icinga2 node setup: Permission denied: "/etc/icinga2/zones.conf", "/etc/icinga2/zones.conf.orig"
Describe the bug
icinga2 node setup fails.
To Reproduce
$ docker run -it centos:7
[root@3a49a3e445bf /]# rpm --import https://packages.icinga.com/icinga.key
[root@3a49a3e445bf /]# yum install -y wget
[root@3a49a3e445bf /]# wget -O /etc/yum.repos.d/ICINGA-snapshot.repo https://packages.icinga.com/epel/ICINGA-snapshot.repo
[root@3a49a3e445bf /]# yum install -y epel-release
[root@3a49a3e445bf /]# yum install -y icinga2
[root@3a49a3e445bf /]# /usr/lib/icinga2/prepare-dirs /etc/sysconfig/icinga2
[root@3a49a3e445bf /]# icinga2 node setup --master --listen 0.0.0.0,5665 --disable-confd --cn i1 --zone master
information/cli: Checking in existing certificates for common name 'i1'...
information/cli: Certificates not yet generated. Running 'api setup' now.
information/cli: Generating new CA.
information/base: Writing private key to '/var/lib/icinga2/ca//ca.key'.
information/base: Writing X509 certificate to '/var/lib/icinga2/ca//ca.crt'.
information/cli: Generating new CSR in '/var/lib/icinga2/certs//i1.csr'.
information/base: Writing private key to '/var/lib/icinga2/certs//i1.key'.
information/base: Writing certificate signing request to '/var/lib/icinga2/certs//i1.csr'.
information/cli: Signing CSR with CA and writing certificate to '/var/lib/icinga2/certs//i1.crt'.
information/pki: Writing certificate to file '/var/lib/icinga2/certs//i1.crt'.
information/cli: Copying CA certificate to '/var/lib/icinga2/certs//ca.crt'.
information/cli: Generating master configuration for Icinga 2.
information/cli: Adding new ApiUser 'root' in '/etc/icinga2/conf.d/api-users.conf'.
information/cli: Reading '/etc/icinga2/icinga2.conf'.
information/cli: Enabling the 'api' feature.
Enabling feature api. Make sure to restart Icinga 2 for these changes to take effect.
information/cli: Generating zone and object configuration.
information/cli: Dumping config items to file '/etc/icinga2/zones.conf'.
critical/Application: Error: boost::filesystem::copy_file: Permission denied: "/etc/icinga2/zones.conf", "/etc/icinga2/zones.conf.orig"
Additional information is available in '/var/log/icinga2/crash/report.1563452726.125509'
Aborted
[root@3a49a3e445bf /]#
Expected behavior
icinga2 node setup purrs like a cat.
Your Environment
- Version used (
icinga2 --version): v2.10.5-932-gf9f86e3 - Operating System and version: CentOS 7
- Enabled features (
icinga2 feature list): - Icinga Web 2 version and modules (System - About):
- Config validation (
icinga2 daemon -C): - If you run multiple Icinga 2 instances, the
zones.conffile (oricinga2 object list --type Endpointandicinga2 object list --type Zone) from all affected nodes.
Al2Klimov
All 6 comments
[root@6b6523866d3c /]# ls -la /etc/icinga2/
total 40
drwxr-x--- 7 root icinga 4096 Jul 18 12:57 .
drwxr-xr-x 1 root root 4096 Jul 18 12:57 ..
drwxr-x--- 2 icinga icinga 4096 Jul 18 12:58 conf.d
-rw-r----- 1 icinga icinga 1004 Jul 17 13:52 constants.conf
drwxr-x--- 2 icinga icinga 4096 Jul 18 12:57 features-available
drwxr-x--- 2 icinga icinga 4096 Jul 18 12:58 features-enabled
-rw-r----- 1 icinga icinga 1721 Jul 17 13:52 icinga2.conf
drwxr-x--- 2 icinga icinga 4096 Jul 18 12:57 scripts
-rw-r----- 1 icinga icinga 1334 Jul 17 13:52 zones.conf
drwxr-x--- 2 icinga icinga 4096 Jul 18 12:57 zones.d
dnsmichi
on 18 Jul 2019
RPM spec file problem, Debian was already fixed.
dnsmichi
on 18 Jul 2019
4947
dnsmichi
on 18 Jul 2019
dnsmichi
on 18 Jul 2019
Thanks for finding this @Al2Klimov.
