mirror of https://github.com/Icinga/icinga2.git
Gunnar Beutner
parent
365779d360
commit
4932df1171
|
|
@ -15,18 +15,120 @@ if [ -n "$1" ]; then
|
|||
fi
|
||||
|
||||
while true; do
|
||||
echo -n "Upstream Icinga instance name: "
|
||||
if ! read UPSTREAM; then
|
||||
echo -n "Are you setting up a new master instance? [n] "
|
||||
if ! read master; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -n "$UPSTREAM" ]; then
|
||||
if [ "$master" = "y" -o "$master" = "n" -o -z "$master" ]; then
|
||||
break
|
||||
fi
|
||||
|
||||
echo "Please enter 'y' or 'n'."
|
||||
done
|
||||
|
||||
if [ -z "$master" ]; then
|
||||
master=n
|
||||
fi
|
||||
|
||||
upstream_name=""
|
||||
|
||||
if [ "$master" = "n" ]; then
|
||||
while true; do
|
||||
echo -n "Upstream Icinga instance name: "
|
||||
if ! read upstream_name; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -n "$upstream_name" ]; then
|
||||
break
|
||||
fi
|
||||
|
||||
echo "Please enter an instance name."
|
||||
done
|
||||
fi
|
||||
|
||||
while true; do
|
||||
echo -n "Do you want this agent instance to listen on a TCP port? [y] "
|
||||
if ! read listener; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "$listener" = "y" -o "$listener" = "n" -o -z "$listener" ]; then
|
||||
break
|
||||
fi
|
||||
|
||||
echo "Please enter 'y' or 'n'."
|
||||
done
|
||||
|
||||
if [ -z "$listener" ]; then
|
||||
listener=y
|
||||
fi
|
||||
|
||||
listener_port=""
|
||||
|
||||
if [ "$listener" = "y" ]; then
|
||||
while true; do
|
||||
echo -n "Which TCP port should the agent listen on? [8483] "
|
||||
if ! read listener_port; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
break
|
||||
done
|
||||
|
||||
if [ -z "$listener_port" ]; then
|
||||
listener_port=8483
|
||||
fi
|
||||
fi
|
||||
|
||||
while true; do
|
||||
echo -n "Do you want this agent instance to connect to the upstream instance? [y] "
|
||||
if ! read upstream_connect; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "$upstream_connect" = "y" -o "$upstream_connect" = "n" -o -z "$upstream_connect" ]; then
|
||||
break
|
||||
fi
|
||||
|
||||
echo "Please enter 'y' or 'n'."
|
||||
done
|
||||
|
||||
if [ -z "$upstream_connect" ]; then
|
||||
upstream_connect=y
|
||||
fi
|
||||
|
||||
if [ "$upstream_connect" = "y" ]; then
|
||||
while true; do
|
||||
echo -n "Upstream IP address/hostname: "
|
||||
if ! read upstream_host; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -n "$upstream_host" ]; then
|
||||
break
|
||||
fi
|
||||
|
||||
echo "Please enter the upstream instance's hostname."
|
||||
done
|
||||
|
||||
while true; do
|
||||
echo -n "Upstream port: "
|
||||
if ! read upstream_port; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -n "$upstream_port" ]; then
|
||||
break
|
||||
fi
|
||||
|
||||
echo "Please enter the upstream instance's port."
|
||||
done
|
||||
fi
|
||||
|
||||
echo "Installing the certificate bundle..."
|
||||
tar -C $ICINGA2CONFIG/pki/agent/ -xf "$1"
|
||||
tar -C $ICINGA2CONFIG/pki/agent/ -zxf "$1" || exit 1
|
||||
chown @ICINGA2_USER@:@ICINGA2_GROUP@ $ICINGA2CONFIG/pki/agent/* || exit 1
|
||||
|
||||
echo "Setting up agent configuration..."
