icinga
hostgroup.cfg
<?php
$URL="https://raw.githubusercontent.com/panticz/icinga/master/objects/hostgroup.cfg";
echo "wget -q $URL -O /etc/icinga/objects/hostgroup.cfg";
echo "
"; $c = curl_init(); curl_setopt($c, CURLOPT_URL, $URL); curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); echo htmlspecialchars(curl_exec($c)); curl_close($c); echo "
";
?>
Icinga objects: commands.cfg
<?php
$URL="https://raw.githubusercontent.com/panticz/icinga/master/objects/commands.cfg";
echo "wget -q $URL -O /etc/icinga/objects/commands.cfg";
echo "
"; $c = curl_init(); curl_setopt($c, CURLOPT_URL, $URL); curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); echo htmlspecialchars(curl_exec($c)); curl_close($c); echo "
";
?>
Puppet: Icinga SSH client module
Enable Pluginsync on client
sed -i '/\[main\]/a\pluginsync=true\' /etc/puppet/puppet.conf
create Nullmailer module
http://www.panticz.de/Puppet-Nullmailer-module
create module structure
mkdir -p /etc/puppet/modules/icinga_ssh_client/manifests
mkdir -p /etc/puppet/modules/icinga_ssh_client/files
download module definiction
<?php
$URL="https://raw.githubusercontent.com/panticz/puppet/master/modules/icinga_ssh_client/init.pp";
echo "wget -q $URL -O /etc/puppet/modules/icinga_ssh_client/manifests/init.pp";
echo "
"; $c = curl_init(); curl_setopt($c, CURLOPT_URL, $URL); curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); echo htmlspecialchars(curl_exec($c)); curl_close($c); echo "
";
?>
add include to your client in /etc/puppet/manifests/site.pp
node "client1.local" inherits default {
...
include icinga_ssh_client
include nullmailer
...
}
Example: /etc/puppet/modules/icinga_ssh_client/files/id_rsa.pub
ssh-rsa ADAAB3NzaC3yc2EAAAADAEulgMUFyT9y2DaZYXHUdLWvkE9TKE+OVO8jYhmGG2BMmL5Ad3D+flpTMQfpp7EVJg2vTBSiVG4kCVicvb nagios@icinga
# (auto) create new host / object on icinga
cat /etc/icinga/objects/puppet.cfg
define host {
host_name puppet
address 192.168.1.173
use generic-host
hostgroups debian
}
TODO
# (auto) remove old hosts from /var/lib/nagios/.ssh/known_hosts on icinga
# (auto) import new host to /var/lib/nagios/.ssh/known_hosts on icinga
# add raid check
#apt-get install -y hddtemp
#wget -q "http://exchange.nagios.org/components/com_mtree/attachment.php?link_id=341&cf_id=24" -O /usr/lib/nagios/plugins/check_hddtemp
#chmod go+x /usr/lib/nagios/plugins/check_hddtemp
Links
http://serverfault.com/questions/411245/puppetlabs-file-line-type-not-working
http://serverfault.com/questions/238708/adding-lines-to-etc-profile-with-puppet
Icinga objects
Host
http://www.panticz.de/icinga-cbjects-debian_xen_host.cfg
VoIP phone
http://www.panticz.de/icinga-cbjects-sipphone1.cfg
# disable service
register 0
Examples
define serviceescalation {
host_name localhost
service_description HTTP
first_notification 5
contact_groups admins, managers
escalation_condition host linux=d | service linux.SSH=w,c
}
Snippets
# certificate check
define service {
use generic-service
host_name www.example.com
Install icinga srver
<?php
$URL="https://raw.githubusercontent.com/panticz/installit/master/install.icinga.sh";
echo "wget $URL -O - | bash -";
echo "
"; $c = curl_init(); curl_setopt($c, CURLOPT_URL, $URL); curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); echo htmlspecialchars(curl_exec($c)); curl_close($c); echo "
";
?>
Admin login
http://YOUR_IP/icinga/
user: icingaadmin
pass: icingaadmin
Icinga Apache configuration
/etc/apache2/conf-available/icinga.conf
Icinga repository
http://packages.icinga.org/
Enable automatic updates
# http://www.panticz.de/debian-ubuntu-automatic-upgrades
wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/scripts/master/enable_auto_update.sh -O - | bash -
configure contact
sed -i 's|root@localhost|YOUR@EMAIL-ADDRESS.com|g' /etc/icinga/objects/contacts_icinga.cfg
change password
htpasswd -c /etc/icinga/htpasswd.users icingaadmin
plugins
http://www.panticz.de/Icinga-plugins
LDAP
a2enmod authnz_ldap
echo "pass1234" > /etc/apache2/ldap_password.inc
chmod 600 /etc/apache2/ldap_password.inc
sed -i 's|=icingaadmin|=*|g' /etc/icinga/cgi.cfg
/etc/icinga/apache2.conf
- AuthUserFile /etc/icinga/htpasswd.users
+ AuthBasicProvider ldap
+ AuthLDAPBindDN "ldap@example.com"
+ AuthLDAPBindPassword "exec:/bin/cat /etc/apache2/ldap_password.inc"
+ AuthLDAPURL "ldap://ldap.example.com:3268/dc=example,dc=com?sAMAccountName?sub?(objectClass=*)" NONE
+ AuthLDAPRemoteUserIsDN off
+ Require ldap-group CN=IPG.DevOps,OU=_IntranetPermissionGroups,DC=example,DC=com
service apache2 restart
# config
https://wiki.icinga.org/display/Dev/Icinga+Core+Debug+Config
# cgi
http://docs.icinga.org/latest/de/cgiparams.html#cgiparams-ahas
http://icinga.example.com/cgi-bin/icinga/status.cgi?servicestatustypes=20&noheader=1
Links
http://www.debmon.org/ - Debian Monitoring Project
http://packages.debian.org/wheezy/icinga
http://packages.icinga.org/debian/ - Icinga repository
https://www.icinga.org/icinga2/ - Icinga 2 preview
http://www.sysadminslife.com/monitoring-2/icinga-1-9-installation-unter-debian-squeeze-wheezy-aktuellste-version/