- Overview
- Module Description - What the module does and why it is useful
- Setup - The basics of getting started with icinga2
- Usage - Configuration options and additional functionality
- Reference - An under-the-hood peek at what the module is doing and how
- Development - Guide for contributing to the module
Icinga 2 is a widely used open source monitoring software. This Puppet module helps with installing and managing configuration of Icinga 2 on multiple operating systems.
- Requires Icinga 2 v2.8.0 or higher.
- Feature
api
:- Default for parameter
pki
was changed toicinga2
. - Parameters
ssl_key_path
,ssl_cert_path
,ssl_csr_path
andssl_ca_path
removed. - Deprecated value
ca
of parameterpki
is removed. - Parameter ssl_crl_path was renamed to ssl_crl.
- Default for parameter
- Feature
idopgsql
- Parameter
password
is required now. - Parameter default for
host
is set tolocalhost
- Parameter
- Feature
idomysql
- Parameter
password
is required now. - Parameter default for
host
is set tolocalhost
- Remove parameter
pki
.- Puppet as key, cert or cacert source isn't supported anymore.
- However to use these create file resources with tag to
icinga2::config::file
and source to one of the facts icinga2_puppet_hostcert, icinga2_puppet_hostprivkey, icinga2_puppet_localcacert
- Key and certs now are stored into the certs directory named
IdoMysqlConnection_ido-mysql
by default.
- Parameter
- Feature
elasticsearch
- Remove parameter
pki
.- Puppet as key, cert or cacert source isn't supported anymore.
- However to use these create file resources with tag to
icinga2::config::file
and source to one of the facts icinga2_puppet_hostcert, icinga2_puppet_hostprivkey, icinga2_puppet_localcacert
- Key and certs now are stored into the certs directory and named
ElasticsearchWriter_elasticsearch
by default.
- Remove parameter
- Feature
influxdb
- Remove parameter
pki
.- Puppet as key, cert or cacert source isn't supported anymore.
- However to use these create file resources with tag to
icinga2::config::file
and source to one of the facts icinga2_puppet_hostcert, icinga2_puppet_hostprivkey, icinga2_puppet_localcacert
- Key and certs now are stored into the certs directory named
InfluxdbWriter_influxdb
by default.
- Remove parameter
- compatlogger
- Object removed
- Class
icinga2::pki::ca
- Parameters
ssl_key_path
,ssl_csr_path
andssl_cacert_path
removed. Now the location is at/var/lib/icinga2/certs
on Linux hosts andC:/ProgramData/icinga2/var/lib/icinga2/certs
.
- Parameters
This module installs and configures Icinga 2 on your Linux or Windows hosts.
By default it uses packages provided by your distribution's repository or Chocolatey on Windows.
The module can also be configured to use packages.icinga.com as the primary repository, which enables you to install Icinga 2 versions that are newer than the ones provided by your distribution's vendor. All features and objects available in Icinga 2 can be enabled and configured with this module.
- Installation of packages
- Configuration of features
- Configuration of objects (also apply rules)
- Service
- MySQL / PostgreSQL Database Schema Import
- Repository Management
- Certification Authority
This module supports:
- [puppet] >= 4.10 < 7.0.0
And depends on:
- puppetlabs/stdlib >= 4.16.0 < 7.0.0
- If Puppet 6 is used a stdlib 5.1 or higher is required, see voxpupuli#505
- puppetlabs/concat >= 2.1.0 < 7.0.0
Depending on your setup following modules may also be required:
- puppetlabs/apt >= 6.0.0
- puppetlabs/chocolatey >= 3.1.0
- puppet/zypprepo >= 2.2.1
- [puppetlabs/yumrepo_core] >= 1.0.0
- If Puppet 6 is used
This module has been tested on:
- Ruby >= 1.9
- Debian 8, 9
- Ubuntu 16.04, 18.04
- CentOS/RHEL 6, 7
- Fedora 29
- FreeBSD 10, 11
- SLES 12
- Windows Server 2012 R2, 2016
Other operating systems or versions may work but have not been tested.
The default class icinga2
installs and configures a basic installation of Icinga 2. The features checker
, mainlog
and notification
are enabled by default.
By default, your distribution's packages are used to install Icinga 2. On Windows systems we use the Chocolatey package manager.
Use the manage_repo
parameter to configure the official packages.icinga.com repositories.
class { '::icinga2':
manage_repo => true,
}
Info: If you are using the Icinga Web 2 Puppet module on the same server, make sure to disable the repository management for one of the modules!
Since version 2.0.0 you're able via hiera to overload which repository will be used for installation, e.g. for icinga on YUM based operating systems:
---
icinga2::repo:
baseurl: 'http://myhost.example.org/epel/%{facts.os.release.major}/release/'
proxy: http://proxy.example.org:3128
You can also change or set every other parameter of the underlying resources, supported for operating system families:
- RedHat, resource type: yumrepo
- Debian, define resource: apt::source
- SuSE, resource type: zypprepo
- a workaround is implemented to use a parameter proxy also to download the gpg key thru a proxy, see voxpupuli#397.
If you want to manage the version of Icinga 2, you have to disable the package management of this module and handle packages in your own Puppet code. The attribute manage_repo is also disabled automattically and you have to manage a repository within icinga in front of the package resource, i.e. for a RedHat system:
yumrepo { 'icinga-stable-release':
baseurl => "http://packages.icinga.com/epel/${::operatingsystemmajrelease}/release/",
descr => 'ICINGA (stable release for epel)',
enabled => 1,
gpgcheck => 1,
gpgkey => 'http://packages.icinga.com/icinga.key',
before => Package['icinga2'],
}
package { 'icinga2':
ensure => latest,
notify => Class['icinga2'],
}
class { '::icinga2':
manage_package => false,
}
Note: Be careful with this option: Setting manage_package
to false means that this module will not install any package at
all, including IDO packages!
There are two options how you can enable features:
A default set of features is set with the features
parameter in the ::icinga2
class:
class { '::icinga2':
manage_repo => true,
features => ['checker', 'mainlog', 'command'],
}
To enable a feature and change its configuration, declare the specified feature class:
class { '::icinga2::feature::graphite':
host => '10.10.0.15',
port => 2003,
enable_send_thresholds => true,
enable_send_metadata => true,
}
Make sure that you enable features either in the ::icinga2
class or by declaring the feature class.
The IDO feature can be enabled either in combination with MySQL or PostgreSQL.
Depending on your database you need to enable the feature icinga2::feature::idomysql
or icinga2::feature::idopgsql
.
Both features are capable of importing the base schema into the database, however this is disabled by default. Updating the database schema to another version is currently not supported.
The IDO features require a pre-existing database and a user with permissions to create schema and edit data.
When using MySQL we recommend the puppetlabs/mysql Puppet module to install the database server, create a database and manage user permissions. Here's an example how you create a MySQL database with the corresponding user with permissions by using the puppetlabs/mysql module:
include ::icinga2
include ::mysql::server
mysql::db { 'icinga2':
user => 'icinga2',
password => 'supersecret',
host => '127.0.0.1',
grant => ['SELECT', 'INSERT', 'UPDATE', 'DELETE', 'DROP', 'CREATE VIEW', 'CREATE', 'INDEX', 'EXECUTE', 'ALTER'],
}
class{ '::icinga2::feature::idomysql':
user => 'icinga2',
password => 'supersecret',
database => 'icinga2',
import_schema => true,
require => Mysql::Db['icinga2'],
}
For PostgreSQL we recommend the puppetlabs/puppetlabs-postgresql module. You can install the server, create databases and manage user permissions with the module. Here's an example on how to use it in combination with Icinga 2:
include ::icinga2
include ::postgresql::server
postgresql::server::db { 'icinga2':
user => 'icinga2',
password => postgresql_password('icinga2', 'supersecret'),
}
class{ '::icinga2::feature::idopgsql':
user => 'icinga2',
password => 'supersecret',
database => 'icinga2',
import_schema => true,
require => Postgresql::Server::Db['icinga2'],
}
Icinga 2 can run in three different roles:
- in a master zone which is on top of the hierarchy
- in a satellite zone which is a child of a satellite or master zone
- a standalone client node/zone which works as an agent connected to master and/or satellite zones
To learn more about Icinga 2 Clustering, follow the official docs on distributed monitoring. The following examples show how these roles can be configured using this Puppet module.
A Master zone has no parent and is usually also the place where you enable the IDO and notification features. A master sends configurations over the Icinga 2 protocol to satellites and/or clients.
More detailed examples can be found in the examples directory.
This example creates the configuration for a master that has one satellite connected. A global zone is created for templates, and all features of a typical master are enabled.
class { '::icinga2':
confd => false,
features => ['checker','mainlog','notification','statusdata','compatlog','command'],
constants => {
'ZoneName' => 'master',
},
}
class { '::icinga2::feature::api':
accept_commands => true,
# when having multiple masters, you should enable:
# accept_config => true,
endpoints => {
'master.example.org' => {},
'satellite.example.org' => {
'host' => '172.16.2.11'
}
},
zones => {
'master' => {
'endpoints' => ['master.example.org'],
},
'dmz' => {
'endpoints' => ['satellite.example.org'],
'parent' => 'master',
},
}
}
icinga2::object::zone { 'global-templates':
global => true,
}
A satellite has a parent zone and one or multiple child zones. Satellites are usually created to distribute the monitoring load or to reach delimited zones in the network. A satellite either executes checks itself or delegates them to a client.
The satellite has fewer features enabled, but executes checks similar to a master. It connects to a master zone, and to a satellite or client below in the hierarchy. As parent acts either the master zone, or another satellite zone.
class { '::icinga2':
confd => false,
features => ['checker','mainlog'],
constants => {
'ZoneName' => 'dmz',
},
}
class { '::icinga2::feature::api':
accept_config => true,
accept_commands => true,
fingerprint => 'D8:98:82:1B:14:8A:6A:89:4B:7A:40:32:50:68:01:99:3D:96:72:72',
endpoints => {
'satellite.example.org' => {},
'master.example.org' => {
'host' => '172.16.1.11',
},
},
zones => {
'master' => {
'endpoints' => ['master.example.org'],
},
'dmz' => {
'endpoints' => ['satellite.example.org'],
'parent' => 'master',
},
}
}
icinga2::object::zone { 'global-templates':
global => true,
}
Icinga 2 runs as a client usually on each of your servers. It receives config or commands from a satellite or master zones and runs the checks that have to be executed locally.
The client is connected to the satellite, which is the direct parent zone.
class { '::icinga2':
confd => false,
features => ['checker','mainlog'],
}
class { '::icinga2::feature::api':
pki => 'none',
accept_config => true,
accept_commands => true,
fingerprint => ''D8:98:82:1B:14:8A:6A:89:4B:7A:40:32:50:68:01:99:3D:96:72:72,
endpoints => {
'NodeName' => {},
'satellite.example.org' => {
'host' => '172.16.2.11',
}
},
zones => {
'ZoneName' => {
'endpoints' => ['NodeName'],
'parent' => 'dmz',
},
'dmz' => {
'endpoints' => ['satellite.example.org'],
}
}
}
icinga2::object::zone { 'global-templates':
global => true,
}
The parameter fingerprint
is optional and new since v2.1.0. It's used to validate the certificate of the master.
A fingerprint can be got by openssl x509 -noout -fingerprint -sha1 -inform pem -in master.crt
on the master host.
With this module you can create almost every object that Icinga 2 knows about. When creating objects some parameters are required. This module sets the same requirements as Icinga 2 does. When creating an object you must set a target for the configuration.
Here are some examples for some object types:
icinga2::object::host { 'srv-web1.fqdn.com':
display_name => 'srv-web1.fqdn.com',
address => '127.0.0.1',
address6 => '::1',
check_command => 'hostalive',
target => '/etc/icinga2/conf.d/srv-web1.fqdn.com.conf',
}
icinga2::object::service { 'uptime':
host_name => 'srv-web1.fqdn.com',
display_name => 'Uptime',
check_command => 'check_uptime',
check_interval => '600m',
groups => ['uptime', 'linux'],
target => '/etc/icinga2/conf.d/uptime.conf',
}
icinga2::object::hostgroup { 'monitoring-hosts':
display_name => 'Linux Servers',
groups => [ 'linux-servers' ],
target => '/etc/icinga2/conf.d/groups2.conf',
assign => [ 'host.vars.os == linux' ],
}
To generate a valid Icinga 2 configuration all object attributes are parsed. This simple parsing algorithm takes a decision for each attribute, whether part of the string is to be quoted or not, and how an array or dictionary is to be formatted.
Parsing of a single attribute can be disabled by tagging it with -: at the front of the string.
attr => '-:"unparsed string with quotes"'
An array, a hash or a string can be assigned to an object attribute. True and false are also valid values.
Hashes and arrays are created recursively, and all parts – such as single items of an array, keys and its values are parsed separately as strings.
Strings are parsed in chunks, by splitting the original string into separate substrings at specific keywords (operators)
such as +
, -
, in
, &&
, ||
, etc.
NOTICE: This splitting only works for keywords that are surrounded by whitespace, e.g.:
attr => 'string1 + string2 - string3'
The algorithm will loop over the parameter and start by splitting it into 'string1' and 'string2 - string3'. 'string1' will be passed to the sub function 'value_types' and then the algorithm will continue parsing the rest of the string ('string2 - string3'), splitting it, passing it to value_types, etc.
Brackets are parsed for expressions:
attr => '3 * (value1 - value2) / 2'
The parser also detects function calls and will parse all parameters separately.
attr => 'function(param1, param2, ...)'
True and false can be used as either booleans or strings.
attrs => true or attr => 'true'
In Icinga you can write your own lambda functions with {{ ... }}. For Puppet use:
attrs => '{{ ... }}'
The parser analyzes which parts of the string have to be quoted and which do not.
As a general rule, all fragments are quoted except for the following:
- Boolean:
true
,false
- Numbers:
3
or2.5
- Time Intervals:
3m
or2.5h
(s = seconds, m = minutes, h = hours, d = days) - Functions:
{{ ... }}
or function()
{}
- All constants, which are declared in the constants parameter in main class
icinga2
NodeName
- Names of attributes that belong to the same type of object:
- e.g.
name
andcheck_command
for a host object
- e.g.
- All attributes or variables (custom attributes) from the host, service or user contexts:
host.name
,service.check_command
,user.groups
, ...
Assignment with += and -=:
Now it's possible to build an Icinga DSL code snippet like
vars += config
simply use a string with the prefix '+ ', e.g.
vars => '+ config',
The blank between + and the proper string 'config' is imported for the parser because numbers
attr => '+ -14',
are also possible now. For numbers -= can be built, too:
attr => '- -14',
Arrays can also be marked to merge with '+' or reduce by '-' as the first item of the array:
attr => [ '+', item1, item2, ... ]
Result: attr += [ item1, item2, ... ]
attr => [ '-', item1, item2, ... ]
Result: attr -= [ item1, item2, ... ]
That all works for attributes and custom attributes!
Finally dictionaries can be merged when a key '+' is set:
attr => {
'+' => true,
'key1' => 'val1',
}
Result:
attr += {
"key1" = "val1"
}
If 'attr' is a custom attribute this just works since level 3 of the dictionary:
vars => {
'level1' => {
'level2' => {
'level3' => {
'+' => true,
...
},
},
},
},
Parsed to:
vars.level1["level2"] += level3
Now it's also possible to add multiple custom attributes:
vars => [
{
'a' => '1',
'b' => '2',
},
'config',
{
'c' => {
'd' => {
'+' => true,
'e' => '5',
},
},
},
],
And you'll get:
vars.a = "1"
vars.b = "2"
vars += config
vars.c["d"] += {
"e" = "5"
}
Note: Using an Array always means merge '+=' all items to vars.
It's not currently possible to use arrays or dictionaries in a string, like
attr => 'array1 + [ item1, item2, ... ]'
The following example is for puppet 4 and higher. It shows how icinga2 objects can be read from a hiera datastore. See also examples/objects_from_hiera.pp.
class { 'icinga2':
manage_repo => true,
}
$defaults = lookup('monitoring::defaults')
lookup('monitoring::objects').each |String $object_type, Hash $content| {
$content.each |String $object_name, Hash $object_config| {
ensure_resource(
$object_type,
$object_name,
deep_merge($defaults[$object_type], $object_config))
}
}
The datastore could be like:
---
monitoring::objects:
'icinga2::object::host':
centos7.localdomain:
address: 127.0.0.1
vars:
os: Linux
'icinga2::object::service':
ping4:
check_command: ping4
apply: true
assign:
- host.address
ssh:
check_command: ssh
apply: true
assign:
- host.address && host.vars.os == Linux
monitoring::defaults:
'icinga2::object::host':
import:
- generic-host
target: /etc/icinga2/conf.d/hosts.conf
'icinga2::object::service':
import:
- generic-service
target: /etc/icinga2/conf.d/services.conf
Some objects can be applied to other objects. To create a simple apply rule you
must set the apply
parameter to true
. If this parameter is set to a string,
this string will be used to build an apply for
loop. A service object always
targets a host object. All other objects need to explicitly set an
apply_target
Apply a SSH service to all Linux hosts:
icinga2::object::service { 'SSH':
target => '/etc/icinga2/conf.d/test.conf',
apply => true,
assign => [ 'host.vars.os == Linux' ],
ignore => [ 'host.vars.os == Windows' ],
display_name => 'Test Service',
check_command => 'ssh',
}
Apply notifications to services:
icinga2::object::notification { 'testnotification':
target => '/etc/icinga2/conf.d/test.conf',
apply => true,
apply_target => 'Service',
assign => [ 'host.vars.os == Linux' ],
ignore => [ 'host.vars.os == Windows' ],
user_groups => ['icingaadmins']
}
Assign all Linux hosts to a hostgroup:
icinga2::object::hostgroup { 'monitoring-hosts':
display_name => 'Linux Servers',
groups => [ 'linux-servers' ],
target => '/etc/icinga2/conf.d/groups2.conf',
assign => [ 'host.vars.os == linux' ],
}
A loop to create HTTP services for all vHosts of a host object:
icinga2::object::service { 'HTTP':
target => '/etc/icinga2/conf.d/http.conf',
apply => 'http_vhost => config in host.vars_http_vhost',
assign => [ 'host.vars.os == Linux' ],
display_name => 'HTTP Service',
check_command => 'http',
}
Handling the CA and certificates is an important part of Icinga 2, because the communication between Icinga processes requires SSL/TLS client certificates. This module offers multiple choices to configure this.
One of your Icinga masters needs to behave as a CA. With the class
icinga2::pki::ca
you can do the following to fulfill this requirement:
- Use the the
icinga2
CLI to generate a complete new CA
include ::icinga2
class { '::icinga2::pki::ca':
}
- Set a custom content of the CA certificate and key
include ::icinga2
class { '::icinga2::pki::ca':
ca_cert => '-----BEGIN CERTIFICATE----- ...',
ca_key => '-----BEGIN RSA PRIVATE KEY----- ...',
}
- Transfer a CA certificate and key from an existing CA by using the file resource:
include ::icinga2
file { '/var/lib/icinga2/ca/ca.crt':
source => '...',
tag => 'icinga2::config::file',
}
file { '/var/lib/icinga2/ca/ca.key':
source => '...',
tag => 'icinga2::config::file',
}
- Create a new CA with the
icinga2
CLI command and a certificate signed by this new CA. This is useful especially when setting up a new Icinga 2 master.
class { '::icinga2':
constants => {
'TicketSalt' => '5a3d695b8aef8f18452fc494593056a4',
}
}
class { '::icinga2::pki::ca': }
class { '::icinga2::feature::api':
pki => 'none',
endpoints => {
'localhost' => {
'host' => 'localhost',
}
},
zones => {
'master' => {
'endpoints' => ['localhost']
}
}
}
If you are looking for an option to use your Puppet CA, have a look at the Client/Satellite Certificates section.
In addition to the master, each client and satellite needs valid certificates to communicate with other Icinga 2 instances. This module offers following options to create these certificates:
- Use Puppet's CA and its client certificates. This is convenient since you don't need to maintain an additional CA.
include ::icinga2::feature::api
- Use a custom function implemented in this module to generate a certificate. This feature will do the following:
- Generate a key and certificate based on the FQDN of the host
- Save the certificate of another Icinga 2 instance, usually the Icinga master where your Icinga CA is located
- Validate the certificate of the other Icinga 2 instance by it's fingerprint
- Generate a ticket based on the TicketSalt
- Request a signed certificate at your Icinga CA
class { '::icinga2::feature::api':
pki => 'icinga2',
ca_host => 'icinga2-master.example.com',
fingerprint => 'D8:98:82:1B:14:8A:6A:89:4B:7A:40:32:50:68:01:99:3D:96:72:72',
ticket_salt => '5a3d695b8aef8f18452fc494593056a4',
accept_config => true,
accept_commands => true,
endpoints => {
'NodeName' => {},
'icinga2-master.example.com' => {
'host' => '192.168.56.103',
}
},
zones => {
'NodeName' => {
'endpoints' => ['NodeName'],
'parent' => 'master',
},
'master' => {
'endpoints' => ['icinga2-master.example.com']
}
}
}
- Use custom file resources to transfer your own certificate and key
class { '::icinga2::feature::api':
pki => 'none',
}
file { "/var/lib/icinga2/certs/${::fqdn}.crt":
ensure => file,
tag => 'icinga2::config::file',
source => "puppet:///modules/profiles/certificates/${::fqdn}.crt",
}
file { "/var/lib/icinga2/certs/${::fqdn}.key":
ensure => file,
tag => 'icinga2::config::file',
source => "puppet:///modules/profiles/private_keys/${::fqdn}.key",
}
- Set a custom content for the certificate and key
class { '::icinga2::feature::api':
pki => 'none',
ssl_cacert => '-----BEGIN CERTIFICATE----- ...',
ssl_key => '-----BEGIN RSA PRIVATE KEY----- ...',
ssl_cert => '-----BEGIN CERTIFICATE----- ...',
}
- Fine tune TLS / SSL settings
class { '::icinga2::feature::api':
ssl_protocolmin => 'TLSv1.2',
ssl_cipher_list => 'HIGH:MEDIUM:!aNULL:!MD5:!RC4',
}
Sometimes it's necessary to cover very special configurations, that you cannot handle with this module. In this case you
can use the icinga2::config::file
tag on your file resource. The module collects all file resource types with this
tag and triggers a reload of Icinga 2 on a file change.
include ::icinga2
file { '/etc/icinga2/conf.d/for-loop.conf':
ensure => file,
source => '...',
tag => 'icinga2::config::file',
}
If you want to add custom configuration fragments to existing config files, you can do this with
icinga2::config::fragment
. It adds content into a specified target to the position you set in the order parameter.
You can use also Puppet templates to set the content of the config fragment.
For example, you can add custom functions to existing config files:
include ::icinga2
icinga2::object::service { 'load':
display_name => 'Load',
apply => true,
check_command => 'load',
assign => ['vars.os == Linux'],
target => '/etc/icinga2/conf.d/service_load.conf',
order => 30,
}
icinga2::config::fragment { 'load-function':
target => '/etc/icinga2/conf.d/service_load.conf',
order => 10,
content => 'vars.load_wload1 = {{
if (get_time_period("backup").is_inside) {
return 20
} else {
return 5
}
}}',
}
- Public classes
- Class: icinga2
- Class: icinga2::feature::checker
- Class: icinga2::feature::mainlog
- Class: icinga2::feature::notification
- Class: icinga2::feature::command
- Class: icinga2::feature::compatlog
- Class: icinga2::feature::graphite
- Class: icinga2::feature::livestatus
- Class: icinga2::feature::opentsdb
- Class: icinga2::feature::perfdata
- Class: icinga2::feature::statusdata
- Class: icinga2::feature::syslog
- Class::icinga2::feature::debuglog
- Class::icinga2::feature::elasticsearch
- Class::icinga2::feature::gelf
- Class::icinga2::feature::influxdb
- Class::icinga2::feature::api
- Class::icinga2::feature::idopgsql
- Class::icinga2::feature::idomysql
- Class::icinga2::pki::ca
- Private classes
- Public defined types
- Defined type: icinga2::object::endpoint
- Defined type: icinga2::object::zone
- Defined type: icinga2::object::apiuser
- Defined type: icinga2::object::checkcommand
- Defined type: icinga2::object::host
- Defined type: icinga2::object::hostgroup
- Defined type: icinga2::object::dependency
- Defined type: icinga2::object::timeperiod
- Defined type: icinga2::object::usergroup
- Defined type: icinga2::object::user
- Defined type: icinga2::object::notificationcommand
- Defined type: icinga2::object::notification
- Defined type: icinga2::object::service
- Defined type: icinga2::object::servicegroup
- Defined type: icinga2::object::scheduleddowntime
- Defined type: icinga2::object::eventcommand
- Defined type: icinga2::object::checkresultreader
- Defined type: icinga2::config::fragment
- Private defined types
The default class of this module. It handles the basic installation and configuration of Icinga 2. When you declare this class, Puppet will do the following:
- Install Icinga 2
- Place a default configuration for the Icinga 2 daemon
- Keep the default configuration of the Icinga 2 package
- Start Icinga 2 and enable the service
This class can be declared without adjusting any parameter:
class { '::icinga2': }
Parameters within icinga2
:
Defines if the service should be running
or stopped
. Defaults to running
If set to true
the Icinga 2 service will start on boot. Defaults to true
.
When set to true
this module will install the packages.icinga.com repository. With this official repo
you can get the latest version of Icinga. When set to false
the operating systems default will be used. As the Icinga
Project does not offer a Chocolatey repository, you will get a warning if you enable this parameter on Windows.
Default is false
. NOTE: will be ignored if manage_package is set to false.
If set to false packages aren't managed. Defaults to true
.
Lets you decide if the Icinga 2 daemon should be reloaded when configuration files have changed. Defaults to true
A list of features to enable by default. Defaults to [checker, mainlog, notification]
Define if configuration files for features not managed by Puppet should be purged. Defaults to true.
Hash of constants. Defaults are set in the params class. Your settings will be merged with the defaults.
A list of the ITL plugins to load. Defaults to [ 'plugins', 'plugins-contrib', 'windows-plugins', 'nscp' ]
.
conf.d
is the directory where Icinga 2 stores its object configuration by default. To disable it,
set this parameter to false
. By default this parameter is true
. It's also possible to assign your
own directory. This directory and must be managed outside of this module as file resource
with tag icinga2::config::file.
Enables or disables the checker
feature.
Parameters of icinga2::feature::checker
:
Either present
or absent
. Defines if the feature checker
should be enabled. Defaults to present
.
The maximum number of concurrent checks. Defaults to 512
.
Enables or disables the mainlog
feature.
Parameters of icinga2::feature::mainlog
:
Either present
or absent
. Defines if the feature mainlog
should be enabled. Defaults to present
.
Sets the severity of the mainlog
feature. Can be set to:
information
notice
warning
debug
Defaults to information
Absolute path to the logging file. Default depends on platform:
- Linux:
/var/log/icinga2/icinga2.log
- Windows:
C:/ProgramData/icinga2/var/log/icinga2/icinga2.log
Enables or disables the notification
feature.
Parameters of icinga2::feature::notification
:
Either present
or absent
. Defines if the feature notification
should be enabled. Defaults to present
.
Notifications are load-balanced amongst all nodes in a zone. By default this functionality is enabled. If your nodes should send out notifications independently from any other nodes (this will cause duplicated notifications if not properly handled!), you can set enable_ha to false.
Enables or disables the command
feature. Notice: The feature is deprecated and will be removed in Icinga 2 2.11.0.
Parameters of icinga2::feature::command
:
Either present
or absent
. Defines if the feature command
should be enabled. Defaults to present
.
Absolute path to the command pipe. Default depends on platform:
- Linux:
/var/run/icinga2/cmd/icinga2.cmd
- Windows:
C:/ProgramData/icinga2/var/run/icinga2/cmd/icinga2.cmd
Enables or disables the compatlog
feature.
Parameters of icinga2::feature::compatlog
:
Either present
or absent
. Defines if the feature compatlog
should be enabled. Defaults to present
.
Absolute path to the command pipe. Default depends on platform:
- Linux:
/var/run/icinga2/cmd/icinga2.cmd
- Windows:
C:/ProgramData/icinga2/var/run/icinga2/cmd/icinga2.cmd
Absolute path to the log directory. Default depends on platform:
- Linux:
/var/log/icinga2/compat
- Windows:
C:/ProgramData/icinga2/var/log/icinga2/compat
Sets how often should the log file be rotated. Valid options are:
HOURLY
DAILY
(Icinga default)WEEKLY
MONTHLY
Enables or disables the graphite
feature.
Parameters of icinga2::feature::graphite
:
Either present
or absent
. Defines if the feature graphite
should be enabled. Defaults to present
.
Graphite Carbon host address. Icinga defaults to 127.0.0.1
.
Graphite Carbon port. Icinga defaults to 2003
.
Template for metric path of hosts. Icinga defaults to icinga2.$host.name$.host.$host.check_command$
.
Template for metric path of services. Icinga defaults to icinga2.$host.name$.services.$service.name$.$service.check_command$
.
Send thresholds as metrics. Icinga defaults to false.
Send metadata as metrics. Icinga defaults to false.
Enables or disables the livestatus
feature.
