Hi,
I have a Icinga2 master/satellite setup which is running quite fine. But one client is making trouble during the initial connection to icinga. And I do not understand why. It is the following setup:
icinga2-master (on vlan22, 192.168.22.222), Debian 11
icinga2-vlan0 (on vlan0, 192.168.0.222), Debian 11
icinga2-client (on vlan0, 192.168.0.123), Debian 10
icinga2-vlan0 is connected to the master and is executing some checks on the vlan0-hosts and sending the informations to the master. Everything is working. Except icinga2-client with IP 192.168.0.123
I have different clients in vlan0 with Debian 10 which are connected fine and stable to icinga2-vlan0. But only the icinga2-client is making trouble. I tried to install it with Icinga-installer puppet module, normally this works very fine but not at this machine:
2024-04-15 13:20:11 [DEBUG ] [configure] Finishing transaction 36640
2024-04-15 13:20:11 [DEBUG ] [configure] Received report to process from icinga-client.domain.tld
2024-04-15 13:20:11 [NOTICE] [configure] System configuration has finished.
2024-04-15 13:20:11 [INFO ] [post] Executing hooks in group post
2024-04-15 13:20:11 [DEBUG ] [post] Hook /usr/share/icinga-installer/hooks/post/99-post_install_message.rb returned nil
2024-04-15 13:20:11 [INFO ] [post] All hooks in group post finished
2024-04-15 13:20:11 [DEBUG ] [root] Exit with status code: 6 (signal was 6)
2024-04-15 13:20:11 [DEBUG ] [root] Cleaning /tmp/kafo_installation20240415-1186-4nioen
2024-04-15 13:20:11 [DEBUG ] [root] Cleaning /tmp/kafo_installation20240415-1186-1vwaujr
2024-04-15 13:20:11 [DEBUG ] [root] Cleaning /tmp/default_values.yaml
2024-04-15 13:20:11 [DEBUG ] [root] Installer finished in 32.569307134 seconds
Then I tried it with icinga2 node wizard but it is not working too. The icinga2-vlan0 logs:
[2024-04-15 13:14:22 +0200] information/ApiListener: New client connection for identity 'icinga-client.domain.tld' from [::ffff:192.168.0.123]:57822 (certificate validation failed: code 18: self signed certificate)
[2024-04-15 13:14:37 +0200] warning/ApiListener: Timeout while processing incoming connection from [::ffff:192.168.0.123]:57822
[2024-04-15 13:14:37 +0200] warning/ApiListener: No data received on new API connection from [::ffff:192.168.0.123]:57822 for identity 'icinga-client.domain.tld'. Ensure that the remote endpoints are properly configured in a cluster setup.
If I try it manually:
/usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 pki request --host 192.168.0.222 --port 5665 --ca /var/lib/icinga2/certs/ca.crt --key /var/lib/icinga2/certs/icinga-client.domain.tld.key --cert /var/lib/icinga2/certs/icinga-client.domain.tld.crt --trustedcert /var/lib/icinga2/certs/trusted-cert.crt
I get on the client the information:
critical/cli: Could not fetch valid response. Please check the master log.
and the icinga2-vlan0 master is logging again:
[2024-04-15 13:29:37 +0200] information/ApiListener: New client connection for identity 'thinlinc.mpi-bremen.de' from [::ffff:194.95.6.43]:51682 (certificate validation failed: code 18: self signed certificate)
[2024-04-15 13:29:52 +0200] warning/ApiListener: Timeout while processing incoming connection from [::ffff:194.95.6.43]:51682
[2024-04-15 13:29:52 +0200] warning/ApiListener: No data received on new API connection from [::ffff:194.95.6.43]:51682 for identity 'thinlinc.mpi-bremen.de'. Ensure that the remote endpoints are properly configured in a cluster setup.
Any ideas what I can try now to get this working? Again: Debian 10 with the same icinga version is working on different machines perfectly!
Thanks and all the best, Tobias