Any help for a struggling n00b?
I first spent some time messing around with Icinga2 using manual configuration without much success. Eventually I wiped everything and started over with Director. I have updated to version 2.8.0 on CentOS 7, with the latest Director from the master branch.
My issues are partly with core concepts so maybe the main forum would have been the right place for this question, but on the other hand my question is "how to do this using Director" so I chose here. Apologies if that was not correct.
First let me describe the network (simplified view). There are two sites:
- my office, with three CentOS 7 servers, one of which is the Icinga2 master and the other two run Icinga2 agents; and
- a virtual data center (VDC) at a hosting provider with a number of RHEL 6.6 servers, all running Icinga2 agents.
The latter network is largely closed off from the outside world, accessible only via certain services (HTTP, and some custom services for our application). Notably, ping and ssh are not among those services (except with a VPN established, but we only use VPN from our desktops and I'd rather not deal with a site-to-site VPN at the moment).
My monitoring goals are initially to check that hosts are alive, then that CPU, memory, and disk statistics look okay, and ultimately to check that web, database, and custom services are functioning properly.
Initially I thought I would need the two sites to be in separate zones, but after much struggling with that I decided to wipe the configuration (again) and start over with just one. It's all under one main administrative control anyway, so I believe that was a good decision. (Comments?)
My main stumbling blocks now are:
- Convincing the master that it shouldn't ping the VDC hosts, but rather let them connect back to the master (which is not blocked by the firewall).
- Convincing the master that it should execute the checks of services on the VDC hosts (simulating a customer doing the same).
I quite like Director, but I'm stumped by how to accomplish those two things.
For #1, my initial issue is that I haven't figured out how to exert any control over the pings at all. Where in the Director configuration should I even start to dig? I thought it might be controlled by the original node setup on the VDC hosts where I explicitly indicated that connections should be made to the master and not the other way around. That does not appear to be the case.
For #2, I implemented a check for our custom services that run on TCP ports using the instructions here. There is no mention on that page of how to ensure the check is run from somewhere other than the host under test. It should presumably be possible by setting the command_endpoint to the master endpoint in all the service templates for things I want to check remotely. But unless I'm missing something there is no way to do that explicitly, nor does it happen implicitly as a result of any tweaks to the various service template properties I've tried through the UI. (I had success by hacking the deployed package service_template.conf file () to specify command_endpoint = "master_endpoint_name" for the TCP port checker.)
Icinga2 + Director is one of those packages that gives me the persistent feeling I'm missing something fundamental. Any advice would be appreciated - you don't need to solve all the problems for me, just point me in the right direction.
Thanks in advance!