|
||||
|
|
@ -41,10 +143,31 @@ object AgentListener "agent" {
|
|||
cert_path = SysconfDir + "/icinga2/pki/agent/agent.crt"
|
||||
key_path = SysconfDir + "/icinga2/pki/agent/agent.key"
|
||||
ca_path = SysconfDir + "/icinga2/pki/agent/ca.crt"
|
||||
AGENT
|
||||
|
||||
upstream_name = "$UPSTREAM"
|
||||
if [ "$master" = "n" ]; then
|
||||
cat >>$ICINGA2CONFIG/features-available/agent.conf <<AGENT
|
||||
upstream_name = "$upstream_name"
|
||||
|
||||
bind_port = 7000
|
||||
AGENT
|
||||
fi
|
||||
|
||||
if [ "$listener" = "y" ]; then
|
||||
cat >>$ICINGA2CONFIG/features-available/agent.conf <<AGENT
|
||||
bind_port = "$listener_port"
|
||||
|
||||
AGENT
|
||||
fi
|
||||
|
||||
if [ "$upstream_connect" = "y" ]; then
|
||||
cat >>$ICINGA2CONFIG/features-available/agent.conf <<AGENT
|
||||
upstream_host = "$upstream_host"
|
||||
upstream_port = "$upstream_port"
|
||||
|
||||
AGENT
|
||||
fi
|
||||
|
||||
cat >>$ICINGA2CONFIG/features-available/agent.conf <<AGENT
|
||||
}
|
||||
AGENT
|
||||
|
||||
|
|
@ -79,7 +202,7 @@ fi
|
|||
REQ_COMMON_NAME="$name" KEY_DIR="$ICINGA2CONFIG/pki/agent" openssl req -config $ICINGA2PKIDIR/openssl-quiet.cnf -new -newkey rsa:4096 -keyform PEM -keyout $ICINGA2CONFIG/pki/agent/agent.key -outform PEM -out $ICINGA2CONFIG/pki/agent/agent.csr -nodes && \
|
||||
chmod 600 $ICINGA2CONFIG/pki/agent/agent.key
|
||||
|
||||
echo "Please sign the following X509 CSR using the Agent CA:"
|
||||
echo "Please sign the following CSR using the Agent CA:"
|
||||
echo ""
|
||||
|
||||
cat $ICINGA2CONFIG/pki/agent/agent.csr
|
||||
|
|
|
|||
|
|
@ -26,15 +26,13 @@ fi
|
|||
|
||||
[ -f $ICINGA_CA/vars ] && source $ICINGA_CA/vars
|
||||
|
||||
openssl x509 -days "$REQ_DAYS" -CA $ICINGA_CA/ca.crt -CAkey $ICINGA_CA/ca.key -req -in $ICINGA_CA/$csrfile -outform PEM -out $ICINGA_CA/$csrfile.tmp -CAserial $ICINGA_CA/serial && \
|
||||
openssl x509 -in $ICINGA_CA/$csrfile.tmp -text > $ICINGA_CA/$pubkfile.crt && \
|
||||
rm -f $ICINGA_CA/$csrfile.tmp
|
||||
openssl x509 -days "$REQ_DAYS" -CA $ICINGA_CA/ca.crt -CAkey $ICINGA_CA/ca.key -req -in $ICINGA_CA/$csrfile -outform PEM -out $ICINGA_CA/$pubkfile.crt -CAserial $ICINGA_CA/serial
|
||||
|
||||
# Make an agent bundle file
|
||||
mkdir -p $ICINGA_CA/agent
|
||||
cp $ICINGA_CA/$pubkfile.crt $ICINGA_CA/agent/agent.crt
|
||||
cp $ICINGA_CA/ca.crt $ICINGA_CA/agent/ca.crt
|
||||
tar cf $ICINGA_CA/$pubkfile.bundle -C $ICINGA_CA/agent/ ca.crt agent.crt
|
||||
tar cz -C $ICINGA_CA/agent/ ca.crt agent.crt | base64 > $ICINGA_CA/$pubkfile.bundle
|
||||
rm -rf $ICINGA_CA/agent
|
||||
|
||||
echo "Done. $pubkfile.crt and $pubkfile.bundle files were written."
|
||||
|
|
|
|||
Loading…
Reference in New Issue