Running icinga2-agent-kickstart.bash on a client gives me some errors:
root@myclient:~# ./icinga2-agent-kickstart.bash
INFO: This should be a Debian system
check: icinga2 installed - OK: 2.10.5-1
INFO: Using old SSL directory: /etc/icinga2/pki
information/base: Writing private key to '/etc/icinga2/pki/myclient.lan.key'.
information/base: Writing X509 certificate to '/etc/icinga2/pki/myclient.lan.crt'.
information/base: Writing certificate signing request to '/etc/icinga2/pki/myclient.lan.csr'.
information/cli: Retrieving X.509 certificate for 'master.lan:5665'.
Subject: CN = master.lan
Issuer: CN = Icinga CA
Valid From: Jul 15 11:28:06 2019 GMT
Valid Until: Jul 11 11:28:06 2034 GMT
Fingerprint: 3F 6F 77 2E AD C0 DC 72 52 67 1C 22 F9 23 E9 6C 39 30 34 D0
***
*** You have to ensure that this certificate actually matches the parent
*** instance's certificate in order to avoid man-in-the-middle attacks.
***
information/pki: Writing certificate to file '/etc/icinga2/pki/trusted-master.crt'.
critical/cli: Could not fetch valid response. Please check the master log.
./icinga2-agent-kickstart.bash: line 186: Could not retrieve final certificate from host master.lan: command not found
Writing config to /etc/icinga2/icinga2.conf
Writing config to /etc/icinga2/zones.conf
Writing config to /etc/icinga2/features-available/api.conf
warning/cli: Feature 'api' already enabled.
[2019-07-18 16:59:32 +0200] information/cli: Icinga application loader (version: r2.10.5-1)
[2019-07-18 16:59:32 +0200] information/cli: Loading configuration file(s).
[2019-07-18 16:59:32 +0200] information/ConfigItem: Committing config item(s).
[2019-07-18 16:59:32 +0200] warning/ApiListener: Attribute 'key_path' for object 'api' of type 'ApiListener' is deprecated and should not be used.
[2019-07-18 16:59:32 +0200] warning/ApiListener: Attribute 'ca_path' for object 'api' of type 'ApiListener' is deprecated and should not be used.
[2019-07-18 16:59:32 +0200] warning/ApiListener: Attribute 'cert_path' for object 'api' of type 'ApiListener' is deprecated and should not be used.
[2019-07-18 16:59:32 +0200] warning/ApiListener: Copying '/etc/icinga2/pki/myclient.lan.crt' certificate file to '/var/lib/icinga2/certs//myclient.lan.crt'
[2019-07-18 16:59:32 +0200] warning/ApiListener: Copying '/etc/icinga2/pki/myclient.lan.key' certificate file to '/var/lib/icinga2/certs//myclient.lan.key'
[2019-07-18 16:59:32 +0200] warning/ApiListener: Please read the upgrading documentation for v2.8: https://icinga.com/docs/icinga2/latest/doc/16-upgrading-icinga-2/
[2019-07-18 16:59:32 +0200] information/ApiListener: My API identity: myclient.lan
[2019-07-18 16:59:32 +0200] critical/SSL: Error loading and verifying locations in ca key file '/var/lib/icinga2/certs//ca.crt': 33558530, "error:02001002:system library:fopen:No such file or directory"
[2019-07-18 16:59:32 +0200] critical/config: Error: Cannot make SSL context for cert path: '/var/lib/icinga2/certs//myclient.lan.crt' key path: '/var/lib/icinga2/certs//myclient.lan.key' ca path: '/var/lib/icinga2/certs//ca.crt'.
Location: in /etc/icinga2/features-enabled/api.conf: 3:1-3:24
/etc/icinga2/features-enabled/api.conf(1): /** Icinga 2 Config - proposed by Icinga Director */
/etc/icinga2/features-enabled/api.conf(2):
/etc/icinga2/features-enabled/api.conf(3): object ApiListener "api" {
^^^^^^^^^^^^^^^^^^^^^^^^
/etc/icinga2/features-enabled/api.conf(4): cert_path = SysconfDir + "/icinga2/pki/myclient.lan.crt"
/etc/icinga2/features-enabled/api.conf(5): key_path = SysconfDir + "/icinga2/pki/myclient.lan.key"
[2019-07-18 16:59:32 +0200] critical/config: 1 error
Please restart icinga2:
service icinga2 restart
icinga2.log on the master:
information/ApiListener: New client connection for identity 'myhost.lan' from [10.0.0.5]:54462 (certificate validation failed: code 18: self signed certificate)
The first steps via the API seem to work, but “pki request …” is failing!
./icinga2-agent-kickstart.bash: line 186: Could not retrieve final certificate from host master.lan: command not found
btw. what “command not found” here means?
Master:
Director version: 1.6.2
Icinga Web 2 version and modules: 2.6.3
Icinga 2 version: r2.10.5-1
Operating System and version: Ubuntu 18.04
Webserver, PHP versions: apache 2.4.29, php 7.2
Client:
Ubuntu 18.04
Icinga 2 version: r2.10.5-1