Configuring iCinga on Single server

This will guide you through installing Icinga setup on Ubuntu 20.04 LTS server;

Requirements

• Linux Server running Ubuntu 20.04 LTS
• NGINX Installed.
• SSL/ HTTPS Certificates issued ( May be using Letsencrypt or Otherwise)
• sudo access to the server. All following commands have to be entered as the root user. Best way to do it is, by login in as root with sudo su

Ubuntu Repositories

You need to add the Icinga repository to your package management configuration. The following commands must be executed with root permissions unless noted otherwise.

apt-get update

apt-get -y install apt-transport-https wget gnupg

wget -O - https://packages.icinga.com/icinga.key | apt-key add -

. /etc/os-release; if [ ! -z ${UBUNTU_CODENAME+x} ]; then DIST="${UBUNTU_CODENAME}"; else DIST="$(lsb_release -c| awk '{print $2}')"; fi;

echo "deb https://packages.icinga.com/ubuntu icinga-${DIST} main" > /etc/apt/sources.list.d/${DIST}-icinga.list

echo "deb-src https://packages.icinga.com/ubuntu icinga-${DIST} main" >> /etc/apt/sources.list.d/${DIST}-icinga.list

apt-get update

Installing Icinga 2

The following commands must be executed with root permissions unless noted otherwise.

apt-get install icinga2

Setting up Check Plugins

Without plugins Icinga 2 does not know how to check external services. The Monitoring Plugins Project provides an extensive set of plugins which can be used with Icinga 2 to check whether services are working properly.

apt-get install monitoring-plugins

Running Service

Start the service using following command

systemctl restart icinga2

Enabling the service if a reboot happens

systemctl enable icinga2

Extra :

If you’re stuck with configuration errors, you can manually invoke the configuration validation.

icinga2 daemon -C

Configuration Syntax Highlighting

If you are using Vim

apt-get install vim-icinga2 vim-addon-manager

vim-addon-manager -w install icinga2

Ensure that syntax highlighting is enabled e.g. by editing the user’s vimrc configuration file:

# vim ~/.vimrc syntax on

Test it:

vim /etc/icinga2/conf.d/templates.conf

Note : If you are using Nano the syntax files are installed with the icinga2-common package already

Setting up Icinga Web 2

Configuring DB IDO MySQL

Installing MySQL database server

apt-get install mariadb-server

mysql_secure_installation

(After executing mysql_secure_installation, change the root password and remove test database.)

Installing the IDO modules for MySQL

The next step is to install the icinga2-ido-mysql

apt-get install icinga2-ido-mysql

Note :

The Ubuntu packages provide a database configuration wizard by default. You can skip the automated setup and install/upgrade the database manually if you prefer.

Setting up the MySQL database

mysql -u root -p

CREATE DATABASE icinga;

CREATE USER 'icinga'@'localhost' IDENTIFIED BY '###PASSSWORD### ;

GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE ON icinga.* TO 'icinga'@'localhost';

quit

After creating the database you can import the Icinga 2 IDO schema using the following command. Enter the root password into the prompt when asked.

mysql -u root -p icinga < /usr/share/icinga2-ido-mysql/schema/mysql.sql

Enabling the IDO MySQL module

The package provides a new configuration file that is installed in /etc/icinga2/features-available/ido-mysql.conf. (You can update the database credentials in this file if needed.)

You can enable the ido-mysql feature configuration file using icinga2 feature enable:

icinga2 feature enable ido-mysql

You will see Module 'ido-mysql' was enabled.

Make sure to restart Icinga 2 for these changes to take effect.

systemctl restart icinga2

Setting Up Icinga 2 REST API

Icinga Web 2 and other web interfaces require the REST API to send actions (reschedule check, etc.) and query object details.

You can run the CLI command icinga2 api setup to enable the api feature and set up certificates as well as a new API user root with an auto-generated password in the /etc/icinga2/conf.d/api-users.conf configuration file:

icinga2 api setup

Edit the api-users.conf file and add a new ApiUser object. Specify the permissions attribute with minimal permissions required by Icinga Web 2.

vim /etc/icinga2/conf.d/api-users.conf

object ApiUser "icingaweb2" {

password = "Wijsn8Z9eRs5E25d" permissions = [ "status/query", "actions/*", "objects/modify/*", "objects/query/*" ]

}

Restart Icinga 2 to activate the configuration.

systemctl restart icinga2

Installing Icinga Web 2

apt-get install icingaweb2 libapache2-mod-php

Preparing Web Setup

You can set up Icinga Web 2 quickly and easily with the Icinga Web 2 setup wizard which is available the first time you visit Icinga Web 2 in your browser. When using the web setup you are required to authenticate using a token. In order to generate a token use the icingacli:

icingacli setup token create

In case you do not remember the token you can show it using the icingacli:

icingacli setup token show

On Debian and derivates, you need to manually create a database and a database user prior to starting the web wizard. This is due to local security restrictions whereas the web wizard cannot create a database/user through a local unix domain socket.

mysql -u root -p;

CREATE DATABASE icingaweb2;

CREATE USER icingaweb2@localhost IDENTIFIED BY '###PASSWORD###';

GRANT ALL ON icingaweb2.* TO icingaweb2@localhost;

flush privileges;

quit

Enabling Director in Icinga ==

Copy following script to a bash flle and execute. The script with the files to the relevant directory using the script

ICINGAWEB_MODULEPATH="/usr/share/icingaweb2/modules" REPO_URL="​https://github.com/icinga/icingaweb2-module-director" TARGET_DIR="${ICINGAWEB_MODULEPATH}/director" MODULE_VERSION="1.8.0" git clone "${REPO_URL}" "${TARGET_DIR}" --branch v${MODULE_VERSION}

and then enable the icinga-director module

icingacli module enable director

Starting Web Setup

Finally visit Icinga Web 2 in your browser to access the setup wizard and complete the installation:

​http://IP-ADDRESS/icingaweb2/setup

Configuration on web

Firewall Rules

Enable port 80 (http). Best practice is to only enable port 443 (https) and use TLS certificates.

ufw-cmd:

ufw allow 22

ufw allow 80

`ufw allow 443'

ufw allow 5665

iptables:

iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT service iptables save