Icinga 2 ist ein leistungsstarkes Open-Source-Monitoring-System. Es überwacht Hosts, Services und Netzwerkressourcen und benachrichtigt bei Problemen.

Architektur

Komponenten

Icinga 2 Core     - Monitoring-Engine
Icinga Web 2      - Web-Interface
IDO (DB)          - Datenbankschnittstelle
Icinga Director   - Konfiguration via Web
API               - REST-API

Datenfluss

Checks → Icinga 2 Core → IDO → Datenbank → Icinga Web 2
                      ↓
              Notifications

Installation (Debian/Ubuntu)

Repository einrichten

# GPG-Key hinzufügen
curl -fsSL https://packages.icinga.com/icinga.key | gpg --dearmor -o /usr/share/keyrings/icinga.gpg

# Repository hinzufügen
. /etc/os-release
echo "deb [signed-by=/usr/share/keyrings/icinga.gpg] https://packages.icinga.com/ubuntu icinga-${VERSION_CODENAME} main" | tee /etc/apt/sources.list.d/icinga.list

apt update

Icinga 2 installieren

# Core installieren
apt install icinga2

# Plugins installieren
apt install monitoring-plugins

# Service aktivieren
systemctl enable --now icinga2

IDO-Modul (Datenbank)

# MySQL installieren
apt install mariadb-server
mysql_secure_installation

# IDO-MySQL installieren
apt install icinga2-ido-mysql

# Datenbank einrichten (Dialog folgen)
# oder manuell:
mysql -u root -p << EOF
CREATE DATABASE icinga2;
GRANT ALL ON icinga2.* TO 'icinga2'@'localhost' IDENTIFIED BY 'geheim';
FLUSH PRIVILEGES;
EOF

# Schema importieren
mysql -u root -p icinga2 < /usr/share/icinga2-ido-mysql/schema/mysql.sql

# IDO aktivieren
icinga2 feature enable ido-mysql
systemctl restart icinga2

Icinga Web 2

Installation

# Webserver und PHP
apt install apache2 php php-mysql php-gd php-intl php-curl

# Icinga Web 2
apt install icingaweb2 icingacli

# Web-Datenbank
mysql -u root -p << EOF
CREATE DATABASE icingaweb2;
GRANT ALL ON icingaweb2.* TO 'icingaweb2'@'localhost' IDENTIFIED BY 'geheim';
FLUSH PRIVILEGES;
EOF

Setup-Token

# Token generieren
icingacli setup token create
# Output: abc123...

# Token anzeigen
icingacli setup token show

Web-Setup

1. https://server/icingaweb2/setup öffnen
2. Token eingeben
3. Module auswählen
4. Datenbank konfigurieren
5. Admin-Benutzer anlegen
6. Icinga 2 API konfigurieren

API aktivieren

# API-Feature aktivieren
icinga2 feature enable api

# API-User erstellen
icinga2 api setup

# Credentials finden
cat /etc/icinga2/conf.d/api-users.conf

systemctl restart icinga2

Konfiguration verstehen

Verzeichnisstruktur

/etc/icinga2/
├── icinga2.conf           # Hauptkonfiguration
├── conf.d/                # Konfigurationsdateien
│   ├── hosts.conf         # Host-Definitionen
│   ├── services.conf      # Service-Definitionen
│   ├── commands.conf      # Check-Commands
│   ├── users.conf         # Kontakte
│   ├── notifications.conf # Benachrichtigungen
│   └── templates.conf     # Vorlagen
├── features-available/    # Verfügbare Features
├── features-enabled/      # Aktivierte Features
└── zones.d/               # Verteilte Überwachung

Objekttypen

| Objekt | Beschreibung | |--------|--------------| | Host | Überwachtes System | | Service | Überwachter Dienst | | CheckCommand | Prüfbefehl | | User | Empfänger | | Notification | Benachrichtigung | | TimePeriod | Zeitraum |

