Hi all.
I'm really running into a brick wall here so I'm hoping somebody can shed
some light, because my brain is dead.
We've been experimenting with puppet and I2 for a while internally.
We have an internal icinga server with web an notifications running happily
which was setup using the node wizard.
* It has CA keys and certs,
* It's configured as a master zone with itself as endpoint.
* we have some remote clients connected as satellites pushing their configs
to the internal I2 instance. this is working well.
* We're busy building the same Master with multiple clients for each region
we'll have a presence in
What I'm trying to get right is multiple hierarchies in this configuration.
I want the region which will have it's own I2 and clients to send all check
results to the Internal I2 instance we have.
Here is a crude diagram:
Master I2 + Web
^
|
Secondary I2 + Web
^
|
Satellites
This way each region will have their own dashboard, and we have a dashboard
over all regions and can do notifications from a central place.
All configs will be done on the clients using puppet, which will then feed
up to the master and finally up to the internal I2 instance.
So now, I can either get the secondary master and the clients talking, or
the internal I2 and the secondary I2 instance talking, not all three.
So some question I can't seem to get clear answers for is :
1. If I generate a CA on Master and Secondary, how do I connect them to not
get authentication errors ?
2. If I use the master CA to sign the secondary, how do I get the clients
signed to connect to the secondary ?
I hope this all makes sense.
Henti
--
--
_______________________________________________
icinga-users mailing list
[email protected]
https://lists.icinga.org/mailman/listinfo/icinga-users
