check_mk

Check_MK installation and configuration

6,205 downloads

2,135 latest version

5.0 quality score

Version information

  • 0.10.0 (latest)
  • 0.9.1
  • 0.8.1
released Sep 19th 2020
This version is compatible with:
  • Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x
  • Puppet >= 5.5.8 < 7.0.0
  • RedHat
    ,
    CentOS
    ,
    Debian
    ,
    Ubuntu

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'puppet-check_mk', '0.10.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add puppet-check_mk
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install puppet-check_mk --version 0.10.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

puppet/check_mk — version 0.10.0 Sep 19th 2020

check_mk

License Build Status Puppet Forge Puppet Forge - downloads Puppet Forge - scores

Description

The module installs and configures the Open Monitoring Distribution (OMD) which includes Nagios, check_mk and lots of other tools. Beside the server component, the module is also able to install and configure the check_mk agent.

Originally by erwbgy, then forked by gnúbila France and now maintained by Vox Pupuli.

Setup

The module has been tested with:

  • CentOS 6 and 7;
  • Debian 8 and 9;
  • Puppet version 5 and Puppet 6;
  • check_mk version 1.5.x.

Also it requires the following forge modules:

  • puppetlabs/concat
  • puppetlabs/stdlib
  • camptocamp/systemd

Usage

Server

Basic usage

The following code will install check_mk and create one 'omd site'. Once this is done you should be able to access it by visiting:

http://<IP of the machine>/monitoring/

Debian 9:

class { 'check_mk':
  filestore => 'https://mathias-kettner.de/support/1.5.0p19/',
  package   => 'check-mk-raw-1.5.0p19_0.stretch_amd64.deb',
}

CentOS 7:

class { 'check_mk':
  filestore => 'https://mathias-kettner.de/support/1.5.0p19/',
  package   => 'check-mk-raw-1.5.0p19-el7-38.x86_64.rpm',
}

Before you are able to login you have to reset the default admin password:

su - monitoring
htpasswd -i ~/etc/passwd cmkadmin

Changing default site name

The following example changes the default site name from 'monitoring' to 'differentsitename'

class { 'check_mk':
  site => 'differentsitename',
}

Without direct internet access

For machines without direct internet connection a different 'filestore' is required. First download the required installation files on a machine with direct internet access and move the file onto the system (for example to: '/tmp').

class { 'check_mk':
  filestore => '/tmp',
  package   => 'check-mk-raw-1.5.0p19-el7-38.x86_64.rpm',
}

The puppet fileserver can also be used.

class { 'check_mk':
  filestore => 'puppet:///<NAME OF MOUNT POINT>',
  package   => 'check-mk-raw-1.5.0p19-el7-38.x86_64.rpm',
}

Agent

Basic usage

To install the check_mk agent a check_mk server needs to be up and running. Because the check_mk server will be used as a distribution point for the agent package.

Debian 9:

class { 'check_mk::agent':
  filestore => 'http://<url of the check_mk server>/monitoring/check_mk/agents/',
  package   => 'check-mk-agent_1.5.0p19-1_all.deb',
}

CentOS 7:

class { 'check_mk::agent':
  filestore => 'http://<url of the check_mk server>/monitoring/check_mk/agents/',
  package   => 'check-mk-agent-1.5.0p19-1.noarch.rpm',
}

Securing agent

The agent has the ability to implement a whitelist of check_mk servers to limited access only to those servers. To increase the security of the check_mk agent you can implement the following:

  • Encrypt communication with a secret. See the check_mk website for more information.
  • Implement whitelisting on the agent.
  • Implement a strict incoming firewall which only allows access on port 6556 from the check_mk server. The firewall can be configured using the puppetlabs/firewall module.

The following code implements a whitelist and a communication secret:

class { 'check_mk::agent':
  ip_whitelist      => ['10.0.0.1'],
  encryption_secret => 'SECRET',
}