Have a Question?
< All Topics
Print

Install Checkmk Raw Edition on CentOS 7

Posted
Updated
ByYongKW

Steps to install checkmk Raw Edition on CentOS 7 on VMware ESXi 6.7 Host

Preparation of CentOS 7 Host

  • Add EPEL Repository
  • Install open-vm-tools
  • Disabled SELinux & Firewalld
  • Install NTPd & wget
  • Reboot Server
#Add Extra Packages for Enterprise Linux 7 (EPEL) Repository 
yum install epel-release -y

#Update 
yum update

#Install open vm tools 
yum install -y open-vm-tools
ls /usr/bin/vmtoolsd 

#Disabled SELinux
vi /etc/sysconfig/selinux 
	SELINUX=disabled

#Disable Firewalld
systemctl disable firewalld
#If Disable Firewalld is NOT an option
#Allow inbound HTTP & HTTPS 
firewall-cmd --permanent --zone=public --add-port=80/tcp
firewall-cmd --permanent --zone=public --add-port=443/tcp
#Reload Firewalld
firewall-cmd --reload

#Install NTP
yum install ntp -y
systemctl start ntpd
systemctl enable ntpd

#Install wget 
yum install wget -y

#Reboot the server
reboot

Install CheckMK RAW Edition

  • Download and Install CheckMK RAW 1.6.0p7
  • Verify OMD is installed properly
cd /tmp
#It will take sometime to download depending on the Bandwidth -131MB 
wget https://checkmk.com/support/1.6.0p7/check-mk-raw-1.6.0p7-el7-38.x86_64.rpm

#Install - 770MB will all dependacy package required
yum install check-mk-raw-1.6.0p7-el7-38.x86_64.rpm

#Verify OMD is installed 
[root@checkmk tmp]# omd version
OMD - Open Monitoring Distribution Version 1.6.0p7.cre

Update chechmk to latest version

Verify existing version installed

[root@checkmk conf.d]# omd version
OMD - Open Monitoring Distribution Version 1.6.0p7.cre
[root@checkmk conf.d]# omd sites
SITE             VERSION          COMMENTS
checkmk          1.6.0p7.cre      default version

Download and install the latest version (check_mk_raw-1.6.0p9)

[root@checkmk tmp]# wget https://checkmk.com/support/1.6.0p9/check-mk-raw-1.6.0p9-el7-38.x86_64.rpm

[root@checkmk tmp]# yum install check-mk-raw-1.6.0p9-el7-38.x86_64.rpm

[root@checkmk tmp]# omd versions
1.6.0p7.cre
1.6.0p9.cre (default)

Upgrade existing site to latest version

[root@checkmk tmp]# omd sites
SITE             VERSION          COMMENTS
checkmk          1.6.0p7.cre
[root@checkmk tmp]# su - checkmk
Last login: Thu Mar 12 15:12:15 +08 2020 on pts/0
OMD[checkmk]:~$ omd stop
OMD[checkmk]:~$ omd update
OMD[checkmk]:~$ omd version
OMD - Open Monitoring Distribution Version 1.6.0p9.cre

Create a Site for checkmk

Create a new site called checkmk (You can name it differently)

[root@checkmk tmp]# omd create checkmk
Adding /opt/omd/sites/checkmk/tmp to /etc/fstab.
Creating temporary filesystem /omd/sites/checkmk/tmp...OK
Restarting Apache...OK
Created new site checkmk with version 1.6.0p7.cre.

  The site can be started with omd start checkmk.
  The default web UI is available at http://checkmk.aventislab.com/checkmk/

  The admin user for the web applications is cmkadmin with password: K3vCkKSG
  (It can be changed with 'htpasswd -m ~/etc/htpasswd cmkadmin' as site user.
)
  Please do a su - checkmk for administration of this site.

Change default password for cmkadmin if required

[root@checkmk tmp]# su - checkmk
OMD[checkmk]:~$ htpasswd -m ~/etc/htpasswd cmkadmin
New password:
Re-type new password:
Updating password for user cmkadmin

Start Checkmk Service

[root@checkmk tmp]# omd start checkmk
Starting mkeventd...OK
Starting rrdcached...OK
Starting npcd...OK
Starting nagios...OK
Starting apache...OK
Initializing Crontab...OK

Login via http://10.10.10.220/checkmk with default admin : cmkadmin and password generated during "omd create checkmk"

Install Checkmk Raw Edition

CheckMK-Install-02

Configure https access in Apache

Refer to the steps below to enable HTTPS Access

Install mod_ssl package for Apache

yum install mod_ssl
#Verify mod_ssl is loaded 
apachectl -M | grep ssl_module
	 ssl_module (shared)

Configure SSL Certificate

Let’s Encrypt wild card certificate is used

#Upload cert.cer & cert.key to CentOS 
scp cert.* [email protected]:/tmp
#Copy both SSL Cert to /etc/httpd/conf.d
cp /tmp/cert.* /etc/httpd/conf.d/
#Modify ssl.conf to point to the SSL Cert 
vi /etc/httpd/conf.d/ssl.conf 
	SSLCertificateFile /etc/httpd/conf.d/cert.cer
	SSLCertificateKeyFile /etc/httpd/conf.d/cert.key

Restart httpd service

systemctl restart httpd

You should be able to access https://checkmk.aventislab.com/checkmk now

Force Http to Https Redirect

Add the following to lines at the end of /etc/httpd/conf.d/welcome.conf

#Force HTTP to HTTPS Redirect
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%{HTTP_HOST}/$1 [L]

Redirect Home Page

Add the following to lines at the end of /etc/httpd/conf.d/welcome.conf to redirect https://check.aventislab.com to https://checkmk.aventislab.com/checkmk

#Redirect
Redirect / https://checkmk.aventislab.com/checkmk

Restart httpd service to apply the changes

systemctl restart httpd

Integration with Active Directory

Allow AD Users who is member of CMK_Admin Group to login to checkmk

Create a new LDAP Connection with unique ID under WATO – Users – LDAP Connections – New Connection

it will sync with AD Domain Controller every 5 minutes

Select Active Directory and enter the IP Address of AD Domain Controller . Check Bind Credential and enter the Credential of Domain Administrator

Enter User Base DN with Search Filter to sync users who are member of CMK_Admin Group only.

