This guide provides a complete Ansible playbook to install Thruk from official repositories with proper configuration for multi-backend monitoring web interface.
Current Thruk version: 2.98
Create a file named thruk.yml:
---
- name: Install and Configure Thruk
hosts: thruk
become: true
vars:
thruk_version: "2.98"
thruk_port: 80
thruk_config_dir: "/etc/thruk"
thruk_user: "www-data"
thruk_admin_user: "thrukadmin"
thruk_admin_password: "thruk_admin_123" # Change this!
monitoring_backend: "naemon" # Options: naemon, nagios, icinga, shinken
backend_url: "http://localhost/cgi-bin/status.cgi"
tasks:
- name: Add Thruk repository (Debian/Ubuntu)
apt_repository:
repo: "deb http://deb.thruk.org/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} thruk"
state: present
filename: thruk
when: ansible_os_family == "Debian"
- name: Add Thruk GPG key (Debian/Ubuntu)
apt_key:
url: http://deb.thruk.org/thruk.asc
state: present
when: ansible_os_family == "Debian"
- name: Install Thruk (Debian/Ubuntu)
apt:
name:
- thruk
- thruk-common
state: present
update_cache: true
when: ansible_os_family == "Debian"
- name: Install EPEL repository (RHEL/CentOS)
yum:
name: epel-release
state: present
when: ansible_os_family == "RedHat"
- name: Install Thruk (RHEL/CentOS)
yum:
name: thruk
state: present
enablerepo: "epel"
when: ansible_os_family == "RedHat"
- name: Create Thruk configuration directory
file:
path: "{{ thruk_config_dir }}"
state: directory
owner: root
group: root
mode: '0755'
- name: Configure Thruk main settings
lineinfile:
path: "{{ thruk_config_dir }}/thruk.conf"
regexp: "^#?{{ item.key }}"
line: "{{ item.key }} {{ item.value }}"
loop:
- { key: 'backends', value: '{{ backend_url }}' }
- { key: 'thruk_user', value: '{{ thruk_user }}' }
- { key: 'apache_port', value: '{{ thruk_port }}' }
- name: Configure authentication
lineinfile:
path: "{{ thruk_config_dir }}/thruk.conf"
regexp: "^#?auth_type"
line: "auth_type htpasswd"
insertafter: EOF
- name: Configure htpasswd file
lineinfile:
path: "{{ thruk_config_dir }}/thruk.conf"
regexp: "^#?htpasswd_file"
line: "htpasswd_file {{ thruk_config_dir }}/htpasswd"
insertafter: EOF
- name: Create htpasswd file for Thruk admin
htpasswd:
path: "{{ thruk_config_dir }}/htpasswd"
name: "{{ thruk_admin_user }}"
password: "{{ thruk_admin_password }}"
owner: root
group: root
mode: '0640'
- name: Configure Apache for Thruk (Debian/Ubuntu)
copy:
dest: /etc/apache2/sites-available/thruk.conf
owner: root
group: root
mode: '0644'
content: |
<VirtualHost *:{{ thruk_port }}>
ServerName {{ ansible_fqdn | default(ansible_hostname) }}
DocumentRoot /usr/share/thruk/htdocs
<Directory /usr/share/thruk/htdocs>
Options None
AllowOverride None
Require all granted
AuthType Basic
AuthUserFile {{ thruk_config_dir }}/htpasswd
AuthName "Thruk Monitoring"
Require valid-user
</Directory>
ScriptAlias /thruk/cgi-bin/ /usr/share/thruk/cgi-bin/
<Directory /usr/share/thruk/cgi-bin>
AllowOverride None
Options +ExecCGI -Indexes
Require all granted
</Directory>
</VirtualHost>
when: ansible_os_family == "Debian"
- name: Enable Thruk site (Debian/Ubuntu)
command: a2ensite thruk
args:
creates: /etc/apache2/sites-enabled/thruk.conf
when: ansible_os_family == "Debian"
- name: Restart Apache (Debian/Ubuntu)
systemd:
name: apache2
enabled: true
state: restarted
when: ansible_os_family == "Debian"
- name: Restart httpd (RHEL/CentOS)
systemd:
name: httpd
enabled: true
state: restarted
when: ansible_os_family == "RedHat"
- name: Configure firewall (UFW)
ufw:
rule: allow
port: "{{ thruk_port }}"
proto: tcp
comment: "Thruk web interface"
when: ansible_os_family == "Debian"
failed_when: false
- name: Configure firewall (firewalld)
firewalld:
service: "{{ item }}"
permanent: true
immediate: true
state: enabled
loop:
- http
- https
when: ansible_os_family == "RedHat"
failed_when: false
- name: Verify Thruk installation
command: thruk_server --version
register: thruk_version_check
changed_when: false
failed_when: false
- name: Display Thruk status
debug:
msg: |
Thruk {{ thruk_version }} installed successfully!
Web Interface: http://{{ ansible_default_ipv4.address | default(ansible_host) }}/thruk/
Username: {{ thruk_admin_user }}
Password: {{ thruk_admin_password }}
IMPORTANT: Change the default password after first login!
Configuration directory: {{ thruk_config_dir }}
Backend: {{ monitoring_backend }}
---
thruk:
hosts:
thruk-server:
ansible_host: 192.168.1.119
ansible_user: ansible
ansible_become: true
# Test connectivity
ansible all -i inventory.yml -m ping
# Run the Thruk playbook
ansible-playbook -i inventory.yml thruk.yml
# Run with custom admin password
ansible-playbook -i inventory.yml thruk.yml \
-e "thruk_admin_password=MySecureP@ss123"
# Check Thruk version
ssh thruk-server "thruk_server --version"
# Test web interface
curl -I http://thruk-server/thruk/
# Access web UI
# http://thruk-server/thruk/
- name: Configure Thruk with multiple backends
hosts: thruk
become: true
vars:
thruk_config_dir: "/etc/thruk"
backends:
- name: naemon-primary
url: "http://192.168.1.10/cgi-bin/status.cgi"
- name: nagios-secondary
url: "http://192.168.1.11/nagios/cgi-bin/status.cgi"
tasks:
- name: Configure multiple backends
copy:
dest: "{{ thruk_config_dir }}/backends.conf"
owner: root
group: root
mode: '0644'
content: |
# Thruk Multiple Backends Configuration
{% for backend in backends %}
<backend "{{ backend.name }}">
url {{ backend.url }}
</backend>
{% endfor %}
- name: Update main config to include backends
lineinfile:
path: "{{ thruk_config_dir }}/thruk.conf"
regexp: "^#?include"
line: "include {{ thruk_config_dir }}/backends.conf"
insertafter: EOF
- name: Restart Apache
systemd:
name: "{{ 'apache2' if ansible_os_family == 'Debian' else 'httpd' }}"
state: restarted
- name: Configure Thruk LDAP authentication
hosts: thruk
become: true
vars:
thruk_config_dir: "/etc/thruk"
ldap_server: "ldap.example.com"
ldap_base_dn: "dc=example,dc=com"
ldap_bind_dn: "cn=admin,dc=example,dc=com"
ldap_bind_password: "ldap_password"
ldap_user_filter: "(uid=%s)"
tasks:
- name: Update Thruk config for LDAP
lineinfile:
path: "{{ thruk_config_dir }}/thruk.conf"
regexp: "^#?{{ item.key }}"
line: "{{ item.key }} {{ item.value }}"
loop:
- { key: 'auth_type', value: 'ldap' }
- { key: 'ldap_host', value: '{{ ldap_server }}' }
- { key: 'ldap_base', value: '{{ ldap_base_dn }}' }
- { key: 'ldap_binddn', value: '{{ ldap_bind_dn }}' }
- { key: 'ldap_bindpw', value: '{{ ldap_bind_password }}' }
- { key: 'ldap_filter', value: '{{ ldap_user_filter }}' }
- name: Restart Apache
systemd:
name: "{{ 'apache2' if ansible_os_family == 'Debian' else 'httpd' }}"
state: restarted
- name: Configure Thruk reporting
hosts: thruk
become: true
vars:
thruk_config_dir: "/etc/thruk"
tasks:
- name: Enable reporting features
lineinfile:
path: "{{ thruk_config_dir }}/thruk.conf"
regexp: "^#?{{ item.key }}"
line: "{{ item.key }} {{ item.value }}"
loop:
- { key: 'enable_availability_report', value: '1' }
- { key: 'enable_trends_report', value: '1' }
- { key: 'enable_alert_report', value: '1' }
- { key: 'enable_history_report', value: '1' }
- name: Configure report settings
blockinfile:
path: "{{ thruk_config_dir }}/thruk.conf"
marker: "# {mark} REPORT SETTINGS"
block: |
# Report Settings
report_timezone UTC
report_date_format Y-m-d
report_time_format H:i:s
- name: Restart Apache
systemd:
name: "{{ 'apache2' if ansible_os_family == 'Debian' else 'httpd' }}"
state: restarted
# Check Apache logs
sudo tail -f /var/log/apache2/error.log # Debian/Ubuntu
sudo tail -f /var/log/httpd/error_log # RHEL/CentOS
# Check Thruk logs
sudo tail -f /var/log/thruk/thruk.log
# Verify configuration
sudo thruk_server --verify
# Test backend connection
curl -I http://localhost/cgi-bin/status.cgi
# Check backend status
sudo systemctl status naemon
# Verify backend URL in config
sudo cat /etc/thruk/thruk.conf | grep backends
# Test htpasswd file
sudo cat /etc/thruk/htpasswd
# Test LDAP connection
ldapsearch -x -H ldap://ldap.example.com -b "dc=example,dc=com" "(uid=testuser)"
# Check Apache auth logs
sudo tail -f /var/log/apache2/access.log | grep -i auth
We develop tailored automation solutions for:
Let’s discuss your requirements: office@linux-server-admin.com | Contact