* [Register](https://accounts.icinga.org/register) an Icinga account.
* Create a new issue at the [Icinga 2 Development Tracker](https://dev.icinga.org/projects/i2).
-* When reporting a bug, please include the details described in the [Troubleshooting](16-troubleshooting.md#troubleshooting-information-required) chapter (version, configs, logs, etc).
+* When reporting a bug, please include the details described in the [Troubleshooting](17-troubleshooting.md#troubleshooting-information-required) chapter (version, configs, logs, etc).
## <a id="whats-new"></a> What's New
* Solved a number of issues where cluster instances would not reconnect after intermittent connection problems
* A lot of other, minor changes
-* [DB IDO schema upgrade](17-upgrading-icinga-2.md#upgrading-icinga-2) to `1.13.0` required!
+* [DB IDO schema upgrade](18-upgrading-icinga-2.md#upgrading-icinga-2) to `1.13.0` required!
#### Features
There's a variety of possibilities to monitor remote servers and services. First off you should
decide how your primary monitoring master is able to reach these hosts and services.
-* direct connection querying the service interface (for example `http`), so-called [agent-less checks](9-monitoring-remote-systems.md#agent-less-checks)
+* direct connection querying the service interface (for example `http`), so-called [agent-less checks](10-monitoring-remote-systems.md#agent-less-checks)
* local checks requiring an additional daemon as communication device for your monitoring server
## <a id="agent-less-checks"></a> Agent-less Checks
Icinga 2 uses its own unique and secure communitication protol amongst instances.
Be it an High-Availability cluster setup, distributed load-balanced setup or just a single
-agent [monitoring a remote client](10-icinga2-client.md#icinga2-client).
+agent [monitoring a remote client](11-icinga2-client.md#icinga2-client).
All communication is secured by TLS with certificates, and fully supports IPv4 and IPv6.
## <a id="icinga2-client-scenarios"></a> Client Scenarios
-* Clients with [local configuration](10-icinga2-client.md#icinga2-client-configuration-local), sending their inventory to the master
-* Clients as [command execution bridge](10-icinga2-client.md#icinga2-client-configuration-command-bridge) without local configuration
-* Clients receive their configuration from the master ([Cluster config sync](10-icinga2-client.md#icinga2-client-configuration-master-config-sync))
+* Clients with [local configuration](11-icinga2-client.md#icinga2-client-configuration-local), sending their inventory to the master
+* Clients as [command execution bridge](11-icinga2-client.md#icinga2-client-configuration-command-bridge) without local configuration
+* Clients receive their configuration from the master ([Cluster config sync](11-icinga2-client.md#icinga2-client-configuration-master-config-sync))
### <a id="icinga2-client-configuration-combined-scenarios"></a> Combined Client Scenarios
* `accept_config` and `accept_commands` are disabled by default in the `api` feature
If you are planning to use the Icinga 2 client inside a distributed setup, refer to
-[this chapter](12-distributed-monitoring-ha.md#cluster-scenarios-master-satellite-clients) with detailed instructions.
+[this chapter](13-distributed-monitoring-ha.md#cluster-scenarios-master-satellite-clients) with detailed instructions.
## <a id="icinga2-client-installation"></a> Installation
### <a id="icinga2-client-installation-master-setup"></a> Setup the Master for Remote Clients
-If you are planning to use the [remote Icinga 2 clients](10-icinga2-client.md#icinga2-client)
+If you are planning to use the [remote Icinga 2 clients](11-icinga2-client.md#icinga2-client)
you'll first need to update your master setup.
Your master setup requires the following
## <a id="icinga2-client-setup"></a> Client Setup for Remote Monitoring
Icinga 2 can be installed on Linux/Unix and Windows. While
-[Linux/Unix](10-icinga2-client.md#icinga2-client-installation-client-setup-linux) will be using the [CLI command](8-cli-commands.md#cli-command-node)
+[Linux/Unix](11-icinga2-client.md#icinga2-client-installation-client-setup-linux) will be using the [CLI command](8-cli-commands.md#cli-command-node)
`node wizard` for a guided setup, you will need to use the
graphical installer for Windows based client setup.
Your client setup requires the following
-* A ready configured and installed [master node](10-icinga2-client.md#icinga2-client-installation-master-setup)
-* SSL signed certificate for communication with the master (Use [CSR auto-signing](10-icinga2-client.md#csr-autosigning-requirements)).
+* A ready configured and installed [master node](11-icinga2-client.md#icinga2-client-installation-master-setup)
+* SSL signed certificate for communication with the master (Use [CSR auto-signing](11-icinga2-client.md#csr-autosigning-requirements)).
* Enabled API feature, and a local Endpoint and Zone object configuration
* Firewall ACLs for the communication port (default 5665)
supports CSR auto-signing.
First you'll need to define a secure ticket salt in the [constants.conf](4-configuring-icinga-2.md#constants-conf).
-The [setup wizard for the master setup](10-icinga2-client.md#icinga2-client-installation-master-setup) will create
+The [setup wizard for the master setup](11-icinga2-client.md#icinga2-client-installation-master-setup) will create
one for you already.
# grep TicketSalt /etc/icinga2/constants.conf
### <a id="certificates-manual-creation"></a> Manual SSL Certificate Generation
-This is described separately in the [cluster setup chapter](12-distributed-monitoring-ha.md#manual-certificate-generation).
+This is described separately in the [cluster setup chapter](13-distributed-monitoring-ha.md#manual-certificate-generation).
> **Note**
>
-> If you're using [CSR Auto-Signing](10-icinga2-client.md#csr-autosigning-requirements), skip this step.
+> If you're using [CSR Auto-Signing](11-icinga2-client.md#csr-autosigning-requirements), skip this step.
### <a id="icinga2-client-installation-client-setup-linux"></a> Setup the Client on Linux
There is no extra client binary or package required. Install Icinga 2 from your distribution's package
repository as described in the general [installation instructions](2-getting-started.md#setting-up-icinga2).
-Please make sure that either [CSR Auto-Signing](10-icinga2-client.md#csr-autosigning-requirements) requirements
-are fulfilled, or that you're using [manual SSL certificate generation](12-distributed-monitoring-ha.md#manual-certificate-generation).
+Please make sure that either [CSR Auto-Signing](11-icinga2-client.md#csr-autosigning-requirements) requirements
+are fulfilled, or that you're using [manual SSL certificate generation](13-distributed-monitoring-ha.md#manual-certificate-generation).
> **Note**
>
* The client's local zone name. Defaults to FQDN.
* The master endpoint name. Look into your master setup `zones.conf` file for the proper name.
* The master endpoint connection information. Your master's IP address and port (port defaults to 5665)
-* The [request ticket number](10-icinga2-client.md#csr-autosigning-requirements) generated on your master
+* The [request ticket number](11-icinga2-client.md#csr-autosigning-requirements) generated on your master
for CSR Auto-Signing
* Bind host/port for the Api feature (optional)
* The client's local zone name. Defaults to FQDN.
* The master endpoint name. Look into your master setup `zones.conf` file for the proper name.
* The master endpoint connection information. Your master's IP address and port (defaults to 5665)
-* The [request ticket number](10-icinga2-client.md#csr-autosigning-requirements) generated on your master
+* The [request ticket number](11-icinga2-client.md#csr-autosigning-requirements) generated on your master
for CSR Auto-Signing
* Bind host/port for the Api feature (optional)
## <a id="icinga2-client-configuration-modes"></a> Client Configuration Modes
-* Clients with [local configuration](10-icinga2-client.md#icinga2-client-configuration-local), sending their inventory to the master
-* Clients as [command execution bridge](10-icinga2-client.md#icinga2-client-configuration-command-bridge) without local configuration
-* Clients receive their configuration from the master ([Cluster config sync](10-icinga2-client.md#icinga2-client-configuration-master-config-sync))
+* Clients with [local configuration](11-icinga2-client.md#icinga2-client-configuration-local), sending their inventory to the master
+* Clients as [command execution bridge](11-icinga2-client.md#icinga2-client-configuration-command-bridge) without local configuration
+* Clients receive their configuration from the master ([Cluster config sync](11-icinga2-client.md#icinga2-client-configuration-master-config-sync))
### <a id="icinga2-client-configuration-local"></a> Clients with Local Configuration
> **Note**
>
> Remote clients must explicitely accept commands in a similar
-> fashion as cluster nodes [accept configuration](12-distributed-monitoring-ha.md#cluster-zone-config-sync).
+> fashion as cluster nodes [accept configuration](13-distributed-monitoring-ha.md#cluster-zone-config-sync).
> This is due to security reasons.
Edit the `api` feature configuration in `/etc/icinga2/features-enabled/api.conf` on your client
}
More details here:
-* [configure endpoints](12-distributed-monitoring-ha.md#configure-cluster-endpoints)
-* [configure zones](12-distributed-monitoring-ha.md#configure-cluster-zones)
+* [configure endpoints](13-distributed-monitoring-ha.md#configure-cluster-endpoints)
+* [configure zones](13-distributed-monitoring-ha.md#configure-cluster-zones)
Once you have configured the required `Endpoint` and `Zone` object definition, you can start
cluster configuration and its object relation (Zones, Endpoints, etc) and the way you
will be able to sync the configuration from the master to the remote satellite or client.
-Please continue reading in the [distributed monitoring chapter](12-distributed-monitoring-ha.md#distributed-monitoring-high-availability),
-especially the [configuration synchronisation](12-distributed-monitoring-ha.md#cluster-zone-config-sync)
-and [best practices](12-distributed-monitoring-ha.md#zone-config-sync-best-practice).
+Please continue reading in the [distributed monitoring chapter](13-distributed-monitoring-ha.md#distributed-monitoring-high-availability),
+especially the [configuration synchronisation](13-distributed-monitoring-ha.md#cluster-zone-config-sync)
+and [best practices](13-distributed-monitoring-ha.md#zone-config-sync-best-practice).
> **Note**
>
-> Better use [blacklists and/or whitelists](10-icinga2-client.md#icinga2-remote-monitoring-master-discovery-blacklist-whitelist)
+> Better use [blacklists and/or whitelists](11-icinga2-client.md#icinga2-remote-monitoring-master-discovery-blacklist-whitelist)
> to control which clients and hosts/services are integrated into your master configuration repository.
The SNMP daemon runs on the remote system and answers SNMP queries by plugin
binaries. The [Monitoring Plugins package](2-getting-started.md#setting-up-check-plugins) ships
-the `check_snmp` plugin binary, but there are plenty of [existing plugins](13-addons-plugins.md#plugins)
+the `check_snmp` plugin binary, but there are plenty of [existing plugins](14-addons-plugins.md#plugins)
for specific use cases already around, for example monitoring Cisco routers.
The following example uses the [SNMP ITL](7-icinga-template-library.md#plugin-check-command-snmp) `CheckCommand` and just
> The NRPE protocol is considered insecure and has multiple flaws in its
> design. Upstream is not willing to fix these issues.
>
-> In order to stay safe, please use the native [Icinga 2 client](10-icinga2-client.md#icinga2-client)
+> In order to stay safe, please use the native [Icinga 2 client](11-icinga2-client.md#icinga2-client)
> instead.
The NRPE daemon uses its own configuration format in nrpe.cfg while `check_nrpe`
/usr/local/icinga/libexec/check_disk -w 20% -c 10% -p /
-You can pass arguments in a similar manner to [NSClient++](11-agent-based-checks.md#agent-based-checks-nsclient)
+You can pass arguments in a similar manner to [NSClient++](12-agent-based-checks.md#agent-based-checks-nsclient)
when using its NRPE supported check method.
## <a id="agent-based-checks-nsclient"></a> NSClient++
and specific trap handlers passing the check results to Icinga 2.
Following the SNMPTT [Format](http://snmptt.sourceforge.net/docs/snmptt.shtml#SNMPTT.CONF-FORMAT)
-documentation and the Icinga external command syntax found [here](22-appendix.md#external-commands-list-detail)
+documentation and the Icinga external command syntax found [here](23-appendix.md#external-commands-list-detail)
we can create generic services that can accommodate any number of hosts for a given scenario.
### <a id="simple-traps"></a> Simple SNMP Traps
Building distributed environments with high availability included is fairly easy with Icinga 2.
The cluster feature is built-in and allows you to build many scenarios based on your requirements:
-* [High Availability](12-distributed-monitoring-ha.md#cluster-scenarios-high-availability). All instances in the `Zone` run as Active/Active cluster.
-* [Distributed Zones](12-distributed-monitoring-ha.md#cluster-scenarios-distributed-zones). A master zone and one or more satellites in their zones.
-* [Load Distribution](12-distributed-monitoring-ha.md#cluster-scenarios-load-distribution). A configuration master and multiple checker satellites.
+* [High Availability](13-distributed-monitoring-ha.md#cluster-scenarios-high-availability). All instances in the `Zone` run as Active/Active cluster.
+* [Distributed Zones](13-distributed-monitoring-ha.md#cluster-scenarios-distributed-zones). A master zone and one or more satellites in their zones.
+* [Load Distribution](13-distributed-monitoring-ha.md#cluster-scenarios-load-distribution). A configuration master and multiple checker satellites.
You can combine these scenarios into a global setup fitting your requirements.
Before you start deploying, keep the following things in mind:
-* Your [SSL CA and certificates](12-distributed-monitoring-ha.md#manual-certificate-generation) are mandatory for secure communication
+* Your [SSL CA and certificates](13-distributed-monitoring-ha.md#manual-certificate-generation) are mandatory for secure communication
* Get pen and paper or a drawing board and design your nodes and zones!
* all nodes in a cluster zone are providing high availability functionality and trust each other
* cluster zones can be built in a Top-Down-design where the child trusts the parent
* communication between zones happens bi-directional which means that a DMZ-located node can still reach the master node, or vice versa
* Update firewall rules and ACLs
-* Decide whether to use the built-in [configuration syncronization](12-distributed-monitoring-ha.md#cluster-zone-config-sync) or use an external tool (Puppet, Ansible, Chef, Salt, etc) to manage the configuration deployment
+* Decide whether to use the built-in [configuration syncronization](13-distributed-monitoring-ha.md#cluster-zone-config-sync) or use an external tool (Puppet, Ansible, Chef, Salt, etc) to manage the configuration deployment
> **Tip**
>
> If you're looking for troubleshooting cluster problems, check the general
-> [troubleshooting](16-troubleshooting.md#troubleshooting-cluster) section.
+> [troubleshooting](17-troubleshooting.md#troubleshooting-cluster) section.
## <a id="manual-certificate-generation"></a> Manual SSL Certificate Generation
endpoints = [ "icinga2a", "icinga2b" ]
}
-Specifying the local node name using the [NodeName](12-distributed-monitoring-ha.md#configure-nodename) variable requires
+Specifying the local node name using the [NodeName](13-distributed-monitoring-ha.md#configure-nodename) variable requires
the same name as used for the endpoint name and common name above. If not set, the FQDN is used.
const NodeName = "icinga2a"
The following section describe which configuration must be updated/created
in order to get your cluster running with basic functionality.
-* [configure the node name](12-distributed-monitoring-ha.md#configure-nodename)
-* [configure the ApiListener object](12-distributed-monitoring-ha.md#configure-apilistener-object)
-* [configure cluster endpoints](12-distributed-monitoring-ha.md#configure-cluster-endpoints)
-* [configure cluster zones](12-distributed-monitoring-ha.md#configure-cluster-zones)
+* [configure the node name](13-distributed-monitoring-ha.md#configure-nodename)
+* [configure the ApiListener object](13-distributed-monitoring-ha.md#configure-apilistener-object)
+* [configure cluster endpoints](13-distributed-monitoring-ha.md#configure-cluster-endpoints)
+* [configure cluster zones](13-distributed-monitoring-ha.md#configure-cluster-zones)
Once you're finished with the basic setup the following section will
-describe how to use [zone configuration synchronisation](12-distributed-monitoring-ha.md#cluster-zone-config-sync)
-and configure [cluster scenarios](12-distributed-monitoring-ha.md#cluster-scenarios).
+describe how to use [zone configuration synchronisation](13-distributed-monitoring-ha.md#cluster-zone-config-sync)
+and configure [cluster scenarios](13-distributed-monitoring-ha.md#cluster-scenarios).
### <a id="configure-nodename"></a> Configure the Icinga Node Name
Instead of using the default FQDN as node name you can optionally set
-that value using the [NodeName](19-language-reference.md#constants) constant.
+that value using the [NodeName](20-language-reference.md#constants) constant.
> ** Note **
>
This setting must be unique for each node, and must also match
the name of the local [Endpoint](6-object-types.md#objecttype-endpoint) object and the
SSL certificate common name as described in the
-[cluster naming convention](12-distributed-monitoring-ha.md#cluster-naming-convention).
+[cluster naming convention](13-distributed-monitoring-ha.md#cluster-naming-convention).
vim /etc/icinga2/constants.conf
const NodeName = "icinga2a"
-Read further about additional [naming conventions](12-distributed-monitoring-ha.md#cluster-naming-convention).
+Read further about additional [naming conventions](13-distributed-monitoring-ha.md#cluster-naming-convention).
Not specifying the node name will make Icinga 2 using the FQDN. Make sure that all
configured endpoint names and common names are in sync.
Edit `/etc/icinga2/features-enabled/api.conf` if you require the configuration
synchronisation enabled for this node. Set the `accept_config` attribute to `true`.
-If you want to use this node as [remote client for command execution](10-icinga2-client.md#icinga2-client-configuration-command-bridge)
+If you want to use this node as [remote client for command execution](11-icinga2-client.md#icinga2-client-configuration-command-bridge)
set the `accept_commands` attribute to `true`.
> **Note**
`Zone` objects specify the endpoints located in a zone. That way your distributed setup can be
seen as zones connected together instead of multiple instances in that specific zone.
-Zones can be used for [high availability](12-distributed-monitoring-ha.md#cluster-scenarios-high-availability),
-[distributed setups](12-distributed-monitoring-ha.md#cluster-scenarios-distributed-zones) and
-[load distribution](12-distributed-monitoring-ha.md#cluster-scenarios-load-distribution).
-Furthermore zones are used for the [Icinga 2 remote client](10-icinga2-client.md#icinga2-client).
+Zones can be used for [high availability](13-distributed-monitoring-ha.md#cluster-scenarios-high-availability),
+[distributed setups](13-distributed-monitoring-ha.md#cluster-scenarios-distributed-zones) and
+[load distribution](13-distributed-monitoring-ha.md#cluster-scenarios-load-distribution).
+Furthermore zones are used for the [Icinga 2 remote client](11-icinga2-client.md#icinga2-client).
Each Icinga 2 `Endpoint` must be put into its respective `Zone`. In this example, you will
define the zone `config-ha-master` where the `icinga2a` and `icinga2b` endpoints
Your child zones and endpoint members **must not** have their config copied to `zones.d`.
The built-in configuration synchronisation takes care of that if your nodes accept
configuration from the parent zone. You can define that in the
-[ApiListener](12-distributed-monitoring-ha.md#configure-apilistener-object) object by configuring the `accept_config`
+[ApiListener](13-distributed-monitoring-ha.md#configure-apilistener-object) object by configuring the `accept_config`
attribute accordingly.
You should remove the sample config included in `conf.d` by commenting the `recursive_include`
Better use a dedicated directory name for local configuration like `local` or similar, and
include that one if your nodes require local configuration not being synced to other nodes. That's
-useful for local [health checks](12-distributed-monitoring-ha.md#cluster-health-check) for example.
+useful for local [health checks](13-distributed-monitoring-ha.md#cluster-health-check) for example.
> **Note**
>
-> In a [high availability](12-distributed-monitoring-ha.md#cluster-scenarios-high-availability)
+> In a [high availability](13-distributed-monitoring-ha.md#cluster-scenarios-high-availability)
> setup only one assigned node can act as configuration master. All other zone
> member nodes **must not** have the `/etc/icinga2/zones.d` directory populated.
Each configured zone must exist with the same directory name. The parent zone
syncs the configuration to the child zones, if allowed using the `accept_config`
-attribute of the [ApiListener](12-distributed-monitoring-ha.md#configure-apilistener-object) object.
+attribute of the [ApiListener](13-distributed-monitoring-ha.md#configure-apilistener-object) object.
Config on node `icinga2a`:
>
> `zones.d` must not be included in [icinga2.conf](4-configuring-icinga-2.md#icinga2-conf). Icinga 2 automatically
> determines the required include directory. This can be overridden using the
-> [global constant](19-language-reference.md#constants) `ZonesDir`.
+> [global constant](20-language-reference.md#constants) `ZonesDir`.
### <a id="zone-global-config-templates"></a> Global Configuration Zone for Templates
> ** Tip **
>
-> Look into the [troubleshooting guides](16-troubleshooting.md#troubleshooting-cluster-config-sync) for debugging
+> Look into the [troubleshooting guides](17-troubleshooting.md#troubleshooting-cluster-config-sync) for debugging
> problems with the configuration synchronisation.
The configuration synchronisation works with multiple hierarchies. The following example
illustrate a quite common setup where the master is reponsible for configuration deployment:
-* [High-Availability master zone](12-distributed-monitoring-ha.md#distributed-monitoring-high-availability)
+* [High-Availability master zone](13-distributed-monitoring-ha.md#distributed-monitoring-high-availability)
* [Distributed satellites](12-distributed-monitoring-ha.md#)
-* [Remote clients](10-icinga2-client.md#icinga2-client-scenarios) connected to the satellite
+* [Remote clients](11-icinga2-client.md#icinga2-client-scenarios) connected to the satellite
While you could use the clients with local configuration and service discovery on the satellite/master
**bottom up**, the configuration sync could be more reasonable working **top-down** in a cascaded scenario.
the actual configuration organization:
* Ensure that `command` object definitions are globally available. That way you can use the
-`command_endpoint` configuration more easily on clients as [command execution bridge](10-icinga2-client.md#icinga2-client-configuration-command-bridge)
+`command_endpoint` configuration more easily on clients as [command execution bridge](11-icinga2-client.md#icinga2-client-configuration-command-bridge)
* Generic `Templates`, `timeperiods`, `downtimes` should be synchronized in a global zone as well.
* [Apply rules](3-monitoring-basics.md#using-apply) can be synchronized globally. Keep in mind that they are evaluated on each instance,
and might require additional filters (e.g. `match("icinga2*", NodeName) or similar based on the zone information.
with the community.
If you are planning to synchronize local service health checks inside a zone, look into the
-[command endpoint](12-distributed-monitoring-ha.md#cluster-health-check-command-endpoint)
+[command endpoint](13-distributed-monitoring-ha.md#cluster-health-check-command-endpoint)
explainations.
cluster zone, you can also use the `command_endpoint` object attribute to
pin host/service checks to a specific endpoint inside the same zone.
-This requires the `accept_commands` setting inside the [ApiListener](12-distributed-monitoring-ha.md#configure-apilistener-object)
-object set to `true` similar to the [remote client command execution bridge](10-icinga2-client.md#icinga2-client-configuration-command-bridge)
+This requires the `accept_commands` setting inside the [ApiListener](13-distributed-monitoring-ha.md#configure-apilistener-object)
+object set to `true` similar to the [remote client command execution bridge](11-icinga2-client.md#icinga2-client-configuration-command-bridge)
setup.
Make sure to set `command_endpoint` to the correct endpoint instance.
The example below assumes that the endpoint name is the same as the
host name configured for health checks. If it differs, define a host
-custom attribute providing [this information](10-icinga2-client.md#icinga2-client-configuration-command-bridge-master-config).
+custom attribute providing [this information](11-icinga2-client.md#icinga2-client-configuration-command-bridge-master-config).
apply Service "cluster-ha" {
check_command = "cluster"
nodes (firewalls, policies, software hardening, etc) the Icinga 2 cluster also provides
additional security itself:
-* [SSL certificates](12-distributed-monitoring-ha.md#manual-certificate-generation) are mandatory for cluster communication.
+* [SSL certificates](13-distributed-monitoring-ha.md#manual-certificate-generation) are mandatory for cluster communication.
* Child zones only receive event updates (check results, commands, etc) for their configured updates.
* Zones cannot influence/interfere other zones. Each checked object is assigned to only one zone.
* All nodes in a zone trust each other.
-* [Configuration sync](12-distributed-monitoring-ha.md#zone-config-sync-permissions) is disabled by default.
+* [Configuration sync](13-distributed-monitoring-ha.md#zone-config-sync-permissions) is disabled by default.
### <a id="cluster-scenarios-features"></a> Features in Cluster Zones
> **Note**
>
-> All features must be same on all endpoints inside an [HA zone](12-distributed-monitoring-ha.md#cluster-scenarios-high-availability).
-> There are additional [High-Availability-enabled features](12-distributed-monitoring-ha.md#high-availability-features) available.
+> All features must be same on all endpoints inside an [HA zone](13-distributed-monitoring-ha.md#cluster-scenarios-high-availability).
+> There are additional [High-Availability-enabled features](13-distributed-monitoring-ha.md#high-availability-features) available.
### <a id="cluster-scenarios-distributed-zones"></a> Distributed Zones
Imagine the following example with a master node in Nuremberg, and two remote DMZ
based instances in Berlin and Vienna. Additonally you'll specify
-[global templates](12-distributed-monitoring-ha.md#zone-global-config-templates) available in all zones.
+[global templates](13-distributed-monitoring-ha.md#zone-global-config-templates) available in all zones.
The configuration tree on the master instance `nuremberg` could look like this:
> The child zones `berlin` and `vienna` will get their configuration synchronised
> from the configuration master 'nuremberg'. The endpoints in the child
> zones **must not** have their `zones.d` directory populated if this endpoint
-> [accepts synced configuration](12-distributed-monitoring-ha.md#zone-config-sync-permissions).
+> [accepts synced configuration](13-distributed-monitoring-ha.md#zone-config-sync-permissions).
### <a id="cluster-scenarios-load-distribution"></a> Load Distribution
> The child zones `checker` will get its configuration synchronised
> from the configuration master 'master'. The endpoints in the child
> zone **must not** have their `zones.d` directory populated if this endpoint
-> [accepts synced configuration](12-distributed-monitoring-ha.md#zone-config-sync-permissions).
+> [accepts synced configuration](13-distributed-monitoring-ha.md#zone-config-sync-permissions).
### <a id="cluster-scenarios-high-availability"></a> Cluster High Availability
High availability with Icinga 2 is possible by putting multiple nodes into
-a dedicated [zone](12-distributed-monitoring-ha.md#configure-cluster-zones). All nodes will elect one
+a dedicated [zone](13-distributed-monitoring-ha.md#configure-cluster-zones). All nodes will elect one
active master, and retry an election once the current active master is down.
-Selected features provide advanced [HA functionality](12-distributed-monitoring-ha.md#high-availability-features).
+Selected features provide advanced [HA functionality](13-distributed-monitoring-ha.md#high-availability-features).
Checks and notifications are load-balanced between nodes in the high availability
zone.
endpoints = [ "icinga2a", "icinga2b", "icinga2c" ]
}
-Two or more nodes in a high availability setup require an [initial cluster sync](12-distributed-monitoring-ha.md#initial-cluster-sync).
+Two or more nodes in a high availability setup require an [initial cluster sync](13-distributed-monitoring-ha.md#initial-cluster-sync).
> **Note**
>
> Keep in mind that **only one node acts as configuration master** having the
> configuration files in the `zones.d` directory. All other nodes **must not**
> have that directory populated. Instead they are required to
-> [accept synced configuration](12-distributed-monitoring-ha.md#zone-config-sync-permissions).
-> Details in the [Configuration Sync Chapter](12-distributed-monitoring-ha.md#cluster-zone-config-sync).
+> [accept synced configuration](13-distributed-monitoring-ha.md#zone-config-sync-permissions).
+> Details in the [Configuration Sync Chapter](13-distributed-monitoring-ha.md#cluster-zone-config-sync).
### <a id="cluster-scenarios-multiple-hierarchies"></a> Multiple Hierarchies
By default the following features provide advanced HA functionality:
-* [Checks](12-distributed-monitoring-ha.md#high-availability-checks) (load balanced, automated failover)
-* [Notifications](12-distributed-monitoring-ha.md#high-availability-notifications) (load balanced, automated failover)
-* [DB IDO](12-distributed-monitoring-ha.md#high-availability-db-ido) (Run-Once, automated failover)
+* [Checks](13-distributed-monitoring-ha.md#high-availability-checks) (load balanced, automated failover)
+* [Notifications](13-distributed-monitoring-ha.md#high-availability-notifications) (load balanced, automated failover)
+* [DB IDO](13-distributed-monitoring-ha.md#high-availability-db-ido) (Run-Once, automated failover)
### <a id="high-availability-checks"></a> High Availability with Checks
These steps are required for integrating a new cluster endpoint:
-* generate a new [SSL client certificate](12-distributed-monitoring-ha.md#manual-certificate-generation)
+* generate a new [SSL client certificate](13-distributed-monitoring-ha.md#manual-certificate-generation)
* identify its location in the zones
-* update the `zones.conf` file on each involved node ([endpoint](12-distributed-monitoring-ha.md#configure-cluster-endpoints), [zones](12-distributed-monitoring-ha.md#configure-cluster-zones))
+* update the `zones.conf` file on each involved node ([endpoint](13-distributed-monitoring-ha.md#configure-cluster-endpoints), [zones](13-distributed-monitoring-ha.md#configure-cluster-zones))
* a new slave zone node requires updates for the master and slave zones
- * verify if this endpoints requires [configuration synchronisation](12-distributed-monitoring-ha.md#cluster-zone-config-sync) enabled
-* if the node requires the existing zone history: [initial cluster sync](12-distributed-monitoring-ha.md#initial-cluster-sync)
-* add a [cluster health check](12-distributed-monitoring-ha.md#cluster-health-check)
+ * verify if this endpoints requires [configuration synchronisation](13-distributed-monitoring-ha.md#cluster-zone-config-sync) enabled
+* if the node requires the existing zone history: [initial cluster sync](13-distributed-monitoring-ha.md#initial-cluster-sync)
+* add a [cluster health check](13-distributed-monitoring-ha.md#cluster-health-check)
### <a id="initial-cluster-sync"></a> Initial Cluster Sync
There's also an Icinga Web 2 module for direct PNP graph integration
available at https://exchange.icinga.org/icinga/PNP4Nagios
-More information on [action_url as attribute](13-addons-plugins.md#addons-graphing-pnp-action-url)
-and [graph template names](13-addons-plugins.md#addons-graphing-pnp-custom-templates).
+More information on [action_url as attribute](14-addons-plugins.md#addons-graphing-pnp-action-url)
+and [graph template names](14-addons-plugins.md#addons-graphing-pnp-custom-templates).
### <a id="addons-graphing-graphite"></a> Graphite
> **Note**
>
> If you are using an older version of Icinga Web, install it like this and adapt
-> the configuration manually as shown in [the RPM notes](14-alternative-frontends.md#icinga-web-rpm-notes):
+> the configuration manually as shown in [the RPM notes](15-alternative-frontends.md#icinga-web-rpm-notes):
>
> `apt-get install --no-install-recommends icinga-web`
>
> Only install the Livestatus feature if your web interface or addon requires
> you to do so (for example, [Icinga Web 2](2-getting-started.md#setting-up-icingaweb2)).
-> [Icinga Classic UI](14-alternative-frontends.md#setting-up-icinga-classic-ui) and [Icinga Web](14-alternative-frontends.md#setting-up-icinga-web)
+> [Icinga Classic UI](15-alternative-frontends.md#setting-up-icinga-classic-ui) and [Icinga Web](15-alternative-frontends.md#setting-up-icinga-web)
> do not use Livestatus as backend.
The Livestatus component that is distributed as part of Icinga 2 is a
Livestatus.
Details on the available tables and attributes with Icinga 2 can be found
-in the [Livestatus Schema](22-appendix.md#schema-livestatus) section.
+in the [Livestatus Schema](23-appendix.md#schema-livestatus) section.
You can enable Livestatus using icinga2 feature enable:
### <a id="livestatus-command-queries"></a> Livestatus COMMAND Queries
-A list of available external commands and their parameters can be found [here](22-appendix.md#external-commands-list-detail)
+A list of available external commands and their parameters can be found [here](23-appendix.md#external-commands-list-detail)
$ echo -e 'COMMAND <externalcommandstring>' | netcat 127.0.0.1 6558
The `commands` table is populated with `CheckCommand`, `EventCommand` and `NotificationCommand` objects.
