Top Down Config Sync for multiple customers questions

This forum was archived to /woltlab and is now in read-only mode.
  • Hello,

    I am new to Icinga and now I am trying to understand how it can be used for my scenario.

    I want to setup monitoring for different customers, their configs should be isolated from each other and distributed from master node to satellite.

    After reading documentation I think that Top Down Config Sync is the most suitable for this scenario.

    Lets say I have two customers: customerA and customerB. As I understand it works like this:

    1. I setup one master node and one client in zone customerA, one client in zone customerB

    2. I create hosts/service checks on master node and it is distributed automatically to the client in a corresponding zone

    3. Checks are executed on clients

    Several questions regarding above:

    1. client in zone customerA will not know anything about host/service checks that are in zone customerB and wise versa - is this correct?

    2. can I have many clients to run checks for a single zone? If yes, how does Icinga distribute these checks between clients?

    3. do I need to use satellites? As I understand from documentation they are needed for scheduling and config distribution. This can be done by master

    node, right? Does this mean that I need a satellite just to move scheduling from master?

    4. all check results from all zones are sent back to master - right?

    5. how do I know where particular check was executed (on which node)? In which log can I find this information?

    Thank You

  • To answer your questions:

    1. Yes

    2. split the customer zone into multiple child zones to controll the distribution of checks on the clients.

    Ideally every Endpoint/Server will have his own Childzone so it only knows about his own checks.

    3. Satellites are not needed, but in your setup the Icinga2 instances at your customers are already satellites.

    4. Yes

    5. Every check has an origin and the interfaces show it as the check-source.

    Linux is dead, long live Linux

    Remember to NEVER EVER use git repositories in a productive environment if you CAN NOT control them

  • If you use the Icinga Director then the answer to 1. is no since all Templates will be in the Director-Global Zone which is synced to all Zones.

  • Thank You. Now I have zones setup with config sync for master and 2 clients: customerA and customerB.

    In Icinga2 UI I see checks from all zones. Now I need some mechanism to group those checks by zone.

    Ideally, I would like to have user account for customerA that sees only checks from its zone and user account for customerB so I can provide my customers with credentials and they do not see each other checks.

    Is something like this possible?

  • So there is no way to to this? I create all checks via REST API, not using Director.