[FEED] Support agent registration and download on remote site

[robin-checkmk]

Please verify first that your feedback is not already reported here.
If possible and useful provide additional information below. This is optional however.

Provide your feedback

Currently, the agent role can only talk to one site, which has to be the central site for most things to work.
This works in a lot of environments and makes sense, but it brings along limitations, which we need to address.

The goal of this issue is to:

• Enable agent download through remote site (this is an upstream issue)
• Enable agent registration for TLS and agent updates against remote site

Component Name

agent role

Ansible Version

$ ansible --version

Collection Version

$ ansible-galaxy collection list

Environment

Screenshots

Additional context

Internal reference: CMK-11992

[robin-checkmk]

Remote registration is now possible in 0.16.0.
Remote download is pending on upstream.

[dbauer23]

I think the remote registration does not work in combination with checkmk_agent_add_host:true and checkmk_agent_auto_activate:true.

In this case the new hosts are created on the central site and only activated on the central site, but not on the remote site where the registration takes place. This leads to an error in checkmk.general.agent : Linux: Register Agent for TLS.

A fix would be to introduce a second handler wich only runs when checkmk_agent_site != checkmk_agent_registration_site

[robin-checkmk]

I have not tested this, only refreshed my memory on how we designed this.

Your solution is to provide checkmk_agent_host_attributes or a checkmk_agent_folder, that has the host monitored on the remote site. The handler activates changes globally. Your issue sounds like the host is created on the central site (which will happen, if you stick with the defaults) and then registration fails against the remote site.

I am of course happy to update/improve documentation or even be proven wrong with my diagnosis. :)

[dbauer23]

Hi,

yes. in my case i set the checkmk_agent_registration_server and checkmk_agent_registration_site site explicitly, but the issue should be the same as with setting it via checkmk_agent_folder

This is config dump:

checkmk_agent_protocol: https
checkmk_agent_server: cmk_server1
checkmk_agent_server_protocol: https
checkmk_agent_site: cmk_site_central
checkmk_agent_add_host: "true"
checkmk_agent_discover: "true"
checkmk_agent_update: "true"
checkmk_agent_tls: "true"
checkmk_agent_auto_activate: true
checkmk_agent_force_foreign_changes: true

checkmk_agent_folder: "emea"
checkmk_agent_registration_server: cmk_server2
checkmk_agent_registration_site: cmk_site2

When now using checkmk_agent_add_host: "true" there are changes to two sites: checkmk_agent_site and checkmk_agent_registration_site, but only the checkmk_agent_site will be activated.

My initial idea would be to compare checkmk_agent_site and checkmk_agent_registration_site. If they are not the same => Activate both.

But i think that's not the best solution since it would not find implicit registration sites, as part of the folder or agent package.
Now i think the best solution would be to query /objects/host_config/{host_name} and compare the checkmk_agent_site to this.

I can create a pull request for this over the weekend.

[robin-checkmk]

Are you using the latest version of the collection?