One service one command multiple arguments

Icinga 2
1

Is it possible to create one service with multiple arguments or is it only possible to create multiple services calling the same command again and again?

For example:
ip: 10.20.30.40
port: 22

ip: 23:45:67:45
port: 3344

ip: 66.67.130.45
port: 60

object CheckCommand “check_ufw_rule” {
import “plugin-check-command”
command = [ “/usr/bin/sudo”, “/usr/lib/nagios/plugins/check_ufw_rule”, ]
arguments += {
“-ip” = {
required = true
value = “$ip$”
}
“-port” = {
required = true
value = “$port$”
}
}
}

Any references to examples if it’s possible?

2

Hi,

do you use the Icinga Director or do you configure it manually?

And it looks like you want to check if particular firewall (ufw) rules exist. So I guess all 3 services would be assigned to the same server?

This is possible as you can extend apply rules with the for loop keyword. See https://icinga.com/docs/icinga2/latest/doc/03-monitoring-basics/#using-apply-for-rules for example.

We can help with the exact configuration if we know whether you use the director or plain config files. Just share what you tried and the error message if you need any help. :slight_smile:

2 Likes
3

Thanks for pointing me in the right direction! (ps, Edit plain config files)
Found this : example

This way I can check per host the needed firewall settings. There are some specific firewall rules but also alot of rules that apply to all hosts. Dont know if this is the easiest/best way or if there are also other ways to do this.
Thx!

1 Like
4

In that case I would just create 2 services. Something like “common ufw rules” and “custom ufw rules”. The custom task will automatically be assigned only to those hosts that have the dictionary containing the rules.

And you can add a flag in the host vars like vars.skip_ufw_checks and assign the “common fw rules” task only to those without that flag or that flag set to false. Just in case that you will have hosts without a ufw in the future.

1 Like
5

Thank you for your help !!

1 Like
6

@winem am still a bit confused. Liked you idea so I thought 'Let’s do that!", but I dont seem to get it working )-:
The custom ufw rules idea works, but as I have also alot of common ufw rules to apply for all hosts, but how to set and create a service that loops through all rules. ?
Is it possible to set a global dictionary onces where the service loops through instead of defining them into or per host ?
Any references or tips to look for.? (should I create another topic for this?)

7

Hi @Creamers158,
you can use host templates. I guess your hosts already include the generic-host template. If you are very sure that these firewall rules are in place for all hosts you could extend the generic-host template or (this is what I would recommend) create a new template and include it in the host config.

And I think it’s fine to keep it in this topic as it’s still related. :slight_smile:

1 Like
8

Hi @winem !

Thank you again.!!
I literally searched for hours trying to find something that could " loop a service " etc LOL
You write 3 sentences and I’m done in 5minutes :slight_smile:
Trying to learn and try different stuff, so it could be that you’ll find a new topic in a few days :wink:

Thx!

1 Like