Installing Icinga web 2 on CentOS7 / RHEL 7

Installing Icinga web 2 on CentOS7 / RHEL 7

In this post we are going to see the installation of Icinga web 2, a web interface for Icinga 2 where we can monitor our whole infrastructure in single place.

Icinga is an open-source computer system and network monitoring application. It was originally created as a fork of the Nagios system monitoring application in 2009

Prerequisites

1. A web server, e.g., Apache or Nginx
2. PHP 5.6.0 and above with cURL, gettext, intl, mbstring, OpenSSL, and XML support.
3. PHP LDAP library when using LDAP or Active Directory authentication.
4. PHP libraries for MySQL or PostgreSQL

Installing PHP and PHP Extensions

Icinga Web 2 requires PHP 5.6 and above. The PHP version you need for Icinga web 2 is higher than what is available on CentOS / Redhat base repositories. So, you would need to enable SCL repository and rhel-server-rhscl-7-rpms repository on CentOS and RHEL respectively.

yum install -y centos-release-scl

yum -y install rh-php71-php-json rh-php71-php-pgsql rh-php71-php-xml rh-php71-php-intl rh-php71-php-common rh-php71-php-pdo rh-php71-php-mysqlnd rh-php71-php-cli rh-php71-php-mbstring rh-php71-php-fpm rh-php71-php-gd rh-php71-php-zip rh-php71-php-ldap rh-php71-php-imagick

You need to configure the time zone in the php.ini file.

nano/etc/opt/rh/rh-php71/php.ini

Update the time zone as below syntax.

date.timezone = Asia/Kolkata

Restart the PHP-FPM service.

systemctl restart rh-php71-php-fpm

Now, enable PHP-FPM service to start automatically at system boot.

systemctl enable rh-php71-php-fpm

Adding Icinga 2 Repository

Add Icinga 2 repository on your system in case if you don’t have the setup file already.

rpm --import https://packages.icinga.com/icinga.key
yum install https://packages.icinga.com/epel/icinga-rpm-release-7-latest.noarch.rpm

Installing Icinga Web 2

Use the yum command on CentOS/RHEL to install the Icinga Web 2 package along with Icinga CLI and Apache web server.

yum -y install icingaweb2 icingacli httpd

Enable the Apache service to start automatically at the system startup.

systemctl enable httpd

SELinux

If you are running Icinga Web 2 with SELinux enabled, then consider installing the below package to set policy for Icinga Web 2.

yum -y install icingaweb2-selinux

Firewall

Allow HTTP traffic to access Icinga Web 2 from external machines with

firewall-cmd --permanent --add-service=http
firewall-cmd --reload

Preparing Icinga Web 2 Setup

Icinga CLI is used for performing administration tasks in the command line. Both Icinga Web 2 and CLI must have access to logs and configurations. Add web server user (apache) to the system group (icingaweb2)

groupadd -r icingaweb2
usermod -a -G icingaweb2 apache

Create the Icinga Web 2 configuration directory.

icingacli setup config directory --group icingaweb2

Restart both Apache and PHP-FPM services.

systemctl restart httpd
systemctl restart rh-php71-php-fpm

Icinga Web 2 Setup Wizard

While visiting Icinga Web 2 for the first time, Icinga web setup wizard will guide you through all the steps for the successful installation of Icinga Web 2.

http://your-server_ip_address/icingaweb2/setup

For security reason, you would need to generate the token for the Icinga Web 2 installation.

Generate the token using the following command.

icingacli setup token create

Output:

The newly generated setup token is: 05b5b295ed4add63

Copy and paste the generated token on the setup page and click Next.

In the next screen, you can choose to enable the modules that were installed during the Icinga 2 installation. Click Next.

The following page shows the information about the system, time zone, and PHP extensions.

If there are any warnings or error for other PHP extensions, then install the required extensions and then click the Refresh button.

Otherwise, click Next to continue.

In the next page, you need to tell how you want to authenticate when accessing Icinga Web 2. Icinga Web 2 supports Active Directory, LDAP, and Local as an authentication mechanism.

Here, we will create a local Icinga Web 2 user account. So, select the authentication type as Database and click Next.

Log in to MySQL server.

To install mysql refer : How to Install MySQL 8.0 on CentOS 7

CREATE DATABASE icingawebdb;
create user 'icingaweb'@'localhost' identified by 'Icinga$123';
GRANT ALL PRIVILEGES ON icingawebdb.* TO 'icingaweb'@'localhost';

Set the authentication backend name and then click Next.

Now, enter the admin user details on the next screen. Keep a note of this account information as you would need this for accessing Icinga Web 2.

Now, Select where to save the application and logging configurations. Click Next.

Now, we cab review the settings on the next screen.

Click, Next to continue.

Click Next on the configuration of the monitoring module for Icinga Web 2.

Configure monitoring back end this tells how Icinga Web 2 retrieve the monitoring information. Here, we use IDO.