Hosts definieren

Einfacher Host

# /etc/icinga2/conf.d/hosts.conf

object Host "webserver" {
  import "generic-host"

  address = "192.168.1.10"

  vars.os = "Linux"
  vars.http_vhosts["http"] = {
    http_uri = "/"
  }
}

Host mit SSH-Check

object Host "dbserver" {
  import "generic-host"

  address = "192.168.1.20"
  check_command = "hostalive"

  vars.os = "Linux"
  vars.ssh_port = 22
}

Host-Gruppe

object HostGroup "linux-servers" {
  display_name = "Linux Server"

  assign where host.vars.os == "Linux"
}

Services definieren

Einfacher Service

# /etc/icinga2/conf.d/services.conf

object Service "ping4" {
  import "generic-service"

  host_name = "webserver"
  check_command = "ping4"
}

Service mit Parametern

object Service "disk" {
  import "generic-service"

  host_name = "webserver"
  check_command = "disk"

  vars.disk_wfree = "20%"
  vars.disk_cfree = "10%"
  vars.disk_partitions = "/"
}

Apply-Regeln (automatisch)

# Auf alle Linux-Hosts anwenden
apply Service "ssh" {
  import "generic-service"

  check_command = "ssh"

  assign where host.vars.os == "Linux"
}

# HTTP-Checks aus Host-Variablen
apply Service for (http_vhost => config in host.vars.http_vhosts) {
  import "generic-service"

  check_command = "http"

  vars += config
}

Check-Commands

Vorhandene Commands

# Alle verfügbaren Commands
icinga2 object list --type CheckCommand

# Command-Details
icinga2 object list --type CheckCommand --name ping4

Eigener Command

# /etc/icinga2/conf.d/commands.conf

object CheckCommand "check_myapp" {
  command = [ PluginDir + "/check_myapp.sh" ]

  arguments = {
    "-H" = "$myapp_host$"
    "-p" = "$myapp_port$"
    "-w" = "$myapp_warning$"
    "-c" = "$myapp_critical$"
  }

  vars.myapp_host = "$address$"
  vars.myapp_port = 8080
  vars.myapp_warning = 5
  vars.myapp_critical = 10
}

Plugin-Verzeichnis

# Standard-Plugins
ls /usr/lib/nagios/plugins/

# Eigene Plugins
mkdir /usr/lib/icinga2/plugins
chmod 755 /usr/lib/icinga2/plugins

Benachrichtigungen

Benutzer definieren

# /etc/icinga2/conf.d/users.conf

object User "admin" {
  import "generic-user"

  display_name = "Admin User"
  email = "admin@example.com"

  states = [ OK, Warning, Critical, Unknown ]
  types = [ Problem, Recovery ]
}

object UserGroup "admins" {
  display_name = "Admin Group"
}

Notification-Command

# /etc/icinga2/conf.d/commands.conf

object NotificationCommand "mail-host-notification" {
  command = [ SysconfDir + "/icinga2/scripts/mail-host-notification.sh" ]

  env = {
    NOTIFICATIONTYPE = "$notification.type$"
    HOSTNAME = "$host.name$"
    HOSTADDRESS = "$address$"
    HOSTSTATE = "$host.state$"
    HOSTOUTPUT = "$host.output$"
    USEREMAIL = "$user.email$"
  }
}

Notification-Regel

# /etc/icinga2/conf.d/notifications.conf

apply Notification "mail-admin" to Host {
  import "mail-host-notification"

  users = [ "admin" ]

  assign where host.vars.notification.mail
}

apply Notification "mail-admin" to Service {
  import "mail-service-notification"

  users = [ "admin" ]

  assign where service.vars.notification.mail
}

Mail-Skript

#!/bin/bash
# /etc/icinga2/scripts/mail-host-notification.sh

/usr/bin/printf "%b" "
***** Icinga 2 Host Notification *****

Type: $NOTIFICATIONTYPE
Host: $HOSTNAME
Address: $HOSTADDRESS
State: $HOSTSTATE

Output: $HOSTOUTPUT
" | mail -s "$NOTIFICATIONTYPE - $HOSTNAME is $HOSTSTATE" $USEREMAIL

Templates

Host-Template

# /etc/icinga2/conf.d/templates.conf

template Host "generic-host" {
  max_check_attempts = 3
  check_interval = 1m
  retry_interval = 30s

  check_command = "hostalive"
}

template Host "linux-host" {
  import "generic-host"

  vars.os = "Linux"
  vars.notification.mail = true
}

Service-Template

template Service "generic-service" {
  max_check_attempts = 5
  check_interval = 1m
  retry_interval = 30s
}

template Service "critical-service" {
  import "generic-service"

  check_interval = 30s
  retry_interval = 10s
}

Features

Verfügbare Features

# Alle Features auflisten
icinga2 feature list

# Feature aktivieren
icinga2 feature enable perfdata

# Feature deaktivieren
icinga2 feature disable debuglog

systemctl restart icinga2

Wichtige Features

| Feature | Beschreibung | |---------|--------------| | api | REST-API | | checker | Check-Ausführung | | command | Externe Commands | | debuglog | Debug-Logging | | graphite | Graphite-Export | | ido-mysql | MySQL-Backend | | notification | Benachrichtigungen | | perfdata | Performance-Daten |

