I am using director to configure my icinga2 hosts. As I have hosts that are not reachable from the master server directly, I cannot e.g. have the host check as a ping, as the machine is not reachable from the outside.
For that reason I would like to have the host check command executed locally on the host itself, same as I do with the service checks. I haven’t found a way in director to have the hostcheck command executed on the host/agent locally.
I am looking for a simliar option as I have for the service configuration with “Run on agent”. In the host defintion i can only configure the “check command” for the host, but not to have it run on the host itself.
Or what other option do I have for the hostcheck command? Would I need to create and set a cluster zone for each host where I want to have the hostcheck executed locally?
Thanks for your help.
Checking the reachability of a host from the host itself doesn’t sound very helpful to me.
You would never (really) know if the host is down, as the master wouldn’t get updates from the agent if the tunnel is down or the agent host itself is down. You would only see the host as “overdue” but still with it’s last status (which most likely is “UP”).
That aside: Is the host you are talking about a windows server or a linux server?
If it is a linux server you could “upgrade” it to a satellite, which is able to run host checks against itself.
I have never tried this with a windows agent, so I’m not sure if that is even possible.
If icmp is not available, I typically go one level up and use tcp for reachability. In most cases there is some port open let it be SSH or RDP or even Icinga. Using tcp can mess up the log of the services as it is not their normal communication, but if it is the best I can get for reachability I will happily use it.
So in the director I would use a separate template which uses tcp as Checkcommand and the port available.
Of course you can also do something more complex like ssh or cluster_zone, but this incorporates service specific logic so more can go wrong and a host check should be as simple as possible in my opinion.
Thanks @log1c & @dgoetz.
The host is not reachable from the outside (as it has no public ip address). I have the use case with windows, but also with linux hosts.
I understand that it is not the best practice to have the host check “itself”, but I had used that approach for many years with icinga 1 and it worked just fine. e.g. I used passive checks for the host and I set the freshness check. -> that way if the host was not “reachable” (= was not providing results) the whole host was “down”, as were all the services too (that the hosts is checking itself).
I assume if director would set in the hosts config the command_endpoint = host_name setting, it would execute the host check locally. Is there a way I can set this parameter from director? e.g. override parts of the config.
Or how can I otherwise monitor hosts that are not reachable from the outside?
If you create endpoint and zone object manually instead of only setting the agent attribute to true, you can assign the zone what will place the host object in its own zone.
But better I would use the cluster_zone command as host check, this will also work if the agent is connecting to the master as it only verifies the connect exists. This would avoid the problem of freshness checks, aging check result, … because you get an active check scheduled by the master.
the cluster_zone command as host check is exactly what I was looking for!!! It was not that obvious from the “naming” of it so I didn’t see it right away. Still learning on the new concepts of Icinga2. Thank you very much @dgoetz