Project

General

Profile

Actions

{{last_updated_at}} by {{last_updated_by}}

Install Icinga2 and Icingaweb2

Installation (Master Node)

Steps are adapted from this guide.

Install Icinga2

# Install MySQL if you haven't yet

# These lines for Ubuntu 18.04 only:
curl https://packages.icinga.com/icinga.key | apt-key add -
echo "deb http://packages.icinga.com/ubuntu icinga-bionic main" >  /etc/apt/sources.list.d/bionic-icinga.list
apt update
apt-get install icinga2
apt-get install icinga2-ido-mysql

# These 3 lines for Debian 8 only:
echo 'deb http://ftp.debian.org/debian jessie-backports main' > /etc/apt/sources.list.d/jessie-backports.list
apt-get update
apt-get -t jessie-backports install icinga2
apt-get -t jessie-backports install icinga2-ido-mysql

systemctl enable icinga2.service
systemctl start icinga2.service
apt install nagios-plugins
# nagios-plugins has Samba as a dependency, but you should remove it.
apt remove samba-common samba-libs
icinga2 feature enable ido-mysql
systemctl restart icinga2.service

Install Icingaweb2

apt install icingaweb2

Configuration

  • Run icinga2 node wizard.Select "N" to create a master node.
  • Enable the api and command module to allow issuing commands from Icingaweb2 and to allow API: icinga2 feature enable api command; service icinga2 restart
  • Add an API user for remote checks.  For instance, a user that can
    receive backupninja checks. Add this to /etc/icinga2/conf.d/api-users.conf:

    object ApiUser "backupninja" {
      password = "<redacted>"
      permissions = [
        {
          permission = "actions/process-check-result"
          filter = {{ match("backupninja", service.display_name) }}
        },
        {
          permission = "actions/reschedule-check"
          filter = {{ match("backupninja", service.display_name) }}
        }
      ]
    }
    

Open the firewall

Open port 5665 on the master node's firewall. Edit the files in /etc/iptables and restart netfilter-persistent.

Install additional checks

Install Plugins

Place the following two scripts in your plugins directory
(/usr/lib/nagios/plugins) and ensure they're executable:

  • check_drupal - installs with the Drupal "nagios" plugin, also available here.
  • check_civicrm - There are two scripts - one for Civi 4.6 and below, another for 4.7 and up.  4.7 version is available here, 4.6 version is here.
  • check_domain - This does a WHOIS lookup to ensure domain names aren't about to expire.  Install from here.
  • check_rbl - Check spam blacklists.  File is here, also install dependencies: apt install libreadonly-xs-perl libnagios-plugin-perl libdata-validate-ip-perl libdata-validate-domain-perl libnet-dns-perl

Define CheckCommand and Service objects for the new plugins

Copy the CheckCommand and Service files from
icinga.jmaconsulting.biz:/etc/icinga2/zones.d/global-templates/CheckCommands
and icinga.jmaconsulting.biz:/etc/icinga2/conf.d/services. See Add New Checks to Icinga2 for details.

Harden the TLS connection

Add this line to the bottom of the "api" object in /etc/icinga2/features-available/api.conf:

tls_protocolmin = "TLSv1.2"

Set up vim syntax highlighting on the Icinga2 server

mkdir -p ~/.vim/{syntax,ftdetect}
cd ~/.vim/syntax
wget https://raw.githubusercontent.com/Icinga/icinga2/master/tools/syntax/vim/syntax/icinga2.vim
cd ~/.vim/ftdetect
wget https://raw.githubusercontent.com/Icinga/icinga2/master/tools/syntax/vim/ftdetect/icinga2.vim

Updated by Jon Goldberg over 5 years ago · 16 revisions