Director config not correctly applied in HA setup

thesefer · May 26, 2025, 9:16am

Hi,

I run one mariadb instance on each master in a galera-cluster.

The director runs on both masters as per Deployment architecture - Director HA icinga Web servers - #2 by log1c. Both setups are identical from what is deployed.

I noticed a small error in my config and adjusted the kickstart config endpoint / host to icingamaster01 (as per group_var this is rolled out to both). But this did not change anything so far for i.e. the downtime situation mentioned above. I made several config deployments yesterday.

icingaweb2_modules:
  director:
    enabled: true
    source: package
    import_schema: true
    run_kickstart: true
    kickstart:
      config:
        endpoint: "{{ groups['icinga_masters'][0] }}"
        host: "{{ hostvars[groups['icinga_masters'][0]]['ansible_host'] }}"
        username: "{{ icinga2__api_root_user }}"
        password: "{{ icinga2__api_root_password }}"
    config:
      db:
        resource: director_db

One thing that is left now which could be the problem but I do not find a proper explanation is the command transports from the icingadb module. ansible-collection-icinga/doc/role-icingaweb2/module-icingadb.md at b2ce676ffb52173bc3ec01c285c39a4677c04607 · Icinga/ansible-collection-icinga · GitHub

Or do I get this right and I need to configure two command transports? One to the primary, one to the secondary? Configuration - Icinga DB Web

EDIT: I just rendered the config again

Last Render

master01

[2025-05-26 11:49:43 +0200] information/IcingaDB: Starting initial config/status dump
[2025-05-26 11:49:43 +0200] information/ApiListener: Finished syncing runtime objects to endpoint 'icingasatellite'.
[2025-05-26 11:49:43 +0200] information/ApiListener: Finished sending runtime config updates for endpoint 'icingasatellite' in zone 'satellite'.
[2025-05-26 11:49:43 +0200] information/ApiListener: Sending replay log for endpoint 'icingasatellite' in zone 'satellite'.
[2025-05-26 11:49:43 +0200] information/ApiListener: Finished sending replay log for endpoint 'icingasatellite' in zone 'satellite'.
[2025-05-26 11:49:43 +0200] information/ApiListener: Finished syncing endpoint 'icingasatellite' in zone 'satellite'.
[2025-05-26 11:49:43 +0200] information/ApiListener: Finished syncing runtime objects to endpoint 'icingamaster02'.
[2025-05-26 11:49:43 +0200] information/ApiListener: Finished sending runtime config updates for endpoint 'icingamaster02' in zone 'main'.
[2025-05-26 11:49:43 +0200] information/ApiListener: Sending replay log for endpoint 'icingamaster02' in zone 'main'.
[2025-05-26 11:49:43 +0200] information/ApiListener: Finished sending replay log for endpoint 'icingamaster02' in zone 'main'.
[2025-05-26 11:49:43 +0200] information/ApiListener: Finished syncing endpoint 'icingamaster02' in zone 'main'.
[2025-05-26 11:49:43 +0200] information/ApiListener: Applying config update from endpoint 'icingamaster02' of zone 'main'.
[2025-05-26 11:49:43 +0200] information/ApiListener: Ignoring config update from endpoint 'icingamaster02' for zone 'director-global' because we have an authoritative version of the zone's config.
[2025-05-26 11:49:43 +0200] information/ApiListener: Received configuration for zone 'global-templates' from endpoint 'icingamaster02'. Comparing the timestamp and checksums.
[2025-05-26 11:49:43 +0200] information/ApiListener: Applying configuration file update for path '/var/lib/icinga2/api/zones-stage/global-templates' (0 Bytes).
[2025-05-26 11:49:43 +0200] information/ApiListener: Ignoring config update from endpoint 'icingamaster02' for zone 'satellite' because we have an authoritative version of the zone's config.
[2025-05-26 11:49:43 +0200] information/ApiListener: Received configuration updates (1) from endpoint 'icingamaster02' are equal to production, skipping validation and reload.

master02

[2025-05-26 11:49:43 +0200] information/ApiListener: New client connection for identity 'icingamaster01' from [::ffff:192.168.2.80]:59140
[2025-05-26 11:49:43 +0200] information/JsonRpcConnection: Requesting new certificate for this Icinga instance from endpoint 'icingamaster01'.
[2025-05-26 11:49:43 +0200] information/ApiListener: Sending config updates for endpoint 'icingamaster01' in zone 'main'.
[2025-05-26 11:49:43 +0200] information/ApiListener: Syncing configuration files for global zone 'director-global' to endpoint 'icingamaster01'.
[2025-05-26 11:49:43 +0200] information/JsonRpcConnection: Received certificate request for CN 'icingamaster01' signed by our CA.
[2025-05-26 11:49:43 +0200] information/JsonRpcConnection: The certificates for CN 'icingamaster01' and its root CA are valid and uptodate. Skipping automated renewal.
[2025-05-26 11:49:43 +0200] information/ApiListener: Syncing configuration files for zone 'satellite' to endpoint 'icingamaster01'.
[2025-05-26 11:49:43 +0200] information/ApiListener: Syncing configuration files for global zone 'global-templates' to endpoint 'icingamaster01'.
[2025-05-26 11:49:43 +0200] information/ApiListener: Finished sending config file updates for endpoint 'icingamaster01' in zone 'main'.
[2025-05-26 11:49:43 +0200] information/ApiListener: Syncing runtime objects to endpoint 'icingamaster01'.
[2025-05-26 11:49:43 +0200] information/ApiListener: Finished syncing runtime objects to endpoint 'icingamaster01'.
[2025-05-26 11:49:43 +0200] information/ApiListener: Finished sending runtime config updates for endpoint 'icingamaster01' in zone 'main'.
[2025-05-26 11:49:43 +0200] information/ApiListener: Sending replay log for endpoint 'icingamaster01' in zone 'main'.
[2025-05-26 11:49:43 +0200] information/ApiListener: Finished sending replay log for endpoint 'icingamaster01' in zone 'main'.
[2025-05-26 11:49:43 +0200] information/ApiListener: Finished syncing endpoint 'icingamaster01' in zone 'main'.
[2025-05-26 11:49:43 +0200] information/ApiListener: Applying config update from endpoint 'icingamaster01' of zone 'main'.
[2025-05-26 11:49:43 +0200] information/ApiListener: Received configuration for zone 'director-global' from endpoint 'icingamaster01'. Comparing the timestamp and checksums.
[2025-05-26 11:49:43 +0200] information/ApiListener: Stage: Updating received configuration file '/var/lib/icinga2/api/zones-stage/director-global//director/001-director-basics.conf' for zone 'director-global'.
[2025-05-26 11:49:43 +0200] information/ApiListener: Stage: Updating received configuration file '/var/lib/icinga2/api/zones-stage/director-global//director/commands.conf' for zone 'director-global'.
[2025-05-26 11:49:43 +0200] information/ApiListener: Stage: Updating received configuration file '/var/lib/icinga2/api/zones-stage/director-global//director/service_templates.conf' for zone 'director-global'.
[2025-05-26 11:49:43 +0200] information/ApiListener: Stage: Updating received configuration file '/var/lib/icinga2/api/zones-stage/director-global//director/servicesets.conf' for zone 'director-global'.
[2025-05-26 11:49:43 +0200] information/ApiListener: Stage: Updating received configuration file '/var/lib/icinga2/api/zones-stage/director-global//director/timeperiods.conf' for zone 'director-global'.
[2025-05-26 11:49:43 +0200] information/ApiListener: Stage: Updating received configuration file '/var/lib/icinga2/api/zones-stage/director-global//director/user_templates.conf' for zone 'director-global'.
[2025-05-26 11:49:43 +0200] information/ApiListener: Applying configuration file update for path '/var/lib/icinga2/api/zones-stage/director-global' (887464 Bytes).
[2025-05-26 11:49:43 +0200] information/ApiListener: Received configuration for zone 'global-templates' from endpoint 'icingamaster01'. Comparing the timestamp and checksums.
[2025-05-26 11:49:43 +0200] information/ApiListener: Applying configuration file update for path '/var/lib/icinga2/api/zones-stage/global-templates' (0 Bytes).
[2025-05-26 11:49:43 +0200] information/ApiListener: Ignoring config update from endpoint 'icingamaster01' for zone 'main' because we have an authoritative version of the zone's config.
[2025-05-26 11:49:43 +0200] information/ApiListener: Received configuration for zone 'satellite' from endpoint 'icingamaster01'. Comparing the timestamp and checksums.
[2025-05-26 11:49:43 +0200] information/ApiListener: Stage: Updating received configuration file '/var/lib/icinga2/api/zones-stage/satellite//director/agent_endpoints.conf' for zone 'satellite'.
[2025-05-26 11:49:43 +0200] information/ApiListener: Stage: Updating received configuration file '/var/lib/icinga2/api/zones-stage/satellite//director/agent_zones.conf' for zone 'satellite'.
[2025-05-26 11:49:43 +0200] information/ApiListener: Stage: Updating received configuration file '/var/lib/icinga2/api/zones-stage/satellite//director/host_templates.conf' for zone 'satellite'.
[2025-05-26 11:49:43 +0200] information/ApiListener: Stage: Updating received configuration file '/var/lib/icinga2/api/zones-stage/satellite//director/hosts.conf' for zone 'satellite'.
[2025-05-26 11:49:43 +0200] information/ApiListener: Stage: Updating received configuration file '/var/lib/icinga2/api/zones-stage/satellite//director/servicesets.conf' for zone 'satellite'.
[2025-05-26 11:49:43 +0200] information/ApiListener: Applying configuration file update for path '/var/lib/icinga2/api/zones-stage/satellite' (6591 Bytes).
[2025-05-26 11:49:43 +0200] information/ApiListener: Received configuration updates (3) from endpoint 'icingamaster01' are equal to production, skipping validation and reload.

Why does master02 state: Ignoring config update from endpoint 'icingamaster01' for zone 'main' because we have an authoritative version of the zone's config.

master01

/var/lib/icinga2/api/zones/director-global/.authoritative
/var/lib/icinga2/api/zones/main/.authoritative
/var/lib/icinga2/api/zones/satellite/.authoritative

master02
no result