Translation(s): English - Français
Contents
Icinga2 - Installation and configuration
Documentation overview
The purpose of this documentation is to help you for the installation and configuration of this features:
- Icinga2 - Monitoring engine,
?IcingaWeb2 - Web UI.
This documentation is written and tested for the following Debian versions:
- Debian 10 (Buster)
Installation
Packages installation
Firstly, we need to update the packages list and install the required packages.
Update packages list:
apt update
Packages installation ( for Debian 10 ):
DEBIAN_FRONTEND=noninteractive apt-get -y install \ icinga2 \ icingacli \ icingaweb2 \ icinga2-ido-mysql \ mariadb-client \ mariadb-server \ monitoring-plugins \ apache2 \ libapache2-mod-rpaf \ php-fpm \ curl \ vim-icinga2 \ vim-addon-manager \ nagios-nrpe-plugin \ unscd \ nagios-plugins-contrib \ unattended-upgrades
Packages notes:
vim-icinga2 - Icinga syntax highlighting for Vim
unscd - To enable DNS cache
unattended-upgrades - To install automatically security updates
PHP-FPM activation
PHP-FPM is a FastCGI Process Manager which allows communication between Apache2 server and PHP. It's an alternative to traditional PHP FastCGI implementation mostly useful for heavily loaded web servers.
For Debian 10:
a2enmod proxy_fcgi setenvif a2enconf php7.3-fpm apache2ctl configtest systemctl restart php7.3-fpm.service systemctl restart apache2.service
Icinga syntax highlighting for Vim
If you use vim to edit your configurations files, you can easily enable syntax highlighting as follows:
vim-addon-manager -w install icinga2
Create Apache2 virtual host for Icinga
WARNING! This virtual host is not secured (listen on HTTP and not on HTTPS). If incoming connection is wanted, we recommand you to set up this vHost on HTTPS. For example, you can see LetsEncrypt.
Before, you need to set the following variables. You must change the values:
FQDN="icinga.example.com" EMAIL="me@example.com"
Now you can copy/paste the following lines to create the /etc/apache2/sites-available/icinga.conf file.
cat << EOF > /etc/apache2/sites-available/icinga.conf <VirtualHost *:80> ServerName $FQDN ServerAdmin $EMAIL DocumentRoot "/usr/share/icingaweb2/public" <Directory "/usr/share/icingaweb2/public"> Options SymLinksIfOwnerMatch AllowOverride None <IfModule mod_authz_core.c> # Apache 2.4 <RequireAll> Require all granted </RequireAll> </IfModule> SetEnv ICINGAWEB_CONFIGDIR "/etc/icingaweb2" EnableSendfile Off <IfModule mod_rewrite.c> RewriteEngine on # RewriteBase /icingaweb2/ RewriteBase / RewriteCond %{REQUEST_FILENAME} -s [OR] RewriteCond %{REQUEST_FILENAME} -l [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^.*$ - [NC,L] RewriteRule ^.*$ index.php [NC,L] </IfModule> <IfModule !mod_rewrite.c> DirectoryIndex error_norewrite.html ErrorDocument 404 /error_norewrite.html </IfModule> </Directory> ErrorLog /var/log/apache2/icinga-error.log CustomLog /var/log/apache2/icinga-access.log combined </VirtualHost> EOF
Now you can enable the Icinga virtual host on Apache2, test the configuration and reload Apache2
a2ensite icinga.conf apache2ctl configtest systemctl reload apache2
Enable Icinga features and modules
ido-mysql - Connexion between Icinga and MariaDB
monitoring - Monitoring module
icinga2 feature enable command ido-mysql icingacli module enable monitoring
Securing the MariaDB server
To secure the MariaDB installation, you have the choice between just running the embedded script or doing it manually.
Method 1 - embedded script:
mysql_secure_installation
Method 2 - manually:
# Delete anonymous users mysql -e "DELETE FROM mysql.user WHERE User='';" # Ensure the root user can not log in remotely mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" # Remove the test database mysql -e "DROP DATABASE IF EXISTS test;" mysql -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%';" # Make our changes take effect mysql -e "FLUSH PRIVILEGES"
Create Icinga IDO database
You need to create the Icinga IDO database. For that, we get the curent password on the configuration file.
