summaryrefslogtreecommitdiff
path: root/monitoring
diff options
context:
space:
mode:
authorSam Chudnick <sam@chudnick.com>2022-04-15 21:08:34 -0400
committerSam Chudnick <sam@chudnick.com>2022-04-15 21:08:34 -0400
commit85c561f9a32f8f2b9ddf34e7d60ef4b7bf0d3680 (patch)
tree637c319270201555d66f9bf1cbcc63d893405e69 /monitoring
inital commit - various scripts
Diffstat (limited to 'monitoring')
-rwxr-xr-xmonitoring/icinga-agent108
-rwxr-xr-xmonitoring/icinga-master120
2 files changed, 228 insertions, 0 deletions
diff --git a/monitoring/icinga-agent b/monitoring/icinga-agent
new file mode 100755
index 0000000..328d65b
--- /dev/null
+++ b/monitoring/icinga-agent
@@ -0,0 +1,108 @@
1#!/bin/sh
2#
3# Configirues an icinga2 agent (with on-demand csr signing)
4
5icingauser="nagios"
6certdir="/etc/icinga2/pki"
7api_certdir="/var/lib/icinga2/certs"
8nodename="$(hostname)"
9global_zone="director-global"
10master_fqdn=""
11
12# Install packages
13apt install -y icinga2 monitoring-plugins monitoring-plugins-contrib
14
15# Register with master via self-service API
16apikey=""
17displayname=""
18# Not pretty but gets the job done
19dev="$(ip link | grep ^2: | head -1 | cut -d':' -f 2 | tr -d ' ')"
20ipv4="$(ip addr show $dev | grep "inet " | sed "s/^\s*//;s/\// /" | cut -d ' ' -f 2)"
21ipv6="$(ip addr show $dev | grep "inet6 " | sed "s/^\s*//;s/\// /" | cut -d ' ' -f 2)"
22
23result=$(curl -i "http://$master_fqdn/icingaweb2/director/self-service/register-host?name=$nodename&key=$apikey" \
24 -H "Accept: application/json" \
25 -X "POST" \
26 -d "{\"display_name\":\"$displayname\",\"address\":\"$ipv4\",\"address6\":\"$ipv6\"}")
27echo $result | grep -q error && \
28 echo "error: unable to register with master (is the api key correct?)" && \
29 exit 2
30
31
32# Initialize PKI with master
33icinga2 pki new-cert \
34 --cn "pbs.home.local" \
35 --cert "$certdir/$nodename.crt" \
36 --csr "$certdir/$nodename.csr" \
37 --key "$certdir/$nodename.key"
38
39
40icinga2 pki save-cert \
41 --host "$master_fqdn" \
42 --port 5665 \
43 --key "$certdir/$nodename.key" \
44 --trustedcert "$certdir/trusted-master.crt"
45
46icinga2 pki request \
47 --host "$master_fqdn" \
48 --port 5665 \
49 --key "$certdir/$nodename.key" \
50 --cert "$certdir/$nodename.crt" \
51 --trustedcert "$certdir/trusted-master.crt" \
52 --ca "$certdir/ca.crt"
53
54# Deploy config files
55echo "include \"constants.conf\"
56const NodeName = \"$nodename\"
57include \"zones.conf\"
58include \"features-enabled/*.conf\"
59include <itl>
60include <plugins>
61include <plugins-contrib>
62include <manubulon>
63include <windows-plugins>
64include <nscp>" > /etc/icinga2/icinga2.conf
65
66echo "object Endpoint \"$nodename\" {}
67object Zone \"$nodename\" {
68 parent = \"$master_fqdn\"
69 endpoints = [ \"$nodename\" ]
70}
71object Zone \"$master_fqdn\" {
72 endpoints = [ \"$master_fqdn\" ]
73}
74object Endpoint \"$master_fqdn\" {
75 host = \"$master_fqdn\"
76}
77object Zone \"$global_zone\" {
78 global = true
79}" > /etc/icinga2/zones.conf
80
81echo "object ApiListener \"api\" {
82 accept_commands = true
83 accept_config = true
84}" > /etc/icinga2/features-available/api.conf
85
86# Enable API
87icinga2 feature enable api
88mkdir -p $api_certdir
89cp $certdir/$nodename.crt $certdir/$nodename.key $certdir/ca.crt $api_certdir/
90chown -R $icingauser:$icingauser $api_certdir/
91
92# Next step
93echo "
94
95NOW
96
97Run the following on the Icinga master:
98fpr=\"\$(icinga2 ca list | tail -1 | cut -d '|' -f 1)\"
99icinga2 ca sign \$fpr
100
101
102THEN
103
