Open HBrites9 opened 1 year ago
In my-client
root@rocky etc]# icinga2 node wizard Welcome to the Icinga 2 Setup Wizard!
We will guide you through all required configuration details.
Please specify if this is an agent/satellite setup ('n' installs a master setup) [Y/n]: b
Starting the Agent/Satellite setup routine...
Please specify the common name (CN) [rocky]: icinga2-agent1.localdomain
Please specify the parent endpoint(s) (master or satellite) where this node should connect to: Master/Satellite Common Name (CN from your master/satellite node): icinga2-master1.localdomain
Do you want to establish a connection to the parent node from this node? [Y/n]: y Please specify the master/satellite connection information: Master/Satellite endpoint host (IP address or FQDN): 192.168.122.31 Master/Satellite endpoint port [5665]:
Add more master/satellite endpoints? [y/N]: n critical/pki: Cannot connect to host '192.168.122.31' on port '5665' critical/cli: Peer did not present a valid certificate. [root@rocky etc]# icinga2 node wizard Welcome to the Icinga 2 Setup Wizard!
We will guide you through all required configuration details.
Please specify if this is an agent/satellite setup ('n' installs a master setup) [Y/n]: y
Starting the Agent/Satellite setup routine...
Please specify the common name (CN) [rocky]: icinga2-agent1.localdomain
Please specify the parent endpoint(s) (master or satellite) where this node should connect to: Master/Satellite Common Name (CN from your master/satellite node): icinga2-master1.localdomain
Do you want to establish a connection to the parent node from this node? [Y/n]: y Please specify the master/satellite connection information: Master/Satellite endpoint host (IP address or FQDN): 192.168.122.31 Master/Satellite endpoint port [5665]:
Add more master/satellite endpoints? [y/N]: n critical/pki: Cannot connect to host '192.168.122.31' on port '5665' critical/cli: Peer did not present a valid certificate.
I have the exact same problem. Did you solve this?
Hello @HBrites9!
critical/pki: Cannot connect to host '192.168.122.31' on port '5665' critical/cli: Peer did not present a valid certificate.
What does openssl s_client -connect 192.168.122.31:5665 -showcerts
say? To be run on the same host where the node wizard complains of course.
icinga2 ca list
only shows certificate signing requests and working with tickets does not create such requests.
Do your nodes in question have got valid certificates after restart?
Describe the bug
Im creating the ticket for my icinga2-agen1.localdomain
[root@rocky icinga2]# icinga2 pki ticket --cn icinga2-agent1.localdomain 34f881e8ad1aef07440c4b4901fde5352793bbc5
I alredy did the icinga2 node wizard
Reconfiguring Icinga... Checking for existing certificates for common name 'icinga2-master1.localdomain'... Certificate '/var/lib/icinga2/certs//icinga2-master1.localdomain.crt' for CN 'icinga2-master1.localdomain' already existing. Skipping certificate generation. Generating master configuration for Icinga 2. 'api' feature already enabled.
Master zone name [master]:
Default global zones: global-templates director-global Do you want to specify additional global zones? [y/N]: Please specify the API bind host/port (optional): Bind Host []: Bind Port []:
Do you want to disable the inclusion of the conf.d directory [Y/n]: Disabling the inclusion of the conf.d directory... Checking if the api-users.conf file exists...
Done.
Now restart your Icinga 2 daemon to finish the installation!
[root@rocky icinga2]# systemctl restart icinga2 [root@rocky icinga2]# icinga2 feature enable api warning/cli: Feature 'api' already enabled.
My ca list still empy
Somebody knows why?