Just to add my experience, we're using icinga2 in command execution very successfully. Deployment and configuration is ansible-managed, and apart the initial setup work (especially around SSL) it's trivial to manage and install on new machines. (I can share the ansible scripts).
>From what I understand arguments in icinga2 don't represent a security risk simply because the connection itself is secured via SSL - you securely control who can connect to the command execution bridge. NRPE represents a much lower level of security, which is why you need to worry about arguments and security (unless, apparently, when using the nsclient hardened NRPE). On Sun, Jun 28, 2015 at 8:53 PM, Alexander Wirt <[email protected]> wrote: > On Sun, 28 Jun 2015, Dustin Funk wrote: > > > Am 28.06.2015 um 08:59 schrieb Alexander Wirt: > > > but I would recommend using icinga2 as a nrpe replacement: > > > > http://docs.icinga.org/icinga2/latest/doc/module/icinga2/toc#!/icinga2/latest/doc/module/icinga2/chapter/icinga2-client#icinga2-client-configuration-command-bridge-master-config > > > > In my opinion icinga2 is not able to replace nrpe. Using icinga2 as > > command execution bridge makes only sense by using arguments for checks. > > But in many monitoring-environments are arguments a security risk. > > Another thing is that a setup with command execution bridge takes a lot > > of administration effort and doesn't scale. > > > > I've spent a lot of work with the migration from Nagios on Icinga2 (in > > our case ~200hosts, 1500checks). I wanted to use the Command Execution > > bridge. In the end I realized that we can not replace nrpe. > Even if you don't use arguments, nrpe is always a risk a no proper > encryption > is involved. > > Alex > > > _______________________________________________ > icinga-users mailing list > [email protected] > https://lists.icinga.org/mailman/listinfo/icinga-users > >
_______________________________________________ icinga-users mailing list [email protected] https://lists.icinga.org/mailman/listinfo/icinga-users
