mirror of https://github.com/Icinga/icinga2.git
parent
10150c3198
commit
41266aab2f
|
@ -15,20 +15,6 @@
|
|||
# along with this program; if not, write to the Free Software Foundation
|
||||
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
|
||||
if(UNIX OR CYGWIN)
|
||||
configure_file(icinga2-discover-agent.cmake ${CMAKE_CURRENT_BINARY_DIR}/icinga2-discover-agent @ONLY)
|
||||
configure_file(icinga2-forget-agent.cmake ${CMAKE_CURRENT_BINARY_DIR}/icinga2-forget-agent @ONLY)
|
||||
configure_file(icinga2-list-agents.cmake ${CMAKE_CURRENT_BINARY_DIR}/icinga2-list-agents @ONLY)
|
||||
configure_file(icinga2-setup-agent.cmake ${CMAKE_CURRENT_BINARY_DIR}/icinga2-setup-agent @ONLY)
|
||||
|
||||
install(
|
||||
FILES ${CMAKE_CURRENT_BINARY_DIR}/icinga2-discover-agent ${CMAKE_CURRENT_BINARY_DIR}/icinga2-setup-agent
|
||||
${CMAKE_CURRENT_BINARY_DIR}/icinga2-forget-agent ${CMAKE_CURRENT_BINARY_DIR}/icinga2-list-agents
|
||||
DESTINATION ${CMAKE_INSTALL_SBINDIR}
|
||||
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
|
||||
)
|
||||
endif()
|
||||
|
||||
if(MSVC)
|
||||
include_external_msproject(
|
||||
icinga2setupagent
|
||||
|
|
|
@ -1,84 +0,0 @@
|
|||
#!/usr/bin/env python
|
||||
# Icinga 2
|
||||
# Copyright (C) 2012-2014 Icinga Development Team (http://www.icinga.org)
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License
|
||||
# as published by the Free Software Foundation; either version 2
|
||||
# of the License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software Foundation
|
||||
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
|
||||
from __future__ import print_function
|
||||
import socket, ssl, sys, json, os, hashlib, time
|
||||
|
||||
def warning(*objs):
|
||||
print(*objs, file=sys.stderr)
|
||||
|
||||
if len(sys.argv) < 2:
|
||||
warning("Syntax: %s <host> [<port>]" % (sys.argv[0]))
|
||||
sys.exit(1)
|
||||
|
||||
host = sys.argv[1]
|
||||
if len(sys.argv) > 2:
|
||||
port = int(sys.argv[2])
|
||||
else:
|
||||
port = 5665
|
||||
|
||||
agentpki = "@CMAKE_INSTALL_FULL_SYSCONFDIR@/icinga2/pki/agent"
|
||||
keyfile = agentpki + "/agent.key"
|
||||
certfile = agentpki + "/agent.crt"
|
||||
cafile = agentpki + "/ca.crt"
|
||||
|
||||
if not os.path.isfile(certfile):
|
||||
warning("Certificate file (" + certfile + ") not found.")
|
||||
warning("Make sure the agent certificates are set up properly.")
|
||||
sys.exit(1)
|
||||
|
||||
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
|
||||
# require a certificate from the server
|
||||
ssl_sock = ssl.wrap_socket(s,
|
||||
keyfile=keyfile,
|
||||
certfile=certfile,
|
||||
ca_certs=cafile,
|
||||
cert_reqs=ssl.CERT_REQUIRED)
|
||||
|
||||
ssl_sock.connect((host, port))
|
||||
|
||||
cn = None
|
||||
|
||||
subject = ssl_sock.getpeercert()["subject"]
|
||||
|
||||
for prdn in subject:
|
||||
rdn = prdn[0]
|
||||
if rdn[0] == "commonName":
|
||||
cn = rdn[1]
|
||||
|
||||
if cn == None:
|
||||
warning("Agent certificate does not have a commonName:", repr(subject))
|
||||
sys.exit(1)
|
||||
|
||||
ssl_sock.close()
|
||||
|
||||
repository_file = "@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/lib/icinga2/api/repository/" + hashlib.sha256(cn).hexdigest() + ".repo"
|
||||
fp = open(repository_file, "w")
|
||||
repository_info = { "endpoint": cn, "seen": time.time(), "zone": cn, "repository": {} }
|
||||
json.dump(repository_info, fp)
|
||||
fp.close()
|
||||
|
||||
peer_file = "@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/lib/icinga2/agent/repository/" + hashlib.sha256(cn).hexdigest() + ".settings"
|
||||
fp = open(peer_file, "w")
|
||||
peer_info = { "agent_host": host, "agent_port": port }
|
||||
json.dump(peer_info, fp)
|
||||
fp.close()
|
||||
|
||||
print("Inventory information has been updated for agent '%s'." % (cn))
|
||||
sys.exit(0)
|
|
@ -1,45 +0,0 @@
|
|||
#!/usr/bin/env python
|
||||
# Icinga 2
|
||||
# Copyright (C) 2012-2014 Icinga Development Team (http://www.icinga.org)
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License
|
||||
# as published by the Free Software Foundation; either version 2
|
||||
# of the License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software Foundation
|
