1 files changed, 67 insertions, 32 deletions
diff --git a/monitoring/icinga-master b/monitoring/icinga-master
index ed82bc5..f8cedd1 100755
--- a/monitoring/icinga-master
+++ b/monitoring/icinga-master
@@ -15,57 +15,60 @@ admin_user="admin"
 admin_password="changeme"
 # Install packages
-apt install -y incinga2 icingaweb2 icinga2-ido-mysql icingaweb2-module-director \
+apt install -y icinga2 icingaweb2 icinga2-ido-mysql icingaweb2-module-director \
-                           monitoring-plugins monitoring-plugins-contrib
+                           monitoring-plugins monitoring-plugins-contrib default-mysql-server
 # Secure mysql
 mysql_secure_installation
 # Create primary monitoring database
-mysql -u root -e "CREATE DATABASE icinga2;
+echo "Creating IDO database..."
-GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE
+mysql -u root -e "CREATE DATABASE icinga2; GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE ON icinga2.* TO '$ido_user'@'localhost' IDENTIFIED BY '$ido_password'; FLUSH PRIVILEGES;"
-ON icinga2.* TO '$ido_user'@'localhost' IDENTIFIED BY '$ido_password';
+mysql -u root icinga2 </usr/share/icinga2-ido-mysql/schema/mysql.sql
-FLUSH PRIVILEGES; "
-mysql -u root icinga2 </usr/share/icinga2-ido-mysql/scheme/mysql.sql
 echo "library \"db_ido_mysql\"
 object IdoMysqlConnection \"ido-mysql\" {
  user = \"$ido_user\",
  password = \"$ido_password\",
  host = \"localhost\",
-  databse = \"icinga2\"
+  database = \"icinga2\"
 }" > /etc/icinga2/features-available/ido-mysql.conf
 icinga2 feature enable ido-mysql
 # Create icingaweb2 database
-mysql -u root -e "CREATE DATABASE icingaweb2;
+echo "Creating icingaweb2 database..."
-GRANT ALL ON icingaweb2.* TO '$icingaweb2_user'@'localhost'
+mysql -u root -e "CREATE DATABASE icingaweb2;GRANT ALL ON icingaweb2.* TO '$icingaweb2_user'@'localhost' IDENTIFIED BY '$icingaweb2_password'; FLUSH PRIVILEGES;"
-IDENTIFIED BY '$icingaweb2_password';
+mysql icingaweb2 </usr/share/icingaweb2/etc/schema/mysql.schema.sql
-FLUSH PRIVILEGES;"
-mysql icingaweb2 </usr/share/icingaweb2/etc/scheme/mysql.schema.sql
 # Create initial admin user to login to icingaweb2
 passhash="$(php -r "echo password_hash(\"$admin_password\", PASSWORD_DEFAULT);")"
-mysql -u root -e "USE icingaweb2; 
+mysql -u root -e "USE icingaweb2; INSERT INTO icingaweb_user (name, active, password_hash) VALUES (\"$admin_user\", 1, \"$passhash\"); FLUSH PRIVILEGES;"
-INSERT INTO icingaweb_user (name, active, password_hash)
-VALUES (\"$admin_user\", 1, \"$passhash\");
-FLUSH PRIVILEGES; "
 # Create director database
-mysql -u root -e "CREATE DATABASE director CHARACTER SET 'utf8';
+echo "Creating director database..."
-GRANT ALL on director.* TO '$director_user'@'localhost'
+mysql -u root -e "CREATE DATABASE director CHARACTER SET 'utf8'; GRANT ALL on director.* TO '$director_user'@'localhost' IDENTIFIED BY '$director_password';FLUSH PRIVILEGES;"
-IDENTIFIED BY '$director_password';
-FLUSH PRIVILEGES;"
-icingacli module enable director
-icingacli director migration run --verbose
 # Setup API
+echo "Setting up API..."
 icinga2 api setup
 # Restart service
 systemctl restart icinga2
+# Configure web server
+websrv=
+webstr=
+[ -d /etc/apache2 ] && websrv="apache" && webstr="apache2"
+[ -d /etc/nginx ] && websrv="nginx" && webstr="nginx"
+sitefile="/etc/$webstr/sites-available/icingaweb2.conf"
+icingacli module enable setup
+icingacli setup config webserver $websrv --file $sitefile
+ln -s $sitefile /etc/$webstr/sites-enabled
+[ "$websrv" = "apache" ] && a2enmod ssl && a2enmod php7.4 && a2enconf icingaweb2 && a2ensite default-ssl.conf
+systemctl restart $webstr
+icingacli module disable setup
-# -- Icingaweb2 Configuration --
+# -- Icingaweb2 Configuration --
+echo "Configuring icingaweb2..."
