CheckMK is a great monitoring solution that can be used for free if you want to know what is going on with e.g. your Puppet server or your own Mail- and Cloud server.

If you want to use it for free, there are two different options. Either you use CheckMK Raw, which does not offer all features of the Enterprise Edition, or you use CheckMK Free which offers all features but is limited to a certain amount of hosts/services. I prefer Open Source Software whenever possible, so I use CheckMK Raw for my needs. For a comparison of the available editions you should check out the official site.

The documentation of CheckMK is superb and I really urge you to use it. Here I just want to describe some specialties which are either not part of CheckMK, or where the documentation is not 100% clear.

If you are using Puppet for configuration and state management, and you are not using the Enterprise edition, it is quite difficult to have an overview of the state of your Puppet runs (especially the failing ones).

Luckily, there is this excellent plugin for CheckMK from Allan Good, which makes it possible to monitor your Puppet clients and their status.

His Plugin is based on either the Puppet Enterprise Edition, or another distribution than Debian however, so some slight modifications are necessary.

The plugin comes with a script that reads out the latest status of a Puppet run on the client, it looks like this in the original:

mk_puppet

#!/bin/bash
 
LASTRUN="/var/lib/puppet/state/last_run_summary.yaml"
if [ -e "${LASTRUN}" ]; then
  OUT="$(cat ${LASTRUN} | sed 's/[[:space:]]\{2,\}//g')"
  echo "<<<check_puppet_agent>>>"
  echo "${OUT}" | grep 'last_run'
  echo "${OUT}" | grep -A8 '^resources: *$' | sed 's/^/resources_/g'
  echo "${OUT}" | grep -A3 '^events: *$' | sed 's/^/events_/g'
fi

But in Debian with the Open Source edition of Puppet this file is in a different location, this is the adatped version for Debian:

mk_puppet

#!/bin/bash
 
LASTRUN="/var/cache/puppet/state/last_run_summary.yaml"
if [ -e "${LASTRUN}" ]; then
  OUT="$(cat ${LASTRUN} | sed 's/[[:space:]]\{2,\}//g')"
  echo "<<<check_puppet_agent>>>"
  echo "${OUT}" | grep 'last_run'
  echo "${OUT}" | grep -A8 '^resources: *$' | sed 's/^/resources_/g'
  echo "${OUT}" | grep -A3 '^events: *$' | sed 's/^/events_/g'
fi

That is it already. But to be able to use that plugin you must not only distribute the above file to all clients you want to monitor into the plugin directory /usr/lib/check_mk_agent/plugins (I do that with Puppet), but you need to install it in your CheckMK server as well.

1. Copy the .mkp file to your CheckMK server to a place where your CheckMK site user has access to it.
2. Switch to that user using su - <user>
3. Install the MKP file using mkp install puppet-<version>.mkp

Now, your CheckMK installation knows about the plugin and will detect additional services on your monitored hosts. It should look something like in the screenshot on the right.

The official documentation has a great chapter on invoking the Agent over SSH. Please read and implement that, especially for internet-facing systems the use of xinetd is not really feasible.

One point in the documentation was not totally clear to me however, namely the part Migrating Checkmk’s access to SSH. There it says you have to go to Datasource programs → Individual program call instead of agent access rule set. to activate the usage of SSH on the CheckMK server.

Well, that can be found in Wato → Host & Service Parameters → Datasource Programs → Individual program call instead of agent access. Just to save you some searching