ã¿ãªããããã«ã¡ã¯ã
ç§ã¯Linuxã®ã·ã¹ãã 管çè ã§ãã2015幎ã«ç¬ç«ããå°éã®ãã¶ã§ãã·ã¢ãããªãŒã¹ãã©ãªã¢ã«ç§»åããŸããããèšäºã§ã¯åè±ããã©ã¯ã¿ãŒã«ããæ¹æ³ã«ã€ããŠã¯è§ŠããŸããã ãã®ãããªèšäºã¯ãã§ã«ååã§ãïŒããã§ããèå³ãããã°ãããã«ã€ããŠãæžããŸãïŒããªãŒã¹ãã©ãªã¢ã§ã®ç§ã®ä»äºã§ãlinux-opsãšã³ãžãã¢ãšããŠã1ã€ã®ã·ã¹ãã ãã移è¡ãéå§ããæ¹æ³ã«ã€ããŠã話ãããããšæããŸããå¥ã®ç£èŠã å ·äœçã«ã¯-Nagios => Icinga2ã
ãã®èšäºã¯ãäžéšã¯æè¡çã§ãããäžéšã¯äººã ãšã®ã³ãã¥ãã±ãŒã·ã§ã³ãããã³æåãšäœæ¥æ¹æ³ã®éãã«é¢é£ããåé¡ã«é¢ãããã®ã§ãã
æ®å¿µãªããããcodeãã¿ã°ã¯Puppetããã³yamlã³ãŒãã匷調衚瀺ããªãããããplaintextãã䜿çšããå¿ èŠããããŸããã
2016幎12æ21æ¥ã®æã«ã¯äœãæªãããšã¯ãããŸããã§ããã ç§ã¯ããã€ãã®ããã«ãå¶æ¥æ¥ã®ååã«ç»é²ãããŠããªãå¿åã§Habrãèªã¿ãã³ãŒããŒãåžåããŠã ãã®èšäºã«åºäŒããŸããã
äŒç€Ÿã§Nagiosã䜿çšãããŠããã®ã§ãäºåºŠãšèããã«ãRedmineã§ãã±ãããäœæããäžè¬çãªãã£ããã«ãªã³ã¯ãæããŸããããããéèŠã ãšæã£ãããã§ãã ãã®ã€ãã·ã¢ããã¯ãªãŒã¹ãã©ãªã¢ã§ã眰ããããããã䞻任ãšã³ãžãã¢ã¯ç§ããã®åé¡ãçºèŠããŠããç§ã«ãã®åé¡ãæããŸããã

ç§ãã¡ã®éšéã§ã¯ãæèŠãè¿°ã¹ãåã«ãéžæãæããã§ãã£ãŠãå°ãªããšã1ã€ã®ä»£æ¿æ¡ãææ¡ããã®ãæ £ç¿ã§ãããã®ããããã·ã¢ã§ã¯æåŸã®ä»äºã§èªåã®å人èšé²ã·ã¹ãã ãæã£ãŠããã®ã§ãäžè¬çã«ã©ã®ç£èŠã·ã¹ãã ãçŸåšé¢é£ããŠããããã°ãŒã°ã«ã§èª¿ã¹ãŸããéåžžã«åå§çã§ãããããã§ãéåžžã«æ©èœããå²ãåœãŠããããã¹ãŠã®ã¿ã¹ã¯ãå®è¡ããŸãã Pythonããµã³ã¯ãããã«ãã«ã¯å·¥ç§å€§åŠãšã¡ããã«ãŒã«ã ããããå°äžéã¯åžããŸãã ããã¯å人çãªïŒ11幎éã®äœæ¥ïŒã§ãããå¥ã®èšäºã«å€ããŸãããçŸåšã§ã¯ãããŸããã
ç§ã®çŸåšã®å Žæã§ã€ã³ãã©ã¹ãã©ã¯ãã£æ§æãå€æŽããããã®ã«ãŒã«ã«ã€ããŠå°ãã PuppetãGitlabãããã³ã€ã³ãã©ã¹ãã©ã¯ãã£ã®ååãã³ãŒããšããŠäœ¿çšããŠããããã次ã®ããšãå¯èœã§ãã
- ä»®æ³ãã·ã³äžã®ãã¡ã€ã«ãæåã§å€æŽããããšã«ãããSSHã«ããæåã®å€æŽã¯ãããŸããã 3幎éã®ä»äºã§ããããŸã§äœåºŠãã1é±éåã®æåŸã®åžœåãåãåããŸãããããããæåŸã§ã¯ãªããšæããŸãã å®éãèšå®ã®1è¡ãä¿®æ£ãããµãŒãã¹ãåèµ·åããŠãåé¡ã解決ãããã©ããã確èªããŸã-10ç§ã Gitlabã«æ°ãããã©ã³ããäœæããå€æŽãããã·ã¥ããr10kãPuppetmasterã§åäœããã®ãåŸ ã¡ãPuppet --environment = mybranchãå®è¡ãããã®ãã¹ãŠãæ©èœãããŸã§æ°åïŒæäœ5åïŒåŸ ã¡ãŸãã
- å€æŽã¯Gitlabã§ããŒãžãªã¯ãšã¹ããäœæããããšã§è¡ãããããŒã ã®å°ãªããšã1人ã®ã¡ã³ããŒããæ¿èªãåŸãå¿ èŠããããŸãã ããŒã ãªãŒããŒã®å€§å¹ ãªå€æŽã«ã¯ã2ã3åã®æ¿èªãå¿ èŠã§ãã
- ãã¹ãŠã®å€æŽã¯äœããã®åœ¢ã§ããã¹ã圢åŒã§ããïŒPuppetãããã§ã¹ããHieraã¹ã¯ãªããããã³ããŒã¿ã¯ããã¹ãã§ããããïŒããã€ããªãã¡ã€ã«ã¯éåžžã«æšå¥šãããŠãããããã®ãããªãã¡ã€ã«ãæ¿èªããã«ã¯æ£åœãªçç±ãå¿ èŠã§ãã
ã ãããç§ãèŠããªãã·ã§ã³ïŒ
- Munin-ã€ã³ãã©ã¹ãã©ã¯ãã£ã«10ãè¶ ãããµãŒããŒãããå Žåã管çã¯å°çã«ãªããŸãïŒ ãã®èšäºãããããã確èªããæ欲ã¯ããŸããªãã£ãã®ã§ããã®èšèãåãåããŸããïŒã
- Zabbix-é·ãéããã·ã¢ã«æ»ã£ãŠããŸããããããã¯ç§ã®ä»äºã«ãšã£ãŠåé·ã§ããã ããã§-Puppetãæ§æãããŒãžã£ãŒãšããŠäœ¿çšããGitlabãããŒãžã§ã³ç®¡çã·ã¹ãã ãšããŠäœ¿çšãããããåé€ããå¿ èŠããããŸããã åœæãç§ãç解ããããã«ãZabbixã¯æ§æå šäœãããŒã¿ããŒã¹ã«ä¿åãããããçŸåšã®ç¶æ ã§æ§æã管çããæ¹æ³ãšå€æŽã远跡ããæ¹æ³ãæ確ã§ã¯ãããŸããã§ããã
- ããã¡ããŠã¹ã¯ãéšéã®é°å²æ°ããå€æãããšãæçµçã«æ¥ããã®ã§ãããåœæã¯ãããç¿åŸã§ãããå®éã«åäœãããµã³ãã«ïŒProof of ConceptïŒã瀺ãããšãã§ããªãã£ããããæåŠããªããã°ãªããŸããã§ããã
- ã·ã¹ãã ã®å®å šãªåèšèšãå¿ èŠãšããããŸãã¯åæ段éã«ãã/æŸæ£ãããŠããŠãåãçç±ã§æåŠãããä»ã®ãªãã·ã§ã³ãããã€ããããŸããã
æåŸã«ã3ã€ã®çç±ããIcinga2ã«æ±ºããŸããã
1-NrpeïŒNagiosããã®ã³ãã³ãã®ãã§ãã¯ãå®è¡ããã¯ã©ã€ã¢ã³ããµãŒãã¹ïŒãšã®äºææ§ã ããã¯éåžžã«éèŠã§ãããåœæãç§ãã¡ã¯135åïŒçŸåšã¯165åïŒã®èªå·±äœæãµãŒãã¹/ãã§ãã¯ãåããä»®æ³ãã·ã³ããããããããã¹ãŠããçŽããšã²ã©ãhemoã«ãªãããã§ãã
2-ãã¹ãŠã®æ§æãã¡ã€ã«ã¯ããã¹ãã§ããããããã®åé¡ãç°¡åã«ç·šéããããè¿œå ãŸãã¯åé€ãããå
