Icinga 2 – Monitoring automatisiert mit Puppet Teil 14: Profile Part VI

This entry is part 14 of 14 in the series Icinga 2 Monitoring automatisiert mit Puppet

Nachdem letzte Woche der Nginx verwendet wurde, wenden wir uns im nun vorerst letzten Teil der Konfiguration des Apaches als Webserver zur Auslieferung von Icinga Web 2 zu.
Der Apache kommt unter Debian als abhängig zu installierendes Paket von icingaweb2 mit und wird ensprechend konfiguriert. Damit dies unsere Anforderung an den Apache nicht wieder überschreibt, sorgen wir dafür, dass das Paket icingaweb2 vor der Klasse apache installiert wird. Hierfür müssen wir das Managment des Pakets durch die Klasse icingaweb2 unterbinden.
Damit das Icinga-Web-2-Modul für seine Konfigurationsdateien den korrekten Benutzer verwenden kann, ziehen wir diesen nach der Abarbeitung der Klasse apache aus dessen Modul.

if $web_server == 'nginx' {
  } else {
    # Apache
    $manage_package = false
      -> Class['apache']
    package { 'icingaweb2':
      ensure => installed,
    class { '::apache':
      default_mods => false,
      default_vhost =>false,
      mpm_module => 'worker',
    apache::listen { '80': }
    $web_conf_user = $::apache::user
    include ::apache::mod::alias
    include ::apache::mod::status
    include ::apache::mod::dir
    include ::apache::mod::env
    include ::apache::mod::rewrite
    include ::apache::mod::proxy
    include ::apache::mod::proxy_fcgi
    apache::custom_config { 'icingaweb2':
      ensure       => present,
      source        => 'puppet:///modules/icingaweb2/examples/apache2/for-mod_proxy_fcgi.conf',
      verify_config => false,
      priority      => false,

Der Apache wird von uns komplett mit allen Modulen für Icinga Web 2 verwaltet, da sich die Defaults für RedHat und Debian zu sehr unterscheiden. Auch hier, wie bei Nginx, entfernen wird alle Konfiguration sonstiger auszuliefernder Webseiten und benutzen die vom Icinga-Web-2-Modul zur Verfügung gestellt Beispielkonfiguration.

Lennart Betz
Lennart Betz
Senior Consultant

Der diplomierte Mathematiker arbeitet bei NETWAYS im Bereich Consulting und bereichert seine Kunden mit seinem Wissen zu Icinga, Nagios und anderen Open Source Administrationstools. Im Büro erleuchtet Lennart seine Kollegen mit fundierten geschichtlichen Vorträgen die seinesgleichen suchen.

OSMC 2018 – Day 2

The evening event was again great food, drinks and conversation and while it ended in the early morning for some people, rooms were full of attendees again for the first talk. It was a hard choice between probably great talks but in the end I had chosen Rodrigue Chakode with “Make IT monitoring ready for cloud-native systems“. Being a long-term contributor to several Open Source Monitoring he used his experience to develop Realopinsight as a tool bringing existing monitoring tools together and extending them for monitoring cloud-native application platforms. In his live demo he showed the webinterface and Icinga 2, Zabbix and Kubernetes integration including aggregation of the severity for a specific service across the different solutions.
OSMC 2018
Scoring a Technical Cyber Defense Exercise with Nagios and Selenium” by Mauno Pihelgas was a quite uncommon case study. Locked Shields is the biggest Cyber Defense exercise involving 22 teams defending systems provided by vendors against hundreds of attacks. Mauno is responsible for the availability scoring system which gives the defending teams bonus points for availability of the systems, but of course it makes also available for attacks which if successful will cause loss of points. The data collected by Nagios and Selenium are then forwarded to Kafka and Elasticsearch to provide abuse control and overall scoring. To give you some numbers over the 2 days of the exercise about 34 million checks are executed and logged.
Susanne Greiner’s talk “Mit KI zu mehr Automatisierung bei der Fehleranalyse” was on using Artificial Intelligence for automatic failure analyses. Her talk started from anomaly detection and forecasting, went through user experience and ended with machine learning and deep learning. It is always great to see what experts can do with data, so running anomaly detection and forecasting on the data, adding labels for user experience and feeding them to the AI can increase troubleshooting capabilities. And better troubleshooting will result in better availability and user experience of course what perhaps is the main goal of all IT.
At the evening event there was again some gambling and after lunch the guys how managed to win the most chips won some real prices.
OSMC 2018 Gambling Winners
While some still enjoyed the event massage, Carsten Köbke started the afternoon sessions with the best talk title “Katzeninhalt mit ein wenig Einhornmagie” (Cat content with a little bit of unicorn magic). Being the author of the Icinga Web 2 module for Grafana and several themes for Icinga Web 2 he demonstrated and explained his work to the audience. It is very nice to see performance data with annotations extracted from the Icinga database nicely presented in Grafana. The themes part of the talk was based on the idea of every one can do this and monitoring can be fun.
Thomas and Daniel teamed up to focus on log management and help people on choosing their tool wisely in their talk “Fokus Log-Management: Wähle dein Werkzeug weise“. They compared the Elastic stack and Graylog with each other in multiple categories, showing up advantages and disadvantages and which tool fits best for which user group.
Eliminating Alerts or ‘Operation Forest’” by Rihards Olups was a great talk on how he tried reducing alerts to get a better acceptance and handling of the remaining alerts, getting problems solved instead of ignored. The ‘Operation forest’ mentioned in the talk’s title is his synonym for there infrastructure and alerts are trash he does not like in his forest, because trash attracts trash, like alerts attract alerts because if the numbers grows they tend to be ignored and more problems will get critical causing more alerts. It is not a problem of the tool used for monitoring and alerting but he had not only nice hints on changing culture but also technical ones like focusing on one monitoring solution, knowing and using all features or making problems more recognizable like putting them into the message of the day. For those having the same problems in their environment he wrote a shitlist you can check the problems you have and the number of checked items will indicate how shitty your environment is, I recommend having a look at this list.
Last but not least Nicolai Buchwitz talked about the “Visualization of your distributed infrastructure” and with his Map module for Icinga Web 2 he is providing a very powerful tool to visualize it. All the new features you get from the latest 1.1.0 release make it even more useful and the outlook on future extensions looks promising. Nicolai concluded with a nice live demo showing all this functionality.
So it was again a great conference, thanks to all speakers, attendees and sponsors for making this possible. I wish everyone not staying for the hackathon or Open Source camp “Save travels”. Slides, videos and pictures will be online in the near future. I hope to see you on next year’s OSMC on November, 4th – 7th!

Dirk Götz
Dirk Götz
Senior Consultant

Dirk ist Red Hat Spezialist und arbeitet bei NETWAYS im Bereich Consulting für Icinga, Puppet, Ansible, Foreman und andere Systems-Management-Lösungen. Früher war er bei einem Träger der gesetzlichen Rentenversicherung als Senior Administrator beschäftigt und auch für die Ausbildung der Azubis verantwortlich wie nun bei NETWAYS.

OSMC 2018 – Day 1

It is always the same, Winter is coming and it brings people to Nuremberg for OSMC. Our Open Source Monitoring conference still grows every year and after giving three parallel tracks a try last year, we changed format again to include also shorter talks and having always three tracks. It also gets more international and topics get more diverse, covering all different monitoring solutions with speakers (and attendees) from all over the worlds. Like every year also the 13th conference started with a day of workshops enabling the interested ones to get hands on Prometheus, Ansible, Graylog and practical example on using the Puppet modules for Icinga 2. Also this year two days of great talks will be followed by a day of hacking and the second issue of the Open Source Camp takes place, this time focusing on Puppet.
OSMC 2018
And another tradition is Bernd starting the conference with a warm welcome before the first talk. Afterwards Michael Medin talked about his journey in monitoring and being a speaker at OSMC for the eleventh time in “10 years of OSMC: Why does my monitoring still look the same?“. It was a very entertaining talk comparing general innovation with the one happening in monitoring. He was showing up that monitoring solutions changed to reflect the change in culture but still stayed the same mechanism and explained all the problems we probably know like finding the correct metrics and interpreting them resulting from this.
Second talk I attended was “Scaling Icinga2 with many heterogeneous projects – and still preserving configurability” by Max Rosin. He started with the technical debt to solve and requirements to fulfill when migrating from Icinga 1 to Icinga 2 like check latency or 100% automation of the configuration. Their high-available production environment had no outage since going live in January, because the infrastructure design and testing updates and configuration changes in a staging setup, what is pretty awesome. The scripting framework they created for the migration will be released on Github. But this was not all they coded to customize their environment, they added some very helpful extensions for the operations team to Icinga Web 2, which will be available on Github somewhere in the future after separating company specific and upstream ready parts.
For the third session I had chosen Matthias Gallinger with “Netzwerkmonitoring mit Prometheus” (Network monitoring with Prometheus). In his case study he showed the migration from Cacti to Prometheus and Grafana done at a international company based in Switzerland. The most important part is here the SNMP Exporter for Prometheus including a generator for its configuration. All required is part of their labs edition of Open Monitoring Distribution (OMD).
After the lunch Serhat Can started with “Building a healthy on-call culture“. He provided and explained his list of rules which should create such a culture: Be transparent – Share responsibilities – Be prepared – Build resilient and sustainable systems – Create actionable alerts – Learn from your experiences. To sum up he tells everyone to care about the on-call people resulting in a good on-call service and user experience which will prevent a loss of users and money.
The Director of UX at Grafana Labs David Kaltschmidt gave an update on whats new and upcoming in Grafana focusing on the logging feature in “Logging is coming to Grafana“. The new menu entry Explore allows to easily querying Prometheus metrics including functions – just one click away – for rate calculation or average and it works the same for logging entries as a new type of datasource. This feature should be very useful in a Kubernetes environment to do some distributed tracing. If you are interested in this feature it should be available as beta in December.
Distributed Tracing FAQ” was also the title of Gianluca Arbezzano‘s talk. I can really recommend his talk for the good explanation on why and how to trace requests through more and more complex, distributed services of nowadays. If you are more interested in tool links, he recommends Opentracing as library, Zipkin as frontend and of course InfluxDB as backend.
This year Bernd’s talk about the “Current State of Icinga” was crowded and interesting as always. I skip the organizational things like interest in the project is growing according to website views, customers talking about their usage, partners, camps and meetups all over the world. From the technical aspects Icinga 2 had a release bringing more stabilization, improved Syntax Highlighting and as new feature Namespacing. The coming Director release brings support for multiple instances helping with staging, health checks and a configuration basket allowing to easily export and import configuration. A new Icinga Web 2 module X509 helps managing your certificate infrastructure, available next week on github. The one for VMware vSphere (sponsored by dmTECH) is already released and was shown in a demo by Tom who developed it. Icinga DB will replace IDO as a backend moving volatile data to Redis and data to be keeped will be stored to MySQL or PostgreSQL and there will also be a new Monitoring Module for Icinga Web 2 to make use of it, all available hopefully in two weeks.
This year’s OSMC provided something special as the last talk of the first day with an authors’ panel including Marianne Spiller (Smart Home mit openHAB 2), Jan Piet Mens (Alternative DNS Servers – Choice and deployment, and optional SQL/LDAP back-ends), Thomas Widhalm and Lennart Betz (Icinga 2 – Ein praktischer Einstieg ins Monitoring) moderated by Bernd and answering questions from the audience.
If you want to get more details or pictures have a look at Twitter. There will also be a post by Julia giving a more personal view on the conference from interviewing some attendees and one of me covering the talks of the second day, but now I am heading for the evening event.

Dirk Götz
Dirk Götz
Senior Consultant

Dirk ist Red Hat Spezialist und arbeitet bei NETWAYS im Bereich Consulting für Icinga, Puppet, Ansible, Foreman und andere Systems-Management-Lösungen. Früher war er bei einem Träger der gesetzlichen Rentenversicherung als Senior Administrator beschäftigt und auch für die Ausbildung der Azubis verantwortlich wie nun bei NETWAYS.

NETWAYS Webinare – Jetzt mit OpenStack !

Wieder einmal mehr haben wir an unserem Webinar Kalender geschraubt – diesmal möchten wir euch etwas über OpenStack erzählen.

OpenStack: Infrastructure Hosting by NETWAYS
Dort wollen wir unsere neue OpenStack IaaS Plattform vorstellen und die Vorteile, welche sich hieraus ergeben. Dadurch gewähren wir unseren Kunden maximale Transparenz, Flexibilität und eigenes Management der IT-Umgebungen.
Als Termin ist der 17. Oktober 2018 um 10:30 Uhr angesetzt.
Die Anmeldung zum Webinar ist hier möglich.
Darüber hinaus möchte ich eine weitere Änderung in unserem Webinar Kalender ankündigen: Das Webinar Icinga 2: Monitoring für Windows musste leider verschoben werden und zwar auf den 05. Dezember 2018 um 10:30 Uhr. Eine Mitteilung an alle Teilnehmer ging heute morgen bereits raus.
Anbei gibt es hier einmal die aktuelle Webinar Liste im Überblick:

Selbstverständlich werden wieder alle Webinare aufgezeichnet und auf unserem YouTube Channel veröffentlicht.
Ich freue mich wie immer auf eine rege Teilnahme und die Webinare!

Christian Stein
Christian Stein
Lead Senior Account Manager

Christian kommt ursprünglich aus der Personalberatungsbranche, wo er aber schon immer auf den IT Bereich spezialisiert war. Bei NETWAYS arbeitet er als Senior Sales Engineer und berät unsere Kunden in der vertrieblichen Phase rund um das Thema Monitoring. Gemeinsam mit Georg hat er sich Mitte 2012 auch an unserem Hardware-Shop "vergangen".

Die Extrawurst

Icinga Web 2 bietet eine Reihe von Möglichkeiten, Gruppen-Mitgliedschaften zuzuweisen. Am häufigsten werden Gruppenmitgliedschaften entweder via Web angelegt oder aus einem LDAP-Verzeichnis gezogen. Der bekannteste Vertreter dabei ist Microsofts Active Directory.
Weniger bekannt ist, dass man in eigenen Modulen Benutzer- sowie Gruppenmitgliedschafts-Backends bereitstellen kann. Manchmal braucht man aber gar nicht ein volles Backend, sondern nur ein paar kleine Korrekturen. Aus einem solchen Grund entstand diese Woche in einem Kundenprojekt ein neues Icinga Web 2 Modul: Extragroups.

Zusätzliche Gruppen für jeden

Einmal installiert, lassen sich in der config.ini des Moduls flexible Regeln definieren.
[Jeder ist ein Mimimi]
add_groups = "Mimimi"

Das allein hat erst mal keinen Effekt, also hinterlegen wir in der /etc/icingaweb2/roles.ini eine Rolle, welche unseren Usern eine entsprechende Einschränkung verpasst:
[Mimimi Demo]
groups = "Mimimi"
monitoring/filter/objects = "host_name=*mi*"

Sobald wir uns neu anmelden sind wir Mitglied der Gruppe “Mimimi” und sehen nur noch Hosts welche “mi” enthalten. Dabei ist nebensächlich, ob eine Benutzergruppe namens “Mimimi” existiert oder nicht.

Mustervergleich mit Benutzernamen

Lasst uns das Ganze ein wenig einschränken:
[Alle Heuler sollen Mimimis werden]
user_filter = "username=*heul*"
add_groups = "Mimimi"

Was hier passiert dürfte klar sein, wir machen nur noch unsere Heuler zu Mimimis.

Regeln basierend auf Umgebungsvariablen

Ihr möchtet alle Benutzer mit ein paar Ausnahmen in eine spezielle Gruppe geben, aber nur wenn diese remote arbeiten? Erstellt einfache eine auf deren IP-Range basierende Regel:
[Einschränkung wenn via VPN verbunden]
env_filter = "REMOTE_ADDR=192.0.2.*"
user_filter = "username!=tom&username!=admin"
add_groups = "Via VPN verbunden"

Ähnlich wie REMOTE_ADDR in diesem Beispiel können alle vom Web-Server bereitgestellten Umgebungsvariablen benutzt werden. Im nächsten Beispiel zeigen wir Netzwerk-Admins welche via Nagstamon angemeldet sind lediglich wirklich wichtige Hosts und Services:
[Filter für Nagstamon]
env_filter = "HTTP_USER_AGENT=Nagstamon*"
user_filter = "group=Network Admin"
add_groups = "VIP objects filter"

VORSICHT: Der User-Agent kann einfachst gefälscht werden. Dieses Beispiel dient dem Komfort unserer Benutzer: sie wollen in Nagstamon nicht mit allen Problemen belästigt werden. Für sicherheitskritische Regeln taugt der User-Agent nicht.

Mehrere Gruppen zuweisen

Manchmal will man mehrere Gruppen auf einmal zuweisen, ohne die ganze Regel zu klonen. Das lässt sich einfach bewerkstelligen, denn add_groups akzeptiert eine Komma-getrennte Liste:
[VPN-Benutzer einschränken]
; ..
add_groups = "Eingeschränkte Benutzer, Spezielle Dashboards, Business-Prozesse"

Soll die Gruppenliste noch dynamischer sein? Vorausgesetzt dass ein Webserver-Modul oder dessen Konfiguration diese Information bereitstellt, lässt sich jede Umgebungsvariable via {VARIABLE_NAME} nutzen:
[Gruppen des SSO-Moduls zuweisen]
add_groups = "{HTTP_AUTHZ_GROUPS}"

