Introduction

This page describes how AlexisHuxley installed Nagios. Prerequisite software (e.g. Apache) is assumed to be already installed (e.g. by MDI).

Procedure

  1. To install Icinga complete the following sub-procedure:

    1. Run the following commands: 

      apt-get install icinga icinga-doc rblcheck nagios-nrpe-plugin libgd-tools libcrypt-des-perl libdigest-hmac-perl libio-socket-inet6-perl snmp-mibs-downloader sensord read-edid i2c-tools nagios3 cifs-utils

    2. As per README.Debian, run the following commands: 

      perl -pi -e 's/^(check_external_commands)=.*/$1=1/' /etc/icinga/icinga.cfg
service icinga stop
dpkg-statoverride --update --add nagios www-data 2710 /var/lib/icinga/rw
dpkg-statoverride --update --add nagios nagios 751 /var/lib/icinga
service icinga start

    3. Change the location and type of the password file by replacing the authentication directives near the bottom of /etc/icinga/apache2.conf with something like: 

              AuthType Digest
            AuthName "Icinga Service"
            AuthUserFile /etc/apache2/icinga.htdigest
            Require valid-user

      and run: 

      a2enmod auth_digest
service apache2 restart

    4. Create an Icinga admin account by running: 

      touch /etc/apache2/icinga.htdigest
htdigest /etc/apache2/icinga.htdigest "Icinga Service" icingaadmin

    5. To install the icons run: 

      mkdir -p /usr/local/opt/imagepak
cd /usr/local/opt/imagepak
wget -qO - https://www.monitoringexchange.org/attachment/download/Artwork/Image-Packs/Base-Images/imagepak-base.tar.tar | tar xzf -
cd /usr/share/icinga/htdocs/images/logos/
ln -s /usr/local/opt/imagepak-base/base .
cp <path-to-home-made-ubuntu-icons> ./base/
  2. To install Nconf complete the following sub-procedure:

    1. Run the following commands: 

      wget -O nconf-1.3.0-0.tgz 'http://downloads.sourceforge.net/project/nconf/nconf/1.3.0-0/nconf-1.3.0-0.tgz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fnconf%2Ffiles%2Fnconf%2F1.3.0-0%2F&ts=1326901121&use_mirror=dfn'
cd /usr/local && mkdir -p opt && cd opt
tar xzf ~/nconf-1.3.0-0.tgz
mv nconf nconf-1.3.0-0
ln -s nconf-1.3.0-0 nconf
cd nconf-1.3.0-0
chown www-data ./config ./output ./static_cfg ./temp
apt-get install php5-mysql

    2. Add the following to /etc/apache2/sites-enabled/000-default: 

          Alias /nconf/ "/usr/local/opt/nconf/"
    <Directory "/usr/local/opt/nconf/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 192.168.1.0/255.255.255.0
    </Directory>

      and run: 

      service apache2 reload

    3. Create a database for NConf and a user with sufficient priviliges to manage it by running: 

      apt-get install mysql-server
mysqladmin create nconf
mysql
USE mysql;
CREATE USER 'icingaadmin'@'localhost' IDENTIFIED BY 'password';
GRANT ALL ON nconf.* TO 'icingaadmin'@'localhost';

    4. Visit http://<backend-server-or-frontend-server>/nconf/INSTALL.php, which should look like this:
      /AlexisWiki/InstallingIcinga?action=AttachFile&do=get&target=nconf-fig1.png

    5. Verify all requirements are met (as explained on the nconf screen) and then click 'Next'.
    6. On the next screen set the database server hostname to localhost, the database name to nconf, the database user to 'nconfadmin' and the password to whatever you set and click 'Next'.
    7. At the 'General configuration' screen set the path to the Nagios/Icinga binary to /usr/bin/icinga. i . At the 'Authentication configuration' screen leave AUTH_ENABLED set to FALSE (we will use Apache for authentication).

    8. Run: 

      cd /usr/local/opt/nconf/
rm -fr INSTALL* UPDATE*
apt-get install sudo

    9. Edit /usr/local/opt/nconf/config/deployment.ini and set: 

      [extract config]
type        = local
source_file = "/usr/local/opt/nconf/output/NagiosConfig.tgz"
target_file = "/tmp/"
action      = extract

; Put all config files in same directory
[copy collector config]
type        = local
source_file = "/tmp/Default_collector/"
target_file = "/etc/icinga/objects/"
action      = copy

[copy global config]
type        = local
source_file = "/tmp/global/"
target_file = "/etc/icinga/objects/"
action      = copy

; This pointless copy satisfies nconf while leaving static content to be
; edited manually.
[copy nagios.cfg]
type        = local
source_file = "/etc/icinga/icinga.cfg"
target_file = "/tmp/icinga.cfg"
action      = copy
reload_command = "sudo service icinga reload"

    10. Run: 

      rm /etc/icinga/objects/*
perl -pi -e 's/^(cfg_.*(?:commands|plugins))/#$1/' /etc/icinga/icinga.cfg
chown www-data:www-data /etc/icinga/objects

    11. Use visudo to add the following entry to /etc/sudoers: 

      www-data  ALL = NOPASSWD: /usr/sbin/service icinga reload

    12. Run: 

      cd /usr/local/opt/nconf/img/logos
wget -qO - https://www.monitoringexchange.org/attachment/download/Artwork/Image-Packs/Base-Images/imagepak-base.tar.tar | tar xzf -

      (as per http://www.nconf.org/dokuwiki/doku.php?id=nconf:help:documentation:start:installation.)

    13. Work around a bug by running: 

      wget -qO /usr/local/opt/nconf/bin/lib/NConf/ExportNagios.pm https://raw.github.com/nconf/development/46c10e0b5b82d5c48b072a45744d50e48a63a08e/bin/lib/NConf/ExportNagios.pm

      (More details of the bug and the patch are available at http://forum.nconf.org/viewtopic.php?f=17&t=872.)

    14. Test by generating the Nagios config and clicking 'Deploy'.

  3. If desired, proxy Icinga and NConf through a front-end webserver by adding the following the the front-end webserver's configuration: 

        #  Icinga proxy
    ProxyPass /icinga/ http://monitor.pasta.net/icinga/
    ProxyPassReverse /icinga/ http://monitor.pasta.net/icinga/
    ProxyPass /cgi-bin/icinga/ http://monitor.pasta.net/cgi-bin/icinga/
    ProxyPassReverse /cgi-bin/icinga/ http://monitor.pasta.net/cgi-bin/icinga/
    ProxyPass /nconf/ http://monitor.pasta.net/nconf/
    ProxyPassReverse /nconf/ http://monitor.pasta.net/nconf/
    <LocationMatch "^/(icinga|nconf|cgi-bin/icinga)/">
        Order allow,deny
        Allow from All
        AuthType Digest
            AuthName "Icinga Service"
            AuthUserFile /etc/apache2/icinga.htdigest
            Require valid-user
    </LocationMatch>

    and run: 

    service apache2 reload
    and copy /etc/apache2/icinga.htdigest from the back-end webserver to the front-end webserver.

  4. Event handlers are disabled by default, which results in some red in the tactical overview for all services (but not advanced services). Fix this by going to Administration->Attributes->Show->Host:service->event_handler_enabled (don't click, just locate row)->Modify->pre-defined value(s): <empty> (was 0)

  5. Use NConf to update the mail commands used in the notify-host-by-email and notify-service-by-email to use /usr/bin/mailx instead of /bin/mail (which doesn't exist)
  6. Use NConf to update the process-host-perfdata and process-service-hostdata to change the directory of the output file to /var/lib/icinga

Management procedures

  1. To dump the database (a wise precaution before doing edits, at least to start with): 

    bash -c 'read -p "Reason: "; mysqldump nconf > /var/tmp/mysql-nconf-$(date +%Y%m%d%H%M%S)-${REPLY// /-}.dump'
  2. Hints:
    1. add timeperiods first
    2. then contact groups
    3. then contacts
    4. then OSs
  3. To add a new user:
    1. In NConf add a new contact and generate the Icinga configuration files

    2. Add an entry to icinga.digest by running: 

      htdigest /etc/apache2/icinga.htdigest "Icinga Service" <username>

    3. Copy icinga.digest over to the front-end webserver by running the following command on a tested server: 

      ssh -n monitor cat /etc/apache2/icinga.htdigest | ssh www "cat > /etc/apache2/icinga.htdigest"

  4. To add a client using NRPE (don't do this! add a client using SSH instead!):

    1. Run: 

      apt-get install nagios-nrpe-server

    2. In /etc/nagios/nrpe.cfg, either comment out the following line or correct the IP address by running one of these two lines: 

      perl -pi -e 's/^(allowed_hosts)=(.*)/#$1=$2/' /etc/nagios/nrpe.cfg
ICINGASERVER_IPADDR=$(getent hosts monitor | awk '{ print $1 }')
perl -pi -e "s/^(allowed_hosts)=(.*)/\$1=$ICINGASERVER_IPADDR/" /etc/nagios/nrpe.cfg

      (CIDR ranges are not accepted, although comma-separated IPs are, albeit only without spaces. Failure to do this will trigger the error message: 

      CHECK_NRPE: Error - Could not complete SSL handshake.

      and then run: 

      /etc/init.d/nagios-nrpe-server
  5. To add a client using SSH:

    1. Run: 

      apt-get install nagios-plugins        #  squeeze
apt-get install nagios-plugins-basic  #  lenny (nagios-plugins has dependency issue)

    2. If there is not a 'nagios' accoun then run: 

      groupadd --system nagios
useradd --system --home-dir /var/local/nagios --gid nagios --create-home nagios

    3. If nagios's shell is not /bin/bash then run: 

      chsh --shell=/bin/bash nagios

    4. Run: 

      mkdir -p ~nagios/.ssh
echo "<trusted-ssh-key>" >> ~nagios/.ssh/authorized_keys
chown -R nagios:nagios ~nagios/

      and then the get nagios@<icinga-server> to cache the system's host SSH key.

  6. To restore a database run: 

    ls -lrt /var/tmp/mysql-nconf-*
mysql nconf < <dump-file>

Miscellaneous notes

See also

CategoryProcedure

InstallingIcinga (last edited 2012-04-26 10:18:20 by AlexisHuxley)