Tests
[root@6b6523866d3c /]# yum makecache
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
epel/x86_64/metalink | 29 kB 00:00:00
* base: mirror.ratiokontakt.de
* epel: mirror.karneval.cz
* extras: mirror2.hs-esslingen.de
* updates: mirror2.hs-esslingen.de
base | 3.6 kB 00:00:00
extras | 3.4 kB 00:00:00
icinga-snapshot-builds | 2.9 kB 00:00:00
updates | 3.4 kB 00:00:00
(1/15): base/7/x86_64/other_db | 2.6 MB 00:00:00
(2/15): epel/x86_64/prestodelta | 1.5 kB 00:00:01
(3/15): extras/7/x86_64/filelists_db | 246 kB 00:00:00
(4/15): extras/7/x86_64/prestodelta | 65 kB 00:00:00
(5/15): extras/7/x86_64/other_db | 127 kB 00:00:00
(6/15): icinga-snapshot-builds/7/filelists_db | 139 kB 00:00:00
(7/15): epel/x86_64/updateinfo_zck | 1.4 MB 00:00:00
(8/15): icinga-snapshot-builds/7/primary_db | 32 kB 00:00:00
(9/15): icinga-snapshot-builds/7/other_db | 16 kB 00:00:00
(10/15): epel/x86_64/other_db | 3.2 MB 00:00:02
(11/15): updates/7/x86_64/other_db | 659 kB 00:00:00
(12/15): base/7/x86_64/filelists_db | 7.1 MB 00:00:03
(13/15): updates/7/x86_64/prestodelta | 829 kB 00:00:01
(14/15): updates/7/x86_64/filelists_db | 4.6 MB 00:00:03
(15/15): epel/x86_64/filelists_db | 11 MB 00:00:09
Metadata Cache Created
[root@6b6523866d3c /]# yum install icinga2
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
* base: mirror.ratiokontakt.de
* epel: epel.mirror.wearetriple.com
* extras: mirror2.hs-esslingen.de
* updates: mirror2.hs-esslingen.de
Resolving Dependencies
--> Running transaction check
---> Package icinga2.x86_64 0:2.10.5.932.gf9f86e3-0.20190717.1336.el7.icinga will be updated
---> Package icinga2.x86_64 0:2.10.5.932.gf9f86e3-0.20190718.1303.el7.icinga will be an update
--> Processing Dependency: icinga2-common = 2.10.5.932.gf9f86e3-0.20190718.1303.el7.icinga for package: icinga2-2.10.5.932.gf9f86e3-0.20190718.1303.el7.icinga.x86_64
--> Processing Dependency: icinga2-bin = 2.10.5.932.gf9f86e3-0.20190718.1303.el7.icinga for package: icinga2-2.10.5.932.gf9f86e3-0.20190718.1303.el7.icinga.x86_64
--> Running transaction check
---> Package icinga2-bin.x86_64 0:2.10.5.932.gf9f86e3-0.20190717.1336.el7.icinga will be updated
---> Package icinga2-bin.x86_64 0:2.10.5.932.gf9f86e3-0.20190718.1303.el7.icinga will be an update
---> Package icinga2-common.x86_64 0:2.10.5.932.gf9f86e3-0.20190717.1336.el7.icinga will be updated
---> Package icinga2-common.x86_64 0:2.10.5.932.gf9f86e3-0.20190718.1303.el7.icinga will be an update
--> Finished Dependency Resolution
Dependencies Resolved
==================================================================================================================================================
Package Arch Version Repository Size
==================================================================================================================================================
Updating:
icinga2 x86_64 2.10.5.932.gf9f86e3-0.20190718.1303.el7.icinga icinga-snapshot-builds 29 k
Updating for dependencies:
icinga2-bin x86_64 2.10.5.932.gf9f86e3-0.20190718.1303.el7.icinga icinga-snapshot-builds 3.8 M
icinga2-common x86_64 2.10.5.932.gf9f86e3-0.20190718.1303.el7.icinga icinga-snapshot-builds 145 k
Transaction Summary
==================================================================================================================================================
Upgrade 1 Package (+2 Dependent packages)
Total download size: 3.9 M
Is this ok [y/d/N]: y
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/3): icinga2-2.10.5.932.gf9f86e3-0.20190718.1303.el7.icinga.x86_64.rpm | 29 kB 00:00:00
(2/3): icinga2-common-2.10.5.932.gf9f86e3-0.20190718.1303.el7.icinga.x86_64.rpm | 145 kB 00:00:00
(3/3): icinga2-bin-2.10.5.932.gf9f86e3-0.20190718.1303.el7.icinga.x86_64.rpm | 3.8 MB 00:00:02
--------------------------------------------------------------------------------------------------------------------------------------------------
Total 1.3 MB/s | 3.9 MB 00:00:02
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : icinga2-bin-2.10.5.932.gf9f86e3-0.20190718.1303.el7.icinga.x86_64 1/6
Updating : icinga2-common-2.10.5.932.gf9f86e3-0.20190718.1303.el7.icinga.x86_64 2/6
Updating : icinga2-2.10.5.932.gf9f86e3-0.20190718.1303.el7.icinga.x86_64 3/6
Cleanup : icinga2-2.10.5.932.gf9f86e3-0.20190717.1336.el7.icinga.x86_64 4/6
Cleanup : icinga2-common-2.10.5.932.gf9f86e3-0.20190717.1336.el7.icinga.x86_64 5/6
Cleanup : icinga2-bin-2.10.5.932.gf9f86e3-0.20190717.1336.el7.icinga.x86_64 6/6
Verifying : icinga2-2.10.5.932.gf9f86e3-0.20190718.1303.el7.icinga.x86_64 1/6
Verifying : icinga2-common-2.10.5.932.gf9f86e3-0.20190718.1303.el7.icinga.x86_64 2/6
Verifying : icinga2-bin-2.10.5.932.gf9f86e3-0.20190718.1303.el7.icinga.x86_64 3/6
Verifying : icinga2-bin-2.10.5.932.gf9f86e3-0.20190717.1336.el7.icinga.x86_64 4/6
Verifying : icinga2-common-2.10.5.932.gf9f86e3-0.20190717.1336.el7.icinga.x86_64 5/6
Verifying : icinga2-2.10.5.932.gf9f86e3-0.20190717.1336.el7.icinga.x86_64 6/6
Updated:
icinga2.x86_64 0:2.10.5.932.gf9f86e3-0.20190718.1303.el7.icinga
Dependency Updated:
icinga2-bin.x86_64 0:2.10.5.932.gf9f86e3-0.20190718.1303.el7.icinga icinga2-common.x86_64 0:2.10.5.932.gf9f86e3-0.20190718.1303.el7.icinga
Complete!
