Ok, so you seem to be fairly new to the icinga2 (or monitoring) world and currently have little understanding of the system. No disrespect/blaming here, just an observation
I’ll try to give you a small run-down of how this would be configured, but I would suggest you read the docs chapter about the monitoring basics to get better understanding of the different config objects: https://icinga.com/docs/icinga-2/latest/doc/03-monitoring-basics/
So, to have a check you would have to do the following:
(I will just list the steps, not what exactly to configure)
Configure a Plugin check command.
– This is the script (maybe with some arguments) that is executed when the check is run.
Create a Service template that uses the command.
– Service templates can define check execution parameters that will be given down to the service objects
Define a Service (via Apply Rule, a Service Set or as a single object) which imports the template
– this defines the check that will, be executed. It will inherit options set in the template and here you would set other information for the check parameters into fields (like the http_port, or some thresholds)
With this you than have a check (or maybe multiple checks) that monitor what you configured (e.g disk space)
The notifications basically have the same structure.
You start with a Notification Command, create a Notification template to define some options (interval, states, types, user…) and then create a Notification apply rule to hosts or services.
Hm, yeah. The Director has it’s pros and cons/limitations. And starting to use it has its challenges when coming from the config files. But the other way round has its challenges as well
But I like to think that it enforces some best practices (like the need to create a service template first before creating a service) which could (but imo shouldn’t) be bypassed when using the config files directly.
warning/ApplyRule: Apply rule 'Icinga notification of possible issue' (in /var/lib/icinga2/api/packages/director/5878157f-a0b9-4b64-982b-988cd6e25878/zones.d/master/notification_apply.conf: 1:0-1:65) for type 'Notification' does not match anywhere!
cat /var/lib/icinga2/api/packages/director/xx/zones.d/master/notification_apply.conf
apply Notification "Icinga notification of possible issue" to Host {
import "Icinga notification on a possible server issue"
interval = 0s
assign where host.enable_notifications == "true"
users = [ "icinga-director" ]
}
Ugh I added a host by using icinga2 node wizard and now have a mess. When trying to deploy I get: * Unable to detect your Icinga 2 Core version (DeployFormsBug7530.php:72)
Edit: well I uninstalled and reinstalled Director. Now I can’t kickstart it: * CURL ERROR: Failed to connect to 127.0.0.1 port 5665: Connection refused (RestApiClient.php:143)
firewalld is not running. Just to be sure I started firewalld and added an exception for port 5665. I even rebooted the server. netstat -plnt|grep 5665 brings back nothing. I see on all of the hosts I’m monitoring that nestat returns a value:
The icinga2 node wizard command is used to setup the configuration for a satellite/agent OR the master. It creates the certificates(+CA if master), enables the API, and asks for connection details to the parent (if satellite/agent).
It is not for adding/configuring host objects for the monitoring.
That you do via the config files or the Director.
OK well the self signed certificate message was a clue.
First icinga2 ca list brought back nothing:
icinga2 ca list
Fingerprint | Timestamp | Signed | Subject
-----------------------------------------------------------------|--------------------------|--------|--------
So I ran pki sign-csr --csr master.ourdomain.edu.csr --cert /var/lib/icinga2/certs/ca.crt and scp’d the files to the agent’s /var/lib/icinga2/certs directory and restarted icinga2. Works now.
One (hopefully) last question, from the tutorial, I used, it does not have a Command or Command Template. So how do I use check_http and add arguments like --ssl? Everything is based on a Service Set and Service Template.
The tutorial does not show the command creation/configuration step because they are using a already defined command from the ITL. Those are mostly already good to go, as they often have some default values set.
If you want to fit them to your needs I suggest the following:
Go to the (in your case) http command, switch to the fields tab and add all the fields you need for your check. You will get a drop down menu there that will give you the fields of that command under argument macros
The description what each field is for can be found in the Preview tab.
You will find that, for example, the field for -S/–ssl is not present in the drop-down list(as are some others). This is because this field is not assigned to value but to set_if, meaning it is a boolean field not a field that expects a string.
For those fields you need to create the data field with the name http_ssl and type boolean by hand and can then add it via the drop-down list in the fields tab of the command (it will be listed further down the list in alphabetical order and not under the argument macros
What I’m trying to also achieve is to use the -u option to check a URL that runs a web based email login. So check_http -H ourhost -u https://ourhost.ourdomain.edu/webmail I added it as a Service
But this is what Inspect shows: '/usr/lib64/nagios/plugins/check_http' '-H' 'ourhost' '-u' 'https://ourhost.ourdomain.edu/webmail' '-I' 'x.x.x.x' '-p' '443'
But the Executed Command has the extra arguments/options that cause this to show an error: HTTP WARNING: HTTP/1.1 400 Bad Request. Where can I find how to omit -i and -p?
yes, of the already existinghttp command in the External commands section.
I recommend you use that. There is no need to create a new command.
This is not what this parameter is for. Check check_http -h to get to know the plugin and its parameters.
I suggest you start over, delete the service template and your command. Add your required fields to the http command, then create a service template (e.g “service-template-http-generic”) using this command. Then you can create another service template (e.g “service-template-https”) and set the SSL option to true there and then apply a service from it to a host.
Does this mean I can’t combine these 2 checks into one service template, i.e., one for a full URL with the -H and -u options, and another check for --ssl or -S True and an optional port number?
So this works from CLI:
sudo -u icinga /usr/lib64/nagios/plugins/check_http -H ourhost -u https://ourdomain.edu/webmail
HTTP OK: HTTP/1.1 302 Found - 461 bytes in 0.002 second response time |time=0.001751s;;;0.000000 size=461B;;;0
I thought between Arguments and Fields, as well as making them optional, could be covered in one service template?
Interesting.
I would have run the check like check_http -H ourdomain.edu -u /webmail -S
For the director this would mean you have a host object for ourdomain.edu and add a service to this were you set http_uri to /webmail and http_ssl to yes (from the drop down after having create http_ssl as a boolean type data field)