Install Icinga2 on RHEL 8

Prerequisites

• Complete the setup instructions for a new Redhat server. ## Install Icinga2

1. Import the Icinga GPG key

   rpm --import https://packages.icinga.com/icinga.key

2. Download and install the Icinga repository

   wget https://packages.icinga.com/subscription/rhel/ICINGA-release.repo -O /etc/yum.repos.d/ICINGA-release.repo

3. Enable the code ready builder repo for RHEL

   subscription-manager repos --enable codeready-builder-for-rhel-8-x86_64-rpms

4. In order to install EPEL, you must set the crypto policy from FUTURE to DEFAULT. This is because the FUTURE setting requires a specific bit size for the CA certificates. However, the certificates used by the Fedora project chain to CA certificates which dont meet this stringent criteria. Changing to DEFAULT fixes the issue. See man crypto-policies for more information on the available policies. See this bug report for more info.

update-crypto-policies --show
update-crypto-policies --set DEFAULT

3. Install icinga2

   dnf update && dnf install icinga2

   Install Icinga 2 on Fedora

   Add Icinga Repository Package

   rpm --import https://packages.icinga.com/icinga.key
   dnf update
   dnf install https://packages.icinga.com/fedora/icinga-rpm-release-$(. /etc/os-release; echo "$VERSION_ID")-latest.noarch.rpm

   Install Icinga 2

   dnf install -y icinga2
   systemctl enable --now icinga2
   systemctl status icinga2

   If you are stuck with configuration errors, then you can manually invoke the configuration validation tool with this command:

   icinga2 daemon -C

   Install Plugins

   Icinga 2 needs plugins to know how to check external services.  The Monitoring Plugins Project provides an extensive set of plugins which can be used with Icinga 2 to check whether services are working properly. These plugins are required to make the example configuration work out-of-the-box.

   dnf install -y nagios-plugins-all

   Configure Selinux Support

4. Install dependencies.

   dnf install selinux-policy-devel audit

5. Clone icinga2 to your home folder.

   cd ~
   git clone https://github.com/icinga/icinga2

6. Run the selinux configuration script

   ~/icinga2/tools/selinux/icinga2.sh

7. Restart icinga2 service

   systemctl restart icinga2

   Setup the Database

   The IDO (Icinga Data Output) feature for Icinga 2 stores all configuration and status information into a database. Icinga Web 2 connects to the IDO database to visualize the data properly. You can either use a MySQL or PostgreSQL database.

8. Install the MySQL IDO feature for Icinga:

   dnf install -y icinga2-ido-mysql

9. Setup a MySQL DB for Icinga2:

   CREATE DATABASE icinga;
   CREATE USER 'icinga'@'localhost' IDENTIFIED BY 'password_here';
   GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE ON icinga.* TO 'icinga'@'localhost';
   quit

10. Import the Icinga 2 IDO schema:

    mysql -u icinga -p < /usr/share/icinga2-ido-mysql/schema/mysql.sql

11. The package provides a new configuration file that is installed in /etc/icinga2/features-available/ido-mysql.conf. You can update the database credentials in this file. All available attributes are explained here. Update ido-mysql.conf so it can authenticate to the MySQL DB.

     /**
      * The IdoMysqlConnection type implements MySQL support
      * for DB IDO.
      */
    
     object IdoMysqlConnection "ido-mysql" {
       user = "icinga"
       password = "password_here"
       host = "localhost"
       database = "icinga"
     }

12. Enable the ido-mysql feature configuration file using the icinga2 command:

    icinga2 feature enable ido-mysql

13. Restart Icinga2:

    systemctl restart icinga2

    Set up REST API

14. Run the command icinga2 api setup

15. Edit /etc/icinga2/conf.d/api-users.conf and add a new ApiUser object. Specify the permissions attribute with minimal permissions required by Icinga Web 2.

     object ApiUser "icingaweb2" {
        password = "password_here"
        permissions = [ "status/query",
        "actions/*", "objects/modify/*", "objects/query/*" ]
     }

16. Restart the icinga2 service: systemctl restart icinga2 ## Install Icinga Web2 ### Requirements for the Web UI

• Icinga2 with IDO DB (MySQL or PostgreSQL)
• An Apache or Nginx web server
• PHP version >= 7.3
• For exports to PDF also the following PHP modules are required: mbstring, GD, Imagick
• LDAP PHP library when using Active Directory or LDAP for authentication ### Web UI Installation

1. Install dependencies

   dnf install php php-gd php-intl php-gettext-gettext php-pecl-imagick php-mbstring php-gd

2. Clone the Web UI repository

   cd /usr/share/
   git clone https://github.com/Icinga/icingaweb2.git icingaweb2

3. Clone the ipl-php-library:

   INSTALL_PATH="/usr/share/icinga-php/ipl"
   INSTALL_VERSION="stable/0.8.0"
   git clone https://github.com/Icinga/icinga-php-library.git "$INSTALL_PATH" --branch "$INSTALL_VERSION"

4. Generate web server configuration file

   /usr/share/icingaweb2/bin/icingacli setup config webserver apache --document-root /usr/share/icingaweb2/public > /etc/httpd/conf.d/icingaweb2.conf

5. Create a icingaweb2 group for managing permissions

   groupadd -r icingaweb2

6. Add the server’s user to the group

   usermod -a -G icingaweb2 apache 
   systemctl restart httpd

7. Create a configuration directory for icingaweb2

   /usr/share/icingaweb2/bin/icingacli setup config directory --group icingaweb2;

8. Setup Icinga Web 2 using the setup wizard. The setup wizard requires a token to authenticate which can be generated with this command:

   /usr/share/icingaweb2/bin/icingacli setup token create

   If you forget the token, you can show it again with this command: /usr/share/icingaweb2/bin/icingacli setup token show

9. Open port 80 on the firewall

10. Now you can open the web interface and follow the instructions to complete setup. In your browser go to http://ip_address/icingaweb2/setup. ## Configure Syntax highlighting

11. Install vim-icinga2

    dnf install vim-icinga2

12. Edit your user’s ~/.vimrc file and ensure that syntax on is present and not commented out.

13. Test it:

    vim /etc/icinga2/conf.d/templates.conf

    Installation Review

    You may want to check the features that were installed and enabled for Icinga2. You can do so with this command:

    icinga2 feature list

    Installation Paths

    By default Icinga 2 uses the following files and directories:

Path	Description
/etc/icinga2	Contains Icinga 2 configuration files.
/usr/lib/systemd/system/icinga2.service	The Icinga 2 systemd service file on systems using systemd.
/etc/systemd/system/icinga2.service.d/limits.conf	On distributions with systemd >227, additional service limits are required.
/etc/init.d/icinga2	The Icinga 2 init script on systems using SysVinit or OpenRC.
/usr/sbin/icinga2	Shell wrapper for the Icinga 2 binary.
/usr/lib*/icinga2	Libraries and the Icinga 2 binary (use find /usr -type f -name icinga2 to locate the binary path).
/usr/share/doc/icinga2	Documentation files that come with Icinga 2.
/usr/share/icinga2/include	The Icinga Template Library and plugin command configuration.
/var/lib/icinga2	Icinga 2 state file, cluster log, master CA, node certificates and configuration files (cluster, api).
/var/run/icinga2	PID file.
/var/run/icinga2/cmd	Command pipe and Livestatus socket.
/var/cache/icinga2	status.dat/objects.cache, icinga2.debug files.
/var/spool/icinga2	Used for performance data spool files.
/var/log/icinga2	Log file location and compat/ directory for the CompatLogger feature.