How to install Icinga 2 and Icinga Web 2 on CentOS 7
Requirements
- Install a fresh CentOS 7 (1810)
- This tutorial requires SELinux to be disabled. In case you need to use SELinux, please read the appendix at the end of the page.
Preparations
Update your current installation and reboot your host
# yum -y update
reboot
Install the EPEL repository
# yum -y install epel-release
Install OpenSSL
# yum -y install openssl*
Install Apache
Install apache using yum:
# yum -y install httpd*
yum -y install mod_ssl
Remove the predefined welcome page:
# sed -i 's/^/#&/g' /etc/httpd/conf.d/welcome.conf
Forbid Apache from exposing files and directories within the web root directory /var/www/html to visitors:
# sed -i "s/Options Indexes FollowSymLinks/Options FollowSymLinks/" /etc/httpd/conf/httpd.conf
Start the Apache service and get it started on boot:
# systemctl start httpd.service
systemctl enable httpd.service
Install MariaDB
Install MariaDB using yum:
# yum -y install mariadb*
Start the MariaDB service:
# systemctl start mariadb.service
systemctl enable mariadb.service
Secure the installation of MariaDB:
# /usr/bin/mysql_secure_installation
During the process, answer questions on the screen as below:
Enter current password for root (enter for none): Enter
Set root password? [Y/n]: Y
New password: <your-password>
Re-enter new password: <your-password>
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]: Y
Reload privilege tables now? [Y/n]: Y
Install PHP
Install PHP and necessary PHP extensions as required by Icinga 2 and Icinga Web 2:
Sidenote: Please read the comment of Michael Friedrich before you do the php installation.
# yum -y install php php-gd php-intl php-ldap php-ZendFramework php-ZendFramework-Db-Adapter-Pdo-Mysql
Set the proper timezone for your machine, which can be determined from the PHP official website. On my server instance, the timezone value is “Europe/Zurich”. Open the PHP configuration file with the vi editor:
# vi /etc/php.ini
Find the line:
; date.timezone =
Change it to:
date.timezone = America/Los_Angeles
Save and quit (:x!)
Restart the Apache service in order to put new configurations into effect:
# systemctl restart httpd.service
Install Icinga2 and it’s plugins
Install Icinga 2 and its plugins using the icinga repo:
# rpm --import http://packages.icinga.org/icinga.key
yum -y install https://packages.icinga.com/epel/icinga-rpm-release-7-latest.noarch.rpm
yum -y install icinga2 nagios-plugins-all
You can learn more about these plugins from the Monitoring Plugins Project.
Start and enable on boot the Icinga 2 service:
# systemctl start icinga2.service
systemctl enable icinga2.service
By default, the Icinga 2 program will enable three features: checker, mainlog, and notification. You can verify that using the following command:
# icinga2 feature list
Setup the Icinga 2 IDO modules
Install the IDO (Icinga Data Output) modules for MySQL
# yum -y install icinga2-ido-mysql
Create a database for Icinga 2. log into the MySQL shell as root:
# mysql -u root -p
Use the MariaDB root password you set before to log in.
Create a database named “icinga” and a database user named icinga with the password icinga, and then grant privileges on this database to this database user.
CREATE DATABASE icinga;
GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE ON icinga.* TO 'icinga'@'localhost' IDENTIFIED BY 'icinga';
FLUSH PRIVILEGES;
EXIT;
Import the Icinga 2 IDO schema
# mysql -u root -p icinga < /usr/share/icinga2-ido-mysql/schema/mysql.sql
When prompted, input the MariaDB root password to finish the job.
Enable the IDO MySQL module
# vi /etc/icinga2/features-available/ido-mysql.conf
Find these lines:
//user = "icinga"
//password = "icinga"
//host = "localhost"
//database = "icinga"
uncomment them as below:
user = "icinga"
password = "icinga"
host = "localhost"
database = "icinga"
Save and quit (:x!)
Enable the ido-mysql feature and restart icigina2:
# icinga2 feature enable ido-mysql
systemctl restart icinga2.service
Install Icinga Web 2
Setup external command pipe
# icinga2 feature enable command
systemctl restart icinga2.service
Before you can send commands to Icinga 2 using a web interface, you need to add the “apache” user to the icingacmd group:
# usermod -a -G icingacmd apache
You can verify your modification using the following command:
# id apache
Since version 2.5.0 we also require a newer PHP version than what is available in RedHat itself. You need to enable the SCL repository, so that the dependencies can pull in the newer PHP.
