Install icinga2 (3) - AKAI TSUKI
access to setup page by Chrome Browser
Install icinga2 (2) - AKAI TSUKI
# yum install -y httpd
==================================================================================================== Package Arch Version Repository Size ==================================================================================================== Installing: httpd x86_64 2.4.6-67.el7.centos.2 updates 2.7 M Installing for dependencies: apr x86_64 1.4.8-3.el7 base 103 k apr-util x86_64 1.5.2-6.el7 base 92 k httpd-tools x86_64 2.4.6-67.el7.centos.2 updates 88 k mailcap noarch 2.1.41-2.el7 base 31 k Transaction Summary ==================================================================================================== Install 1 Package (+4 Dependent packages)
# firewall-cmd --add-service=http success # firewall-cmd --permanent --add-service=http success #
# cp -p /etc/icinga2/features-available/ido-mysql.conf{,.org} # vi /etc/icinga2/features-available/ido-mysql.conf # diff /etc/icinga2/features-available/ido-mysql.conf{,.org} 9,12c9,12 < user = "icinga" < password = "icinga" < host = "localhost" < database = "icinga" --- > //user = "icinga" > //password = "icinga" > //host = "localhost" > //database = "icinga" # # systemctl restart icinga2
# icinga2 api setup information/cli: Generating new CA. information/base: Writing private key to '/var/lib/icinga2/ca/ca.key'. information/base: Writing X509 certificate to '/var/lib/icinga2/ca/ca.crt'. information/cli: Generating new CSR in '/etc/icinga2/pki/cent7no06.csr'. information/base: Writing private key to '/etc/icinga2/pki/cent7no06.key'. information/base: Writing certificate signing request to '/etc/icinga2/pki/cent7no06.csr'. information/cli: Signing CSR with CA and writing certificate to '/etc/icinga2/pki/cent7no06.crt'. information/pki: Writing certificate to file '/etc/icinga2/pki/cent7no06.crt'. information/cli: Copying CA certificate to '/etc/icinga2/pki/ca.crt'. information/cli: Adding new ApiUser 'root' in '/etc/icinga2/conf.d/api-users.conf'. information/cli: Enabling the 'api' feature. Enabling feature api. Make sure to restart Icinga 2 for these changes to take effect. Done. Now restart your Icinga 2 daemon to finish the installation! # cat /etc/icinga2/conf.d/api-users.conf /** * The APIUser objects are used for authentication against the API. */ object ApiUser "root" { password = "(generated password)" // client_cn = "" permissions = [ "*" ] } # # systemctl restart icinga2 #
# yum install -y icingaweb2 icingacli
==================================================================================================== Package Arch Version Repository Size ==================================================================================================== Installing: icingacli noarch 2.4.1-1.el7.centos icinga-stable-release 6.6 k icingaweb2 noarch 2.4.1-1.el7.centos icinga-stable-release 1.5 M Installing for dependencies: ImageMagick x86_64 6.7.8.9-15.el7_2 base 2.1 M OpenEXR-libs x86_64 1.7.1-7.el7 base 217 k bash-completion noarch 1:2.1-6.el7 base 85 k cairo x86_64 1.14.8-2.el7 base 713 k fontconfig x86_64 2.10.95-11.el7 base 229 k fontpackages-filesystem noarch 1.44-8.el7 base 9.9 k gdk-pixbuf2 x86_64 2.36.5-1.el7 