It is now possible to deploy baked agents via remote sites within a distributed monitoring configuration.
Prerequisites
Prerequisites for this feature are a monitoring setup using distributed WATO and the possibility to establish a connection from remote sites to the central site via HTTP/HTTPS.
Also you need to configure the distributed agent bakery.
With Checkmk 2.0, there is a new option for the Agent Updater:
Usage: In case of "Registration and fallback", the agent updater will use this information only on registration and rely on the update URL provided by the agent bakery afterwards. If the connection fails, the agent updater will additionally use this information as a fallback. In case of "Use for all connections", the agent updater will ignore the update URL provided by the agent bakery.
If you want to use the distributed Agent bakery, you need to select 'Registration and fallback'
Now you can bake, sign and register the agent:
root@ip-172-31-40-131:/home/ubuntu# cmk-update-agent register Our host name in the monitoring: slave2 WATO user with admin permissions: cmkadmin Password: Successfully registered agent of host "slave2" for deployment.
If you want to run the agent updater this will not work.
root@ip-172-31-40-131:/home/ubuntu# cmk-update-agent -v +-------------------------------------------------------------------+ | | | Check_MK Agent Updater v2.0.0b4 - Update | | | +-------------------------------------------------------------------+ Getting target agent configuration for host 'slave2' from deployment server Agent Bakery: Registering/updating at remote site but found no URL to central site. Please provide it in "automatic agent updates" section at global settings. See syslog or Logfile at /var/lib/check_mk_agent/cmk-update-agent.log for details.
To get the updater working, please follow the Step-by-step guide!
Step-by-step guide
- Configure the connection to the central agent bakery
Setup → General → Global settings → AUTOMATIC AGENT UPDATES → Connection to the central agent bakery
Now you can register and update the host
root@ip-172-31-40-131:/home/ubuntu# cmk-update-agent register -v +-------------------------------------------------------------------+ | | | Check_MK Agent Updater v2.0.0b4 - Registration | | | | Activation of automatic agent updates. Your first step is to | | register this host at your deployment server for agent updates. | | For this step you need an administration account on WATO for | | that server. | | | +-------------------------------------------------------------------+ Using previous settings from /etc/cmk-update-agent.state. Password for user 'cmkadmin': Going to register agent at deployment server Successfully registered agent of host "slave2" for deployment. You can now update your agent by running 'cmk-update-agent -v' Saved your registration settings to /etc/cmk-update-agent.state. root@ip-172-31-40-131:/home/ubuntu# cmk-update-agent -v +-------------------------------------------------------------------+ | | | Check_MK Agent Updater v2.0.0b4 - Update | | | +-------------------------------------------------------------------+ Getting target agent configuration for host 'slave2' from deployment server Target state (from deployment server): Agent Available: True Signatures: 1 Target Hash: 67f84ee7e41b73aa Agent 67f84ee7e41b73aa already installed. root@ip-172-31-40-131:/home/ubuntu#
In 'Setup → General → Global settings → AUTOMATIC AGENT UPDATES' there is a second new option for the distributed agent bakery:
Configure an alternative URL for the connection from host to remote agent bakery. If not configured here, the URL from distributed monitoring configuration is used instead. In many cases, you might want to make this a site specific global setting at the distributed monitoring configuration, because this URL is likely different for every remote site.
Functionality
This feature is realized as follows: Update requests to the remote sites get forwarded to the central site – The entire configuration and the agent baking process is done on the central site. Agent packages that got requested once at a remote site will get cached (as long as they are valid) there to save unnecessary traffic. Additionally, the requested data will be checked for consistency on the remote site, again to save unnecessary traffic to the central site.
Registration
root@ip-172-31-40-131:/home/ubuntu# cat /var/lib/check_mk_agent/cmk-update-agent.log
2021-01-19 13:35:02,375 DEBUG: Starting Check_MK Agent Updater v2.0.0b4
2021-01-19 13:35:02,376 DEBUG: No state file found yet. New state data will be saved to /etc/cmk-update-agent.state
2021-01-19 13:35:02,376 DEBUG: Successfully read /etc/check_mk/cmk-update-agent.cfg.
2021-01-19 13:35:02,377 DEBUG: Starting Registration Mode.
2021-01-19 13:35:02,377 DEBUG: Starting interactive Registration.
2021-01-19 13:35:10,552 INFO: Going to register agent at deployment server
2021-01-19 13:35:10,590 DEBUG: Authenticating at Check_MK Server (using requests): http://172.31.46.5/master/check_mk/login.py
2021-01-19 13:35:10,939 DEBUG: Fetching content (using requests): http://172.31.46.5/master/check_mk/register_agent.py
2021-01-19 13:35:10,963 DEBUG: Response from agent bakery:
{"result_code": 0, "result": {"host_secret": "zewqptluwgrjzamdvwjplosjhrwqpboxqjtxogreibeqkadfhswhotzifjqqramw", "update_url": "http:\/\/172.31.40.131\/slave2\/check_mk\/", "monitored": true}}
2021-01-19 13:35:10,963 INFO: Applying new update URL http://172.31.40.131/slave2/check_mk/ from deployment server
...
