Remote zone/satellite running check services without host being present

Hi all,

I’ve got a reasonably large icinga2 deployment using director and a lot of api automation, several satellite zones carrying out checks in a DMZ type area working well.
I’ve now added a 3rd satellite zone, the idea is this is on a remote machine that will monitor inbound to our network, so the plan is to add a new service to multiple existing hosts, the new service will be a simple ping4 to ping in from the satellite node.

However, the issue is that the host itself is registered to the master zone, not the satellite (I don’t want to create a second host on the satellite as the icingaweb2 gui then looks messy having 2 hosts for each one).
The error therefore on the satellite is:

[2021-07-23 15:01:26 +0000] information/ApiListener: My API identity:
[2021-07-23 15:01:27 +0000] critical/config: Error: Validation failed for object '!service-EXTERNAL-ping' of type 'Service'; Attribute 'host_name': Object '' of type 'Host' does not exist.

So ideally what I want is:
– host - registered on master zone, majority of checks, services are on master
– service1 - on master
– service2 - on master
– service3 - on satellite

  • Version on master r2.11.3-1, version on satellite r2.12.2-1
  • Debian 9 on master, Debian 8 on satellite
  • Enabled features (icinga2 feature list)
    Disabled features: debuglog elasticsearch gelf graphite influxdb opentsdb syslog
    Enabled features: api checker command compatlog ido-mysql livestatus mainlog notification perfdata statusdata

Any ideas on how to easily achieve what I’m trying to do here? I need to maintain config in Director, so adding manual to conf files is not really an option due to the automation we’ve integrated with director.

Thanks in advance any suggestions!

Hello @andyb2000!

Is it an option to set the new services’ command endpoint to the satellite node?


Thanks for the reply @Al2Klimov
Sorry, might not have explained properly. Yes I set the service endpoint to the satellite node, that works, however because the host isn’t set to the satellite node the host itself doesn’t get pushed out to the satellite node.
The satellite then thinks the host doesn’t exist (It doesn’t in terms of the satellite) and so won’t allow the servicecheck as it’s invalid.

I can see the logic in the icinga2 core code like this:

  • Send service to satellite as it has node satellite defined
  • do NOT send host to satellite as it is not defined as a check for the satellite
  • satellite node validates it’s pushed config, fails as host for service check non-existant

Not quite sure the best way of solving this!

I meant:

apply Service ... {
  command_endpoint = ""

Hi @Al2Klimov yes that’s exactly what I have.
on the service it sets the endpoint.

However, since the host does NOT have the same endpoint set, when pushed to satellite the satellite config won’t validate as it has an orphaned service.

And if you put the service in the host zone (and leave command_endpoint as-is)?