This is my very first post here so let me say hi to everyone and thanks for your daily effort on this great product!
Back to business…
I’m experiencing a discomforting issue since 3 days on my new pre-production setup. As you will see on my master I’m using the Icinga2 RC1 package so I’m not expecting anyone to dig beyond a quick check on evident configuration mistakes.
I have 1 master “passive”, 1 satellite connecting to the master and 2 agents connecting to the satellite.
I already have a fully functional Icinga2 deployment but here there is no director and everything is set through puppet so there is no much of a GUI help neither I want it there.
Services on master and satellite works well but on the agents they are stuck (on icingaweb) in PENDING state (already tried to force manual re-check).
I have the following message on the satellite:
New client connection for identity 'agent-01.local' from [X.X.X.X]:35910 (no Endpoint object found for identity)
New client connection for identity 'agent-02.local' from [X.X.X.X]:35910 (no Endpoint object found for identity)
I really cannot understand what is wrong there. I’ve been looking for similar issues but somehoe I cannot find much in common with my case. Certificates are OK and that’s all confirmed during connection with the following:
Received certificate request for CN '......' signed by our CA
The certificate for CN '......' is valid and uptodate. Skipping automated renewal.
Changes done on the master node seem to “propagate” but something is still wrong.
Any hint would be really appreciated.
Thanks.
NODES:
master: mon-01.local (Fedora Server 32, package: icinga2-2.12.0.rc1.48)
satellite: mon-02.local (Debian 10.4, package: icinga2-2.10.3-2)
agent1: agent-01.local (Debian 10.4, package: icinga2-2.10.3-2)
agent2: agent-02.local (Debian 10.3, package: icinga2-2.10.3-2)
ZONES:
master
sat-01
[root@mon-01.local]# cat /etc/icinga2/zones.conf
object Endpoint “mon-01.local” {
// host = “mon-01.local” // already tried this
}object Endpoint “mon-02.local” {
// host = “mon-02.local” // already tried this
}object Zone “global-templates” {
global = true
}object Zone “master” {
endpoints = [ “mon-01.local”, ]
}object Zone “sat-01” {
endpoints = [ “mon-02.local” ]
parent = “master”
}
[root@mon-02.local]# cat /etc/icinga2/zones.conf
object Endpoint “mon-01.local” {
host = “mon-01.local”
}object Endpoint “mon-02.local” {
host = “mon-02.local”
}object Zone “global-templates” {
global = true
}object Zone “master” {
endpoints = [ “mon-01.local”, ]
}object Zone “sat-01” {
endpoints = [ “mon-02.local”, ]
parent = “master”
}
[root@agent-01.local]# cat /etc/icinga2/zones.conf
object Endpoint “agent-01.local” {
}object Endpoint “mon-02.local” {
host = “mon-02.local”
}object Zone “agent-01.local” {
endpoints = [ “agent-01.local”, ]
parent = “sat-01”
}object Zone “global-templates” {
global = true
}object Zone “sat-01” {
endpoints = [ “mon-02.local”, ]
}
[root@agent-02.local]# cat /etc/icinga2/zones.conf
object Endpoint “mon-02.local” {
host = “mon-02.local”
}object Endpoint “agent-02.local” {
}object Zone “agent-02.local” {
endpoints = [ “agent-02.local”, ]
parent = “sat-01”
}object Zone “global-templates” {
global = true
}object Zone “sat-01” {
endpoints = [ “mon-02.local”, ]
}
[root@mon-01.local]# cat /etc/icinga2/zones.d/master/hosts.conf
object Host “mon-01.local” {
address = “X.X.X.X”
groups = [ “linux-nodes”, ]
display_name = “mon-01.local”
check_command = “hostalive”
}
[root@mon-01.local]# cat /etc/icinga2/zones.d/master/hostgroups.conf
object HostGroup “linux-nodes” {
display_name = “Linux Servers”
groups = [ “linux-nodes”, ]
assign where host.vars.os == “linux”
}
…
[root@mon-01.local]# cat /etc/icinga2/zones.d/master/services.conf
apply Service “check_ssh” {
import “generic-service”check_command = “ssh”
assign where (host.address || host.address6) && host.vars.os == “Linux”
}apply Service for (disk_name => config in host.vars.disks) {
import “generic-service”check_command = “disk”
command_endpoint = host.name
vars += config
assign where host.vars.os == “Linux”
ignore where host.vars.noagent
}apply Service “load” {
import “generic-service”check_command = “load”
assign where host.name == NodeName
}
…
[root@mon-01.local]# cat /etc/icinga2/zones.d/master/api-users.conf
object ApiUser “admin” {
password = “xxxxxxxxxxxx”
permissions = [ “status/query”, “actions/", "objects/modify/”, “objects/query/", ]
// permissions = [ "” ] // already tried this
}
[root@mon-01.local]# cat /etc/icinga2/zones.d/sat-01/hosts.conf
object Host “mon-02.local” {
address = “X.X.X.X”
groups = [ “linux-nodes”, ]
display_name = “mon-02.local”
check_command = “hostalive”
vars.client_endpoint = name
}object Host “agent-01.local” {
address = “X.X.X.X”
groups = [ “linux-nodes”, ]
display_name = “agent-01.local”
check_command = “hostalive”
vars.client_endpoint = name
}object Zone “agent-01.local” {
endpoints = [ “agent-01.local” ]
parent = “sat-01”
}object Endpoint “agent-01.local” {
log_duration = 0 // Disable the replay log for command endpoint agents
}object Host “agent-02.local” {
address = “X.X.X.X”
groups = [ “linux-nodes”, ]
display_name = “agent-02.local”
check_command = “hostalive”
vars.client_endpoint = name
}object Zone “agent-02.local” {
endpoints = [ “agent-02.local” ]
parent = “sat-01”
}object Endpoint “agent-02.local” {
log_duration = 0 // Disable the replay log for command endpoint agents
}
[root@mon-01.local]# cat /etc/icinga2/zones.d/sat-01/services.conf
apply Service “sat-check_ssh” {
import “generic-service”
check_command = “ssh”
assign where host.zone == “sat-01”
}apply Service “sat-icinga” {
import “generic-service”check_command = “icinga”
assign where host.zone == “sat-01”
}apply Service for (disk_name => config in host.vars.disks) {
import “generic-service”check_command = “disk”
command_endpoint = host.name
vars += config
assign where host.zone == “sat-01”
ignore where host.vars.noagent
}apply Service “sat-load” {
import “generic-service”check_command = “load”
assign where host.zone == “sat-01”
}
…