Icinga2 Hacking Session 2014-10-10

WWW.ICINGA.ORGWWW.ICINGA.ORG
Icinga 2
Hacking Session
Icinga 2
Hacking Session
Icinga 2 Workshop
2014-10-10
Icinga 2 Workshop
2014-10-10

DEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORGDEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORG
• Icinga Cluster VMs
• A look on the config
• Configuration & Practice
• Cluster reconfiguration
• Questions & Answers
AgendaAgenda
Icinga 2 Workshop

Cluster VMsCluster VMs
Icinga 2 Workshop

Cluster VMsCluster VMs
Icinga 2 Workshop
Icinga2a:
OpenSSH: ssh root@localhost -p 2085
PuTTy: root@localhost:2085
Icinga2b:
OpenSSH: ssh root@localhost -p 2086
PuTTy: root@localhost:2086
SSH Login:
root / vagrant
vagrant / vagrant
Web:
http://localhost:8085
User: icingaadmin
Password: icinga
See the docs for instructions for the VM source definitions
http://docs.icinga.org/icinga2 → Vagrant

Important PathsImportant Paths
Icinga 2 Workshop
/etc/icinga2 Main configuration
/usr/sbin/icinga2 Daemon
/usr/(s)bin/icinga2-* CLI tools
/usr/share/icinga2 ITL and plugin Commands
/var/run/icinga PID file and command pipe
/var/cache/icinga2 status.dat / objects.cache
/var/lib/icinga2 state file, cluster data
/var/spool/icinga2 performance data
/var/log/icinga2 logfiles
service icinga2 start|stop|restart|reload
service icinga2 checkconfig
icinga2-list-objects --color | less -R

Icinga 2 Workshop
DemoDemo
DEMO

Configuration & practiceConfiguration & practice

Host / Hostgroup / ServiceHost / Hostgroup / Service
Icinga 2 Workshop
object HostGroup "mysql-server" {
display_name = "MySQL Server"
assign where match("*mysql*", host.name)
assign where match("db-*", host.vars.prod_mysql_db)
ignore where host.vars.test_server == true
ignore where match("*internal", host.name)
}
object Host "mysql-db1" {
import "db-server"
import "mysql-server"
address = "192.168.70.10"
}
object Host "customer-db7" {
import "db-server"
address = "192.168.71.30"
vars.prod_mysql_db = "db-customer-xy"
}
apply Service "mysql-health" {
import "mysql-service"
check_command = "mysql"
assign where "mysql-server" in host.groups
ignore where host.vars.no_health_check == true
}

Custom check commandsCustom check commands
Icinga 2 Workshop
object CheckCommand "training-mysql" {
import "training-mysql-common"
command = [ PluginDir + "/check_mysql" ]
arguments = {
"-H" = "$mysql_host$"
"-u" = "$mysql_user$"
"-p" = "$mysql_password$"
"-P" = "$mysql_port$"
"-s" = "$mysql_socket$"
"-a" = "$mysql_cert$"
"-k" = "$mysql_key$"
"-f" = "$mysql_optfile$"
"-g" = "$mysql_group$"
"-S" = {
set_if = "$mysql_check_slave$"
description = "Check if the slave thread is running properly."
}
"-l" = {
set_if = "$mysql_ssl$"
description = "Use ssl encryption"
}
}
vars.mysql_check_slave = false
vars.mysql_ssl = false
}
template CheckCommand "training-mysql-common" {
import "plugin-check-command"
vars.mysql_host = "$address$"
}

Custom check commandsCustom check commands
Icinga 2 Workshop
template Host "mysql-server" {
check_interval = 3m
vars.mysql_port = 3306
}
object Host "training-mysql-db1" {
address = "127.0.0.1"
}
object Host "training-mysql-db2" {
address = "127.0.0.1"
}
apply Service "mysql-connection" {
import "mysql-service"
check_command = "training-mysql"
vars.mysql_database = "mysql"
assign where "mysql-server" in host.groups
}
object HostGroup "mysql-server" {
display_name = "MySQL Server"
assign where match("*mysql*", host.name)
assign where match("db-*",
host.vars.prod_mysql_db)
ignore where host.vars.test_server == true
}

