- Overview
- Module Description - What the module does and why it is useful
- Setup - The basics of getting started with icinga2
- Usage - Configuration options and additional functionality
- Reference - An under-the-hood peek at what the module is doing and how
- Development - Guide for contributing to the module
Icinga 2 is a widely used open source monitoring software. This Puppet module helps with installing and managing configuration of Icinga 2 on multiple operating systems.
This module installs and configures Icinga 2 on your Linux or Windows hosts.
By default it uses packages provided by your distribution's repository or Chocolatey on Windows.
The module can also be configured to use packages.icinga.com as the primary repository, which enables you to install Icinga 2 versions that are newer than the ones provided by your distribution's vendor. All features and objects available in Icinga 2 can be enabled and configured with this module.
- Installation of packages
- Configuration of features
- Configuration of objects (also apply rules)
- Service
- MySQL / PostgreSQL Database Schema Import
- Repository Management
- Certification Authority
This module depends on:
- puppetlabs/stdlib >= 4.10.0
- puppetlabs/concat >= 2.0.1
Depending on your setup following modules may also be required:
- puppetlabs/apt >= 1.8.0
- puppetlabs/chocolatey >= 0.7.0
- darin/zypprepo >= 1.0.2
This module has been tested on:
- Ruby >= 1.9
- Debian 7, 8
- Ubuntu 14.04, 16.04
- CentOS/RHEL 6, 7
- Caution: CentOS 6 comes with Ruby 1.8.7 by default
- SLES 12
- Windows Server 2012
Other operating systems or versions may work but have not been tested.
It's recommended to enable the future parser when using this module in combination with exported resources.
The default class icinga2
installs and configures a basic installation of Icinga 2. The features checker
, mainlog
and notification
are enabled by default.
By default, your distribution's packages are used to install Icinga 2. On Windows systems we use the Chocolatey package manager.
Use the manage_repo
parameter to configure the official packages.icinga.com repositories.
class { '::icinga2':
manage_repo => true,
}
Each Icinga 2 feature can be enabled or disabled by using the according classes. Additionally there is a set of default
features that are enabled by default: [ 'checker', 'mainlog', 'notification' ]
The default set of features can be changed with the features
parameter:
class { '::icinga2':
manage_repo => true,
features => ['checker', 'mainlog', 'command'],
}
Enable and configure features by using the associated classes:
class { '::icinga2::feature::graphite':
host => '10.10.0.15',
port => 2003,
enable_send_thresholds => true,
enable_send_metadata => true,
}
The IDO feature can be enabled either in combination with MySQL or PostgreSQL.
Depending on your database you need to enable the feature icinga2::feature::idomysql
or icinga2::feature::idopgsql
.
Both features are capable of importing the base schema into the database, however this is disabled by default. Updating the database schema to another version is currently not supported.
The IDO features require a pre-existing database and an user with permissions to create schema, and edit data
When using MySQL we recommend the puppetlabs/mysql Puppet module to install the database server, create a database and manage user permissions. Here's an example how you create a MySQL database with the corresponding user with permissions by using the puppetlabs/mysql module:
include ::icinga2
include ::mysql::server
mysql::db { 'icinga2':
user => 'icinga2',
password => 'supersecret',
host => 'localhost',
grant => ['SELECT', 'INSERT', 'UPDATE', 'DELETE', 'DROP', 'CREATE VIEW', 'CREATE', 'INDEX', 'EXECUTE', 'ALTER'],
}
class{ '::icinga2::feature::idomysql':
user => 'icinga2',
password => 'supersecret',
database => 'icinga2',
import_schema => true,
require => Mysql::Db['icinga2'],
}
For PostgreSQL we recommend the puppetlabs/puppetlabs-postgresql module. You can install the server, create databases and manage user permissions with the module. Here's an example on how to use it in combination with Icinga 2:
include ::icinga2
include ::postgresql::server
postgresql::server::db { 'icinga2':
user => 'icinga2',
password => postgresql_password('icinga2', 'supersecret'),
}
class{ '::icinga2::feature::idopgsql':
user => 'icinga2',
password => 'supersecret',
database => 'icinga2',
import_schema => true,
require => Postgresql::Server::Db['icinga2'],
}
Icinga 2 can run in three different roles:
- in a master zone which is on top of the hierarchy
- in a satellite zone which is a child of a satellite or master zone
- a standalone client node/zone which works as an agent connected to master and/or satellite zones
To learn more about Icinga 2 Clustering, follow the official docs on distributed monitoring. The following examples show how these roles can be configured using this Puppet module.
A Master zone has no parent and is usually also the place where you enable the IDO and notification features. A master sends configurations over the Icinga 2 protocol to satellites and/or clients.
More detailed examples can be found in the examples directory.
Ths examples creates the configuration for a master that has one satellite connected. A global zone is created for templates, and all features of a typical master are enabled.
class { '::icinga2':
confd => false,
features => ['checker','mainlog','notification','statusdata','compatlog','command'],
constants => {
'ZoneName' => 'master',
},
}
class { '::icinga2::feature::api':
accept_commands => true,
# when having multiple masters, you should enable:
# accept_config => true,
endpoints => {
'master.example.org' => {},
'satellite.example.org' => {
'host' => '172.16.2.11'
}
},
zones => {
'master' => {
'endpoints' => ['master.example.org'],
},
'dmz' => {
'endpoints' => ['satellite.example.org'],
'parent' => 'master',
},
}
}
icinga2::object::zone { 'global-templates':
global => true,
}
A satellite has a parent zone and one or multiple child zones. Satellites are usually created to distribute the monitoring load or to reach delimited zones in the network. A satellite either executes checks itself or delegates them to a client.
The satellite has less features enabled, but executes checks similar to a master. It connects to a master zone, and to and satellite or client below in the hierarchy. As parent acts either the master zone, or another satellite zone.
class { '::icinga2':
confd => false,
features => ['checker','mainlog'],
constants => {
'ZoneName' => 'dmz',
},
}
class { '::icinga2::feature::api':
accept_config => true,
accept_commands => true,
endpoints => {
'satellite.example.org' => {},
'master.example.org' => {
'host' => '172.16.1.11',
},
},
zones => {
'master' => {
'endpoints' => ['master.example.org'],
},
'dmz' => {
'endpoints' => ['satellite.example.org'],
'parent' => 'master',
},
}
}
icinga2::object::zone { 'global-templates':
global => true,
}
Icinga 2 runs as a client usually on each of your servers. It receives config or commands from a satellite or master zones and runs the checks that have to be executed locally.
The client is connected to the satellite, which is the direct parent zone.
class { '::icinga2':
confd => false,
features => ['checker','mainlog'],
}
class { '::icinga2::feature::api':
pki => 'none',
accept_config => true,
accept_commands => true,
endpoints => {
'NodeName' => {},
'satellite.example.org' => {
'host' => '172.16.2.11',
}
},
zones => {
'ZoneName' => {
'endpoints' => ['NodeName'],
'parent' => 'dmz',
},
'dmz' => {
'endpoints' => ['satellite.example.org'],
}
}
}
icinga2::object::zone { 'global-templates':
global => true,
}
With this module you can create almost every object that Icinga 2 knows about. When creating objects some parameters are required. This module sets the same requirements as Icinga 2 does. When creating an object you must set a target for the configuration.
Here are some examples for some object types:
icinga2::object::host { 'srv-web1.fqdn.com':
display_name => 'srv-web1.fqdn.com',
address => '127.0.0.1',
address6 => '::1',
check_command => 'hostalive',
target => '/etc/icinga2/conf.d/srv-web1.fqdn.com.conf',
}
icinga2::object::service { 'uptime':
host_name => 'srv-web1.fqdn.com',
display_name => 'Uptime',
check_command => 'check_uptime',
check_interval => '600m',
groups => ['uptime', 'linux'],
target => '/etc/icinga2/conf.d/uptime.conf',
}
icinga2::object::hostgroup { 'monitoring-hosts':
display_name => 'Linux Servers',
groups => [ 'linux-servers' ],
target => '/etc/icinga2/conf.d/groups2.conf',
assign => [ 'host.vars.os == "linux"' ],
}
To generate a valid Icinga 2 configuration all object attributes are parsed. This simple parsing algorithm takes a decision for each attribute, whether part of the string is to be quoted or not, and how an array or dictionary is to be formatted.
An array, a hash or a string can be assigned to an object attribute. True and false are also valid values.
Hashes and arrays are created recursively, and all parts – such as single items of an array, keys and its values are parsed separately as strings.
Strings are parsed in chunks, by splitting the original string into separate substrings at specific keywords (operators)
such as +
, -
, in
, &&
, ||
, etc.
NOTICE: This splitting only works for keywords that are surrounded by whitespace, e.g.:
attr => 'string1 + string2 - string3'
The algorithm will loop over the parameter and start by splitting it into 'string1' and 'string2 - string3'. 'string1' will be passed to the sub function 'value_types' and then the algorithm will continue parsing the rest of the string ('string2 - string3'), splitting it, passing it to value_types, etc.
Brackets are parsed for expressions:
attr => '3 * (value1 - value2) / 2'
The parser also detects function calls and will parse all parameters separately.
attr => 'function(param1, param2, ...)'
True and false can be used as either booleans or strings.
attrs => true or attr => 'true'
In Icinga you can write your own lambda functions with {{ ... }}. For Puppet use:
attrs => '{{ ... }}'
The parser analyzes which parts of the string have to be quoted and which do not.
As a general rule, all fragments are quoted except for the following:
- Boolean:
true
,false
- Numbers:
3
or2.5
- Time Intervals:
3m
or2.5h
(s = seconds, m = minutes, h = hours, d = days) - Functions:
{{ ... }}
or function()
{}
- All constants, which are declared in the constants parameter in main class
icinga2
NodeName
- Names of attributes that belong to the same type of object:
- e.g.
name
andcheck_command
for a host object
- e.g.
- All attributes or variables (custom attributes) from the host, service or user contexts:
host.name
,service.check_command
,user.groups
, ...
It's not currently possible to use arrays or dictionaries in a string, like
attr => 'array1 + [ item1, item2, ... ]'
Assignments other than simple attribution are not currently possible either, e.g. building something like
vars += config
Some objects support to be applied to other objects. To create a simple apply rule you must set the apply
parameter to
true
. If this parameter is set to a string, this string will be used to build an apply for
loop. A service object
always targets a host object. All other objects need to explicitly set an apply_target
Apply a SSH service to all Linux hosts:
icinga2::object::service { 'SSH':
target => '/etc/icinga2/conf.d/test.conf',
apply => true,
assign => [ 'host.vars.os == Linux' ],
ignore => [ 'host.vars.os == Windows' ],
display_name => 'Test Service',
check_command => 'ssh',
}
Apply notifications to services:
icinga2::object::notification { 'testnotification':
target => '/etc/icinga2/conf.d/test.conf',
apply => true,
apply_target => 'Service',
assign => [ 'host.vars.os == Linux' ],
ignore => [ 'host.vars.os == Windows' ],
user_groups => ['icingaadmins']
}
Assign all Linux hosts to a hostgroup:
icinga2::object::hostgroup { 'monitoring-hosts':
display_name => 'Linux Servers',
groups => [ 'linux-servers' ],
target => '/etc/icinga2/conf.d/groups2.conf',
assign => [ 'host.vars.os == "linux"' ],
}
A loop to create HTTP services for all vHosts of a host object:
icinga2::object::service { 'HTTP':
target => '/etc/icinga2/conf.d/http.conf',
apply => 'http_vhost => config in host.vars_http_vhost',
assign => [ 'host.vars.os == Linux' ],
display_name => 'HTTP Service',
check_command => 'http',
}
Handling the CA and certificates is an important part of Icinga 2, because the communication between Icinga processes requires SSL/TLS client certificates. This module offers multiple choices to configure this.
One of your Icinga master needs to behave as a CA. With the class icinga2::pki::ca
you can do following to fulfil
this requirement:
- Use the the
icinga2
CLI to generate a complete new CA
include ::icinga2
class { '::icinga2::pki::ca':
}
- Set a custom content of the CA certificate and key
include ::icinga2
class { '::icinga2::pki::ca':
ca_cert => '-----BEGIN CERTIFICATE----- ...',
ca_key => '-----BEGIN RSA PRIVATE KEY----- ...',
}
- Transfer a CA certificate and key from an existing CA by using the file resource:
include ::icinga2
file { '/var/lib/icinga2/ca/ca.crt':
source => '...',
tag => 'icinga2::config::file',
}
file { '/var/lib/icinga2/ca/ca.key':
source => '...',
tag => 'icinga2::config::file',
}
- Create a new CA with the
icinga2
CLI command and a certificate signed by this new CA. This is especially useful when seting up a fresh Icinga 2 master from scratch.
class { '::icinga2':
constants => {
'TicketSalt' => '5a3d695b8aef8f18452fc494593056a4',
}
}
class { '::icinga2::feature::api':
pki => 'ca',
endpoints => {
'localhost' => {
'host' => 'localhost',
}
},
zones => {
'master' => {
'endpoints' => ['localhost']
}
}
}
If you are looking for an option to use your Puppet CA, have a look to the Client/Satellite Certificates section.
