Icinga 2, Icinga Web 2 and Director Kickstart on CentOS 7

by | Jul 10, 2020

INTRODUCTION

The easiest way to get started with Icinga is a single-node installation. If you are new to the Icinga world, here you have a kickstart for installing Icinga 2, Icinga Web 2 and Icinga Director on CentOS 7. With these steps you will have a ready Icinga environment for monitoring your infrastructure.
Step 1: Now update / upgrade your CentOS Linux
yum update -y && yum upgrade -y

Step 2: Install Icinga repository

yum install -y https://packages.icinga.com/epel/icinga-rpm-release-7-latest.noarch.rpm

Step 3: Install EPEL repository

yum install -y epel-release

Step 4: Let’s install some tools we could need later in our system

yum install -y git curl make gcc wget nano vim net-tools tar unzip zip python-devel python-pip python-setuptools

Step 5: Install Icinga 2, enable and start the Icinga 2 service

yum install -y icinga2
systemctl enable icinga2
systemctl start icinga2
systemctl status icinga2


Step 6: Install plugins-all

yum install -y nagios-plugins-all

Step 7: When you make a change into Icinga files and you want to confirm all is correct before restarting,  you can run the following command

icinga2 daemon -C

Step 8: If you are going to use SELINUX with Icinga 2, you need to install the following packages, and set rules for port 80 and 443

yum install -y icinga2-selinux
Now proceed to apply firewall rules for port 80, as a best practice you should be using https and open 443 as well.
firewall-cmd --add-service=http && firewall-cmd --permanent --add-service=http

Step 9: Let’s configure vim to use Icinga syntax colors

yum install -y vim-icinga2
Now, create the following file vim ~/.vimrc and add the following: syntax on
Now let’s test that syntax colors are working, open the file templates.conf with vim editor: vim /etc/icinga2/conf.d/templates.conf

Step 10: Installing and configuring MySQL as database for our Icinga:

yum install -y mariadb-server mariadb
systemctl enable mariadb
systemctl start mariadb
mysql_secure_installation [ below details of this step...]
Enter current password for root (enter for none): [  Hit enter ]
Set root password? [Y/n] Y
New password: [ Enter new passowrd ]
Re-enter new password: [ Enter again new password ]
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

Now let’s install IDO for MySQL

yum install icinga2-ido-mysql

Login to your MySQL

mysql -u root -p

Create the following databases for Icinga and Icinga Web:

CREATE DATABASE icinga;

Now, configure the permissions for the database created in the step before:

GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE ON icinga.* TO 'icinga'@'localhost' IDENTIFIED BY 'icinga';

Create the database for Icinga Web 2:

CREATE DATABASE icingaweb;

Now, configure permissions:

GRANT ALL PRIVILEGES ON icingaweb.* TO 'icingaweb'@'localhost' IDENTIFIED BY 'icingaweb';

Deploy privileges:

FLUSH PRIVILEGES;

Now, quit from the database:

QUIT


Step 11: Now we need to import the Icinga 2 schema for our MySQL.

mysql -u root -p icinga < /usr/share/icinga2-ido-mysql/schema/mysql.sql


Step 12: Enable the ido-mysql module in Icinga

icinga2 feature enable ido-mysql

Now, restart icinga2 service

systemctl restart icinga2


Step 13: Install Web Server

yum install -y httpd
systemctl enable httpd
systemctl start httpd


Step 14: Configure Icinga 2 REST ApiUser

icinga2 api setup

Now, edit the file vim /etc/icinga2/conf.d/api-users.conf and add the following lines:

object ApiUser "icingaweb2" {
password = "Wijsn8Z9eRs5E25d"
permissions = [ "status/query", "actions/*", "objects/modify/*", "objects/query/*" ]
}

Don’t forget to edit vim /etc/icinga2/features-enabled/ido-mysql.conf according to the configuration needed. Check an example below:

/**
* The IdoMysqlConnection type implements MySQL support
* for DB IDO.
*/
object IdoMysqlConnection "ido-mysql" {
user = "icinga"
password = "icinga"
host = "localhost"
database = "icinga"
}

Now proceed to restart icinga2 service

systemctl restart icinga2


Step 15: Let’s install the SCL re
pository, we’ll need it for Icinga Web 2

yum install -y centos-release-scl


Step 16: Proceed to install Icinga Web and Icinga CLI

yum install -y icingaweb2 icingacli


Step 17: Install SELINUX for Icinga Web 2 in case you could need it

yum install -y icingaweb2-selinux


Step 18: Install PHP FPM and other PHP modules we could need

yum install -y rh-php73-php-mysqlnd rh-php73-php-fpm sclo-php73-php-pecl-imagick rh-php73-php-ldap rh-php73-php-pgsql rh-php73-php-xmlrpc rh-php73-php-intl rh-php73-php-gd rh-php73-php-pdo rh-php73-php-soap rh-php73-php-posix rh-php73-php-cli

Then start and enable the service:

systemctl start rh-php73-php-fpm.service
systemctl enable rh-php73-php-fpm.service
systemctl restart httpd
systemctl restart rh-php73-php-fpm.service

Now, let’s create the token for finishing Icinga Web 2 configuration through web interface:

icingacli setup token create


Step 19: Icinga Web 2 Configuration

Point your browser to :

http://icinga-server/icingaweb2/

1. It will request the generated token, paste it and click on next

2. Monitoring modules is enable by default, you can enable Doc and Translation optionally and then click next

3. Now all PHP Modules should be green, in case you have some in yellow, it is recommended to fix it before moving forward, if all are green, just click next

4. By default we are going to use database authentication

5. Configure the database resource, here we are going to use the credentials we created for icingaweb database. You need to set the parameters localhost, database name, username and password. Before clicking next, you can click on Validate Configuration in order to validate that the credentials are working correctly.

