Introduction
Checkmk is a monitoring application that keeps track of your servers, networks, containers, databases, and installed applications. It follows the client-server model and offers a web dashboard through which you can track the uptime and status of configured hosts.
This article explains how you can monitor servers in a RCS Virtual Private Cloud (VPC) using Checkmk. After installing Checkmk on the main VPC server, it explains how to monitor three server instances, running Ubuntu 22.04, Rocky Linux 8, and Windows 2022 respectively, on a single VPC network. The VPC and all three server instances must be in the same RCS location.
Prerequisites
To complete this guide, you'll need a registered domain name and ability to update DNS for that domain.
Preliminary Steps
- Choose a RCS location and deploy a Virtual Private Cloud (VPC).
- Deploy two servers instances: Ubuntu 22.04 and Rocky Linux 8. The Ubuntu server is the main Checkmk server.
> Note: Make sure to attach the VPC when deploying these so that
cloud-init
can configure the VPC network adapters for you. - Deploy a Windows 2022 server.
- Windows does not use cloud-init, so you need to manually configure the VPC after deployment. After you complete this step, all three servers are connected to the same VPC and can ping each other.
- Create a non-root user with sudo rights on the Ubuntu and Rocky Linux servers.
- Set up NTP on Ubuntu and Rocky Linux to ensure that all monitoring functions use the correct system time.
1. Install Checkmk on the main VPC Server
In this step, you'll install Checkmk on the Ubuntu server, which will monitor the other hosts attached to the VPC.
Create a domain A record that points a fully-qualified domain name (FQDN) to the Ubuntu server's IP address. This guide uses the example FQDN checkmk.example.com
. See our guide if you use RCS DNS.
SSH to the server and log in as a non-root user with sudo rights.
$ ssh example-user@192.0.2.1
Update the server.
$ sudo apt update
Change the server hostname to your domain name.
$ sudo hostnamectl set-hostname checkmk.example.com
Download the latest Checkmk release file for Ubuntu from the official website.
$ wget https://download.checkmk.com/checkmk/2.1.0p8/check-mk-raw-2.1.0p8_0.jammy_amd64.deb
Install the Checkmk package on your server.
$ sudo dpkg -i check-mk-raw-2.1.0p8_0.jammy_amd64.deb
Enter
Y
to install all necessary dependencies on your server.If you receive any errors, run the following command and enter
yes
to install missing dependencies.$ sudo apt --fix-broken install
Verify that Checkmk is properly installed by querying the installed
omd
version.$ omd version
Output:
OMD - Open Monitoring Distribution Version 2.1.0p8.cre
2. Create a Checkmk Monitoring Site
Create your first Checkmk monitoring site. Replace
myvpc-site
with your preferred site name.$ sudo omd create myvpc_site
Output:
Creating temporary filesystem /omd/sites/myvpc_site/tmp...OK Updating core configuration... Generating configuration for core (type nagios)... Precompiling host checks...OK Executing post-create script "01_create-sample-config.py"...OK Restarting Apache...OK Created new site myvpc_site with version 2.1.0p8.cre. The site can be started with omd start myvpc_site. The default web UI is available at http://checkmk.example.com/myvpc_site/ The admin user for the web applications is cmkadmin with password: Tcbhseyf For command line administration of the site, log in with 'omd su myvpc_site'. After logging in, you can change the password for cmkadmin with 'htpasswd etc/htpasswd cmkadmin'.
Keep note of your assigned administrator username and password. If you changed the server hostname to your domain, a full working URL should display in the command output.
Start the Checkmk site.
$ sudo omd start myvpc_site
3. Security
By default, Checkmk receives agent requests on port 8000
for the first site and increments the port number per extra site created.
Allow port 8000 through the firewall.
$ sudo ufw allow 8000/tcp
Allow the Apache HTTP Port
80
to enable access to the Checkmk web interface.$ sudo ufw allow 80/tcp
Allow HTTPS connections on port
443
.$ sudo ufw allow 443/tcp
Restart the firewall to save changes.
$ sudo ufw reload
4. Enable HTTPS
Using a text editor, edit the default Apache virtual host file.
$ sudo nano /etc/apache2/sites-available/000-default.conf
Find the following commented directive.
#ServerName www.example.com
Uncomment it, and enter your domain name.
ServerName checkmk.example.com
Restart Apache.
