Changes between Version 1 and Version 2 of NSM2021/Agenda/iCinga


Ignore:
Timestamp:
May 10, 2021, 4:38:57 AM (4 years ago)
Author:
deepthi
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • NSM2021/Agenda/iCinga

    v1 v2  
    11= Configuring iCinga on Single server =
     2
     3This will guide you through installing Icinga setup on Ubuntu 20.04 LTS server;
     4
     5=== Requirements ===
     6
     7* Linux Server running Ubuntu 20.04 LTS
     8* NGINX Installed.
     9* SSL/ HTTPS Certificates issued ( May be using Letsencrypt or Otherwise)
     10* sudo access to the server. All following commands have to be entered as the root user. Best way to do it is, by login in as root with {{{ sudo su }}}
     11
     12=== Ubuntu Repositories===
     13
     14You need to add the Icinga repository to your package management configuration. The following commands must be executed with root permissions unless noted otherwise.
     15
     16`apt-get update`
     17
     18`apt-get -y install apt-transport-https wget gnupg`
     19
     20`wget -O - https://packages.icinga.com/icinga.key | apt-key add -`
     21
     22`. /etc/os-release; if [ ! -z ${UBUNTU_CODENAME+x} ]; then DIST="${UBUNTU_CODENAME}"; else DIST="$(lsb_release -c| awk '{print $2}')"; fi; `
     23
     24 `echo "deb https://packages.icinga.com/ubuntu icinga-${DIST} main" >  /etc/apt/sources.list.d/${DIST}-icinga.list`
     25
     26 `echo "deb-src https://packages.icinga.com/ubuntu icinga-${DIST} main" >> /etc/apt/sources.list.d/${DIST}-icinga.list`
     27
     28`apt-get update`
     29
     30=== Installing Icinga 2  ===
     31
     32The following commands must be executed with root permissions unless noted otherwise.
     33
     34`apt-get install icinga2`
     35
     36=== Setting up Check Plugins ===
     37
     38Without plugins Icinga 2 does not know how to check external services. The Monitoring Plugins Project provides an extensive set of plugins which can be used with Icinga 2 to check whether services are working properly.
     39
     40`apt-get install monitoring-plugins`
     41
     42=== Running Service ===
     43
     44Start the service using following command
     45
     46`systemctl restart icinga2`
     47
     48Enabling the service if a reboot happens
     49
     50`systemctl enable icinga2`
     51
     52Extra :
     53
     54If you’re stuck with configuration errors, you can manually invoke the configuration validation.
     55
     56`icinga2 daemon -C`
     57
     58=== Configuration Syntax Highlighting  ===
     59
     60==== If you are using Vim ====
     61
     62`apt-get install vim-icinga2 vim-addon-manager`
     63
     64`vim-addon-manager -w install icinga2`
     65
     66Ensure that syntax highlighting is enabled e.g. by editing the user’s vimrc configuration file:
     67
     68`# vim ~/.vimrc`
     69syntax on
     70
     71Test it:
     72
     73`vim /etc/icinga2/conf.d/templates.conf`
     74
     75Note :
     76If you are using Nano the syntax files are installed with the icinga2-common package already
     77
     78=== Setting up Icinga Web 2 ===
     79
     80==== Configuring DB IDO MySQL ====
     81
     82Installing MySQL database server
     83
     84`apt-get install mysql-server mysql-client`
     85
     86`mysql_secure_installation`
     87
     88(After executing `mysql_secure_installation`, change the root password and remove test database.)
     89
     90
     91==== Installing the IDO modules for MySQL ====
     92
     93The next step is to install the icinga2-ido-mysql
     94
     95`apt-get install icinga2-ido-mysql`
     96
     97Note :
     98
     99The Debian/Ubuntu packages provide a database configuration wizard by default. You can skip the automated setup and install/upgrade the database manually if you prefer.
