Satellite configuration

Hello,

I try to configure my first satellite but it’s not working when I follow the documentation, I probably do something wrong…
I have two master node (master A and master B)
Here the zone.conf of one of them :

object Endpoint "masterA.fqdn" {
}

object Endpoint "masterB.fqdn" {
}

object Endpoint "satellite.fqdn" {
}

object Zone "master" {
        endpoints = [ "masterA.fqdn", "masterB.fqdn" ]
}

object Zone "satellite-service" {
        endpoints = [ "satellite.fqdn" ]
        parent = "master"
}

object Zone "global-templates" {
        global = true
}

object Zone "director-global" {
        global = true
}

Now the zone.conf of the satellite

object Endpoint "masterA.fqdn" {
        host = "masterA.fqdn"
        port = "5665"
}

object Endpoint "masterB.fqdn" {
        host = "masterB.fqdn"
        port = "5665"
}

object Zone "master" {
        endpoints = [ "masterA.fqdn", "masterB.fqdn" ]
}

object Endpoint "satellite.fqdn" {
}

object Zone "satellite.fqdn" {
        endpoints = [ "satellite.fqdn" ]
        parent = "master"
}

object Zone "satellite-service" {
        parent = "master"
}

object Zone "global-templates" {
        global = true
}

object Zone "director-global" {
        global = true
}

the zone.conf of a host :

object Endpoint "satellite.fqdn" {
        host = "satellite.fqdn"
        port = "5665"
}

object Zone "satellite-service" {
        endpoints = [ "satellite.fqdn" ]
}

object Endpoint "host.fqdn" {
}

object Zone "host.fqdn" {
        endpoints = [ "host.fqdn" ]
        parent = "satellite-service"
}

object Zone "global-templates" {
        global = true
}

object Zone "director-global" {
        global = true
}

And finaly the director setting for one host

What is wrong with my configuration ?
How can see easyly wich endpoint si doing the check ?

Thanks

This dos not make much sense:

I’d recommend anyway to add cluster and/or cluster-zone check(s) to monitor if zones are connected.

Oh ok, how should I configure then ?
I will read the doc about cluster / cluster-zone check thanks

I’d assume the first zone is wrong and the second zone does not have an endpoint defined.

The first zone is generated by the commande “icinga2 node wizard”, it is the zone of the satellite server itself, on all my server with agent installed this part is present…

For the second one, it’s me, who write it in the configuration file, I thought the zone should been declare at some place and, it’s true there is no endpoint because the endpoint of the “satellite-service” zone is the server itself and already use in the first zone (I have an error if I run the “icinga2 daemon -C”)

You cannot have more then one zone per icinga node.Hence, your satellite can only have one zone (which contains the hosts connected to this satellite). This zone have the master as its parent.

Ok.
I re run the node wizard on my satellite, my configuration is like that now

object Endpoint "masterB.fqdn" {
        host = "masterB.fqdn"
        port = "5665"
}

object Endpoint "masterA.fqdn" {
        host = "masterA.fqdn"
        port = "5665"
}

object Zone "master" {
        endpoints = [ "masterB.fqdn", "masterA.fqdn" ]
}

object Endpoint "host.fqdn" {
}

object Zone "host.fqdn" {
        endpoints = [ "host.fqdn" ]
        parent = "master"
}

object Zone "global-templates" {
        global = true
}

object Zone "director-global" {
        global = true
}

Is that better ?
Sorry but it’s verry obscure the satellite configuration, I read the doc and I understand it in theroy but in the real life, I can’t make it work

Yes, the learning curve of distributed monitoring is very steep (that’s why I’ve decided right from the beginning to order a consultant from Netways).

Node wizard should most of the time only be run once because they produce new certificates. Your zones.conf looks correct for master-agent deployment. It can also be used for a satellite but it might confuse in regards of then node name.

Hello,

The above is an excerpt of your masters’ setup. In my setup, each master knows the other, they define the “master” zone, and the global zones, and that’s it.
For instance, on master A:

object Endpoint "masterA.fqdn" {
}

object Endpoint "masterB.fqdn" {
  host = 10.0.0.2
}

object Zone "master" {
        endpoints = [ "masterA.fqdn", "masterB.fqdn" ]
}

object Zone "global-templates" {
        global = true
}

object Zone "director-global" {
        global = true
}

I am not sure this is the best or even good approach, but it works. I would prefer my masters to establish the communication with my satellites, and not reverse like it is here, but this I could not achieve it so far.

On the satellites, we defined the two masters with ways to get to them (host=xxx), and the sibling satellite with a way to get to it (we run satellites in HA mode):

object Endpoint "masterA.fqdn" {
        host = "10.0.0.1"
}

object Endpoint "masterB.fqdn" {
        host = "10.0.0.2"
}

object Zone "master" {
        endpoints = [ "masterA.fqdn", "masterB.fqdn" ]
}

object Endpoint "satellite1.fqdn" {
}

object Endpoint "satellite2.fqdn" {
  host = 10.0.1.2
}

object Zone "satellite1.fqdn" {
        endpoints = [ "satellite1.fqdn" ]
}

object Zone "satellite" {
        endpoints = [ "satellite1.fqdn" , "satellite2.fqdn" ]
        parent = "master"
}

object Zone "global-templates" {
        global = true
}

object Zone "director-global" {
        global = true
}

Note the absence of

parent = "master"

within the definition of the zone limited to each satellite. Each satellite belongs to its own zone, I think this is what it means.

Finally, on each agent, we have:

object Endpoint "host.fqdn" {}

object Endpoint "satellite1.fqdn" {}
object Endpoint "satellite2.fqdn" {}

object Zone "satellite" {
        endpoints = [ "satellite1.fqdn" , "satellite2.fqdn" ]
}

object Zone "host.fqdn" {
        endpoints = [ "host.fqdn" ]
        parent = "satellite"
}

object Zone "global-templates" {
        global = true
}

object Zone "director-global" {
        global = true
}

After all this was set up, I think we did a kickstart in Director.

Hope this helps,

Jean

PS: I would welcome validation from experts on this setup, and comments on how to make it even better, like, how to have satellites initiate communication with the masters, and not reverse.

I review all my configuration and I think it’s clean now

Master nodes :

object Endpoint "masterA.fqdn" {
        host = "masterA.fqdn"
        port = "5665"
}

object Endpoint "masterB.fqdn" {
        host = "masterB.fqdn"
        port = "5665"
}

object Endpoint "satellite.fqdn" {
        host = "satellite.fqdn"
        port = "5665"
}

object Zone "master" {
        endpoints = [ "masterA.fqdn", "masterB.fqdn" ]
}

object Zone "satellite-service" {
        endpoints = [ "satellite.fqdn" ]
        parent = "master"
}

object Zone "global-templates" {
        global = true
}

object Zone "director-global" {
        global = true
}

satellite :

object Endpoint "masterB.fqdn" {
        host = "masterB.fqdn"
        port = "5665"
}

object Endpoint "masterA.fqdn" {
        host = "masterA.fqdn"
        port = "5665"
}

object Zone "master" {
        endpoints = [ "masterB.fqdn", "masterA.fqdn" ]
}

object Endpoint "satellite.fqdn" {
}

object Zone "satellite.fqdn" {
        endpoints = [ "satellite.fqdn" ]
        parent = "master"
}

object Zone "global-templates" {
        global = true
}

object Zone "director-global" {
        global = true
}

agent :

object Endpoint "satellite.fqdn" {
        host = "satellite.fqdn"
        port = "5665"
}

object Zone "satellite-service" {
        endpoints = [ "satellite.fqdn" ]
}

object Endpoint "host.fqdn" {
}

object Zone "host.fqdn" {
        endpoints = [ "host.fqdn" ]
        parent = "satellite-service"
}

object Zone "global-templates" {
        global = true
}

object Zone "director-global" {
        global = true
}

I added check of cluster zone on the master nodes and satellite node and my 2 zone are online.
But my host with agent is not checked by the satellite when I go to the check source this is one of the master nodes wich is indicated… My host is still in the zone “satellite-service”

image711×239 3.56 KB

One detail more, in this configuration, if I check the logs on my satellite node I see the connection of my agent but it display a warning because he doesn’t know the zone “satellite-service”

warning/ApiListener: Ignoring config update from endpoint ‘host.fqdn’ for unknown zone ‘satellite-service’

In satellite’s zones.conf: zone host.fqdn should be satellite-service.

Why this on the master nodes?

Why this on the master nodes?

Cf. @rsx 's comment.

yes it’s the case, sorry for the mistake, I have corected my post

sorry several mistakes on my configuration file, I have corected it in my post

The agent config file looks entirely correct to me

Oh thank you that’s a good thing
When I check in the satellite icinga2.log file I can see my host attempt to connect but with a message : “no Endpoint object found for identity” …
I add an information (hope this was not an information i should give sooner…) my 2 master has director installed on it. Should I install and manualy add the host on the satellite too ?

Hello,

Everything looks OK, except perhaps this in the master config:

object Zone "satellite-service" {
        endpoints = [ "satellite.fqdn" ]
        parent = "master"
}

I am not sure what is the added value, or if it will work. Please tell me

Best regards,

Jean

That’s a different topic, involving what database system you are using (IcingaDB vs IDO), and where you are running the DB(s), and what are the sync mechanisms in place, etc.

So if you want to fix that, you may want to start a new thread, it will be cleaner.