tyler.durden/icinga2
1
0
Fork 0
mirror of https://github.com/Icinga/icinga2.git synced 2025-07-23 13:45:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

Documentation: Add Domains.

Browse Source 
Fixes #5288
This commit is contained in:
Michael Friedrich 2014-03-07 15:21:57 +01:00
parent 7341d1a568
commit 14d8f8a12e
3 changed files with 68 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
doc/4.3-object-types.md
View File

@ -118,6 +118,7 @@ Attributes:
notifications |**Optional.** Inline definition of notifications. Each dictionary item specifies a notification.<br /><br />The `templates` attribute can be used to specify an array of templates that should be inherited by the notification object.<br /><br />The new notification object's name is "hostname:service:notification" - where "notification" is the dictionary key in the notifications dictionary. notifications |**Optional.** Inline definition of notifications. Each dictionary item specifies a notification.<br /><br />The `templates` attribute can be used to specify an array of templates that should be inherited by the notification object.<br /><br />The new notification object's name is "hostname:service:notification" - where "notification" is the dictionary key in the notifications dictionary.
dependencies |**Optional.** Inline definition of dependencies. Each dictionary item specifies a dependency.<br /><br />The `templates` attribute can be used to specify an array of templates that should be inherited by the dependency object.<br /><br />The new dependency object's name is "hostname:service:dependency" - where "dependency" is the dictionary key in the dependencies dictionary. dependencies |**Optional.** Inline definition of dependencies. Each dictionary item specifies a dependency.<br /><br />The `templates` attribute can be used to specify an array of templates that should be inherited by the dependency object.<br /><br />The new dependency object's name is "hostname:service:dependency" - where "dependency" is the dictionary key in the dependencies dictionary.
authorities |**Optional.** A list of Endpoints on which this service check will be executed in a cluster scenario. authorities |**Optional.** A list of Endpoints on which this service check will be executed in a cluster scenario.
domains |**Optional.** A list of Domains for this service object in a cluster scenario.
### <a id="objecttype-servicegroup"></a> ServiceGroup ### <a id="objecttype-servicegroup"></a> ServiceGroup
@ -950,14 +951,32 @@ Attributes:
### <a id="objecttype-domain"></a> Domain ### <a id="objecttype-domain"></a> Domain
TODO A [Service](#objecttype-service) object can be restricted using the `domains` attribute
array specifying endpoint privileges.
A Domain object specifices the ACLs applied for each [Endpoint](#objecttype-endpoint).
Example: Example:
TODO object Domain "dmz-1" {
acl = {
node1 = (DomainPrivCheckResult),
node2 = (DomainPrivReadWrite)
}
}
Attributes: Attributes:
Name |Description Name |Description
----------------|---------------- ----------------|----------------
acl |TODO acl |**Required.** Dictionary with items for Domain ACLs.
Domain ACLs:
Name |Description
----------------------|----------------
DomainPrivRead | Endpoint reads local messages and relays them to remote nodes.
DomainPrivCheckResult | Endpoint accepts check result messages from remote nodes.
DomainPrivCommand | Endpoint accepts command messages from remote nodes.
DomainPrevReadOnly | Endpoint reads local messages and relays them to remote nodes.
DomainPrivReadWrite | Combination of (DomainPrivRead | DomainPrivCheckResult | DomainPrivCommand)

46
doc/6-advanced-topics.md
View File

@ -244,7 +244,7 @@ to send configuration files.
A sample config part can look like this: A sample config part can look like this:
/** /**
* Configure endpoints for cluster configuration * Configure config master endpoint
*/ */
object Endpoint "icinga-node-1" { object Endpoint "icinga-node-1" {
@ -256,6 +256,18 @@ A sample config part can look like this:
If you update the configuration files on the configured file sender, it will If you update the configuration files on the configured file sender, it will
force a restart on all receiving nodes after validating the new config. force a restart on all receiving nodes after validating the new config.
A sample config part for a config receiver endpoint can look like this:
/**
* Configure config receiver endpoint
*/
object Endpoint "icinga-node-2" {
host = "icinga-node-2.localdomain",
port = 8888,
accept_config = [ "icinga-node-1" ]
}
By default these configuration files are saved in /var/lib/icinga2/cluster/config. By default these configuration files are saved in /var/lib/icinga2/cluster/config.
In order to load configuration files which were received from a remote Icinga 2 In order to load configuration files which were received from a remote Icinga 2
@ -332,6 +344,38 @@ the Icinga 2 daemon.
# icinga2 -c /etc/icinga2/node1/icinga2.conf -DIcingaLocalStateDir=/opt/node1/var # icinga2 -c /etc/icinga2/node1/icinga2.conf -DIcingaLocalStateDir=/opt/node1/var
## <a id="domains"></a> Domains
A [Service](#objecttype-service) object can be restricted using the `domains` attribute
array specifying endpoint privileges.
A Domain object specifices the ACLs applied for each [Endpoint](#objecttype-endpoint).
The following example assigns the domain `dmz-db` to the service `dmz-oracledb`. Endpoint
`icinga-node-dmz-1` does not allow any object modification (no commands, check results) and only
relays local messages to the remote node(s). The endpoint `icinga-node-dmz-2` processes all
messages read and write (accept check results, commands and also relay messages to remote
nodes).
That way the service `dmz-oracledb` on endpoint `icinga-node-dmz-1` will not be modified
by any cluster event message, and could be checked by the local authority too presenting
a different state history. `icinga-node-dmz-2` still receives all cluster message updates
from the `icinga-node-dmz-1` endpoint.
object Host "dmz-host1" inherits "generic-host" {
services["dmz-oracledb"] = {
templates = [ "generic-service" ],
domains = [ "dmz-db" ],
authorities = [ "icinga-node-dmz-1", "icinga-node-dmz-2"],
}
}
object Domain "dmz-db" {
acl = {
icinga-node-dmz-1 = (DomainPrivReadOnly),
icinga-node-dmz-2 = (DomainPrivReadWrite)
}
}
## <a id="dependencies"></a> Dependencies ## <a id="dependencies"></a> Dependencies
Icinga 2 uses host and service [Dependency](#objecttype-dependency) objects either directly Icinga 2 uses host and service [Dependency](#objecttype-dependency) objects either directly

2
lib/base/dynamicobject.cpp
View File

@ -53,7 +53,7 @@ void DynamicObject::StaticInitialize(void)
ScriptVariable::Set("DomainPrivCheckResult", DomainPrivCheckResult, true, true); ScriptVariable::Set("DomainPrivCheckResult", DomainPrivCheckResult, true, true);
ScriptVariable::Set("DomainPrivCommand", DomainPrivCommand, true, true); ScriptVariable::Set("DomainPrivCommand", DomainPrivCommand, true, true);
ScriptVariable::Set("DomainPrevReadOnly", DomainPrivRead, true, true); ScriptVariable::Set("DomainPrivReadOnly", DomainPrivRead, true, true);
ScriptVariable::Set("DomainPrivReadWrite", DomainPrivRead | DomainPrivCheckResult | DomainPrivCommand, true, true); ScriptVariable::Set("DomainPrivReadWrite", DomainPrivRead | DomainPrivCheckResult | DomainPrivCommand, true, true);
} }