This repository contains a (quasi-)modular image of the Icinga2 monitor systems, orchestrated by docker-compose; to ensures portability through different versions of containers, it uses permanent volumes for storage of config files and data.
It is slightly based on the original Dockerfile by [https://github.com/jjethwa/icinga2] (Jordan Jethwa's icinga2 docker image), which is also available as a dockerhub-repository is located at https://hub.docker.com/r/jordan/icinga2/.
Features four containers:
Based on debian:jessie-slim (core, snmptrap) and debian:stretch-slim (web)
Key-Features:
Images are not (yet) available on docker hub, sorry!
However, just clone this repository, set variables in secrets.env and .env and build the image with:
docker-compose buildthen start the four containers:
docker-compose upet voilà, you are set! You will find:
The system is meant to be run in a master-satellite setup, as described here; set the ${TYPE} variable in secrets.env to your need. If you are not interested in master-satellite setup, just set the variable to 'master'.
To remove one container (but not conf and data stored, see below!) do:
docker-compose rm core|web|snmptrap|sql
or:
docker-compose rm
to remove all the containers.
Directives in docker-compose.yaml create a series of named volumes, which are referred as directories in ${FIRSTNAME}/ (see below for variable reference); this ensures the portability of configuration and data through different versions of containers.
In order to work in a full clean environment, just remove the ${FIRSTNAME}/ (or just parts of it) before running new containers.
| Host | Container:directory | Description & Usage |
|---|---|---|
| ./${FIRSTNAME}-container/etc/icinga2 | core:/etc/icinga2 | Icinga2 configuration dir |
| ./${FIRSTNAME}-container/lib/icinga2 | core:/var/lib/icinga2 | Library dir for icinga2. You find certificate files here. |
| ./${FIRSTNAME}-container/nagios-plugins | core:/usr/lib/nagios/plugins | Plugins dir for Icinga2 |
| ./${FIRSTNAME}-container/cache/icinga2 | core:/var/cache/icinga2 | Cache dir for Icinga2. Just for debug |
| ./${FIRSTNAME}-container/log/icinga2 | core:/var/log/icinga2 | Log dir for Icinga2 |
| ./${FIRSTNAME}-container/run/icinga2 | core:/var/run/icinga2 | Run dir for icinga2. Send external command on icinga2.cmd (used by web) |
| ./${FIRSTNAME}-container/spool/icinga2 | core:/var/spool/icinga2 | Spool dir for icinga2. Contains perf data used by pnp4nagios (used by web) |
| ./${FIRSTNAME}-container/lib/mysql | sql:/var/lib/mysql | Database files |
| ./${FIRSTNAME}-container/etc/icingaweb2 | web:/etc/icingaweb2 | Icingaweb2 configuration dir |
| ./${FIRSTNAME}-container/lib/php5/sessions | web:/var/lib/php5/sessions | php5 session files |
| ./${FIRSTNAME}-container/log/apache2 | web:/var/log/apache2 | Log dir for Apache2 |
| ./${FIRSTNAME}-container/certs | web:/etc/apache2/ssl:ro | Certs dir for Apache2 SSL (currently not implemented) |
| ./${FIRSTNAME}-container/perfdata | web:/var/lib/pnp4nagios/perfdata | Perfdata processed by pnp4nagios |
| ./${FIRSTNAME}-container/mibs | snmptrap:/mibs | Put new mibs and snmptt.conf here |
The following two files are used to store variables:
1.
- .env
- secrets.envThe .env file is read by the docker-compose and contains the two variables:
| Variable | Description & Usage |
|---|---|
| FIRSTNAME | name of your host |
| DOMAINNAME | name of your domain |
which, along with the $TYPE and core|snmptrap|sql|web variables, builds up the fully-qualified hostname of your container e.g., icinga2-satellite-1-core
The secrets.env is ready by containers and contains the variables employed to configure services:
| Variable | Container | Description |
|---|---|---|
| LOCALTIME | core, web, snmptrap | localtime e.g., Asia/Kabul |
| TYPE | core, web | type of Icinga2 container: satellite or master |
| MYSQL_ROOT_PASSWORD | sql, core, web | mariadb root password |
| ICINGA_PASSWORD | sql, core | mariadb icinga2 password |
| ICINGAWEB2_PASSWORD | sql, web | mariadb icingaweb2 password |
| ICINGA2_USER_FULLNAME | core | icinga2 user fullname |
| ICINGAWEB2_ADMIN_USER | web | icingaweb2 admin user |
| ICINGAWEB2_ADMIN_PASS | web | icingaweb2 admin password |
| ICINGA2_ZONE | core | zone of your satellite. set to master if you are using a master setup |
| ICINGA2_MASTER_IP | core | ip of your master (satellite setup) |
| ICINGA2_PORT | core | port of your master (satellite setup) |
| ICINGA2_MASTER | core | FQDN of your master (satellite setup) |
| ICINGA2_TICKET | core | ticket generated by the master for your satellite (type icinga2 pki ticket --cn yoursatellitefqdn on master) |
| SMTP_ROOT | core | user that gets the mail |
| SMTP_MAILHOST | core | smtp server address |
| SMTP_PORT | core | smtp server port |
| SMTP_USER | core | smtp server user |
| SMTP_PASS | core | smtp server password |
| SMTP_USE_STARTTLS | core | use starttls? yes/no |
| SMTP_FROM_OVERRIDE | core | smtp from override? yes/no |
If you already have a working Icinga2 system, just copy your config (/etc/icinga2) and certificate (/var/lib/icinga2/certs or /etc/icinga2/pki for icinga < 2.8) files in the directories listed above. The setup will automatically detect the presence of certificate files in /var/lib/icinga2/certs and will skip the configuration process.
Icinga Web 2 can be accessed at http://localhost/icingaweb2 with the credentials set in secrets.env
The core container has ssmtp installed, which forwards mails to a preconfigured static server.
You have to create the files ssmtp.conf for general configuration and revaliases (mapping from local Unix-user to mail-address).
# ssmtp.conf
root=<E-Mail address to use on>
mailhub=smtp.<YOUR_MAILBOX>:587
UseSTARTTLS=YES
AuthUser=<Username for authentication (mostly the complete e-Mail-address)>
AuthPass=<YOUR_PASSWORD>
FromLineOverride=NOBut be careful, ssmtp is not able to process special chars within the password correctly!
revaliases follows the format: Unix-user:e-Mail-address:server.
Therefore the e-Mail-address has to match the root's value in ssmtp.conf
Also server has to match mailhub from ssmtp.conf but without the port.
# revaliases
root:<VALUE_FROM_ROOT>:smtp.<YOUR_MAILBOX>
nagios:<VALUE_FROM_ROOT>:smtp.<YOUR_MAILBOX>
www-data:<VALUE_FROM_ROOT>:smtp.<YOUR_MAILBOX>These files have to get mounted into the container. Add these flags to your docker run-command:
-v $(pwd)/revaliases:/etc/ssmtp/revaliases:ro
-v $(pwd)/ssmtp.conf:/etc/ssmtp/ssmtp.conf:roIf you want to change the display-name of sender-address, you have to define the variable ICINGA2_USER_FULLNAME.
If this does not work, please ask your provider for the correct mail-settings or consider the ssmtp.conf(5)-manpage or Section "Reverse Aliases" on ssmtp(8).
Also you can debug your config, by executing inside your container ssmtp -v $address and pressing 2x Enter.
It will send an e-Mail to $address and give verbose log and all error-messages.
To use your own modules, you're able to install these into enabledModules-folder of your /etc/icingaweb2 volume.