In addition to the master, each client and satellite needs valid certificates to communicate with other Icinga 2 instances. This module offers following options to create these certificates:
- Use Puppet's CA and its client certificates. This is convenient since you don't need to maintain an additional CA.
include ::icinga2::feature::api
- Use a custom function implemented in this module to generate a certificate. This feature will to the following:
- Generate a key and certificate based on the FQDN of the host
- Save the certificate of another Icinga 2 instance, usually the Icinga master where your Icinga CA is located
- Generate a ticket based on the TicketSalt
- Request a signed certificate at your Icinga CA
class { '::icinga2::feature::api':
pki => 'icinga2',
ca_host => 'icinga2-master.example.com',
ticket_salt => '5a3d695b8aef8f18452fc494593056a4',
accept_config => true,
accept_commands => true,
endpoints => {
'NodeName' => {},
'icinga2-master.example.com' => {
'host' => '192.168.56.103',
}
},
zones => {
'NodeName' => {
'endpoints' => ['NodeName'],
'parent' => 'master',
},
'master' => {
'endpoints' => ['icinga2-master.example.com']
}
}
}
- Use custom file resources to transfer your own certificate and key
class { '::icinga2::feature::api':
pki => 'none',
}
file { "/etc/icinga2/pki/${::fqdn}.crt":
ensure => file,
tag => 'icinga2::config::file,
source => "puppet:///modules/profiles/certificates/${::fqdn}.crt",
}
file { "/etc/icinga2/pki/${::fqdn}.key":
ensure => file,
tag => 'icinga2::config::file,
source => "puppet:///modules/profiles/private_keys/${::fqdn}.key",
}
- Set a custom content for the certificate and key
class { '::icinga2::feature::api':
pki => 'none',
ssl_cacert => '-----BEGIN CERTIFICATE----- ...',
ssl_key => '-----BEGIN RSA PRIVATE KEY----- ...',
ssl_cert => '-----BEGIN CERTIFICATE----- ...',
}
- Fine tune TLS / SSL settings
class { '::icinga2::feature::api':
ssl_protocolmin => 'TLSv1.2',
ssl_cipher_list => 'HIGH:MEDIUM:!aNULL:!MD5:!RC4',
}
Sometimes it's necessary to cover very special configurations, that you cannot handle with this module. In this case you
can use the icinga2::config::file
tag on your file resource. The module collects all file resource types with this
tag and triggers a reload of Icinga 2 on a file change.
include ::icinga2
file { '/etc/icinga2/conf.d/for-loop.conf':
ensure => file,
source => '...',
tag => 'icinga2::config::file',
}
If you want to add custom configuration fragments to existing config files, you can do this with
icinga2::config::fragment
. It adds content into a specified target to the position you set in the order parameter.
You can use also Puppet templates to set the content of the config fragment.
For example, you can add custom functions to existing config files:
include ::icinga2
icinga2::object::service { 'load':
display_name => 'Load',
apply => true,
check_command => 'load',
assign => ['vars.os == Linux'],
target => '/etc/icinga2/conf.d/service_load.conf',
order => '30',
}
icinga2::config::fragment { 'load-function':
target => '/etc/icinga2/conf.d/service_load.conf',
order => '10',
content => 'vars.load_wload1 = {{
if (get_time_period("backup").is_inside) {
return 20
} else {
return 5
}
}}',
}
- Public classes
- Class: icinga2
- Class: icinga2::feature::checker
- Class: icinga2::feature::mainlog
- Class: icinga2::feature::notification
- Class: icinga2::feature::command
- Class: icinga2::feature::compatlog
- Class: icinga2::feature::graphite
- Class: icinga2::feature::livestatus
- Class: icinga2::feature::opentsdb
- Class: icinga2::feature::perfdata
- Class: icinga2::feature::statusdata
- Class: icinga2::feature::syslog
- Class::icinga2::feature::debuglog
- Class::icinga2::feature::gelf
- Class::icinga2::feature::influxdb
- Class::icinga2::feature::api
- Class::icinga2::feature::idopgsql
- Class::icinga2::feature::idomysql
- Class::icinga2::pki::ca
- Private classes
- Public defined types
- Defined type: icinga2::object::endpoint
- Defined type: icinga2::object::zone
- Defined type: icinga2::object::apiuser
- Defined type: icinga2::object::checkcommand
- Defined type: icinga2::object::host
- Defined type: icinga2::object::hostgroup
- Defined type: icinga2::object::dependency
- Defined type: icinga2::object::timeperiod
- Defined type: icinga2::object::usergroup
- Defined type: icinga2::object::notificationcommand
- Defined type: icinga2::object::notification
- Defined type: icinga2::object::service
- Defined type: icinga2::object::servicegroup
- Defined type: icinga2::object::downtime
- Defined type: icinga2::object::scheduleddowntime
- Defined type: icinga2::object::eventcommand
- Defined type: icinga2::object::checkresultreader
- Defined type: icinga2::object::compatlogger
- Defined type: icinga2::config::fragment
- Private defined types
The default class of this module. It handles the basic installation and configuration of Icinga 2. When you declare this class, Puppet will do the following:
- Install Icinga 2
- Place a default configuration for the Icinga 2 daemon
- Keep the default configuration of the Icinga 2 package
- Start Icinga 2 and enable the service
This class can be declared without adjusting any parameter:
class { '::icinga2': }
Parameters within icinga2
:
Defines if the service should be running
or stopped
. Defaults to running
If set to true
the Icinga 2 service will start on boot. Defaults to true
.
When set to true
this module will install the packages.icinga.com repository. With this official repo
you can get the latest version of Icinga. When set to false
the operating systems default will be used. As the Icinga
Project does not offer a Chocolatey repository, you will get a warning if you enable this parameter on Windows.
