Icinga Camp Amsterdam 2016

Icinga 2 and puppet

automatic monitoring.. ?

Icinga Camp Amsterdam 2016

Who am I?

• Walter Heck, Software engineer turned DBA, turned

Sysadmin, turned entrepreneur, promoted to CTO

• CTO/Founder of OlinData (http://www.olindata.com)

o Icinga partner for Holland, India and Southeast Asia

o Puppet Labs training partner for most of Asia and part of Europe (Not NL!)

o Linux Foundation training partner

o MySQL consulting

Icinga Camp Amsterdam 2016

Overview• What is puppet?

• Basic icinga setup with puppet

• Zones, hosts, objects

• Puppet’s exported resources

• What’s next?

• Questions

Icinga Camp Amsterdam 2016

What is Puppet and why do we care?

• Configuration management software- http://www.olindata.com/blog/2014/08/puppet-master-agent-setup- http://olindata.com/blog/2015/03/setup-puppet-server-centos-70

• Scales very well (from 1 to 200k+ nodes)

• Multi-platform (windows, *nix, Mac OS, BSD)

• Commercially supported Open Source

• Infrastructure as code

Icinga Camp Amsterdam 2016

Typical Puppet Architecture

Puppet Master

Puppet Code (.git repository)

web01.olindata.com icinga.olindata.comdb01.olindata.comPuppet Agent Puppet AgentPuppet Agent

Icinga Camp Amsterdam 2016

● No official icinga2 module on the forge

● Github repo in strange state○ last commit to ‘master’ branch

for icinga2 module: 30 Jan 2015 (!)

○ use ‘develop’ branch instead: 261 (!) commits ahead of master

check out: https://github.com/Icinga/puppet-icinga2/pull/94

please help me bug @lazyfrosch for this ;)

Puppet module status: ‘up for improvement’

Icinga Camp Amsterdam 2016

Puppet modules

● Your best bet for now: use github repos directly:○ mod 'icingaweb2',

■ :git => 'https://github.com/icinga/puppet-icingaweb2.git'

○ mod 'icinga2',■ :git => 'https://github.com/icinga/puppet-icinga2.git', ■ :branch => 'develop'

○ mod 'puppetlabs/mysql', '3.6.2'

Icinga Camp Amsterdam 2016

Prerequisite: mysql (or postgres)

class profile::icinga::db {

$icinga2_webdb_password = ‘mypw’

$icinga2_ido_password = ‘mypw’

$mysql_whitelist_range = ‘192.168.%’

mysql::db { 'icinga2_web':

user => 'icinga2_web',

password => $icinga2_webdb_password,

host => $mysql_whitelist_range,

grant => ['ALL'],

}

mysql::db { 'icinga2_data':

user => 'icinga2',

password => $icinga2_ido_password,

host => $mysql_whitelist_range,

grant => ['ALL'],

}

}

Icinga Camp Amsterdam 2016

Setting up the icinga server

$icinga2_db_ipaddress = hiera('icinga::mysql_ipaddress')

$icinga2_web_fqdn = hiera('icingaweb::fqdn')

$icinga2_ido_password = hiera('icinga::ido_password')

class { 'icinga2':

db_type => 'mysql',

db_host => $icinga2_db_ipaddress,

db_port => '3306',

db_name => 'icinga2_data',

db_user => 'icinga2',

db_pass => $icinga2_ido_password,

manage_database => true,

}

Icinga Camp Amsterdam 2016

Set up icingaweb2

● requires webserver + php

● please use https!

● populate the database

class profile::icinga::web {

class { 'icingaweb2':

manage_repo => true,

install_method => 'package',

manage_apache_vhost => true,

apache_vhost_name => $icinga2_web_fqdn,

ido_db => 'mysql',

ido_db_host => $icinga2_db_ip,

ido_db_name => 'icinga2_data',

ido_db_user => 'icinga2',

ido_db_pass => $icinga2_ido_pass,

web_db => 'mysql',

web_db_name => 'icinga2_web',

web_db_host => $icinga2_db_ip,

web_db_user => 'icinga2_web',

web_db_pass => $icinga2_webdb_pass,

web_db_port => '3306',

}

}

Icinga Camp Amsterdam 2016

Setting up an icinga native client

class profile::icinga::client {

include ::icinga2

include ::icinga2::feature::command

class { '::icinga2::feature::api':

