-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings all,
I've been running a "simple" Icinga2 setup for a few months now. It
took a bit to get things running, but I believe I understand how it's
working right now. Currently I have a single Master node that runs
icinga2 and icingaweb2. I have a number of clients also running
icinga2 so that I can do local checks on them. I believe this is
called command bridge execution?
I'm looking to break this up a bit into a hierarchical configuration.
I'd like to set up a satellite node that would exist in a second data
center to handle all of the checks within that data center. But I
still want clients to handle their own local checks, just passing them
on to the satellite or master that's local to the data center. From
there the various satellites push that up to the master. Setting up
the satellite seems straightforward enough as it's identical to
setting up one of the clients I already have.
I've been reading the documentation, trolling the mailing lists,
hanging out on IRC, and I think I have it working now, but I want to
double check things. So I have a bunch of questions which might help
me understand ...
- - Does the zones.conf file have to be synchronized between all masters
and satellites? It seems like the answer is yes. In addition, does
it need to be on all clients that are set up for command execution?
- - Does the ca.crt and ca.key need to be synchronized between all
masters and satellites?
- - I see there's a repository command in the cli, should I be using
this to sync between masters and satellites? Will it handle the ca as
well?
- - Do clients that are performing command execution need to be
reconfigured with the satellite listed as the "master" for that client?
- - What features need to be enabled on the satellite? I'm pretty sure
API is needed, but what about command?
My zones.conf file looks like this at the moment :
object Endpoint "master0.dc0.example.com" {
}
object Zone "dc0.example.com" {
endpoints = [ "master0.dc0.example.com" ]
}
object Zone "global-templates" {
global = true
}
object Endpoint "satellite1.dc1.example.com" {
host = "10.0.1.4"
}
object Zone "dc1.example.com" {
endpoints = [ "satellite1.dc1.example.com" ]
parent = "dc0.example.com"
}
object Endpoint "client0.dc0.example.com" {
host = "10.0.0.10"
}
object Zone "client0.dc0.example.com" {
endpoints = [ "client0.dc0.example.com" ]
parent = "dc0.example.com"
}
object Endpoint "client1.dc1.example.com" {
host = "10.0.1.10"
}
object Zone "client1.dc1.example.com" {
endpoints = [ "client1.dc1.example.com" ]
parent = "dc1.example.com"
}
And the zones.d structure looks like this :
/etc/icinga2/zones.d
global-templates/
command-custom.conf
commands.conf
groups.conf
notifications.conf
satellite.conf
services.conf
templates.conf
timeperiods.conf
users.conf
dc0.example.com
hosts.comf
dc0.example.com
hosts.comf
It seems that now that I have this config in place, everything is
working. Is this the correct way to handle this?
Thanks,
- --
- ---------------------------
Jason 'XenoPhage' Frisvold
[email protected]
- ---------------------------
"Any sufficiently advanced magic is indistinguishable from technology."
- - Niven's Inverse of Clarke's Third Law
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iEYEARECAAYFAlXp/ykACgkQ8CjzPZyTUTTw1QCcCWlOOv3iwVQuxVrKPQKL6YLl
CNYAnj+7gQh8LKe605s4S2ZL/4Qh1sJG
=mCzO
-----END PGP SIGNATURE-----
_______________________________________________
icinga-users mailing list
[email protected]
https://lists.icinga.org/mailman/listinfo/icinga-users
