tyler.durden/icinga2
1
0
Fork 0
mirror of https://github.com/Icinga/icinga2.git synced 2025-07-23 05:34:48 +02:00
Code Issues Packages Projects Releases Wiki Activity

Install /var/run/icinga2/rw command mode, add configure options.

Browse Source 
- changed locations for icinga2.cmd and livestatus unix socket
- make install creates /var/run/icinga2/rw and sets g+s for
  icinga:icingacmd
- configure options: --with-icinga[cmd]-{user,group}=
- add autoconf macros to check user/group and bail early if not created
- update documentation/INSTALL

fixes #4444
refs #3186
This commit is contained in:
Michael Friedrich 2013-09-27 19:41:08 +02:00
parent 87fa063528
commit 9c6b79e4f2
8 changed files with 122 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
INSTALL
View File

@ -39,6 +39,24 @@ mentioned above:
* GNU bison (bison) * GNU bison (bison)
* GNU flex (flex) * GNU flex (flex)
User Requirements
-----------------
By default Icinga will run as user 'icinga' and group 'icinga'. Additionally the
ExternalCommandListener and LivestatusListener require a dedicated command group
'icingacmd'. You can choose your own user/group names and pass them to configure
later.
# groupadd icinga
# groupadd icingacmd
# useradd -c "icinga" -s /sbin/nologin -G icingacmd -g icinga
Add the webserver user to the icingacmd group for granting write permissions.
Change 'www-data' to your distribution specific webserver user.
# usermod -a -G icingacmd www-data
Building Icinga 2 Building Icinga 2
----------------- -----------------
@ -53,6 +71,9 @@ The configure script supports all the usual parameters one comes to expect
from autoconf. In particular you may want to use --prefix to specify an from autoconf. In particular you may want to use --prefix to specify an
alternative installation prefix. alternative installation prefix.
Use --with-icinga[cmd]-{user,group}= to set the run and command user/group
for Icinga 2.
Note: The Git repository does not contain any auto-generated Autotools files, Note: The Git repository does not contain any auto-generated Autotools files,
i.e. there is no 'configure' script. In this case you will need to regenerate i.e. there is no 'configure' script. In this case you will need to regenerate
the 'configure' script by running 'autogen.sh'. However, as an end-user you the 'configure' script by running 'autogen.sh'. However, as an end-user you

2
Makefile.am
View File

@ -35,6 +35,8 @@ install-data-local:
$(MKDIR_P) $(DESTDIR)${localstatedir}/lib/${PACKAGE}/cluster/log $(MKDIR_P) $(DESTDIR)${localstatedir}/lib/${PACKAGE}/cluster/log
$(MKDIR_P) $(DESTDIR)${localstatedir}/lib/${PACKAGE} $(MKDIR_P) $(DESTDIR)${localstatedir}/lib/${PACKAGE}
$(MKDIR_P) $(DESTDIR)${localstatedir}/run/${PACKAGE} $(MKDIR_P) $(DESTDIR)${localstatedir}/run/${PACKAGE}
$(INSTALL) -m 775 -d $(COMMAND_OPTS) $(DESTDIR)${localstatedir}/run/${PACKAGE}/rw
chmod g+s $(DESTDIR)${localstatedir}/run/${PACKAGE}/rw
EXTRA_DIST = $(icinga2doc_DATA) git_version.sh icinga2.spec EXTRA_DIST = $(icinga2doc_DATA) git_version.sh icinga2.spec

