Checking a cluster with icinga2 agents

hopefully just a quick question.

What is best practice to monitor cluster services with icinga2 agents (plugins that get checked locally). With NRPE it’s easy, you just check against the cluster IP.

I would think both cluster nodes would be separate zones for their checks.
Is there another zone for the cluster IP and the agents accept the checks anyways as there is a trust relationship to their parent?

You will get problems because the hostname of the cluster IP and the certificates of the icinga2 agents on the cluster nodes do not match. With NRPE it is easy, but by design also quite insecure. Security (icinga2 traffic secured with SSL certs) comes with a price here…
See also Cluster Monitoring on HA-IP

1 Like

Thanks, so I will have to rely on SSH/NRPE