An Ansible Role to install CheckMK RAW edition and set up an initial site.
This is a complete rebuild of the install-check_mk-server role I created and maintained for years, undertaken due to changes in CI/CD and naming conventions in Ansible Galaxy & CheckMK.
All tasks are tagged with checkmk-server.
I do NOT recommend the default configuration for unprotected connection directly to the Internet, as the server configuration includes un-encrypted HTTP access.
The following distributions have been tested automatically:
- Debian 10 "Buster"
- Debian 11 "Bullseye"
- Debian 12 "Bookworm"
- Ubuntu 20.04 LTS "Focal Fossa"
- Ubuntu 22.04 LTS "Jammy Jellyfish"
- Ubuntu 24.04 LTS "Noble Numbat"
For reference, "OMD" below stands for the Open Monitoring Distribution which is a predecessor of CheckMK RAW edition. Those "omd" commands were left in for backwards compatibility.
| CheckMK Raw Edition Version | Role Version/Tag |
|---|---|
| 2.3.0p21 | 1.0.96 |
| 2.3.0p20 | 1.0.95 |
| 2.3.0p19 | 1.0.94 |
| 2.3.0p18 | 1.0.93 |
| 2.3.0p17 | 1.0.92 |
If the server has a firewall enabled, it may need to be altered to allow incoming packets on TCP port 80 for the web portal access, and/or TCP port 514, plus UDP ports 162 & 514 for event console (syslog) input.
As with any modern Linux deployment, SELinux may come into play.
To fulfill these requirements, I recommend using another Ansible Role.
While this role does install the latest stable version of CheckMK, it does not apply any update commands to existing deployments. This is to avoid clobbering production sites and allow for oversight during upgrades.
These steps may be followed to enact an upgrade on a site named "test" after running a newer update of this role; change "test" to the name of the site you want to upgrade:
- Become the "test" user:
sudo omd su test - Stop the "test" site:
omd stop - Update the "test" site; to complete this step you need to interact with the text interface as well:
omd update - Start the "test" site:
omd start
If you have many sites to upgrade, the following one-liner may help. Just change the site variable declaration as needed:
site=test ; sudo omd stop $site ; sudo omd update $site ; sudo omd start $site
For the brave, the omd command does allow for fully-automated upgrades, which can then be executed via ansible like so (for a given group hq-cmk in the testing.ini inventory, a site named test, and upgrading to version 2.2.0p12 in this example):
ansible hq-cmk -b -i testing.ini -m shell -a "site=test ; omd stop $site ; omd -f -V 2.2.0p12.cre update --conflict=install $site ; omd start $site" -vvvv
In the same manner, older versions are left on the systems by this role and it is up to the administrator to remove unneeded versions. Use this command to remove all unneeded CheckMK versions: sudo omd cleanup
Some of these may be seem redundant but are specified so future users can override them with local variables as needed.
| Variable | Description | Default |
|---|---|---|
| checkmk_server_adminpw | Password for the cmkadmin user created for the test site; if left blank, the password for this user can be found in the checkmk_server_log_dest file created on the remote instance |
undefined |
| checkmk_server_base_url | Base URL that other URLs are based on | https://download.checkmk.com/checkmk |
| checkmk_server_cache_valid_time | Update the apt cache if it is older than this time, in seconds. | 3600 |
| checkmk_server_download | Filename of the source installation package | check-mk-raw-{{ checkmk_server_version }}_0.{{ ansible_distribution_release }}_amd64.deb |
| checkmk_server_download_dest | Final full path of the source installation package | "{{ checkmk_server_download_dest_folder }}/{{ checkmk_server_download }}" |
| checkmk_server_download_dest_folder | Destination folder of the source installation package | /opt |
| checkmk_server_download_mode | File mode settings of the source installation package | 0755 |
