How to Add Remote Linux Host into Icinga 2 Server

ADVERTISEMENT

Add Remote Linux Host into Icinga 2 Server
Add Remote Linux Host into Icinga 2 Server

In our previous article we have covered installing Icinga2 server on Ubuntu, Debian, and Mint; also we have the installation Icinga Web 2 in Linux. In this guide, we will look at how to add remote Linux host into the Icinga2 instance.

To enhance the security, Icinga2 uses SSL certificates for client and server communication. Server and Client communications happen on TCP port 5665, make sure you have configured the firewall to allow traffics in both ways.

ADVERTISEMENT
Article will continue after the ad

Architecture:

The following diagram shows the illustration of distributed Icinga2 Server-Client architecture.

Add Remote Linux Host into Icinga2 Server - Icinga2 Server-Client Architecture
Add Remote Linux Host into Icinga2 Server – Icinga2 Server-Client Architecture

Master Node – This is the top most node in structure, where you usually install Icinga Web 2. It combines executed checks from child nodes into notifications.

Satellite Node – This node can receive configurations for hosts or services, etc. from the master node. It may execute the checks on its own or delegate the checks to client nodes, and it can run even if the master node is unavailable.

Client Node – This node either receives a remote command execution from the parent node (master or satellite) or run its own configured checks.

Here, we will setup Master and Client node communication and be removing Satellite node. Architecture diagram will look like below.

Add Remote Linux Host into Icinga2 Server - Our Setup
Add Remote Linux Host into Icinga2 Server – Our Setup

Environment:

Master Node:

Hostname: server.itzgeek.local

IP Address: 192.168.12.6

OS: Ubuntu 16.04

Client Node 1:

Hostname: client.itzgeek.local

IP Address: 192.168.12.7

OS: Debian 8

Client Node 2:

Hostname: centos.itzgeek.local

IP Address: 192.168.12.8

OS: CentOS 7

Setup Icinga2 Master:

icinga2 node wizard command lets you to setup Icinga2 master/client depends on your requirements. Wizard must be run as root, and to make the node as master; you should answer the first question with “n” and then simply hit “Enter” until it finishes asking you the questions.

# icinga2 node wizard

Welcome to the Icinga 2 Setup Wizard!

We'll guide you through all required configuration details.

Please specify if this is a satellite setup ('n' installs a master setup) [Y/n]: n
Starting the Master setup routine...
Please specifiy the common name (CN) [server.itzgeek.local]: Enter
Checking for existing certificates for common name 'server.itzgeek.local'...
Certificates not yet generated. Running 'api setup' now.
information/cli: Generating new CA.
information/base: Writing private key to '/var/lib/icinga2/ca/ca.key'.
information/base: Writing X509 certificate to '/var/lib/icinga2/ca/ca.crt'.
information/cli: Generating new CSR in '/etc/icinga2/pki/server.itzgeek.local.csr'.
information/base: Writing private key to '/etc/icinga2/pki/server.itzgeek.local.key'.
information/base: Writing certificate signing request to '/etc/icinga2/pki/server.itzgeek.local.csr'.
information/cli: Signing CSR with CA and writing certificate to '/etc/icinga2/pki/server.itzgeek.local.crt'.
information/pki: Writing certificate to file '/etc/icinga2/pki/server.itzgeek.local.crt'.
information/cli: Copying CA certificate to '/etc/icinga2/pki/ca.crt'.
Generating master configuration for Icinga 2.
information/cli: Adding new ApiUser 'root' in '/etc/icinga2/conf.d/api-users.conf'.
information/cli: Enabling the 'api' feature.
Enabling feature api. Make sure to restart Icinga 2 for these changes to take effect.
information/cli: Dumping config items to file '/etc/icinga2/zones.conf'.
information/cli: Created backup file '/etc/icinga2/zones.conf.orig'.
Please specify the API bind host/port (optional): Enter
Bind Host []: Enter
Bind Port []: Enter
information/cli: Created backup file '/etc/icinga2/features-available/api.conf.orig'.
information/cli: Updating constants.conf.
information/cli: Created backup file '/etc/icinga2/constants.conf.orig'.
information/cli: Updating constants file '/etc/icinga2/constants.conf'.
information/cli: Updating constants file '/etc/icinga2/constants.conf'.
information/cli: Updating constants file '/etc/icinga2/constants.conf'.
Done.

Icinga2 Node Wizard does the following:

  1. It enables API feature.
  2. Creates the new certificate authority to sign the signing requests.
  3. Generates the new certificate signing request (CSR), sign it with own CA and then copy it into /etc/icinga2/pki/.
  4. Dumping configuration items (zone’s and endpoints) to /etc/icinga2/zones.conf
  5. Updating the /etc/icinga2/constants.conf file with NodeName and TicketSalt.

Verify the configurations files. Make sure your master node configurations should be like below.

# cat /etc/icinga2/constants.conf | egrep -i "ZoneName|TicketSalt"

const ZoneName = "server.itzgeek.local"
const TicketSalt = "cbb245e46abb4761983de83a9acd7ecd"

Update the /etc/icinga2/zones.conf file with master node details.

# vi /etc/icinga2/zones.conf

Replace “server.itzgeek.local” with your master node name.

/*
* Generated by Icinga 2 node setup commands
* on 2016-08-31 17:54:45 -0400
*/

object Endpoint "server.itzgeek.local" {
}

object Zone "server.itzgeek.local" {
endpoints = [ "server.itzgeek.local" ]
}

Restart the Icinga2 service to take an effect of master setup.

For SysVinit Systems:

# service icinga2 restart
# service icinga2 status

For Systemd Systems:

# systemctl restart icinga2.service
# systemctl status icinga2.service
ADVERTISEMENT

POSTS YOU MAY LIKE -:)

Share This Post

Shares