How to Add Remote Linux Host on Icinga2 Server to monitor

We have already covered in our previous article, Icinga2 installation on RPM based systems such as CentOS, RHEL, Fedora & openSUSE also we have covered Icingaweb2 installation in Linux. Adding one more article into that, here i’m going to show you how to Add Remote Linux host into Icinga2 server to monitor. Icinga2 uses its own unique and secure communication protocol to establish the communication between Client & Server by TLS with certificates, and fully supports IPv4 and IPv6. Icinga2 clients will sync their locally defined objects to the defined master node such as ‘ping4’, ‘ssh’, ‘http’, ‘disk’, ‘disk /’, ‘icinga’, ‘load’, ‘procs’, ‘swap’ & ‘users’

Icinga 2 master, satellite and client instances communicate using the default tcp port 5665. The connections are parent zone nodes to Client zone nodes (parent => child) or client zone nodes to parent zone nodes (parent <= child). So allow the port number on your firewall according that.

Icinga2 Master : Setup the Master for Remote Clients

Run the icinga2 node wizard CLI command on your master to setup a new node on the master. The command must be run as root, all Icinga 2 specific files will be updated to the icinga user. Make sure to answer the first question with n (no) and simply hit Enter wherever you are until finish this setup.

# Run icinga2 node wizard to setup Master for Remote Client #
# icinga2 node wizard
Welcome to the Icinga 2 Setup Wizard!

We'll guide you through all required configuration details.

Please specify if this is a satellite setup ('n' installs a master setup) [Y/n]: n
Starting the Master setup routine...
Please specifiy the common name (CN) [vps50253.vps.ovh.ca]: Press Enter
Checking for existing certificates for common name 'vps50253.vps.ovh.ca'...
Certificates not yet generated. Running 'api setup' now.
information/cli: Generating new CA.
information/base: Writing private key to '/var/lib/icinga2/ca/ca.key'.
information/base: Writing X509 certificate to '/var/lib/icinga2/ca/ca.crt'.
information/cli: Generating new CSR in '/etc/icinga2/pki/vps50253.vps.ovh.ca.csr'.
information/base: Writing private key to '/etc/icinga2/pki/vps50253.vps.ovh.ca.key'.
information/base: Writing certificate signing request to '/etc/icinga2/pki/vps50253.vps.ovh.ca.csr'.
information/cli: Signing CSR with CA and writing certificate to '/etc/icinga2/pki/vps50253.vps.ovh.ca.crt'.
information/cli: Copying CA certificate to '/etc/icinga2/pki/ca.crt'.
Generating master configuration for Icinga 2.
information/cli: Adding new ApiUser 'root' in '/etc/icinga2/conf.d/api-users.conf'.
information/cli: Enabling the 'api' feature.
Enabling feature api. Make sure to restart Icinga 2 for these changes to take effect.
information/cli: Dumping config items to file '/etc/icinga2/zones.conf'.
information/cli: Created backup file '/etc/icinga2/zones.conf.orig'.
Please specify the API bind host/port (optional):Press Enter
Bind Host []: Press Enter
Bind Port []: Press Enter
information/cli: Created backup file '/etc/icinga2/features-available/api.conf.orig'.
information/cli: Updating constants.conf.
information/cli: Created backup file '/etc/icinga2/constants.conf.orig'.
information/cli: Updating constants file '/etc/icinga2/constants.conf'.
information/cli: Updating constants file '/etc/icinga2/constants.conf'.
information/cli: Updating constants file '/etc/icinga2/constants.conf'.
Done.

The setup wizard will do the following:

  • Check if the api feature is already enabled, and if not: ◦Generate a local CA in /var/lib/icinga2/ca or use the existing one
  • Generate a new CSR, sign it with the local CA and copying it into /etc/icinga2/pki
  • Enabling the API feature, and setting optional bind_host and bind_port
  • Generate a local zone and endpoint configuration for this master based on FQDN
  • Setting the NodeName and TicketSalt constants in constants.conf

Make sure your configuration file should be like below. If no, modify it according it (NodeName : your Icinga2 maser server host name).

# Check Master NodeName & Const TicketSalt #
# egrep 'NodeName|TicketSalt' /etc/icinga2/constants.conf
const NodeName = "vps50253.vps.ovh.ca"
const TicketSalt = "f3ca267a2fc59a8350c50363902ed506"

# Modify zone.conf file according your hostname (NodeName : your Icinga2 maser server host name) #
# cat /etc/icinga2/zones.conf
/*
 * Generated by Icinga 2 node setup commands
 * on 2016-01-27 06:33:31 -0500
 */

 object Endpoint "vps50253.vps.ovh.ca" {
 }

 object Zone ZoneName {
        endpoints = [ "vps50253.vps.ovh.ca" ];
}

The setup wizard does not automatically restart Icinga2, So Restart the Icinga2 and check the status everything is fine.

