No kickstart script working since update

Hello everyone,

I just updated my environment to the latest version. Since then it’s not possible for me to add a new client via powershell kickstart script anymore. See:

Fatal: Ausnahme beim Aufrufen von "generateCertificates" mit 0 Argument(en):  "information/cli: Retrieving X.509 certificate for 'shdeofgvim01:5665'.
critical/TcpSocket: getaddrinfo() failed with error code 11001, "Der angegebene Host ist unbekannt. "
critical/pki: Cannot connect to host 'shdeofgvim01' on port '5665'
critical/cli: Failed to fetch certificate from host."
######## The script encountered several errors during run ########
Fatal: Ausnahme beim Aufrufen von "generateCertificates" mit 0 Argument(en):  "information/cli: Retrieving X.509 certificate for 'shdeofgvim01:5665'.
critical/TcpSocket: getaddrinfo() failed with error code 11001, "Der angegebene Host ist unbekannt. "
critical/pki: Cannot connect to host 'shdeofgvim01' on port '5665'
critical/cli: Failed to fetch certificate from host."

I run the latest version of the kickstart script with the follow paramenters:

exit Icinga2AgentModule `
-DirectorUrl       'https://xxxxxx.com/icingaweb2/director/' `
-DirectorAuthToken 'asdasdasdasdasda' `
-ParentEndpoints   'satellite1.localdomain.local' `
-ParentZone        'actual Zone' `
-CAServer          '192.168.1.xx' `
-RunInstaller

shdeofgvim01 is the name of my master, but I dont get it why the client tries to connect to the master instead of the satellite for signing…

Sure that the master isn’t reachable for the client, because he has his own satellite.
Yesterday everythink works fine (same satellite -> not updated, same script, same master -> not updated).

Any thoughts?

That hostname doesn’t seem to be an FQDN which can be resolved into an IP address where one can connect to. That’s what the whole message lines are all about.

It’s the wrong server, vim01 is my master and it should be the satellite (satellite1.localdomain.local) like before. :frowning:

Hey again,

is there a way I miss something?
As I understand the new behaviour of CSR my clients should connect to the satellite. The satellite is passing the information to the master, signs it, and sends everything back to the satellite and client.

The kickstart script just worked fine until I updated my master to the newest version.

shdeofgvim01 is my master, only connected by IP over Site2Site VPNs, so it doesn’t matter if it’s resolvable by DNS servers (don’t take me wrong).

I also updated the kickstart script (still same problem) and every of my 25 satellites (still same problem). Because it’s not one of the smallest environments I’m feeling get into trouble the next days I want to deploy new servers and nothing is working.

I tried to add clients manually, and if I sign my request on the master with "icinga2 ca sign " it only says “Can’t sign certificate” or whatever :frowning:

Im happy about any response to this.

So long,
Kevin

########################### EDIT ###########################

I think I found the reason for the errors I’m getting.

If I set a static host entry in the hosts file like this:
“IP of satellite” “Name of master
192.168.1.1 shdeofgvim01

The script is running like charme again. If I tell the script to use the proxy feature for 2.8, it also says that im missing a variable which is still under “TODO”…

So the script is “broken” with the current version, and not the version of icinga2 itself.

If someone could reproduce the behaviour I would open a issue on github for that.

Regards again,
Kevin

No one with the same problem out there?