tyler.durden
/
icingaweb2-module-director
mirror of https://github.com/Icinga/icingaweb2-module-director.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

agent helper: add new linux agent script 

fixes #12910
This commit is contained in:
Christoph Niemann 2016-11-17 23:23:02 +01:00 committed by Thomas Gelf
parent 7dd2ac6b83
commit ddc4b9321b
5 changed files with 206 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
application/controllers/HostController.php
View File

@ -254,6 +254,14 @@ class HostController extends ObjectController
$wizard->setTicketSalt($this->api()->getTicketSalt()); $wizard->setTicketSalt($this->api()->getTicketSalt());
echo preg_replace('/\n/', "\r\n", $wizard->renderWindowsInstaller()); echo preg_replace('/\n/', "\r\n", $wizard->renderWindowsInstaller());
exit; exit;
case 'linux':
header('Content-type: application/octet-stream');
header('Content-Disposition: attachment; filename=icinga2-agent-kickstart.bash');
$wizard = $this->view->wizard = new AgentWizard($this->object);
$wizard->setTicketSalt($this->api()->getTicketSalt());
echo $wizard->renderLinuxInstaller();
exit;
} }
$this->gracefullyActivateTab('agent'); $this->gracefullyActivateTab('agent');
@ -270,6 +278,7 @@ class HostController extends ObjectController
$wizard = $this->view->wizard = new AgentWizard($this->object); $wizard = $this->view->wizard = new AgentWizard($this->object);
$wizard->setTicketSalt($this->api()->getTicketSalt()); $wizard->setTicketSalt($this->api()->getTicketSalt());
$this->view->windows = $wizard->renderWindowsInstaller(); $this->view->windows = $wizard->renderWindowsInstaller();
$this->view->linux = $wizard->renderLinuxInstaller();
} catch (Exception $e) { } catch (Exception $e) {
$this->view->ticket = 'ERROR'; $this->view->ticket = 'ERROR';

70
application/views/scripts/host/agent.phtml
View File

@ -37,72 +37,10 @@ $master = $this->escape($this->master);
'Download', 'Download',
$this->url()->with('download', 'linux'), $this->url()->with('download', 'linux'),
null, null,
array('class' => 'icon-download') array('class' => 'icon-download', 'target' => '_blank')
) ?> ) ?>
<p>Just copy &amp; paste this script (and please scroll down for a corresponding icinga2.conf):</p> <p>Just download and run this script on your Linux Client Machine:</p>
<pre> <pre style="background: black; color: white; height: 14em; overflow: scroll;">
#!/bin/bash <?= $this->escape($this->linux) ?>
# This generates and signs your required certificates. Please do not
# forget to install the Icinga 2 package and your desired monitoring
# plugins first:
ICINGA_PKI_DIR=/etc/icinga2/pki
ICINGA_USER=nagios
chown $ICINGA_USER $ICINGA_PKI_DIR
icinga2 pki new-cert --cn <?= $cert ?> \
--key $ICINGA_PKI_DIR/<?= $cert ?>.key \
--cert $ICINGA_PKI_DIR/<?= $cert ?>.crt
icinga2 pki save-cert --key $ICINGA_PKI_DIR/<?= $cert ?>.key \
--trustedcert $ICINGA_PKI_DIR/trusted-master.crt \
--host <?= $master ?>
icinga2 pki request --host <?= $master ?> \
--port 5665 \
--ticket <?= $this->escape($ticket) ?> \
--key $ICINGA_PKI_DIR/<?= $cert ?>.key \
--cert $ICINGA_PKI_DIR/<?= $cert ?>.crt \
--trustedcert $ICINGA_PKI_DIR/trusted-master.crt \
--ca $ICINGA_PKI_DIR/ca.crt
</pre>
<h2>/etc/icinga2/icinga2.conf</h2>
<pre>
/** Icinga 2 Config - proposed by Icinga Director */
include "constants.conf"
include &lt;itl&gt;
include &lt;plugins&gt;
// include &lt;plugins-contrib&gt;
object FileLogger "main-log" {
severity = "information"
path = LocalStateDir + "/log/icinga2/icinga2.log"
}
// TODO: improve establish connection handling
object Endpoint "<?= $cert ?>" {}
object Endpoint "<?= $master ?>" {}
object Zone "<?= $masterzone ?>" {
endpoints = [ "<?= $master ?>" ]
// TODO: all endpoints in master zone
}
object Zone "<?= $globalzone ?>" { global = true }
object Zone "<?= $cert ?>" {
parent = "<?= $master ?>"
endpoints = [ "<?= $cert ?>" ]
}
object ApiListener "api" {
cert_path = SysconfDir + "/icinga2/pki/<?= $cert ?>.crt"
key_path = SysconfDir + "/icinga2/pki/<?= $cert ?>.key"
ca_path = SysconfDir + "/icinga2/pki/ca.crt"
accept_commands = true
accept_config = true
}
</pre> </pre>
</div> </div>

123
contrib/linux-agent-installer/Icinga2Agent.bash Normal file
View File

@ -0,0 +1,123 @@
# Make sure icinga2 is installed and running
fail() {
echo "ERROR: $1" >&2
exit 1
}
warn() {
echo "$1" >&2
}
echo -n "check: icinga2 installed - "; if icinga2 --version &>/dev/null ; then echo "OK" ; else fail "FAIL, install icinga2 !"; exit 2; fi
[ "$BASH_VERSION" ] || fail "This is a Bash script"
RHEL_SYSCONFIG="/etc/sysconfig/icinga2"
DEB_SYSCONFIG="/usr/lib/icinga2/icinga2"
if [ -f "$RHEL_SYSCONFIG" ]; then
ICINGA2_SYSCONFIG_FILE="$RHEL_SYSCONFIG"
elif [ -f "$DEB_SYSCONFIG" ]; then
ICINGA2_SYSCONFIG_FILE="$DEB_SYSCONFIG"
else
echo "ERROR: couldn't find your Icinga2 sysconfig file"
fi
. "$ICINGA2_SYSCONFIG_FILE"
[ "$ICINGA2_USER" ] || fail "\$ICINGA2_USER has not been defined"
ICINGA2_CONF_DIR=$(dirname "$ICINGA2_CONFIG_FILE")
ICINGA2_SYSCONF_DIR=$(dirname "$ICINGA2_CONF_DIR")
ICINGA2_INSTALL_PREFIX=$(dirname $(dirname "$DAEMON"))
ICINGA2_CA_DIR="${ICINGA2_STATE_DIR}/lib/icinga2/ca"
ICINGA2_SSL_DIR="${ICINGA2_CONF_DIR}/pki"
ICINGA2_CA_PORT="5665"
. "${ICINGA2_INSTALL_PREFIX}/lib/icinga2/prepare-dirs" "${ICINGA2_SYSCONFIG_FILE}"
if ! [ -d $ICINGA2_SSL_DIR ]; then mkdir $ICINGA2_SSL_DIR; fi
chown $ICINGA2_USER $ICINGA2_SSL_DIR
if [ -f "${ICINGA2_SSL_DIR}/${ICINGA2_NODENAME}.crt" ]; then
warn "ERROR: a certificate for '${ICINGA2_NODENAME}' already exists"
warn "Please remove ${ICINGA2_SSL_DIR}/${ICINGA2_NODENAME}.??? in case you want a"
warn "new certificate to be generated and signed by ${ICINGA2_CA_NODE}"
exit 1
fi
"$DAEMON" pki new-cert --cn "${ICINGA2_NODENAME}" \
--cert "${ICINGA2_SSL_DIR}/${ICINGA2_NODENAME}.crt" \
--csr "${ICINGA2_SSL_DIR}/${ICINGA2_NODENAME}.csr" \
--key "${ICINGA2_SSL_DIR}/${ICINGA2_NODENAME}.key"
"$DAEMON" pki save-cert \
--host "${ICINGA2_CA_NODE}" \
--port "${ICINGA2_CA_PORT}" \
--key "${ICINGA2_SSL_DIR}/${ICINGA2_NODENAME}.key" \
--trustedcert "${ICINGA2_SSL_DIR}/trusted-master.crt"
"$DAEMON" pki request \
--host "${ICINGA2_CA_NODE}" \
--port "${ICINGA2_CA_PORT}" \
--ticket "${ICINGA2_CA_TICKET}" \
--key "${ICINGA2_SSL_DIR}/${ICINGA2_NODENAME}.key" \
--cert "${ICINGA2_SSL_DIR}/${ICINGA2_NODENAME}.crt" \
--trustedcert "${ICINGA2_SSL_DIR}/trusted-master.crt" \
--ca "${ICINGA2_SSL_DIR}/ca.crt"
# Write Config Files
CONF_ICINGA2=`cat << EOF
/** Icinga 2 Config - proposed by Icinga Director */
include "constants.conf"
include "zones.conf"
include "features-enabled/*.conf"
include <itl>
include <plugins>
// include <plugins-contrib>
EOF
`
ZONES_ICINGA2=`cat << EOF
/** Icinga 2 Config - proposed by Icinga Director */
// TODO: improve establish connection handling
object Endpoint "${ICINGA2_NODENAME}" {}
object Endpoint "${ICINGA2_CA_NODE}" {}
object Zone "${ICINGA2_PARENT_ZONE}" {
endpoints = [ "$ICINGA2_PARENT_ENDPOINTS" ]
// TODO: all endpoints in master zone
}
object Zone "director-global" { global = true }
object Zone "${ICINGA2_NODENAME}" {
parent = "${ICINGA2_PARENT_ZONE}"
endpoints = [ "$ICINGA2_NODENAME" ]
}
EOF
`
API_ICINGA2=`cat << EOF
/** Icinga 2 Config - proposed by Icinga Director */
object ApiListener "api" {
cert_path = SysconfDir + "/icinga2/pki/${ICINGA2_NODENAME}.crt"
key_path = SysconfDir + "/icinga2/pki/${ICINGA2_NODENAME}.key"
ca_path = SysconfDir + "/icinga2/pki/ca.crt"
accept_commands = true
accept_config = true
}
EOF
`
/usr/bin/printf "%b" "$CONF_ICINGA2" > $ICINGA2_CONF_DIR/icinga2.conf
/usr/bin/printf "%b" "$ZONES_ICINGA2" > $ICINGA2_CONF_DIR/zones.conf
/usr/bin/printf "%b" "$API_ICINGA2" > $ICINGA2_CONF_DIR/features-available/api.conf
icinga2 feature enable api
echo "Please restart icinga2!"
echo "Please restart icinga2!"

