Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
What I want is:
Host to be visible by operations and prodnet.
Service HTTP to be visible by operations and prodnet.
Service DISK to be visible ONLY by prodnet.
Even if I add a "contactgroups prodnet" to the DISK service, operations can still see the DISK service. I guess that is due to implied object inheritance as detailed in the docs, but I just can't figure out how to make it do what I want!
If I change the Host contactgroups to prodnet then operations can no longer see the DISK service, but then they can't see the Host either - and that makes the map and host list pretty sparse!
If you have contacts defined for a host, then they will be able to see all of the services for that host. I might suggest adding a simple ping service to that host, and then assigning all contacts at the service level. These contacts will be able to see if the host is up or down, they just won't be able to view the host's check command results, but if add an additional ping service that could take care of that issue.
Normally you have to either explicitly specify the value of a required variable in an object definition or inherit it from a template. There are a few exceptions to this rule, where Nagios will assume that you want to use a value that instead comes from a related object. For example, the values of some service variables will be copied from the host the service is associated with if you don't otherwise specify them.
To me that suggests that the services will inherit the contacts/groups if I don't otherwise specify them, but I am specifying them. I understand what you are saying, and see how that works, but it seems that the documentation differs. Is the observed behaviour by design or is it a bug? You can see what I'm trying to do here, and how I'm stuck.
It would be great if we could somehow override this behaviour.
I do see what you're saying, and as far as I know, the docs are correct. Do you you have any service escalations defined for these services?
So just to verify, here's what you're looking for:
Host to be visible by operations and prodnet. ##prodnet can't have host access if you want to hide services from it Service HTTP to be visible by operations and prodnet. Service DISK to be visible ONLY by prodnet.
define host{
name linux-server
contact_groups operations
}
define service{
host_name linux-server
service_description HTTP
contact_groups operations,prodnet ##I added prodnet to this to match your list described above ###
}
define service{
host_name linux-server
service_description DISK
contact_groups prodnet
}
With the configs like above, which group(s) is not seeing what you're intending?
When I click on "Services" to see a complete listing, Prodnet can see HTTP and DISK_C, and the HOST, and can view the Host Information AND Service Information pages
Operations can see HTTP and not DISK_C, and although the HOST appears in the list, Operations cannot view the Host Information page - "it appears you don't have permission yada yada"
Prodnet needs to see *everything* so there's no need to hide services from it. In this case, it is Operations that cannot see the HOST Information Page
Hopefully you don't have an enormous config to sift through for this, but if you pull up the objects.cache file, you can find the compiled configurations with easy-to-read assignments. That could reveal any abnormalities of things that may have been overlooked in templates and such.
Just to clarify as well, a user who is authorized only at the service level will only be able to view the color code of the host when viewing their services. So even though they'll be able to tell which state the host is in, they will not be able to view any details about it. This is expected behavior.
