This is a transcript of how to install icing2 on centos 8, icinga2 is a great monitoring tool build on Nagios.
At the end I will have a icinga2 master backend, a icingaweb2 frontend, I will have added director to the frontend to make configuration webbased and pnp to create graphs.
Prerequisites
centos 8 server without GUI (as theres a bug in server with gui and vmware based on missing drivers) with all patches applied.
fixed IP address and local DNS entry.
My setup:
Hostname: icinga2.skau.dk
IP address: 192.168.112.189
Icinga2 specific decissions:
Icing2 database
DB type mariadb
DB name: icinga2
DB User: icinga2
DB Passwd: icingaPW
icinga2web database:
DB type mariadb
DB name: icinga2_web
DB User: icinga2
DB Passwd: icingaPW
Director database:
DB type mariadb
DB name: icinga2_director
DB User: icinga2
DB Passwd: icingaPW
Being on internal network I start by disabling firewall and SELINUX and adding repositories.
systemctl disable firewalld
systemctl stop firewalld
vi /etc/selinux/config (set it to disabled)
yum install epel-release -y
dnf install https://packages.icinga.com/epel/icinga-rpm-release-8-latest.noarch.rpm
dnf install 'dnf-command(config-manager)'
dnf config-manager --set-enabled PowerTools
REBOOT
Install the packages for icinga2 backend
yum update
yum install mariadb-server mariadb-server-utils
systemctl enable mariadb
systemctl start mariadb
dnf install icinga2
systemctl enable icinga2
systemctl start icinga2
dnf install nagios-plugins-all
yum install icinga2-ido-mysql
Next up is creating the first database which will hold data from icinga2
mysql -u root -p
MariaDB [(none)]> CREATE DATABASE icinga2 CHARACTER SET 'utf8';
MariaDB [(none)]> GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE ON icinga2.* TO 'icinga2'@'localhost' IDENTIFIED BY 'icingaPW';
MariaDB [(none)]> quit
With the packages installed and the database ready, we need to create the db schema and shift icinga2 to actualy use it
mysql -u root -p icinga2 < /usr/share/icinga2-ido-mysql/schema/mysql.sql
vi /etc/icinga2/features-available/ido-mysql.conf #(set database definitions as per above, remember to remove // in front of configlines)
icinga2 feature enable ido-mysql
systemctl restart icinga2
Install and configure apache, icingaweb2 and setup icinga API
yum install httpd
systemctl enable httpd
systemctl start httpd
icinga2 api setup
vi /etc/icinga2/conf.d/api-users.conf
# -----8< ------
#create a user object for icingaweb2 beneath the configured root user
object ApiUser "icingaweb2" {
password = "Wijsn8Z9eRs5E25d"
permissions = [ "status/query", "actions/*", "objects/modify/*", "objects/query/*" ]
}
# -----8< ------
systemctl restart icinga2
dnf install icingaweb2 icingacli
systemctl enable php-fpm.service
systemctl start php-fpm.service
yum install php-json
dnf install GraphicsMagick GraphicsMagick-devel GraphicsMagick-perl
icingacli setup config webserver apache
icingacli setup token create
systemctl restart httpd
In a webbrowser run the setupwizard (you will need the token created above)
http://192.168.112.189/icingaweb2/setup
- insert the token click next
- enable doc and monitoring and click next
- accept that imagick is missing and click next
- set authentication to database and click next
- Name your connection, fill in the new db names and remember to set caracterset to utf8 click next
- give root database credentials for mysql so db can be created, click next
- accept backendname of icingaweb2 click next
- setup first webuser (the master admin) – click next
- accept application config and click next
- accept the summary and click next
- Click next to start config
- Accept default beckend definitions, click next
- Set the connection details for the icinga2 database (remember to specify utf8 as Char set) – click next
- Command transport is set to Icinga2 API, use the username password generated earlier in the config file (icingaweb2 / Wijsn8Z9eRs5E25d) – click next
- Accept the default protected variables – click next
- Accept the backend config and click finish
- click the “login to Icinga Web 2” button in the upper left corner
- Log in with the administrative user created in step 8
Adding addons
Addon: Director, which is the addon that lets you configure your monitoring from icingaweb2
First create the database for director so theres a place to store configurations before comitting them
mysql -u root -p
MariaDB [(none)]> CREATE DATABASE icinga2_director CHARACTER SET 'utf8';
MariaDB [(none)]> GRANT ALL ON icinga2_director.* TO 'icinga2'@'localhost' IDENTIFIED BY 'icingaPW';
MariaDB [(none)]> exit
Now install the prereq packages and director from git and reboot at the end to ensure that everything starts up by itself.