-A detailed list on the available table attributes can be found in the [Livestatus Schema documentation](22-appendix.md#schema-livestatus).
+A detailed list on the available table attributes can be found in the [Livestatus Schema documentation](23-appendix.md#schema-livestatus).
* How was Icinga 2 installed (and which repository in case) and which distribution are you using
* Provide complete configuration snippets explaining your problem in detail
* If the check command failed - what's the output of your manual plugin tests?
-* In case of [debugging](21-debug.md#debug) Icinga 2, the full back traces and outputs
+* In case of [debugging](22-debug.md#debug) Icinga 2, the full back traces and outputs
## <a id="troubleshooting-enable-debug-output"></a> Enable Debug Output
The `icinga2 object list` CLI command can be used to list all configuration objects and their
attributes. The tool also shows where each of the attributes was modified.
-That way you can also identify which objects have been created from your [apply rules](19-language-reference.md#apply).
+That way you can also identify which objects have been created from your [apply rules](20-language-reference.md#apply).
# icinga2 object list
## <a id="configuration-ignored"></a> Configuration is ignored
-* Make sure that the line(s) are not [commented out](19-language-reference.md#comments) (starting with `//` or `#`, or
+* Make sure that the line(s) are not [commented out](20-language-reference.md#comments) (starting with `//` or `#`, or
encapsulated by `/* ... */`).
* Is the configuration file included in [icinga2.conf](4-configuring-icinga-2.md#icinga2-conf)?
## <a id="configuration-attribute-inheritance"></a> Configuration attributes are inherited from
-Icinga 2 allows you to import templates using the [import](19-language-reference.md#template-imports) keyword. If these templates
+Icinga 2 allows you to import templates using the [import](20-language-reference.md#template-imports) keyword. If these templates
contain additional attributes, your objects will automatically inherit them. You can override
or modify these attributes in the current object.
This applies to anything using the cluster protocol:
-* [Distributed and High-Availability](12-distributed-monitoring-ha.md#distributed-monitoring-high-availability) scenarios
-* [Remote client](10-icinga2-client.md#icinga2-client-scenarios) scenarios
+* [Distributed and High-Availability](13-distributed-monitoring-ha.md#distributed-monitoring-high-availability) scenarios
+* [Remote client](11-icinga2-client.md#icinga2-client-scenarios) scenarios
-You should configure the [cluster health checks](12-distributed-monitoring-ha.md#cluster-health-check) if you haven't
+You should configure the [cluster health checks](13-distributed-monitoring-ha.md#cluster-health-check) if you haven't
done so already.
> **Note**
---
...
-If the connection attempt fails or your CA does not match, [verify the master and client certificates](16-troubleshooting.md#troubleshooting-cluster-ssl-certificate-verification).
+If the connection attempt fails or your CA does not match, [verify the master and client certificates](17-troubleshooting.md#troubleshooting-cluster-ssl-certificate-verification).
#### <a id="troubleshooting-cluster-unauthenticated-clients"></a> Cluster Troubleshooting Unauthenticated Clients
Unauthenticated nodes are able to connect required by the
-[CSR auto-signing](10-icinga2-client.md#csr-autosigning-requirements) functionality.
+[CSR auto-signing](11-icinga2-client.md#csr-autosigning-requirements) functionality.
Master:
[2015-07-13 18:29:26 +1000] notice/ApiEvents: Discarding 'execute command' message from 'icinga-master': Invalid endpoint origin (client not allowed).
-If these messages do not go away, make sure to [verify the master and client certificates](16-troubleshooting.md#troubleshooting-cluster-ssl-certificate-verification).
+If these messages do not go away, make sure to [verify the master and client certificates](17-troubleshooting.md#troubleshooting-cluster-ssl-certificate-verification).
#### <a id="troubleshooting-cluster-ssl-certificate-verification"></a> Cluster Troubleshooting SSL Certificate Verification
will be disconnected. If the connection can't be re-established between zones and endpoints,
they remain in a Split-Brain-mode and history may differ.
-Although the Icinga 2 cluster protocol stores historical events in a [replay log](16-troubleshooting.md#troubleshooting-cluster-replay-log)
+Although the Icinga 2 cluster protocol stores historical events in a [replay log](17-troubleshooting.md#troubleshooting-cluster-replay-log)
for later synchronisation, you should make sure to check why the network connection failed.
### <a id="troubleshooting-cluster-command-endpoint-errors"></a> Cluster Troubleshooting Command Endpoint Errors
-Command endpoints can be used for clients acting as [remote command execution bridge](10-icinga2-client.md#icinga2-client-configuration-command-bridge)
-as well as inside an [High-Availability cluster](12-distributed-monitoring-ha.md#distributed-monitoring-high-availability).
+Command endpoints can be used for clients acting as [remote command execution bridge](11-icinga2-client.md#icinga2-client-configuration-command-bridge)
+as well as inside an [High-Availability cluster](13-distributed-monitoring-ha.md#distributed-monitoring-high-availability).
There is no cli command for manually executing the check, but you can verify
the following (e.g. by invoking a forced check from the web interface):
* `/var/log/icinga2/icinga2.log` contains connection and execution errors.
- * The ApiListener is not enabled to [accept commands](10-icinga2-client.md#clients-as-command-execution-bridge).
+ * The ApiListener is not enabled to [accept commands](#clients-as-command-execution-bridge).
* `CheckCommand` definition not found on the remote client.
* Referenced check plugin not found on the remote client.
* Runtime warnings and errors, e.g. unresolved runtime macros or configuration problems.
* Specific error messages are also populated into `UNKNOWN` check results including a detailed error message in their output.
-* More verbose logs are found inside the [debug log](16-troubleshooting.md#troubleshooting-enable-debug-output).
+* More verbose logs are found inside the [debug log](17-troubleshooting.md#troubleshooting-enable-debug-output).
### <a id="troubleshooting-cluster-config-sync"></a> Cluster Troubleshooting Config Sync
** The master syncs the configuration to `/var/lib/icinga2/api/zones/` during startup and only syncs valid configuration to the other nodes.
** The other nodes receive the configuration into `/var/lib/icinga2/api/zones/`.
* The `icinga2.log` log file in `/var/log/icinga2` will indicate whether this ApiListener
-[accepts config](12-distributed-monitoring-ha.md#zone-config-sync-permissions), or not.
+[accepts config](13-distributed-monitoring-ha.md#zone-config-sync-permissions), or not.
### <a id="troubleshooting-cluster-replay-log"></a> Cluster Troubleshooting Replay Log
Check the following:
-* All clients are connected? (e.g. [cluster health check](12-distributed-monitoring-ha.md#cluster-health-check)).
-* Check your [connection](16-troubleshooting.md#troubleshooting-cluster-connection-errors) in general.
+* All clients are connected? (e.g. [cluster health check](13-distributed-monitoring-ha.md#cluster-health-check)).
+* Check your [connection](17-troubleshooting.md#troubleshooting-cluster-connection-errors) in general.
* Does the log replay work, e.g. are all events processed and the directory gets cleared up over time?
* Decrease the `log_duration` attribute value for that specific [endpoint](6-object-types.md#objecttype-endpoint).
For a long-term migration of your configuration you should consider re-creating
your configuration based on the proposed Icinga 2 configuration paradigm.
-Please read the [next chapter](18-migrating-from-icinga-1x.md#differences-1x-2) to find out more about the differences
+Please read the [next chapter](19-migrating-from-icinga-1x.md#differences-1x-2) to find out more about the differences
between 1.x and 2.
### <a id="manual-config-migration-hints"></a> Manual Config Migration Hints
straight into a possible Icinga 2 format. If you found a different strategy, please
let us know!
-If you require in-depth explanations, please check the [next chapter](18-migrating-from-icinga-1x.md#differences-1x-2).
+If you require in-depth explanations, please check the [next chapter](19-migrating-from-icinga-1x.md#differences-1x-2).
#### <a id="manual-config-migration-hints-Intervals"></a> Manual Config Migration Hints for Intervals
hostgroup_members hg1
}
-This can be migrated to Icinga 2 and [using group assign](19-language-reference.md#group-assign). The additional nested hostgroup
+This can be migrated to Icinga 2 and [using group assign](20-language-reference.md#group-assign). The additional nested hostgroup
`hg1` is included into `hg2` with the `groups` attribute.
#### <a id="manual-config-migration-hints-runtime-macros"></a> Manual Config Migration Hints for Runtime Macros
-Runtime macros have been renamed. A detailed comparison table can be found [here](18-migrating-from-icinga-1x.md#differences-1x-2-runtime-macros).
+Runtime macros have been renamed. A detailed comparison table can be found [here](19-migrating-from-icinga-1x.md#differences-1x-2-runtime-macros).
For example, accessing the service check output looks like the following in Icinga 1.x:
#### <a id="manual-config-migration-hints-contacts-users"></a> Manual Config Migration Hints for Contacts (Users)
Contacts in Icinga 1.x act as users in Icinga 2, but do not have any notification commands specified.
-This migration part is explained in the [next chapter](18-migrating-from-icinga-1x.md#manual-config-migration-hints-notifications).
+This migration part is explained in the [next chapter](19-migrating-from-icinga-1x.md#manual-config-migration-hints-notifications).
define contact{
contact_name testconfig-user
email icinga@localhost
}
-The `service_notification_options` can be [mapped](18-migrating-from-icinga-1x.md#manual-config-migration-hints-notification-filters)
+The `service_notification_options` can be [mapped](19-migrating-from-icinga-1x.md#manual-config-migration-hints-notification-filters)
into generic `state` and `type` filters, if additional notification filtering is required. `alias` gets
renamed to `display_name`.
Convert the `notification_options` attribute from Icinga 1.x to Icinga 2 `states` and `types`. Details
-[here](18-migrating-from-icinga-1x.md#manual-config-migration-hints-notification-filters). Add the notification period.
+[here](19-migrating-from-icinga-1x.md#manual-config-migration-hints-notification-filters). Add the notification period.
states = [ OK, Warning, Critical ]
types = [ Recovery, Problem, Custom ]
assign where "hg_svcdep2" in host.groups
}
-Host dependencies are explained in the [next chapter](18-migrating-from-icinga-1x.md#manual-config-migration-hints-host-parents).
+Host dependencies are explained in the [next chapter](19-migrating-from-icinga-1x.md#manual-config-migration-hints-host-parents).
* Icinga 2 does not support any 1.x NEB addons for check load distribution
* If your current setup consists of instances distributing the check load, you should consider
-building a [load distribution](12-distributed-monitoring-ha.md#cluster-scenarios-load-distribution) setup with Icinga 2.
+building a [load distribution](13-distributed-monitoring-ha.md#cluster-scenarios-load-distribution) setup with Icinga 2.
* If your current setup includes active/passive clustering with external tools like Pacemaker/DRBD
-consider the [High Availability](12-distributed-monitoring-ha.md#cluster-scenarios-high-availability) setup.
+consider the [High Availability](13-distributed-monitoring-ha.md#cluster-scenarios-high-availability) setup.
* If you have build your own custom configuration deployment and check result collecting mechanism
you should re-design your setup and re-evaluate your requirements, and how they may be fulfilled
using the Icinga 2 cluster capabilities.
### <a id="differences-1x-2-main-config"></a> Main Config File
In Icinga 1.x there are many global configuration settings available in `icinga.cfg`.
-Icinga 2 only uses a small set of [global constants](19-language-reference.md#constants) allowing
+Icinga 2 only uses a small set of [global constants](20-language-reference.md#constants) allowing
you to specify certain different setting such as the `NodeName` in a cluster scenario.
Aside from that, the [icinga2.conf](4-configuring-icinga-2.md#icinga2-conf) should take care of including
const PluginDir = "/usr/lib/nagios/plugins"
-[Global macros](19-language-reference.md#constants) can only be defined once. Trying to modify a
+[Global macros](20-language-reference.md#constants) can only be defined once. Trying to modify a
global constant will result in an error.
### <a id="differences-1x-2-configuration-comments"></a> Configuration Comments
are separated from the command name using an exclamation mark (`!`).
Please check the migration hints for a detailed
-[migration example](18-migrating-from-icinga-1x.md#manual-config-migration-hints-check-command-arguments).
+[migration example](19-migrating-from-icinga-1x.md#manual-config-migration-hints-check-command-arguments).
> **Note**
>
For detailed examples on how to use the dependencies please check the [dependencies](3-monitoring-basics.md#dependencies)
chapter.
-Dependencies can be applied to hosts or services using the [apply rules](19-language-reference.md#apply).
+Dependencies can be applied to hosts or services using the [apply rules](20-language-reference.md#apply).
The `StatusDataWriter`, `IdoMysqlConnection` and `LivestatusListener` types
support the Icinga 1.x schema with dependencies and parent attributes for
* parent process continues with old configuration objects and the event scheduling
(doing checks, replicating cluster events, triggering alert notifications, etc.)
* validation NOT ok: child process terminates, parent process continues with old configuration state
-(this is **essential** for the [cluster config synchronisation](12-distributed-monitoring-ha.md#cluster-zone-config-sync))
+(this is **essential** for the [cluster config synchronisation](13-distributed-monitoring-ha.md#cluster-zone-config-sync))
* validation ok: child process signals parent process to terminate and save its current state
(all events until now) into the icinga2 state file
* parent process shuts down writing icinga2.state file
and configuration distribution problems Icinga 1.x distributed monitoring currently suffers from.
Icinga 2 implements a new built-in
-[distributed monitoring architecture](12-distributed-monitoring-ha.md#distributed-monitoring-high-availability),
+[distributed monitoring architecture](13-distributed-monitoring-ha.md#distributed-monitoring-high-availability),
including config and check distribution, IPv4/IPv6 support, SSL certificates and zone support for DMZ.
High Availability and load balancing are also part of the Icinga 2 Cluster feature, next to local replay
logs on connection loss ensuring that the event history is kept in sync.
This constant is used by the check command definitions contained in the Icinga Template Library
to determine where to find the plugin binaries.
-Please refer to the [plugins](13-addons-plugins.md#plugins) chapter for details about how to integrate
+Please refer to the [plugins](14-addons-plugins.md#plugins) chapter for details about how to integrate
additional check plugins into your Icinga 2 setup.
## <a id="running-icinga2"></a> Running Icinga 2
Icinga 2 can be used with Icinga Web 2 and a number of other web interfaces.
This chapter explains how to set up Icinga Web 2. The
-[Alternative Frontends](14-alternative-frontends.md#alternative-frontends)
+[Alternative Frontends](15-alternative-frontends.md#alternative-frontends)
chapter can be used as a starting point for installing some of the other web
interfaces which are also available.
A number of additional features are available in the form of addons. A list of
popular addons is available in the
-[Addons and Plugins](13-addons-plugins.md#addons-plugins) chapter.
+[Addons and Plugins](14-addons-plugins.md#addons-plugins) chapter.
check_interval = len(MyGroups) * 1m
}
-A list of available functions is available in the [Library Reference](20-library-reference.md#library-reference) chapter.
+A list of available functions is available in the [Library Reference](21-library-reference.md#library-reference) chapter.
## <a id="dictionary-operators"></a> Assignments
In this example the `assign where` condition is a boolean expression which is
evaluated for all objects of type `Host` and a new service with name "ping"
-is created for each matching host. [Expression operators](19-language-reference.md#expression-operators)
+is created for each matching host. [Expression operators](20-language-reference.md#expression-operators)
may be used in `assign where` conditions.
The `to` keyword and the target type may be omitted if there is only one target
In this example the `assign where` condition is a boolean expression which is evaluated
for all objects of the type `Host`. Each matching host is added as member to the host group
with the name "linux-servers". Membership exclusion can be controlled using the `ignore where`
-condition. [Expression operators](19-language-reference.md#expression-operators) may be used in `assign where` and
+condition. [Expression operators](20-language-reference.md#expression-operators) may be used in `assign where` and
`ignore where` conditions.
Source Type | Variables
Non-empty dictionary | { key = "value" } | true
For a list of supported expression operators for `assign where` and `ignore where`
-statements, see [expression operators](19-language-reference.md#expression-operators).
+statements, see [expression operators](20-language-reference.md#expression-operators).
## <a id="comments"></a> Comments
function contains(str);
Returns `true` if the string `str` was found in the string. If the string
-was not found `false` is returned. Use [find](20-library-reference.md#string-find)
+was not found `false` is returned. Use [find](21-library-reference.md#string-find)
for getting the index instead.
Example:
The `address` attribute is used by check commands to determine which network
address is associated with the host object.
-Details on troubleshooting check problems can be found [here](16-troubleshooting.md#troubleshooting).
+Details on troubleshooting check problems can be found [here](17-troubleshooting.md#troubleshooting).
### <a id="host-states"></a> Host States
Valid values for custom attributes include:
-* [Strings](19-language-reference.md#string-literals), [numbers](19-language-reference.md#numeric-literals) and [booleans](19-language-reference.md#boolean-literals)
-* [Arrays](19-language-reference.md#array) and [dictionaries](19-language-reference.md#dictionary)
+* [Strings](20-language-reference.md#string-literals), [numbers](20-language-reference.md#numeric-literals) and [booleans](20-language-reference.md#boolean-literals)
+* [Arrays](20-language-reference.md#array) and [dictionaries](20-language-reference.md#dictionary)
* [Functions](3-monitoring-basics.md#custom-attributes-functions)
### <a id="custom-attributes-functions"></a> Functions as Custom Attributes
-Icinga 2 lets you specify [functions](19-language-reference.md#functions) for custom attributes.
+Icinga 2 lets you specify [functions](20-language-reference.md#functions) for custom attributes.
The special case here is that whenever Icinga 2 needs the value for such a custom attribute it runs
the function and uses whatever value the function returns:
vars.text = {{ Math.random() * 100 }}
}
-This example uses the [abbreviated lambda syntax](19-language-reference.md#nullary-lambdas).
+This example uses the [abbreviated lambda syntax](20-language-reference.md#nullary-lambdas).
These functions have access to a number of variables:
Instead of assigning each object ([Service](6-object-types.md#objecttype-service),
[Notification](6-object-types.md#objecttype-notification), [Dependency](6-object-types.md#objecttype-dependency),
[ScheduledDowntime](6-object-types.md#objecttype-scheduleddowntime))
-based on attribute identifiers for example `host_name` objects can be [applied](19-language-reference.md#apply).
+based on attribute identifiers for example `host_name` objects can be [applied](20-language-reference.md#apply).
Before you start using the apply rules keep the following in mind:
* Define the best match.
* A set of unique [custom attributes](3-monitoring-basics.md#custom-attributes) for these hosts/services?
* Or [group](3-monitoring-basics.md#groups) memberships, e.g. a host being a member of a hostgroup, applying services to it?
- * A generic pattern [match](19-language-reference.md#function-calls) on the host/service name?
- * [Multiple expressions combined](3-monitoring-basics.md#using-apply-expressions) with `&&` or `||` [operators](19-language-reference.md#expression-operators)
+ * A generic pattern [match](20-language-reference.md#function-calls) on the host/service name?
+ * [Multiple expressions combined](3-monitoring-basics.md#using-apply-expressions) with `&&` or `||` [operators](20-language-reference.md#expression-operators)
* All expressions must return a boolean value (an empty string is equal to `false` e.g.)
> **Note**
`OR` the host custom attribute `always_notify` is set to `true`.
The notification is ignored for services whose host name ends with `*internal`
-`OR` the `priority` custom attribute is [less than](19-language-reference.md#expression-operators) `2`.
+`OR` the `priority` custom attribute is [less than](20-language-reference.md#expression-operators) `2`.
template Notification "cust-xy-notification" {
users = [ "noc-xy", "mgmt-xy" ]
and all members of the user group `noc` will get notified.
It is also possible to generally apply a notification template and dynamically overwrite values from
-the template by checking for custom attributes. This can be achieved by using [conditional statements](19-language-reference.md#conditional-statements):
+the template by checking for custom attributes. This can be achieved by using [conditional statements](20-language-reference.md#conditional-statements):
apply Notification "host-mail-noc" to Host {
import "mail-host-notification"
provided host attributes. For strings, you can use string concatention with the `+` operator.
You can also specifiy the display_name, check command, interval, notes, notes_url, action_url, etc.
-attributes that way. Attribute strings can be [concatenated](19-language-reference.md#expression-operators),
+attributes that way. Attribute strings can be [concatenated](20-language-reference.md#expression-operators),
for example for adding a more detailed service `display_name`.
-This example also uses [if conditions](19-language-reference.md#conditional-statements)
+This example also uses [if conditions](20-language-reference.md#conditional-statements)
if specific values are not set, adding a local default value.
The other way around you can override specific custom attributes inherited from a service template,
if set.
group.
Details on the `assign where` syntax can be found in the
-[Language Reference](19-language-reference.md#apply)
+[Language Reference](20-language-reference.md#apply)
## <a id="notifications"></a> Notifications
There are many ways of sending notifications, e.g. by e-mail, XMPP,
IRC, Twitter, etc. On its own Icinga 2 does not know how to send notifications.
Instead it relies on external mechanisms such as shell scripts to notify users.
-More notification methods are listed in the [addons and plugins](13-addons-plugins.md#notification-scripts-interfaces)
+More notification methods are listed in the [addons and plugins](14-addons-plugins.md#notification-scripts-interfaces)
chapter.
A notification specification requires one or more users (and/or user groups)
If you don't set the `states` and `types` configuration attributes for the `User`
object, notifications for all states and types will be sent.
-Details on troubleshooting notification problems can be found [here](16-troubleshooting.md#troubleshooting).
