I set up a clustered setup and found out that I had misnamed my master server endpoint in the director endpoint configuration. No problem, i changed the name, but I got these errors in the log:
[2021-03-11 14:30:22 -0500] information/ApiListener: Finished reconnecting to endpoint masterl’ via host ‘master’ and port ‘5665’
[2021-03-11 14:30:32 -0500] information/ApiListener: Reconnecting to endpoint ‘master’ via host ‘masterl’ and port ‘5665’
[2021-03-11 14:30:32 -0500] warning/ApiListener: Certificate validation failed for endpoint ‘master’: code 7: certificate signature failure
[2021-03-11 14:30:32 -0500] information/ApiListener: New client connection for identity ‘master’ to [master.server.ip.address]:5665 (certificate validation failed: code 7: certificate signature failure)
[2021-03-11 14:32:32 -0500] information/JsonRpcConnection: Closing anonymous connection [director.ip.address]:37574 after 10 seconds.
[2021-03-11 14:32:32 -0500] warning/JsonRpcConnection: API client disconnected for identity ‘director’
[2021-03-11 14:32:32 -0500] information/ApiListener: New client connection for identity ‘director’ from [director.ip.address]:37578 (certificate validation failed: code 7: certificate signature failure)
[2021-03-11 14:32:42 -0500] information/ApiListener: New client connection for identity 'directir from [director.ip.address]:37584 (certificate validation failed: code 7: certificate signature failure)
so, i searched, and found someone else who had the same issue I had. I followed his instructions, listed here:
stop the icinga2 service on master and satellite
remove the ca from the master (at /var/lib/icinga2/ca)
ran ‘icinga2 api setup’ on the master
remove all previous certs for the master (at /var/lib/icinga2/certs)
on the satellite, removed previous certs (at /var/lib/icinga2/certs))
ran the ‘icinga2 node wizard’ on the master
ran the ‘node wizard’ on the slave and when prompted, gernated the ticket.
on the master ran ‘ca sign’
This did not resolve my issue. I can only assume that the director somehow is keepting track of my certificates? I suppose my next step is to completely remove the master server and rebuild it, but I am not so certain that this will fix the issue. any input would help.