Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature]: Enable "check_by_ssh" functionality #22

Open
MTSym opened this issue Jul 27, 2023 · 2 comments
Open

[Feature]: Enable "check_by_ssh" functionality #22

MTSym opened this issue Jul 27, 2023 · 2 comments
Assignees
@mocdaniel
Labels
feature New feature or request

Comments

@MTSym
Copy link

MTSym commented Jul 27, 2023

Affected Chart

icinga-stack

Please describe your feature request

As machines which either do not have binaries for the agent or other circumstances exists it would be great if the functionality for "check_by_ssh" could be supported.

After checking the helm charts and templates I already found the .Values.web_resources variable which is not exposed in the default values.yml which should allow to create the necessary SSH Identity resource for the web user in combination with manually generating the ssh file on the shared volume.

But the persistent volume of the icingaweb pod would have to also be mounted inside the icinga2 pods where the checks are made. Am I right?

As a quickfix for people who are searching for a solution: It should be possible to use kustomize to generate the yaml files from helm and then use patches to add the additional env variables for the resource as well as the volume mount
@MTSym MTSym added feature New feature or request triage Needs to be triaged labels Jul 27, 2023
@mocdaniel mocdaniel removed the triage Needs to be triaged label Aug 7, 2023
@mocdaniel
Copy link
Collaborator

Hi, thanks for your feature request. I gather you want to have dedicated values to add SSH keys to the Icinga deployment in order to run check_by_ssh against other hosts? We can certainly add this.

I don't get your request regarding the web user and its SSH identity, afaik check_by_ssh is being executed from the Icinga2 core like any other check. Could you elaborate on that part of your request?

@mocdaniel mocdaniel added the needs feedback We'll only proceed once we hear from you again label Aug 7, 2023
@MTSym
Copy link
Author

MTSym commented Aug 7, 2023

Yeah having those keys in the values.yaml would be great. It would even be greater if they could be referenced as a kubernetes secret.

About the web description:
It is currently possible to add an SSH-Key within the Resources of the web interface. If you do that once and then use the .Values.web_resources to match the configuration it is also possible to have the resource recreated after moving the web pod to a different node etc.

With that Resource you do have the private key on the icingaweb persistent volume. So if this volume would be shared with the icinga2 core pod which does the checking it would already be possible to perform those check_by_ssh right away.

@mocdaniel mocdaniel removed the needs feedback We'll only proceed once we hear from you again label Sep 11, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mocdaniel mocdaniel

Labels
feature New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mocdaniel @MTSym