Icinga2 - A best practise guide?

Hi everyone,

a kind of “community survey” today. :exploding_head:

I am aware that there is no uniform template for Icinga2 implementations in the company network - but a kind of uniform procedure can still be derived from all the posts here in the forum and from different websites. The tips and tricks of others and of course the information from the documentation helped me enormously to develop and adapt my own approach.

My questions now refer to the implementation of a nice, meaningful and above all functional Icinga2 configuration, which has implemented not only the internal systems of my company but also those of the customers.

As a master I have a virtual machine on a specially provided ESXi host, which is of course connected to its own UPS in our data center. The ESXi host sits with one leg in the internal LAN and the other leg in the DMZ.

The connection from master to the internal machines is made via internal LAN directly to the other VMs and hardware. The connection to the customers is made via port forwarding via the customer firewalls, the port forwards directly to the satellites in the customer network. Authentication takes place via the extremely ingenious CSR Auto-Signing.

Now question 1: Up to now I have stored new customers manually in the zones.conf on the master and then executed the Kickstart Wizard in the Icinga Director. Why? Until recently, it was said that the creation via Director GUI would often lead to errors. So is that still the current approach?

Question 2: The satellites themselves are VMs in the customer network. Each satellite is configured “automatically” by the Icinga Director via the agent kickstart script. Each satellite is based on a general “satellite template” as host-template, it’s assigned to the corresponding customer host group and receives also following parameters via the host configuration in icinga director:

  • cluster zone: customer-xx,
  • Icinga2 Agent: Yes
  • Establish connection: Yes
  • Accepts configuration: Yes.

If I would select the “master zone” as the cluster zone, the deployment no longer works. Why and how do you configurate your sats via icinga director?

Question 3: Each customer receives his own host templates, e.g. "CUSTOMER1-ESX-Host, “CUSTOMER2-ESX-Host”, “CUSTOMER1 Switch”, etc. Is there a more efficient approach here? How do you create your customer hosts (templates) and keep track of them?

Question 4: Internally I am importing the virtual machines “automatically” via Director vSphere Plugin. I’m currently having trouble with Regex because there is no detailed documentation for the sync process yet. How do you import your company’s or your customers’ VMs via satellite into Icinga2? What kind of automation measures do you carry out?

I look forward to constructive answers and, of course, questions!
Tips, tricks and also your best-practise-approach regarding the previous questions would be awesome!

Kind regards,