Hi,
sorry for warming this one up, but my issue sounds related and therefore this may be a good place to bring my issue up.
I was wondering if it possible to perform a remote registration via ansible?
When I tried the naive way, just changing the hostname and site name to the remote site in my existing (and for the central site, working) ansible config, the following error shows up:
TASK [tribe29.checkmk.agent : Debian Derivatives: Download GENERIC Checkmk CEE Agent.] ***************************************************************************************************************************************************************************************fatal: [***redacted - target where agent is supposed to be installed*** -> ***redacted - target where agent is supposed to be installed***]: FAILED! => {"changed": false, "connection": "close", "content_length": "222", "content_security_policy": "default-src 'self' 'unsafe-inline' 'unsafe-eval' ssh: rdp:; img-src 'self' data: https://*.tile.openstreetmap.org/ ; connect-src 'self' https://crash.checkmk.com/ https://license.checkmk.com/api/upload ; frame-ancestors 'self' ; base-uri 'self'; form-action 'self' javascript: 'unsafe-inline'; object-src 'self'; worker-src 'self' blob:", "content_type": "application/problem+json", "date": "Tue, 24 Jan 2023 14:01:41 GMT", "elapsed": 0, "json": {"detail": "This endpoint is currently disabled via the 'Disable remote configuration' option in 'Distributed Monitoring'. You may be able to query the central site.", "status": 403, "title": "Forbidden: WATO is disabled"}, "msg": "Status code was 403 and not [200]: HTTP Error 403: FORBIDDEN", "path": "/tmp/check-mk-agent_2.1.0p13-generic.deb", "permissions_policy": "accelerometer=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), usb=()", "redirected": false, "referrer_policy": "origin-when-cross-origin", "server": "Apache", "status": 403, "url": "***redacted:hostname of remote site***:443/***redacted - remote site name***/check_mk/api/1.0/domain-types/agent/actions/download_by_host/invoke?os_type=linux_deb&agent_type=generic", "x_content_type_options": "nosniff", "x_frame_options": "sameorigin", "x_permitted_cross_domain_policies": "none", "x_xss_protection": "1; mode=block"}
So, I checked Github and found the following template: ansible-collection-tribe29.checkmk/remote-registration.yml at 846c9d69d9b2902e4cd09b9073b887b9316ddc2e · tribe29/ansible-collection-tribe29.checkmk · GitHub
I changed the following in my config:
checkmk_agent_server
→ central host
checkmk_agent_site
→ main site
checkmk_agent_registration_server
→ remote server
checkmk_agent_registration_site
→ remote site
Now, I’m facing the following error:
TASK [tribe29.checkmk.agent : Debian Derivatives: Download GENERIC Checkmk CEE Agent.] ***************************************************************************************************************************************************************************************fatal: [***redacted - target where agent is supposed to be installed*** -> ***redacted - target where agent is supposed to be installed***]: FAILED! => {"changed": false, "elapsed": 0, "msg": "Status code was -1 and not [200]: Request failed: <urlopen error [Errno -2] Name or service not known>", "path": "/tmp/check-mk-agent_2.1.0p13-generic.deb", "redirected": false, "status": -1, "url": "https://*** redacted - central host ***:443/*** redacted - central site ***/check_mk/api/1.0/domain-types/agent/actions/download_by_host/invoke?os_type=linux_deb&agent_type=generic"}
Which is a DNS issue - the nodes monitored remotely are not supposed to talk to the central system and cannot resolve its name either.
How do I set this up correctly? The server setup seems correct - when manually downloading and installing the package, I can register the agent and the updater against my remote site and everything works just fine.
As a workaround, I tried setting checkmk_agent_delegate_download
to the hostname of the remote site’s server (which can reach the central site) to download the package and transfert it to the target afterwards, but unfortunately this fails with
TASK [tribe29.checkmk.agent : Debian Derivates: Transfer host-specific Checkmk CEE Agent.] ***********************************************************************************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: If you are using a module and expect the file to exist on the remote, see the remote_src option
fatal: [***]: FAILED! => {"changed": false, "msg": "Could not find or access '/tmp/check-mk-agent_2.1.0p19-***.deb' on the Ansible Controller.\nIf you are using a module and expect the file to exist on the remote, see the remote_src option"}
I’m on 2.1.0p18 for all sites, ansible-collection-tribe29.checkmk is 0.16.0