容ã確èªã§ããããŒãžèŠæ±ãäœæãããã§ããŸãã
3ã¯æŽ»çºã§æé·ããŠãããªãŒãã³ãœãŒã¹ãããžã§ã¯ãã§ãã ç§ãã¡ã¯OpenSourceãéåžžã«å¥œãã§ããã«ãªã¯ãšã¹ããšåé¡ãäœæããŠåé¡ã解決ããããšã§ãããã«å¯ŸããŠå®çŸå¯èœãªè²¢ç®ãããŠããŸãã
ããã§ã¯ãIcinga2ã«è¡ããŸãããã
æåã«çŽé¢ããªããã°ãªããªãã£ãã®ã¯ãååã®æ £æ§ã§ããã 誰ããNagios / NajiosïŒããã§ãçºé³ã®ä»æ¹ã«ã€ããŠåŠ¥åããããšã¯ã§ããŸããã§ãããïŒãšCheckMKã€ã³ã¿ãŒãã§ãŒã¹ã«æ £ããŠããŸãã icingaã€ã³ã¿ãŒãã§ãŒã¹ã¯ãŸã£ããç°ãªã£ãŠèŠããŸãïŒãã€ãã¹ã§ããïŒããæåéãä»»æã®ãã©ã¡ãŒã¿ãŒã䜿çšããŠãã£ã«ã¿ãŒã§è¡šç€ºããå¿ èŠããããã®ãæè»ã«æ§æããããšãã§ããŸãïŒãã©ã¹ã§ããããç§ã¯ç¹ã«ããã®ããã«æŠããŸããïŒã

ã¹ã¯ããŒã«ããŒã®ãµã€ãºãšã¹ã¯ããŒã«ãã£ãŒã«ãã®ãµã€ãºã®æ¯çãèŠç©ãããŸãã
次ã«ãCheckMkã䜿çšãããšè€æ°ã®Nagiosãã¹ããæäœã§ããããã誰ãã1ã€ã®ã¢ãã¿ãŒã§ã€ã³ãã©ã¹ãã©ã¯ãã£å šäœãèŠãããšã«æ £ããŠããŸãããIcingaã¯ãã®æ¹æ³ãç¥ããŸããã§ããïŒå®éã«ã¯ã以äžã§è©³ãã説æããŸãïŒã 代æ¿æ段ã¯ThrukãšåŒã°ãããã®ã§ãããããã®èšèšã«ãããããŒã ã¡ã³ããŒå šå¡ãååãããŸããã

ãã¬ã€ã³ã¹ããŒã ã®æ°æ¥åŸãçç£ãŸãŒã³ã«1ã€ã®ãã¹ã¿ãŒãã¹ããš2ã€ã®éšäžãããå Žåã®ã¯ã©ã¹ã¿ãŒã¢ãã¿ãªã³ã°ã®ã¢ã€ãã¢ãææ¡ããŸããã1ã€ã¯éçº/ãã¹ãã«ããã1ã€ã¯å¥ã®ãããã€ããŒã«é 眮ãããå€éšãã¹ãã§ãããªãã¶ãŒããŒã ãã®æ§æã«ããã1ã€ã®WebããŒã¹ã®ã€ã³ã¿ãŒãã§ã€ã¹ã§ãã¹ãŠã®åé¡ã確èªã§ããéåžžã«ããŸãæ©èœããŸããããPuppet ... ïŒdev-testãstaging-prodãextïŒãIcinga APIãä»ããå€æŽã®éä¿¡ã«ã¯æ°ç§ããããŸããããã¹ãŠã®ãã¹ãã®ãã¹ãŠã®ãµãŒãã¹ã®Puppetãã£ã¬ã¯ããªã®ã³ã³ãã€ã«ã«ã¯æ°åããããŸãã ããã¯ä»ã§ãç§ãéé£ããŠããŸããããã¹ãŠãã©ã®ããã«æ©èœãããªããã¹ãŠãéåžžã«æéããããã®ããäœåºŠã説æããŠããŸãã
第äž-ã¹ããŒãã¬ãŒã¯ïŒã¹ããŒãã¬ãŒã¯ïŒã®æ-ç¹å¥ãªäœãããããããäžè¬çãªã·ã¹ãã ããããã¯ã¢ãŠãããããã®ãäžè¬çãªã«ãŒã«ã¯é©çšãããŸããã ããã¯æ£é¢æ»æã«ãã£ãŠè§£æ±ºãããŸãã-ã¢ã©ãŒã ãååšããå Žåãå®éã«ã¯ãã¹ãŠãæ£åžžã§ããå Žåãããã§ããªãã¯ããæ·±ãæãäžããŠããããç§ã«èŠåããã¹ãã§ã¯ãªãçç±ãç解ããå¿ èŠããããŸãã ãŸãã¯ãã®é-Nagiosããããã¯ã«é¥ãããIcingaã¯ãããã¯ã«é¥ããªãçç±ã
4çªç®ã«ãNagiosã¯3幎éããã§åããŠãããæåã¯ç§ã®æ°ããæµè¡ã®ãããã¹ã¿ãŒã·ã¹ãã ããã圌ã«ä¿¡é Œããã£ãã®ã§ãIcingaããããã¯ãèµ·ãããã³ã«ãNagiosãåãåé¡ã«è奮ãããŸã§èª°ãäœãããŸããã§ããã ããããIcingaãNagiosãããåã«å®éã®ã¢ã©ãŒã ãçºè¡ããããšã¯éåžžã«ãŸãã§ããããããæ·±å»ãªåŠšå®³ãšèããŠããŸããããã«ã€ããŠã¯ãçµè«ãã»ã¯ã·ã§ã³ã§èª¬æããŸãã
ãã®çµæãäž»ã«ãããªãã£ãã§ãã¯ãã®ããã«ãè©Šé転ã5ãæ以äžé 延ããŸããïŒ2018幎6æ28æ¥ã«äºå®-2018幎12æ3æ¥ïŒãéå»æ°å¹ŽéäœãèããŠããŸããããä»ã§ã¯çç±ããªãæ¹å€ãçºããŠããã®ã§ããªã圌ããç§ã®ããã«ã«ãªãã®ãã説æãããããªãã£ãã§ãã¯ãå®äºããŸãããïŒãã¹ãŠã®ãµãŒãã¹/ãã§ãã¯Nagiosã®ãµãŒãã¹ã¯ãIcingaã®ãµãŒãã¹/ãã§ãã¯ã«å¯Ÿå¿ããŠããŸãïŒ
å®è£
ïŒ
1ã€ç®ã¯ãPuppet Styleãªã©ã®ã³ãŒã察ããŒã¿æŠäºã§ãã ãã¹ãŠã®ããŒã¿ã¯ãããã§ã¯äžè¬çã«ãã¹ãŠãHieraã«ãããä»ã«ã¯äœããªãã¯ãã§ãã ãã¹ãŠã®ã³ãŒãã¯.ppãã¡ã€ã«ã«ãããŸãã å€æ°ãæœè±¡åãé¢æ°-ãã¹ãŠã¯ppã§è¡ããŸãã
ãã®çµæãSSL蚌ææžã®ç¶æ
ãšæå¹æ§ãç£èŠããå¿
èŠã®ããä»®æ³ãã·ã³ïŒå·çæç¹ã§ã¯165ïŒãš68ã®Webã¢ããªã±ãŒã·ã§ã³ããããŸãã ãã ããhistoricalæ žã®æŽå²ã«ãããã¢ããªã±ãŒã·ã§ã³ãç£èŠããããã®æ
å ±ã¯å¥ã®gitlabãªããžããªããååŸãããããŒã¿åœ¢åŒã¯Puppet 3ããå€æŽãããŠããªããããèšå®ãããã«é£ãããªããŸãã
define profiles::services::monitoring::docker_apps( Hash $app_list, Hash $apps_accessible_from, Hash $apps_access_list, Hash $webhost_defaults, Hash $webcheck_defaults, Hash $service_overrides, Hash $targets, Hash $app_checks, ) { #### APPS #### $zone = $name $app_list.each | String $app_name, Hash $app_data | { $notify_group = { 'notify_group' => ($webcheck_defaults[$zone]['notify_group'] + pick($app_data['notify_group'], {} )) } # adds notifications for default group (systems) + any group defined in int/pm_docker_apps.eyaml $data = merge($webhost_defaults, $apps_accessible_from, $app_data) $site_domain = $app_data['site_domain'] $regexp = pick($app_data['check_regex'], 'html') # Pick a regex to check $check_url = $app_data['check_url'] ? { undef => { 'http_uri' => '/' }, default => { 'http_uri' => $app_data['check_url'] } } $check_regex = $regexp ?{ 'absent' => {}, default => {'http_expect_body_regex' => $regexp} } $site_domain.each | String $vhost, Hash $vdata | { # Split an app by domains if there are two or more $vhost_name = {'http_vhost' => $vhost} $vars = $data['vars'] + $vhost_name + $check_regex + $check_url $web_ipaddress = is_array($vdata['web_ipaddress']) ? { # Make IP-address an array if it's not, because askizzy has 2 ips and it's an array true => $vdata['web_ipaddress'], false => [$vdata['web_ipaddress']], } $access_from_zones = [$zone] + $apps_access_list[$data['accessible_from']] # Merge default zone (where the app is defined) and extra zones if they exist $web_ipaddress.each | String $ip_address | { # For each IP (if we have multiple) $suffix = length($web_ipaddress) ? { # If we have more than one - add IP as a suffix to this hostname to avoid duplicating resources 1 => '', default => "_${ip_address}" } $octets = split($ip_address, '\.') $ip_tag = "${octets[2]}.${octets[3]}" # Using last octet only causes a collision between nginx-vip 203.15.70.94 and ext. ip 49.255.194.94 $access_from_zones.each | $zone_prefix |{ $zone_target = $targets[$zone_prefix] $nginx_vip_name = "${zone_prefix}_nginx-vip-${ip_tag}" # If it's a host for ext - prefix becomes 'ext_' (ext_nginx-vip...) $nginx_host_vip = { $nginx_vip_name => { ensure => present, target => $zone_target, address => $ip_address, check_command => 'hostalive', groups => ['nginx_vip',], } } $ssl_vars = $app_checks['ssl'] $regex_vars = $app_checks['http'] + $vars + $webcheck_defaults[$zone] + $notify_group if !defined( Profiles::Services::Monitoring::Host[$nginx_vip_name] ) { ensure_resources('profiles::services::monitoring::host', $nginx_host_vip) } if !defined( Icinga2::Object::Service["${nginx_vip_name}_ssl"] ) { icinga2::object::service {"${nginx_vip_name}_ssl": ensure => $data['ensure'], assign => ["host.name == $nginx_vip_name",], groups => ['webchecks',], check_command => 'ssl', check_interval => $service_overrides['ssl']['check_interval'], target => $targets['services'], apply => true, vars => $ssl_vars } } if $regexp != 'absent'{ if !defined(Icinga2::Object::Service["${vhost}${$suffix} regex"]){ icinga2::object::service {"${vhost}${$suffix} regex": ensure => $data['ensure'], assign => ["match(*_nginx-vip-${ip_tag}, host.name)",], groups => ['webchecks',], check_command => 'http', check_interval => $service_overrides['regex']['check_interval'], target => $targets['services'], enable_flapping => true, apply => true, vars => $regex_vars } } } } } } } }
ãã¹ããšãµãŒãã¹ã®æ§æã³ãŒããã²ã©ãèŠããŸãïŒ
class profiles::services::monitoring::config( Array $default_config, Array $hostgroups, Hash $hosts = {}, Hash $host_defaults, Hash $services, Hash $service_defaults, Hash $service_overrides, Hash $webcheck_defaults, Hash $servicegroups, String $servicegroup_target, Hash $user_defaults, Hash $users, Hash $oncall, Hash $usergroup_defaults, Hash $usergroups, Hash $notifications, Hash $notification_defaults, Hash $notification_commands, Hash $timeperiods, Hash $webhost_defaults, Hash $apps_access_list, Hash $check_commands, Hash $hosts_api = {}, Hash $targets = {}, Hash $host_api_defaults = {}, ) { # Profiles::Services::Monitoring::Hostgroup <<| |>> # will be enabled when we move to icinga completely #### APPS #### case $location { 'int', 'ext': { $apps_by_zone = {} } 'pm': { $int_apps = hiera('int_docker_apps') $int_app_defaults = hiera('int_docker_app_common') $st_apps = hiera('staging_docker_apps') $srs_apps = hiera('pm_docker_apps_srs') $pm_apps = hiera('pm_docker_apps') + $st_apps + $srs_apps $pm_app_defaults = hiera('pm_docker_app_common') $apps_by_zone = { 'int' => $int_apps, 'pm' => $pm_apps, } $app_access_by_zone = { 'int' => {'accessible_from' => $int_app_defaults['accessible_from']}, 'pm' => {'accessible_from' => $pm_app_defaults['accessible_from']}, } } default: { fail('Please ensure the node has $location fact set (int, pm, ext)') } } file { '/etc/icinga2/conf.d/': ensure => directory, recurse => true, purge => true, owner => 'icinga', group => 'icinga', mode => '0750', notify => Service['icinga2'], } $default_config.each | String $file_name |{ file {"/etc/icinga2/conf.d/${file_name}": ensure => present, source => "puppet:///modules/profiles/services/monitoring/default_config/${file_name}", owner => 'icinga', group => 'icinga', mode => '0640', } } $app_checks = { 'ssl' => $services['webchecks']['checks']['ssl']['vars'], 'http' => $services['webchecks']['checks']['http_regexp']['vars'] } $apps_by_zone.each | String $zone, Hash $app_list | { profiles::services::monitoring::docker_apps{$zone: app_list => $app_list, apps_accessible_from => $app_access_by_zone[$zone], apps_access_list => $apps_access_list, webhost_defaults => $webhost_defaults, webcheck_defaults => $webcheck_defaults, service_overrides => $service_overrides, targets => $targets, app_checks => $app_checks, } } #### HOSTS #### # Profiles::Services::Monitoring::Host <<| |>> # This is for spaceship invasion when it's ready. $hosts_has_large_disks = query_nodes('mountpoints.*.size_bytes >= 1099511627776') $hosts.each | String $hostgroup, Hash $list_of_hosts_with_settings | { # Splitting site lists by hostgroups - docker_host/gluster_host/etc $list_of_hosts_in_group = $list_of_hosts_with_settings['hosts'] $hostgroup_settings = $list_of_hosts_with_settings['settings'] $merged_hostgroup_settings = deep_merge($host_defaults, $list_of_hosts_with_settings['settings']) $list_of_hosts_in_group.each | String $host_name, Hash $host_settings |{ # Splitting grouplists by hosts # Is this host in the array $hosts_has_large_disks ? If so set host.vars.has_large_disks if ( $hosts_has_large_disks.reduce(false) | $found, $value| { ( $value =~ "^${host_name}" ) or $found } ) { $vars_has_large_disks = { 'has_large_disks' => true } } else { $vars_has_large_disks = {} } $host_data = deep_merge($merged_hostgroup_settings, $host_settings) $hostgroup_settings_vars = pick($hostgroup_settings['vars'], {}) $host_settings_vars = pick($host_settings['vars'], {}) $host_notify_group = delete_undef_values($host_defaults['vars']['notify_group'] + $hostgroup_settings_vars['notify_group'] + $host_settings_vars['notify_group']) $host_data_vars = delete_undef_values(deep_merge($host_data['vars'] , {'notify_group' => $host_notify_group}, $vars_has_large_disks)) # Merging vars separately $hostgroups = delete_undef_values([$hostgroup] + $host_data['groups']) profiles::services::monitoring::host{$host_name: ensure => $host_data['ensure'], display_name => $host_data['display_name'], address => $host_data['address'], groups => $hostgroups, target => $host_data['target'], check_command => $host_data['check_command'], check_interval => $host_data['check_interval'], max_check_attempts => $host_data['max_check_attempts'], vars => $host_data_vars, template => $host_data['template'], } } } if !empty($hosts_api){ # All hosts managed by API $hosts_api.each | String $zone, Hash $hosts_api_zone | { # Split api hosts by zones $hosts_api_zone.each | String $hostgroup, Hash $list_of_hosts_with_settings | { # Splitting site lists by hostgroups - docker_host/gluster_host/etc $list_of_hosts_in_group = $list_of_hosts_with_settings['hosts'] $hostgroup_settings = $list_of_hosts_with_settings['settings'] $merged_hostgroup_settings = deep_merge($host_api_defaults, $list_of_hosts_with_settings['settings']) $list_of_hosts_in_group.each | String $host_name, Hash $host_settings |{ # Splitting grouplists by hosts # Is this host in the array $hosts_has_large_disks ? If so set host.vars.has_large_disks if ( $hosts_has_large_disks.reduce(false) | $found, $value| { ( $value =~ "^${host_name}" ) or $found } ) { $vars_has_large_disks = { 'has_large_disks' => true } } else { $vars_has_large_disks = {} } $host_data = deep_merge($merged_hostgroup_settings, $host_settings) $hostgroup_settings_vars = pick($hostgroup_settings['vars'], {}) $host_settings_vars = pick($host_settings['vars'], {}) $host_api_notify_group = delete_undef_values($host_defaults['vars']['notify_group'] + $hostgroup_settings_vars['notify_group'] + $host_settings_vars['notify_group']) $host_data_vars = delete_undef_values(deep_merge($host_data['vars'] , {'notify_group' => $host_api_notify_group}, $vars_has_large_disks)) $hostgroups = delete_undef_values([$hostgroup] + $host_data['groups']) if defined(Profiles::Services::Monitoring::Host[$host_name]){ $hostname = "${host_name}_from_${zone}" } else { $hostname = $host_name } profiles::services::monitoring::host{$hostname: ensure => $host_data['ensure'], display_name => $host_data['display_name'], address => $host_data['address'], groups => $hostgroups, target => "${host_data['target_base']}/${zone}/hosts.conf", check_command => $host_data['check_command'], check_interval => $host_data['check_interval'], max_check_attempts => $host_data['max_check_attempts'], vars => $host_data_vars, template => $host_data['template'], } } } } } #### END OF HOSTS #### #### SERVICES #### $services.each | String $service_group, Hash $s_list |{ # Service_group and list of services in that group $service_list = $s_list['checks'] # List of actual checks, separately from SG settings $service_list.each | String $service_name, Hash $data |{ $merged_defaults = merge($service_defaults, $s_list['settings']) # global service defaults + service group defaults $merged_data = merge($merged_defaults, $data) $settings_vars = pick($s_list['settings']['vars'], {}) $this_service_vars = pick($data['vars'], {}) $all_service_vars = delete_undef_values($service_defaults['vars'] + $settings_vars + $this_service_vars) # If we override default check_timeout, but not nrpe_timeout, make nrpe_timeout the same as check_timeout if ( $merged_data['check_timeout'] and ! $this_service_vars['nrpe_timeout'] ) { # NB: Icinga will convert 1m to 60 automatically! $nrpe = { 'nrpe_timeout' => $merged_data['check_timeout'] } } else { $nrpe = {} } # By default we use nrpe and all commands are run via nrpe. So vars.nrpe_command = $service_name is a default value # If it's server-side Icinga command - we don't need 'nrpe_command' # but there is no harm to have that var and the code is shorter if $merged_data['check_command'] == 'nrpe'{ $check_command = $merged_data['vars']['nrpe_command'] ? { undef => { 'nrpe_command' => $service_name }, default => { 'nrpe_command' => $merged_data['vars']['nrpe_command'] } } }else{ $check_command = {} } # Assembling $vars from Global Default service settings, servicegroup settings, this particular check settings and let's not forget nrpe settings. if $all_service_vars['graphite_template'] { $graphite_template = {'check_command' => $all_service_vars['graphite_template']} }else{ $graphite_template = {'check_command' => $service_name} } $service_notify = [] + pick($settings_vars['notify_group'], []) + pick($this_service_vars['notify_group'], []) # pick is required everywhere, otherwise becomes "The value '' cannot be converted to Numeric" $service_notify_group = $service_notify ? { [] => $service_defaults['vars']['notify_group'], default => $service_notify } # Assing default group (systems) if no other groups are defined $vars = $all_service_vars + $nrpe + $check_command + $graphite_template + {'notify_group' => $service_notify_group} # This needs to be merged separately, because merging it as part of MERGED_DATA overwrites arrays instead of merging them, so we lose some "assign" and "ignore" values $assign = delete_undef_values($service_defaults['assign'] + $s_list['settings']['assign'] + $data['assign']) $ignore = delete_undef_values($service_defaults['ignore'] + $s_list['settings']['ignore'] + $data['ignore']) icinga2::object::service {$service_name: ensure => $merged_data['ensure'], apply => $merged_data['apply'], enable_flapping => $merged_data['enable_flapping'], assign => $assign, ignore => $ignore, groups => [$service_group], check_command => $merged_data['check_command'], check_interval => $merged_data['check_interval'], check_timeout => $merged_data['check_timeout'], check_period => $merged_data['check_period'], display_name => $merged_data['display_name'], event_command => $merged_data['event_command'], retry_interval => $merged_data['retry_interval'], max_check_attempts => $merged_data['max_check_attempts'], target => $merged_data['target'], vars => $vars, template => $merged_data['template'], } } } #### END OF SERVICES #### #### OTHER BORING STUFF #### $servicegroups.each | $servicegroup, $description |{ icinga2::object::servicegroup{ $servicegroup: target => $servicegroup_target, display_name => $description } } $hostgroups.each| String $hostgroup |{ profiles::services::monitoring::hostgroup { $hostgroup:} } $notifications.each | String $name, Hash $settings |{ $assign = pick($notification_defaults['assign'], []) + $settings['assign'] $ignore = pick($notification_defaults['ignore'], []) + $settings['ignore'] $merged_settings = $settings + $notification_defaults icinga2::object::notification{$name: target => $merged_settings['target'], apply => $merged_settings['apply'], apply_target => $merged_settings['apply_target'], command => $merged_settings['command'], interval => $merged_settings['interval'], states => $merged_settings['states'], types => $merged_settings['types'], assign => delete_undef_values($assign), ignore => delete_undef_values($ignore), user_groups => $merged_settings['user_groups'], period => $merged_settings['period'], vars => $merged_settings['vars'], } } # Merging notification settings for users with other settings $users_oncall = deep_merge($users, $oncall) # Magic. Do not touch. create_resources('icinga2::object::user', $users_oncall, $user_defaults) create_resources('icinga2::object::usergroup', $usergroups, $usergroup_defaults) create_resources('icinga2::object::timeperiod',$timeperiods) create_resources('icinga2::object::checkcommand', $check_commands) create_resources('icinga2::object::notificationcommand', $notification_commands) profiles::services::sudoers { 'icinga_runs_ping_l2': ensure => present, sudoersd_template => 'profiles/os/redhat/centos7/sudoers/icinga.erb', } }
ç§ã¯ãŸã ãã®éººã«åãçµãã§ãããå¯èœãªéããããæ¹åããŠããŸãã ãã ããHieraã§ã·ã³ãã«ã§æ確ãªæ§æã䜿çšã§ããããã«ããã®ã¯æ¬¡ã®ãããªã³ãŒãã§ãã
profiles::services::monitoring::config::services: perf_checks: settings: check_interval: '2m' assign: - 'host.vars.type == linux' checks: procs: {} load: {} memory: {} disk: check_interval: '5m' vars: notification_period: '24x7' disk_iops: vars: notifications: - 'silent' cpu: vars: notifications: - 'silent' dns_fqdn: check_interval: '15m' ignore: - 'xenserver in host.groups' vars: notifications: - 'silent' iftraffic_nrpe: vars: notifications: - 'silent' logging: settings: assign: - 'logserver in host.groups' checks: rsyslog: {} nginx_limit_req_other: {} nginx_limit_req_s2s: {} nginx_limit_req_s2x: {} nginx_limit_req_srs: {} logstash: {} logstash_api: vars: notifications: - 'silent'
