i had a strange problem, which i solved, but with a solution that doesnt make sense for me.
I have a current version of icinga2 running on a linux machine. I now wanted to include a host to be monitored by that system. By now i always chose that the host should connect to the server, this time i wanted to use on-demand signin.
So my steps were:
- create a ticket on the server for the host (misstake - i went for on-demand)
- install icinga2 on the host
- copy the certificate from my server to the host
- use the icinga wizard to setup
- sign the certificate on the server via icinga ca -sign , after it showed up
- configure the server to monitor the host
And it didnt work. Log gave me errors that the host is trying to come around with a self signed certificate.
But this gave me a perfectly fine output, naming my server ca & hostname of the client host:
openssl x509 -text -noout -in /var/lib/icinga2/certs/$(hostname -f).crt | grep CN=
So after a while of searching i compared my new host to an old one, and the only difference (except for
hostnames in certificates) was that the old one had a file named : “ticket” under /var/lib/icinga2/certs/
Next step i gave it a shot, created a new ticket for the new host on the server and created the file manually on the host. After that and a restart of icinga the client was monitored perfectly fine even though the ticket file got erased by the icinga client i guess.
Is there anyone who can guess what happend?
Did my initial creation of a ticket block the client for being installed via on-demand signin?
I´ll try to redo this with another server soon, to find out where i might have gone wrong.