Install Icinga2 and Icingaweb2 » History » Revision 15
Revision 14 (Jon Goldberg, 10/04/2017 10:06 PM) → Revision 15/16 (Jon Goldberg, 10/04/2017 10:07 PM)
{{last_updated_at}} by {{last_updated_by}}
# Install Icinga2 and Icingaweb2
{{>toc}}
### Installation (Master Node)
Steps are adapted from [this guide](http://linoxide.com/ubuntu-how-to/install-icinga2-ubuntu-16-04/).
#### Install Icinga2
```bash
# Install MySQL if you haven't yet
# These lines for Ubuntu 16.04 only:
apt install software-properties-common
add-apt-repository -y ppa:formorer/icinga
apt update
apt-get install icinga2
apt-get install icinga2-ido-mysql
# These 3 lines for Debian 8 only:
echo 'deb http://ftp.debian.org/debian jessie-backports main' > /etc/apt/sources.list.d/jessie-backports.list
apt-get update
apt-get -t jessie-backports install icinga2
apt-get -t jessie-backports install icinga2-ido-mysql
systemctl enable icinga2.service
systemctl start icinga2.service
apt install nagios-plugins
# nagios-plugins has Samba as a dependency, but you should remove it.
apt remove samba-common samba-libs
icinga2 feature enable ido-mysql
systemctl restart icinga2.service
```
#### Install Icingaweb2
```bash
# If Ubuntu 16.04, you need to work around this bug: https://bugs.launchpad.net/ubuntu/+source/icingaweb2/+bug/1574250
# FIRST, uncomment the second line in /etc/php/7.0/mods-available/zend-framework.ini
phpenmod zend-framework
systemctl restart apache2.service
# END Ubuntu 16.04 workaround
apt install icingaweb2
```
* Go to http://<your IP>/icingaweb2/setup.
* Finish from here: https://linoxide.com/ubuntu-how-to/install-icinga2-ubuntu-16-04, starting with "Configuring Icinga Web2 plugin"
### Configuration
- Run `icinga2 node wizard. `Select "N" to create a master node.
- Enable the api and command module to allow issuing commands from Icingaweb2 and to allow API:
`icinga2 feature enable api command; service icinga2 restart`
- Add an API user for remote checks. For instance, a user that can
receive backupninja checks. Add this to `/etc/icinga2/conf.d/api-users.conf`:
```
object ApiUser "backupninja" {
password = "<redacted>"
permissions = [
{
permission = "actions/process-check-result"
filter = {{ match("backupninja", service.display_name) }}
},
}
{
permission = "actions/reschedule-check"
filter = {{ match("backupninja", service.display_name) }}
}
]
}
```
### Open the firewall
Open port 5665 on the master node's firewall. Edit the files in `/etc/iptables` and restart `netfilter-persistent`.
### Install additional checks
#### Install Plugins
Place the following two scripts in your plugins directory
(`/usr/lib/nagios/plugins`) and ensure they're executable:
- **check_drupal** - installs with the Drupal "nagios" plugin, also
available
[here](http://cgit.drupalcode.org/nagios/plain/nagios-plugin/check_drupal?id=7da732e2d4943ec5368243f4cd2e33eb02769f23).
- **check_civicrm** - There are two scripts - one for Civi 4.6 and
below, another for 4.7 and up. 4.7 version is available
[here](https://raw.githubusercontent.com/PalanteJon/check_civicrm/master/check_civicrm.php),
4.6 version is [here](https://raw.githubusercontent.com/aghstrategies/com.aghstrategies.civimonitor/master/check_civicrm.php).
- **check_domain** - This does a WHOIS lookup to ensure domain names aren't about to expire. Install from
[here](https://raw.githubusercontent.com/glensc/monitoring-plugin-check_domain/master/check_domain.sh).
- **check_rbl** - Check spam blacklists. File is [here](https://raw.githubusercontent.com/matteocorti/check_rbl/master/check_rbl), also install dependencies:
`apt install libreadonly-xs-perl libnagios-plugin-perl libdata-validate-ip-perl libdata-validate-domain-perl libnet-dns-perl`
#### Define CheckCommand and Service objects for the new plugins
Copy the CheckCommand and Service files from
`icinga.jmaconsulting.biz:/etc/icinga2/zones.d/global-templates/CheckCommands`
and `icinga.jmaconsulting.biz:/etc/icinga2/conf.d/services`. See [[Add New Checks to Icinga2]] for details.
### Harden the TLS connection
Add this line to the bottom of the "api" object in `/etc/icinga2/features-available/api.conf`:
```
tls_protocolmin = "TLSv1.2"
```
### Set up vim syntax highlighting on the Icinga2 server
```bash
mkdir -p ~/.vim/{syntax,ftdetect}
cd ~/.vim/syntax
wget https://raw.githubusercontent.com/Icinga/icinga2/master/tools/syntax/vim/syntax/icinga2.vim
cd ~/.vim/ftdetect
wget https://raw.githubusercontent.com/Icinga/icinga2/master/tools/syntax/vim/ftdetect/icinga2.vim
```