如何在icinga2中添加主机和管理服务
时间:2020-03-05 15:30:33 来源:igfitidea点击:
之前我们学习如何使用icinga web2接口安装和配置ICinga2.
现在是时候向我们的监控系统介绍一些主机了。
与Nagios不同,我们可以自动将主机添加到ICingA2系统中。
与其他监控系统相比,配置非常简单且简单。
如前所述,监控服务器和客户端节点之间的通信更安全比较其他版本。
所有通信通过TLS连接,与初始化的ICinga2服务器通过ICinga2服务器设置。
让我们从如何将主机添加到我们的监控系统的过程中。
你可以看看工作流程。
配置ICingA2主节点
我们已经设置了ICinga2主节点,现在我们需要进行以下初始化以允许我们的主机节点安全地连接到它们。
我们需要运行此命令"icinga2节点向导"以运行安装向导。
root@ubuntu:~# icinga2 node wizard Welcome to the Icinga 2 Setup Wizard! We'll guide you through all required configuration details.
安装向导会询问我们是否是卫星或者主设备。
由于我们在主服务器上运行它,我们可以键入'n'。
通过键入'n',它安装主设置并开始为安全TLS通信生成证书。
Please specify if this is a satellite setup ('n' installs a master setup) [Y/n]: n
Starting the Master setup routine...
Please specifiy the common name (CN) [ubuntu.icinga-master.com]:
Checking for existing certificates for common name 'ubuntu.icinga-master.com'...
Certificates not yet generated. Running 'api setup' now.
information/cli: Generating new CA.
information/base: Writing private key to '/var/lib/icinga2/ca/ca.key'.
information/base: Writing X509 certificate to '/var/lib/icinga2/ca/ca.crt'.
information/cli: Generating new CSR in '/etc/icinga2/pki/ubuntu.icinga-master.com.csr'.
information/base: Writing private key to '/etc/icinga2/pki/ubuntu.icinga-master.com.key'.
information/base: Writing certificate signing request to '/etc/icinga2/pki/ubuntu.icinga-master.com.csr'.
information/cli: Signing CSR with CA and writing certificate to '/etc/icinga2/pki/ubuntu.icinga-master.com.crt'.
information/cli: Copying CA certificate to '/etc/icinga2/pki/ca.crt'.
Generating master configuration for Icinga 2.
information/cli: Adding new ApiUser 'root' in '/etc/icinga2/conf.d/api-users.conf'.
information/cli: Enabling the 'api' feature.
Enabling feature api. Make sure to restart Icinga 2 for these changes to take effect.
information/cli: Dumping config items to file '/etc/icinga2/zones.conf'.
information/cli: Created backup file '/etc/icinga2/zones.conf.orig'.
我们不需要更改端口,因此请将其留下。
Please specify the API bind host/port (optional): Bind Host []: Bind Port []: information/cli: Created backup file '/etc/icinga2/features-available/api.conf.orig'. information/cli: Updating constants.conf. information/cli: Created backup file '/etc/icinga2/constants.conf.orig'. information/cli: Updating constants file '/etc/icinga2/constants.conf'. information/cli: Updating constants file '/etc/icinga2/constants.conf'. information/cli: Updating constants file '/etc/icinga2/constants.conf'. Done. Now restart your Icinga 2 daemon to finish the installation!
运行此设置向导后,我们需要重新启动ICinga2服务。
root@ubuntu:~# systemctl restart icinga2
安装和配置ICinga2-Client
我们需要在主机节点上安装ICinga2作为初始步骤。
为此,我们需要将icinga2存储库添加到主机节点并更新APT存储库包。
root@ubuntu:~# apt install software-properties-common root@ubuntu:~# add-apt-repository ppa:formorer/icinga This PPA provides Icinga 1, Icinga 2 and Icinga web Packages for Ubuntu. They are directly derived from the Debian Packages that I maintain within Debian. More info: https://launchpad.net/~formorer/+archive/ubuntu/icinga Press [ENTER] to continue or ctrl-c to cancel adding it gpg: keyring `/tmp/tmpcrlq876s/secring.gpg' created gpg: keyring `/tmp/tmpcrlq876s/pubring.gpg' created gpg: requesting key 36862847 from hkp server keyserver.ubuntu.com gpg: /tmp/tmpcrlq876s/trustdb.gpg: trustdb created gpg: key 36862847: public key "Launchpad PPA for Alexander Wirt" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) OK root@ubuntu:~#apt-get update root@ubuntu:~# apt-get install icinga2 Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: icinga2-bin icinga2-common icinga2-doc libboost-program-options1.58.0 libboost-regex1.58.0 libboost-system1.58.0 libboost-thread1.58.0 libicinga2 libyajl2 monitoring-plugins-basic monitoring-plugins-common Suggested packages: icinga2-studio vim-icinga2 icinga | icinga | nagios3 The following NEW packages will be installed: Creating config file /etc/nagios-plugins/config/dhcp.cfg with new version Creating config file /etc/nagios-plugins/config/disk.cfg with new version Creating config file /etc/nagios-plugins/config/dummy.cfg with new version Creating config file /etc/nagios-plugins/config/ftp.cfg with new version Creating config file /etc/nagios-plugins/config/http.cfg with new version Creating config file /etc/nagios-plugins/config/load.cfg with new version Creating config file /etc/nagios-plugins/config/mail.cfg with new version Creating config file /etc/nagios-plugins/config/news.cfg with new version Creating config file /etc/nagios-plugins/config/ntp.cfg with new version Creating config file /etc/nagios-plugins/config/ping.cfg with new version Creating config file /etc/nagios-plugins/config/procs.cfg with new version Creating config file /etc/nagios-plugins/config/real.cfg with new version Creating config file /etc/nagios-plugins/config/ssh.cfg with new version Creating config file /etc/nagios-plugins/config/tcp_udp.cfg with new version Creating config file /etc/nagios-plugins/config/telnet.cfg with new version Creating config file /etc/nagios-plugins/config/users.cfg with new version Setcap for check_icmp and check_dhcp worked! Processing triggers for libc-bin (2.23-0ubuntu3) ... Processing triggers for ureadahead (0.100.0-19) ... Processing triggers for systemd (229-4ubuntu4) ...
现在我们需要在我们的主机节点上运行设置向导并安装卫星设置。
root@ubuntu:~# icinga2 node wizard Welcome to the Icinga 2 Setup Wizard! We'll guide you through all required configuration details.
由于,这是我们的Satelite设置,我们需要输入'Y'继续我们的卫星设置。
Please specify if this is a satellite setup ('n' installs a master setup) [Y/n]: yes
这将与卫星节点设置进行,并为TLS通信安装所需的证书。
Starting the Node setup routine... Please specifiy the common name (CN) [host1.icinga2server.com]: Please specify the master endpoint(s) this node should connect to: Master Common Name (CN from your master setup): ubuntu.icinga-master.com Do you want to establish a connection to the master from this node? [Y/n]: y Please fill out the master connection information: Master endpoint host (Your master's IP address or FQDN): 139.162.55.62 Master endpoint port [5665]: Add more master endpoints? [y/N]: Please specify the master connection for CSR auto-signing (defaults to master endpoint host): Host [139.162.55.62]: Port [5665]: information/base: Writing private key to '/etc/icinga2/pki/host1.icinga2server.com.key'. information/base: Writing X509 certificate to '/etc/icinga2/pki/host1.icinga2server.com.crt'. information/cli: Fetching public certificate from master (139.162.55.62, 5665): Certificate information: Subject: CN = ubuntu.icinga-master.com Issuer: CN = Icinga CA Valid From: Jun 26 06:49:50 2015 GMT Valid Until: Jun 23 06:49:50 2031 GMT Fingerprint: 13 8A 73 C5 36 E7 1D DA FE 9D E1 E6 1E 32 ED E2 3C 6B 48 E8 Is this information correct? [y/N]: yes
我们需要提供主机信息和主服务器信息来完成节点设置。
提供详细信息后,它将进入CSR自动签名。
此后,ICinga 2在主机节点上保存某些配置,并设置安全连接。
保存这些证书后,需要通过主服务器验证,以证明我们实际上是指挥的服务器和批准这种安全通信。
为此,我在我的主服务器上运行此"icinga2 pki票--cn' host1.icinga2server.com",并提供了在节点设置中生成的代码进一步继续。
Please specify the request ticket generated on your Icinga 2 master. (Hint: # icinga2 pki ticket --cn 'host1.icinga2server.com'): 836289c1bcd427879b06703dfb35aa122bf89dc2 information/cli: Requesting certificate with ticket '836289c1bcd427879b06703dfb35aa122bf89dc2'. warning/cli: Backup file '/etc/icinga2/pki/host1.icinga2server.com.crt.orig' already exists. Skipping backup. information/cli: Writing signed certificate to file '/etc/icinga2/pki/host1.icinga2server.com.crt'. information/cli: Writing CA certificate to file '/etc/icinga2/pki/ca.crt'.
