Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

A lot of users are asking for a role in checkmk which is using by the agent updater and only for the registration process. At the moment, there is no build in role. Please follow this short how-to if you want to have this kind of role

Table of Contents

The gui way

The easiest way to build an agent registration role is using the GUI and following these steps:

Create a copy of the guest user and ensure he has the following permissions:

  • "Use the GUI at all"
  • "Register Host & download monitoring agents of your hosts",
  • "Register all hosts & download all monitoring agents"


The config file way

Note

We always recommend using the GUI instead of modifying .mk files. For any issue or broken config we do not provide any support.

On exceptional circumstances you might want to adjust configuration files with caution. Please do a backup before adjusting the files.

  1. Pretty print the configuration for a better overview: Pretty-print the configuration files
  2. Add the following section to the config file: ~/etc/check_mk/multisite.d/wato/roles.mk

    Code Block
    languagepy
    themeRDark
    collapsetrue
    'agent': {'alias': 'agents registration and download',
    'basedon': None,
    'builtin': True,
    'permissions': {'general.use': True,
    'wato.download_all_agents': True, general.see_all': True}}})
    
    


  3. Now we build a new role, only to register the Checkmk Agent with two roles! The whole config file should look like this:

    Code Block
    languagepy
    themeRDark
    collapsetrue
    # Written by Checkmk store
    
    roles.update({'admin': {'alias': 'Administrator', 'builtin': True, 'permissions': {}},
     'admin': {'alias': 'Administrator',
                'basedon': 'admin',
                'builtin': False,
                'permissions': {}},
     'guest': {'alias': 'Guest user', 'builtin': True, 'permissions': {}},
     'user': {'alias': 'Normal monitoring user',
              'builtin': True,
              'permissions': {}},
    'agent': {'alias': 'agents registration and download',
              'basedon': None,
              'builtin': True,
              'permissions': {'general.see_all': True,
                              'general.use': True,
                              'wato.download_all_agents': True}}})
    ~                                                                    


Agent Pairing for TLS Encryption

For a user to be able to do the "cmk-agent-ctl register", which is needed to enable the TLS encryption (available from 2.1.0 onwards), you have to add the right "Agent pairing" (internal name "general.agent_pairing") to his/her role.

Content by Label
showLabelsfalse
max5
spacesKB
showSpacefalse
sortmodified
reversetrue
typepage
cqllabel in ("agent_bakery","roles") and type = "page" and space = "KB"
labelsagent_bakery roles

Page properties
hiddentrue


Related issues