Introduction
Icinga2 is an open source suite for monitoring your network, hosts, and services. Icinga can easily monitor a large number of hosts across multiple locations. It displays the issues with hosts or services in a unified view and notifies during outages.
Icinga Web 2 is a web-based application which is used along with Icinga2 to monitor the resources interactively using a web browser.
In this tutorial, we will install Icinga2 with IDO MySQL. We will also enable Icinga2 API which will be used by Icinga Web 2 to talk to Icinga2. We will secure Icinga Web 2 using Let’s Encrypt SSL.
Prerequisites
- Cloud VPS or Dedicated Server with at least 1GB RAM and Ubuntu 18.04 installed.
- You must be logged in via SSH as sudo or root user. This tutorial assumes that you are logged in as a sudo user.
- A domain name pointed towards your Snel server to generate Let’s Encrypt certificate.
Step 1: Update the System
Update the system with the latest packages and security patches using these commands.
sudo apt update sudo apt upgrade -y
After upgrade, make sure to reboot the system using the command sudo reboot
.
Step 2: Install Icinga2
Install required packages for transporting installer packages over HTTPS.
sudo apt-get -y install apt-transport-https wget gnupg
Trust the GPG key for Icinga repository by running the command.
wget -O - https://packages.icinga.com/icinga.key | sudo apt-key add -
Create the repository file into the system for installing packages from the Icinga repository.
echo "deb https://packages.icinga.com/ubuntu icinga-bionic main" | sudo tee /etc/apt/sources.list.d/icinga.list echo "deb-src https://packages.icinga.com/ubuntu icinga-bionic main" | sudo tee -a /etc/apt/sources.list.d/icinga.list
Update the repository cache.
sudo apt-get update
Install Icinga2 along with Monitoring Plugins. Monitoring plugins is an extensive set of plugins which can be used with Icinga to monitor external services. It consists of more than 50 command line tools for specific types of check such as system monitoring, network monitoring, etc.
sudo apt -y install icinga2 monitoring-plugins
Start and enable Icinga by running the commands.
sudo systemctl enable icinga2 sudo systemctl start icinga2
To use Icinga2 with Icinga2 Web, we need to further configure Icinga2. It includes setting up MySQL database server and API user.
Step 3: Set up Icinga2 MySQL
Install the MySQL database server by running the command.
sudo apt -y install mysql-server mysql-client
The installer will also start the MySQL server on your system. Secure your MySQL server instance by running the command. Make sure to add a strong password for your MySQL root user.
sudo mysql_secure_installation
Install the MySQL IDO(Icinga Data Output) feature in Icinga2 by running the command. You will be asked if you wish to configure icinga2-ido-mysql
with dbconfig-common
. Choose yes and provide a strong password for icinga2-ido-mysql
when prompted.
sudo apt -y install icinga2-ido-mysql sudo icinga2 feature enable ido-mysql
Restart icinga2 so that all the changes can take effect.
sudo systemctl restart icinga2
You can view the database configuration by looking at the file /etc/icinga2/features-available/ido-mysql.conf
.
sudo cat /etc/icinga2/features-available/ido-mysql.conf
Make a note of the credentials as we will require it later in the tutorial.
Step 4: Set up Icinga2 API
Run the following Icinga command to enable API feature.
sudo icinga2 api setup
The above command will create a file api-users.conf
with default user root
having all permissions over Icinga2 API. Let’s create a new API user having minimal permissions required by Icinga Web.
Edit the api-users.conf
file and add a new API user object.
sudo vi /etc/icinga2/conf.d/api-users.conf
Add the following lines at the end of the file. Make sure to change PassWord
with a strong password.
object ApiUser "icingaweb2" { password = "PassWord" permissions = [ "status/query", "actions/*", "objects/modify/*", "objects/query/*" ] }
Make a note of the credentials as we will require it later in the tutorial. Icinga2 API is now enabled for use by Icinga Web. API server listens on port 5665 by default.
Restart icinga2 so that all the changes can take effect.
sudo systemctl restart icinga2
Step 5: Set up Icinga Web 2 with Let’s Encrypt SSL
For Icinga Web to work, we need to install a web server. Icinga recommends using Apache or Nginx. In this tutorial, we will be installing Apache 2 to serve Icinga2 web.
