Thanks Michael. I have provided the information requested by you.. On Tue, Aug 4, 2015 at 2:53 PM, Michael Friedrich < michael.friedr...@netways.de> wrote:
> Am 04.08.2015 um 10:01 schrieb Ankush Grover:
>
> Hi Friends,
>
> I am running 2 Icinga Master servers in Clustered Mode on Centos 7 64-bit
> and 1 Satellite Server in a remote location on Centos 6.6 64-bit so that
> the clients in the remote location can send the data tto Icinga Master via
> this Satellite Server. This Satellite Server is running graphite &
> IcingaWeb2 too.
>
> Now the problem I am facing is that when I am try to run icinga2 as
> client I am getting the below error message.
>
>
> Icinga Package(icinga2-2.3.8-1.el6.x86_64) installed on the both Satellite
> Server & Client along icinga2-bin & icinga2-common package
>
> svn.example.com is the client
> icinga-ndi.example.com is the Satellite Server
> icingamaster1.example.com is the Icinga Master Server1
> icingamaster2.example.com is the Icinga Master Server2
>
>
> Attach the zones.conf from all of these nodes.
>
>
>
>
> What is the correct way to setup Icinga2 Client so that disk space and
> other things can be monitored from the Satellite Server??
>
> Errors on the Icinga2 client
>
> critical/SSL: Error on bio X509 AUX reading pem file
> '/etc/icinga2/pki/svn.example.crt': 0,
> "error:00000000:lib(0):func(0):reason(0)"
> critical/config: Error: Cannot get certificate from cert path:
> '/etc/icinga2/pki/svn.example.com.crt'.
> Location:
> /etc/icinga2/features-enabled/api.conf(2): * The API listener is used for
> distributed monitoring setups.
> /etc/icinga2/features-enabled/api.conf(3): */
> /etc/icinga2/features-enabled/api.conf(4): object ApiListener "api" {
> ^^^^^^^^^^^^^^^^^^^^^^^^
> /etc/icinga2/features-enabled/api.conf(5): cert_path = SysconfDir +
> "/icinga2/pki/" + NodeName + ".crt"
> /etc/icinga2/features-enabled/api.conf(6): key_path = SysconfDir +
> "/icinga2/pki/" + NodeName + ".key"
>
> critical/config: 1 error
> ^C
>
>
> Verify that your certificates exists inside that path, and it is readable
> by the user Icinga 2 is running as.
> Provide more detailed output, such as 'icinga2 --version'. More on the
> troubleshooting docs.
>
Icinga Master Servers
icinga2 --version
icinga2 - The Icinga 2 network monitoring daemon (version: v2.3.6)
Copyright (c) 2012-2015 Icinga Development Team (https://www.icinga.org)
License GPLv2+: GNU GPL version 2 or later <
http://gnu.org/licenses/gpl2.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Application information:
Installation root: /usr
Sysconf directory: /etc
Run directory: /var/run
Local state directory: /var
Package data directory: /usr/share/icinga2
State path: /var/lib/icinga2/icinga2.state
Objects path: /var/cache/icinga2/icinga2.debug
Vars path: /var/cache/icinga2/icinga2.vars
PID path: /var/run/icinga2/icinga2.pid
Application type: icinga/IcingaApplication
System information:
Operating system: Linux
Operating system version: 3.10.0-229.4.2.el7.x86_64
Architecture: x86_64
Distribution: CentOS Linux 7 (Core)
Satellite & Client
icinga2 --version
icinga2 - The Icinga 2 network monitoring daemon (version: v2.3.8)
Copyright (c) 2012-2015 Icinga Development Team (https://www.icinga.org)
License GPLv2+: GNU GPL version 2 or later <
http://gnu.org/licenses/gpl2.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Application information:
Installation root: /usr
Sysconf directory: /etc
Run directory: /var/run
Local state directory: /var
Package data directory: /usr/share/icinga2
State path: /var/lib/icinga2/icinga2.state
Objects path: /var/cache/icinga2/icinga2.debug
Vars path: /var/cache/icinga2/icinga2.vars
PID path: /var/run/icinga2/icinga2.pid
Application type: icinga/IcingaApplication
System information:
Operating system: Linux
Operating system version: 2.6.32-504.30.3.el6.x86_64
Architecture: x86_64
Distribution: "CentOS release 6.6 (Final)"
>
>
>
>
>
> icinga2 node wizard
>
> Please specify if this is a satellite setup ('n' installs a master setup)
> [Y/n]:
> Starting the Node setup routine...
> Please specifiy the common name (CN) [svn.example.com]:
> Please specifiy the local zone name [svn.example.com]:
> Please specify the master endpoint(s) this node should connect to:
> Master Common Name (CN from your master setup): icinga-ndi.example.com
> Do you want to establish a connection to the master from this node? [Y/n]:
> y
> Please fill out the master connection information:
> Master endpoint host (Your master's IP address or FQDN):
> icinga-ndi.example.com
> Master endpoint port [5665]:
> Add more master endpoints? [y/N]: n
> Please specify the master connection for CSR auto-signing (defaults to
> master endpoint host):
> Host [icinga-ndi.example.com]:
> Port [5665]:
> information/base: Writing private key to
> '/etc/icinga2/pki/svn.example.com.key'.
> information/base: Writing X509 certificate to
> '/etc/icinga2/pki/svn.example.com.crt'.
> information/cli: Generating self-signed certifiate:
> information/cli: Fetching public certificate from master (
> icinga-ndi.example.com, 5665):
>
> information/cli: Writing trusted certificate to file
> '/etc/icinga2/pki/trusted-master.crt'.
> information/cli: Stored trusted master certificate in
> '/etc/icinga2/pki/trusted-master.crt'.
>
> Please specify the request ticket generated on your Icinga 2 master.
> (Hint: # icinga2 pki ticket --cn 'svn.example.com'):
> 72517301bed44be2fa97fd208acc51ab25dbc388
> information/cli: Processing self-signed certificate request. Ticket
> '72517301bed44be2fa97fd208acc51ab25dbc388'.
>
> information/cli: Created backup file
> '/etc/icinga2/pki/svn.example.com.crt.orig'.
> information/cli: Writing signed certificate to file
> '/etc/icinga2/pki/svn.example.com.crt'.
> information/cli: Writing CA certificate to file '/etc/icinga2/pki/ca.crt'.
> Please specify the API bind host/port (optional):
> Bind Host []:
> Bind Port []:
> Accept config from master? [y/N]: y
> Accept commands from master? [y/N]: y
> information/cli: Disabling the Notification feature.
> critical/cli: Cannot disable feature 'notification'. Target file
> '/etc/icinga2/features-enabled/notification.conf' does not exist.
> critical/cli: Cannot disable feature(s): notification
> information/cli: Enabling the Apilistener feature.
> warning/cli: Feature 'api' already enabled.
> warning/cli: Backup file '/etc/icinga2/features-available/api.conf.orig'
> already exists. Skipping backup.
> information/cli: Generating local zones.conf.
> information/cli: Dumping config items to file '/etc/icinga2/zones.conf'.
> warning/cli: Backup file '/etc/icinga2/zones.conf.orig' already exists.
> Skipping backup.
> information/cli: Updating constants.conf.
> warning/cli: Backup file '/etc/icinga2/constants.conf.orig' already
> exists. Skipping backup.
> information/cli: Updating constants file '/etc/icinga2/constants.conf'.
> information/cli: Updating constants file '/etc/icinga2/constants.conf'.
> Done.
>
>
> Error Message on Satellite Server
>
> 2015-08-04 13:25:11 +0530] information/ApiListener: New client connection
> for identity 'svn.example.com' (unauthenticated)
> [2015-08-04 13:25:18 +0530] information/ApiListener: New client connection
> for identity 'svn.example.com' (unauthenticated)
> [2015-08-04 13:25:18 +0530] critical/SSL: Could not open CA key file
> '/var/lib/icinga2/ca/ca.key': 33558530, "error:02001002:system
> library:fopen:No such file or directory"
> [2015-08-04 13:26:14 +0530] information/ApiClient: No messages for
> identity 'svn.example.com' have been received in the last 60 seconds.
> [2015-08-04 13:26:14 +0530] warning/ApiClient: API client disconnected for
> identity 'svn.example.com'
> [2015-08-04 13:26:29 +0530] information/ApiClient: No messages for
> identity 'svn.example.com' have been received in the last 60 seconds.
> [2015-08-04 13:26:29 +0530] warning/ApiClient: API client disconnected for
> identity 'svn.example.com'
>
>
> Did you fix your client startup? It certainly looks broken in a different
> way (unauthenticated).
>
> If I disable api feature that the client starts otherwise with api feature
enabled it refused to start and above error messages appears in the logs.
