Connection refused while running Kickstart wizard

Hi there,

I’ve recently deployed a new Icinga2 instance, with two master servers and a third running Icinga Web and the Director module.

I’ve been able to get past all the setup except for the Kickstart wizard.

Clicking run import on the wizard gives me:

* I was unable to re-establish a connection to the Endpoint "master.fqdn" (10.0.0.1:5665). When reconnecting to the configured Endpoint (master.fqdn:5665) I get an error: CURL ERROR: Failed connect to master.fqdn:5665; Connection refused Please re-check your Icinga 2 endpoint configuration (KickstartHelper.php:375)

Running the master in debug mode, I can see the API request coming in:

[2019-07-26 16:39:43 +1000] information/ApiListener: New client connection from [10.0.0.4]:55342 (no client certificate)
[2019-07-26 16:39:43 +1000] information/HttpServerConnection: Request: GET /v1 (from [10.0.0.4]:55342), user: director)
[2019-07-26 16:39:43 +1000] information/HttpServerConnection: Request: GET /v1/objects/zones (from [10.0.0.4]:55342), user: director)
[2019-07-26 16:39:43 +1000] information/HttpServerConnection: Request: GET /v1/objects/endpoints (from [10.0.0.4]:55342), user: director)
[2019-07-26 16:39:43 +1000] information/HttpServerConnection: HTTP client disconnected (from [10.0.0.4]:55342)

Note that there is no objects/zones/endpoints already defined - it’s a blank instance except for the two masters (we plan on creating everything in Director).

I’m a bit lost - running cURL against the API seems to work (this also works from the server running Icinga Web):

lbest@LiamsMacbookPro:~$ curl -sku 'director:password' -H 'Accept: application/json' https://master1.fdqn:5665/v1/objects/hosts
{"results":[]}

I’m a bit lost as to where to go now, as the error seems to hint there’s a connectivity problem.

Another message I’m seeing is:

* Unable to detect your deployment endpoint. I was looking for the first endpoint configured with an assigned API user in the "master" zone.

EDIT: I am wondering if I have butchered my API user?

This is my api.conf:

cat /etc/icinga2/conf.d/api-users.conf 
/**
 * The ApiUser objects are used for authentication against the API.
 */
object ApiUser "root" {
  password = "password"
  permissions = [ "*" ]
}

object ApiUser "icingaweb2" {
  password = "password"
  permissions = [ "status/query", "actions/*", "objects/modify/*", "objects/query/*" ]
}

object ApiUser "director" {
  password = "password"
  permissions = [ "*" ]
}

Well… God only knows why, but restarting both cores made it magically work. :slight_smile:

Could be a problem with older versions. We’ve seen connection problems also in 2.10 which is why 2.11 rewrites that from the core.

The first release candidate is out, in case you can help test: https://icinga.com/2019/07/25/icinga-2-11-release-candidate/

Cheers,
Michael

1 Like