(&(objectclass=user)(objectcategory=person)(memberof=cn=CMK_Admin,CN=Users,DC=lab,DC=aventislab,DC=com))

Enable User-ID Attribute = samaccountname

Enter the DN for AD Group (CMK_Admin) with Search Filter and Member Attributes enabled

cn=cmk_admin,cn=users,dc=lab,dc=aventislab,dc=com

Click Save & Test to verify the connectivity with AD Domain Controller.

The members of CMK_Admin should displayed now. You can click Sync Users to force it to sync immediately

img

Assign Administrator Role to the LDAP User, and you can login with AD User now.

Email Notification

Install Sendmail SMTP Server for checkmk to send email notification

yum install epel-release
yum install sendmail sendmail-cf m4 -y

#Verify Sendmail is installed
rpm -qa | grep sendmail
sendmail-cf-8.14.7-6.el7.noarch
sendmail-8.14.7-6.el7.x86_64

Masquerade Sender Address In Sendmail

The email send from sendmail will have a default address of host.domain, like [email protected].

Steps to change the email address format to @aventislab.com

Comment out the following MASQUERADE_XXXX in /etc/mail/sendmail.mc

[root@checkmk mail]# grep 'MASQUERADE' /etc/mail/sendmail.mc
dnl # MASQUERADE_AS(`teraju.gov.my')dnl
dnl # MASQUERADE_DOMAIN(localhost)dnl
dnl # MASQUERADE_DOMAIN(localhost.localdomain)dnl
dnl # MASQUERADE_DOMAIN(mydomainalias.com)dnl
dnl # MASQUERADE_DOMAIN(mydomain.lan)dnl

Enable domaintable & Genericstable feature in /etc/mail/sendmail.mc by adding the following lines before MAILER(smtp)dnl

[root@checkmk]# vi /etc/mail/sendmail.mc

FEATURE(domaintable)
FEATURE(`genericstable',`hash -o /etc/mail/genericstable.db')dnl
GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl

Add the external email domain to /etc/mail/domaintable

[root@checkmk]# vi /etc/mail/domaintable

# The "domain table" can be used to provide domain name mapping.
# Use of this should really be limited to your own domains.
# It may be useful if you change names (e.g., your company
# changes names from oldname.com to newname.com)

checkmk.aventislab.com aventislab.com

Add the external email domain to /etc/mail/generics-domains

[root@checkmk]# vi /etc/mail/generics-domains
aventislab.com

Map user email address in /etc/mail/genericstable

[root@checkmk ~]# vi /etc/mail/genericstable
root [email protected]

Regenerate the sendmail.cf and restart sendmail service

[root@checkmk ~]# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
[root@checkmk ~]# systemctl restart sendmail.service

The sendmail.cf configuration file is generated automatically from a much shorter file called sendmail.mc. This file contains special macros that are processed by a program called m4. The m4 program reads the macros in the sendmail.mc file and expands them to create the actual sendmail.cf file.

Send a test email to [email protected] to verify the sender address is show as [email protected]

[root@checkmk ~]# echo "Subject: sendmail test" | sendmail -v [email protected]

Relay via Smarthost

Add the line in /etc/mail/sendmail.mc to send email via smtp2go.com

define(`RELAY_MAILER_ARGS',`TCP $h 25')dnl
define(`SMART_HOST', `mail.smtp2go.com')dnl

Restart Sendmail

[root@checkmk ~]# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
[root@checkmk ~]# systemctl restart sendmail.service

Verify email is send via smtp2go.com now

# tail -n 100 /var/log/maillog
Nov 13 07:56:29 checkmk sendmail[15245]: 0ACNuTkD015245: [email protected],[email protected], [email protected] (998/1000), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=67851, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (0ACNuTJn015246 Message accepted for delivery)
Nov 13 07:56:31 checkmk sendmail[15248]: STARTTLS=client, relay=mail.smtp2go.com., version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
Nov 13 07:56:32 checkmk sendmail[15248]: 0ACNuTJn015246: to=<[email protected]>,<[email protected]>, delay=00:00:03, xdelay=00:00:03, mailer=relay, pri=158172, relay=mail.smtp2go.com. [45.63.29.157], dsn=2.0.0, stat=Sent (OK id=1kdMS8-RyuQ5p-6W)

Email Notification in CHECKMK

Assign Email Address to checkmk admin in WATO – CONFIGURATION – Users

Send a Test Email Notification to the email address configured for cmkadmin

Email Notification send from checkmk

Optional Changes

  1. Change the default theme to Modem (Dark) – Optional

image-20200108160216573

Reference Links

  1. https://checkmk.com/cms_install_packages.html
  2. https://checkmk.com/cms_ldap.html
Table of Contents
Scroll to Top