Check Dokumentation Unkategorisiert

Install Checkmk Agent in a Home folder

Bastian Kuhn

This can be used to install the Checkmk agent without to install anything. Useful for Appliances.

Content

Basics

Since of Checkmk 2.4, the Linux Agent supports a Variable called MK_INSTALLDIR.
If this Variable is set, all the Paths of the Checkmk Files are set as follows:

  • MK_LIBDIR=“${MK_INSTALLDIR}/package“
  • MK_CONFDIR=“${MK_INSTALLDIR}/package/config“
  • MK_VARDIR=“${MK_INSTALLDIR}/runtime“
  • MK_LOGDIR=“${MK_INSTALLDIR}/runtime/log“
  • MK_BIN=“${MK_INSTALLDIR}/package/bin“

An SSH Command Restriction could now be looking like this:

command="env MK_INSTALLDIR=/home/parallels/cmk/ /home/parallels/cmk/package/bin/check_mk_agent",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-ed25519 AAAACmBS bkuhn@MacBook-Pro

The Base of the Package can be configured in the Agent Bakery. There all Plugins should be configured.

Preparation of Checkmk Rule

Use the Customize Agent Rule to set /cmk as target path.
The Ansible Playbook will then extract to /home/user/ where you have the cmk subfolder then.

Access from Checkmk

Set the Data source Program as follow:

ssh $HOSTNAME$ > /dev/null

You may wan’t to add the SSH User and the Path to the SSH Key.

Ansible Playbook to upload Tar and SSH Key

Variant to upload the Tar file and prepare the SSH. But best, also check the second version of the YML in the next chapter.

---
- name: Install and configure CheckMK Agent
  hosts: all
  vars:
    target_user: "parallels"
    ssh_key_file: "{{ playbook_dir }}/key.pem"
    agent_tar_file: "{{ playbook_dir }}/agent.tar.gz"
    agent_install_dir: "/home/{{ target_user }}/cmk"
    ssh_command_restriction: >
      command="env MK_INSTALLDIR=/home/{{ target_user }}/cmk/ /home/parallels/{{ target_user }}/package/bin/check_mk_agent",
      no-port-forwarding,
      no-X11-forwarding,
      no-agent-forwarding,
      no-pty

  tasks:
    - name: Read SSH public key from file
      set_fact:
        ssh_public_key: "{{ lookup('file', ssh_key_file) }}"
      delegate_to: localhost

    - name: Add SSH public key with command restriction
      authorized_key:
        user: "{{ target_user }}"
        state: present
        key: "{{ ssh_public_key }}"
        key_options: "{{ ssh_command_restriction }}"
        comment: "Checkmk Monitoring Agent "

    - name: Create installation directory
      file:
        path: "{{ agent_install_dir }}"
        state: directory
        owner: "{{ target_user }}"
        group: "{{ target_user }}"
        mode: '0755'

    - name: Copy tar file to target system
      copy:
        src: "{{ agent_tar_file }}"
        dest: "/{{agent_install_dir}}/checkmk-agent.tar.gz"
        owner: "{{ target_user }}"
        group: "{{ target_user }}"
        mode: '0644'

    - name: Extract agent tar file
      unarchive:
        src: "/{{agent_install_dir}}/checkmk-agent.tar.gz"
        dest: "{{ agent_install_dir }}"
        owner: "{{ target_user }}"
        group: "{{ target_user }}"
        remote_src: yes

    - name: Clean up temporary tar file
      file:
        path: "/{{agent_install_dir}}/checkmk-agent.tar.gz"
        state: absent

Variant without SSH Key and direct Agent download:

Way better version, downloads from Checkmk directly if Checkmk is reachable:



---

- hosts: all
  gather_facts: false
  vars:
    cmk_server: cmkmaster.company.de
    cmk_server_port: 443
    cmk_site: cmkmaster
    cmk_user: automation_oracleinstall
    cmk_secret: "xxxx"
    ansible_user: "svc_Monitoring"
    ansible_ssh_private_key_file: local_id_oracle
    agent_install_dir: /home/svc_monitoring
    agent_internal_path: "{{agent_install_dir}}/cmk-agent" # As Configured for the Agent in CMK (/cmk-agent)

  tasks:

    - name: Create Wrapper 
      copy:
        content: "env MK_INSTALLDIR={{agent_install_dir}}/ {{agent_internal_path }}/default/package/bin/check_mk_agent"
        dest: "{{agent_install_dir}}/agent_wrapper.sh"
        owner: "{{ ansible_user }}"
        mode: 'u+x'

    - name: "Download Checkmk Agent"
      ansible.builtin.uri:
        url: "https://{{ cmk_server }}:{{cmk_server_port}}/{{ cmk_site }}/check_mk/api/1.0/domain-types/agent/actions/download_by_host/invoke?os_type=linux_tgz&host_name={{ inventory_hostname }}"
        dest: "{{ agent_install_dir }}/checkmk-agent.tar.gz"
        method: GET
        validate_certs: no
        headers:
          Authorization: "Bearer {{ cmk_user }} {{ cmk_secret }}"
          Accept: "application/octet-stream"

    - name: Delete files from previous installation
      file:
        path: "{{agent_internal_path}}"
        state: absent

    - name: Extract agent tar file
      unarchive:
        src: "{{agent_install_dir}}/checkmk-agent.tar.gz"
        dest: "{{ agent_install_dir }}"
        owner: "{{ ansible_user }}"
        remote_src: yes



What you need is maybe a mix of both variants. The Second one is more flexible and powerful, the first one more „manual“.


Reference



Tags


#checkmk #ansible #knowledgebase

		


					


			

				
Similar Posts