39
configure.ac
View File

@ -33,6 +33,45 @@ AC_PROG_MKDIR_P
AC_FUNC_VFORK AC_FUNC_VFORK
AC_ARG_WITH([icinga_user],
AC_HELP_STRING([--with-icinga-user=<user>],[sets user name to run icinga2]),
icinga_user=$withval,
icinga_user=icinga
)
ACICINGA_CHECK_USER([$icinga_user], run)
AC_SUBST(icinga_user)
AC_ARG_WITH(icinga_group,
AC_HELP_STRING([--with-icinga-group=<group>],[sets group name to run icinga2]),
icinga_group=$withval,
icinga_group=icinga
)
ACICINGA_CHECK_GROUP([$icinga_group], run)
AC_SUBST(icinga_group)
INSTALL_OPTS="-o $icinga_user -g $icinga_grp"
AC_SUBST(INSTALL_OPTS)
AC_ARG_WITH(icingacmd_user,
AC_HELP_STRING([--with-icingacmd-user=<user>],[sets user name for icinga2 command access]),
icingacmd_user=$withval,
icingacmd_user=icinga
)
ACICINGA_CHECK_USER([$icingacmd_user], cmd)
AC_SUBST(icingacmd_user)
AC_ARG_WITH(icingacmd_group,
AC_HELP_STRING([--with-icingacmd-group=<group>] ,[sets group name for icinga2 command access]),
icingacmd_group=$withval,
icingacmd_group=icingacmd
)
ACICINGA_CHECK_GROUP([$icingacmd_group], cmd)
AC_SUBST(icingacmd_group)
COMMAND_OPTS="-o $icingacmd_user -g $icingacmd_group"
AC_SUBST(COMMAND_OPTS)
CFLAGS="$CFLAGS -D_GNU_SOURCE -pthread" CFLAGS="$CFLAGS -D_GNU_SOURCE -pthread"
CXXFLAGS="$CXXFLAGS -D_GNU_SOURCE -pthread" CXXFLAGS="$CXXFLAGS -D_GNU_SOURCE -pthread"

2
contrib/process_check_result
View File

@ -34,7 +34,7 @@ EOF
ECHO="/bin/echo" ECHO="/bin/echo"
CMDFILE="/var/run/icinga2/icinga2.cmd" CMDFILE="/var/run/icinga2/rw/icinga2.cmd"
HOST="" HOST=""
SERVICE="" SERVICE=""
RETURNCODE=0 RETURNCODE=0

6
doc/2.1.2-setting-up-icinga-classic-ui.md
View File

@ -41,7 +41,7 @@ OPTIONS* section:
object\_cache\_file |/var/cache/icinga2/objects.cache object\_cache\_file |/var/cache/icinga2/objects.cache
status\_file |/var/cache/icinga2/status.dat status\_file |/var/cache/icinga2/status.dat
resource\_file |- resource\_file |-
command\_file |/var/run/icinga2/icinga2.cmd command\_file |/var/run/icinga2/rw/icinga2.cmd
check\_external\_commands |1 check\_external\_commands |1
interval\_length |60 interval\_length |60
status\_update\_interval |10 status\_update\_interval |10
@ -59,8 +59,8 @@ OPTIONS* section:
In order for commands to work you will need to grant the web server In order for commands to work you will need to grant the web server
write permissions for the command pipe: write permissions for the command pipe:
# chgrp www-data /var/run/icinga2/icinga2.cmd # chgrp www-data /var/run/icinga2/rw/icinga2.cmd
# chmod 660 /var/run/icinga2/icinga2.cmd # chmod 660 /var/run/icinga2/rw/icinga2.cmd
> **Note** > **Note**
> >

10
doc/3.3-object-types.md
View File

@ -478,8 +478,8 @@ Example:
library "compat" library "compat"
object StatusDataWriter "status" { object StatusDataWriter "status" {
status\_path = "/data/status.dat", status\_path = "/var/cache/icinga2/status.dat",
objects\_path = "/data/objects.path" objects\_path = "/var/cache/icinga2/objects.path"
} }
Attributes: Attributes:
@ -498,14 +498,14 @@ Example:
library "compat" library "compat"
object ExternalCommandListener "external" { object ExternalCommandListener "external" {
command\_path = "/data/icinga2.cmd" command\_path = "/var/run/icinga2/rw/icinga2.cmd"
} }
Attributes: Attributes:
Name |Description Name |Description
----------------|---------------- ----------------|----------------
command\_path |**Optional.** Path to the command pipe. Defaults to IcingaLocalStateDir + "/run/icinga2/icinga2.cmd". command\_path |**Optional.** Path to the command pipe. Defaults to IcingaLocalStateDir + "/run/icinga2/rw/icinga2.cmd".
### CompatLogger ### CompatLogger
@ -516,7 +516,7 @@ Example:
library "compat" library "compat"
object CompatLogger "my-log" { object CompatLogger "my-log" {
log\_dir = "/data/compat-log", log\_dir = "/var/log/icinga2/compat/compat-log",
rotation\_method = "HOURLY" rotation\_method = "HOURLY"
} }

