Server monitoring with Icinga 2 and Icingaweb 2 on CentOS 7

Icinga 2 is a scalable OpenSource monitoring software. This tutorial describes the installation of Icinga 2 together with Icingaweb on a CentOS 7 server.

1. Requirements

To install such a system you will need the following:

  • A Centos 7 minimal server system. This can be a server installed from scratch as described in the Centos 7.1 minimal server tutorial or a virtual-server or root-server from a hosting company that has a minimal Centos 7 setup installed.
  • A fast Internet connection.

2. Preliminary notes

  • In this tutorial, I use the hostname icinga2.domain.tld with the IP address 192.168.250.100/24 and the gateway 192.168.250.254. These settings might differ for you, so you have to replace them where appropriate.
  • The outputs shown here is just an example and might differ on your system, depending on your base system and the packages already installed.
  • The database server will be maria db and will be installed on the same host.
  • A user administrator exists and is in the sudoers list.
  • We will disable SELinux for this tutorial.

3. Preparation

Login as administrator

login as: administrator
[email protected]'s password:
[[email protected] ~]$

Check network connectivity

we will test if our internet connection is established and name resolution is working:

ping www.google.de -c3

The output will be like:

[[email protected] ~]$ ping www.google.de -c3
PING www.google.de (172.217.20.67) 56(84) bytes of data.
64 bytes from fra02s27-in-f3.1e100.net (172.217.20.67): icmp_seq=1 ttl=57 time=19.2 ms
64 bytes from fra02s27-in-f3.1e100.net (172.217.20.67): icmp_seq=2 ttl=57 time=19.3 ms
64 bytes from fra02s27-in-f3.1e100.net (172.217.20.67): icmp_seq=3 ttl=57 time=19.6 ms

--- www.google.de ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 19.276/19.430/19.649/0.195 ms
[[email protected] ~]$

Change to root

Now we will make ourself root. To do so enter:

sudo su

The output will be like:

[[email protected] ~]$ sudo su

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

         #1) Respect the privacy of others.
         #2) Think before you type.
         #3) With great power comes great responsibility.

[sudo] password for administrator:
[[email protected] administrator]#

Install preliminary software

We will now install some preliminary software:

  • deltarpm will lower the amount to be downloaded, by checking if there is just a differential file, instead of the whole package
  • nano is a text-editor
  • wget is needed to download files from URLs
  • net-tools is needed for certain checks on network-processes
  • gcc is the GNU Compiler

yum -y install deltarpm

The output will be like:

Loaded plugins: fastestmirror
base                                                                             | 3.6 kB  00:00:00
extras                                                                           | 3.4 kB  00:00:00
updates                                                                          | 3.4 kB  00:00:00
(1/4): extras/7/x86_64/primary_db
...
...
Total download size: 82 k
Installed size: 209 k
Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/deltarpm-3.6-3.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for deltarpm-3.6-3.el7.x86_64.rpm is not installed
deltarpm-3.6-3.el7.x86_64.rpm                                                    |  82 kB  00:00:00
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
 Userid     : "CentOS-7 Key (CentOS 7 Official Signing Key) <[email protected]>"
 Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
 Package    : centos-release-7-2.1511.el7.centos.2.10.x86_64 (@anaconda)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : deltarpm-3.6-3.el7.x86_64                                                            1/1
  Verifying  : deltarpm-3.6-3.el7.x86_64                                                            1/1

Installed:
  deltarpm.x86_64 0:3.6-3.el7

Complete!

yum -y install nano wget net-tools gcc

The output will be like:

Loaded plugins: fastestmirror
base                                                                             | 3.6 kB  00:00:00
extras                                                                           | 3.4 kB  00:00:00
updates                                                                          | 3.4 kB  00:00:00
(1/4): extras/7/x86_64/primary_db
...
...
Installed:
  gcc.x86_64 0:4.8.5-4.el7      nano.x86_64 0:2.3.1-10.el7 net-tools.x86_64 0:2.0-0.17.20131004git.el7
  wget.x86_64 0:1.14-10.el7_0.1

Dependency Installed:
  cpp.x86_64 0:4.8.5-4.el7                         glibc-devel.x86_64 0:2.17-106.el7_2.4
  glibc-headers.x86_64 0:2.17-106.el7_2.4          kernel-headers.x86_64 0:3.10.0-327.13.1.el7
  libmpc.x86_64 0:1.0.1-3.el7                      mpfr.x86_64 0:3.1.1-4.el7

Dependency Updated:
  glibc.x86_64 0:2.17-106.el7_2.4                 glibc-common.x86_64 0:2.17-106.el7_2.4

Complete!

Disable SELinux

edit the /etc/selinux/config

nano /etc/selinux/config

Find

SELINUX=enforcing

change it to

SELINUX=disabled

Save the file

Update system and reboot

Now we will update the system.

yum -y update && yum -y upgrade

This may take some time. After that reboot.

reboot

4. Install icinga2 and additional Software

Install additional repositories

After the system has restarted login as administrator and make yourself root again.

Change directory to /tmp

cd /tmp

Install epel repository

yum install -y epel-release

Install icinga repository

rpm --import http://packages.icinga.org/icinga.key
wget http://packages.icinga.org/epel/ICINGA-release.repo -O /etc/yum.repos.d/ICINGA-release.repo

Rebuild yum cache (May take some time)

yum makecache

Install icinga2, icinga2 mysql connector and nagios plugins

yum install -y nagios-plugins-all icinga2 icinga2-ido-mysql icinga-idoutils-libdbi-mysql

Installing Apache, php and preparing php.ini

yum install -y httpd

yum install -y php-cli php-pear php-xmlrpc php-xsl php-pdo php-soap php-gd php-ldap

Edit php.ini

Find

; Defines the default timezone used by the date functions
; http://php.net/date.timezone
;date.timezone =

change it to

; Defines the default timezone used by the date functions
; http://php.net/date.timezone
date.timezone = "Europe/Berlin"

Save the file

Enable Apache at startup

systemctl enable httpd

[[email protected] tmp]# systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.

systemctl start httpd

Check if Apache is running

netstat -nlp | grep 80

[[email protected] tmp]# netstat -nlp | grep 80
tcp6       0      0 :::80                   :::*                    LISTEN      10360/httpd

Installing and configuring mariadb

yum install -y mariadb-server

systemctl start mariadb

systemctl enable mariadb

Output:

[[email protected] tmp]# systemctl enable mariadb
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.

Check if mariadb is running

netstat -nlp | grep 3306

Output:

[[email protected] tmp]# netstat -nlp | grep 3306
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      11623/mysqld

Set Password for user 'root'

mysql -u root

Output:

[[email protected] tmp]# mysql -u root
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 5.5.47-MariaDB MariaDB Server

Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>

[MariaDB [(none)]> use mysql

Output:

[MariaDB [(none)]> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
MariaDB [mysql]>

[MariaDB [(mysql)]> update user set password=PASSWORD("root_password") where User='root';

Output:

update user set password=PASSWORD("root_password") where User='root';
Query OK, 4 rows affected (0.00 sec)
Rows matched: 4  Changed: 4  Warnings: 0

[MariaDB [(mysql)]> flush privileges;

Output:

MariaDB [mysql]> flush privileges;
Query OK, 0 rows affected (0.00 sec0

[MariaDB [(mysql)]> exit;

Output:

MariaDB [mysql]> exit;
Bye

Restart MariaDB

systemctl restart mariadb

Create and populate database for icinga2

Logon to MySQL with password for root.

mysql -u root -p

Output:

[[email protected] tmp]# [[email protected] tmp]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 7
Server version: 5.5.47-MariaDB MariaDB Server

Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>

[MariaDB [(none)]>CREATE DATABASE icinga2;

Output:

MariaDB [(none)]> CREATE DATABASE icinga2;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]>

[MariaDB [(none)]>GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE ON icinga2.* TO 'icinga2'@'localhost' IDENTIFIED BY 'icinga2_password';

Output:

MariaDB [(none)]> GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE ON icinga2.* TO 'icinga2'@'localhost' IDENTIFIED BY 'icinga2_password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]>

[MariaDB [(none)]>flush privileges;;

Output:

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]>

[MariaDB [(none)]> exit;

Output:

MariaDB [none]> exit;
Bye

Populate database

mysql -u root -p icinga2 < /usr/share/icinga2-ido-mysql/schema/mysql.sql

Modify ido-mysql.conf

In order to make icinga2 connect to our mariadb Database we have to modify /etc/icinga2/ido-mysql.conf

nano /etc/icinga2/features-available/ido-mysql.conf

Find

/**
 * The db_ido_mysql library implements IDO functionality
 * for MySQL.
 */

library "db_ido_mysql"

object IdoMysqlConnection "ido-mysql" {
  //user = "icinga"
  //password = "icinga"
  //host = "localhost"
  //database = "icinga"
}

change it to

/**
 * The db_ido_mysql library implements IDO functionality
 * for MySQL.
 */

library "db_ido_mysql"

object IdoMysqlConnection "ido-mysql" {
  user = "icinga2"
  password = "icinga2_password"
  host = "localhost"
  database = "icinga2"
}

Enable and start icinga2 at startup

enable icinga2 at startup

systemctl enable icinga2

Output:

[[email protected] tmp]# systemctl enable icinga2
Created symlink from /etc/systemd/system/multi-user.target.wants/icinga2.service to /usr/lib/systemd/system/icinga2.service.

Start icinga2

systemctl start icinga2

In order to check if everything is working we will do tail -f /var/log/icinga2/icinga2.log. You can stop the output by hitting CTRL-C.

tail -f /var/log/icinga2/icinga2.log

The output should be something like this

[[email protected] tmp]# tail -f /var/log/icinga2/icinga2.log
[2016-05-10 23:21:50 +0200] information/DbConnection: Resuming IDO connection: ido-mysql
[2016-05-10 23:21:50 +0200] information/ConfigItem: Activated all objects.
[2016-05-10 23:21:50 +0200] information/ConfigCompiler: Compiling config file: /var/lib/icinga2/modified-attributes.conf
[2016-05-10 23:21:50 +0200] information/IdoMysqlConnection: MySQL IDO instance id: 1 (schema version: '1.14.0')
[2016-05-10 23:21:50 +0200] information/IdoMysqlConnection: Finished reconnecting to MySQL IDO database in 0.201981 second(s).

Make icinga2 start at boot:

systemctl enable icinga2

Output:

[[email protected] tmp]# systemctl enable icinga2
Created symlink from /etc/systemd/system/multi-user.target.wants/icinga2.service to /usr/lib/systemd/system/icinga2.service.

Enable icinga2 command module:

icinga2 feature enable command

Output:

[[email protected] tmp]# icinga2 feature enable command
Enabling feature command. Make sure to restart Icinga 2 for these changes to take effect.

Restart icinga2

systemctl restart icinga2

Share this page:

4 Comment(s)

Add comment

Comments

From: Julio Cesar

Muy buen Manual Todo funciona a la perfeccion;  por si el pto 80 no le abre en el navegador en centos 7, por linea de comandos agregamos esto:

#firewall-cmd --zone=public --add-port=80/tcp --permanent#firewall-cmd --reload

From: boris Jdanov

Bonjour svp j'aimera savoir comment on

- synchronise Icinga2 avec Active Directory

- comment installer Nagvis à partir d'icinga 2

 

merci d'avance

From: Trigger

Thanks a lot for this manual!

You saved me a lot of time :) !

From: Krzysztof Kurowski

Vi, Wery usefull tutorial! You forgot to set/open http in firewall...   firewall-cmd --permanent --zone=public --add-service=http firewall-cmd --permanent --zone=public --add-service=https firewall-cmd --reload   Best Regards Krzysztof