From 85c561f9a32f8f2b9ddf34e7d60ef4b7bf0d3680 Mon Sep 17 00:00:00 2001 From: Sam Chudnick Date: Fri, 15 Apr 2022 21:08:34 -0400 Subject: inital commit - various scripts --- monitoring/icinga-agent | 108 ++++++++++++++++++++++++++++++++++++++++++ monitoring/icinga-master | 120 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 228 insertions(+) create mode 100755 monitoring/icinga-agent create mode 100755 monitoring/icinga-master (limited to 'monitoring') diff --git a/monitoring/icinga-agent b/monitoring/icinga-agent new file mode 100755 index 0000000..328d65b --- /dev/null +++ b/monitoring/icinga-agent @@ -0,0 +1,108 @@ +#!/bin/sh +# +# Configirues an icinga2 agent (with on-demand csr signing) + +icingauser="nagios" +certdir="/etc/icinga2/pki" +api_certdir="/var/lib/icinga2/certs" +nodename="$(hostname)" +global_zone="director-global" +master_fqdn="" + +# Install packages +apt install -y icinga2 monitoring-plugins monitoring-plugins-contrib + +# Register with master via self-service API +apikey="" +displayname="" +# Not pretty but gets the job done +dev="$(ip link | grep ^2: | head -1 | cut -d':' -f 2 | tr -d ' ')" +ipv4="$(ip addr show $dev | grep "inet " | sed "s/^\s*//;s/\// /" | cut -d ' ' -f 2)" +ipv6="$(ip addr show $dev | grep "inet6 " | sed "s/^\s*//;s/\// /" | cut -d ' ' -f 2)" + +result=$(curl -i "http://$master_fqdn/icingaweb2/director/self-service/register-host?name=$nodename&key=$apikey" \ + -H "Accept: application/json" \ + -X "POST" \ + -d "{\"display_name\":\"$displayname\",\"address\":\"$ipv4\",\"address6\":\"$ipv6\"}") +echo $result | grep -q error && \ + echo "error: unable to register with master (is the api key correct?)" && \ + exit 2 + + +# Initialize PKI with master +icinga2 pki new-cert \ + --cn "pbs.home.local" \ + --cert "$certdir/$nodename.crt" \ + --csr "$certdir/$nodename.csr" \ + --key "$certdir/$nodename.key" + + +icinga2 pki save-cert \ + --host "$master_fqdn" \ + --port 5665 \ + --key "$certdir/$nodename.key" \ + --trustedcert "$certdir/trusted-master.crt" + +icinga2 pki request \ + --host "$master_fqdn" \ + --port 5665 \ + --key "$certdir/$nodename.key" \ + --cert "$certdir/$nodename.crt" \ + --trustedcert "$certdir/trusted-master.crt" \ + --ca "$certdir/ca.crt" + +# Deploy config files +echo "include \"constants.conf\" +const NodeName = \"$nodename\" +include \"zones.conf\" +include \"features-enabled/*.conf\" +include +include +include +include +include +include " > /etc/icinga2/icinga2.conf + +echo "object Endpoint \"$nodename\" {} +object Zone \"$nodename\" { + parent = \"$master_fqdn\" + endpoints = [ \"$nodename\" ] +} +object Zone \"$master_fqdn\" { + endpoints = [ \"$master_fqdn\" ] +} +object Endpoint \"$master_fqdn\" { + host = \"$master_fqdn\" +} +object Zone \"$global_zone\" { + global = true +}" > /etc/icinga2/zones.conf + +echo "object ApiListener \"api\" { + accept_commands = true + accept_config = true +}" > /etc/icinga2/features-available/api.conf + +# Enable API +icinga2 feature enable api +mkdir -p $api_certdir +cp $certdir/$nodename.crt $certdir/$nodename.key $certdir/ca.crt $api_certdir/ +chown -R $icingauser:$icingauser $api_certdir/ + +# Next step +echo " + +NOW + +Run the following on the Icinga master: +fpr=\"\$(icinga2 ca list | tail -1 | cut -d '|' -f 1)\" +icinga2 ca sign \$fpr + + +THEN + +Restart icinga2 on the agent: +\"systemctl restart icinga2\" + +" + diff --git a/monitoring/icinga-master b/monitoring/icinga-master new file mode 100755 index 0000000..ed82bc5 --- /dev/null +++ b/monitoring/icinga-master @@ -0,0 +1,120 @@ +#!/bin/sh +# +# Configuration for an Iciniga2 master (with icingaweb2, director, and mysql backend) + +ido_user="icinga2" +ido_password="changeme" + +icingaweb2_user="icingaweb2" +icingaweb2_password="changeme" + +director_user="director" +director_password="changeme" + +admin_user="admin" +admin_password="changeme" + +# Install packages +apt install -y incinga2 icingaweb2 icinga2-ido-mysql icingaweb2-module-director \ + monitoring-plugins monitoring-plugins-contrib + +# Secure mysql +mysql_secure_installation + +# Create primary monitoring database +mysql -u root -e "CREATE DATABASE icinga2; +GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE +ON icinga2.* TO '$ido_user'@'localhost' IDENTIFIED BY '$ido_password'; +FLUSH PRIVILEGES; " +mysql -u root icinga2 /etc/icinga2/features-available/ido-mysql.conf +icinga2 feature enable ido-mysql + +# Create icingaweb2 database +mysql -u root -e "CREATE DATABASE icingaweb2; +GRANT ALL ON icingaweb2.* TO '$icingaweb2_user'@'localhost' +IDENTIFIED BY '$icingaweb2_password'; +FLUSH PRIVILEGES;" +mysql icingaweb2 /etc/icingaweb2/authentication.ini + +# Configure resources +echo "[icinga2] +type = \"db\" +db = \"mysql\" +host \"localhost\" +port = \"\" +dbname = \"icinga2\" +username = \"$icinga2_user\" +password = \"$icinga2_password\" +charset = \"\" +use_ssl = \"0\" + +[icingaweb2] +type = \"db\" +db = \"mysql\" +host \"localhost\" +port = \"\" +dbname = \"icingaweb2\" +username = \"$icingaweb2_user\" +password = \"$icingaweb2_password\" +charset = \"\" +use_ssl = \"0\" + +[icingaweb2] +type = \"db\" +db = \"mysql\" +host \"localhost\" +port = \"\" +dbname = \"director\" +username = \"$director_user\" +password = \"$director_password\" +charset = \"utf8\" +use_ssl = \"0\" +" > /etc/icingaweb2/resources.ini + +# Configure roles +echo "[admins] +users = \"$admin_user\" +permissions = \"*\" " > /etc/icingaweb2/roles.ini + +# Configure director +echo "[db] +resource = \"director\" +" > /etc/icingaweb2/modules/director/config.ini + +echo "NOW\nBrowse to http://$(hostname)/icingaweb2/ and login as $admin_user" -- cgit v1.2.3