ãã¹ãŠã®ãã§ãã¯ã¯ã°ã«ãŒãã«åããããåã°ã«ãŒãã«ã¯ããããã®ãã§ãã¯ãå®è¡ããå Žæãšé »åºŠãéä¿¡ããéç¥ãéä¿¡å ãªã©ã®ããã©ã«ãèšå®ããããŸãã
åãã§ãã¯ã§ã¯ãä»»æã®ãªãã·ã§ã³ããªãŒããŒã©ã€ãã§ããŸããããã«ãããæçµçã«ãã¹ãŠã®ãã§ãã¯å šäœã®ããã©ã«ãèšå®ãè¿œå ãããŸãã ãããã£ãŠããã®ãããªéººã¯config.ppã«æžã蟌ãŸããŸãããã¹ãŠã®ããã©ã«ãèšå®ãšã°ã«ãŒãèšå®ãçµ±åããã次ã«åã ã®ãã§ãã¯ãçµ±åãããŸãã
ãŸããéåžžã«éèŠãªå€æŽã¯ãèšå®ã§æ©èœã䜿çšããæ©èœã§ãããããšãã°ãhttp_regexã確èªããããã«ããŒããã¢ãã¬ã¹ãããã³URLãå€æŽããæ©èœã§ãã
http_regexp: assign: - 'host.vars.http_regex' - 'static_sites in host.groups' check_command: 'http' check_interval: '1m' retry_interval: '20s' max_check_attempts: 6 http_port: '{{ if(host.vars.http_port) { return host.vars.http_port } else { return 443 } }}' vars: notification_period: 'host.vars.notification_period' http_vhost: '{{ if(host.vars.http_vhost) { return host.vars.http_vhost } else { return host.name } }}' http_ssl: '{{ if(host.vars.http_ssl) { return false } else { return true } }}' http_expect_body_regex: 'host.vars.http_regex' http_uri: '{{ if(host.vars.http_uri) { return host.vars.http_uri } else { return "/" } }}' http_onredirect: 'follow' http_warn_time: 8 http_critical_time: 15 http_timeout: 30 http_sni: true
ã€ãŸãããã¹ãå®çŸ©ã«http_portå€æ°ãããå Žåã¯ããã䜿çšããããã§ãªãå Žåã¯443ã䜿çšããŸããããšãã°ãjabber Webã€ã³ã¿ãŒãã§ãŒã¹ã¯9090ã§ãã³ã°ããUnifiã¯7443ã§ãã³ã°ããŸãã
http_vhostã¯ãDNSãç¡èŠããŠãã®ã¢ãã¬ã¹ãåãããšãæå³ããŸãã
ãã¹ãã§uriãæå®ãããŠããå Žåã¯ãããã«æ²¿ã£ãŠé²ã¿ãããã§ãªãå Žåã¯ã/ãã䜿çšããŸãã
http_sslã§é¢çœã話ãåºãŸãã-ãã®ææã¯ãªã³ããã³ãã§åæããããããŸããã§ããã ãã¹ãå®çŸ©ã®å€æ°ã次ã®ããã«ãªã£ãŠããŸããŸã§ãç§ã¯é·ãéãã®è¡ã«ã€ãŸãããã
http_ssl: false
åŒã«ä»£å ¥ãã
if(host.vars.http_ssl) { return false } else { return true }
åœãšããŠãããã¯å€æ
if(false) { return false } else { return true }
ã€ãŸããSSLãã§ãã¯ã¯åžžã«ã¢ã¯ãã£ãã§ãã æ§æã眮ãæããããšã§æ±ºå®ãããŸããã
http_ssl: no
çµè« ïŒ
é·æïŒ
- çŸåšãç£èŠã·ã¹ãã ã¯1ã€ã§ãããéå»7ã8ãæã®ããã«2ã€ã§ã¯ãããŸããã§ããã
- ãã¹ã/ãµãŒãã¹ïŒãã§ãã¯ïŒã®ããŒã¿æ§é ã¯ãïŒç§ã®æèŠã§ã¯ïŒããèªã¿ããããç解ãããããã®ã«ãªããŸããã ä»ã®äººã«ãšã£ãŠã¯ãããã¯ããã»ã©æçœã§ã¯ãªãã£ãã®ã§ãããŒã«ã«Wikiã§ããã€ãã®ããŒãžãã«ããããŠããããã©ã®ããã«æ©èœããäœãç·šéãããã説æããå¿ èŠããããŸããã
- å€æ°ãšé¢æ°ã䜿çšããŠãã§ãã¯ãæè»ã«æ§æããããšãã§ããŸããããšãã°ãhttp_regexpããã§ãã¯ããç®çã®ãã¿ãŒã³ãæ»ãã³ãŒããURLãããŒãããã¹ãèšå®ã§èšå®ã§ããŸãã
- ããã€ãã®ããã·ã¥ããŒãããããããããã«ã€ããŠã衚瀺ãããã¢ã©ãŒã ã®ç¬èªã®ãªã¹ããå®çŸ©ããPuppetããã³ããŒãžèŠæ±ãä»ããŠãã¹ãŠã管çã§ããŸãã
çæïŒ
- ããŒã ã¡ã³ããŒã®æ £æ§-Nagiosã¯åããåããåããŸããããããã¯ããªãã®Isingaãåžžã«ãã°ãèµ·ãããé ããªããŸãã ãããŠãã©ãããã°ç©èªãèŠãããšãã§ããŸããïŒ ãããŠãããŸããŸãããããã¯æŽæ°ãããŸãã...ïŒæ¬åœã®åé¡ã¯ãã¢ã©ãŒã å±¥æŽãF5ã«ãã£ãŠã®ã¿èªåçã«æŽæ°ãããªãããšã§ãïŒ
- ã·ã¹ãã ã®æ
£æ§-Webã€ã³ã¿ãŒãã§ã€ã¹ã§[ä»ãã確èª]ãã¯ãªãã¯ãããšãå®è¡çµæã¯ç«æã®å€©æ°ãç¹ã«å®äºã«æ°åç§ãããè€éãªãµãŒãã¹ã«äŸåããŸãã åæ§ã®çµæã¯æ£åžžã§ãã
- äžè¬çã«ã䞊ãã§åäœããŠãã2ã€ã®ã·ã¹ãã ã®å幎ããšã®çµ±èšã«ãããšãNagiosã¯åžžã«Icingaãããéãåäœããæ¬åœã«ã€ã©ã€ã©ããŠããŸããã ã¿ã€ããŒã«ã ãŸãããŠãããã®ããããäºå®ã®5åéã®ãã§ãã¯ã5:30ããšãªã©ã«è¡ãããŠããããã«æããŸãã
- ãã€ã§ããµãŒãã¹ãåèµ·åããå ŽåïŒsystemctl restart icinga2ïŒ-ãã®æç¹ã§é²è¡äžã ã£ããã¹ãŠã®ãã§ãã¯ã¯ãç»é¢äžã§é倧ãª<ä¿¡å·ã§çµäº15>ã¢ã©ãŒã ãããªã¬ãŒããåŽé¢ãããã¹ãŠãèœã¡ãããã«èŠããŸãïŒ ç¢ºèªæžã¿ã®ãã° ïŒ
ããããäžè¬çã«-ããã¯åäœããŸãã