www.icinga.org

Icinga Director

IcingaCamp San Diego – 10/18/16

Thomas Gelf

Module prototyping machine

Icinga Lead Architect

Principal Consultant @netways

Based in Nuremberg, Germany

Grown up in South Tyrol, Italian Alps

Apple-Fanboy. Real apples ;-)

AGENDA

Talk structure

while (! $talk->outOfTime()) {

$camp->doFancyLiveDemo() ->showSomeSlides();

}

HISTORY

Motivations for a new config tool

Icinga 2: new config format DSL

old config tools do not fit any more

Challenges

Ever tried toconfigurea DSL?

Getting started

Installation

provide a database

tell Director...

...and he cares about the rest

Using Puppet?

Idempotency out of the box :-)Try `--help` or the documentation for more information

Same for Kickstart!

Let's try it out!

WHAT HAPPENED RIGHT NOW?

Our kickstart wizard:

• Created our DB schema

• Connected to the Icinga 2 API

• Fetched Commands, Endpoints & Zones

Manually, we:

• Created a first host template

• Created a host based on this template

• Deployed it with a single click

Internally, Director:

• Rendered the whole configuration

• Versioned and stored it to it‘s DB

• Shipped it to Icinga through the API

• Icinga validated the config & reloaded

• Director fetched it‘s startup log

Want some modification?

HOW DOES THIS WORK?

Internally, Director:

• Keeps track of every single change

• Perfect for auditing changes

• It‘s checksummed

• Allows to travel back in time

What if I have...

• ...hundreds of thousands of changes?

• Don‘t worry, works fine!

ARCHITECTURE

Architecture

• How and where to attach• How does it talk to my Icinga nodes• Masters, Satellites, Agents?

Architecture

Protocol

• Uses the Icinga 2 API (TLS, REST)• Ships whole config, not single objects• This is ways faster with lots of objects• Could still ship partial changes

Communication Paths

• Director talks to your master node(s)• Deploys always to the very same node• Knows agents / satellites• Controls them via config distribution

CONFIGURATION MADE EASY

Icinga Director's target audience

fully automated environments

point & click users

at the very same time (!!)

Show me the click thingy!

WHAT DID WE SEE HERE?

Powerful custom field handling

• Define your own rules

• Make things easy for your users

• Delegate boring daily work

Select multiple objects...

...modify

all ot them

at once

Future features

• Dictionary/Hash support

• Nested complex data types

WHAT ABOUT SERVICES?

Demo

ICINGA 2 AGENT

What it does for you

• Handle SSL certificate signing

• Provide a fitting configuration

• Hide complexity

AUTOMATION FIRST

Guess what?

Live demo!

All kind of databases

• Out of the box:● MySQL● PostgreSQL● MSSQL● Oracle

LDAP, AD

Want all yourservers fromyour ActiveDirectory beingmonitoredautomatically?

Knowing AD you might wonder…...where to get the IP address from?

...how I got the SID in a non-binary form?

...about my version number format

Modifiers

• Not enough?• Pull request• Custom hook

Files: CSV, JSON, XML, YAML

AWSLoad balancers

EC2 instances

Autoscaling

Groups

PuppetDBget your systems

monitored

fully automated

immediately after

being deployed

Import & Sync

Write your own!

IS IT APIFIED?

Director offers a REST API

• Simple and powerful• Easy and intuitive to use• Assists you with the trickiest part of the job: detect and handle changes

IT HAS A CLI!

WANT MORE?

What‘s next?

• Nested apply rules• Service sets• ACLs, permissions/restrictions

Director is highly modular

Current Hooks:

DataType, ImportSource,

PropertyModifier, ShipConfigFiles

Even Directors own implementations extend and use them to

provide you nice real-world examples

USE IT!

Codehttps://www.github.com/Icinga

→ icingaweb2-module-director

https://www.github.com/Thomas-Gelf

→ icingaweb2-module-aws

→ icingaweb2-module-puppetdb

→ icingaweb2-module-fileshipper

Roadmaphttps://dev.icinga.org

→ Projects Director Roadmap→ →

ReleasesFirst release: 1.0 (released 03/24/2016)

Current stable: 1.1 (released 06/30/2016)

Next release: 1.2.0 (scheduled for 11/03/2016)

Fancy new things: don‘t fear the GIT master!

Thank You!www.icinga.org

dev.icinga.org

git.icinga.org

@icinga

/icinga

+icinga

QUESTIONS?Thomas Gelf <thomas.gelf@icinga.com>