icingaweb2-module-director/doc/03-Automation.md

4.4 KiB

Automation - Configuration management

Director has been designed to work in distributed environments. In case you're using tools like Puppet, Ansible, Salt (R)?ex or similar, this chapter is what you're looking for!

Generic hints

Director keeps all of its configuration in a relational database. So, all you need to tell him is how it can reach and access that db. In case you already rolled out Icinga Web 2 you should already be used to handle resource definitions.

The Director needs a database resource, and your RDBMS must either by MySQL, MariaDB or PostgreSQL. This is how such a resource could look like in your /etc/icingaweb2/resources.ini:

[Director DB]
type = "db"
db = "mysql"
host = "localhost"
dbname = "director"
username = "director"
password = "***"
charset = "utf8"

Please note that the charset is required and MUST be utf8.

Next you need to tell the Director to use this database resource. Create its config.ini with the only required setting:

[db]
resource = "Director DB"

Hint: /etc/icingaweb2/modules/director/config.ini is usually the full path to this config file.

Schema creation and migrations

You do not need to manually care about creating the schema and to migrate it for newer versions. Just grant the configured user all permissions on his database.

On CLI then please run:

icingacli director migration run --verbose

You should run this command after each upgrade, or you could also run it at a regular interval. Please have a look at...

icingacli director migration pending --verbose

...in case you are looking for an idempotent way of managing the schema. Use --help to learn more about those commands.

If you have any good reason for doing so and feel experienced enough you can of course also manage the schema on your own. All required files are to be found in our schema directories.

Deploy Icinga Director with Puppet

Drop the director source repository to a directory named director in one of your module_path's and enable the module as you did with all the others.

Deploy the mentioned database resource and config.ini. Director could now be configured and kick-started via the web frontend. But you are here for automation, so please read on.

Handle schema migrations

It doesn't matter whether you already have a schema, did a fresh install or just an upgrade. Migrations are as easy as defining:

exec { 'Icinga Director DB migration':
    path    => '/usr/local/bin:/usr/bin:/bin',
    command => 'icingacli director migration run',
    onlyif  => 'icingacli director migration pending',
}

Hint: please do not travel back in time, schema downgrades are not supported.

Kickstart an empty Director database

The Director kickstart wizard helps you with setting up a connection to Icinga2 master node, import its endpoint and zone definition and it also syncs already configured command definitions. But this wizard is not only available through the web frontend, you can perfectly trigger it in an idempotent way with Puppet:

exec { 'Icinga Director Kickstart':
    path    => '/usr/local/bin:/usr/bin:/bin',
    command => 'icingacli director kickstart run',
    onlyif  => 'icingacli director kickstart required',
    require => Exec['Icinga Director DB migration'],
 }

Nothing will happen so far. Kickstart will not do anything unless you drop a kickstart.ini allowing the CLI kickstart helper to do so:

[config]
endpoint = icinga-master
; host = 127.0.0.1
; port = 5665
username = director
password = ***

Usually /etc/icingaweb2/modules/director/kickstart.ini should be the full path to this file. endpoint (master certificate name), username and password (fitting an already configured ApiUser) are required. host can be a resolvable hostname or an IP address. port is 5665 per default in case none is given. And of course your Icinga2 installation needs to have a corresponding ApiListener (look at your enabled features) listening at the given port.

You can run the kickstart from the CLI if you don't use a tool for automation.

icingacli director kickstart run

You can rerun the kickstart if you have to reimport changed local config, even when the beforementioned check tells you you don't need to. Or you could use the import/synchronisation features of Director.