2 ICINGA2PKIDIR=@CMAKE_INSTALL_FULL_DATADIR@/icinga2/pki
3 ICINGA2CONFIG=@CMAKE_INSTALL_FULL_SYSCONFDIR@/icinga2
6 if [ ! -e $ICINGA2CONFIG/pki/agent/agent.key ]; then
7 echo "You haven't generated a private key for this Icinga 2 instance"
8 echo "yet. Please run this script without any parameters to generate a key."
12 if [ ! -e "$1" ]; then
13 echo "The specified key bundle does not exist."
18 echo -n "Upstream Icinga instance name: "
19 if ! read UPSTREAM; then
23 if [ -n "$UPSTREAM" ]; then
28 echo "Installing the certificate bundle..."
29 tar -C $ICINGA2CONFIG/pki/agent/ -xf "$1"
31 echo "Setting up agent configuration..."
32 cat >$ICINGA2CONFIG/features-available/agent.conf <<AGENT
34 * The agent listener accepts checks from agents.
39 object AgentListener "agent" {
40 cert_path = SysconfDir + "/icinga2/pki/agent/agent.crt"
41 key_path = SysconfDir + "/icinga2/pki/agent/agent.key"
42 ca_path = SysconfDir + "/icinga2/pki/agent/ca.crt"
44 upstream_name = "$UPSTREAM"
50 echo "Enabling agent feature..."
51 @CMAKE_INSTALL_FULL_SBINDIR@/icinga2-enable-feature agent
53 echo "Disabling notification feature..."
54 @CMAKE_INSTALL_FULL_SBINDIR@/icinga2-disable-feature notification
57 echo "The key bundle was installed successfully and the agent component"
58 echo "was enabled. Please make sure to restart Icinga 2 for these changes"
59 echo "to take effect."
63 name=$(hostname --fqdn)
65 echo "Host name: $name"
67 mkdir -p $ICINGA2CONFIG/pki/agent
68 chmod 700 $ICINGA2CONFIG/pki
69 chown @ICINGA2_USER@:@ICINGA2_GROUP@ $ICINGA2CONFIG/pki || exit 1
70 chmod 700 $ICINGA2CONFIG/pki/agent
71 chown @ICINGA2_USER@:@ICINGA2_GROUP@ $ICINGA2CONFIG/pki/agent || exit 1
73 if [ -e $ICINGA2CONFIG/pki/agent/agent.key ]; then
74 echo "You already have agent certificates in $ICINGA2CONFIG/pki/agent/"
78 REQ_COMMON_NAME="$name" KEY_DIR="$ICINGA2CONFIG/pki/agent" openssl req -config $ICINGA2PKIDIR/openssl-quiet.cnf -new -newkey rsa:4096 -keyform PEM -keyout $ICINGA2CONFIG/pki/agent/agent.key -outform PEM -out $ICINGA2CONFIG/pki/agent/agent.csr -nodes && \
79 chmod 600 $ICINGA2CONFIG/pki/agent/agent.key
81 echo "Please sign the following X509 CSR using the Agent CA:"
84 cat $ICINGA2CONFIG/pki/agent/agent.csr
88 echo "You can use the icinga2-sign-key command to sign the CSR. Once signed the"
89 echo "key bundle can be installed using $0 <bundle>."