70
Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba Monitoring Automation Inventory Virtual Machines Icinga2 Icinga2 Masters Icinga2 Clients Conclusion The End Deploying Icinga2 through Ansible Monitoring migration through automation Toshaan Bharvani - VanTosh bvba <[email protected]> Icinga Camp Bangalore 2017 13 May 2017 Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 1 / 37

Icinga Camp Bangalore - Icinga2 and Ansible

  • Upload
    icinga

  • View
    174

  • Download
    0

Embed Size (px)

Citation preview

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Deploying Icinga2 through AnsibleMonitoring migration through automation

Toshaan Bharvani - VanTosh bvba

<[email protected]>

Icinga Camp Bangalore 2017

13 May 2017

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 1 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

$ whoami

Toshaan Bharvani - VanTosh

• From Antwerp, Belgium

• Self-employed engineer/trainer (available for hire)http://www.vantosh.com

• Involved with Enterprise OS : PEL, RHEL, CentOS, IBM AIX,OpenBSD, FreeBSD, SLES, . . .

• Likes to keep everything secure : SELinux, WebSec, . . .

• Lives in a virtual world : KVM, Xen, LXC, PowerVM, z/VM, . . .

• Likes automation CfgMgmt / DevOps : Ansible, Foreman,Puppet

• Works on both hardware and software side

• Wants to take over the universe

• Twitter : @toshywoshy

• Blog : http://www.toshaan.com

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 2 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Table of contents

1 Monitoring

2 AutomationInventoryVirtual Machines

3 Icinga2Icinga2 MastersIcinga2 Clients

4 Conclusion

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 3 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

1

Monitoring

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 4 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Monitoring

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 5 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Choices

• Nagios• Well know, good for smaller install base

• Zenoss• Big coupled project without any cohesion

• Zabbix• Distributed, all-in-one solution, good

• Ganglia• RRD as static, web interface is dated

• Icinga• Better web interface with nagios forked backend

• OpsView• Fancier web interface which is liked by managers, nagios forked

• Shinken• Distributed, modular, good for smal install base

• Icinga2• Distributed, better scalability, better interface, modular and

integrations

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 6 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Choices

• Nagios• Well know, good for smaller install base

• Zenoss• Big coupled project without any cohesion

• Zabbix• Distributed, all-in-one solution, good

• Ganglia• RRD as static, web interface is dated

• Icinga• Better web interface with nagios forked backend

• OpsView• Fancier web interface which is liked by managers, nagios forked

• Shinken• Distributed, modular, good for smal install base

• Icinga2• Distributed, better scalability, better interface, modular and

integrations

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 6 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Choices

• Nagios• Well know, good for smaller install base

• Zenoss• Big coupled project without any cohesion

• Zabbix• Distributed, all-in-one solution, good

• Ganglia• RRD as static, web interface is dated

• Icinga• Better web interface with nagios forked backend

• OpsView• Fancier web interface which is liked by managers, nagios forked

• Shinken• Distributed, modular, good for smal install base

• Icinga2• Distributed, better scalability, better interface, modular and

integrations

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 6 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Choices

• Nagios• Well know, good for smaller install base

• Zenoss• Big coupled project without any cohesion

• Zabbix• Distributed, all-in-one solution, good

• Ganglia• RRD as static, web interface is dated

• Icinga• Better web interface with nagios forked backend

• OpsView• Fancier web interface which is liked by managers, nagios forked

• Shinken• Distributed, modular, good for smal install base

• Icinga2• Distributed, better scalability, better interface, modular and

integrations

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 6 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Choices

• Nagios• Well know, good for smaller install base

• Zenoss• Big coupled project without any cohesion

• Zabbix• Distributed, all-in-one solution, good

• Ganglia• RRD as static, web interface is dated

• Icinga• Better web interface with nagios forked backend

• OpsView• Fancier web interface which is liked by managers, nagios forked

• Shinken• Distributed, modular, good for smal install base

• Icinga2• Distributed, better scalability, better interface, modular and

integrations

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 6 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Choices

• Nagios• Well know, good for smaller install base

• Zenoss• Big coupled project without any cohesion

• Zabbix• Distributed, all-in-one solution, good

• Ganglia• RRD as static, web interface is dated

• Icinga• Better web interface with nagios forked backend

• OpsView• Fancier web interface which is liked by managers, nagios forked

• Shinken• Distributed, modular, good for smal install base

• Icinga2• Distributed, better scalability, better interface, modular and

integrations

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 6 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Choices

• Nagios• Well know, good for smaller install base

• Zenoss• Big coupled project without any cohesion

• Zabbix• Distributed, all-in-one solution, good

• Ganglia• RRD as static, web interface is dated

• Icinga• Better web interface with nagios forked backend

• OpsView• Fancier web interface which is liked by managers, nagios forked

• Shinken• Distributed, modular, good for smal install base

• Icinga2• Distributed, better scalability, better interface, modular and

integrations

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 6 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Choices

• Nagios• Well know, good for smaller install base

• Zenoss• Big coupled project without any cohesion

• Zabbix• Distributed, all-in-one solution, good

• Ganglia• RRD as static, web interface is dated

• Icinga• Better web interface with nagios forked backend

• OpsView• Fancier web interface which is liked by managers, nagios forked

• Shinken• Distributed, modular, good for smal install base

• Icinga2• Distributed, better scalability, better interface, modular and

integrations

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 6 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Choices

• Nagios• Well know, good for smaller install base

• Zenoss• Big coupled project without any cohesion

• Zabbix• Distributed, all-in-one solution, good

• Ganglia• RRD as static, web interface is dated

• Icinga• Better web interface with nagios forked backend

• OpsView• Fancier web interface which is liked by managers, nagios forked

• Shinken• Distributed, modular, good for smal install base

• Icinga2• Distributed, better scalability, better interface, modular and

integrations

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 6 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Choices

• Nagios• Well know, good for smaller install base

• Zenoss• Big coupled project without any cohesion

• Zabbix• Distributed, all-in-one solution, good

• Ganglia• RRD as static, web interface is dated

• Icinga• Better web interface with nagios forked backend

• OpsView• Fancier web interface which is liked by managers, nagios forked

• Shinken• Distributed, modular, good for smal install base

• Icinga2• Distributed, better scalability, better interface, modular and

integrations

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 6 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Choices

• Nagios• Well know, good for smaller install base

• Zenoss• Big coupled project without any cohesion

• Zabbix• Distributed, all-in-one solution, good

• Ganglia• RRD as static, web interface is dated

• Icinga• Better web interface with nagios forked backend

• OpsView• Fancier web interface which is liked by managers, nagios forked

• Shinken• Distributed, modular, good for smal install base

• Icinga2• Distributed, better scalability, better interface, modular and

integrations

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 6 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Choices

• Nagios• Well know, good for smaller install base

• Zenoss• Big coupled project without any cohesion

• Zabbix• Distributed, all-in-one solution, good

• Ganglia• RRD as static, web interface is dated

• Icinga• Better web interface with nagios forked backend

• OpsView• Fancier web interface which is liked by managers, nagios forked

• Shinken• Distributed, modular, good for smal install base

• Icinga2• Distributed, better scalability, better interface, modular and

integrations

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 6 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Choices

• Nagios• Well know, good for smaller install base

• Zenoss• Big coupled project without any cohesion

• Zabbix• Distributed, all-in-one solution, good

• Ganglia• RRD as static, web interface is dated

• Icinga• Better web interface with nagios forked backend

• OpsView• Fancier web interface which is liked by managers, nagios forked

• Shinken• Distributed, modular, good for smal install base

• Icinga2• Distributed, better scalability, better interface, modular and

integrations

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 6 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Choices

• Nagios• Well know, good for smaller install base

• Zenoss• Big coupled project without any cohesion

• Zabbix• Distributed, all-in-one solution, good

• Ganglia• RRD as static, web interface is dated

• Icinga• Better web interface with nagios forked backend

• OpsView• Fancier web interface which is liked by managers, nagios forked

• Shinken• Distributed, modular, good for smal install base

• Icinga2• Distributed, better scalability, better interface, modular and

integrations

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 6 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Choices

• Nagios• Well know, good for smaller install base

• Zenoss• Big coupled project without any cohesion

• Zabbix• Distributed, all-in-one solution, good

• Ganglia• RRD as static, web interface is dated

• Icinga• Better web interface with nagios forked backend

• OpsView• Fancier web interface which is liked by managers, nagios forked

• Shinken• Distributed, modular, good for smal install base

• Icinga2• Distributed, better scalability, better interface, modular and

integrations

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 6 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Choices

• Nagios• Well know, good for smaller install base

• Zenoss• Big coupled project without any cohesion

• Zabbix• Distributed, all-in-one solution, good

• Ganglia• RRD as static, web interface is dated

• Icinga• Better web interface with nagios forked backend

• OpsView• Fancier web interface which is liked by managers, nagios forked

• Shinken• Distributed, modular, good for smal install base

• Icinga2• Distributed, better scalability, better interface, modular and

integrations

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 6 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

2

Automation

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 7 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Ansible

“Ansible is a fictional machine capable of instantaneous orsuperluminal communication. Typically it is depicted as alunch-box-sized object with some combination of microphone, speaker,keyboard and display. It can send and receive messages to and from acorresponding device over any distance whatsoever with no delay.”1

• Configuration Management Tool• System Orchestration Tool• Remote Execution/Deployment Tool• . . .

1Rocannon’s World - Ursula K. Le GuinDeploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 8 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

An overview

• Python2 based

• Server based, agentless2

• uses SSH protocol (can use accelerated mode uses a daemon andport)

• host information in flat files, CMDB, scripts, . . .

• executes the task on the host side

• Playbook : combination of tasks with meta information• YAML• JSON

• Roles : abstract playbook• Tasks• Variables• Handlers

• Templates : Jinja2

• works where Python2 works3

2Abstraction of SSH / WinRM to connect with the node and in certain setup an agent might be required, but by default it is

not necessary3Ansible can actually run without Python on the remote host, however it is not fully supported

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 9 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

An overview

• Python2 based

• Server based, agentless2

• uses SSH protocol (can use accelerated mode uses a daemon andport)

• host information in flat files, CMDB, scripts, . . .

• executes the task on the host side

• Playbook : combination of tasks with meta information• YAML• JSON

• Roles : abstract playbook• Tasks• Variables• Handlers

• Templates : Jinja2

• works where Python2 works3

2Abstraction of SSH / WinRM to connect with the node and in certain setup an agent might be required, but by default it is

not necessary3Ansible can actually run without Python on the remote host, however it is not fully supported

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 9 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

An overview

• Python2 based

• Server based, agentless2

• uses SSH protocol (can use accelerated mode uses a daemon andport)

• host information in flat files, CMDB, scripts, . . .

• executes the task on the host side

• Playbook : combination of tasks with meta information• YAML• JSON

• Roles : abstract playbook• Tasks• Variables• Handlers

• Templates : Jinja2

• works where Python2 works3

2Abstraction of SSH / WinRM to connect with the node and in certain setup an agent might be required, but by default it is

not necessary3Ansible can actually run without Python on the remote host, however it is not fully supported

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 9 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

An overview

• Python2 based

• Server based, agentless2

• uses SSH protocol (can use accelerated mode uses a daemon andport)

• host information in flat files, CMDB, scripts, . . .

• executes the task on the host side

• Playbook : combination of tasks with meta information• YAML• JSON

• Roles : abstract playbook• Tasks• Variables• Handlers

• Templates : Jinja2

• works where Python2 works3

2Abstraction of SSH / WinRM to connect with the node and in certain setup an agent might be required, but by default it is

not necessary3Ansible can actually run without Python on the remote host, however it is not fully supported

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 9 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

An overview

• Python2 based

• Server based, agentless2

• uses SSH protocol (can use accelerated mode uses a daemon andport)

• host information in flat files, CMDB, scripts, . . .

• executes the task on the host side

• Playbook : combination of tasks with meta information• YAML• JSON

• Roles : abstract playbook• Tasks• Variables• Handlers

• Templates : Jinja2

• works where Python2 works3

2Abstraction of SSH / WinRM to connect with the node and in certain setup an agent might be required, but by default it is

not necessary3Ansible can actually run without Python on the remote host, however it is not fully supported

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 9 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

An overview

• Python2 based

• Server based, agentless2

• uses SSH protocol (can use accelerated mode uses a daemon andport)

• host information in flat files, CMDB, scripts, . . .

• executes the task on the host side

• Playbook : combination of tasks with meta information• YAML• JSON

• Roles : abstract playbook• Tasks• Variables• Handlers

• Templates : Jinja2

• works where Python2 works3

2Abstraction of SSH / WinRM to connect with the node and in certain setup an agent might be required, but by default it is

not necessary3Ansible can actually run without Python on the remote host, however it is not fully supported

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 9 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

An overview

• Python2 based

• Server based, agentless2

• uses SSH protocol (can use accelerated mode uses a daemon andport)

• host information in flat files, CMDB, scripts, . . .

• executes the task on the host side

• Playbook : combination of tasks with meta information• YAML• JSON

• Roles : abstract playbook• Tasks• Variables• Handlers

• Templates : Jinja2

• works where Python2 works3

2Abstraction of SSH / WinRM to connect with the node and in certain setup an agent might be required, but by default it is

not necessary3Ansible can actually run without Python on the remote host, however it is not fully supported

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 9 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

An overview

• Python2 based

• Server based, agentless2

• uses SSH protocol (can use accelerated mode uses a daemon andport)

• host information in flat files, CMDB, scripts, . . .

• executes the task on the host side

• Playbook : combination of tasks with meta information• YAML• JSON

• Roles : abstract playbook• Tasks• Variables• Handlers

• Templates : Jinja2

• works where Python2 works3

2Abstraction of SSH / WinRM to connect with the node and in certain setup an agent might be required, but by default it is

not necessary3Ansible can actually run without Python on the remote host, however it is not fully supported

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 9 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

An overview

• Python2 based

• Server based, agentless2

• uses SSH protocol (can use accelerated mode uses a daemon andport)

• host information in flat files, CMDB, scripts, . . .

• executes the task on the host side

• Playbook : combination of tasks with meta information• YAML• JSON

• Roles : abstract playbook• Tasks• Variables• Handlers

• Templates : Jinja2

• works where Python2 works3

2Abstraction of SSH / WinRM to connect with the node and in certain setup an agent might be required, but by default it is

not necessary3Ansible can actually run without Python on the remote host, however it is not fully supported

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 9 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

An overview

• Python2 based

• Server based, agentless2

• uses SSH protocol (can use accelerated mode uses a daemon andport)

• host information in flat files, CMDB, scripts, . . .

• executes the task on the host side

• Playbook : combination of tasks with meta information• YAML• JSON

• Roles : abstract playbook• Tasks• Variables• Handlers

• Templates : Jinja2

• works where Python2 works3

2Abstraction of SSH / WinRM to connect with the node and in certain setup an agent might be required, but by default it is

not necessary3Ansible can actually run without Python on the remote host, however it is not fully supported

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 9 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

An overview

• Python2 based

• Server based, agentless2

• uses SSH protocol (can use accelerated mode uses a daemon andport)

• host information in flat files, CMDB, scripts, . . .

• executes the task on the host side

• Playbook : combination of tasks with meta information• YAML• JSON

• Roles : abstract playbook• Tasks• Variables• Handlers

• Templates : Jinja2

• works where Python2 works3

2Abstraction of SSH / WinRM to connect with the node and in certain setup an agent might be required, but by default it is

not necessary3Ansible can actually run without Python on the remote host, however it is not fully supported

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 9 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

An overview

• Python2 based

• Server based, agentless2

• uses SSH protocol (can use accelerated mode uses a daemon andport)

• host information in flat files, CMDB, scripts, . . .

• executes the task on the host side

• Playbook : combination of tasks with meta information• YAML• JSON

• Roles : abstract playbook• Tasks• Variables• Handlers

• Templates : Jinja2

• works where Python2 works3

2Abstraction of SSH / WinRM to connect with the node and in certain setup an agent might be required, but by default it is

not necessary3Ansible can actually run without Python on the remote host, however it is not fully supported

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 9 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

An overview

• Python2 based

• Server based, agentless2

• uses SSH protocol (can use accelerated mode uses a daemon andport)

• host information in flat files, CMDB, scripts, . . .

• executes the task on the host side

• Playbook : combination of tasks with meta information• YAML• JSON

• Roles : abstract playbook• Tasks• Variables• Handlers

• Templates : Jinja2

• works where Python2 works3

2Abstraction of SSH / WinRM to connect with the node and in certain setup an agent might be required, but by default it is

not necessary3Ansible can actually run without Python on the remote host, however it is not fully supported

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 9 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

An overview

• Python2 based

• Server based, agentless2

• uses SSH protocol (can use accelerated mode uses a daemon andport)

• host information in flat files, CMDB, scripts, . . .

• executes the task on the host side

• Playbook : combination of tasks with meta information• YAML• JSON

• Roles : abstract playbook• Tasks• Variables• Handlers

• Templates : Jinja2

• works where Python2 works3

2Abstraction of SSH / WinRM to connect with the node and in certain setup an agent might be required, but by default it is

not necessary3Ansible can actually run without Python on the remote host, however it is not fully supported

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 9 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Internal Design

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 10 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Normal Adhoc Mode

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 11 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Delegation Mode

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 12 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Inventory - Hypervisors

• hosts file is by default in ini format� �1 [hypervisors]2 hypervisor03 hypervisor14 hypervisor25 hypervisor367 [virtualmachines]8 vm09 vm1

10 vm211 vm3� �

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 13 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Inventory - Hypervisor (0)

� �1 ---2 distro: powerel73 machinearch: ppc644 rootpwd: $1$f0pPKH0e$0xrX07Ki9DPmpcmJooede7X.5 language: en_US6 keyboard: us7 timezone: "Europe/Brussels"8 nics:9 - { type: bridge , name: br0 , model: virtio , bootproto: dhcp , device:

eth0 , onboot: on }10 hostname: hyp0.vantosh.demo11 sshdrsakeylength: 819212 sshdecdsakeylength: 52113 users:14 - { name: supervisor , id: 1000 , ssh: yes , sshpubkey: /home/toshywoshy /.

keys/id_hyp0.pub }15 nrpe: { address: hyp0.vantosh.demo , zone: democenter0 , contact: mrnice }� �

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 14 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Inventory - Hypervisor (1)

� �1 ---2 distro: powerel73 machinearch: ppc64le4 rootpwd: $1$f0pPKH0e$0xrX07Ki9DPmpcmJooede7X.5 language: en_US6 keyboard: us7 timezone: "Europe/Brussels"8 nics:9 - { type: bridge , name: br0 , model: virtio , bootproto: dhcp , device:

eth0 , onboot: on }10 hostname: hyp1.vantosh.demo11 sshdrsakeylength: 819212 sshdecdsakeylength: 52113 users:14 - { name: supervisor , id: 1000 , ssh: yes , sshpubkey: /home/toshywoshy /.

keys/id_hyp1.pub }15 nrpe: { address: hyp1.vantosh.demo , zone: democenter1 , contact: mrnotsonice }� �

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 15 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Inventory - Hypervisor (2)