| checkmk_server_download_url | URL of the source installation package to download | "{{ checkmk_server_base_url }}/{{ checkmk_server_version }}/{{ checkmk_server_source }}" |
| checkmk_server_htpasswd_group | Name of the group that should own the htpasswd file, as would be fed to chown | "{{ checkmk_server_site }}" |
| checkmk_server_htpasswd_mode | File mode settings of the htpasswd file | 0660 |
| checkmk_server_htpasswd_name | Name of the user that will have their password set, if checkmk_server_adminpw is set |
cmkadmin |
| checkmk_server_htpasswd_owner | Name of the user that should own the htpasswd file, as would be fed to chown | "{{ checkmk_server_site }}" |
| checkmk_server_htpasswd_path | Final full path of the htpasswd file | /opt/omd/sites/{{ checkmk_server_site }}/etc/htpasswd |
| checkmk_server_install_package | Final full path of the installation package | "{{ checkmk_server_download_dest }}" |
| checkmk_server_key_url | URL of the public key for CheckMK | "{{ checkmk_server_base_url }}/Check_MK-pubkey.gpg" |
| checkmk_server_log_dest | Final full path of the OMD create log, which captures the cmkadmin password if checkmk_server_adminpw is not set |
/opt/omd/sites/{{ checkmk_server_site }}/omd-create.log |
| checkmk_server_log_group | Name of the group that should own the OMD create log, as would be fed to chown | "{{ checkmk_server_site }}" |
| checkmk_server_log_mode | File mode settings of the OMD create log | 0600 |
| checkmk_server_log_owner | Name of the user that should own the OMD create log, as would be fed to chown | "{{ checkmk_server_site }}" |
| checkmk_server_man_mode | File mode settings of the required man folder | 0755 |
| checkmk_server_man_path | Final full path of the required man folder | /usr/share/man/man8 |
| checkmk_server_omd_create_command | Command used to create a new OMD site | omd create {{ checkmk_server_site }} |
| checkmk_server_omd_create_creates | File created by creating a new OMD site | /opt/omd/sites/{{ checkmk_server_site }} |
| checkmk_server_omd_setup_command | Command used to set up OMD | omd setup |
| checkmk_server_omd_setup_creates | Folder created by setting up OMD | /opt/omd |
| checkmk_server_omd_start_command | Command used to start OMD | omd start {{ checkmk_server_site }} |
| checkmk_server_omd_start_creates | File created by starting OMD | /opt/omd/sites/{{ checkmk_server_site }}/tmp/apache/run/apache.pid |
| checkmk_server_prerequisites | Packages needed before installing CheckMK RAW edition | python3-apt python3-passlib |
| checkmk_server_site | Name of OMD "site" to create; this is often shown as my-site in the CheckMK documentation examples |
test |
| checkmk_server_version | Version of CheckMK RAW edition to install | 2.3.0p21 |
| checkmk_server_web_service | Name of the web service to start and enable | apache2 |
To enable multi-distro support, the role defines distro-specific variables with the include_vars and with_first_found mechanisms.
Description: SHA256 checksum of the source installation package
| Distribution | Default |
|---|---|
| Debian 10 "buster" | sha256:b7a29109ebed8b91b15c5666f73be22154200d918c13e25f97b8b7c3f5c2e242 |
| Debian 11 "bullseye" | sha256:67dba7b0dd96094130d73f99de1f50760da75e3d250fadfedbe7cb0ca451fdab |
| Debian 12 "bookworm" | sha256:ff44d81862c9a8a25e62c7a2be77b7bdb0c12b8839ece151e49c61fe1bf167a9 |
| Ubuntu 20.04 "focal" (default) | sha256:ab86a30893248970a401b256864c456a68d588a586854b8fca7624926831c457 |
| Ubuntu 22.04 "jammy" | sha256:51738025fae35368526aafa6edac294795e779dcc4ea1d8b2a6588771be66562 |
| Ubuntu 24.04 "noble" | sha256:b54da36fa246ee1a8717002962f2b085c1c6a0339f5e8837bc50b26caba85b67 |
None yet defined.
Example that enforces a specific password for the cmkadmin user:
- hosts: monitoring-servers
roles:
- { role: kso512.checkmk_server, checkmk_server_adminpw: "wintermute" }
GNU General Public License version 2
If you have any suggestions or ideas, please feel free to open an issue, or fork the repository and submit an merge request.
@kso512 with contributions to the original "install-check_mk-server" code from these helpful Github users: