23 KiB
Director CLI
Large parts of the Director's functionality are also available on your CLI.
Manage Objects
Use icingacli director <type> <action>
show, create modify or delete
Icinga objects of a specific type:
Action | Description |
---|---|
create |
Create a new object |
delete |
Delete a specific object |
exists |
Whether a specific object exists |
set |
Modify an existing objects properties |
show |
Show a specific object |
Currently the following object types are available on CLI:
- command
- endpoint
- host
- hostgroup
- notification
- service
- timeperiod
- user
- usergroup
- zone
Create a new object
Use this command to create a new Icinga object
Usage
icingacli director <type> create [<name>] [options]
Options
Option | Description |
---|---|
--<key> <value> |
Provide all properties as single command line options |
--json |
Otherwise provide all options as a JSON string |
Examples
To create a new host you can provide all of its properties as command line parameters:
icingacli director host create localhost \
--imports generic-host \
--address 127.0.0.1 \
--vars.location 'My datacenter'
It would say:
Host 'localhost' has been created
Providing structured data could become tricky that way. Therefore you are also allowed to provide JSON formatted properties:
icingacli director host create localhost \
--json '{ "address": "127.0.0.1", "vars": { "test": [ "one", "two" ] } }'
Passing JSON via STDIN is also possible:
icingacli director host create localhost --json < my-host.json
Delete a specific object
Use this command to delete a single Icinga object. Just run
icingacli director <type> delete <name>
That's it. To delete the host created before, this would read
icingacli director host delete localhost
It will tell you whether your command succeeded:
Host 'localhost' has been deleted
Whether a specific object exists
Use this command to find out whether a single Icinga object exists. Just run:
icingacli director <type> exists <name>
So if you run...
icingacli director host exists localhost
...it will either tell you ...
Host 'localhost' exists
...or:
Host 'localhost' does not exist
When executed from custom scripts you could also just check the exit code,
0
means that the object exists, 1
that it doesn't.
Modify an existing objects properties
Use this command to modify specific properties of an existing Icinga object.
Usage
icingacli director <type> set <name> [options]
Options
Option | Description |
---|---|
--<key> <value> |
Provide all properties as single command line options |
--append-<key> <value> |
Appends to array values, like imports , |
groups or vars.system_owners |
|
--remove-<key> [<value>] |
Remove a specific property, eventually only |
when matching value . In case the property is an |
|
array it will remove just value when given |
|
--json |
Otherwise provide all options as a JSON string |
--replace |
Replace all object properties with the given ones |
--auto-create |
Create the object in case it does not exist |
--allow-overrides |
Set variable overrides for virtual Services |
Examples
icingacli director host set localhost \
--address 127.0.0.2 \
--vars.location 'Somewhere else'
It will either tell you
Host 'localhost' has been modified
or, when for example issued immediately a second time:
Host 'localhost' has not been modified
Like create, this also allows you to provide JSON-formatted properties:
icingacli director host set localhost --json '{ "address": "127.0.0.2" }'
This command will fail in case the specified object does not exist. This is
when the --auto-create
parameter comes in handy. Command output will tell
you whether an object has either been created or (not) modified.
With set
you only set the specified properties and do not touch the other
ones. You could also want to completely override an object, purging all other
eventually existing and unspecified parameters. Please use --replace
if this
is the desired behaviour.
Show a specific object
Use this command to show single objects rendered as Icinga 2 config or in JSON format.
Usage
icingacli director <type> show <name> [options]
Options
Option | Description |
---|---|
--resolved |
Resolve all inherited properties and show a flat |
object | |
--json |
Use JSON format |
--no-pretty |
JSON is pretty-printed per default (for PHP >= 5.4) |
Use this flag to enforce unformatted JSON | |
--no-defaults |
Per default JSON output skips null or default values |
With this flag you will get all properties | |
--with-services |
For hosts only, also shows attached services |
Clone an existing object
Use this command to clone a specific object.
