2014-04-12 11:35:18 +02:00
|
|
|
#!/bin/bash
|
|
|
|
|
ICINGA2PKIDIR=@CMAKE_INSTALL_FULL_DATADIR@/icinga2/pki
|
|
|
|
|
ICINGA2CONFIG=@CMAKE_INSTALL_FULL_SYSCONFDIR@/icinga2
|
|
|
|
|
|
|
|
|
|
if [ -n "$1" ]; then
|
|
|
|
|
if [ ! -e $ICINGA2CONFIG/pki/agent/agent.key ]; then
|
|
|
|
|
echo "You haven't generated a private key for this Icinga 2 instance"
|
|
|
|
|
echo "yet. Please run this script without any parameters to generate a key."
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ ! -e "$1" ]; then
|
|
|
|
|
echo "The specified key bundle does not exist."
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
2014-04-12 12:56:35 +02:00
|
|
|
while true; do
|
|
|
|
|
echo -n "Upstream Icinga instance name: "
|
|
|
|
|
if ! read UPSTREAM; then
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ -n "$UPSTREAM" ]; then
|
|
|
|
|
break
|
|
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
|
2014-04-12 11:51:18 +02:00
|
|
|
echo "Installing the certificate bundle..."
|
|
|
|
|
tar -C $ICINGA2CONFIG/pki/agent/ -xf "$1"
|
2014-04-12 19:34:01 +02:00
|
|
|
chown @ICINGA2_USER@:@ICINGA2_GROUP@ $ICINGA2CONFIG/pki/agent/* || exit 1
|
2014-04-12 11:35:18 +02:00
|
|
|
|
2014-04-12 11:51:18 +02:00
|
|
|
echo "Setting up agent configuration..."
|
|
|
|
|
cat >$ICINGA2CONFIG/features-available/agent.conf <<AGENT
|
2014-04-12 11:35:18 +02:00
|
|
|
/**
|
|
|
|
|
* The agent listener accepts checks from agents.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
library "agent"
|
|
|
|
|
|
|
|
|
|
object AgentListener "agent" {
|
2014-04-12 11:51:18 +02:00
|
|
|
cert_path = SysconfDir + "/icinga2/pki/agent/agent.crt"
|
|
|
|
|
key_path = SysconfDir + "/icinga2/pki/agent/agent.key"
|
|
|
|
|
ca_path = SysconfDir + "/icinga2/pki/agent/ca.crt"
|
2014-04-12 11:35:18 +02:00
|
|
|
|
2014-04-12 12:56:35 +02:00
|
|
|
upstream_name = "$UPSTREAM"
|
|
|
|
|
|
2014-04-12 11:35:18 +02:00
|
|
|
bind_port = 7000
|
|
|
|
|
}
|
|
|
|
|
AGENT
|
|
|
|
|
|
2014-04-12 11:51:18 +02:00
|
|
|
echo "Enabling agent feature..."
|
|
|
|
|
@CMAKE_INSTALL_FULL_SBINDIR@/icinga2-enable-feature agent
|
2014-04-12 11:35:18 +02:00
|
|
|
|
2014-04-12 11:55:10 +02:00
|
|
|
echo "Disabling notification feature..."
|
|
|
|
|
@CMAKE_INSTALL_FULL_SBINDIR@/icinga2-disable-feature notification
|
|
|
|
|
|
2014-04-12 11:51:18 +02:00
|
|
|
echo ""
|
2014-04-12 11:35:18 +02:00
|
|
|
echo "The key bundle was installed successfully and the agent component"
|
|
|
|
|
echo "was enabled. Please make sure to restart Icinga 2 for these changes"
|
|
|
|
|
echo "to take effect."
|
|
|
|
|
exit 0
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
name=$(hostname --fqdn)
|
|
|
|
|
|
|
|
|
|
echo "Host name: $name"
|
|
|
|
|
|
|
|
|
|
mkdir -p $ICINGA2CONFIG/pki/agent
|
|
|
|
|
chmod 700 $ICINGA2CONFIG/pki
|
|
|
|
|
chown @ICINGA2_USER@:@ICINGA2_GROUP@ $ICINGA2CONFIG/pki || exit 1
|
|
|
|
|
chmod 700 $ICINGA2CONFIG/pki/agent
|
|
|
|
|
chown @ICINGA2_USER@:@ICINGA2_GROUP@ $ICINGA2CONFIG/pki/agent || exit 1
|
|
|
|
|
|
|
|
|
|
if [ -e $ICINGA2CONFIG/pki/agent/agent.key ]; then
|
|
|
|
|
echo "You already have agent certificates in $ICINGA2CONFIG/pki/agent/"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
REQ_COMMON_NAME="$name" KEY_DIR="$ICINGA2CONFIG/pki/agent" openssl req -config $ICINGA2PKIDIR/openssl-quiet.cnf -new -newkey rsa:4096 -keyform PEM -keyout $ICINGA2CONFIG/pki/agent/agent.key -outform PEM -out $ICINGA2CONFIG/pki/agent/agent.csr -nodes && \
|
|
|
|
|
chmod 600 $ICINGA2CONFIG/pki/agent/agent.key
|
|
|
|
|
|
|
|
|
|
echo "Please sign the following X509 CSR using the Agent CA:"
|
|
|
|
|
echo ""
|
|
|
|
|
|
|
|
|
|
cat $ICINGA2CONFIG/pki/agent/agent.csr
|
|
|
|
|
|
|
|
|
|
echo ""
|
|
|
|
|
|
|
|
|
|
echo "You can use the icinga2-sign-key command to sign the CSR. Once signed the"
|
|
|
|
|
echo "key bundle can be installed using $0 <bundle>."
|
|
|
|
|
exit 0
|
