Multiple Icinga Agents on same

Hello Icinga community o/

Could I run multiple Icinga2 agent environments ?
Actually I want to run on the same node, two different icinga2 agent configurations. Is such a thing possible ?

I have two completely different Icigna 2 master setups ( eg: : two different organizations/companies ) and each one wants to do their own agent checks.


I tried the following…

  • Create CSR and Certificate for the node.
icinga2 pki new-cert --cn icinga-agent.example \
--key /var/lib/icinga2/certs/icinga-agent.example.key \
--cert /var/lib/icinga2/certs/icinga-agent.example.crt
  • Request the master certificate from the master host (icinga2-master1.example.com ) and store it as icinga2-master1.example.com
icinga2 pki save-cert \
--trustedcert /var/lib/icinga2/certs/icinga2-master1.example.com \
--host icinga2-master1.example.com
  • Node setup for master1
icinga2 node setup --ticket 954....3315 \
--cn icinga-agent.example \
--endpoint icinga2-master1.example.com \
--zone icinga-agent.example \
--parent_zone master \
--parent_host icinga2-master1.example.com \
--trustedcert /var/lib/icinga2/certs/icinga2-master1.example.com.crt \
--accept-commands --accept-config \
--disable-confd
systemctl restart icinga2

Now everything works perfect for master1.
But I also want another one Icinga2 master to monitor this box, so I do the following:

icinga2 pki save-cert \
--trustedcert /var/lib/icinga2/certs/icinga2-master2.example.com \
--host icinga2-master2.example.com
icinga2 node setup --ticket 123....456 \
--cn icinga-agent.example \
--endpoint icinga2-master2.example.com \
--zone icinga-agent.example \
--parent_zone master \
--parent_host icinga2-master2.example.com \
--trustedcert /var/lib/icinga2/certs/icinga2-master2.example.com.crt \
--accept-commands --accept-config \
--disable-confd

After that, this node only connected to icinga2-master2.example.com.
I want to send agent checks to both : icinga2-master1.example.com & icinga2-master2.example.com.

ls -alh /var/lib/icinga2/certs/
total 40K
drwxr-x--- 2 icinga icinga 4.0K Sep 16 00:25 .
drwxr-x--- 5 icinga icinga 4.0K Sep 16 00:26 ..
-rw-r--r-- 1 icinga icinga 1.8K Sep 15 22:56 icinga2-master1.example.com.crt
-rw-r--r-- 1 icinga icinga 1.7K Sep 16 00:25 ca.crt
-rw-r--r-- 1 icinga icinga 1.8K Sep 16 00:25 icinga-agent.example.crt
-rw-r--r-- 1 icinga icinga 1.8K Sep 15 22:55 icinga-agent.example.crt.orig
-rw------- 1 icinga icinga 3.2K Sep 16 00:25 icinga-agent.example.key
-rw------- 1 icinga icinga 3.2K Sep 15 22:55 icinga-agent.example.key.orig
-rw-r--r-- 1 icinga icinga 1.8K Sep 15 23:00 icinga2-master2.example.com.crt
-rw------- 1 icinga icinga   40 Sep 16 00:25 ticket

Related

I read the following, but I can not understand if this is impossible…

1 Like

Seems like this is indeed what you’re looking for (multiple environments)
https://icinga.com/docs/icinga-2/latest/doc/06-distributed-monitoring/#using-multiple-environments

There are a few links throughout that section to the different objects it wants you to modify (ie, the ApiListener).

For the ApiListener, you will have 2 objects (as opposed to the standard 1) – you’ll need to use 2 dedicated ports for this. The default is 5665. For the second, I would avoid using 5666 since that is the NRPE plugin port. Maybe use 5664?

The configuration is done with the global constants ApiBindHost and ApiBindPort or the bind_host and bind_port attributes of the ApiListener object.

From there, it looks like you have to do some more config work with the IcingaApplication object and specify an environment (or perhaps 2 different objects?)

https://icinga.com/docs/icinga-2/latest/doc/09-object-types/#objecttype-icingaapplication

I haven’t done this myself (or have experience with it), all of this information was pulled from one of the doc links you provided.