How to Add Remote Linux Host into Icinga 2 Server

Generate a Ticket:

When you run a icinga node wizard in client machines, the wizard sends a certificate signing request to master node. To auto sign a request, master node requires a valid ticket from clients. You must generate the ticket beforehand. Run the following command to generate the ticket for the client “client.itzgeek.local“.

# icinga2 pki ticket --cn 'client.itzgeek.local'
ecbc7fcbcb553112579aa5d4e7f1961dc3c64cb5

Setup Icinga2 Client:

Make sure you have Icinga 2 package and Nagios plugins are installed on your client machine. If you haven’t done already, please follow below steps to install the same.

Configure Icinga 2 repository depends on your operating system.

Debian (debmon): (Replace jessie with Wheezy for Debian Wheezy)

# wget -O - https://debmon.org/debmon/repo.key 2>/dev/null | apt-key add -
# echo 'deb http://debmon.org/debmon debmon-jessie main' >/etc/apt/sources.list.d/debmon.list
# echo 'deb http://httpredir.debian.org/debian jessie-backports main' >> /etc/apt/sources.list.d/debmon.list
# apt-get update

Ubuntu (PPA):

# add-apt-repository ppa:formorer/icinga
# apt-get update

RHEL/CentOS 7:

# yum install epel-release
# yum install https://packages.icinga.org/epel/7/release/noarch/icinga-rpm-release-7-1.el7.centos.noarch.rpm

RHEL/CentOS 6:

# yum install epel-release
# yum install https://packages.icinga.org/epel/6/release/noarch/icinga-rpm-release-6-1.el6.noarch.rpm

Fedora 24:

# dnf install https://packages.icinga.org/fedora/24/release/noarch/icinga-rpm-release-24-1.fc24.noarch.rpm

openSUSE:

# zypper ar http://packages.icinga.org/openSUSE/ICINGA-release.repo
# zypper ref

Now, install Icinga 2 and Nagios plugins using the following command.

Debian/Ubuntu:

# apt-get install icinga2
# apt-get install nagios-plugins

RHEL/CentOS:

# yum install icinga2
# yum install nagios-plugins-all

Fedora:

# dnf install icinga2
# dnf install nagios-plugins-all

openSUSE:

# zypper install icinga2
# zypper install monitoring-plugins

Start the Icinga 2 service and verify that it is running.

RHEL 7 / CentOS 7 / Fedora / openSUSE:

# systemctl restart icinga2
# systemctl status icinga2
# systemctl enable icinga2

RHEL 6 / CentOS 6:

# service icinga2 restart
# service icinga2 status
# chkconfig icinga2 on

Debian / Ubuntu (For SysVinit systems):

# service icinga2 restart
# service icinga2 status
# update-rc.d icinga2 defaults

Debian / Ubuntu (For Systemd systems):

# systemctl restart icinga2
# systemctl status icinga2
# systemctl enable icinga2

Run the Icinga Node Wizard on client:

root@client:~# icinga2 node wizard
Welcome to the Icinga 2 Setup Wizard!

We'll guide you through all required configuration details.

Please specify if this is a satellite setup ('n' installs a master setup) [Y/n]: y
Starting the Node setup routine...
Please specifiy the common name (CN) [client.itzgeek.local]: client.itzgeek.local
Please specify the master endpoint(s) this node should connect to:
Master Common Name (CN from your master setup): server.itzgeek.local
Do you want to establish a connection to the master from this node? [Y/n]: y
Please fill out the master connection information:
Master endpoint host (Your master's IP address or FQDN): 192.168.12.6
Master endpoint port [5665]: 5665
Add more master endpoints? [y/N]: n
Please specify the master connection for CSR auto-signing (defaults to master endpoint host): Enter
Host [192.168.12.6]: Enter
Port [5665]: Enter
information/base: Writing private key to '/etc/icinga2/pki/client.itzgeek.local.key'.
information/base: Writing X509 certificate to '/etc/icinga2/pki/client.itzgeek.local.crt'.
information/cli: Fetching public certificate from master (192.168.12.6, 5665):

Certificate information:

 Subject:     CN = server.itzgeek.local
 Issuer:      CN = Icinga CA
 Valid From:  Aug 31 21:54:45 2016 GMT
 Valid Until: Aug 28 21:54:45 2031 GMT
 Fingerprint: 4C 6D 49 09 C0 A5 66 3C 77 12 3C 58 AF 78 08 DC 11 53 A8 68

Is this information correct? [y/N]: y
information/cli: Received trusted master certificate.

Please specify the request ticket generated on your Icinga 2 master.
 (Hint: # icinga2 pki ticket --cn 'client.itzgeek.local'): ecbc7fcbcb553112579aa5d4e7f1961dc3c64cb5
information/cli: Requesting certificate with ticket 'ecbc7fcbcb553112579aa5d4e7f1961dc3c64cb5'.

information/cli: Created backup file '/etc/icinga2/pki/client.itzgeek.local.crt.orig'.
information/cli: Writing signed certificate to file '/etc/icinga2/pki/client.itzgeek.local.crt'.
information/cli: Writing CA certificate to file '/etc/icinga2/pki/ca.crt'.
Please specify the API bind host/port (optional): Enter
Bind Host []: Enter
Bind Port []: Enter
Accept config from master? [y/N]: y
Accept commands from master? [y/N]: y
information/cli: Disabling the Notification feature.
Disabling feature notification. Make sure to restart Icinga 2 for these changes to take effect.
information/cli: Enabling the Apilistener feature.
Enabling feature api. Make sure to restart Icinga 2 for these changes to take effect.
information/cli: Created backup file '/etc/icinga2/features-available/api.conf.orig'.
information/cli: Generating local zones.conf.
information/cli: Dumping config items to file '/etc/icinga2/zones.conf'.
information/cli: Created backup file '/etc/icinga2/zones.conf.orig'.
information/cli: Updating constants.conf.
information/cli: Created backup file '/etc/icinga2/constants.conf.orig'.
information/cli: Updating constants file '/etc/icinga2/constants.conf'.
information/cli: Updating constants file '/etc/icinga2/constants.conf'.
Done.

Now restart your Icinga 2 daemon to finish the installation!

Wizard does the following,

  1. Fetches the public certificate from the master
  2. Client requests for a certificate from the master with the valid ticket and then it saves it into /etc/icinga2/pki/.
  3. Updates the zones and constants.

POSTS YOU MAY LIKE -:)

Share This Post

Shares