Connection direction vs configuration mode

Hi, I’m afraid I don’t understand correctly the difference between connection direction and configuration mode.

I always define the host parameter of the endpoint master in the client’s zones.conf file and in the master’s. If I remove it in the client zones.conf file, errors appear in the checks saying that the client says that it cannot connect to the master.

Somebody could help me?

Thanks in advance

Afaik clients need to have the hosts parameter of their parent (can be the master or a satellite) set.
This is because the parent does not have the endpoint and zones object of the client inside their own zones.conf.

This differs from a satellite, that has the masters endpoint and zones object inside their zones.conf, as well as the master has the respective objects of the satellite. There you can choose where you define the hosts parameter, and by that the connection direction.

I have an architecture with clients and one master. I have no satellites. I configure the clients on the server via API. I send the client endpoint and host parameter to the server. And at the same time, I define the host parameter of the master on the client.
Therefore I am defining the two directions and it is what I do not understand when I read the icinga documentation.

Thanks for your help.
Regards

The host parameter defines the whether this node should attempt a connection to the defined endpoint or not.

Agent 1 has the parent master endpoint configured.

  • Needs to actively connect to the parent master
object Endpoint "master.localdomain" {
  host = "192.168.56.101"
}
  • Agent waits for the master to connect
object Endpoint "master.localdomain" {

}

Cheers,
Michael

Hi Michael.
I understand you. But I think I’m doing something wrong.

  • In master I have configured via API:
object Endpoint "client1" {
    host = Public-IP-client1
}
  • In client I have configured (zones.conf)
object Endpoint "master" {
    host = Public-IP-master
}

In this way I have two connection directions, but if I don’t configure Object endpoint master in the client some checks fail.

Regards.
Jesús

The endpoint objects need to exist both on both sides. They establish a matter of trust within the zone hierarchy. Yet again, I’ll point you to the distributed monitoring scenarios. All of them configure the zones.conf.

1 Like

Oook.

I’m going to review distributed monitoring scenarios.

I hope one day answer questions instead of just asking. :wink:

Thank you very much for your patience and help.

Regards.

1 Like

I´ve just read new documentation. I think is better explained than before. Thanks a lot.

I only have one more doubt about " Endpoint Connection Direction". Then, what is the difference between choosing “master -> agent” or “agent -> master” connection direction? Or is it not important and you just have to choose one?

Regards
Jesús

If I am correct it could be important for the scenario, where you can connect from one host to another, but not vice versa. A DMZ for example.

Other than that, for the function of icinga2 it is not important, as far as I know.

1 Like

Oooookay.

I’ve read examples like the one you say and I agree with you. But except those special cases, my doubt was for the function of icinga2.

Thanks for the clarification. Now I’ve understood the concepts of connection and hierarchy of icinga2.

Regards.
Jesús