6. Let’s configure the Authentication Backend, this one was defined in the api-users.conf file, just click next.

7. In the administration screen you define the username and password for login to the Icinga Web interface.

8. In the application configuration screen you just need to click next, you can change adjust it according your needs, but the defaults are fine for now.

9. Now you have a resume screen, here just need to click next.

10. Now, you can configure monitoring module for Icinga Web 2, only click next.

11. Monitoring backend will bring the information by default, here only click next

12. Now, let’s configure the monitoring IDO Resource, here we’ll use the credentials we created for the icinga database. Here you need to set the parameters localhost, database name, username and password. Before clicking next, you can click on Validate Configuration in order to validate that the credentials are working correctly.

13. In steps before you defined an api user in the api-user.conf file, now you need to define host, api username and api password. Before clicking next, you can click on Validate Configuration in order to validate that the credentials are working correctly.

14. In the monitoring security screen you only need to click next.

15. Now you have a sucess screen for Icinga Web 2, you only need to click Finish.

16. You should have now a congratulations screen with a Login to Icinga Web available, only click on that button for logging in into Icinga Web 2.

17. Now you have your login, remember to use the credentials defined in step 7

ICINGA DIRECTOR

Step 1: Create database and permission for director

Log in into MariaDB:

mysql -u root -p

Now, let’s create the database and set the user with its permissions:

CREATE DATABASE director CHARACTER SET 'utf8';
GRANT ALL ON director.* TO 'director'@'localhost' IDENTIFIED BY 'director';
FLUSH PRIVILEGES;
QUIT


Step 2: Create a bash file with the following content, give execution permission, this will facilitate to install Icinga Director and its dependencies.

vim director.sh
------- CONTENT OF THE FILE STARTS HERE -----------------------
#!/bin/bash
ICINGAWEB_MODULEPATH="/usr/share/icingaweb2/modules"
REPO_URL="https://github.com/icinga/icingaweb2-module-director"
TARGET_DIR="${ICINGAWEB_MODULEPATH}/director"
MODULE_VERSION="1.7.2"
git clone "${REPO_URL}" "${TARGET_DIR}" --branch v${MODULE_VERSION}
MODULE_NAME=incubator
MODULE_VERSION=v0.5.0
REPO="https://github.com/Icinga/icingaweb2-module-${MODULE_NAME}"
MODULES_PATH="/usr/share/icingaweb2/modules"
git clone ${REPO} "${MODULES_PATH}/${MODULE_NAME}" --branch "${MODULE_VERSION}"
icingacli module enable "${MODULE_NAME}"
MODULE_NAME=ipl
MODULE_VERSION=v0.5.0
REPO="https://github.com/Icinga/icingaweb2-module-${MODULE_NAME}"
MODULES_PATH="/usr/share/icingaweb2/modules"
git clone ${REPO} "${MODULES_PATH}/${MODULE_NAME}" --branch "${MODULE_VERSION}"
icingacli module enable "${MODULE_NAME}"
MODULE_NAME=reactbundle
MODULE_VERSION=v0.7.0
REPO="https://github.com/Icinga/icingaweb2-module-${MODULE_NAME}"
MODULES_PATH="/usr/share/icingaweb2/modules"
git clone ${REPO} "${MODULES_PATH}/${MODULE_NAME}" --branch "${MODULE_VERSION}"
icingacli module enable "${MODULE_NAME}"
------- CONTENT OF THE FILE ENDS HERE -----------------------

Now give permissions:  chmod +x director.sh
Run the script: ./director.sh
Let’s load the schema for the director database:

mysql -u root -p director < /usr/share/icingaweb2/modules/director/schema/mysql.sql

After executing the bash script and load the schema, then proceed to enable the module:

icingacli module enable director

You need now to log in into your Icinga Web, and create a new resource. Go to Configuration -> Application -> Resources. Then click Create New Resource, you need to set Resource Name, Database Name, Username, Password and Character Set. After that click on Validate Configuration, and if everything is OK, then click on Save Changes. During the Kickstart process of Icinga Director you will need to provide the credentials for an ApiUser, you can use the root user defined in api-users.conf.
Now create a file named director-service.sh, give execution permission and execute it

------- CONTENT OF THE FILE STARTS HERE -----------------------
#!/bin/bash
useradd -r -g icingaweb2 -d /var/lib/icingadirector -s /bin/false icingadirector
install -d -o icingadirector -g icingaweb2 -m 0750 /var/lib/icingadirector
MODULE_PATH=/usr/share/icingaweb2/modules/director
cp "${MODULE_PATH}/contrib/systemd/icinga-director.service" /etc/systemd/system/
systemctl daemon-reload
systemctl enable icinga-director.service
systemctl start icinga-director.service
------- CONTENT OF THE FILE ENDS HERE -----------------------

Give execution permissions: chmod +x director-services.sh
Execute the script: ./director-service.sh
Now you will see in the Activity Log in the Icinga Director menu option that there will be orange alerts. When you click there, you will see  in the center of the screen a message Deploy ### pending changes, where ### is a number according to pending changes, just click the link to deploy them.
Now you are ready to take advantage of the benefits of using Director.

You May Also Like…

Icinga 2 API and debug console

Icinga 2 API and debug console

Have you ever experienced configuration issues, such as notifications not being sent as expected or apply rules not...

IPL: How to use ipl-web

IPL: How to use ipl-web

In my ongoing blogpost series about the Icinga PHP library, I am briefly explaining what the individual components of...

Subscribe to our Newsletter

A monthly digest of the latest Icinga news, releases, articles and community topics.