yum install git
yum install php-posix
git clone "https://github.com/icinga/icingaweb2-module-director" "/usr/share/icingaweb2/modules/director" --branch v1.7.2
cd /usr/share/icingaweb2/modules/director
git checkout "v1.7.2"
git clone "https://github.com/Icinga/icingaweb2-module-ipl" "/usr/share/icingaweb2/modules/ipl" --branch "v0.4.0"
git clone "https://github.com/Icinga/icingaweb2-module-incubator" "/usr/share/icingaweb2/modules/incubator" --branch "v0.5.0"
git clone "https://github.com/Icinga/icingaweb2-module-reactbundle" "/usr/share/icingaweb2/modules/reactbundle" --branch "v0.7.0"
icingacli module enable ipl
icingacli module enable incubator
icingacli module enable reactbundle
icingacli module enable director
vi /etc/icinga2/conf.d/api-users.conf
# -------8< -------
#(create a user object for icingaweb2 beneath the configured root user
object ApiUser "icingadirector" {
password = "Wijsn8Z9eRs5E25d"
permissions = [ "*" ]
}
# -------8< -------
shutdown -r now
From the webfrontend create a new database resource pointing to your new director db
http://192.168.112.189/icingaweb2
goto Configuration -> Application -> Resources
create a new database object pointing to your director db – remember to set charset to utf8
goto module config: modules -> Director -> configuration
Select icinga2_director as database backend
click “create database scheme” This will start the kickstart engine
Setup the endpoint
- endpoint name: icinga2.skau.dk
- icinga host: icinga2.skau.dk
- icinga API user: icingadirector
- icinga API password: Wijsn8Z9eRs5E25d
Deploy outstanding configurations in the webpage by:
“Icinga Director” -> Deployments -> click on “Render Config”
Now you need to setup the daemon for director to pickup changes
useradd -r -g icingaweb2 -d /var/lib/icingadirector -s /bin/false icingadirector
install -d -o icingadirector -g icingaweb2 -m 0750 /var/lib/icingadirector
cp /usr/share/icingaweb2/modules/director/contrib/systemd/icinga-director.service /etc/systemd/system/
systemctl daemon-reload
systemctl enable icinga-director
systemctl start icinga-director
Addon: PNP – this is what generates those nice graphs on the icingaweb2 webpage
Unfortunately Centos 8 is so new that the needed packages are not really ready in the repositories – so we will be building from source.
yum install rrdtool gcc perl -y
yum install perl-Net-SNMP rrdtool-perl -y
mkdir /files
cd /files
wget http://sourceforge.net/projects/pnp4nagios/files/PNP-0.6/pnp4nagios-0.6.26.tar.gz/download
mv download pnp4nagios-0.6.26.tar.gz
tar -xvzf pnp4nagios-0.6.26.tar.gz
cd pnp4nagios-0.6.26
./configure --with-nagios-user=icinga --with-nagios-group=icinga --with-rrdtool=/usr/bin/rrdtool --with-perfdata-dir=/var/spool/icinga2/perfdata
make all
make fullinstall
systemctl enable npcd
systemctl start npcd
Because pnp does not have a good sso integration with icingaweb, lets disable it completely in pnp
Replace content of /etc/httpd/conf.d/pnp4nagios.conf with this :
Alias /pnp4nagios "/usr/local/pnp4nagios/share"
<Directory "/usr/local/pnp4nagios/share">
AllowOverride None
# Order allow,deny
# Allow from all
Require all granted
#
# Use the same value as defined in nagios.conf
#
# AuthName "Nagios Access"
# AuthType Basic
# AuthUserFile /usr/local/nagios/etc/htpasswd.users
# Require valid-user
<IfModule mod_rewrite.c>
# Turn on URL rewriting
RewriteEngine On
Options symLinksIfOwnerMatch
# Installation directory
RewriteBase /pnp4nagios/
# Protect application and system files from being viewed
RewriteRule "^(?:application|modules|system)/" - [F]
# Allow any files or directories that exist to be displayed directly
RewriteCond "%{REQUEST_FILENAME}" !-f
RewriteCond "%{REQUEST_FILENAME}" !-d
# Rewrite all other URLs to index.php/URL
RewriteRule "^.*$" "index.php/$0" [PT]
</IfModule>
</Directory>
Add apache to icinga group for it to read rrd files and restart apache
vi /etc/group (add apache to icinga group so it can read rrd directory)
systemctl restart httpd
Next add the pnp module to icingaweb2 and enable it
cd /usr/share/icingaweb2/modules
git clone https://github.com/Icinga/icingaweb2-module-pnp.git pnp
icingacli module enable pnp
icinga2 feature enable perfdata
mv /usr/local/pnp4nagios/share/install.php /usr/local/pnp4nagios/share/install.php.orig
cd /usr/local/pnp4nagios/etc
mv misccommands.cfg-sample misccommands.cfg
mv nagios.cfg-sample nagios.cfg
shutdown -r now