Satellite and Icinga Master

PiMA · February 19, 2021, 8:05am

Hello Community

Since I started using more and more satellites I am facing a problem right now and I think my icinga set up seems to be wrong. Maybe one of you could help me.

My set up so far:
I have one Master (Icinga Prod) and 3 satellites (s1,s2,s3) the satellites are checking different hosts in different networks. That means the Master is not able to check them because they are not in the same network like the master.
Lets use the uptime check as an example. I check a few hosts from my master which works fine. And then I tried to check some hosts which are only reachable by the satellites - that means the uptime check I wrote on icinga master stays in state pending. Now I write a new uptime check on each satellite uptime_s1 , uptime_s2 and uptime_s3. Which is working fine. But is there any solution that i dont have to implement new uptime checks for every satellite? Because I will end up adding more and more satellites and multiple duplicated checks not only uptime . Maybe my set is wrong.
Thank you in advance

yhabteab · February 19, 2021, 3:36pm

Hello @PiMA ,

I’m not really sure, but it sounds like your setups are all correct. According to your description, the hosts you want to check are not reachable from the master, i.e. the master does not know that the hosts even exist. If this is the case, you will have to configure the same configs from the master to the satellites. Here is a blog post about it, which describes the problem in more detail and how to solve it.

rsx · March 1, 2021, 10:01am

You don’t need to create dedicated checks for every satellite. Just put the host objects into the corresponding satellite zones.

PiMA · March 3, 2021, 11:14am

the host objects are defined in the satellites zone, but unfortunately when i want to run an already implemented service, which is implemented in the regular services.conf file not in the zone directory, because my icinga master is running those services on some other hosts. Then I get the problem that icinga master is trying to run the services on the hosts not the satellite.

rsx · March 3, 2021, 11:22am

Icinga is scheduling a check depending on the host’s zone (or command_endpoint if defined). This has nothing to do with services.conf. Services should be defined in a global zone so that they exist where they are needed.

PiMA · March 3, 2021, 11:38am

Let me show you my icinga configuration inventory:

regular icinga master path ( /etc/icinga2/conf.d/ )
here I have:
- commands.conf
- hosts.conf
- services.conf

and then i have my satellites ( /etc/icinga2/zones.d/satellite1)
here i have:
- sat_1_commands.conf
- sat_1_hosts.conf
- sat_1_services.conf

And I am struggling right because for example a service ( lets call it service1). service1 on is defined in my icinga master path /etc/icinga2/conf.d/ and i want the same check to be running on the hosts only satellite1 can reach to check the same. But the only way i find is to add a new service on my satellite conf like service1_sat1 in the path /etc/icinga2/zones.d/satellite1, because the regular service state will stay in pending because my Icinga Master can’t reach the hosts which the satellite can reach. And I am confused that i have to implement every service with an additional name to run on the satellite

rsx · March 3, 2021, 12:06pm

You should put every command and service object into a global zone. Pending typically means something is missing (this has nothing to do with cannot reach).

PiMA · March 3, 2021, 12:08pm

and only the hosts should be defined in zones?

rsx · March 3, 2021, 12:11pm

Yes. Defining services for a host is typically done by assign rules.

PiMA · March 3, 2021, 12:13pm

okay… its so confusing because when i implement the service within the zones.d directory the service works and is not in pending state. How does icinga know or tell the satellite to run a service? Could you send me an example of a service because everything is tried so far is not wokring. I feel like my icinga is build wrong from the beginning.

rsx · March 3, 2021, 12:51pm

Example from here:

apply Service "ssh" {
  import "generic-service"

  check_command = "ssh"

  assign where host.address && host.vars.os == "Linux"
}

Which means every host that have an ip address defined and its variable os contains Linux will get the service ssh not matter to which zone a host belong.

PiMA · March 3, 2021, 1:01pm

yes and thats the problem icinga master can’t reach some hosts they are only reachable from the satellite 1 . So this check stays in pending thats why I use the satellite 1. But the satellite only run the service if i write a new service called for example ssh_sat1

PiMA · March 3, 2021, 1:05pm

I dont want my icinga master to run all the service checks. I want the load seperatet on all the satellites

PiMA · March 3, 2021, 1:07pm

thank you that makes sense… but i am confused when i use lets say 7 satellites so i have to implement one services seprate on each satellite?