We running checkmk version 1.6.0p27.
A request from our internal customer is now to lock host objects to avoid accidentally altering or deletion. I know the way to lock a folder or host objects in the rules.mk files but we need a way to do this in WATO GUI and also to limit the lock/unlock to certain contact groups.
I am just wondering if there is one out in the community which had this demand already and may developed a WATO plugin for that purpose.
Hi @mike1098
I understand the need, but itâs all about sense and some governance - donât give users access to WATO unless they know what theyâre doing.
Some features you can use to restore previous versions of your monitoring configuration is link your WATO to a GIT repo. Another approach available is CheckMK backup that you can configure and restore at your needs.
You can also restore WATO configuration from available snapshots - you can configure the amount of them in Global settings.
Thank you for your replay.
Thatâs all known possibilities.
We provide monitoring service to our internal sites which are ~300 for the time being. Each site has its own local IT which knows their inventory and they must be able to add/remove their hosts. In some regions in addition a L2 team take care of high critical services local on the site. This L2 team is asking to lock hosts to prevent deletion from local IT because it happened not only once that local IT deleted or otherwise altered the monitoring of this critical services.
I hope I did a better explanation of the demand now.
The only mechanic i know that can be possibly copied is the mechanic from the DCD.
Every host attribute set from the DCD is automatically locked for manual edit.
But i think it is only valid for host attributes and not complete hosts.
For complete hosts i also only know the method mentioned with the locking of complete folders/subfolders from the .mk files.
Yes this is the structure used in 2.0 DCD. In 1.6 there should also be the attributes locked after DCD creation. I donât know if it looks different there.
In the class âclass HostAttributeLockedByâ and âHostAttributeLockedAttributesâ of module builtin_attributes.py I changed the attribute âeditableâ to True and now I see that in the host object: