Check_MK (OMD) auf Raspberry Pi 4/3/2 mit externer USB 3.0 SSD unter Debian 10 (Buster)

Serververwaltung mit Salt Stack, Logging und Monitoring mit ELK-Stack und TIG-Stack
Post Reply
User avatar
h3rb3rn
Administrator
Posts: 191
Joined: Mon 9. Feb 2015, 23:29

Check_MK (OMD) auf Raspberry Pi 4/3/2 mit externer USB 3.0 SSD unter Debian 10 (Buster)

Post by h3rb3rn »

aktualisierte Fassung vom 25.08.2019

Anleitung für Debian (Raspbian) Buster Image

Download des Debian (Raspbian) Buster Images für Raspberry Pi 2/3/4
https://downloads.raspberrypi.org/raspbian_lite_latest



Installation per Bash Script

Download des Bash Installation Skripts

Code: Select all

cd~;
wget https://4noobs.de/download/file.php?id=219
mv file.php\?id=219 install.sh;
chmod +x install.sh;
Bash Skript ausführen

Code: Select all

sudo sh install.sh


Manuelle Installation

Abgeleitete Installationsanleitung von https://github.com/chrisss404/check-mk-arm mit eigenen Performance Optimierungen

Code: Select all

sudo echo "deb http://raspbian.raspberrypi.org/raspbian/ stretch main contrib non-free rpi" >> /etc/apt/sources.list

Code: Select all

sudo apt update; sudo apt --yes full-upgrade; sudo apt --yes autoremove; sudo apt autoclean

Code: Select all

sudo apt install time dnsutils fping graphviz libdbi1 libevent-2.1-6 libgd3 libltdl7 libnet-snmp-perl libpango1.0-0 libperl5.28 libsnmp-perl rpm snmp php php-cgi php-cli php-gd php-sqlite3 php-pear lcab snmp xinetd libfreeradius3 libpcap0.8 libgsf-1-114 poppler-utils libssl1.0.2 libirs161 graphviz libgd3 libgsf-1-114 libpango1.0-0 libsnmp-perl poppler-utils libevent-2.0-5 libperl5.24 libgdbm3 perl-modules-5.24
rsyslog deinstallieren <= SD Karte schonen

Code: Select all

sudo apt purge rsyslog

Code: Select all

curl -LO $(curl -s https://api.github.com/repos/chrisss404/check-mk-arm/releases/latest | grep browser_download_url | cut -d '"' -f 4);
dpkg -i check-mk-raw-*_armhf.deb;
apt-get install -f

Code: Select all

bash build_check_mk.sh 1.5.0p2

Code: Select all

sudo systemctl daemon-reload
sudo systemctl status check-mk-raw-1.5.0p19.service
Ausgabe

Code: Select all

● check-mk-raw-1.5.0p19.service - LSB: OMD sites
   Loaded: loaded (/etc/init.d/check-mk-raw-1.5.0p19; generated)
   Active: active (exited) since Thu 2019-07-25 02:07:22 CEST; 1min 46s ago
     Docs: man:systemd-sysv-generator(8)
    Tasks: 0 (limit: 4915)
   Memory: 0B
   CGroup: /system.slice/check-mk-raw-1.5.0p19.service

Jul 25 02:07:22 r4monsrv systemd[1]: Starting LSB: OMD sites...
Jul 25 02:07:22 r4monsrv check-mk-raw-1.5.0p19[3288]: OMD autostart disabled, skipping ...
Jul 25 02:07:22 r4monsrv systemd[1]: Started LSB: OMD sites.

SSD in das System einbinden

Hinweis: in diesem Beispiel ist nur eine externe USB Festplatte/SSD mit dem Raspberry Pi 4 über den USB 3.0 Port verbunden. Diese muss schon vorbereitet worden sein. In diesem Beispiel befindet sich nur eine primäre ext4 formatierte Partition auf dem externen Datenträger.

