How do I use the global vars in the IcingaApplication object

soneniko · July 9, 2025, 4:39pm

Hello,

According to the docs that I can’t link for whatever reason (icinga2 docs > Object Types > IcingaApplication), I can use the vars attribute on the IcingaApplication object. I have specified a dict there and the config check passes but I have no clue how to reference its values in the director.

I have not found any documentation on the matter.

Best regards and thank you in advance,
Niko

Version used (icinga2 --version)

# icinga2 --version
icinga2 - The Icinga 2 network monitoring daemon (version: r2.15.0-1)

Copyright (c) 2012-2025 Icinga GmbH (https://icinga.com/)
License GPLv2+: GNU GPL version 2 or later <https://gnu.org/licenses/gpl2.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

System information:
  Platform: Debian GNU/Linux
  Platform version: 12 (bookworm)
  Kernel: Linux
  Kernel version: 6.1.0-37-amd64
  Architecture: x86_64

Build information:
  Compiler: GNU 12.2.0
  Build host: runner-hh8q3bz2-project-575-concurrent-0
  OpenSSL version: OpenSSL 3.0.16 11 Feb 2025

Application information:

General paths:
  Config directory: /etc/icinga2
  Data directory: /var/lib/icinga2
  Log directory: /var/log/icinga2
  Cache directory: /var/cache/icinga2
  Spool directory: /var/spool/icinga2
  Run directory: /run/icinga2

Old paths (deprecated):
  Installation root: /usr
  Sysconf directory: /etc
  Run directory (base): /run
  Local state directory: /var

Internal paths:
  Package data directory: /usr/share/icinga2
  State path: /var/lib/icinga2/icinga2.state
  Modified attributes path: /var/lib/icinga2/modified-attributes.conf
  Objects path: /var/cache/icinga2/icinga2.debug
  Vars path: /var/cache/icinga2/icinga2.vars
  PID path: /run/icinga2/icinga2.pid

Operating System and version
PRETTY_NAME=“Debian GNU/Linux 12 (bookworm)”
NAME=“Debian GNU/Linux”
VERSION_ID=“12”
VERSION=“12 (bookworm)”
VERSION_CODENAME=bookworm
ID=debian
Enabled features (icinga2 feature list)

Disabled features: command compatlog debuglog elasticsearch gelf graphite influxdb influxdb2 journald livestatus opentsdb perfdata syslog
Enabled features: api checker icingadb mainlog notification

Icinga Web 2 version and modules (System - About)
Config validation (icinga2 daemon -C)
config is valid

lorenz · July 14, 2025, 9:44pm

Hi @soneniko,
could you formulate what you intend to do? Some context might help here.

moreamazingnick · July 15, 2025, 4:48am

usually i would start with:
Why do you need that? There is most likely another way.

But I got curious and here we are now:

The object with the vars dictionary:
Screenshot 2025-07-15 064633

a command that executes /usr/bin/echo:

an argument with no key and the value generated by icingadsl:

o = get_object(IcingaApplication, "app")
return o.vars.colour

…

IcingaDirector supports icingadsl only for command arguments.

And still I want to ask, why do you need that?

soneniko · August 6, 2025, 3:24pm

I need this feature to reference credentials that I wan’t to save somewhere. My current solution for storing credentials feels janky and will remain my secret but I did not find any best practices or recommendations for storinng credentials that checks might need for authenticating with APIs and such. That is why I asked the question.

I also had the idea to use environment variables for the checks that run only on the master and not on the agents, but I did not manage to get that to work either and since I needed a solution that fits both use cases I wanted to see if theres a ‘silver bullet’

Thanks for the responses. If you have another option for me, I would be grateful if you share it, as there is not much information on this stuff

Cheers,
Niko