Re: [icinga-users] How to configure Icinga2 Cluster

Michael Friedrich Mon, 07 Jul 2014 08:42:13 -0700

On 07.07.2014 17:33, Alfonso Pace wrote:

Hi, I have configured my 2 machine with icinga and che config file it's ok.

Again, post/attach the configuration of both servers. Readers here will fail to follow your attempts if you don't.

I have the follow error:

critical/ApiListener: Client TLS handshake failed.

Context:

(0) Handling new API client connection

[2014-07-07 12:30:40 -0400] critical/TlsStream: SSL_do_handshake() failed with code 67530866, "error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01"

Context:

(0) Handling new API client connection

[2014-07-07 12:30:40 -0400] critical/ApiListener: Client TLS handshake failed.

Context:

(0) Handling new API client connection

I created the ca in machine1 (master) and machine2 (slave). I created the certified for the master in machine1 with CA1 and the slave certified in the machine2 with CA2.

It's this the error???

Right. Different CAs won't trust each other. Not sure why you did it that way. The documentation does not tell you to do so, does it?
http://docs.icinga.org/icinga2/latest/doc/module/icinga2/toc#!/icinga2/latest/doc/module/icinga2/chapter/monitoring-remote-systems#certificate-authority-certificates

I can create all certified in master machine and copy conly che ca.cert and slave.crt in machine2?

I would create the CA and signed certificates on a safe box somewhere else, and only deploy ca.crt and $hostname.crt/key via scp to all involved boxes. Though, the "master" box might be sufficient either. Some people also tend to re-use an existing (Puppet) CA. Depends on your security policy though, if there are multiple CAs for different use cases, or not.

Any suggestions?

Thanks

2014-07-07 15:03 GMT+02:00 Michael Friedrich <[email protected]>:

On 07.07.2014 14:42, Alfonso Pace wrote:

I found this in:
http://docs.icinga.org/icinga2/latest/doc/module/icinga2/toc#!/icinga2/latest/doc/module/icinga2/chapter/about-icinga2
With this command "icinga2 --conf /etc/icinga2/icinga2.conf -C" I have
this error in my configuration:

[2014-07-07 09:44:08 -0400] information/icinga-app: Icinga application
loader (version: r2.0.0-3)
[2014-07-07 09:44:08 -0400] information/icinga-app: Loading application
type: icinga/IcingaApplication
[2014-07-07 09:44:08 -0400] information/Utility: Loading library
'libicinga.so'
[2014-07-07 09:44:08 -0400] information/ConfigCompiler: Adding include
search dir: /usr/share/icinga2/include
[2014-07-07 09:44:08 -0400] information/ConfigCompiler: Compiling config
file: /etc/icinga2/icinga2.conf
[2014-07-07 09:44:08 -0400] information/ConfigCompiler: Compiling config
file: /usr/share/icinga2/include/itl
[2014-07-07 09:44:08 -0400] information/ConfigCompiler: Compiling config
file: /usr/share/icinga2/include/command.conf
[2014-07-07 09:44:08 -0400] information/Utility: Loading library
'libmethods.so'
[2014-07-07 09:44:08 -0400] information/ConfigCompiler: Compiling config
file: /usr/share/icinga2/include/command-icinga.conf
[2014-07-07 09:44:08 -0400] information/ConfigCompiler: Compiling config
file: /usr/share/icinga2/include/timeperiod.conf
[2014-07-07 09:44:08 -0400] information/ConfigCompiler: Compiling config
file: /etc/icinga2/features-enabled/api.conf
[2014-07-07 09:44:08 -0400] information/ConfigCompiler: Compiling config
file: /etc/icinga2/features-enabled/checker.conf
[2014-07-07 09:44:08 -0400] information/Utility: Loading library
'libchecker.so'
[2014-07-07 09:44:08 -0400] information/ConfigCompiler: Compiling config
file: /etc/icinga2/features-enabled/command.conf
[2014-07-07 09:44:08 -0400] information/Utility: Loading library
'libcompat.so'
[2014-07-07 09:44:08 -0400] information/ConfigCompiler: Compiling config
file: /etc/icinga2/features-enabled/compatlog.conf
[2014-07-07 09:44:08 -0400] information/Utility: Loading library
'libcompat.so'
[2014-07-07 09:44:08 -0400] information/ConfigCompiler: Compiling config
file: /etc/icinga2/features-enabled/debuglog.conf
[2014-07-07 09:44:08 -0400] information/ConfigCompiler: Compiling config
file: /etc/icinga2/features-enabled/ido-mysql.conf
[2014-07-07 09:44:08 -0400] information/Utility: Loading library
'libdb_ido_mysql.so'
[2014-07-07 09:44:08 -0400] information/ConfigCompiler: Compiling config
file: /etc/icinga2/features-enabled/livestatus.conf
[2014-07-07 09:44:08 -0400] information/Utility: Loading library
'liblivestatus.so'
[2014-07-07 09:44:08 -0400] information/ConfigCompiler: Compiling config
file: /etc/icinga2/features-enabled/mainlog.conf
[2014-07-07 09:44:08 -0400] information/ConfigCompiler: Compiling config
file: /etc/icinga2/features-enabled/notification.conf
[2014-07-07 09:44:08 -0400] information/Utility: Loading library
'libnotification.so'
[2014-07-07 09:44:08 -0400] information/ConfigCompiler: Compiling config
file: /etc/icinga2/features-enabled/statusdata.conf
[2014-07-07 09:44:08 -0400] information/Utility: Loading library
'libcompat.so'
[2014-07-07 09:44:08 -0400] information/ConfigCompiler: Compiling config
file: /etc/icinga2/conf.d/commands.conf
[2014-07-07 09:44:08 -0400] information/ConfigCompiler: Compiling config
file: /etc/icinga2/conf.d/downtimes.conf
[2014-07-07 09:44:08 -0400] information/ConfigCompiler: Compiling config
file: /etc/icinga2/conf.d/groups.conf
[2014-07-07 09:44:08 -0400] information/ConfigCompiler: Compiling config
file: /etc/icinga2/conf.d/notifications.conf
[2014-07-07 09:44:08 -0400] information/ConfigCompiler: Compiling config
file: /etc/icinga2/conf.d/services.conf
[2014-07-07 09:44:08 -0400] information/ConfigCompiler: Compiling config
file: /etc/icinga2/conf.d/templates.conf
[2014-07-07 09:44:08 -0400] information/ConfigCompiler: Compiling config
file: /etc/icinga2/conf.d/timeperiods.conf
[2014-07-07 09:44:08 -0400] information/ConfigCompiler: Compiling config
file: /etc/icinga2/conf.d/users.conf
[2014-07-07 09:44:08 -0400] information/ConfigCompiler: Compiling config
file: /etc/icinga2/conf.d/hosts/localhost.conf
[2014-07-07 09:44:08 -0400] information/ConfigCompiler: Compiling config
file: /etc/icinga2/conf.d/hosts/localhost/disk.conf
[2014-07-07 09:44:08 -0400] information/ConfigCompiler: Compiling config
file: /etc/icinga2/conf.d/hosts/localhost/http.conf
[2014-07-07 09:44:08 -0400] information/ConfigCompiler: Compiling config
file: /etc/icinga2/conf.d/hosts/localhost/icinga.conf
[2014-07-07 09:44:08 -0400] information/ConfigCompiler: Compiling config
file: /etc/icinga2/conf.d/hosts/localhost/load.conf
[2014-07-07 09:44:08 -0400] information/ConfigCompiler: Compiling config
file: /etc/icinga2/conf.d/hosts/localhost/procs.conf
[2014-07-07 09:44:08 -0400] information/ConfigCompiler: Compiling config
file: /etc/icinga2/conf.d/hosts/localhost/ssh.conf
[2014-07-07 09:44:08 -0400] information/ConfigCompiler: Compiling config
file: /etc/icinga2/conf.d/hosts/localhost/swap.conf
[2014-07-07 09:44:08 -0400] information/ConfigCompiler: Compiling config
file: /etc/icinga2/conf.d/hosts/localhost/users.conf
[2014-07-07 09:44:08 -0400] information/Utility: Loading library
'libcluster.so'
[2014-07-07 09:44:08 -0400] critical/config:
Config error:
/root/rpmbuild/BUILD/icinga2-master/lib/base/utility.cpp(387): Throw in
function static void* icinga::Utility::LoadExtensionLibrary(const
icinga::String&)
Dynamic exception type:
N5boost16exception_detail10clone_implINS0_19error_info_injectorISt13runtime_errorEEEE
std::exception::what: Could not load library 'libcluster.so':
libcluster.so: cannot open shared object file: No such file or directory
[PN6icinga10StackTraceE] =
(0) libbase.so:
icinga::Utility::LoadExtensionLibrary(icinga::String const&) (+0x3e5)
[0x3e63f03505] (??:0)
(1) libconfig.so: yyparse(icinga::ConfigCompiler*) (+0x2696)
[0x3e62a8a8f6] (??:0)
(2) libconfig.so: icinga::ConfigCompiler::Compile() (+0x94)
[0x3e62a8e534] (??:0)
(3) libconfig.so:
icinga::ConfigCompiler::CompileStream(icinga::String const&,
std::istream*, icinga::String const&) (+0xc5) [0x3e62a70f75] (??:0)
(4) libconfig.so:
icinga::ConfigCompiler::CompileFile(icinga::String const&,
icinga::String const&) (+0x8f2) [0x3e62a71f92] (??:0)
(5) icinga2: Main() (+0x21dc) [0x4188cc] (??:0)
(6) icinga2: main (+0x2c) [0x41ae4c] (??:0)
(7) libc.so.6: __libc_start_main (+0xfd) [0x3a3641ed1d] (??:0)
(8) icinga2() [0x416049]

