Move Icinga2 Master to another site

ma_bsi · May 19, 2020, 9:28am

Hi there,

we have a 2 Icinga2 Master Cluster setup (+Galera DB Cluster) with multiple Satellite servers. The Master servers are deployed on two different sites.

One of these sites will be closed in the near future and we have to move the primary Icinga2 master to another site. So we have to change the IP address and also the FQDN because we have the sitename in the hostname.

I know I have to create a new certificate for the master. But what are the consequences? Do I have to change anything (besides the FQDN and IP address in the zones file) on the satellites or even on the agents?

Best regards,
Martin

anon66228339 · May 24, 2020, 6:43am

Hello and welcome,

if you change one of the masters servers name and ip you have to create a new certificate for this master and update all zone files on masters/satellites and the agents that are connected directly to the master zone.

Regards,
Carsten

ma_bsi · August 6, 2020, 2:12pm

Hi Carsten,

thanks for your answer.

I’ve finally tested the migration on a test setup. I’ve changed the hostname, the IP address and created a new certificate with:

icinga2 pki new-cert --cn newhostname.domain.tld --key /etc/icinga2/pki/newhostname.domain.tld.key --csr /etc/icinga2/pki/newhostname.domain.tld.csr --cert /etc/icinga2/pki/newhostname.domain.tld.crt

Signed it with:

icinga2 pki sign-csr --csr /etc/icinga2/pki/newhostname.domain.tld.csr --cert /etc/icinga2/pki/newhostname.domain.tld.crt

Then I copied the new files to /var/lib/icinga2/certs/, changed the permissions and restarted the Icinga2 instances on all masters and satellites after changing the zone files.

Everything looks fine