How to Add Host and Manage Services in Icinga2

July 1, 2016 | By in MONITORING
| 1 Reply More

In my previous article, I've explained how to install and configure an Icinga2 with Icinga Web2 interface. Now it's time to introduce some hosts to our monitoring system.  Unlike Nagios, we can add the hosts automatically to the Icinga2 systems. The configuration is quite simple and easy compared to other monitoring systems.

As stated before,  the communication between the monitoring server and the client nodes are more secure comparing other versions. All communications are secured by TLS connections with certificates which is setup by Icinga2 servers on initialization.

Let's start with the procedures on how to add a hosts to our monitoring system. You can take a look at the work flow.

steps

Configuring Icinga2 Master Node

We've already setup our Icinga2 master node, now we need to make the following initialization to allow our host nodes and connect to them securely. We need to run this command " icinga2 node wizard" to run the setup wizard.

root@ubuntu:~# icinga2 node wizard
Welcome to the Icinga 2 Setup Wizard!

We'll guide you through all required configuration details.

The setup wizard will ask you whether this is a satellite or master setup. Since we run this on the master server we can type 'n'. By typing 'n', it installs the master setup and start generating the certificates for secured TLS communication.

Please specify if this is a satellite setup ('n' installs a master setup) [Y/n]: n
Starting the Master setup routine...
Please specifiy the common name (CN) [ubuntu.icinga-master.com]:
Checking for existing certificates for common name 'ubuntu.icinga-master.com'...
Certificates not yet generated. Running 'api setup' now.
information/cli: Generating new CA.
information/base: Writing private key to '/var/lib/icinga2/ca/ca.key'.
information/base: Writing X509 certificate to '/var/lib/icinga2/ca/ca.crt'.
information/cli: Generating new CSR in '/etc/icinga2/pki/ubuntu.icinga-master.com.csr'.
information/base: Writing private key to '/etc/icinga2/pki/ubuntu.icinga-master.com.key'.
information/base: Writing certificate signing request to '/etc/icinga2/pki/ubuntu.icinga-master.com.csr'.
information/cli: Signing CSR with CA and writing certificate to '/etc/icinga2/pki/ubuntu.icinga-master.com.crt'.
information/cli: Copying CA certificate to '/etc/icinga2/pki/ca.crt'.
Generating master configuration for Icinga 2.
information/cli: Adding new ApiUser 'root' in '/etc/icinga2/conf.d/api-users.conf'.
information/cli: Enabling the 'api' feature.
Enabling feature api. Make sure to restart Icinga 2 for these changes to take effect.
information/cli: Dumping config items to file '/etc/icinga2/zones.conf'.
information/cli: Created backup file '/etc/icinga2/zones.conf.orig'.

We don't need to change the ports, so leave it as it is.

Please specify the API bind host/port (optional):
Bind Host []:
Bind Port []:
information/cli: Created backup file '/etc/icinga2/features-available/api.conf.orig'.
information/cli: Updating constants.conf.
information/cli: Created backup file '/etc/icinga2/constants.conf.orig'.
information/cli: Updating constants file '/etc/icinga2/constants.conf'.
information/cli: Updating constants file '/etc/icinga2/constants.conf'.
information/cli: Updating constants file '/etc/icinga2/constants.conf'.
Done.

Now restart your Icinga 2 daemon to finish the installation!

After running this setup wizard, you need to restart the Icinga2 service.

root@ubuntu:~# systemctl restart icinga2

Installing and Configuring Icinga2-Client

We need to install Icinga2 on the host node as the initial step. For that, we need to add the Icinga2 repository to the host node and update the APT repository packages.

root@ubuntu:~# apt install software-properties-common
root@ubuntu:~# add-apt-repository ppa:formorer/icinga
This PPA provides Icinga 1, Icinga 2 and Icinga web Packages for Ubuntu. They are directly derived from the Debian Packages that I maintain within Debian.
More info: https://launchpad.net/~formorer/+archive/ubuntu/icinga
Press [ENTER] to continue or ctrl-c to cancel adding it

gpg: keyring `/tmp/tmpcrlq876s/secring.gpg' created
gpg: keyring `/tmp/tmpcrlq876s/pubring.gpg' created
gpg: requesting key 36862847 from hkp server keyserver.ubuntu.com
gpg: /tmp/tmpcrlq876s/trustdb.gpg: trustdb created
gpg: key 36862847: public key "Launchpad PPA for Alexander Wirt" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
OK
root@ubuntu:~#apt-get update
root@ubuntu:~# apt-get install icinga2
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
icinga2-bin icinga2-common icinga2-doc libboost-program-options1.58.0 libboost-regex1.58.0 libboost-system1.58.0 libboost-thread1.58.0
libicinga2 libyajl2 monitoring-plugins-basic monitoring-plugins-common
Suggested packages:
icinga2-studio vim-icinga2 icinga | icinga | nagios3
The following NEW packages will be installed:

