pull shared values out so it is easier to see variance from prod to s…

…taging

group_vars/checkmk/production.yml

@@ -1,65 +1,16 @@
 ---
-server_url: "pulcheck-prod1.princeton.edu"
-site: "pulmonitor"
-# this was a failed attempt to use the 'automation' user
-# within checkmk
-# we created our own user instead
-# automation_user: "ansible_automation"
-# automation_secret: "{{ vault_ansible_automation_secret }}"
-
-checkmk_folders:
-  - path: /linux/sandboxes
-    title: Sandboxes
-
 # Agent role
-checkmk_agent_add_host: 'true'
-checkmk_agent_auto_activate: "true" # set this to 'true' to run the handler
-checkmk_agent_configure_firewall: 'false'
-checkmk_agent_delegate_api_calls: "{{ inventory_hostname }}"
-checkmk_agent_discover: 'true'
 checkmk_agent_edition: cee
-checkmk_server_download_user: "{{ vault_checkmk_download_user }}"
-checkmk_server_download_pass: "{{ vault_checkmk_download_pass }}"
-checkmk_agent_force_foreign_changes: "true"
-checkmk_agent_host_name: "{{ inventory_hostname }}"
-checkmk_agent_port: 6556
+# what is 'agent_prep_legacy' for?
+# we only set it in production
 checkmk_agent_prep_legacy: 'false'
-checkmk_agent_protocol: http
-checkmk_agent_receiver_port: 8000
-checkmk_agent_registration_server: "{{ checkmk_agent_server }}"
-checkmk_agent_registration_site: "{{ checkmk_agent_site }}"
-checkmk_agent_server: "{{ server_url }}"
-checkmk_agent_server_port: 80
-checkmk_agent_server_protocol: http
-checkmk_agent_server_validate_certs: "true"
-checkmk_agent_site: pulmonitor
-checkmk_agent_tls: 'true'
-checkmk_agent_update: 'true'
+checkmk_agent_server: "pulcheck-prod1.princeton.edu"
 checkmk_agent_version: "2.3.0p15"
 
-# in theory, we can use secrets or passwords
-# only passwords seem to work at the command line
-# checkmk_agent_user: "{{ automation_user | default('automation') }}"
-# checkmk_agent_pass: "{{ automation_secret }}"
-checkmk_agent_user: troubleshooting
-checkmk_agent_pass: "{{ vault_checkmk_pass }}"
-checkmk_agent_auth: "{{ checkmk_agent_pass }}"
+checkmk_folders:
+  - path: /linux/sandboxes
+    title: Sandboxes
+
 # Server Role
 checkmk_server_edition: cee
 checkmk_server_version: 2.3.0p15
-checkmk_server_verify_setup: 'true'
-checkmk_server_configure_firewall: 'false'
-
-
-checkmk_server_sites:
-  - name: pulmonitor
-    version: "{{ checkmk_server_version }}"
-    state: started
-    admin_pw: "{{ vault_admin_pw }}"
-    update_conflict_resolution: install
-    omd_auto_restart: 'false'
-    omd_config:
-      - var: LIVESTATUS_TCP
-        value: "on"
-      - var: LIVESTATUS_TCP_PORT
-        value: "6557"

