Lundebakkevej 5, 4684 Holmegaard

Home of Skau

Install Icinga2, Icingaweb2, director and PNP on ubuntu 20.04

This guide shows how to install Icinga2 monitoring software on Ubuntu 20.04 – this includes backend, frontend, director and pnp4nagios (adding graphs to icinga).

Especially PNP was hard to get working – but if you follow the guide everything is nicely lined up at the end.

Offset: Basic ubuntu 20.04 server with openssh package (used 2 vcpu, 3GB ram and 100GB disk)

My setup:
Hostname: icinga2.skau.dk
IP address: 192.168.112.189

Icinga2 specific decissions:
Icing2 database
DB type mariadb
DB name: icinga2
DB User: icinga2
DB Passwd: icingaPW

icinga2web database:
DB type mariadb
DB name: icinga2_web
DB User: icinga2
DB Passwd: icingaPW

Director database:
DB type mariadb
DB name: icinga2_director
DB User: icinga2
DB Passwd: icingaPW

Let’s start out by disabling the firewall

systemctl stop ufw
systemctl disable ufw

Install and configure mysql

Install mariadb and create user and databases

apt-get install mariadb-server mariadb-client

mysql -u root -p

CREATE USER 'icinga2'@'localhost' IDENTIFIED BY 'icingaPW';
CREATE DATABASE icinga2 CHARACTER SET 'utf8';
CREATE DATABASE icinga2_web CHARACTER SET 'utf8';
CREATE DATABASE icinga2_director CHARACTER SET 'utf8';

GRANT ALL ON *.* to 'icinga2'@'localhost' IDENTIFIED BY 'icingaPW'

quit

Now your databases are ready for the install

Install icinga2 backend

Install all the packages needed using apt (so they will be updated using package manager)

apt-get update
apt-get -y install apt-transport-https wget gnupg

wget -O - https://packages.icinga.com/icinga.key | apt-key add -

. /etc/os-release; if [ ! -z ${UBUNTU_CODENAME+x} ]; then DIST="${UBUNTU_CODENAME}"; else DIST="$(lsb_release -c| awk '{print $2}')"; fi; \
 echo "deb https://packages.icinga.com/ubuntu icinga-${DIST} main" > \
 /etc/apt/sources.list.d/${DIST}-icinga.list
 echo "deb-src https://packages.icinga.com/ubuntu icinga-${DIST} main" >> \
 /etc/apt/sources.list.d/${DIST}-icinga.list

apt-get update

apt-get install icinga2

apt-get install monitoring-plugins

apt-get install icinga2-ido-mysql
(answer yes to install and no to configure)

Setup db connection in /etc/icinga2/features-available/ido-mysql.conf

vi /etc/icinga2/features-available/ido-mysql.conf

/**
 * The db_ido_mysql library implements IDO functionality
 * for MySQL.
 */

library "db_ido_mysql"

object IdoMysqlConnection "ido-mysql" {
  user = "icinga2",
  password = "icingaPW",
  host = "localhost",
  database = "icinga2"
}

Enable icinga2 to use database backend and load database schema

icinga2 feature enable ido-mysql
mysql -uicinga2 -picingaPW icinga2 < /usr/share/icinga2-ido-mysql/schema/mysql.sql
systemctl restart icinga2

Install Icinga2-web (frontend)

apt-get install apache2 php-gd php-json

icinga2 api setup

Now add a user to icinga2 backend by adding to /etc/icinga2/conf.d/api-users.conf, create a user object for icingaweb2 beneath the configured root user

vi /etc/icinga2/conf.d/api-users.conf

object ApiUser "icingaweb2" {
  password = "Wijsn8Z9eRs5E25d"
  permissions = [ "status/query", "actions/*", "objects/modify/*", "objects/query/*" ]
}

Restart incinga2 daemon

systemctl restart icinga2

Install the frontend itself (memorizing the token at the end (which can be displayed using the last command if you forget)

apt-get install icingaweb2 libapache2-mod-php icingacli

icingacli setup token create

icingacli setup token show

Browse to your new installation using IP (http://192.168.112.189/icingaweb2/setup)

  • insert the token click next
  • enable doc and monitoring and click next
  • accept that PDO-Postgress is missing and click next
  • set authentication to database and click next
  • Name your connection, fill in the new incingadb names and remember to set caracter set to utf8 click next
  • accept backend name of icingaweb2 click next
  • setup first webuser (the master admin) – click next
  • accept application config and click next
  • accept the summary and click next
  • Click next to start config
  • Accept default backend definitions, click next
  • Set the connection details for the icinga2 database (remember to specify utf8 as Char set) – click next
  • Command transport is set to Icinga2 API, use the username password generated earlier in the config file (icingaweb2 / Wijsn8Z9eRs5E25d) – click next
  • Accept the default protected variables – click next
  • Accept the backend config and click finish
  • click the “login to Icinga Web 2” button in the upper left corner
  • Log in with the administrative user created in step 8

Adding addons

Adding Director first – this module gives you the power to configure icinga through the webinterface of icinga2-web.

First lets install all modules from git.

git clone "https://github.com/icinga/icingaweb2-module-director" "/usr/share/icingaweb2/modules/director" --branch v1.8.0
cd /usr/share/icingaweb2/modules/director
git checkout "v1.8.0"

git clone "https://github.com/Icinga/icingaweb2-module-ipl" "/usr/share/icingaweb2/modules/ipl" --branch "v0.5.0"
git clone "https://github.com/Icinga/icingaweb2-module-incubator" "/usr/share/icingaweb2/modules/incubator" --branch "v0.6.0"
git clone "https://github.com/Icinga/icingaweb2-module-reactbundle" "/usr/share/icingaweb2/modules/reactbundle" --branch "v0.9.0"

icingacli module enable ipl
icingacli module enable incubator
icingacli module enable reactbundle
icingacli module enable director

Now we need to add another user to /etc/icinga2/conf.d/api-users.conf underneath the icingaweb2 user definition

vi /etc/icinga2/conf.d/api-users.conf

object ApiUser "icingadirector" {
  password = "Wijsn8Z9eRs5E25d"
  permissions = [ "*" ]
}

Now you need to configure your first zone and first endpoint in zones.conf

vi /etc/icinga2/zones.conf

object Endpoint "icinga2.skau.dk" {
  host = "192.168.112.189"
}

object Zone "master" {
 endpoints = [ "icinga2.skau.dk" ]
}

Reboot to ensure all comes up autoatically

shutdown -r now

From the webfrontend create a new database resource pointing to your new director db
http://192.168.112.189/icingaweb2

goto Configuration -> Application -> Resources
create a new database object pointing to your director db – remember to set charset to utf8
goto module config: modules -> Director -> configuration
Select icinga2_director as database backend
click “create database scheme” This will start the kickstart engine

endpoint name: icinga2.skau.dk
icinga host: icinga2.skau.dk
icinga API user: icingadirector
icinga API password: Wijsn8Z9eRs5E25d

click store config

Deploy outstanding configurations in the webpage by:
“Icinga Director” -> Deployments -> click on “Render Config”

Now you need to setup the daemon for director to pickup changes

useradd -r -g icingaweb2 -d /var/lib/icingadirector -s /bin/false icingadirector
install -d -o icingadirector -g icingaweb2 -m 0750 /var/lib/icingadirector
cp /usr/share/icingaweb2/modules/director/contrib/systemd/icinga-director.service /etc/systemd/system/
systemctl daemon-reload
systemctl enable icinga-director
systemctl start icinga-director

Setup PNP and pnp4nagios

This part is the hardest to get right – but the follow receipt worked for me.

install the graphing modules

apt-get install icingaweb2-module-pnp 

apt-get install rrdtool librrd-dev librrds-perl librrdp-perl php-xml php-rrd gcc make

mkdir -p /files/pnp
cd /files/pnp
wget -O pnp4nagios.tar.gz https://github.com/lingej/pnp4nagios/archive/0.6.26.tar.gz
tar xzf pnp4nagios.tar.gz

cd pnp4nagios-0.6.26

./configure --with-nagios-user=nagios --with-nagios-group=nagios --with-rrdtool=/usr/bin/rrdtool --with-perfdata-dir=/var/spool/icinga2/perfdata --with-httpd-conf=/etc/apache2/sites-available

make all
make full-install

Remove login to pnp4nagios (by changing apache conf file (all chages before mod_rewrite section)

vi /etc/apache2/sites-available/pnp4nagios.conf

# SAMPLE CONFIG SNIPPETS FOR APACHE WEB SERVER

Alias /pnp4nagios "/usr/local/pnp4nagios/share"

