The intention of this ansible role is to replicate some of the functionality from the OMD v2.X packages with focus on Checkmk RAW Edition. OMD hasn't updated Checkmk in years and finally removed it from version 3. So this role is going to install the following tools and pre-configure them:
- Checkmk RAW Edition
- Checkmk Master / Slave Configuration (optional)
- Dual Graphing pnp4nagios and InfluxDB/Grafana
- NSCA Daemon
- Mod-Gearman
- Gearman Job Server
- Thruk
- Granting default Checkmk User administrative permission
- Pre-configuring Checkmk Site in Thruk
- Grafana
- Histou
- Adding InfluxDB Nagflux datasource
- InfluxDB
- Pre-configuring Nagflux database
- Nagflux
- Single-Sign on for Checkmk / Thruk / Grafana (see Authentication)
- Multisite Authorization
With these tools installed Checkmk writes all performance data as pnp4nagios rrd graphs, viewable within Wato, and into an influxdb, viewable as Grafana graph template within Thruk. Of course the data within influxdb can also be used to create custom Grafana dashboards.
I assume you have a process in place to configure apache2 with a valid TLS configuration because by default all WebUIs are only accessible via http. A valid TLS configuration is out of scope of this role.
- Ubuntu 20.04
- Ubuntu 18.04
- CentOS 8 (only CheckMK, Thruk, Grafana and NSCA for now. Beta Status!)
RedHat based:
- python3-libsemanage
All variables are defined in defaults/main.yml.
Do not run this role on an already configured monitoring system without knowing what you are doing!
---
- hosts: checkmk_server
roles:
- Madic-.ansible-check_mk
vars:
- cmk_site_name: cmk
- cmk_mod_gearman_secret: YOURSECRETHERE
This role should be idempotent, like any other ansible role. Because of this I try to use locations for the configuration files which will not get overwritten when changing settings on the web interfaces of the different tools.
/etc/thruk/menu_local.conf
/etc/thruk/thruk_local.d/thruk_ansible.conf
Configurations located beneath /etc/thruk/thruk_local.d will not be shown in the Thruk WebUI, e.g. the backend configuration. If I would use /etc/thruk/thruk_local.conf changes done in the Thruk WebUI would get overwritten when running the role again.
/etc/grafana/provisioning/datasources/influxdb-nagflux.yml
Provisioning file for the nagflux database.
/etc/apache2/conf-enabled/grafana.conf
/etc/apache2/conf-enabled/histou.conf
This role enables basic authentication for Grafana and Thruk. The users can be managed in Wato as htpasswd users. By default no user, except for the user created through this role, has permission to access any information from within Thruk. To give another user permissions use the Thruk Config Tool --> "User Settings" or "CGI & Access" options. LDAP is not yet possible.
CheckMK ships with an nsca (Nagios Service Check Acceptor) daemon that does not support encryption. Because of this the role will by default compile nsca with encryption support and pre configures it with the installed CheckMK environment.
Because I tend to forget how and where the data gets processed, I did a small picture.
At first I intended to also provide a container, e.g. docker, image. But this role has so many moving parts and dependencies that it would take huge effort to create one or multiple images. Though I'm not reluctant if someone would work on it and would support it. At the moment I'm deploying it in LXC Containers.
Special thanks goes out to the people from Consol. Without their work this role wouldn't be possible.