||||
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
|
||||
from __future__ import print_function
|
||||
import sys, os, hashlib
|
||||
|
||||
def warning(*objs):
|
||||
print(*objs, file=sys.stderr)
|
||||
|
||||
if len(sys.argv) < 2:
|
||||
warning("Syntax: %s <identity>" % (sys.argv[0]))
|
||||
sys.exit(1)
|
||||
|
||||
cn = sys.argv[1]
|
||||
|
||||
inventory_file = "@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/lib/icinga2/agent/inventory/" + hashlib.sha256(cn).hexdigest()
|
||||
|
||||
if not os.path.isfile(inventory_file):
|
||||
warning("There's no inventory file for agent '%s'." % (cn))
|
||||
sys.exit(0)
|
||||
|
||||
os.unlink(inventory_file)
|
||||
|
||||
peer_file = "@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/lib/icinga2/agent/inventory/" + hashlib.sha256(cn).hexdigest() + ".peer"
|
||||
|
||||
if os.path.isfile(peer_file):
|
||||
os.unlink(peer_file)
|
||||
|
||||
print("Inventory information has been removed for agent '%s'." % (cn))
|
||||
sys.exit(0)
|
|
@ -1,71 +0,0 @@
|
|||
#!/usr/bin/env python
|
||||
# Icinga 2
|
||||
# Copyright (C) 2012-2014 Icinga Development Team (http://www.icinga.org)
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License
|
||||
# as published by the Free Software Foundation; either version 2
|
||||
# of the License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software Foundation
|
||||
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
|
||||
import sys, os, json
|
||||
from datetime import datetime
|
||||
|
||||
repository_dir = "@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/lib/icinga2/api/repository/"
|
||||
|
||||
repository = {}
|
||||
|
||||
for root, dirs, files in os.walk(repository_dir):
|
||||
for file in files:
|
||||
if len(file) != 69:
|
||||
continue
|
||||
|
||||
fp = open(root + file, "r")
|
||||
repository_info = json.load(fp)
|
||||
fp.close()
|
||||
|
||||
if not "endpoint" in repository_info:
|
||||
continue
|
||||
|
||||
if not "seen" in repository_info:
|
||||
repository_info["seen"] = 0
|
||||
|
||||
repository[repository_info["endpoint"]] = repository_info
|
||||
|
||||
try:
|
||||
fp = open(root + file + ".settings", "r")
|
||||
peer_info = json.load(fp)
|
||||
fp.close()
|
||||
|
||||
repository[repository_info["endpoint"]]["peer"] = peer_info
|
||||
except:
|
||||
pass
|
||||
|
||||
if len(sys.argv) > 1 and sys.argv[1] == "--batch":
|
||||
json.dump(repository, sys.stdout)
|
||||
else:
|
||||
for agent, agent_info in repository.items():
|
||||
if "peer" in agent_info:
|
||||
peer_info = agent_info["peer"]
|
||||
peer_addr = "peer address: %s:%s" % (peer_info["agent_host"], peer_info["agent_port"])
|
||||
else:
|
||||
peer_addr = "no peer address"
|
||||
|
||||
print "* %s (%s, last seen: %s)" % (agent, peer_addr, datetime.fromtimestamp(agent_info["seen"]))
|
||||
|
||||
for host, services in agent_info["repository"].items():
|
||||
print " * %s" % (host)
|
||||
|
||||
for service in services:
|
||||
print " * %s" % (service)
|
||||
|
||||
sys.exit(0)
|
||||
|
|
@ -1,218 +0,0 @@
|
|||
#!/bin/sh
|
||||
ICINGA2PKIDIR=@CMAKE_INSTALL_FULL_DATADIR@/icinga2/pki
|
||||
ICINGA2CONFIG=@CMAKE_INSTALL_FULL_SYSCONFDIR@/icinga2
|
||||
|
||||
name=`hostname --fqdn`
|
||||
|
||||
echo "Agent name: $name"
|
||||
|
||||
if [ -n "$1" ]; then
|
||||
if [ ! -e $ICINGA2CONFIG/pki/$name.key ]; then
|
||||
echo "You haven't generated a private key for this Icinga 2 instance"
|
||||
echo "yet. Please run this script without any parameters to generate a key."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ ! -e "$1" ]; then
|
||||
echo "The specified key bundle does not exist."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! base64 -i -d $1 | tar zt >/dev/null 2>&1; then
|
||||
echo "The bundle file is invalid or corrupted."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
while true; do
|
||||
echo -n "Are you setting up a new master instance? [n] "
|
||||
if ! read master; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "$master" = "y" -o "$master" = "n" -o -z "$master" ]; then
|
||||
break
|
||||
fi
|
||||
|
||||
echo "Please enter 'y' or 'n'."
|
||||
done
|
||||
|
||||
if [ -z "$master" ]; then
|
||||
master=n
|
||||
fi
|
||||
|
||||
upstream_name=""
|
||||
|
||||
if [ "$master" = "n" ]; then
|
||||
while true; do
|
||||
echo -n "Master Icinga instance name: "
|
||||
if ! read upstream_name; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -n "$upstream_name" ]; then
|
||||
break
|
||||
fi
|
||||
|
||||
echo "Please enter an instance name."
|
||||
done
|
||||
fi
|
||||
|
||||
listener_port=""
|
||||
|
||||
while true; do
|
||||
echo -n "Which TCP port should the agent listen on? [5665] "
|
||||
if ! read listener_port; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
break
|
||||
done
|
||||
|
||||
if [ -z "$listener_port" ]; then
|
||||
listener_port=5665
|
||||
fi
|
||||
|
||||
upstream_connect=n
|
||||
|
||||
if [ "$master" = "n" ]; then
|
||||
while true; do
|
||||
echo -n "Do you want this agent instance to connect to the master instance? [y] "
|
||||
if ! read upstream_connect; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "$upstream_connect" = "y" -o "$upstream_connect" = "n" -o -z "$upstream_connect" ]; then
|
||||
break
|
||||
fi
|
||||
|
||||
echo "Please enter 'y' or 'n'."
|
||||
done
|
||||
|
||||
if [ -z "$upstream_connect" ]; then
|
||||
upstream_connect=y
|
||||
fi
|
||||
|
||||
if [ "$upstream_connect" = "y" ]; then
|
||||
echo -n "Master instance IP address/hostname [$upstream_name]: "
|
||||
if ! read upstream_host; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -z "$upstream_host" ]; then
|
||||
upstream_host=$upstream_name
|
||||
fi
|
||||
|
||||
echo -n "Master instance port [5665]: "
|
||||
if ! read upstream_port; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -z "$upstream_port" ]; then
|
||||
upstream_port=5665
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "Installing the certificate bundle..."
|
||||
base64 -i -d < $1 | tar -C $ICINGA2CONFIG/pki/ -zx || exit 1
|
||||
chown @ICINGA2_USER@:@ICINGA2_GROUP@ $ICINGA2CONFIG/pki/* || exit 1
|
||||
|
||||
echo "Setting up api.conf..."
|
||||
cat >$ICINGA2CONFIG/features-available/api.conf <<AGENT
|
||||
/**
|
||||
* The API listener is used for distributed monitoring setups.
|
||||
*/
|
||||
|
||||
object ApiListener "api" {
|
||||
cert_path = SysconfDir + "/icinga2/pki/" + NodeName + ".crt"
|
||||
key_path = SysconfDir + "/icinga2/pki/" + NodeName + ".key"
|
||||
ca_path = SysconfDir + "/icinga2/pki/ca.crt"
|
||||
|
||||
bind_port = "$listener_port"
|
||||
}
|
||||
|
||||
AGENT
|
||||
|
||||
echo "Setting up zones.conf..."
|
||||
cat >$ICINGA2CONFIG/zones.conf <<ZONES
|
||||
/*
|
||||
* Endpoint and Zone configuration for a cluster setup
|
||||
* This local example requires `NodeName` defined in
|
||||
* constants.conf.
