Remote Icinga instance 'myClient' is not connected to 'icinga'

Hi,
I have a problem with an agent installed on Linux.
To install the agent I followed the documentation: Working with Agents and Config Zones. These are the steps I have done:

Icinga Agent template
Icinga Director > Hosts > Host Templates > Add
Name: Icinga Agent
Check command: load
Icinga Agent and zone settings

  • Icinga2 Agent: YES
  • Establish connection: YES
  • Accepts config: YES

zones.d/director-global/host_templates.conf

template Host "Icinga Agent" {
    check_command = "load"
}

Host
Icinga Director > Hosts > Host > Add
Hostname: myClient
Imports: Icinga Agent
Host address: 192.168.2.128

zones.d/icinga2-master/hosts.conf

object Host "myClient" {
    import "Icinga Agent"

    address = "192.168.2.128"
}

zones.d/icinga2-master/agent_endpoints.conf

object Endpoint "myClient" {
    host = "192.168.2.128"
    log_duration = 0s
}

zones.d/icinga2-master/agent_zones.conf

object Zone "myClient" {
    parent = "icinga2-master"
    endpoints = [ "myClient" ]
}

I installed the agent on myClient with “icinga2-agent-kickstart.bash”.
Everything looks fine.

If I go to: Overview > hosts
myClient is UP
Plugin Output: OK - load average: 0.00, 0.00, 0.00

Agent-based services
Icinga Director > Services > Service Templates > Add
Name: Agent-based services
Run on agent: Yes

template Service "Agent-based services" {
    command_endpoint = host_name
}

Single Services
Icinga Director > Services > Single Services > Add
Name: Agent - Check Disk
Imports: Agent-based services
Host: Icinga Agent
Check command: disk

zones.d/director-global/service_apply.conf

apply Service "Agent - Check Disk" {
    import "Agent-based services"

    check_command = "disk"

    assign where "Icinga Agent" in host.templates

    import DirectorOverrideTemplate
}

If I go to: Overview > Services
Agent - Check Disk on myClient
Remote Icinga instance ‘myClient’ is not connected to 'icinga’

On /var/log/icinga2/icinga2.log I found these notes

[2020-04-28 16:11:08 +0000] information/ApiListener: Reconnecting to endpoint 'myClient' via host '192.168.2.128' and port '5665'
[2020-04-28 16:13:19 +0000] critical/TcpSocket: Invalid socket: Connection timed out
[2020-04-28 16:13:19 +0000] critical/ApiListener: Cannot connect to host '192.168.2.128' on port '5665'
[2020-04-28 16:13:19 +0000] information/ApiListener: Finished reconnecting to endpoint 'myClient' via host '192.168.2.128' and port '5665'

Can you please tell me how to solve this issue?
Thank you very much!

Did you install and configure icinga on that agent? Did you sign the certificate request?

First I installed icinga on “myClient” and then I installed the agent following the instructions of the documentation “Working with Agents and Config Zones” . In practice I used the file “icinga2-agent-kickstart.bash”.
About the signature in the certificate request I did not execute any operation

thanks for your help

Is icinga2 running at your client and port is listening? You can check with

netstat -nl | grep 5665

Yes

root@myClient:~#     netstat -nl | grep 5665
tcp        0      0 0.0.0.0:5665            0.0.0.0:*               LISTEN

but icinga cannot connect. Is there a packet filter aka firewall in between? Is api enabled at your client? What is the output of:

icinga2 feature list

myClient and master are hosted on amazon AWS.
On AWS, for myClient, I just set the inbound rule

  • protocol: tcp
  • port range: 5665
  • source: 192.168.2.10 (the master)

But the message is always: Remote Icinga instance ‘stargate’ is not connected to ‘icinga’.

root@myCLient:~# icinga2 feature list
Disabled features: command compatlog debuglog elasticsearch gelf graphite influxdb livestatus opentsdb perfdata statusdata syslog
Enabled features: api checker mainlog notification

I’m not familiar with AWS, hence, I can only recommend to troubleshot network and certificates. Maybe, someone else can jump in.