Page Comparison

A lot of users are asking for a role in checkmk which is using by the agent updater and only for the registration process. At the moment, there is no build in role. Please follow this short how-to if you want to have this kind of role

The

...

UI way

The easiest way to build an agent registration role is using the GUI and following these steps:

...

1. Pretty print the configuration for a better overview: Pretty-print the configuration files

2. Add the following section to the config file: ~/etc/check_mk/multisite.d/wato/roles.mk.
   

   Code Block
   language bash theme RDark collapse true
   'agent': {'alias': 'agents registration and download', 'basedon': None, 'builtin': True, 'permissions': {'general.see_all': True, 'general.use': True, 'wato.download_all_agents': True}}

   In order to put it to the right place, please add a comma "," before the "})". 

   At the end the whole file should look like this:
   

   Code Block
   language py theme RDark collapse true
   # Written by Checkmk store roles.update({'admin': {'alias': 'Administrator', 'builtin': True, 'permissions': {}}, 'admin': {'alias': 'Administrator', 'basedon': 'admin', 'builtin': False, 'permissions': {}}, 'guest': {'alias': 'Guest user', 'builtin': True, 'permissions': {}}, 'user': {'alias': 'Normal monitoring user', 'builtin': True, 'permissions': {}}, 'agent': {'alias': 'agents registration and download', 'basedon': None, 'builtin': True, 'permissions': {'general.see_all': True, 'general.use': True, 'wato.download_all_agents': True}}   }) ~

   
   

Agent Pairing for TLS Encryption

For a user to be able to do the cmk-agent-ctl register, which is needed to enable the TLS encryption (available from 2.1.0 onwards), you have to add the following rights (internal name "general.agent_pairing") to his/her role.

• Agent pairing
• Read access to all hosts and folders
• Write access to all hosts and folders

Related articles

...