icinga2 hacking session 2014-10-10

WWW.ICINGA.ORGWWW.ICINGA.ORG

Icinga 2Hacking SessionIcinga 2Hacking Session

Icinga 2 Workshop2014-10-10

Icinga 2 Workshop2014-10-10

DEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORGDEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORG

• Icinga Cluster VMs

• A look on the config

• Configuration & Practice

• Cluster reconfiguration

• Questions & Answers

AgendaAgenda

Icinga 2 Workshop

Cluster VMsCluster VMs



Icinga 2 Workshop



Icinga 2 Workshop

Icinga2a: OpenSSH: ssh root@localhost -p 2085 PuTTy: root@localhost:2085

Icinga2b: OpenSSH: ssh root@localhost -p 2086 PuTTy: root@localhost:2086

SSH Login: root / vagrant vagrant / vagrant

Web: http://localhost:8085 User: icingaadmin Password: icinga

See the docs for instructions for the VM source definitions http://docs.icinga.org/icinga2 → Vagrant

ConfigurationConfiguration


Important PathsImportant Paths

Icinga 2 Workshop

/etc/icinga2 Main configuration/usr/sbin/icinga2 Daemon/usr/(s)bin/icinga2-* CLI tools

/usr/share/icinga2 ITL and plugin Commands/var/run/icinga PID file and command pipe

/var/cache/icinga2 status.dat / objects.cache/var/lib/icinga2 state file, cluster data/var/spool/icinga2 performance data/var/log/icinga2 logfiles

service icinga2 start|stop|restart|reload

service icinga2 checkconfig

icinga2-list-objects --color | less -R


Icinga 2 Workshop

DemoDemo

DEMO

Configuration & practiceConfiguration & practice


Host / Hostgroup / ServiceHost / Hostgroup / Service

Icinga 2 Workshop

object HostGroup "mysql-server" { display_name = "MySQL Server" assign where match("*mysql*", host.name) assign where match("db-*", host.vars.prod_mysql_db) ignore where host.vars.test_server == true ignore where match("*internal", host.name)}

object Host "mysql-db1" { import "db-server" import "mysql-server" address = "192.168.70.10"}

object Host "customer-db7" { import "db-server" import "mysql-server" address = "192.168.71.30" vars.prod_mysql_db = "db-customer-xy"}

apply Service "mysql-health" { import "mysql-service" check_command = "mysql" assign where "mysql-server" in host.groups ignore where host.vars.no_health_check == true}


Custom check commandsCustom check commands

Icinga 2 Workshop

object CheckCommand "training-mysql" { import "training-mysql-common" command = [ PluginDir + "/check_mysql" ] arguments = { "-H" = "$mysql_host$" "-u" = "$mysql_user$" "-p" = "$mysql_password$" "-P" = "$mysql_port$" "-s" = "$mysql_socket$" "-a" = "$mysql_cert$" "-k" = "$mysql_key$" "-f" = "$mysql_optfile$" "-g" = "$mysql_group$" "-S" = { set_if = "$mysql_check_slave$" description = "Check if the slave thread is running properly." } "-l" = { set_if = "$mysql_ssl$" description = "Use ssl encryption" } } vars.mysql_check_slave = false vars.mysql_ssl = false}

template CheckCommand "training-mysql-common" { import "plugin-check-command" vars.mysql_host = "$address$"}


Custom check commandsCustom check commands

Icinga 2 Workshop

template Host "mysql-server" { check_interval = 3m vars.mysql_port = 3306}

object Host "training-mysql-db1" { import "mysql-server" address = "127.0.0.1"}

object Host "training-mysql-db2" { import "mysql-server" address = "127.0.0.1"}

apply Service "mysql-connection" { import "mysql-service" check_command = "training-mysql" vars.mysql_database = "mysql" assign where "mysql-server" in host.groups}

object HostGroup "mysql-server" { display_name = "MySQL Server" assign where match("*mysql*", host.name) assign where match("db-*", host.vars.prod_mysql_db) ignore where host.vars.test_server == true ignore where match("*internal", host.name)}


PracticePractice

• Erstellen Sie die Hosts:workshop-1 (192.168.33.10) undworkshop-2 (192.168.33.20)mit der var customer = “icinga“

• Erstellen Sie eine Hostgroup „icinga“ die alle Hosts enthält, bei denen customer auf „icinga“ gesetzt istassign where host.vars.customer == "icinga"

• Weisen Sie einen http Service (apply) für beide Hosts zu,der die URI “/icingaweb” prüft → /usr/share/icinga2/include/command-plugins.conf → http_uri → assign where match("workshop*", host.name)

• Erstellen Sie eine ServiceGroup „icinga-http“ und setzen Sie die eben erstellen Services in diese Gruppe

Icinga 2 Workshop

/etc/icinga2/zones.d/checker/workshop.conf


Practice solutionPractice solution

Icinga 2 Workshop

object Host "workshop-1" { import "generic-host" address = "192.168.33.10" vars.customer = "icinga"}

object Host "workshop-2" { import "generic-host" address = "192.168.33.20" vars.customer = "icinga"}

object HostGroup "icinga" { assign where host.vars.customer == "icinga"}

apply Service "http" { check_command = "http" vars.http_uri = "/icingaweb" groups += [ "icinga-http" ]

assign where match("workshop*", host.name)}

object ServiceGroup "icinga-http" {}


NotificationNotification

Icinga 2 Workshop

template Notification "notify-mysql-users" { command = "mail-service-notification"

states = [ OK, Warning, Critical, Unknown ] types = [ Problem, Acknowledgement, Recovery, Custom, FlappingStart, FlappingEnd, DowntimeStart, DowntimeEnd, DowntimeRemoved ] period = "24x7" user_groups = [ "icingaadmins" ]}

apply Notification "mysql-status" to Service { import "notify-mysql-users" assign where match("*mysql*", service.check_command) ignore where services.vars.disable_mysql_notifications == true}

apply Notification "notify-cust-icinga-mysql" to Service { import "cust-icinga-notification" assign where match("*mysql*", service.check_command) && host.vars.customer == "icinga" ignore where match("*internal", host.name) ignore where service.vars.sla != "24x7"}


DependencyDependency

Icinga 2 Workshop

apply Service "nrpe-health" { import "generic-service" check_command = "nrpe" assign where host.vars.agent == "nrpe"}

apply Service "nrpe-load" { import "generic-service" check_command = "nrpe" vars.nrpe_command = "check_load" assign where host.vars.agent == "nrpe"}

apply Service "nrpe-disk" { import "generic-service" check_command = "nrpe" vars.nrpe_command = "check_disk" assign where host.vars.agent == "nrpe"}

object Host "nrpe-server" { import "generic-host" address = "192.168.1.5" vars.agent = "nrpe"}

apply Dependency "disable-nrpe-checks" to Service { parent_service_name = "nrpe-health"

states = [ OK ] disable_checks = true disable_notifications = true assign where service.check_command == "nrpe" && host.vars.agent == "nrpe" ignore where service.name == "nrpe-health"}

Reconfigure ClusterReconfigure Cluster


Reconfigure to Master-MasterReconfigure to Master-Master

• Wir lösen die Zone checker auf und nehmen icinga2b in die Master Zone auf

• Icinga 2 auf beiden Seiten stoppen• Gecachte Cluster Daten löschen (beide Seiten)

rm -rf /var/lib/icinga2/api/zones/*

• zones.conf auf beiden Servern editieren• Inhalt von /etc/icinga2/zones.d/checker/ nach ../master/

verschieben• IDO HA Funktion deaktivieren• Icinga 2 wieder starten

Icinga 2 Workshop

# vim /etc/icinga2/features-enabled/ido-mysql.conf object IdoMysqlConnection "ido-mysql" { enable_ha = false}

object Zone "master" { endpoints = [ "icinga2a", "icinga2b" ]}


QUESTIONS & ANSWERSQUESTIONS & ANSWERS

Icinga 2 Workshop

Web + Blog www.icinga.org

Docs docs.icinga.org

Development dev.icinga.org

Sourcecode git.icinga.org

Releases github.com/Icinga

Wiki wiki.icinga.org

IRC #icinga on FreeNode

Mailing lists lists.icinga.org

Support support.icinga.org

Twitter twitter.com/icinga

Facebook facebook.com/icinga

…….. Everywhere!

?Questions & Answers

icinga2 hacking session 2014-10-10

Technology