Problems with satellite setup

Icinga 2
1

Hello,

we are running a simple Master<->Agent setup for years now.
Due to changes in infrastructure we now want to monitor a additional data center.
I have build up our first satellite zone for this data center.
The agents in the satellite should only contact the satellite.
The satellite then reports log results of the agents to the master.
Agent in satellite zone can not reach master directly.
Master should not contact Satellite (no Top=>Down but Down=>Up for this data center)

Based on these requirements I have setup the following configuration:

Master
zones.conf

object Endpoint “master-host” {
}
object Endpoint “sat-host” {
}
object Endpoint “sat-agent-host” {
}
object Zone “sat.zone” {
parent = “master”
endpoints = [ “sat-host”,“sat-agent-host” ]
}
object Zone “master” {
endpoints = [ “master-host”]
}
object Zone “global-templates” {
global = true
}

Satellite
zones.conf

object Endpoint “master-host” {
host = “1.2.3.4”
port = “5665”
}
object Endpoint “sat-host” {
}
object Endpoint “sat-agent-host” {
}

object Zone “master” {
endpoints = [ “master-host” ]
}
object Zone “sat.zone” {
endpoints = [ “sat-host”,“sat-agent-host” ]
parent = “master”
}
object Zone “global-templates” {
global = true
}
object Zone “director-global” {
global = true
}

Agent in Sat
zones.conf

object Endpoint “sat-host” {
host = “2.3.4.5”
port = “5665”
}
object Endpoint “sat-agent-host” {
}

object Zone “sat.zone” {
endpoints = [ “sat-host” ]
}
object Zone “sat-agent-host” {
endpoints = [ “sat-agent-host” ]
parent = “sat.zone”
}
object Zone “global-templates” {
global = true
}
object Zone “director-global” {
global = true
}

Details master:
CentOS7.9
Icinga version 2.13.2-1

Details sat:
CentOS7.9
Icinga version 2.13.2-1

details agent in sat:
Win2019
Icinga version 2.13.1

After settings this up the result is the following:
IcingaWeb displays the error message "Remote Icinga instance ‘client in satellite zone’ is not connected to ‘satellite’
" for all enabled checks. Only the “hostalive”-check seems to be working fine. I am getting a “PING OK” for all 3 involved Icinga2 apps: master, sat & agent in sat.
But why are the other checks not working ?
I can see no errors in any log that communication is not working. icinga2.log of Satellite & Agent do indicate working communication (which is actually confirmed by the successful ping check). Also telnet 5665 between all components is working (atm we have allowed bi-directional communication on network layer eventhough I expect only the Agent to Contact satellite to contact master (and not master performing any connections to the satellite).

I will be thankful for any ideas. This took much longer & was much more complicated than I expected. I could setup network/firewall to enable master to directly reach the other data center (and avoid satellite configuration) but before I do this I will ask you guys if we can somehow get the Sat-config running. It can’t be that hard, right ?

Thanks in advance !

Regards,
Jan

2

Hi & welcome,

  1. you need to remove sat-agent-host from your sat.zone.
  2. director-global is missing in you master’s zones.conf
  3. While using the director you don’t need to configure agent’s zone and endpoint manually in your zones.conf
3

Hi Roland,
sorry for the missunderstanding but we are not using director-global. This is factory default value for new client installation & was just not removed.
If I remove “sat-agent-host” from sat.zone Icinga on the satellite it will not start anymore. It seems like it trys to apply services for the sat-agent-host but reports “sat-agent-host not defined” (which is correct, because I removed it).

The zones.d of our Master looks like this:
3 folders: sat.zone | global-templates | master
sat.zone contains “hosts.conf”(for hosts in sat.zone)
global-templates contains all kind of configurations “commands.conf”,“services.conf”, “command-plugins.conf” etc
master contains “hosts.conf”(for hosts in master)

Any other ideas ?

Regards,
Jan

4

It’s definitely correct that sat-agent-host is no endpoint for your sat.zone. Without director you need to configure zone end endpoint objects for every agent manually. But this cannot be done in zones.d/sat-zone since zones in zones doesn’t work.

5

I am not defining endpoints in zones.d/sat-zone/hosts.conf. Hosts.conf only contains the host-objects e.g.:
object Host “sat-agent-host” {
address = “3.4.5.6”
import “generic-host”
}

6

You need to configure a zone for your sat-agent-host in master’s and satellite’s zones.conf.

7

Ahhhh now I understand what was generally wrong. Thank you very much !!!