Auch in Strings die aus Umgebungsvariablen kommen funktioniert das Komma (,) als Trennzeichen. Und man kann natürlich Variablen-Platzhalter mit statischen Werten kombinieren:
[Eine Reihe von Gruppen]
add_groups = "Spezial-Gruppe, {REMOTE_GROUPS}, {HTTP_AUTHZ_GROUPS}"

Auf Gruppenmitgliedschaften basierende Regeln

Der user_filter erlaubt auch Regeln basierend auf bereits zugewiesene Gruppen. In unserem umfangreicheren letzten Beispiel erhalten alle Benutzer zusätzliche Gruppenmitgliedschaften via HTTP_AUTHZ_GROUPS. Na gut, jeder außer der guest und der admin-Benutzer.
Wenn sie Nagstamon nutzen während sie via VPN verbunden sind, sollen sie zusätzlich in die Gruppe Nagstamon Remote kommen.
Wird Nagstamon ohne VPN benutzt, sollen Mitglieder der Gruppen “Linux Benutzer” und/oder “Unix Benutzer” in die Gruppe “Nagstamon Lokal” kommen. Alle außer dem admin:
[Gruppen des SSO-Moduls zuweisen]
add_groups = "{HTTP_AUTHZ_GROUPS}"
user_filter = "user_name!=guest&username!=admin"

[Nagstamon via VPN]
env_filter = "REMOTE_ADDR=192.0.2.*&HTTP_USER_AGENT=Nagstamon*"
add_groups = "Nagstamon Remote"

[Nagstamon ohne VPN]
env_filter = "REMOTE_ADDR!=192.0.2.*&HTTP_USER_AGENT=Nagstamon*"
user_filter = "username!=admin&(group=Linux Benutzer|group=Unix Benutzer)"
add_groups = "Nagstamon Local"

Dabei gilt es zu beachten, dass der Filter basierend auf die group-Eigenschaft nur Gruppen sieht, welche von vorhergehenden Regeln zugewiesen wurden. Von anderen Backends bereitgestellte Gruppenmitgliedschaften sind nicht zugänglich.
Das war’s auch schon, viel Spaß!

Thomas Gelf
Thomas Gelf
Principal Consultant

Der gebürtige Südtiroler Tom arbeitet als Principal Consultant für Systems Management bei NETWAYS und ist in der Regel immer auf Achse: Entweder vor Ort bei Kunden, als Trainer in unseren Schulungen oder privat beim Skifahren in seiner Heimatstadt Bozen. Neben Icinga und Nagios beschäftigt sich Tom vor allem mit Puppet.

March Snap 2018 > OSBConf2018, Icinga 2 Book Reloaded, OS Monitoring, OSDC, NETWAYS Monitoring

Hello Sunshine!! Blerim shared the most important things to consider while writing „the impact of voice and tone in writing“. Then followed Systemd- Unitfiles and Multi-Instanz- Setups by Dirk, Isabel ‘s news on NETWAYS Monitor for Temperature and humidity, Keya‘s insights on the Ceph training and Nicole`s stories about NETWAYS Web Services: Meet and greet at Icinga Camp Berlin 2018.
Here is the checklist to be a speaker at the OSBConf2018 and early bird discount said Keya. Marius let us know that Gitlab now supports Let’s Encrypt. Gunnar showed us how to play in the cloud. Killian talked about server maintenance for colleagues. Keya announced the NETWAYS upcoming April TrainingsJohannes taught us RT Extensions Made Easy. Lennart announced Icinga 2 Book Reloaded. Let’s talk about OS Monitoring said KeyaPhilips Brilliance 258B6 and macOS were brought to us by Tim. Markus talked about MSSQL databases from Icinga Web 2Daniel reported on Elastic {ON} 2018 Travel Report and Review.

Keya Kher
Keya Kher
Marketing Manager

Keya ist seit Oktober 2017 in unserem Marketing Team. Sie kennt sich mit Social Media Marketing aus und ist auf dem Weg, ein Grafikdesign-Profi zu werden. Wenn sie sich nicht kreativ auslebt, entdeckt sie andere Städte oder schmökert in einem Buch. Ihr Favorit ist “The Shiva Trilogy”.  

Icinga Director: Active Directory User als Kontakte importieren

Heute erklären wir euch im Schnelldurchlauf wie man Kontakte aus dem Active Directory in den Icinga Director importiert.
Als Grundlage konfigurieren wir das Active Directory als Ressource im Icinga-Web 2
# vi /etc/icingaweb2/resources.ini
type = "ldap"
hostname = "ms-ad.supercorp.com"
port = "389"
encryption = "none"
root_dn = "DC=supercorp,DC=com"
bind_dn = "CN=bind_user,OU=Users,DC=supercorp,DC=com"
bind_pw = "*******"

Danach muss der Import im Icinga Director erstellt werden. Dazu geht ihr im Icinga Director auf Automation => Import Source => Add und legt den Import wie folgt an:

Wichtig ist hierbei der LDAP Filter mit mail=*. Dadurch werden nur Benutzer importiert die auch eine E-Mail-Adresse haben. Bei Benutzern ohne E-Mail-Adresse würde der spätere Sync fehlschlagen.
Im Anschluss erstellt ihr den dazu passenden Sync unter Automation => Sync Rule => Add

Die Customvariable var.import wird zwar nicht zwingend benötigt, ich verwende sie aber um später die Möglichkeit zur Filterung zu haben. So kann man (neben der History Funktion) erkennen ob ein Kontakt manuell oder vom Import angelegt worden ist.

Tobias Redel
Tobias Redel
Head of Professional Services

Tobias hat nach seiner Ausbildung als Fachinformatiker bei der Deutschen Telekom bei T-Systems gearbeitet. Seit August 2008 ist er bei NETWAYS, wo er in der Consulting-Truppe unsere Kunden in Sachen Open Source, Monitoring und Systems Management unterstützt. Insgeheim führt er jedoch ein Doppelleben als Travel-Hacker, arbeitet an seiner dritten Millionen Euro (aus den ersten beiden ist nix geworden) und versucht die Weltherrschaft an sich zu reißen.

Monitoring – it’s all about integration and automation – OSMC 2017 Hackathon

OSMC 2017
Also this year we organized a hackathon as follow up and managed to get about 50 people to work on actual coding. We started again with a small round of introduction so everyone had the chance to find people with same interests or knowledge needed. Afterwards people started to hack on Icinga 2, Icinga Web 2, different Modules, OpenNMS, Zabbix, Mgmt, NSClient++, Docker containers, Ansible and Puppet code or simply help others with configuration and other tasks to solve in their environment.
Here is a list of some things developed or at least designed today:
* Tom accepted and improved some of my pull requests, so the director got more property modifiers
* He also was working on improving notifications to allow managing them via a custom attribute of hosts and services
* Markus was improving Icinga packaging resulting in new package releases for SLES and support for Fedora 27
* Bodo was trying to move the ruby library for Icinga 2 to 1.0.0 release and got valuable input by Gunnar for displaying API coverage
* Thomas improved his diagnostics script for Icinga 2 to help with troubleshooting
* Nicola was working on a graphical picker for the geolocation in the Director for his awesome map module while getting several other ideas and requests
* David started a Single Sign On module for Icinga Web 2
* Mgmt got some improvements by Julien, Toshaan und James
* Michael was working on Elastic integration and web based installer for NSClient++
* Gunnar and Michael discussed so many features they actual did not find time for hacking, but keep our eyes open for Elastic 6 support and datatypes for arguments
* Steffen, Blerim and Michael discussed how to fix a problem with running two Icingabeat instances which now could probably be solved
* Stephan finally solved the management issue of red alerts in Icinga Web 2 😉

Furthermore an impressive amount of knowledge was transferred, user questions got answered and problems got solved. One thing I am really happy about seeing one user to use the URL encode property modifier only minutes after being accept by Tom to create Hostgroups including membership assignment from PuppetDB. But I want to end this blogpost with one really cool thing Dave from the Australian Icinga Partner Sol1 showed us. This map displays all pubs in Australia because it monitors Satellite receivers to visualize any large outages for Sky Racing Australia.
Map of Australian Pubs by Sol1
So have a nice weekend and keep on hacking.

Dirk Götz
Dirk Götz
Senior Consultant

Dirk ist Red Hat Spezialist und arbeitet bei NETWAYS im Bereich Consulting für Icinga, Puppet, Ansible, Foreman und andere Systems-Management-Lösungen. Früher war er bei einem Träger der gesetzlichen Rentenversicherung als Senior Administrator beschäftigt und auch für die Ausbildung der Azubis verantwortlich wie nun bei NETWAYS.