18
etc/init.d/icinga2.in
View File

@ -19,13 +19,15 @@ sbindir=@sbindir@
bindir=@bindir@ bindir=@bindir@
sysconfdir=@sysconfdir@ sysconfdir=@sysconfdir@
localstatedir=@localstatedir@ localstatedir=@localstatedir@
icinga_user=@icinga_user@
icinga_group=@icinga_group@
DAEMON=$bindir/icinga2 DAEMON=$bindir/icinga2
ICINGA2_CONFIG_FILE=$sysconfdir/icinga2/icinga2.conf ICINGA2_CONFIG_FILE=$sysconfdir/icinga2/icinga2.conf
ICINGA2_PID_FILE=$localstatedir/run/icinga2/icinga2.pid ICINGA2_PID_FILE=$localstatedir/run/icinga2/icinga2.pid
ICINGA2_ERROR_LOG=$localstatedir/log/icinga2/error.log ICINGA2_ERROR_LOG=$localstatedir/log/icinga2/error.log
ICINGA2_USER=icinga ICINGA2_USER=$icinga_user
ICINGA2_GROUP=icinga ICINGA2_GROUP=$icinga_group
test -x $DAEMON || exit 0 test -x $DAEMON || exit 0
@ -35,10 +37,20 @@ if [ ! -e $ICINGA2_CONFIG_FILE ]; then
fi fi
# Get function from functions library # Get function from functions library
if [ -e /etc/init.d/functions ]; then if [ -f /etc/rc.d/init.d/functions ]; then
. /etc/rc.d/init.d/functions
elif [ -f /etc/init.d/functions ]; then
. /etc/init.d/functions . /etc/init.d/functions
fi fi
# Load extra environment variables
if [ -f /etc/sysconfig/icinga ]; then
. /etc/sysconfig/icinga
fi
if [ -f /etc/default/icinga ]; then
. /etc/default/icinga
fi
# Start Icinga 2 # Start Icinga 2
start() { start() {
mkdir -p `dirname -- $ICINGA2_PID_FILE` mkdir -p `dirname -- $ICINGA2_PID_FILE`

36
m4/ax_icinga_user_group.m4 Normal file
View File

@ -0,0 +1,36 @@
#/******************************************************************************
# * Icinga 2 *
# * Copyright (C) 2012-2013 Icinga Development Team (http://www.icinga.org/) *
# * *
# * This program is free software; you can redistribute it and/or *
# * modify it under the terms of the GNU General Public License *
# * as published by the Free Software Foundation; either version 2 *
# * of the License, or (at your option) any later version. *
# * *
# * This program is distributed in the hope that it will be useful, *
# * but WITHOUT ANY WARRANTY; without even the implied warranty of *
# * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
# * GNU General Public License for more details. *
# * *
# * You should have received a copy of the GNU General Public License *
# * along with this program; if not, write to the Free Software Foundation *
# * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. *
# ******************************************************************************/
AC_DEFUN([ACICINGA_CHECK_USER],[
x=$1
y=$2
AC_MSG_CHECKING([if $y user $x exists])
AS_IF([ $GREP -q "^$x:" /etc/passwd ],
[ AC_MSG_RESULT([found]) ],
[ AC_MSG_ERROR([not found]) ])
])
AC_DEFUN([ACICINGA_CHECK_GROUP],[
x=$1
y=$2
AC_MSG_CHECKING([if $y group $x exists])
AS_IF([ $GREP -q "^$x:" /etc/group ],
[ AC_MSG_RESULT([found]) ],
[ AC_MSG_ERROR([not found]) ])
])