2 ICINGA2PKIDIR=@CMAKE_INSTALL_FULL_DATADIR@/icinga2/pki
3 ICINGA2CONFIG=@CMAKE_INSTALL_FULL_SYSCONFDIR@/icinga2
6 if [ ! -e $ICINGA2CONFIG/pki/agent/agent.key ]; then
7 echo "You haven't generated a private key for this Icinga 2 instance"
8 echo "yet. Please run this script without any parameters to generate a key."
12 if [ ! -e "$1" ]; then
13 echo "The specified key bundle does not exist."
18 echo -n "Upstream Icinga instance name: "
19 if ! read UPSTREAM; then
23 if [ -n "$UPSTREAM" ]; then
28 echo "Installing the certificate bundle..."
29 tar -C $ICINGA2CONFIG/pki/agent/ -xf "$1"
30 chown @ICINGA2_USER@:@ICINGA2_GROUP@ $ICINGA2CONFIG/pki/agent/* || exit 1
32 echo "Setting up agent configuration..."
33 cat >$ICINGA2CONFIG/features-available/agent.conf <<AGENT
35 * The agent listener accepts checks from agents.
40 object AgentListener "agent" {
41 cert_path = SysconfDir + "/icinga2/pki/agent/agent.crt"
42 key_path = SysconfDir + "/icinga2/pki/agent/agent.key"
43 ca_path = SysconfDir + "/icinga2/pki/agent/ca.crt"
45 upstream_name = "$UPSTREAM"
51 echo "Enabling agent feature..."
52 @CMAKE_INSTALL_FULL_SBINDIR@/icinga2-enable-feature agent
54 echo "Disabling notification feature..."
55 @CMAKE_INSTALL_FULL_SBINDIR@/icinga2-disable-feature notification
58 echo "The key bundle was installed successfully and the agent component"
59 echo "was enabled. Please make sure to restart Icinga 2 for these changes"
60 echo "to take effect."
64 name=$(hostname --fqdn)
66 echo "Host name: $name"
68 mkdir -p $ICINGA2CONFIG/pki/agent
69 chmod 700 $ICINGA2CONFIG/pki
70 chown @ICINGA2_USER@:@ICINGA2_GROUP@ $ICINGA2CONFIG/pki || exit 1
71 chmod 700 $ICINGA2CONFIG/pki/agent
72 chown @ICINGA2_USER@:@ICINGA2_GROUP@ $ICINGA2CONFIG/pki/agent || exit 1
74 if [ -e $ICINGA2CONFIG/pki/agent/agent.key ]; then
75 echo "You already have agent certificates in $ICINGA2CONFIG/pki/agent/"
79 REQ_COMMON_NAME="$name" KEY_DIR="$ICINGA2CONFIG/pki/agent" openssl req -config $ICINGA2PKIDIR/openssl-quiet.cnf -new -newkey rsa:4096 -keyform PEM -keyout $ICINGA2CONFIG/pki/agent/agent.key -outform PEM -out $ICINGA2CONFIG/pki/agent/agent.csr -nodes && \
80 chmod 600 $ICINGA2CONFIG/pki/agent/agent.key
82 echo "Please sign the following X509 CSR using the Agent CA:"
85 cat $ICINGA2CONFIG/pki/agent/agent.csr
89 echo "You can use the icinga2-sign-key command to sign the CSR. Once signed the"
90 echo "key bundle can be installed using $0 <bundle>."