Parameters of icinga2::feature::livestatus
:
Either present
or absent
. Defines if the feature livestatus
should be enabled. Defaults to present
.
Specifies the socket type. Can be either 'tcp' or 'unix'. Icinga defaults to 'unix'
IP address to listen for connections. Only valid when socket_type is tcp
. Icinga defaults to 127.0.0.1
Port to listen for connections. Only valid when socket_type is tcp
. Icinga defaults to 6558
Specifies the path to the UNIX socket file. Only valid when socket_type is unix
. Default depends on platform:
- Linux:
/var/run/icinga2/cmd/livestatus
- Windows:
C:/ProgramData/icinga2/var/run/icinga2/cmd/livestatus
Required for historical table queries. Requires CompatLogger
feature to be enabled. Default depends platform:
Linux: var/icinga2/log/icinga2/compat
Windows: C:/ProgramData/icinga2/var/log/icinga2/compat
Enables or disables the opentsdb
feature.
Parameters of icinga2::feature::opentsdb
:
Either present
or absent
. Defines if the feature opentsdb
should be enabled. Defaults to present
.
OpenTSDB host address. Icinga defaults to 127.0.0.1
OpenTSDB port. Icinga defaults to 4242
Enables or disables the perfdata
feature.
Parameters of icinga2::feature::perfdata
:
Either present
or absent
. Defines if the feature perfdata
should be enabled. Defaults to present
.
Absolute path to the perfdata file for hosts. Default depends on platform:
- Linux:
/var/spool/icinga2/host-perfdata
- Windows:
C:/ProgramData/icinga2/var/spool/icinga2/host-perfdata
Absolute path to the perfdata file for services. Default depends on platform:
- Linux:
/var/spool/icinga2/service-perfdata
- Windows:
C:/ProgramData/icinga2/var/spool/icinga2/service-perfdata
Path to the temporary host file. Defaults depends on platform:
- Linux:
/var/spool/icinga2/tmp/host-perfdata
- Windows:
C:/ProgramData/icinga2/var/spool/icinga2/tmp/host-perfdata
Path to the temporary service file. Defaults depends on platform:
- Linux:
/var/spool/icinga2/tmp/host-perfdata
- Windows:
C:/ProgramData/icinga2/var/spool/icinga2/tmp/host-perfdata
Host Format template for the performance data file. Icinga defaults to a template that's suitable for use with PNP4Nagios.
Service Format template for the performance data file. Icinga defaults to a template that's suitable for use with PNP4Nagios.
Rotation interval for the files specified in {host,service}_perfdata_path
. Can be written in minutes or seconds,
i.e. 1m
or 15s
. Icinga defaults to 30s
Enables or disables the statusdata
feature. The feature is deprecated and will be removed in Icinga 2 2.11.0.
Parameters of icinga2::feature::statusdata
:
Either present
or absent
. Defines if the feature statusdata
should be enabled. Defaults to present
.
Absolute path to the status.dat file. Defaults depend on platform:
- Linux:
/var/cache/icinga2/status.dat
- Windows:
C:/ProgramData/icinga2/var/cache/icinga2/status.dat
Absolute path to the object.cache file. Defaults depend on platform:
- Linux:
/var/cache/icinga2/object.cache
- Windows:
C:/ProgramData/icinga2/var/cache/icinga2/object.cache
Interval in seconds to update both status files. You can also specify it in minutes with the letter m or in seconds
with s. Icinga defaults to 15s
Enables or disables the syslog
feature.
Parameters of icinga2::feature::syslog
:
Either present
or absent
. Defines if the feature syslog
should be enabled. Defaults to present
.
Set severity level for logging to syslog. Available options are:
information
notice
warning
(Icinga default)critical
debug
Defines the facility to use for syslog entries. This can be a facility constant like FacilityDaemon. Available options are:
FacilityAuth
FacilityAuthPriv
FacilityCron
FacilityDaemon
FacilityFtp
FacilityKern
FacilityLocal0
FacilityLocal1
FacilityLocal2
FacilityLocal3
FacilityLocal4
FacilityLocal5
FacilityLocal6
FacilityLocal7
FacilityLpr
FacilityMail
FacilityNews
FacilitySyslog
FacilityUser
(Icinga default)FacilityUucp
Enables or disables the debuglog
feature.
Parameters of icinga2::feature::debuglog
:
Either present
or absent
. Defines if the feature debuglog
should be enabled. Defaults to present
.
Absolute path to the log file. Default depends on platform:
- Linux:
/var/log/icinga2/debug.log
- Windows:
C:/ProgramData/icinga2/var/log/icinga2/debug.log
Enables or disables the elasticsearch
feature.
Parameters of icinga2::feature::elasticsearch
:
Either present
or absent
. Defines if the feature elasticsearch
should be enabled. Defaults to present
.
Elasticsearch host address. Icinga defaults to 127.0.0.1
Elasticsearch HTTP port. Icinga defaults to 9200
Elasticsearch index name. Icinga defaults to icinga2
Elasticsearch user name.
Elasticsearch user password.
Either enable or disable SSL. Other SSL parameters are only affected if this is set to true
. Defaults to false
.
CA certificate to validate the remote host.
Host certificate to present to the remote host for mutual verification.
Host key to accompany the ssl_cert.
Whether to send check performance data metrics. Icinga defaults to false
.
How long to buffer data points before transferring to Elasticsearch. Icinga defaults to 10s
How many data points to buffer before forcing a transfer to Elasticsearch. Icinga defaults to 1024
Enables or disables the gelf
feature.
Parameters of icinga2::feature::gelf
:
Either present
or absent
. Defines if the feature gelf
should be enabled. Defaults to present
.
GELF receiver host address. Icinga defaults to 127.0.0.1
GELF receiver port. Icinga defaults to 12201
Source name for this instance. Icinga defaults to icinga2
Enable performance data for CHECK RESULT events. Icinga defaults to false
.
Enables or disables the influxdb
feature.
Parameters of icinga2::feature::influxdb
:
Either present
or absent
. Defines if the feature influxdb
should be enabled. Defaults to present
.
InfluxDB host address. Icinga defaults to 127.0.0.1
.
InfluxDB HTTP port. Icinga defaults to 8086
.
InfluxDB database name. Icinga defaults to icinga2
.
InfluxDB user name.
InfluxDB user password.
Either enable or disable SSL. Other SSL parameters are only affected if this is set to true
. Icinga defaults to false
.
CA certificate to validate the remote host.
Host certificate to present to the remote host for mutual verification.
Host key to accompany the ssl_cert.
The value of this is used for the measurement setting in host_template. Defaults to $host.check_command$
.
Tags defined in this hash will be set in the host_template.
class { '::icinga2::feature::influxdb':
host_measurement => '$host.check_command$',
host_tags => { hostname => '$host.name$' },
}
The value of this is used for the measurement setting in host_template. Defaults to $service.check_command$
.
Tags defined in this hash will be set in the service_template.
class { '::icinga2::feature::influxdb':
service_measurement => '$service.check_command$',
service_tags => { hostname => '$host.name$', service => '$service.name$' },
}
Whether to send warn, crit, min & max tagged data. Icinga defaults to false
.
Whether to send check metadata e.g. states, execution time, latency etc. Icinga defaults to false
.
How long to buffer data points before transferring to InfluxDB. Icinga defaults to 10s
.
How many data points to buffer before forcing a transfer to InfluxDB. Icinga defaults to 1024
.
Enables or disables the api
feature.
Parameters of icinga2::feature::api
:
Either present
or absent
. Defines if the feature api
should be enabled. Defaults to present
.
Provides multiple sources for the certificate and key.
puppet
Copies the key, cert and CA cert from the Puppet ssl directory to the Icinga cert directory.- Linux:
/var/lib/icinga2/certs
- Windows:
C:/ProgramData/icinga2/var/lib/icinga2/certs
- Linux:
icinga2
Uses the icinga2 CLI to generate a Certificate and Key The ticket is generated on the Puppet master by using the configured 'ticket_salt' in a custom function.none
Does nothing and you either have to manage the files yourself as file resources or use thessl_key
,ssl_cert
,ssl_cacert
parameters.
The private key in a base64 encoded string to store in cert directory. This parameter requires pki to be set to 'none'.
The certificate in a base64 encoded string to store in cert directory This parameter requires pki to be set to 'none'.
The CA root certificate in a base64 encoded string to store in cert directory. This parameter requires pki to be set to 'none'.
Optional location of the certificate revocation list.
Accept zone configuration. Defaults to false
Accept remote commands. Defaults to false
This host will be connected to request the certificate. Set this if you use the icinga2
pki.
Port of the ca_host
. Defaults to 5665
Fingerprint of the CA host certificate for validation. Requires pki is set to icinga2
.
You can get the fingerprint via openssl x509 -noout -fingerprint -sha1 -inform pem -in [certificate-file.crt]
on your CA host.
Salt to use for ticket generation. The salt is stored to api.conf if none
or ca
is chosen for pki
.
Defaults to constant TicketSalt
.
Hash to configure endpoint objects. Defaults to { 'NodeName' => {} }
. NodeName
is a Icinga 2 constant.
Hash to configure zone objects. Defaults to { 'ZoneName' => {'endpoints' => ['NodeName']} }
. ZoneName
and NodeName
are Icinga 2 constants.
Minimal TLS version to require. Default undef (e.g. TLSv1.2
)
List of allowed TLS ciphers, to fine tune encryption. Default undef (e.g. HIGH:MEDIUM:!aNULL:!MD5:!RC4
)
The IP address the api listener will be bound to. (e.g. 0.0.0.0)
The port the api listener will be bound to. (e.g. 5665)
Specifies an array of origin URLs that may access the API.
Indicates whether or not the actual request can be made using credentials. Defaults to true
.
Used in response to a preflight request to indicate which HTTP headers can be used when making the actual request.
Defaults to Authorization
.
Used in response to a preflight request to indicate which HTTP methods can be used when making the actual request.
Defaults to GET, POST, PUT, DELETE
.
Enables or disables the ido-pgsql
feature.
Parameters of icinga2::feature::idopgsql
:
Either present
or absent
. Defines if the feature ido-pgsql
should be enabled. Defaults to present
.
PostgreSQL database host address. Defaults to localhost
.
PostgreSQL database port. Defaults to 5432
.
PostgreSQL database user with read/write permission to the icinga database. Icinga defaults to icinga
.
PostgreSQL database user's password.
PostgreSQL database name. Icinga defaults to icinga
PostgreSQL database table prefix. Icinga defaults to icinga_
Whether to import the PostgreSQL schema or not. Defaults to false
Enables or disables the gelf
feature.
Parameters of icinga2::feature::idomysql
:
Either present
or absent
. Defines if the feature ido-mysql
should be enabled. Defaults to present
.
MySQL database host address. Icinga defaults to localhost
.
MySQL database port. Icinga defaults to 3306
.
MySQL socket path.
MySQL database user with read/write permission to the icinga database. Icinga defaults to icinga
.
MySQL database user's password.
MySQL database name. Icinga defaults to icinga
.
Either enable or disable SSL. Other SSL parameters are only affected if this is set to 'true'. Icinga defaults to 'false'.
MySQL SSL client key file path. Only valid if ssl is set to none
.
MySQL SSL certificate file path. Only valid if ssl is set to none
.
MySQL SSL certificate authority certificate file path. Only valid if ssl is set to none
.
MySQL SSL trusted SSL CA certificates in PEM format directory path. Only valid if ssl is enabled.
MySQL SSL list of allowed ciphers. Only valid if ssl is enabled.
MySQL database table prefix. Icinga defaults to icinga_
.
Unique identifier for the local Icinga 2 instance. Icinga defaults to default
.
Description for the Icinga 2 instance.
Enable the high availability functionality. Only valid in a cluster setup. Icinga defaults to true
.
Set the fail-over timeout in a HA cluster. Must not be lower than 60s. Icinga defaults to 60s
.
Hash with items for historical table cleanup.
Array of information types that should be written to the database.
Whether to import the MySQL schema or not. Defaults to false
.
This class provides multiple ways to create the CA used by Icinga 2. By default it will create a CA by using the Icinga 2 CLI. If you want to use your own CA you will either have to transfer it by using a file resource or you can set the content of your certificate and key in this class.
Parameters of icinga2::pki::ca
:
Content of the CA certificate. If this is unset, a certificate will be generated with the Icinga 2 CLI.
Content of the CA key. If this is unset, a key will be generated with the Icinga 2 CLI.
Installs the packages.icinga.com repository. Depending on your operating system puppetlabs/apt or puppetlabs/chocolatey are required.
Handles the installation of the Icinga 2 package.
Installs basic configuration files required to run Icinga 2.
Starts/stops and enables/disables the service.
Set to present enables the endpoint object, absent disables it. Defaults to present.
Set the Icinga 2 name of the endpoint object. Defaults to title of the define resource.
Optional. The IP address of the remote Icinga 2 instance.
The service name/port of the remote Icinga 2 instance. Defaults to 5665.
Duration for keeping replay logs on connection loss. Defaults to 1d
(86400 seconds). Attribute is specified in seconds.
If log_duration
is set to 0
, replaying logs is disabled. You could also specify the value in human readable format
like 10m
for 10 minutes or 1h
for one hour.
Destination config file to store in this object. File will be declared at the first time.
String or integer to set the position in the target file, sorted alpha numeric. Defaults to 40.
Set to present enables the zone object, absent disables it. Defaults to present
Set the name of the zone object. Defaults to the title of the define resource.
List of endpoints that belong to this zone.
Parent zone to this zone.
If set to true
, a global zone is defined and the parameter endpoints and parent are ignored. Defaults to false
.
Destination config file to store in this object. File will be declared at the first time.
String or integer to control the position in the target file, sorted alpha numeric. Defauts to 45.
Set to present enables the apiuser object, absent disables it. Defaults to present.
Set the name of the apiuser object. Defaults to title of the define resource.
Password string.
Optional. Client Common Name (CN).
Array of permissions. Either as string or dictionary with the keys permission and filter. The latter must be specified as function.
Destination config file to store in this object. File will be declared at the first time.
String or integer to control the position in the target file, sorted alpha numeric. Defaults to 30.
permissions = [ "*" ]
permissions = [ "objects/query/Host", "objects/query/Service" ]
permissions = [
{
permission = "objects/query/Host"
filter = {{ regex("^Linux", host.vars.os) }}
},
{
permission = "objects/query/Service"
filter = {{ regex("^Linux", service.vars.os) }}
}
]
Set to present enables the checkcommand object, absent disables it. Defaults to present.
Title of the CheckCommand object.
Sorted List of templates to include. Defaults to an empty list.
The command. This can either be an array of individual command arguments. Alternatively a string can be specified in
which case the shell interpreter (usually /bin/sh) takes care of parsing the command. When using the arguments
attribute this must be an array. Can be specified as function for advanced implementations.
A dictionary of macros which should be exported as environment variables prior to executing the command.
A dictionary containing custom attributes that are specific to this service, a string to do operations on this dictionary or an array for multiple use of custom attributes.
The command timeout in seconds. Defaults to 60
seconds.
A dictionary of command arguments.
Destination config file to store in this object. File will be declared the first time.
String or integer to set the position in the target file, sorted alpha numeric. Defaults to 15.
Set to present enables the host object, absent disables it. Defaults to present.
Hostname of the Host object.
Sorted List of templates to include. Defaults to an empty list.
A short description of the host (e.g. displayed by external interfaces instead of the name if set).
The host's address v4.
The host's address v6.
A dictionary containing custom attributes that are specific to this service, a string to do operations on this dictionary or an array for multiple use of custom attributes.
A list of host groups this host belongs to.
The name of the check command.
The number of times a host is re-checked before changing into a hard state. Defaults to 3
The name of a time period which determines when this host should be checked. Not set by default.
Check command timeout in seconds. Overrides the CheckCommand's timeout attribute.
The check interval (in seconds). This interval is used for checks when the host is in a HARD state. Defaults to 5
minutes.
The retry interval (in seconds). This interval is used for checks when the host is in a SOFT state. Defaults to 1
minute.
Whether notifications are enabled. Defaults to true
Whether active checks are enabled. Defaults to true
Whether passive checks are enabled. Defaults to true
Enables event handlers for this host. Defaults to true
Whether flap detection is enabled. Defaults to false
Whether performance data processing is enabled. Defaults to true
The name of an event command that should be executed every time the host's state changes or the host is in a SOFT state.
The flapping threshold in percent when a host is considered to be flapping.
The volatile setting enables always HARD state types if NOT-OK state changes occur.
The zone this object is a member of.
The endpoint where commands are executed on.
Notes for the host.
Url for notes for the host (for example, in notification commands).
Url for actions for the host (for example, an external graphing tool).
Icon image for the host. Used by external interfaces only.
Icon image description for the host. Used by external interface only.
Set to true creates a template instead of an object. Defaults to false
Destination config file to store in this object. File will be declared the first time.
String or integer to set the position in the target file, sorted alpha numeric. Defaults to 50.
Set to present enables the hostgroup object, absent disables it. Defaults to present.
A short description of the host group.
An array of nested group names.
Assign host group members using the group assign rules.
Destination config file to store in this object. File will be declared at the first time.
String or integer to set the position in the target file, sorted alpha numeric. Defaults to 55.
Set to present enables the dependency object, absent disabled it. Defaults to present
Set the Icinga 2 name of the dependency object. Defaults to title
of the define resource.
The parent host.
The parent service. If omitted, this dependency object is treated as host dependency.
The child host.
The child service. If omitted, this dependency object is treated as host dependency.
Whether to disable checks when this dependency fails. Defaults to false
Whether to disable notifications when this dependency fails. Defaults to true
Whether to ignore soft states for the reachability calculation. Defaults to true
Time period during which this dependency is enabled.
A list of state filters when this dependency should be OK. Defaults to [ OK, Warning ] for services and [ Up ] for hosts.
Dispose an apply instead an object if set to 'true'. Value is taken as statement, i.e. 'vhost => config in host.vars.vhosts'. Defaults to false.
Set dependency_name as prefix in front of 'apply for'. Only effects if apply is a string. Defaults to false.
An object type on which to target the apply rule. Valid values are Host
and Service
. Defaults to Host
.
Assign user group members using the group assign rules.
Exclude users using the group ignore rules.
Set to true creates a template instead of an object. Defaults to false
Sorted List of templates to include. Defaults to an empty list.
Destination config file to store in this object. File will be declared the first time.
String or integer to set the position in the target file, sorted alpha numeric. Defaults to 70.
Set to present enables the timeperiod object, absent disabled it. Defaults to present
Set the Icinga 2 name of the timeperiod object. Defaults to title
of the define resource.
A short description of the time period.
Sorted List of templates to include. Defaults to [ "legacy-timeperiod" ].
A dictionary containing information which days and durations apply to this timeperiod.
Boolean whether to prefer timeperiods includes or excludes. Default to true
An array of timeperiods, which should exclude from your timerange.
An array of timeperiods, which should include into your timerange
Set to true creates a template instead of an object. Defaults to false
Destination config file to store this object in. File will be declared on the first run.
String or integer to control the position in the target file, sorted alpha numeric. Defaults to 35.
Set to present enables the usergroup object, absent disables it. Defaults to present
Set the Icinga 2 name of the usergroup object. Defaults to title
of the define resource.
Set the Icinga 2 name of the user object. Defaults to title of the define resource.
A short description of the service group.
An array of nested group names.
Assign user group members using the group assign rules.
Exclude users using the group ignore rules.
Set to true creates a template instead of an object. Defaults to false
Sorted List of templates to include. Defaults to an empty list.
Destination config file to store in this object. File will be declared the first time.
String or integer to set the position in the target file, sorted alpha numeric. Defaults to 80.
Set to present enables the user object, absent disables it. Defaults to present
A short description of the user.
An email string for this user. Useful for notification commands.
A pager string for this user. Useful for notification commands.
A dictionary containing custom attributes that are specific to this service, a string to do operations on this dictionary or an array for multiple use of custom attributes.
An array of group names.
Whether notifications are enabled for this user.
The name of a time period which determines when a notification for this user should be triggered. Not set by default.
A set of type filters when this notification should be triggered. By default everything is matched.
A set of state filters when this notification should be triggered. By default everything is matched.
Set to true creates a template instead of an object. Defaults to false
Sorted List of templates to include. Defaults to an empty list.
Destination config file to store in this object. File will be declared the first time.
String or integer to set the position in the target file, sorted alpha numeric. Defaults to 75.
Set to present enables the notificationcommand object, absent disabled it. Defaults to present.
Set the Icinga 2 name of the notificationcommand object. Defaults to title
of the define resource.
The "execute" script method takes care of executing the notification. The default template "plugin-notification-command" which is imported into all CheckCommand objects takes care of this setting.
The command. This can either be an array of individual command arguments. Alternatively a string can be specified in which case the shell interpreter (usually /bin/sh) takes care of parsing the command.
A dictionary of macros which should be exported as environment variables prior to executing the command.
A dictionary containing custom attributes that are specific to this service, a string to do operations on this dictionary or an array for multiple use of custom attributes.
The command timeout in seconds. Defaults to 60
seconds.
A dictionary of command arguments.
Set to true creates a template instead of an object. Defaults to false
Sorted List of templates to include. Defaults to an empty list.
Destination config file to store in this object. File will be declared the first time.
String or integer to set the position in the target file, sorted alpha numeric. Defaults to 25.
Set to present enables the notification object, absent disables it. Defaults to present
Set the Icinga 2 name of the notification object. Defaults to title
of the define resource.
The name of the host this notification belongs to.
The short name of the service this notification belongs to. If omitted, this notification object is treated as host notification.
A dictionary containing custom attributes that are specific to this service, a string to do operations on this dictionary or an array for multiple use of custom attributes.
A list of user names who should be notified.
A list of user group names who should be notified.
A dictionary containing begin and end attributes for the notification.
The name of the notification command which should be executed when the notification is triggered.
The notification interval (in seconds). This interval is used for active notifications. Defaults to 30
minutes. If set
to 0, re-notifications are disabled.
The name of a time period which determines when this notification should be triggered. Not set by default.
The zone this object is a member of.
A list of type filters when this notification should be triggered. By default everything is matched.
A list of state filters when this notification should be triggered. By default everything is matched.
Dispose an apply instead an object if set to 'true'. Value is taken as statement, i.e. 'vhost => config in host.vars.vhosts'. Defaults to false.
Set notification_name as prefix in front of 'apply for'. Only effects if apply is a string. Defaults to false.
An object type on which to target the apply rule. Valid values are Host
and Service
. Defaults to Host
.
Set to true creates a template instead of an object. Defaults to false
Sorted List of templates to include. Defaults to an empty list.
Destination config file to store in this object. File will be declared the first time.
String or integer to set the position in the target file, sorted alpha numeric. Defaults to 85.
Set to present enables the service object, absent disables it. Defaults to present
Set the Icinga 2 name of the service object. Defaults to title
of the define resource.
A short description of the service.
The host this service belongs to. There must be a Host object with that name.
The service name. Must be unique on a per-host basis (Similar to the service_description attribute in Icinga 1.x).
The service groups this service belongs to.
A dictionary containing custom attributes that are specific to this service, a string to do operations on this dictionary or an array for multiple use of custom attributes.
The name of the check command.
The number of times a service is re-checked before changing into a hard state. Defaults to 3
The name of a time period which determines when this service should be checked. Not set by default.
Check command timeout in seconds. Overrides the CheckCommand's timeout attribute.
The check interval (in seconds). This interval is used for checks when the service is in a HARD state.
Defaults to 5
minutes.
The retry interval (in seconds). This interval is used for checks when the service is in a SOFT state.
Defaults to 1
minute.
Whether notifications are enabled. Defaults to true
Whether active checks are enabled. Defaults to true
Whether passive checks are enabled. Defaults to true
Enables event handlers for this host. Defaults to true
Whether flap detection is enabled. Defaults to false
Whether performance data processing is enabled. Defaults to true
The name of an event command that should be executed every time the service's state changes or the service is in a SOFT state.
The flapping threshold in percent when a service is considered to be flapping.
The volatile setting enables always HARD state types if NOT-OK state changes occur.
The zone this object is a member of.
The endpoint where commands are executed on.
Notes for the service.
Url for notes for the service (for example, in notification commands).
Url for actions for the service (for example, an external graphing tool).
Icon image for the service. Used by external interfaces only.
Icon image description for the service. Used by external interface only.
Dispose an apply instead an object if set to 'true'. Value is taken as statement, i.e. 'vhost => config in host.vars.vhosts'. Defaults to false.
Set service_name as prefix in front of 'apply for'. Only effects if apply is a string. Defaults to false.
Assign user group members using the group assign rules.
Exclude users using the group ignore rules.
Set to true creates a template instead of an object. Defaults to false
Sorted List of templates to include. Defaults to an empty list.
Destination config file to store in this object. File will be declared the first time.
String or integer to set the position in the target file, sorted alpha numeric. Defaults to 60.
Set to present enables the servicegroup object, absent disables it. Defaults to present
Set the Icinga 2 name of the servicegroup object. Defaults to title
of the define resource.
A short description of the service group.
An array of nested group names.
Assign user group members using the group assign rules.
Exclude users using the group ignore rules.
Set to true creates a template instead of an object. Defaults to false
Sorted List of templates to include. Defaults to an empty list.
Destination config file to store in this object. File will be declared the first time.
String or integer to set the position in the target file, sorted alpha numeric. Defaults to 55.
Set to present enables the scheduleddowntime object, absent disables it. Defaults to present
Set the Icinga 2 name of the scheduleddowntime object. Defaults to title
of the define resource.
The name of the host this comment belongs to.
The short name of the service this comment belongs to. If omitted, this comment object is treated as host comment.
The author's name.
The comment text.
Whether this is a fixed downtime. Defaults to true
The duration as number.
A dictionary containing information which days and durations apply to this timeperiod.
Dispose an apply instead an object if set to 'true'. Value is taken as statement, i.e. 'vhost => config in host.vars.vhosts'. Defaults to false.
Set scheduleddowntime_name as prefix in front of 'apply for'. Only effects if apply is a string. Defaults to false.
An object type on which to target the apply rule. Valid values are Host
and Service
. Defaults to Host
.
Assign user group members using the group assign rules.
Exclude users using the group ignore rules.
Destination config file to store in this object. File will be declared the first time.
String or integer to set the position in the target file, sorted alpha numeric. Defaults to 90.
Set to present enables the eventcommand object, absent disables it. Defaults to present
Set the Icinga 2 name of the eventcommand object. Defaults to title
of the define resource.
The "execute" script method takes care of executing the event handler. In virtually all cases you should import the "plugin-event-command" template to take care of this setting.
The command. This can either be an array of individual command arguments. Alternatively a string can be specified in which case the shell interpreter (usually /bin/sh) takes care of parsing the command.
A dictionary of macros which should be exported as environment variables prior to executing the command.
A dictionary containing custom attributes that are specific to this service, a string to do operations on this dictionary or an array for multiple use of custom attributes.
The command timeout in seconds. Defaults to 60 seconds.
A dictionary of command arguments.
Destination config file to store in this object. File will be declared the first time.
Sorted List of templates to include. Defaults to an empty list.
String or integer to set the position in the target file, sorted alpha numeric. Defaults to 20.
Set to present enables the checkresultreader object, absent disables it. Defaults to present
Set the Icinga 2 name of the checkresultreader object. Defaults to title
of the define resource.
The directory which contains the check result files. Defaults to LocalStateDir + "/lib/icinga2/spool/checkresults/"
Destination config file to store in this object. File will be declared the first time.
String or integer to set the position in the target file, sorted alpha numeric. Defaults to 05
.
This defined type is used by all feature defined types as basis. It can generally enable or disable features.
Parameters of icinga2::feature
:
Either present
or absent
. Defines if the feature should be enabled. Defaults to present
.
Name of the feature. This name is used for the corresponding configuration file.
This defined type is used by all object defined types as bases. In can generally create Icinga 2 objects.
Set to present enables the object, absent disabled it. Defaults to present.
Set the icinga2 name of the object. Defaults to title of the define resource.
Set to true will define a template otherwise an object. Defaults to false.
Dispose an apply instead an object if set to 'true'. Value is taken as statement, i.e. 'vhost => config in host.vars.vhosts'. Defaults to false.
Optional fo an object type on which to target the apply rule. Valid values are Host
and Service
. Defaults to Host
.
A sorted list of templates to import in this object. Defaults to an empty array.
Hash for the attributes of this object. Keys are the attributes and values are there values. Defaults to an empty Hash.
Icinga 2 object type for this object.
Destination config file to store in this object. File will be declared the first time.
String or integer to set the position in the target file, sorted alpha numeric. Defaults to 10.
A roadmap of this project is located at https://github.com/Icinga/puppet-icinga2/milestones. Please consider this roadmap when you start contributing to the project.
When contributing several steps such as pull requests and proper testing implementations are required. Find a detailed step by step guide in CONTRIBUTING.md.
Testing is essential in our workflow to ensure a good quality. We use RSpec as well as Serverspec to test all components of this module. For a detailed description see TESTING.md.
When releasing new versions we refer to SemVer 1.0.0 for version numbers. All steps required when creating a new release are described in RELEASE.md
See also CHANGELOG.md
AUTHORS is generated on each release.