Shared zones


I’m looking for a solution to implement “shared” zones : I would like to have zones shared between some endpoints but not all of them like with global zones. Their is a solution for that ?

My use case: we manage on our Icinga infrastructure many customers, some in our zones with our own satellites and some in our customer’s infrastructures with their own satellites/zones. We don’t want to sync sensible information (like passwords or our team personal contact details) on customers’s satellites but we have to share it with all our satellites. Moreover, for some of our customers, we have multiple zones/satellites and we want to shared some common objects (commands, groups, users, timezones, …) between their satellites but not with all our other customer’s satellites.

Workaround: for the moment, we use global zones declared only on some satellites. With this solution, our “shared” zones are proposed for synchronization to all satellites, but on satellites without corresponding declaration (in zones.conf file), they are ignored. It’s not a solution for sensible information, because we just have to declare the “shared” zone on a satellite to retrieve it (furthermore, we have a warning in logs about ignored zones, they are not “secret”).

1 Like