|
||||
*/
|
||||
|
||||
object Endpoint NodeName {
|
||||
host = NodeName
|
||||
}
|
||||
|
||||
object Zone ZoneName {
|
||||
ZONES
|
||||
|
||||
if [ "$upstream_connect" = "y" ]; then
|
||||
cat >>$ICINGA2CONFIG/zones.conf <<ZONES
|
||||
parent = "$upstream_name"
|
||||
ZONES
|
||||
fi
|
||||
|
||||
cat >>$ICINGA2CONFIG/zones.conf <<ZONES
|
||||
endpoints = [ NodeName ]
|
||||
}
|
||||
|
||||
ZONES
|
||||
|
||||
if [ "$upstream_connect" = "y" ]; then
|
||||
cat >>$ICINGA2CONFIG/zones.conf <<ZONES
|
||||
object Endpoint "$upstream_name" {
|
||||
host = "$upstream_host"
|
||||
port = "$upstream_port"
|
||||
}
|
||||
|
||||
object Zone "$upstream_name" {
|
||||
endpoints = [ "$upstream_name" ]
|
||||
}
|
||||
ZONES
|
||||
fi
|
||||
|
||||
sed -i "s/NodeName = \"localhost\"/NodeName = \"$name\"/" /etc/icinga2/constants.conf
|
||||
|
||||
echo "Enabling API feature..."
|
||||
@CMAKE_INSTALL_FULL_SBINDIR@/icinga2 feature enable api
|
||||
|
||||
if [ ! -e "@CMAKE_INSTALL_FULL_SYSCONFDIR@/monitoring" ]; then
|
||||
ln -s $ICINGA2CONFIG/conf.d/hosts/localhost @CMAKE_INSTALL_FULL_SYSCONFDIR@/monitoring
|
||||
fi
|
||||
|
||||
if [ "$master" = "n" ]; then
|
||||
echo "Disabling notification feature..."
|
||||
@CMAKE_INSTALL_FULL_SBINDIR@/icinga2 feature disable notification
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "The key bundle was installed successfully and the agent component"
|
||||
echo "was enabled. Please make sure to restart Icinga 2 for these changes"
|
||||
echo "to take effect."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
mkdir -p $ICINGA2CONFIG/pki
|
||||
chmod 700 $ICINGA2CONFIG/pki
|
||||
chown @ICINGA2_USER@:@ICINGA2_GROUP@ $ICINGA2CONFIG/pki || exit 1
|
||||
|
||||
if [ -e $ICINGA2CONFIG/pki/$name.crt ]; then
|
||||
echo "You already have agent certificates in $ICINGA2CONFIG/pki/"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
REQ_COMMON_NAME="$name" KEY_DIR="$ICINGA2CONFIG/pki/" openssl req -config $ICINGA2PKIDIR/openssl-quiet.cnf -new -newkey rsa:4096 -keyform PEM -keyout $ICINGA2CONFIG/pki/$name.key -outform PEM -out $ICINGA2CONFIG/pki/$name.csr -nodes && \
|
||||
chmod 600 $ICINGA2CONFIG/pki/$name.key
|
||||
|
||||
echo "Please sign the following CSR using the Agent CA:"
|
||||
echo ""
|
||||
|
||||
cat $ICINGA2CONFIG/pki/$name.csr
|
||||
|
||||
echo ""
|
||||
|
||||
echo "You can use the icinga2-sign-key command to sign the CSR. Once signed the"
|
||||
echo "key bundle can be installed using $0 <bundle>."
|
||||
exit 0
|
|
@ -18,7 +18,7 @@
|
|||
|
||||
import subprocess, json
|
||||
|
||||
inventory_json = subprocess.check_output(["icinga2-list-agents", "--batch"])
|
||||
inventory_json = subprocess.check_output(["icinga2", "agent", "list", "--batch"])
|
||||
inventory = json.loads(inventory_json)
|
||||
|
||||
for agent, agent_info in inventory.items():
|
||||
|
|
|
@ -3,6 +3,4 @@ debian/tmp/etc/icinga2
|
|||
debian/tmp/etc/logrotate.d
|
||||
debian/tmp/etc/bash_completion.d
|
||||
tools/syntax/* usr/share/icinga2-common/syntax
|
||||
usr/sbin/icinga2-*-agent
|
||||
usr/sbin/icinga2-list-agents
|
||||
usr/share/icinga2
|
||||
|
|
|
@ -452,10 +452,6 @@ exit 0
|
|||
%config(noreplace) %attr(0640,%{icinga_user},%{icinga_group}) %{_sysconfdir}/%{name}/zones.d/*
|
||||
%config(noreplace) %{_sysconfdir}/%{name}/scripts/*
|
||||
%{_sbindir}/%{name}
|
||||
%{_sbindir}/%{name}-setup-agent
|
||||
%{_sbindir}/%{name}-discover-agent
|
||||
%{_sbindir}/%{name}-forget-agent
|
||||
%{_sbindir}/%{name}-list-agents
|
||||
%{_sbindir}/%{name}-prepare-dirs
|
||||
%exclude %{_libdir}/%{name}/libdb_ido_mysql*
|
||||
%exclude %{_libdir}/%{name}/libdb_ido_pgsql*
|
||||
|
|
Loading…
Reference in New Issue