Master, Satelity, Agent setup

Mamyk · February 1, 2022, 7:24am

Hello,
I have with distributed monitoring setup.

Currentlly I used Icinga to monitor VPS, they were reachable from public IP and I created solution:
on Icinga2 master zones.conf

object Zone "app" {
endpoints = ["inst1","inst2",...]
}

object Endpoint "inst1"{
host = "public ip"
}

...

object Endpoint "inst5" {
host = "public ip"
}

All hosts i defined in zones.d/master (it’s probably mistake, how should I do it)
hosts.conf

Object Host "host1" {
address = "again public ip"
...
}

It works fine, but I think I should fix the config.

The problem starts with trying to monitor servers behind NAT, I created port forwarding to one local server. My plan is to make:
master<>satelite (local network, behind NAT)<>agents (other local hosts)
I already tried creating zone for local servers:
zones.conf

object Zone "Behind-NAT"{
parent = "master"
endpoints = ["Behind-NAT-Serv1","Behind-NAT-Serv2"]
}

object Endpoint "Behind-NAT-Serv1"{
host = "public ip"
port = "forwarded port"
}
object Endpoint "Behind-NAT-Serv2"{
}

zones.d/Behind-NAT/hosts.conf

There are hosts conf for both of them, but only Behind-NAT-Serv1 works.

I want “Behind-NAT-Serv1” to be my gateway for local agents and I want to run checks on it.

rsx · February 1, 2022, 8:37am

Why don’t let your satellite initiate the connection to your master? In this case you don’t need any port forwarding.

Mamyk · February 1, 2022, 9:22am

Satelite has 2 connections, default GW has non static IP, on master I have firewall that allows only specific IPs. I use the static IP, but that’s not a problem. I cannot sync zones. Satelite has parent zone master, local zone “Behind-NAT”. What zone do I set on agents behind satelite? Currently I have parent “Behind-NAT” local “Agent1”. Should I change all Agents zones to parent “master”, local “Behind-NAT”?

rsx · February 1, 2022, 10:35am

Your agents shall have your satellites as parent.

Mamyk · February 1, 2022, 11:37am

Thanks a lot, it worked.
Zones, Endpoints are used to define structure from master <> satelites <> agents.
My current config is master <> satelite (host in local network) <> agents

zones.conf

object Zone "Behind-NAT"{
endpoints = ["server1"]
}

object Endpoint "server1"{
host = "public ip"
port = "forwarded port"
}

zones.d/Behind-NAT/endpoints.conf

object Zone "Behind-NAT-local"{
endpoints = ["server2","server3","server4"]
}

object Endpoint "server2"{
}
...
object Endpoint "server4"{
}

zones.d/Behind-NAT/hosts.conf

object Host "server1"{
address = "server1 local ip"
vars.client_endpoinrt = name
}

object Host "server4"{
address = "server4 local ip"
vars.client_endpoint = name
}

Satelite configured with parent zone “master”, local zone “Behind-NAT”
Each agent configured with parent zone “Behind-NAT”, local zone “Behind-NAT-local”

Works perfectly fine!