I recently created a post asking about vSphere read-only user permissions. That user has been created in vSphere but I cannot seem to add vSphere to CheckMK. I have been working at this for a few hours with no progress.
You must have defined the ESXi-server as the host in Checkmk, and configured it as an agent (Checkmk Agent). Tip: Select the host name so that it is the same as that known to the server itself.
Once the prerequisites have have been satisfied you can create a Rule in the Datasource programs > Check state of VMWare ESX via vSphere rule set. This will be assigned to the defined host, so that instead of the standard agent the Special Agent will be used for retrieving data from the VMware-monitoring.
I continue to fail adding vSphere/VMs. Iāve read multiple sites online, previous posts on the forum here, gone through the CheckMK documents, and nothing seems to fit with 2.0.0p6 RAW.
Looks like I might be stuck at: (ESXi-server as host and) āconfigured it as an agent.ā
I have the host added, it pings, but I cannot seem to get further. I cannot get any services information. A lot of documents make reference to:
Datasource programs > Check state of VMWare ESX via vSphere
I cannot find āDatasource programsā anywhere in 2.0.0p6. I also cannot seem to find out how to turn 1 of our hosts into an Agent? I cannot find where to enter the credentials of that read only account I added to vSphere. A rule search for āstate of vmwareā doesnāt return any results.
Am I missing some documentation? Or is documentation just not updated to match the 2.0.0p6 interface yet? Or have I missed a section in the UI that deals with this?
To note: I can install the agent directly on VMs but reading the CheckMK material it looks like best practice is to get VM data piggybacked from the ESXi hosts?
With such a small number of VMs though I may be better off manually installing the agent on them.
in checkmk 2.0 this ruleset is called āVMWare ESX via vSphereā and you can find it under Setup ā Agents ā VM, Cloud, Container.
You should configure your ESX host with āAPI integrations if configured, else Checkmk agentā and create the ESX rule for that host with the user credentials you already created.
Regarding the monitoring of VMs: If possible i would also install the checkmk-Agent on the VMs and monitor them this way as well. You will get much more information about your hosts if you monitor them with the agent then just the piggyback-information you get from the ESX host.
I had searched that area of the UI but failed to realize the title āVM, Cloud, Containerā was clickable.
Dumb on my part, so sorry about that. After your post and revisiting that section I was able to add vSphere, and add the credentials for the read only account over there - but I still fail to receive any data about the host itself. Just āAvailabilityā. It can ping and tracert but doesnāt collect any service data.
At this point I will move forward with installing the agent on the 20 VMs we have but I would like to get host monitoring up at some point. Any next step suggestions @lkoenig ?
Then you can go to āSave & go to service configurationā and you should see the new services you get from the host. If that doesnāt work you can go to āSave & go to connection testsā to figure out why you donāt get any information.
For monitoring the VMs you have to create a new host in checkmk for every VM you want to monitor with the corresponding IP-address or hostname if you have DNS-resolution. If the agent is already installed on the host you should get data from the host. This process is documented pretty well here: Setting up monitoring
Thank you for all the help so far @lkoenig
Changes have been activated. And my āMonitoring Agentsā for the ESXi host mirror your screen shot. When I save and test services all I get is:
Also, I will be installing the agent on each VM and adding them individually. I have a few already up and running with active email alerts. I was just getting thrown off by the documentation. The CheckMK documents make it sound like I donāt need agents on my VMs. They word it like piggyback data from the hosts is sufficient.
Okay, it seems as if the rule for your ESX-host is taking effect, but something seems wrong with the credentials. Can you try to log in to the webinterface of the ESX-host with the credentials you provided in the rule? Can you specify other known working credentials (e.g. for the root-user) in the rule and see if that works? Are you trying to contact a standalone ESX-host or a vCenter?
Piggyback information is always useful and you also get some information there you wonāt get with the agent, but i would always consider the agent installed on the target system as the most important source for monitoring a host.
I have begun to test different credentials but no luck yet. Also, I started work today and noticed the connection to an agent has failed. It was fine yesterday, and the agent was restarted on the host but is still not getting data. Could this be related?
(this image is from the host that was working but now isnāt. Itās not the vSphere agent)
@lkoenig
For a little context in my last position they had an old version of CheckMK (version 1.2) and they were using an older vCenter. So I have some experience with CheckMK - but, this version 2.0.0p6 and integrating with vSphere is new to me.
This is also my first time deploying CheckMK in a new environment.
As for the host that was working: Did you restrict your rule for the ESX-agent to the ESX-host? Because it looks like the rule is now applied to all hosts and now checkmk is trying to execute the ESX-special agent for all hosts, not just the ESX-host. That is probably the reason why your other hosts arenāt working anymore. Make sure to restrict the ESX-rule only to the ESX-host in the conditions, like so (change the name accordingly), or with hosttags, folders, etc, whatever you prefer:
As for the ESX-host: The error-message (or at least what i can see from the screenshot) says that something is wrong with the credentials. Please try to log in to the ESX-webinterface with that read-only user and check if that works.
@lkoenig
You were correct about the rule being applied to all. I created a new folder for hosts and changed the condition to apply to the newly created folder.
As for permissions I am at a loss. For testing I added the admin credentials of vSphere to CheckMK and it still fails with the same error.
@martin.schwarz
Firewall rules are in place. But I will take this and contact out network guy to see if thereās anything that might be causing this issue.
probably not necessary. I mis-interpreted the āconnection refusedā. As you just clarified to @lkoenig, this was probably from the rule being applied to unrelated hosts, so no firewall problem there.
Could you share the error message? in your screenshot from yesterday, it is cut off at āreasonā - just where the interesting part starts Wild guess: some trouble with the ssl certificate?
@martin.schwarz
I keep seeing credential issue. I even tried the admin credentials for our vsphere but it isnāt working. Itās a local account and Iāve used both āuserā and āuser@vsphere.localā yet canāt seem to get through.
Please do on the command line in your site a ācmk -D hostnameā now you see how the special agent is called. You should test this command manually. The vCenter special agent also has a command line option to write a trace file. This is very helpful for debugging.
You should replace āhostnameā with the name of your ESX-host when you run the command, so the same name you gave the host when you configured it in the checkmk webinterface.
If you query a host you cannot use the vSphere user like ācheckmk@vsphere.localā the host donāt know anything about the vSphere users.
For the host you need to create a local user on the hostsystem.