Monitoring – it’s all about integration and automation – OSMC 2017 Day 2

OSMC 2017
The second day started with “Monitoring – dos and don’ts” presented by Markus Thiel. Room was already full on the first talk what was not expected when people move from evening event to late lounge and then at 5 o’clock in the morning to the hotel. Event was great great with good food, drinks and chat. But Julia already wrote about that so I will focus on the talks and Markus one was nicely showing “don’ts” I also recognize from my daily work as consultant and helped with tips how to avoid them. He got deeply into details so I can not repeat everything, but just to summarize the biggest problem is always communication between people or systems, perhaps you already knew this from your daily business.
The second talk I attended was Bodo Schulz talking about automated and distributed monitoring of a continuous integration platform. He created his own service discovery named Brain which discovers services and put them into Redis which is then read by Icinga 2 and Grafana for creating configuration. Pinky is his simple stack for visualisation consisting of containers. Both of them are integrated in the platform, one Brain for every pipeline, one Pinky for every team. If you did not get the reference. watch the intro on youtube. His workarounds for features he missed were also quite interesting like implementing his own certificate signing service for Icinga 2 or displaying License data in Grafana. And of course he had a live demo to show all this fancy stuff which was great to see.
Tom was giving the third talk of the day about automated monitoring in heterogeneous environments showing real life scenarios using the Director‘s capabilities. He started with the basics explaining how import, synchronization and jobs work and followed by importing from an old Icinga environment utilizing SQL and the IDO database. In the typical scenario for importing from a CMDB Tom showed typical problems like bad quality of input data and how to workaround with the Director to get a good quality of output. Another scenario explained how to get data from Active Directory for the Windows part of your environment. For VMware users he show the already released vSphere module and also the prototype of the vSphereDB module which adds some more visualization and for AWS users the corresponding module. And the last one showed how to import Excel files using the Fileshipper. And of course he explained how easy it is to create your own import source.
Right after the excellent lunch and the even better event massage Marianne Spiller‘s talk “Ich sehe was, was du nicht siehst (… und das ist CRITICAL!)” (in English “I spy with my little eye something CRITICAL!”) focused on how to get a good monitoring environment with a high user acceptance up and running. Being realistic and show everyone his benefits are the best tips she gave but also she could not provide the one solution that fits all. For more of her tips ranging from technical to organizational I can recommend her blog.
Lennart and Janina Tritschler were talking about distributed Icinga 2 environments automated by Puppet. Really happy to see the talk because Janina adopted Icinga 2 after a fundamentals training I gave about a year ago. They started with a basic introduction of distributed monitoring with Icinga 2 as master, satellite and agent and configuration management with Puppet including exported resources. Afterwards they were diving deeper into the Puppet module for Icinga 2 and how to use it for installation and configuration of the environment. In their demos they included several virtual machines to show how easily this can be done.
In the last break the winner of the gambling at the evening event got his price, a retro game console.
Last but not least I decided for Kevin Honka‘s talk “Icinga 2 + Director, flexible Thresholds with Ansible” in favor of Thomas talking about troubleshooting Icinga2. But I am sure his talk was great as troubleshooting is his daily business as our Lead Support Engineer. Kevin was unhappy with static threshold configured in their Monitoring environment so started to develop a python script to include in his Ansible workflow which modifies thresholds using the Director API. On his roadmap is extending it by creating a Icinga 2 python library usable for others, utilizing this library in a real Ansible module and extending functionality.
Thanks to all speakers, attendees and sponsors leaving today for the great conference, save travels and see you next year on November 5th – 8th for the next OSMC. And of course a nice dinner and happy hacking to all staying for the hackathon tomorrow, I will keep our readers informed on the crazy things we manage to build.

Dirk Götz
Dirk Götz
Senior Consultant

Dirk ist Red Hat Spezialist und arbeitet bei NETWAYS im Bereich Consulting für Icinga, Puppet, Ansible, Foreman und andere Systems-Management-Lösungen. Früher war er bei einem Träger der gesetzlichen Rentenversicherung als Senior Administrator beschäftigt und auch für die Ausbildung der Azubis verantwortlich wie nun bei NETWAYS.

