Hi all!
We are planning to be on standby during night.
There is an external company that has a login for icinga2. This company monitors our services during night and calls us if there is a critical service.
That means that we don’t want to be called for unimportant services. For example if a disk service hits the critical threshold, there is no need to call us at night.
So we only want to get called if critical services fail, for example ping.
So I’m looking for a method to solve that.
Is it possible to assign services to a user which means if that user logs in into icinga2web, they only see services which they have permissions for?
Hi,
you can build a special dashboard for the nightteam in icingaweb2 with filter rules for the hosts ans services. If you assign a custom var like “call_at_night” to the hosts and services where you expecet a call, the filter for the new dashboard it sould be very easy to create.
Another possibility you create a new role in icingaweb2 for the night Team (configuration -> Authentication -> Role). In some modules like “Monitoring” you can set restrictions.
Hey,
you could put your mission-critical services into a servicegroup and filter the dashboard for your external users to show only this servicegroup.
It’s basically the same as filtering the dashboard or permissions to single services like Stevie proposed, but those filters can grow huge and can be a pain in the socks to maintain.
That’s a good Argument @rsturm! I would say it’s depending on the internal security rules from @Axel577. That means is the “external night team” allowed to see every host or not. If this is not the Problem a host/Service Group is a very good idea.
Hi,
I’ve got a question to that servicegroup: I’m working with apply rules. For example there is an apply rule for ping4 service. ping4 service is assigned to all hosts. But there are hosts that aren’t important during night. Is that possible with apply rules? To define more granular?
I guess you could define your service twice, making sure that the assignrules exclude each other (the config parser will bail out with an error if the same host has the same service twice)
apply Service "ping4" {
// all the usual stuff
assign where host.address
ignore where host.vars.sla="24x7"
}
apply Service "ping4" {
// all the usual stuff
groups += 'thatspecialservicegroup'
assign where host.address && host.vars.sla="24x7"
}
Disclaimer: this is just a quick brainfart, not tested for typos and other errors and especially not tested against the config resolver
Edit: I’m thinking too complicated here… Icinga DSL can do it conditionally
apply Service "ping4" {
//all the usual stuff
if (host.vars.sla == "24x7") { groups += 'thatspecialservicegroup' }
assign whereeveryouwant
}
instead of putting the servicegroup into the servicedefinition this way, you can also set a new variable and use that in your filters for the servicegroup and dashboards.
Hi Robert,
I tried your last idea, but I get an error:
[2019-12-27 15:22:53 +0100] critical/config: Error: syntax error, unexpected $undefined
Location: in /etc/icinga2/zones.d/global-templates/services.conf: 121:44-121:44
/etc/icinga2/zones.d/global-templates/services.conf(119): import “generic-service”
/etc/icinga2/zones.d/global-templates/services.conf(120): check_command = “ping4”
/etc/icinga2/zones.d/global-templates/services.conf(121): if (host.vars.sla == “24x7”) { groups += ‘24group’ }
^
/etc/icinga2/zones.d/global-templates/services.conf(122): assign where host.address && host.vars.ping == “yes”
My service:
apply Service “ping4” {
import “generic-service”
check_command = “ping4”
if (host.vars.sla == “24x7”) { groups += ‘24group’ }
assign where host.address && host.vars.ping == “yes”
zone=“master”
}
Can anyone please help me with that issue?
- Single quotes for strings are not supported, use double quotes.
- The assign where expression is wrongly using an assignment operator, it needs the equality operator.
Hi Michael,
I changed the single quotes to double quotes:
apply Service “ping4” {
import “generic-service”
check_command = “ping4”
if (host.vars.sla == “24x7”) { groups += “24group” }
assign where host.address && host.vars.ping == “yes”
zone=“master”
}
But now I get that error:
[2020-01-06 13:31:15 +0100] critical/config: Error: Error while evaluating expression: Operator + cannot be applied to values of type ‘Array’ and ‘String’
Location: in /etc/icinga2/zones.d/global-templates/services.conf: 121:34-121:52
/etc/icinga2/zones.d/global-templates/services.conf(119): import “generic-service”
/etc/icinga2/zones.d/global-templates/services.conf(120): check_command = “ping4”
/etc/icinga2/zones.d/global-templates/services.conf(121): if (host.vars.sla == “24x7”) { groups += “24group” }
^^^^^^^^^^^^^^^^^^^
It says: Operator + cannot be applied to values of type ‘Array’ and ‘String’
Try groups += [ “24group” ].