Roll out Icinga2 agents with ansible and Icinga Director

e36Alex · November 30, 2022, 9:00pm

Hello,

actually i am trying to roll out my icinga2 agents with ansible.
I got a fresh install of latest Icinga2 and Icinga Director.

Already i imported the agent hosts from ldap to the director and could deploy from director to icinga2.

Here are the ansible tasks (after apt installation) for the agent hosts:

# Register the client
- name: Get the install-key
  ansible.builtin.shell: icinga2 pki ticket --cn "{{ inventory_hostname }}"
  register: ticket
  become: true
  delegate_to: icinga2.domain.de

- name: Create host certs
  command: >
    icinga2 pki new-cert
      --cn "{{ inventory_hostname }}"
      --key /var/lib/icinga2/certs/"{{ inventory_hostname }}".key
      --cert /var/lib/icinga2/certs/"{{ inventory_hostname }}".crt
  become: true
- name: Retrieve trusted cert from parent host
  command: >
    icinga2 pki save-cert
      --host icinga2.domain.de
      --key "{{ inventory_hostname }}".key
      --cert "{{ inventory_hostname }}".crt
      --trustedcert /var/lib/icinga2/certs/icinga2.domain.de.crt
  become: true

- name: Register the Icinga2 client
  command: >
    icinga2 node setup
      --cn "{{ inventory_hostname }}"
      --zone "{{ inventory_hostname }}"
      --endpoint icinga2.domain.de
      --parent_host icinga2.domain.de
      --parent_zone master
      --ticket "{{ticket.stdout}}"
      --trustedcert /var/lib/icinga2/certs/icinga2.domain.de.crt
      --accept-commands
      --accept-config
      --disable-confd
  become: true

- name: Restart service Icinga2
  ansible.builtin.systemd:
    state: restarted
    daemon_reload: yes
    name: icinga2
  become: true

The installation of the agents works fine so far, the playbook is running without problems.

At next i created a simple apt_check service, but i get the following error while deploying it:

[2022-11-30 21:46:45 +0100] information/cli: Icinga application loader (version: r2.13.6-1)
[2022-11-30 21:46:45 +0100] information/cli: Loading configuration file(s).
[2022-11-30 21:46:45 +0100] warning/config: Ignoring directory '/var/lib/icinga2/api/zones/icinga2.domain.de' for unknown zone 'icinga2.domain.de'.
[2022-11-30 21:46:45 +0100] information/ConfigItem: Committing config item(s).
[2022-11-30 21:46:45 +0100] information/ApiListener: My API identity: icinga2.domain.de
[2022-11-30 21:46:45 +0100] critical/config: Error: Validation failed for object 'docker01.domain.de!apply_check_apt' of type 'Service'; Attribute 'command_endpoint': Object 'docker01.domain.de' of type 'Endpoint' does not exist.
Location: in [stage]/zones.d/director-global/service_templates.conf: 3:5-3:32
[stage]/zones.d/director-global/service_templates.conf(1): template Service "template_check_apt" {
[stage]/zones.d/director-global/service_templates.conf(2):     check_command = "apt"
[stage]/zones.d/director-global/service_templates.conf(3):     command_endpoint = host_name
                                                               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[stage]/zones.d/director-global/service_templates.conf(4): }
[stage]/zones.d/director-global/service_templates.conf(5):

The config check seems fine:

root@docker01:/etc/icinga2# icinga2 daemon -C
[2022-11-30 21:48:25 +0100] information/cli: Icinga application loader (version: r2.13.6-1)
[2022-11-30 21:48:25 +0100] information/cli: Loading configuration file(s).
[2022-11-30 21:48:25 +0100] information/ConfigItem: Committing config item(s).
[2022-11-30 21:48:25 +0100] information/ApiListener: My API identity: docker01.domain.de
[2022-11-30 21:48:25 +0100] information/ConfigItem: Instantiated 1 IcingaApplication.
[2022-11-30 21:48:25 +0100] information/ConfigItem: Instantiated 1 FileLogger.
[2022-11-30 21:48:25 +0100] information/ConfigItem: Instantiated 1 CheckerComponent.
[2022-11-30 21:48:25 +0100] information/ConfigItem: Instantiated 4 Zones.
[2022-11-30 21:48:25 +0100] information/ConfigItem: Instantiated 2 Endpoints.
[2022-11-30 21:48:25 +0100] information/ConfigItem: Instantiated 1 ApiListener.
[2022-11-30 21:48:25 +0100] information/ConfigItem: Instantiated 244 CheckCommands.
[2022-11-30 21:48:25 +0100] information/ScriptGlobal: Dumping variables to file '/var/cache/icinga2/icinga2.vars'
[2022-11-30 21:48:25 +0100] information/cli: Finished validating the configuration file(s).

service-template:

zones.d/director-global/service_templates.conf
template Service "template_check_apt" {
    check_command = "apt"
    command_endpoint = host_name
}

service apply rule:

zones.d/director-global/service_apply.conf
apply Service "apply_check_apt" {
    import "template_check_apt"

    assign where match("*ebian*", host.vars.host_os)

    import DirectorOverrideTemplate
}

Can you help me to get this running?

Thanks in advance,
Alex

rsx · December 1, 2022, 7:02am

Blind guess, you did not set Icinga Agent to yes for that host object in the director.

e36Alex · December 1, 2022, 7:19am

Thanks for your reply.

It happens just when I set it to the agent.

rivad · December 1, 2022, 11:27am

I also use Ansible to manage the Icinga2 Agent and use the Director.

This are the settings on one such hosts.

rsx · December 1, 2022, 11:52am

Maybe you have some clutter in your config files. Run following commands to get a clean config:

systemctl stop icinga2
rm -rf /var/lib/icinga2/api/{packages,zones,zones-stage}/*
systemctl start icinga2

and deploy within director again.

e36Alex · December 1, 2022, 6:43pm

Thank you, thats it!