Object 'master' of type 'Zone' does not exist


(Malik217) #1

Hi i am facing some problems with my configuration. I started first and installed icinga2 on my SLES12 server. First works good after some changes nothings works anymore.
i get the error: critical/config: Error: Validation failed for object ‘icingatest-master1’ of type ‘Endpoint’; Attribute ‘zone’: Object ‘master’ of type ‘Zone’ does not exist.

here is my configuration:

zones.conf:
/*

  • Generated by Icinga 2 node setup commands
  • on 2018-07-30 14:50:47 +0200
    */

object Endpoint “icingatest-master1” {
host="***"
port=“5665”
Zone=Zone
}

object Endpoint “icingatest-master2” {
host="***"
port=“5665”
Zone=Zone
}

object Zone “master” {
endpoints = [ “icingatest-master1”,“icingatest-master2” ]
global = true
}

object Zone “global-templates” {
global = true
}

object Zone “director-global” {
global = true
}

my api-users.conf:
/**

  • The APIUser objects are used for authentication against the API.
    */
    object ApiUser “root” {
    password = “**”
    // client_cn = “”

permissions = [ “" ]
}
object ApiUser “icingaweb2” {
password = "
"
permissions = [ “status/query”, "actions/
", "objects/modify/
”, “objects/query/*” ]
}
object Endpoint NodeName {
NodeName=NodeName
zone=Zone
}

i dont know what i am missing?
greets


#2

Hi,

the zone attribute for endpoint objects does not exist.

object Endpoint "icingatest-master1" {
  host = "***"
  port = "5665"
}

object Endpoint "icingatest-master2" {
  host = "***"
  port = "5665"
}

The assignment to a zone is done by the zone object.

Best regards
Michael

p.s. Please use Markdown code tags to format your configuration snippets, it is hard to read without a proper formation. You can find a quick how to in our FAQ. :slight_smile:


(Malik217) #3

Hi,
thanks for the quick reply.
Unfortunately when i remove it from there i get this error:

config: Error: Endpoint 'icingatest-master1' does not belong to a zone.
Location: in /etc/icinga2/conf.d/api-users.conf: 14:1-14:24
/etc/icinga2/conf.d/api-users.conf(12):   permissions = [ "status/query", "actions/*", "objects/modify/*", "objects/query/*" ]
/etc/icinga2/conf.d/api-users.conf(13): }
/etc/icinga2/conf.d/api-users.conf(14): object Endpoint NodeName {
                                        ^^^^^^^^^^^^^^^^^^^^^^^^
/etc/icinga2/conf.d/api-users.conf(15): NodeName=NodeName
/etc/icinga2/conf.d/api-users.conf(16): }

[2018-12-20 19:36:18 +0100] critical/config: Error: Endpoint 'icingatest-master1' does not belong to a zone.
Location: in /etc/icinga2/zones.conf: 6:1-6:51
/etc/icinga2/zones.conf(4):  */
/etc/icinga2/zones.conf(5):
/etc/icinga2/zones.conf(6): object Endpoint "icingatest-master1" {
                            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
/etc/icinga2/zones.conf(7): host="***"
/etc/icinga2/zones.conf(8): port="5665"

[2018-12-20 19:36:18 +0100] critical/config: Error: Endpoint 'icingatest-master2' does not belong to a zone.
Location: in /etc/icinga2/zones.conf: 11:1-11:51
/etc/icinga2/zones.conf(9): }
/etc/icinga2/zones.conf(10):
/etc/icinga2/zones.conf(11): object Endpoint "icingatest-master2" {
                             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
/etc/icinga2/zones.conf(12): host="***"
/etc/icinga2/zones.conf(13): port="5665"

and when i remove the endpoint from the api-user. i get another error:

Error: Endpoint object for 'icingatest-master1' is missing.
Location: in /etc/icinga2/features-enabled/api.conf: 4:1-4:24
/etc/icinga2/features-enabled/api.conf(2):  * The API listener is used for distributed monitoring setups.
/etc/icinga2/features-enabled/api.conf(3):  */
/etc/icinga2/features-enabled/api.conf(4): object ApiListener "api" {
                                           ^^^^^^^^^^^^^^^^^^^^^^^^
/etc/icinga2/features-enabled/api.conf(5):
/etc/icinga2/features-enabled/api.conf(6):   ticket_salt = TicketSalt

[2018-12-20 19:40:44 +0100] critical/config: 1 error

i was trying to resolve this thats why i got my config mixxed a litle bit


#4

Which Icinga 2 version you are using?

