How to install Icinga 2 and Icinga Web 2 on CentOS 7

Requirements

  • Install a fresh CentOS 7 (1810)
  • This tutorial requires SELinux to be disabled. In case you need to use SELinux, please read the appendix at the end of the page.

Preparations

Update your current installation and reboot your host

# yum -y update
# reboot

Install the EPEL repository

# yum -y install epel-release

Install OpenSSL

# yum -y install openssl*

Install Apache

Install apache using yum:

# yum -y install httpd*
# yum -y install mod_ssl

Remove the predefined welcome page:

# sed -i 's/^/#&/g' /etc/httpd/conf.d/welcome.conf
Forbid Apache from exposing files and directories within the web root directory /var/www/html to visitors:

# sed -i "s/Options Indexes FollowSymLinks/Options FollowSymLinks/" /etc/httpd/conf/httpd.conf
Start the Apache service and get it started on boot:

# systemctl start httpd.service
# systemctl enable httpd.service

Install MariaDB

Install MariaDB using yum:

# yum -y install mariadb*
Start the MariaDB service:

# systemctl start mariadb.service
# systemctl enable mariadb.service

Secure the installation of MariaDB:

# /usr/bin/mysql_secure_installation
During the process, answer questions on the screen as below:

Enter current password for root (enter for none): Enter
Set root password? [Y/n]: Y
New password: <your-password>
Re-enter new password: <your-password>
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]: Y
Reload privilege tables now? [Y/n]: Y

Install PHP

Install PHP and necessary PHP extensions as required by Icinga 2 and Icinga Web 2:

# yum -y install php php-gd php-intl php-ldap php-ZendFramework php-ZendFramework-Db-Adapter-Pdo-Mysql
Set the proper timezone for your machine, which can be determined from the PHP official website. On my server instance, the timezone value is “Europe/Zurich”. Open the PHP configuration file with the vi editor:

# vi /etc/php.ini

Find the line:
; date.timezone =

Change it to:

date.timezone = America/Los_Angeles
Save and quit (:x!)

Restart the Apache service in order to put new configurations into effect:

# systemctl restart httpd.service

Install Icinga2 and it’s plugins

Install Icinga 2 and its plugins using the icinga repo:

# rpm --import http://packages.icinga.org/icinga.key
# yum -y install https://packages.icinga.com/epel/icinga-rpm-release-7-latest.noarch.rpm
# yum -y install icinga2 nagios-plugins-all

You can learn more about these plugins from the Monitoring Plugins Project.

Start and enable on boot the Icinga 2 service:

# systemctl start icinga2.service
# systemctl enable icinga2.service

By default, the Icinga 2 program will enable three features: checker, mainlog, and notification. You can verify that using the following command:

# icinga2 feature list

Setup the Icinga 2 IDO modules

Install the IDO (Icinga Data Output) modules for MySQL

# yum -y install icinga2-ido-mysql

Create a database for Icinga 2. log into the MySQL shell as root:

# mysql -u root -p

Use the MariaDB root password you set before to log in.

Create a database named “icinga” and a database user named icinga with the password icinga, and then grant privileges on this database to this database user.

CREATE DATABASE icinga;
GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE ON icinga.* TO 'icinga'@'localhost' IDENTIFIED BY 'icinga';
FLUSH PRIVILEGES;
EXIT;

Import the Icinga 2 IDO schema

# mysql -u root -p icinga < /usr/share/icinga2-ido-mysql/schema/mysql.sql

When prompted, input the MariaDB root password to finish the job.

Enable the IDO MySQL module

# vi /etc/icinga2/features-available/ido-mysql.conf

Find these lines:

//user = "icinga"
//password = "icinga"
//host = "localhost"
//database = "icinga"

uncomment them as below:

user = "icinga"
password = "icinga"
host = "localhost"
database = "icinga"

Save and quit (:x!)

Enable the ido-mysql feature and restart icigina2:

# icinga2 feature enable ido-mysql
# systemctl restart icinga2.service

Install Icinga Web 2

Setup external command pipe

# icinga2 feature enable command
# systemctl restart icinga2.service

Before you can send commands to Icinga 2 using a web interface, you need to add the “apache” user to the icingacmd group:

# usermod -a -G icingacmd apache

You can verify your modification using the following command:

# id apache

Since version 2.5.0 we also require a newer PHP version than what is available in RedHat itself. You need to enable the SCL repository, so that the dependencies can pull in the newer PHP.

# yum -y install centos-release-scl

Install the icingaweb2 and icingacli RPM packages

# yum -y install icingaweb2 icingacli

Point the Apache web root directory to the location of Icinga Web 2:

# icingacli setup config webserver apache --document-root /usr/share/icingaweb2/public
# systemctl restart httpd.service

Setting up FPM

On CentOS you want to run Icinga Web 2 with PHP-FPM instead of the Apache module. The default pool www should be sufficient for Icinga Web 2.

# systemctl start rh-php71-php-fpm.service
# systemctl enable rh-php71-php-fpm.service

All module packages for PHP have this SCL prefix, so you can install a database module like this:

# yum install rh-php71-php-mysqlnd

Add a few missing features

Installing ImageMagick from Repository

First, install following prerequisite php-pear, php-devel and gcc packages to compile imagick PHP extension.

# yum -y install php-pear php-devel gcc

Once you’ve installed php-pear, php-devel and gcc packages, you may now install ImageMagick software for PHP and Perl support using yum command.

# yum -y install ImageMagick ImageMagick-devel ImageMagick-perl
# yum -y install sclo-php71-php-pecl-imagick

Next, verify that ImageMagick has been installed on your system by checking its version.

# convert --version
Version: ImageMagick 6.7.8-9 2019-02-01 Q16 http://www.imagemagick.org
Copyright: Copyright (C) 1999-2012 ImageMagick Studio LLC
Features: OpenMP

Then restart tje FPM service:

systemctl restart rh-php71-php-fpm.service

First time launch of Icinga Web 2 configuration

Generate a setup token for later use in the web interface:

icingacli setup token create

Initiate the Icinga 2 installation wizard in the web interface. Point your web browser to the following URL:

http://<your-server-ip>/icingaweb2/setup

On the Welcome page, input the setup token you generated earlier, and then click the “Next” button.

On the Modules page, select modules you want to enable (at least, the Monitoring module is required), and then click the “Next” button.

On the Requirements page, make sure that every requirement item is satisfied, and then click the “Next” button.

On the Authentication page, you need to choose the authentication method when accessing Icinga Web 2. Here, you can choose Database, and then click the “Next” button.

On the Database Resource page, fill out all required fields as below, and then click the “Next” button.

Resource Name*: icingaweb_db
Database Type*: MySQL
Host*: localhost
Database Name*: icingaweb2
Username*: root
Password*: <MariaDB-root-password>

On the Authentication Backend page, using the default backend name icingaweb2, click the Next button to move on.

On the Administration page, setup the first Icinga Web 2 administrative account (for example: admin) and password (<mypassword>), and then click the “Next” button.

On the Application Configuration page, you can adjust application- and logging-related configuration options to fit your needs. For now, you can use the default values listed below and click the “Next” button to proceed.

Show Stacktraces: Checked
User Preference Storage Type*: Database
Logging Type*: Syslog
Logging Level*: Error
Application Prefix*: icingaweb2

On the Review page, double check your configuration, and then click the Next button.

On the Monitoring Module Configuration Welcome page, click the Next button.

On the Monitoring Backend page, use the default backend name icinga and backend type IDO, and then click the “Next” button.

On the Monitoring IDO Resource page, input IDO database details you setup earlier, and then click the “Next” button.

Resource Name*: icinga_ido
Database Type*: MySQL
Host*: localhost
Database Name*: icinga
Username*: icinga
Password*: icinga

On the Command Transport page, still use these default values listed below. Click the Next button to move on.

Transport Name*: icinga2
Transport Type*: Local Command File
Command File*: /var/run/icinga2/cmd/icinga2.cmd

7.19) On the Monitoring Security page, still use the default value:

Protected Custom Variables: *pw*,*pass*,community

Click the “Next” button to go to next page.

On the review page, double check your configuration, and then click the Finish button.

7.21) On the Congratulations! page, click the Login to Icinga Web 2 link to jump to the Icinga Web 2 login page. Use the Icinga Web 2 administrative account and password you setup earlier to log in.

That concludes our tutorial. Thank you for reading.

We used inputs from following websites:
https://www.vultr.com/docs/how-to-install-icinga-2-and-icinga-web-2-on-centos-7
https://techgoat.net/index.php?id=115
https://www.tecmint.com/install-imagemagick-in-linux/
https://icinga.com/docs/icingaweb2/latest/doc/02-Installation/

Appendix: SELinux notes

In case you want/need to use SELinux, you have the possibility to install the replica tag heuer package “icinga2-selinux”, afterwards you can apply the policy package by using audit2allow.

# yum -y install icinga2-selinux
# audit2allo -a -M icingaweb2
# semodule -i icingaweb2.pp

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.