Install Apache web server by running.
sudo apt -y install apache2
As we have already set up Icinga2 repository we can directly install Icinga Web 2 by running the following command. The command also installs PHP 7.2 along with common modules and PHP GD, which is needed to export PDF reports.
sudo apt -y install icingaweb2 icingacli libapache2-mod-php php-gd
Installing the Icinga Web 2 packages also configures Apache virtual hosts so we don’t need to do any manual configuration.
We will secure our Icinga web using Let’s Encrypt SSL. For generating the Let’s Encrypt certificates, we will leverage on Certbot, which is an official client application for generating the certificates.
Enable SSL and Rewrite module in Apache by running.
sudo a2enmod ssl rewrite
Add Certbot repository into the system by running.
sudo add-apt-repository ppa:certbot/certbot
Install Certbot for Apache.
sudo apt -y install python-certbot-apache
Generate the certificate and install in on default virtual host by running the following command.
sudo certbot --apache -d example.com
The command will ask you for your email address to send you renewal notices. While installing the certificate, it will ask you if you wish to redirect all HTTP request to HTTPS or not. Choose the option 2 to automatically redirect all HTTP requests to HTTPS.
The Certbot package comes with a cron job which will automatically renew the certificates when they are due for expiry.
Finally, edit the PHP configuration file to set your default timezone.
sudo vi /etc/php/7.2/apache2/php.ini
Look for the commented line as shown below.
;date.timezone =
Remove the semicolon to uncomment the line and set your default PHP timezone.
date.timezone = "Europe/Amsterdam"
Restart Apache2 web server so that all the changes we have done are applied.
sudo systemctl restart apache2
Step 6: Complete Icinga Web 2 Installation
Before installing Icinga Web from a browser, we need to create a new MySQL database. Log in to MySQL prompt again as the root user.
sudo mysql -u root -p
Run the following queries to create a database and user for Icinga Web. Make sure to replace PassWord
with some strong password.
CREATE DATABASE icingaweb2; GRANT ALL ON icingaweb2.* TO icingaweb2@localhost IDENTIFIED BY 'PassWord'; exit
Create a setup token as it will be asked by the browser-based installer to unlock the installer.
sudo icingacli setup token create;
Now, open your favorite browser and browse https://example.com/icingaweb2
. You will see a screen to enter the setup token, proceed with entering the token you have created on the command line.
In Module tab, choose Monitoring as we do not require other modules as of now.
If you have followed the tutorial correctly, you will see all green in Requirements tab except for IDO PostgreSQL. It is fine as we are not using PostgreSQL to store the database.
Choose Database authentication in Authentication tab.
Next, provide the database details in Database Resource tab for the database we had just created to store Icinga Web data.
In Backend Authentication choose icingaweb2 and create a new administrative user to access Icinga Web admin in Administration tab. Finally, in Application Configuration leave all the default selected options.
We have now gone through all the Icinga Web configuration, the installer will now display you a summary of the configuration. Check it thoroughly to make sure everything is ok.
Once verified, click Next to proceed to next section.
Now, the web installer will ask you for configure Monitoring module of Icinga2. Click Next to start the configuration wizard.
In Monitoring Backend tab, leave the default option icinga2 and IDO checked and move further.
In Monitoring IDO Resource tab, fill the database details obtained after configuring MySQL IDO at the end of Step 3.
In the next tab for Command Transport, fill in the details of the API user we created in Step 4 for the tutorial. Use localhost
and the port and 5665
. Fill in the API username and password as per the user we created in Step 4.
For Monitoring Security, leave the default option and proceed to the last screen. It will now show you a summary of the configuration you have done. Click next to apply the configuration you have done.
After installation, you can click on the button saying Login to Icinga Web 2 or you can also visit https://example.com/icingaweb2
and log in using the administrator credentials you have created during installation. You should see the Icinga Web 2 dashboard.
Conclusion
In this tutorial, we have successfully installed Icinga2 along with Icinga Web 2. We have also secured Icinga Web 2 using Let’s Encrypt SSL. By default, Icinga2 master node is only able to monitor itself. You can go ahead to start adding more hosts to monitor into your Icinga2 instance. You can read more about Icinga2 on its documentation.
Ali says
thanks been helpful