Monitoring

From k-space wiki
Jump to: navigation, search

Using Icinga monitor following services, send alerts to Lauri via e-mail

  • dc1.k-space.lan (172.20.1.2) ports 389, 88, 53
  • mail.k-space.lan (172.20.1.7)
  • ca.k-space.lan (172.20.1.5) port 80, 8443, 443
  • muesli.k-space.lan (172.20.1.3) port 3306
  • git.k-space.lan (172.20.1.11) port 80, 443
  • k-space.ee port 80, 443
  • armbian.com port 80, 443
  • pingviin.org port 80, 443

Additionally:

  • Using SNMP query switches, generate alert if a link is congested for 2min+
  • Using SNMP query UPS-es at 172.20.9.11 - 14 for battery voltage and time remaining
  • If possible in addtion to sending e-mails, post alerts also to Slack channel. Probably basic CURL script will suffice.

Explore the possibility to configure certificate monitoring? Notify user when server cert is about to expire?

Responsible: Sasan and Tedel

Deliverables: Working instance of Icinga; configuration files hosted in a Git repo at https://git.k-space.ee/ and README file containing instructions how to set up config in another machine



ICINGA 2 CONFIGURATION: ADD HOSTS

TO ADD NEW HOSTS FOR MONITORING DO THE FOLLOWING:

1. WITH YOUR FAVORITE TEXT EDITOR OPEN /etc/icinga2/icinga2.conf. THIS IS THE MAIN CONFIGURATION FILE FOR ICINGA

2. AT THE END YOU SHOULD SEE ALREADY SOME OF THE SITES BEING MONITORED. GO TO THE END OF THE FILE AND ADD THE FOLLOWING LINES:

 object Host "FQDN" {
           
           vars.dns_checks["dns FQDN"] = {
               dns_lookup = "FQDN"
               dns_server = "router.k-space.lan"
           }
           address = "FQDN"
           check_command = "hostalive"
           enable_notifications = true
           vars.notification["mail"] = {
              users = ["icingaadmin"]
              groups = ["icingaadmins"]
           }
           vars.notification_interval = 1h
}
object Service "ping4" {
   host_name = "hostname"
   check_command = "ping4"
}

3.AFTER YOU DID THAT YOU ARE ALREADY CHECKING FOR "HOSTALIVE" SIGNALS FROM THE HOST. NOW DEPENDING ON WHAT SERVICE YOU WANT TO MONITOR YOU HAVE TO ADD ALSO OTHER SERVICES. PLEASE REFER TO THE FOLLOWING LINK TO SEE THE SPECIFIC CONFIGURATION FOR THE SPECIFIC SERVICES YOU WANT TO MONITOhttps://www.icinga.com/docs/icinga2/latest/doc/10-icinga-template-library/

HERE IS AN EXAMPLE TO MONITOR HTTP FOR THE BEFOREMENTIONED HOST:

 object Service "http" {
   host_name = "FQDN"
   check_command = "http"
   http_address = "URL TO BE MONITORED"
 }


ICINGA 2 CONFIGURATION: ADD USERS

TO ADD NEW USERS TO ACCESS ICINGA2 DO THE FOLLOWING:

1. WITH YOUR FAVORITE TEXT EDITOR OPEN /etc/icinga2/conf.d/users.conf. THIS IS THE USER CONFIGURATION FILE FOR ICINGA

2. IN THIS CONFIGURATION FILE ADD YOUR USERNAME USING THE FOLLOWING SYNTAX:

object User "yourusername" {
   import "generic-user"
   display_name = "Icinga 2 Admin"
   groups = [ "icingaadmins" ]
   email = "youremailaddress"
}
object UserGroup "icingaadmins" {
   display_name = "Icinga 2 Admin Group"
}


Create Basic Auth User ¶ You can use the tool htpasswd to generate basic authentication credentials. This example writes the user credentials into the .http-users file.

The following command creates a new file which adds the user icingaadmin. htpasswd will prompt you for a password. If you want to add more users to the file you have to omit the -c switch to not overwrite the file.


sudo htpasswd -c /etc/icingaweb2/.http-users icingaadmin


https://www.icinga.com/docs/icingaweb2/latest/doc/05-Authentication/#example-configuration-for-apache-and-basic-authentication

https://www.icinga.com/docs/icinga2/latest/doc/04-configuring-icinga-2/#usersconf