You can only monitor systems that you know!
GLPI is a very successful open source ITSM solution, the project follows a modular approach and can therefore be extended by many very useful plugins. And yes … GLPI is mainly “French” !
In this very short introduction, I’ll will give you a rapid overview how to:
– automate your IT inventory to manage pc’s, servers, vm’s, vmware, …
– add printers and network components via “snmp”
– add special assets like databases, appliances, URL’s, lines, racks, datacenters…
– add additional information’s to all this components
– add people from your LDAP / AD
– add plugins to GLPI
– build reports
– import / export your data
– handle tickets, problems, changes, or projects
In my second presentation “Monitoring @ G&D ” I will later show you how we’ve automated our monitoring with the help of GLPI, some db view’s and python scripts.
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
OSMC 2021 | ITSM by Asterix and friends
1. SAP Basis Team
Giesecke & Devrient
ITSM by Asterix
and friends
You can only monitor
systems that you know!
2. About:
Name: Karsten Fischer – SAP Basis Team
Company: Giesecke and Devrient (G+D) https://www.gi-de.com/
Areas of technical responsibility for my last 20 years @ G&D:
Firewalls, VPN, Proxys, Routers, Switches, HP-NNM, Identity Management, Oracle, PKI,
Smartcards, Certificates, Kaltura, bigsister, Cacti, Icinga1, CMK, NagioSQL, ELK, Mysql, …. ,
SAP, Icinga2, GLPI, DB2, k8s, …
2
3. About: Giesecke and Devrient
G+D: founded 1852 , +11k employees, revenue € +2.3 billion, HQ Munich
Banknote: Design, Security, Production, Cash Cycle, Cash Automation, …
Digital Payment: Onboarding, Authentication, Mobile & Wearable Payment, …
Payment Cards: Banking and Credit Cards, Card Issuance Services, …
Connectivity: 5G, eSIM, SIM, IoT Security, Connected Cars, Digital Car Key, …
Enterprise Security: Hard- & Software-Based Authentication, Signature Card, …
Health: Card, Health Card Application Management, …
Veridos: Passport, Border Control & Management, National ID, Residence Permit,
Driver's License, Vehicle Registration, ...
Secunet: SINA, EasyPASS
3
4.
5. GLPI – “Gestionnaire Libre de Parc Informatique“
5
• started in 2003 by the INDEPNET association, URL https://glpi-project.org/
• later some “support” companies created around the project
• 2015 TECLIB became “editor” (roadmap, development leadership, core support)
• start as Asset Inventory, later added Assistance, Management, etc …
• many plugins available, see https://plugins.glpi-project.org/
• plugins can be migrated to the core … and some plugins disappeared …
• 2012 the French Prime Minister urged all authorities to use
opensource software whenever possible
74. Come on … why so complicated?
74
Advantages of automated generation via GLPI:
the solution scales
can't forget anything in your Icinga2 configuration
relevant changes on all systems are “immediately” visible
full automation is possible (because GLPI “feeds” Icinga2 with “sys data” )
system administrator has an GUI inside GLPI to change I2 settings
Easy setting of downtimes for entire “landscapes”
.. dependencies become transparent (VM >> ESX >> Switch)
…. and “YOU” (the I2 Admin) can concentrate on more important things
77. Special views and tables added to GLPI
v_info: all basic information’s on servers, network, SAP, etc in one view
v_icinga2_computer: special information’s from fields plugin
v_sap_instances , v_sap_instances_hosts:
v_sap_database , v_sap_db_instances: all special information’s from the
database plugin and fields plugin inside “databases”
v_ip , v_network_interfaces: technical network information’s
info_process: special table with processes extracted from the hosts xml file
tcp_scan: tcp scan results ( glpi host id, IP , tcp port, ssl, certificate, … )
v_icinga2_sap_maintenance: special view to set maininance in icinga
v_docu: all link’s and dokuments for glpi objects like computer, network, etc
77
78. Additional tools to enrich data in GLPI
scanhostmulti.py >> purpose: TCP scan of the host to determine all open TCP
ports and put these in a special GLPI table
xml_to_db.py >> purpose: extra process information’s from xml files in
glpi/files/_plugins/fusioninventory/xml/computer/… on GLPI
server, reason: <PROCESSES> section is ignored during import
further planned personal expansions for fusioninventory:
Link between TCP Port and Process, so what process is “listening” on the
servers TCP port
prozess.ps1 >> purpose: add running processes list to fusioninventory xml on
Windows systems (unfortunately process information's are missing in fi4win )
Transfer of Interesting config settings to an additional GLPI table:
Ansible values, SAP Profile, DB2 settings, mysql config, etc …
78
79. host
script
(py)
-
overview
79
GLPI-DB
table Tabelle Tabelle Tabelle
View
GET GROUPS
GET SERVER LIST
GET USERS
Tabelle
Missing files ?
