Self-healing with Checkmk and Event-Driven Ansible

How to resolve issues automatically

Agenda

• Monitoring: Short introduction
• What is Event-Driven Ansible (EDA)?
• Event-Driven Workflow
• Live Demonstration
• Use cases and best practices

Monitoring: Typical workflow

• 2005: Received email alerts from Nagios 2 for issues with Solaris machines
• Manual workflow:
  • Read email
  • Log in to the system
  • Check if issue still exists
  • Fix the issue
  • Repeat the same procedure over and over again
• 2026: Still the same workflow?

What Is an "Event" (vs a Source Action)?

• Event
  • a state change or signal that matters (e.g., alert fired, service down)
  • often noisy and hard to filter
  • not every event triggers an action
• Source action
  • a routine trigger (e.g., "on every commit")
  • predefined target/action
• Examples:
  • Update an AAP project after each commit (not EDA)
  • Send all monitoring alerts to a webhook; EDA decides what to do (EDA)

Event-Driven Ansible vs. Ansible Playbook

• EDA keeps a listener running and reacts to events in near real time
• EDA evaluates event payloads and triggers automation only when rules match
• Ansible Playbooks do not listen for events out of the box
• Without EDA, the monitoring source must trigger playbook runs directly
• This increases load and complexity on the monitoring system

Event-Driven Ansible vs. AAP Controller

• EDA keeps an event listener active and can trigger job templates immediately
• AAP Controller can start jobs via webhook or API, but each job is a full run lifecycle
• Job startup overhead (container start, project sync, inventory/collections) adds latency
• Job execution may queue behind other jobs, which delays reaction time
• Use EDA for fast event decisions; use Controller for governed execution of the actual remediation

Core Building Blocks

• Event Sources: where events originate (ansible.eda plugins for webhooks, Kafka, Alertmanager, etc.)
• Rulebook: Rulesets with conditions + actions
• Conditions: Determine if a rule fires
• Actions: run playbooks, run job templates, run modules, etc.
• Controller (optional): central execution and governance

Ansible Automation Platform Integration

• Projects: Git repository configuration
• Decision Environments: Container images to run rulebooks
• Credentials: Secrets for Git, Controller, Hub, tokens, etc.
• Event Streams: Entry points for events (mapped to source definition in rulebook)
• Rulebook Activations: Rulebook runs

Live Demo: Fix DNS issue

Challenges with Self-healing

• Triggering on noisy events (missing filtering)
• Insufficient monitoring coverage
• Healing the wrong host (issue caused by a backend dependency)
• Lack of knowledge or rulebooks
• Triggering during maintenance windows due to missing downtime

Event-Driven Ansible Use Cases

• Monitoring alerts: run remediation playbooks
• Infrastructure events: auto-scale or restart services
• Security findings: isolate hosts or rotate credentials
• Ticketing: enrich and open incidents automatically
• Documentation: update asset database or documentation system

Additional Information

• Products:

  • Ansible Automation Platform: https://urlr.me/WcXZgR
  • Checkmk: https://urlr.me/BPJs98

• Product Documentation:

  • Ansible: https://urlr.me/2x4HfW
  • Automation Decisions: https://urlr.me/HejEDB
  • Rulebooks: https://urlr.me/Qb4TsB

Summary

• Checkmk monitors your IT landscape and notifies on state change
• EDA turns these events into real-time automation
• It complements traditional Ansible by reacting instead of scheduling
• Start small, measure impact, and iterate