icinga

warning: Creating default object from empty value in /data/web/1/000/027/003/273448/htdocs/panticz.de/modules/taxonomy/taxonomy.pages.inc on line 33.

hostgroup.cfg

wget -q https://raw.githubusercontent.com/panticz/icinga/master/objects/hostgroup.cfg -O /etc/icinga/objects/hostgroup.cfg

define hostgroup {
    hostgroup_name host
    alias Physical machine
}

define hostgroup {
    hostgroup_name raid1
    alias RAID1 check
}

define hostgroup {
    hostgroup_name raid5
    alias RAID5 check
}

define hostgroup {
    hostgroup_name debian
    alias Debian server
}

define hostgroup {
    hostgroup_name snom
    alias Snom VoIP phones 
}

define hostgroup {
    hostgroup_name mx
    alias Mailserver
}

define hostgroup {
    hostgroup_name printer 
    alias Printer
}

Icinga objects: commands.cfg

wget -q https://raw.githubusercontent.com/panticz/icinga/master/objects/commands.cfg -O /etc/icinga/objects/commands.cfg

define command {
  command_name ssh_check_disk
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_disk -w $ARG2$ -c $ARG3$ -p $ARG1$"
}

define command {
  command_name ssh_check_mem
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_mem -w $ARG1$ -c $ARG2$ -f -C"
}

define command {
  command_name ssh_check_load
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_load -w $ARG1$,$ARG2$,$ARG3$ -c $ARG4$,$ARG5$,$ARG6$"
}

define command {
  command_name ssh_check_procs
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$"
}

define command {
  command_name ssh_check_procs_zombie
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s Z"
}

define command {
  command_name ssh_check_users
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_users -w $ARG1$ -c $ARG2$"
}

define command {
  command_name snmp_check_printer
  command_line /usr/lib/nagios/plugins/check_printer $HOSTADDRESS$ public $ARG1$ $ARG2$
}

define command {
  command_name ssh_check_swap
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_swap -w $ARG1$ -c $ARG2$"
}

define command {
  command_name ssh_check_apt
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_apt"
}

define command {
  command_name check_ping_8.8.8.8
  command_line /usr/lib/nagios/plugins/check_ping -H 8.8.8.8 -w 100.0,20% -c 500.0,60%
}

define command {
  command_name ssh_check_log
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_log -F $ARG1$ -O /dev/null -q '$ARG2$'"
}

define command {
  command_name ssh_check_raid
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_raid"
}

define command {
  command_name ssh_check_hddtemp
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_hddtemp /dev/$ARG1$ $ARG2$ $ARG3$"
}

define command {
  command_name ssh_check_ide_smart
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_ide_smart -d /dev/$ARG1$ -n"
}

define command {
  command_name ssh_check_cert_expire
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_cert_expire $ARG1$"
}

define command {
  command_name ssh_check_temp
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_temp $ARG1$ $ARG2$"
}

define command {
  command_name check_http_uri_regex
  command_line /usr/lib/nagios/plugins/check_http -H $HOSTADDRESS$ -u '$ARG1$' -r '$ARG2$'
}

define command {
  command_name check_http_uri_time
  command_line /usr/lib/nagios/plugins/check_http -t 20 -H $HOSTADDRESS$ -u '$ARG1$' -w '$ARG2$' -c '$ARG3$'
}

define command {
  command_name check_snmp
  command_line /usr/lib/nagios/plugins/check_snmp -H $HOSTADDRESS$ -o '$ARG1$' -w '$ARG2$' -c '$ARG3$'
}

define command {
  command_name check_printer_total_page_count
  command_line /usr/lib/nagios/plugins/check_snmp -H $HOSTADDRESS$ -o 1.3.6.1.2.1.43.10.2.1.4.1.1 -w '$ARG2$' -c '$ARG3$'
}

define command {
  command_name check_snom_registration_status
  command_line /usr/lib/nagios/plugins/check_snmp -H $HOSTADDRESS$ -o 1.3.6.1.2.1.7526.2.3.$ARG1$ -s 1
}

define command {
  command_name check_snom_firmware_version
  command_line /usr/lib/nagios/plugins/check_snmp -H $HOSTADDRESS$ -o 1.3.6.1.2.1.7526.2.4 -r '$ARG1$'
}

define command {
  command_name check_snmp_printer
  command_line /usr/lib/nagios/plugins/check_snmp_printer -H $HOSTADDRESS$ -x "$ARG1$" -w $ARG2$ -c $ARG3$
}

define command {
  command_name check_smb_share
  command_line /usr/lib/nagios/plugins/check_smb_share -H $HOSTADDRESS$ -s "$ARG1$"
}

define command {
  command_name ssh_check_oracle_tns
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_oracle --tns $ARG1$ "
}

define command {
  command_name ssh_check_mailq
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_mailq -w $ARG1$ -c $ARG2$ "
}

define command {
  command_name check_http_number
  command_line /usr/lib/nagios/plugins/check_http_number "$ARG1$" "$ARG2$" "$ARG3$"
}

define command {
  command_name ssh_check_sensors
  command_line /usr/lib/nagios/plugins/check_by_ssh -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_sensors -d /dev/$ARG1$ -n"
}

define command {
    command_name check_url
    command_line /usr/lib/nagios/plugins/check_http -H '$ARG1$' -p '$ARG2$' -u '$ARG3$' -s '$ARG4$' -f follow
}

Puppet: Icinga SSH client module

Enable Pluginsync on client
sed -i '/\[main\]/a\pluginsync=true\' /etc/puppet/puppet.conf

create Nullmailer module
http://www.panticz.de/Puppet-Nullmailer-module

create module structure
mkdir -p /etc/puppet/modules/icinga_ssh_client/manifests
mkdir -p /etc/puppet/modules/icinga_ssh_client/files

download module definiction
wget -q https://raw.githubusercontent.com/panticz/puppet/master/modules/icinga_ssh_client/init.pp -O /etc/puppet/modules/icinga_ssh_client/manifests/init.pp

class icinga_ssh_client {
    package { "nagios-plugins-basic":
        ensure => installed,
    }

    # http://raw.github.com/justintime/nagios-plugins/master/check_mem/check_mem.pl
    file { "/usr/lib/nagios/plugins/check_mem":
        mode => 755,
        owner => root,
        group => root,
        require => Package['nagios-plugins-basic'],
        source => "puppet:///modules/icinga_ssh_client/check_mem",
    }

    # apt-get install -y nagios-plugins-contrib --no-install-recommends
    file { "/usr/lib/nagios/plugins/check_raid":
        mode => 755,
        owner => root,
        group => root,
        require => Package['nagios-plugins-basic'],
        source => "puppet:///modules/icinga_ssh_client/check_raid",
    }

    # TODO: relative path to id_rsa.pub
    # extract data from public key file (e.g. /var/lib/nagios/.ssh/id_rsa.pub)
    $ssh = split(file("/etc/puppet/modules/icinga_ssh_client/files/id_rsa.pub"), ' ')
    $ssh_type = values_at($ssh, 0)
    $ssh_key = values_at($ssh, 1)
    $ssh_id = values_at($ssh, 2)
    ssh_authorized_key { $ssh_id:
        ensure => present,
        user => root,
        type => $ssh_type,
        key => $ssh_key,
    }

    # alternatively, read key from file and remove line break
    # ssh_authorized_key { 'nagios@icinga':
    #    ensure => present,
    #    user => root,
    #    type => ssh-rsa,
    #    key => chomp(file("/etc/puppet/modules/icinga_ssh_client/files/id_rsa.pub")),
    # }
}

add include to your client in /etc/puppet/manifests/site.pp
node "client1.local" inherits default {
...
include icinga_ssh_client
include nullmailer
...
}

Example: /etc/puppet/modules/icinga_ssh_client/files/id_rsa.pub
ssh-rsa ADAAB3NzaC3yc2EAAAADAEulgMUFyT9y2DaZYXHUdLWvkE9TKE+OVO8jYhmGG2BMmL5Ad3D+flpTMQfpp7EVJg2vTBSiVG4kCVicvb nagios@icinga

# (auto) create new host / object on icinga
cat /etc/icinga/objects/puppet.cfg
define host {
host_name puppet
address 192.168.1.173
use generic-host
hostgroups debian
}

TODO
# (auto) remove old hosts from /var/lib/nagios/.ssh/known_hosts on icinga
# (auto) import new host to /var/lib/nagios/.ssh/known_hosts on icinga

# add raid check
#apt-get install -y hddtemp
#wget -q "http://exchange.nagios.org/components/com_mtree/attachment.php?link_id=341&cf_id=24" -O /usr/lib/nagios/plugins/check_hddtemp
#chmod go+x /usr/lib/nagios/plugins/check_hddtemp

Links
http://serverfault.com/questions/411245/puppetlabs-file-line-type-not-working
http://serverfault.com/questions/238708/adding-lines-to-etc-profile-with-puppet

service.cfg

wget -q https://raw.githubusercontent.com/panticz/icinga/master/objects/service.cfg -O /etc/icinga/objects/service.cfg

define service {
  use generic-service
  hostgroup_name snom 
  service_description check_snom_registration_status
  check_command check_snom_registration_status!1
}

define service {
  use generic-service
  hostgroup_name snom
  service_description check_snom_firmware_version
  check_command check_snom_firmware_version!8.7.3.19 1.1.3-u
}

define service {
  use generic-service
  hostgroup_name mx
  service_description check_imap
  check_command check_imap
}

define service {
  use generic-service
  hostgroup_name mx
  service_description check_smtp
  check_command check_smtp
}

define service {
  use generic-service
  hostgroup_name mx
  service_description ssh_check_mailq
  check_command ssh_check_mailq!3!10
}

define service {
  use generic-service
  hostgroup_name raid1
  check_interval 1
  service_description ssh_check_raid
  check_command ssh_check_raid
}

define service {
  use generic-service
  hostgroup_name raid1
  service_description ssh_check_ide_smart_sda
  check_command ssh_check_ide_smart!sda
}

define service {
  use generic-service
  hostgroup_name raid1
  service_description ssh_check_ide_smart_sdb
  check_command ssh_check_ide_smart!sdb
}

define service {
  use generic-service
  name ssh_check_hddtemp_sda
  hostgroup_name raid1, raid5
  service_description ssh_check_hddtemp_sda
  check_command ssh_check_hddtemp!sda!42!50
}

define service {
  use generic-service
  name ssh_check_hddtemp_sdb
  hostgroup_name raid1, raid5
  service_description ssh_check_hddtemp_sdb
  check_command ssh_check_hddtemp!sdb!42!50
  #_HDDTEMP_W 30
  #check_command ssh_check_hddtemp!sdb!$_HOSTHDDTEMP_W$!50
}

#define service {
#use generic-service
#hostgroup_name raid5
#service_description ssh_check_hddtemp_sdc
#check_command ssh_check_hddtemp!sdb!44!50
#register 0
#}

#define service {
#use generic-service
#hostgroup_name raid5
#service_description ssh_check_hddtemp_sdc
#check_command ssh_check_hddtemp!sdb!44!50
#}

define service {
  use generic-service
  hostgroup_name debian
  process_perf_data 1
  service_description ssh_check_apt
  check_command ssh_check_apt
}

define service {
  use generic-service
  hostgroup_name debian
  service_description ssh_check_disk_root
  check_command ssh_check_disk!/!20%!10%
}

define service {
  use generic-service
  hostgroup_name debian
  service_description ssh_check_swap
  check_command ssh_check_swap!99%!89%
}

define service {
    use generic-service
    host_name foo.example.com
    service_description http://foo.example.com:8080/dir1
    check_command check_url!foo.example.com!8080!/dir1!test text 1
}

define service {
    use generic-service
    normal_check_interval 60
    retry_check_interval 15
    service_description SSH server
    check_command check_ssh
    hostgroup_name server
    contact_groups admins
}

Icinga objects

Host
http://www.panticz.de/icinga-cbjects-debian_xen_host.cfg

VoIP phone
http://www.panticz.de/icinga-cbjects-sipphone1.cfg

# disable service
register 0

Examples
define serviceescalation {
host_name localhost
service_description HTTP
first_notification 5
contact_groups admins, managers
escalation_condition host linux=d | service linux.SSH=w,c
}

Snippets
# certificate check
define service {
use generic-service
host_name www.example.com

Install icinga srver

wget https://raw.githubusercontent.com/panticz/installit/master/install.icinga.sh -O - | bash -

