While working through my deployment of numerous satellite servers I’ve found one clean Ubuntu build is refusing to work as a remote Icinga agent.
I’m basically following the instructions here to add my satellite services.
These have worked really well so far.
As mentioned I’m adding another.
- I’ve added the new satellite host into Director and deployed the configuration.
- Then installed icinga2 onto the new Ubuntu clone.
- run through the icinga2 node wizard, using the settings shown.
- On the master, i’ve accepted the ca request using icinga2 ca sign ZXXXXXX etc
- Restarted icinga2 on the new satellite.
I would normally progress and perform the satellite specific configuration.
However weirdly this hasn’t worked properly and the master is complaining.
This was the configuration wizard on the client
icinga2 node wizard Welcome to the Icinga 2 Setup Wizard! We will guide you through all required configuration details. Please specify if this is a satellite/client setup ('n' installs a master setup) [Y/n]: Starting the Client/Satellite setup routine... Please specify the common name (CN) [cyllene2]: Please specify the parent endpoint(s) (master or satellite) where this node should connect to: Master/Satellite Common Name (CN from your master/satellite node): cyllene Do you want to establish a connection to the parent node from this node? [Y/n]: Please specify the master/satellite connection information: Master/Satellite endpoint host (IP address or FQDN): 192.x.x.x Master/Satellite endpoint port : Add more master/satellite endpoints? [y/N]: Parent certificate information: Subject: CN = cyllene Issuer: CN = Icinga CA Valid From: Jan 15 08:04:28 2020 GMT Valid Until: Jan 11 08:04:28 2035 GMT Fingerprint: 5C FB AF 35 80 87 BC 71 25 A8 AC C1 F1 B9 85 71 F8 5D 01 CB Is this information correct? [y/N]: y Please specify the request ticket generated on your Icinga 2 master (optional). (Hint: # icinga2 pki ticket --cn 'cyllene2'): No ticket was specified. Please approve the certificate signing request manually on the master (see 'icinga2 ca list' and 'icinga2 ca sign --help' for details). Please specify the API bind host/port (optional): Bind Host : Bind Port : Accept config from parent node? [y/N]: y Accept commands from parent node? [y/N]: y Reconfiguring Icinga... Disabling feature notification. Make sure to restart Icinga 2 for these changes to take effect. Enabling feature api. Make sure to restart Icinga 2 for these changes to take effect. Done. Now restart your Icinga 2 daemon to finish the installation!
CA was signed.
Fingerprint | Timestamp | Signed | Subject -----------------------------------------------------------------|--------------------------|--------|-------- 7c6db1ed455de081209ac5aa7574d5214157fdf770d8a749f701f752bcb09e1a | Feb 19 15:36:34 2020 GMT | | CN = cyllene2 XXXX@cyllene:/var/lib/icinga2/api/log# icinga2 ca sign 7c6db1ed455de081209ac5aa7574d5214157fdf770d8a749f701f752bcb09e1a information/cli: Signed certificate for 'CN = cyllene2'.
The Master keeps reporting
[2020-02-19 15:40:19 +0000] information/JsonRpcConnection: Received certificate request for CN 'cyllene2' signed by our CA. [2020-02-19 15:40:19 +0000] information/JsonRpcConnection: The certificate for CN 'cyllene2' is valid and uptodate. Skipping automated renewal. [2020-02-19 15:40:28 +0000] information/ApiListener: Reconnecting to endpoint 'cyllene2.fqdn.com' via host '192.168.0.202' and port '5665' [2020-02-19 15:40:28 +0000] warning/ApiListener: Unexpected certificate common name while connecting to endpoint 'cyllene2.fqdn.com': got 'cyllene2' [2020-02-19 15:40:28 +0000] information/ApiListener: Finished reconnecting to endpoint 'cyllene2.fqdn,com' via host '192.168.0.202' and port '5665'
And the new client/satellite
(0) Handling new API client connection [2020-02-19 15:42:28 +0000] information/ApiListener: New client connection for identity 'cyllene' from [192.168.0.201]:40630 [2020-02-19 15:42:28 +0000] warning/ApiListener: No data received on new API connection for identity 'cyllene'. Ensure that the remote endpoints are properly configured in a cluster setup. Context: (0) Handling new API client connection
I’m just repeating the same build process so I’m stuck why this is happening.
I’ve tried remove the host from Director and restarting the process. but I still keep getting the same issue. I also tried adding and removing the fqdn.