Simple agent configuration for basic Icinga installation?

microlinux · September 21, 2020, 3:58pm

Hi,

I’ve been experimenting with Icinga 2 for a few days, reading the documentation and experimenting a lot with three virtual machines running on my workstation.

Here’s what I have so far:

10.23.45.10: icinga.sandbox.lan - the machine running Icinga 2 and Icinga Web 2.
10.23.45.20: server-01.sandbox.lan - the first “dummy” server to be monitored
10.23.45.30: server-02.sandbox.lan - the second “dummy” server

Basic host monitoring works. I added this to /etc/icinga2/conf.d/hosts.conf:

object Host "server-01.sandbox.lan" {
  import "generic-host"
  address = "10.23.45.20"
  vars.os = "Linux"
}

object Host "server-02.sandbox.lan" {
  import "generic-host"
  address = "10.23.45.30"
  vars.os = "Linux"
}

Both hosts show up in Icinga’s web interface for basic checks if the hosts are UP or DOWN.

I ran the node wizard on the server as well as one of the clients, but I can’t seem to be able to wrap my head around configuring agents. I got a partial success, e. g. I can run the node wizard on server-01.sandbox.lan and server-02.sandbox.lan, and the certificate shows up OK.

Here’s what would be helpful. A simple (!) configuration example for my setup, for a simple load and/or disk check. The official documentation is overwhelming in this regard, and after having spent a whole day with this, I bluntly admit I’m confused.

Any suggestions?

Cheers from the sunny South of France,

Niki

rsx · September 22, 2020, 9:21am

For running load or disk your clients needs to be configured as agents (details are described here). In your case you need at least 3 zones, one for icinga, one for server-01 and one for server-02. One part of this is done with icinga2 node wizard where icinga is configured as master and server01 as well as server02 are configured agent having icinga as parent. Another part is to add server01's and server02's zone and endpoint objects to your zones.conf at icinga.

After that you can start defining your services e.g.:

apply Service "linux_cpuload" {
   display_name = "Linux CPU Load"
   check_command = "load"
   command_endpoint = host.name

   assign where host.vars.os == "Linux"
}

homerjay · September 22, 2020, 10:31am

Hi.

I said it again in other threads but again here: I totally understand that the start is confusing.

As far as I understand, you are not using the icinga2-director.
The following assumes, that you are not using it.

I have to admit that I am not a big fan of including /etc/icinga2/conf.d/ directory anyways.
It seems to be more confusing than helpful.

I did a new Icinga2 installation with one master and one client.
Icinga2 master, called master : icinga.sandbox.lan
Client/Agent, called client : server-01.sandbox.lan

Notes to the following:

NOT including /etc/icinga2/conf.d directory. Please disable inclusion in the /etc/icinga2/icinga.conf by commenting it out
minimal setup
I left out some comments in the config files which where inserted by Icinga2, for better readability

Here the /etc/icinga2/zones.conf from master and client:

#####################
# On the master
#####################

object Endpoint "icinga.sandbox.lan" {
}

object Zone "master" {
        endpoints = [ "icinga.sandbox.lan" ]
}

object Endpoint "server-01.sandbox.lan" {
}

object Zone "server-01.sandbox.lan" {
  endpoints = [ "server-01.sandbox.lan" ]
  parent = "master"
}

object Zone "global-templates" {
        global = true
}

# --------------------------------

#####################
# On the client:
#####################
object Endpoint "icinga.sandbox.lan" {
        host = "192.168.178.61"
        port = "5665"
}

object Zone "master" {
        endpoints = [ "icinga.sandbox.lan" ]
}

object Endpoint "server-01.sandbox.lan" {
}

object Zone "server-01.sandbox.lan" {
        endpoints = [ "server-01.sandbox.lan" ]
        parent = "master"
}

object Zone "global-templates" {
        global = true
}

Again: In advance, please disable including of the conf.d directory in /etc/icinga2/icinga2.conf

Please previously backup your existing /etc/icinga2 directory - which seems always a good idea before changing things.

Step 1: Host: master. Create master directory - if not present:

mkdir /etc/icinga2/zones.d/master
# drwxr-xr-x 2 root   root

Step 2: Host: master. Create global-templates directory - if not present:

mkdir /etc/icinga2/zones.d/global-templates
# drwxr-xr-x 2 root   root

Step 3: Host: master. Copy contents of /etc/icinga2/conf.d

cp /etc/icinga2/conf.d/* /etc/icinga2/zones.d/master/

Step 4: Host: master. Move commands to global-templates

mv /etc/icinga2/zones.d/master/commands.conf /etc/icinga2/zones.d/global-templates

Step 5: Host: client. Accept config from master

If not already happened in the “icinga node wizard” setup, edit the
/etc/icinga2/features-enabled/api.conf
to the following:

object ApiListener "api" {
  accept_config = true
  accept_commands = true
}

Step 6: Host: master: Edit the /etc/icinga2/zones.d/master/hosts.conf

# This can be just an example. Please change the IP or hostname to fit your requirements.
# The hostname of the client has to be the same as used with "icinga2 node wizard"
#
# File: /etc/icinga2/zones.d/master/hosts.conf

object Host NodeName {
  address = "127.0.0.1"
  address6 = "::1"

  check_command = "hostalive"
  vars.os = "Linux"

  vars.http_vhosts["http"] = {
    http_uri = "/"
  }
  vars.http_vhosts["Icinga Web 2"] = {
    http_uri = "/icingaweb2"
  }

  vars.disks["disk /"] = {
    disk_partitions = "/"
  }
}

object Host "server-01.sandbox.lan" {
  import "generic-host"

  address = "192.168.178.65"
  check_command = "hostalive"
  vars.os = "Linux"

  vars.disks["disk /"] = {
    disk_partitions = "/"
  }
}

Basic services should now be available.
The services you want to check have been pre-defined and - for basic usage - don’t need to get modified.

Maybe this is a starting-point.
Hope this helps.

Greetings.

microlinux · September 23, 2020, 12:16pm

Thanks for your replies, though I bluntly admit I’m still a bit confused by them.

In the meantime I played around some more on two other (public) sandbox servers:

sd-155824.dedibox.fr (Icinga master)
sd-100246.dedibox.fr (client)

I read this blog article about host and service monitoring using agents, and I managed to “get something working” after trying out various scenarios.

On the server, I included conf.d in the node wizard and then created the /etc/icinga2/zones.d/master directory. In this directory I now have two files.

Here’s hosts.conf:

// /etc/icinga2/zones.d/master/hosts.conf

// sd-100246.dedibox.fr

object Endpoint "sd-100246.dedibox.fr" {
}

object Zone "sd-100246.dedibox.fr" {
  endpoints = [ "sd-100246.dedibox.fr" ]
  parent = "master"
}

object Host "sd-100246.dedibox.fr" {
  check_command = "hostalive"
  address = "163.172.220.174"
  vars.client_endpoint = name
}

And here’s services.conf:

// /etc/icinga2/zones.d/master/services.conf

// Check system load
apply Service "load" {
  check_command = "load"
  command_endpoint = host.vars.client_endpoint // Check executed on client node
  assign where host.vars.client_endpoint
}

// Check number of running system processes
apply Service "procs" {
  check_command = "procs"
  command_endpoint = host.vars.client_endpoint
  assign where host.vars.client_endpoint
}

// Check number of logged users
apply Service "users" {
  check_command = "users"
  command_endpoint = host.vars.client_endpoint
  assign where host.vars.client_endpoint
}

// Check system disk usage
apply Service "disk" {
  check_command = "disk"
  command_endpoint = host.vars.client_endpoint
  assign where host.vars.client_endpoint
}

// Check for swap memory usage
apply Service "swap" {
  check_command = "swap"
  command_endpoint = host.vars.client_endpoint
  assign where host.vars.client_endpoint
}

// SSH service check
apply Service "ssh" {
  check_command = "ssh"
  command_endpoint = host.vars.client_endpoint
  assign where host.vars.client_endpoint
}

I have two questions now.

If including conf.d in the master server’s node wizard is a problem, I’d be curious to know why, since my setup seems to work OK. This is not a rhetorical question, I’d really like to know.
I’d like to include a machine that’s in a local network behind a firewall. You can’t ping it from the Internet, and you can’t SSH into it. On the other hand, the machine can reach the master Icinga server. Is there a way to do this? And if so, what would the corresponding stanza look like in my hosts.conf file?

Thanks & cheers from the sunny South of France.

microlinux · September 24, 2020, 1:34pm

Post Scriptum : I just now realized that I have to click on the little arrows on the left side to display your listings. Sorry for the confusion.

And thanks very much for the detailed instructions, homerjay. I’ll sink my teeth into it and try to understand all this. I’m currently re-reading the docs, but monitoring hosts and services with Icinga is quite a slippery fish to grab.

Cheers,

Niki