Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Icinga2 Hacking Session 2014-10-10

Slides from a Hacking Workshop at the Icinga Event in Nuremberg.

  • Login to see the comments

Icinga2 Hacking Session 2014-10-10

  1. 1. WWW.ICINGA.ORGWWW.ICINGA.ORG Icinga 2 Hacking Session Icinga 2 Hacking Session Icinga 2 Workshop 2014-10-10 Icinga 2 Workshop 2014-10-10
  2. 2. DEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORGDEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORG • Icinga Cluster VMs • A look on the config • Configuration & Practice • Cluster reconfiguration • Questions & Answers AgendaAgenda Icinga 2 Workshop
  3. 3. Cluster VMsCluster VMs
  4. 4. DEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORGDEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORG Cluster VMsCluster VMs Icinga 2 Workshop
  5. 5. DEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORGDEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORG Cluster VMsCluster VMs Icinga 2 Workshop
  6. 6. DEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORGDEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORG Cluster VMsCluster VMs Icinga 2 Workshop Icinga2a: OpenSSH: ssh root@localhost -p 2085 PuTTy: root@localhost:2085 Icinga2b: OpenSSH: ssh root@localhost -p 2086 PuTTy: root@localhost:2086 SSH Login: root / vagrant vagrant / vagrant Web: http://localhost:8085 User: icingaadmin Password: icinga See the docs for instructions for the VM source definitions http://docs.icinga.org/icinga2 → Vagrant
  7. 7. ConfigurationConfiguration
  8. 8. DEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORGDEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORG Important PathsImportant Paths Icinga 2 Workshop /etc/icinga2 Main configuration /usr/sbin/icinga2 Daemon /usr/(s)bin/icinga2-* CLI tools /usr/share/icinga2 ITL and plugin Commands /var/run/icinga PID file and command pipe /var/cache/icinga2 status.dat / objects.cache /var/lib/icinga2 state file, cluster data /var/spool/icinga2 performance data /var/log/icinga2 logfiles service icinga2 start|stop|restart|reload service icinga2 checkconfig icinga2-list-objects --color | less -R
  9. 9. DEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORGDEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORG Icinga 2 Workshop DemoDemo DEMO
  10. 10. Configuration & practiceConfiguration & practice
  11. 11. DEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORGDEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORG Host / Hostgroup / ServiceHost / Hostgroup / Service Icinga 2 Workshop object HostGroup "mysql-server" { display_name = "MySQL Server" assign where match("*mysql*", host.name) assign where match("db-*", host.vars.prod_mysql_db) ignore where host.vars.test_server == true ignore where match("*internal", host.name) } object Host "mysql-db1" { import "db-server" import "mysql-server" address = "192.168.70.10" } object Host "customer-db7" { import "db-server" import "mysql-server" address = "192.168.71.30" vars.prod_mysql_db = "db-customer-xy" } apply Service "mysql-health" { import "mysql-service" check_command = "mysql" assign where "mysql-server" in host.groups ignore where host.vars.no_health_check == true }
  12. 12. DEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORGDEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORG Custom check commandsCustom check commands Icinga 2 Workshop object CheckCommand "training-mysql" { import "training-mysql-common" command = [ PluginDir + "/check_mysql" ] arguments = { "-H" = "$mysql_host$" "-u" = "$mysql_user$" "-p" = "$mysql_password$" "-P" = "$mysql_port$" "-s" = "$mysql_socket$" "-a" = "$mysql_cert$" "-k" = "$mysql_key$" "-f" = "$mysql_optfile$" "-g" = "$mysql_group$" "-S" = { set_if = "$mysql_check_slave$" description = "Check if the slave thread is running properly." } "-l" = { set_if = "$mysql_ssl$" description = "Use ssl encryption" } } vars.mysql_check_slave = false vars.mysql_ssl = false } template CheckCommand "training-mysql-common" { import "plugin-check-command" vars.mysql_host = "$address$" }
  13. 13. DEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORGDEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORG Custom check commandsCustom check commands Icinga 2 Workshop template Host "mysql-server" { check_interval = 3m vars.mysql_port = 3306 } object Host "training-mysql-db1" { import "mysql-server" address = "127.0.0.1" } object Host "training-mysql-db2" { import "mysql-server" address = "127.0.0.1" } apply Service "mysql-connection" { import "mysql-service" check_command = "training-mysql" vars.mysql_database = "mysql" assign where "mysql-server" in host.groups } object HostGroup "mysql-server" { display_name = "MySQL Server" assign where match("*mysql*", host.name) assign where match("db-*", host.vars.prod_mysql_db) ignore where host.vars.test_server == true ignore where match("*internal", host.name) }
  14. 14. DEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORGDEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORG PracticePractice • Erstellen Sie die Hosts: workshop-1 (192.168.33.10) und workshop-2 (192.168.33.20) mit der var customer = “icinga“ • Erstellen Sie eine Hostgroup „icinga“ die alle Hosts enthält, bei denen customer auf „icinga“ gesetzt ist assign where host.vars.customer == "icinga" • Weisen Sie einen http Service (apply) für beide Hosts zu, der die URI “/icingaweb” prüft → /usr/share/icinga2/include/command-plugins.conf → http_uri → assign where match("workshop*", host.name) • Erstellen Sie eine ServiceGroup „icinga-http“ und setzen Sie die eben erstellen Services in diese Gruppe Icinga 2 Workshop /etc/icinga2/zones.d/checker/workshop.conf
  15. 15. DEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORGDEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORG Practice solutionPractice solution Icinga 2 Workshop object Host "workshop-1" { import "generic-host" address = "192.168.33.10" vars.customer = "icinga" } object Host "workshop-2" { import "generic-host" address = "192.168.33.20" vars.customer = "icinga" } object HostGroup "icinga" { assign where host.vars.customer == "icinga" } apply Service "http" { check_command = "http" vars.http_uri = "/icingaweb" groups += [ "icinga-http" ] assign where match("workshop*", host.name) } object ServiceGroup "icinga-http" { }
  16. 16. DEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORGDEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORG NotificationNotification Icinga 2 Workshop template Notification "notify-mysql-users" { command = "mail-service-notification" states = [ OK, Warning, Critical, Unknown ] types = [ Problem, Acknowledgement, Recovery, Custom, FlappingStart, FlappingEnd, DowntimeStart, DowntimeEnd, DowntimeRemoved ] period = "24x7" user_groups = [ "icingaadmins" ] } apply Notification "mysql-status" to Service { import "notify-mysql-users" assign where match("*mysql*", service.check_command) ignore where services.vars.disable_mysql_notifications == true } apply Notification "notify-cust-icinga-mysql" to Service { import "cust-icinga-notification" assign where match("*mysql*", service.check_command) && host.vars.customer == "icinga" ignore where match("*internal", host.name) ignore where service.vars.sla != "24x7" }
  17. 17. DEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORGDEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORG DependencyDependency Icinga 2 Workshop apply Service "nrpe-health" { import "generic-service" check_command = "nrpe" assign where host.vars.agent == "nrpe" } apply Service "nrpe-load" { import "generic-service" check_command = "nrpe" vars.nrpe_command = "check_load" assign where host.vars.agent == "nrpe" } apply Service "nrpe-disk" { import "generic-service" check_command = "nrpe" vars.nrpe_command = "check_disk" assign where host.vars.agent == "nrpe" } object Host "nrpe-server" { import "generic-host" address = "192.168.1.5" vars.agent = "nrpe" } apply Dependency "disable-nrpe-checks" to Service parent_service_name = "nrpe-health" states = [ OK ] disable_checks = true disable_notifications = true assign where service.check_command == "nrpe" && host.vars.agent == "nrpe" ignore where service.name == "nrpe-health" }
  18. 18. Reconfigure ClusterReconfigure Cluster
  19. 19. DEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORGDEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORG Reconfigure to Master-MasterReconfigure to Master-Master • Wir lösen die Zone checker auf und nehmen icinga2b in die Master Zone auf • Icinga 2 auf beiden Seiten stoppen • Gecachte Cluster Daten löschen (beide Seiten) rm -rf /var/lib/icinga2/api/zones/* • zones.conf auf beiden Servern editieren • Inhalt von /etc/icinga2/zones.d/checker/ nach ../master/ verschieben • IDO HA Funktion deaktivieren • Icinga 2 wieder starten Icinga 2 Workshop # vim /etc/icinga2/features-enabled/ido-mysql.conf object IdoMysqlConnection "ido-mysql" { enable_ha = false } object Zone "master" { endpoints = [ "icinga2a", "icinga2b" ] }
  20. 20. DEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORGDEV. WIKI. BLOG. DOC. | WWW.ICINGA.ORG QUESTIONS & ANSWERSQUESTIONS & ANSWERS Icinga 2 Workshop Web + Blog www.icinga.org Docs docs.icinga.org Development dev.icinga.org Sourcecode git.icinga.org Releases github.com/Icinga Wiki wiki.icinga.org IRC #icinga on FreeNode Mailing lists lists.icinga.org Support support.icinga.org Twitter twitter.com/icinga Facebook facebook.com/icinga …….. Everywhere! ? Questions & Answers

×