Icinga2 – Set up CentOS 7
I have recently started using Icinga2 to monitor my servers and VM’s that have permanent services running on them (e.g mail-server) as I wanted something that will email me if there are any issues as I’m not always using these services 100% of the time.
For the server Icinga is on I needed something external to the rest of my VM’s so the best option for me was a VPS, I rented mine from EasySpace for two reasons I know there support id excellent because I have my dedicated server through them and because is means one less control panel to manage, below are the specs for the VPS;
- 2 cores
- 2 GB RAM
- 30GB of SSD storage.
As you can see nothing to extensive but as this server will be monitoring one ESXI host with around 10 to 20 VM’s there is no need for any more that I have.
Before I start the tutorial bit here’s the disclaimer running the commands below require access to the root user or a user with sudo privileges I take no responsibility for any damaged caused to your machine and any subsequent downtime to services.
And now the tutorial
Installing the prerequisites
1). Icinga requires a LAMP stack so we need to install Apache MariaDB and the RH variant of PHP run the following to install MariaDB and Apache
yum install httpd mariadb mariadb-server
2). Now we need to install the SCL packages to get the required PHP packages to run Icinga.
yum install centos-release-scl
3). Now run the following to install the PHP packages.
yum install rh-php71-php-mysqlnd rh-php71-php-cli rh-php71-php-common rh-php71-php-fpm rh-php71-php-pgsql rh-php71-php-ldap rh-php71-php-intl rh-php71-php-xml rh-php71-php-gd rh-php71-php-pdo rh-php71-php-mbstring sclo-php71-php-pecl-imagick
4). Install the epel release
yum install epel-release
5). Add the icinga2 repo
yum install https://packages.icinga.com/epel/icinga-rpm-release-7-latest.noarch.rpm
6). Install Icinga2, Icinga2Web and the Nagios-Plugins
yum install icinga2 nagios-plugins-all icingaweb2 icingacli php-Icinga
7). Install the Icinga IDO Module
yum install icinga2-ido-mysql
8). If you are using SELinux you’ll also need to run this.
yum install icingaweb2-selinux
1). Icinga requires a time zone to be set in the php.ini (replace vim for your text editor of choice.
Look for the line.
remove the ; and change it to reflect your local timezone.
date.timezone = Europe/London
Save the file and exit the text editor.
1.1). Start PHP
systemctl start rh-php71-php-fpm.service systemctl enable rh-php71-php-fpm.service
2). Configuring the SQL database.
2.1). Firstly start MariaDB
systemctl start mariadb.service systemctl enable mariadb.service
2.2). Next we need to complete the initial set up and set the root password
2.3). Follow the below answers.
Enter current password for root (enter for none): press enter Set root password? [Y/n]: Y New password: <your-password> Re-enter new password: <your-password> Remove anonymous users? [Y/n]: Y Disallow root login remotely? [Y/n]: Y Remove test database and access to it? [Y/n]: Y Reload privilege tables now? [Y/n]: Y
2.4). Now we to set up a database for Icinga’s IDO module so log in to MySQL using root and the password previously set.
mysql -u root -p
2.5). Create a database using the below. *note use your own password where Your-password is.
CREATE DATABASE icinga; GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE ON icinga.* TO 'icinga'@'localhost' IDENTIFIED BY 'Your-Password'; FLUSH PRIVILEGES; EXIT;
2.6). Import Icinga2 IDO schema
mysql -u root -p icinga < /usr/share/icinga2-ido-mysql/schema/mysql.sql
When asked enter the MySQL root password.
2.7). Enable the IDO module
Open the following file.
sudo vi /etc/icinga2/features-available/ido-mysql.conf
And change the following lines from
//user = "icinga" //password = "icinga" //host = "localhost" //database = "icinga"
user = "icinga" password = "Your-Password" host = "localhost" database = "icinga"
Save and quit
Enable the IDO-MYSQL feature
sudo icinga2 feature enable ido-mysql
3.1). Disable the Default Apache page
sed -i 's/^/#&/g' /etc/httpd/conf.d/welcome.conf
3.2). Stop Apache from exposing file and directories in the Web root.
sed -i "s/Options Indexes FollowSymLinks/Options FollowSymLinks/" /etc/httpd/conf/httpd.conf
3.3). Start and enable Apache
systemctl start httpd.service systemctl enable httpd.service
4.1). Allow external command pipe
icinga2 feature enable command
before you can send command from icinga2Web you need to add the apache user to the icingacmd Group
usermod -a -G icingacmd apache
4.2). Import Apache config
sudo icingacli setup config webserver apache --document-root /usr/share/icingaweb2/public sudo systemctl restart httpd.service
4.3) Start and enable icinga2
systemctl start icinga2 systemctl enable icinga2
5) Add firewall rules for Icinga and Apache
firewall-cmd --add-port=80/tcp --permanent firewall-cmd --add-port=5665/tcp --permanent firewall-cmd --reload
5.1 Verify this has worked by opening the web UI http://<your_server_ip/domain_name>/icingaweb2/setup
You should be greeted by the screen below.
OK, now we are sure everything loads fine it’s time to setup Icinga for the first time.
1). Generate a setup token via SSH
icingacli setup token create
2). Once you have generated a token copy and paste it into the block and press continue.
3). Next you will see a screen asking you to configure some modules we only need monitoring selected for our purposes.
4). Look over the next screen make sure everything is green it should look like the screen below
Once everything is green press next
5). Select database as the authentication type and press next.
6). Provide the root details for MariaDB.
Resource Name*: icingaweb_db Database Type*: MySQL Host*: localhost Database Name*: icingaweb2 Username*: root Password*: <MariaDB-root-password>
Validate the configuration and make sure it can connect then press next.
7). Leave the backend name at its default value and press next
8). Set a default administrator username and password.
9). Leave Application Configuration at its default settings and press next.
10). On the review double check all your settings are correct.
11). Now we configure the monitoring module press next.
12). The following values should be selected.
Backend Name icinga Backend Type IDO
13). Configure the database with the username and password we created earlier.
Resource Name*: icinga_ido Database Type*: MySQL Host*: localhost Database Name*: icinga Username*: icinga Password*: icinga
Validate the settings and press next.
14). Change the command transport type to local command file.
15). Protected Custom Variables should have the following value.
16). Review all the settings are correct and press finish.
From there you can log into Icinga and view the monitored services for the monitoring server.
Future tutorials will cover the installation and different features of the icinga director and well as how to configure hosts manually via the config files.