使用Icinga2监控Linux和Windows服务器

Icinga2可以通过Agent来监控其它设备，这些设备包含各种操作系统的服务器以及网络设备。一些简单的网络指标监控是不需要创建Agent的，例如ping和ssh；但是某些无法通过网络获取的指标则需要在被监测服务器创建一个监控代理来将指标返回给监控服务器。本文将介绍如何在Linux和Windows服务器上安装和配置Agent来实现多机器的监控。

配置监控服务器

在配置远程监控代理之前，你首先需要设置一下主节点；这个设置过程主要是完成了一下几个步骤：

• 为主节点生成SSL加密的CA证书；
• 启用 API 功能，在配置文件增加本地 Endpoint 和 Zone 的配置；
• 设置防火墙允许通信端口（默认为 5665）。

你可以使用命令行界面来设置一个主节点，它需要以root权限来执行，如果你是使用该命令来设置主节点，注意第一个选项需要选择NO（n）。

# icinga2 node wizard
Welcome to the Icinga 2 Setup Wizard!

We'll guide you through all required configuration details.

Please specify if this is a satellite setup ('n' installs a master setup) [Y/n]: n
Starting the Master setup routine...
Please specifiy the common name (CN) [icinga2-node1.localdomain]: 
Checking the 'api' feature...
'api' feature not enabled, running 'api setup' now.
information/cli: Generating new CA.

information/base: Writing private key to '/var/lib/icinga2/ca/ca.key'.
information/base: Writing X509 certificate to '/var/lib/icinga2/ca/ca.crt'.
information/cli: Initializing serial file in '/var/lib/icinga2/ca/serial.txt'.
information/cli: Generating new CSR in '/etc/icinga2/pki/icinga2-node1.localdomain.csr'.

information/base: Writing private key to '/etc/icinga2/pki/icinga2-node1.localdomain.key'.
information/base: Writing certificate signing request to '/etc/icinga2/pki/icinga2-node1.localdomain.csr'.
information/cli: Signing CSR with CA and writing certificate to '/etc/icinga2/pki/icinga2-node1.localdomain.crt'.

information/cli: Copying CA certificate to '/etc/icinga2/pki/ca.crt'.

information/cli: Adding new ApiUser 'root' in '/etc/icinga2/conf.d/api-users.conf'.

information/cli: Enabling the ApiListener feature.

Enabling feature api. Make sure to restart Icinga 2 for these changes to take effect.
information/cli: Dumping config items to file '/etc/icinga2/zones.conf'.
Please specify the API bind host/port (optional):
Bind Host []: 
Bind Port []: 
information/cli: Updating constants.conf.
information/cli: Updating constants file '/etc/icinga2/constants.conf'.
information/cli: Updating constants file '/etc/icinga2/constants.conf'.
Done.

Now restart your Icinga 2 daemon to finish the installation!

验证配置文件，检查该步骤是否成功：

# egrep 'NodeName|TicketSalt' /etc/icinga2/constants.conf
# cat /etc/icinga2/zones.conf
/*
 * Generated by Icinga 2 node setup commands
 * on 2015-02-09 15:21:49 +0100
 */
object Endpoint "icinga2-node1.localdomain" {
}

object Zone "master" {
    //this is the local node master named  = "master"
    endpoints = [ "icinga2-node1.localdomain" ]
}

验证完成后重启 Icinga2。

在主节点使用命令行生成 ticket，其中 icinga2-node2.localdomain 为远程节点的 CN：

# icinga2 pki ticket --cn icinga2-node2.localdomain

监控Linux服务器

Linux的远程节点安装与主节点相同，安装完Icinga2后，使用 icinga2 node wizard 配置远程节点，此处在第一次选择时直接使用回车选择默认选项：

# icinga2 node wizard
Welcome to the Icinga 2 Setup Wizard!
We'll guide you through all required configuration details.

Please specify if this is a satellite setup ('n' installs a master setup) [Y/n]:
Starting the Node setup routine...
Please specifiy the common name (CN) [icinga2-node2.localdomain]:
Please specifiy the local zone name [icinga2-node2.localdomain]:
Please specify the master endpoint(s) this node should connect to:
Master Common Name (CN from your master setup): icinga2-node1.localdomain
Please fill out the master connection information:
Master endpoint host (optional, your master's IP address or FQDN): 192.168.56.101
Master endpoint port (optional) []:
Add more master endpoints? [y/N]
Please specify the master connection for CSR auto-signing (defaults to master endpoint host):
Host [192.168.56.101]:
Port [5665]:
information/base: Writing private key to '/etc/icinga2/pki/icinga2-node2.localdomain.key'.
information/base: Writing X509 certificate to '/etc/icinga2/pki/icinga2-node2.localdomain.crt'.
information/cli: Generating self-signed certifiate:
information/cli: Fetching public certificate from master (192.168.56.101, 5665):