� �1 ---2 distro: centos73 machinearch: x86_644 rootpwd: $1$f0pPKH0e$0xrX07Ki9DPmpcmJooede7X.5 language: en_US6 keyboard: us7 timezone: "Europe/Brussels"8 nics:9 - { type: bridge , name: br0 , model: virtio , bootproto: dhcp , device:

eth0 , onboot: on }10 hostname: hyp2.vantosh.demo11 sshdrsakeylength: 819212 sshdecdsakeylength: 52113 users:14 - { name: supervisor , id: 1000 , ssh: yes , sshpubkey: /home/toshywoshy /.

keys/id_hyp2.pub }15 nrpe: { address: hyp2.vantosh.demo , zone: democenter1 , contact: mrnice }� �

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 16 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Inventory - Virtual Machine (0)� �1 ---2 hyper: hypervisor03 distro: powerel74 machinearch: ppc645 virtualcpus: 326 virtualsockets: 27 virtualcores: 28 virtualthreads: 89 ramsize: 2048

10 vmwaittime: 1511 language: en_US12 keyboard: us13 timezone: "Europe/Brussels"14 rootpwd: $1$f0pPKH0e$0xrX07Ki9DPmpcmJooede7X.15 sshdrsakeylength: 819216 sshdecdsakeylength: 52117 virtualfilespath: /virtual/18 disks:19 - { path: /virtual/vm0 -prep0.qcow2 , size: 10M }20 - { path: /virtual/vm0 -boot0.qcow2 , size: 512M }21 - { path: /virtual/vm0 -root0.qcow2 , size: 6G }22 - { path: /virtual/vm0 -swap0.qcow2 , size: 512M }23 - { path: /virtual/vm0 -swap1.qcow2 , size: 512M }24 bootloader: bootloader --location=mbr --driveorder=vda ,vdb ,vdc ,vdd25 partitions:26 - part prepboot --ondisk=vda --asprimary --fstype="prepboot" --fsoptions=’

prepboot ’ --size=927 - part /boot --ondisk=vdb --asprimary --fstype="xfs" --fsoptions=’defaults ,

noatime ,discard ’ --grow --size=128 - part pv.01 --ondisk=vdc --asprimary --grow --size=129 - volgroup VolGroupRoot --pesize =131072 pv.0130 - logvol / --fstype="xfs" --fsoptions=’defaults ,noatime ,discard ’ --name=

LogVolRoot --vgname=VolGroupRoot --grow --size=131 - part swap --onpart=vdd --asprimary --fstype="swap" --fsoptions=’defaults ,

discard ’ --grow --size=132 - part swap --onpart=vde --asprimary --fstype="swap" --fsoptions=’defaults ,

discard ’ --grow --size=133 hostname: vm0.vantosh.demo34 nics:35 - { type: bridge , name: br0 , model: virtio , bootproto: dhcp , device:

eth0 , onboot: on }36 users:37 - { name: administrator , id: 1000 , ssh: yes , sshpubkey: /home/toshywoshy

/.keys/id_vm0.pub }38 nrpe: { address: vm0.vantosh.demo , zone: democenter0 , contact: mrnice }� �

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 17 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Inventory - Virtual Machine (1)� �1 ---2 hyper: hypervisor03 distro: powerel74 machinearch: ppc64le5 virtualcpus: 326 virtualsockets: 27 virtualcores: 28 virtualthreads: 89 ramsize: 2048

10 vmwaittime: 1511 language: en_US12 keyboard: us13 timezone: "Europe/Brussels"14 rootpwd: $1$f0pPKH0e$0xrX07Ki9DPmpcmJooede7X.15 sshdrsakeylength: 819216 sshdecdsakeylength: 52117 virtualfilespath: /virtual/18 disks:19 - { path: /virtual/vm0 -prep0.qcow2 , size: 10M }20 - { path: /virtual/vm0 -boot0.qcow2 , size: 512M }21 - { path: /virtual/vm0 -root0.qcow2 , size: 6G }22 - { path: /virtual/vm0 -swap0.qcow2 , size: 512M }23 - { path: /virtual/vm0 -swap1.qcow2 , size: 512M }24 bootloader: bootloader --location=mbr --driveorder=vda ,vdb ,vdc ,vdd25 partitions:26 - part prepboot --ondisk=vda --asprimary --fstype="prepboot" --fsoptions=’

prepboot ’ --size=927 - part /boot --ondisk=vdb --asprimary --fstype="xfs" --fsoptions=’defaults ,

noatime ,discard ’ --grow --size=128 - part pv.01 --ondisk=vdc --asprimary --grow --size=129 - volgroup VolGroupRoot --pesize =131072 pv.0130 - logvol / --fstype="xfs" --fsoptions=’defaults ,noatime ,discard ’ --name=

LogVolRoot --vgname=VolGroupRoot --grow --size=131 - part swap --onpart=vdd --asprimary --fstype="swap" --fsoptions=’defaults ,

discard ’ --grow --size=132 - part swap --onpart=vde --asprimary --fstype="swap" --fsoptions=’defaults ,

discard ’ --grow --size=133 hostname: vm0.vantosh.demo34 nics:35 - { type: bridge , name: br0 , model: virtio , bootproto: dhcp , device:

eth0 , onboot: on }36 users:37 - { name: administrator , id: 1000 , ssh: yes , sshpubkey: /home/toshywoshy

/.keys/id_vm0.pub }38 nrpe: { address: vm0.vantosh.demo , zone: democenter1 , contact: mrnotsonice }� �

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 18 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Inventory - Virtual Machine (2)� �1 ---2 hyper: hypervisor03 distro: centos74 machinearch: x86_645 virtualcpus: 326 virtualsockets: 27 virtualcores: 28 virtualthreads: 89 ramsize: 2048

10 vmwaittime: 1511 language: en_US12 keyboard: us13 timezone: "Europe/Brussels"14 rootpwd: $1$f0pPKH0e$0xrX07Ki9DPmpcmJooede7X.15 sshdrsakeylength: 819216 sshdecdsakeylength: 52117 virtualfilespath: /virtual/18 disks:19 - { path: /virtual/vm0 -boot0.qcow2 , size: 512M }20 - { path: /virtual/vm0 -root0.qcow2 , size: 6G }21 - { path: /virtual/vm0 -swap0.qcow2 , size: 512M }22 - { path: /virtual/vm0 -swap1.qcow2 , size: 512M }23 bootloader: bootloader --location=mbr --driveorder=vda ,vdb ,vdc ,vdd24 partitions:25 - part /boot --ondisk=vda --asprimary --fstype="xfs" --fsoptions=’defaults ,

noatime ,discard ’ --grow --size=126 - part pv.01 --ondisk=vdb --asprimary --grow --size=127 - volgroup VolGroupRoot --pesize =131072 pv.0128 - logvol / --fstype="xfs" --fsoptions=’defaults ,noatime ,discard ’ --name=

