Merge pull request #615 from Checkmk/feature/agent-improve-idempotency

Improve idempotency of the registration tasks in the agent
Checkmk · Jun 14, 2024 · 4f35237 · 4f35237
2 parents e1156d8 + d51026c
commit 4f35237
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 4 deletions.
diff --git a/changelogs/fragments/agent.yml b/changelogs/fragments/agent.yml
@@ -0,0 +1,10 @@
+bugfixes:
+  - Agent role - For Windows hosts the download of correct setup files was broken
+    due to a mixup in the modules used to fetch the files. The role would always
+    fall back to the GENERIC agent, even if a specific agent was available.
+    This is fixed now.
+
+minor_changes:
+  - Agent role - Improve idempotency by reading the registration states both for
+    Agent registration and Updater registration and skipping the registration
+    if it is not necessary.
diff --git a/roles/agent/tasks/Linux.yml b/roles/agent/tasks/Linux.yml
@@ -87,6 +87,21 @@
     path: /usr/bin/cmk-agent-ctl
   register: __checkmk_agent_controller_binary
 
+- name: "{{ ansible_system }}: Read Agent Controller State."
+  become: true
+  ansible.builtin.command: cat /var/lib/cmk-agent/registered_connections.json
+  register: __checkmk_agent_registered_connections
+  changed_when: false
+
+- name: "{{ ansible_system }}: Read Updater State."
+  become: true
+  ansible.builtin.command: cat /var/lib/check_mk_agent/cache/plugins_cmk-update-agent.cache
+  register: __checkmk_agent_updater_state
+  changed_when: false
+  failed_when: |
+    not __checkmk_agent_updater_state.rc == 0
+    and not __checkmk_agent_updater_state.rc == 1
+
 - name: "{{ ansible_system }}: Register Agent for automatic Updates using User Password."  # noqa no-changed-when
   become: true
   ansible.builtin.shell: |
@@ -101,6 +116,7 @@
     and checkmk_agent_update | bool
     and (checkmk_agent_pass is defined and checkmk_agent_pass | length)
     and (checkmk_agent_secret is not defined)
+    and not checkmk_agent_registration_server + '/' + checkmk_agent_registration_site in __checkmk_agent_updater_state.stdout
 
 - name: "{{ ansible_system }}: Register Agent for automatic Updates using Automation Secret."  # noqa no-changed-when
   become: true
@@ -115,6 +131,7 @@
     and __checkmk_agent_updater_binary.stat.exists | bool
     and checkmk_agent_update | bool
     and (checkmk_agent_secret is defined and checkmk_agent_secret | length)
+    and not checkmk_agent_registration_server + '/' + checkmk_agent_registration_site in __checkmk_agent_updater_state.stdout
 
 - name: "{{ ansible_system }}: Register Agent for TLS."  # noqa no-changed-when
   become: true
@@ -128,6 +145,7 @@
     __checkmk_agent_controller_binary.stat.exists | bool
     and checkmk_agent_tls | bool
     and (__checkmk_agent_auth is defined and __checkmk_agent_auth | length)
+    and not checkmk_agent_registration_server + '/' + checkmk_agent_registration_site in __checkmk_agent_registered_connections.stdout
 
 - name: "{{ ansible_system }}: Verify Checkmk Agent Port is open."
   ansible.builtin.wait_for:

diff --git a/roles/agent/tasks/Win32NT-files.yml b/roles/agent/tasks/Win32NT-files.yml
@@ -121,13 +121,13 @@
       register: __checkmk_agent_host_download_state
       # This task may fail, as we fall back to the generic agent in that case
       failed_when: 'false'
-      changed_when: __checkmk_agent_host_download_state.status_code is defined and __checkmk_agent_host_download_state.status_code == 200
+      changed_when: __checkmk_agent_host_download_state.status is defined and __checkmk_agent_host_download_state.status == 200
       delegate_to: "{{ checkmk_agent_delegate_download }}"
 
     - name: "{{ ansible_system }}: Set Fact: Agent State: host-specific."
       ansible.builtin.set_fact:
         checkmk_agent_host_specific: >-
-          {{ (__checkmk_agent_host_download_state.status_code is defined and __checkmk_agent_host_download_state.status_code == 200) | bool }}
+          {{ (__checkmk_agent_host_download_state.status is defined and __checkmk_agent_host_download_state.status == 200) | bool }}
 
     - name: "{{ ansible_system }}: Download folder-specific {{ checkmk_agent_edition | upper }} Agent (delegated)."
       ansible.builtin.uri:
@@ -149,13 +149,13 @@
         and not checkmk_agent_host_specific | bool
       retries: 3
       failed_when: 'false'
-      changed_when: __checkmk_agent_folder_download_state.status_code is defined and __checkmk_agent_folder_download_state.status_code == 200
+      changed_when: __checkmk_agent_folder_download_state.status is defined and __checkmk_agent_folder_download_state.status == 200
       delegate_to: "{{ checkmk_agent_delegate_download }}"
 
     - name: "{{ ansible_system }}: Set Fact: Agent State: folder-specific."
       ansible.builtin.set_fact:
         checkmk_agent_folder_specific: >-
-          {{ (__checkmk_agent_folder_download_state.status_code is defined and __checkmk_agent_folder_download_state.status_code == 200) | bool }}
+          {{ (__checkmk_agent_folder_download_state.status is defined and __checkmk_agent_folder_download_state.status == 200) | bool }}
 
     - name: "{{ ansible_system }}: Download GENERIC {{ checkmk_agent_edition | upper }} Agent (delegated)."
       ansible.builtin.uri:

diff --git a/roles/agent/tasks/Win32NT.yml b/roles/agent/tasks/Win32NT.yml
@@ -40,6 +40,20 @@
     path: "{{ __checkmk_agent_binary_path }}"
   register: __checkmk_agent_binary
 
+- name: "{{ ansible_system }}: Read Agent Controller State."
+  ansible.windows.win_command: powershell.exe -
+  args:
+    stdin: Get-Content -ErrorAction Ignore -LiteralPath C:\ProgramData\checkmk\agent\registered_connections.json ; Exit 0
+  register: __checkmk_agent_registered_connections
+  changed_when: false
+
+- name: "{{ ansible_system }}: Read Updater State."
+  ansible.windows.win_command: powershell.exe -
+  args:
+    stdin: Get-Content -ErrorAction Ignore -LiteralPath C:\ProgramData\checkmk\agent\config\cmk-update-agent.state ; Exit 0
+  register: __checkmk_agent_updater_state
+  changed_when: false
+
 - name: "{{ ansible_system }}: Register Agent for automatic Updates using User Password."  # noqa no-changed-when
   ansible.windows.win_command: |
     check_mk_agent.exe updater register -H {{ checkmk_agent_host_name }} \
@@ -55,6 +69,7 @@
     and checkmk_agent_update | bool
     and (checkmk_agent_pass is defined and checkmk_agent_pass | length)
     and (checkmk_agent_secret is not defined)
+    and not '\'server\': \'' + checkmk_agent_registration_server + '\', \'site\': \'' + checkmk_agent_registration_site + '\'' in __checkmk_agent_updater_state.stdout
 
 - name: "{{ ansible_system }}: Register Agent for automatic Updates using Automation Secret."  # noqa no-changed-when
   ansible.windows.win_command: |
@@ -70,6 +85,7 @@
     and __checkmk_agent_binary.stat.exists | bool
     and checkmk_agent_update | bool
     and (checkmk_agent_secret is defined and checkmk_agent_secret | length)
+    and not '\'server\': \'' + checkmk_agent_registration_server + '\', \'site\': \'' + checkmk_agent_registration_site + '\'' in __checkmk_agent_updater_state.stdout
 
 - name: "Trigger Activate Changes to enable TLS registration."
   ansible.builtin.meta:
@@ -88,6 +104,7 @@
     __checkmk_agent_controller_binary.stat.exists | bool
     and checkmk_agent_tls | bool
     and (__checkmk_agent_auth is defined and __checkmk_agent_auth | length)
+    and not checkmk_agent_registration_server + '/' + checkmk_agent_registration_site in __checkmk_agent_registered_connections.stdout
 
 - name: "{{ ansible_system }}: Verify Checkmk Agent Port is open."
   ansible.windows.win_wait_for: