Since I started using more and more satellites I am facing a problem right now and I think my icinga set up seems to be wrong. Maybe one of you could help me.
My set up so far:
I have one Master (Icinga Prod) and 3 satellites (s1,s2,s3) the satellites are checking different hosts in different networks. That means the Master is not able to check them because they are not in the same network like the master.
Lets use the uptime check as an example. I check a few hosts from my master which works fine. And then I tried to check some hosts which are only reachable by the satellites - that means the uptime check I wrote on icinga master stays in state pending. Now I write a new uptime check on each satellite uptime_s1 , uptime_s2 and uptime_s3. Which is working fine. But is there any solution that i dont have to implement new uptime checks for every satellite? Because I will end up adding more and more satellites and multiple duplicated checks not only uptime . Maybe my set is wrong.
Thank you in advance
I’m not really sure, but it sounds like your setups are all correct. According to your description, the hosts you want to check are not reachable from the master, i.e. the master does not know that the hosts even exist. If this is the case, you will have to configure the same configs from the master to the satellites. Here is a blog post about it, which describes the problem in more detail and how to solve it.
the host objects are defined in the satellites zone, but unfortunately when i want to run an already implemented service, which is implemented in the regular services.conf file not in the zone directory, because my icinga master is running those services on some other hosts. Then I get the problem that icinga master is trying to run the services on the hosts not the satellite.
Icinga is scheduling a check depending on the host’s zone (or command_endpoint if defined). This has nothing to do with services.conf. Services should be defined in a global zone so that they exist where they are needed.
Let me show you my icinga configuration inventory:
regular icinga master path ( /etc/icinga2/conf.d/ )
here I have:
- commands.conf
- hosts.conf
- services.conf
and then i have my satellites ( /etc/icinga2/zones.d/satellite1)
here i have:
- sat_1_commands.conf
- sat_1_hosts.conf
- sat_1_services.conf
And I am struggling right because for example a service ( lets call it service1). service1 on is defined in my icinga master path /etc/icinga2/conf.d/ and i want the same check to be running on the hosts only satellite1 can reach to check the same. But the only way i find is to add a new service on my satellite conf like service1_sat1 in the path /etc/icinga2/zones.d/satellite1, because the regular service state will stay in pending because my Icinga Master can’t reach the hosts which the satellite can reach. And I am confused that i have to implement every service with an additional name to run on the satellite
You should put every command and service object into a global zone. Pending typically means something is missing (this has nothing to do with cannot reach).
okay… its so confusing because when i implement the service within the zones.d directory the service works and is not in pending state. How does icinga know or tell the satellite to run a service? Could you send me an example of a service because everything is tried so far is not wokring. I feel like my icinga is build wrong from the beginning.
apply Service "ssh" {
import "generic-service"
check_command = "ssh"
assign where host.address && host.vars.os == "Linux"
}
Which means every host that have an ip address defined and its variable os contains Linux will get the service ssh not matter to which zone a host belong.
yes and thats the problem icinga master can’t reach some hosts they are only reachable from the satellite 1 . So this check stays in pending thats why I use the satellite 1. But the satellite only run the service if i write a new service called for example ssh_sat1
,