1.Install icinga2 using yum install icinga2. At this time, my hostname is still the generated one from Azure:
[root@vm-icinga2test-01 ~]# hostnamectl
Static hostname: vm-icinga2test-01
Icon name: computer-vm
Chassis: vm
Machine ID: 97da09219a2d42489c8b8f748e6d2fb7
Boot ID: cd88789023514e32a18a6b843068a1d2
Virtualization: microsoft
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-862.11.6.el7.x86_64
Architecture: x86-64
[root@vm-icinga2test-01 ~]# hostname --fqdn
vm-icinga2test-01.1fejhddejz1ulibi4ibt1rvwid.ax.internal.cloudapp.net
constants.conf looks like this:
[root@vm-icinga2test-01 ~]# grep Name /etc/icinga2/constants.conf
//const NodeName = "localhost"
const ZoneName = NodeName
When I try to run icinga2 api setup at this stage, it will fail because the hostname is too long for x509.
2.Change var in constants.conf and change hostname
[root@vm-icinga2test-01 ~]# hostnamectl set-hostname vm-icinga2test-01.example.com
[root@vm-icinga2test-01 ~]# hostname --fqdn
vm-icinga2test-01.example.com
[root@vm-icinga2test-01 ~]# grep Name /etc/icinga2/constants.conf
const NodeName = "vm-icinga2test-01.example.com"
const ZoneName = NodeName
3.Perform icinga2 api setup which fails
[root@vm-icinga2test-01 ~]# icinga2 api setup
information/cli: Generating new CA.
information/base: Writing private key to '/var/lib/icinga2/ca//ca.key'.
information/base: Writing X509 certificate to '/var/lib/icinga2/ca//ca.crt'.
information/cli: Generating new CSR in '/var/lib/icinga2/certs//vm-icinga2test-01.1fejhddejz1ulibi4ibt1rvwid.ax.internal.cloudapp.net.csr'.
information/base: Writing private key to '/var/lib/icinga2/certs//vm-icinga2test-01.1fejhddejz1ulibi4ibt1rvwid.ax.internal.cloudapp.net.key'.
information/base: Writing certificate signing request to '/var/lib/icinga2/certs//vm-icinga2test-01.1fejhddejz1ulibi4ibt1rvwid.ax.internal.cloudapp.net.csr'.
information/cli: Signing CSR with CA and writing certificate to '/var/lib/icinga2/certs//vm-icinga2test-01.1fejhddejz1ulibi4ibt1rvwid.ax.internal.cloudapp.net.crt'.
critical/SSL: Error with x509 NAME getting text by NID: 218603671, "error:0D07A097:asn1 encoding routines:ASN1_mbstring_ncopy:string too long"
critical/Application: Error: std::exception
Additional information is available in '/var/log/icinga2/crash/report.1550475507.211740'
Aborted
4.Run icinga2 daemon -C:
[root@vm-icinga2test-01 ~]# icinga2 daemon -C
[2019-02-18 07:38:42 +0000] information/cli: Icinga application loader (version: r2.10.2-1)
[2019-02-18 07:38:42 +0000] information/cli: Loading configuration file(s).
[2019-02-18 07:38:42 +0000] information/ConfigItem: Committing config item(s).
[2019-02-18 07:38:42 +0000] information/ConfigItem: Instantiated 1 ScheduledDowntime.
[2019-02-18 07:38:42 +0000] information/ConfigItem: Instantiated 11 Services.
[2019-02-18 07:38:42 +0000] information/ConfigItem: Instantiated 1 IcingaApplication.
[2019-02-18 07:38:42 +0000] information/ConfigItem: Instantiated 1 Host.
[2019-02-18 07:38:42 +0000] information/ConfigItem: Instantiated 1 FileLogger.
[2019-02-18 07:38:42 +0000] information/ConfigItem: Instantiated 2 NotificationCommands.
[2019-02-18 07:38:42 +0000] information/ConfigItem: Instantiated 12 Notifications.
[2019-02-18 07:38:42 +0000] information/ConfigItem: Instantiated 1 NotificationComponent.
[2019-02-18 07:38:42 +0000] information/ConfigItem: Instantiated 2 HostGroups.
[2019-02-18 07:38:42 +0000] information/ConfigItem: Instantiated 1 CheckerComponent.
[2019-02-18 07:38:42 +0000] information/ConfigItem: Instantiated 3 Zones.