104Restart icinga2 on the agent:
105\"systemctl restart icinga2\"
106
107"
108
diff --git a/monitoring/icinga-master b/monitoring/icinga-master
new file mode 100755
index 0000000..ed82bc5
--- /dev/null
+++ b/monitoring/icinga-master
@@ -0,0 +1,120 @@
1#!/bin/sh
2#
3# Configuration for an Iciniga2 master (with icingaweb2, director, and mysql backend)
4
5ido_user="icinga2"
6ido_password="changeme"
7
8icingaweb2_user="icingaweb2"
9icingaweb2_password="changeme"
10
11director_user="director"
12director_password="changeme"
13
14admin_user="admin"
15admin_password="changeme"
16
17# Install packages
18apt install -y incinga2 icingaweb2 icinga2-ido-mysql icingaweb2-module-director \
19 monitoring-plugins monitoring-plugins-contrib
20
21# Secure mysql
22mysql_secure_installation
23
24# Create primary monitoring database
25mysql -u root -e "CREATE DATABASE icinga2;
26GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE
27ON icinga2.* TO '$ido_user'@'localhost' IDENTIFIED BY '$ido_password';
28FLUSH PRIVILEGES; "
29mysql -u root icinga2 </usr/share/icinga2-ido-mysql/scheme/mysql.sql
30echo "library \"db_ido_mysql\"
31object IdoMysqlConnection \"ido-mysql\" {
32 user = \"$ido_user\",
33 password = \"$ido_password\",
34 host = \"localhost\",
35 databse = \"icinga2\"
36}" > /etc/icinga2/features-available/ido-mysql.conf
37icinga2 feature enable ido-mysql
38
39# Create icingaweb2 database
40mysql -u root -e "CREATE DATABASE icingaweb2;
41GRANT ALL ON icingaweb2.* TO '$icingaweb2_user'@'localhost'
42IDENTIFIED BY '$icingaweb2_password';
43FLUSH PRIVILEGES;"
44mysql icingaweb2 </usr/share/icingaweb2/etc/scheme/mysql.schema.sql
45# Create initial admin user to login to icingaweb2
46passhash="$(php -r "echo password_hash(\"$admin_password\", PASSWORD_DEFAULT);")"
47mysql -u root -e "USE icingaweb2;
48INSERT INTO icingaweb_user (name, active, password_hash)
49VALUES (\"$admin_user\", 1, \"$passhash\");
50FLUSH PRIVILEGES; "
51
52# Create director database
53mysql -u root -e "CREATE DATABASE director CHARACTER SET 'utf8';
54GRANT ALL on director.* TO '$director_user'@'localhost'
55IDENTIFIED BY '$director_password';
56FLUSH PRIVILEGES;"
57icingacli module enable director
58icingacli director migration run --verbose
59
60# Setup API
61icinga2 api setup
62
63# Restart service
64systemctl restart icinga2
65
66
67# -- Icingaweb2 Configuration --
68
69# Configure authentication
70echo "[icingaweb2]
71backend = \"db\"
72resource = \"icingaweb2\"
73" > /etc/icingaweb2/authentication.ini
74
75# Configure resources
76echo "[icinga2]
77type = \"db\"
78db = \"mysql\"
79host \"localhost\"
80port = \"\"
81dbname = \"icinga2\"
82username = \"$icinga2_user\"
83password = \"$icinga2_password\"
84charset = \"\"
85use_ssl = \"0\"
86
87[icingaweb2]
88type = \"db\"
89db = \"mysql\"
90host \"localhost\"
91port = \"\"
92dbname = \"icingaweb2\"
93username = \"$icingaweb2_user\"
94password = \"$icingaweb2_password\"
95charset = \"\"
96use_ssl = \"0\"
97
98[icingaweb2]
99type = \"db\"
100db = \"mysql\"
101host \"localhost\"
102port = \"\"
103dbname = \"director\"
104username = \"$director_user\"
105password = \"$director_password\"
106charset = \"utf8\"
107use_ssl = \"0\"
108" > /etc/icingaweb2/resources.ini
109
110# Configure roles
111echo "[admins]
112users = \"$admin_user\"
113permissions = \"*\" " > /etc/icingaweb2/roles.ini
114
115# Configure director
116echo "[db]
117resource = \"director\"
118" > /etc/icingaweb2/modules/director/config.ini
119
120echo "NOW\nBrowse to http://$(hostname)/icingaweb2/ and login as $admin_user"