2 ICINGA2PKIDIR=@CMAKE_INSTALL_FULL_DATADIR@/icinga2/pki
3 ICINGA2CONFIG=@CMAKE_INSTALL_FULL_SYSCONFDIR@/icinga2
6 if [ ! -e $ICINGA2CONFIG/pki/agent/agent.key ]; then
7 echo "You haven't generated a private key for this Icinga 2 instance"
8 echo "yet. Please run this script without any parameters to generate a key."
12 if [ ! -e "$1" ]; then
13 echo "The specified key bundle does not exist."
18 echo -n "Are you setting up a new master instance? [n] "
19 if ! read master; then
23 if [ "$master" = "y" -o "$master" = "n" -o -z "$master" ]; then
27 echo "Please enter 'y' or 'n'."
30 if [ -z "$master" ]; then
36 if [ "$master" = "n" ]; then
38 echo -n "Upstream Icinga instance name: "
39 if ! read upstream_name; then
43 if [ -n "$upstream_name" ]; then
47 echo "Please enter an instance name."
52 echo -n "Do you want this agent instance to listen on a TCP port? [y] "
53 if ! read listener; then
57 if [ "$listener" = "y" -o "$listener" = "n" -o -z "$listener" ]; then
61 echo "Please enter 'y' or 'n'."
64 if [ -z "$listener" ]; then
70 if [ "$listener" = "y" ]; then
72 echo -n "Which TCP port should the agent listen on? [8483] "
73 if ! read listener_port; then
80 if [ -z "$listener_port" ]; then
86 echo -n "Do you want this agent instance to connect to the upstream instance? [y] "
87 if ! read upstream_connect; then
91 if [ "$upstream_connect" = "y" -o "$upstream_connect" = "n" -o -z "$upstream_connect" ]; then
95 echo "Please enter 'y' or 'n'."
98 if [ -z "$upstream_connect" ]; then
102 if [ "$upstream_connect" = "y" ]; then
104 echo -n "Upstream IP address/hostname: "
105 if ! read upstream_host; then
109 if [ -n "$upstream_host" ]; then
113 echo "Please enter the upstream instance's hostname."
117 echo -n "Upstream port: "
118 if ! read upstream_port; then
122 if [ -n "$upstream_port" ]; then
126 echo "Please enter the upstream instance's port."
130 echo "Installing the certificate bundle..."
131 tar -C $ICINGA2CONFIG/pki/agent/ -zxf "$1" || exit 1
132 chown @ICINGA2_USER@:@ICINGA2_GROUP@ $ICINGA2CONFIG/pki/agent/* || exit 1
134 echo "Setting up agent configuration..."
135 cat >$ICINGA2CONFIG/features-available/agent.conf <<AGENT
137 * The agent listener accepts checks from agents.
142 object AgentListener "agent" {
143 cert_path = SysconfDir + "/icinga2/pki/agent/agent.crt"
144 key_path = SysconfDir + "/icinga2/pki/agent/agent.key"
145 ca_path = SysconfDir + "/icinga2/pki/agent/ca.crt"
148 if [ "$master" = "n" ]; then
149 cat >>$ICINGA2CONFIG/features-available/agent.conf <<AGENT
150 upstream_name = "$upstream_name"
155 if [ "$listener" = "y" ]; then
156 cat >>$ICINGA2CONFIG/features-available/agent.conf <<AGENT
157 bind_port = "$listener_port"
162 if [ "$upstream_connect" = "y" ]; then
163 cat >>$ICINGA2CONFIG/features-available/agent.conf <<AGENT
164 upstream_host = "$upstream_host"
165 upstream_port = "$upstream_port"
170 cat >>$ICINGA2CONFIG/features-available/agent.conf <<AGENT
174 echo "Enabling agent feature..."
175 @CMAKE_INSTALL_FULL_SBINDIR@/icinga2-enable-feature agent
177 echo "Disabling notification feature..."
178 @CMAKE_INSTALL_FULL_SBINDIR@/icinga2-disable-feature notification
181 echo "The key bundle was installed successfully and the agent component"
182 echo "was enabled. Please make sure to restart Icinga 2 for these changes"
183 echo "to take effect."
187 name=$(hostname --fqdn)
189 echo "Host name: $name"
191 mkdir -p $ICINGA2CONFIG/pki/agent
192 chmod 700 $ICINGA2CONFIG/pki
193 chown @ICINGA2_USER@:@ICINGA2_GROUP@ $ICINGA2CONFIG/pki || exit 1
194 chmod 700 $ICINGA2CONFIG/pki/agent
195 chown @ICINGA2_USER@:@ICINGA2_GROUP@ $ICINGA2CONFIG/pki/agent || exit 1
197 if [ -e $ICINGA2CONFIG/pki/agent/agent.key ]; then
198 echo "You already have agent certificates in $ICINGA2CONFIG/pki/agent/"
202 REQ_COMMON_NAME="$name" KEY_DIR="$ICINGA2CONFIG/pki/agent" openssl req -config $ICINGA2PKIDIR/openssl-quiet.cnf -new -newkey rsa:4096 -keyform PEM -keyout $ICINGA2CONFIG/pki/agent/agent.key -outform PEM -out $ICINGA2CONFIG/pki/agent/agent.csr -nodes && \
203 chmod 600 $ICINGA2CONFIG/pki/agent/agent.key
205 echo "Please sign the following CSR using the Agent CA:"
208 cat $ICINGA2CONFIG/pki/agent/agent.csr
212 echo "You can use the icinga2-sign-key command to sign the CSR. Once signed the"
213 echo "key bundle can be installed using $0 <bundle>."