Add auto-discovery script for the agent.

Refs 
This commit is contained in:
Gunnar Beutner 2014-04-12 19:34:01 +02:00
parent 71e6eae23f
commit a57e3041a5
4 changed files with 184 additions and 2 deletions

View File

@ -419,6 +419,7 @@ exit 0
%config(noreplace) %{_sysconfdir}/%{name}/scripts/* %config(noreplace) %{_sysconfdir}/%{name}/scripts/*
%{_sbindir}/%{name} %{_sbindir}/%{name}
%{_bindir}/%{name}-migrate-config %{_bindir}/%{name}-migrate-config
%{_bindir}/%{name}-discover-agent
%{_bindir}/%{name}-build-ca %{_bindir}/%{name}-build-ca
%{_bindir}/%{name}-build-key %{_bindir}/%{name}-build-key
%{_bindir}/%{name}-sign-key %{_bindir}/%{name}-sign-key

View File

@ -27,6 +27,7 @@ if [ -n "$1" ]; then
echo "Installing the certificate bundle..." echo "Installing the certificate bundle..."
tar -C $ICINGA2CONFIG/pki/agent/ -xf "$1" tar -C $ICINGA2CONFIG/pki/agent/ -xf "$1"
chown @ICINGA2_USER@:@ICINGA2_GROUP@ $ICINGA2CONFIG/pki/agent/* || exit 1
echo "Setting up agent configuration..." echo "Setting up agent configuration..."
cat >$ICINGA2CONFIG/features-available/agent.conf <<AGENT cat >$ICINGA2CONFIG/features-available/agent.conf <<AGENT

View File

@ -30,7 +30,7 @@ if(UNIX OR CYGWIN)
install(CODE "execute_process(COMMAND \"${CMAKE_COMMAND}\" -E create_symlink ./icinga2-enable-feature \"\$ENV{DESTDIR}${CMAKE_INSTALL_FULL_SBINDIR}/icinga2-disable-feature\")") install(CODE "execute_process(COMMAND \"${CMAKE_COMMAND}\" -E create_symlink ./icinga2-enable-feature \"\$ENV{DESTDIR}${CMAKE_INSTALL_FULL_SBINDIR}/icinga2-disable-feature\")")
install( install(
FILES ${CMAKE_CURRENT_SOURCE_DIR}/migration/icinga2-migrate-config FILES ${CMAKE_CURRENT_SOURCE_DIR}/migration/icinga2-migrate-config ${CMAKE_CURRENT_SOURCE_DIR}/icinga2-discover-agent
DESTINATION ${CMAKE_INSTALL_BINDIR} DESTINATION ${CMAKE_INSTALL_BINDIR}
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
) )

180
tools/icinga2-discover-agent Executable file
View File

@ -0,0 +1,180 @@
#!/usr/bin/env python
# Copyright (c) 2014 Yusuke Shinyama
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
from __future__ import print_function
## NetstringParser
##
class NetstringParser(object):
"""
Decodes a netstring to a list of Python strings.
>>> parser = NetstringParser()
>>> parser.feed('3:456,')
>>> parser.results
['456']
>>> NetstringParser.parse('3:abc,4:defg,')
['abc', 'defg']
"""
def __init__(self):
self.results = []
self.reset()
return
def reset(self):
self._data = ''
self._length = 0
self._parse = self._parse_len
return
def feed(self, s):
i = 0
while i < len(s):
i = self._parse(s, i)
return
def _parse_len(self, s, i):
while i < len(s):
c = s[i]
if c < '0' or '9' < c:
self._parse = self._parse_sep
break
self._length *= 10
self._length += ord(c)-48
i += 1
return i
def _parse_sep(self, s, i):
if s[i] != ':': raise SyntaxError(i)
self._parse = self._parse_data
return i+1
def _parse_data(self, s, i):
n = min(self._length, len(s)-i)
self._data += s[i:i+n]
self._length -= n
if self._length == 0:
self._parse = self._parse_end
return i+n
def _parse_end(self, s, i):
if s[i] != ',': raise SyntaxError(i)
self.add_data(self._data)
self.reset()
return i+1
def add_data(self, data):
self.results.append(data)
return
@classmethod
def parse(klass, s):
self = klass()
self.feed(s)
return self.results
# Icinga 2
# Copyright (C) 2012-2014 Icinga Development Team (http://www.icinga.org)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software Foundation
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
import socket, ssl, pprint, sys, json
def warning(*objs):
print(*objs, file=sys.stderr)
if len(sys.argv) < 6:
warning("Syntax: %s <host> <port> <certfile> <keyfile> <cafile>" % (sys.argv[0]))
sys.exit(1)
host = sys.argv[1]
port = int(sys.argv[2])
certfile = sys.argv[3]
keyfile = sys.argv[4]
cafile = sys.argv[5]
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# require a certificate from the server
ssl_sock = ssl.wrap_socket(s,
keyfile=keyfile,
certfile=certfile,
ca_certs=cafile,
cert_reqs=ssl.CERT_REQUIRED)
ssl_sock.connect((host, port))
cn = None
for rdn in ssl_sock.getpeercert()["subject"][0]:
if rdn[0] == "commonName":
cn = rdn[1]
if cn == None:
warning("Agent certificate does not have a commonName.")
sys.exit(1)
ssl_sock.write('20:{"method":"get_crs"},')
nsp = NetstringParser()
while True:
data = ssl_sock.read()
if not data:
break
nsp.feed(data)
if len(nsp.results) != 1:
warning("Agent returned invalid response: ", repr(nsp.results))
sys.exit(1)
response = json.loads(nsp.results[0])
method = response['method']
if method != "push_crs":
warning("Agent did not return any check results. Make sure you're using the master certificate.")
sys.exit(1)
params = response['params']
for service in params['services']:
print(\
"""apply Service "%s" {
import "agent-service"
assign where host.name == "%s"
}
""" % (service, cn))
# note that closing the SSLSocket will also close the underlying socket
ssl_sock.close()