From a520bf1bba2c6889c4473bc57354aab4e0f7b8ed Mon Sep 17 00:00:00 2001
From: Sam Chudnick <sam@chudnick.com>
Date: Sun, 17 Apr 2022 12:32:41 -0400
Subject: Added script for configuring InfluxDB and configuring Icinga2 to
 write metrics to InfluxDB.

---
 monitoring/icinga-influx | 97 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 97 insertions(+)
 create mode 100755 monitoring/icinga-influx

diff --git a/monitoring/icinga-influx b/monitoring/icinga-influx
new file mode 100755
index 0000000..c1b7116
--- /dev/null
+++ b/monitoring/icinga-influx
@@ -0,0 +1,97 @@
+#!/bin/sh
+#
+# Configures influxdb and configures icinga2 to write data to influxdb
+# Assumes that influxdb and icinga master are on the same host
+
+dbname="icinga2"
+admin="admin"
+adminpass="changeme"
+icingauser="icinga2"
+icingapass="changeme"
+rouser="readonly"
+ropass="changeme"
+
+# install packages
+apt install -y influxdb influxdb-client ssl-cert
+
+# configure influx
+mv /etc/influxdb/influxdb.conf /etc/influxdb/influxdb.conf.orig
+
+# generate self-signed certificate
+make-ssl-cert generate-default-snakeoil
+usermod -aG ssl-cert influxdb
+
+echo "reporting-enabled = false
+[meta]
+  dir = \"/var/lib/influxdb/meta\"
+[data]
+  dir = \"/var/lib/influxdb/data\"
+  wal-dir = \"/var/lib/influxdb/wal\"
+[coordinator]
+[retention]
+[shard-precreation]
+[monitor]
+[http]
+  enabled = true
+  bind-address = \":8086\"
+  auth-enabled = false
+  https-enabled = true
+  https-certificate = \"/etc/ssl/certs/ssl-cert-snakeoil.pem\"
+  https-private-key = \"/etc/ssl/private/ssl-cert-snakeoil.key\"
+[ifql]
+[logging]
+[subscriber]
+[[graphite]]
+[[collectd]]
+[[opentsdb]]
+[[udp]]
+[continuous_queries]
+[tls]
+  min-version = \"tls1.2\"
+" > /etc/influxdb/influxdb.conf
+
+systemctl enable --now influxdb
+sleep 2
+
+# create influx database and users
+# uses unsafeSsl because of self-signed cert
+influx -ssl -unsafeSsl -execute \
+		"create database $dbname; \
+		create user $admin	with password '$adminpass'; \
+		create user $icingauser with password '$icingapass'; \
+		create user $rouser with password '$ropass'; \
+		grant all to $admin; \
+		grant write on $dbname to $icingauser; \
+		grant read on $dbname to $rouser;"
+
+
+# enable influxdb auth after creation of admin user
+sed -i "s/auth-enabled = false/auth-enabled = true/" /etc/influxdb/influxdb.conf
+systemctl restart influxdb
+
+# enable and configure influx feature in icinga
+icinga2 feature enable influxdb
+echo "object InfluxdbWriter \"influxdb\" {
+  host = \"127.0.0.1\"
+  port = 8086
+  username = \"$icingauser\"
+  password = \"$icingapass\"
+  ssl_enable = true
+  database = \"$dbname\"
+  flush_threshold = 1024
+  flush_interval = 10s
+  host_template = {
+    measurement = \"\$host.check_command$\"
+    tags = {
+      hostname = \"\$host.name$\"
+    }
+  }
+  service_template = {
+    measurement = \"\$service.check_command$\"
+    tags = {
+      hostname = \"\$host.name$\"
+      service = \"\$service.name$\"
+    }
+  }
+} " > /etc/icinga2/features-available/influxdb.conf
+systemctl restart icinga2
-- 
cgit v1.2.3