Running Agent deployment script

Running the deploy script showing up in the director host information gives the following error.

information/pki: Writing certificate to file '/var/lib/icinga2/certs/trusted-master.crt'.
critical/cli: !!! The certificate for CN 'i-0e6f206c0af41622e' is valid and uptodate. Skipping automated renewal.
/tmp/ line 180: Could not retrieve final certificate from host command not found
Writing config to /etc/icinga2/icinga2.conf
Writing config to /etc/icinga2/zones.conf
Writing config to /etc/icinga2/features-available/api.conf
warning/cli: Feature 'api' already enabled.
[2020-04-21 16:24:14 +0200] information/cli: Icinga application loader (version: r2.11.3-1)
[2020-04-21 16:24:14 +0200] information/cli: Loading configuration file(s).
[2020-04-21 16:24:14 +0200] information/ConfigItem: Committing config item(s).
[2020-04-21 16:24:14 +0200] information/ApiListener: My API identity: i-0e6f206c0af41622e

master version: r2.12.0-rc1-1
agent version: r2.11.3-1

It states an error on line 180 of the deploy script, this line has the following pki request in it:

"$ICINGA2_BIN" pki request \
    --host "${ICINGA2_CA_NODE}" \
    --port "${ICINGA2_CA_PORT}" \
    --ticket "${ICINGA2_CA_TICKET}" \
    --key "${ICINGA2_SSLDIR}/${ICINGA2_NODENAME}.key" \
    --cert "${ICINGA2_SSLDIR}/${ICINGA2_NODENAME}.crt" \
    --trustedcert "${ICINGA2_SSLDIR}/trusted-master.crt" \
    --ca "${ICINGA2_SSLDIR}/ca.crt"

Hi @p0nt,

The script has a little error in line 180 which hides the real issue. You have to add a fail call here like in the other else branches.

At the moment it looks like this

if ! pki request
then "$errorMessage"

but it should look like this

if ! pki request
then fail "$errorMessage"

The soon released Director version 1.7.3 will fix this.

With that, we should see the real issue why pki request fails.

You could also run the script with bash -x in order to see all the resolved commands being executed and execute the pki request command manually.

All the best,

1 Like

Hello @p0nt

Was your issue resolved by Erics answer?
If so, please mark the reply as the solution to your issue.
This helps others figure out what was wrong and also whether a topic still needs help :slight_smile:

Have a nice day,