API verwenden

API-Requests

# Host-Status abrufen
curl -k -s -u root:password \
  "https://localhost:5665/v1/objects/hosts/webserver"

# Alle Services
curl -k -s -u root:password \
  "https://localhost:5665/v1/objects/services"

# Downtime setzen
curl -k -s -u root:password \
  -H "Accept: application/json" \
  -X POST \
  "https://localhost:5665/v1/actions/schedule-downtime" \
  -d '{ "type": "Host", "filter": "host.name==\"webserver\"", "author": "admin", "comment": "Wartung", "start_time": 1234567890, "end_time": 1234571490 }'

API-User

# /etc/icinga2/conf.d/api-users.conf

object ApiUser "webadmin" {
  password = "geheim"
  permissions = [ "objects/query/*", "actions/*" ]
}

Icinga Director

Installation

# Via Icingaweb2 Module Manager oder:
apt install icingaweb2-module-director

# Datenbank erstellen
mysql -u root -p << EOF
CREATE DATABASE director;
GRANT ALL ON director.* TO 'director'@'localhost' IDENTIFIED BY 'geheim';
FLUSH PRIVILEGES;
EOF

# Modul aktivieren in Icinga Web 2
# Configuration → Modules → director → Enable

Kickstart-Wizard

1. Icinga Web 2 → Director
2. Kickstart Wizard starten
3. API-Endpoint konfigurieren
4. Import starten

Vorteile

- Web-basierte Konfiguration
- Vorlagen und Imports
- Änderungsverfolgung
- Deployment-Workflow

Verteilte Überwachung

Master-Satellite-Setup

# Auf Master:
icinga2 node wizard
# → Master-Modus wählen

# Auf Satellite:
icinga2 node wizard
# → Satellite-Modus wählen
# → Master-Adresse angeben

Zone-Konfiguration

# /etc/icinga2/zones.conf

object Endpoint "master" {
  host = "master.example.com"
}

object Zone "master" {
  endpoints = [ "master" ]
}

object Endpoint "satellite" {
  host = "satellite.example.com"
}

object Zone "satellite" {
  endpoints = [ "satellite" ]
  parent = "master"
}

Troubleshooting

Konfiguration prüfen

# Syntax prüfen
icinga2 daemon -C

# Objekte auflisten
icinga2 object list --type Host
icinga2 object list --type Service

Logs

# Main Log
journalctl -u icinga2 -f

# Debug Log aktivieren
icinga2 feature enable debuglog
systemctl restart icinga2
tail -f /var/log/icinga2/debug.log

Check manuell ausführen

# Plugin direkt testen
/usr/lib/nagios/plugins/check_ping -H 192.168.1.10 -w 100,20% -c 500,60%

# Mit Icinga-Variablen
icinga2 console
<1> => get_service("webserver", "ping4").last_check_result

Zusammenfassung

| Befehl | Funktion | |--------|----------| | icinga2 daemon -C | Config prüfen | | icinga2 feature list | Features anzeigen | | icinga2 feature enable X | Feature aktivieren | | icinga2 object list | Objekte auflisten | | icinga2 node wizard | Cluster-Setup |

| Datei | Beschreibung | |-------|--------------| | /etc/icinga2/icinga2.conf | Hauptkonfiguration | | /etc/icinga2/conf.d/ | Objekt-Definitionen | | /etc/icinga2/zones.d/ | Cluster-Konfiguration | | /var/log/icinga2/ | Logs |

| Port | Dienst | |------|--------| | 5665 | Icinga 2 API | | 80/443 | Icinga Web 2 |

Fazit

Icinga 2 ist eine mächtige Monitoring-Lösung für professionelle Umgebungen. Die Kombination aus flexibler Konfiguration und Web-Interface bietet das Beste aus beiden Welten. Der Icinga Director vereinfacht die Verwaltung erheblich. Für größere Umgebungen ermöglicht die verteilte Überwachung eine skalierbare Architektur.