Did you know that you can navigate the posts by swiping left and right?

Distributed Monitoring with Icinga2 - Part 3

01 Dec 2020 . category: Guide . Comments
#director #icinga2 #guide #distributed #monitoring

Part 01 — Setting up our Icinga2 Lab
Part 02 — Installing Icinga2
Part 03 — Installing IcingaWeb2
Part 04 — Establishing the Master Satellite Relationship
Part 05 — Addressing Design Flaws
Part 06 — Installing Icinga2 Director
Part 07 — Adding Client Endpoints
Part 23 — Summary

Installing IcingaWeb2


Now that we have Icinga2 installed on our Master and Satellites we setup IcingaWeb2 on Master. Since the Satellites exist so as to do remote checks on our client endpoints, they will not need the web server installed on them.

Since this guide will be just as much a journey, I will be showing any mistakes I made and how I troubleshooted them.

Installation Process

The first thing that we are going to want to do is to take a snapshot of our IcingaMaster VM, as per tradition. In case anything goes wrong we are going to want a fallback.

Installing MySQL

IcingaWeb2 uses MySQL database for its backend. You can install the database on a separate host, or if you are using AWS, in an RDS. However, for the scope of this guide, we will be installing the MySQL database on the IcingaMaster VM along side Icinga2.

apt install mysql-server mysql-client -y
systemctl enable --now mysql

Now we go through the secure installation and configuration with mysql_secure_installation

We used MySQLRoot123! for MySQL root password here. Make sure that your passwords are much more secure than this and stored in a safe place. I am noting the password here so that you know which passwords end up getting used where.

Now that MySQL has been given a secure baseline we can move on to setting up Icinga2 to use the MySQL database. To do this we need to install the ‘IDO Module’ for Icinga2.

apt install icinga2-ido-mysql -y

We will be using Icinga2IDODB! for the password here. Make sure that your passwords are much more secure than this and stored in a safe place. I am noting the password here so that you know which passwords end up getting used where.

Now we enable the feature and restart Icinga2

icinga2 feature enable ido-mysql
systemctl restart icinga2

Installing IcingaWeb2

Installing the web interface is straight forward. First thing we will do is install Icinga CLI, IcingaWeb2, and PHP GD packages

apt install icingaweb2 icingacli php-gd -y

Next we set the time zone in /etc/php/7.2/apache2/php.ini

root@IcingaMaster:/etc/php/7.2/apache2# sed 's/;date.timezone =/date.timezone = America\/New_York/g' php.ini | grep "date.timezone ="
date.timezone = America/New_York

sed -i 's/;date.timezone =/date.timezone = America\/New_York/g' php.ini
systemctl restart apache2
systemctl status apache2

You can find a list of PHP’s supported Timezones here

Next we will configure a new database for IcingaWeb2 called icingaweb2 and give the user icingaweb2 with password IcingaWeb2DB! permissions for the database

mysql -u root -p
create database icingaweb2;
grant all privileges on icingaweb2.* to icingaweb2@localhost identified by 'IcingaWeb2DB!';
flush privileges;

Next we generate a setup token

icingacli setup token create
The newly generated setup token is: f4f51f23c8d3777b

Now it is time to open a browser and configure the WebUI.

Paste in the setup token you generated moments ago

Make sure everything except the PostgreSQL is green before continuing. If anything is not green then make sure to go back over the previous steps and ensure you did not skip anything

2560 1440p

We will be using the database for authentication here. Later on down the road we can set it up so that we use Active Directory (or LDAP) for authentication. However, since I am not a cool kid with AD in his homelab, database authentication will have to do.

We will be using the icingaweb2/IcingaWeb2DB! credentials here. After validating our configuration we can go on to the next step

Icinga2IDODB! IcingaAdminPassword123!

Enabling SSL for IcingaWeb2

to do

Resources Used


Special Mentions


Offensive Security Engineer and Homelabber.
If you have any questions, want to provide feedback,
or have some suggested edits, feel free to open an issue on my Blog repository.