- New Home Server
- Installing Proxmox
- Proxmox Quirks & Configurations
- Shiny New DC
- DNS, DHCP, and Redundancy
- Active Directory Structure and Config
- File server replication with Robocopy
- Windows shares on Linux
- Install Plex on CentOS
- Ubiquiti UniFi Controller
- Centreon Monitoring
- Centreon 2 – Electric Boogaloo
I’ve used a few different monitoring solutions over the years, Zabbix, Nagios and Solarwinds in the enterprise world. Nagios, PRTG Network Monitor, and most recently Centreon on my personal stuff. Centreon is basically just a front end for Nagios, it pretties it up and makes the interface look nice and allows you to setup your hosts without editing config files directly. Overall I’ve been happy with it, and decided I’m going to stick with it for awhile.
To begin, we’ll need to add the Centreon repo, you can specify –nogpgcheck to avoid having to manually download and/or create the key, it will be downloaded automatically in the next step when you install MariaDB and you’ll be asked to approve it:
|
1 2 |
wget http://yum.centreon.com/standard/3.4/el7/stable/noarch/RPMS/centreon-release-3.4-4.el7.centos.noarch.rpm yum install --nogpgcheck centreon-release-3.4-4.el7.centos.noarch.rpm |
Install MariaDB:
|
1 2 3 |
yum install mariadb-server systemctl enable mariadb systemctl start mariadb |
To secure MariaDB, run the following command and go through the prompts:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
root@centreon# mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. Set root password? [Y/n] Y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB! root@centreon# |
Create the centreon.conf file for MariaDB:
|
1 2 3 4 |
vi /etc/systemd/system/mariadb.service.d/centreon.conf [Service] LimitNOFILE=32000 :wq |
Reload systemd and then restart MariaDB:
|
1 2 |
systemctl daemon-reload systemctl restart mariadb |
Install php:
|
1 |
yum install php |
Configure your timezone so you don’t get errors/warnings:
|
1 2 3 |
vi /etc/php.ini date.timezone = America/Chicago :wq |
Install the base server:
|
1 |
yum install centreon-base-config-centreon-engine centreon |
You can install the poller on different and/or multiple servers if you wish (I.e. if you’re scaling this out to the enterprise level and have tons of hosts/different locations/etc), in my case they’re going to reside on the same server:
|
1 |
yum install centreon-poller-centreon-engine |
I also like to go ahead and install all available plugins as well:
|
1 |
yum install centreon-plugins centreon-plugin-* |
Start it up:
|
1 |
systemctl enable httpd && systemctl start httpd |
If everything went well you should now be able to load up http://yourserver/centreon in a browser and complete the configuration.
Note that all of the information in the below screenshot is pre-filled, you just hit Next here:
This one is pre-filled as well, just hit Next:
As long as your database is on the same server, you can leave the Database Host Address blank, enter in the Root password that you created when running the mysql_secure_installation script, and then enter the database user password. All the rest should be pre-populated for you.
This next step can take a bit of time:
But should eventually end up like this:
Upon clicking finish, you will be greeted with this nice little login screen:
To setup LDAP authentication, the first thing you will need is an account that will allow Centreon to search Active Directory for users. I created a service account for it, this is what you will enter under the configuration for the bind account. You will need to login to Centreon with the admin user that was created during setup, and then navigate to Administration > Parameters > LDAP.
Configuration name and description can be whatever you want, then make sure to set “Enable LDAP authentication” to Yes, I also enabled “Store LDAP password” this just ensures that if AD is unavailable for whatever reason you can still login to Centreon with your AD users. “Auto import users” you want to leave at No so that Centreon will authenticate with LDAP every time instead of importing users into its own database. You can leave the next few options at default and then enter your LDAP servers. In my case dc01.sky.net and dc02.sky.net and default port of 389.
Bind username and password will be the service account that was created to allow Centreon to search AD. Protocol version I have set to 3 since I’m using Active Directory. Upon choosing Active Directory as the template, it will automagically populate everything except for the User and Group base DNs for you. In my case those are OU=Accounts,OU=Sky,DC=Sky,DC=net and OU=Groups,OU=Sky,DC=Sky,DC=net respectively.
You can now navigate to Configuration > Users and choose LDAP import.
Click the search button, and a list of all your AD users will be shown. Simply check the ones you wish to import and click on the Import button.
Once imported you can click on the user and associate with contact groups, enable notifications, designate as adminitrator, etc… just as you would a built in Centreon user account.
In order to get everything fully functional, you will also need to navigate to Administration > Extensions and enable both the Centreon Plugin Pack Manager and Centreon License Manager by clicking the gear next to each of them and then choosing Install.
You can then navigate to Configuration > Plugin pack and enable the various plugins that are available. To do so just mouse over one of them and a + symbol will appear in the bottom right corner, you can click on this to install the plugin pack. Once it has been installed, a check mark will appear in the top right corner.
One last thing to know is that anytime you make any configuration changes whatsoever, you need to reload the poller. To do so, navigate to Configuration > Poller. Here you will see all available pollers, in my case, it’s only localhost. You will then check the box next to it, and hit the Export Configuration button.
By default, the only options checked will be Generate Configuration Files, and Run Monitoring Engine Debug. This will allow you to generate the files only, and then it will report any errors down below, this gives you a chance to fix any problems before applying the config and breaking Centreon.
Once you are confident that everything is good, check off the Move Export Files and Restart Monitoring Engine boxes and hit the Export button again. This will overwrite your config with the newly generated one and then reload the monitoring engine so that the changes take affect. Under the Method there are two options, Reload and Restart. I’ve not run into anything yet that I have changed that actually required a Restart, Reload seems to always handle it just fine.
I will go over actually configuring Hosts/Services/Alerts in a separate post.
Leave a Reply