Lundebakkevej 5, 4684 Holmegaard

Home of Skau

Install icinga2, icingaweb2 on Centos 8

This is a transcript of how to install icing2 on centos 8, icinga2 is a great monitoring tool build on Nagios.
At the end I will have a icinga2 master backend, a icingaweb2 frontend, I will have added director to the frontend to make configuration webbased and pnp to create graphs.

Prerequisites

centos 8 server without GUI (as theres a bug in server with gui and vmware based on missing drivers) with all patches applied.
fixed IP address and local DNS entry.

My setup:
Hostname: icinga2.skau.dk
IP address: 192.168.112.189

Icinga2 specific decissions:
Icing2 database
DB type mariadb
DB name: icinga2
DB User: icinga2
DB Passwd: icingaPW

icinga2web database:
DB type mariadb
DB name: icinga2_web
DB User: icinga2
DB Passwd: icingaPW

Director database:
DB type mariadb
DB name: icinga2_director
DB User: icinga2
DB Passwd: icingaPW

Being on internal network I start by disabling firewall and SELINUX and adding repositories.

systemctl disable firewalld
systemctl stop firewalld
vi /etc/selinux/config (set it to disabled)
yum install epel-release -y
dnf install https://packages.icinga.com/epel/icinga-rpm-release-8-latest.noarch.rpm
dnf install 'dnf-command(config-manager)'
dnf config-manager --set-enabled PowerTools
REBOOT

Install the packages for icinga2 backend

yum update
yum install mariadb-server mariadb-server-utils
systemctl enable mariadb
systemctl start mariadb
dnf install icinga2
systemctl enable icinga2
systemctl start icinga2
dnf install nagios-plugins-all
yum install icinga2-ido-mysql

Next up is creating the first database which will hold data from icinga2

mysql -u root -p
MariaDB [(none)]> CREATE DATABASE icinga2 CHARACTER SET 'utf8';
MariaDB [(none)]> GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE ON icinga2.* TO 'icinga2'@'localhost' IDENTIFIED BY 'icingaPW';
MariaDB [(none)]> quit

With the packages installed and the database ready, we need to create the db schema and shift icinga2 to actualy use it

mysql -u root -p icinga2 < /usr/share/icinga2-ido-mysql/schema/mysql.sql
vi /etc/icinga2/features-available/ido-mysql.conf #(set database definitions as per above, remember to remove // in front of configlines)
icinga2 feature enable ido-mysql
systemctl restart icinga2

Install and configure apache, icingaweb2 and setup icinga API

yum install httpd
systemctl enable httpd
systemctl start httpd
icinga2 api setup
vi /etc/icinga2/conf.d/api-users.conf
# -----8< ------
#create a user object for icingaweb2 beneath the configured root user

object ApiUser "icingaweb2" {
  password = "Wijsn8Z9eRs5E25d"
  permissions = [ "status/query", "actions/*", "objects/modify/*", "objects/query/*" ]
}

# -----8< ------
systemctl restart icinga2
dnf install icingaweb2 icingacli
systemctl enable php-fpm.service
systemctl start php-fpm.service
yum install php-json
dnf install GraphicsMagick GraphicsMagick-devel GraphicsMagick-perl
icingacli setup config webserver apache
icingacli setup token create
systemctl restart httpd

In a webbrowser run the setupwizard (you will need the token created above)
http://192.168.112.189/icingaweb2/setup

  • insert the token click next
  • enable doc and monitoring and click next
  • accept that imagick is missing and click next
  • set authentication to database and click next
  • Name your connection, fill in the new db names and remember to set caracterset to utf8 click next
  • give root database credentials for mysql so db can be created, click next
  • accept backendname of icingaweb2 click next
  • setup first webuser (the master admin) – click next
  • accept application config and click next
  • accept the summary and click next
  • Click next to start config
  • Accept default beckend definitions, click next
  • Set the connection details for the icinga2 database (remember to specify utf8 as Char set) – click next
  • Command transport is set to Icinga2 API, use the username password generated earlier in the config file (icingaweb2 / Wijsn8Z9eRs5E25d) – click next
  • Accept the default protected variables – click next
  • Accept the backend config and click finish
  • click the “login to Icinga Web 2” button in the upper left corner
  • Log in with the administrative user created in step 8

Adding addons

Addon: Director, which is the addon that lets you configure your monitoring from icingaweb2

First create the database for director so theres a place to store configurations before comitting them

mysql -u root -p
MariaDB [(none)]> CREATE DATABASE icinga2_director CHARACTER SET 'utf8';
MariaDB [(none)]> GRANT ALL ON icinga2_director.* TO 'icinga2'@'localhost' IDENTIFIED BY 'icingaPW';
MariaDB [(none)]> exit

Now install the prereq packages and director from git and reboot at the end to ensure that everything starts up by itself.

