From 73f34e7f29469dd6f98c72678079b93d2148e6ed Mon Sep 17 00:00:00 2001
From: Thomas Gelf <thomas@gelf.net>
Date: Fri, 5 Feb 2016 16:37:57 +0100
Subject: [PATCH] host/agent: agent setup instructions, with ticket

---
 application/controllers/HostController.php | 25 ++++++-
 application/views/scripts/host/agent.phtml | 82 ++++++++++++++++++++++
 2 files changed, 106 insertions(+), 1 deletion(-)
 create mode 100644 application/views/scripts/host/agent.phtml

diff --git a/application/controllers/HostController.php b/application/controllers/HostController.php
index dc3b4d34..a84ec432 100644
--- a/application/controllers/HostController.php
+++ b/application/controllers/HostController.php
@@ -2,6 +2,7 @@
 
 namespace Icinga\Module\Director\Controllers;
 
+use Icinga\Module\Director\Util;
 use Icinga\Module\Director\Web\Controller\ObjectController;
 
 class HostController extends ObjectController
@@ -10,11 +11,21 @@ class HostController extends ObjectController
     {
         parent::init();
         if ($this->object) {
-            $this->getTabs()->add('services', array(
+            $tabs = $this->getTabs();
+            $tabs->add('services', array(
                 'url'       => 'director/host/services',
                 'urlParams' => array('name' => $this->object->object_name),
                 'label'     => 'Services'
             ));
+            if ($this->object->object_type === 'object'
+                && $this->object->getResolvedProperty('has_agent') === 'y'
+            ) {
+                $tabs->add('agent', array(
+                    'url'       => 'director/host/agent',
+                    'urlParams' => array('name' => $this->object->object_name),
+                    'label'     => 'Agent'
+                ));
+            }
         }
     }
 
@@ -25,4 +36,16 @@ class HostController extends ObjectController
         $this->view->table = $this->loadTable('IcingaService')->enforceFilter('host_id', $this->object->id)->setConnection($this->db());
         $this->render('objects/table', null, true);
     }
+
+    public function agentAction()
+    {
+        $this->getTabs()->activate('agent');
+        $this->view->title = 'Agent deployment instructions';
+        // TODO: Fail when no ticket
+        $this->view->certname = $this->object->object_name;
+        $this->view->ticket = Util::getIcingaTicket($this->view->certname, $this->api()->getTicketSalt());
+        $this->view->master = 'master'; // TODO: Change this!!
+        $this->view->masterzone = 'master';
+        $this->view->globalzone = 'director-global';
+    }
 }
diff --git a/application/views/scripts/host/agent.phtml b/application/views/scripts/host/agent.phtml
new file mode 100644
index 00000000..ddf09a8e
--- /dev/null
+++ b/application/views/scripts/host/agent.phtml
@@ -0,0 +1,82 @@
+<div class="controls">
+<?= $this->tabs ?>
+<h1><?= $this->escape($this->title) ?></h1>
+</div>
+
+<div class="content">
+<?php
+$cert   = $this->escape($this->certname);
+$master = $this->escape($this->master);
+?>
+<h3>When using the node wizard</h3>
+<p>Ticket salt: <?= $this->escape($ticket) ?></p>
+<h3>Linux commandline</h3>
+<p>Just copy &amp; paste this script (and please scroll down for a corresponding icinga2.cfg):</p>
+<pre>
+#!/bin/bash
+
+# TODO, Eventually:
+# apt-get install --no-install-recommends icinga2 nagios-plugins
+# or yum install ...
+
+# This generates and signs your required certificates
+
+ICINGA_PKI_DIR=/etc/icinga2/pki
+ICINGA_USER=nagios
+chown $ICINGA_USER $ICINGA_PKI_DIR
+
+icinga2 pki new-cert --cn <?= $cert ?> \
+--key $ICINGA_PKI_DIR/<?= $cert ?>.key \
+--cert $ICINGA_PKI_DIR/<?= $cert ?>.crt
+
+icinga2 pki save-cert --key $ICINGA_PKI_DIR/<?= $cert ?>.key \
+--trustedcert $ICINGA_PKI_DIR/trusted-master.crt \
+--host <?= $master ?> 
+
+icinga2 pki request --host <?= $master ?> \
+--port 5665 \
+--ticket <?= $this->escape($ticket) ?> \
+--key $ICINGA_PKI_DIR/<?= $cert ?>.key \
+--cert $ICINGA_PKI_DIR/<?= $cert ?>.crt \
+--trustedcert $ICINGA_PKI_DIR/trusted-master.crt \
+--ca $ICINGA_PKI_DIR/ca.crt
+</pre>
+
+<h2>/etc/icinga2/icinga2.conf</h2>
+<pre>
+/** Icinga 2 Config - proposed by Icinga Director */
+
+include "constants.conf"
+include &lt;itl&gt;
+include &lt;plugins&gt;
+include &lt;plugins-contrib&gt;
+
+object FileLogger "main-log" {
+  severity = "information"
+  path = LocalStateDir + "/log/icinga2/icinga2.log"
+}
+
+// TODO: improve establish connection handling
+object Endpoint "<?= $cert ?>" {}
+object Endpoint "<?= $master ?>" {}
+object Zone "<?= $masterzone ?>" {
+  endpoints = [ "<?= $master ?>" ]
+  // TODO: all endpoints in master zone
+}
+
+object Zone "<?= $globalzone ?>" { global = true }
+
+object Zone "<?= $cert ?>" {
+  parent = "<?= $master ?>"
+  endpoints = [ "<?= $cert ?>" ]
+}
+
+object ApiListener "api" {
+  cert_path = SysconfDir + "/icinga2/pki/<?= $cert ?>.crt"
+  key_path = SysconfDir + "/icinga2/pki/<?= $cert ?>.key"
+  ca_path = SysconfDir + "/icinga2/pki/ca.crt"
+  accept_commands = true
+  accept_config = true
+}
+</pre>
+</div>