Just installed Director and I just can’t find how to do some basic things such as a check for a URL with a custom port, e.g., 8443, and SSL is reachable. This was pretty easy outside of Director. I also want to exclude this error: DISK CRITICAL - /run/user/xxx/doc is not accessible: Permission denied (xxx happens to be my Unix user ID in /etc/passwd)
I’ve tried adding commands in Director → Commands → Command Templates and Director → Commands → Commands but then don’t know what to do with them.
And where would the check_https option be? Why doesn’t “Add new Icinga Service template” have check_https as an option?
Director version (System - About): 1.8.1
Icinga Web 2 version and modules (System - About): 2.9.3
Icinga 2 version (icinga2 --version):
icinga2 - The Icinga 2 network monitoring daemon (version: 2.13.1-1)
Copyright (c) 2012-2021 Icinga GmbH (https://icinga.com/)
License GPLv2+: GNU GPL version 2 or later <https://gnu.org/licenses/gpl2.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
System information:
Platform: Fedora
Platform version: 34 (Server Edition)
Kernel: Linux
Kernel version: 5.13.19-200.fc34.x86_64
Architecture: x86_64
Build information:
Compiler: GNU 11.2.1
Build host: unknown
OpenSSL version: OpenSSL 1.1.1l FIPS 24 Aug 2021
Application information:
General paths:
Config directory: /etc/icinga2
Data directory: /var/lib/icinga2
Log directory: /var/log/icinga2
Cache directory: /var/cache/icinga2
Spool directory: /var/spool/icinga2
Run directory: /run/icinga2
Old paths (deprecated):
Installation root: /usr
Sysconf directory: /etc
Run directory (base): /run
Local state directory: /var
Internal paths:
Package data directory: /usr/share/icinga2
State path: /var/lib/icinga2/icinga2.state
Modified attributes path: /var/lib/icinga2/modified-attributes.conf
Objects path: /var/cache/icinga2/icinga2.debug
Vars path: /var/cache/icinga2/icinga2.vars
PID path: /run/icinga2/icinga2.pid
Hi Robbie
I’m new in ICINGA too.
But I found a method to add arguments in the command then you need make a template with the command and finaly make the service with this temaplte.
I hope this will help
Thanks so much for the screen shots. On the last step for Services, the version I have is Services then Single Services then Add. However I can’t get the Check command to include the ‘inherited’ portion of Check command. I deleted everything and decided to start from scratch.
[2021-10-20 14:46:36 -0400] critical/config: Error: Validation failed for object 'ourdomain.edu' of type 'Host'; Attribute 'check_command': Attribute must not be empty. Location: in [[stage]/zones.d/master/hosts.conf](https://ourdomain.edu/icingaweb2/director/config/file?config_checksum=7f8c25913008cefd514401b9a4cd684dc51fcd34&deployment_id=76&file_path=zones.d%2Fmaster%2Fhosts.conf&backTo=deployment&highlight=1&highlightSeverity=critical): 1:0-1:34
[[stage]/zones.d/master/hosts.conf](https://ourdomain.edu/icingaweb2/director/config/file?config_checksum=7f8c25913008cefd514401b9a4cd684dc51fcd34&deployment_id=76&file_path=zones.d%2Fmaster%2Fhosts.conf&backTo=deployment&highlight=1&highlightSeverity=critical)(1): object Host "ourdomain.edu"
{ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[[stage]/zones.d/master/hosts.conf](https://ourdomain.edu/icingaweb2/director/config/file?config_checksum=7f8c25913008cefd514401b9a4cd684dc51fcd34&deployment_id=76&file_path=zones.d%2Fmaster%2Fhosts.conf&backTo=deployment&highlight=2&highlightSeverity=critical)(2): import "Standard Linux Server"
[[stage]/zones.d/master/hosts.conf](https://ourdomain.edu/icingaweb2/director/config/file?config_checksum=7f8c25913008cefd514401b9a4cd684dc51fcd34&deployment_id=76&file_path=zones.d%2Fmaster%2Fhosts.conf&backTo=deployment&highlight=3&highlightSeverity=critical)(3):
[2021-10-20 14:46:36 -0400] critical/config: 1 error
[2021-10-20 14:46:36 -0400] critical/cli: Config validation failed. Re-run with 'icinga2 daemon -C' after fixing the config.
The Director already has all the commands from the Icinga Template Library (ITL) added to the “external commands” section. You just need to run the kickstart wizard under Infrastructure->Kickstart wizard (/icingaweb2/director/dashboard?name=infrastructure#!/icingaweb2/director/kickstart).
This will give you, for example, a fully configured http command, where you only have to add your desired fields and can then create a service template using the command.
Small drawback: After adding your desired fields, check what parameter has the variable/field configured as set_if. Like the --sni parameter in the screenshot.
For those parameters you need to change the field type from String to Boolean.
You can do this via the Director under “Define Datafields”
What are you trying to achieve with the command template?
I have never used them tbh.
Just configure a service template using the command you want and then apply some services (via apply rules, service sets or just as single service objects directly to hosts (or templates)
Ok, so you seem to be fairly new to the icinga2 (or monitoring) world and currently have little understanding of the system. No disrespect/blaming here, just an observation
I’ll try to give you a small run-down of how this would be configured, but I would suggest you read the docs chapter about the monitoring basics to get better understanding of the different config objects: https://icinga.com/docs/icinga-2/latest/doc/03-monitoring-basics/
So, to have a check you would have to do the following:
(I will just list the steps, not what exactly to configure)
Configure a Plugin check command.
– This is the script (maybe with some arguments) that is executed when the check is run.
Create a Service template that uses the command.
– Service templates can define check execution parameters that will be given down to the service objects
Define a Service (via Apply Rule, a Service Set or as a single object) which imports the template
– this defines the check that will, be executed. It will inherit options set in the template and here you would set other information for the check parameters into fields (like the http_port, or some thresholds)
With this you than have a check (or maybe multiple checks) that monitor what you configured (e.g disk space)
The notifications basically have the same structure.
You start with a Notification Command, create a Notification template to define some options (interval, states, types, user…) and then create a Notification apply rule to hosts or services.
Hm, yeah. The Director has it’s pros and cons/limitations. And starting to use it has its challenges when coming from the config files. But the other way round has its challenges as well
But I like to think that it enforces some best practices (like the need to create a service template first before creating a service) which could (but imo shouldn’t) be bypassed when using the config files directly.
warning/ApplyRule: Apply rule 'Icinga notification of possible issue' (in /var/lib/icinga2/api/packages/director/5878157f-a0b9-4b64-982b-988cd6e25878/zones.d/master/notification_apply.conf: 1:0-1:65) for type 'Notification' does not match anywhere!
cat /var/lib/icinga2/api/packages/director/xx/zones.d/master/notification_apply.conf
apply Notification "Icinga notification of possible issue" to Host {
import "Icinga notification on a possible server issue"
interval = 0s
assign where host.enable_notifications == "true"
users = [ "icinga-director" ]
}
Ugh I added a host by using icinga2 node wizard and now have a mess. When trying to deploy I get: * Unable to detect your Icinga 2 Core version (DeployFormsBug7530.php:72)
Edit: well I uninstalled and reinstalled Director. Now I can’t kickstart it: * CURL ERROR: Failed to connect to 127.0.0.1 port 5665: Connection refused (RestApiClient.php:143)
firewalld is not running. Just to be sure I started firewalld and added an exception for port 5665. I even rebooted the server. netstat -plnt|grep 5665 brings back nothing. I see on all of the hosts I’m monitoring that nestat returns a value:
The icinga2 node wizard command is used to setup the configuration for a satellite/agent OR the master. It creates the certificates(+CA if master), enables the API, and asks for connection details to the parent (if satellite/agent).
It is not for adding/configuring host objects for the monitoring.
That you do via the config files or the Director.
OK well the self signed certificate message was a clue.
First icinga2 ca list brought back nothing:
icinga2 ca list
Fingerprint | Timestamp | Signed | Subject
-----------------------------------------------------------------|--------------------------|--------|--------
So I ran pki sign-csr --csr master.ourdomain.edu.csr --cert /var/lib/icinga2/certs/ca.crt and scp’d the files to the agent’s /var/lib/icinga2/certs directory and restarted icinga2. Works now.
One (hopefully) last question, from the tutorial, I used, it does not have a Command or Command Template. So how do I use check_http and add arguments like --ssl? Everything is based on a Service Set and Service Template.