1.3 KiB
Domains
A Service object can be restricted using the domains attribute
array specifying endpoint privileges.
A Domain object specifices the ACLs applied for each Endpoint.
The following example assigns the domain dmz-db to the service dmz-oracledb. Endpoint
icinga-node-dmz-1 does not allow any object modification (no commands, check results) and only
relays local messages to the remote node(s). The endpoint icinga-node-dmz-2 processes all
messages read and write (accept check results, commands and also relay messages to remote
nodes).
That way the service dmz-oracledb on endpoint icinga-node-dmz-1 will not be modified
by any cluster event message, and could be checked by the local authority too presenting
a different state history. icinga-node-dmz-2 still receives all cluster message updates
from the icinga-node-dmz-1 endpoint.
object Host "dmz-host1" inherits "generic-host" {
services["dmz-oracledb"] = {
templates = [ "generic-service" ],
domains = [ "dmz-db" ],
authorities = [ "icinga-node-dmz-1", "icinga-node-dmz-2"],
}
}
object Domain "dmz-db" {
acl = {
icinga-node-dmz-1 = (DomainPrivReadOnly),
icinga-node-dmz-2 = (DomainPrivReadWrite)
}
}