Checkmk
to checkmk.com

1. Setting up the package sources

Checkmk requires a number of software packages from your Linux distribution. Third-party software is not required. In order that all necessary packages can be subsequently installed, a correct configuration of the software sources is necessary.

With Red Hat and all its derivatives such as CentOS, AlmaLinux or Rocky Linux, the EPEL (Extra Packages for Enterprise Linux) repository must be set up as a package source.

You can do this with the help of an RPM package, which can be installed with the yum command.

Version Package link

7

https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

8

https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

9

https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm

Here is an example of an installation on AlmaLinux 8:

root@linux# yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

In order to be able to use EPEL on RedHat and derivatives, the package sources for optional RPMs are required if these haven’t already been installed during the operating system installation. Without these sources the freeradius-utils, graphviz-gd, and php-mbstring packages will be missing.

Red Hat/CentOS 7.X:

root@linux# yum-config-manager --enable rhel-7-server-optional-rpms
root@linux# yum-config-manager --enable rhel-7-server-extras-rpms
root@linux# subscription-manager repos --enable rhel-7-server-optional-rpms
root@linux# subscription-manager repos --enable rhel-7-server-extras-rpms

As of version 8.x it will suffice to activate the so-called PowerTools with the help of Dandified YUM in the free derivatives or the subscription-manager in RHEL respectively. This can be done, e.g., with the following commands:

CentOS from 8.4, AlmaLinux and Rocky Linux:

root@linux# dnf config-manager --set-enabled powertools

Red Hat 8.x:

root@linux# subscription-manager repos --enable "codeready-builder-for-rhel-8-x86_64-rpms"

2. Setup SELinux and Firewall

Since Red Hat and thus also the derivatives also deliver Security-Enhanced Linux (SELinux) and a local firewall by default, adjustments may still have to be made here. As the first step you will need to allow your web server to access the network interfaces:

root@linux# setsebool -P httpd_can_network_connect 1

Secondly, you release the web server and activate the change:

root@linux# firewall-cmd --zone=public --add-service=http --permanent
success
root@linux# firewall-cmd --reload
success

3. Download the appropriate packages

First choose the Checkmk edition that suits your needs. On the download page you will find the Raw Edition, which is Open Source, and the Cloud Edition, which is free to use for up to 750 services. If you have a subscription, then you will find the installation packages in the customer portal.

We recommend the use of the latest stable Checkmk version. If you need an older version (for example, as the basis for restoring a backup), you can find it in the download archive. Make sure that the package you select exactly matches the installed Linux distribution and its version.

After you have downloaded the package, bring it to the Linux system on which Checkmk is to be installed. This can be done, for example, via the scp command line tool, which comes with every modern system — and which is also available in PowerShell on Windows 10. Additional programs such as WinSCP are usually not required.

The example shows the transfer of a CRE Checkmk Raw Edition package on AlmaLinux 8.x:

root@linux# scp check-mk-raw-2.2.0p1-el8-38.x86_64.rpm root@mymonitoring.mydomain.org:

4. Signed-package installation

All packages are signed using GnuPG. Through the use of this signature, on the one hand it can be verified whether the package really is from Checkmk, and on the other hand it can be verified that the package is complete.

So that these signed packages can be installed in the usual way, one time only you will need to import our public key so that the signature will be trusted. First, load the key directly from our website:

root@linux# wget https://download.checkmk.com/checkmk/Check_MK-pubkey.gpg

Then import the key to the list of trusted signatures. On Red Hat and all derivatives this is yet another job for rpm:

root@linux# rpm --import Check_MK-pubkey.gpg

Once the key has been imported, you can verify the package and install it the usual way with yum install afterwards:

root@linux# rpm -K check-mk-raw-2.2.0p1-el8-38.x86_64.rpm
check-mk-raw-2.2.0p1-el8-38.x86_64.rpm: digests signatures OK
root@linux# yum install check-mk-raw-2.2.0p1-el8-38.x86_64.rpm

5. Final test

After the successful installation of Checkmk, and all dependencies, you will have access to the omd command. With this command you are able to create and manage monitoring sites. You can request the installed version to verify your installation:

root@linux# omd version
OMD - Open Monitoring Distribution Version 2.2.0p1.cre
On this page