PracticePractice
• Erstellen Sie die Hosts:
workshop-1 (192.168.33.10) und
workshop-2 (192.168.33.20)
mit der var customer = “icinga“
• Erstellen Sie eine Hostgroup „icinga“ die alle Hosts enthält, bei
denen customer auf „icinga“ gesetzt ist
assign where host.vars.customer == "icinga"
• Weisen Sie einen http Service (apply) für beide Hosts zu,
der die URI “/icingaweb” prüft
→ /usr/share/icinga2/include/command-plugins.conf
→ http_uri
→ assign where match("workshop*", host.name)
• Erstellen Sie eine ServiceGroup „icinga-http“ und setzen Sie
die eben erstellen Services in diese Gruppe
Icinga 2 Workshop
/etc/icinga2/zones.d/checker/workshop.conf

Practice solutionPractice solution
Icinga 2 Workshop
object Host "workshop-1" {
import "generic-host"
address = "192.168.33.10"
vars.customer = "icinga"
}
object Host "workshop-2" {
address = "192.168.33.20"
vars.customer = "icinga"
}
object HostGroup "icinga" {
assign where host.vars.customer == "icinga"
}
apply Service "http" {
check_command = "http"
vars.http_uri = "/icingaweb"
groups += [ "icinga-http" ]
assign where match("workshop*", host.name)
}
object ServiceGroup "icinga-http" {
}

NotificationNotification
Icinga 2 Workshop
template Notification "notify-mysql-users" {
command = "mail-service-notification"
states = [ OK, Warning, Critical, Unknown ]
types = [ Problem, Acknowledgement, Recovery, Custom,
FlappingStart, FlappingEnd,
DowntimeStart, DowntimeEnd, DowntimeRemoved ]
period = "24x7"
user_groups = [ "icingaadmins" ]
}
apply Notification "mysql-status" to Service {
import "notify-mysql-users"
assign where match("*mysql*", service.check_command)
ignore where services.vars.disable_mysql_notifications == true
}
apply Notification "notify-cust-icinga-mysql" to Service {
import "cust-icinga-notification"
assign where match("*mysql*", service.check_command) &&
host.vars.customer == "icinga"
ignore where service.vars.sla != "24x7"
}

DependencyDependency
Icinga 2 Workshop
apply Service "nrpe-health" {
import "generic-service"
check_command = "nrpe"
assign where host.vars.agent == "nrpe"
}
apply Service "nrpe-load" {
vars.nrpe_command = "check_load"
assign where host.vars.agent == "nrpe"
}
apply Service "nrpe-disk" {
vars.nrpe_command = "check_disk"
assign where
host.vars.agent == "nrpe"
}
object Host "nrpe-server" {
address = "192.168.1.5"
vars.agent = "nrpe"
}
apply Dependency "disable-nrpe-checks" to Service
parent_service_name = "nrpe-health"
states = [ OK ]
disable_checks = true
disable_notifications = true
assign where service.check_command == "nrpe" &&
host.vars.agent == "nrpe"
ignore where service.name == "nrpe-health"
}

Reconfigure ClusterReconfigure Cluster

Reconfigure to Master-MasterReconfigure to Master-Master
• Wir lösen die Zone checker auf und nehmen icinga2b in die
Master Zone auf
• Icinga 2 auf beiden Seiten stoppen
• Gecachte Cluster Daten löschen (beide Seiten)
rm -rf /var/lib/icinga2/api/zones/*
• zones.conf auf beiden Servern editieren
• Inhalt von /etc/icinga2/zones.d/checker/ nach ../master/
verschieben
• IDO HA Funktion deaktivieren
• Icinga 2 wieder starten
Icinga 2 Workshop
# vim /etc/icinga2/features-enabled/ido-mysql.conf
object IdoMysqlConnection "ido-mysql" {
enable_ha = false
}
object Zone "master" {
endpoints = [ "icinga2a", "icinga2b" ]
}

QUESTIONS & ANSWERSQUESTIONS & ANSWERS
Icinga 2 Workshop
Web + Blog www.icinga.org
Docs docs.icinga.org
Development dev.icinga.org
Sourcecode git.icinga.org
Releases github.com/Icinga
Wiki wiki.icinga.org
IRC #icinga on FreeNode
Mailing lists lists.icinga.org
Support support.icinga.org
Twitter twitter.com/icinga
Facebook facebook.com/icinga
…….. Everywhere!
?
Questions & Answers

Icinga2 Hacking Session 2014-10-10

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to Icinga2 Hacking Session 2014-10-10

Similar to Icinga2 Hacking Session 2014-10-10 (20)

More from Icinga

More from Icinga (20)

Recently uploaded

Recently uploaded (20)

Icinga2 Hacking Session 2014-10-10