Creating config file /etc/nagios-plugins/config/dhcp.cfg with new version

Creating config file /etc/nagios-plugins/config/disk.cfg with new version

Creating config file /etc/nagios-plugins/config/dummy.cfg with new version

Creating config file /etc/nagios-plugins/config/ftp.cfg with new version

Creating config file /etc/nagios-plugins/config/http.cfg with new version

Creating config file /etc/nagios-plugins/config/load.cfg with new version

Creating config file /etc/nagios-plugins/config/mail.cfg with new version

Creating config file /etc/nagios-plugins/config/news.cfg with new version

Creating config file /etc/nagios-plugins/config/ntp.cfg with new version

Creating config file /etc/nagios-plugins/config/ping.cfg with new version

Creating config file /etc/nagios-plugins/config/procs.cfg with new version

Creating config file /etc/nagios-plugins/config/real.cfg with new version

Creating config file /etc/nagios-plugins/config/ssh.cfg with new version

Creating config file /etc/nagios-plugins/config/tcp_udp.cfg with new version

Creating config file /etc/nagios-plugins/config/telnet.cfg with new version

Creating config file /etc/nagios-plugins/config/users.cfg with new version
Setcap for check_icmp and check_dhcp worked!
Processing triggers for libc-bin (2.23-0ubuntu3) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for systemd (229-4ubuntu4) ...

Now we need to run the set-up Wizard on our host node and install the Satellite setup.

root@ubuntu:~# icinga2 node wizard
Welcome to the Icinga 2 Setup Wizard!

We'll guide you through all required configuration details.

Since, this is our Satelite setup, we need to type 'Y' to proceed with our Satellite setup.

Please specify if this is a satellite setup ('n' installs a master setup) [Y/n]: yes

This will proceeds with the Satellite node setup and installs the required certificates for TLS communication.

Starting the Node setup routine...
Please specifiy the common name (CN) [host1.icinga2server.com]:
Please specify the master endpoint(s) this node should connect to:
Master Common Name (CN from your master setup): ubuntu.icinga-master.com
Do you want to establish a connection to the master from this node? [Y/n]: y
Please fill out the master connection information:
Master endpoint host (Your master's IP address or FQDN): 139.162.55.62
Master endpoint port [5665]:
Add more master endpoints? [y/N]:
Please specify the master connection for CSR auto-signing (defaults to master endpoint host):
Host [139.162.55.62]:
Port [5665]:
information/base: Writing private key to '/etc/icinga2/pki/host1.icinga2server.com.key'.
information/base: Writing X509 certificate to '/etc/icinga2/pki/host1.icinga2server.com.crt'.
information/cli: Fetching public certificate from master (139.162.55.62, 5665):

Certificate information:

Subject: CN = ubuntu.icinga-master.com
Issuer: CN = Icinga CA
Valid From: Jun 26 06:49:50 2016 GMT
Valid Until: Jun 23 06:49:50 2031 GMT
Fingerprint: 13 8A 73 C5 36 E7 1D DA FE 9D E1 E6 1E 32 ED E2 3C 6B 48 E8

Is this information correct? [y/N]: yes

We need to provide the host information and Master server information to complete the Node setup. After providing the details, it will enter CSR auto signing. After this, Icinga 2  saves some configuration on the host node and  setup a secure connection with it.

After saving these certificates, it needs to be validated by the master to prove that you’re actually in command of both servers and approve of this secure communication. For that, I run this "icinga2 pki ticket --cn 'host1.icinga2server.com"  on my master server and provided the code generated  in the Node setup to proceed further.

