granicus.if.org Git - icinga2/blob - pki/icinga2-setup-agent.cmake

   1 #!/bin/bash
   2 ICINGA2PKIDIR=@CMAKE_INSTALL_FULL_DATADIR@/icinga2/pki
   3 ICINGA2CONFIG=@CMAKE_INSTALL_FULL_SYSCONFDIR@/icinga2
   4
   5 if [ -n "$1" ]; then
   6         if [ ! -e $ICINGA2CONFIG/pki/agent/agent.key ]; then
   7                 echo "You haven't generated a private key for this Icinga 2 instance"
   8                 echo "yet. Please run this script without any parameters to generate a key."
   9                 exit 1
  10         fi
  11
  12         if [ ! -e "$1" ]; then
  13                 echo "The specified key bundle does not exist."
  14                 exit 1
  15         fi
  16
  17         while true; do
  18                 echo -n "Upstream Icinga instance name: "
  19                 if ! read UPSTREAM; then
  20                         exit 1
  21                 fi
  22
  23                 if [ -n "$UPSTREAM" ]; then
  24                         break
  25                 fi
  26         done
  27
  28         echo "Installing the certificate bundle..."
  29         tar -C $ICINGA2CONFIG/pki/agent/ -xf "$1"
  30         chown @ICINGA2_USER@:@ICINGA2_GROUP@ $ICINGA2CONFIG/pki/agent/* || exit 1
  31
  32         echo "Setting up agent configuration..."
  33         cat >$ICINGA2CONFIG/features-available/agent.conf <<AGENT
  34 /**
  35  * The agent listener accepts checks from agents.
  36  */
  37
  38 library "agent"
  39
  40 object AgentListener "agent" {
  41   cert_path = SysconfDir + "/icinga2/pki/agent/agent.crt"
  42   key_path = SysconfDir + "/icinga2/pki/agent/agent.key"
  43   ca_path = SysconfDir + "/icinga2/pki/agent/ca.crt"
  44
  45   upstream_name = "$UPSTREAM"
  46
  47   bind_port = 7000
  48 }
  49 AGENT
  50
  51         echo "Enabling agent feature..."
  52         @CMAKE_INSTALL_FULL_SBINDIR@/icinga2-enable-feature agent
  53
  54         echo "Disabling notification feature..."
  55         @CMAKE_INSTALL_FULL_SBINDIR@/icinga2-disable-feature notification
  56
  57         echo ""
  58         echo "The key bundle was installed successfully and the agent component"
  59         echo "was enabled. Please make sure to restart Icinga 2 for these changes"
  60         echo "to take effect."
  61         exit 0
  62 fi
  63
  64 name=$(hostname --fqdn)
  65
  66 echo "Host name: $name"
  67
  68 mkdir -p $ICINGA2CONFIG/pki/agent
  69 chmod 700 $ICINGA2CONFIG/pki
  70 chown @ICINGA2_USER@:@ICINGA2_GROUP@ $ICINGA2CONFIG/pki || exit 1
  71 chmod 700 $ICINGA2CONFIG/pki/agent
  72 chown @ICINGA2_USER@:@ICINGA2_GROUP@ $ICINGA2CONFIG/pki/agent || exit 1
  73
  74 if [ -e $ICINGA2CONFIG/pki/agent/agent.key ]; then
  75         echo "You already have agent certificates in $ICINGA2CONFIG/pki/agent/"
  76         exit 1
  77 fi
  78
  79 REQ_COMMON_NAME="$name" KEY_DIR="$ICINGA2CONFIG/pki/agent" openssl req -config $ICINGA2PKIDIR/openssl-quiet.cnf -new -newkey rsa:4096 -keyform PEM -keyout $ICINGA2CONFIG/pki/agent/agent.key -outform PEM -out $ICINGA2CONFIG/pki/agent/agent.csr -nodes && \
  80         chmod 600 $ICINGA2CONFIG/pki/agent/agent.key
  81
  82 echo "Please sign the following X509 CSR using the Agent CA:"
  83 echo ""
  84
  85 cat $ICINGA2CONFIG/pki/agent/agent.csr
  86
  87 echo ""
  88
  89 echo "You can use the icinga2-sign-key command to sign the CSR. Once signed the"
  90 echo "key bundle can be installed using $0 <bundle>."
  91 exit 0