How to avoid: Exception while syncing: failed to load icinga_host

rivad · March 22, 2024, 10:20am

I would like to import services for any host_name_ip_and_port detected by the icingaweb2 x509 module but I fail to filter the import source to only have valid hosts for the sync step.

Currently I use a regex to only allow records with known good hosts but this will not allow for mass import of x509 checks.

Any ideas on how to avoid the following error in mass sync are very welcome:

Exception while syncing Icinga\Module\Director\Objects\IcingaService x509 - antrag.example.com/10.5.66.96:443: Unable to load object (host: antrag.example.com) referenced from service "x509 - antrag.example.com/10.5.66.96:443", failed to load icinga_host "antrag.example.com" (Sync.php:910)

Director version (System - About): 1.10.3.2024020901

moreamazingnick · March 23, 2024, 8:00am

You can use the Hosts (x509) import source to prepare the hosts needed for the Services (x509) import rules.

Screenshot 2024-03-23 at 08.49.53

Another idea would be a writing custom property modifier that can access the director database and check if the hosts exists.

host exists? → write service to host
host does not exist → write service to fallback host

rivad · April 8, 2024, 8:28am

Thanks, Nick. I guess I will have to write the “does host exist in director” modifier myself. I was hoping that I just missed the obvious, as it seemed like a common problem.

rivad · April 15, 2024, 4:19pm

I found a solution without resorting to writing a director modifier.
It requires a import source of type Director Objects to later use the modifiers Get a property from another Import Source ("priority": "11") and Die ganze Zeile abhängig vom Eigenschaftswert abweisen ("priority": "12") in the Services (X509) source to drop rows without a matching host in the director.

The basket for detailed reference:

{
    "ImportSource": {
        "Director Hosts": {
            "key_column": "object_name",
            "modifiers": [
                {
                    "priority": "1",
                    "property_name": "object_name",
                    "provider_class": "Icinga\\Module\\Director\\PropertyModifier\\PropertyModifierRejectOrSelect",
                    "settings": {
                        "filter_method": "regex",
                        "filter_string": "/.*example.com$|.*example2.com$/",
                        "policy": "keep"
                    }
                }
            ],
            "provider_class": "Icinga\\Module\\Director\\Import\\ImportSourceDirectorObject",
            "settings": {
                "object_class": "host",
                "object_type": "",
                "resolved": "n",
                "resource": "icinga_director"
            },
            "source_name": "Director Hosts"
        },
        "x509 Services only if host in director": {
            "key_column": "host_name_ip_and_port",
            "modifiers": [
                {
                    "priority": "1",
                    "property_name": "host_name_ip_and_port",
                    "provider_class": "Icinga\\Module\\Director\\PropertyModifier\\PropertyModifierSkipDuplicates",
                    "settings": {}
                },
                {
                    "description": "only if it is a host name and not an IP address",
                    "priority": "2",
                    "property_name": "host_name",
                    "provider_class": "Icinga\\Module\\Director\\PropertyModifier\\PropertyModifierRejectOrSelect",
                    "settings": {
                        "filter_method": "regex",
                        "filter_string": "/(\\b25[0-5]|\\b2[0-4][0-9]|\\b[01]?[0-9][0-9]?)(\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}/",
                        "policy": "reject"
                    }
                },
                {
                    "description": "create a nicer name for the service object",
                    "priority": "4",
                    "property_name": "host_name_ip_and_port",
                    "provider_class": "Icinga\\Module\\Director\\PropertyModifier\\PropertyModifierRegexReplace",
                    "settings": {
                        "pattern": "/^(.*)$/",
                        "replacement": "x509 - $1"
                    },
                    "target_property": "service_name"
                },
                {
                    "description": "Black List Ports",
                    "priority": "7",
                    "property_name": "host_port",
                    "provider_class": "Icinga\\Module\\Director\\PropertyModifier\\PropertyModifierRejectOrSelect",
                    "settings": {
                        "filter_method": "regex",
                        "filter_string": "/3389|5986/",
                        "policy": "reject"
                    }
                },
                {
                    "priority": "8",
                    "property_name": "host_ip",
                    "provider_class": "Icinga\\Module\\Director\\PropertyModifier\\PropertyModifierRegexReplace",
                    "settings": {
                        "pattern": "/^([0-9]+)\\.([0-9]+)\\.([0-9]+)\\.([0-9]+)$/",
                        "replacement": "$4.$3.$2.$1.in-addr.arpa."
                    },
                    "target_property": "arpa"
                },
                {
                    "priority": "9",
                    "property_name": "arpa",
                    "provider_class": "Icinga\\Module\\Director\\PropertyModifier\\PropertyModifierDnsRecords",
                    "settings": {
                        "on_failure": "null",
                        "record_type": "PTR"
                    },
                    "target_property": "host_name_ptr"
                },
                {
                    "priority": "10",
                    "property_name": "host_ip",
                    "provider_class": "Icinga\\Module\\Director\\PropertyModifier\\PropertyModifierGetHostByAddr",
                    "settings": {
                        "on_failure": "null"
                    },
                    "target_property": "host_name_reverse"
                },
                {
                    "priority": "11",
                    "property_name": "host_name",
                    "provider_class": "Icinga\\Module\\Director\\PropertyModifier\\PropertyModifierGetPropertyFromOtherImportSource",
                    "settings": {
                        "foreign_property": "object_name",
                        "import_source": "Director Hosts"
                    },
                    "target_property": "director_host_name"
                },
                {
                    "priority": "12",
                    "property_name": "director_host_name",
                    "provider_class": "Icinga\\Module\\Director\\PropertyModifier\\PropertyModifierRejectOrSelect",
                    "settings": {
                        "filter_method": "is_null",
                        "policy": "reject"
                    }
                }
            ],
            "provider_class": "Icinga\\Module\\X509\\ProvidedHook\\ServicesImportSource",
            "settings": {},
            "source_name": "x509 Services only if host in director"
        }
    },
    "SyncRule": {
        "x509 Services only if host in director": {
            "object_type": "service",
            "properties": [
                {
                    "destination_field": "host",
                    "filter_expression": null,
                    "merge_policy": "override",
                    "priority": "1",
                    "source": "x509 Services only if host in director",
                    "source_expression": "${host_name}"
                },
                {
                    "destination_field": "import",
                    "filter_expression": null,
                    "merge_policy": "override",
                    "priority": "2",
                    "source": "x509 Services only if host in director",
                    "source_expression": "116-tpl-service-x509"
                },
                {
                    "destination_field": "vars.icingacli_x509_host",
                    "filter_expression": null,
                    "merge_policy": "override",
                    "priority": "3",
                    "source": "x509 Services only if host in director",
                    "source_expression": "${host_name}"
                },
                {
                    "destination_field": "vars.icingacli_x509_ip",
                    "filter_expression": null,
                    "merge_policy": "override",
                    "priority": "4",
                    "source": "x509 Services only if host in director",
                    "source_expression": "${host_ip}"
                },
                {
                    "destination_field": "vars.icingacli_x509_port",
                    "filter_expression": null,
                    "merge_policy": "override",
                    "priority": "5",
                    "source": "x509 Services only if host in director",
                    "source_expression": "${host_port}"
                },
                {
                    "destination_field": "object_name",
                    "filter_expression": null,
                    "merge_policy": "override",
                    "priority": "6",
                    "source": "x509 Services only if host in director",
                    "source_expression": "${service_name}"
                }
            ],
            "purge_action": "delete",
            "purge_existing": true,
            "rule_name": "x509 Services only if host in director",
            "update_policy": "merge"
        }
    }
}

Nonetheless I opened the issue https://github.com/Icinga/icingaweb2-module-director/issues/2881 as I believe this could be handled more elegantly