[2019-02-18 07:38:42 +0000] information/ConfigItem: Instantiated 1 Endpoint.
[2019-02-18 07:38:42 +0000] information/ConfigItem: Instantiated 1 User.
[2019-02-18 07:38:42 +0000] information/ConfigItem: Instantiated 215 CheckCommands.
[2019-02-18 07:38:42 +0000] information/ConfigItem: Instantiated 1 UserGroup.
[2019-02-18 07:38:42 +0000] information/ConfigItem: Instantiated 3 ServiceGroups.
[2019-02-18 07:38:42 +0000] information/ConfigItem: Instantiated 3 TimePeriods.
[2019-02-18 07:38:42 +0000] information/ScriptGlobal: Dumping variables to file '/var/cache/icinga2/icinga2.vars'
[2019-02-18 07:38:42 +0000] information/cli: Finished validating the configuration file(s).
5.Re-run the setup
[root@vm-icinga2test-01 ~]# icinga2 api setup
information/cli: Generating new CA.
critical/cli: CA files '/var/lib/icinga2/ca//ca.crt' and '/var/lib/icinga2/ca//ca.key' already exist.
warning/cli: Found CA, skipping and using the existing one.
information/cli: Generating new CSR in '/var/lib/icinga2/certs//vm-icinga2test-01.example.com.csr'.
information/base: Writing private key to '/var/lib/icinga2/certs//vm-icinga2test-01.example.com.key'.
information/base: Writing certificate signing request to '/var/lib/icinga2/certs//vm-icinga2test-01.example.com.csr'.
information/cli: Signing CSR with CA and writing certificate to '/var/lib/icinga2/certs//vm-icinga2test-01.example.com.crt'.
information/pki: Writing certificate to file '/var/lib/icinga2/certs//vm-icinga2test-01.example.com.crt'.
information/cli: Copying CA certificate to '/var/lib/icinga2/certs//ca.crt'.
information/cli: Adding new ApiUser 'root' in '/etc/icinga2/conf.d/api-users.conf'.
information/cli: Enabling the 'api' feature.
Enabling feature api. Make sure to restart Icinga 2 for these changes to take effect.
information/cli: Updating 'NodeName' constant in '/etc/icinga2/constants.conf'.
information/cli: Created backup file '/etc/icinga2/constants.conf.orig'.
information/cli: Updating 'ZoneName' constant in '/etc/icinga2/constants.conf'.
information/cli: Backup file '/etc/icinga2/constants.conf.orig' already exists. Skipping backup.
Done.
Now restart your Icinga 2 daemon to finish the installation!
It seems to work this way. Also constants.conf is rewritten with correct vars set:
[root@vm-icinga2test-01 ~]# grep Name /etc/icinga2/constants.conf
const NodeName = "vm-icinga2test-01.example.com"
const ZoneName = "vm-icinga2test-01.example.com"
6.Run icinga2 node setup --master:
information/cli: Checking in existing certificates for common name 'vm-icinga2test-01.example.com...
warning/cli: Certificate '/var/lib/icinga2/certs//vm-icinga2test-01.example.com.crt' for CN 'vm-icinga2test-01.example.com' already exists. Not generating new certificate.
information/cli: Generating master configuration for Icinga 2.
information/cli: API user config file '/etc/icinga2/conf.d/api-users.conf' already exists, not creating config file.
information/cli: 'api' feature already enabled.
information/cli: Generating zone and object configuration.
information/cli: Dumping config items to file '/etc/icinga2/zones.conf'.
information/cli: Backup file '/etc/icinga2/zones.conf.orig' already exists. Skipping backup.
information/cli: Updating the APIListener feature.
information/cli: Backup file '/etc/icinga2/features-available/api.conf.orig' already exists. Skipping backup.
information/cli: Updating 'NodeName' constant in '/etc/icinga2/constants.conf'.
information/cli: Backup file '/etc/icinga2/constants.conf.orig' already exists. Skipping backup.
information/cli: Updating 'ZoneName' constant in '/etc/icinga2/constants.conf'.
information/cli: Backup file '/etc/icinga2/constants.conf.orig' already exists. Skipping backup.
information/cli: Updating 'TicketSalt' constant in '/etc/icinga2/constants.conf'.
information/cli: Backup file '/etc/icinga2/constants.conf.orig' already exists. Skipping backup.
information/cli: Edit the api feature config file '/etc/icinga2/features-available/api.conf' and set a secure 'ticket_salt' attribute.