Configure the icinga 2 server https://monitoring.fsfe.org
Go to file
Alvar Penning a9c6e408de
continuous-integration/drone/push Build is passing Details
Switch from IDO to Icinga DB
tl;dr: Icinga DB was installed, configured, got the old state migrated
and replaced IDO, Icinga Web 2 included.

As multiple steps were hard to include in the current Ansible setup,
they were done manually on the machine and documented below:

- Inspected old and new Ansible roles/collections - they differ too much
  and there were already lots of manual edits on the server outside of
  Ansible
- Semi-manually installed Icinga DB and Icinga DB Web
- Created database:
  > MariaDB [(none)]> CREATE DATABASE icingadb;
  > MariaDB [(none)]> CREATE USER 'icingadb'@'localhost' IDENTIFIED BY '__REDACTED__';
  > MariaDB [(none)]> GRANT ALL ON icingadb.* TO 'icingadb'@'localhost';
- Started Icinga DB Redis
- Configured /etc/icingad/config.yml, started Icinga DB
- Icinag 2 Config changes outside of Ansible:
  - `icinga2 api setup` as the API was never used before
  - /etc/icinga2/features-enabled/api.conf: bind_host to localhost
  - Enabled icingadb feature for Icinga 2
- Migrated IDO data to Icinga DB,
  https://icinga.com/docs/icinga-db/latest/doc/06-Migration/
- Added icingadb-web user to /etc/icinga2/conf.d/api-users.conf, not in
  Ansible's scope
- Configured icingadb-web and disabled legacy monitoring plugin
- Disabled Icinga 2 ido-mysql feature
- Added icingadb to /root/bin/backup.sh
- Configured icingadb Service Check
2024-03-24 00:48:54 +01:00
.reuse Initial commit 2020-03-13 22:32:55 +01:00
LICENSES REUSE compliance 2020-04-01 19:38:05 +02:00
conf.d Switch from IDO to Icinga DB 2024-03-24 00:48:54 +01:00
inventory@6bfc25cbdf bump inventory 2021-10-15 15:47:04 +02:00
scripts enable reply-to, and make hosts topics for mailing lists 2020-10-02 13:50:39 +02:00
templates virtual_host_ssl.j2: bump PHP-FPM version 2024-03-21 22:24:00 +01:00
user_plugins_server allow to specify host to inquire 2021-10-18 11:31:53 +02:00
.ansible-lint make reuse compliant 2020-12-08 13:12:32 +01:00
.drone.yml add docs-centralizer CI job 2023-01-13 15:01:11 +01:00
.gitignore ignore hosts.conf if present 2021-07-28 12:59:33 +02:00
.gitmodules Switch from IDO to Icinga DB 2024-03-24 00:48:54 +01:00
README.md Switch from IDO to Icinga DB 2024-03-24 00:48:54 +01:00
ansible.cfg make REUSE compliant 2021-04-26 13:33:21 +02:00
id_rsa.pub Initial commit 2020-03-13 22:32:55 +01:00
id_rsa.pub.license Initial commit 2020-03-13 22:32:55 +01:00
playbook.yml Switch from IDO to Icinga DB 2024-03-24 00:48:54 +01:00
requirements.yml Switch from IDO to Icinga DB 2024-03-24 00:48:54 +01:00

README.md

FSFE monitoring

in docs.fsfe.org REUSE status Build Status

The goal is to deploy incinga 2 and the large part of its server configuration.

What it does?

On the sever

  1. Install icinga.
  2. Deploy the configuration
  3. Deploy the web interface and the apache configuration

Note: As of now the ansible playbook does not handle the configuration of the web interface itself, it's not currently supported by the official ansible role. Furthermore, the official Ansible collection does lots of things and is a great starting point for a fully automated Icinga stack, but, however, is hard to use to replace a previously manually configured Icinga 2. Thus, it will be used for installation, but further work is semi-manually.

On the clients

Note: This playbook does not store the hosts configuration, and does not set up the monitored clients. For workflow reasons this happens via the baseline playbook.

  1. Deploy the SSH public key
  2. Create the icinga user

How to use it?

Note: Please make sure you have ssh access to the servers listed in the icinga2_clients section of the inventory.

Clone this repo:

git clone --recurse-submodules git@git.fsfe.org:fsfe-system-hackers/monitoring.git

Update the icinga.icinga Ansible collection from Ansible Galaxy:

ansible-galaxy install -r requirements.yml --force

Update the inventory submodule to reflect the newest changes to the list of our hosts and the groups that they are in:

git submodule update --remote inventory

The following commands are most used:

Configure only the server:

ansible-playbook playbook.yml -l "icinga2_server"

Only deploy a changed config to the server:

ansible-playbook playbook.yml -l "icinga2_server" -t conf

To update clients and the hosts.conf file, have a look at the baseline repository.

Note: You have to manually add sensitive files which are not in this repo but only on the host: /etc/icinga2/id_rsa and /etc/msmtprc!

The user facing doc is here. The official documentation is here.

How does it work?

The templates/ directory contains the apache virtual hosts configuration. The roles/ folder contains the upstream code for icinga2 installation. The conf.d/ folder contains the icinga2 configuration itself.

The address of the icinga2 server and the clients are configured in the inventory/inventory.txt file.