ICINGA_IDO_PASSWORD="$(awk -F'"' '/password/ {print$2}' /etc/icinga2/features-available/ido-mysql.conf)"
And then we can create the database:
mysql <<< " CREATE DATABASE icinga2; GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE ON icinga2.* TO 'icinga2'@'localhost' IDENTIFIED BY '$ICINGA_IDO_PASSWORD'; FLUSH PRIVILEGES; "
Populate Icinga IDO Database
mysql icinga2 < /usr/share/icinga2-ido-mysql/schema/mysql.sql
Create IcingaWeb2 database
You need to create the ?IcingaWeb database.
Before, you need to set the following variables. You must change the values:
ICINGAWEB2_DB_PASSWORD="changeme"
And then we can create the database:
mysql <<< " CREATE DATABASE icingaweb2; GRANT ALL ON icingaweb2.* TO 'icingaweb2'@'localhost' IDENTIFIED BY '$ICINGAWEB2_DB_PASSWORD'; FLUSH PRIVILEGES; "
Populate IcingaWeb Database
mysql icingaweb2 < /usr/share/icingaweb2/etc/schema/mysql.schema.sql
Create configuration files
Now we are going to create final configuration files.
Before, you need to set some values:
ICINGA_WEB_ADMIN_USER="admin" ICINGA_WEB_ADMIN_PWD="changeme"
And now just copy/paste the following content:
# roles.ini cat << EOF > /etc/icingaweb2/roles.ini [Administrators] users = "$ICINGA_WEB_ADMIN_USER" permissions = "*" groups = "Administrators" EOF # groups.ini cat << EOF > /etc/icingaweb2/groups.ini [icingaweb2] backend = "db" resource = "icingaweb_db" EOF # config.ini cat << EOF > /etc/icingaweb2/config.ini [global] show_stacktraces = "1" config_backend = "db" config_resource = "icingaweb_db" # [logging] log = "syslog" level = "ERROR" application = "icingaweb2" facility = "user" EOF # authentication.ini cat << EOF > /etc/icingaweb2/authentication.ini [icingaweb2] backend = "db" resource = "icingaweb_db" EOF # resources.ini cat << EOF > /etc/icingaweb2/resources.ini [icingaweb_db] type = "db" db = "mysql" host = "localhost" port = "" dbname = "icingaweb2" username = "icingaweb2" password = "$ICINGAWEB2_DB_PASSWORD" charset = "UTF8" persistent = "0" use_ssl = "0" # [icinga_ido] type = "db" db = "mysql" host = "localhost" port = "" dbname = "icinga2" username = "icinga2" password = "$ICINGA_IDO_PASSWORD" charset = "latin1" persistent = "0" use_ssl = "0" EOF mkdir /etc/icingaweb2/modules/monitoring/ # config.ini cat << EOF > /etc/icingaweb2/modules/monitoring/config.ini [security] protected_customvars = "*pw*,*pass*,community" EOF # commandtransports.ini cat << EOF > /etc/icingaweb2/modules/monitoring/commandtransports.ini [icinga2] transport = "local" path = "/var/run/icinga2/cmd/icinga2.cmd" EOF # backends.ini cat << EOF > /etc/icingaweb2/modules/monitoring/backends.ini [icinga] type = "ido" resource = "icinga_ido" EOF
Create Icinga Web administrator user
# Create a hash from password HASH_ICINGA_WEB_ADMIN_PASSWORD=$(openssl passwd -1 "$ICINGA_WEB_ADMIN_PWD") # Create user in database mysql icingaweb2 -Bse " INSERT INTO icingaweb_user (name, active, password_hash) VALUES ('$ICINGA_WEB_ADMIN_USER', 1, '$HASH_ICINGA_WEB_ADMIN_PASSWORD'); "
Troubleshooting
List of useful directories:
- /etc/apache2
- /etc/icinga2
- /etc/icingaweb2
- /var/lib/icinga2
- /usr/share/icinga2
Others Wiki pages