Now create, the IDO database in the server.

create database icingaido;
create user 'idouser'@'localhost' identified by 'Icinga$123';
GRANT ALL PRIVILEGES ON icingaido.* TO 'idouser'@'localhost';
FLUSH PRIVILEGES;

Install IDO modules for MySQL

yum -y install icinga2-ido-mysql

After creating the database and installing IDO modules , import the Icinga 2 IDO schema using the command.

mysql -u root -p icingaido < /usr/share/icinga2-ido-mysql/schema/mysql.sql

Now, new configuration file ido-mysql.conf has been created at /etc/icinga2/features-available

Edit  and save the configuration file as below.

object IdoMysqlConnection "mysql-ido" {
host = "localhost"
port = 3306
user = "idouser"
password = "Icinga$123"
database = "icingaido"

cleanup = {
downtimehistory_age = 48h
contactnotifications_age = 31d
}
}

If you are getting the below warning in the browser

• There is currently no icinga instance writing to the IDO. Make sure that a icinga instance is configured and able to write to the IDO.

Install Nagios Plugins

yum install nagios-plugins-all

Install Icinga 2

yum -y install icinga2

systemctl start icinga2

systemctl enable icinga2

Install icinga and start  and To set Icinga 2 service to start automatically on system startup, run.

Enable IDO MySQL Module

icinga2 feature list

Output

Disabled features: api command compatlog debuglog elasticsearch gelf graphite influxdb livestatus opentsdb perfdata statusdata syslog
Enabled features: checker ido-mysql mainlog notification

Now, run the below command

icinga2 feature enable ido-mysql

Output

Enabling feature ido-mysql. Make sure to restart Icinga 2 for these changes to take effect.

icinga2 feature enable command

systemctl restart icinga2

systemctl status icinga2

Make sure the icinga2 service is running.

Now, Validate the settings

Setup Command Transport

This page shows how we want to send commands to your monitoring instance.

Icinga Web 2 supports Local Command File, Remote Command File, and Icinga 2 API as a Command Transport. You can define multiple command modes of transport in Icinga Web 2.

For this article(demo), we will configure Icinga Web 2 with single command transport. Choose either one of the below command transport.

Transport type:

1. Local Command File
2. Icinga 2 API (Recommended)
3. Remote Command File

Local Command File

Icinga 2 API

Run the below command to setup Icinga 2 API.

icinga2 api setup

Output:

[root@server ~]# icinga2 api setup
information/cli: Generating new CA.
information/base: Writing private key to '/var/lib/icinga2/ca//ca.key'.
information/base: Writing X509 certificate to '/var/lib/icinga2/ca//ca.crt'.
information/cli: Generating new CSR in '/var/lib/icinga2/certs//server.webhostchennai.co.in.csr'.
information/base: Writing private key to '/var/lib/icinga2/certs//server.webhostchennai.co.in.key'.
information/base: Writing certificate signing request to '/var/lib/icinga2/certs//server.webhostchennai.co.in.csr'.
information/cli: Signing CSR with CA and writing certificate to '/var/lib/icinga2/certs//server.webhostchennai.co.in.crt'.
information/pki: Writing certificate to file '/var/lib/icinga2/certs//server.webhostchennai.co.in.crt'.
information/cli: Copying CA certificate to '/var/lib/icinga2/certs//ca.crt'.
information/cli: Adding new ApiUser 'root' in '/etc/icinga2/conf.d/api-users.conf'.
information/cli: Enabling the 'api' feature.
Enabling feature api. Make sure to restart Icinga 2 for these changes to take effect.
information/cli: Updating 'NodeName' constant in '/etc/icinga2/constants.conf'.
information/cli: Created backup file '/etc/icinga2/constants.conf.orig'.
information/cli: Updating 'ZoneName' constant in '/etc/icinga2/constants.conf'.
information/cli: Backup file '/etc/icinga2/constants.conf.orig' already exists. Skipping backup.
Done.

Now restart your Icinga 2 daemon to finish the installation!

Get the API user details from /etc/icinga2/conf.d/api-users.conf file.

cat /etc/icinga2/conf.d/api-users.conf

Output:

[root@server ~]# cat /etc/icinga2/conf.d/api-users.conf
/**
* The ApiUser objects are used for authentication against the API.
*/
object ApiUser "root" {
password = "a27fe418517e6586"
// client_cn = ""

permissions = [ "*" ]
}
[root@server ~]#

Now, restart the Icinga 2 service..

systemctl restart icinga2

Firewall

firewall-cmd --permanent --add-port=5665/tcp
firewall-cmd --reload

Use the above username and password on the below command transport page.

Enter the variables information to protect from bad ones.

Now, Review your monitoring configurations and Click Finish

If you see the below page, Icinga Web 2 has been successfully set up.

Click on Login to Icinga Web 2.

Login to Icinga Web 2 using the admin account which we created earlier.

You should get the Icinga Web 2 dashboard like below.

 

Hope this article, helps your needs kindly share your valuable feedback to improve us.