...
...
The host is using the master for registration!
Update
2021-01-19 13:35:14,440 INFO: Getting target agent configuration for host 'slave2' from deployment server
2021-01-19 13:35:14,476 DEBUG: Fetching content (using requests): http://172.31.40.131/slave2/check_mk/deploy_agent.py
2021-01-19 13:35:14,532 DEBUG: Response from agent bakery:
{"result_code": 0, "result": {"update_url": "http:\/\/172.31.40.131\/slave2\/check_mk\/", "AgentAvailable": true, "TargetHash": "67f84ee7e41b73aa", "Signatures": [{"certificate": "-----BEGIN CERTIFICATE-----\nMIIC2jCCAcICAQEwDQYJKoZIhvcNAQEFBQAwMjEdMBsGA1UECgwUQ2hlY2tfTUsg\nU2l0ZSBtYXN0ZXIxETAPBgNVBAMMCGNta2FkbWluMCAXDTIxMDExOTExNTMxMVoY\nDzIwNTEwMTEyMTE1MzExWjAyMR0wGwYDVQQKDBRDaGVja19NSyBTaXRlIG1hc3Rl\ncjERMA8GA1UEAwwIY21rYWRtaW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\nAoIBAQDWbh45st1xnzhsVzMjBBXzO7+5qz3\/HPezvaOeUpSSIYHns2DnuDlwpLCO\nXTdyfRUamgRtiOrzbUsSsARmMF9AqExao1+yM1rbEfcXP6mtBqMkqShlDw3n0L7F\nHGGYG2CNqcRSmgxFe2Eck0ydv\/p4cJONHIw4UFwqDnHfIC1L3tCnTQJagCig\/Jvk\nkZSZZqgkrjl4TuwRkFxdrnwURjm2hQGg+TkJcxpPHqSutbdnQrXnuuAEdx\/ZIpFL\nivmjLDATjGzCy0LPZsVtjHZu5Lz4WWOZsA1BCZLecT81PI5edWs0RZ9mRH7QC+E8\nCkIdlLgMUbfB093SGx3YEP8u+RtRAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAAU\/\nDtXHbs3cUPBGDs\/Go0PgfqhwiZjn1aprCSh8O\/RBLWA\/jep65eU2pzsuoiKWT5CE\nP\/xc7pKXWmxQpyA4KA1Fz9BS80QHq5heXkG2FSLMFunDLxzDcbQI7QXH4oskIDkV\nzzYio3VDXXDyhMBHd25XKKCQT3L9ou3bD7Esh\/Cf\/8Y2GQHkRvIWOpwLEknq0ovy\njkJ0o7Gx8GrqJYG5gUW44TJU\/IhYFCxfhTS09RW842Z10iDSYiBPKoZLonM6F3SY\nSLVRDn3vhnCpbkiO0Dc1op+0d9b5Wc+UCVW02G+l+G+aRw89L7v2xERXNPczCZgV\ng+9DtIl5cu1fl4qVqmc=\n-----END CERTIFICATE-----\n", "signature": "c0dVyUsS06qlIEds2LJ6cXvzC713zn6zNutuDi8AbeU4gbF67BlioAhXsnZI36WoHHW0husT5nPEoIRUlkgNdYzGOLNE\/LKA38ymOZeKU1aSERzBT2RlU2BURnFa6rDL5HEF\/4svhz2xZDBqkkEcPS3VIooaSxMVu45vO5MIjhjowI9hvl0q\/tbGMg88z3fmCmGEom9kWk\/UDAsq+R\/w2lIf3ms\/bX8UQ1tjVLiivFj1B4LvsX6oZ23veWLIVYy7Au4A5Dxs3sAxlRcxECX6zQM1QO1ZJeDK815yuTpF\/7nTCKvY9kiBUQXm6ueSxd\/LgUu9O2maRBiKVxH64rYocg=="}]}}
2021-01-19 13:35:14,532 DEBUG: Successfully read /etc/cmk-update-agent.state.
2021-01-19 13:35:14,535 DEBUG: Saved deployment status to /etc/cmk-update-agent.state.
2021-01-19 13:35:14,536 DEBUG: Successfully read /etc/cmk-update-agent.state.
2021-01-19 13:35:14,538 DEBUG: Saved deployment status to /etc/cmk-update-agent.state.
2021-01-19 13:35:14,538 INFO: Target state (from deployment server):
2021-01-19 13:35:14,538 INFO: Agent Available: True
2021-01-19 13:35:14,538 INFO: Signatures: 1
2021-01-19 13:35:14,538 INFO: Target Hash: 67f84ee7e41b73aa
2021-01-19 13:35:14,566 DEBUG: Fetching content (using requests): http://172.31.40.131/slave2/check_mk/deploy_agent.py
2021-01-19 13:35:15,219 INFO: Downloaded agent has size 13111604 bytes.
2021-01-19 13:35:15,235 INFO: Signature check OK.
