Post on 08-Jan-2017
www.icinga.org
Why favour Icinga over Nagios
2015-08-22
Markus Frosch
• Consultant @NETWAYS• Icinga Team since 2012• Organisation of Icinga 2• Debian developer
@lazyfrosch
THE ICINGA PROJECT
Open Source Enterprise Monitoring
Icinga is a scalable and extensible monitoring system which checks the availability of your resources, notifiesusers of outages and provides extensive BI data.
You?
• originally forked from Nagios in 2009• focus on improvements and scalability• independent version Icinga 2 since 2014•web interfaces and addons
Icinga Core
Nagios based C-sourceMySQL, PostgreSQL, Oracle
Icinga Core
Nagios based C-sourceMySQL, PostgreSQL, Oracle
Icinga Quality, Testing and Community Support
Website and Open Source Ticketing System
Icinga Quality, Testing and Community Support
Website and Open Source Ticketing System
3rd Party Tools3rd Party ToolsIcinga Webbased on PHP using ExtJS, Agavi MVCIcinga Webbased on PHP using ExtJS, Agavi MVC
IDOUTILSIDOUTILS
Icinga Web 2Based on PHP / responsive designIcinga Web 2Based on PHP / responsive design
Icinga 2
C++-based sourcewith multiple components
Icinga 2
C++-based sourcewith multiple components
IDOIDO LivestatusLivestatus ClusterCluster APIAPI ……
ICINGA 2 INTRODUCTION
• monitors everything• in a regular interval• preferring active checks• gathering status• collect performance data / metrics
• notifies using any channel• detects dependencies• handles events in configured way
• forwards logs to Logstash and Graylog• passes performance data to Graphite,
OpenTSDB or InfluxDB• integrate with other tools?
Icinga 2
• release 2.3.8 (2015-07-20)•new code base on C++ and Boost• similar ideas to Nagios• Puppet, Chef and Ansible integration•Packages and Vagrant Box available
WHY NAGIOS™ IS GOOD?
Nagios™ is good, because:
✔ monitoring things is very easy✔ very simple software stack ✔ no complex external dependencies
Nagios™ is good, because:
✔ active checks are powerful✔ gathering performance data✔ huge community✔ thousands of Plugins
OK, BUT WHY ICINGA THEN?
Nagios™ does not scale
✗ it's just a single loop✗ limitations using external interfaces✗ large installations are difficult
Icinga 2 on the other hand
✔ provides a multithreaded engine✔ distributes load in cluster automatically✔ is able to monitor thousands of devices
every few seconds
MODULES
Modules in Nagios™?
# tar xzvf mk-livestatus-1.2.4.tar.gz# cd mk-livestatus-1.2.4 # ./configure --prefix=/usr/local/icinga
--exec-prefix=/usr/local/icinga# make# cp src/livestatus.o /usr/local/icinga/bin
define module { module_name mklivestatus path /usr/local/icinga/bin/livestatus.o module_type neb args /usr/local/icinga/var/rw/live }
CheckerChecker
NotifyNotify
API(soon)API(soon)
CompatCompat ClusterCluster
IDOIDO GELFGELF
GraphiteGraphite
PerfdataPerfdata
OpenTSDBOpenTSDB
LivestatusLivestatus
# icinga2 feature enable livestatus# icinga2 feature enable ido-mysql
# vim /etc/icinga2/features- available/ido-mysql.conf
DEMO
CLUSTERING
How about high available Nagios™?
✗ there is no integrated failover mechanism✗ configuration is not distributed✗ no shared monitoring information
What Icinga 2 provides you
✔ zones for multitenancy environments✔ support for logic splits in the config✔ availability and scaling zones✔ automatic redistribution of checks✔ master / satellite / agent
centra
l
datace
nter
centra
l
datace
nter
CheckerChecker ConfigConfig
LivestatusLive
status
CheckerChecker
DatabaseDatabase
IDOIDO
IDOIDO
remotelocation
CheckerChecker
Nagios™ and security
✗ NSCA works, but not in a good way✗ NRPE has a couple of security issues✗ You can make it secure … by hand
Icinga 2 clustering is PKI TLS only
✔ bidirectional connections✔ helps you setting up a CA✔ replication of events and status
DEMO
CONFIGURATION
Nagios™ config tricks are weird…
define service{host_name linux1,linux2,linux3,...,linux9service_description ssh-checkother service directives ...}
Nagios™ can only do lists
define hostgroup{hostgroup_name linux-serversalias Linux Serversmembers linux1,linux2,linux3}
Icinga 2 brings logic
apply Service "ssh" {import "generic-service”
check_command = "ssh” assign where host.address && host.vars.os == "Linux” ignore where host.vars.test == true}
Icinga 2 wants to unterstand you
object HostGroup "mysql-server" {display_name = "MySQL Server"
assign where match("*mysql*", host.name) assign where host.vars.role == "mysql-server" ignore where host.vars.environment != "production"}
Imagine a host you manage
object Host "shop1.nbg.de.bratwurst.de" { import "generic-host" address = "192.0.2.123"
vars = { environment = "production" role = "webserver" location = "nbg1" application = "bratwurstshop" team = "appsupport" }}
Maybe add templates
template Host "webserver-default" { import "generic-host" vars = { environment = "production" role = "webserver" }}object Host "shop1.nbg.de.bratwurst.de" { import "webserver-default" address = "192.0.2.123"
vars.location = "nbg1" [...]}
Now add some services
apply Service "http" { import "generic-service" check_command = "http" assign where host.role == "webserver"}
apply Service "https" { import "generic-service" check_command = "http" vars.http_ssl = true assign where host.role == "webserver"}
Get notified
apply Notification "host-prod-oncall" to Host { import "mail-host-notification" user_groups = [ "datacenter-oncall" ] timeperiod = "non-workhours" assign where host.environment == "production"}
apply Notification "appsupport-prod-oncall" to Service { import "mail-service-notification" user_groups = [ "appsupport-oncall" ] timeperiod = "non-workhours" assign where host.team == "appsupport" \ && host.environment == "production"}
Define dependencies
apply Dependency "host-in-nbg1" to Host { parent_host_name = "router.nbg1.bratwurst.de"
disable_checks = true disable_notifications = true
assign where host.location == "nbg1" && \ host.role != "router"}
Safe and powerful commands
object CheckCommand "fancy-vendor-check" { import "plugin-check-command"
command = [ PluginDir + "/check_vendor_foo" ]
arguments = { "-H" = "$host.name$" "-C" = "$snmp_community$" "-m" = "$vendor_mode$" "-w" = "$vendor_warning$" "-c" = "$vendor_critical$" } vars.snmp_community = "public"}
Easy to use
apply Service "fancy-vendor test" { import "generic-service"
check_command = "fancy-vendor-check"
vars.snmp_community = "isthissecure" vars.vendor_mode = "proprietary-magic" vars.vendor_warning = "80" vars.vendor_warning = "90"
assign where host.type = "fancy-vendor-node"}
Using commands
● safe against shell injections● clean interface, easy to write● just set a var in service or host● check our ITL template library
ONE MORE THING...
Icinga 2 is enhanceable
object Service "webservice" { import "generic-service" check_command = "load" host_name = "a really great server"
vars.load_wload1 = {{ if (get_time_period("9to5").is_inside) { return 40 } else { return 60 } }}
}
WHAT YOU SEE IS WHAT YOU GET
Nagios CGI
Icinga Classic
Icinga Web 1
✗ limitations in current Icinga interfaces✗ parsing the status.dat is not fast✗ executing commands is tedious✗ really hard to extend and integrate✗ no unified interface so far
Icingaweb 2
• easy to extend and embed•multiple authentication providers• reads from IDO database • responsive
release soonTM
Web 2MySQL /PostgreSQL
MySQL /PostgreSQL2
or Icinga 1
The simplest setup
set up within a few minutes...
Web 2
MonitoringMonitoring DocsDocs
BPBP GraphiteGraphite PNPPNP
Demo
CONCLUSION
Where to start?
•Go to docs.icinga.org• Try our Vagrant VMs•Use Icinga 2 packages•Rethink you configuration• Install Icinga Web 2 and play with it•Give us feedback
#icinga
You?
Berlin 2016
March 1st
Berlin 2016
March 1st
Portland 2015
October 10th
Portland 2015
October 10th
Icinga Camp community meetups
THANK YOU!www.icinga.org
exchange.icinga.org
docs.icinga.org
dev.icinga.org
git.icinga.org
@icinga
/icinga
+icinga