This guide provides a complete Ansible playbook to install checkmk Raw Edition with proper repository configuration, site creation, and agent deployment.
Current checkmk version: 2.4.0p22
Create a file named checkmk.yml:
---
- name: Install and Configure checkmk Raw Edition
hosts: checkmk
become: true
vars:
checkmk_version: "2.4.0p22"
checkmk_edition: "cre" # cre (Raw Edition) or cee (Enterprise Edition)
checkmk_site: "mysite"
checkmk_admin_user: "cmkadmin"
checkmk_admin_password: "checkmk_admin_123" # Change this!
checkmk_port: 80
tasks:
- name: Install prerequisites (Debian/Ubuntu)
apt:
name:
- apt-transport-https
- software-properties-common
- wget
- gnupg2
- libapache2-mod-wsgi-py3
- apache2
- php
- php-apcu
- php-gd
- php-ldap
- php-snmp
- php-mysql
- php-curl
- python3-pip
- python3-dev
- librrd-dev
- rrdtool
state: present
update_cache: true
when: ansible_os_family == "Debian"
- name: Install prerequisites (RHEL/CentOS)
yum:
name:
- wget
- gnupg2
- mod_wsgi
- httpd
- php
- php-gd
- php-ldap
- php-snmp
- php-mysqlnd
- php-curl
- python3-pip
- python3-devel
- rrdtool-devel
- rrdtool
state: present
when: ansible_os_family == "RedHat"
- name: Add checkmk APT key (Debian/Ubuntu)
apt_key:
url: "https://checkmk.com/support/GPG-KEY-checkmk"
state: present
when: ansible_os_family == "Debian"
- name: Add checkmk APT repository (Debian/Ubuntu)
apt_repository:
repo: "deb https://checkmk.com/support/{{ checkmk_version }}/{{ checkmk_edition }}/debian {{ ansible_distribution_release }} main"
state: present
filename: checkmk
when: ansible_os_family == "Debian"
- name: Add checkmk YUM repository (RHEL/CentOS)
yum_repository:
name: checkmk
description: checkmk Repository
baseurl: "https://checkmk.com/support/{{ checkmk_version }}/{{ checkmk_edition }}/rhel/{{ ansible_distribution_major_version }}/x86_64/"
gpgcheck: true
gpgkey: "https://checkmk.com/support/GPG-KEY-checkmk"
enabled: true
when: ansible_os_family == "RedHat"
- name: Install checkmk Raw Edition (Debian/Ubuntu)
apt:
name: "check-mk-raw-{{ checkmk_version }}"
state: present
update_cache: true
when: ansible_os_family == "Debian"
- name: Install checkmk Raw Edition (RHEL/CentOS)
yum:
name: "check-mk-raw-{{ checkmk_version }}"
state: present
when: ansible_os_family == "RedHat"
- name: Create checkmk site
command: >
omd create {{ checkmk_site }}
--admin-password {{ checkmk_admin_password }}
args:
creates: "/omd/sites/{{ checkmk_site }}"
become: true
become_user: root
- name: Configure Apache for checkmk
command: omd-configure-apache2 {{ checkmk_site }}
args:
creates: "/etc/apache2/conf-enabled/{{ checkmk_site }}.conf"
when: ansible_os_family == "Debian"
failed_when: false
- name: Enable Apache rewrite module (Debian/Ubuntu)
apache2_module:
name: rewrite
state: present
when: ansible_os_family == "Debian"
- name: Enable Apache headers module
apache2_module:
name: headers
state: present
when: ansible_os_family == "Debian"
- name: Restart Apache (Debian/Ubuntu)
systemd:
name: apache2
enabled: true
state: restarted
when: ansible_os_family == "Debian"
- name: Restart httpd (RHEL/CentOS)
systemd:
name: httpd
enabled: true
state: restarted
when: ansible_os_family == "RedHat"
- name: Configure firewall (UFW)
ufw:
rule: allow
port: "{{ checkmk_port }}"
proto: tcp
comment: "checkmk web interface"
when: ansible_os_family == "Debian"
failed_when: false
- name: Configure firewall (firewalld)
firewalld:
service: "{{ item }}"
permanent: true
immediate: true
state: enabled
loop:
- http
- https
when: ansible_os_family == "RedHat"
failed_when: false
- name: Start checkmk site
command: omd start {{ checkmk_site }}
args:
creates: "/omd/sites/{{ checkmk_site }}/tmp/pids/live"
- name: Wait for checkmk to start
wait_for:
path: "/omd/sites/{{ checkmk_site }}/tmp/pids/live"
delay: 5
timeout: 60
- name: Display checkmk status
debug:
msg: |
checkmk {{ checkmk_version }} installed successfully!
Web Interface: http://{{ ansible_default_ipv4.address | default(ansible_host) }}/{{ checkmk_site }}
Username: {{ checkmk_admin_user }}
Password: {{ checkmk_admin_password }}
IMPORTANT: Change the default password after first login!
