Icinga2 Powershell module - ERROR - Host is already registered with Icinga director

We have been using the powershell module to automate installation of Icinga2 agent on windows boxes… But there is one missing piece icinga2 re-installation is failing all the time with the below error…

Notice: Host is already registered within Icinga Director.
Notice: Fetched ticket “ERROR: Got invalid API key “ERROR: The host “**********” has already been registered (IcingaHostSelfServiceForm.php:103)”” from I
cinga Director
Notice: Skipping certificate generation. One or more of the following arguments is not set: -CAServer -Ticket

Everytime i had to manually drip the self service API key & reinstallation works…

In icinga2 powershell module we have been using the following commands… Any arguments that drop the self service api keys & forcefully reinstall the icinga2? I thought ForceCertificateGeneration $TRUE works but no luck its not working…

Any advise or anything missing or any flags needs to be added to reinstall? Please advise on this

Here the command on powershell module that we use…
exit Icinga2AgentModule -DirectorUrl '*********************************
-DirectorAuthToken ‘###################’ -ForceCertificateGeneration $TRUE
-RunInstaller

Hello and thank you for the message.
This issue is with the usage of the API keys. By using the template key the host is registered within the Director and assigned a host specific API key. This API key is written locally into the Icinga 2 Director at C:\ProgramData\icinga2\etc\icinga2\icingadirector.token

By uninstalling the Agent and removing the entire directory, this key is dropped as well which means the module has no idea of knowing this key. Otherwise it would load the local stored key and use it for the requests against the Director Self-Service API instead of the template key.

If a host is already registered within the Icinga Director with a key, then the module will throw this error - which is the intended behaviour. To fix this, you have to drop the Host-API key for this host on the “Agent” tab.

Sidenote: The new Icinga for Windows solution is using the same mechanics, but the key is not stored within any Icinga 2 configuration directories but within the configuration of the PowerShell Framework solution itself. Therefor this handling is a little more robust.

I hope this explanation helps!

Many thanks for your response… Icinga for windows is not the case for me… we are already in production…

Yeah you are correct… Actually i am trying to automate this… We have automated way of uninstall & install the icinga2 agent… But we don’t have automation way to drop the self service API Key… …

This means… Every time when we uninstall and install the icinga2 agent, self service API key should be dropped automatically without manual drop.

I am trying to find the flags/arguments to update powershell module that drop the self service API keys…

exit Icinga2AgentModule -DirectorUrl '*********************************
-DirectorAuthToken ‘###################’ -ForceCertificateGeneration $TRUE
-RunInstaller

or

is there anyway to uninstall and install without deleting the C:\ProgramData\icinga2\etc\icinga2\icingadirector.token ??

Please advise & correct me… thanks in advance

Hello there :slight_smile:

There is possibly a way to do what you intend here - I don’t know about that tough.

What I can do, is give some advice - it would probably be beneficial for you to look into the Icinga for Windows after all.
I assume that it seems like a lot, as your environment took some time to set up and is running in production already, but the module that Christian linked for you was made specifically for the purpose of monitoring Windows the right way.
We will also put our focus on further developing the Icinga for Windows - and focus on the module over supporting the icinga2 powershell module (which will probably end up being deprecated in future versions).

So I think it would be worth to put the effort in to update your production environment here.
Patching and fixing up environments only works well to a certain degree and if there is a tool for the purpose you’re looking for, it might be for the best to use it :slight_smile:

Have a nice day,
Feu

How are you uninstalling the Agent? You can just keep the ProgramData file content with the certificates and the token by uninstalling the Agent. Just do not use the -FullUninstallation flag.

Then neither the certificates nor the token are removed and you can simply install the Agent again.

Currently i am using with the following command…

exit Icinga2AgentModule -FullUninstallation -RunUninstaller;

But if We uninstall icinga2 by keeping ProgramData… Icinga reinstallation definitely didn’t work for me…

What happens if you re-install the Agent while the ProgramData folder still exists?
This should not cause any trouble at all.