<Directory "/usr/local/pnp4nagios/share">
        AllowOverride None
#       Order allow,deny
#       Allow from all
        require all granted
        #
        # Use the same value as defined in nagios.conf
        #
#       AuthName "Nagios Access"
#       AuthType Basic
#       AuthUserFile /usr/local/nagios/etc/htpasswd.users
#       Require valid-user
        <IfModule mod_rewrite.c>
                # Turn on URL rewriting
                RewriteEngine On
                Options symLinksIfOwnerMatch
                # Installation directory
                RewriteBase /pnp4nagios/
                # Protect application and system files from being viewed
                RewriteRule "^(?:application|modules|system)/" - [F]
                # Allow any files or directories that exist to be displayed directly
                RewriteCond "%{REQUEST_FILENAME}" !-f
                RewriteCond "%{REQUEST_FILENAME}" !-d
                # Rewrite all other URLs to index.php/URL
                RewriteRule "^.*$" "index.php/$0" [PT]
        </IfModule>
</Directory>

Enable the config and reload apache

a2ensite pnp4nagios.conf
systemctl reload apache2

Add www-data to nagios group so it can read data

vi /etc/group add to the existing nagios line

nagios:x:118:www-data

Hit the pnp4nagios webpage – all should be green : http://192.168.112.189/pnp4nagios

Enable pnp module and start creating perfdata

icingacli module enable pnp
icinga2 feature enable perfdata
systemctl restart icinga2
mv /usr/local/pnp4nagios/share/install.php /usr/local/pnp4nagios/share/install.php.orig
cd /usr/local/pnp4nagios/etc
mv misccommands.cfg-sample misccommands.cfg
mv nagios.cfg-sample nagios.cfg
systemctl enable npcd
systemctl start npcd

Pnp4nagios is build for PHP5, as we are using PHP7 there is 1 deprecated function in Input.php that needs to be bypassed – I’ve done it by encapsulating it in an if statement like this (remember to close out the if at the end with } (so add the first and last line where it’s applicable):

vi /usr/local/pnp4nagios/lib/kohana/system/libraries/drivers/Image.php

 if (version_compare(PHP_VERSION, '5.3.0', '<')) {
                        // magic_quotes_runtime is enabled
                        if (get_magic_quotes_runtime())
                        {
                                set_magic_quotes_runtime(0);
                                Kohana::log('debug', 'Disable magic_quotes_runtime! It is evil and deprecated: http://php.net/magic_quotes');
                        }

                        // magic_quotes_gpc is enabled
                        if (get_magic_quotes_gpc())
                        {
                                $this->magic_quotes_gpc = TRUE;
                                Kohana::log('debug', 'Disable magic_quotes_gpc! It is evil and deprecated: http://php.net/magic_quotes');
                        }
                    }

Then you need to change line 979 in the file: /usr/local/pnp4nagios/share/application/models/data.php

(use :979 to jump to that line)

vi /usr/local/pnp4nagios/share/application/models/data.php

From:
if(sizeof($pages) > 0 ){
To:
if(is_array($pages) && sizeof($pages) > 0 ){

Correct perfdata_spool_dir line in npcd config

vi /usr/local/pnp4nagios/etc/npcd.cfg

perfdata_spool_dir = /var/spool/icinga2/perfdata

restart npcd to pickup changes

systemctl restart npcd

Last go in icinga2 webpage and configure pnp to the correct config dir:

Log into icinga2 and goto configuration -> modules -> pnp -> configuration
set pnp4nagios configuration to: /usr/local/pnp4nagios/etc

At this point I like to reboot to ensure everything works after reboot

Shutdown -r now