How to Install and Configure Icinga on CentOS/Fedora/RHEL
So lets get started. I’m building on the system with the usual requirements:
# yum install -y rsync vim wget curl git zip unzip mlocate make
# Core packages Icinga needs
# yum install httpd gcc glibc glibc-common gd gd-devel# yum install libjpeg libjpeg-devel libpng libpng-devel
# yum install -y net-snmp net-snmp-devel net-snmp-utils
# yum install mysql mysql-server libdbi libdbi-devel libdbi-drivers \ libdbi-dbd-mysql
Let’s build a download folder and get all the software from Icinga we will need.
# cd /opt
Download the latest core package
#wget http://sourceforge.net/projects/icinga/files/latest/download?source=files
This is the web front end its at version 1.8.1
#wget http://sourceforge.net/projects/icinga/files/icinga-web/1.8.1/icinga-web-1.8.1.tar.gz/download
Grab the nagios plugins too since we are here
#wget http://sourceforge.net/projects/nagiosplug/files/latest/download?source=files
Get the latest NRPE module
# wget http://sourceforge.net/projects/nagios/files/nrpe-2.x/nrpe-2.14/nrpe-2.14.tar.gz/download
Create a new Icinga user and give it a password:
/usr/sbin/useradd -m icinga
passwd icinga
Add the Icinga group:
/usr/sbin/groupadd icinga
For sending commands to the classic interface you’ll need to add the below:
/usr/sbin/groupadd icinga-cmd
/usr/sbin/usermod -a -G icinga-cmd icinga
/usr/sbin/usermod -a -G icinga-cmd apache
Compile and install Icinga:
tar xvf icinga-1.8.4.tar.gz
cd icinga-1.8.4
Run the configure script and make the install:
./configure –with-command-group=icinga-cmd
make all
make fullinstall
# Make install-config is only needed on a new install. Don’t do this if its an upgrade!
make install-config
Customizing the configuration:
Edit the /usr/local/icinga/etc/objects/contacts.cfg config file with your favorite editor and change the email address associated with the icingaadmin contact definition to the address you’d like to use for receiving alerts.
vim /usr/local/icinga/etc/objects/contacts.cfg
#email icinga@localhost ; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS ******
email user-name@your-email.com ; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS ******
Configure the classic web interface:
make cgis
make install-cgis
make install-html
Install the Apache config:
make install-webconf
Create an icingaadmin account for logging into the Icinga classic web interface. If you want to change it later, use the same command. Remember the password you assign to this account – you’ll need it later.
htpasswd -c /usr/local/icinga/etc/htpasswd.users icingaadmin
If you want to change it later or add another user:
htpasswd /usr/local/icinga/etc/htpasswd.users
Add Apache to startup and restart / start:
chkconfig httpd on
/etc/init.d/httpd restart
Extract and configure nagios plugins:
cd /opt/installs
tar -xvf nagios-plugins-1.4.16.tar.gz
cd nagios-plugins-1.4.16
./configure –prefix=/usr/local/icinga –with-cgiurl=/icinga/cgi-bin –with-nagios-user=icinga –with-nagios-group=icinga
make
make install
Extract and configure NRPE Plugin:
cd /opt/installs
tar -xvf nrpe-2.14.tar.gz
cd nrpe-2.14
./configure –with-ssl –with-nrpe-user=icinga –with-nrpe-group=icinga –with-nagios-user=icinga –with-nagios-group=icinga –libexecdir=/usr/local/icinga/libexec/ –bindir=/usr/local/icinga/bin/
make all && make install
RHEL and derived distributions like Fedora and CentOS are shipped with activated SELinux (Security Enhanced Linux) running in “enforcing” mode. This may lead to “Internal Server Error” messages when you try to invoke the Icinga-CGIs.
Check if SELinux runs in enforcing mode:
getenforce
Set SELinux in “permissive” mode:
setenforce 0
To make this change permanent you have to adjust this setting in /etc/selinux/config and restart the system.
Instead of deactivating SELinux or setting it into permissive mode you can use the following commands to run the CGIs in enforcing/targeted mode:
Add Icinga Core to startup:
chkconfig –add icinga
chkconfig icinga on
Verify the sample config:
/usr/local/icinga/bin/icinga -v /usr/local/icinga/etc/icinga.cfg
Total Warnings: 0
Total Errors: 0
Instead of specifying the paths to binary and config file you can issue:
/etc/init.d/icinga show-errors
Start up icinga core:
/etc/init.d/icinga start
Login to the classic interface with the icingaadmin user:
# Open a browser
Setup your web GUI account / password:
# Default login icingaadmin:icingaadmin – new users can be added with
htpasswd /etc/icinga/passwd youradmin
Set MySQL to start on boot up:
chkconfig mysqld on
Create Database, User, Grants:
# mysql -u root -p
mysql> CREATE DATABASE icinga;
GRANT USAGE ON icinga.* TO ‘icinga’@’localhost’
IDENTIFIED BY ‘icinga’
WITH MAX_QUERIES_PER_HOUR 0
MAX_CONNECTIONS_PER_HOUR 0
MAX_UPDATES_PER_HOUR 0;
GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE
ON icinga.* TO ‘icinga’@’localhost’;
FLUSH PRIVILEGES;
quit
Import database scheme for MySQL:
# mysql -u root -p icinga < /opt/icinga-1.9.3/module/idoutils/db/mysql/mysql.sql
You are done with the Icinga-Core and Classic Web Interface. Open icinga page in your browser and check it out the console.