I have distributed monitoring setup with Top Down Config Sync between a Master and multiple Satellite servers. From there, I have several hosts in each Satellite zone.
I have an ansible playbook that sets up the configuration. Whenever I setup a new host and enroll it into a Satellite zone using the ansible playbook, the following two tasks (among other tasks) get run:
ansible-playbook install_agent.yml -e “zone=satellite.example.com hostname=new-host.example.com” -K
- name: Install icinga2 agent - Ubuntu
apt:
name:
- icinga2
state: latest
when: ansible_distribution == "Ubuntu"
- name: Generate icinga2 pki ticket on monitoring server
command: icinga2 pki ticket --cn {{ansible_fqdn}}
register: ticket
delegate_to: master-host.example.com
- name: Copy the parent certificate
command: icinga2 pki save-cert --host master-host.example.com --port 5665 --key /var/lib/icinga2/certs/{{ansible_fqdn}}.key --cert /var/lib/icinga2/certs/{{ansible_fqdn}}.crt --trustedcert /var/lib/icinga2/certs/master-host.example.com.crt
- name: Configure icinga2 node on the client
command: icinga2 node setup --ticket {{ ticket.stdout }} --endpoint {{ zone }} --zone {{ ansible_fqdn }} --parent_host master-host.example.com --trustedcert /var/lib/icinga2/certs/master-host.example.com.crt --parent_zone {{ zone }} --accept-commands
This seems to work fine, EXCEPT that the resulting zone.conf file on the new host / endpoint doesn’t create the master endpoint or zone. Only the satellite endpoint and zone gets put into the config file. Here’s an example of what it looks like given the above.
/*
* Generated by Icinga 2 node setup commands
* on 2022-03-09 17:24:29 +0530
*/
object Endpoint "new-host.example.com" {
}
object Zone "satellite.example.com" {
endpoints = [ "satellite.example.com" ]
}
object Endpoint "new-host.example.com" {
}
object Zone "new-host.example.com" {
endpoints = [ "new-host.example.com" ]
parent = "satellite.example.com"
}
object Zone "global-templates" {
global = true
}
object Zone "director-global" {
global = true
}
As we can see, the master zone doesn’t get created, and I have to go back in, and add the following before Icinga will actually work and run the local checks that I need it to run:
object Endpoint "master-host.example.com" {
}
object Zone "master" {
endpoints = [ "master-host.example.com" ]
}
So my question here: Is there a way to get icinga2 node setup to include the master endpoint and zone in the new-host.example.com’s zone.conf file?
Here’s a little bit more information about my environment, from the perspective of the new-host.example.com:
# icinga2 feature list
Disabled features: command compatlog debuglog elasticsearch gelf graphite icingadb influxdb influxdb2 livestatus notification opentsdb perfdata statusdata syslog
Enabled features: api checker mainlog
# icinga2 --version
icinga2 - The Icinga 2 network monitoring daemon (version: 2.13.2-1)
Copyright (c) 2012-2022 Icinga GmbH (https://icinga.com/)
License GPLv2+: GNU GPL version 2 or later <https://gnu.org/licenses/gpl2.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
System information:
Platform: CentOS Linux
Platform version: 7 (Core)
Kernel: Linux
Kernel version: 3.10.0-1127.el7.x86_64
Architecture: x86_64
Build information:
Compiler: GNU 4.8.5
Build host: runner-hh8q3bz2-project-322-concurrent-0
OpenSSL version: OpenSSL 1.0.2k-fips 26 Jan 2017
Application information:
General paths:
Config directory: /etc/icinga2
Data directory: /var/lib/icinga2
Log directory: /var/log/icinga2
Cache directory: /var/cache/icinga2
Spool directory: /var/spool/icinga2
Run directory: /run/icinga2
Old paths (deprecated):
Installation root: /usr
Sysconf directory: /etc
Run directory (base): /run
Local state directory: /var
Internal paths:
Package data directory: /usr/share/icinga2
State path: /var/lib/icinga2/icinga2.state
Modified attributes path: /var/lib/icinga2/modified-attributes.conf
Objects path: /var/cache/icinga2/icinga2.debug
Vars path: /var/cache/icinga2/icinga2.vars
PID path: /run/icinga2/icinga2.pid