information/cli: Writing trusted certificate to file '/etc/icinga2/pki/trusted-master.crt'.
information/cli: Stored trusted master certificate in '/etc/icinga2/pki/trusted-master.crt'.

Please specify the request ticket generated on your Icinga 2 master.
 (Hint: # icinga2 pki ticket --cn 'icinga2-node2.localdomain'): ead2d570e18c78abf285d6b85524970a0f69c22d
information/cli: Processing self-signed certificate request. Ticket 'ead2d570e18c78abf285d6b85524970a0f69c22d'.

information/cli: Writing signed certificate to file '/etc/icinga2/pki/icinga2-node2.localdomain.crt'.
information/cli: Writing CA certificate to file '/etc/icinga2/pki/ca.crt'.
Please specify the API bind host/port (optional):
Bind Host []:
Bind Port []:
information/cli: Disabling the Notification feature.
Disabling feature notification. Make sure to restart Icinga 2 for these changes to take effect.
information/cli: Enabling the Apilistener feature.
Enabling feature api. Make sure to restart Icinga 2 for these changes to take effect.
information/cli: Created backup file '/etc/icinga2/features-available/api.conf.orig'.
information/cli: Generating local zones.conf.
information/cli: Dumping config items to file '/etc/icinga2/zones.conf'.
information/cli: Created backup file '/etc/icinga2/zones.conf.orig'.
information/cli: Updating constants.conf.
information/cli: Created backup file '/etc/icinga2/constants.conf.orig'.
information/cli: Updating constants file '/etc/icinga2/constants.conf'.
information/cli: Updating constants file '/etc/icinga2/constants.conf'.
Done.

Now restart your Icinga 2 daemon to finish the installation!

安装设置过程完成了以下过程：

• 生成一个新的自签名证书并拷贝到 /etc/icinga2/pki；
• 保存主节点证书到信任证书；
• 生成一个客户端节点的本地空间和终结点配置；
• 禁用客户端通知功能；
• 启用API功能，设置 bind_host 和 bind_port；
• 在 constants.conf 文件设置 NodeName 常量。

验证配置文件并重启 Icinga2：

# grep 'NodeName' /etc/icinga2/constants.conf

# cat /etc/icinga2/zones.conf
/*
 * Generated by Icinga 2 node setup commands
 * on 2015-02-09 16:56:10 +0100
 */

object Endpoint "icinga2-node1.localdomain" {
    host = "192.168.56.101"
}

object Zone "master" {
    endpoints = [ "icinga2-node1.localdomain" ]
}

object Endpoint "icinga2-node2.localdomain" {
}

object Zone "icinga2-node2.localdomain" {
    //this is the local node = "icinga2-node2.localdomain"
    endpoints = [ "icinga2-node2.localdomain" ]
    parent = "master"
}

监控Windows服务器

下载 Icinga2 的安装包，网址：http://packages.icinga.org/windows/ 。

系统环境需求：

Windows Vista/Server 2008 或者更高；
Microsoft .NET Framework 2.0。

通过图形界面配置主节点的IP与端口，配置完成后会创建一个服务，使用以下命令进行配置文件验证：

C:> icinga2.exe daemon -C

配置完成远程节点后，你可以在主节点使用以下命令发现节点：

# icinga2 node list
Node 'icinga2-node2.localdomain' (last seen: Mon Feb  9 16:58:21 2015)
    * Host 'icinga2-node2.localdomain'
        * Service 'ping4'
        * Service 'ping6'
        * Service 'ssh'
        * Service 'http'
        * Service 'disk'
        * Service 'disk /'
        * Service 'icinga'
        * Service 'load'
        * Service 'procs'
        * Service 'swap'
        * Service 'users'

如果未发现你配置的节点，请确保远程节点重启过。

本文来自 The NewIdea，作者 Carey Tzou 。
永久地址：https://www.tnidea.com/icinga2-monitor-other-machine.html
未经授权，拒绝任何全文及摘要转载！