I want to set up Icinga2 remote clients via Puppet, but the whole page of official documentation talks about using their awesome CLI wizard, which requires to be run manually.
Any workaround? Maybe I should just go back to Nagios?
I want to set up Icinga2 remote clients via Puppet, but the whole page of official documentation talks about using their awesome CLI wizard, which requires to be run manually.
Any workaround? Maybe I should just go back to Nagios?
I had the same issue. This is what I use, after extracting the logic from the icinga2 node wizard code.
Variables you will need:
The code:
It's like TryTryAgain wrote. The latest docs describe two different ways. Top-Down Remote Command Execution and Top-Down Config Sync
The difference of this approaches is that remote command execution will trigger all commands from master while config sync will sync all config files located in
/etc/icinga2/zones.d
to the child nodes (satelites as well as clients) and trigger command execution directly on the endpoint.I prefer to use the Top-Down Config Sync approach because the client will run checks even if the master looses connection to the child.
You have to enable the
API
feature on all nodes.Now create a zone file and copy it to all nodes
best practice is to use the fqdn of your nodes as endpoint name as well as zone name. Remember: copy this
zones.conf
to all nodes.Next step would be to define all services, templates and groups inside of
/etc/icinga2/zones.d/
and each host in it's own hosts.conf inside of it's zone directory.My approach was to prevent using the configs inside
/etc/icinga2/conf.d
because I added all the generic (and global used) stuff in/etc/icinga2/zones.d/global
and the host specific stuff inside/etc/icinga2/zones.d/fqdnX.of.host
Last but not least you have to remove the include statement for conf.d
That's it. This setup requires to manage your certificates manually or with the config management of your choice. It will not generate it and is not using the icinga pki. Don't see any reason why I should use a tool specific pki as long as there are specific tools for this.