[PN6icinga12ContextTraceE] =
(0) Compiling configuration stream with name
'/etc/icinga2/icinga2.conf'
(1) Compiling configuration file '/etc/icinga2/icinga2.conf'

[2014-07-07 09:44:08 -0400] critical/config: 1 errors, 0 warnings.

The problem is the cluster library, Any idea?

There is no libcluster. Which file does included that? Remove/purge that faulty configuration.

2014-07-07 14:35 GMT+02:00 Michael Friedrich
<[email protected] <mailto:[email protected]>>:

On 07.07.2014 13 <tel:07.07.2014%2013>:59, Alfonso Pace wrote:

My CONFIG is
- icinga2.conf
include "constants.conf"
include "zones.conf"
include <itl>
include <plugins>
include "features-enabled/*.conf"
include_recursive "conf.d"

Ok, standard default.

- constants.conf
const PluginDir = "/usr/lib64/nagios/plugins"
const NodeName = "icinga2a"
const ZoneName = "config-ha-master"

And the one on your secondary icinga2b host looks like?

- zones.conf

object Endpoint NodeName {
host = NodeName
}
object Endpoint "icinga2b" {
host = "icinga2b"
}
object Zone ZoneName {
endpoints = [ NodeName ]
}
object Zone "check-satellite" {
endpoints = [ "icinga2b" ]
parent = ZoneName
}
object Zone "global-templates" {
global = true
}

Same - the one on the secondary host looks like?

The CA is located in /root/icinga2/ and the file api.conf is the
follow:

object ApiListener "api" {
cert_path = SysconfDir + "/icinga2/pki/" + NodeName + ".crt"
key_path = SysconfDir + "/icinga2/pki/" + NodeName + ".key"
ca_path = SysconfDir + "/icinga2/pki/ca.crt"
accept_config=true
}

# ls -la /etc/icinga2/pki/

I attach my conf file. In another link I found this:

library "cluster"

object ClusterListener "cluster" {
ca_path = "/etc/icinga2/ca/ca.crt"
cert_path = "/etc/icinga2/ca/icinga-node-1.crt"
key_path = "/etc/icinga2/ca/icinga-node-1.key"

bind_port = 8888

peers = [ "icinga-node-2" ]
}
Where should I put this setup? I have to create a file called cluster.conf?