+Details on troubleshooting notification problems can be found [here](17-troubleshooting.md#troubleshooting).
> **Note**
>
are being passed from a host or service object, and add a [CheckCommand](6-object-types.md#objecttype-checkcommand)
definition based on these required parameters and/or default values.
-Please continue reading in the [plugins section](13-addons-plugins.md#plugins) for additional integration examples.
+Please continue reading in the [plugins section](14-addons-plugins.md#plugins) for additional integration examples.
#### <a id="command-passing-parameters"></a> Passing Check Command Parameters from Host or Service
dependency will fail and render all child objects (hosts or services) unreachable.
You can determine the child's reachability by querying the `is_reachable` attribute
-in for example [DB IDO](22-appendix.md#schema-db-ido-extensions).
+in for example [DB IDO](23-appendix.md#schema-db-ido-extensions).
### <a id="dependencies-implicit-host-service"></a> Implicit Dependencies for Services on Host
are a good way to start with Icinga 2.
If you're interested in a detailed explanation of each language feature used in those
-configuration files you can find more information in the [Language Reference](19-language-reference.md#language-reference)
+configuration files you can find more information in the [Language Reference](20-language-reference.md#language-reference)
chapter.
## <a id="configuration-best-practice"></a> Configuration Best Practice
There are many ways of creating Icinga 2 configuration objects:
* Manually with your preferred editor, for example vi(m), nano, notepad, etc.
-* Generated by a [configuration management tool](13-addons-plugins.md#configuration-tools) such as Puppet, Chef, Ansible, etc.
+* Generated by a [configuration management tool](14-addons-plugins.md#configuration-tools) such as Puppet, Chef, Ansible, etc.
* A configuration addon for Icinga 2
* A custom exporter script from your CMDB or inventory tool
* your own.
* to the documentation that is distributed as part of Icinga 2.
*/
-Icinga 2 supports [C/C++-style comments](19-language-reference.md#comments).
+Icinga 2 supports [C/C++-style comments](20-language-reference.md#comments).
/**
* The constants.conf defines global constants.
This `include_recursive` directive is used for discovery of services on remote clients
and their generated configuration described in
-[this chapter](10-icinga2-client.md#icinga2-remote-monitoring-master-discovery).
+[this chapter](11-icinga2-client.md#icinga2-remote-monitoring-master-discovery).
/**
> **Tip**
>
-> If you don't understand all the attributes and how to use [apply rules](19-language-reference.md#apply)
+> If you don't understand all the attributes and how to use [apply rules](20-language-reference.md#apply)
> don't worry - the [monitoring basics](3-monitoring-basics.md#monitoring-basics) chapter will explain
> that in detail.
#### <a id="services-conf"></a> services.conf
-These service [apply rules](19-language-reference.md#apply) will show you how to monitor
+These service [apply rules](20-language-reference.md#apply) will show you how to monitor
the local host, but also allow you to re-use or modify them for
your own requirements.
In this example the `assign where` condition is a boolean expression which is
evaluated for all objects of type `Host` and a new service with name "load"
-is created for each matching host. [Expression operators](19-language-reference.md#expression-operators)
+is created for each matching host. [Expression operators](20-language-reference.md#expression-operators)
may be used in `assign where` conditions.
Multiple `assign where` condition can be combined with `AND` using the `&&` operator
attribute defined `AND` having the custom attribute `os` set to the string
`Linux`.
You can modify this condition to match multiple expressions by combinding `AND`
-and `OR` using `&&` and `||` [operators](19-language-reference.md#expression-operators), for example
+and `OR` using `&&` and `||` [operators](20-language-reference.md#expression-operators), for example
`assign where host.address && (vars.os == "Linux" || vars.os == "Windows")`.
custom attribute `os` set to `Linux` and is therefore automatically
a member of the host group `linux-servers`.
-This is done by using the [group assign](19-language-reference.md#group-assign) expressions similar
+This is done by using the [group assign](20-language-reference.md#group-assign) expressions similar
to previously seen [apply rules](3-monitoring-basics.md#using-apply).
object HostGroup "linux-servers" {
}
Service groups can be grouped together by similar pattern matches.
-The [match() function](19-language-reference.md#function-calls) expects a wildcard match string
+The [match() function](20-language-reference.md#function-calls) expects a wildcard match string
and the attribute string to match with.
object ServiceGroup "ping" {
#### <a id="satellite-conf"></a> satellite.conf
Includes default templates and dependencies for
-[monitoring remote clients](10-icinga2-client.md#icinga2-client)
+[monitoring remote clients](11-icinga2-client.md#icinga2-client)
using service discovery and
-[config generation](10-icinga2-client.md#icinga2-remote-monitoring-master-discovery)
+[config generation](11-icinga2-client.md#icinga2-remote-monitoring-master-discovery)
on the master. Can be ignored/removed on setups not using this features.
Tips when implementing functions:
-* Use [log()](20-library-reference.md#global-functions) to dump variables. You can see the output
+* Use [log()](21-library-reference.md#global-functions) to dump variables. You can see the output
inside the `icinga2.log` file depending in your log severity
* Use the `icinga2 console` to test basic functionality (e.g. iterating over a dictionary)
* Build them step-by-step. You can always refactor your code later on.
The more significant problem was to only add the command parameter `--disk` to the plugin call
when the dictionary `compellent` contains the key `disks`, and omit it if not found.
-By defining `set_if` as [abbreviated lambda function](19-language-reference.md#nullary-lambdas)
+By defining `set_if` as [abbreviated lambda function](20-language-reference.md#nullary-lambdas)
and evaluating the host custom attribute `compellent` containing the `disks` this problem was
solved like this:
}
}
-This implementation uses the dictionary type method [contains](20-library-reference.md#dictionary-contains)
+This implementation uses the dictionary type method [contains](21-library-reference.md#dictionary-contains)
and will fail if `host.vars.compellent` is not of the type `Dictionary`.
-Therefore you can extend the checks using the [typeof](19-language-reference.md#types) function.
+Therefore you can extend the checks using the [typeof](20-language-reference.md#types) function.
You can test the types using the `icinga2 console`:
## <a id="access-object-attributes-at-runtime"></a> Access Object Attributes at Runtime
-The [Object Accessor Functions](20-library-reference.md#object-accessor-functions)
+The [Object Accessor Functions](21-library-reference.md#object-accessor-functions)
can be used to retrieve references to other objects by name.
This allows you to access configuration and runtime object attributes. A detailed
Oct 17 15:01:25 icinga-server icinga2: Executing external command: [1382014885] SCHEDULE_FORCED_SVC_CHECK;localhost;ping4;1382014885
Oct 17 15:01:25 icinga-server icinga2: Rescheduling next check for service 'ping4'
-A list of currently supported external commands can be found [here](22-appendix.md#external-commands-list-detail).
+A list of currently supported external commands can be found [here](23-appendix.md#external-commands-list-detail).
Detailed information on the commands and their required parameters can be found
on the [Icinga 1.x documentation](http://docs.icinga.org/latest/en/extcommands2.html).
`service_name_template` configuration attributes.
The example below uses [runtime macros](3-monitoring-basics.md#runtime-macros) and a
-[global constant](19-language-reference.md#constants) named `GraphiteEnv`. The constant name
+[global constant](20-language-reference.md#constants) named `GraphiteEnv`. The constant name
is freely definable and should be put in the [constants.conf](4-configuring-icinga-2.md#constants-conf) file.
const GraphiteEnv = "icinga.env1"
These logs are not only used for informational representation in
external web interfaces parsing the logs, but also to generate
SLA reports and trends in Icinga 1.x Classic UI. Furthermore the
-[Livestatus](15-livestatus.md#setting-up-livestatus) feature uses these logs for answering queries to
+[Livestatus](16-livestatus.md#setting-up-livestatus) feature uses these logs for answering queries to
historical tables.
The `CompatLogger` object can be enabled with
[IdoMysqlConnection](6-object-types.md#objecttype-idomysqlconnection) and
[IdoPgsqlConnection](6-object-types.md#objecttype-idopgsqlconnection)
object configuration documentation.
-The DB IDO feature supports [High Availability](12-distributed-monitoring-ha.md#high-availability-db-ido) in
+The DB IDO feature supports [High Availability](13-distributed-monitoring-ha.md#high-availability-db-ido) in
the Icinga 2 cluster.
The following example query checks the health of the current Icinga 2 instance
> **Tip**
>
-> Use [check plugins](13-addons-plugins.md#plugins) to monitor the backend.
+> Use [check plugins](14-addons-plugins.md#plugins) to monitor the backend.
Replace the `default` string with your instance name, if different.
(1 Zeile)
-A detailed list on the available table attributes can be found in the [DB IDO Schema documentation](22-appendix.md#schema-db-ido).
+A detailed list on the available table attributes can be found in the [DB IDO Schema documentation](23-appendix.md#schema-db-ido).
## <a id="check-result-files"></a> Check Result Files
Metric prefix names can be modified using [runtime macros](3-monitoring-basics.md#runtime-macros).
-Example with your custom [global constant](19-language-reference.md#constants) `GraphiteEnv`:
+Example with your custom [global constant](20-language-reference.md#constants) `GraphiteEnv`:
const GraphiteEnv = "icinga.env1"
> **Best Practice**
>
-> Assign host group members using the [group assign](19-language-reference.md#group-assign) rules.
+> Assign host group members using the [group assign](20-language-reference.md#group-assign) rules.
Example:
table\_prefix |**Optional.** MySQL database table prefix. Defaults to "icinga\_".
instance\_name |**Optional.** Unique identifier for the local Icinga 2 instance. Defaults to "default".
instance\_description|**Optional.** Description for the Icinga 2 instance.
- enable_ha |**Optional.** Enable the high availability functionality. Only valid in a [cluster setup](12-distributed-monitoring-ha.md#high-availability-db-ido). Defaults to "true".
- failover_timeout | **Optional.** Set the failover timeout in a [HA cluster](12-distributed-monitoring-ha.md#high-availability-db-ido). Must not be lower than 60s. Defaults to "60s".
+ enable_ha |**Optional.** Enable the high availability functionality. Only valid in a [cluster setup](13-distributed-monitoring-ha.md#high-availability-db-ido). Defaults to "true".
+ failover_timeout | **Optional.** Set the failover timeout in a [HA cluster](13-distributed-monitoring-ha.md#high-availability-db-ido). Must not be lower than 60s. Defaults to "60s".
cleanup |**Optional.** Dictionary with items for historical table cleanup.
categories |**Optional.** The types of information that should be written to the database.
table\_prefix |**Optional.** PostgreSQL database table prefix. Defaults to "icinga\_".
instance\_name |**Optional.** Unique identifier for the local Icinga 2 instance. Defaults to "default".
instance\_description|**Optional.** Description for the Icinga 2 instance.
- enable_ha |**Optional.** Enable the high availability functionality. Only valid in a [cluster setup](12-distributed-monitoring-ha.md#high-availability-db-ido). Defaults to "true".
