tyler.durden
/
icingaweb2-module-director
mirror of https://github.com/Icinga/icingaweb2-module-director.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
icingaweb2-module-director/doc/03-Automation.md

135 lines
4.4 KiB
Markdown
Raw Blame History

<a id="Automation"></a>Automation - Configuration management
============================================================
Director has been designed to work in distributed environments. In case
you're using tools like Puppet, Ansible, Salt (R)?ex or similar, this
chapter is what you're looking for!
Generic hints
-------------
Director keeps all of its configuration in a relational database. So,
all you need to tell him is how it can reach and access that db. In case
you already rolled out Icinga Web 2 you should already be used to handle
resource definitions.
The Director needs a `database resource`, and your RDBMS must either by
MySQL, MariaDB or PostgreSQL. This is how such a resource could look like
in your `/etc/icingaweb2/resources.ini`:
```ini
[Director DB]
type = "db"
db = "mysql"
host = "localhost"
dbname = "director"
username = "director"
password = "***"
charset = "utf8"
```
Please note that the charset is required and MUST be `utf8`.
Next you need to tell the Director to use this database resource. Create
its `config.ini` with the only required setting:
```ini
[db]
resource = "Director DB"
```
Hint: `/etc/icingaweb2/modules/director/config.ini` is usually the full
path to this config file.
#### Schema creation and migrations
You do not need to manually care about creating the schema and to migrate
it for newer versions. Just `grant` the configured user all permissions on
his database.
On CLI then please run:
icingacli director migration run --verbose
You should run this command after each upgrade, or you could also run it
at a regular interval. Please have a look at...
icingacli director migration pending --verbose
...in case you are looking for an idempotent way of managing the schema.
Use `--help` to learn more about those commands.
If you have any good reason for doing so and feel experienced enough you
can of course also manage the schema on your own. All required files are
to be found in our `schema` directories.
Deploy Icinga Director with Puppet
----------------------------------
Drop the director source repository to a directory named `director` in
one of your `module_path`'s and enable the module as you did with all the
others.
Deploy the mentioned database resource and `config.ini`. Director could
now be configured and kick-started via the web frontend. But you are here
for automation, so please read on.
### Handle schema migrations
It doesn't matter whether you already have a schema, did a fresh install
or just an upgrade. Migrations are as easy as defining:
exec { 'Icinga Director DB migration':
path => '/usr/local/bin:/usr/bin:/bin',
command => 'icingacli director migration run',
onlyif => 'icingacli director migration pending',
}
Hint: please do not travel back in time, schema downgrades are not
supported.
### Kickstart an empty Director database
The Director kickstart wizard helps you with setting up a connection to
Icinga2 master node, import its endpoint and zone definition and it also
syncs already configured command definitions. But this wizard is not only
available through the web frontend, you can perfectly trigger it in an
idempotent way with Puppet:
exec { 'Icinga Director Kickstart':
path => '/usr/local/bin:/usr/bin:/bin',
command => 'icingacli director kickstart run',
onlyif => 'icingacli director kickstart required',
require => Exec['Icinga Director DB migration'],
}
Nothing will happen so far. Kickstart will not do anything unless you
drop a `kickstart.ini` allowing the CLI kickstart helper to do so:
```ini
[config]
endpoint = icinga-master
; host = 127.0.0.1
; port = 5665
username = director
password = ***
```
Usually `/etc/icingaweb2/modules/director/kickstart.ini` should be the
full path to this file. `endpoint` (master certificate name), `username`
and `password` (fitting an already configured `ApiUser`) are required.
`host` can be a resolvable hostname or an IP address. `port` is 5665 per
default in case none is given. And of course your Icinga2 installation
needs to have a corresponding `ApiListener` (look at your enabled
features) listening at the given port.
You can run the `kickstart` from the CLI if you don't use a tool for
automation.
icingacli director kickstart run
You can rerun the kickstart if you have to reimport changed local
config, even when the beforementioned check tells you you don't need to.
Or you could use the import/synchronisation features of Director.
Reference in New Issue View Git Blame Copy Permalink