chrnie / ansible-role-icinga2

install icinga2 on rhel or debian
Apache License 2.0
2 stars 6 forks source link

Error: Cannot make SSL context for cert path #14

Open TinajaLabs opened 5 years ago

TinajaLabs commented 5 years ago

When running this task:

- name: Test config before restart icinga 2
  shell: "{{ icinga2_binary }} daemon -C"
  register: configTest
  changed_when: configTest.rc == 0
  notify: Restart Icinga 2

This is the error when running with -vvv:

RUNNING HANDLER [chrnie.icinga2 : Test config before restart icinga 2] ****
task path: /Users/cjefferies/Documents/code/gitlab/ansible/base/roles/chrnie.icinga2/handlers/main.yml:3
9-03-20 18:40:43 +0000] critical/config: 1 error",
    "stdout_lines": [
        "[2019-03-20 18:40:43 +0000] information/cli: Icinga application loader (version: r2.10.4-1)",
        "[2019-03-20 18:40:43 +0000] information/cli: Loading configuration file(s).",
        "[2019-03-20 18:40:43 +0000] information/ConfigItem: Committing config item(s).",
        "[2019-03-20 18:40:43 +0000] information/ApiListener: My API identity: mon.my.int",
        "[2019-03-20 18:40:43 +0000] critical/SSL: Error loading and verifying locations in ca key file '/var/lib/icinga2/certs//ca.crt': 33558530, \"error:02001002:system library:fopen:No such file or directory\"",
        "[2019-03-20 18:40:43 +0000] critical/config: Error: Cannot make SSL context for cert path: '/var/lib/icinga2/certs//mon.my.int.crt' key path: '/var/lib/icinga2/certs//mon.my.int.key' ca path: '/var/lib/icinga2/certs//ca.crt'.",
        "Location: in /etc/icinga2/features-enabled/api.conf: 4:1-4:24",
        "/etc/icinga2/features-enabled/api.conf(2):  * The API listener is used for distributed monitoring setups.",
        "/etc/icinga2/features-enabled/api.conf(3):  */",
        "/etc/icinga2/features-enabled/api.conf(4): object ApiListener \"api\" {",
        "                                           ^^^^^^^^^^^^^^^^^^^^^^^^",
        "/etc/icinga2/features-enabled/api.conf(5): ",
        "/etc/icinga2/features-enabled/api.conf(6):   accept_config = false",
        "",
        "[2019-03-20 18:40:43 +0000] critical/config: 1 error"
    ]
}

I defined the ca host variable like this: icinga2_ca_host: "mon.my.int" - This is the master monitoring server that I assume works as the ca for the monitored system.

It looks like it did not create the folder/file: /var/lib/icinga2/certs/ca.crt

The other cert files were created:

Any tips would be appreciated.

Thank you, Chris.

TinajaLabs commented 5 years ago

I cleared the certs dir and now I get this:

Error: Endpoint object for 'mon.my.int' is missing.

BTW, basic centos7 on AWS. I have become sudo. Selinux is on.

TinajaLabs commented 5 years ago

When I run the command from the remote host, I get the same thing

$ /usr/sbin/icinga2 daemon -C

[2019-03-20 22:40:49 +0000] information/cli: Icinga application loader (version: r2.10.4-1)
[2019-03-20 22:40:49 +0000] information/cli: Loading configuration file(s).
[2019-03-20 22:40:49 +0000] information/ConfigItem: Committing config item(s).
[2019-03-20 22:40:49 +0000] information/ApiListener: My API identity: mon.deva.ecm
[2019-03-20 22:40:49 +0000] critical/config: Error: Endpoint object for 'mon.my.int' is missing.
Location: in /etc/icinga2/features-enabled/api.conf: 4:1-4:24
/etc/icinga2/features-enabled/api.conf(2):  * The API listener is used for distributed monitoring setups.
/etc/icinga2/features-enabled/api.conf(3):  */
/etc/icinga2/features-enabled/api.conf(4): object ApiListener "api" {
                                           ^^^^^^^^^^^^^^^^^^^^^^^^
/etc/icinga2/features-enabled/api.conf(5):
/etc/icinga2/features-enabled/api.conf(6):   accept_config = false

[2019-03-20 22:40:49 +0000] critical/config: 1 error
TinajaLabs commented 5 years ago
$ icinga2 --version

icinga2 - The Icinga 2 network monitoring daemon (version: r2.10.4-1)

Copyright (c) 2012-2019 Icinga GmbH (https://icinga.com/)
License GPLv2+: GNU GPL version 2 or later <http://gnu.org/licenses/gpl2.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

System information:
  Platform: CentOS Linux
  Platform version: 7 (Core)
  Kernel: Linux
  Kernel version: 3.10.0-514.26.2.el7.x86_64
  Architecture: x86_64

Build information:
  Compiler: GNU 4.8.5
  Build host: unknown

Application information:

General paths:
  Config directory: /etc/icinga2
  Data directory: /var/lib/icinga2
  Log directory: /var/log/icinga2
  Cache directory: /var/cache/icinga2
  Spool directory: /var/spool/icinga2
  Run directory: /run/icinga2

Old paths (deprecated):
  Installation root: /usr
  Sysconf directory: /etc
  Run directory (base): /run
  Local state directory: /var

Internal paths:
  Package data directory: /usr/share/icinga2
  State path: /var/lib/icinga2/icinga2.state
  Modified attributes path: /var/lib/icinga2/modified-attributes.conf
  Objects path: /var/cache/icinga2/icinga2.debug
  Vars path: /var/cache/icinga2/icinga2.vars
  PID path: /run/icinga2/icinga2.pid
austinjhunt commented 4 years ago

I'm getting the same error. Red Hat 7.

[root@RT-Icinga-SB2 huntaj]# icinga2 --version
icinga2 - The Icinga 2 network monitoring daemon (version: 2.11.3-1)

Copyright (c) 2012-2020 Icinga GmbH (https://icinga.com/)
License GPLv2+: GNU GPL version 2 or later <http://gnu.org/licenses/gpl2.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

System information:
  Platform: Red Hat Enterprise Linux Server
  Platform version: 7.8 (Maipo)
  Kernel: Linux
  Kernel version: 3.10.0-1127.el7.x86_64
  Architecture: x86_64

Build information:
  Compiler: GNU 4.8.5
  Build host: runner-LTrJQZ9N-project-322-concurrent-0

Application information:

General paths:
  Config directory: /etc/icinga2
  Data directory: /var/lib/icinga2
  Log directory: /var/log/icinga2
  Cache directory: /var/cache/icinga2
  Spool directory: /var/spool/icinga2
  Run directory: /run/icinga2

Old paths (deprecated):
  Installation root: /usr
  Sysconf directory: /etc
  Run directory (base): /run
  Local state directory: /var

Internal paths:
  Package data directory: /usr/share/icinga2
  State path: /var/lib/icinga2/icinga2.state
  Modified attributes path: /var/lib/icinga2/modified-attributes.conf
  Objects path: /var/cache/icinga2/icinga2.debug
  Vars path: /var/cache/icinga2/icinga2.vars
  PID path: /run/icinga2/icinga2.pid
[root@RT-Icinga-SB2 huntaj]# cat /etc/os-release
NAME="Red Hat Enterprise Linux Server"
VERSION="7.8 (Maipo)"
ID="rhel"
ID_LIKE="fedora"
VARIANT="Server"
VARIANT_ID="server"
VERSION_ID="7.8"
PRETTY_NAME="Red Hat Enterprise Linux Server 7.8 (Maipo)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:7.8:GA:server"
HOME_URL="https://www.redhat.com/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"