Allow proxy registration via agent role #697
Conversation
Release 5.3.1 Encore
Release 5.3.1 Encore 2
Update changelogs and docs upon release
Rebuild tests using Checkmk containers
github-actions
bot
added
documentation
|
All contributors have signed the CLA ✍️ ✅ |
|
@ra2xfael Please follow the instructions from the CLA bot, for us to be able to merge this PR (pending review). |
Bumps [tomli](https://github.com/hukkin/tomli) from 2.1.0 to 2.2.1. - [Changelog](https://github.com/hukkin/tomli/blob/master/CHANGELOG.md) - [Commits](hukkin/tomli@2.1.0...2.2.1) --- updated-dependencies: - dependency-name: tomli dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…i-2.2.1 Bump tomli from 2.1.0 to 2.2.1
|
Thanks for your contribution! We are pressed for time right now, but rest assured, this will be reviewed, as soon as we find the time. ✌️ |
|
@ra2xfael in the meantime, you can look into the test failures and try to fix them. That will speed up the review process. |
Bumps [click](https://github.com/pallets/click) from 8.1.7 to 8.1.8. - [Release notes](https://github.com/pallets/click/releases) - [Changelog](https://github.com/pallets/click/blob/main/CHANGES.rst) - [Commits](pallets/click@8.1.7...8.1.8) --- updated-dependencies: - dependency-name: click dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…k-8.1.8 Bump click from 8.1.7 to 8.1.8
There was a problem hiding this comment.
You pushed changes, while I was reviewing, so I hope my review is not outdated. :)
Overall I really appreciate the quality of the pull request. There are just some minor changes necessary I think.
Also, it would be nice to keep an eye on idempotency, but it is not a hard requirement. I just know we have users, who have a keen eye on this. ;)
roles/agent/README.md
Outdated
| Configure the host which is used to register the target on the checkmk server for TLS. This can be used to keep firewalls closed between the target and the server, which would be necessary for tls registration (8000, 8001, ...). | ||
|
|
There was a problem hiding this comment.
This needs clarification. See my comment in the defaults file as well. I think I understand, what you are trying to do, but I struggle to use it without much thinking, which is not a good sign for usability. We probably need to discuss which default value makes sense and how to make it as accessible as possible.
Also, we should mention, that the system, we delegate the task to, requires the Checkmk agent installed.
Thanks for the pull review @robin-checkmk !
|
Add argument specs for roles
[Auto] Update changelogs and docs upon release
…ection-checkmk.general into proxy-registration
|
@ra2xfael I wanted to rebase your changes on |
|
Hi @robin-checkmk, everything looks fine. The changes I made have been retained, there should be no problem with merging |
To register agents
proxy-registrationcan be used on a separate machine, which is already fully provisioned (tls registered). This allows the role user to keep the firewall between ansible target and CheckMK server closed. The proxy-registration port only needs to be open between delegation target and server.Pull request type
What is the current behavior?
Proxy registration is not possible using the agent ansible role. Regular registration needs to be used or proxy registration executed manually.
What is the new behavior?
cmk-agent-ctl proxy-registrationis executed automatically on a delegate target and the encryption key is directly imported on the ansible target.checkmk_agent_delegate_registrationis introduced by default. To set itcheckmk_agent_proxy_registrationcan be used.