Time Nick Message
14:04 pdurbin just updated http://modules.rc.fas.harvard.edu/api/1/avail/
15:16 pdurbin looking at http://pkgs.repoforge.org/icinga/ http://en.wikipedia.org/wiki/Icinga and https://www.icinga.org/nagios/feature-comparison/
15:16 SEJeff_work Why icinga?
15:20 pdurbin well, i'm thinking we can manage it with core Puppet commands, since Puppet natively supports nagios. and unlike nagios, icinga has an API, which would be useful for reporting and such
15:20 SEJeff_work pdurbin, You're correct on both of those. We are migrating from zenoss to icinga
15:21 pdurbin interesting. i though i heard good things about zenoss though. . . why are you migrating away?
15:22 SEJeff_work ZenOSS is great if you're a pointy clicky not so much automation company
15:22 pdurbin huh. ok
15:23 SEJeff_work Or if you don't use config management and know exactly what is on all of your systems
15:23 SEJeff_work It's autodiscovery is pretty good
15:23 SEJeff_work But we found any non-trivial customizations difficult and that it often gets in our way
15:24 pdurbin ok, so maybe good if you really want autodiscovery
15:24 SEJeff_work ie: we have lots of services we have active failover for using keepalived + vrrp. ZenOSS can't monitor the virtual ip provided by keepalived because it sees that ip on a system it already monitors
15:24 SEJeff_work You can make it do it, but it is a real pain and doesn't deal with failovers very well
15:25 SEJeff_work I think zenoss is a decent product. Some of the concepts it has like device classes and it's concept of groups are ill conceived
15:25 SEJeff_work But it was either too difficult to mold, or too smart (got in the way) more than it stayed out of our way
15:25 SEJeff_work We can templatize / script around nagios much easier and icinga is nagios with an active upstream and great api. It just makes more sense for us
15:26 pdurbin right. yeah, i'm basically thinking along the same lines
15:26 SEJeff_work The IcingaMQ stuff is actually something we were going to build in-house until we saw they were building it themselves
15:27 pdurbin well if MQ is what i think it is. . . sensu was built from the start with messaging
15:28 SEJeff_work Think of it basically like nrpe (run things remotely) but securely and over zeromq
15:28 SEJeff_work A message bus is just well suited to the problem more so than something
15:28 pdurbin cool. i've barely used nrpe. can get a lot of mileage out of checks over the network
15:29 SEJeff_work pdurbin, Look at using gearmand + mod_gearman until icingamq is a bit farther along
15:29 SEJeff_work mod_gearman + icinga is solid
15:30 pdurbin icinga seems to have nice docs: https://wiki.icinga.org/display/howtos/Icinga+with+mod_gearman+on+RHEL+and+Debian
15:31 SEJeff_work Careful with the docs, some of them are horribly out of date
15:31 SEJeff_work Like the ones for enabling the REST api don't really work for the most recent release.
15:32 pdurbin ok
15:33 SEJeff_work But they are really helpful in #icinga as well
15:34 pdurbin cool. yeah, icinga seems to have a strong community
15:35 SEJeff_work nagios upstream is a bit butthurt over it though
15:35 SEJeff_work if you mention icinga in #nagios, it is like asking Ubuntu questions in #debian-devel
15:36 pdurbin heh
18:35 pdurbin hmm, there's http://augeas.net/docs/references/lenses/files/dhcpd-aug.html but nothing for bind/named...
18:45 SEJeff_work pdurbin, Perhaps you can get a variant of: https://www.redhat.com/archives/augeas-devel/2011-July/msg00011.html
18:48 pdurbin SEJeff_work: thanks, good find
18:49 pdurbin i've also been tracking http://serverfault.com/questions/276995/bind-http-api and http://serverfault.com/questions/168144/managing-zone-files/179747#179747
18:50 SEJeff_work I helped write the augeas python bindings but if you ask, I'll lie and say I didn't
18:50 SEJeff_work http://git.fedorahosted.org/git/?p=python-augeas.git;a=blob;f=augeas.py;h=7105cd01e9ccd208713e08e06a38ebc8d75209da;hb=HEAD#l16
18:50 SEJeff_work Why not just use powerdns or the bind zone files in ldap patches? Which are the default in RHEL I believe
18:51 pdurbin powerdns?
18:51 SEJeff_work backed my mysql
18:52 SEJeff_work Use it for the authoritative dns server and then bind for caching and recursing everywhere else
18:54 SEJeff_work pdurbin, It might be easier than sed over a named.conf
18:54 pdurbin looks like pdns is in epel
18:55 pdurbin SEJeff_work: have you used cobbler?
