1.3 KiB
Domains
A Service object can be restricted using the domains attribute
array specifying endpoint privileges.
A Domain object specifices the ACLs applied for each Endpoint.
The following example assigns the domain dmz-db to the service dmz-oracledb. Endpoint
icinga-node-dmz-1 does not allow any object modification (no commands, check results) and only
relays local messages to the remote node(s). The endpoint icinga-node-dmz-2 processes all
messages read and write (accept check results, commands and also relay messages to remote
nodes).
That way the service dmz-oracledb on endpoint icinga-node-dmz-1 will not be modified
by any cluster event message, and could be checked by the local authority too presenting
a different state history. icinga-node-dmz-2 still receives all cluster message updates
from the icinga-node-dmz-1 endpoint.
object Host "dmz-host1" {
import "generic-host"
}
object Service "dmz-oracledb" {
import "generic-service"
host_name = "dmz-host1"
domains = [ "dmz-db" ]
authorities = [ "icinga-node-dmz-1", "icinga-node-dmz-2"]
}
object Domain "dmz-db" {
acl = {
"icinga-node-dmz-1" = DomainPrivReadOnly
"icinga-node-dmz-2" = DomainPrivReadWrite
}
}