Automating icinga2 node wizard

lpossamai · May 16, 2019, 4:15am

I have some servers in AWS and need to get Icinga automatically running when I launch a new instance.
I was hoping I could automate the icinga2 node wizard command. I’ve tried to look online but couldn’t find anything.

Has anyone ever done something like that? Is it possible? if not, is there a workaround?

Thanks!
Lucas

winem · May 16, 2019, 5:20am

Depends on how you define “automate”. Do you just want to run the node wizard without any interactive questions? That works fine.

I do it via ansible but you can use it like that with any automation tool or script:

create the certificate and key pair for the node with icinga2 pki new-cert
request the trusted cert from the master
run the node-wizard and pass all the arguments it needs:

command: >
    icinga2 node setup
      --cn "{{ icinga_cn }}"
      --endpoint "{{ icinga_master_host_cn }},{{ icinga_master_host }},{{ icinga_master_port }}" 
      --zone "{{ icinga_zone }}"
      --parent_zone "{{ icinga_parent_zone }}"
      --parent_host "{{ icinga_parent_endpoints.0.host }}"
      --trustedcert "{{ icinga_certs_path }}/{{ icinga_master_host_cn }}.crt"
      --accept-commands
      --accept-config
      --disable-confd
  when: keypair_created is changed and save_cert is changed

As said, this is an exaple from an ansible playbook but you can adapt it to your tool chain.

You can find further examples for different tools on the icinga2 repo at github: https://github.com/Icinga

And this part of the documentation could be useful: https://icinga.com/docs/icinga2/latest/doc/06-distributed-monitoring/#automation

dnsmichi · May 16, 2019, 9:27am

Hi,

that’s what node setup is for, with passing all parameters on the CLI avoiding the interactive shell. @winem already explained that very well

Cheers,
Michael

lpossamai · May 16, 2019, 9:10pm

Thanks @winem, that was really helpful. I’ll get this done using the icinga2 node setup as you mentioned. For now, I’ll mark this question as solved. Thanks again!

peter.g · June 24, 2020, 1:38pm

Hello Michael,

I am trying to automate this step with ansible.
request the trusted cert from the master

I am calling it from an Agent and would like to send the CSR to it’s Satellite and not the master using the ‘CA-Proxy’ feature. Using the node wizard makes it easy and I tested it on another node I set up as an Agent so it works.

Unfortunately I am not sure of the icinga2 command I need to call to automate this step.

According to this document, how-to-icinga-2-ca-proxy no ca certs are required on the agent when setting up. These seem to be required when making a command line CSR request

Hope you can help
Kind regards
Peter Goudman

theFeu · June 25, 2020, 2:52pm

Hello @peter.g !
I would suggest that you open a new topic with your issue, as Michael is not active in the forums anymore
I’m sure someone else will be able to help you out as well
Have a nice day!
Feu