Code: Select all

sudo mkdir /SSD /SSD/sda1 /tmpfs

Code: Select all

sudo echo "/dev/sda1   /SSD/sda1   ext4   defaults   0   2" >> /etc/fstab

Code: Select all

mount -a
Swap Datei auf SSD anlegen und einbinden

Code: Select all

sudo mkdir -p /SSD/sda1/swap;
sudo fallocate -l 8G /SSD/sda1/swap/swap0;
sudo dd if=/dev/zero of=/SSD/sda1/swap/swap0 bs=1M count=8192;
sudo chmod 0600 /SSD/sda1/swap/swap0;
sudo mkswap /SSD/sda1/swap/swap0;
sudo swapon /SSD/sda1/swap/swap0

Code: Select all

sudo echo "/SSD/sda1/swap/swap0   none   swap   sw   0 0" >> /etc/fstab

Code: Select all

mount -a
Ramdisk mit Swap Nutzung anlegen

Code: Select all

sudo echo "tmpfs   /tmpfs   tmpfs   defaults,size=25%   0   0" >> /etc/fstab

Code: Select all

mount -a
Eingebundene Laufwerke checken

Code: Select all

df -h
Ausgabe

Code: Select all

Dateisystem    Größe Benutzt Verf. Verw% Eingehängt auf
/dev/root        14G    1,4G   12G   11% /
devtmpfs        1,9G       0  1,9G    0% /dev
tmpfs           2,0G       0  2,0G    0% /dev/shm
tmpfs           2,0G    8,5M  2,0G    1% /run
tmpfs           5,0M    4,0K  5,0M    1% /run/lock
tmpfs           2,0G       0  2,0G    0% /sys/fs/cgroup
/dev/mmcblk0p1  253M     40M  214M   16% /boot
/dev/sda1       469G    8,1G  437G    2% /SSD/sda1
tmpfs           989M       0  989M    0% /tmpfs
tmpfs           396M       0  396M    0% /run/user/1000

Check_MK auf die SSD verschieben

Service stoppen

Code: Select all

sudo systemctl stop check-mk-raw-1.5.0p19.service;
sudo systemctl stop apache2.service
Check_MK verschieben und Symlink setzen

Code: Select all

sudo mkdir /SSD/sda1/opt;
sudo mv /opt/omd /SSD/sda1/opt;
sudo ln -s /SSD/sda1/opt/omd /opt
Apache2 Logfiles und Cache auf SSD verschieben

Code: Select all

sudo mkdir /SSD/sda1/var;
sudo mkdir /SSD/sda1/var/log;
sudo mv /var/log/apache2 /SSD/sda1/var/log;
sudo ln -s /SSD/sda1/var/log/apache2 /var/log;
sudo mkdir /SSD/sda1/var/log/cache;
sudo mv /var/cache/apache2/ /SSD/sda1/var/cache/;
sudo ln -s /SSD/sda1/var/cache/apache2/ /var/cache/

Raspberry Pi 4 USB 3.0 SCSI Bug beheben

Quelle: https://www.raspberrypi.org/forums/view ... 8&t=245931

Code: Select all

philipp@r4monsrv:~ $ lsusb
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 004: ID 1f75:0902 Innostor Technology Corporation IS902 UFD controller
Bus 002 Device 002: ID 152d:0578 JMicron Technology Corp. / JMicron USA Technology Corp. JMS567 SATA 6Gb/s bridge
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 002: ID 2109:3431 VIA Labs, Inc. Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 004: ID 1f75:0902 Innostor Technology Corporation IS902 UFD controller
Bus 002 Device 002: ID 152d:0578 JMicron Technology Corp. / JMicron USA Technology Corp. JMS567 SATA 6Gb/s bridge

Code: Select all

philipp@r4monsrv:~ $ cat /boot/cmdline.txt 
usb-storage.quirks=1f75:0902:u usb-storage.quirks=152d:0578:u dwc_otg.lpm_enable=0 console=serial0,115200 console=tty1 root=PARTUUID=a841abf2-02 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait
usb-storage.quirks=1f75:0902:u usb-storage.quirks=152d:0578:u dwc_otg.lpm_enable=0 console=serial0,115200 console=tty1 root=PARTUUID=a841abf2-02 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait
System rebooten


Service starten

Code: Select all

sudo systemctl start check-mk-raw-1.5.0p19.service;
sudo systemctl start apache2.service
Service Status checken

Code: Select all

sudo systemctl status check-mk-raw-1.5.0p19.service;
sudo systemctl status apache2.service
Check_MK konfigurieren

Quelle: https://checkmk.de/cms_introduction_packages.html

Code: Select all

sudo omd create ###mysite###
zum Beispiel

Code: Select all

sudo omd create r4monitor
Ausgabe

Code: Select all

Adding /opt/omd/sites/###mysite###/tmp to /etc/fstab.
Creating temporary filesystem /omd/sites/mysite/tmp...OK
Restarting Apache...OK
Created new site slave1 with version 1.4.0.cee.

