I want to connect an icinga satellite to an icinga master. The icinga satellite is running on-prem and the icinga master on a vps. The on-prem network and the vps network are connected by a Site-to-Site IPSec tunnel.
I use the icinga2 node wizard to connect the satellite to the master. When I enter the request ticket, I this error messages:
critical/cli: Could not fetch valid response. Please check the master log.
critical/cli: Failed to fetch signed certificate from master 'icingam01.subnet.vcn.oraclevcn.com, 5665'. Please try again.
This is the log from the master:
[2024-01-22 13:50:22 +0100] information/ApiListener: New client connection from [::ffff:xxx.xxx.xxx.83]:42136 (no client certificate)
[2024-01-22 13:50:22 +0100] information/ApiListener: No data received on new API connection from [::ffff:xxx.xxx.xxx.83]:42136. Ensure that the remote endpoints are properly configured in a cluster setup.
[2024-01-22 13:50:41 +0100] critical/ApiListener: Client TLS handshake failed (from [::ffff:xxx.xxx.xxx.83]:51632): Operation canceled
I saw that there are other posts in this forum about this problem. So I already checked the time on the satellite with TZ=UTC date, which is the same on both systems.
I also tried to do a connection with openssl s_client. There I get
...
---
SSL handshake has read 3443 bytes and written 447 bytes
Verification error: self-signed certificate in certificate chain
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 4096 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 19 (self-signed certificate in certificate chain)
...
Does anybody has an idea how to solve the issue?
- Version used:
r2.14.2-1(master and satellite) - Operating System and version:
Ubuntu 22.04.3 LTS (Jammy Jellyfish)(master and satellite) - Enabled features:
api checker debuglog icingadb mainlog notification(master)
