Versions Compared

Version Old Version 31 New Version 32
Changes made by

Matthew Hierholzer

Matthew Hierholzer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

For the purpose of registering To register agents, both for agent updates and for TLS encryption, it might be desirable to have a dedicated user and role at hand.
This article outlines how that can be achieved.

...

  1. Create a copy of the guest role and name it meaningfully.

  2. Ensure the role has the following permissions:
    1. "Use the GUI at all"
    2. "Register Host & download monitoring agents of your hosts",
    3. "Register all hosts & download all monitoring agents"

  3. Optionally you can disable all other permissions.

  4. Create a user with a meaningful name
    1. Configure the following things:
      1. Authentication: Automation Secret
      2. Assign the agent registration role created before

...

  1. Pretty print the configuration for a better overview: Pretty-print the configuration files

  2. Add the following section to the config file: ~/etc/check_mk/multisite.d/wato/roles.mk.

    Code Block
    languagebash
    themeRDark
    collapsetrue
    'agent_updater': {'alias': 'agents registration and download',
          'basedon': None,
          'builtin': True,
          'permissions': {'general.see_all': True,
                          'general.use': True,
                          'wato.download_all_agents': True}}

    In order to put it to in the right place, please add a comma "," before the "})". 

...

  • Agent pairing
  • Read access to all hosts and folders
  • Write access to all hosts and folders


At In the end, the whole file should look like this:

Code Block
languagepy
themeRDarkcollapsetrue
# Written by Checkmk store

roles.update({
 'admin': {'alias': 'Administrator',
           'builtin': True,
           'permissions': {}},
 'guest': {'alias': 'Guest user',
           'builtin': True,
           'permissions': {}},
 'user': {'alias': 'Normal monitoring user',
          'builtin': True,
          'permissions': {}},
 'agent_updater': {'alias': 'agents registration and download',
                   'basedon': None,
                   'builtin': True,
                   'permissions': {'general.see_all': True,
                                   'general.use': True,
                                   'wato.download_all_agents': True}},  
 'agent_ctl': {'alias': 'Agent Controller', 
               'basedon': None, 
               'builtin': True, 
               'permissions': {'general.agent_pairing': True,
                               'general.use': True,
                               'wato.see_all_folders': True,
                               'wato.all_folders': True}}
})
~

...