View
516
Download
4
Category
Preview:
Citation preview
www.icinga.org
Icinga Director
IcingaCamp San Diego – 10/18/16
Thomas Gelf
Module prototyping machine
Icinga Lead Architect
Principal Consultant @netways
Based in Nuremberg, Germany
Grown up in South Tyrol, Italian Alps
Apple-Fanboy. Real apples ;-)
AGENDA
Talk structure
while (! $talk->outOfTime()) {
$camp->doFancyLiveDemo() ->showSomeSlides();
}
HISTORY
Motivations for a new config tool
Icinga 2: new config format DSL
old config tools do not fit any more
Challenges
Ever tried toconfigurea DSL?
Getting started
Installation
provide a database
tell Director...
...and he cares about the rest
Using Puppet?
Idempotency out of the box :-)Try `--help` or the documentation for more information
Same for Kickstart!
Let's try it out!
WHAT HAPPENED RIGHT NOW?
Our kickstart wizard:
• Created our DB schema
• Connected to the Icinga 2 API
• Fetched Commands, Endpoints & Zones
Manually, we:
• Created a first host template
• Created a host based on this template
• Deployed it with a single click
Internally, Director:
• Rendered the whole configuration
• Versioned and stored it to it‘s DB
• Shipped it to Icinga through the API
• Icinga validated the config & reloaded
• Director fetched it‘s startup log
Want some modification?
HOW DOES THIS WORK?
Internally, Director:
• Keeps track of every single change
• Perfect for auditing changes
• It‘s checksummed
• Allows to travel back in time
What if I have...
• ...hundreds of thousands of changes?
• Don‘t worry, works fine!
ARCHITECTURE
Architecture
• How and where to attach• How does it talk to my Icinga nodes• Masters, Satellites, Agents?
Architecture
Protocol
• Uses the Icinga 2 API (TLS, REST)• Ships whole config, not single objects• This is ways faster with lots of objects• Could still ship partial changes
Communication Paths
• Director talks to your master node(s)• Deploys always to the very same node• Knows agents / satellites• Controls them via config distribution
CONFIGURATION MADE EASY
Icinga Director's target audience
fully automated environments
point & click users
at the very same time (!!)
Show me the click thingy!
WHAT DID WE SEE HERE?
Powerful custom field handling
• Define your own rules
• Make things easy for your users
• Delegate boring daily work
Select multiple objects...
...modify
all ot them
at once
Future features
• Dictionary/Hash support
• Nested complex data types
WHAT ABOUT SERVICES?
Demo
ICINGA 2 AGENT
What it does for you
• Handle SSL certificate signing
• Provide a fitting configuration
• Hide complexity
AUTOMATION FIRST
Guess what?
Live demo!
All kind of databases
• Out of the box:● MySQL● PostgreSQL● MSSQL● Oracle
LDAP, AD
Want all yourservers fromyour ActiveDirectory beingmonitoredautomatically?
Knowing AD you might wonder…...where to get the IP address from?
...how I got the SID in a non-binary form?
...about my version number format
Modifiers
• Not enough?• Pull request• Custom hook
Files: CSV, JSON, XML, YAML
AWSLoad balancers
EC2 instances
Autoscaling
Groups
PuppetDBget your systems
monitored
fully automated
immediately after
being deployed
Import & Sync
Write your own!
IS IT APIFIED?
Director offers a REST API
• Simple and powerful• Easy and intuitive to use• Assists you with the trickiest part of the job: detect and handle changes
IT HAS A CLI!
WANT MORE?
What‘s next?
• Nested apply rules• Service sets• ACLs, permissions/restrictions
Director is highly modular
Current Hooks:
DataType, ImportSource,
PropertyModifier, ShipConfigFiles
Even Directors own implementations extend and use them to
provide you nice real-world examples
USE IT!
Codehttps://www.github.com/Icinga
→ icingaweb2-module-director
https://www.github.com/Thomas-Gelf
→ icingaweb2-module-aws
→ icingaweb2-module-puppetdb
→ icingaweb2-module-fileshipper
Roadmaphttps://dev.icinga.org
→ Projects Director Roadmap→ →
ReleasesFirst release: 1.0 (released 03/24/2016)
Current stable: 1.1 (released 06/30/2016)
Next release: 1.2.0 (scheduled for 11/03/2016)
Fancy new things: don‘t fear the GIT master!
Thank You!www.icinga.org
dev.icinga.org
git.icinga.org
@icinga
/icinga
+icinga
QUESTIONS?Thomas Gelf <thomas.gelf@icinga.com>
Recommended