[root@6b6523866d3c /]# ls -la /etc/icinga2/
total 40
drwxr-x--- 7 icinga icinga 4096 Jul 18 14:30 .
drwxr-xr-x 1 root root 4096 Jul 18 12:57 ..
drwxr-x--- 2 icinga icinga 4096 Jul 18 14:30 conf.d
-rw-r----- 1 icinga icinga 1004 Jul 18 13:12 constants.conf
drwxr-x--- 2 icinga icinga 4096 Jul 18 14:30 features-available
drwxr-x--- 2 icinga icinga 4096 Jul 18 13:12 features-enabled
-rw-r----- 1 icinga icinga 1721 Jul 18 13:12 icinga2.conf
drwxr-x--- 2 icinga icinga 4096 Jul 18 14:30 scripts
-rw-r----- 1 icinga icinga 1334 Jul 18 13:12 zones.conf
drwxr-x--- 2 icinga icinga 4096 Jul 18 14:30 zones.d
[root@6b6523866d3c /]# icinga2 node setup --master --listen 0.0.0.0,5665 --disable-confd --cn i1 --zone master
information/cli: Checking in existing certificates for common name 'i1'...
warning/cli: Certificate '/var/lib/icinga2/certs//i1.crt' for CN 'i1' already exists. Not generating new certificate.
information/cli: Generating master configuration for Icinga 2.
information/cli: API user config file '/etc/icinga2/conf.d/api-users.conf' already exists, not creating config file.
information/cli: 'api' feature already enabled.
information/cli: Generating zone and object configuration.
information/cli: Dumping config items to file '/etc/icinga2/zones.conf'.
information/cli: Created backup file '/etc/icinga2/zones.conf.orig'.
information/cli: Updating the APIListener feature.
information/cli: Created backup file '/etc/icinga2/features-available/api.conf.orig'.
warning/cli: CN/Endpoint name 'i1' does not match the default FQDN '6b6523866d3c'. Requires update for NodeName constant in constants.conf!
information/cli: Updating 'NodeName' constant in '/etc/icinga2/constants.conf'.
information/cli: Created backup file '/etc/icinga2/constants.conf.orig'.
information/cli: Updating 'ZoneName' constant in '/etc/icinga2/constants.conf'.
information/cli: Backup file '/etc/icinga2/constants.conf.orig' already exists. Skipping backup.
information/cli: Updating 'TicketSalt' constant in '/etc/icinga2/constants.conf'.
information/cli: Backup file '/etc/icinga2/constants.conf.orig' already exists. Skipping backup.
information/cli: Edit the api feature config file '/etc/icinga2/features-available/api.conf' and set a secure 'ticket_salt' attribute.
information/cli: Updating '"conf.d"' include in '/etc/icinga2/icinga2.conf'.
information/cli: Created backup file '/etc/icinga2/icinga2.conf.orig'.
information/cli: Disabled conf.d inclusion
information/cli: Updating '"conf.d/api-users.conf"' include in '/etc/icinga2/icinga2.conf'.
information/cli: Backup file '/etc/icinga2/icinga2.conf.orig' already exists. Skipping backup.
information/cli: Make sure to restart Icinga 2.
👍1
Fixed in https://git.icinga.com/packaging/rpm-icinga2/commit/42c8ea0ab7f4423684fa6eb2feaafdc63804d68f
dnsmichi
on 18 Jul 2019
👍1
Was this page helpful?
0 / 5 - 0 ratings
Related issues
mickenordin
路
5Comments
adamparker
路
5Comments
silenceJI
路
5Comments
icinga-migration
路
6Comments
ctrlaltca
路
6Comments