2014-03-18 11:18:17 +01:00
|
|
|
## <a id="domains"></a> Domains
|
|
|
|
|
|
|
|
|
|
A [Service](#objecttype-service) object can be restricted using the `domains` attribute
|
|
|
|
|
array specifying endpoint privileges.
|
|
|
|
|
A Domain object specifices the ACLs applied for each [Endpoint](#objecttype-endpoint).
|
|
|
|
|
|
|
|
|
|
The following example assigns the domain `dmz-db` to the service `dmz-oracledb`. Endpoint
|
|
|
|
|
`icinga-node-dmz-1` does not allow any object modification (no commands, check results) and only
|
|
|
|
|
relays local messages to the remote node(s). The endpoint `icinga-node-dmz-2` processes all
|
|
|
|
|
messages read and write (accept check results, commands and also relay messages to remote
|
|
|
|
|
nodes).
|
|
|
|
|
|
|
|
|
|
That way the service `dmz-oracledb` on endpoint `icinga-node-dmz-1` will not be modified
|
|
|
|
|
by any cluster event message, and could be checked by the local authority too presenting
|
|
|
|
|
a different state history. `icinga-node-dmz-2` still receives all cluster message updates
|
|
|
|
|
from the `icinga-node-dmz-1` endpoint.
|
|
|
|
|
|
2014-03-27 12:30:24 +01:00
|
|
|
object Host "dmz-host1" {
|
2014-03-31 18:38:15 +02:00
|
|
|
import "generic-host"
|
2014-03-27 12:30:24 +01:00
|
|
|
|
2014-03-18 11:18:17 +01:00
|
|
|
services["dmz-oracledb"] = {
|
2014-03-31 18:38:15 +02:00
|
|
|
templates = [ "generic-service" ]
|
|
|
|
|
domains = [ "dmz-db" ]
|
|
|
|
|
authorities = [ "icinga-node-dmz-1", "icinga-node-dmz-2"]
|
2014-03-18 11:18:17 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
object Domain "dmz-db" {
|
|
|
|
|
acl = {
|
2014-03-31 18:38:15 +02:00
|
|
|
icinga-node-dmz-1 = DomainPrivReadOnly
|
2014-03-19 12:44:53 +01:00
|
|
|
icinga-node-dmz-2 = DomainPrivReadWrite
|
2014-03-18 11:18:17 +01:00
|
|
|
}
|
2014-03-27 12:30:24 +01:00
|
|
|
}
|
