Click here to load reader
Upload
netways
View
607
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Icinga 2 Hacking Session
Citation preview
WWW.ICINGA.ORGWWW.ICINGA.ORG
Icinga 2Hacking SessionIcinga 2Hacking Session
Icinga 2 Workshop2014-10-10
Icinga 2 Workshop2014-10-10
DEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORGDEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORG
• Icinga Cluster VMs
• A look on the config
• Configuration & Practice
• Cluster reconfiguration
• Questions & Answers
AgendaAgenda
Icinga 2 Workshop
Cluster VMsCluster VMs
DEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORGDEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORG
Cluster VMsCluster VMs
Icinga 2 Workshop
DEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORGDEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORG
Cluster VMsCluster VMs
Icinga 2 Workshop
DEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORGDEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORG
Cluster VMsCluster VMs
Icinga 2 Workshop
Icinga2a: OpenSSH: ssh root@localhost -p 2085 PuTTy: root@localhost:2085
Icinga2b: OpenSSH: ssh root@localhost -p 2086 PuTTy: root@localhost:2086
SSH Login: root / vagrant vagrant / vagrant
Web: http://localhost:8085 User: icingaadmin Password: icinga
See the docs for instructions for the VM source definitions http://docs.icinga.org/icinga2 → Vagrant
ConfigurationConfiguration
DEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORGDEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORG
Important PathsImportant Paths
Icinga 2 Workshop
/etc/icinga2 Main configuration/usr/sbin/icinga2 Daemon/usr/(s)bin/icinga2-* CLI tools
/usr/share/icinga2 ITL and plugin Commands/var/run/icinga PID file and command pipe
/var/cache/icinga2 status.dat / objects.cache/var/lib/icinga2 state file, cluster data/var/spool/icinga2 performance data/var/log/icinga2 logfiles
service icinga2 start|stop|restart|reload
service icinga2 checkconfig
icinga2-list-objects --color | less -R
DEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORGDEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORG
Icinga 2 Workshop
DemoDemo
DEMO
Configuration & practiceConfiguration & practice
DEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORGDEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORG
Host / Hostgroup / ServiceHost / Hostgroup / Service
Icinga 2 Workshop
object HostGroup "mysql-server" { display_name = "MySQL Server" assign where match("*mysql*", host.name) assign where match("db-*", host.vars.prod_mysql_db) ignore where host.vars.test_server == true ignore where match("*internal", host.name)}
object Host "mysql-db1" { import "db-server" import "mysql-server" address = "192.168.70.10"}
object Host "customer-db7" { import "db-server" import "mysql-server" address = "192.168.71.30" vars.prod_mysql_db = "db-customer-xy"}
apply Service "mysql-health" { import "mysql-service" check_command = "mysql" assign where "mysql-server" in host.groups ignore where host.vars.no_health_check == true}
DEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORGDEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORG
Custom check commandsCustom check commands
Icinga 2 Workshop
object CheckCommand "training-mysql" { import "training-mysql-common" command = [ PluginDir + "/check_mysql" ] arguments = { "-H" = "$mysql_host$" "-u" = "$mysql_user$" "-p" = "$mysql_password$" "-P" = "$mysql_port$" "-s" = "$mysql_socket$" "-a" = "$mysql_cert$" "-k" = "$mysql_key$" "-f" = "$mysql_optfile$" "-g" = "$mysql_group$" "-S" = { set_if = "$mysql_check_slave$" description = "Check if the slave thread is running properly." } "-l" = { set_if = "$mysql_ssl$" description = "Use ssl encryption" } } vars.mysql_check_slave = false vars.mysql_ssl = false}
template CheckCommand "training-mysql-common" { import "plugin-check-command" vars.mysql_host = "$address$"}
DEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORGDEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORG
Custom check commandsCustom check commands
Icinga 2 Workshop
template Host "mysql-server" { check_interval = 3m vars.mysql_port = 3306}
object Host "training-mysql-db1" { import "mysql-server" address = "127.0.0.1"}
object Host "training-mysql-db2" { import "mysql-server" address = "127.0.0.1"}
apply Service "mysql-connection" { import "mysql-service" check_command = "training-mysql" vars.mysql_database = "mysql" assign where "mysql-server" in host.groups}
object HostGroup "mysql-server" { display_name = "MySQL Server" assign where match("*mysql*", host.name) assign where match("db-*", host.vars.prod_mysql_db) ignore where host.vars.test_server == true ignore where match("*internal", host.name)}
DEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORGDEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORG
PracticePractice
• Erstellen Sie die Hosts:workshop-1 (192.168.33.10) undworkshop-2 (192.168.33.20)mit der var customer = “icinga“
• Erstellen Sie eine Hostgroup „icinga“ die alle Hosts enthält, bei denen customer auf „icinga“ gesetzt istassign where host.vars.customer == "icinga"
• Weisen Sie einen http Service (apply) für beide Hosts zu,der die URI “/icingaweb” prüft → /usr/share/icinga2/include/command-plugins.conf → http_uri → assign where match("workshop*", host.name)
• Erstellen Sie eine ServiceGroup „icinga-http“ und setzen Sie die eben erstellen Services in diese Gruppe
Icinga 2 Workshop
/etc/icinga2/zones.d/checker/workshop.conf
DEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORGDEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORG
Practice solutionPractice solution
Icinga 2 Workshop
object Host "workshop-1" { import "generic-host" address = "192.168.33.10" vars.customer = "icinga"}
object Host "workshop-2" { import "generic-host" address = "192.168.33.20" vars.customer = "icinga"}
object HostGroup "icinga" { assign where host.vars.customer == "icinga"}
apply Service "http" { check_command = "http" vars.http_uri = "/icingaweb" groups += [ "icinga-http" ]
assign where match("workshop*", host.name)}
object ServiceGroup "icinga-http" {}
DEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORGDEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORG
NotificationNotification
Icinga 2 Workshop
template Notification "notify-mysql-users" { command = "mail-service-notification"
states = [ OK, Warning, Critical, Unknown ] types = [ Problem, Acknowledgement, Recovery, Custom, FlappingStart, FlappingEnd, DowntimeStart, DowntimeEnd, DowntimeRemoved ] period = "24x7" user_groups = [ "icingaadmins" ]}
apply Notification "mysql-status" to Service { import "notify-mysql-users" assign where match("*mysql*", service.check_command) ignore where services.vars.disable_mysql_notifications == true}
apply Notification "notify-cust-icinga-mysql" to Service { import "cust-icinga-notification" assign where match("*mysql*", service.check_command) && host.vars.customer == "icinga" ignore where match("*internal", host.name) ignore where service.vars.sla != "24x7"}
DEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORGDEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORG
DependencyDependency
Icinga 2 Workshop
apply Service "nrpe-health" { import "generic-service" check_command = "nrpe" assign where host.vars.agent == "nrpe"}
apply Service "nrpe-load" { import "generic-service" check_command = "nrpe" vars.nrpe_command = "check_load" assign where host.vars.agent == "nrpe"}
apply Service "nrpe-disk" { import "generic-service" check_command = "nrpe" vars.nrpe_command = "check_disk" assign where host.vars.agent == "nrpe"}
object Host "nrpe-server" { import "generic-host" address = "192.168.1.5" vars.agent = "nrpe"}
apply Dependency "disable-nrpe-checks" to Service { parent_service_name = "nrpe-health"
states = [ OK ] disable_checks = true disable_notifications = true assign where service.check_command == "nrpe" && host.vars.agent == "nrpe" ignore where service.name == "nrpe-health"}
Reconfigure ClusterReconfigure Cluster
DEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORGDEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORG
Reconfigure to Master-MasterReconfigure to Master-Master
• Wir lösen die Zone checker auf und nehmen icinga2b in die Master Zone auf
• Icinga 2 auf beiden Seiten stoppen• Gecachte Cluster Daten löschen (beide Seiten)
rm -rf /var/lib/icinga2/api/zones/*
• zones.conf auf beiden Servern editieren• Inhalt von /etc/icinga2/zones.d/checker/ nach ../master/
verschieben• IDO HA Funktion deaktivieren• Icinga 2 wieder starten
Icinga 2 Workshop
# vim /etc/icinga2/features-enabled/ido-mysql.conf object IdoMysqlConnection "ido-mysql" { enable_ha = false}
object Zone "master" { endpoints = [ "icinga2a", "icinga2b" ]}
DEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORGDEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORG
QUESTIONS & ANSWERSQUESTIONS & ANSWERS
Icinga 2 Workshop
Web + Blog www.icinga.org
Docs docs.icinga.org
Development dev.icinga.org
Sourcecode git.icinga.org
Releases github.com/Icinga
Wiki wiki.icinga.org
IRC #icinga on FreeNode
Mailing lists lists.icinga.org
Support support.icinga.org
Twitter twitter.com/icinga
Facebook facebook.com/icinga
…….. Everywhere!
?Questions & Answers