How to Install and Configure Icinga on CentOS/Fedora/RHEL

So lets get started.  I’m building on the system with the usual requirements:

# yum install -y rsync vim wget curl git zip unzip mlocate make

# Core packages Icinga needs

# yum install httpd gcc glibc glibc-common gd gd-devel# yum install libjpeg libjpeg-devel libpng libpng-devel

# yum install -y net-snmp net-snmp-devel net-snmp-utils

# yum install mysql mysql-server libdbi libdbi-devel libdbi-drivers \   libdbi-dbd-mysql

 Let’s build a download folder and get all the software from Icinga we will need.

# cd /opt

Download the latest core package

#wget http://sourceforge.net/projects/icinga/files/latest/download?source=files

This is the web front end its at version 1.8.1

#wget http://sourceforge.net/projects/icinga/files/icinga-web/1.8.1/icinga-web-1.8.1.tar.gz/download

Grab the nagios plugins too since we are here

#wget http://sourceforge.net/projects/nagiosplug/files/latest/download?source=files

Get the latest NRPE module

# wget http://sourceforge.net/projects/nagios/files/nrpe-2.x/nrpe-2.14/nrpe-2.14.tar.gz/download

Create a new Icinga user and give it a password:

/usr/sbin/useradd -m icinga

passwd icinga

Add the Icinga group:

/usr/sbin/groupadd icinga

For sending commands to the classic interface you’ll need to add the below:

/usr/sbin/groupadd icinga-cmd

/usr/sbin/usermod -a -G icinga-cmd icinga

/usr/sbin/usermod -a -G icinga-cmd apache

Compile and install Icinga:

tar xvf icinga-1.8.4.tar.gz

cd icinga-1.8.4

Run the configure script and make the install:

./configure –with-command-group=icinga-cmd

make all

make fullinstall

# Make install-config is only needed on a new install. Don’t do this if its an upgrade!

make install-config

Customizing the configuration:

Edit the /usr/local/icinga/etc/objects/contacts.cfg config file with your favorite editor and change the email address associated with the icingaadmin contact definition to the address you’d like to use for receiving alerts.

vim /usr/local/icinga/etc/objects/contacts.cfg

#email                           icinga@localhost       ; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS ******

email                           user-name@your-email.com       ; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS ******

Configure the classic web interface:

make cgis

make install-cgis

make install-html

Install the Apache config:

make install-webconf

Create an icingaadmin account for logging into the Icinga classic web interface. If you want to change it later, use the same command. Remember the password you assign to this account – you’ll need it later.

htpasswd -c /usr/local/icinga/etc/htpasswd.users icingaadmin

If you want to change it later or add another user:

htpasswd /usr/local/icinga/etc/htpasswd.users

Add Apache to startup and restart / start:

chkconfig httpd on

/etc/init.d/httpd restart

Extract and configure nagios plugins:

cd /opt/installs

tar -xvf nagios-plugins-1.4.16.tar.gz

cd nagios-plugins-1.4.16

./configure –prefix=/usr/local/icinga –with-cgiurl=/icinga/cgi-bin –with-nagios-user=icinga –with-nagios-group=icinga

make

make install

Extract and configure NRPE Plugin:

cd /opt/installs

tar -xvf nrpe-2.14.tar.gz

cd nrpe-2.14

./configure –with-ssl –with-nrpe-user=icinga –with-nrpe-group=icinga –with-nagios-user=icinga –with-nagios-group=icinga –libexecdir=/usr/local/icinga/libexec/ –bindir=/usr/local/icinga/bin/

make all && make install

RHEL and derived distributions like Fedora and CentOS are shipped with activated SELinux (Security Enhanced Linux) running in “enforcing” mode. This may lead to “Internal Server Error” messages when you try to invoke the Icinga-CGIs.

Check if SELinux runs in enforcing mode:

getenforce

Set SELinux in “permissive” mode:

setenforce 0

To make this change permanent you have to adjust this setting in /etc/selinux/config and restart the system.

Instead of deactivating SELinux or setting it into permissive mode you can use the following commands to run the CGIs in enforcing/targeted mode:

Add Icinga Core to startup:

chkconfig –add icinga

chkconfig icinga on

Verify the sample config:

/usr/local/icinga/bin/icinga -v /usr/local/icinga/etc/icinga.cfg

Total Warnings: 0

Total Errors:   0

Instead of specifying the paths to binary and config file you can issue:

/etc/init.d/icinga show-errors

Start up icinga core:

/etc/init.d/icinga start

Login to the classic interface with the icingaadmin user:

# Open a browser

http://yourdomain/icinga

Setup your web GUI account / password:

# Default login icingaadmin:icingaadmin – new users can be added with

htpasswd /etc/icinga/passwd youradmin

Set MySQL to start on boot up:

chkconfig mysqld on

Create Database, User, Grants:

# mysql -u root -p

mysql> CREATE DATABASE icinga;

GRANT USAGE ON icinga.* TO ‘icinga’@’localhost’

IDENTIFIED BY ‘icinga’

WITH MAX_QUERIES_PER_HOUR 0

MAX_CONNECTIONS_PER_HOUR 0

MAX_UPDATES_PER_HOUR 0;

GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE

ON icinga.* TO ‘icinga’@’localhost’;

FLUSH PRIVILEGES;

quit

Import database scheme for MySQL:

# mysql -u root -p icinga < /opt/icinga-1.9.3/module/idoutils/db/mysql/mysql.sql

You are done with the Icinga-Core and Classic Web Interface. Open icinga page in your browser and check it out the console.