Icinga Install

Posted on by
1

I would like to get in to a more SysAdmin role, so I’ve been using a home lab to try to learn new tech. So I spent a few days  putting together a step-by-step run through for installing Icinga. This did two things: 1) I had to learned Icinga enough to use it 2) I had to understand installation enough to explain in.

I haven’t been much of a fan of MySQL, particularly since Oracle, so I wanted a PostgreSQL database, which took a bit of research to get it to not bug out. I refined the process down to a few steps.

This is only for Icinga w/ Postrgres on Enterprise Linux derived systems.

Below is the notes I worked from while making the videos. Note that I used Scientific Linux Minimal Installs to start, so I had to install everything I needed as I needed it.

#Server Install Steps
 
yum -y install httpd gcc glibc glibc-common gd gd-devel make
yum -y install libjpeg libjpeg-devel libpng libpng-devel
yum -y install postgresql postgresql-server libdbi libdbi-devel libdbi-drivers libdbi-dbd-pgsql
yum -y install lynx wget
yum -y install man ntpd
 
#Add icinga user
useradd -m icinga
passwd icinga
 
#Configure user for web interface
groupadd icinga-cmd
usermod -a -G icinga-cmd icinga
usermod -a -G icinga-cmd apache
 
cd /usr/src
 
#Download Icinga
lynx icinga.org
 
#Download Plugins
lynx nagiosplugins.org
 
#Install icinga
tar xzf icinga-1.5.1.tar.gz
cd icinga-1.5.1
./configure --with-command-group=icinga-cmd --enable-idoutils
make all
make fullinstall
make install-config
 
#Use the sample configs
cd /usr/local/icinga/etc/
cp ido2db.cfg-sample ido2db.cfg
cp idomod.cfg-sample idomod.cfg
 
#Enable idomod event broker module
vi /usr/local/icinga/etc/icinga.cfg
#Uncomment the example
 
#Setup the database
service postgresql initdb
service postgresql start
chkconfig postgresql on
su - postgres
> psql
>> CREATE USER icinga;
>> ALTER USER icinga WITH PASSWORD 'icinga';
>> CREATE DATABASE icinga;
> createlang plpgsql icinga;
 
#Trust
vi /var/lib/pgsql/data/pg_hba.conf
#icinga
local    icinga     icinga                    trust
 
#Reload config
service postgresql reload
 
#Build the schema
cd /usr/src/icinga-1.5.1/module/idoutils/db/pgsql
psql -U icinga -d icinga < pgsql.sql
 
#Edit the config to use Postgres
vi /usr/local/icinga/etc/ido2db.cfg
 
#Install the Classic Web Interface
cd /usr/src/icinga-1.5.1
make cgis
make install-cgis
make install-html
make install-webconf
 
#Create an htuser
htpasswd -c /usr/local/icinga/etc/htpasswd.users icingaadmin
 
#Restart Apache
service httpd restart
 
#Install nagios plugins
cd /usr/src/
tar nagios-plugins-1.4.15.tar.gz
cd nagios-plugins-1.4.15
 
./configure --prefix=/usr/local/icinga --with-cgiurl=/icinga/cgi-bin --with-htmurl=/icinga --with-nagios-user=icinga --with-nagios-group=icinga
make
make install
 
#Configure SELinux
#getenforce
#setenforce 0 #go to permissive
 
chcon -R -t httpd_sys_script_exec_t /usr/local/icinga/sbin/
chcon -R -t httpd_sys_content_t /usr/local/icinga/share/
chcon -t httpd_sys_script_rw_t /usr/local/icinga/var/rw/icinga.cmd
 
#Startup icinga
service ido2db start
/usr/local/icinga/bin/icinga -v /usr/local/icinga/etc/icinga.cfg
service icinga start
 
chkconfig --add icinga
chkconfig icinga on
 
#Open firewall
vim /etc/sysconfig/selinux
iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
service iptables save
 