 # Configure authentication
 echo "[icingaweb2]
 backend = \"db\"
@@ -76,18 +79,18 @@ resource = \"icingaweb2\"
 echo "[icinga2]
 type = \"db\"
 db = \"mysql\"
-host \"localhost\"
+host = \"localhost\"
 port = \"\"
 dbname = \"icinga2\"
-username = \"$icinga2_user\"
+username = \"$ido_user\"
-password = \"$icinga2_password\"
+password = \"$ido_password\"
 charset = \"\"
 use_ssl = \"0\"
 [icingaweb2]
 type = \"db\"
 db = \"mysql\"
-host \"localhost\"
+host = \"localhost\"
 port = \"\"
 dbname = \"icingaweb2\"
 username = \"$icingaweb2_user\"
@@ -95,10 +98,10 @@ password = \"$icingaweb2_password\"
 charset = \"\"
 use_ssl = \"0\"
-[icingaweb2]
+[director]
 type = \"db\"
 db = \"mysql\"
-host \"localhost\"
+host = \"localhost\"
 port = \"\"
 dbname = \"director\"
 username = \"$director_user\"
@@ -112,9 +115,41 @@ echo "[admins]
 users = \"$admin_user\"
 permissions = \"*\" " > /etc/icingaweb2/roles.ini
+# Configure monitoring module
+echo "Configuring monitoring..."
+echo "[icinga]
+type = \"ido\"
+resource = \"icinga2\"
+" > /etc/icingaweb2/modules/monitoring/backends.ini
+api_pass="$(grep password /etc/icinga2/conf.d/api-users.conf | tr -d ' "' | cut -d '=' -f 2)"
+echo "[icinga2]
+transport = \"api\"
+host = \"$(hostname)\"
+port = \"5665\"
+username = \"root\"
+password = \"$api_pass\"
+" > /etc/icingaweb2/modules/monitoring/commandtransports.ini
+echo "[security]
+protected_customvars = \"*pw*,*pass*,*community*\"
+" > /etc/icingaweb2/modules/monitoring/config.ini
 # Configure director
+echo "Configuring director..."
 echo "[db]
 resource = \"director\"
 " > /etc/icingaweb2/modules/director/config.ini
+icingacli module enable director
-echo "NOW\nBrowse to http://$(hostname)/icingaweb2/ and login as $admin_user"
+icingacli director migration run
+echo "[config]
+endpoint = \"monitoring.home.local\"
+username = \"root\"
+password = \"$api_pass\"
+" > /etc/icingaweb2/modules/director/kickstart.ini
+icingacli director kickstart run
+icingacli director config render
+icingacli director config deploy
+shred -uz /etc/icingaweb2/modules/director/kickstart.ini
+echo "\n\nNOW\n\nBrowse to http://$(hostname)/icingaweb2/ and login as $admin_user"

diff --git a/monitoring/icinga-master b/monitoring/icinga-master index ed82bc5..f8cedd1 100755 --- a/monitoring/icinga-master +++ b/monitoring/icinga-master
@@ -15,57 +15,60 @@ admin_user="admin"
15	admin_password="changeme"	15	admin_password="changeme"
16		16
17	# Install packages	17	# Install packages
18	apt install -y incinga2 icingaweb2 icinga2-ido-mysql icingaweb2-module-director \	18	apt install -y icinga2 icingaweb2 icinga2-ido-mysql icingaweb2-module-director \
19	monitoring-plugins monitoring-plugins-contrib	19	monitoring-plugins monitoring-plugins-contrib default-mysql-server
20		20
21	# Secure mysql	21	# Secure mysql
22	mysql_secure_installation	22	mysql_secure_installation
23		23
24	# Create primary monitoring database	24	# Create primary monitoring database
25	mysql -u root -e "CREATE DATABASE icinga2;	25	echo "Creating IDO database..."
