inital commit - various scripts

author: Sam Chudnick <sam@chudnick.com> 2022-04-15 21:08:34 -0400
committer: Sam Chudnick <sam@chudnick.com> 2022-04-15 21:08:34 -0400
commit: 85c561f9a32f8f2b9ddf34e7d60ef4b7bf0d3680 (patch)
tree: 637c319270201555d66f9bf1cbcc63d893405e69 /monitoring/icinga-agent
1 files changed, 108 insertions, 0 deletions
diff --git a/monitoring/icinga-agent b/monitoring/icinga-agent
new file mode 100755
index 0000000..328d65b
--- /dev/null
+++ b/monitoring/icinga-agent
@@ -0,0 +1,108 @@
+#!/bin/sh
+#
+# Configirues an icinga2 agent (with on-demand csr signing)
+icingauser="nagios"
+certdir="/etc/icinga2/pki"
+api_certdir="/var/lib/icinga2/certs"
+nodename="$(hostname)"
+global_zone="director-global"
+master_fqdn=""
+# Install packages
+apt install -y icinga2 monitoring-plugins monitoring-plugins-contrib
+# Register with master via self-service API
+apikey=""
+displayname=""
+# Not pretty but gets the job done
+dev="$(ip link | grep ^2: | head -1 | cut -d':' -f 2 | tr -d ' ')"
+ipv4="$(ip addr show $dev | grep "inet " | sed "s/^\s*//;s/\// /" | cut -d ' ' -f 2)"
+ipv6="$(ip addr show $dev | grep "inet6 " | sed "s/^\s*//;s/\// /" | cut -d ' ' -f 2)"
+result=$(curl -i "http://$master_fqdn/icingaweb2/director/self-service/register-host?name=$nodename&key=$apikey" \
+         -H "Accept: application/json" \
+         -X "POST" \
+         -d "{\"display_name\":\"$displayname\",\"address\":\"$ipv4\",\"address6\":\"$ipv6\"}")
+echo $result | grep -q error && \
+                echo "error: unable to register with master (is the api key correct?)" && \
+                exit 2
+# Initialize PKI with master
+icinga2 pki new-cert \
+                --cn "pbs.home.local" \
+                --cert "$certdir/$nodename.crt" \
+                --csr "$certdir/$nodename.csr" \
+                --key "$certdir/$nodename.key"
+icinga2 pki save-cert \
+                --host "$master_fqdn" \
+                --port 5665 \
+                --key "$certdir/$nodename.key" \
+                --trustedcert "$certdir/trusted-master.crt"
+icinga2 pki request \
+                --host "$master_fqdn" \
+                --port 5665 \
+                --key "$certdir/$nodename.key" \
+                --cert "$certdir/$nodename.crt" \
+                --trustedcert "$certdir/trusted-master.crt" \
+                --ca "$certdir/ca.crt" 
+# Deploy config files
+echo "include \"constants.conf\"
+const NodeName = \"$nodename\"
+include \"zones.conf\"
+include \"features-enabled/*.conf\"
+include <itl>
+include <plugins>
+include <plugins-contrib>
+include <manubulon>
+include <windows-plugins>
+include <nscp>" > /etc/icinga2/icinga2.conf
+echo "object Endpoint \"$nodename\" {}
+object Zone \"$nodename\" {
+  parent = \"$master_fqdn\"
+  endpoints = [ \"$nodename\" ]
+}
+object Zone \"$master_fqdn\" {
+  endpoints = [ \"$master_fqdn\" ]
+}
+object Endpoint \"$master_fqdn\" {
+  host = \"$master_fqdn\"
+}
+object Zone \"$global_zone\" {
+  global = true
+}" > /etc/icinga2/zones.conf
+echo "object ApiListener \"api\" {
+  accept_commands = true
+  accept_config = true
+}" > /etc/icinga2/features-available/api.conf
+# Enable API
+icinga2 feature enable api
+mkdir -p $api_certdir
+cp $certdir/$nodename.crt $certdir/$nodename.key $certdir/ca.crt $api_certdir/
+chown -R $icingauser:$icingauser $api_certdir/
+# Next step
+echo "
+NOW
+Run the following on the Icinga master:
+fpr=\"\$(icinga2 ca list | tail -1 | cut -d '|' -f 1)\"
+icinga2 ca sign \$fpr
+THEN
+Restart icinga2 on the agent:
+\"systemctl restart icinga2\"