#Install NRPE
cd /usr/src/
wget "https://git.icinga.org/?p=icinga-nrpe.git;a=snapshot;h=HEAD;sf=tgz" -O nrpe.tgz
tar xzf nrpe.tgz
cd icinga-nrpe
 
yum -y install openssl openssl-devel
./configure --enable-ssl
make all
make install-plugin
 
cd /usr/local/icinga/etc/objects/
 
#Add NRPE to the commands
vi commands.cfg
 
define  command {
command_name    check_nrpe_command
command_line    $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}
 
define  command {
command_name    check_nrpe_command_args
command_line    $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -a $ARG2$
}
 
#add host to objects
 
#reference object in icinga.cfg
 
##########
yum -y install php php-cli php-pear php-xmlrpc php-xsl php-pdo php-gd php-ldap php-pgsql
yum -y install epel-release  && \
yum -y install php-pear-phing && \
yum -y install php-pear-PHP-CodeSniffer
lynx http://sourceforge.net/projects/icinga/files/icinga-web/
#wget http://sourceforge.net/projects/icinga/files/icinga-web/1.5.2/icinga-web-1.5.2.tar.gz/download
#wget "https://git.icinga.org/?p=icinga-web.git;a=snapshot;h=HEAD;sf=tgz" -O icinga-web.tgz
tar xzvf icinga-web-1.5.2.tar.gz
 
./configure \
--prefix=/usr/local/icinga-web \
--with-web-user=apache \
--with-web-group=apache \
--with-web-path=/icinga-web \
--with-web-apache-path=/etc/httpd/conf.d \
--with-db-type=pgsql \
--with-db-host=localhost \
--with-db-port=5432 \
--with-db-name=icinga_web \
--with-db-user=icinga_web \
--with-db-pass=icinga_web \
--with-api-subtype=pgsql \
--with-api-port=5432 \
--with-api-db-pass=icinga_web \
--with-conf-folder=etc/conf.d \
--with-log-folder=log \
--with-db-socket=/usr/local/icinga/var/ido.sock \
--with-api-cmd-file=/var/icinga/rw/icinga.cmd
 
make install
 
vi /etc/php.ini
#date.timezone = America/New_York
 
su - postgres
> psql
>> CREATE USER icinga_web;
>> ALTER USER icinga_web WITH PASSWORD 'icinga_web';
>> CREATE DATABASE icinga_web;
#> createlang plpgsql icinga;
 
vi /var/lib/pgsql/data/pg_hba.conf
#icinga_web
host    icinga          icinga            ::1/128         trust
host    icinga_web      icinga_web      ::1/128         trust
 
service postgresql reload
make db-initialize
 
make install-apache-config
make install-done
 
#disable SELinux for the moment while I figure out the permissions
setenforce 0
 
#Disable the welcome.conf config
#comment out all the lines in
/etc/httpd/conf.d/welcome.conf
 
#Load the site
http://host/icinga-web

Quick Lab Update

Posted on by
3

I’ve been ignoring the blog, not the work. Took a bit more time than I would have liked, but I’ve got everything up. Well, except the switch. Not comfortable enough with that yet, so everything is on the same LAN right now.

Just wanted to post about the last week. I decided to have a go at setting up a completely virtualized lab. I used this TechHead article (VMware vSphere ESX: Install, Configure, Manage – Preparing your Test Lab). It’s a little dated, but everything still works as advertised, only version numbers have really changed.

Learned a lot more Vyatta than I expected to have to, learned a bit more about FreeNAS and OpenFiler. Honestly it was a  huge pain, and I’m not at all happy with the results. That is mainly because after I finally get things working slowly but surely, I can only run 32-bit VMs inside the vESXis. Which is fine I supposed, just it was never mentioned in the article explaining how to setup a lab for study. Major information oversight.

I’m keeping the VMs around if I decide to pull them out later, but I’ll probably start on another route for the time being. I’ll try to post over the next few days about my experiences this week.

New Home Lab Ordered

Posted on by
Reply

Well, I ordered hardware for my new lab Wednesday night. Several packages should be arriving today, but it will be Wednesday next week til the rest of the packages have arrived and I have time to put everything together.

