Dave Ford
2018-10-04 12:29:52 UTC
I've been attempting to use
https://github.com/LarsMichelsen/nagios_downtime
To schedule downtime via an automation account on my check_mk raw
installation.
While this works fine with an automation account associated with the
Administrator role, I've having trouble working out what I need to
provide permissions wise to limit another automation user to not being
able to make major modifications to the entire OMD/Check_MK service,
but limit it to only enabling/removing downtime.
I've based a new role on 'Guest' and have enabled:
* 'Add Comments' and 'Set/Remove Downtimes' under 'Command son Host and
Services'
I've also, as this above on its own didn't work, turned on:
* 'Make Changes/Perform actions' under 'WATO'
though I'm not entirely sure that's necessary.
I've also ensured that the automation user doesn't have 'Visibility of
Hosts/Services' enabled, so it should be able to see all hosts.
When I send the notify command through (either using the
nagios_downtime script or manually, I get a json document back
describing the host - so I am able to logon with the automation account
and view the host - but the Downtime is not getting set.
Is some log where I can see why this user account isn't able to set
Downtime? Or any other way I can debug this? I'd prefer to start with
the most restrictive permissions and open them up one by one - rather
than start with an administrator account and work back.
Thanks
Dave
https://github.com/LarsMichelsen/nagios_downtime
To schedule downtime via an automation account on my check_mk raw
installation.
While this works fine with an automation account associated with the
Administrator role, I've having trouble working out what I need to
provide permissions wise to limit another automation user to not being
able to make major modifications to the entire OMD/Check_MK service,
but limit it to only enabling/removing downtime.
I've based a new role on 'Guest' and have enabled:
* 'Add Comments' and 'Set/Remove Downtimes' under 'Command son Host and
Services'
I've also, as this above on its own didn't work, turned on:
* 'Make Changes/Perform actions' under 'WATO'
though I'm not entirely sure that's necessary.
I've also ensured that the automation user doesn't have 'Visibility of
Hosts/Services' enabled, so it should be able to see all hosts.
When I send the notify command through (either using the
nagios_downtime script or manually, I get a json document back
describing the host - so I am able to logon with the automation account
and view the host - but the Downtime is not getting set.
Is some log where I can see why this user account isn't able to set
Downtime? Or any other way I can debug this? I'd prefer to start with
the most restrictive permissions and open them up one by one - rather
than start with an administrator account and work back.
Thanks
Dave