NB: This was for Icinga 1.x, although most should apply to Icinga 2. See also: Experimenting with Icinga 2: a quick way to test an upgrade.
icinga-web command pipe
In Debian, I had to make sure that:
- The pipe in /var/lib/icinga/rw/ was owned by nagios.nagios, so I added www-data to the nagios group.
- The directory was set as nagios.www-data, but the group didn't have "execute" permissions on the directory.
- set "temp_file=/var/cache/icinga/icinga.tmp" (and created the directory, owned by nagios.nagios), because my /tmp is mounted with noexec, and icinga 1.10 seems to do weird hacks by storing a temporary .so in the temporary directory...
icinga & nsca-ng
See: https://wiki.icinga.org/display/howtos/NSCA-ng and: https://wiki.icinga.org/display/howtos/Setting+up+NSCA+with+Icinga
In Debian: configurations in /etc/icinga/icinga.cfg
- check_external_commands=1 => was on by default
- command_check_interval=-1 => was set to -1 by default, meaning "as often as possible"
- log_passive_checks=1 => was on by default, Icinga recommends this while testing only.
Packages to install: apt-get install nsca-ng-server nsca-ng-client
Configure nsca-ng-server: /etc/nsca-ng/nsca-ng.local.cfg
command_file= "/var/lib/icinga/rw/icinga.cmd"
listen = "*:5668"
tls_ciphers = "PSK-AES256-CBC-SHA"
authorize "*" {
password = "change-me"
services = ".+"
hosts = ".+"
}
Enable nsca-ng-server:
# vi /etc/default/nsca-ng-server => set variable to "yes"
# /etc/init.d/nscang-server start
Configure the client. On Debian wheezy, use the debmon packages:
deb http://debmon.org/debmon debmon-wheezy main
Then install:
# wget -O - http://debmon.org/debmon/repo.key | apt-key add -
# apt-get update
# apt-get install nsca-ng-client
# vim /etc/send_nsca.cfg
Config:
password = "change-me"
server = "mynagiosserver.example.org"
tls_ciphers = "PSK-AES256-CBC-SHA"
delay = 2
timeout = 5
Test:
/bin/echo -e "localhost\tdummy\t0\ttestesttest.\n" | /usr/sbin/send_nsca
IPv6 NOTE: as of 2013-09-25, nsca-ng-client does NOT support IPv6: https://github.com/weiss/nsca-ng/blob/master/TODO .. so make sure your client binds an IPv4 interface.
Passive icinga/nagios check
In /etc/icinga/objects/services_icinga.cfg
define command{ command_name check_dummy command_line $USER1$/check_dummy $ARG1$ $ARG2$ } define service{ use generic-service ; template to inherit from name passive-service ; name of this template active_checks_enabled 0 ; no active checks passive_checks_enabled 1 ; allow passive checks check_command check_dummy!0 ; use "check_dummy", RC=0 (OK) check_period 24x7 ; check active all the time check_freshness 1 ; check if check result is "stale" freshness_threshold 93600 ; 26 hours (the backup needs time to complete) notification_interval 14400 ; 4 hours register 0 ; this is a template, not a real service } define command { command_name no-backup-report command_line /usr/lib/nagios/plugins/check_dummy 2 "CRITICAL: Results of backup job were not reported" }
For each host:
define service { use passive-service host_name example.org service_description BACKUPS check_command no-backup-report }