You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
the execs for certificate generation and retrieval fail, as the folders belong to the monitoring user and /sbin/icinga2 runs as root. As it is switching to icinga automagically somewhere, it can't access the folders and puppet runs fail with messages like
Error: '"/sbin/icinga2" pki request --host ppr-mon0-ems-v02-mgmt.sf-rz.de --port 5665 --ca /var/lib/icinga2/certs/ca.crt --key /var/lib/icinga2/certs/vpt-krn3-bcl-v62.sf-rz.de.key --cert /var/lib/icinga2/certs/vpt-krn3-bcl-v62.sf-rz.de.crt --trustedcert /var/lib/icinga2/certs/trusted-cert.crt --ticket redacted' returned instead of one of [0]
Expected Behavior
Icinga uses the user we specify in the globals to run /sbin/icinga2
Current Behavior
The exec runs as root and /sbin/icinga2 switches to the default icinga user and fails due to missing permissions
Possible Solution
Setting the environment when running /sbin/icinga2
Steps to Reproduce (for bugs)
Create a different user than icinga
Define the user in hiera
Add a host as client with those settings
Context
Using an environment specific monitoring users which has only access to things in that environment. This preventsthe use of a compromised monitoring user from one environment in another to access log files or other possibly sensitive files.
Your Environment
Module icinga2 v2.3.0 (in prod) and v2.4.1 in dev and preproduction
Puppet version (puppet -V): v6.4.3
Operating System and version: RHEL 7
The text was updated successfully, but these errors were encountered:
My customer is using an enmvironment specific user for monitoring. When defining this user in hiera via
the execs for certificate generation and retrieval fail, as the folders belong to the monitoring user and /sbin/icinga2 runs as root. As it is switching to icinga automagically somewhere, it can't access the folders and puppet runs fail with messages like
Expected Behavior
Icinga uses the user we specify in the globals to run /sbin/icinga2
Current Behavior
The exec runs as root and /sbin/icinga2 switches to the default icinga user and fails due to missing permissions
Possible Solution
Setting the environment when running /sbin/icinga2
Steps to Reproduce (for bugs)
Context
Using an environment specific monitoring users which has only access to things in that environment. This preventsthe use of a compromised monitoring user from one environment in another to access log files or other possibly sensitive files.
Your Environment
puppet -V): v6.4.3The text was updated successfully, but these errors were encountered: