Project

General

Profile

Install Icinga2 and Icingaweb2 » History » Revision 15

Revision 14 (Jon Goldberg, 10/04/2017 10:06 PM) → Revision 15/16 (Jon Goldberg, 10/04/2017 10:07 PM)

{{last_updated_at}} by {{last_updated_by}} 
 # Install Icinga2 and Icingaweb2 

 {{>toc}} 

 ### Installation (Master Node) 

 Steps are adapted from [this guide](http://linoxide.com/ubuntu-how-to/install-icinga2-ubuntu-16-04/). 

 #### Install Icinga2 
 ```bash 
 # Install MySQL if you haven't yet 

 # These lines for Ubuntu 16.04 only: 
 apt install software-properties-common 
 add-apt-repository -y ppa:formorer/icinga 
 apt update 
 apt-get install icinga2 
 apt-get install icinga2-ido-mysql 

 # These 3 lines for Debian 8 only: 
 echo 'deb http://ftp.debian.org/debian jessie-backports main' > /etc/apt/sources.list.d/jessie-backports.list 
 apt-get update 
 apt-get -t jessie-backports install icinga2 
 apt-get -t jessie-backports install icinga2-ido-mysql 

 systemctl enable icinga2.service 
 systemctl start icinga2.service 
 apt install nagios-plugins 
 # nagios-plugins has Samba as a dependency, but you should remove it. 
 apt remove samba-common samba-libs 
 icinga2 feature enable ido-mysql 
 systemctl restart icinga2.service 

 ``` 

 #### Install Icingaweb2 
 ```bash 

 # If Ubuntu 16.04, you need to work around this bug: https://bugs.launchpad.net/ubuntu/+source/icingaweb2/+bug/1574250 
 # FIRST, uncomment the second line in /etc/php/7.0/mods-available/zend-framework.ini 
 phpenmod zend-framework 
 systemctl restart apache2.service 
 # END Ubuntu 16.04 workaround 

 apt install icingaweb2 
 ``` 
 * Go to http://<your IP>/icingaweb2/setup. 
 * Finish from here: https://linoxide.com/ubuntu-how-to/install-icinga2-ubuntu-16-04, starting with "Configuring Icinga Web2 plugin" 

 ### Configuration 

 -     Run `icinga2 node wizard. `Select "N" to create a master node. 
 -     Enable the api and command module to allow issuing commands from Icingaweb2 and to allow API: 
     `icinga2 feature enable api command; service icinga2 restart` 
 -     Add an API user for remote checks.  For instance, a user that can 
     receive backupninja checks.    Add this to `/etc/icinga2/conf.d/api-users.conf`: 

     ``` 
     object ApiUser "backupninja" { 
       password = "<redacted>" 
       permissions = [ 
         { 
           permission = "actions/process-check-result" 
           filter = {{ match("backupninja", service.display_name) }} 
         }, 
         } 
        { 
           
          permission = "actions/reschedule-check" 
           
          filter = {{ match("backupninja", service.display_name) }} 
         
        } 
       ] 
     } 
     ``` 

 ### Open the firewall 
 Open port 5665 on the master node's firewall.    Edit the files in `/etc/iptables` and restart `netfilter-persistent`. 

 ### Install additional checks 

 #### Install Plugins 

 Place the following two scripts in your plugins directory 
 (`/usr/lib/nagios/plugins`) and ensure they're executable: 

 -     **check_drupal** - installs with the Drupal "nagios" plugin, also 
     available 
     [here](http://cgit.drupalcode.org/nagios/plain/nagios-plugin/check_drupal?id=7da732e2d4943ec5368243f4cd2e33eb02769f23). 
 -     **check_civicrm** - There are two scripts - one for Civi 4.6 and 
     below, another for 4.7 and up.  4.7 version is available 
     [here](https://raw.githubusercontent.com/PalanteJon/check_civicrm/master/check_civicrm.php), 
     4.6 version is [here](https://raw.githubusercontent.com/aghstrategies/com.aghstrategies.civimonitor/master/check_civicrm.php). 
 -     **check_domain** - This does a WHOIS lookup to ensure domain names aren't about to expire.  Install from 
     [here](https://raw.githubusercontent.com/glensc/monitoring-plugin-check_domain/master/check_domain.sh). 
 -     **check_rbl** - Check spam blacklists.  File is [here](https://raw.githubusercontent.com/matteocorti/check_rbl/master/check_rbl), also install dependencies: 
     `apt install libreadonly-xs-perl libnagios-plugin-perl libdata-validate-ip-perl libdata-validate-domain-perl libnet-dns-perl` 

 #### Define CheckCommand and Service objects for the new plugins 

 Copy the CheckCommand and Service files from 
 `icinga.jmaconsulting.biz:/etc/icinga2/zones.d/global-templates/CheckCommands` 
 and `icinga.jmaconsulting.biz:/etc/icinga2/conf.d/services`. See [[Add New Checks to Icinga2]] for details. 

 ### Harden the TLS connection 
 Add this line to the bottom of the "api" object in `/etc/icinga2/features-available/api.conf`: 
 ``` 
 tls_protocolmin = "TLSv1.2" 
 ``` 

 ### Set up vim syntax highlighting on the Icinga2 server 
 ```bash 
 mkdir -p ~/.vim/{syntax,ftdetect} 
 cd ~/.vim/syntax 
 wget https://raw.githubusercontent.com/Icinga/icinga2/master/tools/syntax/vim/syntax/icinga2.vim 
 cd ~/.vim/ftdetect 
 wget https://raw.githubusercontent.com/Icinga/icinga2/master/tools/syntax/vim/ftdetect/icinga2.vim 
 ```