26	GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE	26	mysql -u root -e "CREATE DATABASE icinga2; GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE ON icinga2.* TO '$ido_user'@'localhost' IDENTIFIED BY '$ido_password'; FLUSH PRIVILEGES;"
27	ON icinga2.* TO '$ido_user'@'localhost' IDENTIFIED BY '$ido_password';	27	mysql -u root icinga2 </usr/share/icinga2-ido-mysql/schema/mysql.sql
28	FLUSH PRIVILEGES; "
29	mysql -u root icinga2 </usr/share/icinga2-ido-mysql/scheme/mysql.sql
30	echo "library \"db_ido_mysql\"	28	echo "library \"db_ido_mysql\"
31	object IdoMysqlConnection \"ido-mysql\" {	29	object IdoMysqlConnection \"ido-mysql\" {
32	user = \"$ido_user\",	30	user = \"$ido_user\",
33	password = \"$ido_password\",	31	password = \"$ido_password\",
34	host = \"localhost\",	32	host = \"localhost\",
35	databse = \"icinga2\"	33	database = \"icinga2\"
36	}" > /etc/icinga2/features-available/ido-mysql.conf	34	}" > /etc/icinga2/features-available/ido-mysql.conf
37	icinga2 feature enable ido-mysql	35	icinga2 feature enable ido-mysql
38		36
39	# Create icingaweb2 database	37	# Create icingaweb2 database
40	mysql -u root -e "CREATE DATABASE icingaweb2;	38	echo "Creating icingaweb2 database..."
41	GRANT ALL ON icingaweb2.* TO '$icingaweb2_user'@'localhost'	39	mysql -u root -e "CREATE DATABASE icingaweb2;GRANT ALL ON icingaweb2.* TO '$icingaweb2_user'@'localhost' IDENTIFIED BY '$icingaweb2_password'; FLUSH PRIVILEGES;"
42	IDENTIFIED BY '$icingaweb2_password';	40	mysql icingaweb2 </usr/share/icingaweb2/etc/schema/mysql.schema.sql
43	FLUSH PRIVILEGES;"
44	mysql icingaweb2 </usr/share/icingaweb2/etc/scheme/mysql.schema.sql
45	# Create initial admin user to login to icingaweb2	41	# Create initial admin user to login to icingaweb2
46	passhash="$(php -r "echo password_hash(\"$admin_password\", PASSWORD_DEFAULT);")"	42	passhash="$(php -r "echo password_hash(\"$admin_password\", PASSWORD_DEFAULT);")"
47	mysql -u root -e "USE icingaweb2;	43	mysql -u root -e "USE icingaweb2; INSERT INTO icingaweb_user (name, active, password_hash) VALUES (\"$admin_user\", 1, \"$passhash\"); FLUSH PRIVILEGES;"
48	INSERT INTO icingaweb_user (name, active, password_hash)
49	VALUES (\"$admin_user\", 1, \"$passhash\");
50	FLUSH PRIVILEGES; "
51		44
52	# Create director database	45	# Create director database
53	mysql -u root -e "CREATE DATABASE director CHARACTER SET 'utf8';	46	echo "Creating director database..."
54	GRANT ALL on director.* TO '$director_user'@'localhost'	47	mysql -u root -e "CREATE DATABASE director CHARACTER SET 'utf8'; GRANT ALL on director.* TO '$director_user'@'localhost' IDENTIFIED BY '$director_password';FLUSH PRIVILEGES;"
55	IDENTIFIED BY '$director_password';
56	FLUSH PRIVILEGES;"
57	icingacli module enable director
58	icingacli director migration run --verbose
59		48
60	# Setup API	49	# Setup API
		50	echo "Setting up API..."
61	icinga2 api setup	51	icinga2 api setup
62		52
63	# Restart service	53	# Restart service
64	systemctl restart icinga2	54	systemctl restart icinga2
65		55
		56	# Configure web server
		57	websrv=
		58	webstr=
		59	[ -d /etc/apache2 ] && websrv="apache" && webstr="apache2"
		60	[ -d /etc/nginx ] && websrv="nginx" && webstr="nginx"
		61	sitefile="/etc/$webstr/sites-available/icingaweb2.conf"
		62	icingacli module enable setup
		63	icingacli setup config webserver $websrv --file $sitefile
		64	ln -s $sitefile /etc/$webstr/sites-enabled
		65	[ "$websrv" = "apache" ] && a2enmod ssl && a2enmod php7.4 && a2enconf icingaweb2 && a2ensite default-ssl.conf
		66	systemctl restart $webstr
		67	icingacli module disable setup
66		68
67	# -- Icingaweb2 Configuration --
68		69
		70	# -- Icingaweb2 Configuration --
		71	echo "Configuring icingaweb2..."
69	# Configure authentication	72	# Configure authentication
70	echo "[icingaweb2]	73	echo "[icingaweb2]
71	backend = \"db\"	74	backend = \"db\"
@@ -76,18 +79,18 @@ resource = \"icingaweb2\"
76	echo "[icinga2]	79	echo "[icinga2]
77	type = \"db\"	80	type = \"db\"
78	db = \"mysql\"	81	db = \"mysql\"
79	host \"localhost\"	82	host = \"localhost\"
80	port = \"\"	83	port = \"\"
81	dbname = \"icinga2\"	84	dbname = \"icinga2\"
82	username = \"$icinga2_user\"	85	username = \"$ido_user\"
83	password = \"$icinga2_password\"	86	password = \"$ido_password\"
84	charset = \"\"	87	charset = \"\"
85	use_ssl = \"0\"	88	use_ssl = \"0\"
86		89
87	[icingaweb2]	90	[icingaweb2]
88	type = \"db\"	91	type = \"db\"
89	db = \"mysql\"	92	db = \"mysql\"
90	host \"localhost\"	93	host = \"localhost\"
91	port = \"\"	94	port = \"\"
92	dbname = \"icingaweb2\"	95	dbname = \"icingaweb2\"
93	username = \"$icingaweb2_user\"	96	username = \"$icingaweb2_user\"
@@ -95,10 +98,10 @@ password = \"$icingaweb2_password\"
95	charset = \"\"	98	charset = \"\"
96	use_ssl = \"0\"	99	use_ssl = \"0\"
97		100
98	[icingaweb2]	101	[director]
99	type = \"db\"	102	type = \"db\"
100	db = \"mysql\"	103	db = \"mysql\"
101	host \"localhost\"	104	host = \"localhost\"
102	port = \"\"	105	port = \"\"
103	dbname = \"director\"	106	dbname = \"director\"
104	username = \"$director_user\"	107	username = \"$director_user\"
@@ -112,9 +115,41 @@ echo "[admins]
112	users = \"$admin_user\"	115	users = \"$admin_user\"
113	permissions = \"*\" " > /etc/icingaweb2/roles.ini	116	permissions = \"*\" " > /etc/icingaweb2/roles.ini
114		117
		118	# Configure monitoring module
		119	echo "Configuring monitoring..."
		120	echo "[icinga]
		121	type = \"ido\"
		122	resource = \"icinga2\"
		123	" > /etc/icingaweb2/modules/monitoring/backends.ini
		124	api_pass="$(grep password /etc/icinga2/conf.d/api-users.conf \| tr -d ' "' \| cut -d '=' -f 2)"
		125	echo "[icinga2]
		126	transport = \"api\"
		127	host = \"$(hostname)\"
		128	port = \"5665\"
		129	username = \"root\"
		130	password = \"$api_pass\"
		131	" > /etc/icingaweb2/modules/monitoring/commandtransports.ini
		132
		133	echo "[security]
		134	protected_customvars = \"pw,pass,community\"
		135	" > /etc/icingaweb2/modules/monitoring/config.ini
		136
		137
115	# Configure director	138	# Configure director
		139	echo "Configuring director..."
116	echo "[db]	140	echo "[db]
117	resource = \"director\"	141	resource = \"director\"
118	" > /etc/icingaweb2/modules/director/config.ini	142	" > /etc/icingaweb2/modules/director/config.ini
119		143	icingacli module enable director
120	echo "NOW\nBrowse to http://$(hostname)/icingaweb2/ and login as $admin_user"	144	icingacli director migration run
		145	echo "[config]
		146	endpoint = \"monitoring.home.local\"
		147	username = \"root\"
		148	password = \"$api_pass\"
		149	" > /etc/icingaweb2/modules/director/kickstart.ini
		150	icingacli director kickstart run
		151	icingacli director config render
		152	icingacli director config deploy
		153	shred -uz /etc/icingaweb2/modules/director/kickstart.ini
		154
		155	echo "\n\nNOW\n\nBrowse to http://$(hostname)/icingaweb2/ and login as $admin_user"