Api and FQDN endpoint

haribo · February 7, 2019, 5:14pm

Hello,

I set all endpoints with fqdn even the master.
But when I try to check the configuration I have this error:

information/ApiListener: My API identity: bunny
critical/config: Error: Endpoint object for 'bunny' is missing.
Location: in /etc/icinga2/features-enabled/api.conf: 5:1-5:24
/etc/icinga2/features-enabled/api.conf(3):  */
/etc/icinga2/features-enabled/api.conf(4): 
/etc/icinga2/features-enabled/api.conf(5): object ApiListener "api" {
                                           ^^^^^^^^^^^^^^^^^^^^^^^^
/etc/icinga2/features-enabled/api.conf(6):   cert_path = SysconfDir + "/icinga2/pki/" + NodeName + ".crt"
/etc/icinga2/features-enabled/api.conf(7):   key_path = SysconfDir + "/icinga2/pki/" + NodeName + ".key"

bunny is the short name of my VM. My endpoint name is bunny.domain

How can I set the API identity to the FQDN ? I tried to force the NodeName to FQDN in constants.conf, but it’s the same.

I’ve the same problem when I setup the API with:

icinga2 api setup

The certificate name is bunny.crt instead of bunny.domain.crt.

If I do:
hostname -f
it returns bunny.domain

If duplicate the endpoint bunny.domain with bunny, it works, but it’s ugly.

I’m missing something. A little help would be appreciate

dnsmichi · February 7, 2019, 5:41pm

Hi,

the CLI commands read the cached NodeName constant after a successful configuration validation. So if you’re changing the value in constants.conf, you’ll need to follow it with icinga2 daemon -C and then icinga2 api setup. If NodeName is blank (or commented out), the CLI command attempts to resolve the local hostname which likely is set wrong in /etc/hosts.

Can you share the content of constants.conf and likewise the output of icinga2 variable get NodeName?

And which icinga2 --version is involved here?

Cheers,
Michael

olegsidokhmetov · March 25, 2021, 4:25pm

Hello!

I have the same problem. And I can not find good solution for this. Could you pleas help me with this?

It was my mistake

root@Ansible-Awx:~# icinga2 api setup
information/cli: Generating new CA.
warning/cli: CA files '/var/lib/icinga2/ca//ca.crt' and '/var/lib/icinga2/ca//ca.key' already exist.
warning/cli: Found CA, skipping and using the existing one.
information/cli: Generating new CSR in '/var/lib/icinga2/certs//Ansible-Awx.csr'.
information/base: Writing private key to '/var/lib/icinga2/certs//Ansible-Awx.key'.
information/base: Writing certificate signing request to '/var/lib/icinga2/certs//Ansible-Awx.csr'.
information/cli: Signing CSR with CA and writing certificate to '/var/lib/icinga2/certs//Ansible-Awx.crt'.
information/pki: Writing certificate to file '/var/lib/icinga2/certs//Ansible-Awx.crt'.
information/cli: Copying CA certificate to '/var/lib/icinga2/certs//ca.crt'.
information/cli: Created backup file '/var/lib/icinga2/certs//ca.crt.orig'.
information/cli: API user config file '/etc/icinga2/conf.d/api-users.conf' already exists, not creating config file.
information/cli: Reading '/etc/icinga2/icinga2.conf'.
information/cli: Enabling the 'api' feature.
warning/cli: Feature 'api' already enabled.
information/cli: Updating 'NodeName' constant in '/etc/icinga2/constants.conf'.
information/cli: Backup file '/etc/icinga2/constants.conf.orig' already exists. Skipping backup.
information/cli: Updating 'ZoneName' constant in '/etc/icinga2/constants.conf'.
information/cli: Backup file '/etc/icinga2/constants.conf.orig' already exists. Skipping backup.
Done.



root@Ansible-Awx:~# icinga2 daemon -C
[2021-03-25 16:08:06 +0000] information/cli: Icinga application loader (version: r2.12.3-1)
[2021-03-25 16:08:06 +0000] information/cli: Loading configuration file(s).
[2021-03-25 16:08:06 +0000] information/ConfigItem: Committing config item(s).
[2021-03-25 16:08:06 +0000] information/ApiListener: My API identity: Ansible-Awx
[2021-03-25 16:08:06 +0000] critical/config: Error: Endpoint object for 'Ansible-Awx' is missing.
Location: in /etc/icinga2/features-enabled/api.conf: 5:1-5:24
/etc/icinga2/features-enabled/api.conf(3):  */
/etc/icinga2/features-enabled/api.conf(4):
/etc/icinga2/features-enabled/api.conf(5): object ApiListener "api" {
                                           ^^^^^^^^^^^^^^^^^^^^^^^^
/etc/icinga2/features-enabled/api.conf(6):   bind_host = "0.0.0.0"
/etc/icinga2/features-enabled/api.conf(7):

[2021-03-25 16:08:06 +0000] critical/config: 1 error
[2021-03-25 16:08:06 +0000] critical/cli: Config validation failed. Re-run with 'icinga2 daemon -C' after fixing the config.

root@Ansible-Awx:~# nano /etc/icinga2/features-enabled/api.conf

/**
 * The API listener is used for distributed monitoring setups.
 */

object ApiListener "api" {
  bind_host = "0.0.0.0"

  ticket_salt = TicketSalt
}