Dynamic authentication for CheckCommand

Hi,

I am trying to somehow configure the authentication for a module, where we can store the user/password for each host and each customer in a separate file. I was trying to do something like this:

command.conf:

object CheckCommand "check_ilo" {
        import "plugin-check-command"
        command = [ PluginDir + "/check_ilo2_health.pl" ]
        arguments = {
                "-H" = "$address$"
                "-u" = "$ilo_user$"
                "-p" = "$ilo_passwd$"
                "-3" = ""
                "-d" = ""
        }
        include "/etc/icinga2/authfiles/$customer$/ilo.$address$.auth"
}

path to auth-file (example):

/etc/icinga2/authfiles/customer_1/ilo.192.168.1.45.auth

content of file:

vars.ilo_user = "administrator"
vars.ilo_passwd = "mypassword"

$customer$ is defined in Icinga Director as additional Field, $address$ is taken from the host config, also from Icinga Director.
If I use the absolute path, without any variables in the path string, it works. But then I need, in this case, for each ILO for all customers a new CheckCommand.

It would probably work, if I define user/password as additional fields in Icinga Director, but I don’t want this information in Icinga Director. To me it seems safer to have them on the Filesystem with restricted access (maybe I’m wrong).

Is there a way to solve this problem, or is my initial thought completely wrong? I could not find anything similar in this forum or internet.

Thanks,
Roman

If iam not totaly wrong, Director can constants soon, you can have a constant in veryzone with the same name but different user/passwords in it.

I would also suggest namespaces that were introduced in v2.10.


and documentation:
https://icinga.com/docs/icinga2/latest/doc/17-language-reference/#namespaces

Cheers!

2 Likes