New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CSR Auto sign in multi domain Setup failes with stacktrace #10024
Comments
Hii @pbirokas, thanks for reporting! That's because your satellite is closing the agent's connection as it doesn't have a zone and endpoint definition of the agent in its local |
@yhabteab thanks for the replay. I reconfigure the satellite.
I was now able to complete the installation of the agents. |
Your satellite still misses these config snippets though! It will still close the connection with object Endpoint "icinga2-agent.america.com" {
}
object Zone "icinga2-agent.america.com" {
endpoints = [ "icinga2-agent.america.com" ]
parent = "america"
} |
Describe the bug
This is taken from community.icinga.com
I am right now to setup a new Icinga2 environment for a customer that brings a new layer of compellability. In the past, I set up some environments with multi zones and satellites. So, I thought we could continue with this idea on the current project.
On this setup, we have the challenge that the zones have also different domain names. An example picture here:
So, we set up the master node with the "icinga2 node wizard", setup DB, WEB, Director... the master zone works as expected, same zone same domain. Auto CSR works!
Now we tried to setup the satellite and configure also an agent behind.
Since we habe a satellite that have an interface inside each domain, we tried this setup:
satellite node setup
satellite zones.conf
We put the same ticketsalt and api users from the master to the satellite.
Next Step: try to setup an agent behind the satellite inside the america zone.
Ticket was able to be retrieved from satellite, but node setup did not end as expected.
icinga agent setup syslog in america domain/zone:
In the output I can see this
On the satellite debug log it shows this:
We are not sure if we run into a bug, an configuration problem or that the CA Proxy do not work generally in multi domain setup. Since I know there are some Icinga2 customers out there running global setups, I am wondering if they run an own PKI or found a solution for such an environment.
Any help is appreciated!
Your Environment
Include as many relevant details about the environment you experienced the problem in
icinga2 --version
): r2.14.2-1icinga2 feature list
): api checker command debuglog icingadb mainlog notificationThe text was updated successfully, but these errors were encountered: