host/agent: agent setup instructions, with ticket
This commit is contained in:
Thomas Gelf
parent
d709ebc05f
commit
73f34e7f29
|
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
namespace Icinga\Module\Director\Controllers;
|
namespace Icinga\Module\Director\Controllers;
|
||||||
|
|
||||||
|
use Icinga\Module\Director\Util;
|
||||||
use Icinga\Module\Director\Web\Controller\ObjectController;
|
use Icinga\Module\Director\Web\Controller\ObjectController;
|
||||||
|
|
||||||
class HostController extends ObjectController
|
class HostController extends ObjectController
|
||||||
|
|
@ -10,11 +11,21 @@ class HostController extends ObjectController
|
||||||
{
|
{
|
||||||
parent::init();
|
parent::init();
|
||||||
if ($this->object) {
|
if ($this->object) {
|
||||||
$this->getTabs()->add('services', array(
|
$tabs = $this->getTabs();
|
||||||
|
$tabs->add('services', array(
|
||||||
'url' => 'director/host/services',
|
'url' => 'director/host/services',
|
||||||
'urlParams' => array('name' => $this->object->object_name),
|
'urlParams' => array('name' => $this->object->object_name),
|
||||||
'label' => 'Services'
|
'label' => 'Services'
|
||||||
));
|
));
|
||||||
|
if ($this->object->object_type === 'object'
|
||||||
|
&& $this->object->getResolvedProperty('has_agent') === 'y'
|
||||||
|
) {
|
||||||
|
$tabs->add('agent', array(
|
||||||
|
'url' => 'director/host/agent',
|
||||||
|
'urlParams' => array('name' => $this->object->object_name),
|
||||||
|
'label' => 'Agent'
|
||||||
|
));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -25,4 +36,16 @@ class HostController extends ObjectController
|
||||||
$this->view->table = $this->loadTable('IcingaService')->enforceFilter('host_id', $this->object->id)->setConnection($this->db());
|
$this->view->table = $this->loadTable('IcingaService')->enforceFilter('host_id', $this->object->id)->setConnection($this->db());
|
||||||
$this->render('objects/table', null, true);
|
$this->render('objects/table', null, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function agentAction()
|
||||||
|
{
|
||||||
|
$this->getTabs()->activate('agent');
|
||||||
|
$this->view->title = 'Agent deployment instructions';
|
||||||
|
// TODO: Fail when no ticket
|
||||||
|
$this->view->certname = $this->object->object_name;
|
||||||
|
$this->view->ticket = Util::getIcingaTicket($this->view->certname, $this->api()->getTicketSalt());
|
||||||
|
$this->view->master = 'master'; // TODO: Change this!!
|
||||||
|
$this->view->masterzone = 'master';
|
||||||
|
$this->view->globalzone = 'director-global';
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,82 @@
|
||||||
|
<div class="controls">
|
||||||
|
<?= $this->tabs ?>
|
||||||
|
<h1><?= $this->escape($this->title) ?></h1>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="content">
|
||||||
|
<?php
|
||||||
|
$cert = $this->escape($this->certname);
|
||||||
|
$master = $this->escape($this->master);
|
||||||
|
?>
|
||||||
|
<h3>When using the node wizard</h3>
|
||||||
|
<p>Ticket salt: <?= $this->escape($ticket) ?></p>
|
||||||
|
<h3>Linux commandline</h3>
|
||||||
|
<p>Just copy & paste this script (and please scroll down for a corresponding icinga2.cfg):</p>
|
||||||
|
<pre>
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# TODO, Eventually:
|
||||||
|
# apt-get install --no-install-recommends icinga2 nagios-plugins
|
||||||
|
# or yum install ...
|
||||||
|
|
||||||
|
# This generates and signs your required certificates
|
||||||
|
|
||||||
|
ICINGA_PKI_DIR=/etc/icinga2/pki
|
||||||
|
ICINGA_USER=nagios
|
||||||
|
chown $ICINGA_USER $ICINGA_PKI_DIR
|
||||||
|
|
||||||
|
icinga2 pki new-cert --cn <?= $cert ?> \
|
||||||
|
--key $ICINGA_PKI_DIR/<?= $cert ?>.key \
|
||||||
|
--cert $ICINGA_PKI_DIR/<?= $cert ?>.crt
|
||||||
|
|
||||||
|
icinga2 pki save-cert --key $ICINGA_PKI_DIR/<?= $cert ?>.key \
|
||||||
|
--trustedcert $ICINGA_PKI_DIR/trusted-master.crt \
|
||||||
|
--host <?= $master ?>
|
||||||
|
|
||||||
|
icinga2 pki request --host <?= $master ?> \
|
||||||
|
--port 5665 \
|
||||||
|
--ticket <?= $this->escape($ticket) ?> \
|
||||||
|
--key $ICINGA_PKI_DIR/<?= $cert ?>.key \
|
||||||
|
--cert $ICINGA_PKI_DIR/<?= $cert ?>.crt \
|
||||||
|
--trustedcert $ICINGA_PKI_DIR/trusted-master.crt \
|
||||||
|
--ca $ICINGA_PKI_DIR/ca.crt
|
||||||
|
</pre>
|
||||||
|
|
||||||
|
<h2>/etc/icinga2/icinga2.conf</h2>
|
||||||
|
<pre>
|
||||||
|
/** Icinga 2 Config - proposed by Icinga Director */
|
||||||
|
|
||||||
|
include "constants.conf"
|
||||||
|
include <itl>
|
||||||
|
include <plugins>
|
||||||
|
include <plugins-contrib>
|
||||||
|
|
||||||
|
object FileLogger "main-log" {
|
||||||
|
severity = "information"
|
||||||
|
path = LocalStateDir + "/log/icinga2/icinga2.log"
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO: improve establish connection handling
|
||||||
|
object Endpoint "<?= $cert ?>" {}
|
||||||
|
object Endpoint "<?= $master ?>" {}
|
||||||
|
object Zone "<?= $masterzone ?>" {
|
||||||
|
endpoints = [ "<?= $master ?>" ]
|
||||||
|
// TODO: all endpoints in master zone
|
||||||
|
}
|
||||||
|
|
||||||
|
object Zone "<?= $globalzone ?>" { global = true }
|
||||||
|
|
||||||
|
object Zone "<?= $cert ?>" {
|
||||||
|
parent = "<?= $master ?>"
|
||||||
|
endpoints = [ "<?= $cert ?>" ]
|
||||||
|
}
|
||||||
|
|
||||||
|
object ApiListener "api" {
|
||||||
|
cert_path = SysconfDir + "/icinga2/pki/<?= $cert ?>.crt"
|
||||||
|
key_path = SysconfDir + "/icinga2/pki/<?= $cert ?>.key"
|
||||||
|
ca_path = SysconfDir + "/icinga2/pki/ca.crt"
|
||||||
|
accept_commands = true
|
||||||
|
accept_config = true
|
||||||
|
}
|
||||||
|
</pre>
|
||||||
|
</div>
|
||||||
Loading…
Reference in New Issue