base 567 k ghostscript x86_64 9.07-28.el7_4.2 updates 4.3 M ghostscript-fonts noarch 5.50-32.el7 base 324 k graphite2 x86_64 1.3.10-1.el7_3 updates 115 k harfbuzz x86_64 1.3.2-1.el7 base 177 k icingaweb2-common noarch 2.4.1-1.el7.centos icinga-stable-release 106 k icingaweb2-vendor-HTMLPurifier noarch 4.8.0-1.el7.centos icinga-stable-release 261 k icingaweb2-vendor-JShrink noarch 1.1.0-1.el7.centos icinga-stable-release 8.3 k icingaweb2-vendor-Parsedown noarch 1.6.0-1.el7.centos icinga-stable-release 9.8 k icingaweb2-vendor-dompdf noarch 0.7.0-1.el7.centos icinga-stable-release 2.1 M icingaweb2-vendor-lessphp noarch 0.4.0-1.el7.centos icinga-stable-release 37 k icingaweb2-vendor-zf1 noarch 1.12.20-1.el7.centos icinga-stable-release 678 k ilmbase x86_64 1.0.3-7.el7 base 100 k jasper-libs x86_64 1.900.1-31.el7 base 150 k jbigkit-libs x86_64 2.0-11.el7 base 46 k lcms2 x86_64 2.6-3.el7 base 150 k libICE x86_64 1.0.9-9.el7 base 66 k libSM x86_64 1.2.2-2.el7 base 39 k libX11 x86_64 1.6.5-1.el7 base 606 k libX11-common noarch 1.6.5-1.el7 base 164 k libXau x86_64 1.0.8-2.1.el7 base 29 k libXdamage x86_64 1.1.4-4.1.el7 base 20 k libXext x86_64 1.3.3-3.el7 base 39 k libXfixes x86_64 5.0.3-1.el7 base 18 k libXfont x86_64 1.5.2-1.el7 base 152 k libXft x86_64 2.3.2-2.el7 base 58 k libXpm x86_64 3.5.12-1.el7 base 55 k libXrender x86_64 0.9.10-1.el7 base 26 k libXt x86_64 1.1.5-3.el7 base 173 k libXxf86vm x86_64 1.1.4-1.el7 base 18 k libfontenc x86_64 1.1.3-3.el7 base 31 k libjpeg-turbo x86_64 1.2.90-5.el7 base 134 k libpng x86_64 2:1.5.13-7.el7_2 base 213 k librsvg2 x86_64 2.40.16-1.el7 base 128 k libthai x86_64 0.1.14-9.el7 base 187 k libtiff x86_64 4.0.3-27.el7_3 base 170 k libtool-ltdl x86_64 2.4.2-22.el7_3 base 49 k libwmf-lite x86_64 0.2.8.4-41.el7_1 base 66 k libxcb x86_64 1.12-1.el7 base 211 k libxshmfence x86_64 1.2-1.el7 base 7.2 k libxslt x86_64 1.1.28-5.el7 base 242 k libzip x86_64 0.10.1-8.el7 base 48 k lyx-fonts noarch 2.2.3-1.el7 epel 159 k mesa-libEGL x86_64 17.0.1-6.20170307.el7 base 82 k mesa-libGL x86_64 17.0.1-6.20170307.el7 base 155 k mesa-libgbm x86_64 17.0.1-6.20170307.el7 base 32 k mesa-libglapi x86_64 17.0.1-6.20170307.el7 base 41 k pango x86_64 1.40.4-1.el7 base 275 k php x86_64 5.4.16-42.el7 base 1.4 M php-Icinga noarch 2.4.1-1.el7.centos icinga-stable-release 295 k php-cli x86_64 5.4.16-42.el7 base 2.7 M php-common x86_64 5.4.16-42.el7 base 564 k php-gd x86_64 5.4.16-42.el7 base 127 k php-intl x86_64 5.4.16-42.el7 base 97 k php-pear noarch 1:1.9.4-21.el7 base 357 k php-pecl-imagick x86_64 3.1.0-0.6.RC2.el7 epel 96 k php-process x86_64 5.4.16-42.el7 base 55 k php-xml x86_64 5.4.16-42.el7 base 125 k pixman x86_64 0.34.0-1.el7 base 248 k poppler-data noarch 0.4.6-3.el7 base 2.2 M t1lib x86_64 5.1.2-14.el7 base 166 k urw-fonts noarch 2.4-16.el7 base 3.0 M xorg-x11-font-utils x86_64 1:7.5-20.el7 base 87 k Updating for dependencies: glib2 x86_64 2.50.3-3.el7 base 2.3 M Transaction Summary ==================================================================================================== Install 2 Packages (+69 Dependent packages) Upgrade ( 1 Dependent package)