签署证书后,它会要求API /绑定端口。
我们可以像以前一样跳过此部分,然后继续配置配置。
Please specify the API bind host/port (optional): Bind Host []: Bind Port []: Accept config from master? [y/N]: y Accept commands from master? [y/N]: y information/cli: Disabling the Notification feature. Disabling feature notification. Make sure to restart Icinga 2 for these changes to take effect. information/cli: Enabling the Api listener feature. Enabling feature api. Make sure to restart Icinga 2 for these changes to take effect. information/cli: Created backup file '/etc/icinga2/features-available/api.conf.orig'. information/cli: Generating local zones.conf. information/cli: Dumping config items to file '/etc/icinga2/zones.conf'. information/cli: Created backup file '/etc/icinga2/zones.conf.orig'. information/cli: Updating constants.conf. information/cli: Created backup file '/etc/icinga2/constants.conf.orig'. information/cli: Updating constants file '/etc/icinga2/constants.conf'. information/cli: Updating constants file '/etc/icinga2/constants.conf'. Done. Now restart your Icinga 2 daemon to finish the installation!
一旦节点设置完成,我们需要重新启动主机侧的icinga2守护程序。
从客户端更新配置到Master
现在我们可以返回我们的主服务器并使用主机添加确认。
我们可以运行此命令以列出添加到服务器的主机节点和服务。
root@ubuntu:~# icinga2 node list Node 'host1.icinga2server.com' (last seen: Sun Jun 26 07:03:40 2015) * Host 'host1.icinga2server.com' * Service 'apt' * Service 'disk' * Service 'disk /' * Service 'http' * Service 'icinga' * Service 'load' * Service 'ping4' * Service 'ping6' * Service 'procs' * Service 'ssh' * Service 'swap' * Service 'users' root@ubuntu:~#
现在我们需要更新ICinga2主配置以更新这些修改并将主机节点添加到监控检查。
root@ubuntu:~#icinga2 node update-config root@ubuntu:~# systemctl restart icinga2
最后,我们可以重新启动服务以保存这些更改,并在ICinga Web2接口中查看我们的主机节点。
我们可以使用我们的管理员凭据登录http://139.162.55.62/icingaweb2/并确认主机状态。
在ICinga2中管理服务
我们可以从上面的屏幕截图看,HTTP服务在我的客户端服务器中显示了关键。
我在我的客户端服务器上未安装Apache,因此我实际上不需要在客户端服务器中监视HTTP服务。
让我们看看我如何从监控服务中删除该服务。
当客户端服务器添加到主设备时,它会在icinga2配置路径中为主服务器上的存储库中的该客户端服务器创建一个客户端服务器的文件夹,其主机名如下所示:
root@ubuntu:/etc/icinga2/repository.d/hosts# ls -l total 8 drwxr-x--- 2 nagios nagios 4096 Jun 26 07:04 host1.icinga2server.com -rw-r--r-- 1 root root 100 Jun 26 07:04 host1.icinga2server.com.conf root@ubuntu:/etc/icinga2/repository.d/hosts#
我们需要在客户端文件夹"host1.icinga2server.com"中,并查看在初始化上添加到主机中的服务文件。
