granicus.if.org Git - icinga2/blob - pki/icinga2-setup-agent.cmake

   1 #!/bin/bash
   2 ICINGA2PKIDIR=@CMAKE_INSTALL_FULL_DATADIR@/icinga2/pki
   3 ICINGA2CONFIG=@CMAKE_INSTALL_FULL_SYSCONFDIR@/icinga2
   4
   5 if [ -n "$1" ]; then
   6         if [ ! -e $ICINGA2CONFIG/pki/agent/agent.key ]; then
   7                 echo "You haven't generated a private key for this Icinga 2 instance"
   8                 echo "yet. Please run this script without any parameters to generate a key."
   9                 exit 1
  10         fi
  11
  12         if [ ! -e "$1" ]; then
  13                 echo "The specified key bundle does not exist."
  14                 exit 1
  15         fi
  16
  17         while true; do
  18                 echo -n "Are you setting up a new master instance? [n] "
  19                 if ! read master; then
  20                         exit 1
  21                 fi
  22
  23                 if [ "$master" = "y" -o "$master" = "n" -o -z "$master" ]; then
  24                         break
  25                 fi
  26
  27                 echo "Please enter 'y' or 'n'."
  28         done
  29
  30         if [ -z "$master" ]; then
  31                 master=n
  32         fi
  33
  34         upstream_name=""
  35
  36         if [ "$master" = "n" ]; then
  37                 while true; do
  38                         echo -n "Upstream Icinga instance name: "
  39                         if ! read upstream_name; then
  40                                 exit 1
  41                         fi
  42
  43                         if [ -n "$upstream_name" ]; then
  44                                 break
  45                         fi
  46
  47                         echo "Please enter an instance name."
  48                 done
  49         fi
  50
  51         while true; do
  52                 echo -n "Do you want this agent instance to listen on a TCP port? [y] "
  53                 if ! read listener; then
  54                         exit 1
  55                 fi
  56
  57                 if [ "$listener" = "y" -o "$listener" = "n" -o -z "$listener" ]; then
  58                         break
  59                 fi
  60
  61                 echo "Please enter 'y' or 'n'."
  62         done
  63
  64         if [ -z "$listener" ]; then
  65                 listener=y
  66         fi
  67
  68         listener_port=""
  69
  70         if [ "$listener" = "y" ]; then
  71                 while true; do
  72                         echo -n "Which TCP port should the agent listen on? [8483] "
  73                         if ! read listener_port; then
  74                                 exit 1
  75                         fi
  76
  77                         break
  78                 done
  79
  80                 if [ -z "$listener_port" ]; then
  81                         listener_port=8483
  82                 fi
  83         fi
  84
  85         while true; do
  86                 echo -n "Do you want this agent instance to connect to the upstream instance? [y] "
  87                 if ! read upstream_connect; then
  88                         exit 1
  89                 fi
  90
  91                 if [ "$upstream_connect" = "y" -o "$upstream_connect" = "n" -o -z "$upstream_connect" ]; then
  92                         break
  93                 fi
  94
  95                 echo "Please enter 'y' or 'n'."
  96         done
  97
  98         if [ -z "$upstream_connect" ]; then
  99                 upstream_connect=y
 100         fi
 101
 102         if [ "$upstream_connect" = "y" ]; then
 103                 while true; do
 104                         echo -n "Upstream IP address/hostname: "
 105                         if ! read upstream_host; then
 106                                 exit 1
 107                         fi
 108
 109                         if [ -n "$upstream_host" ]; then
 110                                 break
 111                         fi
 112
 113                         echo "Please enter the upstream instance's hostname."
 114                 done
 115
 116                 while true; do
 117                         echo -n "Upstream port: "
 118                         if ! read upstream_port; then
 119                                 exit 1
 120                         fi
 121
 122                         if [ -n "$upstream_port" ]; then
 123                                 break
 124                         fi
 125
 126                         echo "Please enter the upstream instance's port."
 127                 done
 128         fi
 129
 130         echo "Installing the certificate bundle..."
 131         tar -C $ICINGA2CONFIG/pki/agent/ -zxf "$1" || exit 1
 132         chown @ICINGA2_USER@:@ICINGA2_GROUP@ $ICINGA2CONFIG/pki/agent/* || exit 1
 133
 134         echo "Setting up agent configuration..."
 135         cat >$ICINGA2CONFIG/features-available/agent.conf <<AGENT
 136 /**
 137  * The agent listener accepts checks from agents.
 138  */
 139
 140 library "agent"
 141
 142 object AgentListener "agent" {
 143   cert_path = SysconfDir + "/icinga2/pki/agent/agent.crt"
 144   key_path = SysconfDir + "/icinga2/pki/agent/agent.key"
 145   ca_path = SysconfDir + "/icinga2/pki/agent/ca.crt"
 146 AGENT
 147
 148         if [ "$master" = "n" ]; then
 149                 cat >>$ICINGA2CONFIG/features-available/agent.conf <<AGENT
 150   upstream_name = "$upstream_name"
 151
 152 AGENT
 153         fi
 154
 155         if [ "$listener" = "y" ]; then
 156                 cat >>$ICINGA2CONFIG/features-available/agent.conf <<AGENT
 157   bind_port = "$listener_port"
 158
 159 AGENT
 160         fi
 161
 162         if [ "$upstream_connect" = "y" ]; then
 163                 cat >>$ICINGA2CONFIG/features-available/agent.conf <<AGENT
 164   upstream_host = "$upstream_host"
 165   upstream_port = "$upstream_port"
 166
 167 AGENT
 168         fi
 169
 170         cat >>$ICINGA2CONFIG/features-available/agent.conf <<AGENT
 171 }
 172 AGENT
 173
 174         echo "Enabling agent feature..."
 175         @CMAKE_INSTALL_FULL_SBINDIR@/icinga2-enable-feature agent
 176
 177         echo "Disabling notification feature..."
 178         @CMAKE_INSTALL_FULL_SBINDIR@/icinga2-disable-feature notification
 179
 180         echo ""
 181         echo "The key bundle was installed successfully and the agent component"
 182         echo "was enabled. Please make sure to restart Icinga 2 for these changes"
 183         echo "to take effect."
 184         exit 0
 185 fi
 186
 187 name=$(hostname --fqdn)
 188
 189 echo "Host name: $name"
 190
 191 mkdir -p $ICINGA2CONFIG/pki/agent
 192 chmod 700 $ICINGA2CONFIG/pki
 193 chown @ICINGA2_USER@:@ICINGA2_GROUP@ $ICINGA2CONFIG/pki || exit 1
 194 chmod 700 $ICINGA2CONFIG/pki/agent
 195 chown @ICINGA2_USER@:@ICINGA2_GROUP@ $ICINGA2CONFIG/pki/agent || exit 1
 196
 197 if [ -e $ICINGA2CONFIG/pki/agent/agent.key ]; then
 198         echo "You already have agent certificates in $ICINGA2CONFIG/pki/agent/"
 199         exit 1
 200 fi
 201
 202 REQ_COMMON_NAME="$name" KEY_DIR="$ICINGA2CONFIG/pki/agent" openssl req -config $ICINGA2PKIDIR/openssl-quiet.cnf -new -newkey rsa:4096 -keyform PEM -keyout $ICINGA2CONFIG/pki/agent/agent.key -outform PEM -out $ICINGA2CONFIG/pki/agent/agent.csr -nodes && \
 203         chmod 600 $ICINGA2CONFIG/pki/agent/agent.key
 204
 205 echo "Please sign the following CSR using the Agent CA:"
 206 echo ""
 207
 208 cat $ICINGA2CONFIG/pki/agent/agent.csr
 209
 210 echo ""
 211
 212 echo "You can use the icinga2-sign-key command to sign the CSR. Once signed the"
 213 echo "key bundle can be installed using $0 <bundle>."
 214 exit 0