# yum -y install centos-release-scl
Install the icingaweb2 and icingacli RPM packages
# yum -y install icingaweb2 icingacli
Point the Apache web root directory to the location of Icinga Web 2:
# icingacli setup config webserver apache --document-root /usr/share/icingaweb2/public
systemctl restart httpd.service
Setting up FPM
On CentOS you want to run Icinga Web 2 with PHP-FPM instead of the Apache module. The default pool www should be sufficient for Icinga Web 2.
# systemctl start rh-php71-php-fpm.service
systemctl enable rh-php71-php-fpm.service
All module packages for PHP have this SCL prefix, so you can install a database module like this:
# yum install rh-php71-php-mysqlnd
Add a few missing features
Installing ImageMagick from Repository
First, install following prerequisite php-pear, php-devel and gcc packages to compile imagick PHP extension.
# yum -y install php-pear php-devel gcc
Once you’ve installed php-pear, php-devel and gcc packages, you may now install ImageMagick software for PHP and Perl support using yum command.
# yum -y install ImageMagick ImageMagick-devel ImageMagick-perl
yum -y install sclo-php71-php-pecl-imagick
Next, verify that ImageMagick has been installed on your system by checking its version.
# convert --version
Version: ImageMagick 6.7.8-9 2019-02-01 Q16 http://www.imagemagick.org
Copyright: Copyright (C) 1999-2012 ImageMagick Studio LLC
Features: OpenMP
Then restart tje FPM service:
systemctl restart rh-php71-php-fpm.service
First time launch of Icinga Web 2 configuration
Generate a setup token for later use in the web interface:
icingacli setup token create
Initiate the Icinga 2 installation wizard in the web interface. Point your web browser to the following URL:
http://<your-server-ip>/icingaweb2/setup
On the Welcome page, input the setup token you generated earlier, and then click the “Next” button.
On the Modules page, select modules you want to enable (at least, the Monitoring module is required), and then click the “Next” button.
On the Requirements page, make sure that every requirement item is satisfied, and then click the “Next” button.
On the Authentication page, you need to choose the authentication method when accessing Icinga Web 2. Here, you can choose Database, and then click the “Next” button.
On the Database Resource page, fill out all required fields as below, and then click the “Next” button.
Resource Name*: icingaweb_db Database Type*: MySQL Host*: localhost Database Name*: icingaweb2 Username*: root Password*: <MariaDB-root-password>
On the Authentication Backend page, using the default backend name icingaweb2, click the Next button to move on.
On the Administration page, setup the first Icinga Web 2 administrative account (for example: admin) and password (<mypassword>), and then click the “Next” button.
On the Application Configuration page, you can adjust application- and logging-related configuration options to fit your needs. For now, you can use the default values listed below and click the “Next” button to proceed.
Show Stacktraces: Checked User Preference Storage Type*: Database Logging Type*: Syslog Logging Level*: Error Application Prefix*: icingaweb2
On the Review page, double check your configuration, and then click the Next button.
On the Monitoring Module Configuration Welcome page, click the Next button.
On the Monitoring Backend page, use the default backend name icinga and backend type IDO, and then click the “Next” button.
On the Monitoring IDO Resource page, input IDO database details you setup earlier, and then click the “Next” button.
Resource Name*: icinga_ido Database Type*: MySQL Host*: localhost Database Name*: icinga Username*: icinga Password*: icinga
On the Command Transport page, still use these default values listed below. Click the Next button to move on.
Transport Name*: icinga2 Transport Type*: Local Command File Command File*: /var/run/icinga2/cmd/icinga2.cmd
7.19) On the Monitoring Security page, still use the default value:
Protected Custom Variables: *pw*,*pass*,community
Click the “Next” button to go to next page.
On the review page, double check your configuration, and then click the Finish button.
7.21) On the Congratulations! page, click the Login to Icinga Web 2 link to jump to the Icinga Web 2 login page. Use the Icinga Web 2 administrative account and password you setup earlier to log in.
That concludes our tutorial. Thank you for reading.
We used inputs from following websites:
https://www.vultr.com/docs/how-to-install-icinga-2-and-icinga-web-2-on-centos-7
https://techgoat.net/index.php?id=115
https://www.tecmint.com/install-imagemagick-in-linux/
https://icinga.com/docs/icingaweb2/latest/doc/02-Installation/
Appendix: SELinux notes
In case you want/need to use SELinux, you have the possibility to install the package “icinga2-selinux”, afterwards you can apply the policy package by using audit2allow.
# yum -y install icinga2-selinux