Comments (5)
+1 Received same for Distributed
Also same end result for Standalone.
Vagrant version: Vagrant 2.0.2
box name: standalone/icinga2, distributed/icinga2 master1
Release version: c885d98
Operating System: Fedora 28
Provider: libvirt 4.1.0
from icinga-vagrant.
I don't have time atm to refactor this box. Probably I'll delete it, the setup wizards in 2.9 are super easy to build such an environment with just two blank VMs.
from icinga-vagrant.
==> icinga2-master1: Notice: /Stage[main]/Icinga2::Pki::Ca/File[/var/lib/icinga2/ca]/ensure: created
==> icinga2-master1: Notice: /Stage[main]/Icinga2::Pki::Ca/File[/var/lib/icinga2/ca/ca.crt]/ensure: defined content as '{md5}d339d32d448c50dcfd22a8cbc9a71e5b'
==> icinga2-master1: Notice: /Stage[main]/Icinga2::Pki::Ca/File[/var/lib/icinga2/ca/ca.key]/ensure: defined content as '{md5}e2a7d1f44a793ce1c52334ef05d722f0'
==> icinga2-master1: Notice: /Stage[main]/Icinga2::Pki::Ca/File[/etc/icinga2/pki/ca.crt]/ensure: defined content as '{md5}d339d32d448c50dcfd22a8cbc9a71e5b'
==> icinga2-master1: Notice: /Stage[main]/Icinga2::Pki::Ca/Exec[icinga2 pki create certificate signing request]/returns: executed successfully
==> icinga2-master1: Notice: /Stage[main]/Icinga2::Pki::Ca/File[/etc/icinga2/pki/icinga2-master1.vagrant.demo.icinga.com.key]/seluser: seluser changed 'unconfined_u' to 'system_u'
==> icinga2-master1: Notice: /Stage[main]/Icinga2::Pki::Ca/Exec[icinga2 pki sign certificate]: Triggered 'refresh' from 1 event
==> icinga2-master1: Notice: /Stage[main]/Icinga2::Pki::Ca/File[/etc/icinga2/pki/icinga2-master1.vagrant.demo.icinga.com.crt]/seluser: seluser changed 'unconfined_u' to 'system_u'
==> icinga2-master1: Notice: /Stage[main]/Icinga2::Pki::Ca/File[/etc/icinga2/pki/icinga2-master1.vagrant.demo.icinga.com.csr]/ensure: removed
This creates an empty client certificate.
[root@icinga2-master1 ~]# ls -la /var/lib/icinga2/certs//icinga2-master1.vagrant.demo.icinga.com.crt
-rw-r--r--. 1 icinga icinga 54 Jun 26 11:26 /var/lib/icinga2/certs//icinga2-master1.vagrant.demo.icinga.com.crt
[root@icinga2-master1 ~]# icinga2 daemon -C
[2018-06-26 11:34:26 +0200] information/cli: Icinga application loader (version: v2.8.4-795-ged1e45c)
[2018-06-26 11:34:26 +0200] information/cli: Loading configuration file(s).
[2018-06-26 11:34:26 +0200] information/ConfigItem: Committing config item(s).
[2018-06-26 11:34:26 +0200] warning/globals.getHostGeoLocation: Cannot find 'be' in GeoLocationShort
[2018-06-26 11:34:27 +0200] warning/ApiListener: Attribute 'key_path' for object 'api' of type 'ApiListener' is deprecated and should not be used.
[2018-06-26 11:34:27 +0200] warning/ApiListener: Attribute 'ca_path' for object 'api' of type 'ApiListener' is deprecated and should not be used.
[2018-06-26 11:34:27 +0200] warning/ApiListener: Attribute 'cert_path' for object 'api' of type 'ApiListener' is deprecated and should not be used.
[2018-06-26 11:34:27 +0200] warning/ApiListener: Please read the upgrading documentation for v2.8: https://www.icinga.com/docs/icinga2/latest/doc/16-upgrading-icinga-2/
[2018-06-26 11:34:27 +0200] critical/SSL: Error on bio X509 AUX reading pem file '/var/lib/icinga2/certs//icinga2-master1.vagrant.demo.icinga.com.crt': 0, "error:00000000:lib(0):func(0):reason(0)"
[2018-06-26 11:34:27 +0200] critical/config: Error: Cannot get certificate from cert path: '/var/lib/icinga2/certs//icinga2-master1.vagrant.demo.icinga.com.crt'.
