-
Notifications
You must be signed in to change notification settings - Fork 35
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Setting up Icinga Agents without connection to Icinga Master #280
Comments
The difference between a setup with a ticket and no ticket is the It is possible to setup icinga2 manually without using the For this ansible role I can't see how it would allow for a ticketless setup, it either degalates ticket generation from the headend or it tries to get it itself. If your ansible server can see the headend you should be able to get this working using
|
If you have the ticket salt and the CN of the host, you can create the ticket on every Icinga node. There is no other secret information on the master besides the salt. One of the tasks that fails is trying to fetch the trusted cert from the central node. It shouldn't be hard to change that but as of now the installation will break there. |
Hey, I did solve this issue with manually creating certificates and deploy them via ansible on the agent. As the parent reconnects to the client (zones/endpoints configuration needs to be done first) the agent will send his CSR to the parent. As the ansible.builtin.copy module has default to overwrite the files, consider using the module_defaults in your playbook.
|
Hi all
I would like to use this Icinga collection to set up our monitoring. Currently I'm using this role to configure the Icinga Master and it's working great. Now I want to configure an Icinga Agent using the Icinga2 role with the API feature but I'm having some issues with this.
Our firewalls are configured to only allow the master to connect to the Icinga2 agents on port 5665, but not the other way round. When I manually configure the agents using the
icinga2 node wizard
, I can simply answerDo you want to establish a connection to the parent node from this node? [Y/n]:
withno
, which will configure the node accordingly.This will create a CSR on the Icinga2 master. I can review all CSRs using
icinga2 ca list
andicinga2 ca sign <fingerprint>
.I tried to replicate
icinga2 node wizard
part with this Ansible collection but was unsuccessful. Is this functionality implemented in the Ansible collection?Thanks
Luca
The text was updated successfully, but these errors were encountered: