Thanks for your help Thomas. See below for some comments:
On Thu, 2017-10-05 at 18:06 +0200, Thomas Gelf wrote:
> Doesn't matter whether you have upper-, lower- or mixed case names.
> The
> only thing that will not work right now is changing case of the very
> same object name. There are Import Property Modifiers that can help
> you
> with weird data sources changing case all the time.
>
> I'd strongly suggest to lowercase all host names anyways, just: all
> of
> them will fail when you already imported them with mixed case.
> Shortest
> way to fix this is to lowercase them directly in your DB, like this:
>
> UPDATE icinga_host SET object_name = lower(object_name) where
> object_type = 'object';
>
> That's cheating a little bit, and some links in the global action log
> might get confused - but afterwards everything should be clean. Then
> add
> a "Lowercase" property modifier to your Import Source and you should
> be
> all done.
>
> Please take a DB dump first, just to be on the safe side. In case it
> doesn't work: restore the dump and try again.
>
After running the sql query I was indeed able to trigger the sync
again. I added the necessary modifiers to downcase the object_name and
that allowed me to rerun the syncs without problem.
However, like I was fearing, talking to my agents stopped working as
the common name in the certificates doesn't correspond anymore to the
Zone endpoints.
We are consistent in writing our domain name with the capitals... :|
I explored my options and after trying and trying I was able to
configure my Hiera lookup tree to override the necessary parameters to
use lowercase names for the certificates.
For reference I add them here:
common.yaml:
icinga2::constants:
NodeName: "%{facts.fqdn_downcased}"
ZoneName: "%{facts.fqdn_downcased}"
master-node.yaml:
icinga2::feature::api::pki: 'ca'
icinga2::feature::api::ca_host: "%{facts.fqdn_downcased}"
icinga2::feature::api::accept_config: true
icinga2::feature::api::accept_commands: true
icinga2::feature::api::ssl_key_path:
"/etc/icinga2/pki/%{facts.fqdn_downcased}.key"
icinga2::feature::api::ssl_cert_path:
"/etc/icinga2/pki/%{facts.fqdn_downcased}.crt"
facts.fqdn_downcased is a custom fact I had to introduce.
There is now one issue I'm still struggling.
When I successfully import and then sync my data it complains that the
the endpoint for the icinga2 master node is already defined in
/etc/icinga2/zones.conf:
object Endpoint NodeName {
}
where nodename is in constants.conf.
Which is normal as my icinga2 master is also in the puppetdb. I tried
removing the lines above from zones.conf, but then I get an error:
critical/config: Error: Validation failed for object 'master' of type
'Zone'; Attribute 'endpoints': Object 'oneiroi.ugent.be' of type
'Endpoint' does not exist.
Location: in /etc/icinga2/zones.conf: 7:3-7:27
/etc/icinga2/zones.conf(5):
/etc/icinga2/zones.conf(6): object Zone "master" {
/etc/icinga2/zones.conf(7): endpoints = [ NodeName, ]
^^^^^^^^^^^^^^^^^^^^^^^^^
I remembered that the under the sync rules I could apply a filter
expression. However I wasn't able to get that work. The help says:
Sync only part of your imported objects with this rule. Icinga Web 2
filter syntax is allowed, so this could look as follows:
(host=a|host=b)&!ip=127.*
I tried: host!=master.domain.com, certname!=master.domain.com, ...
As a workaround I added a replace property modifier on the import
itself. Where I replaced the certname of that one record with a dummy
name.
Can you advise I can filter out that one object? Or did I do something
wrong in the endpoint configuration?
Also I really appreciate the work done on the director interface.
Thanks!
Rudy
--
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Rudy Gevaert e-mail: rudy.geva...@ugent.be
Directie ICT, Afdeling Infrastructuur
Groep Systemen tel: +32 9 264 4750
Universiteit Gent fax: +32 9 264 4994
Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --_______________________________________________
icinga-users mailing list
icinga-users@lists.icinga.org
https://lists.icinga.org/mailman/listinfo/icinga-users