$ sudo service apache2 restart
Install the Certbot Let's Encrypt client.
$ sudo snap install --classic certbot
Request for a free SSL certificate. Replace
checkmk.example.com
with your domain name, andhello@example.com
with your email address.$ sudo certbot --apache -d checkmk.example.com -m hello@example.com --agree-tos
Test SSL certificate auto-renewal.
$ sudo certbot renew --dry-run
Restart Apache to save changes.
$ sudo service apache2 restart
5. Set up the Checkmk Server
Using your preferred desktop web browser, visit your Checkmk site.
https://checkmk.example.com/myvpc_site
Log in with the administrator username
cmkadmin
, and the random password generated by the installer.- On the main Checkmk web dashboard, click Setup on the left navigation menu.
- Find and click Users from the sub-menu options.
- Click the Pencil icon to edit the Cmkadmin user information.
- Enter your email in the Email address field.
- Navigate to the Security section, and enter a new strong password in the Authentication fields.
- Click Save, and locate the 1 change orange warning on the top right to activate changes.
- To create any additional user accounts, click Add user and fill in the new user form.
Note that you can delete the
cmkadmin
user account when you create a new administrator, but should not delete theautomation
user as it’s used with automation tools.
6. Configure Monitoring Agents
Checkmk uses monitoring agents to send and receive vital information on all system services. You can download a monitoring agent directly from the main Checkmk server and install it on your target client in the VPC network.
- Navigate to the Checkmk Web dashboard and click Setup.
- Select your Linux under the Agents sub-menu option.
- Find the
check-mk-agent-<version>.noarch.rpm
file, right click and select Copy Link Address from your list of browser options to copy it to the clipboard. - Access your Rocky Linux 8 server to install the file.
7. Setup Checkmk monitoring on Rocky Linux
SSH and log in to the Rocky Linux 8 server as a non-root sudo user.
$ ssh example-user@192.0.2.1
Download the Checkmk monitoring agent from your main Checkmk server.
$ wget https://checkmk.example.com/myvpc-site/check_mk/agents/check-mk-agent-2.1.0p6-1.noarch.rpm
Install the Checkmk agent package.
$ sudo dnf install check-mk-agent-2.1.0p6-1.noarch.rpm
Verify that the agent is installed.
$ check_mk_agent
Your output should look similar to:
<<<job>>> <<<chrony:cached(1658403210,30)>>> Reference ID : 94253D12 (2001:19f0:200:144b::1000) Stratum : 3 Ref time (UTC) : Thu Jul 21 11:31:06 2022 System time : 0.000072729 seconds fast of NTP time Last offset : +0.000043839 seconds RMS offset : 0.000704368 seconds Frequency : 18.389 ppm fast Residual freq : +0.001 ppm Skew : 0.017 ppm Root delay : 0.081640661 seconds Root dispersion : 0.009934294 seconds Update interval : 1030.7 seconds Leap status : Normal <<<local:sep(0)>>>
Configure the Rocky Linux Firewall
By default, Firewalld is active on Rocky Linux. Follow these steps to allow the Checkmk agent to receive monitoring requests on the default port 6556
over the VPC network.
Create a new zone. Replace
myVPC
with your preferred label.$ sudo firewall-cmd --new-zone=myVPC --permanent
Assign the zone to the VPC network.
$ sudo firewall-cmd --zone=myVPC --add-source=10.24.96.0/20 --permanent
Allow the Checkmk agent port
6556
on the zone.$ sudo firewall-cmd --zone=myVPC --add-port=6556/tcp --permanent
Restart the firewall to save changes.
$ sudo firewall-cmd --reload
8. Add the Rocky Linux Host to the Checkmk Server
In a web browser, access the Checkmk server.
https://checkmk.example.com/myvpc_site
Navigate to Setup, and click Hosts.
- Click Add host to the monitoring.
- In the Hostname field, enter your first monitoring agent hostname.
- Toggle IPV4 address, and enter your Rocky Linux VPC address.
- Click Save & go to service configuration to scan all services available on the server.
- All available services are ready for monitoring, click Accept all to save the host.
9. Set up Checkmk Monitoring on Windows Server
- Use the Remote Desktop Protocol (RDP) to connect to the remote RCS Windows Server as an Administrative user.
- Open the Microsoft Edge web browser from the Windows Start Menu.
Enter your Checkmk server address in the URL bar.
https://checkmk.example.com/myvpc_site
Log in to the Checkmk server using your administrator username and password.
- Navigate to Setup, and click Windows in the Agents sub-menu.
- In the Packaged Agents section, click checkmkagent.msi to download the package.
- Open the Checkmk package to install it on your server.
- In the installation wizard, click Next, accept the product license agreement, select Clean installation, and follow all prompts to finish installation on your Windows Server.
- From the Windows Start menu, open the windows command prompt by expanding the Windows System group.
Enter the following command to verify that the Checkmk agent is properly installed.
> "C:\Program Files (x86)\checkmk\service\cmk-agent-ctl.exe" status
Your output should look like the one below:
Version: 2.1.0p8 Agent socket: operational IP allowlist: any Legacy mode: enabled No connections
The Checkmk agent creates all necessary firewall rules. Open the command prompt and ping the Checkmk server VPC address to verify if you have a connection to the server.
> ping 192.0.2.1
To restrict the Checkmk agent to only VPC connections, navigate to Windows Defender with Firewall under the Windows Administrative Tools group on the start menu.
- Click Inbound Rules on the left navigation menu.
- Find the Checkmk Agent rule, right-click, and select Properties from the list.
- Navigate to Advanced in the open properties window.
- Uncheck Public, Domain and keep Private checked.
- Click OK to save changes.
10. Add the Windows Host to the Checkmk Server
- Open Microsoft Edge from the Windows Start Menu.
Access your Checkmk server.
https://checkmk.example.com/myvpc_site
Navigate back to Hosts, and set up the Windows Server Checkmk agent.
- Enter your preferred Hostname for the Windows server.
- Toggle IPV4 address, and enter the Windows Server VPC network address.
- Click Save & go to service configuration to finish set up, and setup the Checkmk agent to send data to the server.
- Open the Windows Command prompt.
Enter the following commands to establish a connection to the server. Replace
windows-host
with your actual hostname,192.0.2.1
with the Checkmk server VPC network address, andstrong-password
with the actualcmkadmin
password you set earlier."C:\Program Files (x86)\checkmk\service\cmk-agent-ctl.exe" ^ register ^ --hostname windows-host ^ --server 192.0.2.1 --site myvpc_site ^ --user cmkadmin --password strong-password
Your output should look similar to:
Attempting to register at 192.0.2.1:8000/myvpc_site. Server certificate details: PEM-encoded certificate: -----BEGIN CERTIFICATE----- MIIC8TCCAdmgAwIBAgIUcNQ97zkUr3VZO145hYSSzwsoIvUwDQYJKoZIhvcNAQEL BQAwJTEjMCEGA1UEAwwaU2l0ZSAnbXl2cGNfc2l0ZScgbG9jYWwgQ0EwIBcNMjIw NzIxMTMxOTA0WhgPMzAyMDExMjExMzE5MDRaMBUxEzARBgNVBAMMCm15dnBjX3Np vIIo8dYGwdwZBeresgWIgJuWVdSbdq4CuzLd+U+o2oYY4SmQdQ== -----END CERTIFICATE----- Issued by: Site 'myvpc_site' local CA Issued to: myvpc_site Validity: From Thu, 21 Jul 2022 13:19:04 +0000 To Tue, 21 Nov 3020 13:19:04 +0000 Do you want to establish this connection? [Y/n] >
Enter
Y
to establish a connection to the Checkmk server. If the connection fails, make sure that port8000
is open on the main server firewall, or confirm that you created the Host on the Checkmk server before initiating the agent connection.- Access the Checkmk web interface, and click Rescan on the Services of host page.
- When the scan is complete, click Accept all to monitor all services on the Windows Server.
- Click the orange changes warning on the top right, and select Activate on selected sites to activate all hosts on the Checkmk server.
- To monitor all registered hosts and services, navigate to Monitor, and click All hosts under the Overview sub-menu.
Conclusion
You have successfully installed Checkmk and set up monitoring for servers in a single RCS Virtual Private Cloud (VPC). Server monitoring is fast with low latency when monitored servers are on the same private network. It's also possible to monitor other servers over the public internet, although the latency will be higher.
To track services on the main Checkmk server, install the Checkmk agent,and add the host with the address 127.0.0.1
to your Checkmk web interface as explained in this article.
More Information
For more information on how you can use Checkmk and monitor more services on your servers. Please visit the following articles.