Default is false
Lets you decide if the Icinga 2 daemon should be reloaded when configuration files have changed. Defaults to true
A list of features to enable by default. Defaults to [checker, mainlog, notification]
Define if configuration files for features not managed by Puppet should be purged. Defaults to true.
Hash of constants. Defaults are set in the params class. Your settings will be merged with the defaults.
A list of the ITL plugins to load. Defaults to [ 'plugins', 'plugins-contrib', 'windows-plugins', 'nscp' ]
.
This is the directory where Icinga 2 stores it's object configuration by default. To disable this, set the parameter
to false
. It's also possible to assign your own directory. This directory is relative to etc/icinga2 and must be
managed outside of this module as file resource with tag icinga2::config::file. By default this parameter is true
.
Enables or disables the checker
feature.
Parameters of icinga2::feature::checker
:
Either present
or absent
. Defines if the feature checker
should be enabled. Defaults to present
.
Enables or disables the mainlog
feature.
Parameters of icinga2::feature::mainlog
:
Either present
or absent
. Defines if the feature mainlog
should be enabled. Defaults to present
.
Sets the severity of the mainlog
feature. Can be set to:
information
notice
warning
debug
Defaults to information
Absolute path to the logging file. Default depends on platform:
- Linux:
/var/log/icinga2/icinga2.log
- Windows:
C:/ProgramData/icinga2/var/log/icinga2/icinga2.log
Enables or disables the notification
feature.
Parameters of icinga2::feature::notification
:
Either present
or absent
. Defines if the feature notification
should be enabled. Defaults to present
.
Enables or disables the command
feature.
Parameters of icinga2::feature::command
:
Either present
or absent
. Defines if the feature command
should be enabled. Defaults to present
.
Absolute path to the command pipe. Default depends on platform:
- Linux:
/var/run/icinga2/cmd/icinga2.cmd
- Windows:
C:/ProgramData/icinga2/var/run/icinga2/cmd/icinga2.cmd
Enables or disables the compatlog
feature.
Parameters of icinga2::feature::compatlog
:
Either present
or absent
. Defines if the feature compatlog
should be enabled. Defaults to present
.
Absolute path to the command pipe. Default depends on platform:
- Linux:
/var/run/icinga2/cmd/icinga2.cmd
- Windows:
C:/ProgramData/icinga2/var/run/icinga2/cmd/icinga2.cmd
Absolute path to the log directory. Default depends on platform:
- Linux:
/var/log/icinga2/compat
- Windows:
C:/ProgramData/icinga2/var/log/icinga2/compat
Sets how often should the log file be rotated. Valid options are:
HOURLY
DAILY
WEEKLY
MONTHLY
Defaults to DAILY
Enables or disables the graphite
feature.
Parameters of icinga2::feature::graphite
:
Either present
or absent
. Defines if the feature graphite
should be enabled. Defaults to present
.
Graphite Carbon host address. Defaults to 127.0.0.1
.
Graphite Carbon port. Defaults to 2003
.
Template for metric path of hosts. Defaults to icinga2.$host.name$.host.$host.check_command$
.
Template for metric path of services. Defaults to icinga2.$host.name$.services.$service.name$.$service.check_command$
.
Send thresholds as metrics. Defaults to false.
Send metadata as metrics. Defaults to false.
Enables or disables the livestatus
feature.
Parameters of icinga2::feature::livestatus
:
Either present
or absent
. Defines if the feature livestatus
should be enabled. Defaults to present
.
Specifies the socket type. Can be either 'tcp' or 'unix'. Defaults to 'unix'
IP address to listen for connections. Only valid when socket_type is tcp
. Defaults to 127.0.0.1
Port to listen for connections. Only valid when socket_type is tcp
. Defaults to 6558
Specifies the path to the UNIX socket file. Only valid when socket_type is unix
. Default depends on platform:
- Linux:
/var/run/icinga2/cmd/livestatus
- Windows:
C:/ProgramData/icinga2/var/run/icinga2/cmd/livestatus
Required for historical table queries. Requires CompatLogger
feature to be enabled. Default depends platform:
Linux: var/icinga2/log/icinga2/compat
Windows: C:/ProgramData/icinga2/var/log/icinga2/compat
Enables or disables the opentsdb
feature.
Parameters of icinga2::feature::opentsdb
:
Either present
or absent
. Defines if the feature opentsdb
should be enabled. Defaults to present
.
OpenTSDB host address. Defaults to 127.0.0.1
OpenTSDB port. Defaults to 4242
Enables or disables the perfdata
feature.
Parameters of icinga2::feature::perfdata
:
Either present
or absent
. Defines if the feature perfdata
should be enabled. Defaults to present
.
Absolute path to the perfdata file for hosts. Default depends on platform:
- Linux:
/var/spool/icinga2/host-perfdata
- Windows:
C:/ProgramData/icinga2/var/spool/icinga2/host-perfdata
Absolute path to the perfdata file for services. Default depends on platform:
- Linux:
/var/spool/icinga2/service-perfdata
- Windows:
C:/ProgramData/icinga2/var/spool/icinga2/service-perfdata
Path to the temporary host file. Defaults depends on platform:
- Linux:
/var/spool/icinga2/tmp/host-perfdata
- Windows:
C:/ProgramData/icinga2/var/spool/icinga2/tmp/host-perfdata
Path to the temporary service file. Defaults depends on platform:
- Linux:
/var/spool/icinga2/tmp/host-perfdata
- Windows:
C:/ProgramData/icinga2/var/spool/icinga2/tmp/host-perfdata
Host Format template for the performance data file. Defaults to a template that's suitable for use with PNP4Nagios.
Service Format template for the performance data file. Defaults to a template that's suitable for use with PNP4Nagios.
Rotation interval for the files specified in {host,service}_perfdata_path
. Can be written in minutes or seconds,
i.e. 1m
or 15s
. Defaults to 30s
Enables or disables the statusdata
feature.
Parameters of icinga2::feature::statusdata
:
Either present
or absent
. Defines if the feature statusdata
should be enabled. Defaults to present
.
Absolute path to the status.dat file. Default depends on platform:
- Linux:
/var/cache/icinga2/status.dat
- Windows:
C:/ProgramData/icinga2/var/cache/icinga2/status.dat
Absolute path to the object.cache file. Default depends on platform:
- Linux:
/var/cache/icinga2/object.cache
- Windows:
C:/ProgramData/icinga2/var/cache/icinga2/object.cache
Interval in seconds to update both status files. You can also specify it in minutes with the letter m or in seconds
with s. Defaults to 30s
Enables or disables the syslog
feature.
Parameters of icinga2::feature::syslog
:
Either present
or absent
. Defines if the feature syslog
should be enabled. Defaults to present
.
Set severity level for logging to syslog. Available options are:
information
notice
warning
debug
Defaults to warning
Enables or disables the debuglog
feature.
Parameters of icinga2::feature::debuglog
:
Either present
or absent
. Defines if the feature debuglog
should be enabled. Defaults to present
.
Absolute path to the log file. Default depends on platform:
- Linux:
/var/log/icinga2/debug.log
- Windows:
C:/ProgramData/icinga2/var/log/icinga2/debug.log
Enables or disables the gelf
feature.
Parameters of icinga2::feature::gelf
:
Either present
or absent
. Defines if the feature gelf
should be enabled. Defaults to present
.
GELF receiver host address. Defaults to 127.0.0.1
GELF receiver port. Defaults to 12201
Source name for this instance. Defaults to icinga2
Enable performance data for CHECK RESULT events. Defaults to false
.
Enables or disables the influxdb
feature.
Parameters of icinga2::feature::influxdb
:
Either present
or absent
. Defines if the feature influxdb
should be enabled. Defaults to present
.
InfluxDB host address. Defaults to 127.0.0.1
InfluxDB HTTP port. Defaults to 8086
InfluxDB database name. Defaults to icinga2
InfluxDB user name. Defaults to undef
InfluxDB user password. Defaults to undef
Either enable or disable SSL. Other SSL parameters are only affected if this is set to true
. Defaults to false
.
SSL settings will be set depending on this parameter.
puppet
Use puppet certificates. This will copy the ca.pem, certificate and key generated by Puppet.custom
Set custom paths for certificate, key and CAfalse
Disable SSL (default)
CA certificate to validate the remote host. Only valid if ssl is set to custom
. Defaults to undef
Host certificate to present to the remote host for mutual verification. Only valid if ssl is set to 'custom'.
Defaults to undef
Host key to accompany the ssl_cert. Only valid if ssl is set to custom
. Defaults to undef
The value of this is used for the measurement setting in host_template. Defaults to $host.check_command$
Tags defined in this hash will be set in the host_template.
class { '::icinga2::feature::influxdb':
host_measurement => '$host.check_command$',
host_tags => { hostname => '$host.name$' },
}
The value of this is used for the measurement setting in host_template. Defaults to $service.check_command$
Tags defined in this hash will be set in the service_template.
class { '::icinga2::feature::influxdb':
service_measurement => '$service.check_command$',
service_tags => { hostname => '$host.name$', service => '$service.name$' },
}
Whether to send warn, crit, min & max tagged data. Defaults to false
Whether to send check metadata e.g. states, execution time, latency etc. Defaults to false
How long to buffer data points before transferring to InfluxDB. Defaults to 10s
How many data points to buffer before forcing a transfer to InfluxDB. Defaults to 1024
Enables or disables the api
feature.
Parameters of icinga2::feature::api
:
Either present
or absent
. Defines if the feature api
should be enabled. Defaults to present
.
Provides multiple sources for the certificate and key.
puppet
Copies the key, cert and CA cert from the Puppet ssl directory to the Icinga pki directory.- Linux:
/etc/icinga2/pki
- Windows:
C:/ProgramData/icinga2/etc/icinga2/pki
- Linux:
icinga2
Uses the icinga2 CLI to generate a Certificate and Key The ticket is generated on the Puppet master by using the configured 'ticket_salt' in a custom function.none
Does nothing and you either have to manage the files yourself as file resources or use thessl_key
,ssl_cert
,ssl_ca
parameters.ca
Includes the::icinga2::pki::ca
class to generate a fresh CA and generates an SSL certificate and key signed by this new CA.
Defaults to puppet
Location of the private key. Default depends on platform:
- Linux
/etc/icinga2/pki/NodeName.key
- Windows
C:/ProgramData/icinga2/etc/icinga2/pki/NodeName.key
The Value of NodeName
comes from the corresponding constant.
Location of the certificate. Default depends on platform:
- Linux
/etc/icinga2/pki/NodeName.crt
- Windows
C:/ProgramData/icinga2/etc/icinga2/pki/NodeName.crt
The Value of NodeName
comes from the corresponding constant.
Location of the CA certificate. Default depends on platform:
- Linux
/etc/icinga2/pki/ca.crt
- Windows
C:/ProgramData/icinga2/etc/icinga2/pki/ca.crt
Accept zone configuration. Defaults to false
Accept remote commands. Defaults to false
This host will be connected to request the certificate. Set this if you use the icinga2
pki.
Port of the 'ca_host'. Defaults to 5665
Salt to use for ticket generation. Defaults to icinga2 constant TicketSalt
.
Hash to configure endpoint objects. Defaults to { 'NodeName' => {} }
. NodeName
is a Icinga 2 constant.
Hash to configure zone objects. Defaults to { 'ZoneName' => {'endpoints' => ['NodeName']} }
. ZoneName
and NodeName
are Icinga 2 constants.
Minimal TLS version to require. Default undef (e.g. TLSv1.2
)
List of allowed TLS ciphers, to fine tune encryption. Default undef (e.g. HIGH:MEDIUM:!aNULL:!MD5:!RC4
)
Enables or disables the ido-pgsql
feature.
Parameters of icinga2::feature::idopgsql
:
Either present
or absent
. Defines if the feature ido-pgsql
should be enabled. Defaults to present
.
PostgreSQL database host address. Defaults to 127.0.0.1
PostgreSQL database port. Defaults to 3306
PostgreSQL database user with read/write permission to the icinga database. Defaults to icinga
PostgreSQL database user's password. Defaults to icinga
PostgreSQL database name. Defaults to icinga
PostgreSQL database table prefix. Defaults to icinga_
Whether to import the PostgreSQL schema or not. Defaults to false
Enables or disables the gelf
feature.
Parameters of icinga2::feature::idomysql
:
Either present
or absent
. Defines if the feature ido-mysql
should be enabled. Defaults to present
.