Please show the complete api.conf file (hide confidential details).

The endpoint object in the api-users.conf shouldn’t be necessary. Also NodeName is not a valid attribute either. You can find all attributes here:

https://icinga.com/docs/icinga2/latest/doc/09-object-types/#endpoint

Error: Endpoint object for 'icingatest-master1.[...].com' is missing.

To tackle this error you can try to use FQDNs in your zones.conf file.

object Endpoint "icingatest-master1.[...].com" {
  host = "***"
  port = "5665"
}

object Endpoint "icingatest-master2.[...].com" {
  host = "***"
  port = "5665"
}

object Zone "master" {
  endpoints = [ "icingatest-master1.[...].com","icingatest-master2.[...].com" ]
}

Also keep in mind that the master zone shouldn’t be a global zone. Please look in the docs to get familiar with global zones and their usage.

https://icinga.com/docs/icinga2/latest/doc/06-distributed-monitoring/#global-zone-for-config-sync


(Malik217) #5

Hi,

i am using Icinga2 version 2.9.1-1

i have used the fqdn in the zones.conf file.
i just removed the ending in my post to hide the information.

this is what i have in my api.conf file:

/**
 * The API listener is used for distributed monitoring setups.
 */
object ApiListener "api" {

  ticket_salt = TicketSalt
  accept_commands = true

}

object ApiUser "infradb" {

password = "***"
client_cn = "infradb"

permissions = [ "objects/query/Host" ]

}

object ApiUser "client-pki-ticket" {

  password = "***"
  permissions = [ "actions/generate-ticket" ]

}
object ApiUser "director" {
  password = "***"
  // client_cn = ""

  permissions = [ "*" ]
}

#6

I would move the ApiUser objects into the api-users.conf file.

Let us start over. Save your current zone.conf file. Remove every zone/endpoint object which is not in zones.conf.

Now configure the bare minimum zones.conf.

object Endpoint "icingatest-master1.[...].com" {
  // since this is us, we don't need the host and port attribute
}

object Zone "master" {
	endpoints = [ "icingatest-master1.[...].com" ]
}

object Zone "global-templates" {
	global = true
}

object Zone "director-global" {
	global = true
}

Keep in mind that the name for the endpoint must match the NodeName constant which is configured in the constants.conf file

Run icinga2 daemon -C to validate the configuration.

If this works you now can add more endpoints and zones to it.


(Malik217) #7

Hi, Unfortunataly it does not work. i get another error:

 critical/config: Error: Endpoint 'icingatest-master1.[***].com' does not belong to a zone.
Location: in /etc/icinga2/zones.conf: 6:1-6:50
/etc/icinga2/zones.conf(4):  */
/etc/icinga2/zones.conf(5):
/etc/icinga2/zones.conf(6): object Endpoint "icingatest-master1.[***].com" {
                            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
/etc/icinga2/zones.conf(7): }
/etc/icinga2/zones.conf(8):

my zones.conf looks now like this:

/*
 * Generated by Icinga 2 node setup commands
 * on 2018-07-30 14:50:47 +0200
 */

object Endpoint "icingatest-master1.[***].com" {
}

object Zone "master" {
        endpoints = [ "icingatest-master1.[***].com" ]
}

object Zone "global-templates" {
        global = true
}

object Zone "director-global" {
        global = true
}

could it be that something is wrong with my api configuration.
can i reset it and delete all configurations the api has done?


#8

Please use this bare minimum api.conf file for testing.

object ApiListener "api" {

  accept_config = false
  accept_commands = false

  ticket_salt = TicketSalt
}
  • Remove the ApiUser objects from the api.conf file.
  • Move the object definitions in the right files.
  • Do not declare other objects in the features-enabled/*.conf file
  • Which features are activated? icinga2 feature list

(Malik217) #9

i have used this bare file in my testing now. and had removed every api-user-object in api.conf

they should be in right files. had nothing declared elsewhere

server:/etc/icinga2 # icinga2 feature list
Disabled features: compatlog debuglog elasticsearch gelf graphite influxdb livestatus opentsdb perfdata statusdata syslog
Enabled features: api checker command ido-pgsql mainlog notification

(Malik217) #10

Hi,
i have solved my problem. Thanks for your support :slight_smile:
my problem was that i had the zonename for my endpoint was also named in my hosts.conf.
i deleted there and everything is working fine till now :smiley: