Monitoring Remote Linux Host Pada Icinga2 - Icinga2 Agent


Monitoring Remote Linux Host Pada Icinga2 - Pada artikel sebelumnya dimasrio.com sudah menjelaskan bagimana cara melakukan monitoring service dns di icinga2. Kali ini saya akan menjelaskan bagaimana cara melakukan remote host linux server pada icinga2. Icinga2 akan berkomunikasi secara client server menggunakan port 5665/tcp dengan TLS sertifikat sehingga sangat aman untuk pertukaran data. Icinga2 client akan melakukan sinkronisasi pada server dan mendefinisikan object seperti ‘ping4’, ‘ssh’, ‘http’, ‘disk’, ‘disk /’, ‘icinga’, ‘load’, ‘procs’, ‘swap’ & ‘users’.

Baca Juga :
Install Icinga2 Core di Centos 7

Server : Setup Icinga2 Master untuk Remote Client 

Pada percobaan ini saya masih menggunakan OS Centos 7. Saya anggap anda sudah menginstall icinga2 core dan icinga web 2 pada system linux anda.
Langkah pertama jalankan icinga2 wizard pada server anda.
[root@dmz1 ~]# icinga2 node wizard
Output :
Welcome to the Icinga 2 Setup Wizard!

We'll guide you through all required configuration details.

Please specify if this is a satellite setup ('n' installs a master setup) [Y/n]: n
Starting the Master setup routine...
Please specifiy the common name (CN) [dmz1.cyberlink.co.id]: Press Enter
Checking for existing certificates for common name 'dmz1.cyberlink.co.id'...
Certificates not yet generated. Running 'api setup' now.
information/cli: Generating new CA.
information/base: Writing private key to '/var/lib/icinga2/ca/ca.key'.
information/base: Writing X509 certificate to '/var/lib/icinga2/ca/ca.crt'.
information/cli: Generating new CSR in '/etc/icinga2/pki/dmz1.cyberlink.co.id.csr'.
information/base: Writing private key to '/etc/icinga2/pki/dmz1.cyberlink.co.id.key'.
information/base: Writing certificate signing request to '/etc/icinga2/pki/dmz1.cyberlink.co.id.csr'.
information/cli: Signing CSR with CA and writing certificate to '/etc/icinga2/pki/dmz1.cyberlink.co.id.crt'. information/cli: Copying CA certificate to '/etc/icinga2/pki/ca.crt'.
Generating master configuration for Icinga 2.
information/cli: Adding new ApiUser 'root' in '/etc/icinga2/conf.d/api-users.conf'.
information/cli: Enabling the 'api' feature.
Enabling feature api. Make sure to restart Icinga 2 for these changes to take effect.
information/cli: Dumping config items to file '/etc/icinga2/zones.conf'.
information/cli: Created backup file '/etc/icinga2/zones.conf.orig'.
Please specify the API bind host/port (optional):Press Enter
Bind Host []: Press Enter
Bind Port []: Press Enter
information/cli: Created backup file '/etc/icinga2/features-available/api.conf.orig'.
information/cli: Updating constants.conf.
information/cli: Created backup file '/etc/icinga2/constants.conf.orig'.
information/cli: Updating constants file '/etc/icinga2/constants.conf'.
information/cli: Updating constants file '/etc/icinga2/constants.conf'.
information/cli: Updating constants file '/etc/icinga2/constants.conf'.
Done.
Dari wizard diatas akan melakukan beberapa konfigurasi, diantaranya :
  • Membuat generate CSR dan CA sertifikat pada direktori /etc/icinga2/pki.
  • Mengaktifkan feature API pada icinga2.
  • Generate local zone dan end point konfigurasi pada master sesuai dengan FQDN.
  • Membuat konfigurasi NodeName dan TicketSalt pada file constants.conf 

Pastikan pada setup wizard tidak ada error maka file constrants.conf akan tampak seperti dibawah ini.
[root@dmz1 ~]# egrep 'NodeName|TicketSalt' /etc/icinga2/constants.conf
Output :
const NodeName = "dmz1.cyberlink.co.id"
const TicketSalt = "294fcf6a6a2468a40425e84b5069487d"
Selanjutnya restart icinga2 service dan tambahkan firewall untuk port icinga.
[root@dmz1 ~]# systemctl restart icinga2
Firewall untuk accept port icinga2.
[root@dmz1 ~]# firewall-cmd --zone=public --add-port=5665/tcp --permanent
[root@dmz1 ~]# firewall-cmd --zone=public --add-port=5665/udp --permanent
[root@dmz1 ~]# firewall-cmd --reload

Selanjutnya tambahkan perintah di bawah ini pada akhir file /etc/hosts.
10.10.7.3    dmz1.cyberlink.co.id    dmz1
10.10.7.4    dmz2.cyberlink.co.id    dmz2

Selanjutnya generate ticket untuk host dmz2.cyberlink.co.id
[root@dmz1 ~]# icinga2 pki ticket --cn 'dmz2.cyberlink.co.id'
2fdfec3b98221622841cc437ee74b09a1f44bd04
Ticket diatas nantinya akan digunakan pada saat setup wizard di host client.

Sampai disini konfigurasi di sisi server sudah selesai.

Client : Setup Remote Host Client pada Icinga2

Pada host client install package icinga2.
[root@dmz2 ~]# yum install icinga2 nagios-plugins-all
Selanjutnya jalankan icinga2 wizard.
[root@dmz2 ~]# icinga2 node wizard
Output :
Welcome to the Icinga 2 Setup Wizard!

We'll guide you through all required configuration details.

Please specify if this is a satellite setup ('n' installs a master setup) [Y/n]:Enter
Starting the Node setup routine...
Please specifiy the common name (CN) [dmz2.cyberlink.co.id]: Enter
Please specifiy the local zone name [dmz2.cyberlink.co.id]: Enter
Please specify the master endpoint(s) this node should connect to:Enter
Master Common Name (CN from your master setup): dmz1.cyberlink.co.id
Do you want to establish a connection to the master from this node? [Y/n]: y
Please fill out the master connection information:Enter
Master endpoint host (Your master's IP address or FQDN): 10.10.7.3
Master endpoint port [5665]: Enter
Add more master endpoints? [y/N]: Enter
Please specify the master connection for CSR auto-signing (defaults to master endpoint host):Enter Host [10.10.7.3]: Enter
Port [5665]: Enter
information/base: Writing private key to '/etc/icinga2/pki/dmz2.cyberlink.co.id.key'.
information/base: Writing X509 certificate to '/etc/icinga2/pki/dmz2.cyberlink.co.id.crt'.
information/cli: Generating self-signed certifiate:
information/cli: Fetching public certificate from master (10.10.7.3, 5665):

information/cli: Writing trusted certificate to file '/etc/icinga2/pki/trusted-master.crt'.
information/cli: Stored trusted master certificate in '/etc/icinga2/pki/trusted-master.crt'.

Please specify the request ticket generated on your Icinga 2 master.
(Hint: # icinga2 pki ticket --cn 'dmz2.cyberlink.co.id'): 2fdfec3b98221622841cc437ee74b09a1f44bd04
information/cli: Processing self-signed certificate request. Ticket '2fdfec3b98221622841cc437ee74b09a1f44bd04'.

information/cli: Created backup file '/etc/icinga2/pki/dmz2.cyberlink.co.id.crt.orig'.
information/cli: Writing signed certificate to file '/etc/icinga2/pki/dmz2.cyberlink.co.id.crt'.
information/cli: Writing CA certificate to file '/etc/icinga2/pki/ca.crt'.
Please specify the API bind host/port (optional):Enter
Bind Host []: Enter
Bind Port []: Enter
Accept config from master? [y/N]: y
Accept commands from master? [y/N]: y
information/cli: Disabling the Notification feature.
Disabling feature notification. Make sure to restart Icinga 2 for these changes to take effect.
information/cli: Enabling the Apilistener feature.
Enabling feature api. Make sure to restart Icinga 2 for these changes to take effect.
information/cli: Created backup file '/etc/icinga2/features-available/api.conf.orig'.
information/cli: Generating local zones.conf.
information/cli: Dumping config items to file '/etc/icinga2/zones.conf'.
information/cli: Created backup file '/etc/icinga2/zones.conf.orig'.
information/cli: Updating constants.conf.
information/cli: Created backup file '/etc/icinga2/constants.conf.orig'.
information/cli: Updating constants file '/etc/icinga2/constants.conf'.
information/cli: Updating constants file '/etc/icinga2/constants.conf'.
Done.
Setelah wizard selesai dan tidak error maka pada file constants.conf akan seperti dibawah ini.
[root@dmz2 ~]# egrep 'NodeName|ZoneName' /etc/icinga2/constants.conf
const NodeName = "dmz2.cyberlink.co.id"
const ZoneName = "dmz2.cyberlink.co.id"
Lalu pada file zone.conf akan tampak seperti dibawah ini.


Selanjutnya tambahkan perintah dibawah ini pada file /etc/hosts.
10.10.7.4    dmz2.cyberlink.co.id    dmz2
10.10.7.3    dmz1.cyberlink.co.id    dmz1
Tambahkan firewall untuk mengizinkan port icinga2.
[root@dmz2 ~]# firewall-cmd --zone=public --add-port=5665/tcp --permanent
[root@dmz2 ~]# firewall-cmd --zone=public --add-port=5665/udp --permanent
[root@dmz2 ~]# firewall-cmd --reload
Untuk mereload konfigurasi, restart service icinga2.
[root@dmz2 ~]# icinga2 node wizard
Sampai disini konfigurasi pada client sudah selesai.

Kembali pada host server, jalankan perintah berikut untuk melihat host yang sudah ada pada list.
[root@dmz1 ~]# icinga2 node list
Output :


Sekarang jalankan perintah dibawah ini untuk melakukan sinkronisasi konfigurasi dari server ke client.
[root@dmz1 ~]# icinga2 node update-config
Output :


Nantinya setiap ada penambahan host, konfigurasi akan di simpan pada direktori /etc/icinga2/repository.d/.

Selanjutnya reload service icinga2.
[root@dmz1 /]# systemctl reload icinga2
Sampai disini semua konfigurasi sudah selesai. Sekarang coba akses icinga web 2, maka akan tampak seperti dibawah ini client dmz2.cyberlink.co.id sudah termonitor.


Demikian tutorial icinga2 kali ini mengenai monitoring remote linux host pada icinga2. Semoga bermanfaat bagi kita semua dan selamat mencoba.!!!


EmoticonEmoticon