  The site can be started with omd start mysite.
  The default web UI is available at http://###sub.domain.tld###/###mysite###/
  The admin user for the web applications is cmkadmin with password ###password###
  (It can be changed with 'htpasswd -m ~/etc/htpasswd cmkadmin' as site user.)
  Please do a su - mysite for administration of this site.
Seite aktivieren

Code: Select all

sudo omd start ###mysite###
zum Beispiel

Code: Select all

sudo omd start r4monitor

Ab hier ist der Check_MK Server lauffähig, jedoch nicht sicher für die Nutzung über das Internet!

Apache2 default vhost Konfiguration anpassen und aktivieren

Selbstsigniertes SSL Zertifikat generieren

Code: Select all

cd /etc/ssl/;
sudo openssl req -new -days 999 -newkey rsa:4096bits -sha512 -x509 -nodes -out monitoring.crt -keyout monitoring.key -subj "/C=DE/ST=Bundesland/L=Ort/O=Organisation/OU=Abteilung/CN=###domain.tld###"
Inhalt /etc/apache2/sites-avaiable/000-default.conf

Code: Select all

<VirtualHost *:80>
  ServerAdmin support@horn-consulting.de

  RewriteEngine On
  RewriteCond %{SERVER_PORT} !^443$
  RewriteRule (.*) https://%{HTTP_HOST}/$1 [L]

  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Inhalt /etc/apache2/sites-avaiable/default-ssl.conf

Für Let's Encrypt Zertifikat

Code: Select all

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
  ServerAdmin ###user###@###domain.tld###

  DocumentRoot /var/www/html
  <Directory '/var/www/html/'>
    Options FollowSymLinks MultiViews
    AllowOverride All
    Options -Indexes
    Order allow,deny
    allow from all
  </Directory>

  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined

  SSLEngine on

  SSLCertificateFile /etc/letsencrypt/live/###sub.domain.tld###/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/###sub.domain.tld###/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/###sub.domain.tld###/chain.pem

  SSLProtocol all -SSLv2 -SSLv3
  SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK
  SSLHonorCipherOrder on
  SSLCompression off

  <FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
  </FilesMatch>
  <Directory /usr/lib/cgi-bin>
    SSLOptions +StdEnvVars
  </Directory>

  ServerSignature Off
</VirtualHost>
</IfModule>
Für Selbstsigniertes TLS/SSL Zertifikat

Code: Select all

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
  ServerAdmin ###user###@###domain.tld###

  DocumentRoot /var/www/html
  <Directory '/var/www/html/'>
    Options FollowSymLinks MultiViews
    AllowOverride All
    Options -Indexes
    Order allow,deny
    allow from all
  </Directory>

  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined

  SSLEngine on

  SSLCertificateFile /etc/ssl/certs/monitoring.pem
  SSLCertificateKeyFile /etc/ssl/private/monitoring.key

  SSLProtocol all -SSLv2 -SSLv3
  SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK
  SSLHonorCipherOrder on
  SSLCompression off

  <FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
  </FilesMatch>
  <Directory /usr/lib/cgi-bin>
    SSLOptions +StdEnvVars
  </Directory>

  ServerSignature Off
</VirtualHost>
</IfModule>
Apache2 SSL Unterstützung aktivieren und vhost aktiveren

Code: Select all

ln -s /etc/apache2/sites-avaiable/* /etc/apache2/sites-enabled;
sudo a2enmod ssl;
sudo a2enmod rewrite;
sudo a2enmod proxy;
sudo a2enmod proxy_html;
sudo a2enmod proxy_http;
sudo systemctl restart apache2.service
Aufruf im Browser über https://###sub.domain.tld###/###mysite###
Attachments
Raspberry Pi 4 mit Kühlkörper und Lüfter in Check_MK
Raspberry Pi 4 mit Kühlkörper und Lüfter in Check_MK
Raspberry Pi 4 mit Kühlkörper und Lüfter in Check_MK
Raspberry Pi 4 mit Kühlkörper und Lüfter in Check_MK
RSCheck Prozess Auslastung bei 40 Hosts und 743 Services
RSCheck Prozess Auslastung bei 40 Hosts und 743 Services
Check_MK RPi4 Server im 19&quot; Servergehäuse
Check_MK RPi4 Server im 19" Servergehäuse
Check_MK RPi4 19&quot; Servergehäuse im Rack
Check_MK RPi4 19" Servergehäuse im Rack
install.sh
CheckMK Install Script für Raspberry Pi 2/3/4 mit externer USB SSD/HDD
(7.87 KiB) Downloaded 4796 times
Post Reply