# cp -p /etc/php.ini{,.org} # vi /etc/php.ini # diff /etc/php.ini /etc/php.ini.org 879d878 < date.timezone = "Asia/Tokyo" #
# yum install -y php-ldap php-pdo php-mysql
==================================================================================================== Package Arch Version Repository Size ==================================================================================================== Installing: php-ldap x86_64 5.4.16-42.el7 base 52 k php-mysql x86_64 5.4.16-42.el7 base 101 k php-pdo x86_64 5.4.16-42.el7 base 98 k Transaction Summary ==================================================================================================== Install 3 Packages
# icinga2 feature list Disabled features: command compatlog debuglog gelf graphite influxdb livestatus opentsdb perfdata statusdata syslog Enabled features: api checker ido-mysql mainlog notification # # icinga2 feature enable command Enabling feature command. Make sure to restart Icinga 2 for these changes to take effect. #
# grep icingaweb2 /etc/group icingaweb2:x:992:apache # id apache uid=48(apache) gid=48(apache) groups=48(apache),993(icingacmd),992(icingaweb2) #
# icingacli setup token create The newly generated setup token is: (generated token) # icingacli setup token show The current setup token is: (generated token) #
# systemctl restart httpd #
please check
Install icinga2 (1) - AKAI TSUKI
# yum install -y mariadb mariadb-server
==================================================================================================== Package Arch Version Repository Size ==================================================================================================== Installing: mariadb x86_64 1:5.5.56-2.el7 base 8.7 M mariadb-server x86_64 1:5.5.56-2.el7 base 11 M Installing for dependencies: perl-Compress-Raw-Bzip2 x86_64 2.061-3.el7 base 32 k perl-Compress-Raw-Zlib x86_64 1:2.061-4.el7 base 57 k perl-DBD-MySQL x86_64 4.023-5.el7 base 140 k perl-DBI x86_64 1.627-4.el7 base 802 k perl-Data-Dumper x86_64 2.145-3.el7 base 47 k perl-IO-Compress noarch 2.061-2.el7 base 260 k perl-Net-Daemon noarch 0.48-5.el7 base 51 k perl-PlRPC noarch 0.2020-14.el7 base 36 k Updating for dependencies: mariadb-libs x86_64 1:5.5.56-2.el7 base 757 k Transaction Summary ==================================================================================================== Install 2 Packages (+8 Dependent packages) Upgrade ( 1 Dependent package)
# systemctl enable mariadb Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service. # systemctl start mariadb #
# mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. Set root password? [Y/n] Y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB! #
# yum install -y icinga2-ido-mysql
==================================================================================================== Package Arch Version Repository Size ==================================================================================================== Installing: icinga2-ido-mysql x86_64 2.7.0-1.el7.icinga icinga-stable-release 185 k Transaction Summary ==================================================================================================== Install 1 Package