MySQL database host address. Defaults to 127.0.0.1
MySQL database port. Defaults to 3306
MySQL socket path.
MySQL database user with read/write permission to the icinga database. Defaults to icinga
MySQL database user's password. Defaults to icinga
MySQL database name. Defaults to icinga
SSL settings will be set depending on this parameter:
puppet
Use puppet certificatescustom
Set custom paths for certificate, key and CAfalse
Disable SSL (default)
MySQL SSL client key file path. Only valid if ssl is set to custom
.
MySQL SSL certificate file path. Only valid if ssl is set to custom
.
MySQL SSL certificate authority certificate file path. Only valid if ssl is set to custom
.
MySQL SSL trusted SSL CA certificates in PEM format directory path. Only valid if ssl is enabled.
MySQL SSL list of allowed ciphers. Only valid if ssl is enabled.
MySQL database table prefix. Defaults to icinga_
Unique identifier for the local Icinga 2 instance. Defaults to default
Description for the Icinga 2 instance.
Enable the high availability functionality. Only valid in a cluster setup. Defaults to true
Set the fail-over timeout in a HA cluster. Must not be lower than 60s. Defaults to 60s
Hash with items for historical table cleanup.
Array of information types that should be written to the database.
Whether to import the MySQL schema or not. Defaults to false
This class provides multiple ways to create the CA used by Icinga 2. By default it will create a CA by using the Icinga 2 CLI. If you want to use your own CA you will either have to transfer it by using a file resource or you can set the content of your certificate and key in this class.
Parameters of icinga2::pki::ca
:
Content of the CA certificate. If this is unset, a certificate will be generated with the Icinga 2 CLI.
Content of the CA key. If this is unset, a key will be generated with the Icinga 2 CLI.
Installs the packages.icinga.com repository. Depending on your operating system puppetlabs/apt or puppetlabs/chocolatey are required.
Handles the installation of the Icinga 2 package.
Installs basic configuration files required to run Icinga 2.
Starts/stops and enables/disables the service.
Set to present enables the endpoint object, absent disables it. Defaults to present.
Set the Icinga 2 name of the endpoint object. Defaults to title of the define resource.
Optional. The IP address of the remote Icinga 2 instance.
The service name/port of the remote Icinga 2 instance. Defaults to 5665.
Duration for keeping replay logs on connection loss. Defaults to 1d
(86400 seconds). Attribute is specified in seconds.
If log_duration
is set to 0
, replaying logs is disabled. You could also specify the value in human readable format
like 10m
for 10 minutes or 1h
for one hour.
Destination config file to store in this object. File will be declared at the first time.
String to set the position in the target file, sorted alpha numeric. Defaults to 10
.
Set to present enables the zone object, absent disables it. Defaults to present
Set the name of the zone object. Defaults to the title of the define resource.
List of endpoints that belong to this zone.
Parent zone to this zone.
If set to true
, a global zone is defined and the parameter endpoints and parent are ignored. Defaults to false
.
Destination config file to store in this object. File will be declared at the first time.
String to control the position in the target file, sorted alpha numeric.
Set to present enables the apiuser object, absent disables it. Defaults to present.
Set the name of the apiuser object. Defaults to title of the define resource.
Password string.
Optional. Client Common Name (CN).
Array of permissions. Either as string or dictionary with the keys permission and filter. The latter must be specified as function.
Destination config file to store in this object. File will be declared at the first time.
String to control the position in the target file, sorted alpha numeric. Defaults to 10
permissions = [ "*" ]
permissions = [ "objects/query/Host", "objects/query/Service" ]
permissions = [
{
permission = "objects/query/Host"
filter = {{ regex("^Linux", host.vars.os) }}
},
{
permission = "objects/query/Service"
filter = {{ regex("^Linux", service.vars.os) }}
}
]
Set to present enables the checkcommand object, absent disables it. Defaults to present.
Title of the CheckCommand object.
Sorted List of templates to include. Defaults to an empty list.
The command. This can either be an array of individual command arguments. Alternatively a string can be specified in
which case the shell interpreter (usually /bin/sh) takes care of parsing the command. When using the arguments
attribute this must be an array. Can be specified as function for advanced implementations.
A dictionary of macros which should be exported as environment variables prior to executing the command.
A dictionary containing custom attributes that are specific to this command.
The command timeout in seconds. Defaults to 60
seconds.
A dictionary of command arguments.
Destination config file to store in this object. File will be declared the first time.
String to set the position in the target file, sorted alpha numeric. Defaults to 10
Set to present enables the host object, absent disables it. Defaults to present.
Hostname of the Host object.
Sorted List of templates to include. Defaults to an empty list.
A short description of the host (e.g. displayed by external interfaces instead of the name if set).
The host's address v4.
The host's address v6.
A dictionary containing custom attributes that are specific to this host.
A list of host groups this host belongs to.
The name of the check command.
The number of times a host is re-checked before changing into a hard state. Defaults to 3
The name of a time period which determines when this host should be checked. Not set by default.
Check command timeout in seconds. Overrides the CheckCommand's timeout attribute.
The check interval (in seconds). This interval is used for checks when the host is in a HARD state. Defaults to 5
minutes.
The retry interval (in seconds). This interval is used for checks when the host is in a SOFT state. Defaults to 1
minute.
Whether notifications are enabled. Defaults to true
Whether active checks are enabled. Defaults to true
Whether passive checks are enabled. Defaults to true
Enables event handlers for this host. Defaults to true
Whether flap detection is enabled. Defaults to false
Whether performance data processing is enabled. Defaults to true
The name of an event command that should be executed every time the host's state changes or the host is in a SOFT state.
The flapping threshold in percent when a host is considered to be flapping.
The volatile setting enables always HARD state types if NOT-OK state changes occur.
The zone this object is a member of.
The endpoint where commands are executed on.
Notes for the host.
Url for notes for the host (for example, in notification commands).
Url for actions for the host (for example, an external graphing tool).
Icon image for the host. Used by external interfaces only.
Icon image description for the host. Used by external interface only.
Set to true creates a template instead of an object. Defaults to false
Destination config file to store in this object. File will be declared the first time.
String to set the position in the target file, sorted alpha numeric. Defaults to 10
Set to present enables the hostgroup object, absent disables it. Defaults to present.
A short description of the host group.
An array of nested group names.
Assign host group members using the group assign rules.
Destination config file to store in this object. File will be declared at the first time.
