Configuration¶
Database¶
If not already done during the installation of Icinga DB Web, setup the Icinga DB database backend now.
Create a new Icinga Web 2 resource
for Icinga DB’s database
using the Configuration -> Application -> Resources
menu.
Then tell Icinga DB Web which database resource to use. This can be done in
Configuration -> Modules -> icingadb -> Database
.
Redis¶
To view the most recent state information in Icinga DB Web, make sure to configure the connection details to
Icinga DB’s redis
at Configuration -> Modules -> icingadb -> Redis
.
Secondary Master¶
If you are running a high availability zone with two masters, you can provide the Redis connection details of the secondary master as well. Icinga DB Web will then use that in case the primary one isn’t available.
Using TLS¶
If you have setup Redis to only accept encrypted connections, you will need to tell Icinga DB Web the CA certificate being used for it. This will apply to both connections, the primary and secondary one.
Authentication¶
It is also possible to authenticate requests over TLS. For this, tell Icinga DB Web which client certificate and private key to use.
Manual Configuration¶
The configuration is stored in two different configuration files.
The TLS configuration is stored in Icinga DB Web’s main configuration. It is located at
/etc/icingaweb2/modules/icingadb/config.ini
by default. In it, the section redis
contains the relevant directives.
The connection configuration is stored in /etc/icingaweb2/modules/icingadb/redis.ini
. In it, there may be two
sections with the relevant directives: redis1
and redis2
Example¶
config.ini
[redis]
tls = "1"
insecure = "0"
ca = "/var/lib/icingaweb2/modules/icingadb/redis/d37c36724cbf43f204ace4caa5b1b919-ca.pem"
cert = "/var/lib/icingaweb2/modules/icingadb/redis/d5d43b3a1a77227d8c0ee12adc04483c-cert.pem"
key = "/var/lib/icingaweb2/modules/icingadb/redis/f27abcbe23546134a8515283f1987e15-key.pem"
redis.ini
[redis1]
host = "redis-one"
port = "6380"
[redis2]
host = "redis-two"
port = "6380"
Command Transports¶
Command transports are used to perform actions on the Icinga master such as acknowledgements and scheduling downtimes. (amongst others)
These can be configured in Configuration -> Modules -> icingadb -> Command Transports
.
Icinga 2 Preparations¶
If not already done, set up Icinga 2’s api. Icinga DB Web requires access to this api, so make sure to create a user with appropriate permissions and ensure it is reachable by the web server.
Required Permissions¶
- actions/*
- objects/query/*
- objects/modify/*
Multiple Transports¶
You can define multiple command transports. Icinga DB Web will try one transport after another to send a command until it is successfully sent.
Manual Configuration¶
The configuration is stored in an INI-file located at /etc/icingaweb2/modules/icingadb/commandtransports.ini
by
default. In it, every transport starts with a section header containing its name followed by its config directives.
The section order also defines which transport is used first over another by Icinga DB Web.
Example¶
[icinga2]
transport = "api"
host = "127.0.0.1" ; Icinga 2 host
port = "5665"
username = "icingaweb2"
password = "bea11beb7b810ea9ce6ea" ; Change this!
Security¶
Setting up permissions and restrictions is covered in its own chapter.