# mysql -u root -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 10 Server version: 5.5.56-MariaDB MariaDB Server Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE icinga; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE ON icinga.* TO 'icinga'@'localhost' IDENTIFIED BY '(your icinga pass)'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> quit Bye #
# mysql -u root -p icinga < /usr/share/icinga2-ido-mysql/schema/mysql.sql Enter password: #
# icinga2 feature enable ido-mysql warning/cli: Feature 'ido-mysql' already enabled. # icinga2 feature list Disabled features: api command compatlog debuglog gelf graphite influxdb livestatus opentsdb perfdata statusdata syslog Enabled features: checker ido-mysql mainlog notification #
# getenforce Disabled #
# cat /etc/sysconfig/selinux | grep -v "^#" | grep -v "^$" SELINUX=disabled SELINUXTYPE=targeted #
# yum install -y https://packages.icinga.com/epel/icinga-rpm-release-7-latest.noarch.rpm
==================================================================================================== Package Arch Version Repository Size ==================================================================================================== Installing: icinga-rpm-release noarch 7-2.el7.centos /icinga-rpm-release-7-latest.noarch 2.1 k Transaction Summary ==================================================================================================== Install 1 Package
# yum install -y epel-release
==================================================================================================== Package Arch Version Repository Size ==================================================================================================== Installing: epel-release noarch 7-9 extras 14 k Transaction Summary ==================================================================================================== Install 1 Package
# yum install -y icinga2 nagios-plugins-all
==================================================================================================== Package Arch Version Repository Size ==================================================================================================== Installing: icinga2 x86_64 2.7.0-1.el7.icinga icinga-stable-release 9.2 k nagios-plugins-all x86_64 2.2.1-4git.el7 epel 17 k Installing for dependencies: autogen-libopts x86_64 5.18-5.el7 base 66 k avahi-libs x86_64 0.6.31-17.el7 base 61 k bind-libs x86_64 32:9.9.4-51.el7 updates 1.0 M bind-utils x86_64 32:9.9.4-51.el7 updates 203 k boost-program-options x86_64 1.53.0-27.el7 base 156 k boost-regex x86_64 1.53.0-27.el7 base 300 k boost-system x86_64 1.53.0-27.el7 base 40 k boost-thread x86_64 1.53.0-27.el7 base 57 k cups-libs x86_64 1:1.6.3-29.el7 base 356 k fping x86_64 3.10-4.el7 epel 46 k icinga2-bin x86_64 2.7.0-1.el7.icinga icinga-stable-release 149 k icinga2-common x86_64 2.7.0-1.el7.icinga icinga-stable-release 126 k icinga2-libs x86_64 2.7.0-1.el7.icinga icinga-stable-release 2.7 M libarchive x86_64 3.1.2-10.el7_2 base 318 k libicu x86_64 50.1.2-15.el7 base 6.9 M libldb x86_64 1.1.29-1.el7 base 128 k libsmbclient x86_64 4.6.2-10.el7_4 updates 129 k libtalloc x86_64 2.1.9-1.el7 base 33 k libtdb x86_64 1.3.12-2.el7 base 47 k libtevent x86_64 0.9.31-1.el7 base 36 k libtirpc x86_64 0.2.4-0.10.el7 base 88 k libwbclient x86_64 4.6.2-10.el7_4 updates 104 k lm_sensors x86_64 3.4.0-4.20160601gitf9185e5.el7 base 140 k