yum install git
yum install php-posix
git clone "https://github.com/icinga/icingaweb2-module-director" "/usr/share/icingaweb2/modules/director" --branch v1.7.2
cd /usr/share/icingaweb2/modules/director
git checkout "v1.7.2"
git clone "https://github.com/Icinga/icingaweb2-module-ipl" "/usr/share/icingaweb2/modules/ipl" --branch "v0.4.0"
git clone "https://github.com/Icinga/icingaweb2-module-incubator" "/usr/share/icingaweb2/modules/incubator" --branch "v0.5.0"
git clone "https://github.com/Icinga/icingaweb2-module-reactbundle" "/usr/share/icingaweb2/modules/reactbundle" --branch "v0.7.0"
icingacli module enable ipl
icingacli module enable incubator
icingacli module enable reactbundle
icingacli module enable director
vi /etc/icinga2/conf.d/api-users.conf
# -------8< -------
#(create a user object for icingaweb2 beneath the configured root user

object ApiUser "icingadirector" {
  password = "Wijsn8Z9eRs5E25d"
  permissions = [ "*" ]
}
# -------8< -------
shutdown -r now

From the webfrontend create a new database resource pointing to your new director db
http://192.168.112.189/icingaweb2
goto Configuration -> Application -> Resources
create a new database object pointing to your director db – remember to set charset to utf8
goto module config: modules -> Director -> configuration
Select icinga2_director as database backend
click “create database scheme” This will start the kickstart engine


Setup the endpoint

  • endpoint name: icinga2.skau.dk
  • icinga host: icinga2.skau.dk
  • icinga API user: icingadirector
  • icinga API password: Wijsn8Z9eRs5E25d

Deploy outstanding configurations in the webpage by:
“Icinga Director” -> Deployments -> click on “Render Config”

Now you need to setup the daemon for director to pickup changes

useradd -r -g icingaweb2 -d /var/lib/icingadirector -s /bin/false icingadirector
install -d -o icingadirector -g icingaweb2 -m 0750 /var/lib/icingadirector
cp /usr/share/icingaweb2/modules/director/contrib/systemd/icinga-director.service /etc/systemd/system/
systemctl daemon-reload
systemctl enable icinga-director
systemctl start icinga-director

Addon: PNP – this is what generates those nice graphs on the icingaweb2 webpage

Unfortunately Centos 8 is so new that the needed packages are not really ready in the repositories – so we will be building from source.

yum install rrdtool gcc perl -y
yum install perl-Net-SNMP rrdtool-perl -y
mkdir /files
cd /files
wget http://sourceforge.net/projects/pnp4nagios/files/PNP-0.6/pnp4nagios-0.6.26.tar.gz/download
mv download pnp4nagios-0.6.26.tar.gz
tar -xvzf pnp4nagios-0.6.26.tar.gz
cd pnp4nagios-0.6.26
./configure --with-nagios-user=icinga --with-nagios-group=icinga --with-rrdtool=/usr/bin/rrdtool --with-perfdata-dir=/var/spool/icinga2/perfdata
make all
make fullinstall
systemctl enable npcd
systemctl start npcd

Because pnp does not have a good sso integration with icingaweb, lets disable it completely in pnp
Replace content of /etc/httpd/conf.d/pnp4nagios.conf with this :

Alias /pnp4nagios "/usr/local/pnp4nagios/share"

<Directory "/usr/local/pnp4nagios/share">
        AllowOverride None
#       Order allow,deny
#       Allow from all
        Require all granted
        #
        # Use the same value as defined in nagios.conf
        #
#       AuthName "Nagios Access"
#       AuthType Basic
#       AuthUserFile /usr/local/nagios/etc/htpasswd.users
#       Require valid-user
        <IfModule mod_rewrite.c>
                # Turn on URL rewriting
                RewriteEngine On
                Options symLinksIfOwnerMatch
                # Installation directory
                RewriteBase /pnp4nagios/
                # Protect application and system files from being viewed
                RewriteRule "^(?:application|modules|system)/" - [F]
                # Allow any files or directories that exist to be displayed directly
                RewriteCond "%{REQUEST_FILENAME}" !-f
                RewriteCond "%{REQUEST_FILENAME}" !-d
                # Rewrite all other URLs to index.php/URL
                RewriteRule "^.*$" "index.php/$0" [PT]
        </IfModule>
</Directory>

Add apache to icinga group for it to read rrd files and restart apache

vi /etc/group (add apache to icinga group so it can read rrd directory)
systemctl restart httpd

Next add the pnp module to icingaweb2 and enable it

cd /usr/share/icingaweb2/modules
git clone https://github.com/Icinga/icingaweb2-module-pnp.git pnp
icingacli module enable pnp
icinga2 feature enable perfdata
mv /usr/local/pnp4nagios/share/install.php /usr/local/pnp4nagios/share/install.php.orig
cd /usr/local/pnp4nagios/etc
mv misccommands.cfg-sample misccommands.cfg
mv nagios.cfg-sample nagios.cfg
shutdown -r now