I have 2 separated network (call them A and B)
On each one I have an icinga infrastructure for check each network’s hosts.
No problem with that. Here the complicated things, I want to check the master B with the master A …
I know that on one icinga instance it’s not possible but is there a way to run 2 icinga instance on master B (one for check his hosts, the other to be checked itself by master A) ?
It can be fully separated service on the linux OS listen on a different port but I don’t know how to tell master A to use this custom port for this specific host …
Here a draw to explain better :
Why not, I did not think about it.
My first intention is to keep the same checks I already use for all of my hosts, and it’s work with agent.
The installation of the second agent instance does not worry me but i realy no idea where I can tell master A to check master B with the custom port of the second instance
How “separated” are the two networks? Do you mean that you have one or more network firewalls between them, or that you have no connectivity at all between them?
I would consider moving the masters up one level (leaving them in network A, or moving them to network M, your choice), and transforming the 3 current masters in A and B to satellites.
Hosts in A would belong to zone A and have as parents satellites in zone A
Hosts in B would belong to zone B and have as parents satellites in zone B
Satellites in all zones would have as parents the new masters in zone M
Master servers in zone M would be in master zone and poll the satellites
Perhaps this is a bit over the top in your setup if you don’t have many hosts, but it is quite clear and scalable.
unless I’m mistaken I can’t configure icinga2 to be master for his child AND send check result to an other master. In my understanding the master is at the top of the organisation, i’m I wrong ?
You will have two instances, one is master B and the other is an agent. Both don’t about each other. You will have a parent for the agent which is master A.
oh yes, sorry i miss understand what you say. That’s true, I can juste let the passive check enable for this host on master A, it’s probably the easier way.
For now I try to make the second instance awake (not so easy finally^^)
So I successfully create the second instance witch is running on master B with agent configuration to point on master A.
On master A side, I put host and services only on passive check and I waited…
Some service became OK but some other don’t … I don’t understand why …
sudo -u nagios icinga2 node wizard -D LogDir=/var/log/icinga2-corp -D DataDir=/var/lib/icinga2-corp -D CacheDir=/var/cache/icinga2-corp -D SpoolDirDir=/var/run/icinga2-corp -D ZonesDir=/etc/icinga2-corp/zones.d -D ConfigDir=/etc/icinga2-corp
Welcome to the Icinga 2 Setup Wizard!
We will guide you through all required configuration details.
Please specify if this is an agent/satellite setup ('n' installs a master setup) [Y/n]:
Starting the Agent/Satellite setup routine...
Please specify the common name (CN) [[[host_fqdn]]]:
Please specify the parent endpoint(s) (master or satellite) where this node should connect to:
Master/Satellite Common Name (CN from your master/satellite node): [[master1_fqdn]]
Do you want to establish a connection to the parent node from this node? [Y/n]:
Please specify the master/satellite connection information:
Master/Satellite endpoint host (IP address or FQDN): [[master1_fqdn]]
Master/Satellite endpoint port [5665]:
Add more master/satellite endpoints? [y/N]: y
Master/Satellite Common Name (CN from your master/satellite node): [[master2_fqdn]]
Do you want to establish a connection to the parent node from this node? [Y/n]: y
Please specify the master/satellite connection information:
Master/Satellite endpoint host (IP address or FQDN): [[master2_fqdn]]
Master/Satellite endpoint port [5665]:
Add more master/satellite endpoints? [y/N]: n
Parent certificate information:
Version: 3
Subject: CN = [[master2_fqdn]]
Issuer: CN = Icinga CA
Valid From: Nov 15 14:17:16 2023 GMT
Valid Until: Dec 16 14:17:16 2024 GMT
Serial:
Signature Algorithm: sha256WithRSAEncryption
Subject Alt Names: [[master2_fqdn]]
Fingerprint:
Is this information correct? [y/N]: y
Please specify the request ticket generated on your Icinga 2 master (optional).
(Hint: # icinga2 pki ticket --cn '[[host_fqdn]]'):
No ticket was specified. Please approve the certificate signing request manually
on the master (see 'icinga2 ca list' and 'icinga2 ca sign --help' for details).
Please specify the API bind host/port (optional):
Bind Host []:
Bind Port []: 5664
Accept config from parent node? [y/N]: y
Accept commands from parent node? [y/N]: y
Reconfiguring Icinga...
Disabling feature notification. Make sure to restart Icinga 2 for these changes to take effect.
Local zone name [[[host_fqdn]]]:
Parent zone name [master]:
Default global zones: global-templates director-global
Do you want to specify additional global zones? [y/N]:
Do you want to disable the inclusion of the conf.d directory [Y/n]:
Disabling the inclusion of the conf.d directory...
Done.
Now restart your Icinga 2 daemon to finish the installation!
Sign CSR on master
root@master2(~) : icinga2 ca list
Fingerprint | Timestamp | Signed | Subject
-----------------------------------------------------------------|--------------------------|--------|--------
[[fingerprint]] | Jun 6 13:21:23 2024 GMT | | CN = [[host_fqdn]]
root@master2(~) : icinga2 ca sign [[fingerprint]]
information/cli: Signed certificate for 'CN = [[host_fqdn]]'.
Create systemd service
Create the file /lib/systemd/system/icinga2-corp.service and paste
[Unit]
Description=Icinga host/service/network monitoring system
Requires=network-online.target
After=syslog.target network-online.target icingadb-redis.service postgresql.service mariadb.service carbon-cache.service carbon-relay.service
[Service]
Type=notify
NotifyAccess=all
Environment="ICINGA2_ERROR_LOG=/var/log/icinga2-corp/error.log"
EnvironmentFile=/etc/default/icinga2-corp
ExecStartPre=/usr/lib/icinga2/prepare-dirs /etc/default/icinga2-corp
ExecStart=/usr/sbin/icinga2 daemon -c /etc/icinga2-corp/icinga2.conf --close-stdio -e ${ICINGA2_ERROR_LOG} -D LogDir=/var/log/icinga2-corp -D DataDir=/var/lib/icinga2-corp -D CacheDir=/var/cache/icinga2-corp -D SpoolDir=/var/spool/icinga2-corp -D InitRunDir=/var/run/icinga2-corp -D ZonesDir=/etc/icinga2-corp/zones.d
PIDFile=/run/icinga2-corp/icinga2.pid
ExecReload=/usr/lib/icinga2/safe-reload /etc/default/icinga2-corp
TimeoutStartSec=30m
KillMode=mixed
# Systemd >228 enforces a lower process number for services.
# Depending on the distribution and Systemd version, this must
# be explicitly raised. Packages will set the needed values
# into /etc/systemd/system/icinga2.service.d/limits.conf
#
# Please check the troubleshooting documentation for further details.
# The values below can be used as examples for customized service files.
#TasksMax=infinity
#LimitNPROC=62883
[Install]
WantedBy=multi-user.target
I’m in a similar scenario, but with just Master A and one Master B and would like Master B have an agent to send to Master A (one direction only). Is it just then to run the icinga node setup on Master B as I would on a normal agent and point to the Master A ?
yes it’s just this BUT on the second instance of icinga service because if you run it on the main instance it will erase the master configuration and make your supervision down