Monitoring – it's all about integration and automation – OSMC 2017 Day 1

OSMC 2017
Also for the 12th OSMC we started on Tuesday with a couple of workshops on Icinga, Ansible, Graphing and Elastic which were famous as always and afterwards with meet and greet at the evening dinner. But the real start was as always a warm Welcome from Bernd introducing all the small changes we had this year like having so many great talks we did three in parallel on the first day. Also we had the first time more English talks than German and are getting more international from year to year which is also the reason for me blogging in English.
The first talk of the day I attended was James Shubin talking about “Next Generation Config Mgmt: Monitoring” as he is a great entertainer and mgmt is a really a great tool. Mgmt is primarily a configuration management solution but James managed in his demos to build a bridge to monitoring as mgmt is event driven and very fast. So for example he showed mgmt creating files deleted faster then a user could recognize they are gone. Another demo of mgmt’s reactivity was visualizing the noise in the room, perhaps not the most practical one but showing what you can do with flexible inputs and outputs. In his hysteresis demo he showed mgmt monitoring systemload and scale up and down the number of virtual machines depending on it. James is as always looking for people who join the project and help hacking, so have a look at mgmt (or the recording of one of his talks) and perhaps join what could really be the next generation of configuration management.
Second one was Alba Ferri Fitó talking about community helping her doing monitoring at Vodafone in her talk “With a little help from…the community”. She was showing several use cases e.g. VMware monitoring she changed from passive collection of snmptraps to proactively monitoring the infrastructure with check_vmware_esx. Also she helped to integrate monitoring in the provisioning process with vRealise using the Icinga 2 API, did a corporate theme to get a better acceptance, implemented log monitoring using the sticky option from check_logfiles, created her own scripts to monitor things she was told they could only be monitored by SCOM or using expect for things only having an interactive “API”. It was a great talk sharing knowledge and crediting community for all the code and help.
Carsten Köbke and our Michael were telling “Ops and dev stories: Integrate everything into your monitoring stack”. So Carsten as the developer of the Icinga Web 2 module for Grafana started the talk about his motivation behind and experience gained by developing this module. Afterwards Michael was showing more integration like the Map module placing hosts on an Openstreet map, dashboards, ticket systems, log and event management solutions like Greylog and Elastic including the Icingabeat and an very early prototype (created on the day before) for a module for Graylog.
After lunch which was great as always I attended “Icinga 2 Multi Zone HA Setup using Ansible” by Toshaan Bharvani. He is a self-employed consultant with a history in monitoring starting with Nagios, using Icinga and Shinken for a while and now utilizing Icinga 2 to monitor his costumer’s environments. His ansible playbooks and roles showed a good practical example for how to get such a distributed setup up and running and he also managed to explain it in a way also people not using Ansible at all could understand it.
Afterwards Tobias Kempf as the monitoring admin and Michael Kraus as the consultant supporting him talked about a highly automated monitoring for Europe’s biggest logistic company. They used omd to build a multilevel distributed monitoring environment which uses centralized configuration managed with a custom webinterface, coshsh as configuration generator and git, load distribution with mod_gearman and patch management with Ansible.
Same last talk like every year Bernd (representing the Icinga Team) showed the “Current State of Icinga”. Bernd shortly introduced the project and team members before showing some case studies like Icinga being deployed on the International Space Station. He also promoted the Icinga Camps and our effort to help people to run more Icinga Meetups. Afterwards he started to dive into technical stuff like the new incarnation of Icinga Exchange including full Github sync, the documentation and package repository including numbers of downloads which were a crazy 50000 downloads just for CentOS on one day. Diving even deeper into Icinga itself he showed the new CA Proxy feature allowing multilevel certificate signing and automatic renewal which was sponsored by Volkswagen like some others, too. Some explanation on projects effort on Configuration management and which API to use in the Icinga 2 environment for different use cases followed before hitting the topic logging. For logging Icinga project now provides output for Logstash and Elasticsearch in Icinga 2, the Icingabeat, the Logstash output which could create monitoring objects in Icinga 2 on the fly and last but not least the Elasticsearch module for Icinga Web 2. In his demos he also showed the new improved Icinga Web 2 which adds even more eye candy. Speaking about eye candy also the latest version of Graphite module which will get released soon looks quite nice. Another release pending will be the Icinga Graphite installer using Ansible and Packaging to provide an easy way to setup Graphite. So keep an eye on release blogposts coming next weeks.
It is nice to see topics shift through the years. While the topics automation and integration were quite present in the last years it was main focus of many talks this year. This nicely fits my opinion that you as a software developer should care about APIs to allow easy integration and as an administrator you should provide a single interface I sometimes call “single point of administration”.
Colleagues have collected some pictures for you, if you want to see more follow us or #osmc on Twitter. So enjoy these while I will enjoy the evening event and be back tomorrow to keep you updated on the talks of second day.

Dirk Götz
Dirk Götz
Senior Consultant

Dirk ist Red Hat Spezialist und arbeitet bei NETWAYS im Bereich Consulting für Icinga, Puppet, Ansible, Foreman und andere Systems-Management-Lösungen. Früher war er bei einem Träger der gesetzlichen Rentenversicherung als Senior Administrator beschäftigt und auch für die Ausbildung der Azubis verantwortlich wie nun bei NETWAYS.