Changelog

debops-contrib.checkmk_agent

This project adheres to Semantic Versioning and human-readable changelog.

The current role maintainer is ganto.

debops-contrib.checkmk_agent master - unreleased

Added

Changed

  • Raise HTTP timeout for discovery and activation WebAPI calls to 120s to avoid timeout issues on large hosts with many service checks. [ganto]
  • If possible run WebAPI invocation for automated agent registration and host attribute updates on the Check_MK server to avoid possible firewall issues. [ganto]
  • Rename checkmk_agent__hostname to checkmk_agent__fqdn. You might need to update your inventory. [ypid]
  • Rename checkmk_agent__group_plugin_map to checkmk_agent__facts_plugin_map. You might need to update your inventory. [ypid]
  • Increase Ansible min version to 2.1.5. Everything below is deprecated anyway and has vulnerabilities so you don’t want to use that anymore. [ypid]

Removed

  • Remove the debops_checkmk_agent Ansible inventory group. Make sure your hosts are in debops_service_checkmk_agent. [ypid]

Fixed

  • Correctly use Ansible changed and skipped task filters. [ganto]
  • Let xinetd bind on AF_INET6 to ensure IPv6 reachability of the agent. [ypid]
  • Fix TCP Wrappers support for xinetd. [ypid]
  • Ensure the /etc/check_mk directory is present before running dependency roles. Fixes MariaDB credentials configuration. [ypid]

Security

  • Enforce known good git commit hashes. As upstream does not cryptographically sign their work, the known good hashes have to be pinned manually in checkmk_agent__git_version_map of the role. [ypid]

debops-contrib.checkmk_agent v0.1.1 - 2017-01-23

Added

  • role::checkmk_agent:plugins:get Ansible tag for cloning/pulling related tasks. [ypid]

Changed

Fixed

  • Fix xinetd support which is filtered by tcpwrappers and which is configured by debops.tcpwrappers to deny all connections by default (whitelisting). [ypid]
  • Fix lookup of non-default monitoring site specified as Ansible local fact by the debops-contrib.checkmk_server role. [ganto]

Security

  • Change git clone URL used to install additional plugins from http:// to https://git.mathias-kettner.de/check_mk.git to mitigate potential MITM attacks against the unauthenticated http:// connection. That, together with using the latest git master branch by default could result in malicious code being executed on systems where the agent is installed. git pull will use the new URL from now on. Note that "GnuTLS recv error[s]" have been observed which might have to be fixed elsewhere. "GnuTLS recv error (-9): A TLS packet with unexpected length was received" [ypid]

debops-contrib.checkmk_agent v0.1.0 - 2016-11-07

Added

  • Initial release [ganto]