Installing Icinga web 2 on CentOS7 / RHEL 7
Installing Icinga web 2 on CentOS7 / RHEL 7
In this post we are going to see the installation of Icinga web 2, a web interface for Icinga 2 where we can monitor our whole infrastructure in single place.
Icinga is an open-source computer system and network monitoring application. It was originally created as a fork of the Nagios system monitoring application in 2009
Prerequisites
- A web server, e.g., Apache or Nginx
- PHP 5.6.0 and above with cURL, gettext, intl, mbstring, OpenSSL, and XML support.
- PHP LDAP library when using LDAP or Active Directory authentication.
- PHP libraries for MySQL or PostgreSQL
Installing PHP and PHP Extensions
Icinga Web 2 requires PHP 5.6 and above. The PHP version you need for Icinga web 2 is higher than what is available on CentOS / Redhat base repositories. So, you would need to enable SCL repository and rhel-server-rhscl-7-rpms repository on CentOS and RHEL respectively.
yum install -y centos-release-scl
yum -y install rh-php71-php-json rh-php71-php-pgsql rh-php71-php-xml rh-php71-php-intl rh-php71-php-common rh-php71-php-pdo rh-php71-php-mysqlnd rh-php71-php-cli rh-php71-php-mbstring rh-php71-php-fpm rh-php71-php-gd rh-php71-php-zip rh-php71-php-ldap rh-php71-php-imagick
You need to configure the time zone in the php.ini file.
nano/etc/opt/rh/rh-php71/php.ini
Update the time zone as below syntax.
date.timezone = Asia/Kolkata
Restart the PHP-FPM service.
systemctl restart rh-php71-php-fpm
Now, enable PHP-FPM service to start automatically at system boot.
systemctl enable rh-php71-php-fpm
Adding Icinga 2 Repository
Add Icinga 2 repository on your system in case if you don’t have the setup file already.
rpm --import https://packages.icinga.com/icinga.key yum install https://packages.icinga.com/epel/icinga-rpm-release-7-latest.noarch.rpm
Installing Icinga Web 2
Use the yum command on CentOS/RHEL to install the Icinga Web 2 package along with Icinga CLI and Apache web server.
yum -y install icingaweb2 icingacli httpd
Enable the Apache service to start automatically at the system startup.
systemctl enable httpd
SELinux
If you are running Icinga Web 2 with SELinux enabled, then consider installing the below package to set policy for Icinga Web 2.
yum -y install icingaweb2-selinux
Firewall
Allow HTTP traffic to access Icinga Web 2 from external machines with
firewall-cmd --permanent --add-service=http firewall-cmd --reload
Preparing Icinga Web 2 Setup
Icinga CLI is used for performing administration tasks in the command line. Both Icinga Web 2 and CLI must have access to logs and configurations. Add web server user (apache) to the system group (icingaweb2)
groupadd -r icingaweb2 usermod -a -G icingaweb2 apache
Create the Icinga Web 2 configuration directory.
icingacli setup config directory --group icingaweb2
Restart both Apache and PHP-FPM services.
systemctl restart httpd systemctl restart rh-php71-php-fpm
Icinga Web 2 Setup Wizard
While visiting Icinga Web 2 for the first time, Icinga web setup wizard will guide you through all the steps for the successful installation of Icinga Web 2.
http://your-server_ip_address/icingaweb2/setup
For security reason, you would need to generate the token for the Icinga Web 2 installation.
Generate the token using the following command.
icingacli setup token create
Output:
The newly generated setup token is: 05b5b295ed4add63
Copy and paste the generated token on the setup page and click Next.
In the next screen, you can choose to enable the modules that were installed during the Icinga 2 installation. Click Next.
The following page shows the information about the system, time zone, and PHP extensions.
If there are any warnings or error for other PHP extensions, then install the required extensions and then click the Refresh button.
Otherwise, click Next to continue.
In the next page, you need to tell how you want to authenticate when accessing Icinga Web 2. Icinga Web 2 supports Active Directory, LDAP, and Local as an authentication mechanism.
Here, we will create a local Icinga Web 2 user account. So, select the authentication type as Database and click Next.
Log in to MySQL server.
To install mysql refer : How to Install MySQL 8.0 on CentOS 7
CREATE DATABASE icingawebdb; create user 'icingaweb'@'localhost' identified by 'Icinga$123'; GRANT ALL PRIVILEGES ON icingawebdb.* TO 'icingaweb'@'localhost';
Set the authentication backend name and then click Next.
Now, enter the admin user details on the next screen. Keep a note of this account information as you would need this for accessing Icinga Web 2.
Now, Select where to save the application and logging configurations. Click Next.
Now, we cab review the settings on the next screen.
Click, Next to continue.
Click Next on the configuration of the monitoring module for Icinga Web 2.
Configure monitoring back end this tells how Icinga Web 2 retrieve the monitoring information. Here, we use IDO.
Now create, the IDO database in the server.
create database icingaido; create user 'idouser'@'localhost' identified by 'Icinga$123'; GRANT ALL PRIVILEGES ON icingaido.* TO 'idouser'@'localhost'; FLUSH PRIVILEGES;
Install IDO modules for MySQL
yum -y install icinga2-ido-mysql
After creating the database and installing IDO modules , import the Icinga 2 IDO schema using the command.
mysql -u root -p icingaido < /usr/share/icinga2-ido-mysql/schema/mysql.sql
Now, new configuration file ido-mysql.conf has been created at /etc/icinga2/features-available
Edit and save the configuration file as below.
object IdoMysqlConnection "mysql-ido" {
host = "localhost"
port = 3306
user = "idouser"
password = "Icinga$123"
database = "icingaido"
cleanup = {
downtimehistory_age = 48h
contactnotifications_age = 31d
}
}
If you are getting the below warning in the browser
- There is currently no icinga instance writing to the IDO. Make sure that a icinga instance is configured and able to write to the IDO.
Install Nagios Plugins
yum install nagios-plugins-all
Install Icinga 2
yum -y install icinga2
systemctl start icinga2
systemctl enable icinga2
Install icinga and start and To set Icinga 2 service to start automatically on system startup, run.
Enable IDO MySQL Module
icinga2 feature list
Output
Disabled features: api command compatlog debuglog elasticsearch gelf graphite influxdb livestatus opentsdb perfdata statusdata syslog Enabled features: checker ido-mysql mainlog notification
Now, run the below command
icinga2 feature enable ido-mysql
Output
Enabling feature ido-mysql. Make sure to restart Icinga 2 for these changes to take effect.
icinga2 feature enable command
systemctl restart icinga2
systemctl status icinga2
Make sure the icinga2 service is running.
Now, Validate the settings
Setup Command Transport
This page shows how we want to send commands to your monitoring instance.
Icinga Web 2 supports Local Command File, Remote Command File, and Icinga 2 API as a Command Transport. You can define multiple command modes of transport in Icinga Web 2.
For this article(demo), we will configure Icinga Web 2 with single command transport. Choose either one of the below command transport.
Transport type:
- Local Command File
- Icinga 2 API (Recommended)
- Remote Command File
Local Command File
Icinga 2 API
Run the below command to setup Icinga 2 API.
icinga2 api setup
Output:
[root@server ~]# icinga2 api setup information/cli: Generating new CA. information/base: Writing private key to '/var/lib/icinga2/ca//ca.key'. information/base: Writing X509 certificate to '/var/lib/icinga2/ca//ca.crt'. information/cli: Generating new CSR in '/var/lib/icinga2/certs//server.webhostchennai.co.in.csr'. information/base: Writing private key to '/var/lib/icinga2/certs//server.webhostchennai.co.in.key'. information/base: Writing certificate signing request to '/var/lib/icinga2/certs//server.webhostchennai.co.in.csr'. information/cli: Signing CSR with CA and writing certificate to '/var/lib/icinga2/certs//server.webhostchennai.co.in.crt'. information/pki: Writing certificate to file '/var/lib/icinga2/certs//server.webhostchennai.co.in.crt'. information/cli: Copying CA certificate to '/var/lib/icinga2/certs//ca.crt'. information/cli: Adding new ApiUser 'root' in '/etc/icinga2/conf.d/api-users.conf'. information/cli: Enabling the 'api' feature. Enabling feature api. Make sure to restart Icinga 2 for these changes to take effect. information/cli: Updating 'NodeName' constant in '/etc/icinga2/constants.conf'. information/cli: Created backup file '/etc/icinga2/constants.conf.orig'. information/cli: Updating 'ZoneName' constant in '/etc/icinga2/constants.conf'. information/cli: Backup file '/etc/icinga2/constants.conf.orig' already exists. Skipping backup. Done. Now restart your Icinga 2 daemon to finish the installation!
Get the API user details from /etc/icinga2/conf.d/api-users.conf file.
cat /etc/icinga2/conf.d/api-users.conf
Output:
[root@server ~]# cat /etc/icinga2/conf.d/api-users.conf
/**
* The ApiUser objects are used for authentication against the API.
*/
object ApiUser "root" {
password = "a27fe418517e6586"
// client_cn = ""
permissions = [ "*" ]
}
[root@server ~]#
Now, restart the Icinga 2 service..
systemctl restart icinga2
Firewall
firewall-cmd --permanent --add-port=5665/tcp firewall-cmd --reload
Use the above username and password on the below command transport page.
Enter the variables information to protect from bad ones.
Now, Review your monitoring configurations and Click Finish
If you see the below page, Icinga Web 2 has been successfully set up.
Click on Login to Icinga Web 2.
Login to Icinga Web 2 using the admin account which we created earlier.
You should get the Icinga Web 2 dashboard like below.
Hope this article, helps your needs kindly share your valuable feedback to improve us.