6
contrib/linux-agent-installer/Icinga2AgentHead.bash Normal file
View File

@ -0,0 +1,6 @@
#!/bin/bash
# This generates and signs your required certificates. Please do not
# forget to install the Icinga 2 package and your desired monitoring
# plugins first:

64
library/Director/IcingaConfig/AgentWizard.php
View File

@ -194,4 +194,68 @@ class AgentWizard
return $this->db; return $this->db;
} }
public function renderLinuxInstaller()
{
return $this->loadBashModuleHead()
. $this->renderBashParameters(
array(
'ICINGA2_NODENAME' => $this->getCertName(),
'ICINGA2_CA_TICKET' => $this->getTicket(),
'ICINGA2_PARENT_ZONE' => $this->getParentZone()->getObjectName(),
'ICINGA2_PARENT_ENDPOINTS' => array_keys($this->getParentEndpoints()),
'ICINGA2_CA_NODE' => $this->getCaServer(),
)
)
. "\n"
. $this->loadBashModule()
. "\n\n";
}
protected function loadBashModule()
{
return file_get_contents(
dirname(dirname(dirname(__DIR__)))
. '/contrib/linux-agent-installer/Icinga2Agent.bash'
);
}
protected function loadBashModuleHead()
{
return file_get_contents(
dirname(dirname(dirname(__DIR__)))
. '/contrib/linux-agent-installer/Icinga2AgentHead.bash'
);
}
protected function renderBashParameters($parameters)
{
$maxKeyLength = max(array_map('strlen', array_keys($parameters)));
$parts = array();
foreach ($parameters as $key => $value) {
$parts[] = $this->renderBashParameter($key, $value, $maxKeyLength);
}
return implode("\n ", $parts);
}
protected function renderBashParameter($key, $value, $maxKeyLength = null)
{
$ret = $key . '=';
//if ($maxKeyLength !== null) {
// $ret .= str_repeat(' ', $maxKeyLength - strlen($key));
//}
if (is_array($value)) {
$vals = array();
foreach ($value as $val) {
$vals[] = $this->renderPowershellString($val);
}
$ret .= implode(', ', $vals);
} else {
$ret .= $this->renderPowershellString($value);
}
return $ret;
}
} }