NetEye comes with a default Endpoint name, that does not correstpond to your FQDN. This is a problem when deploying Agents not able to resolve that name. Therefore we need to:
- change the name of the Endpoint
- Generate the certificates
- Validate configuration and align your director configuration
Remember Master vs. Satellite configuration Service Name: icinga2-master.service ConfigDir: /neteye/shared/icinga2/conf/icinga2
Define Hostname in /etc/hosts
192.168.11.72 neteye4_trainer_master.neteye.lab neteye4_trainer_master
192.168.11.73 neteye4_trainer_satellite.neteye.lab neteye4_trainer_satellite
Define Hostname and Zone in constants.conf
const NodeName = "neteye4_trainer_master"
const ZoneName = "master"
Breaking note: When removing an Endpoint from zones.conf while still using this endpoint name as Endpoint for Director or other monitoring orjects, you need FIRST to migrate those elements to the new endpoint before removing the old one. Therefore:
- leave old endpoint in zones.conf and add the new one
- add new endpoint to zones.conf and generate certificates
- validate and reload Icinga2-master service
- Align Director and monitoring
- Remove old Endpoint definition
Define Endpoint and Zone in zones.conf
#This is the new Endpoint
object Endpoint "neteye4_trainer_master" {
}
#This is the Endpoint to remove
object Endpoint "icinga2-master.neteyelocal" {
}
object Zone "master" {
endpoints = [ "icinga2-master.neteyelocal", "neteye4_trainer_master" ]
}
Generate certificates for each icinga2 satellite
Note: Generate and sign certificates where icinga2-master service is running! Certificate creation for new endpoint and sign of it
# cd /neteye/shared/icinga2/data/lib/icinga2/certs/
# export icinga_node_name="neteye4vm1.yourdomain.local"
# icinga2 pki new-cert --cn "${icinga_node_name}" --key "${icinga_node_name}.key" --cert "${icinga_node_name}.crt" --csr "${icinga_node_name}.csr"
# icinga2-master pki sign-csr --csr ${icinga_node_name}.csr --cert ${icinga_node_name}.crt
Sign CSR (Certificate Signing Request):
# icinga2-master pki sign-csr --csr neteye4_trainer_master.csr --cert neteye4_trainer_master.crt
Validate Icinga2 configuration:
# /usr/sbin/icinga2-master daemon –validate
See Problems from icinga2 log
# journalctl -u icinga2-master
Restart icinga2-master service
# systemctl restart icinga2-master.service
Synchronize Director to Icinga2 Infrastructure defining now the new Endpoint name Icinga Director -> Infrastructure -> Kickstart Wizard