+"
author	Sam Chudnick <sam@chudnick.com>	2022-04-15 21:08:34 -0400
committer	Sam Chudnick <sam@chudnick.com>	2022-04-15 21:08:34 -0400
commit	85c561f9a32f8f2b9ddf34e7d60ef4b7bf0d3680 (patch)
tree	637c319270201555d66f9bf1cbcc63d893405e69 /monitoring/icinga-agent

diff --git a/monitoring/icinga-agent b/monitoring/icinga-agent new file mode 100755 index 0000000..328d65b --- /dev/null +++ b/monitoring/icinga-agent
@@ -0,0 +1,108 @@
	1	#!/bin/sh
	2	#
	3	# Configirues an icinga2 agent (with on-demand csr signing)
	4
	5	icingauser="nagios"
	6	certdir="/etc/icinga2/pki"
	7	api_certdir="/var/lib/icinga2/certs"
	8	nodename="$(hostname)"
	9	global_zone="director-global"
	10	master_fqdn=""
	11
	12	# Install packages
	13	apt install -y icinga2 monitoring-plugins monitoring-plugins-contrib
	14
	15	# Register with master via self-service API
	16	apikey=""
	17	displayname=""
	18	# Not pretty but gets the job done
	19	dev="$(ip link \| grep ^2: \| head -1 \| cut -d':' -f 2 \| tr -d ' ')"
	20	ipv4="$(ip addr show $dev \| grep "inet " \| sed "s/^\s*//;s/\// /" \| cut -d ' ' -f 2)"
	21	ipv6="$(ip addr show $dev \| grep "inet6 " \| sed "s/^\s*//;s/\// /" \| cut -d ' ' -f 2)"
	22
	23	result=$(curl -i "http://$master_fqdn/icingaweb2/director/self-service/register-host?name=$nodename&key=$apikey" \
	24	-H "Accept: application/json" \
	25	-X "POST" \
	26	-d "{\"display_name\":\"$displayname\",\"address\":\"$ipv4\",\"address6\":\"$ipv6\"}")
	27	echo $result \| grep -q error && \
	28	echo "error: unable to register with master (is the api key correct?)" && \
	29	exit 2
	30
	31
	32	# Initialize PKI with master
	33	icinga2 pki new-cert \
	34	--cn "pbs.home.local" \
	35	--cert "$certdir/$nodename.crt" \
	36	--csr "$certdir/$nodename.csr" \
	37	--key "$certdir/$nodename.key"
	38
	39
	40	icinga2 pki save-cert \
	41	--host "$master_fqdn" \
	42	--port 5665 \
	43	--key "$certdir/$nodename.key" \
	44	--trustedcert "$certdir/trusted-master.crt"
	45
	46	icinga2 pki request \
	47	--host "$master_fqdn" \
	48	--port 5665 \
	49	--key "$certdir/$nodename.key" \
	50	--cert "$certdir/$nodename.crt" \
	51	--trustedcert "$certdir/trusted-master.crt" \
	52	--ca "$certdir/ca.crt"
	53
	54	# Deploy config files
	55	echo "include \"constants.conf\"
	56	const NodeName = \"$nodename\"
	57	include \"zones.conf\"
	58	include \"features-enabled/*.conf\"
	59	include <itl>
	60	include <plugins>
	61	include <plugins-contrib>
	62	include <manubulon>
	63	include <windows-plugins>
	64	include <nscp>" > /etc/icinga2/icinga2.conf
	65
	66	echo "object Endpoint \"$nodename\" {}
	67	object Zone \"$nodename\" {
	68	parent = \"$master_fqdn\"
	69	endpoints = [ \"$nodename\" ]
	70	}
	71	object Zone \"$master_fqdn\" {
	72	endpoints = [ \"$master_fqdn\" ]
	73	}
	74	object Endpoint \"$master_fqdn\" {
	75	host = \"$master_fqdn\"
	76	}
	77	object Zone \"$global_zone\" {
	78	global = true
	79	}" > /etc/icinga2/zones.conf
	80
	81	echo "object ApiListener \"api\" {
	82	accept_commands = true
	83	accept_config = true
	84	}" > /etc/icinga2/features-available/api.conf
	85
	86	# Enable API
	87	icinga2 feature enable api
	88	mkdir -p $api_certdir
	89	cp $certdir/$nodename.crt $certdir/$nodename.key $certdir/ca.crt $api_certdir/
	90	chown -R $icingauser:$icingauser $api_certdir/
	91
	92	# Next step
	93	echo "
	94
	95	NOW
	96
	97	Run the following on the Icinga master:
	98	fpr=\"\$(icinga2 ca list \| tail -1 \| cut -d '\|' -f 1)\"
	99	icinga2 ca sign \$fpr
	100
	101
	102	THEN
	103
	104	Restart icinga2 on the agent:
	105	\"systemctl restart icinga2\"
	106
	107	"
	108