Install Icinga 2 Monitoring on Debian 9
Traducciones al EspañolEstamos traduciendo nuestros guías y tutoriales al Español. Es posible que usted esté viendo una traducción generada automáticamente. Estamos trabajando con traductores profesionales para verificar las traducciones de nuestro sitio web. Este proyecto es un trabajo en curso.
What is Icinga 2?
Icinga, previously a fork of the popular Nagios monitoring system, is an open source network monitoring application that can be used to monitor critical services and systems on your Linode. Icinga 2 can monitor hosts on a network or it can verify network external protocols, such as the state of an HTTP server, mail server, file-sharing service, or others.
Icinga 2 can be configured to monitor internal systems’ state and check the load, memory, disk free space, or other internal parameters via Icinga agents deployed on each node that needs to be monitored. Icinga can also be configured to send notifications and alerts via email or SMS to the system administrators defined in contacts.
This guide shows how to install and configure the latest version of Icinga 2 web monitoring tool on Debian 9 to monitor network infrastructure.
This guide may involve or result in sending email. In an effort to fight spam, Linode restricts outbound connections on ports 25, 465, and 587 on all Linodes for new accounts created after November 5th, 2019. For more information, please see Sending Email on Linode.
Before You Begin
Familiarize yourself with our Getting Started guide and complete the steps for creating a Linode with Debian 9, and setting your Linode’s hostname and timezone.
Many of the commands in this guide require root privileges. Complete the sections of our Securing Your Server to create a standard user account, harden SSH access and remove unnecessary network services. Use
sudo
wherever necessary.Configure a LAMP Stack.
Configure a mail server in order to have Icinga send email alerts.
Update your system:
sudo apt-get update && sudo apt-get upgrade
Use OPCache to Increase Load Speed
To increase the load speed of your application via OPCache plugin available in PHP7, append the following OPCache settings at the bottom of the PHP configuration:
- File: php.ini
opcache.enable=1 opcache.enable_cli=1 opcache.interned_strings_buffer=8 opcache.max_accelerated_files=10000 opcache.memory_consumption=128 opcache.save_comments=1 opcache.revalidate_freq=1
Restart the Apache daemon to apply the new changes:
systemctl restart apache2
Configure Icinga 2 Databases
Install the backend database needed by Icinga 2 monitoring web application and Icinga Web 2 frontend to store users, contacts and other collected data. Execute the following command to install MariaDB database and PHP module needed to access MySQL database in Debian 9:
apt install php7.0-mysql mariadb-server mariadb-client
Log in to the MySQL console and secure the MariaDB root account:
mysql -h localhost use mysql; update user set plugin='' where user='root'; flush privileges; exit
Further secure the MariaDB database with the
mysql_secure_installation
script. This script will ask a series of questions designed to secure the MariaDB database: change MySQL root password, remove anonymous users, disable remote root logins, and delete the test database:sudo mysql_secure_installation
Log back in to the database console and create the database for Icinga 2:
mysql –u root -p
Create a user with a strong password to manage Icinga 2 application database, by issuing the following commands. You should replace
icingadb
,icinga-user
, andstrongpassword
in this example with your own database name and credentials:create database icingadb; grant all privileges on icingadb.* to 'icinga_user'@'localhost' identified by 'strongpassword'; flush privileges
Create the second MySQL database used by Icinga 2 web to store its interface users and groups. As in the previous step, replace the database name and credentials accordingly and choose a strong password for database user. You can use the same MySQL user account to manage both databases simultaneously (
icinga_user'@'localhost
):create database icinga_users; grant all privileges on icinga_users.* to 'icinga_user'@'localhost' identified by 'strongpassword'; exit
Install Icinga 2
Install Icinga 2 and the Icinga 2 MySQL module for accessing MariaDB database backend:
apt install icinga2 icinga2-ido-mysql
During the installation, when asked:
If Icinga 2 should use the MySQL module,
- Choose Yes from the prompt.
To configure a database for
icinga2-ido-mysql
withdbconfig-common
option,- Choose No from the prompt.
After Icinga 2 has been installed, start the Icinga 2 service and check the daemon status:
systemctl start icinga2.service
systemctl status icinga2.service
Install the Icinga 2 Web Interface
In order to manage Icinga 2 via the web interface, install the Icinga 2 web interface and Command Line Interface (CLI) packages:
apt install icingaweb2 icingacli
Restart the Icinga 2 daemon and verify the Icinga 2 daemon status:
systemctl restart icinga2.service
systemctl status icinga2.service
Install the MySQL schema required Icinga 2 database:
mysql -u root icingadb -p < /usr/share/icinga2-ido-mysql/schema/mysql.sql
Edit the Icinga 2 MySQL IDO configuration file and add Icinga 2 engine database credentials, as shown in the following example. Use the credentials of the first database created in the earlier database creation step:
- File: /etc/icinga2/features-enabled/ido-mysql.conf
library "db_ido_mysql" object IdoMysqlConnection "ido-mysql" { user = "icinga_user", password = "strongpassword", host = "localhost", database = "icingadb" }
Save the file and restart the Icinga 2 daemon:
systemctl restart icinga2.service
Create an Icinga Web 2 log directory and add the proper file system permissions to grant the Icinga 2 group write permissions:
mkdir -p /var/log/icingaweb2/
chgrp -R icingaweb2 /var/log/icingaweb2/
chmod -R 775 /var/log/icingaweb2/
Configure Icinga 2 via Web Interface
Generate an installation token. Save it somewhere easily accessible. You will need to use it to access the Icinga 2 setup:
icingacli setup token create
The output of this command should be something like:
The newly generated setup token is: 4358c2c0d345673c
To show the generated token in case you’ve forgotten or you haven’t noted yet:
icingacli setup token show
Open a browser on your local machine and navigate to
http://exampleIP/icingaweb2/setup
. ReplaceexampleIP
with your Linode’s IP address.In the first installation stage, add the token generated earlier:
On the next screen, select and enable the Doc and Monitoring modules and press Next to continue:
Icinga 2 will check your system requirements and PHP modules to see if all requirements are met before continuing with the installation and configuration process. Scroll down to the end of the page and press Next to continue.
Choose Authentication Type = Database:
![Choose the “Database” Authentication Type](icinga-database-authentication-type.png “Choose the “Database” Authentication Type”)
Use the information from the second database created earlier to add the credentials needed to access the Icinga 2 database for storing web interface users and groups. Use
icingaweb_db
as a name for this resource and leave the Host, Port and Character set variables as default. Do not enable Persistent and SSL option. Press Validate Configuration button to validate the database. After the database has been validated successfully, press Next to continue to the next phase of Icinga 2’s configuration process:Define a name for the database authentication backend (you can use the default value) and press Next.
Add a username with a strong password in order to log in to the Icinga 2 web interface and further manage the Icinga 2 engine and press Next.
Adjust the Icinga 2 application and logging configurations using these settings, then press Next:
Check Show Stacktraces
Storage Type = Database
Logging Type = File
Logging Level = Error
File path =
/var/log/icingaweb2/icingaweb2.log
Review the information report and press Next to continue:
Press Next to continue setting up Icinga 2 engine monitoring module.
Add a name for the Icinga 2 Backend, select IDO as Backend Type and press Next.
Add the Icinga 2 engine database credentials in order to setup the IDO resource environment. After adding the Icinga 2 database credentials, press Validate Configuration to validate the Icinga 2 Monitoring IDO Resource. After the Successfully validated message appears, press Next.
Configure the Icinga 2 Command Transport module with the following settings and press Next:
Transport Name = icinga2
Transport Type = Local Command File
Command File =
/var/run/icinga2/cmd/icinga2.cmd
Use the default values or configure the monitoring security environment variables to sensitive information and press Next.
The next screen shows a detailed report of the current configuration. A message will also show you that Icinga 2 Monitoring module has been successfully configured. Review the configuration and press Finish to complete the setup process.
After the installation and setup process completes, a message informs you that Icinga Web 2 has been successfully set up.
Log in to Icinga Web 2 to exit the setup process and log in to Icinga Web 2 login webpage:
You will be directed to the Icinga Web 2 Dashboard, where you should see the default services and Linode resources that are currently monitored by the Icinga 2 engine:
Secure the Icinga Web 2 Interface Via TLS
To access Icinga 2 monitoring application via HTTPS protocol, enable the Apache SSL module, SSL site configuration file, and Apache rewrite module:
a2enmod ssl rewrite
a2ensite default-ssl.conf
Edit the Apache sites-enabled default configuration file and add the following lines after the DocumentRoot
to enable URL rewrite rules:
- File: /etc/apache2/sites-enabled/000-default.conf
1 2 3 4 5
<Directory /var/www/html> Options +FollowSymlinks AllowOverride All Require all granted </Directory>
Restart the Apache daemon to apply the new configuration file:
systemctl restart apache2
In a local browser, visit your domain name or Linode’s IP address. Because you’re using the self-signed certificate generated by Apache, the browser will show an error warning. Accept the warning to access the Icinga Web 2 dashboard.
Force Traffic through HTTPS
To force visitors to browse the Icinga Web 2 interface via HTTPS, create a new .htaccess
file in your web root with the following:
- File: /var/www/html/.htaccess
<IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L] </IfModule>
Create Firewall Rules to Enable HTTPS Traffic
Add a new rule to allow HTTPS traffic to pass through the firewall.
UFW
ufw allow 443/tcp
IPtables
iptables -I INPUT -p tcp --destination-port 443 -j ACCEPT
systemctl iptables-persistent save
systemctl iptables-persistent reload
That’s All!
You have successfully installed, set up, and secured the Icinga 2 engine monitoring application and Icinga Web 2 Interface on Debian 9.
More Information
You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.
This page was originally published on