On Fri, 25 Jul 2014, Alfonso Pace wrote:
ICINGA2_USER=root ICINGA2_GROUP=root ICINGA2_COMMAND_USER=root ICINGA2_COMMAND_GROUP=root
Do not do the above. As has been stated before, it's neither recommended nor supported and can open your system up to a whole raft of problems security-wise. Just don't do it. Your security auditor will ignore you if you run as non-root and will crucify you if you do; the former is preferred.
If I start the daemons with icinga users (user and group setted in /etc/sysconfig/icinga2) the system return this error. *CONFIGURATION WITCH CAUSE ERROR critical/ApiListener: SSL context is required for AddListener()*
Are there any errors emitted before that final critical? If so, what are they? Do they pertain to permissions issues (e.g. "cannot open file "foo.cert")? The odds are that you have permissioning issues which render some critical component of the SSL path unreadable and that's what's causing the issue. Find that and the rest should fall into place naturally. There are various Linux tools to assist you in this quest (e.g. "strace") if the Icinga2 code doesn't emit a useful diagnostic. Read The Friendly Manual. Cheers! +------------------------------------------------+---------------------+ | Carl Richard Friend (UNIX Sysadmin) | West Boylston | | Minicomputer Collector / Enthusiast | Massachusetts, USA | | mailto:[email protected] +---------------------+ | http://users.rcn.com/crfriend/museum | ICBM: 42:22N 71:47W | +------------------------------------------------+---------------------+ _______________________________________________ icinga-users mailing list [email protected] https://lists.icinga.org/mailman/listinfo/icinga-users
