Hi there,
I’ve recently deployed a new Icinga2 instance, with two master servers and a third running Icinga Web and the Director module.
I’ve been able to get past all the setup except for the Kickstart wizard.
Clicking run import on the wizard gives me:
* I was unable to re-establish a connection to the Endpoint "master.fqdn" (10.0.0.1:5665). When reconnecting to the configured Endpoint (master.fqdn:5665) I get an error: CURL ERROR: Failed connect to master.fqdn:5665; Connection refused Please re-check your Icinga 2 endpoint configuration (KickstartHelper.php:375)
Running the master in debug mode, I can see the API request coming in:
[2019-07-26 16:39:43 +1000] information/ApiListener: New client connection from [10.0.0.4]:55342 (no client certificate)
[2019-07-26 16:39:43 +1000] information/HttpServerConnection: Request: GET /v1 (from [10.0.0.4]:55342), user: director)
[2019-07-26 16:39:43 +1000] information/HttpServerConnection: Request: GET /v1/objects/zones (from [10.0.0.4]:55342), user: director)
[2019-07-26 16:39:43 +1000] information/HttpServerConnection: Request: GET /v1/objects/endpoints (from [10.0.0.4]:55342), user: director)
[2019-07-26 16:39:43 +1000] information/HttpServerConnection: HTTP client disconnected (from [10.0.0.4]:55342)
Note that there is no objects/zones/endpoints already defined - it’s a blank instance except for the two masters (we plan on creating everything in Director).
I’m a bit lost - running cURL against the API seems to work (this also works from the server running Icinga Web):
lbest@LiamsMacbookPro:~$ curl -sku 'director:password' -H 'Accept: application/json' https://master1.fdqn:5665/v1/objects/hosts
{"results":[]}
I’m a bit lost as to where to go now, as the error seems to hint there’s a connectivity problem.
Another message I’m seeing is:
* Unable to detect your deployment endpoint. I was looking for the first endpoint configured with an assigned API user in the "master" zone.
EDIT: I am wondering if I have butchered my API user?
This is my api.conf:
cat /etc/icinga2/conf.d/api-users.conf
/**
* The ApiUser objects are used for authentication against the API.
*/
object ApiUser "root" {
password = "password"
permissions = [ "*" ]
}
object ApiUser "icingaweb2" {
password = "password"
permissions = [ "status/query", "actions/*", "objects/modify/*", "objects/query/*" ]
}
object ApiUser "director" {
password = "password"
permissions = [ "*" ]
}