy of the checkmk_agent role:
 checkmk_agent_receiver_port: 8000
@@ -30,3 +36,16 @@ checkmk_agent_auto_activate: "true" # set this to 'true' to run the handler
 # requires setting a host to run the API calls from . . .
 checkmk_agent_delegate_api_calls: "{{ inventory_hostname }}"
 checkmk_agent_force_foreign_changes: "true"
+
+checkmk_folger: /linux/sandboxes
+
+checkmk_server_sites:
+  - name: 'pulmonitor'
+    version: "{{ checkmk_server_version }}"
+    update_conflict_resolution: 'abort'
+    state: 'started'
+    admin_pw: '{{ vault_checkmk_pass }}'
+    omd_auto_restart: 'false'
+    omd_config:
+      - var: AUTOSTART
+        value: 'on'
diff --git a/group_vars/checkmk/vault.yml b/group_vars/checkmk/vault.yml
@@ -1,10 +1,14 @@
 $ANSIBLE_VAULT;1.1;AES256
-34393936313438353737303361623065313438313530323335336130666364333962376665383134
-3231643532616464666232393137346364363330373861340a363733633764333135633938663861
-63336633626136633164353935326330326235656634653665643739636237353532333130646164
-3430643030636438640a663261373964343565336635396637663032373735306366303064336461
-62353934306566643739393235623364646261316363643836343966323335623961646230373834
-39646330396563623763396463633534636230623065323438323434633430323364626139353537
-38313166393561653531616465373761633264653432316436306663643639316231666236623731
-31383832336139663539653539376264626234393038613638623937363930373364326238313738
-6135
+30366161346131346366366130663331356231363730623534396335323864303463356335646163
+3739346337333666336130646161353061623139376133630a396361623837313639653261663338
+33643761626635386263633261343736366334663666326234363031633733366561363036366366
+3465656135343735350a646662383565623432386636643230343232633237376463326132616637
+62313234396661666635333438616436623533303761333136656362356561343139333937326437
+64626464383837343432316337393165633934306466393237316465326262333134663564306333
+34643265353464393763306130663064326133373031626239393466613637343935616266623862
+61616261633862646330393739613034303966363238343030333633313932333364326139663633
+31643063643939633135653030386436386238653661333736343533383063313334613235323164
+32623930623635373234643363323633653537623564353961353962346263633035323765623966
+62653434666264613135636565363866356263353933316231643563396366326330633863316462
+61343933393937633061356632633363363534643362613237346134396662356439663365356665
+34353030653434313464303261326232316632623730613862336666333735383565
diff --git a/inventory/all_projects/_orphans b/inventory/all_projects/_orphans
@@ -21,6 +21,7 @@ libserv144.princeton.edu # veridian server
 lib-adc1.princeton.edu
 lib-adc2.princeton.edu
 libphp-prod.princeton.edu
+pulcheck-staging1.princeton.edu
 pulsearch-db.princeton.edu # running Ubuntu 12.04!!!
 [ask_phillippe]
 libserv24.princeton.edu # cold

diff --git a/inventory/all_projects/checkmk b/inventory/all_projects/checkmk
@@ -1,4 +1,4 @@
 [pulcheck_production]
 pulcheck-prod1.princeton.edu
 [pulcheck_staging]
-pulcheck-staging1.princeton.edu
+pulmonitor-staging1.princeton.edu
diff --git a/roles/nginxplus/files/conf/http/pulmonitor_staging.conf b/roles/nginxplus/files/conf/http/pulmonitor_staging.conf
@@ -28,8 +28,12 @@ server {
     ssl_session_cache          shared:SSL:1m;
     ssl_prefer_server_ciphers  on;
 
+    # Redirect top level traffic to /pulmonitor/
     location / {
-        proxy_pass http://pulmonitor-staging;
+        return 302 https://$server_name/pulmonitor/;
+    }
+    location /pulmonitor/ {
+        proxy_pass http://pulmonitor-staging/pulmonitor/;
         proxy_set_header X-Forwarded-Host $host;
         proxy_cache pulmonitor-stagingcache;
         health_check interval=10 fails=3 passes=2;
@@ -40,5 +44,4 @@ server {
     }
 
     include /etc/nginx/conf.d/templates/staging-maintenance.conf;
-
 }