Hello there
as always to thank the good work of the Icinga professionals.
Currently I have a master with several satellites and in all the satellites I have IcingaWeb installed only to see the checks with your own BD in your area, everything works fine but:
Is this good practice?
I am considering making zones with the satellites and possibly IcingaWeb will stop working on the satellites if I do not share the BD
El tener es IcingaWeb en los satelites , es si hay un corte de comunicaciĂłn, se pueda seguir visualziando las alarmas dentro de la infraestructura donde se encuentra el satelite
I have used IcingaWeb2 on Satellites in situations where:
the Master <–> Satellite connectivity is unreliable
the Master <–> Satellite connectivity is very slow
people want a URL inside their own network for their monitoring system, and
not something out on the Internet
Specifically, I run a Master for several customers, each with their own
Satellite (and most also with Agents). None of the customers should know
about each other’s systems, so giving them their own view of their own network
on their own (Satellite) server makes them think it’s a nice self-contained
system.
The fact that it’s managed from a higher-level Master is invisible and
immaterial to them.
Regarding the connectivity, users get a better experiencing when interacting
with IcingaWeb2 on their local network than over a slow link, and if the
Master <–> Satellite connectivity is unreliable, they can continue to see all
their monitoring, even when the Master cannot be contacted. Once the link
comes back, all the service check data gets sent up to the Master so it still
ends up with a full history sooner or later.
Maybe you could clarify a bit more, but imho even with a more restricted view in the Satellite’s icingaweb2 it is possible to determine where certain hosts come from.
E.g. the “inspect” icingaweb2-button or maybe even - Linux-CLI / Bash access needed - by checking the icinga2 config.
Do you think it is possible to specify config on the satellite only, so it is checked by the satellite and also visible in the satellite’s icingaweb2?
I am thinking of installing icingaweb2 on a satellite and give limited users access to “their” icingaweb2 and icinga2 config on that satellite so they can create their own hosts, services etc there so they feel a little more free and entitled in managing their infrastructure.
I would also like to see their configured stuff in my master-icingaweb2, but as I understand that is not possible (https://icinga.com/docs/icinga-2/latest/doc/06-distributed-monitoring/#roles-master-satellites-and-agents).
Maybe you could clarify a bit more, but imho even with a more restricted
view in the Satellite’s icingaweb2 it is possible to determine where
certain hosts come from. E.g. the “inspect” icingaweb2-button or maybe
even - Linux-CLI / Bash access needed - by checking the icinga2 config.
Okay, “invisible” was too strong a word. I simply meant that the Satellite
“magically acquires” the information about the hosts to check and the checks
to perform on them. The Satellite has a trust relationship with the Master,
and that enables it to get new configuration about hosts it’s never seen
before, without any reload or reconfiguration on the Satellite.
Do you think it is possible to specify config on the satellite only, so it
is checked by the satellite and also visible in the satellite’s
icingaweb2?
Well, if you specify the configuration only in the Satellite, then it isn’t
really a Satellite - it becomes a Master.
I am thinking of installing icingaweb2 on a satellite and give limited users
access to “their” icingaweb2 and icinga2 config on that satellite so they can
create their own hosts, services etc there so they feel a little more free
and entitled in managing their infrastructure.
You can certainly do that, but as I say, it then is not really a Satellite.
I would also like to see their configured stuff in my master-icingaweb2,
No, you won’t be able to do that, as you have seen:
There used to be a bottom-up configuration method in Icinga2, where you would
configure every Agent, and they then sent their configurations up to the
Satellites, and then up to the Masters, but that was deprecated and is now no
longer an option. Even that, though, would not have allowed you to do
“middle-out” configuration where the Satellite notifies both the Agents below
and the Master above.