bodsch
commented
4 years ago Another possibility would be to store zertificate and CA in a key-value memory (like consul).
Closed widhalmt closed 5 months ago
bodsch
commented
4 years ago Another possibility would be to store zertificate and CA in a key-value memory (like consul).
Al2Klimov
commented
3 years ago Which "higher risk"?
bodsch
commented
3 years ago "higher risk" means a user destroys the Icinga master or - worst case scenario - deletes the CA.
The latter has happened to me more than once because people didn't want to deal with the architecture.
Al2Klimov
commented
3 years ago You mean they destroy the container including the /data volume?
Which architecture and why they didn't want to deal with it?
bodsch
commented
3 years ago correct. both the container and the volume in which the data was stored were destroyed.
Take any AWS instance and a team that doesn't understand the Icinga architecture. There are more than enough of the latter.
Al2Klimov
commented
5 months ago Actually Icinga checks the CA (along with the complete chain) on every single cluster connection attempt. Failures are logged of course. The CA is an essential part of the cluster trust architecture, so I'm afraid we can't do this:
someone replaced the CA on the config master), pull the CA cert again and request a new certificate
We can't distinguish between on purpose rotation, volume defect and MITM. Also, with a KV DB we'd just move the single point of failure. Long live backups!
Due to the nature of containers on the one hand and Icinga 2 on the other hand, we have a higher risk than usual for losing CA files. (thanks to @bodsch for your feedback on this topic)
We have to make sure that every instance checks the local information about the central Icinga 2 CA.
In my opinion we should not: