Many problems with the agent kickstart script

Icinga Web Modules Icinga Director
,
1

Hi,

I am having some difficulty with the Agent deployment right now.

on a Ubuntu 16.04.6 LTS machine for example, when I install icinga2 from the Ubuntu repository (which is version 2.4.1) and start the “icinga2-agent-kickstart.bash”, I receive the following error:

/home/master/icinga2-agent-kickstart.bash

INFO: This should be a Debian system
check: icinga2 installed - OK: 2.4.1-1
INFO: Using old SSL directory: /etc/icinga2/pki
information/base: Writing private key to ‘/etc/icinga2/pki/%%HOSTNAME%%.key’.
critical/SSL: Error while opening private RSA key file ‘/etc/icinga2/pki/%%HOSTNAME%%.key’: 33558541, “error:0200100D:system library:fopen:Permission denied”
ERROR: Could not create self signed certificate!

This can be fixed by changing the Permission of the “/etc/icinga2/pki” directory to “777” (just for Testing, I know this is not ideal) it works, but I get new error:

/home/master/icinga2-agent-kickstart.bash

INFO: This should be a Debian system
check: icinga2 installed - OK: 2.4.1-1
INFO: Using old SSL directory: /etc/icinga2/pki
information/base: Writing private key to ‘/etc/icinga2/pki/%%HOSTNAME%%.key’.
information/base: Writing X509 certificate to ‘/etc/icinga2/pki/%%HOSTNAME%%.crt’.
information/base: Writing certificate signing request to ‘/etc/icinga2/pki/%%HOSTNAME%%.csr’.
warning/TlsStream: TLS stream was disconnected.
critical/cli: Failed to fetch certificate from host
ERROR: Could not retrieve trusted certificate from host %%ICINGA-SERVER%%

The Versions we have installed are:
icingaweb2 - 2.7.1
director - 1.7.0
incubator - 0.5.0
ipl - 0.3.0
reactbundle - 0.7.0
monitoring - 2.7.1

Many thanks in advance!
Cheers, Finn

2

Ensure to have packages.icinga.com as package repository, the default in Ubuntu with 2.4.1 is old and not supported anymore.

https://icinga.com/docs/icinga2/latest/doc/02-installation/#debianubunturaspbian-repositories

Cheers,
Michael

3

Thank you! The kickstart worked fine using the package from the icinga repository.

How comes, that the icinga package made it in to universe in the first place but is not maintained anymore?
Has it always been unsupported?
We always used the package from the ubuntu repository out of convenience and I personally dislike adding repos as long as it is really not necessary.

Anyways, thank you for your help :slight_smile: !

4

We as Icinga don’t maintain these upstream packages. Their release lifecycle is far too slow with providing old versions, in contrast that we push 2 major feature release per year with bugfix releases in a higher frequency. Therefore we’ve created our own CI pipeline for package builds and are publishing the support packages on packages.icinga.com

Also keep in mind, that support for older versions like this is generally not available. Being uptodate helps and avoids troubles e.g. going from 2.4 to 2.11 - the upgrading docs are detailed but there’s more to take into account than from 2.10 to 2.11 for example.

In terms of vendor repositories: That’s a common thing nowadays and allows everyone to use packages for their convenience. Puppet, Grafana, Terraform, Docker, … everyone has packages which also is key to their success in fast adoption.

Cheers,
Michael