     100
     101==== Setting up the MySQL database ====
     102
     103 `mysql -u root -p`
     104
     105`CREATE DATABASE icinga;`
     106
     107`CREATE USER 'icinga'@'localhost' IDENTIFIED BY '###PASSSWORD### ;`
     108
     109`GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE ON icinga.* TO 'icinga'@'localhost';`
     110
     111`quit`
     112
     113After creating the database you can import the Icinga 2 IDO schema using the following command. Enter the root password into the prompt when asked.
     114
     115`mysql -u root -p icinga < /usr/share/icinga2-ido-mysql/schema/mysql.sql`
     116
     117==== Enabling the IDO MySQL module ====
     118
     119The package provides a new configuration file that is installed in /etc/icinga2/features-available/ido-mysql.conf. (You can update the database credentials in this file if needed.)
     120
     121You can enable the ido-mysql feature configuration file using icinga2 feature enable:
     122
     123`icinga2 feature enable ido-mysql`
     124
     125You will see Module 'ido-mysql' was enabled.
     126
     127Make sure to restart Icinga 2 for these changes to take effect.
     128
     129`systemctl restart icinga2`
     130
     131==== Setting Up Icinga 2 REST API ====
     132
     133Icinga Web 2 and other web interfaces require the REST API to send actions (reschedule check, etc.) and query object details.
     134
     135You can run the CLI command icinga2 api setup to enable the api feature and set up certificates as well as a new API user root with an auto-generated password in the /etc/icinga2/conf.d/api-users.conf configuration file:
     136
     137`icinga2 api setup`
     138
     139Edit the api-users.conf file and add a new ApiUser object.
     140Specify the permissions attribute with minimal permissions required by Icinga Web 2.
     141
     142
     143`vim /etc/icinga2/conf.d/api-users.conf`
     144
     145object ApiUser "icingaweb2" {
     146  password = "Wijsn8Z9eRs5E25d"
     147  permissions = [ "status/query", "actions/*", "objects/modify/*", "objects/query/*" ]
     148}
     149
     150Restart Icinga 2 to activate the configuration.
     151
     152`systemctl restart icinga2`
     153
     154==== Installing Icinga Web 2 ====
     155
     156`apt-get install icingaweb2 libapache2-mod-php`
     157
     158=== Preparing Web Setup ===
     159
     160You can set up Icinga Web 2 quickly and easily with the Icinga Web 2 setup wizard which is available the first time you visit Icinga Web 2 in your browser. When using the web setup you are required to authenticate using a token. In order to generate a token use the icingacli:
     161
     162`icingacli setup token create`
     163
     164In case you do not remember the token you can show it using the icingacli:
     165
     166`icingacli setup token show`
     167
     168On Debian and derivates, you need to manually create a database and a database user prior to starting the web wizard.
     169This is due to local security restrictions whereas the web wizard cannot create a database/user through a local unix domain socket.
     170
     171`mysql -u root -p`;
     172
     173`CREATE DATABASE icingaweb2;`
     174
     175`CREATE USER icingaweb2@localhost IDENTIFIED BY '###PASSWORD###';`
     176
     177`GRANT ALL ON icingaweb2.* TO icingaweb2@localhost;`
     178
     179=== Starting Web Setup ===
     180
     181Finally visit Icinga Web 2 in your browser to access the setup wizard and complete the installation:
     182
     183http://localhost/icingaweb2/setup
     184
     185=== Configuration on web ===
     186
     187
     188
     189
     190
     191
     192
     193
     194
     195
     196
     197
     198
     199
     200
     201
     202
     203
     204=== Firewall Rules ===
     205
     206Enable port 80 (http). Best practice is to only enable port 443 (https) and use TLS certificates.
     207
     208firewall-cmd:
     209
     210`firewall-cmd --add-service=http`
     211
     212`firewall-cmd --permanent --add-service=http`
     213
     214iptables:
     215
     216`iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT`
     217`service iptables save`
     218
     219
     220
     221
     222
     223
     224
     225
     226
     227