Submit passive check from two satellites to a fake host


I need to send passive check results from two nodes via the satellites to a single fake host:

node-01 → sattelite1 (zone A) → (master zone)
node-01 → satellite2 (zone B) → (master zone)

Since, is in the master zone … I can’t send passive checks …

Zone A (satellite

curl -k -X POST '!cron_test&type=Service' -H 'Accept: application/json' -H 'Content-Type: application/json; charset=utf-8' -u user:secret -d '{"exit_status":0,"plugin_output":"[OK]: \nruntime=3, \ncron_output=All clear","check_source":""}'
{"error":404,"status":"No objects found."}

Zone B (satellite

curl -k -X POST '!cron_test&type=Service' -H 'Accept: application/json' -H 'Content-Type: application/json; charset=utf-8' -u user:secret -d '{"exit_status":0,"plugin_output":"[OK]: \nruntime=3, \ncron_output=All clear","check_source":""}'
{"error":404,"status":"No objects found."}

So, how can I have a fake host and send passive results from two zones ?

cu denny

I would think that the easy way is to create a fake host for each zone, but I’m not sure.

All of our passive checks are services that are assigned to hosts that exist within given zones, and all passive checks are executed by talking to the Master’s API. This simplifies things for us so we don’t have to determine which zone the passive check needs to execute in – off hand I’m not sure if passive checks are able to be executed on different zones, but I’m not about to VPN in and check (Thanksgiving and all…)

Hi @steaksauce

I wanted to have the dummy host on the top. To have a fake on every zone is not required. The passive checks can already submitted to the host … where the checks runs.
Problem is … we have crons on two differents nodes, but only on one node, the crons are active. If we switch the datacenter … the crons on the other VMs will be actived and disabled on the opposite.

So, I wanted the TOP dummy node … which gets from both the results … otherwise … I have a bunch of “UNKNOWN” checks on the dashboard on that node, which has disabled crons.

cu denny

Hi, why not send the passiv check result direct to the master? If a router or firewall is between maybe you need some special rules for it.

We are doing like this. We have a VIP address (with keepalived) and everybody is sending direct to the api. Doesn’t matter which zone the device is.


we can’t allow it. PCI-DSS network policy does not allow direct connections. Otherwise … we wouldn’t’ need satellites :slight_smile:

hmm … from what I see in the docs and some blog posts I read the CA Proxy functions (since 2.8) only in combination with sigining certificates.
Maybe we have to bring @theFeu into it to bring some light in the dark :wink:

If the host/service is in the master zone, only a master node will accept passive check results via the API for it. A node in the master zone won’t accept any check results from a child zone if the host/service is not in that zone (or a child zone thereof).

So if connecting directly to the API on a master node is not an option for you, you’d have to resort to some workaround like having separate services in both zones and then model the overall check as a business process using the corresponding module or building a check that does something similar to merge the two child checks.


I have a business check, which compares two MD5 sums … but the question would … how to handle freshness … or will I have flapping, because the disabled datacenter … that I have to test.

cu denny