Please specify the request ticket generated on your Icinga 2 master.
(Hint: # icinga2 pki ticket --cn 'host1.icinga2server.com'): 836289c1bcd427879b06703dfb35aa122bf89dc2
information/cli: Requesting certificate with ticket '836289c1bcd427879b06703dfb35aa122bf89dc2'.

warning/cli: Backup file '/etc/icinga2/pki/host1.icinga2server.com.crt.orig' already exists. Skipping backup.
information/cli: Writing signed certificate to file '/etc/icinga2/pki/host1.icinga2server.com.crt'.
information/cli: Writing CA certificate to file '/etc/icinga2/pki/ca.crt'.

After signing the certificates, it askes for the API/bind port. We can skip this sections as before and proceed with the reset of the configurations.

Please specify the API bind host/port (optional):
Bind Host []:
Bind Port []:
Accept config from master? [y/N]: y
Accept commands from master? [y/N]: y
information/cli: Disabling the Notification feature.
Disabling feature notification. Make sure to restart Icinga 2 for these changes to take effect.
information/cli: Enabling the Api listener feature.
Enabling feature api. Make sure to restart Icinga 2 for these changes to take effect.

information/cli: Created backup file '/etc/icinga2/features-available/api.conf.orig'.
information/cli: Generating local zones.conf.
information/cli: Dumping config items to file '/etc/icinga2/zones.conf'.
information/cli: Created backup file '/etc/icinga2/zones.conf.orig'.
information/cli: Updating constants.conf.
information/cli: Created backup file '/etc/icinga2/constants.conf.orig'.
information/cli: Updating constants file '/etc/icinga2/constants.conf'.
information/cli: Updating constants file '/etc/icinga2/constants.conf'.
Done.

Now restart your Icinga 2 daemon to finish the installation!

Once the Node setup is complete, we need to restart the Icinga2 daemon on the Host side.

Updating the configurations from client to master

Now we can go back to our Master server and confirm with the host addition. We can run this command to list the host nodes and services added to the server.

root@ubuntu:~# icinga2 node list
Node 'host1.icinga2server.com' (last seen: Sun Jun 26 07:03:40 2016)
* Host 'host1.icinga2server.com'
* Service 'apt'
* Service 'disk'
* Service 'disk /'
* Service 'http'
* Service 'icinga'
* Service 'load'
* Service 'ping4'
* Service 'ping6'
* Service 'procs'
* Service 'ssh'
* Service 'swap'
* Service 'users'
root@ubuntu:~#

Now we need to update Icinga2 master configuration to update these modification and to add the host nodes to the monitoring checks.

root@ubuntu:~#icinga2 node update-config
root@ubuntu:~# systemctl restart icinga2

Finally we can restart the services to save these changes and view our host node in the Icinga Web2 interface. We can login to the Icinga Web interface at http://139.162.55.62/icingaweb2/ with our admin credentials and confirm the host status.

hosts

httpservice

Managing Services in Icinga2

As you can see from my above screenshot, http service is showing critical in my client server. I've not installed Apache on my client server, hence I don't actually need the HTTP service to be monitored in our client server. Let's see how I'm going to remove that service from the monitoring services.

When a client server is added to the Master, it creates a folder for that client server inside the repository.d folder on the Master server in the Icinga2 configuration path with its hostname as below:

root@ubuntu:/etc/icinga2/repository.d/hosts# ls -l
total 8
drwxr-x--- 2 nagios nagios 4096 Jun 26 07:04 host1.icinga2server.com
-rw-r--r-- 1 root root 100 Jun 26 07:04 host1.icinga2server.com.conf
root@ubuntu:/etc/icinga2/repository.d/hosts#

We need to get inside the client folder "host1.icinga2server.com" and view the service files which are added to the hosts on initialization.

root@ubuntu:/etc/icinga2/repository.d/hosts/host1.icinga2server.com# ls -l
total 48
-rw-r--r-- 1 root root 152 Jun 26 07:04 apt.conf
-rw-r--r-- 1 root root 155 Jun 26 07:04 disk %2F.conf
-rw-r--r-- 1 root root 153 Jun 26 07:04 disk.conf
-rw-r--r-- 1 root root 153 Jun 26 07:04 http.conf
-rw-r--r-- 1 root root 155 Jun 26 07:04 icinga.conf
-rw-r--r-- 1 root root 153 Jun 26 07:04 load.conf
-rw-r--r-- 1 root root 154 Jun 26 07:04 ping4.conf
-rw-r--r-- 1 root root 154 Jun 26 07:04 ping6.conf
-rw-r--r-- 1 root root 154 Jun 26 07:04 procs.conf
-rw-r--r-- 1 root root 152 Jun 26 07:04 ssh.conf
-rw-r--r-- 1 root root 153 Jun 26 07:04 swap.conf
-rw-r--r-- 1 root root 154 Jun 26 07:04 users.conf

We can see all the service configuration files for that particular host residing inside this folder. Now we need to remove those service check file which we need to disable from the monitoring.

