Install Icinga2 and Icingaweb2 » History » Revision 14
« Previous |
Revision 14/16
(diff)
| Next »
Jon Goldberg, 10/04/2017 10:06 PM
{{last_updated_at}} by {{last_updated_by}}
Install Icinga2 and Icingaweb2¶
- Table of contents
- Install Icinga2 and Icingaweb2
Installation (Master Node)¶
Steps are adapted from this guide.
Install Icinga2¶
# Install MySQL if you haven't yet
# These lines for Ubuntu 16.04 only:
apt install software-properties-common
add-apt-repository -y ppa:formorer/icinga
apt update
apt-get install icinga2
apt-get install icinga2-ido-mysql
# These 3 lines for Debian 8 only:
echo 'deb http://ftp.debian.org/debian jessie-backports main' > /etc/apt/sources.list.d/jessie-backports.list
apt-get update
apt-get -t jessie-backports install icinga2
apt-get -t jessie-backports install icinga2-ido-mysql
systemctl enable icinga2.service
systemctl start icinga2.service
apt install nagios-plugins
# nagios-plugins has Samba as a dependency, but you should remove it.
apt remove samba-common samba-libs
icinga2 feature enable ido-mysql
systemctl restart icinga2.service
Install Icingaweb2¶
# If Ubuntu 16.04, you need to work around this bug: https://bugs.launchpad.net/ubuntu/+source/icingaweb2/+bug/1574250
# FIRST, uncomment the second line in /etc/php/7.0/mods-available/zend-framework.ini
phpenmod zend-framework
systemctl restart apache2.service
# END Ubuntu 16.04 workaround
apt install icingaweb2
- Go to http:///icingaweb2/setup.
- Finish from here: https://linoxide.com/ubuntu-how-to/install-icinga2-ubuntu-16-04, starting with "Configuring Icinga Web2 plugin"
Configuration¶
- Run
icinga2 node wizard.Select "N" to create a master node. - Enable the api and command module to allow issuing commands from Icingaweb2 and to allow API:
icinga2 feature enable api command; service icinga2 restart Add an API user for remote checks. For instance, a user that can
receive backupninja checks. Add this to/etc/icinga2/conf.d/api-users.conf:object ApiUser "backupninja" { password = "<redacted>" permissions = [ { permission = "actions/process-check-result" filter = {{ match("backupninja", service.display_name) }} } { permission = "actions/reschedule-check" filter = {{ match("backupninja", service.display_name) }} } ] }
Open the firewall¶
Open port 5665 on the master node's firewall. Edit the files in /etc/iptables and restart netfilter-persistent.
Install additional checks¶
Install Plugins¶
Place the following two scripts in your plugins directory
(/usr/lib/nagios/plugins) and ensure they're executable:
- check_drupal - installs with the Drupal "nagios" plugin, also available here.
- check_civicrm - There are two scripts - one for Civi 4.6 and below, another for 4.7 and up. 4.7 version is available here, 4.6 version is here.
- check_domain - This does a WHOIS lookup to ensure domain names aren't about to expire. Install from here.
- check_rbl - Check spam blacklists. File is here, also install dependencies:
apt install libreadonly-xs-perl libnagios-plugin-perl libdata-validate-ip-perl libdata-validate-domain-perl libnet-dns-perl
Define CheckCommand and Service objects for the new plugins¶
Copy the CheckCommand and Service files from
icinga.jmaconsulting.biz:/etc/icinga2/zones.d/global-templates/CheckCommands
and icinga.jmaconsulting.biz:/etc/icinga2/conf.d/services. See Add New Checks to Icinga2 for details.
Harden the TLS connection¶
Add this line to the bottom of the "api" object in /etc/icinga2/features-available/api.conf:
tls_protocolmin = "TLSv1.2"
Set up vim syntax highlighting on the Icinga2 server¶
mkdir -p ~/.vim/{syntax,ftdetect}
cd ~/.vim/syntax
wget https://raw.githubusercontent.com/Icinga/icinga2/master/tools/syntax/vim/syntax/icinga2.vim
cd ~/.vim/ftdetect
wget https://raw.githubusercontent.com/Icinga/icinga2/master/tools/syntax/vim/ftdetect/icinga2.vim
Updated by Jon Goldberg about 7 years ago · 14 revisions