Foreman-monitoring and icinga2

Hi all,

I’ve been trying to setup the foreman-monitoring plugin to interface with icinga2 but I always end up having SSL errors in foreman logs, namely:

Error while uploading monitoring results to Foreman: SSL_connect returned=1 errno=0 state=error: certificate verify failed

I’ve setup icinga2 using their puppet module and enabled the api simply using:

class { '::icinga2::feature::api':
    pki => 'puppet',
}

and created a user for foreman:

icinga2::object::apiuser{ 'foreman':
    apiuser_name => 'foreman',
    password     => 'somepassword',
    permissions  => ["*"],
    target       => '/etc/icinga2/conf.d/api-users.conf',
}

In /etc/foreman-proxy/settings.d/monitoring_icinga2.yml I have :

    ---
    :enabled: true
    :server: myserver.mydomain.com
    # CA copied from my icinga2 server
    :api_cacert: /etc/foreman-proxy/monitoring/ca.crt
    :api_user: foreman
    :api_password: somepassword
    :verify_ssl: false

Am I missing something ?
Thanks!
carlm

After checking around in foreman again, I noticed I could add my server as a monitoring-proxy for my nodes and they would be added in Icinga. So I’m guessing this somehow works sort-of ?

Sorry for bumping, I couldn’t edit my post it seems.

Post editing is only allowed for a brief window of time, as we have quite a lot of email-based users who don’t see the edits.

@TimoGoebel and @Dirk are the plugin authors, hopefully one of them can comment :slight_smile:

@carlm: I believe, the only thing not working is the smart proxy reporting changes back to Foreman. Make sure, the root certificate of your foreman instance is trusted on your smart-proxy host.
You can check via curl https://your-foreman.example.com/. That should work without the -k parameter.

1 Like

From my Icinga2 server, curl https://my-foreman.example.com/ works without any issues or invalid certificate.
So it seems as if it should just work ?