Install Checkmk Raw Edition on CentOS 7

You are here:
← All Topics
Contents

Steps to install checkmk Raw Edition on CentOS 7 on VMware ESXi 6.7 Host

Preparation of CentOS 7 Host

  • Add EPEL Repository
  • Install open-vm-tools
  • Disabled SELinux & Firewalld
  • Install NTPd & wget
  • Reboot Server
#Add Extra Packages for Enterprise Linux 7 (EPEL) Repository 
yum install epel-release -y

#Update 
yum update

#Install open vm tools 
yum install -y open-vm-tools
ls /usr/bin/vmtoolsd 

#Disabled SELinux
vi /etc/sysconfig/selinux 
	SELINUX=disabled

#Disable Firewalld
systemctl disable firewalld
#If Disable Firewalld is NOT an option
#Allow inbound HTTP & HTTPS 
firewall-cmd --permanent --zone=public --add-port=80/tcp
firewall-cmd --permanent --zone=public --add-port=443/tcp
#Reload Firewalld
firewall-cmd --reload

#Install NTP
yum install ntp -y
systemctl start ntpd
systemctl enable ntpd

#Install wget 
yum install wget -y

#Reboot the server
reboot 

Install CheckMK RAW Edition

  • Download and Install CheckMK RAW 1.6.0p7
  • Verify OMD is installed properly
cd /tmp
#It will take sometime to download depending on the Bandwidth -131MB 
wget https://checkmk.com/support/1.6.0p7/check-mk-raw-1.6.0p7-el7-38.x86_64.rpm

#Install - 770MB will all dependacy package required
yum install check-mk-raw-1.6.0p7-el7-38.x86_64.rpm

#Verify OMD is installed 
[root@checkmk tmp]# omd version
OMD - Open Monitoring Distribution Version 1.6.0p7.cre

Update chechmk to latest version

Verify existing version installed

[root@checkmk conf.d]# omd version
OMD - Open Monitoring Distribution Version 1.6.0p7.cre
[root@checkmk conf.d]# omd sites
SITE             VERSION          COMMENTS
checkmk          1.6.0p7.cre      default version

Download and install the latest version (check_mk_raw-1.6.0p9)

[root@checkmk tmp]# wget https://checkmk.com/support/1.6.0p9/check-mk-raw-1.6.0p9-el7-38.x86_64.rpm

[root@checkmk tmp]# yum install check-mk-raw-1.6.0p9-el7-38.x86_64.rpm

[root@checkmk tmp]# omd versions
1.6.0p7.cre
1.6.0p9.cre (default)

Upgrade existing site to latest version

[root@checkmk tmp]# omd sites
SITE             VERSION          COMMENTS
checkmk          1.6.0p7.cre
[root@checkmk tmp]# su - checkmk
Last login: Thu Mar 12 15:12:15 +08 2020 on pts/0
OMD[checkmk]:~$ omd stop
OMD[checkmk]:~$ omd update
OMD[checkmk]:~$ omd version
OMD - Open Monitoring Distribution Version 1.6.0p9.cre

Create a Site for checkmk

Create a new site called checkmk (You can name it differently)

[root@checkmk tmp]# omd create checkmk
Adding /opt/omd/sites/checkmk/tmp to /etc/fstab.
Creating temporary filesystem /omd/sites/checkmk/tmp...OK
Restarting Apache...OK
Created new site checkmk with version 1.6.0p7.cre.

  The site can be started with omd start checkmk.
  The default web UI is available at http://checkmk.aventislab.com/checkmk/

  The admin user for the web applications is cmkadmin with password: K3vCkKSG
  (It can be changed with 'htpasswd -m ~/etc/htpasswd cmkadmin' as site user.
)
  Please do a su - checkmk for administration of this site.

Change default password for cmkadmin if required

[root@checkmk tmp]# su - checkmk
OMD[checkmk]:~$ htpasswd -m ~/etc/htpasswd cmkadmin
New password:
Re-type new password:
Updating password for user cmkadmin

Start Checkmk Service

[root@checkmk tmp]# omd start checkmk
Starting mkeventd...OK
Starting rrdcached...OK
Starting npcd...OK
Starting nagios...OK
Starting apache...OK
Initializing Crontab...OK

Login via http://10.10.10.220/checkmk with default admin : cmkadmin and password generated during "omd create checkmk"

Install Checkmk Raw Edition

CheckMK-Install-02

Configure https access in Apache

Refer to the steps below to enable HTTP Access

Install mod_ssl package for Apache

yum install mod_ssl
#Verify mod_ssl is loaded 
apachectl -M | grep ssl_module
	 ssl_module (shared)

Configure SSL Certificate

Let’s Encrypt wild card certificate is used

#Upload cert.cer & cert.key to CentOS 
scp cert.* root@192.168.1.238:/tmp
#Copy both SSL Cert to /etc/httpd/conf.d
cp /tmp/cert.* /etc/httpd/conf.d/
#Modify ssl.conf to point to the SSL Cert 
vi /etc/httpd/conf.d/ssl.conf 
	SSLCertificateFile /etc/httpd/conf.d/cert.cer
	SSLCertificateKeyFile /etc/httpd/conf.d/cert.key

You should be able to access https://checkmk.aventislab.com now

Force Http to Https Redirect

Add the following to lines at the end of /etc/httpd/conf.d/welcome.conf

#Force HTTP to HTTPS Redirect
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%{HTTP_HOST}/$1 [L]

Redirect Home Page

Add the following to lines at the end of /etc/httpd/conf.d/welcome.conf to redirect https://check.aventislab.com to https://checkmk.aventislab.com/checkmk

#Redirect
Redirect / https://checkmk.aventislab.com/checkmk

Integration with Active Directory

Allow AD Users who is member of CMK_Admin Group to login to checkmk

Create a new LDAP Connection with unique ID under WATO – Users – LDAP Connections – New Connection

it will sync with AD Domain Controller every 5 minutes

Select Active Directory and enter the IP Address of AD Domain Controller . Check Bind Credential and enter the Credential of Domain Administrator

Enter User Base DN with Search Filter to sync users who are member of CMK_Admin Group only.

(&(objectclass=user)(objectcategory=person)(memberof=cn=CMK_Admin,CN=Users,DC=lab,DC=aventislab,DC=com))

Enable User-ID Attribute = samaccountname

Enter the DN for AD Group (CMK_Admin) with Search Filter and Member Attributes enabled

cn=cmk_admin,cn=users,dc=lab,dc=aventislab,dc=com

Click Save & Test to verify the connectivity with AD Domain Controller.

The members of CMK_Admin should displayed now. You can click Sync Users to force it to sync immediately

img

Assign Administrator Role to the LDAP User, and you can login with AD User now.

Optional Changes

  1. Change the default theme to Modem (Dark) – Optional

image-20200108160216573

Reference Links

  1. https://checkmk.com/cms_install_packages.html
  2. https://checkmk.com/cms_ldap.html