Icinga2 Agent Installation via Self-Service API?

gorelord_x · September 3, 2024, 2:21pm

Hi All,
I want to monitor some Windows servers “behind” a firewall. For this purpose, the Icinag2 Agent Be installed via self-service API**

Unfortunately “only” the Icinga port 5665 open.

The Icinga2 host cannot be reached via http or ping, as it is located in a different network segment

Manually, I can install Icinga Agent on the external Windows server.

But then you have to configure the configuration manually in Icinga2

I would like to configure everything via the Icinga director.

Can someone help ?

Many greetings

Stefan

rivad · September 3, 2024, 3:33pm

Well if the director API can’t be reached by the host to be setup then it will not be possible to use the self-service API.

As soon as the new host ist setup by hand in the director and the agent is configured and connected, it will receive further configuration via director → icinga2 – 5665 → Icinga2 agent.

moreamazingnick · September 17, 2024, 7:53pm

as @rivad mentioned the director selfservice api is reachable via icingaweb2 so without this access there is no selfservice/registration.

things you can do if port 5665 of your master is reachable:

install an agent and sign the csr manually using cli
install an agent and sign the csr via icignaweb2-module-ca
get the ticket via icinga2 api (generate-ticket) and use to get a signed certificate