So my first post right here about the configuration between master, satellites and agents. I read the documentation from icinga (06-distributed-monitoring) and set up the environment as the following:
One master server on RedHat
Two satellites on Ubuntu
One Agent installed on a Windows server 2016
On the master server I have installed Icinga-Director to easier distribute tasks, however I do have certain problems:
I wonder how I can include a sms-gateway (sms can be sent by using a certain URL) into the monitoring tasks on the master.
It seems that on the master I cannot see the agent installed on WK2016 which has as valid connection to one of the satellites
I don’t see the connected satellites on the master server. That should be the case, right?
P.S.
I read that the connection between Master and Satellite should not be made by Director but manually with the cli using zones.conf. Is that correct? Would that mean that my Satellites would need Icinga Director as well in order to add agents? Would these agents then be automatically displayed on the master as far as connection between master and satellite is okay?
Could you give me some input on how to narrow down the problem?
You need to understand (which can be quiet hard at the beginning) the difference between zones (incl. endpoints) and host objects. All zones are required to provide a communication path between endpoints. These endpoints can then handle all other objects e.g. host and services.
Did you create the corresponding host object at the director?
Did you create the corresponding host object at the director (not talking about zone and endpoint)?
Yes, everytime you connect a new satellite to its master you need to update zones.conf at the master accordingly. And then runkick-start wizard at the director (to import the new zone and endpoint objects).
No, Icinga’s setup allows only one director instance and this have to be installed at the master.
No, setting up connection (means zone, endoint, certificates etc.) is different from the host object. To see an agent at your master and satellite it’s enough to add a corresponding host object at the director. The director will then create the corresponding zone and endpoint objects automatically means you don’t need to add them manually to zones.confs.
You need one zone for master no matter if you have one endpoint or two (the latter is for HA). Same belongs to satellite means if your two satellites are not for HA, each of them requires its own zone. Agents must have its own zone and endpoint (using the director means you don’t need to take care in any way). BTW: more than two endpoints per zone is not supported.
No, this is not possible. If you install an agent manually you need to create a corresponding host object at the director. If you use the icinga-powershell-framework the director object is created automatically.
okay thanks again, so for the satellite that I cannot see, you said if I created the host object at the director.
So when I click on Icinga-Director > Hosts > I can choose between: Hosts, Host-Templates and Host-Groups. Can you please instruct me what I should exactly create?
Ah forget my dumb question… I just added the Host called it “Sat1-Monitoring” and it works.
I can now see the host, zwo services have yet to be checked but that should be done in the next couple of minutes.
Alright, now I can see the satelitte, to see the Agent that is connected to this satellite, will I have to do the same in Icinga-Director? Add the agent as a host?
however now I can see that the satellite system seems to have a problem. The checks (SSH and ICMP) are on state “unknown” with the error message: "Remote Icinga instance ‘monitoring.sat’ is not connected to ‘icinga.master’.
on icinga master, checking the logs however, I can see that there seems to be a valid and good connection: [2020-08-31 13:06:23 +0200] warning/ApiListener: Unexpected certificate common name while connecting to endpoint ‘monitoring.sat’: got monitoring
[2020-08-31 13:06:23 +0200] information/ApiListener: Finished reconnecting to endpoint ‘monitoring.sat’ via host ‘xy.xy.xy.xy’ and port ‘5665’
The warning indicates a wrong name, however I don’t get why. In director the host is named “monitoring”.
okay what I can see now is that the master server tries to connect to the satellite on port 5665 and cannot do this.
when I log into the satellite and execute netstat -anop |grep tcp I can see that no service is running under port 5665. Is there something more that has to be installed on the satellite system? I did the icinga2 installation with the cli and defined the server as a satellite one.
Icinga2 core open that port when you have api enabled. This is usally done during icinga2 node wizard (there are many different ways to do this as well).
Maybe api is not enabled (could be checked with icinga2 features list) oder icinga2 core is not running (could be checked with systemctl status icinga) e.g. due to an config error (could be checked with icinga2 daemon -C).
indeed api was disabled due to a permission error on the server - fixed that though.
and i deleted the sat in director and recreated it, now it works perfectly!
and one last question, for the agent wk2016 server that is connected to the satellite system:
If I create the host manually on icinga master then the icinga master will do the checks and not the satellite. Can you give me more details on how to solve that?
yeah I have read that but I am not quite sure, because the situation is like attached.
So what I want is that I can see the agent, that is connected to the satellite on the master and that the check results are also displayed on the master. Where do I have to configure what exactly?
P.S.
as I understand it, Zones on Master then should be: Master-Zone and Satellite-Zone
Zones on Satellite should then be: Master-Zone, Satellite-Zone, Agent-Zone
That correct? If so, do I have to edit the zones.conf manually or can Icinga Director do that as well?
I did that and I can see the agent, however I have implemented two checks, mainly ICMP and RDP port check, these checks don’t get executed by the satellite but by the master. This is a problem because there is a firewall (different network) between satellite and master, so the checks should be executed by the satellite and the results transmitted to the master.
I checked the agent’s config file under ProgrammData\icinga2\etc\icinga2\zones.conf (see attached)
As far as I can relate, the agent is in the Zone “master”. However, if I start the reconfigure option with the Icinga Agent, there is no way that I can set the zone in which the agent should belong. Should I just directly edit the config file and replace “master” with “satellite”?
