Ansible is a commonly known tool to easily automate deployments in infrastructures, its configuration is based on YAML and is able to scale in big environments.
Icinga 2 provides its own secure agent to monitor hosts, high available satellite zones and monitoring configuration. To manage this monitoring environment we introduce you to the ansible-collection-icinga, this collection can install Icinga 2 server, configure monitoring and deploy Icinga 2 agents in your infrastructure.
The main features are:
- Manage repositories for Icinga Agents and Server.
- Manage and configure Agent and Server connections by providing or creating certificates.
- Manage all configuration files for Icinga instances.
- Provide monitoring objects in YAML syntax and distribute them over Icinga config-sync.
- Manage Icinga 2 Features (Current version includes: API, Graphite, InfluxDB, mainlog, notification, ido-mysql and ido-pgsql)
The collection includes two roles in the current version.
- icinga.repos: Role to manage repositories
- icinga.icinga2: Role to install and manage Icinga 2 instances.
To start with the collection, we need to install it first. This can be easily done with the ansible-galaxy command installing the latest version from galaxy.
ansible-galaxy collection install icinga.icinga
To use the collection just add the collection in the playbook with the key collections.
- hosts: icinga-server collections: - icinga.icinga roles: - repos - icinga2
Features can be enabled, disabled and configured. Every option of the feature is supported, features like ido-mysql and ido-pgsql have additional parameters to trigger database schema imports.
icinga2_features: - name: checker - name: mainlog - name: graphite host: localhost port: 3000
In future every Icinga 2 feature will be available, but for the first release the basic features are available.
Icinga Objects and Rules
The collection also provides the mechanism to create monitoring configuration. This includes the following Icinga 2 objects.:
In future releases all Objects will be of course supported, please refer to our milestones
icinga2_objects: [...] - name: ping type: Service order: 11 file: zones.d/main/services.conf apply: true imports: - generic-service check_command: ping4 assign: - host.address
As Icinga 2 uses certificates for communication between all instances, this collection provides the possibility to create or use existing certificates. Furthermore if you intend to install a Icinga server instance the Icinga 2 role will generate a Certificate Authority for you on the server.
icinga2_features: - name: api ca_host: icinga-server.corp.com cert_name: icinga-agent.corp.com endpoints: - name: NodeName zones: - name: ZoneName endpoints: - NodeName
To extend the usage of the collection its possible to create Icinga 2 clusters. Clusters can be easily defined by the zones configuration. Add the two main servers into zones definition and deploy, the Icinga 2 servers will automatically connect to each other and start syncing the configuration.
icinga2_features: - name: api ca_host: icinga-server1.corp.com cert_name: icinga-server1.corp.com endpoints: - name: NodeName - name: icinga-server2.corp.com host: 18.104.22.168 zones: - name: main endpoints: - NodeName - icinga-server2.corp.com
If you want to have a closer look at the collection, give or have feedback, or want to participate in the development, check out the GitHub Repository of the project.