I ordered everything from Newegg:

  • iStarUSA D-300-PFS
  • ASUS P7F-X
  • Intel Xeon 3440
  • Crucial 8GB (2 x 4GB) DDR3 1333
  • Antec EarthWatts Green EA-380D
  • 3x Samsung Spinpoint F3 1TB
  • Netgear GS724T-300NAS Gigabit Smart Switch

The plan is to migrate everything on the current ESXi host to the tiny storage server. (This is mostly complete already as I was expecting to have to do a reinstall before.) The 3x drives will then be placed in the old host, loaded with FreeNAS 8, and a RAIDZ pool configured. I’m hoping to be able to run some tests, see how 4GB of RAM, no L2ARC or separate ZIL maybe be impacting performance. SSDs are still a bit too expensive for L2ARC or ZIL. Another 4GB of RAM should be doable however.

The server should go together pretty easily. I still need to purchase some high speed USB drives to act as OS drives for these systems. The cheap HP thumb drives I have now just don’t cut it.

The switch will be a bit of an adventure. I expect I’ll be rebuilding my lab several times over the coming months, one because I expect to be moving in that time, but also as I figure out better ways to set things up, gain a better understanding, etc.

vSphere Essentials Kit

Posted on by
Reply

I’ve been looking into some upgrades for my home lab.  I’ve talked myself out of hardware (for the minute) but started looking into vSphere improvements, since I am only running a single ESXi install managed by vSphere Client.

Tomorrow I think I’m going to install a vSphere evaluation license, see whether it’s what I’m really looking for for a home lab learning environment, and perhaps spring for the vSphere Essentials Kit.  (Though waiting the 60-days would probably let a few more dollars make their way into my pocket.)

What I’d really like to know is whether Essentials Kit is really, almost, targeted at home lab setups.  VMware Store – VMware vSphere SMB Options The kit allows for up to 3, dual CPU servers which is just right for a basic lab.  But I can find no examples of what licensing options people are using for their home labs, or if anyone is taking advantage of this great deal.

Thoughts?

Terminal Multiplexing

Posted on by
1

I’ve spent the last couple days picking up new projects to look into (backups, cloning, network monitoring), which I plan to give some space on the blog as I work on.

For the moment, I spent some time today trying to compare the two most popular terminal multiplexers for *nix systems, screen and tmux.

The largest benefit of a terminal multiplexer to me is how it abstracts a terminal session and network connection.  Both screen and tmux allow you to start a session, detach from that session (possibly accidentally), and then reattach at a later time right where you left off and with all your programs still running.  This would have saved me hours upon hours of time in previous positions I’ve held.  The Windows desktop would crash for whatever reason, or just be in serious need of a restart, and I’d loose a dozen SSH sessions to half a dozen machines, then I’d spend 20 minutes reconnecting and getting back into place, trying to figure out where I had left off.  If I had known about (and had available) a terminal multiplexer, I could open one connection to each machine, start a screen or tmux session, spawn additional shells inside there, and if I lost my connection, reconnect and pick up EXACTLY where I left off.

I spent an hour or so today trying to compare screen and tmux, to decide which I would make my preferred terminal multiplexer.

For basic operations they’re virtually identical in operation.  I would be happy (and able) to use either for the basics, and probably will.  For that reason, I won’t say that my experience with one or the other affected my decision that I would try to stick with tmux in the future.

There a few reasons I’ve decided to side with tmux rather than screen.  The first to come to mind is the BSD licensing.  tmux is BSD, screen GPL, and I have better feelings about the BSD license.  Second, various blogs and articles around the web over the past year have written about the stagnation of the screen project.  Slow or non-existent patches and updates, crufted code, and a complex configuration file.  It seems to me that tmux is the future, and even if it never replaces screen, it has a strong presence and is here to stay, which is what will really matter.

Further Reading:
dayid’s screen and tmux cheat sheet
TMUX – The Terminal Multiplexer (Part 1)
Is tmux the GNU Screen killer?