root@ubuntu:/etc/icinga2/repository.d/hosts/host1.icinga2server.com# ls -l total 48 -rw-r--r-- 1 root root 152 Jun 26 07:04 apt.conf -rw-r--r-- 1 root root 155 Jun 26 07:04 disk %2F.conf -rw-r--r-- 1 root root 153 Jun 26 07:04 disk.conf -rw-r--r-- 1 root root 153 Jun 26 07:04 http.conf -rw-r--r-- 1 root root 155 Jun 26 07:04 icinga.conf -rw-r--r-- 1 root root 153 Jun 26 07:04 load.conf -rw-r--r-- 1 root root 154 Jun 26 07:04 ping4.conf -rw-r--r-- 1 root root 154 Jun 26 07:04 ping6.conf -rw-r--r-- 1 root root 154 Jun 26 07:04 procs.conf -rw-r--r-- 1 root root 152 Jun 26 07:04 ssh.conf -rw-r--r-- 1 root root 153 Jun 26 07:04 swap.conf -rw-r--r-- 1 root root 154 Jun 26 07:04 users.conf
我们可以看到驻留在此文件夹中的特定主机的所有服务配置文件。
现在我们需要删除我们需要从监视中禁用的那些服务检查文件。
例如:在我们的情况下,我们需要禁用HTTP服务,因此,我正在从这个文件夹中移动http.conf。
或者我们可以删除它或者只是移动这些文件。
root@ubuntu:/etc/icinga2/repository.d/hosts/host1.icinga2server.com# mv http.conf http.conf-disabled
在进行任何更改后,我们需要重新加载服务器上的ICingA2服务。
root@ubuntu:/etc/icinga2# service icinga2 reload
我们可以从Web界面确认,无论是删除该服务。
但是,可以在更新主服务器上的节点配置时重新启用此服务监控。
如果该服务仍然列为该客户,如下所示:
root@ubuntu:~# icinga2 node list Node 'host1.icinga2server.com' (last seen: Wed Jun 29 12:31:20 2015) * Host 'host1.icinga2server.com' * Service 'Icinga Web 2' * Service 'apt' * Service 'disk' * Service 'disk /' * Service 'http' * Service 'icinga' * Service 'load' * Service 'ping4' * Service 'ping6' * Service 'procs' * Service 'ssh' * Service 'swap' * Service 'users'
因此,我们需要从节点列表中删除此功能。
让我们看看我们如何做到这一点。
1.登录客户端服务器并移动到名为"/etc/icinga2/conf.d"的文件夹,我们可以看到hosts.conf文件。
root@host1:/etc/icinga2/conf.d# ls -l total 48 -rw-r--r-- 1 root root 35 Jan 19 12:56 app.conf -rw-r--r-- 1 root root 114 Jan 17 11:03 apt.conf -rw-r--r-- 1 root root 1300 Jan 19 12:56 commands.conf -rw-r--r-- 1 root root 542 Jan 19 12:56 downtimes.conf -rw-r--r-- 1 root root 638 Jan 19 12:56 groups.conf -rw-r--r-- 1 root root 1501 Jan 19 12:56 hosts.conf -rw-r--r-- 1 root root 674 Jan 19 12:56 notifications.conf -rw-r--r-- 1 root root 801 Jan 19 12:56 satellite.conf -rw-r--r-- 1 root root 2131 Jun 29 06:37 services.conf -rw-r--r-- 1 root root 1654 Jan 19 12:56 templates.conf -rw-r--r-- 1 root root 906 Jan 19 12:56 timeperiods.conf -rw-r--r-- 1 root root 308 Jan 19 12:56 users.conf
现在我们需要编辑hosts.conf文件并从那里注释http服务检查部分。
在客户端服务器上重新启动ICingA2服务以更新这些更改。
2.返回主服务器,重新加载ICinga2服务并更新节点配置。
root @ ubuntu:/etc/icinga2service icinga2重新加载
root@ubuntu:/etc/icinga2# icinga2 node update-config
现在我们可以确认从主配置中删除HTTP服务。
root@ubuntu:~# icinga2 node list Node 'host1.icinga2server.com' (last seen: Wed Jun 29 12:46:51 2015) * Host 'host1.icinga2server.com' * Service 'Icinga Web 2' * Service 'apt' * Service 'disk' * Service 'disk /' * Service 'icinga' * Service 'load' * Service 'ping4' * Service 'ping6' * Service 'procs' * Service 'ssh' * Service 'swap' * Service 'users'
同样,我们可以在ICinga2中添加或者删除任何服务。