Location: in /etc/icinga2/features-enabled/api.conf: 3:1-3:24
/etc/icinga2/features-enabled/api.conf(1): # This file is managed by Puppet. DO NOT EDIT.
/etc/icinga2/features-enabled/api.conf(2):
/etc/icinga2/features-enabled/api.conf(3): object ApiListener "api" {
^^^^^^^^^^^^^^^^^^^^^^^^
/etc/icinga2/features-enabled/api.conf(4): cert_path = "/etc/icinga2/pki/icinga2-master1.vagrant.demo.icinga.com.crt"
/etc/icinga2/features-enabled/api.conf(5): key_path = "/etc/icinga2/pki/icinga2-master1.vagrant.demo.icinga.com.key"
[2018-06-26 11:34:27 +0200] critical/config: 1 error
[root@icinga2-master1 ~]# openssl x509 -in /var/lib/icinga2/certs//icinga2-master1.vagrant.demo.icinga.com.crt -text
unable to load certificate
[root@icinga2-master1 ~]# cat /etc/icinga2/pki/icinga2-master1.vagrant.demo.icinga.com.crt
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
https://github.com/Icinga/puppet-icinga2/blob/master/manifests/pki/ca.pp#L157
[root@icinga2-master1 ~]# icinga2 pki new-cert --cn icinga2-master1.vagrant.demo.icinga.com --key icinga2-master1.vagrant.demo.icinga.com.key --csr icinga2-master1.vagrant.demo.icinga.com.csr
information/base: Writing private key to 'icinga2-master1.vagrant.demo.icinga.com.key'.
critical/SSL: Error while opening private RSA key file 'icinga2-master1.vagrant.demo.icinga.com.key': 33558541, "error:0200100D:system library:fopen:Permission denied"
[root@icinga2-master1 ~]# cd /tmp/
[root@icinga2-master1 tmp]# icinga2 pki new-cert --cn icinga2-master1.vagrant.demo.icinga.com --key icinga2-master1.vagrant.demo.icinga.com.key --csr icinga2-master1.vagrant.demo.icinga.com.csr
information/base: Writing private key to 'icinga2-master1.vagrant.demo.icinga.com.key'.
information/base: Writing certificate signing request to 'icinga2-master1.vagrant.demo.icinga.com.csr'.
[root@icinga2-master1 tmp]# icinga2 pki sign-csr --csr icinga2-master1.vagrant.demo.icinga.com.csr --cert icinga2-master1.vagrant.demo.icinga.com.crt
critical/SSL: Could not read RSA key from CA key file '/var/lib/icinga2/ca/ca.key': 101159039, "error:0607907F:digital envelope routines:EVP_PKEY_get1_RSA:expecting an rsa key"
information/pki: Writing certificate to file 'icinga2-master1.vagrant.demo.icinga.com.crt'.
from icinga-vagrant.
I've created the Puppet hieradata profiles based on a patch in git master which lately has been reverted. Therefore the used CA does not provide a valid RSA key. See Icinga/icinga2#5555. This isn't visible in the other boxes since they're just generating the certificates at runtime.
from icinga-vagrant.
Fixed it with creating new static certificates.
from icinga-vagrant.
Related Issues (20)
- Use Puppet roles to provide specific scenarios
- Use elastic/puppet-beats to install Elastic beats
- Evaluate Puppet 5 HOT 1
- ipaddress_eth1 Puppet fact not available with VirtualBox ("predictable interface names") HOT 6
- Elastic: Install Grafana and configure datasource & dashboards
- NFS v3 / UDP is disabled on Centos 7 - icinga-vagrant standalone fails to start HOT 3
- destroy only works in the vagrant directory HOT 2
- Update to Elastic 6.3
- Graylog Puppet Module support for Elasticsearch >= 6 HOT 3
- Demo with my servers? HOT 2
- Vagrant Up Fails with 'Undefined Local Variable Or Method' HOT 15
- GitLab CI playground
- Prometheus playground
- Graylog 3
- vmware workstation support HOT 1
- Vagrant Box "UP" fails at "puppet" installation
- Installation documentation for windows does not reflect current trees structure
- Standalone "vagrant up" fails due to "icingacli x509 import" returning 255 HOT 3
- vagrant up fails at /bin/yum -d 0 -e 0 -y install mod_ssl in standalone
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from icinga-vagrant.