I’m new to monitoring and Icinga. So forgive my beginners asking. If I want to monitor 4 servers in a VPN from my computer (Ubuntu desktop), I have to install Icinga-Core, Icingaweb/director on each of the servers and can then simply monitor the servers via icingaweb2 from my computer via a browser. Would I have to install the plug-ins additionally on the servers? I read the documentation on the Icinga page, but I’m not sure now.
start simple with installing the master instance first. This follows along with the installation instructions including Icinga Web and the Director. Learn about the components and ensure that everything is up and running.
I strongly recommend to use a VM to install the master, and not run that on your Ubuntu desktop.
Then start with adding the first agent host, after having read the distributed monitoring docs to first understand the hiearchy and also gather the instructions for setting up an agent. An agent doesn’t need much - the icinga2 package + plugins.
The Director lends you a hand with adding a new host (add a host template first), and mark this as agent including setup scripts/instructions.
Then add a disk check for this agent host, deploy it and check whether everything works. Once you’re done with that, dig deeper and learn about service sets and more. Then you have one host with a template, add more hosts in the same manner.
Resource management, and also maintenance. A desktop environment is used differently than a running monitoring server. And monitoring should run all the time, not being switched off when shutting down a desktop system.
So, I’ll follow the advice and keep it simple. One master (server1) and one to be monitored (server2).
Main target is: monitor server2 with onboard check plug ins. Servers 1 and 2 are each created as VM (Ubuntu server) on two different machines in a VPN.
I’ve installed Icinga2 and Icingaweb2+Director Module on server1. When browsing from my Laptop via Icingaweb it looks now like this.
It has a lot of useful information’s about how Icinga works. As the Director is based on best practices it expect some default configuration that are in place if you follow this guide and used the node wizard like shown in the example under “Master Setup”. Even if you don’t want to user master/satellite setup, this basic configuration is a good start to build your setup and using the Director.
edit: after You have done that, as conf.d is excluded, you will not find any host in icingaweb2. What you can do is to move the conf files from the conf.d folder that you want to use to /etc/icinga2/zones.d/master/. An even better way would be, to recreate the host in the Director. Keep on going, after a while you will start loving Icinga2, but the start can be a little tough from time to time
warning/JsonRpcConnection: API client disconnected for identity ‘10.0.0.23’
information/ConfigObject: Dumping program state to file ‘/var/lib/icinga2/icinga2.state’
information/ApiListener: New client connection for identity ‘10.0.0.23’ from - - 40088 (certificate
validation failed: code 18: self signed certificate)
information/JsonRpcConnection: Received certificate request for CN ‘10.0.0.23’ not signed by
our CA.
Hmm, I did all the steps from the docs correctly. What could I have done wrong here?
After what kind of doings do you get these messages?
Can you quickly list what you have done so far?
Installed Icinga2 Core, Web2 & Director on master host?
ran the node wizard?
ran the kickstart wizard of the Director?
One thing about the messages that is obvious: You used the IP address as the common name of the host/endpoint object. You should always use the hostname/fqdn there, like the node wizard suggests.
Looks like the API user you used for the Director kickstart is not known (or misses permissions) to the core.
Could you use icinga2 object list --type ApiUser to verify that Icinga 2 actually knows about that user? If you have the user listed, please restart Icinga 2 to make sure the config is actually used by the core. (icinga2 object list parses the configuration on the filesystem not the one that’s actually loaded into the core. So if you change something but forget to reload Icinga 2, you’ll see the change in icinga2 object list but the core doesn’t know about it)
Yes. The node wizard configures your Icinga 2 to allow connections via API. WIthout node wizard you have to use configuration files for your monitoring and can’t connect to other Icinga instances, too.
I’ve tested a bit and moved the conf.d to a master zone. Now I moved it back like it was before. But now the Kickstart-Assistent in director got this problem:
SQLSTATE[23000]: Integrity constraint violation: 1451 Cannot delete or update a parent row: a foreign key constraint fails (“director”.“icinga_host”, CONSTRAINT “icinga_host_zone” FOREIGN KEY (“zone_id”) REFERENCES “icinga_zone” (“id”) ON UPDATE CASCADE), query was: DELETE FROM icinga_zone WHERE (id = ‘3’) (Pdo.php:225)
Restating Icinga2, daemon, status is ok. Do I have to install everything again or is there a solution to this problem?
You don’t need to install everything again. The worst would need to drop the director database and recreate it. But I’d assume you’ve got mixed up zone and endpoint configuration between conf files and director database.