Redundant files?
Updates?
LOOP SERVER Host Info SQL
EXIT
SQL
Disc Info
Network Info
SQL
SQL
Process Info SQL
CONFIG
FILES
START
80. python scripts and other files to extract the
Icinga config from GLPI
glpi-to-sap-host.py ( 1300 lines only )
Parameter’s -p sap-process , -t sap-tcp , -d sap-disk , -z “Icinga-Parent-Zone”
reads the host table, check for rescan & monitoring = yes and dst file exists
If there are any changes or missing files:
Create complete list of Users / Groups
Loop through this host for:
Info’s: v_info, v_icinga2_computer, v_icinga2_computer_group
Disk: Looping with for computer through glpi_items_disks
IP & Interfaces: looping glpi_ipaddresses, v_ip
Processes: looping through info_process
TCP Ports: looping through tcp_scan
80
81. python scripts and other files to extract the
Icinga config from GLPI
sap-process:
# 1: programm to search
# 2: display name in icinga
# 3: process check string - if field is X it will be ignored
# 4: number of process for warning (X = ignored )
# 5: number of process for critical (X = ignored )
# 6: user (X = ignored )
# 7: mail or sms&mail or ignore M/S/C/I , default is I OR X for Ignore
# 8: hostname filter - starting with string
# 9: variable that will be created when we found this process
Example: %/squid -f%;squid proxy;X; 0:20;0:40;X;M;;SQUID;
81
82. python scripts and other files to extract the
Icinga config from GLPI
sap-disk:
# 1: 1=enabled , 0 = disabled !
# 2: warning - X is host default
# 3: critical - X is host default
# 4: mail or sms&mail or ignore M/S/I , default is Ignore
# 5: pattern , like om1
Example: /db2/.*/log_dir;1;20%;15%;S;p;
82
83. python scripts and other files to extract the
Icinga config from GLPI
sap-tcp:
# 1: portnumer
# 2: display
# 3: warntime # 4: crittime
# 5: ssl # 6: certificatewarndays
# 7: http # 8: httpSearchString
# 9: checkIntervall # 10: retryInterval
# 11: mail or sms&mail or ignore M/S/I , default is Ignore
Example: 4443;https;2;3;Y;30,7;X;X;X;X;S
Example: 5044;logstash beats;2;3;X;X;X;X;X;X;M
83
84. Host Configuration – additional GLPI views
84
View
created
from
standard
GLPI
tables
View
created
from
standard
tables
and
tables
created
by
fields
plugin
95. Database configured – additional views
95
View
created
from
standard
tables
and
database
/
fields
plugin
tables
View
created
from
standard
tables
and
database
plugin
tables
101. SAP Instance configured – additional views
101
View
created
from
standard
tables
and
SAP
/
fields
plugin
tables
View
created
from
standard
tables
and
SAP
plugin
tables
102. SAP Instance in Icinga generated from GLPI – mostly via RFC – RZ20
102