Icinga2

https://icinga.com/docs/icinga-2/latest/doc/06-distributed-monitoring/

Setup master

icinga2 node wizard

Please specify if this is an agent/satellite setup ('n' installs a master setup) [Y/n]: n

Please specify the common name: ENTER

Master zone name [master]: ENTER

Do you want to specify additional global zones? [y/N]: ENTER

Bind Host []: ENTER
Bind Port []: ENTER

Add an agent

On master node create a ticket:

icinga2 pki ticket --cn <agent-hostname>

On agent:

icinga2 node wizard

Please specify if this is an agent/satellite setup ('n' installs a master setup) [Y/n]: ENTER

Please specify the common name (CN) ENTER

Please specify the parent endpoint(s) (master or satellite) where this node should connect to: beta.fechner.net

Do you want to establish a connection to the parent node from this node? [Y/n]: ENTER

Master/Satellite endpoint host (IP address or FQDN): beta.fechner.net
Master/Satellite endpoint port [5665]: ENTER

Add more master/satellite endpoints? [y/N]: ENTER

Now it will display you information about the master, to ensure it is all correct execute on the master the following:

openssl x509 -noout -fingerprint -sha256 -in "/var/lib/icinga2/certs/$(hostname -f).crt"

Now compare the fingerprint and if it is ok, execute on the agent:

Is this information correct? [y/N]: y

Please specify the request ticket generated on your Icinga 2 master (optional). PASTE THE TICKET YOU GENERATED BEFORE

Bind Host []: ENTER
Bind Port []: ENTER

Accept config from parent node? [y/N]: y
Accept commands from parent node? [y/N]: y

Create CA

icinga2 pki new-ca

Key for master node

Check hostname with:

hostname -f

Use the hostname:

icinga2 pki new-cert --cn <hostname> --key <hostname>.key --csr <hostname>.csr

Sign the key with:

icinga2 pki sign-csr --csr <hostname>.csr --cert <hostname>.crt