I’m trying to setup a multi-tenant environment where every customer has it’s own zone and satellite. This works already: I define roles for the customers and filter for hostgroups etc. in the roles so that they only see their own stuff after login.
So right now:
master (icinga2, icingaweb2, director) --> satellite (icinga2 with satellite config) --> nodes (icinga2 with agent config)
But ATM they would have to log in on the master in order to see their hosts and services. I thought it would not be possible to install Icingaweb on the satellite(s), because the database is always a single point of truth. But I just read some threads about this being possible and now I’m confused.
How should I configure this and with which components where?
Only thing I know is that the Director should only be installed once. If I install Apache2+Icingaweb2 with an own database on the satellite nodes, can I achieve this? How will the database be populated/updated in this case?
It also should be noted that I don’t really seek a multi-tenant configuration in terms of customers being able to create/update their own setup but rather being able to see what our central master instance monitors in their infrastructure. So a “read-only web-ui” satellite is probably enough. This is important because this way there is no need for a satellite to write back to the master (with API / Livestatus / automation-tools).
Thanks in advance.