That's outdated and does not work with 2.0.0. Where did you find
that? It's not in the official documentation which will *always*
reflect the latest and greatest supported stuff. I wouldn't trust
the internet that much, if a project provides valuable
documentation. And if there is something unclear, help make it
better, or even tell about it.

Thank's in advance for your precious help!!

2014-07-07 13:03 GMT+02:00 Michael Friedrich
<[email protected] <mailto:[email protected]>>:

On 07.07.2014 12 <tel:07.07.2014%2012>:11, Alfonso Pace wrote:

Hi,
I have configured my Icinga in cluster mode but I have an
error and I
can't undestand where is the problem...
The error is the follow:
tail /var/log/icinga2/startup.log
[2014-07-07 07:03:40 -0400] information/ConfigItem:
Checked 2 HostGroup(s).
[2014-07-07 07:03:40 -0400] information/ConfigItem: Checked 3
ServiceGroup(s).
[2014-07-07 07:03:40 -0400] information/ConfigItem:
Checked 1 Host(s).
[2014-07-07 07:03:40 -0400] information/ConfigItem:
Checked 10 Service(s).
[2014-07-07 07:03:40 -0400] information/ConfigItem:
Checked 1 User(s).
[2014-07-07 07:03:40 -0400] information/ConfigItem: Checked 11
Notification(s).
[2014-07-07 07:03:40 -0400] information/ConfigItem: Checked 1
ScheduledDowntime(s).
[2014-07-07 07:03:40 -0400] information/ConfigItem:
Checked 1 UserGroup(s).
[2014-07-07 07:03:40 -0400] information/ConfigItem: Checked 1
IcingaApplication(s).
[2014-07-07 07:03:40 -0400] critical/icinga-app: The
daemon could not be
started. See logfile for details.

I looked the /var/log/icinga2/error.log config and there
is the information:
tail /var/log/icinga2/error.log
(11) libbase.so:
icinga::WorkQueue::WorkerThreadProc() (+0x56f)
[0x3e63f160bf] (??:0)
(12) libboost_thread-mt.so.5: thread_proxy (+0x77)
[0x3e62e0ad47] (??:0)
(13) /lib64/libpthread.so.0() [0x3a368079d1]
(14) libc.so.6: clone (+0x6d) [0x3a364e8b5d] (??:0)

***
* This would indicate a runtime problem or configuration
error. If you
believe this is a bug in Icinga 2
* please submit a bug report at https://dev.icinga.org/
and include this
stack trace as well as any other
* information that might be useful in order to reproduce
this problem.
***

I created configuration using this paragraph:
http://docs.icinga.org/icinga2/latest/doc/module/icinga2/toc#!/icinga2/latest/doc/module/icinga2/chapter/monitoring-remote-systems#distributed-monitoring-high-availability
<http://docs.icinga.org/icinga2/latest/doc/module/icinga2/toc#%21/icinga2/latest/doc/module/icinga2/chapter/monitoring-remote-systems%23distributed-monitoring-high-availability>

I setting in my master machine the hostname icinga2a and
the zone.
In zones.conf i have setted the remote icinga slave and
the zone checker.
I created the certificates using the command for my 2
installation.
In my environment I have 2 machine in the same network:
1 icinga installation for the master (1 machine)
1 icinga installation for the slave (1 machine)

You have to copy the certificates in the slave machine? In
the slave
machinemust replicate the configuration file zones.conf?

I want to see YOUR configuration. I am aware of the
documentation, I
partially wrote it.

2014-07-06 15:35 GMT+02:00 Michael Friedrich
<[email protected]
<mailto:[email protected]>
<mailto:[email protected]
<mailto:[email protected]>>>:

On 30.06.2014 10:09, Alfonso Pace wrote:

Hello everyone, I have a problem with the
configuration of icinga
2 cluster.
I would like to install a master server (NOC) and
a slave that
sends the information to the master node. What
should be set on
the master node? What values do I put in and
what constants.cfg
in zones.cfg?
I need to create certificates only on the master
or the slave?
Someone could tell me the detailed procedure please?
Once you have configured both servers to the
distributed mode and
then creating a noc where I have to save the
configuration file
for the check? Should be placed on the central
server (Master NOC)
that will send them to the various zones or
servers should be
placed in individual zones?
Can anyone help me?
Thanks in advance!

