Estou recebendo um erro de certificado ao adicionar hosts no Icinga! Eu sou muito novo para isso, não é capaz de descobrir o erro, mas recebi as chaves e os certificados apropriados do cliente!
+ cd /etc/icinga2
+ mkdir -p pki
+ chown icinga:icinga /etc/icinga2/pki
++ cat /etc/bashrc
++ grep -i '&& PS1'
++ cut -d@ -f2
++ awk '{print $1}'
+ fqdn=xyz-host
++ icinga2 pki ticket --cn ''\''xyz-host'\''' --salt xxxx-xxx
+ ticket1=xxx-xxxx
+ icinga2 pki new-cert --cn xyz-host --key /etc/icinga2/pki/xyz-host.key --cert /etc/icinga2/pki/xyz-host.crt
information/base: Writing private key to '/etc/icinga2/pki/xyz-host.key'.
information/base: Writing X509 certificate to '/etc/icinga2/pki/xyz-host.crt'.
+ icinga2 pki save-cert --key /etc/icinga2/pki/xyz-host.key --cert /etc/icinga2/pki/xyz-host.crt --trustedcert /etc/icinga2/pki/trusted-master.crt --host icinga-master
information/cli: Writing trusted certificate to file '/etc/icinga2/pki/trusted-master.crt'.
+ icinga2 pki request --host icinga-master --port 5665 --ticket XXX_XXXX --key /etc/icinga2/pki/xyz-host.key --cert /etc/icinga2/pki/xyz-host.crt --trustedcert /etc/icinga2/pki/trusted-master.crt --ca /etc/icinga2/pki/ca.crt
critical/cli: Could not fetch valid response. Please check the master log (notice or debug).
+ chown icinga:icinga ca.crt
chown: cannot access 'ca.crt': No such file or directory
+ icinga2 node setup --ticket XXXX_XXX --endpoint icinga-master --zone xyz-host --master_host icinga-master --trustedcert /etc/icinga2/pki/trusted-master.crt --cn xyz-host --accept-commands --accept-config
information/cli: Verifying ticket 'XXXX-XXX'.
information/cli: Verifying master host connection information: host 'icinga-master', port '5665'.
information/cli: Verifying trusted certificate from file '/etc/icinga2/pki/trusted-master.crt'.
information/cli: Using the following CN (defaults to FQDN): 'xyz-host'.
warning/cli: Backup file '/etc/icinga2/pki/xyz-host.key.orig' already exists. Skipping backup.
warning/cli: Backup file '/etc/icinga2/pki/xyz-host.crt.orig' already exists. Skipping backup.
information/base: Writing private key to '/etc/icinga2/pki/xyz-host.key'.
information/base: Writing X509 certificate to '/etc/icinga2/pki/xyz-host.crt'.
critical/cli: chown() failed with error code 2, "No such file or directory"
warning/cli: Cannot set ownership for user 'icinga' group 'icinga' on file '/etc/icinga2/pki/ca.crt'. Verify it yourself!
information/cli: Requesting a signed certificate from the master.
critical/cli: Could not fetch valid response. Please check the master log (notice or debug).
critical/cli: Failed to request certificate from Icinga 2 master.
Aqui está o script:
cd /etc/icinga2; mkdir -p pki ;chown icinga:icinga /etc/icinga2/pki
fqdn=$(cat /etc/bashrc | grep -i "&& PS1"| cut -d@ -f2| awk '{print $1}')
ticket1=$(icinga2 pki ticket --cn \'$fqdn\' --salt xxx-xxxx)
icinga2 pki new-cert --cn ${fqdn} --key /etc/icinga2/pki/${fqdn}.key --cert /etc/icinga2/pki/${fqdn}.crt
icinga2 pki save-cert --key /etc/icinga2/pki/${fqdn}.key --cert /etc/icinga2/pki/${fqdn}.crt --trustedcert /etc/icinga2/pki/trusted-master.crt --host icinga-master
icinga2 pki request --host icinga-master --port 5665 --ticket ${ticket1} --key /etc/icinga2/pki/${fqdn}.key --cert /etc/icinga2/pki/${fqdn}.crt --trustedcert /etc/icinga2/pki/trusted-master.crt --ca /etc/icinga2/pki/ca.crt
chown icinga:icinga ca.crt
icinga2 node setup --ticket ${ticket1} --endpoint icinga-master --zone ${fqdn} --master_host icinga-master --trustedcert /etc/icinga2/pki/trusted-master.crt --cn ${fqdn} --accept-commands --accept-config