Remote Icinga instance is not connected to master

d83 · June 6, 2021, 10:40am

Hi,

I am actively using Icinga 2 on a master+client distributed configuration, with a configuration managed by a self-made Ansible role, and things works for months.

Certificates are signed by the master with icinga2 the pki sign-csr command.

Things works when the master can connect to the client on the TCP port 5665, but today I realized that the satellite is not connected to the master if the master cannot connect to the client but viceversa (for example when the satellite is in private natted network):

What I find strange is that I don’t see any relevant error on the client, so it seems that it even don’t try to connect to the master, and for this reason I am thinking about a miss configuration problem.

These are the only logs I see on the client, so it seems to be completely idle:

[2021-06-06 12:16:47 +0200] information/ApiListener: Started new listener on '[0.0.0.0]:5665'
[2021-06-06 12:16:47 +0200] information/CheckerComponent: 'checker' started.
[2021-06-06 12:16:47 +0200] information/ConfigItem: Activated all objects.
[2021-06-06 12:16:56 +0200] information/WorkQueue: #5 (ApiListener, RelayQueue) items: 0, rate: 0/s (0/min 0/5min 0/15min);
[2021-06-06 12:16:56 +0200] information/WorkQueue: #6 (ApiListener, SyncQueue) items: 0, rate: 0/s (0/min 0/5min 0/15min);
[2021-06-06 12:21:47 +0200] information/ConfigObject: Dumping program state to file '/var/lib/icinga2/icinga2.state'
[2021-06-06 12:22:06 +0200] information/WorkQueue: #6 (ApiListener, SyncQueue) items: 0, rate: 0/s (0/min 0/5min 0/15min);
[2021-06-06 12:22:06 +0200] information/WorkQueue: #5 (ApiListener, RelayQueue) items: 0, rate: 0/s (0/min 0/5min 0/15min);
[2021-06-06 12:26:47 +0200] information/ConfigObject: Dumping program state to file '/var/lib/icinga2/icinga2.state'
[2021-06-06 12:27:16 +0200] information/WorkQueue: #6 (ApiListener, SyncQueue) items: 0, rate: 0/s (0/min 0/5min 0/15min);
[2021-06-06 12:27:16 +0200] information/WorkQueue: #5 (ApiListener, RelayQueue) items: 0, rate: 0/s (0/min 0/5min 0/15min);

This is the /etc/icinga2/zones.conf file on the client:

/*
 * Generated by Ansible
 */

object Endpoint "monitoring.domain.com" {
}

object Zone "monitoring.domain.com" {
        endpoints = [ "monitoring.domain.com" ]
}

object Endpoint "dc1.ad.domain.com" {
}

object Zone "dc1.ad.domain.com" {
        endpoints = [ "dc1.ad.domain.com" ]
        parent = "monitoring.domain.com"
}

object Zone "global-templates" {
        global = true
}

object Zone "director-global" {
        global = true
}

Could you help me to understand where I’m wrong, please?
Thank you very much!
Bye

d83 · June 6, 2021, 10:50am

I solved my problem!

I enabled the debug log with icinga2 feature enable debuglog and i found this debug log:

[2021-06-06 12:47:01 +0200] debug/ApiListener: Not connecting to Endpoint 'monitoring.domain.com' because the host/port attributes are missing.

So I added host and port attributed on the endpoint object:

object Endpoint "monitoring.domain.com" {
        host = "monitoring.domain.com"
        port = 5665
}

Restarted Icinga2 and now the client is correctly connecting to the master!

Thank you!