LogVolRoot --vgname=VolGroupRoot --grow --size=129 - part swap --onpart=vdc --asprimary --fstype="swap" --fsoptions=’defaults ,

discard ’ --grow --size=130 - part swap --onpart=vdd --asprimary --fstype="swap" --fsoptions=’defaults ,

discard ’ --grow --size=131 hostname: vm0.vantosh.demo32 nics:33 - { type: bridge , name: br0 , model: virtio , bootproto: dhcp , device:

eth0 , onboot: on }34 users:35 - { name: administrator , id: 1000 , ssh: yes , sshpubkey: /home/toshywoshy

/.keys/id_vm0.pub }36 nrpe: { address: vm0.vantosh.demo , zone: democenter1 , contact: mrnice }� �

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 19 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Playbooks - vminstaller� �1 - name: set machine arch variables2 include_vars: "{{ machinearch }}/ console.yml"3 when: virtconsole is not defined45 - name: set distribution variables6 include_vars: "{{ distro }}. yml"78 - name: create the qemu disk images9 action: qemu -img dest ={{ item.path }} size ={{ item.size }} format="qcow2"

options="preallocation=falloc"10 with_items: "{{ disks }}"11 delegate_to: "{{ hyper }}"1213 ###1415 ### PowerEL 716 - name: start distribution installation - PEL717 include: install -vm -pel7.yml18 when: templatetype == ’pel7’1920 ### EL 721 - name: start distribution installation - EL722 include: install -vm -el7.yml23 when: templatetype == ’el7’2425 - name: execute minimum ram hack where required26 include: minimum -ram -hack.yml27 when: minram is defined282930 - name: start the vm31 action: virt guest ={{ inventory_hostname }} command=start32 delegate_to: "{{ hyper }}"33 ignore_errors: yes3435 - name: wait for vm to become available36 local_action: wait_for host ={{ ansible_host }} port ={{ ansible_port }} delay

=5 state=started timeout =30037 become: no3839 - name: gather facts40 action: setup� �

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 20 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Playbooks - pel7

� �1 - name: create and copy the kickstart file of the machine2 action: template src="pel7/kickstart.cfg" dest="{{ virtualfilespath }}{{

inventory_hostname }}.cfg"3 delegate_to: "{{ hyper }}"45 - name: make install script6 action: template src="common/install -vm.sh" dest="{{ virtualfilespath }}{{

inventory_hostname }}-create -vm.sh" owner=root group=root mode =7707 delegate_to: "{{ hyper }}"89 - name: execute install script

10 action: raw {{ virtualfilespath }}{{ inventory_hostname }}-create -vm.sh11 delegate_to: "{{ hyper }}"12 register: createdvm1314 - name: wait for vm to install15 local_action: pause minutes ={{ vmwaittime }}� �

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 21 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Variables - pel7

� �1 ---2 distroname: powerel73 distrotype: rhel74 templatetype: pel75 minram: 20486 location: http ://10.59.39.200/ yum/pel /7/{{ machinearch }}/os/7 repos:8 - name: "PowerEL -base"9 uri: "http ://10.59.39.200/ yum/pel /7/{{ machinearch }}/ base/packages/"

10 cost: 10011 textrargs: ’text repo ={{ location }} ks=file :/{{ inventory_hostname }}. cfg

console=hvc0 ,115200 headless noshell nofirewire rd_NO_PLYMOUTH plymouth.enable=0 biosdevname =0 elevator=noop geoloc =0 nopass kdump_addon=off nopcmia ’� �

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 22 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

3

Icinga2

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 23 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Icinga2 - Main Task

� �1 - name: check whether icinga2 variable are set correctly2 action: fail msg="Icinga2 variables set incorrectly , please set OR master OR

zone , do not set both at the same time."3 when: icinga2_master is defined and icinga2_zone is defined45 - name: install icinga2 master6 include: master.yml7 when: icinga2_master is defined and icinga2_master == true89 - name: install icinga2 zonemaster

10 include: zonemaster.yml11 when: icinga2_zonemaster is defined and icinga2_zonemaster == true� �

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 24 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Icinga2 - Master� �1 - name: install icinga2 packages2 action: yum name ={{ item }} state=latest3 with_items:4 - icinga2 -common5 - icinga2 -bin6 - icinga2 -python7 - icinga28 - icinga2 -ido -pgsql9 - icingaweb2

10 - python -carbon11 - python -whisper12 - graphite -web13 - libXrender14 - libX1115 - nrpe16 - nagios -plugins17 - nagios -plugins -ping18 - nagios -plugins -nrpe19 - nagios -plugins -disk20 - nagios -plugins -load21 - nagios -plugins -users22 - nagios -plugins -procs23 - nagios -plugins -swap24 - nagios -plugins -ssh25 - nagios -plugins -tcp26 - nagios -plugins -check_rbl27 - nagios -plugins -by_ssh28 - nagios -plugins -dig29 - nagios -plugins -http30 - nagios -plugins -smtp31 - nagios -plugins -dns32 - nagios -plugins -snmp3334 - name: copy main icinga2 configuration files35 action: template src ={{ item }} dest=/etc/icinga2 /{{ item }} owner=icinga

group=icinga mode =550 setype=etc_t36 with_items:37 - icinga2.conf38 - zones.conf39 - constants.conf4041 - name: copy features configuration files into icinga2 feature activation

directory42 action: template src ={{ item }} dest=/etc/icinga2/features -available /{{ item

}}43 with_items:44 - api.conf45 - ido -pgsql.conf46 - graphite.conf4748 - name: activate icinga2 features49 action: command /usr/sbin/icinga2 feature enable {{ item }}50 with_items:51 - ido -pgsql52 - graphite5354 - name: check if a configuration already exists55 action: stat path=/etc/icinga2/conf.d/templates.conf56 register: defaultconfig5758 - name: remove default configuration59 action: file dest=/etc/icinga2/conf.d state=absent60 when: defaultconfig.stat.isdir is defined and defaultconfig.stat.isdir ==

false6162 - name: create configuration directory63 action: file dest=/etc/icinga2/conf.d owner=icinga group=icinga mode =550

setype=etc_t state=directory6465 - name: create the conf.d folders66 action: file dest=/etc/icinga2 /{{ item }} owner=icinga group=icinga mode =550

setype=etc_t state=directory67 with_items:68 - conf.d69 - conf.d/hosts70 - conf.d/templates/71 - conf.d/commands/7273 - name: copy templated icinga2 config files74 action: template src ={{ item.src }} dest=/etc/icinga2/conf.d/{{ item.dest }}

owner=icinga group=icinga mode =550 setype=etc_t75 with_items:76 - { src: users.conf , dest: users.conf }77 - { src: timeperiods.conf , dest: timeperiods.conf }78 - { src: downtimes.conf , dest: downtimes.conf }79 - { src: groups.conf , dest: groups.conf }80 - { src: commands_check.conf , dest: commands/check.conf }81 - { src: commands_notifications.conf , dest: commands/notifictions.conf }82 - { src: templates_users.conf , dest: templates/users.conf }83 - { src: templates_services.conf , dest: templates/services.conf }84 - { src: templates_hosts.conf , dest: templates/hosts.conf }85 - { src: templates_schedules.conf , dest: templates/schedules.conf }86 - { src: templates_notifications.conf , dest: templates/notifications.conf

}8788 - name: create the zone folders89 action: file dest=/etc/icinga2/zones.d/{{ item.zonename }} owner=icinga group

=icinga mode =550 setype=etc_t state=directory90 with_items: icinga2_zones9192 - name: create the pki folders93 action: file dest=/etc/icinga2/pki owner=icinga group=icinga mode =550 setype=

etc_t state=directory9495 - name: copy ca.crt file in the pki folder96 action: copy src=/ drives/datadrive /. ansible/icinga2cert/ca.crt dest=/etc/

icinga2/pki/ca.crt9798 - name: setup pki certificates for zones to talk to each other99 action: copy src=/ drives/datadrive /. ansible/icinga2cert /{{ item.nodename }}.

crt dest=/etc/icinga2/pki/{{ item.nodename }}.crt100 with_items: icinga2_zones101102 - name: setup pki private keys for zones to talk to each other103 action: copy src=/ drives/datadrive /. ansible/icinga2cert /{{ item.nodename }}.

key dest=/etc/icinga2/pki/{{ item.nodename }}.key104 with_items: icinga2_zones105106 - name: enable http to talk to db107 action: seboolean name=httpd_can_network_connect_db state=yes persistent=yes108109 #- name: copy the user templates110 # action: template src=contact.cfg dest=/etc/shinken/objects/contacts /{{ item.

name }}. cfg owner=nagios group=nagios mode =550 setype=etc_t111 # with_items: shinken_contacts112113 - name: copy templated supervisord files114 action: template src ={{ item }} dest=/etc/carbon /{{ item }}115 with_items:116 - carbon.conf117 - storage -schemas.conf118 - storage -aggregation.conf119 - relay -rules.conf120121 - name: copy templated supervisord files122 action: template src ={{ item.src }} dest=/etc/graphite -web/{{ item.dest }}123 with_items:124 - { src: graphite_dashboard.conf , dest: dashboard.conf }125 - { src: graphite_local_settings.py , dest: local_settings.py }126127 - name: increase number of max open files128 action: sysctl name=fs.file -max value =40623700129130 - name: copy templated supervisord files131 action: template src ={{ item }} dest=/etc/supervisord.d/{{ item }}132 with_items:133 - graphite.ini134 #- carbon.ini135136 #- name: start supervisord137 # action: service name=supervisord state=restarted enabled=yes138 #- name: start supervisord deamons139 # action: supervisorctl name ={{ item }} state=restarted140 # with_items:141 # - graphite142 # #- carbon143144 - name: start carbon service145 action: service name ={{ item }} state=restarted enabled=yes146 with_items:147 - carbon -aggregator148 - carbon -cache149 - carbon -relay150151 - name: initiate django database syncdb152 action: django_manage command=syncdb app_path =/usr/lib/python2 .7/site -

packages/graphite/153154 - name: set correct permissions on the django database155 action: file path=/var/lib/graphite -web/storage/graphite.db3 owner=apache

group=apache mode =660 setype=var_lib_t� �

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 25 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Icinga2 - Zonemaster� �1 - name: install icinga2 packages2 action: yum name ={{ item }} state=latest3 with_items:4 - icinga2 -common5 - icinga2 -bin6 - icinga2 -python7 - icinga28 - nrpe9 - nagios -plugins

10 - nagios -plugins -ping11 - nagios -plugins -nrpe12 - nagios -plugins -disk13 - nagios -plugins -load14 - nagios -plugins -users15 - nagios -plugins -procs16 - nagios -plugins -swap17 - nagios -plugins -ssh18 - nagios -plugins -tcp19 - nagios -plugins -check_rbl20 - nagios -plugins -by_ssh21 - nagios -plugins -dig22 - nagios -plugins -http23 - nagios -plugins -smtp24 - nagios -plugins -dns25 - nagios -plugins -check_cups_queue26 - nagios -plugins -check_sip27 - nagios -plugins -dhcp28 - nagios -plugins -snmp2930 - name: copy main icinga2 configuration files31 action: template src ={{ item }} dest=/etc/icinga2 /{{ item }} owner=icinga

group=icinga mode =550 setype=etc_t32 with_items:33 - icinga2.conf34 - zones.conf35 - constants.conf3637 - name: copy features configuration files into icinga2 feature activation

directory38 action: template src ={{ item }} dest=/etc/icinga2/features -available /{{ item

}}39 with_items:40 - api.conf4142 - name: activate icinga2 features43 action: command /sbin/icinga2 -enable -feature {{ item }}44 with_items:45 - api4647 - name: check if a configuration already exists48 action: stat path=/etc/icinga2/conf.d/templates.conf49 register: defaultconfig5051 - name: remove default configuration52 action: file dest=/etc/icinga2/conf.d state=absent53 when: defaultconfig.stat.isdir is defined and defaultconfig.stat.isdir ==

false5455 - name: create configuration directory56 action: file dest=/etc/icinga2/conf.d owner=icinga group=icinga mode =550

setype=etc_t state=directory5758 - name: create the conf.d folders59 action: file dest=/etc/icinga2 /{{ item }} owner=icinga group=icinga mode =550

setype=etc_t state=directory60 with_items:61 - conf.d62 - conf.d/hosts63 - conf.d/templates/64 - conf.d/commands/6566 - name: copy templated icinga2 config files67 action: template src ={{ item.src }} dest=/etc/icinga2/conf.d/{{ item.dest }}

owner=icinga group=icinga mode =550 setype=etc_t68 with_items:69 - { src: users.conf , dest: users.conf }70 - { src: timeperiods.conf , dest: timeperiods.conf }71 - { src: downtimes.conf , dest: downtimes.conf }72 - { src: groups.conf , dest: groups.conf }73 - { src: commands_check.conf , dest: commands/check.conf }74 - { src: commands_notifications.conf , dest: commands/notifictions.conf }75 - { src: templates_users.conf , dest: templates/users.conf }76 - { src: templates_services.conf , dest: templates/services.conf }77 - { src: templates_hosts.conf , dest: templates/hosts.conf }78 - { src: templates_schedules.conf , dest: templates/schedules.conf }79 - { src: templates_notifications.conf , dest: templates/notifications.conf

