12. 09. 2023 Davide Gallo Contribution, DevOps, NetEye

Automating Icinga 2 Deployment on Linux Systems

Currently, deploying an Icinga 2 Agent on a Linux system can be intricate, given the substantial variations in the process across different releases or OS families.

For instance:

The repository definition differs for each OS version and family
User and group specifications vary between Debian and RedHat
The environmental path for the Icinga installation also could differ

Fortunately, there’s no need to develop and maintain a custom script to manage these diverse scenarios. We can leverage the readily available Ansible Plugins for this purpose.

Given that our objectives are clearly defined, I developed a role that encompasses all the necessary steps. This allows you to effortlessly integrate it into your playbooks.

You can consult these links to better understand the topic:

Roles — Ansible Documentation

Creating a playbook — Ansible Documentation

The icinga2-wp Role

Essentially, the role is structured around the following stages:

Gathering NetEye Information: Retrieving essential data from NetEye, including node role, NetEye version, and Icinga2 zone
Collecting Target Information: Gathering details about the target system, such as Linux version and hostname
Verifying Icinga Certificates: Checking for the existence of Icinga certificates on target systems
Token Generation: Creating a token either through the command-line interface (CLI) or by utilizing the API
Installing Icinga Repository and Agent: Setting up the Icinga repository and installing the agent on the designated target
Establishing Icinga Connection: Linking the Icinga agent to the master or satellite
Icinga 2 Restart: Initiating a restart of the Icinga 2 service

NB: When executing this role on a NetEye master or satellite node, there’s no requirement to input specific variables. All necessary data will be automatically collected and utilized.

The playbook will look something like this:

    - hosts: all
      remote_user: root
      roles:
        - icinga2-wp

As anticipated, the role can be executed from an external system, such as an Ansible server. In such cases, the following information needs to be provided:

    - hosts: all
      remote_user: root
      roles:
        - icinga2-wp
      vars:
        i2_ticket_method: "curl" ##cli supported only on NetEye nodes
        neteye_vars:
          neteye_version: "4.30"
        i2_master_zone: "master"
        i2_master_fqdn: "myneteyeserver.acme.lab"
        i2_custom_domain: ".acme.lab"
        i2_master_internal_hostname: "myneteyeserver"
        i2_curl_user: "deploy"
        i2_curl_pwd: "something"
        i2_agent_port: "5665"

For more information you can request the access to the bitbucket role

Conclusion

Deploying Icinga using Ansible greatly improves on manual deployment due to the efficiency, accuracy, and consistency of automation. Ansible eliminates human error, ensures uniformity across deployments, and adapts to various systems, reducing complexity. Centralized management and scalability enhances efficiency. In sum, Ansible accelerates deployment, minimizes mistakes, and boosts system reliability.

These Solutions are Engineered by Humans

Did you find this article interesting? Are you an “under the hood” kind of person? We’re really big on automation and we’re always looking for people in a similar vein to fill roles like this one as well as other roles here at Würth Phoenix.