{{last_updated_at}} by {{last_updated_by}}

Install Icinga2 and Icingaweb2¶

• Table of contents
• Install Icinga2 and Icingaweb2
  • • Installation (Master Node)
      • Install Icinga2
      • Install Icingaweb2
    • Configuration
    • Open the firewall
    • Install additional checks
      • Install Plugins
      • Define CheckCommand and Service objects for the new plugins
    • Harden the TLS connection
    • Set up vim syntax highlighting on the Icinga2 server

Installation (Master Node)¶

Steps are adapted from this guide.

Install Icinga2¶

# Install MySQL if you haven't yet

# These lines for Ubuntu 18.04 only:
curl https://packages.icinga.com/icinga.key | apt-key add -
echo "deb http://packages.icinga.com/ubuntu icinga-bionic main" >  /etc/apt/sources.list.d/bionic-icinga.list
apt update
apt-get install icinga2
apt-get install icinga2-ido-mysql

# These 3 lines for Debian 8 only:
echo 'deb http://ftp.debian.org/debian jessie-backports main' > /etc/apt/sources.list.d/jessie-backports.list
apt-get update
apt-get -t jessie-backports install icinga2
apt-get -t jessie-backports install icinga2-ido-mysql

systemctl enable icinga2.service
systemctl start icinga2.service
apt install nagios-plugins
# nagios-plugins has Samba as a dependency, but you should remove it.
apt remove samba-common samba-libs
icinga2 feature enable ido-mysql
systemctl restart icinga2.service

Install Icingaweb2¶

apt install icingaweb2

• Go to http:///icingaweb2/setup.
• Finish from here: https://linoxide.com/ubuntu-how-to/install-icinga2-ubuntu-16-04, starting with "Configuring Icinga Web2 plugin"

Configuration¶

• Run icinga2 node wizard.Select "N" to create a master node.
• Enable the api and command module to allow issuing commands from Icingaweb2 and to allow API: icinga2 feature enable api command; service icinga2 restart

• Add an API user for remote checks.  For instance, a user that can
  receive backupninja checks. Add this to /etc/icinga2/conf.d/api-users.conf:

  object ApiUser "backupninja" {
    password = "<redacted>"
    permissions = [
      {
        permission = "actions/process-check-result"
        filter = {{ match("backupninja", service.display_name) }}
      },
      {
        permission = "actions/reschedule-check"
        filter = {{ match("backupninja", service.display_name) }}
      }
    ]
  }
  

Open the firewall¶

Open port 5665 on the master node's firewall. Edit the files in /etc/iptables and restart netfilter-persistent.

Install additional checks¶

Install Plugins¶

Place the following two scripts in your plugins directory
(/usr/lib/nagios/plugins) and ensure they're executable:

• check_drupal - installs with the Drupal "nagios" plugin, also available here.
• check_civicrm - There are two scripts - one for Civi 4.6 and below, another for 4.7 and up.  4.7 version is available here, 4.6 version is here.
• check_domain - This does a WHOIS lookup to ensure domain names aren't about to expire.  Install from here.
• check_rbl - Check spam blacklists.  File is here, also install dependencies: apt install libreadonly-xs-perl libnagios-plugin-perl libdata-validate-ip-perl libdata-validate-domain-perl libnet-dns-perl

Define CheckCommand and Service objects for the new plugins¶

Copy the CheckCommand and Service files from
icinga.jmaconsulting.biz:/etc/icinga2/zones.d/global-templates/CheckCommands
and icinga.jmaconsulting.biz:/etc/icinga2/conf.d/services. See Add New Checks to Icinga2 for details.

Harden the TLS connection¶

Add this line to the bottom of the "api" object in /etc/icinga2/features-available/api.conf:

tls_protocolmin = "TLSv1.2"

Set up vim syntax highlighting on the Icinga2 server¶

mkdir -p ~/.vim/{syntax,ftdetect}
cd ~/.vim/syntax
wget https://raw.githubusercontent.com/Icinga/icinga2/master/tools/syntax/vim/syntax/icinga2.vim
cd ~/.vim/ftdetect
wget https://raw.githubusercontent.com/Icinga/icinga2/master/tools/syntax/vim/ftdetect/icinga2.vim