Icinga2
https://icinga.com/docs/icinga-2/latest/doc/06-distributed-monitoring/
Setup master
icinga2 node wizard
Please specify if this is an agent/satellite setup ('n' installs a master setup) [Y/n]: n
Please specify the common name: ENTER
Master zone name [master]: ENTER
Do you want to specify additional global zones? [y/N]: ENTER
Bind Host []: ENTER
Bind Port []: ENTER
Add an agent
On master node create a ticket:
icinga2 pki ticket --cn <agent-hostname>
On agent:
icinga2 node wizard
Please specify if this is an agent/satellite setup ('n' installs a master setup) [Y/n]: ENTER
Please specify the common name (CN) ENTER
Please specify the parent endpoint(s) (master or satellite) where this node should connect to: beta.fechner.net
Do you want to establish a connection to the parent node from this node? [Y/n]: ENTER
Master/Satellite endpoint host (IP address or FQDN): beta.fechner.net
Master/Satellite endpoint port [5665]: ENTER
Add more master/satellite endpoints? [y/N]: ENTER
Now it will display you information about the master, to ensure it is all correct execute on the master the following:
openssl x509 -noout -fingerprint -sha256 -in "/var/lib/icinga2/certs/$(hostname -f).crt"
Now compare the fingerprint and if it is ok, execute on the agent:
Is this information correct? [y/N]: y
Please specify the request ticket generated on your Icinga 2 master (optional). PASTE THE TICKET YOU GENERATED BEFORE
Bind Host []: ENTER
Bind Port []: ENTER
Accept config from parent node? [y/N]: y
Accept commands from parent node? [y/N]: y
Create CA
icinga2 pki new-ca
Key for master node
Check hostname with:
hostname -f
Use the hostname:
icinga2 pki new-cert --cn <hostname> --key <hostname>.key --csr <hostname>.csr
Sign the key with:
icinga2 pki sign-csr --csr <hostname>.csr --cert <hostname>.crt