Dynamic authentication for CheckCommand


I am trying to somehow configure the authentication for a module, where we can store the user/password for each host and each customer in a separate file. I was trying to do something like this:


object CheckCommand "check_ilo" {
        import "plugin-check-command"
        command = [ PluginDir + "/check_ilo2_health.pl" ]
        arguments = {
                "-H" = "$address$"
                "-u" = "$ilo_user$"
                "-p" = "$ilo_passwd$"
                "-3" = ""
                "-d" = ""
        include "/etc/icinga2/authfiles/$customer$/ilo.$address$.auth"

path to auth-file (example):


content of file:

vars.ilo_user = "administrator"
vars.ilo_passwd = "mypassword"

$customer$ is defined in Icinga Director as additional Field, $address$ is taken from the host config, also from Icinga Director.
If I use the absolute path, without any variables in the path string, it works. But then I need, in this case, for each ILO for all customers a new CheckCommand.

It would probably work, if I define user/password as additional fields in Icinga Director, but I don’t want this information in Icinga Director. To me it seems safer to have them on the Filesystem with restricted access (maybe I’m wrong).

Is there a way to solve this problem, or is my initial thought completely wrong? I could not find anything similar in this forum or internet.


If iam not totaly wrong, Director can constants soon, you can have a constant in veryzone with the same name but different user/passwords in it.

I would also suggest namespaces that were introduced in v2.10.

and documentation: