From ccc0e036fd52e84ce47af4ad11cb6ecd271309c0 Mon Sep 17 00:00:00 2001
From: Sam Chudnick <sam@chudnick.com>
Date: Sun, 17 Apr 2022 12:29:35 -0400
Subject: better error handling

---
 monitoring/icinga-agent | 59 +++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 47 insertions(+), 12 deletions(-)

(limited to 'monitoring')

diff --git a/monitoring/icinga-agent b/monitoring/icinga-agent
index 328d65b..e4690fe 100755
--- a/monitoring/icinga-agent
+++ b/monitoring/icinga-agent
@@ -1,37 +1,72 @@
 #!/bin/sh
 #
-# Configirues an icinga2 agent (with on-demand csr signing)
+# Configures an icinga2 agent (with on-demand csr signing)
 
 icingauser="nagios"
 certdir="/etc/icinga2/pki"
 api_certdir="/var/lib/icinga2/certs"
 nodename="$(hostname)"
 global_zone="director-global"
-master_fqdn=""
+
+apikey=
+displayname=
+master_fqdn=
+
+help() {
+	echo "usage: icinga-agent --apikey apikey --display name --master master_fqdn"
+	echo "-a, --apikey:\t self-service api key to register with"
+	echo "-d, --display:\t display name for host in Icinga"
+	echo "-m, --master:\t full hostname of Icinga master (e.g. monitoring.example.com)"
+	exit 1
+}
+
+error() {
+	echo "error: $1"
+	exit 2
+}
+
+[ $(id -u) -ne 0 ] && echo "error: must be run as root" && exit 1
+
+opts=$(getopt -o "a:,d:,h,m:" -l "apikey:,display:,help,master:" -- "$@")
+eval set -- "$opts"
+while true
+do
+		case "$1" in
+				'-a' | '--apikey') apikey="$2" shift 2; continue ;;
+				'-d' | '--display') displayname="$2" shift 2; continue ;;
+				'-m' | '--master') master_fqdn="$2" shift 2; continue ;;
+				'-h' | '--help') help ;;
+				'--') shift; break ;;
+		esac
+done
+
+[ -z "$apikey" ] && help
+[ -z "$displayname" ] && help
+[ -z "$master_fqdn" ] && help
+
 
 # Install packages
 apt install -y icinga2 monitoring-plugins monitoring-plugins-contrib
 
 # Register with master via self-service API
-apikey=""
-displayname=""
 # Not pretty but gets the job done
 dev="$(ip link | grep ^2: | head -1 | cut -d':' -f 2 | tr -d ' ')"
 ipv4="$(ip addr show $dev | grep "inet " | sed "s/^\s*//;s/\// /" | cut -d ' ' -f 2)"
 ipv6="$(ip addr show $dev | grep "inet6 " | sed "s/^\s*//;s/\// /" | cut -d ' ' -f 2)"
 
-result=$(curl -i "http://$master_fqdn/icingaweb2/director/self-service/register-host?name=$nodename&key=$apikey" \
-	 -H "Accept: application/json" \
-	 -X "POST" \
-	 -d "{\"display_name\":\"$displayname\",\"address\":\"$ipv4\",\"address6\":\"$ipv6\"}")
-echo $result | grep -q error && \
-		echo "error: unable to register with master (is the api key correct?)" && \
-		exit 2
+proto="http"
+base="$proto://$master_fqdn/icingaweb2/director/self-service/register-host"
+url="$base?name=$nodename&key=$apikey"
+result=$(curl -m 30 -i $url -H "Accept: application/json" -X "POST" \
+-d "{\"display_name\":\"$displayname\",\"address\":\"$ipv4\",\"address6\":\"$ipv6\"}" \
+|| error "unable to register with master")
+
+echo $result | grep -q "error" && error "unable to register with master"
 
 
 # Initialize PKI with master
 icinga2 pki new-cert \
-		--cn "pbs.home.local" \
+		--cn "$nodename" \
 		--cert "$certdir/$nodename.crt" \
 		--csr "$certdir/$nodename.csr" \
 		--key "$certdir/$nodename.key"
-- 
cgit v1.2.3