> Best would be to know your steps on installing this setup, from the master
> to the client.
>
>
There are 2 IcingaMaster servers running which are pushing the
configuration to the Satellite Server. So all the hosts, services etc. for
the Satellite Server comes from the Icinga Master server (running in
clustered mode). The client will talk to Satellite server as this satellite
server is in the same location as the client.
For client setup I am running icinga2 node wizard
Please specify if this is a satellite setup ('n' installs a master setup)
[Y/n]:
Starting the Node setup routine...
Please specifiy the common name (CN) [svn.example.com]:
Please specifiy the local zone name [svn.example.com]:
Please specify the master endpoint(s) this node should connect to:
Master Common Name (CN from your master setup): icinga-ndi.example.com
Do you want to establish a connection to the master from this node? [Y/n]: y
Please fill out the master connection information:
Master endpoint host (Your master's IP address or FQDN):
icinga-ndi.example.com
Master endpoint port [5665]:
Add more master endpoints? [y/N]: n
Please specify the master connection for CSR auto-signing (defaults to
master endpoint host):
Host [icinga-ndi.example.com]:
Port [5665]:
information/base: Writing private key to
'/etc/icinga2/pki/svn.example.com.key'.
information/base: Writing X509 certificate to
'/etc/icinga2/pki/svn.example.com.crt'.
information/cli: Generating self-signed certifiate:
information/cli: Fetching public certificate from master (
icinga-ndi.example.com, 5665):
information/cli: Writing trusted certificate to file
'/etc/icinga2/pki/trusted-master.crt'.
information/cli: Stored trusted master certificate in
'/etc/icinga2/pki/trusted-master.crt'.
Please specify the request ticket generated on your Icinga 2 master.
(Hint: # icinga2 pki ticket --cn 'svn.example.com'):
72517301bed44be2fa97fd208acc51ab25dbc388
information/cli: Processing self-signed certificate request. Ticket
'72517301bed44be2fa97fd208acc51ab25dbc388'.
information/cli: Created backup file
'/etc/icinga2/pki/svn.example.com.crt.orig'.
information/cli: Writing signed certificate to file
'/etc/icinga2/pki/svn.example.com.crt'.
information/cli: Writing CA certificate to file '/etc/icinga2/pki/ca.crt'.
Please specify the API bind host/port (optional):
Bind Host []:
Bind Port []:
Accept config from master? [y/N]: y
Accept commands from master? [y/N]: y
information/cli: Disabling the Notification feature.
critical/cli: Cannot disable feature 'notification'. Target file
'/etc/icinga2/features-enabled/notification.conf' does not exist.
critical/cli: Cannot disable feature(s): notification
information/cli: Enabling the Apilistener feature.
warning/cli: Feature 'api' already enabled.
warning/cli: Backup file '/etc/icinga2/features-available/api.conf.orig'
already exists. Skipping backup.
information/cli: Generating local zones.conf.
information/cli: Dumping config items to file '/etc/icinga2/zones.conf'.
warning/cli: Backup file '/etc/icinga2/zones.conf.orig' already exists.
Skipping backup.
information/cli: Updating constants.conf.
warning/cli: Backup file '/etc/icinga2/constants.conf.orig' already exists.
Skipping backup.
information/cli: Updating constants file '/etc/icinga2/constants.conf'.
information/cli: Updating constants file '/etc/icinga2/constants.conf'.
Done.
> Kind regards,
> Michael
>
>
> --
> Michael Friedrich, DI (FH)
> Application Developer
>
> NETWAYS GmbH | Deutschherrnstr. 15-19 | D-90429 Nuernberg
> Tel: +49 911 92885-0 | Fax: +49 911 92885-77
> GF: Julian Hein, Bernd Erk | AG Nuernberg HRB18461
> http://www.netways.de | michael.friedr...@netways.de
>
> ** OSBConf 2015 - September - osbconf.org **
> ** OSMC 2015 - November - netways.de/osmc **
>
> _______________________________________________
> icinga-users mailing list
> icinga-users@lists.icinga.org
> https://lists.icinga.org/mailman/listinfo/icinga-users
>
>
svn-zones.conf
Description: Binary data
icinga-ndi-zones.conf
Description: Binary data
icingamaster1-zones.conf
Description: Binary data
icingamaster2-zones.conf
Description: Binary data
_______________________________________________ icinga-users mailing list icinga-users@lists.icinga.org https://lists.icinga.org/mailman/listinfo/icinga-users
