The zone name doesn’t matter (and yes, that’s confusing). The ip address of the endpoint is crucial and it has to be the ip address of the satellite.
The host object has to be in the satellite zone and this is configured at the director. You could verfiy this with icinga2 object list -n wk2016.local.
Hi,
yeah… this is getting more and more confusing, so what icinga2 object list tells me is:
[root@icinga-master icinga2]# icinga2 object list -n wk2016.local
Object ‘wk2016.local’ of type ‘Zone’:
% declared in ‘/var/lib/icinga2/api/packages/director/cc5bce90-b4c1-4b47-b9fe-cbcb68a997a8/zones.d/icinga-master/agent_zones.conf’, lines 11:1-11:38
Object ‘wk2016.local’ of type ‘Endpoint’:
% declared in ‘/var/lib/icinga2/api/packages/director/cc5bce90-b4c1-4b47-b9fe-cbcb68a997a8/zones.d/icinga-master/agent_endpoints.conf’, lines 11:1-11:42
Object ‘wk2016.local’ of type ‘Host’:
% declared in ‘/var/lib/icinga2/api/packages/director/cc5bce90-b4c1-4b47-b9fe-cbcb68a997a8/zones.d/icinga-master/hosts.conf’, lines 24:1-24:38
Then I went into the icinga director and tried to select the correct zone for the host, namely satellite-zone, however I can only chose the master zone …
Okay, so I had a look at the zones.conf on the master:
[root@icinga-master icinga2]# cat /etc/icinga2/zones.conf
/*
object Endpoint “icinga-master” {
host = “192.168.1.3”
}
object Endpoint “satellite” {
host = “192.168.10.58”
}
object Zone “icinga-master” {
endpoints = [ “icinga-master” ]
}
object Zone “satellite” {
endpoints = [“satellite”]
parent = “icinga-master”
}
object Zone “global-templates” {
global = true
}
object Zone “director-global” {
global = true
}
there the satellite zone exists …
I’d assume you didn’t run kick start wizard after you added the satellite’s objects to your zones.conf. And that’s the reason why is does not appear in the list.
BTW: For better readability please format your posts as described here.
and tried to do it over CLI:
[root@icinga-master icinga2]# icingacli director kickstart run
ERROR: RuntimeException in /usr/share/icingaweb2/modules/director/library/Director/Data/Db/DbObject.php:853 with message: Storing icinga_apiuser[] failed: SQLSTATE[23000]: Integrity constraint violation: 1048 Column ‘object_name’ cannot be null, query was: INSERT INTO icinga_apiuser (object_name, object_type, disabled, password, client_dn, permissions) VALUES (?, ?, ?, ?, ?, ?) {array (
‘id’ => NULL,
‘object_name’ => NULL,
‘object_type’ => ‘external_object’,
‘disabled’ => ‘n’,
‘password’ => NULL,
‘client_dn’ => NULL,
‘permissions’ => NULL,
)}
The error message is clear “Please change the endcoding…” means you didn’t create the director database with CREATE DATABASE director CHARACTER SET 'utf8';
Hi,
these seems like a bug.
I went into Applications and set the database charset (just a text field) to utf8 and now icinga director works. However, Kickstart is still missing…
Hi,
okay I got one step further.
You have to create “kickstart.ini” under the path: /etc/icingaweb2/modules/director
Then run:
icingacli director kickstart run
Go into the webinterface Icinga-Director → Activitylogs and accept.
Now I am able to set the host wk2016.local to the z one “satellite”.
However, still it looks as though the icinga-master server tries to check the wk2016 server… When I have a look at the host I can see that “check-source” is set to icinga-master for the “hostalive” plugin. Where can I set this to the satellite-server?
Thanks,
Check source is only updated when a check is triggered to run. Maybe you did not wait long enough? You still can verify the host object with icinga2 object list... and it need to have the satellite as zone.
Hi,
thanks.
Yes, I checked it with object list and zone seems correct:
However, if I look into the webinterface now, I can see the following error messages:
so I checked with icinga2 ca list on master and satellite, however no new certs have to be approved.
going onto the satellite and checking the icinga logs, I can see:
Where to search now?
Could this be an issue of the agent, satellite and master’s zone.conf file?
It looks like your certificates CN is not identical with the host object ‘wk2016.local’ != ‘monitoring’. I mentioned already the certificate checks.
Thanks, I must have missed that and even going through the thread I cannot see the “certificate checks”.
How would I check them?
Thanks
Hi Roland,
sorry for the late reply what I had some (well earned) holidays 
So first thing I did is check if satellite’s cert and master’s cert is the same:
So this looks good.
However, if I want to use pki tools (on ubuntu) to check the certs in detail, I get:
[quote]root@monitoring:/var/lib/icinga2/certs# pki verify --cacert ca.crt
FileNotFoundError: [Errno 2] No such file or directory: ‘/usr/share/pki/java-home/bin/java’
[/quote]
Java is installed and java_home is exported:
Strictly no icinga problem, but maybe you stumbled accross that one as well using PKI on ubuntu?
Thanks 
What I did now is using openssl s_client connect … to test connections from:
Agent to Satellite
Satellite to Master
this looks good as well.
Only thing:
however, this is okay I guess
anybody can help me?