- failover_timeout | **Optional.** Set the failover timeout in a [HA cluster](12-distributed-monitoring-ha.md#high-availability-db-ido). Must not be lower than 60s. Defaults to "60s".
+ enable_ha |**Optional.** Enable the high availability functionality. Only valid in a [cluster setup](13-distributed-monitoring-ha.md#high-availability-db-ido). Defaults to "true".
+ failover_timeout | **Optional.** Set the failover timeout in a [HA cluster](13-distributed-monitoring-ha.md#high-availability-db-ido). Must not be lower than 60s. Defaults to "60s".
cleanup |**Optional.** Dictionary with items for historical table cleanup.
categories |**Optional.** The types of information that should be written to the database.
Name |Description
----------------|----------------
- enable\_ha |**Optional.** Enable the high availability functionality. Only valid in a [cluster setup](12-distributed-monitoring-ha.md#high-availability-notifications). Defaults to "true".
+ enable\_ha |**Optional.** Enable the high availability functionality. Only valid in a [cluster setup](13-distributed-monitoring-ha.md#high-availability-notifications). Defaults to "true".
## <a id="objecttype-opentsdbwriter"></a> OpenTsdbWriter
> **Best Practice**
>
-> Assign service group members using the [group assign](19-language-reference.md#group-assign) rules.
+> Assign service group members using the [group assign](20-language-reference.md#group-assign) rules.
Example:
> **Best Practice**
>
-> Assign user group members using the [group assign](19-language-reference.md#group-assign) rules.
+> Assign user group members using the [group assign](20-language-reference.md#group-assign) rules.
Example:
### Libraries
-Instead of loading libraries using the [`library` config directive](19-language-reference.md#library)
+Instead of loading libraries using the [`library` config directive](20-language-reference.md#library)
you can also use the `--library` command-line option.
### Constants
-[Global constants](19-language-reference.md#constants) can be set using the `--define` command-line option.
+[Global constants](20-language-reference.md#constants) can be set using the `--define` command-line option.
### <a id="config-include-path"></a> Config Include Path
## <a id="cli-command-node"></a> CLI command: Node
Provides the functionality to install and manage master and client
-nodes in a [remote monitoring ](10-icinga2-client.md#icinga2-client) or
-[distributed cluster](12-distributed-monitoring-ha.md#distributed-monitoring-high-availability) scenario.
+nodes in a [remote monitoring ](11-icinga2-client.md#icinga2-client) or
+[distributed cluster](13-distributed-monitoring-ha.md#distributed-monitoring-high-availability) scenario.
# icinga2 node --help
The `object` CLI command can be used to list all configuration objects and their
attributes. The command also shows where each of the attributes was modified.
-That way you can also identify which objects have been created from your [apply rules](19-language-reference.md#apply).
+That way you can also identify which objects have been created from your [apply rules](20-language-reference.md#apply).
-More information can be found in the [troubleshooting](16-troubleshooting.md#list-configuration-objects) section.
+More information can be found in the [troubleshooting](17-troubleshooting.md#list-configuration-objects) section.
# icinga2 object --help
icinga2 - The Icinga 2 network monitoring daemon (version: v2.1.1-299-gf695275)
## <a id="cli-command-troubleshoot"></a> CLI command: Troubleshoot
-Collects basic information like version, paths, log files and crash reports for troubleshooting purposes and prints them to a file or the console. See [troubleshooting](16-troubleshooting.md#troubleshooting-information-required).
+Collects basic information like version, paths, log files and crash reports for troubleshooting purposes and prints them to a file or the console. See [troubleshooting](17-troubleshooting.md#troubleshooting-information-required).
Its output defaults to a file named `troubleshooting-[TIMESTAMP].log` so it won't overwrite older troubleshooting files.
> `# icinga2 daemon -C`
If you encouter errors during configuration validation, please make sure
-to read the [troubleshooting](16-troubleshooting.md#troubleshooting) chapter.
+to read the [troubleshooting](17-troubleshooting.md#troubleshooting) chapter.
You can also use the [CLI command](8-cli-commands.md#cli-command-object) `icinga2 object list`
after validation passes to analyze object attributes, inheritance or created
objects by apply rules.
-Find more on troubleshooting with `object list` in [this chapter](16-troubleshooting.md#list-configuration-objects).
+Find more on troubleshooting with `object list` in [this chapter](17-troubleshooting.md#list-configuration-objects).
Example filtered by `Service` objects with the name `ping*`:
> which will validate the configuration in a separate process and not stop
> the other events like check execution, notifications, etc.
>
-> Details can be found [here](18-migrating-from-icinga-1x.md#differences-1x-2-real-reload).
+> Details can be found [here](19-migrating-from-icinga-1x.md#differences-1x-2-real-reload).
--- /dev/null
+# <a id="icinga2-api"></a> Icinga 2 API
+
+## <a id="icinga2-api-introduction"></a> Introduction
+
+The Icinga 2 API allows you to manage configuration objects
+and resources in a simple, programmatic way using HTTP requests.
+
+The endpoints are logically separated allowing you to easily
+make calls to
+
+* retrieve information (status, config)
+* run actions (reschedule checks, etc.)
+* create/update/delete configuration objects
+* manage configuration modules
+* subscribe to event streams
+
+This chapter will start with a general overview followed by
+detailed information about specific endpoints.
+
+### <a id="icinga2-api-requests></a> Requests
+
+Any tool capable of making HTTP requests can communicate with
+the API, for example [curl](http://curl.haxx.se).
+
+Requests are only allowed to use the HTTPS protocol so that
+traffic remains encrypted.
+
+By default the Icinga 2 API listens on port `5665` sharing this
+port with the cluster communication protocol. This can be changed
+by setting the `bind_port` attribute in the [ApiListener](6-object-types.md#objecttype-apilistener)
+configuration object in the `/etc/icinga2/features-available/api.conf`
+file.
+
+Supported request methods:
+
+ Method | Usage
+ --------------|------------------------------------------------------
+ GET | Retrieve information about configuration objects. Any request using the GET method is read-only and does not affect any objects.
+ POST | Update attributes of a specified configuration object.
+ PUT | Create a new object. The PUT request must include all attributes required to create a new object.
+ DELETE | Remove an object created by the API. The DELETE method is idempotent and does not require any check if the object actually exists.
+
+### <a id="icinga2-api-http-statuses></a> HTTP Statuses
+
+The API will return standard [HTTP statuses](https://www.ietf.org/rfc/rfc2616.txt)
+including error codes.
+
+When an error occurs, the response body will contain additional information
+about the problem and its source.
+
+A status in the range of 200 generally means that the request was succesful
+and no error was encountered.
+
+Return codes within the 400 range indicate that there was a problem with the
+request. Either you did not authenticate correctly, you are missing the authorization
+for your requested action, the requested object does not exist or the request
+was malformed.
+
+A status in the range of 500 generally means that there was a server-side problem
+and Icinga 2 is unable to process your request currently.
+
+Ask your Icinga 2 system administrator to check the `icinga2.log` file for further
+troubleshooting.
+
+
+### <a id="icinga2-api-responses></a> Responses
+
+Succesful requests will send back a response body containing a `results`
+list. Depending on the number of affected objects in your request, the
+results may contain one or more entries.
+
+The [output](9-icinga2-api.md#icinga2-api-output) will be sent back as JSON object:
+
+
+ {
+ "results": [
+ {
+ "code": 200.0,
+ "status": "Object was created."
+ }
+ ]
+ }
+
+
+### <a id="icinga2-api-authentication></a> Authentication
+
+There are two different ways for authenticating against the Icinga 2 API:
+
+* username and password using HTTP basic auth
+* X.509 certificate with client CN
+
+In order to configure a new API user you'll need to add a new [ApiUser](6-object-types.md#objecttype-apiuser)
+configuration object. In this example `root` will be the basic auth username
+and the `password` attribute contains the basic auth password.
+
+ vim /etc/icinga2/conf.d/api-users.conf
+
+ object ApiUser "root" {
+ password = icinga"
+ }
+
+Alternatively you can use X.509 client certificates by specifying the `client_cn`
+the API should trust.
+
+ vim /etc/icinga2/conf.d/api-users.conf
+
+ object ApiUser "api-clientcn" {
+ password = "CertificateCommonName"
+ }
+
+An `ApiUser` object can have both methods configured. Sensitive information
+such as the password will not be exposed through the API itself.
+
+New installations of Icinga 2 will automatically generate a new `ApiUser`
+named `root` with a generated password in the `/etc/icinga2/conf.d/api-users.conf`
+file.
+You can manually invoke the cli command `icinga2 api setup` which will generate
+a new local CA, self-signed certificate and a new API user configuration.
+
+Once the API user is configured make sure to restart Icinga 2:
+
+ # service icinga2 restart
+
+Now pass the basic auth information to curl and send a GET request to the API:
+
+ $ curl -u root:icinga -k -s 'https://nbmif.int.netways.de:5665/v1' -X GET
+
+In case you will get `Unauthorized` make sure to check the API user credentials.
+
+### <a id="icinga2-api-permissions></a> Permissions
+
+**TODO** https://dev.icinga.org/issues/9088
+
+### <a id="icinga2-api-parameters></a> Parameters
+
+Depending on the request method there are two ways of
+passing parameters to the request:
+
+* JSON body (`POST`, `PUT`)
+* Query string (`GET`, `DELETE`)
+
+Reserved characters by the HTTP protocol must be passed url-encoded as query string, e.g. a
+whitespace becomes `%20`.
+
+Example for query string:
+
+ /v1/hosts?filter=match(%22nbmif*%22,host.name)&attrs=host.name&attrs=host.state
+
+Example for JSON body:
+
+ { "attrs": { "address": "8.8.4.4", "vars.os" : "Windows" } }
+
+**TODO**
+
+#### <a id="icinga2-api-filters></a> Filters
+
+Use the same syntax as for apply rule expressions
+for filtering specific objects.
+
+Example for all services in NOT-OK state:
+
+ https://localhost:5665/v1/services?filter=service.state!=0
+
+Example for matching all hosts by name (**Note**: `"` are url-encoded as `%22`):
+
+ https://localhost:5665/v1/hosts?filter=match(%22nbmif*%22,host.name)
+
+**TODO**
+
+
+
+### <a id="icinga2-api-output-format></a>Output Format
+
+The request and reponse body contain a JSON encoded string.
+
+### <a id="icinga2-api-version></a>Version
+
+Each url contains the version string as prefix (currently "/v1").
+
+### <a id="icinga2-api-url-overview></a>Url Overview
+
+
+The Icinga 2 API provides multiple url endpoints
+
+ Url Endpoints | Description
+ --------------|----------------------------------------------------
+ /v1/actions | Endpoint for running specific [API actions](9-icinga2-api.md#icinga2-api-actions).
+ /v1/config | Endpoint for [managing configuration modules](9-icinga2-api.md#icinga2-api-config-management).
