Configure Satellite

#1

Hello,

like to configure an satellite with Icinga Director. We have some servers far away and want there a satellite which is execute and store the checks from the outside servers.

I configure everything with the Icinga director and found the following page, there is the similar thing I want to achieve:

https://blog.sleeplessbeastie.eu/2018/02/05/how-to-setup-icinga2-master-satellite-client-using-director-module/

This configuration I have now ready but only my satellite is checked and my client behind the satellite is UNKNOWN in icingaweb2

Plugin Output:

Remote Icinga instance ‘client2.mgmt.xy’ is not connected to ‘icingab1.mgmt.xy’

icingab1 is my satellite

Is the Webside I had found not the best solution or had changed something? Use the Icinga2 Version 2.10.5-1 with
Director Modul 1.6.2

Many Thx
pulsar

#2

From my satellite the /etc/icinga2/zones.conf. I must add the Satellite Zone berlin manually. My master Zone is named icinga2.

object Endpoint "icinga2.mgmt.xy" {
        host = "icinga2.mgmt.xy"
        port = "5665"
}

object Zone "icinga2" {
        endpoints = [ "icinga2.mgmt.xy" ]
}

object Endpoint "icingab1.mgmt.xy" {
}

object Zone "berlin" {
    parent = "icinga2"
    endpoints = [ "icingab1.mgmt.xy" ]
}

object Zone "global-templates" {
        global = true
}

object Zone "director-global" {
        global = true
}
#3

a few more information, from my icinga2 Master. It is configured from the Director:

icinga2:~ # cat /var/lib/icinga2/api/zones/berlin/director/agent_endpoints.conf

object Endpoint "client2.mgmt.xy" {
        host = "172.29.1.109"
        log_duration = 0s
}

icinga2:~ # cat /var/lib/icinga2/api/zones/berlin/director/agent_zones.conf

object Zone "client2.mgmt.xy" {
    parent = "berlin"
    endpoints = [ "client2.mgmt.xy" ]
}

icinga2:~ # cat /var/lib/icinga2/api/zones/icinga2/director/zones.conf

object Zone "berlin" {
    parent = "icinga2"
    endpoints = [ "icingab1.mgmt.xy" ]
}

The Error Messag is Client2 is not connectet to his satellite. Here is no Firewall active. The Server can talk to each other:

icinga2:~ # netcat -v icingab1.mgmt.xy 5665
Connection to icingab1.mgmt.xy 5665 port [tcp/*] succeeded!

icinga2:~ # netcat -v client2.mgmt.xy 5665         
Connection to client2.mgmt.xy 5665 port [tcp/*] succeeded!

icingab1:/etc/icinga2 # netcat -v client2.mgmt.xy 5665
Connection to client2.mgmt.xy 5665 port [tcp/*] succeeded!

client2:~ # netcat -v icingab1.mgmt.xy 5665
Connection to icingab1.mgmt.xy 5665 port [tcp/*] succeeded!
#4

Hello again,

I had activated the debug log in icinga. And here I find this line:

[2019-09-17 08:20:32 +0200] debug/ApiListener: Not connecting to Zone 'client2.mgmt.xy' because it's not in the same zone, a parent or a child zone.

Had never worked with Zones. The /etc/icinga2/zones.conf from Master contains no satellite Zone.

If I change the zones.conf manually and add the satellite Zone then I become an error after restart icinga2:

-- Unit icinga2.service has begun starting up.
Sep 17 08:32:12 icinga2 icinga2[24453]: [2019-09-17 08:32:12 +0200] information/cli: Icinga application loader (version: r2.10.5-1)
Sep 17 08:32:12 icinga2 icinga2[24453]: [2019-09-17 08:32:12 +0200] information/cli: Loading configuration file(s).
Sep 17 08:32:12 icinga2 icinga2[24453]: [2019-09-17 08:32:12 +0200] critical/config: Error: Object 'berlin' of type 'Zone' re-defined: in /var/lib/icinga2/api/packages/director/f4499879-cbb2-454e-926b-2a395f2f3
Sep 17 08:32:12 icinga2 icinga2[24453]: Location: in /var/lib/icinga2/api/packages/director/f4499879-cbb2-454e-926b-2a395f2f39d3/zones.d/icinga2/zones.conf: 1:0-1:19
Sep 17 08:32:12 icinga2 icinga2[24453]: /var/lib/icinga2/api/packages/director/f4499879-cbb2-454e-926b-2a395f2f39d3/zones.d/icinga2/zones.conf(1): object Zone "berlin" {
Sep 17 08:32:12 icinga2 icinga2[24453]:                                                                                                            ^^^^^^^^^^^^^^^^^^^^
Sep 17 08:32:12 icinga2 icinga2[24453]: /var/lib/icinga2/api/packages/director/f4499879-cbb2-454e-926b-2a395f2f39d3/zones.d/icinga2/zones.conf(2):     parent = "icinga2"
Sep 17 08:32:12 icinga2 icinga2[24453]: /var/lib/icinga2/api/packages/director/f4499879-cbb2-454e-926b-2a395f2f39d3/zones.d/icinga2/zones.conf(3):     endpoints = [ "icingab1.mgmt.xy" ]
Sep 17 08:32:12 icinga2 systemd[1]: icinga2.service: Main process exited, code=exited, status=1/FAILURE
Sep 17 08:32:12 icinga2 systemd[1]: Failed to start Icinga host/service/network monitoring system.
-- Subject: Unit icinga2.service has failed

Is there a solution with director or what do i have to change to get a working satellites? Do I have to adjust files in the satellite server later when I add new clients to the satellite?

#5

Oh think I have found the real problem. Had activaed the debug log on satellite and I saw this line:

[2019-09-17 10:22:29 +0200] warning/ApiListener: Unexpected certificate common name while connecting to endpoint 'client2.mgmt.xy': got 'client2'

With this info in my head I changed the hostname in director from client2.mgmt.xy to client2 and now finally the checks a executed :hugs:

I do not know if everything is perfect and correct in my satellite setup, but at least it works like that. I want to change the topic as solved later.

#6

Hello,

today have found a problem.

I test this configuration and all checks a executed on the sattelite and clients behind the satellite. But for test reason I killed the icinga2 process on the satellite. In IcingaWeb2 I see no critical or unknown? Not on the Satellite and Client.

If the satellite is running and I stop the icinga2 process on the Client behind the satellite I can see an unknown message, the the client is not connected to the sattelite. Thats all right.

Regards
pulsar

#7

For the last Problem the solution was that I configure the satellite in Director and change the Zone from satellite to Master Cluster Zone