group_vars/checkmk/shared.yml

@@ -0,0 +1,61 @@
+---
+# these vars are set per environment
+# server_url:
+# checkmk_folders:
+#   - path: /linux/sandboxes
+#     title: Sandboxes
+# checkmk_agent_server: "{{ server_url }}"
+# SOON TO BE SHARED
+# checkmk_agent_edition: cee
+# checkmk_agent_version: "2.3.0p15" / 2.2.0p9
+# checkmk_agent_update: 'true' / not listed
+# checkmk_server_edition: cee / cre
+# checkmk_server_version: 2.3.0p15 / 2.2.0p9
+
+# These values are shared
+site: "pulmonitor"
+# agent auth
+checkmk_agent_user: troubleshooting
+checkmk_agent_pass: "{{ vault_checkmk_pass }}"
+checkmk_agent_auth: "{{ checkmk_agent_pass }}"
+# other agent settings, alphabetized
+checkmk_agent_add_host: 'true'
+checkmk_agent_auto_activate: "true" # set this to 'true' to run the handler
+checkmk_agent_configure_firewall: 'false'
+checkmk_agent_delegate_api_calls: "{{ inventory_hostname }}"
+checkmk_agent_discover: 'true'
+checkmk_agent_folder: "{{ checkmk_folder }}" # all lowercase, for example: /linux/rdss
+checkmk_agent_force_foreign_changes: "true"
+# we may want to remove this, I think we override it in the playbook
+# to strip 'princeton.edu' from the hostnames
+checkmk_agent_host_name: "{{ inventory_hostname }}"
+checkmk_agent_port: 6556
+checkmk_agent_protocol: http
+checkmk_agent_receiver_port: 8000
+checkmk_agent_registration_server: "{{ checkmk_agent_server }}"
+checkmk_agent_registration_site: "{{ checkmk_agent_site }}"
+checkmk_agent_server_port: 80
+checkmk_agent_server_protocol: http
+checkmk_agent_server_validate_certs: "true"
+checkmk_agent_site: pulmonitor
+checkmk_agent_tls: 'true'
+checkmk_agent_update: 'true'
+
+# Server Role
+checkmk_server_configure_firewall: 'false'
+checkmk_server_download_pass: "{{ vault_checkmk_download_pass }}"
+checkmk_server_download_user: "{{ vault_checkmk_download_user }}"
+checkmk_server_verify_setup: 'true'
+# sites listing
+checkmk_server_sites:
+  - name: pulmonitor
+    version: "{{ checkmk_server_version }}"
+    state: started
+    admin_pw: "{{ vault_admin_pw }}"
+    update_conflict_resolution: install
+    omd_auto_restart: 'false'
+    omd_config:
+      - var: LIVESTATUS_TCP
+        value: "on"
+      - var: LIVESTATUS_TCP_PORT
+        value: "6557"

group_vars/checkmk/staging.yml

@@ -1,34 +1,8 @@
 ---
-checkmk_agent_version: "2.2.0p9"
-checkmk_agent_edition: cee
-checkmk_server_download_user: "{{ vault_checkmk_download_user }}"
-checkmk_server_download_pass: "{{ vault_checkmk_download_pass }}"
-checkmk_agent_server_protocol: http
+# agent vars
+checkmk_agent_edition: cre
 checkmk_agent_server: pulcheck-staging1.princeton.edu
-checkmk_agent_server_validate_certs: "true"
-checkmk_agent_server_port: 80
-# the receiver_port var is not used in the collection role
-# we added it in our copy of the checkmk_agent role:
-checkmk_agent_receiver_port: 8000
-checkmk_agent_site: pulmonitor
-checkmk_agent_registration_server: "{{ checkmk_agent_server }}"
-checkmk_agent_registration_site: "{{ checkmk_agent_site }}"
-# in theory, we can use secrets or passwords
-# only passwords seem to work at the command line
-checkmk_agent_user: troubleshooting
-checkmk_agent_pass: "{{ vault_checkmk_pass }}"
-checkmk_agent_auth: "{{ checkmk_agent_pass }}"
-# - checkmk_agent_user: ansible
-# - checkmk_agent_secret: "{{ vault_checkmk_secret }}"
-# - checkmk_agent_auth: "{{ checkmk_agent_secret }}"
-checkmk_agent_port: 6556
-checkmk_agent_folder: "{{ checkmk_folder }}" # all lowercase, for example: /linux/rdss
-checkmk_agent_discover: "true" # works with false
-checkmk_agent_tls: "true"
-checkmk_agent_configure_firewall: "false"
-checkmk_agent_add_host: "true"
-checkmk_agent_host_name: "{{ inventory_hostname }}"
-checkmk_agent_auto_activate: "true" # set this to 'true' to run the handler
-# requires setting a host to run the API calls from . . .
-checkmk_agent_delegate_api_calls: "{{ inventory_hostname }}"
-checkmk_agent_force_foreign_changes: "true"
+checkmk_agent_version: "2.2.0p9"
+# server vars
+checkmk_server_edition: cre
+checkmk_server_version: "2.2.0p9"