lm_sensors-libs x86_64 3.4.0-4.20160601gitf9185e5.el7 base 41 k nagios-common x86_64 4.3.2-8.el7 epel 23 k nagios-plugins x86_64 2.2.1-4git.el7 epel 251 k nagios-plugins-breeze x86_64 2.2.1-4git.el7 epel 18 k nagios-plugins-by_ssh x86_64 2.2.1-4git.el7 epel 44 k nagios-plugins-cluster x86_64 2.2.1-4git.el7 epel 37 k nagios-plugins-dhcp x86_64 2.2.1-4git.el7 epel 44 k nagios-plugins-dig x86_64 2.2.1-4git.el7 epel 44 k nagios-plugins-disk x86_64 2.2.1-4git.el7 epel 45 k nagios-plugins-disk_smb x86_64 2.2.1-4git.el7 epel 21 k nagios-plugins-dns x86_64 2.2.1-4git.el7 epel 45 k nagios-plugins-dummy x86_64 2.2.1-4git.el7 epel 33 k nagios-plugins-file_age x86_64 2.2.1-4git.el7 epel 19 k nagios-plugins-flexlm x86_64 2.2.1-4git.el7 epel 20 k nagios-plugins-fping x86_64 2.2.1-4git.el7 epel 43 k nagios-plugins-game x86_64 2.2.1-4git.el7 epel 39 k nagios-plugins-hpjd x86_64 2.2.1-4git.el7 epel 42 k nagios-plugins-http x86_64 2.2.1-4git.el7 epel 60 k nagios-plugins-icmp x86_64 2.2.1-4git.el7 epel 46 k nagios-plugins-ide_smart x86_64 2.2.1-4git.el7 epel 38 k nagios-plugins-ircd x86_64 2.2.1-4git.el7 epel 20 k nagios-plugins-ldap x86_64 2.2.1-4git.el7 epel 42 k nagios-plugins-load x86_64 2.2.1-4git.el7 epel 39 k nagios-plugins-log x86_64 2.2.1-4git.el7 epel 19 k nagios-plugins-mailq x86_64 2.2.1-4git.el7 epel 22 k nagios-plugins-mrtg x86_64 2.2.1-4git.el7 epel 39 k nagios-plugins-mrtgtraf x86_64 2.2.1-4git.el7 epel 38 k nagios-plugins-mysql x86_64 2.2.1-4git.el7 epel 50 k nagios-plugins-nagios x86_64 2.2.1-4git.el7 epel 39 k nagios-plugins-nt x86_64 2.2.1-4git.el7 epel 45 k nagios-plugins-ntp x86_64 2.2.1-4git.el7 epel 63 k nagios-plugins-ntp-perl x86_64 2.2.1-4git.el7 epel 22 k nagios-plugins-nwstat x86_64 2.2.1-4git.el7 epel 46 k nagios-plugins-oracle x86_64 2.2.1-4git.el7 epel 20 k nagios-plugins-overcr x86_64 2.2.1-4git.el7 epel 41 k nagios-plugins-perl x86_64 2.2.1-4git.el7 epel 18 k nagios-plugins-pgsql x86_64 2.2.1-4git.el7 epel 43 k nagios-plugins-ping x86_64 2.2.1-4git.el7 epel 45 k nagios-plugins-procs x86_64 2.2.1-4git.el7 epel 44 k nagios-plugins-real x86_64 2.2.1-4git.el7 epel 40 k nagios-plugins-rpc x86_64 2.2.1-4git.el7 epel 20 k nagios-plugins-sensors x86_64 2.2.1-4git.el7 epel 18 k nagios-plugins-smtp x86_64 2.2.1-4git.el7 epel 47 k nagios-plugins-snmp x86_64 2.2.1-4git.el7 epel 49 k nagios-plugins-ssh x86_64 2.2.1-4git.el7 epel 40 k nagios-plugins-swap x86_64 2.2.1-4git.el7 epel 38 k nagios-plugins-tcp x86_64 2.2.1-4git.el7 epel 47 k nagios-plugins-time x86_64 2.2.1-4git.el7 epel 40 k nagios-plugins-ups x86_64 2.2.1-4git.el7 epel 42 k nagios-plugins-users x86_64 2.2.1-4git.el7 epel 36 k nagios-plugins-wave x86_64 2.2.1-4git.el7 epel 18 k net-snmp-libs x86_64 1:5.7.2-28.el7 base 748 k net-snmp-utils x86_64 1:5.7.2-28.el7 base 197 k ntp x86_64 4.2.6p5-25.el7.centos.2 base 547 k ntpdate x86_64 4.2.6p5-25.el7.centos.2 base 86 k perl x86_64 4:5.16.3-292.el7 base 8.0 M perl-Carp noarch 1.26-244.el7 base 19 k perl-Encode x86_64 2.51-7.el7 base 1.5 M perl-Exporter noarch 5.68-3.el7 base 28 k perl-File-Path noarch 2.09-2.el7 base 26 k perl-File-Temp noarch 0.23.01-3.el7 base 56 k perl-Filter x86_64 1.49-3.el7 base 76 k perl-Getopt-Long noarch 2.40-2.el7 base 56 k perl-HTTP-Tiny noarch 0.033-3.el7 base 38 k perl-PathTools x86_64 3.40-5.el7 base 82 k perl-Pod-Escapes noarch 1:1.04-292.el7 base 51 k perl-Pod-Perldoc noarch 3.20-4.el7 base 87 k perl-Pod-Simple noarch 1:3.28-4.el7 base 216 k perl-Pod-Usage noarch 1.63-3.el7 base 27 k perl-Scalar-List-Utils x86_64 1.27-248.el7 base 36 k perl-Socket x86_64 2.010-4.el7 base 49 k perl-Storable x86_64 2.45-3.el7 base 77 k perl-Text-ParseWords noarch 3.29-4.el7 base 14 k perl-Time-HiRes x86_64 4:1.9725-3.el7 base 45 k perl-Time-Local noarch 1.2300-2.el7 base 24 k perl-constant noarch 1.27-2.el7 base 19 k perl-libs x86_64 4:5.16.3-292.el7 base 688 k perl-macros x86_64 4:5.16.3-292.el7 base 43 k perl-parent noarch 1:0.225-244.el7 base 12 k perl-podlators noarch 2.5.1-3.el7 base 112 k perl-threads x86_64 1.87-4.el7 base 49 k perl-threads-shared x86_64 1.43-6.el7 base 39 k postgresql-libs x86_64 9.2.23-1.el7_4 updates 233 k qstat x86_64 2.11-13.20080912svn311.el7 epel 167 k rpcbind x86_64 0.2.0-42.el7 base 59 k samba-client x86_64 4.6.2-10.el7_4 updates 598 k samba-client-libs x86_64 4.6.2-10.el7_4 updates 4.7 M samba-common noarch 4.6.2-10.el7_4 updates 197 k samba-common-libs x86_64 4.6.2-10.el7_4 updates 164 k Updating for dependencies: bind-libs-lite x86_64 32:9.9.4-51.el7 updates 732 k bind-license noarch 32:9.9.4-51.el7 updates 84 k krb5-libs x86_64 1.15.1-8.el7 base 747 k Transaction Summary ==================================================================================================== Install 2 Packages (+112 Dependent packages) Upgrade ( 3 Dependent packages)
# systemctl enable icinga2 Created symlink from /etc/systemd/system/multi-user.target.wants/icinga2.service to /usr/lib/systemd/system/icinga2.service. # systemctl start icinga2 #
# icinga2 feature list Disabled features: api command compatlog debuglog gelf graphite influxdb livestatus opentsdb perfdata statusdata syslog Enabled features: checker mainlog notification #
console.enabled
parameter set to false to disable Console.
in the case of true (default)
in the case of false
ref. Install OpenShift - AKAI TSUKI
ref. Configuring Authentication and User Agent | Installation and Configuration | OpenShift Origin Latest
at master node.
# yum install -y httpd-tools *snip* Installed: httpd-tools.x86_64 0:2.4.6-45.el7.centos.4 Dependency Installed: apr.x86_64 0:1.4.8-3.el7 apr-util.x86_64 0:1.5.2-6.el7 Complete! #
at master node.
# htpasswd -c /etc/origin/master/htpasswd user01 New password: Re-type new password: Adding password for user user01 #
at master node.
# grep -A8 identityProviders /etc/origin/master/master-config.yaml identityProviders: - challenge: true login: true mappingMethod: claim name: htpasswd_auth provider: apiVersion: v1 file: /etc/origin/master/htpasswd kind: HTPasswdPasswordIdentityProvider #
from my client to https://opshift01:8443/
as below
login
# oc login -u user01 Authentication required for https://opshift01:8443 (openshift) Username: user01 Password: Login successful. You have one project on this server: "testpj01" Using project "testpj01". #
I can not get node infomation by user01.
# oc get node Error from server (Forbidden): User "user01" cannot list all nodes in the cluster #
logout
# oc logout Logged "user01" out on "https://opshift01:8443" #