I’m having a small issue here. I want to do a ping check on a Email-Server. This server is literally just for Emails and I just want to know if it’s up and running. My company also doesn’t want that anybody can connect to it really. That’s why it doesn’t have Icinga installed and it’s also not a possibility in the future.
Second problem may be that I want to ping it through a satellite. My setup is this:
Master, with some Agents > Satellite > some Agents and the Email-Servers.
If I try to set up a ping-check for them I will get this error-message:
[2022-03-03 13:02:06 +0100] critical/config: Error: Validation failed for object 'email.net!Ping4 Email' of type 'Service'; Attribute 'command_endpoint': Object 'email.net' of type 'Endpoint' does not exist.
Location: in [stage]/zones.d/dmz/service_templates.conf: 9:5-9:32
[stage]/zones.d/dmz/service_templates.conf(7): enable_active_checks = true
[stage]/zones.d/dmz/service_templates.conf(8): enable_passive_checks = true
[stage]/zones.d/dmz/service_templates.conf(9): command_endpoint = host_name
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[stage]/zones.d/dmz/service_templates.conf(10): }
I mean obviously the endpoint does not exist because there is no Icinga Setup. Is there any way around this?
You should have a host object for every mail server in the zone where your satellite is next to them and assign ping checks to them. There is no need for command_endpoint since the checks shall be executed at the satellite.
In addition a check for open ports using tcp or even smtp would help to check if the service is running and not only the machine.
I thoroughly agree with, and would emphasise, Roland’s point here about
monitoring the SMTP service on a mail server, and not just whether it responds
to pings.
Firstly, some server network cards respond to ICMP even when the Operating
System has failed or isn’t even running (remote access / iLO and similar), and
secondly who cares whether you can ping a mail server if it won’t accept and
process email
It’s nearly always the service you’re interested in (or your users are), not
just the server.
I think you can set the endpoint the following way:
make sure icinga_master performs the check → set endpoint to icinga_master
make sure the satellite performes the check → set endpoint to satellite
make sure host performs the check → set endpoint to host
if you remove endpoint from the config i think the check is performed by the sattelite since its the nearest agent.
I have made a host object for every server. I’m running a blacklist-check on them, but that one only takes the name of the email hosts and checks the blacklists.
Update to this: I have defined a ping4 service template and have it set on the host objects. In my previous message you can see that they are set on the satellite zone dmz. But when I look at the checks, they are all pending and don’t even have a check source. The deployment is working without any problem.
Update to this: I have a Check-Source but only if I set it to the master, from which I can not reach the Email-Server. So I guess there must be something wrong with my Satellite, but all of the agents of the satellite don’t seem to have a problem.
I removed the command_endpoint = null but no better result. The log is not saying anything about the checks on the master or satellite. Currently the checks-source states the masters FQDN because I once set it there and it made a critical Check.
Also on Check-Now nothing will happen.
Sorry for the misunderstanding. The hosts are in the dmz zone. I only checked temporarily what would happen if I’d put them into the master zone. After this I put them back into the dmz zone. But they are just still displaying the last check source, which is the master zone. So we’re kinda back to the beginning when it was empty.
You’re right! The service neither the hosts objects are existing. How do I add these?
I thought they would be there through the director. Sorry about that.
In your initial post you mentioned to have some agents connected to a satellite and I’d assume they are working fine. So what is the difference to Email host objects?
We don’t use the director for service objects, hence, I cannot advice here. In general, best practice is to have global zones for service objects. However, you have services defined in dmz.
I think I found my issue. I will get no error but in the var/lib/icinga2/api/zones-stage/ I have a startup.log file which states that I do not have the host template for the hosts. I also have a warning on my dashboard for the Satellite saying this:
Icinga 2 has been running for 16 seconds. Version: r2.12.3-1; Last zone sync stage validation failed at 2022-03-07 10:37:59 +0100
So I’ll guess I have to figure out why the host template is not synchronizing.
Update:
I do now have the template synchronized and had to restart Icinga on master and Satellite. It still didn’t work so I redid the template because new templates we’re synchronized. With the new synchronized template set up for the hosts the ping finally works!
