This document discusses integrating various HashiCorp tools like Packer, Vagrant, Terraform, Consul, and Vault with Icinga monitoring. Packer is used to build machine images while Vagrant provisions virtual machines. Terraform models infrastructure as code and can integrate with Icinga to provision hosts, checks, and notifications. Consul provides service discovery and can trigger Icinga config deployment. Vault manages secrets and certificates that could be used for authentication in Icinga. The presenter demonstrates using these tools together for infrastructure as code and monitoring workflows.
2. ~$ whoami~$ whoami
● I used to be a Molecular Biologist,I used to be a Molecular Biologist,
● Then became a Dev,Then became a Dev,
● Now an Ops.Now an Ops.
● Open Source Consultant @Open Source Consultant @inuits.euinuits.eu
3.
4. PackerPacker
● Open Source tool to make OS imagesOpen Source tool to make OS images
● Supports Cloud Providers, Docker, Vbox, …Supports Cloud Providers, Docker, Vbox, …
(builders)(builders)
● Has hooks to provision the base imagesHas hooks to provision the base images
(provisioners)(provisioners)
● Create artifacts (Post-Processors)Create artifacts (Post-Processors)
6. VagrantVagrant
● Open Source tool to bootstrap vmsOpen Source tool to bootstrap vms
● Supports many vm Providers, Docker, Vbox, …Supports many vm Providers, Docker, Vbox, …
● Has hooks to provision the base imagesHas hooks to provision the base images
(provisioners), Puppet, Chef, Ansible(provisioners), Puppet, Chef, Ansible
13. TerraformTerraform
● Open Source Automation ToolOpen Source Automation Tool
● ““cloud” orientedcloud” oriented
● Cloud are API’sCloud are API’s
● API’s orientedAPI’s oriented
Terraform is an open source automation toolTerraform is an open source automation tool
which can deal with any kind of CRUD api’s –which can deal with any kind of CRUD api’s –
including major cloud providersincluding major cloud providers
14. The Terraform modelThe Terraform model
● You model your infrastructureYou model your infrastructure
● You make a planYou make a plan
● If ok, you apply that planIf ok, you apply that plan
● Current state is saved for future changesCurrent state is saved for future changes
15. HCLHCL
● Hashicorp Configuration LanguageHashicorp Configuration Language
● Yet another cfgmgmt DSLYet another cfgmgmt DSL
● Desired stateDesired state
● Used by multiple hashicorp tools but also 3rdUsed by multiple hashicorp tools but also 3rd
party toolsparty tools
27. Module.infoModule.info
Name: ConsulName: Consul
Version: 1.0.0Version: 1.0.0
Depends: directorDepends: director
Description: Consul module for Icinga Web 2Description: Consul module for Icinga Web 2
This module provides a Consul import source for Icinga DirectorThis module provides a Consul import source for Icinga Director
30. Little bit of ConfigLittle bit of Config
public static function getDefaultKeyColumnName()public static function getDefaultKeyColumnName()
{{
return 'Node';return 'Node';
}}
public static function addSettingsFormFields(QuickForm $form)public static function addSettingsFormFields(QuickForm $form)
{{
$form->addElement('text', 'consul_url', array($form->addElement('text', 'consul_url', array(
'label' => 'HTTP API URL','label' => 'HTTP API URL',
'required' => true,'required' => true,
'value' => 'http://127.0.0.1:8500','value' => 'http://127.0.0.1:8500',
));));
return;return;
}}
31. We are not cave men!We are not cave men!
composer require sensiolabs/consul-php-sdkcomposer require sensiolabs/consul-php-sdk
<?php<?php
useuse IcingaApplicationIcinga;IcingaApplicationIcinga;
require_oncerequire_once __DIR____DIR__ . '/vendor/autoload.php';. '/vendor/autoload.php';
$this->provideHook('director/ImportSource');$this->provideHook('director/ImportSource');
32. Query ConsulQuery Consul
use SensioLabsConsulServiceFactory;use SensioLabsConsulServiceFactory;
public functionpublic function fetchData()fetchData()
{{
$sf = new ServiceFactory($sf = new ServiceFactory(
arrayarray('base_uri' => $this->getSetting('consul_url'))('base_uri' => $this->getSetting('consul_url'))
););
$agent = $sf->get('catalog');$agent = $sf->get('catalog');
return json_decode($agent->nodes()->getBody());return json_decode($agent->nodes()->getBody());
}}
public functionpublic function listColumns()listColumns()
{{
return array_keys((array) current($this->fetchData()));return array_keys((array) current($this->fetchData()));
}}
37. Manual is for AnimalsManual is for Animals
[Unit][Unit]
Description=Director Job runnerDescription=Director Job runner
[Service][Service]
Type=simpleType=simple
ExecStart=/usr/bin/icingacli director jobs run foreverExecStart=/usr/bin/icingacli director jobs run forever
Restart=on-successRestart=on-success
38. Fast FeedbackFast Feedback
::consul::watch { 'director_import':::consul::watch { 'director_import':
type => 'service',type => 'service',
handler => '/usr/local/bin/director_sync_deploy.sh',handler => '/usr/local/bin/director_sync_deploy.sh',
service => 'node_exporter',service => 'node_exporter',
passingonly =>passingonly => truetrue,,
require => File['Director Sync and Deploy'],require => File['Director Sync and Deploy'],
}}
42. VaultVault
● Open Source tool to do secrets managementOpen Source tool to do secrets management
● Secure, store and tightly control access toSecure, store and tightly control access to
tokens, passwords, certificates, encryption keystokens, passwords, certificates, encryption keys
for protecting secrets and other sensitive datafor protecting secrets and other sensitive data
using a UI, CLI, or HTTP API.using a UI, CLI, or HTTP API.
● Certificate managementCertificate management
● Password rotatationPassword rotatation
44. NomadNomad
● Open Source tool to do dynamic workloadOpen Source tool to do dynamic workload
schedulingscheduling
● Batch, containerized, and non-containerizedBatch, containerized, and non-containerized
applications.applications.
● Has native Consul and Vault integrations.Has native Consul and Vault integrations.
45. Monitoring Nomad with Prometheus andMonitoring Nomad with Prometheus and
IcingaIcinga
OSMC, Nuremberg, 6th nov 2019OSMC, Nuremberg, 6th nov 2019