For example : In our case, we need to disable http service, hence, I'm moving http.conf from this folder. Either you can remove it or just move these files.

root@ubuntu:/etc/icinga2/repository.d/hosts/host1.icinga2server.com# mv http.conf http.conf-disabled

After making any changes we need to reload the Icinga2 service on the server.

root@ubuntu:/etc/icinga2# service icinga2 reload

We can confirm it from the web interface, whether that services are removed.

disabledservicefinal

But this service monitoring can be re-enabled on updating the node configuration on the Master server. if that service is still listed for that client as below:

root@ubuntu:~# icinga2 node list
Node 'host1.icinga2server.com' (last seen: Wed Jun 29 12:31:20 2016)
* Host 'host1.icinga2server.com'
* Service 'Icinga Web 2'
* Service 'apt'
* Service 'disk'
* Service 'disk /'
* Service 'http'
* Service 'icinga'
* Service 'load'
* Service 'ping4'
* Service 'ping6'
* Service 'procs'
* Service 'ssh'
* Service 'swap'
* Service 'users'

Therefore, we need to remove this from the node list. Let's see how we can do that.

1. Login to the Client server and move to the folder called "/etc/icinga2/conf.d", there we can see the hosts.conf file.

root@host1:/etc/icinga2/conf.d# ls -l
total 48
-rw-r--r-- 1 root root 35 May 19 12:56 app.conf
-rw-r--r-- 1 root root 114 May 17 11:03 apt.conf
-rw-r--r-- 1 root root 1300 May 19 12:56 commands.conf
-rw-r--r-- 1 root root 542 May 19 12:56 downtimes.conf
-rw-r--r-- 1 root root 638 May 19 12:56 groups.conf
-rw-r--r-- 1 root root 1501 May 19 12:56 hosts.conf
-rw-r--r-- 1 root root 674 May 19 12:56 notifications.conf
-rw-r--r-- 1 root root 801 May 19 12:56 satellite.conf
-rw-r--r-- 1 root root 2131 Jun 29 06:37 services.conf
-rw-r--r-- 1 root root 1654 May 19 12:56 templates.conf
-rw-r--r-- 1 root root 906 May 19 12:56 timeperiods.conf
-rw-r--r-- 1 root root 308 May 19 12:56 users.conf

Now we need to edit the hosts.conf file and comment the http service check part from there.

disable

Restart the Icinga2 service on Client server to update these changes.

2. Move back to your Master server, reload the Icinga2 service and update the node configuration.

root@ubuntu:/etc/icinga2# service icinga2 reload

root@ubuntu:/etc/icinga2# icinga2 node update-config

removing httpd

Now we can confirm the removal of http service from Master configuration.

root@ubuntu:~# icinga2 node list
Node 'host1.icinga2server.com' (last seen: Wed Jun 29 12:46:51 2016)
* Host 'host1.icinga2server.com'
* Service 'Icinga Web 2'
* Service 'apt'
* Service 'disk'
* Service 'disk /'
* Service 'icinga'
* Service 'load'
* Service 'ping4'
* Service 'ping6'
* Service 'procs'
* Service 'ssh'
* Service 'swap'
* Service 'users'

Likewise, we can add or remove any services in Icinga2. I believe this article is informative and helpful. I would recommend your valuable suggestions and comments on this. Happy Reading :)

Filed Under : MONITORING, UBUNTU HOWTO

Tagged With : ,

Free Linux Ebook to Download

Comments (1)

Trackback URL | Comments RSS Feed

  1. pri says:

    Hi thanks

    How can I use a checkCommand/Service definite to the master on a client-node ?

    any suggestion

Leave a Reply

Commenting Policy:
Promotion of your products ? Comment gets deleted.
All comments are subject to moderation.