18:55 SEJeff_work hehe
18:55 SEJeff_work Thats like asking a Linux admin if he has used bash
18:55 SEJeff_work I use cobbler almost every day
18:55 SEJeff_work Actually for sure every day
18:55 pdurbin i'm in love with all the interfaces cobbler provides
18:55 pdurbin command line
18:55 pdurbin xmlrpc
18:55 pdurbin web
18:56 pdurbin does powerdns have all this?
18:56 SEJeff_work powerdns is pretty scriptable
18:56 SEJeff_work but ultimately, it is in a mysql db
18:56 SEJeff_work So really easy to administer programatically
18:57 pdurbin i'm listening :)
18:57 SEJeff_work pdurbin, And yes, I've got: server = xmlrpclib.ServerProxy("http://%s/cobbler_api" % cobbler_server) in muscle memory
18:57 SEJeff_work pdurbin, Well I've not directly admin'd powerdns, but I know some people do swear by it.
18:58 SEJeff_work What distro do you use? Is it safe to say RHEL?
18:58 pdurbin centos mostly
18:59 SEJeff_work I was *very* close to using bind-sdb + ldap + django-ldapdb to build a dns management console, but the guy decided to not pay me
18:59 SEJeff_work s/build/&ing/
19:02 pdurbin SEJeff_work: so are there scripts? for powerdns?
19:03 pdurbin braiotta: don't you have some experience with infoblox dns?
19:03 braiotta I do!
19:04 pdurbin is it awesome?
19:04 braiotta (to those that don't know me I work in the HUIT NOC Systems group)
19:04 braiotta we switched over to Infoblox for DNS around 18 months ago I think
19:04 pdurbin for those that don't know, HUIT stands for Harvard University IT (i think)
19:04 braiotta for now it does anyway
19:04 SEJeff_work pdurbin, You work for the harvard research computing hpc cluster stuff? Isn't that right?
19:05 SEJeff_work At work we use bluecat, an infoblox competitor
19:05 braiotta former UIS for the most part
19:05 braiotta we've found Infoblox to be mostly worthwhile for us, with some headaches
19:05 braiotta it has an API that mostly extends everything the GUI does
19:06 braiotta and a CLI environment for one-linerish things
19:06 SEJeff_work pdurbin, There are various projects you'll find ontop of powerdns like this: https://github.com/devel/PowerDNS-API
19:06 SEJeff_work nice!
19:06 pdurbin SEJeff_work: this is me: http://rc.fas.harvard.edu/about-rc/research-computing-staff/philip-durbin/
19:06 braiotta pluses on infoblox:
19:07 braiotta * It's proven very stable, and HA is built in.
19:07 braiotta * By extending a scriptable API and not storing data in a flat file, the system's allowed us to extend self-service DNS in a way we never could in the BIND days, where one typo could blow a whole zone loading.
19:07 braiotta * the built in sanity checks take a big load off of us.
19:07 braiotta minuses:
19:07 braiotta * much of the value for us was the API. If you don't have a scripter on staff (and it has to be perl, at that), you don't get much benefit out of that.
19:07 braiotta * it's EXPENSIVE, and forecasting the cost has proved challenging: the Infoblox folks suggest hardware for our environment and expected load, it winds up being underpowered, we spend more for the next level of hardware.
19:07 braiotta * the lack of flat fileness has its downsides: it used to be if we had a bulk operation, we work on the file, rehup BIND, and blammo. Done. Now we're either dealing with the built in GUI (which is...better than it was, but not great) or putting together an API script. Again, there are the gains noted above, but it's not all win.
19:07 braiotta * The API (and the GUI to a degree) are slooooooooooow. So slow that some scheduled bulk procedures we used to run in the BIND days had to be abandoned. The time to carry out the operation exceeded the frequency we needed it done.
19:07 braiotta * It doesn't run on commodity hardware, but dedicated appliances. That makes a lot of things easier, but of course that means once an appliance is out of date, it's useless. You can get a license for hardware I think, but there're no real cost savings.
19:07 braiotta * It's tough to have a test environment that matches the production environment due to cost. So testing things like version interoperability/etc are easy. Testing ability to handle a specific load of querys is difficult, since that depends on having a large "grid." And we don't want to test bringing down our production grid. That hasn't caused a problem yet, but of course when you're testing you REALLY want to test, right?
19:07 pdurbin (+1 for sanity checks. cobbler commands give me this.)
