Install Icinga2 and Icingaweb2 » History » Revision 15
Revision 14 (Jon Goldberg, 10/04/2017 10:06 PM) → Revision 15/16 (Jon Goldberg, 10/04/2017 10:07 PM)
{{last_updated_at}} by {{last_updated_by}} # Install Icinga2 and Icingaweb2 {{>toc}} ### Installation (Master Node) Steps are adapted from [this guide](http://linoxide.com/ubuntu-how-to/install-icinga2-ubuntu-16-04/). #### Install Icinga2 ```bash # Install MySQL if you haven't yet # These lines for Ubuntu 16.04 only: apt install software-properties-common add-apt-repository -y ppa:formorer/icinga apt update apt-get install icinga2 apt-get install icinga2-ido-mysql # These 3 lines for Debian 8 only: echo 'deb http://ftp.debian.org/debian jessie-backports main' > /etc/apt/sources.list.d/jessie-backports.list apt-get update apt-get -t jessie-backports install icinga2 apt-get -t jessie-backports install icinga2-ido-mysql systemctl enable icinga2.service systemctl start icinga2.service apt install nagios-plugins # nagios-plugins has Samba as a dependency, but you should remove it. apt remove samba-common samba-libs icinga2 feature enable ido-mysql systemctl restart icinga2.service ``` #### Install Icingaweb2 ```bash # If Ubuntu 16.04, you need to work around this bug: https://bugs.launchpad.net/ubuntu/+source/icingaweb2/+bug/1574250 # FIRST, uncomment the second line in /etc/php/7.0/mods-available/zend-framework.ini phpenmod zend-framework systemctl restart apache2.service # END Ubuntu 16.04 workaround apt install icingaweb2 ``` * Go to http://<your IP>/icingaweb2/setup. * Finish from here: https://linoxide.com/ubuntu-how-to/install-icinga2-ubuntu-16-04, starting with "Configuring Icinga Web2 plugin" ### Configuration - Run `icinga2 node wizard. `Select "N" to create a master node. - Enable the api and command module to allow issuing commands from Icingaweb2 and to allow API: `icinga2 feature enable api command; service icinga2 restart` - Add an API user for remote checks. For instance, a user that can receive backupninja checks. Add this to `/etc/icinga2/conf.d/api-users.conf`: ``` object ApiUser "backupninja" { password = "<redacted>" permissions = [ { permission = "actions/process-check-result" filter = {{ match("backupninja", service.display_name) }} }, } { permission = "actions/reschedule-check" filter = {{ match("backupninja", service.display_name) }} } ] } ``` ### Open the firewall Open port 5665 on the master node's firewall. Edit the files in `/etc/iptables` and restart `netfilter-persistent`. ### Install additional checks #### Install Plugins Place the following two scripts in your plugins directory (`/usr/lib/nagios/plugins`) and ensure they're executable: - **check_drupal** - installs with the Drupal "nagios" plugin, also available [here](http://cgit.drupalcode.org/nagios/plain/nagios-plugin/check_drupal?id=7da732e2d4943ec5368243f4cd2e33eb02769f23). - **check_civicrm** - There are two scripts - one for Civi 4.6 and below, another for 4.7 and up. 4.7 version is available [here](https://raw.githubusercontent.com/PalanteJon/check_civicrm/master/check_civicrm.php), 4.6 version is [here](https://raw.githubusercontent.com/aghstrategies/com.aghstrategies.civimonitor/master/check_civicrm.php). - **check_domain** - This does a WHOIS lookup to ensure domain names aren't about to expire. Install from [here](https://raw.githubusercontent.com/glensc/monitoring-plugin-check_domain/master/check_domain.sh). - **check_rbl** - Check spam blacklists. File is [here](https://raw.githubusercontent.com/matteocorti/check_rbl/master/check_rbl), also install dependencies: `apt install libreadonly-xs-perl libnagios-plugin-perl libdata-validate-ip-perl libdata-validate-domain-perl libnet-dns-perl` #### Define CheckCommand and Service objects for the new plugins Copy the CheckCommand and Service files from `icinga.jmaconsulting.biz:/etc/icinga2/zones.d/global-templates/CheckCommands` and `icinga.jmaconsulting.biz:/etc/icinga2/conf.d/services`. See [[Add New Checks to Icinga2]] for details. ### Harden the TLS connection Add this line to the bottom of the "api" object in `/etc/icinga2/features-available/api.conf`: ``` tls_protocolmin = "TLSv1.2" ``` ### Set up vim syntax highlighting on the Icinga2 server ```bash mkdir -p ~/.vim/{syntax,ftdetect} cd ~/.vim/syntax wget https://raw.githubusercontent.com/Icinga/icinga2/master/tools/syntax/vim/syntax/icinga2.vim cd ~/.vim/ftdetect wget https://raw.githubusercontent.com/Icinga/icinga2/master/tools/syntax/vim/ftdetect/icinga2.vim ```