Icinga

From Wildsong
Jump to navigationJump to search

History

2014-Dec-31 I had Icinga2 running from packages for a few months and then a package update broke everything. I removed everything and installed from sources.

Configuration

Unfortunately the computer I have available to run Icinga does not have the juice to run everything. I am trying to keep the PostgreSQL database on a better endowed server. It has more RAM and an SSD but a puny CPU. I wonder how this pans out...

Built from sources

icinga2 

apt-get install bison flex cmake
apt-get install libboost1.49-dev libboost-thread-dev libboost-system-dev libboost-regex-dev libboost-program-options-dev
mkdir build
cd build
cmake ..
make
sudo make install

Nagios monitoring plugins: https://www.monitoring-plugins.org/doc/index.html

Especially important here is check_icmp, I create a hard link check_host. When invoked as check_host, the program does the minimum to see if the host is alive then returns OK. It's very lightweight and fast compared to ping.

icingaweb2 

# Generate the config file for Apache
./bin/icingacli setup config webserver apache --document-root /usr/local/icingaweb2/public > /etc/apache2/conf-available/icingaweb2.conf
cd /etc/apache2/conf-enabled
ln -s ../conf-available/icingaweb2.conf
# Use browser to complete set up
http://helena.cds1.net:8888/icingaweb2/setup
# Generate the required token
cd /etc/icingaweb2
head -c 12 /dev/urandom | base64 | tee /etc/icingaweb2/setup.token; chmod 0660 /etc/icingaweb2/setup.token;

nagvis

Backend

I tried MySQL, but it gets out of sync with the config files after restarts. I think the state file (/usr/local/var/lib/icinga2/icinga2.state) is the problem. Livestatus has to be turned on for Nagvis.

I tried Livestatus, love the idea, but fails in icingaweb2

Now trying postgres 

su postgres
createdb icinga
psql
CREATE USER icinga WITH PASSWORD 'linenopise';
ALTER DATABASE icinga OWNER TO icinga;

# Allow access remotely and tune to use more memory
# and tell it to listen on 5432
cd /etc/postgresql/9.3/main/
emacs pg_hba.conf postgresql.conf
service postgresql restart
# Adjust memory to match settings in postgresql.conf
emacs /etc/sysctl.d/30-postgresql-shm.conf
reboot
cat /proc/sys/kernel/shmmax

# From the host running icinga
psql -U icinga -h vastra2.cds1.net icinga < /usr/local/share/icinga2-ido-pgsql/schema/pgsql.sql
# Set up the database name, username, password
emacs /usr/local/etc/icinga2/features-enabled/ido-pgsql.conf

Nagios plugins

Currently using the package, not sources.

NB You have to mark check_icmp as setuid; like this: chmod 4755 /usr/lib/nagios/plugins/check_icmp

IcingaWeb2

Configuration

The (undocumented) trick here is to use this URL after it's installed: http://helena.cds1.net/icingaweb2/setup.

The requested token can be created directly from the command line; I could not get the fancy icinga cli command to work. (They give you the alternative commands to run in 'setup'.)

There is a setup module that can be re-enabled from the web gui once you have run setup to do it all over again. It wipes out the previous setup.

You want to use the IDO database backend, not livestatus. Using the database gives you background, livestatus just gives you current conditions.

Authentication

I selected "autologin" which means I use the firewall and the apache auth instead of the builtin auth.

Modules

Looks like the only module of real interest right now ships with icingaweb2 -- monitoring. Beyond that we go over to Nagvis.

Previous attempt, using packages

Just leaving this here for now.

Installed on Helena from Debian packages. Simply selecting the metapackage icinga gave me everything I needed.

I'd like to export the config from one of the existing Nagios servers and import it here. https://bigdog.alembic.net/nagios/ Ron sent me the files yesterday. Lots of conversion to do, I fear.

I decided to go to the Icinga 2.0 stable release instead of starting with the Debian Wheezy default which is at 1.7. Using backports, trying to get a recent icinga-web

Had to change the port that postgresql 9.3 was listening on -- apparently they put it on port 5433 to allow 9.1 and 9.3 to run at the same time. 

wget -O - http://debmon.org/debmon/repo.key 2>/dev/null | apt-key add -
echo "deb http://debmon.org/debmon debmon-wheezy main" > /etc/apt/sources.list.d/icinga2.list
apt-get upgrade
apt-get update
apt-get install icinga2 icinga-web

I wonder if I should try the icinga web 2 user interface... last update in Git was 3 minutes ago... methinks not. Learn released version first, update later. 

update-rc.d icinga disable
Retrieved from "https://wiki.wildsong.biz//index.php?title=Icinga&oldid=8723"