ripe-ncc_smlThe RIPE DNS Monitoring interface provides comprehensive insight into the DNS system and reachability from different locations on earth. Every DNS administrator should at least know about it, especially when managing a ccTLD like I did in my previous job at the University of Vienna in co-operation with nic.at, monitoring the “.at” ccTLD. The problem: Plenty of boxes spread around the globe with maintenance needs and so on. In 2011 RIPE NCC came up with the RIPE Atlas Probes which is a really nifty idea: Small embedded devices with an Ethernet connection allowing remote to run ping, dns, traceroute, etc checks. Abusive behavior was prevented by collecting credits for own probes (for example in your local subnet) and using those for custom measurements then.

While such a custom measurement offers interesting information, modern systems will attempt to check the output against alert thresholds and/or graph the collected performance data. To my knowledge all the measurement results are collected into a central HBase cluster providing a feature rich RESTful API for fetching the data.

logo_icinga2

This year RIPE members finally came up with a blog entry showing how to monitor the ripe atlas status data using Icinga (RIPE NCC already uses Icinga). The official documentation also points to community contributed check plugins/configuration. Thanks to Stéphane Bortzmeyer, I’ve ported the check to my local Icinga 2 instance:

object CheckCommand "ripe-atlas" {
  import "plugin-check-command"

  command = [ PluginDir + "/check_http",
              "-I", "$apiaddress$",
              "-r", "$apiresult$",
              "--ssl=1",
              "-u", "/api/v$apiversion$/status-checks/$measureid$/?permitted_total_alerts=$critalerts$",
              "-t", "$timeout$"
  ]

  vars.apiaddress = "atlas.ripe.net"
  vars.apiresult = "global_alert":false"
  vars.apiversion = "1"
  vars.critalerts = "1"
  vars.timeout = 30
}

object Host "RIPE Atlas" {
  import "generic-host"

  address = "atlas.ripe.net",
  address6 = "2001:67c:2e8:22::c100:69e"

  vars.measureid = "1040425"
}

object Host "RIPE Lab" {
  import "generic-host"

  address = "labs.ripe.net",
  address6 = "2001:67c:2e8:22::c100:699"

  //uncomment to apply service
  //vars.measureid = "1040425"
}

apply Service "atlas" {
  import "generic-service"

  check_command = "ripe-atlas"

  vars.apiresult = "global_alert":false"
  vars.critalerts = "1"

  vars.measureid = "$host.vars.measureid$"

  assign where match("RIPE*", host.name)
  ignore where !host.vars.measureid
}

 

Result – awesome! :-) (for some reason, IPv6 pings do not work here, but the sample illustrates very well, how Icinga 2 host checks  can be used for host reachability too)

ripe_atlas_icinga2_check

Hosting an Atlas probe is easy – apply now. We did that already :-)

Please share your experiences and plugins with the RIPE and Icinga community. I’ve opened a github pull request too.

Update 2014-05-04: Update configuration reflecting latest Icinga 2 config changes.