2021-01-19 13:35:15,245 INFO: Invoking package manager: dpkg -i /tmp/check-mk-agent-x11mz6mx
2021-01-19 13:35:16,207 INFO: Output from dpkg:
(Reading database ... 158559 files and directories currently installed.)
Preparing to unpack /tmp/check-mk-agent-x11mz6mx ...
Disable Checkmk agent in systemd (if active)...
Unpacking check-mk-agent (2.0.0b4-20.67f84ee7e41b73aa) over (2.0.0b4-20.67f84ee7e41b73aa) ...
Reloading xinetd...
Setting up check-mk-agent (2.0.0b4-20.67f84ee7e41b73aa) ...
Reloading xinetd...
Enable Checkmk agent in systemd...
Created symlink /etc/systemd/system/sockets.target.wants/check-mk-agent.socket → /etc/systemd/system/check-mk-agent.socket.
2021-01-19 13:35:16,210 DEBUG: Successfully read /etc/cmk-update-agent.state.
2021-01-19 13:35:16,212 DEBUG: Saved deployment status to /etc/cmk-update-agent.state.
2021-01-19 13:35:16,212 INFO: Successfully installed agent 67f84ee7e41b73aa.
2021-01-19 13:35:16,213 DEBUG: Could not find and update cachefile.
2021-01-19 13:35:16,213 DEBUG: Done.
The host fetches all updates from the slave!
Config
The agent updater creates a config and a state file. Please dont modify this file! You can take a look inside to see if the config is correct!
root@ip-172-31-40-131:/home/ubuntu# cat /etc/cmk-update-agent.state
{'update_url': 'http://172.31.40.131/slave2/check_mk/', 'host_secret': 'zewqptluwgrjzamdvwjplosjhrwqpboxqjtxogreibeqkadfhswhotzifjqqramw', 'server': '172.31.46.5', 'site': 'master', 'host_name': 'slave2', 'protocol': 'http', 'user': 'cmkadmin', 'last_check': 1611063314.5359132, 'installed_aghash': '67f84ee7e41b73aa', 'last_update': 1611063316.2098463}
root@ip-172-31-40-131:/home/ubuntu# cat /etc/check_mk/cmk-update-agent.cfg
# Created by Check_MK Agent Bakery.
# This file is managed via WATO, do not edit manually or you
# lose your changes next time when you update the agent.
{'activated': True,
'certificates': [],
'ignore_update_url': False,
'interval': 3600,
'protocol': 'http',
'server': '172.31.46.5',
'signature_keys': ['-----BEGIN CERTIFICATE-----\n'
'MIIC2jCCAcICAQEwDQYJKoZIhvcNAQEFBQAwMjEdMBsGA1UECgwUQ2hlY2tfTUsg\n'
'U2l0ZSBtYXN0ZXIxETAPBgNVBAMMCGNta2FkbWluMCAXDTIxMDExOTExNTMxMVoY\n'
'DzIwNTEwMTEyMTE1MzExWjAyMR0wGwYDVQQKDBRDaGVja19NSyBTaXRlIG1hc3Rl\n'
'cjERMA8GA1UEAwwIY21rYWRtaW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n'
'AoIBAQDWbh45st1xnzhsVzMjBBXzO7+5qz3/HPezvaOeUpSSIYHns2DnuDlwpLCO\n'
'XTdyfRUamgRtiOrzbUsSsARmMF9AqExao1+yM1rbEfcXP6mtBqMkqShlDw3n0L7F\n'
'HGGYG2CNqcRSmgxFe2Eck0ydv/p4cJONHIw4UFwqDnHfIC1L3tCnTQJagCig/Jvk\n'
'kZSZZqgkrjl4TuwRkFxdrnwURjm2hQGg+TkJcxpPHqSutbdnQrXnuuAEdx/ZIpFL\n'
'ivmjLDATjGzCy0LPZsVtjHZu5Lz4WWOZsA1BCZLecT81PI5edWs0RZ9mRH7QC+E8\n'
'CkIdlLgMUbfB093SGx3YEP8u+RtRAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAAU/\n'
'DtXHbs3cUPBGDs/Go0PgfqhwiZjn1aprCSh8O/RBLWA/jep65eU2pzsuoiKWT5CE\n'
'P/xc7pKXWmxQpyA4KA1Fz9BS80QHq5heXkG2FSLMFunDLxzDcbQI7QXH4oskIDkV\n'
'zzYio3VDXXDyhMBHd25XKKCQT3L9ou3bD7Esh/Cf/8Y2GQHkRvIWOpwLEknq0ovy\n'
'jkJ0o7Gx8GrqJYG5gUW44TJU/IhYFCxfhTS09RW842Z10iDSYiBPKoZLonM6F3SY\n'
'SLVRDn3vhnCpbkiO0Dc1op+0d9b5Wc+UCVW02G+l+G+aRw89L7v2xERXNPczCZgV\n'
'g+9DtIl5cu1fl4qVqmc=\n'
'-----END CERTIFICATE-----\n'],
'site': 'master'}
Related articles
Filter by label
There are no items with the selected labels at this time.