Werk #17902: Customize agent package: Misbehavior in legacy pull activation
| Component | Agent bakery | ||||
| Title | Customize agent package: Misbehavior in legacy pull activation | ||||
| Date | Apr 29, 2025 | ||||
| Level | Trivial Change | ||||
| Class | Bug Fix | ||||
| Compatibility | Compatible - no manual interaction needed | ||||
| Checkmk versions & editions |
|
When installing an agent package including the agent controller for the first time on a host, the legacy pull mechanism is automatically activated to allow unencrypted communication until a first registration happens.
Until now, this was done based of the existence of the cmk-agent user.
If it exists already, we can expect that an agent controller is already
installed or has been installed in the past.
We then enabled legacy pull only together with the creation of the cmk-agent user.
With the new Customize agent package ruleset, this is now no longer possible, since we can now choose the name of the agent (controller) user, or even use an arbitrary existing user.
Even worse: When following the old logic, registered connections even do get deleted on update when changing the agent controller user name.
Hence, we now simply look for the existence of registered connections on installation/update. If no registered connections exist, we expect the installation to be new and enable legacy pull mode.
Note: This change is compatible to the behavior described in the documentation,
which only mentions that the agent controller acts in legacy pull mode after
initial installation.
Additionally, it only happens on usage of the new Customize agent package
ruleset.
Hence, this Werk is marked as compatible.