19:08 pdurbin braiotta: i strongly suggest a copy/paste going on... ;)
19:08 pdurbin er. suspect, i mean
19:08 braiotta I'll never tell!
19:10 SEJeff_work braiotta, Have you used bluecat?
19:10 SEJeff_work We chose bluecat over infoblox after a week or so comparison
19:11 SEJeff_work infoblox has a really gross java swing gui where bluecat has a nice, albeit slightly clunky web ui that works in any modern browser
19:11 SEJeff_work both have crappy perl apis :)
19:11 SEJeff_work bluecat supports csv imports
19:11 braiotta I haven't used bluecat, but I think others here have
19:11 braiotta I won't argue that the Infoblox GUI is a BEAST
19:11 braiotta it's gotten marginally better with each release
19:11 SEJeff_work Very very slow. Thats what turns us off from the product
19:11 braiotta yep
19:11 braiotta also true
19:11 SEJeff_work bluecat's gui might require a lot of clicks, but it is fast and lightweight overall
19:11 SEJeff_work We're quite pleased with it
19:12 SEJeff_work And it works well on my Linux desktop, infoblox was a bit painful for that
19:12 braiotta I wasn't involved in the decision to go with Infoblox, so I can't say what the exact calculus was
19:12 SEJeff_work Yeah for big environments, both are better than bind
19:13 SEJeff_work We were manually editing isc dhcpd configs for office dhcp as we wanted static mac address assignment (4 offices on 3 continents)
19:13 braiotta I can tell you that the Infoblox GUI is spares no clicking itself
19:13 SEJeff_work It got hairy quickly!
19:13 SEJeff_work So now we have bluecat doing dhcp + dns for our offices
19:13 braiotta for the most part we've found homegrown websites that leverage the API are our best option
19:13 braiotta although the slowness is only mitigated
19:13 SEJeff_work and our helpdesk guys can pointy / clicky to manage dhcp records with a nice audit trail
19:14 braiotta yeah that's what we use our api-enabled web apps for
19:14 SEJeff_work Sure, thats how most shops with smart people do it anyways
19:14 SEJeff_work Yup
19:14 SEJeff_work Thats one of the reasons we use cobbler for other stuff
19:14 SEJeff_work like pdurbin said, it is so insanely easy to script and tie into existing stuff
19:17 pdurbin yeah, speaking of audit trail, i only just now got around to putting /var/named under version control
19:17 pdurbin baby steps
19:17 SEJeff_work This shiney is distracting me: http://square.github.com/cubism
19:17 SEJeff_work Trying to figure out where best to use it and have a few ideas
19:18 SEJeff_work native graphite integration <3
19:18 braiotta whoa that is neat
19:18 SEJeff_work Reminds me a lot of rickshaw: http://code.shutterstock.com/rickshaw/examples/extensions.html
19:19 SEJeff_work then realized that both use D3
19:19 * pdurbin tries to find the recent shiny http://www.highcharts.com example on our new website...
19:19 braiotta I'm just about done with an HTML5/Canvas graphing solution for DHCP utilization; once Infoblox is able to deliver more up-to-date stats might have to switch to that
19:19 SEJeff_work nic
19:19 SEJeff_work e
19:20 pdurbin this thing: http://rc.fas.harvard.edu/mri/
19:21 * pdurbin backs away from the shiny. ready for more on dns
19:21 SEJeff_work jquery ui with the smoothness theme!
19:21 SEJeff_work Love it
19:22 pdurbin so i guess i'll give powerdns a try. it's in epel
19:27 SEJeff_work pdurbin, Might also be worth a shot at checking this out: https://gist.github.com/1065061
19:28 pdurbin man, where is ironcamel! it uses Dancer! https://github.com/devel/PowerDNS-API/blob/master/bin/pdnsapi_manage
19:28 pdurbin oh, nevermind. . . converted to mojolicious: https://github.com/devel/PowerDNS-API/commit/f3d984bf0052816f70c63aba473b6eab5c544bc8
20:41 pdurbin ok, just added a comment, linking back here :) http://serverfault.com/questions/168144/managing-zone-files/179747#comment393562_168149
20:42 pdurbin 'cause i'm definitely going to want to review this chatter
20:43 SEJeff_work You do love your irc logs
20:49 pdurbin like colonel homer i want to crack all your heads open and scoop out the songs^h^h^h^h fu: http://www.snpp.com/episodes/8F19.html
20:53 SEJeff_work :)
20:53 SEJeff_work It might take awhile, I've got tons of Stargate SG1 trivia^W^W^Wtips