Skip to content

madic-creates/ansible-check_mk

Repository files navigation

Ansible Checkmk

Maintenance

The intention of this ansible role is to replicate some of the functionality from the OMD v2.X packages with focus on Checkmk RAW Edition. OMD hasn't updated Checkmk in years and finally removed it from version 3. So this role is going to install the following tools and pre-configure them:

  • Checkmk RAW Edition
    • Checkmk Master / Slave Configuration (optional)
    • Dual Graphing pnp4nagios and InfluxDB/Grafana
  • NSCA Daemon
  • Mod-Gearman
    • Gearman Job Server
  • Thruk
    • Granting default Checkmk User administrative permission
    • Pre-configuring Checkmk Site in Thruk
  • Grafana
    • Histou
    • Adding InfluxDB Nagflux datasource
  • InfluxDB
    • Pre-configuring Nagflux database
  • Nagflux
  • Single-Sign on for Checkmk / Thruk / Grafana (see Authentication)
    • Multisite Authorization

With these tools installed Checkmk writes all performance data as pnp4nagios rrd graphs, viewable within Wato, and into an influxdb, viewable as Grafana graph template within Thruk. Of course the data within influxdb can also be used to create custom Grafana dashboards.

Wato

Thruk

I assume you have a process in place to configure apache2 with a valid TLS configuration because by default all WebUIs are only accessible via http. A valid TLS configuration is out of scope of this role.

Supported Operating Systems

  • Ubuntu 20.04
  • Ubuntu 18.04
  • CentOS 8 (only CheckMK, Thruk, Grafana and NSCA for now. Beta Status!)

Pre-Requirements

RedHat based:

  • python3-libsemanage

Role Variables

All variables are defined in defaults/main.yml.

Example Playbook

Do not run this role on an already configured monitoring system without knowing what you are doing!

---
- hosts: checkmk_server
  roles:
    - Madic-.ansible-check_mk
  vars:
    - cmk_site_name: cmk
    - cmk_mod_gearman_secret: YOURSECRETHERE

Configuration Files

This role should be idempotent, like any other ansible role. Because of this I try to use locations for the configuration files which will not get overwritten when changing settings on the web interfaces of the different tools.

Thruk

/etc/thruk/menu_local.conf
/etc/thruk/thruk_local.d/thruk_ansible.conf

Configurations located beneath /etc/thruk/thruk_local.d will not be shown in the Thruk WebUI, e.g. the backend configuration. If I would use /etc/thruk/thruk_local.conf changes done in the Thruk WebUI would get overwritten when running the role again.

Grafana

/etc/grafana/provisioning/datasources/influxdb-nagflux.yml

Provisioning file for the nagflux database.

Apache2

/etc/apache2/conf-enabled/grafana.conf
/etc/apache2/conf-enabled/histou.conf

Authentication

This role enables basic authentication for Grafana and Thruk. The users can be managed in Wato as htpasswd users. By default no user, except for the user created through this role, has permission to access any information from within Thruk. To give another user permissions use the Thruk Config Tool --> "User Settings" or "CGI & Access" options. LDAP is not yet possible.

NSCA

CheckMK ships with an nsca (Nagios Service Check Acceptor) daemon that does not support encryption. Because of this the role will by default compile nsca with encryption support and pre configures it with the installed CheckMK environment.

Dataflow

Because I tend to forget how and where the data gets processed, I did a small picture.

Schema

Container image

At first I intended to also provide a container, e.g. docker, image. But this role has so many moving parts and dependencies that it would take huge effort to create one or multiple images. Though I'm not reluctant if someone would work on it and would support it. At the moment I'm deploying it in LXC Containers.

Credits

Special thanks goes out to the people from Consol. Without their work this role wouldn't be possible.

About

Replicate most functionality from the old 2.x omd

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published