Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jwillikers/icinga-config

My configuration for the Icinga monitoring tool
https://github.com/jwillikers/icinga-config

config icinga icinga2 icingadb icingaweb monitoring snmp

Last synced: about 2 months ago
JSON representation

My configuration for the Icinga monitoring tool

Host: GitHub
URL: https://github.com/jwillikers/icinga-config
Owner: jwillikers
License: other
Created: 2023-10-28T14:45:51.000Z (about 1 year ago)
Default Branch: main
Last Pushed: 2024-08-10T13:57:37.000Z (5 months ago)
Last Synced: 2024-08-10T15:05:33.732Z (5 months ago)
Topics: config, icinga, icinga2, icingadb, icingaweb, monitoring, snmp
Language: Shell
Homepage:
Size: 258 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.adoc
- License: LICENSE.adoc
- Code of conduct: CODE_OF_CONDUCT.adoc

Awesome Lists containing this project

README

= Icinga Config
Jordan Williams
:experimental:
:icons: font
ifdef::env-github[]
:tip-caption: :bulb:
:note-caption: :information_source:
:important-caption: :heavy_exclamation_mark:
:caution-caption: :fire:
:warning-caption: :warning:
endif::[]
:Icinga: https://icinga.com/[Icinga]

My configuration for the {Icinga} monitoring tool.

// todo http://nagios.manubulon.com/index_snmp.html

== Usage

This repository contains the configuration files for {Icinga}.
The configuration is meant to be used with the containers from the https://github.com/jwillikers/home-lab-helm[Home Lab Helm] repository.

. Create a `Projects` directory in the current user's home directory.
+
[,sh]
----
mkdir --parents ~/Projects
----

. Clone this repository under `~/Projects`.
+
[,sh]
----
git -C ~/Projects clone [email protected]:jwillikers/icinga-config.git
----

. For each template file in the `etc/icinga2/constants.d` directory, copy it to the same directory without the `.template` extension.
+
Bash::
+
[,sh]
----
for host_template in etc/icinga2/constants.d/*.conf.template; do cp --no-clobber -- "$host_template" etc/icinga2/constants.d/$(basename -- "$host_template" ".template"); done
----

fish::
+
[,sh]
----
for host_template in etc/icinga2/constants.d/*.conf.template; cp --no-clobber -- "$host_template" etc/icinga2/constants.d/(basename -- "$host_template" ".template"); end
----

Nushell::
+
[,sh]
----
for host_template in (glob "etc/icinga2/constants.d/*.conf.template") { cp --no-clobber $host_template $"($host_template | path parse | reject extension | path join)" }
----

. Fill in any missing credentials in the files in the `constants.d` directory, such as SNMPv3 authentication and encryption keys.
+
[NOTE]
====
Be sure to escape characters in string constants.
Escape any `$` with an additional `$` character.
Escape other characters, such as the `"` character, with a backslash, `\`.
Refer to https://icinga.com/docs/icinga-2/2.10/doc/17-language-reference/#string-literals-escape-sequences[String Literals Escape Sequences] in the https://icinga.com/docs/icinga-2/2.10/doc/17-language-reference/[Language Reference] for which characters need to be escaped.
====

.. Generate the `IcingaDbWebApiPassword` constant with the following command.
+
[,sh]
----
echo "const IcingaDbWebApiPassword = \"$(openssl rand -base64 30)\"" > etc/icinga2/constants.d/icingadb-web-api-user-password.conf
----

.. Use the following command to create the `TicketSalt` variable.
+
[,sh]
----
echo "const TicketSalt = \"$(openssl rand -base64 30)\"" > etc/icinga2/constants.d/ticket-salt.conf
----

.. Create an `icinga` bucket in InfluxDB with an expiration policy.

.. Generate an API key with _Write_ access to the `icinga` bucket.

.. Add the InfluxDB API token to `etc/icinga2/constants.d/influxdb-auth-token.conf`.

. Make sure that the sensitive files are not world readable.
+
[,sh]
----
chmod 0660 etc/icinga2/constants.d/{*-credentials.conf,*-password.conf,ticket-salt.conf}
----

. Determine the UID mappings inside the rootless user's namespace.
+
[,sh]
----
podman unshare cat /proc/self/uid_map
0 818 1
1 655360 65536
----

. Do the math to determine the UID outside of the container that is used for user inside the container.
In this case, the container defaults to UID 5665 inside the container.
From the output of the previous command, we can see that UID 1 maps to UID 655360.
The following expression yields the UID outside of the container.
+
[,sh]
----
math 655360 + 5665 - 1
661024
----

. Make sure that sensitive files are owned by the subuid that will map to the `icinga` user in the container.
+
[,sh]
----
sudo chown 661024 etc/icinga2/constants.d/{*-auth-token.conf,*-credentials.conf,*-password.conf,ticket-salt.conf}
----

. Then mount the provided `etc/` directory inside the Icinga2 server container at `/data/etc`.

=== Features

To enable a feature, create a relative symlink in the `features-enabled` subdirectory that points to the feature configuration file in the `features-available` subdirectory.
The following command demonstrates this by enabling the `icingadb` feature.

[,sh]
----
ln --relative --symbolic etc/icinga2/features-available/icingadb.conf etc/icinga2/features-enabled/icingadb.conf
----

== Validate

Use the following Podman command to validate the Icinga configuration.

[,sh]
----
podman run \
--env ICINGA_MASTER=1 \
--hostname icinga.jwillikers.io \
--interactive \
--rm \
--tty \
--volume icinga-data:/data:Z \
--volume ~/Projects/icinga-config/etc/icinga2:/data/etc/icinga2:ro,Z \
docker.io/icinga/icinga2:latest \
icinga2 daemon --validate
----

== Tips & Tricks

List Available Network Interfaces::
+
[,sh]
----
podman run \
--interactive \
--entrypoint [] \
--rm \
--tty \
quay.io/jwillikers/icinga-manubulon:latest \
/usr/lib/nagios/plugins/check_interfaces -j MD5 --user 'username' -J 'authPassphrase' -h 10.1.0.5
----

Convert MIB to OID::
+
[,sh]
----
snmptranslate -On NET-SNMP-EXTEND-MIB::nsExtendOutput1Line.\"getenforce\"
.1.3.6.1.4.1.8072.1.3.2.3.1.1.10.103.101.116.101.110.102.111.114.99.101
----

== References

* https://icinga.com/docs/icinga-2/latest/doc/04-configuration/[Icinga 2 Documentation: Configuration]
* https://github.com/Icinga/docker-icinga2[Icinga 2 - Docker image]
* https://github.com/Icinga/docker-icingaweb2[Icinga Web 2 - Docker image]
* https://icinga.com/docs/icinga-db-web/latest/doc/03-Configuration/[Icinga DB Web: Configuration]

== Code of Conduct

Please refer to the project's link:CODE_OF_CONDUCT.adoc[Code of Conduct].

== License

This repository is licensed under the https://www.gnu.org/licenses/gpl-3.0.html[GPLv3].
Please refer to the bundled link:LICENSE.adoc[license].

== Copyright

== Authors

mailto:{email}[{author}]