Usage
icingacli director <type> clone <name> --from <original> [options]
Options
Option | Description |
---|---|
--from <original> |
The name of the object you want to clone |
--<key> <value> |
Override specific properties while cloning |
--replace |
In case an object already exists replace it |
with the clone | |
--flat |
Do no keep inherited properties but create a flat |
object with all resolved/inherited properties |
Examples
icingacli director host clone localhost2 --from localhost
icingacli director host clone localhost3 --from localhost --address 127.0.0.3
Other interesting tasks
Rename objects
There is no rename command, but a simple set
can easily accomplish this task:
icingacli director host set localhost --object_name localhost2
Please note that it is usually absolutely no problem to rename objects with
the Director. Even renaming something essential as a template like the famous
generic-host
will not cause any trouble. At least not unless you have other
components outside your Director depending on that template.
Disable an object
Objects can be disabled. That way they will still exist in your Director DB,
but they will not be part of your next deployment. Toggling the disabled
property is all you need:
icingacli director host set localhost --disabled
Valid values for booleans are y
, n
, 1
and 0
. So to re-enable an object
you could use:
icingacli director host set localhost --disabled n
Working with booleans
As we learned before, y
, n
, 1
and 0
are valid values for booleans. But
custom variables have no data type. And even if there is such, you could always
want to change or override this from CLI. So you usually need to provide booleans
in JSON format in case you need them in a custom variable.
There is however one exception from this rule. CLI parameters without a given
value are handled as boolean flags by the Icinga Web 2 CLI. That explains why
the example disabling an object worked without passing y
or 1
. You could
use this also to set a custom variable to boolean true
:
icingacli director host set localhost --vars.some_boolean
Want to change it to false? No chance this way, you need to pass JSON:
icingacli director host set localhost --json '{ "vars.some_boolean": false }'
This example shows the dot-notation to set a specific custom variable. If we
have had used { "vars": { "some_boolean": false } }
, all other custom vars
on this object would have been removed.
Change object types
The Icinga Director distincts between the following object types:
Type | Description |
---|---|
object |
The default object type. A host, a command and similar |
template |
An Icinga template |
apply |
An apply rule. This allows for assign rules |
external_object |
An external object. Can be referenced and used, will not be |
deployed |
Example for creating a host template:
icingacli director host create 'Some template' \
--object_type template \
--check_command hostalive
Please take a lot of care when modifying object types, you should not do so for a good reason. The CLI allows you to issue operations that are not allowed in the web frontend. Do not use this unless you really understand its implications. And remember, with great power comes great responsibility.
Import/Export Director Objects
Some objects are not directly related to Icinga Objects but used by the Director to manage them. To make it easier for administrators to for example pre-fill an empty Director Instance with Import Sources and Sync Rules, related import/export commands come in handy.
Use icingacli director export <type> [options]
to export objects of a specific
type:
Type | Description |
---|---|
datafields |
Export all DataField definitions |
datalists |
Export all DataList definitions |
hosttemplatechoices |
Export all IcingaTemplateChoiceHost definitions |
importsources |
Export all ImportSource definitions |
jobs |
Export all Job definitions |
syncrules |
Export all SyncRule definitions |
Options
Option | Description |
---|---|
--no-pretty |
JSON is pretty-printed per default. Use this flag to |
enforce unformatted JSON |
Use icingacli director import <type> < exported.json
to import objects of a
specific type:
Type | Description |
---|---|
importsources |
Import ImportSource definitions from STDIN |
syncrules |
Import SyncRule definitions from STDIN |
This feature is available since v1.5.0.
Director Configuration Basket
A basket contains a set of Director Configuration objects (like Templates, Commands, Import/Sync definitions - but not single Hosts or Services). This CLI command allows you to integrate them into your very own workflows
Available Actions
Action | Description |
---|---|
dump |
JSON-dump for objects related to the given Basket |
list |
List configured Baskets |
restore |
Restore a Basket from JSON dump provided on STDIN |
snapshot |
Take a snapshot for the given Basket |
Options
Option | Description |
---|---|
--name |
dump and snapshot require a specific object name |
Use icingacli director basket restore < exported-basket.json
to restore objects
from a specific basket. Take a snapshot or a backup first to be on the safe side.
