• Setting up Icinga with IDOUtils on RHEL
Skip to end of metadata
Go to start of metadata

 

 

Icon

This applies to Fedora and CentOS as well.

 

Icon

Package paths may differ! Check Package Specific Locations

General

What will you get once Icinga with IDOUtils using this guide is installed?

  • Icinga Core
  • Icinga Classic UI (the "CGIs")
  • Icinga IDOUtils
    • Mysql or Postgresql as database
  • Icinga Docs
Icon
If you came here looking for Icinga Web Setup, please check: Setting up Icinga Web on RHEL.

Packages are preferred for upgrading and maintenance easyness. Currently, there's only a bug open to bring Icinga upstream into EPEL - https://bugzilla.redhat.com/show_bug.cgi?id=693608 (warning) Packagers welcome!

It's the nature of packages that they can take a bit longer because testing and so on needs to be run on various procedures and platform.

Icon

If you can't wait that long, build your own rpms here: Build Icinga RPMs

Requirements

Icon

For oracle, you will need ocilib instead of libdbi, and a special configure flag for the packages themselves. This is not described with this guide.

Follow the instructions on how to adde repoforge here: http://repoforge.org/use/ or http://wiki.centos.org/AdditionalResources/Repositories/RPMForge

After adding repoforge, you can invoke a simple search for yum with

# yum search icinga

Setup

# yum install icinga icinga-gui icinga-doc icinga-idoutils-libdbi-mysql
or
# yum install icinga icinga-gui icinga-doc icinga-idoutils-libdbi-pgsql
Icon

Do not forget to install the Nagios Plugins - yum install nagios-plugins

IDOUtils

After having installed the packages, make sure to setup your database accordingly. The icinga-idoutils package provides the libdbi database abstraction layer, where you need to install the according drivers then.

Icon

Icinga 1.7.0 will require libdbi-dbd-* in their defined package.

This will of course require a valid MySQL or Postgresql Server to be already installed.

# yum install mysql-server mysql-client libdbi libdbi-devel libdbi-drivers libdbi-dbd-mysql
or
# yum install postgresql postgresql-server libdbi libdbi-devel libdbi-drivers libdbi-dbd-pgsql
Icon

In Cent6 the mysql-client package has been renamed to mysql

The SQL schema scripts are located in /usr/share/doc/icinga-idoutils-libdbi-*/db (1.7.0), please read the README.RHEL.idoutils for more information.

# less /usr/share/doc/icinga-idoutils-libdbi-*/README.RHEL.idoutils

MySQL

# mysql

mysql> CREATE DATABASE icinga;

mysql> GRANT USAGE ON icinga.* TO 'icinga'@'localhost' IDENTIFIED BY 'icinga' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0;

mysql> GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE ON icinga.* TO 'icinga'@'localhost';

mysql> FLUSH PRIVILEGES;

mysql> quit

Now import the installed schema, see /usr/share/doc/icinga-idoutils-libdbi-*-$version/db/mysql

# cd /path/to/idoutils/sqls
# mysql icinga < mysql.sql

Postgresql

# su - postgres

postgres@icinga-dev:~$ psql template1
psql (9.1.2)
Type "help" for help.
template1=# create database icinga;
CREATE DATABASE
template1=# \q

postgres@icinga-dev:~$ createlang plpgsql icinga

postgres@icinga-dev:~$ psql
psql (9.1.2)
Type "help" for help.
postgres=# create role icinga;
CREATE ROLE
postgres=# alter role icinga login;
ALTER ROLE
postgres=# grant all on database icinga to icinga;
GRANT
postgres=# \q

Now import the installed schema, see /usr/share/doc/icinga-idoutils-*-$version/db/pgsql

postgres@icinga-dev:~$ cd /path/to/idoutils/sqls
postgres@icinga-dev:~$ psql -U icinga -d icinga < pgsql.sql

Now that Postgresql does use a local user to be trusted (insecure, but good as startup), edit pg_hba.conf accordingly. See Postgresql Manual for a more advanced setup on user auth and privilegues.

# vim /var/lib/pgsql/data/pg_hba.conf

# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD

# "local" is for Unix domain socket connections only
local   all         all                               trust
# IPv4 local connections:
host    all         all         127.0.0.1/32          trust
# IPv6 local connections:
host    all         all         ::1/128               trust

#icinga
local    icinga     icinga                    trust
host    icinga          icinga          127.0.0.1/32            trust
host    icinga          icinga          ::1/128                 trust

and reload the Postgresql server.

Config

There's not much to do anymore. The main config tree is located in

# /etc/icinga/

For further object config proceed to official docs.

SELinux

Disable it or submit a proper selinux policy.

# setenforce 0

# sed -i s/enforcing/permissive/ /etc/selinux/config

GUI

Default login icingaadmin:icingaadmin - new users can be added with

# htpasswd /etc/icinga/passwd youradmin

IDOUtils

Icon

DO NOT EDIT icinga.cfg for broker_module entry!!! Icinga RPMs will use the /etc/icinga/modules/idoutils.cfg with the module definition automatically. Defining that twice can lead into strange errors!

Verify that by looking into the modules/idoutils.cfg file

Icon

Icinga 1.7.0 Changes: /usr/bin/idomod.o will be /usr/lib64/icinga/idomod.so

# vim /etc/icinga/modules/idoutils.cfg

define module{
        module_name     idomod
        module_type     neb
        path            /usr/lib64/icinga/idomod.so
        args            config_file=/etc/icinga/idomod.cfg
       }

Other event broker modules can be defined using this module definition as well.

idomod.cfg

Decide wether to use unix or tcp sockets, as well as some more as described in ?Optimize IDOUtils performance

ido2db.cfg

Edit your database credentials here, if changed above on creation. 

db_servertype=mysql
#db_servertype=pgsql
db_host=localhost
db_port=3306
#db_port=5432
db_name=icinga
db_prefix=icinga_
db_user=icinga
db_pass=icinga

Upgrading

# yum install icinga icinga-gui icinga-doc icinga-idoutils-libdbi-mysql
or
# yum install icinga icinga-gui icinga-doc icinga-idoutils-libdbi-pgsql

IDOUtils

There is no db upgrade script like in Debian, so you need to keep track of that yourself.

First, get the schema version

# mysql icinga

mysql> SELECT * FROM icinga_dbversion;
+--------------+----------+---------+---------------------+---------------------+
| dbversion_id | name     | version | create_time         | modify_time         |
+--------------+----------+---------+---------------------+---------------------+
|            1 | idoutils | 1.7.0   | 2012-05-14 17:46:50 | 2012-05-14 17:46:50 |
+--------------+----------+---------+---------------------+---------------------+
1 row in set (0.00 sec)

and then decide, what to do - based on the official upgrade docs here: http://docs.icinga.org/latest/en/upgrading_idoutils.html

i.e. upgrading to version 1.7.0 is just one incremential step, so this would mean to apply the now installed upgrade script.

# mysql icinga < mysql-upgrade-1.7.0.sql
<verify upgrade ok>

Remember, that upgrades needs to be done incremental, so if there will be 1.8.0 from 1.6.0. you need to apply both steps.

# mysql icinga < mysql-upgrade-1.7.0.sql
<verify upgrade ok>
# mysql icinga < mysql-upgrade-1.8.0.sql
<verify upgrade ok>
  • No labels

14 Comments

  1. Anonymous

    Hello, I seem to be having a problem with:   icinga-idoutils-libdbi-pgsql

    root@icinga01 usr# yum install icinga icinga-gui icinga-doc icinga-idoutils-libdbi-mysql
    Loaded plugins: fastestmirror
    Loading mirror speeds from cached hostfile
     * base: mirror.hmc.edu
     * extras: centos.mirror.freedomvoice.com
     * rpmforge: mirror.hmc.edu
     * updates: centos-distro.cavecreek.net
    Setting up Install Process
    Package icinga-1.6.1-1.el6.rf.x86_64 already installed and latest version
    Package icinga-gui-1.6.1-1.el6.rf.x86_64 already installed and latest version
    Package icinga-doc-1.6.1-1.el6.rf.x86_64 already installed and latest version
    No package icinga-idoutils-libdbi-mysql available.
    Nothing to do
    root@icinga01 usr#

    root@icinga01 usr# yum search all icinga
    Loaded plugins: fastestmirror
    Loading mirror speeds from cached hostfile
     * base: mirror.hmc.edu
     * extras: mirrors.usc.edu
     * rpmforge: mirror.hmc.edu
     * updates: centos-distro.cavecreek.net
    ======================================================================= Matched: icinga =======================================================================
    icinga-doc.x86_64 : documentation icinga
    icinga-gui.x86_64 : Web content for icinga
    icinga-idoutils.x86_64 : database broker module for icinga
    icinga.x86_64 : Open Source host, service and network monitoring program
    icinga-api.x86_64 : PHP api for icinga
    nagstamon.noarch : Nagios status monitor for your desktop
    root@icinga01 usr#

    I tried installing the icinga-idoutils.x86_64, but this doesn't seem to be the right one.

    I'm using CentOS release 6.3 (Final) 64bit

    Ideas?

    Thanks!

    1. read the second line - "This targets upcoming 1.7 release and packages!"

      1.7 does a package transition from icinga-idoutils to the mentioned one, as well as pgsql. but ever since repoforge did not do any package builds yet, you will most likely build your own rpms then (?Build Icinga RPMs e.g.).

  2. Anonymous

    The password i entered seems to be not working. Any ideas? icingaadmin/icingaadmin.

  3. Anonymous

    Hello

    to disable SELinux isn't the best option.

    The prerequistes are that you've got icinga 1.6 running with selinux endabled.

    Here's what I've done to get the new icinga-idoutils-libdbi-mysql running on CentOS 6.3 with SELinux enabled :

    First, clear out the audit.log:
    > /var/log/audit/audit.log

    Now, try to access the Website, which will end up in an error ( like expected ) and press a few time the refresh-button.

    Change/ go to the directory : /etc/selinux

    grep "tac.cgi" /var/log/audit/audit.log |audit2allow -M taccgimod1
    grep denied /var/log/audit/audit.log | audit2allow -M icingamod1
    grep spoo /var/log/audit/audit.log | audit2allow -M spoolmod1
    grep cgi /var/log/audit/audit.log | audit2allow -M cgi1

    Add the modules as prompted on CLI:
    semodule -i taccgimod1.pp
    semodule -i icingamod1.pp
    semodule -i spoolmod1.pp
    semodule -i cgi1.pp

    Now, change some contexts :
    semanage fcontext -a -t httpd_sys_rw_content_t /var/spool/icinga/cmd/
    semanage fcontext -a -t httpd_sys_rw_content_t /var/spool/icinga/cmd/icinga.cmd
    semanage fcontext -a -t httpd_sys_content_t '/var/log/icinga(/.*)?'
    semanage fcontext -m -t httpd_sys_script_exec_t '/usr/lib64/icinga/cgi(/.*)?'

    And apply them :
    restorecon -RFvvv /var/

    Good luck and have fun.

    Azubi

     



     

     

     

     

    1. is there a way to safely create a ll those files, include them within the package install, and modify the selinux at runtime? if so, that could be integrated upstream.

  4. Anonymous

    Hi, I've found another SELinux-Context which needs to be adjusted.

    semanage fcontext -a -t httpd_sys_rw_content_t '/var/spool/icinga/cmd(/.*?)'

    restorecon -RFvvv /var/

     

    ---

    For Michael, unfortunally I'm not the SELinux-guru yet. As soon as I've got time, I'll try to create an selinux-policy which could be used. But again. I need some free time for that.

     

    Regards

    Azubi

     

     

    1. Can you update the existing issue for that then please? Much appreciated.

      https://dev.icinga.org/issues/2921

  5. Hello there,

    I am new whit icinga and whit Linux also so i need little help hear.

    I instaled Icinga core on Centos 5.9 and I finished everything to idomod.cfg. Right now I don't understand how should I change modules .Should i delete content of idomod.cfg and sign something like   

    define module{
            module_name     idomod
            module_type     neb
            path            /usr/lib64/icinga/idomod.so
            args            config_file=/etc/icinga/idomod.cfg
           }

    or I should define somewhere else ?

    Any help would be fine (smile)

    Best regards

    Vladan

    1. Anonymous

      These configurations are in /etc/icinga/modules/idoutils.cfg. You need to do nothing.

  6. Anonymous

    you need both, a config file idomod.cfg holding parameters how idomod.so should work once loaded and a module loader file named here idoutils.cfg within modules folder containing the entries you listed to instruct icinga to load idomod.so.

  7. Anonymous

    If you are getting the following error:

    psql: FATAL:  Ident authentication failed for user "icinga"

    ...when you try and run:

    psql -U icinga -d icinga < pgsql.sql

    ...then you need to edit your pg_hba.conf file and put the "local icinga icinga trust" line BEFORE any lines that start with "local all".

    Otherwise, the "local all" lines take precedence and your icinga user fails authentication.

  8. Anonymous

    I found this guide to be really useful thanks, however I found that any check_snmp commands came back with the error 'External command error with no output (return code: 3)'.  I fixed it by install a couple of SNMP related packages, so would advise that the following command be added;

    yum install net-snmp net-snmp-utils

  9. Anonymous

    I got this error...

    ERROR:  function updatedbversion(unknown) does not exist

    when executing the following step:

    psql -U icinga -d icinga < pgsql.sql

    any ideas?