}8081 - name: create the pki folders82 action: file dest=/etc/icinga2/pki owner=icinga group=icinga mode =550 setype=

etc_t state=directory8384 - name: copy certificates , key and ca file in the pki folder85 action: copy src=/ drives/datadrive /. ansible/icinga2cert /{{ item }} dest=/etc/

icinga2/pki/{{ item }}86 with_items:87 - ca.crt88 - "{{ inventory_hostname }}.crt"89 - "{{ inventory_hostname }}.key"� �

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 26 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Icinga2 - zones.conf

� �1 /*2 * --------------------------------------------------3 * VanTosh Icinga2 Zone Configuration File4 * (c) copyleft 2014 VanTosh5 * Author: Toshaan Bharvani <[email protected] >6 * --------------------------------------------------7 * {{ ansible_managed }}8 */9

10 {% for icinga2_zone in icinga2_zones %}11 object Endpoint "{{ icinga2_zone.nodename }}" {12 host = "{{ icinga2_zone.hostname }}"13 port = {{ icinga2_zone.port }}14 }15 object Zone "{{ icinga2_zone.zonename }}" {16 endpoints = [ "{{ icinga2_zone.nodename }}" ]17 {% if icinga2_zone.parent is defined %}18 parent = "{{ icinga2_zone.parent }}"19 {% endif %}20 }21 {% endfor %}� �

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 27 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Icinga2 Client (0)

� �1 - name: set variables for nrpe - RedHat2 include_vars: redhat.yml3 when: ansible_os_family == ’RedHat ’45 - name: install nrpe packages and configuration - RedHat6 include: redhat.yml7 when: ansible_os_family == ’RedHat ’89 - name: set variables for nrpe - FreeBSD

10 include_vars: freebsd.yml11 when: ansible_os_family == ’FreeBSD ’1213 - name: install nrpe packages and configuration - FreeBSD14 include: freebsd.yml15 when: ansible_os_family == ’FreeBSD ’1617 - name: add host to monitoring system18 action: template src=host.conf dest=/etc/icinga2/zones.d/{{ nrpe.zone }}/{{

inventory_hostname }}.{{ domain }}. conf owner=icinga group=icinga mode =550setype=etc_t

19 delegate_to: trivikrama20 notify: reload icinga2� �

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 28 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Icinga2 Client (1)

� �1 - name: install icinga2 packages and dependencies2 action: yum pkg ={{ item }} state=latest3 with_items:4 - icinga25 - nagios -plugins -disk6 - nagios -plugins -load7 - nagios -plugins -users8 - nagios -plugins -procs9 - nagios -plugins -swap

10 - nagios -plugins -check_iostat11 - bc12 - sysstat1314 - name: base icinga2 config15 action: template src=nrpe.cfg dest=/etc/nagios/nrpe.cfg1617 - name: nrpe commands18 action: template src ={{ item }}.cfg dest=/etc/nrpe.d/19 with_items:20 - users21 - disk22 - procs23 - load24 - swap25 - iostat2627 - name: restart icinga2 daemon28 action: service name=icinga2 state=restarted enabled=yes� �

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 29 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Icinga2 Client - disk.cfg

� �1 {% for location in ansible_mounts %}2 {% if location.fstype != ’cifs’ and location.fstype != ’nfs’ and location.

fstype != ’fuse’ and location.fstype != ’linprocfs ’ and location.fstype != ’fdescfs ’ and location.fstype != ’swap’ %}

3 command[check_disk_ {{ location.mount }}]={{ nrpe_checkcmddir }} check_disk -w15% -c 7% -p {{ location.mount }}

4 {% endif %}5 {% endfor %}� �

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 30 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Icinga2 Client - memory.cfg

� �1 command[check_memory ]={{ nrpe_checkcmddir }}pmp -check -unix -memory -w 50 -c 75� �

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 31 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Icinga2 Client - iostat.cfg

� �1 {% for disk in ansible_devices %}2 {% if disk != ’sr0’ %}3 command[check_iostat_ {{ disk }}]={{ nrpe_checkcmddir }} check_iostat -d {{ disk

}} -w 750 -c 12504 {% endif %}5 {% endfor %}� �

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 32 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Icinga2 Client - host.conf� �1 /*2 * --------------------------------------------------3 * VanTosh Icinga2 Host File4 * (c) copyleft 2014 VanTosh5 * Author: Toshaan Bharvani <[email protected] >6 * --------------------------------------------------7 * {{ ansible_managed }}8 * --------------------------------------------------9 {% if ddns is defined %}

10 * {{ ddns.hostname }}.{{ ddns.domain }}11 {% else %}12 * {{ ansible_ssh_host }}13 {% endif %}14 * fqdn: {{ ansible_fqdn }}15 * ansible: {{ inventory_hostname }}16 * --------------------------------------------------17 */181920 object Host "{{ inventory_hostname }}" {21 import "generic -host"22 display_name = "{{ inventory_hostname }}"23 address = "{{ nrpe.address }}"24 {% if ansible_virtualization_role is defined %}25 {% if hyper is not defined and ansible_virtualization_role == ’host’ %}26 {% elif hyper is defined and ansible_virtualization_role == ’guest’ %}27 // parent_host_name = "{{ hyper }}.{{ domain }}"28 {% endif %}29 {% endif %}30 vars.sla = "24x7"31 }3233 object Service "ssh" {34 import "generic -service"35 host_name = "{{ inventory_hostname }}"36 display_name = "SSH {{ inventory_hostname }}"37 check_command = "ssh"38 vars.ssh_port = {{ ansible_ssh_port }}39 }4041 object Service "current_users" {42 import "generic -service"43 host_name = "{{ inventory_hostname }}"44 display_name = "Current Users"45 check_command = "nrpe"46 vars.nrpe_command = "check_users"47 {% if nrpe.port is defined %}48 vars.nrpe_port = {{ nrpe.port }}49 {% else %}50 vars.nrpe_port = 566651 {% endif %}52 {% if nrpe_ssl is defined and nrpe_ssl == false %}53 vars.nrpe_no_ssl = true54 {% endif %}55 }5657 object Service "total_processes" {58 import "generic -service"59 host_name = "{{ inventory_hostname }}"60 display_name = "Total Processes"61 check_command = "nrpe"62 vars.nrpe_command = "check_total_procs"63 {% if nrpe.port is defined %}64 vars.nrpe_port = {{ nrpe.port }}65 {% else %}66 vars.nrpe_port = 566667 {% endif %}68 {% if nrpe_ssl is defined and nrpe_ssl == false %}69 vars.nrpe_no_ssl = true70 {% endif %}71 }7273 object Service "current_load" {74 import "generic -service"75 host_name = "{{ inventory_hostname }}"76 display_name = "Current Load"77 check_command = "nrpe"78 vars.nrpe_command = "check_load"79 {% if nrpe.port is defined %}80 vars.nrpe_port = {{ nrpe.port }}81 {% else %}82 vars.nrpe_port = 566683 {% endif %}84 {% if nrpe_ssl is defined and nrpe_ssl == false %}85 vars.nrpe_no_ssl = true86 {% endif %}87 }8889 object Service "swap" {90 import "generic -service"91 host_name = "{{ inventory_hostname }}"92 display_name = "Swap Usage"93 check_command = "nrpe"94 vars.nrpe_command = "check_swap"95 {% if nrpe.port is defined %}96 vars.nrpe_port = {{ nrpe.port }}97 {% else %}98 vars.nrpe_port = 566699 {% endif %}