That's why too much questions.

First off, you should consider reading the
documentation and setup
your certificate chain. Then get an idea about the
scenario (one
config master, and a remote satellite). Once you've
drawn a plan,
create the zone and endpoint configuration based on
that. Bring up
the 2 nodes (2 local test vms could help).

If the cluster handshake works, verify how to add
additional
configuration for synchronisation.

--
--
ATTENTION: Privacy Policy – D.L.gs <http://D.L.gs>
196/2003
The information contained in this email message
are of a private
and confidential nature and are exclusively
addressed to the
person indicated above. In case you have received
this email in
error, we comunicate to you that by Law, it is
forbidden for
another person to use, make known, distribute or
copy the
contents. You are asked to report it immediately,
replying to the
sender and destroying the contents (including any
attached files)
without making a copy or reading the contents. The
message and the
attachments are protected and scanned with an
antivirus protection

_______________________________________________
icinga-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.icinga.org/mailman/listinfo/icinga-users

--
Michael Friedrich, DI (FH)
Application Developer

NETWAYS GmbH | Deutschherrnstr. 15-19 | D-90429 Nuernberg
Tel: +49 911 92885-0 <tel:%2B49%20911%2092885-0> |
Fax: +49 911 92885-77 <tel:%2B49%20911%2092885-77>
GF: Julian Hein, Bernd Erk | AG Nuernberg HRB18461
http://www.netways.de | [email protected]
<mailto:[email protected]>
<mailto:[email protected]
<mailto:[email protected]>>

** Open Source Backup Conference 2014 - September -
osbconf.org <http://osbconf.org>
<http://osbconf.org> **
** Puppet Camp Duesseldorf 2014 - Oktober -
netways.de/puppetcamp <http://netways.de/puppetcamp>
<http://netways.de/puppetcamp> **
** OSMC 2014 - November - netways.de/osmc
<http://netways.de/osmc> <http://netways.de/osmc> **
** OpenNebula Conf 2014 - Dezember -
opennebulaconf.com <http://opennebulaconf.com>
<http://opennebulaconf.com> **

_______________________________________________
icinga-users mailing list
[email protected]
<mailto:[email protected]>
<mailto:[email protected]
<mailto:[email protected]>>
https://lists.icinga.org/mailman/listinfo/icinga-users

--
--
ATTENTION: Privacy Policy – D.L.gs <http://D.L.gs>
<http://D.L.gs> 196/2003
The information contained in this email message are of a
private and
confidential nature and are exclusively addressed to the
person
indicated above. In case you have received this email in
error, we
comunicate to you that by Law, it is forbidden for another
person to
use, make known, distribute or copy the contents. You are
asked to
report it immediately, replying to the sender and
destroying the
contents (including any attached files) without making a
copy or reading
the contents. The message and the attachments are
protected and scanned
with an antivirus protection

_______________________________________________
icinga-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.icinga.org/mailman/listinfo/icinga-users

--
Michael Friedrich, DI (FH)
Application Developer

NETWAYS GmbH | Deutschherrnstr. 15-19 | D-90429 Nuernberg
Tel: +49 911 92885-0 <tel:%2B49%20911%2092885-0> | Fax: +49
911 92885-77 <tel:%2B49%20911%2092885-77>
GF: Julian Hein, Bernd Erk | AG Nuernberg HRB18461
http://www.netways.de | [email protected]
<mailto:[email protected]>

** Open Source Backup Conference 2014 - September -
osbconf.org <http://osbconf.org> **
** Puppet Camp Duesseldorf 2014 - Oktober -
netways.de/puppetcamp <http://netways.de/puppetcamp> **
** OSMC 2014 - November - netways.de/osmc
<http://netways.de/osmc> **
** OpenNebula Conf 2014 - Dezember - opennebulaconf.com
<http://opennebulaconf.com> **
_______________________________________________
icinga-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.icinga.org/mailman/listinfo/icinga-users

--
--
ATTENTION: Privacy Policy – D.L.gs <http://D.L.gs> 196/2003
The information contained in this email message are of a private
and confidential nature and are exclusively addressed to the
person indicated above. In case you have received this email in
error, we comunicate to you that by Law, it is forbidden for
another person to use, make known, distribute or copy the
contents. You are asked to report it immediately, replying to the
sender and destroying the contents (including any attached files)
without making a copy or reading the contents. The message and the
attachments are protected and scanned with an antivirus protection

_______________________________________________
icinga-users mailing list
[email protected] <mailto:[email protected]>
https://lists.icinga.org/mailman/listinfo/icinga-users

--
Michael Friedrich, DI (FH)
Application Developer

NETWAYS GmbH | Deutschherrnstr. 15-19 | D-90429 Nuernberg
Tel: +49 911 92885-0 <tel:%2B49%20911%2092885-0> | Fax: +49 911
92885-77 <tel:%2B49%20911%2092885-77>
GF: Julian Hein, Bernd Erk | AG Nuernberg HRB18461
http://www.netways.de | [email protected]
<mailto:[email protected]>

** Open Source Backup Conference 2014 - September - osbconf.org
<http://osbconf.org> **
** Puppet Camp Duesseldorf 2014 - Oktober - netways.de/puppetcamp
<http://netways.de/puppetcamp> **
** OSMC 2014 - November - netways.de/osmc <http://netways.de/osmc> **
** OpenNebula Conf 2014 - Dezember - opennebulaconf.com
<http://opennebulaconf.com> **

_______________________________________________
icinga-users mailing list
[email protected] <mailto:[email protected]>
https://lists.icinga.org/mailman/listinfo/icinga-users

--
--
ATTENTION: Privacy Policy – D.L.gs <http://D.L.gs> 196/2003
The information contained in this email message are of a private and
confidential nature and are exclusively addressed to the person
indicated above. In case you have received this email in error, we
comunicate to you that by Law, it is forbidden for another person to
use, make known, distribute or copy the contents. You are asked to
report it immediately, replying to the sender and destroying the
contents (including any attached files) without making a copy or reading
the contents. The message and the attachments are protected and scanned
with an antivirus protection

_______________________________________________
icinga-users mailing list
[email protected]
https://lists.icinga.org/mailman/listinfo/icinga-users

--
DI (FH) Michael Friedrich

[email protected] || icinga open source monitoring
https://twitter.com/dnsmichi || lead core developer
[email protected] || https://www.icinga.org/team
irc.freenode.net/icinga || dnsmichi
_______________________________________________
icinga-users mailing list
[email protected]
https://lists.icinga.org/mailman/listinfo/icinga-users

--

--

ATTENTION: Privacy Policy – D.L.gs 196/2003
The information contained in this email message are of a private and confidential nature and are exclusively addressed to the person indicated above. In case you have received this email in error, we comunicate to you that by Law, it is forbidden for another person to use, make known, distribute or copy the contents. You are asked to report it immediately, replying to the sender and destroying the contents (including any attached files) without making a copy or reading the contents. The message and the attachments are protected and scanned with an antivirus protection
_______________________________________________
icinga-users mailing list
[email protected]
https://lists.icinga.org/mailman/listinfo/icinga-users

--
Michael Friedrich, DI (FH)
Application Developer

NETWAYS GmbH | Deutschherrnstr. 15-19 | D-90429 Nuernberg
Tel: +49 911 92885-0 | Fax: +49 911 92885-77
GF: Julian Hein, Bernd Erk | AG Nuernberg HRB18461
http://www.netways.de | [email protected]

** Open Source Backup Conference 2014 - September - osbconf.org **
** Puppet Camp Duesseldorf 2014 - Oktober - netways.de/puppetcamp **
** OSMC 2014 - November - netways.de/osmc **
** OpenNebula Conf 2014 - Dezember - opennebulaconf.com **

_______________________________________________
icinga-users mailing list
[email protected]
https://lists.icinga.org/mailman/listinfo/icinga-users

Re: [icinga-users] How to configure Icinga2 Cluster

Reply via email to