tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update Security section in the Distributed Monitoring chapter 

fixes #5057
This commit is contained in:
Michael Friedrich 2017-03-10 18:19:22 +01:00
parent acaafab055
commit 8c3accb304
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
doc/6-distributed-monitoring.md
View File

@ -153,15 +153,16 @@ nodes (firewalls, policies, software hardening, etc.), Icinga 2 also provides
additional security: additional security:
* SSL certificates are mandatory for communication between nodes. The CLI commands * SSL certificates are mandatory for communication between nodes. The CLI commands
help you create those certs automatically. help you create those certificates.
* Child zones only receive updates (check results, commands, etc.) for their configured objects. * Child zones only receive updates (check results, commands, etc.) for their configured objects.
* Child zones are not allowed to push configuration updates to parent zones.
* Zones cannot interfere with other zones and influence each other. Each checkable host or service object is assigned to **one zone** only. * Zones cannot interfere with other zones and influence each other. Each checkable host or service object is assigned to **one zone** only.
* All nodes in a zone trust each other. * All nodes in a zone trust each other.
* [Config sync](6-distributed-monitoring.md#distributed-monitoring-top-down-config-sync) and [remote command endpoint execution](6-distributed-monitoring.md#distributed-monitoring-top-down-command-endpoint) is disabled by default. * [Config sync](6-distributed-monitoring.md#distributed-monitoring-top-down-config-sync) and [remote command endpoint execution](6-distributed-monitoring.md#distributed-monitoring-top-down-command-endpoint) is disabled by default.
The underlying protocol is using JSON-RPC events sent over TLS secured The underlying protocol uses JSON-RPC event notifications exchanged by nodes.
connections. In case you are interested in specific details, please The connection is secured by TLS. The message protocol uses an internal API,
check the source code. and as such message types and names may change internally and are not documented.
## <a id="distributed-monitoring-setup-master"></a> Master Setup ## <a id="distributed-monitoring-setup-master"></a> Master Setup