String to set the position in the target file, sorted alpha numeric. Defaults to 10
Set to present enables the dependency object, absent disabled it. Defaults to present
Set the Icinga 2 name of the dependency object. Defaults to title
of the define resource.
The parent host.
The parent service. If omitted, this dependency object is treated as host dependency.
The child host.
The child service. If omitted, this dependency object is treated as host dependency.
Whether to disable checks when this dependency fails. Defaults to false
Whether to disable notifications when this dependency fails. Defaults to true
Whether to ignore soft states for the reachability calculation. Defaults to true
Time period during which this dependency is enabled.
A list of state filters when this dependency should be OK. Defaults to [ OK, Warning ] for services and [ Up ] for hosts.
Dispose an apply instead an object if set to 'true'. Value is taken as statement, i.e. 'vhost => config in host.vars.vhosts'. Defaults to false.
An object type on which to target the apply rule. Valid values are Host
and Service
. Defaults to Host
.
Assign user group members using the group assign rules.
Exclude users using the group ignore rules.
Set to true creates a template instead of an object. Defaults to false
Sorted List of templates to include. Defaults to an empty list.
Destination config file to store in this object. File will be declared the first time.
String to set the position in the target file, sorted alpha numeric. Defaults to 35
Set to present enables the timeperiod object, absent disabled it. Defaults to present
Set the Icinga 2 name of the timeperiod object. Defaults to title
of the define resource.
A short description of the time period.
Sorted List of templates to include. Defaults to [ "legacy-timeperiod" ].
A dictionary containing information which days and durations apply to this timeperiod.
Boolean whether to prefer timeperiods includes or excludes. Default to true
An array of timeperiods, which should exclude from your timerange.
An array of timeperiods, which should include into your timerange
Set to true creates a template instead of an object. Defaults to false
Destination config file to store this object in. File will be declared on the first run.
String to control the position in the target file, sorted alpha numeric.
Set to present enables the usergroup object, absent disables it. Defaults to present
Set the Icinga 2 name of the usergroup object. Defaults to title
of the define resource.
Set the Icinga 2 name of the user object. Defaults to title of the define resource.
A short description of the service group.
An array of nested group names.
Assign user group members using the group assign rules.
Exclude users using the group ignore rules.
Set to true creates a template instead of an object. Defaults to false
Sorted List of templates to include. Defaults to an empty list.
Destination config file to store in this object. File will be declared the first time.
String to set the position in the target file, sorted alpha numeric. Defaults to 10
Set to present enables the user object, absent disables it. Defaults to present
A short description of the user.
An email string for this user. Useful for notification commands.
A pager string for this user. Useful for notification commands.
A dictionary containing custom attributes that are specific to this user.
An array of group names.
Whether notifications are enabled for this user.
The name of a time period which determines when a notification for this user should be triggered. Not set by default.
A set of type filters when this notification should be triggered. By default everything is matched.
A set of state filters when this notification should be triggered. By default everything is matched.
Set to true creates a template instead of an object. Defaults to false
Sorted List of templates to include. Defaults to an empty list.
Destination config file to store in this object. File will be declared the first time.
String to set the position in the target file, sorted alpha numeric. Defaults to 30
Set to present enables the notificationcommand object, absent disabled it. Defaults to present.
Set the Icinga 2 name of the notificationcommand object. Defaults to title
of the define resource.
The "execute" script method takes care of executing the notification. The default template "plugin-notification-command" which is imported into all CheckCommand objects takes care of this setting.
The command. This can either be an array of individual command arguments. Alternatively a string can be specified in which case the shell interpreter (usually /bin/sh) takes care of parsing the command.
A dictionary of macros which should be exported as environment variables prior to executing the command.
A dictionary containing custom attributes that are specific to this command.
The command timeout in seconds. Defaults to 60
seconds.
A dictionary of command arguments.
Set to true creates a template instead of an object. Defaults to false
Sorted List of templates to include. Defaults to an empty list.
Destination config file to store in this object. File will be declared the first time.
String to set the position in the target file, sorted alpha numeric. Defaults to 10
Set to present enables the notification object, absent disables it. Defaults to present
Set the Icinga 2 name of the notification object. Defaults to title
of the define resource.
The name of the host this notification belongs to.
The short name of the service this notification belongs to. If omitted, this notification object is treated as host notification.
A dictionary containing custom attributes that are specific to this notification object.
A list of user names who should be notified.
A list of user group names who should be notified.
A dictionary containing begin and end attributes for the notification.
The name of the notification command which should be executed when the notification is triggered.
The notification interval (in seconds). This interval is used for active notifications. Defaults to 30
minutes. If set
to 0, re-notifications are disabled.
The name of a time period which determines when this notification should be triggered. Not set by default.
The zone this object is a member of.
A list of type filters when this notification should be triggered. By default everything is matched.
A list of state filters when this notification should be triggered. By default everything is matched.
Dispose an apply instead an object if set to 'true'. Value is taken as statement, i.e. 'vhost => config in host.vars.vhosts'. Defaults to false.
An object type on which to target the apply rule. Valid values are Host
and Service
. Defaults to Host
.
Set to true creates a template instead of an object. Defaults to false
Sorted List of templates to include. Defaults to an empty list.
Destination config file to store in this object. File will be declared the first time.
String to set the position in the target file, sorted alpha numeric. Defaults to 10
Set to present enables the service object, absent disables it. Defaults to present
Set the Icinga 2 name of the service object. Defaults to title
of the define resource.
A short description of the service.
The host this service belongs to. There must be a Host object with that name.
The service name. Must be unique on a per-host basis (Similar to the service_description attribute in Icinga 1.x).
The service groups this service belongs to.
A dictionary containing custom attributes that are specific to this service.
The name of the check command.
The number of times a service is re-checked before changing into a hard state. Defaults to 3
The name of a time period which determines when this service should be checked. Not set by default.
Check command timeout in seconds. Overrides the CheckCommand's timeout attribute.
The check interval (in seconds). This interval is used for checks when the service is in a HARD state.
Defaults to 5
minutes.
The retry interval (in seconds). This interval is used for checks when the service is in a SOFT state. Defaults to `1 minute.