#!/bin/bash

# ensure that this script is run by root
if [ $(id -u) -ne 0 ]; then
  sudo $0
  exit
fi

debconf-set-selections <<\EOF
postfix postfix/mailname string $(hostname)
postfix postfix/main_mailer_type select Internet Site
icinga-common icinga/check_external_commands select false
icinga-cgi icinga/adminpassword-repeat string icingaadmin
icinga-cgi icinga/adminpassword string icingaadmin
icinga-cgi icinga/httpd select apache2
EOF

# install the latest version 
. /etc/os-release
if [ "${ID}" == "debian" ]; then
  # add debmon.org Icinga repository
  DIST=$(grep PRETTY_NAME /etc/os-release | cut -d "(" -f2 | cut -d ")" -f1)
  echo "deb http://debmon.org/debmon debmon-${DIST} main" > /etc/apt/sources.list.d/debmon.list
  wget -q http://debmon.org/debmon/repo.key -O - | apt-key add -
  apt-get update
fi

# install icinga
apt-get install -y icinga

# disable double log output to syslog
sed -i 's|use_syslog=1|use_syslog=0|g' /etc/icinga/icinga.cfg

# show 1000 results by default
sed -i 's|result_limit=50|result_limit=1000|g' /etc/icinga/cgi.cfg

# restart icinga
/etc/init.d/icinga restart

# redirect by default to /icinga/
echo 'RedirectMatch "^/$" "/icinga/"' >> /etc/apache2/conf-available/icinga.conf

# allow "Re-schedule Next Host Check" from Icinga webgui
sed -i 's|check_external_commands=0|check_external_commands=1|g' /etc/icinga/icinga.cfg
chmod 2710 /var/lib/icinga/rw

# restart werbserver
service apache2 restart

Admin login
http://YOUR_IP/icinga/
user: icingaadmin
pass: icingaadmin

Icinga Apache configuration
/etc/apache2/conf-available/icinga.conf

Icinga repository
http://packages.icinga.org/

Enable automatic updates
# http://www.panticz.de/debian-ubuntu-automatic-upgrades
wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/scripts/master/enable_auto_update.sh -O - | bash -

configure contact
sed -i 's|root@localhost|YOUR@EMAIL-ADDRESS.com|g' /etc/icinga/objects/contacts_icinga.cfg

change password
htpasswd -c /etc/icinga/htpasswd.users icingaadmin

plugins
http://www.panticz.de/Icinga-plugins

LDAP
a2enmod authnz_ldap

echo "pass1234" > /etc/apache2/ldap_password.inc
chmod 600 /etc/apache2/ldap_password.inc

sed -i 's|=icingaadmin|=*|g' /etc/icinga/cgi.cfg

/etc/icinga/apache2.conf
- AuthUserFile /etc/icinga/htpasswd.users
+ AuthBasicProvider ldap
+ AuthLDAPBindDN "ldap@example.com"
+ AuthLDAPBindPassword "exec:/bin/cat /etc/apache2/ldap_password.inc"
+ AuthLDAPURL "ldap://ldap.example.com:3268/dc=example,dc=com?sAMAccountName?sub?(objectClass=*)" NONE
+ AuthLDAPRemoteUserIsDN off
+ Require ldap-group CN=IPG.DevOps,OU=_IntranetPermissionGroups,DC=example,DC=com

service apache2 restart

# config
https://wiki.icinga.org/display/Dev/Icinga+Core+Debug+Config

# cgi
http://docs.icinga.org/latest/de/cgiparams.html#cgiparams-ahas
http://icinga.example.com/cgi-bin/icinga/status.cgi?servicestatustypes=20&noheader=1

Links
http://www.debmon.org/ - Debian Monitoring Project
http://packages.debian.org/wheezy/icinga
http://packages.icinga.org/debian/ - Icinga repository
https://www.icinga.org/icinga2/ - Icinga 2 preview
http://www.sysadminslife.com/monitoring-2/icinga-1-9-installation-unter-debian-squeeze-wheezy-aktuellste-version/

Icinga

Install Icinga master (server)
http://www.panticz.de/Install-icinga

Configure by ssh (minimalistic setup on clients)
http://www.panticz.de/Install-icinga-SSH-on-client

Templates
/etc/icinga/objects/generic-service_icinga.cfg

Check syntax
sudo /etc/init.d/icinga check

Icons
wget http://cdn1.iconfinder.com/data/icons/fatcow/16x16/mail_yellow.png -O /usr/share/nagios/htdocs/images/logos/base/mail.png

Syndicate content