Icinga2 – Set up CentOS 7

Icinga2 – Set up CentOS 7

I have recently started using Icinga2 to monitor my servers and VM’s that have permanent services running on them (e.g mail-server) as I wanted something that will email me if there are any issues as I’m not always using these services 100% of the time.

For the server Icinga is on I needed something external to the rest of my VM’s so the best option for me was a VPS, I rented mine from EasySpace for two reasons I know there support id excellent because I have my dedicated server through them and because is means one less control panel to manage, below are the specs for the VPS;

  • 2 cores
  • 2 GB RAM
  • 30GB of SSD storage.

As you can see nothing to extensive but as this server will be monitoring one ESXI host with around 10 to 20 VM’s there is no need for any more that I have.

Before I start the tutorial bit here’s the disclaimer running the commands below require access to the root user or a user with sudo privileges I take no responsibility for any damaged caused to your machine and any subsequent downtime to services.

And now the tutorial

Installing the prerequisites

1). Icinga requires a LAMP stack so we need to install Apache MariaDB and the RH variant of PHP run the following to install MariaDB and Apache

yum install httpd mariadb mariadb-server

2). Now we need to install the SCL packages to get the required PHP packages to run Icinga.

yum install centos-release-scl

3). Now run the following to install the PHP packages.

yum install rh-php71-php-mysqlnd rh-php71-php-cli rh-php71-php-common rh-php71-php-fpm rh-php71-php-pgsql rh-php71-php-ldap rh-php71-php-intl rh-php71-php-xml rh-php71-php-gd rh-php71-php-pdo rh-php71-php-mbstring sclo-php71-php-pecl-imagick

4). Install the epel release

yum install epel-release

5). Add the icinga2 repo

yum install https://packages.icinga.com/epel/icinga-rpm-release-7-latest.noarch.rpm

6). Install Icinga2, Icinga2Web and the Nagios-Plugins

yum install icinga2 nagios-plugins-all icingaweb2 icingacli php-Icinga

7). Install the Icinga IDO Module

yum install icinga2-ido-mysql

8). If you are using SELinux you’ll also need to run this.

yum install icingaweb2-selinux

Post-installation configuration

1). Icinga requires a time zone to be set in the php.ini (replace vim for your text editor of choice.

vim /etc/opt/rh/rh-php71/php.ini

Look for the line.

;date.timezone = 

remove the ; and change it to reflect your local timezone.

date.timezone = Europe/London

Save the file and exit the text editor.

1.1). Start PHP

systemctl start rh-php71-php-fpm.service
systemctl enable rh-php71-php-fpm.service

2). Configuring the SQL database.

2.1). Firstly start MariaDB

systemctl start mariadb.service
systemctl enable mariadb.service

2.2). Next we need to complete the initial set up and set the root password

mysql_secure_installation

2.3). Follow the below answers.

Enter current password for root (enter for none): press enter
Set root password? [Y/n]: Y
New password: <your-password>
Re-enter new password: <your-password>
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]: Y
Reload privilege tables now? [Y/n]: Y

2.4). Now we to set up a database for Icinga’s IDO module so log in to MySQL using root and the password previously set.

mysql -u root -p

2.5). Create a database using the below. *note use your own password where Your-password is.

CREATE DATABASE icinga;

GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE ON icinga.* TO 'icinga'@'localhost' IDENTIFIED BY 'Your-Password';

FLUSH PRIVILEGES;

EXIT;

2.6). Import Icinga2 IDO schema

mysql -u root -p icinga < /usr/share/icinga2-ido-mysql/schema/mysql.sql

When asked enter the MySQL root password.

2.7). Enable the IDO module

Open the following file.

sudo vi /etc/icinga2/features-available/ido-mysql.conf

And change the following lines from

//user = "icinga"
//password = "icinga"
//host = "localhost"
//database = "icinga"

To

user = "icinga"
password = "Your-Password"
host = "localhost"
database = "icinga"

Save and quit

Enable the IDO-MYSQL feature

sudo icinga2 feature enable ido-mysql

3). Apache

3.1). Disable the Default Apache page

sed -i 's/^/#&/g' /etc/httpd/conf.d/welcome.conf

3.2). Stop Apache from exposing file and directories in the Web root.

sed -i "s/Options Indexes FollowSymLinks/Options FollowSymLinks/" /etc/httpd/conf/httpd.conf

3.3). Start and enable Apache

systemctl start httpd.service
systemctl enable httpd.service

4). Icinga2Web

4.1). Allow external command pipe

icinga2 feature enable command

before you can send command from icinga2Web you need to add the apache user to the icingacmd Group

usermod -a -G icingacmd apache

4.2). Import Apache config

sudo icingacli setup config webserver apache --document-root /usr/share/icingaweb2/public
sudo systemctl restart httpd.service

4.3) Start and enable icinga2

systemctl start icinga2
systemctl enable icinga2

5) Add firewall rules for Icinga and Apache

firewall-cmd --add-port=80/tcp --permanent
firewall-cmd --add-port=5665/tcp --permanent
firewall-cmd --reload

5.1 Verify this has worked by opening the web UI http://<your_server_ip/domain_name>/icingaweb2/setup

You should be greeted by the screen below.

Icinga2/Icingaweb2 setup.

OK, now we are sure everything loads fine it’s time to setup Icinga for the first time.

1). Generate a setup token via SSH

icingacli setup token create

2). Once you have generated a token copy and paste it into the block and press continue.

3). Next you will see a screen asking you to configure some modules we only need monitoring selected for our purposes.

4). Look over the next screen make sure everything is green it should look like the screen below

Once everything is green press next

5). Select database as the authentication type and press next.

6). Provide the root details for MariaDB.

Resource Name*: icingaweb_db
Database Type*: MySQL
Host*: localhost
Database Name*: icingaweb2
Username*: root
Password*: <MariaDB-root-password>

Validate the configuration and make sure it can connect then press next.

7). Leave the backend name at its default value and press next

8). Set a default administrator username and password.

9). Leave Application Configuration at its default settings and press next.

10). On the review double check all your settings are correct.

11). Now we configure the monitoring module press next.

12). The following values should be selected.

Backend Name icinga
Backend Type IDO

13). Configure the database with the username and password we created earlier.

Resource Name*: icinga_ido
Database Type*: MySQL
Host*: localhost
Database Name*: icinga
Username*: icinga
Password*: icinga

Validate the settings and press next.

14). Change the command transport type to local command file.

15). Protected Custom Variables should have the following value.

*pw*,*pass*,community

16). Review all the settings are correct and press finish.

From there you can log into Icinga and view the monitored services for the monitoring server.

Future tutorials will cover the installation and different features of the icinga director and well as how to configure hosts manually via the config files.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.