Site directory: /omd/sites/{{ checkmk_site }}
---
checkmk:
hosts:
checkmk-server:
ansible_host: 192.168.1.106
ansible_user: ansible
ansible_become: true
# Test connectivity
ansible all -i inventory.yml -m ping
# Run the checkmk playbook
ansible-playbook -i inventory.yml checkmk.yml
# Run with custom admin password
ansible-playbook -i inventory.yml checkmk.yml -e "checkmk_admin_password=MySecureP@ss123"
# Check site status
ssh checkmk-server "sudo omd status {{ checkmk_site }}"
# Test web interface
curl -I http://checkmk-server/{{ checkmk_site }}
# Access web UI
# http://checkmk-server/{{ checkmk_site }}
- name: Add hosts to checkmk
hosts: checkmk
become: true
become_user: "{{ checkmk_site }}"
vars:
checkmk_site: "mysite"
tasks:
- name: Add host to checkmk
shell: |
cmk -I {{ item.name }}
cmk -A {{ item.name }}
loop: "{{ hosts_to_monitor }}"
register: add_host_result
- name: Discover services on host
shell: |
cmk -I {{ item.name }}
loop: "{{ hosts_to_monitor }}"
register: discover_result
- name: Activate changes
shell: |
cmk -O -B
register: activate_result
- name: Display host addition status
debug:
msg: "Added {{ hosts_to_monitor | length }} hosts to checkmk"
- name: Deploy checkmk Agent to monitored hosts
hosts: monitored_hosts
become: true
vars:
checkmk_server: "192.168.1.106"
checkmk_site: "mysite"
tasks:
- name: Download checkmk agent
get_url:
url: "http://{{ checkmk_server }}/{{ checkmk_site }}/check_mk/agents/check-mk-agent_{{ checkmk_version }}-1_all.deb"
dest: /tmp/check-mk-agent.deb
mode: '0644'
when: ansible_os_family == "Debian"
failed_when: false
- name: Download checkmk agent (RHEL)
get_url:
url: "http://{{ checkmk_server }}/{{ checkmk_site }}/check_mk/agents/check-mk-agent-{{ checkmk_version }}-1.noarch.rpm"
dest: /tmp/check-mk-agent.rpm
mode: '0644'
when: ansible_os_family == "RedHat"
failed_when: false
- name: Install checkmk agent (Debian/Ubuntu)
apt:
deb: /tmp/check-mk-agent.deb
state: present
when: ansible_os_family == "Debian"
failed_when: false
- name: Install checkmk agent (RHEL/CentOS)
yum:
name: /tmp/check-mk-agent.rpm
state: present
when: ansible_os_family == "RedHat"
failed_when: false
- name: Configure checkmk agent
lineinfile:
path: /etc/xinetd.d/check_mk
regexp: "^only_from"
line: " only_from = {{ checkmk_server }}"
when: ansible_os_family == "Debian"
failed_when: false
- name: Restart xinetd
systemd:
name: xinetd
enabled: true
state: restarted
when: ansible_os_family == "Debian"
failed_when: false
- name: Configure firewall for agent
ufw:
rule: allow
port: 6556
proto: tcp
comment: "checkmk agent"
when: ansible_os_family == "Debian"
failed_when: false
- name: Configure email notifications in checkmk
hosts: checkmk
become: true
become_user: "{{ checkmk_site }}"
vars:
checkmk_site: "mysite"
smtp_server: "smtp.example.com"
smtp_port: 587
smtp_user: "checkmk@example.com"
smtp_password: "smtp_password"
admin_email: "admin@example.com"
tasks:
- name: Configure mail settings
copy:
dest: "/omd/sites/{{ checkmk_site }}/etc/check_mk/conf.d/mail.mk"
owner: "{{ checkmk_site }}"
group: "{{ checkmk_site }}"
mode: '0644'
content: |
# Mail configuration for checkmk
notification_mail_from = "checkmk@{{ ansible_fqdn | default(ansible_hostname) }}"
smtp_server = "{{ smtp_server }}"
smtp_port = {{ smtp_port }}
smtp_user = "{{ smtp_user }}"
smtp_password = "{{ smtp_password }}"
use_tls = True
- name: Configure contact group
copy:
dest: "/omd/sites/{{ checkmk_site }}/etc/check_mk/conf.d/contactgroups.mk"
owner: "{{ checkmk_site }}"
group: "{{ checkmk_site }}"
mode: '0644'
content: |
contactgroups["admin"] = {
"alias": "Administrators",
"members": ["admin"],
}
- name: Configure contact
copy:
dest: "/omd/sites/{{ checkmk_site }}/etc/check_mk/conf.d/contacts.mk"
owner: "{{ checkmk_site }}"
group: "{{ checkmk_site }}"
mode: '0644'
content: |
contacts["admin"] = {
"alias": "Administrator",
"email": "{{ admin_email }}",
"contactgroups": ["admin"],
}
- name: Reload checkmk configuration
shell: |
cmk -O -B
- name: Configure automatic service discovery
hosts: checkmk
become: true
become_user: "{{ checkmk_site }}"
vars:
checkmk_site: "mysite"
tasks:
- name: Create discovery rules
copy:
dest: "/omd/sites/{{ checkmk_site }}/etc/check_mk/conf.d/discovery.mk"
owner: "{{ checkmk_site }}"
group: "{{ checkmk_site }}"
mode: '0644'
content: |
# Automatic service discovery rules
discovery_checks_default = {
"state": {
"value": "warn",
},
"service_labels": [],
"host_labels": [],
"conditions": [],
}
- name: Run service discovery on all hosts
shell: |
cmk -I
register: discovery_result
- name: Activate discovered services
shell: |
cmk -O -B
when: discovery_result.rc == 0
# Check site status
sudo omd status mysite
# Check logs
sudo tail -f /omd/sites/mysite/var/log/live/rrdcached.log
sudo tail -f /omd/sites/mysite/var/log/nagios.log
# Restart site
sudo omd restart mysite
# Check Apache logs
sudo tail -f /var/log/apache2/error.log # Debian/Ubuntu
sudo tail -f /var/log/httpd/error_log # RHEL/CentOS
# Verify site configuration
sudo omd config mysite
# Check PHP configuration
php -i | grep -i memory_limit
# Test agent from server
cmk -D hostname
# Check agent connection
telnet hostname 6556
# Force agent check
cmk -I hostname
omd backupBeyond this playbook, we offer:
Contact our automation team: office@linux-server-admin.com