we are trying to achieve the following without success.
We have a master-zone which is parent to sat-zone1, and sat-zone-external.
At the moment the hosts are in the sat-zone1 and so their services are checked from that zone, too.
But we want to implement some checks, that shall be executed from WAN / untrust to assure a more real service-checking, like from customer-side.
The problem now is that if we create services in zone-external on hosts that are in sat-zone1, the satellites in zone-external do not execute the service checks because they do not know the host, where the services belongs to.
What are you tips or ideas that we could try to accomplish the goal?
- Version used (
icinga2 --version): r2.13.4-1, r2.13.2-1
- Operating System and version: RHEL 7 / RHEL 8
- Director version: v1.9.1
I added a comment to an old merge request from lazyfrosch that would achieve something like this.
At the moment I have created a host-template i which i modified the Cluster-zone field to for example sat-zone1 and a Service-template with Cluster-zone field set to “at-zone-external”.
But the services are still pendling and not hing happens…
What about simply creating additional hosts in the external zone that addresses the hosts in zone1?
That is propably the last bailout ideal that I would implemented.
But the thing here is that I would have duplicate hosts even though they exist already.
Could you think of something else? I was hoping maybe you or maybe @log1c would have another guesses!
Afaik this scenario sadly is not possible.
I’m not sure about the specifics, but I guess the checks stay pending because the satellite doesn’t know the host object from the other zone. And since services are host-specific (service object is “hostname!servicename”) this isn’t working.
Quote regarding this from the github issue:
You cannot choose your endpoint at will, as the related Host object MUST be present in the Zone you’re sending your service to.
You will have to use the way of adding an additional host in the external zone.
Or you write some script that is executing the check remotely.
For LoadBalanced systems i always got a “customer view” host in addition to checking every host internally … there you have to do it like that anyway
Thanks for all your answers!
As far as this is not possible over the director features, I will implement it with additional “logical” hosts that only check the needed stuff.
This is a bit too dirty imho, so at first, I’m gonna stkip this!