Whether notifications are enabled. Defaults to true
Whether active checks are enabled. Defaults to true
Whether passive checks are enabled. Defaults to true
Enables event handlers for this host. Defaults to true
Whether flap detection is enabled. Defaults to false
Whether performance data processing is enabled. Defaults to true
The name of an event command that should be executed every time the service's state changes or the service is in a SOFT state.
The flapping threshold in percent when a service is considered to be flapping.
The volatile setting enables always HARD state types if NOT-OK state changes occur.
The zone this object is a member of.
The endpoint where commands are executed on.
Notes for the service.
Url for notes for the service (for example, in notification commands).
Url for actions for the service (for example, an external graphing tool).
Icon image for the service. Used by external interfaces only.
Icon image description for the service. Used by external interface only.
Dispose an apply instead an object if set to 'true'. Value is taken as statement, i.e. 'vhost => config in host.vars.vhosts'. Defaults to false.
Assign user group members using the group assign rules.
Exclude users using the group ignore rules.
Set to true creates a template instead of an object. Defaults to false
Sorted List of templates to include. Defaults to an empty list.
Destination config file to store in this object. File will be declared the first time.
String to set the position in the target file, sorted alpha numeric. Defaults to 10
Set to present enables the servicegroup object, absent disables it. Defaults to present
Set the Icinga 2 name of the servicegroup object. Defaults to title
of the define resource.
A short description of the service group.
An array of nested group names.
Assign user group members using the group assign rules.
Exclude users using the group ignore rules.
Set to true creates a template instead of an object. Defaults to false
Sorted List of templates to include. Defaults to an empty list.
Destination config file to store in this object. File will be declared the first time.
String to set the position in the target file, sorted alpha numeric. Defaults to 30
Set to present enables the downtime object, absent disables it. Defaults to present
The name of the host this comment belongs to.
The short name of the service this comment belongs to. If omitted, this comment object is treated as host comment.
The author's name.
The comment text.
The start time as unix timestamp.
The end time as unix timestamp.
The duration as number.
The unix timestamp when this downtime was added.
Whether the downtime is fixed (true
) or flexible (false
). Defaults to flexible.
List of downtimes which should be triggered by this downtime.
Destination config file to store in this object. File will be declared the first time.
String to set the position in the target file, sorted alpha numeric. Defaults to 30
Set to present enables the scheduleddowntime object, absent disables it. Defaults to present
Set the Icinga 2 name of the scheduleddowntime object. Defaults to title
of the define resource.
The name of the host this comment belongs to.
The short name of the service this comment belongs to. If omitted, this comment object is treated as host comment.
The author's name.
The comment text.
Whether this is a fixed downtime. Defaults to true
The duration as number.
A dictionary containing information which days and durations apply to this timeperiod.
Dispose an apply instead an object if set to 'true'. Value is taken as statement, i.e. 'vhost => config in host.vars.vhosts'. Defaults to false.
An object type on which to target the apply rule. Valid values are Host
and Service
. Defaults to Host
.
Assign user group members using the group assign rules.
Exclude users using the group ignore rules.
Destination config file to store in this object. File will be declared the first time.
String to set the position in the target file, sorted alpha numeric. Defaults to 30
Set to present enables the eventcommand object, absent disables it. Defaults to present
Set the Icinga 2 name of the eventcommand object. Defaults to title
of the define resource.
The "execute" script method takes care of executing the event handler. In virtually all cases you should import the "plugin-event-command" template to take care of this setting.
The command. This can either be an array of individual command arguments. Alternatively a string can be specified in which case the shell interpreter (usually /bin/sh) takes care of parsing the command.
A dictionary of macros which should be exported as environment variables prior to executing the command.
A dictionary containing custom attributes that are specific to this command.
The command timeout in seconds. Defaults to 60 seconds.
A dictionary of command arguments.
Destination config file to store in this object. File will be declared the first time.
Sorted List of templates to include. Defaults to an empty list.
String to set the position in the target file, sorted alpha numeric. Defaults to 30
Set to present enables the checkresultreader object, absent disables it. Defaults to present
Set the Icinga 2 name of the checkresultreader object. Defaults to title
of the define resource.
The directory which contains the check result files. Defaults to LocalStateDir + "/lib/icinga2/spool/checkresults/"
Destination config file to store in this object. File will be declared the first time.
String to set the position in the target file, sorted alpha numeric. Defaults to 30
Set to present enables the compatlogger object, absent disables it. Defaults to present
Set the Icinga 2 name of the compatlogger object. Defaults to title
of the define resource.
The directory which contains the check result files. Defaults to LocalStateDir + "/lib/icinga2/spool/checkresults/"
Destination config file to store in this object. File will be declared the first time.
String to set the position in the target file, sorted alpha numeric. Defaults to 30
Content to insert in file specified in target.
Destination config file to store in this fragment. File will be declared the first time.
String to set the position in the target file, sorted in alpha numeric order.
This defined type is used by all feature defined types as basis. It can generally enable or disable features.
Parameters of icinga2::feature
:
Either present
or absent
. Defines if the feature should be enabled. Defaults to present
.
Name of the feature. This name is used for the corresponding configuration file.
This defined type is used by all object defined types as bases. In can generally create Icinga 2 objects.
Set to present enables the object, absent disabled it. Defaults to present.
Set the icinga2 name of the object. Defaults to title of the define resource.
Set to true will define a template otherwise an object. Defaults to false.
Dispose an apply instead an object if set to 'true'. Value is taken as statement, i.e. 'vhost => config in host.vars.vhosts'. Defaults to false.
An object type on which to target the apply rule. Valid values are Host
and Service
. Defaults to Host
.
A sorted list of templates to import in this object. Defaults to an empty array.
Hash for the attributes of this object. Keys are the attributes and values are there values. Defaults to an empty Hash.
Icinga 2 object type for this object.
Destination config file to store in this object. File will be declared the first time.
String to set the position in the target file, sorted alpha numeric.
A roadmap of this project is located at https://github.com/Icinga/puppet-icinga2/milestones. Please consider this roadmap when you start contributing to the project.
When contributing several steps such as pull requests and proper testing implementations are required. Find a detailed step by step guide in CONTRIBUTING.md.
Testing is essential in our workflow to ensure a good quality. We use RSpec as well as Serverspec to test all components of this module. For a detailed description see TESTING.md.
When releasing new versions we refer to SemVer 1.0.0 for version numbers. All steps required when creating a new release are described in RELEASE.md
See also CHANGELOG.md
AUTHORS is generated on each release.