In our previous article, we have covered the installation of Icinga 2 server and the installation of Icinga Web 2. In this guide, we will look at how to add remote Linux machines into Icinga 2 server.
Article Series
Icinga 2
1: How To Install Icinga 2 on CentOS 7 / RHEL 7
2: How To Install Icinga 2 on Ubuntu 18.04 / 16.04 / Debian 9
Icinga Web 2
1: How To Setup Icinga Web 2 on CentOS 7 / RHEL 7
2: How To Setup Icinga Web 2 on Ubuntu 18.04 / 16.04 / Debian 9
Icinga Client
1: How To Add Remote Linux Machines into Icinga 2 Monitoring Tool
To enhance the security, Icinga2 uses SSL certificates for client and server communication.
Server and Client communications happen on TCP port 5665. So, make sure you have configured the firewall to allow traffics in both ways.
Architecture
The following diagram shows the illustration of distributed Icinga 2 Server-Client architecture.
Master Node – This is the topmost node in structure, where you usually install Icinga 2 and Icinga Web 2. It combines executed checks from child nodes into notifications.
Satellite Node – This node can receive configurations for hosts or services, etc from the master node. It may execute the checks on its own or delegate the checks to client nodes, and it can run even if the master node is unavailable.
Client Node – This node either receives a remote command execution from the parent node (master or satellite) or run its own configured checks.
Here, we will setup Master and Client node communication and be removing Satellite node.
Our setup diagram will look like below.
Environment
| Host Name | IP Address | OS | Purpose |
|---|---|---|---|
| server.itzgeek.local | 192.168.1.10 | CentOS 7 / Ubuntu 18.04 / Debian 9 | Master Node |
| centos.itzgeek.local | 192.168.1.20 | CentOS 7 | Client Node 1 |
| ubuntu.itzgeek.local | 192.168.1.30 | Ubuntu 18.04 | Client Node 2 |
Setup Icinga2 Master
Icinga2 node wizard command will help you to setup Icinga 2 master. The wizard must be run as root.
icinga2 node wizard
Output:
Welcome to the Icinga 2 Setup Wizard!
We will guide you through all required configuration details.
Please specify if this is a satellite/client setup ('n' installs a master setup) [Y/n]: n << Setup Master
Starting the Master setup routine...
Please specify the common name (CN) [server.itzgeek.local]: << Press Enter
Reconfiguring Icinga...
Checking for existing certificates for common name 'server.itzgeek.local'...
Certificate '/var/lib/icinga2/certs//server.itzgeek.local.crt' for CN 'server.itzgeek.local' already existing. Skipping certificate generation.
Generating master configuration for Icinga 2.
'api' feature already enabled.
Master zone name [master]: << Press Enter
Default global zones: global-templates director-global
Do you want to specify additional global zones? [y/N]: N << Press N and Enter
Please specify the API bind host/port (optional):
Bind Host []: << Press Enter
Bind Port []: << Press Enter
Do you want to disable the inclusion of the conf.d directory [Y/n]: Y << Press Y and Enter
Disabling the inclusion of the conf.d directory...
Checking if the api-users.conf file exists...
Done.
Now restart your Icinga 2 daemon to finish the installation!
Icinga2 Node Wizard does the following:
- It enables the API feature, if it is not already enabled.
- Creates the new certificate authority to sign the signing requests.
- Generates the new certificate signing request (CSR), sign it with own CA
- Dumping configuration items (zone’s and endpoints) to /etc/icinga2/zones.conf
- Updating the /etc/icinga2/constants.conf file with NodeName and TicketSalt.
Verify the configurations files.
cat /etc/icinga2/constants.conf | egrep -i "ZoneName|TicketSalt"
Make sure your master node configurations should be like below.
const ZoneName = "server.itzgeek.local" const TicketSalt = "16ad49e3cf16628ba1be0f021414805f"
Ensure the /etc/icinga2/zones.conf file has the master node details.
cat /etc/icinga2/zones.conf
Output:
/*
* Generated by Icinga 2 node setup commands
* on 2018-09-23 10:47:55 +0530
*/
object Endpoint "server.itzgeek.local" {
}
object Zone "master" {
endpoints = [ "server.itzgeek.local" ]
}
Restart the Icinga2 service to take an effect of master setup.
### For Systemd Systems ### systemctl restart icinga2 ### For SysVinit Systems ### service icinga2 restart