This feature is available since v1.6.0.
Health Check Plugin
You can use the Director CLI as an Icinga CheckPlugin and monitor your Director Health. This will run all or just one of the following test suites:
Name | Description |
---|---|
config |
Configuration, Schema, Migrations |
sync |
All configured Sync Rules (pending changes are not a problem) |
import |
All configured Import Sources (pending changes are not a problem) |
jobs |
All configured Jobs (ignores disabled ones) |
deployment |
Deployment Endpoint, last deployment outcome |
Usage
icingacli director health check [options]
Options
Option | Description |
---|---|
--check <name> |
Run only a specific test suite |
--<db> <name> |
Use a specific Icinga Web DB resource |
Examples
icingacli director health check
Example for running a check only for the configuration:
icingacli director health check --check config
Sample output:
Director configuration: 5 tests OK
[OK] Database resource 'Director DB' has been specified'
[OK] Make sure the DB schema exists
[OK] There are no pending schema migrations
[OK] Deployment endpoint is 'icinga.example.com'
[OK] There is a single un-deployed change
Kickstart and schema handling
The kickstart
and the migration
command are handled in the automation section,
so they are skipped here.
Configuration handling
Render your configuration
The Director distincts between rendering and deploying your configuration. Rendering means that Icinga 2 config will be pre-rendered and stored to the Director DB. Nothing bad happens if you decide to render the current config thousands of times in a loop. In case a config with the same checksum already exists, it will store - nothing.
You can trigger config rendering by running
icingacli director config render
In case a new config has been created, it will tell you so:
New config with checksum b330febd0820493fb12921ad8f5ea42102a5c871 has been generated
Run it once again, and you'll see that the output changes:
Config with checksum b330febd0820493fb12921ad8f5ea42102a5c871 already exists
Config deployment
Usage
icingacli director config deploy [options]
Options
Option | Description |
---|---|
--checksum <checksum> |
Optionally deploy a specific configuration |
--force |
Force a deployment, even when the configuration hasn't changed |
--wait <seconds> |
Optionally wait until Icinga completed it's restart |
--grace-period <seconds> |
Do not deploy if a deployment took place less than ago |
Examples
You do not need to explicitly render your config before deploying it to your Icinga 2 master node. Just trigger a deployment, it will re-render the current config:
icingacli director config deploy
The output tells you which config has been shipped:
Config 'b330febd0820493fb12921ad8f5ea42102a5c871' has been deployed
Director tries to avoid needless deployments, so in case you immediately deploy again, the output changes:
Config matches active stage, nothing to do
You can override this by adding the --force
parameter. It will then tell you:
Config matches active stage, deploying anyway
In case you want to do not want deploy
to waste time to re-render your
config or in case you decide to re-deploy a specific, eventually older config
version the deploy
command allows you to provide a specific checksum:
icingacli director config deploy --checksum b330febd0820493fb12921ad8f5ea42102a5c871
When using icingacli
deployments in an automated way, and want to avoid fast
consecutive deployments, you can provide a grace period:
icingacli director config deploy --grace-period 300
Deployments status
In case you want to fetch the information about the deployments status, you can call the following CLI command:
icingacli director config deploymentstatus
{
"active_configuration": {
"stage_name": "5c65cae0-4f1b-47b4-a890-766c82681622",
"config": "617b9cbad9e141cfc3f4cb636ec684bd60073be1",
"activity": "4f7bc6600dd50a989f22f82d3513e561ef333363"
}
}
In case there is no active stage name related to the Director, active_configuration is set to null.
Another possibility is to pass a list of checksums to fetch the status of specific deployments and (activity log) activities. Following, you can see an example of how to do it:
icingacli director config deploymentstatus \
--configs 617b9cbad9e141cfc3f4cb636ec684bd60073be1 \
--activities 4f7bc6600dd50a989f22f82d3513e561ef333363
{
"active_configuration": {
"stage_name": "5c65cae0-4f1b-47b4-a890-766c82681622",
"config": "617b9cbad9e141cfc3f4cb636ec684bd60073be1",
"activity": "4f7bc6600dd50a989f22f82d3513e561ef333363"
},
"configs": {
"617b9cbad9e141cfc3f4cb636ec684bd60073be1": "active"
},
"activities": {
"4f7bc6600dd50a989f22f82d3513e561ef333363": "active"
}
}
You can also decide to access directly to a value inside the result JSON by
using the --key
param:
icingacli director config deploymentstatus \
--configs 617b9cbad9e141cfc3f4cb636ec684bd60073be1 \
--activities 4f7bc6600dd50a989f22f82d3513e561ef333363 \
--key active_configuration.config
617b9cbad9e141cfc3f4cb636ec684bd60073be1
Cronjob usage
You could decide to pre-render your config in the background quite often. As of this writing this has one nice advantage. It allows the GUI to find out whether a bunch of changes still results into the very same config. only one
Run sync and import jobs
Import Sources
List available Import Sources
This shows a table with your defined Import Sources, their IDs and current state. As triggering Imports requires an ID, this is where you can look up the desired ID.
icingacli director importsource list
Check a given Import Source for changes
This command fetches data from the given Import Source and compares it to the most recently imported data.
icingacli director importsource check --id <id>
Options
Option | Description |
---|---|
--id <id> |
An Import Source ID. Use the list command to figure out |
--benchmark |
Show timing and memory usage details |
Fetch data from a given Import Source
This command fetches data from the given Import Source and outputs them as plain JSON
icingacli director importsource fetch --id <id>
Options
Option | Description |
---|---|
--id <id> |
An Import Source ID. Use the list command to figure out |
--benchmark |
Show timing and memory usage details |
Trigger an Import Run for a given Import Source
This command fetches data from the given Import Source and stores it to the Director DB, so that the next related Sync Rule run can work with fresh data. In case data didn't change, nothing is going to be stored.
icingacli director importsource run --id <id>
Options
Option | Description |
---|---|
--id <id> |
An Import Source ID. Use the list command to figure out |
--benchmark |
Show timing and memory usage details |
Sync Rules
List defined Sync Rules
This shows a table with your defined Sync Rules, their IDs and current state. As triggering a Sync requires an ID, this is where you can look up the desired ID.
icingacli director syncrule list
Check a given Sync Rule for changes
This command runs a complete Sync in memory but doesn't persist eventual changes.
icingacli director syncrule check --id <id>
Options
Option | Description |
---|---|
--id <id> |
A Sync Rule ID. Use the list command to figure out |
--benchmark |
Show timing and memory usage details |
Trigger a Sync Run for a given Sync Rule
This command builds new objects according your Sync Rule, compares them with existing ones and persists eventual changes.
icingacli director syncrule run --id <id>
Options
Option | Description |
---|---|
--id <id> |
A Sync Rule ID. Use the list command to figure out |
--benchmark |
Show timing and memory usage details |
Database housekeeping
Your database may grow over time and ask for various housekeeping tasks. You can usually store a lot of data in your Director DB before you would even notice a performance impact.
Still, we started to prepare some tasks that assist with removing useless garbage from your DB. You can show available tasks with:
icingacli director housekeeping tasks
The output might look as follows:
Housekeeping task (name) | Count
-----------------------------------------------------------|-------
Undeployed configurations (oldUndeployedConfigs) | 3
Unused rendered files (unusedFiles) | 0
Unlinked imported row sets (unlinkedImportedRowSets) | 0
Unlinked imported rows (unlinkedImportedRows) | 0
Unlinked imported properties (unlinkedImportedProperties) | 0
You could run a specific task with
icingacli director housekeeping run <taskName>
...like in:
icingacli director housekeeping run unlinkedImportedRows
Or you could also run all of them, that's the preferred way of doing this:
icingacli director housekeeping run ALL
Please note that some tasks once issued create work for other tasks, as
lost imported rows might appear once you remove lost row sets. So ALL
is usually the best choice as it runs all of them in the best order.