accept_commands => true,

accept_config => true,

manage_zone => false,

}

# icinga2::pki::puppet class needs to be declared

# after the icinga2::feature::api class in order

# to avoid resource duplication

contain ::icinga2::pki::puppet

}

Icinga Camp Amsterdam 2016

Exported resources

PuppetDB

Puppet Master

ICINGAWEB01

@@icinga2::object::host { $::fqdn: ipv4_address => $::ipaddress,}

Icinga2::Object::Host <<| |>>

1. Puppet agent run

6. Send to node

5. Retrieve from PuppetDB3. Store in PuppetDB

2. Export to PM

4. Collect on ICINGA

Icinga Camp Amsterdam 2016

Exported resources

PuppetDB

Puppet Master

ICINGAWEB01

@@icinga2::object::host { $::fqdn: ipv4_address => $::ipaddress,}

Icinga2::Object::Host <<| |>>

1. Puppet agent run

6. Send to node

5. Retrieve from PuppetDB3. Store in PuppetDB

2. Export to PM

4. Collect on ICINGA

Icinga Camp Amsterdam 2016

Exported resources

PuppetDB

Puppet Master

ICINGAWEB01

@@icinga2::object::host { $::fqdn: ipv4_address => $::ipaddress,}

Icinga2::Object::Host <<| |>>

1. Puppet agent run

6. Send to node

5. Retrieve from PuppetDB3. Store in PuppetDB

2. Export to PM

4. Collect on ICINGA

Icinga Camp Amsterdam 2016

Exported resources

PuppetDB

Puppet Master

ICINGAWEB01

@@icinga2::object::host { $::fqdn: ipv4_address => $::ipaddress,}

Icinga2::Object::Host <<| |>>

1. Puppet agent run

6. Send to node

5. Retrieve from PuppetDB3. Store in PuppetDB

2. Export to PM

4. Collect on ICINGA

Icinga Camp Amsterdam 2016

Exported resources

PuppetDB

Puppet Master

ICINGAWEB01

@@icinga2::object::host { $::fqdn: ipv4_address => $::ipaddress,}

Icinga2::Object::Host <<| |>>

1. Puppet agent run

6. Send to node

5. Retrieve from PuppetDB3. Store in PuppetDB

2. Export to PM

4. Collect on ICINGA

Icinga Camp Amsterdam 2016

Exported resources

PuppetDB

Puppet Master

ICINGAWEB01

@@icinga2::object::host { $::fqdn: ipv4_address => $::ipaddress,}

Icinga2::Object::Host <<| |>>

1. Puppet agent run

6. Send to node

5. Retrieve from PuppetDB3. Store in PuppetDB

2. Export to PM

4. Collect on ICINGA

Icinga Camp Amsterdam 2016

Exported resourcesnode ‘icinga.olindata.com’ {

# Collect all exported host objects Icinga2::Object::Host <<| |>>

# Collect all exported service objects Icinga2::Object::Service <<| |>>

# Collect all exported zone objects Icinga2::Object::Zone <<| |>>

}

node ‘web01.olindata.com’ {

@@icinga2::object::host { $::fqdn: ipv4_address => $::ipaddress, }}

Icinga Camp Amsterdam 2016

# This is a resource default

Icinga2::Object::Apply_service {

assign_where => 'host.address && host.vars.remote == true && host.vars.remote_endpoint',

command_endpoint => 'host.vars.remote_endpoint',

}

icinga2::object::apply_service { 'user':

check_command => 'users',

}

icinga2::object::apply_service { 'load':

check_command => 'load',

}

icinga2::object::apply_service { 'process':

check_command => 'procs',

}

Adding some initial things

Icinga Camp Amsterdam 2016

What’s next?

● create profiles for each type of application, eg profile::icinga::apache, profile::icinga::gitlab, etc.

● check out https://github.com/Icinga/icinga-vagrant/ for nice vagrant examples (not so nice puppet though ;) )

● add grafana, business process monitoring, etc.

● create users, usergroups, hostgroups, etc.

Icinga Camp Amsterdam 2016

Icinga Training NL

● Official icinga training in the Netherlands on July 18th-21st

● Tickets only 1350 EUR(!)

http://olindata.com/training/netherlands/amsterdam/icinga-fundamentals-training-amsterdam-july-2016

Icinga Camp Amsterdam 2016

Questions?

@walterheck / @olindata

http://www.olindata.com

walterheck@olindata.com

http://github.com/olindata

Icinga Camp Amsterdam 2016

We’re hiring!NL based consultants

jobs@olindata.com