# For SysVinit Systems #
# service icinga2 restart
# service icinga2 status

# For Systemd Systems #
# systemctl restart icinga2.service
# systemctl status icinga2.service

Generate secure ticket salt for CSR Auto-Signing on Icinga2 server for Remote Client.

# ticket salt for CSR Auto-Signing (Remote Client HostName : 2daygeek) #
# icinga2 pki ticket --cn '2daygeek'
2fdfec3b98221622841cc437ee74b09a1f44bd04

Icinga2 Client : Setup the Remote Client on Linux for Icinga2

Install Icinga2 from your distribution’s package and make sure your systme shoud have installed openSSH package which will handle SSL communication. Then run the Icingaweb2 installation in client.

# Install Icinga2 Service #
# apt-get install icinga2

# For RHEL/CentOS/Fedora 21 and older system #
# yum install icinga2

# For Fedora 21 and later systems #
# dnf install icinga2

# For suse & openSUSE systems #
# zypper install icinga2

# For SysVinit systems #
# service icinga2 start

# For Systemd systems #
# systemctl start icinga2.service

Install Icinga2 Node wizard into Remote Linux Host.

# icinga2 node wizard
Welcome to the Icinga 2 Setup Wizard!

We'll guide you through all required configuration details.

Please specify if this is a satellite setup ('n' installs a master setup) [Y/n]:Enter 
Starting the Node setup routine...
Please specifiy the common name (CN) [2daygeek]: Enter
Please specifiy the local zone name [2daygeek]: Enter
Please specify the master endpoint(s) this node should connect to:Enter
Master Common Name (CN from your master setup): vps50253.vps.ovh.ca
Do you want to establish a connection to the master from this node? [Y/n]: y
Please fill out the master connection information:Enter
Master endpoint host (Your master's IP address or FQDN): 192.99.246.33
Master endpoint port [5665]: Enter
Add more master endpoints? [y/N]:  Enter
Please specify the master connection for CSR auto-signing (defaults to master endpoint host):Enter
Host [192.99.246.33]: Enter
Port [5665]: Enter
information/base: Writing private key to '/etc/icinga2/pki/2daygeek.key'.
information/base: Writing X509 certificate to '/etc/icinga2/pki/2daygeek.crt'.
information/cli: Generating self-signed certifiate:
information/cli: Fetching public certificate from master (192.99.246.33, 5665):

information/cli: Writing trusted certificate to file '/etc/icinga2/pki/trusted-master.crt'.
information/cli: Stored trusted master certificate in '/etc/icinga2/pki/trusted-master.crt'.

Please specify the request ticket generated on your Icinga 2 master.
 (Hint: # icinga2 pki ticket --cn '2daygeek'): 2fdfec3b98221622841cc437ee74b09a1f44bd04
information/cli: Processing self-signed certificate request. Ticket '2fdfec3b98221622841cc437ee74b09a1f44bd04'.

information/cli: Created backup file '/etc/icinga2/pki/2daygeek.crt.orig'.
information/cli: Writing signed certificate to file '/etc/icinga2/pki/2daygeek.crt'.
information/cli: Writing CA certificate to file '/etc/icinga2/pki/ca.crt'.
Please specify the API bind host/port (optional):Enter
Bind Host []: Enter
Bind Port []: Enter
Accept config from master? [y/N]: y
Accept commands from master? [y/N]: y
information/cli: Disabling the Notification feature.
Disabling feature notification. Make sure to restart Icinga 2 for these changes to take effect.
information/cli: Enabling the Apilistener feature.
Enabling feature api. Make sure to restart Icinga 2 for these changes to take effect.
information/cli: Created backup file '/etc/icinga2/features-available/api.conf.orig'.
information/cli: Generating local zones.conf.
information/cli: Dumping config items to file '/etc/icinga2/zones.conf'.
information/cli: Created backup file '/etc/icinga2/zones.conf.orig'.
information/cli: Updating constants.conf.
information/cli: Created backup file '/etc/icinga2/constants.conf.orig'.
information/cli: Updating constants file '/etc/icinga2/constants.conf'.
information/cli: Updating constants file '/etc/icinga2/constants.conf'.
Done.

You may also like...