100 {% if nrpe_ssl is defined and nrpe_ssl == false %}101 vars.nrpe_no_ssl = true102 {% endif %}103 }104105 {% for location in ansible_mounts %}106 {% if location.fstype != ’cifs’ and location.fstype != ’nfs’ and location.

fstype != ’fuse’ and location.fstype != ’linprocfs ’ and location.fstype != ’fdescfs ’ and location.fstype != ’swap’ %}

107 object Service "partition_ {{ location.mount }}" {108 import "generic -service"109 host_name = "{{ inventory_hostname }}"110 display_name = "Partition {{ location.mount }}"111 check_command = "nrpe"112 vars.nrpe_command = "check_disk_ {{ location.mount }}"113 {% if nrpe.port is defined %}114 vars.nrpe_port = {{ nrpe.port }}115 {% else %}116 vars.nrpe_port = 5666117 {% endif %}118 {% if nrpe_ssl is defined and nrpe_ssl == false %}119 vars.nrpe_no_ssl = true120 {% endif %}121 }122 {% endif %}123 {% endfor %}124125 {% for disk in ansible_devices %}126 {% if disk != ’sr0’ %}127 object Service "iostat_ {{ disk }}" {128 import "generic -service"129 host_name = "{{ inventory_hostname }}"130 display_name = "IOstat {{ disk }}"131 check_command = "nrpe"132 vars.nrpe_command = "check_iostat_ {{ disk }}"133 {% if nrpe.port is defined %}134 vars.nrpe_port = {{ nrpe.port }}135 {% else %}136 vars.nrpe_port = 5666137 {% endif %}138 {% if nrpe_ssl is defined and nrpe_ssl == false %}139 vars.nrpe_no_ssl = true140 {% endif %}141 }142 {% endif %}143 {% endfor %}� �

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 33 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

4

Conclusion

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 34 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

Conclusion

Automation MUST[RFC2119] be easy

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 35 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

More information

• Icinga : http://www.icinga.org

• Ansible : http://www.ansible.com/

• Ansible Roles Install VM : https://github.com/toshywoshy/ansible-roles-vminstall

• Ansible Roles Icinga2 :https://github.com/toshywoshy/ansible-roles-icinga2

• Ansible Roles NRPE :https://github.com/toshywoshy/ansible-roles-nrpe

• Ansible Roles NCSA-ng :https://github.com/toshywoshy/ansible-roles-ncsang

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 36 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

More information

• Icinga : http://www.icinga.org

• Ansible : http://www.ansible.com/

• Ansible Roles Install VM : https://github.com/toshywoshy/ansible-roles-vminstall

• Ansible Roles Icinga2 :https://github.com/toshywoshy/ansible-roles-icinga2

• Ansible Roles NRPE :https://github.com/toshywoshy/ansible-roles-nrpe

• Ansible Roles NCSA-ng :https://github.com/toshywoshy/ansible-roles-ncsang

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 36 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

More information

• Icinga : http://www.icinga.org

• Ansible : http://www.ansible.com/

• Ansible Roles Install VM : https://github.com/toshywoshy/ansible-roles-vminstall

• Ansible Roles Icinga2 :https://github.com/toshywoshy/ansible-roles-icinga2

• Ansible Roles NRPE :https://github.com/toshywoshy/ansible-roles-nrpe

• Ansible Roles NCSA-ng :https://github.com/toshywoshy/ansible-roles-ncsang

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 36 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

More information

• Icinga : http://www.icinga.org

• Ansible : http://www.ansible.com/

• Ansible Roles Install VM : https://github.com/toshywoshy/ansible-roles-vminstall

• Ansible Roles Icinga2 :https://github.com/toshywoshy/ansible-roles-icinga2

• Ansible Roles NRPE :https://github.com/toshywoshy/ansible-roles-nrpe

• Ansible Roles NCSA-ng :https://github.com/toshywoshy/ansible-roles-ncsang

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 36 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

More information

• Icinga : http://www.icinga.org

• Ansible : http://www.ansible.com/

• Ansible Roles Install VM : https://github.com/toshywoshy/ansible-roles-vminstall

• Ansible Roles Icinga2 :https://github.com/toshywoshy/ansible-roles-icinga2

• Ansible Roles NRPE :https://github.com/toshywoshy/ansible-roles-nrpe

• Ansible Roles NCSA-ng :https://github.com/toshywoshy/ansible-roles-ncsang

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 36 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

More information

• Icinga : http://www.icinga.org

• Ansible : http://www.ansible.com/

• Ansible Roles Install VM : https://github.com/toshywoshy/ansible-roles-vminstall

• Ansible Roles Icinga2 :https://github.com/toshywoshy/ansible-roles-icinga2

• Ansible Roles NRPE :https://github.com/toshywoshy/ansible-roles-nrpe

• Ansible Roles NCSA-ng :https://github.com/toshywoshy/ansible-roles-ncsang

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 36 / 37

DeployingIcinga2 through

Ansible

ToshaanBharvani -

VanTosh bvba

Monitoring

Automation

Inventory

VirtualMachines

Icinga2

Icinga2 Masters

Icinga2 Clients

Conclusion

The End

The End

Thank You

Toshaan Bharvani - VanTosh bvba <[email protected]>

http://www.vantosh.com/

Made with Beamer LATEXa TEXbased Presentation program

Deploying Icinga2 through Ansible Toshaan Bharvani - VanTosh bvba () 37 / 37