Azure Icinga 2.8 Administrators Guide

Download PDF here.

Abstract

Version 2.3

January 9, 2018

Introduction

This guide depicts the configuration of Centos 7.4 and Icinga 2.8 installed on the image available through the Azure Marketplace. All changes described were made to establish functioning and effective monitoring services. The following sections will describe in detail all the changes. Reference instructions associated with making changes to the default configuration will provided within each individual sub category.

Operating System Defaults

This distribution of Icinga 2.8 has been deployed on Centos 7.4 with a baseline package installation for an infrastructure server. The following sections outline the baseline operating system configurations included with this distribution.

Users / Passwords

The user account is not defaulted, rather it needs to be set during VM/Instance creation.

The root account is currently disabled and cannot be accessed via SSH. To enable the account, refer to the usage of the passwd command.

SSH Configuration

To SSH into the instance, the user will be prompted to use either an SSH password or an SSH key. By default, there are no constraints to SSH into the instance. Changes or creation of new Azure security groups can be done to add user desired rules. For more information. please refer to the following document:

Azure: Network Security Groups

For more information on how to make SSH access changes, see the following:

Linux: sshd_config(5) – Linux man page

Filesystem Configuration

The system was built on the DOS file partitioning format with no boot partition.

SELinux Policy

SELinux is enabled by default. The following table depicts the list of policies which have been enabled/disabled. To check the status of your system, please refer to the usage of the sestatus -b command.

SELinux Policy Status

For information on how to make SELinux policy changes, please refer to the following:

Icinga: SELinux

Enabled Services

The following depicts the list of services which have been enabled. To check the status of your system, refer to the usage of the systemctl list-unit-files --type=service command.

Enabled Services Status

For information on how to make changes to services, please refer to the following:

Red Hat: RHEL 7: Managing Services with SystemD

Firewall Configuration

Azure manages network access through the usage of security groups. As such, the firewalld service is disabled by default. For more information on how to define an Azure security group for managing access, see the following:

Azure: Define Security Group

Icinga2 & Icinga2 Web Defaults

The following sections outline the baseline system configurations included with this distribution of Icinga2 and Icinga2 Web.

Admin Username / Password

The default administrative user included with this distribution for Icingaweb2 is labeled icingaadmin. The password is randomly generated and is printed in /etc/icinga2/cloud/system_passwords.

For more information on how and where to edit this user, see the following:

Icinga Documentation

Database Username / Password

The users defined in the mysql database, icinga, icingaweb2, director, and root, have a randomly generated password. For reference, all passwords can be found in /etc/icinga2/cloud/system_passwords. See the following for instructions on changing mysql user passwords.

How to reset the root password

API Password

The Icinga API as well as the Director API password is set automatically to a secure value. For reference, these passwords can also be found in /etc/icinga2/cloud/system_passwords. API user authentication is stored under the /etc/icinga2/conf.d directory.

Notifications

The current notifications configuration is fully functional with only one required step. In the /etc/icinga2/conf.d/users.conf file, add the desired user and group using the following format.

object User "icingaadmin" {
  import "generic-user"

  display_name = "Icinga 2 Admin"
  groups = [ "icingaadmins" ]

  email = "icinga@localhost"
}

object UserGroup "icingaadmins" {
  display_name = "Icinga 2 Admin Group"
}

Features Enabled/Disabled

Features either write specific data or receive data and can be enabled using CLI commands. Reference the following for the status of each feature on your Icinga2 master.

Disabled features: compatlog debuglog elasticsearch gelf graphite influxdb livestatus opentsdb perfdata statusdata syslog
Enabled features: api checker command ido-mysql mainlog notification

Icinga Director

Icinga Director is designed to make Icinga 2 configuration handling easy. Included in your Icinga 2 image are pre-configured Host Templates allowing users to quickly add new clients with preset checks. The director database username is director and the randomly generated password can be found in /etc/icinga2/cloud/system_passwords.

Please refer to the following for additional instructions and information on Director: Github: Icingaweb2 module director