icinga2 node wizard
I am calling this command from an Agent and would like to send the CSR to it’s Satellite and not the master using the ‘CA-Proxy’ feature. Using the node wizard makes it easy, I tested it on another node I set up as an Agent and it works well.
According to this document, how-to-icinga-2-ca-proxy no ca certs are required on the agent when setting up.
I would like to know the command line arguments to automate this step.
Hope someone can help
Kind regards
Peter Goudman
this thread will help you
Hi Callum,
thank you for your quick answer.
I have already seen that thread and it does not help. The command suggested is
command: >
icinga2 node setup
--cn "{{ icinga_cn }}"
--endpoint "{{ icinga_master_host_cn }},{{ icinga_master_host }},{{ icinga_master_port }}"
--zone "{{ icinga_zone }}"
--parent_zone "{{ icinga_parent_zone }}"
--parent_host "{{ icinga_parent_endpoints.0.host }}"
--trustedcert "{{ icinga_certs_path }}/{{ icinga_master_host_cn }}.crt"
--accept-commands
--accept-config
--disable-confd
when: keypair_created is changed and save_cert is changed
This is icinga2 node setup I am looking to automate icinga node wizard
There is quite a bit of difference between these commands.
icinga2 node setup tried to fetch a signed cert from the parent icinga node
icinag2 node wizard does not as can be seen from a manual execution on an agent
icinga2 node wizard
Welcome to the Icinga 2 Setup Wizard!
We will guide you through all required configuration details.
Please specify if this is an agent/satellite setup (‘n’ installs a master setup) [Y/n]:
Starting the Agent/Satellite setup routine…
Please specify the common name (CN) [somenode.somedomain.net]:
Please specify the parent endpoint(s) (master or satellite) where this node should connect to:
Master/Satellite Common Name (CN from your master/satellite node): my-satellite-node.somedomain.net
Do you want to establish a connection to the parent node from this node? [Y/n]: n
Connection setup skipped. Please configure your parent node to
connect to this node by setting the ‘host’ attribute for the node Endpoint object.
Add more master/satellite endpoints? [y/N]: n
No connection to the parent node was specified.
Please copy the public CA certificate from your master/satellite
into ‘/var/lib/icinga2/certs//ca.crt’ before starting Icinga 2.
Please specify the API bind host/port (optional):
Bind Host []:
Bind Port []:
Accept config from parent node? [y/N]: y
Accept commands from parent node? [y/N]: y
Reconfiguring Icinga…
Disabling feature notification. Make sure to restart Icinga 2 for these changes to take effect.
Enabling feature api. Make sure to restart Icinga 2 for these changes to take effect.
Local zone name [somenode.somedomain.net]:
Parent zone name [master]: a-preconfigured-satellite-zone-name
Default global zones: global-templates director-global
Do you want to specify additional global zones? [y/N]:
Do you want to disable the inclusion of the conf.d directory [Y/n]:
Disabling the inclusion of the conf.d directory…
Done.
Now restart your Icinga 2 daemon to finish the installation!
Once I have copied the ca.crt from the master and placed it in
/var/lib/icinga2/certs/ca.crt
icinga2 starts fine and when added to icingaweb2 it starts reporting status.
So I am looking for command line parameters for passing to icinga2 node wizard, then I will be able to automate the steps below.
Btw:
on all nodes.
Basically a brand new install of the latest and greatest.
Kind Regards
Peter G
This question has been flagged as the solution? It is not the solution but the question. Perhaps it can be unmarked if anyone can do that please. Just come back to check and no suggestions yet.
Thanks.