Contents

Install Checkmk Raw Edition on CentOS 7

You are here:
← All Topics

Steps to install checkmk Raw Edition on CentOS 7 on VMware ESXi 6.7 Host

Preparation of CentOS 7 Host

  • Add EPEL Repository
  • Install open-vm-tools
  • Disabled SELinux & Firewalld
  • Install NTPd & wget
  • Reboot Server
#Add Extra Packages for Enterprise Linux 7 (EPEL) Repository 
yum install epel-release -y

#Update 
yum update

#Install open vm tools 
yum install -y open-vm-tools
ls /usr/bin/vmtoolsd 

#Disabled SELinux
vi /etc/sysconfig/selinux 
	SELINUX=disabled

#Disable Firewalld
systemctl disable firewalld
#If Disable Firewalld is NOT an option
#Allow inbound HTTP & HTTPS 
firewall-cmd --permanent --zone=public --add-port=80/tcp
firewall-cmd --permanent --zone=public --add-port=443/tcp
#Reload Firewalld
firewall-cmd --reload

#Install NTP
yum install ntp -y
systemctl start ntpd
systemctl enable ntpd

#Install wget 
yum install wget -y

#Reboot the server
reboot 

Install CheckMK RAW Edition

  • Download and Install CheckMK RAW 1.6.0p7
  • Verify OMD is installed properly
cd /tmp
#It will take sometime to download depending on the Bandwidth -131MB 
wget https://checkmk.com/support/1.6.0p7/check-mk-raw-1.6.0p7-el7-38.x86_64.rpm

#Install - 770MB will all dependacy package required
yum install check-mk-raw-1.6.0p7-el7-38.x86_64.rpm

#Verify OMD is installed 
[[email protected] tmp]# omd version
OMD - Open Monitoring Distribution Version 1.6.0p7.cre

Update chechmk to latest version

Verify existing version installed

[[email protected] conf.d]# omd version
OMD - Open Monitoring Distribution Version 1.6.0p7.cre
[[email protected] conf.d]# omd sites
SITE             VERSION          COMMENTS
checkmk          1.6.0p7.cre      default version

Download and install the latest version (check_mk_raw-1.6.0p9)

[[email protected] tmp]# wget https://checkmk.com/support/1.6.0p9/check-mk-raw-1.6.0p9-el7-38.x86_64.rpm

[[email protected] tmp]# yum install check-mk-raw-1.6.0p9-el7-38.x86_64.rpm

[[email protected] tmp]# omd versions
1.6.0p7.cre
1.6.0p9.cre (default)

Upgrade existing site to latest version

[[email protected] tmp]# omd sites
SITE             VERSION          COMMENTS
checkmk          1.6.0p7.cre
[[email protected] tmp]# su - checkmk
Last login: Thu Mar 12 15:12:15 +08 2020 on pts/0
OMD[checkmk]:~$ omd stop
OMD[checkmk]:~$ omd update
OMD[checkmk]:~$ omd version
OMD - Open Monitoring Distribution Version 1.6.0p9.cre

Create a Site for checkmk

Create a new site called checkmk (You can name it differently)

[[email protected] tmp]# omd create checkmk
Adding /opt/omd/sites/checkmk/tmp to /etc/fstab.
Creating temporary filesystem /omd/sites/checkmk/tmp...OK
Restarting Apache...OK
Created new site checkmk with version 1.6.0p7.cre.

  The site can be started with omd start checkmk.
  The default web UI is available at http://checkmk.aventislab.com/checkmk/

  The admin user for the web applications is cmkadmin with password: K3vCkKSG
  (It can be changed with 'htpasswd -m ~/etc/htpasswd cmkadmin' as site user.
)
  Please do a su - checkmk for administration of this site.

Change default password for cmkadmin if required

[[email protected] tmp]# su - checkmk
OMD[checkmk]:~$ htpasswd -m ~/etc/htpasswd cmkadmin
New password:
Re-type new password:
Updating password for user cmkadmin

Start Checkmk Service

[[email protected] tmp]# omd start checkmk
Starting mkeventd...OK
Starting rrdcached...OK
Starting npcd...OK
Starting nagios...OK
Starting apache...OK
Initializing Crontab...OK

Login via http://10.10.10.220/checkmk with default admin : cmkadmin and password generated during "omd create checkmk"

Install Checkmk Raw Edition

CheckMK-Install-02

Configure https access in Apache

Refer to the steps below to enable HTTPS Access

Install mod_ssl package for Apache

yum install mod_ssl
#Verify mod_ssl is loaded 
apachectl -M | grep ssl_module
	 ssl_module (shared)

Configure SSL Certificate

Let’s Encrypt wild card certificate is used

#Upload cert.cer & cert.key to CentOS 
scp cert.* [email protected]:/tmp
#Copy both SSL Cert to /etc/httpd/conf.d
cp /tmp/cert.* /etc/httpd/conf.d/
#Modify ssl.conf to point to the SSL Cert 
vi /etc/httpd/conf.d/ssl.conf 
	SSLCertificateFile /etc/httpd/conf.d/cert.cer
	SSLCertificateKeyFile /etc/httpd/conf.d/cert.key

Restart httpd service

systemctl restart httpd

You should be able to access https://checkmk.aventislab.com/checkmk now

Force Http to Https Redirect

Add the following to lines at the end of /etc/httpd/conf.d/welcome.conf

#Force HTTP to HTTPS Redirect
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%{HTTP_HOST}/$1 [L]

Redirect Home Page

Add the following to lines at the end of /etc/httpd/conf.d/welcome.conf to redirect https://check.aventislab.com to https://checkmk.aventislab.com/checkmk

#Redirect
Redirect / https://checkmk.aventislab.com/checkmk

Restart httpd service to apply the changes

systemctl restart httpd

Integration with Active Directory

Allow AD Users who is member of CMK_Admin Group to login to checkmk

Create a new LDAP Connection with unique ID under WATO – Users – LDAP Connections – New Connection

it will sync with AD Domain Controller every 5 minutes

Select Active Directory and enter the IP Address of AD Domain Controller . Check Bind Credential and enter the Credential of Domain Administrator

Enter User Base DN with Search Filter to sync users who are member of CMK_Admin Group only.

(&(objectclass=user)(objectcategory=person)(memberof=cn=CMK_Admin,CN=Users,DC=lab,DC=aventislab,DC=com))

Enable User-ID Attribute = samaccountname

Enter the DN for AD Group (CMK_Admin) with Search Filter and Member Attributes enabled

cn=cmk_admin,cn=users,dc=lab,dc=aventislab,dc=com

Click Save & Test to verify the connectivity with AD Domain Controller.

The members of CMK_Admin should displayed now. You can click Sync Users to force it to sync immediately

img

Assign Administrator Role to the LDAP User, and you can login with AD User now.

Optional Changes

  1. Change the default theme to Modem (Dark) – Optional

image-20200108160216573

Reference Links

  1. https://checkmk.com/cms_install_packages.html
  2. https://checkmk.com/cms_ldap.html

Top Posts & Pages

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to Top