Icinga2 mit Master/Satelite-Setup
Version vom 18. Oktober 2017, 08:40 Uhr von Janning (Diskussion | Beiträge) (→Konfiguration testen)
Master
Vorrausetzungen
- Installation Icinga2
- Installation Icingaweb2
Zertifikate erstellen und ins richtige Verzeichnis kopieren
Auf einer Certifikate Authority
- openssl genrsa -out saitama.xinux.int.key 2048
- openssl req -new -config /etc/ssl/openssl.cnf -key saitama.xinux.int.key -out saitama.xinux.int.csr
- openssl ca -config /etc/ssl/openssl.cnf -cert ca.crt -days 3650 -keyfile ca.key -in saitama.xinux.int.csr -out saitama.xinux.int.crt
- scp ca.crt saitama.xinux.int.key saitama.xinux.int.crt root@saitama.xinux.int:/etc/icinga2/pki
Hosts und Hostname anpassen
- hostname saitama.xinux.int
- vi /etc/hosts
127.0.0.1 localhost 10.82.50.25 saitama.xinux.int
do not include conf.d
- vi /etc/icinga2/icinga2.conf
... /** * Although in theory you could define all your objects in this file * the preferred way is to create separate directories and files in the conf.d * directory. Each of these files must have the file extension ".conf". */ #/include_recursive "conf.d"
zones.conf anpassen
- vi /etc/icinga2/zones.conf
object Endpoint "saitama.xinux.int" {
host = "saitama.xinux.int"
}
object Endpoint "xenos.xinux.int" {
host = "xenos.xinux.int"
}
object Zone "master" {
endpoints = [ "saitama.xinux.int" ]
}
object Zone "xinux-int" {
endpoints = [ "xenos.xinux.int" ]
parent = "master"
}
object Zone "global-templates" {
global = true
}
Directorys für Zonen anlegen
- mkdir /etc/icinga2/zones.d/master
- mkdir /etc/icinga2/zones.d/xinux-int
- mkdir /etc/icinga2/zones.d/global-templates
Globale Konfigurationen nach global-templates kopieren
- cd /etc/icinga2/conf.d
- cp app.conf commands.conf downtimes.conf services.conf templates.conf timeperiods.conf users.conf /etc/icinga2/zones.d/global-templates
api-users.conf anlegen
- vi /etc/icinga2/zones.d/global-templates/api-users.conf
/**
* The APIUser objects are used for authentication against the API.
*/
object ApiUser "root" {
password = "ec895ac129fghdfb2"
// client_cn = ""
permissions = [ "*" ]
}
api-Feature aktivieren
- icinga2 feature enable api
Konfiguration für Host anlegen
- vi /etc/icinga2/zones.d/master/saitama.xinux.int.conf
object Host "saitama.xinux.int" {
import "generic-host"
display_name = "saitama.xinux.int"
address = "10.82.50.25"
vars.ssh_port = "xxxx"
vars.os = "Linux"
}
Konfiguration testen
- icinga2 daemon -C
Icinga2 neustarten
- systemctl restart icinga2.service
Satelite
Vorrausetzungen
- Installation Icinga2
- Installation Icingaweb2
Zertifikate erstellen und ins richtige Verzeichnis kopieren
Auf einer Certifikate Authority
- openssl genrsa -out xenos.xinux.int.key 2048
- openssl req -new -config /etc/ssl/openssl.cnf -key xenos.xinux.int.key -out xenos.xinux.int.csr
- openssl ca -config /etc/ssl/openssl.cnf -cert ca.crt -days 3650 -keyfile ca.key -in xenos.xinux.int.csr -out xenos.xinux.int.crt
- scp ca.crt xenos.xinux.int.key xenos.xinux.int.crt root@xenos.xinux.int:/etc/icinga2/pki
Hosts und Hostname anpassen
- hostname xenos.xinux.int
- vi /etc/hosts
127.0.0.1 localhost 10.82.50.26 xenos.xinux.int
zones.conf anpassen
- vi /etc/icinga2/zones.conf
object Endpoint "saitama.xinux.int" {
host = "saitama.xinux.int"
}
object Endpoint "xenos.xinux.int" {
host = "xenos.xinux.int"
}
object Zone "master" {
endpoints = [ "saitama.xinux.int" ]
}
object Zone "xinux-int" {
endpoints = [ "xenos.xinux.int" ]
parent = "master"
}
object Zone "global-templates" {
global = true
}
api-Feature aktivieren
- icinga2 feature enable api
Accept config from Master
- vi /etc/icinga2/features-available/api.conf
/**
* The API listener is used for distributed monitoring setups.
*/
object ApiListener "api" {
cert_path = SysconfDir + "/icinga2/pki/" + NodeName + ".crt"
key_path = SysconfDir + "/icinga2/pki/" + NodeName + ".key"
ca_path = SysconfDir + "/icinga2/pki/ca.crt"
ticket_salt = TicketSalt
accept_config = true
accept_commands = true
}
Konfiguration für Host auf Master anlegen
- vi /etc/icinga2/zones.d/xinux-int/xenos.xinux.int.conf
object Host "xenos.xinux.int" {
import "generic-host"
display_name = "xenos.xinux.int"
address = "10.82.50.26"
vars.ssh_port = "xxxx"
vars.client_endpoint = name
vars.os = "Linux"
}
Konfiguration testen (auf Master und Satelite)
- icinga2 daemon -C
Icinga2 neustarten
- systemctl restart icinga2.service
Client
Vorrausetzungen
- Installation Icinga2
Zertifikate erstellen und ins richtige Verzeichnis kopieren
Auf einer Certifikate Authority
- openssl genrsa -out boros.xinux.int.key 2048
- openssl req -new -config /etc/ssl/openssl.cnf -key boros.xinux.int.key -out boros.xinux.int.csr
- openssl ca -config /etc/ssl/openssl.cnf -cert ca.crt -days 3650 -keyfile ca.key -in boros.xinux.int.csr -out boros.xinux.int.crt
- scp ca.crt boros.xinux.int.key boros.xinux.int.crt root@boros.xinux.int:/etc/icinga2/pki
Hosts und Hostname anpassen
- hostname boros.xinux.int
- vi /etc/hosts
127.0.0.1 localhost 10.82.50.27 boros.xinux.int
zones.conf anpassen
- vi /etc/icinga2/zones.conf
object Endpoint "xenos.xinux.int" {
}
object Endpoint "boros.xinux.int" {
}
object Zone "xinux-int" {
endpoints = [ "xenos.xinux.int" ]
}
object Zone "boros.xinux.int" {
endpoints = [ "boros.xinux.int" ]
parent = "xinux-int"
}
object Zone "global-templates" {
global = true
}
api-Feature aktivieren
- icinga2 feature enable api
Konfiguration für Host auf Master anlegen
- vi /etc/icinga2/zones.d/xinux-int/boros.xinux.int.conf
object Host "boros.xinux.int" {
import "generic-host"
vars.os = "Linux"
display_name = "boros.xinux.int"
address = "10.82.50.27"
vars.ssh_port = "xxxx"
vars.client_endpoint = name
}
Konfiguration testen (auf Master und Client)
- icinga2 daemon -C
Icinga2 neustarten (auf Master und Client)
- systemctl restart icinga2.service