+ /v1/events | Endpoint for subscribing to [API events](9-icinga2-api.md#icinga2-api-actions).
+ /v1/types | Endpoint for listing Icinga 2 configuration object types and their attributes.
+
+Additionally there are endpoints for each [config object type](6-object-types.md#object-types):
+
+**TODO** Update
+
+ Url Endpoints | Description
+ ----------------------|----------------------------------------------------
+ /v1/hosts | Endpoint for retreiving and updating [Host](6-object-types.md#objecttype-host) objects.
+ /v1/services | Endpoint for retreiving and updating [Service](6-object-types.md#objecttype-service) objects.
+ /v1/notifications | Endpoint for retreiving and updating [Notification](6-object-types.md#objecttype-notification) objects.
+ /v1/dependencies | Endpoint for retreiving and updating [Dependency](6-object-types.md#objecttype-dependency) objects.
+ /v1/users | Endpoint for retreiving and updating [User](6-object-types.md#objecttype-user) objects.
+ /v1/checkcommands | Endpoint for retreiving and updating [CheckCommand](6-object-types.md#objecttype-checkcommand) objects.
+ /v1/eventcommands | Endpoint for retreiving and updating [EventCommand](6-object-types.md#objecttype-eventcommand) objects.
+ /v1/notificationcommands | Endpoint for retreiving and updating [NotificationCommand](6-object-types.md#objecttype-notificationcommand) objects.
+ /v1/hostgroups | Endpoint for retreiving and updating [HostGroup](6-object-types.md#objecttype-hostgroup) objects.
+ /v1/servicegroups | Endpoint for retreiving and updating [ServiceGroup](6-object-types.md#objecttype-servicegroup) objects.
+ /v1/usergroups | Endpoint for retreiving and updating [UserGroup](6-object-types.md#objecttype-usergroup) objects.
+ /v1/zones | Endpoint for retreiving and updating [Zone](6-object-types.md#objecttype-zone) objects.
+ /v1/endpoints | Endpoint for retreiving and updating [Endpoint](6-object-types.md#objecttype-endpoint) objects.
+ /v1/timeperiods | Endpoint for retreiving and updating [TimePeriod](6-object-types.md#objecttype-timeperiod) objects.
+
+
+
+## <a id="icinga2-api-actions></a> Actions
+
+There are several actions available for Icinga 2 provided by the `actions` url endpoint.
+
+In case you have been using the [external commands](5-advanced-topics.md#external-commands)
+in the past, the API actions provide a yet more powerful interface with
+filters and even more functionality.
+
+Actions require specific target types (e.g. `type=Host`) and a [filter](9-icinga2-api.md#)
+
+**TODO**
+
+Action name | Parameters | Target types | Notes
+---------------------------------------|-----------------------------------|--------------------------|-----------------------
+process-check-result | exit_status; plugin_output; check_source; performance_data[]; check_command[]; execution_end; execution_start; schedule_end; schedule_start | Service; Host | -
+reschedule-check | {next_check}; {(force_check)} | Service; Host | -
+acknowledge-problem | author; comment; {timestamp}; {(sticky)}; {(notify)} | Service; Host | -
+remove-acknowledgement | - | Service; Host | -
+add-comment | author; comment | Service; Host | -
+remove-comment | - | Service;Host | -
+remove-comment-by-id | comment_id | - | -
+delay-notifications | timestamp | Service;Host | -
+add-downtime | start_time; end_time; duration; author; comment; {trigger_id}; {(fixed)} | Service; Host; ServiceGroup; HostGroup | Downtime for all services on host x?
+remove-downtime | - | Service; Host | -
+remove-downtime-by-id | downtime_id | - | -
+send-custom-notification | options[]; author; comment | Service; Host | -
+
+enable-passive-checks | - | Service; Host; ServiceGroup; HostGroup | "System" as target?
+disable-passive-checks | - | Service; Host; ServiceGroup; HostGroup | diable all passive checks for services of hosts y in hostgroup x?
+enable-active-checks | - | Host; HostGroup | -
+disable-active-checks | - | Host; HostGroup | -
+enable-notifications | - | Service; Host; ServiceGroup; HostGroup | Enable all notifications for services of host x?
+disable-notifications | - | Service; Host; ServiceGroup; HostGroup | -
+enable-flap-detection | - | Service; Host; ServiceGroup; HostGroup | -
+disable-flap-detection | - | Service; Host; ServiceGroup; HostGroup | -
+enable-event-handler | - | Service; Host | -
+disable-event-handler | - | Service; Host | -
+
+enable-global-notifications | - | - | -
+disable-global-notifications | - | - | -
+enable-global-flap-detection | - | - | -
+disable-global-flap-detection | - | - | -
+enable-global-event-handlers | - | - | -
+disable-global-event-handlers | - | - | -
+enable-global-performance-data | - | - | -
+disable-global-performance-data | - | - | -
+start-global-executing-svc-checks | - | - | -
+stop-global-executing-svc-checks | - | - | -
+start-global-executing-host-checks | - | - | -
+stop-global-executing-host-checks | - | - | -
+shutdown-process | - | - | -
+restart-process | - | - | -
+
+
+Examples:
+
+Reschedule a service check for all services in NOT-OK state:
+
+ $ curl -u root:icinga -k -s 'https://localhost:5665/v1/actions/reschedule-check?filter=service.state!=0&type=Service' -X POST | python -m json.tool
+ {
+ "results": [
+ {
+ "code": 200.0,
+ "status": "Successfully rescheduled check for nbmif.int.netways.de!http."
+ },
+ {
+ "code": 200.0,
+ "status": "Successfully rescheduled check for nbmif.int.netways.de!disk."
+ },
+ {
+ "code": 200.0,
+ "status": "Successfully rescheduled check for nbmif.int.netways.de!disk /."
+ }
+ ]
+ }
+
+
+
+## <a id="icinga2-api-config-management></a> Configuration Management
+
+`/v1/config`
+
+**TODO** Depends on https://dev.icinga.org/issues/9953
+
+## <a id="icinga2-api-events></a> Events
+
+**TODO**
+
+## <a id="icinga2-api-hosts></a> Hosts
+
+All object attributes are prefixed with their respective object type.
+
+Example:
+
+ host.address
+
+Output listing and url parameters use the same syntax.
+
+### <a id="icinga2-api-hosts-list></a> List All Hosts
+
+Send a `GET` request to `/v1/hosts` to list all host objects and
+their attributes.
+
+ $ curl -u root:icinga -k -s 'https://localhost:5665/v1/hosts' -X GET
+
+
+### <a id="icinga2-api-hosts-create></a> Create New Host Object
+
+New objects must be created by sending a PUT request. The following
+parameters need to be passed inside the JSON body:
+
+ Parameters | Description
+ --------------|------------------------------------
+ name | **Optional.** If not specified inside the url, this is **required**.
+ templates | **Optional.** Import existing configuration templates, e.g. `generic-host`.
+ attrs | **Required.** Set specific [Host](6-object-types.md#objecttype-host) object attributes.
+
+
+If attributes are of the Dictionary type, you can also use the indexer format:
+
+ "attrs": { "vars.os": "Linux" }
+
+Example:
+
+ $ curl -u root:icinga -k -s 'https://localhost:5665/v1/hosts/google.com' \
+ -X PUT \
+ -d '{ "templates": [ "generic-host" ], "attrs": { "address": "8.8.8.8", "vars.os" : "Linux" } }' \
+ | python -m json.tool
+ {
+ "results": [
+ {
+ "code": 200.0,
+ "status": "Object was created."
+ }
+ ]
+ }
+
+**Note**: Host objects require the `check_command` attribute. In the example above the `generic-host`
+template already provides such.
+
+If the configuration validation fails, the new object will not be created and the response body
+contains a detailed error message. The following example omits the required `check_command` attribute.
+
+ $ curl -u root:icinga -k -s 'https://localhost:5665/v1/hosts/google.com' \
+ -X PUT \
+ -d '{ "attrs": { "address": "8.8.8.8", "vars.os" : "Linux" } }' \
+ | python -m json.tool
+ {
+ "results": [
+ {
+ "code": 500.0,
+ "errors": [
+ "Error: Validation failed for object 'google.com' of type 'Host'; Attribute 'check_command': Attribute must not be empty."
+ ],
+ "status": "Object could not be created."
+ }
+ ]
+ }
+
+### <a id="icinga2-api-hosts-show></a> Show Host
+
+Send a `GET` request including the host name inside the url:
+
+ $ curl -u root:icinga -k -s 'https://localhost:5665/v1/hosts/google.com' -X GET
+
+You can select specific attributes by adding them as url parameters using `?attrs=...`. Multiple
+attributes must be added one by one, e.g. `?attrs=host.address&attrs=host.name`.
+
+ $ curl -u root:icinga -k -s 'https://localhost:5665/v1/hosts/google.com?attrs=host.name&attrs=host.address' -X GET | python -m json.tool
+ {
+ "results": [
+ {
+ "attrs": {
+ "host.address": "8.8.8.8",
+ "host.name": "google.com"
+ }
+ }
+ ]
+ }
+
+### <a id="icinga2-api-hosts-modify></a> Modify Host
+
+Existing objects must be modifed by sending a `POST` request. The following
+parameters need to be passed inside the JSON body:
+
+ Parameters | Description
+ --------------|------------------------------------
+ name | **Optional.** If not specified inside the url, this is **required**.
+ templates | **Optional.** Import existing configuration templates, e.g. `generic-host`.
+ attrs | **Required.** Set specific [Host](6-object-types.md#objecttype-host) object attributes.
+
+
+If attributes are of the Dictionary type, you can also use the indexer format:
+
+ "attrs": { "vars.os": "Linux" }
+
+
+Example for existing object `google.com`:
+
+ $ curl -u root:icinga -k -s 'https://localhost:5665/v1/hosts/google.com' \
+ -X POST \
+ -d '{ "attrs": { "address": "8.8.4.4", "vars.os" : "Windows" } }' \
+ | python -m json.tool
+ {
+ "results": [
+ {
+ "code": 200.0,
+ "name": "google.com",
+ "status": "Attributes updated.",
+ "type": "Host"
+ }
+ ]
+ }
+
+### <a id="icinga2-api-hosts-delete></a> Delete Host
+
+You can delete objects created using the API by sending a `DELETE`
+request. Specify the object name inside the url.
+
+ Parameters | Description
+ --------------|------------------------------------
+ cascade | **Optional.** Delete objects depending on the deleted objects (e.g. services on a host).
+
+Example:
+
+ $ curl -u root:icinga -k -s 'https://localhost:5665/v1/hosts/google.com?cascade=1' -X DELETE | python -m json.tool
+ {
+ "results": [
+ {
+ "code": 200.0,
+ "name": "google.com",
+ "status": "Object was deleted.",
+ "type": "Host"
+ }
+ ]
+ }
+
+
+
+**TODO** Add more config objects
projects / icinga2 / commitdiff