From b18bc644404e02b57635bfcc8258e85abb141146 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 13 Apr 2024 13:44:46 +0200 Subject: Adding upstream version 1.1.1. Signed-off-by: Daniel Baumann --- doc/03-Configuration.md | 67 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 doc/03-Configuration.md (limited to 'doc/03-Configuration.md') diff --git a/doc/03-Configuration.md b/doc/03-Configuration.md new file mode 100644 index 0000000..ce24277 --- /dev/null +++ b/doc/03-Configuration.md @@ -0,0 +1,67 @@ +# Configuration + +If Icinga Web has been installed but not yet set up, please visit Icinga Web and follow the web-based setup wizard. +For Icinga Web setups already running, log in to Icinga Web with a privileged user and follow the steps below to +configure Icinga DB Web: + +If you have previously used the monitoring module, there is an option to [migrate](10-Migration.md) some settings. + +## Database Configuration + +Connection configuration for the database to which Icinga DB synchronizes monitoring data. + +1. Create a new resource for the Icinga DB database via the `Configuration → Application → Resources` menu. + +2. Configure the resource you just created as the database connection for the Icinga DB Web module using the + `Configuration → Modules → icingadb → Database` menu. + +## Redis Configuration + +Connection configuration for the Redis server where Icinga 2 writes check results. +This data is used to display the latest state information in Icinga DB Web. + +1. Configure the connection to the Redis server through the `Configuration → Modules → icingadb → Redis` menu. + +!!! info + + If you are running a high-availability Icinga 2 setup, + also configure the secondary master's Redis connection details. + Icinga DB Web then uses this connection if the primary one is not available. + +## Command Transport Configuration + +In order to acknowledge problems, force checks, schedule downtimes, etc., +Icinga DB Web needs access to the Icinga 2 API. +For this you need an `ApiUser` object with at least the following permissions on the Icinga 2 side: + +* `actions/*` +* `objects/query/*` +* `objects/modify/*` +* `status/query` + +!!! tip + + For single-node setups it is recommended to manage API credentials in the `/etc/icinga2/conf.d/api-users.conf` file. + If you are running a high-availability Icinga 2 setup, please manage the credentials in the master zone. + +1. Please add the following Icinga 2 configuration and change the password accordingly: + ``` + object ApiUser "icingadb-web" { + password = "CHANGEME" + permissions = [ "actions/*", "objects/modify/*", "objects/query/*", "status/query" ] + } + ``` +2. Restart Icinga 2 for these changes to take effect. +3. Then configure a command transport for Icinga DB Web + using the credentials you just created via the `Configuration → Modules → icingadb → Command Transports` menu. + +!!! info + + If you are running a high-availability Icinga 2 setup, + also configure the secondary master's API command transport. + Icinga DB Web then uses this transport if the primary one is not available. + +## Security + +To grant users permissions to run commands and restrict them to specific views, +see the [Security](04-Security.md) documentation for the necessary steps. -- cgit v1.2.3