granicus.if.org Git - icinga2/blob - pki/icinga2-setup-agent.cmake

   1 #!/bin/bash
   2 ICINGA2PKIDIR=@CMAKE_INSTALL_FULL_DATADIR@/icinga2/pki
   3 ICINGA2CONFIG=@CMAKE_INSTALL_FULL_SYSCONFDIR@/icinga2
   4
   5 if [ -n "$1" ]; then
   6         if [ ! -e $ICINGA2CONFIG/pki/agent/agent.key ]; then
   7                 echo "You haven't generated a private key for this Icinga 2 instance"
   8                 echo "yet. Please run this script without any parameters to generate a key."
   9                 exit 1
  10         fi
  11
  12         if [ ! -e "$1" ]; then
  13                 echo "The specified key bundle does not exist."
  14                 exit 1
  15         fi
  16
  17         while true; do
  18                 echo -n "Upstream Icinga instance name: "
  19                 if ! read UPSTREAM; then
  20                         exit 1
  21                 fi
  22
  23                 if [ -n "$UPSTREAM" ]; then
  24                         break
  25                 fi
  26         done
  27
  28         echo "Installing the certificate bundle..."
  29         tar -C $ICINGA2CONFIG/pki/agent/ -xf "$1"
  30
  31         echo "Setting up agent configuration..."
  32         cat >$ICINGA2CONFIG/features-available/agent.conf <<AGENT
  33 /**
  34  * The agent listener accepts checks from agents.
  35  */
  36
  37 library "agent"
  38
  39 object AgentListener "agent" {
  40   cert_path = SysconfDir + "/icinga2/pki/agent/agent.crt"
  41   key_path = SysconfDir + "/icinga2/pki/agent/agent.key"
  42   ca_path = SysconfDir + "/icinga2/pki/agent/ca.crt"
  43
  44   upstream_name = "$UPSTREAM"
  45
  46   bind_port = 7000
  47 }
  48 AGENT
  49
  50         echo "Enabling agent feature..."
  51         @CMAKE_INSTALL_FULL_SBINDIR@/icinga2-enable-feature agent
  52
  53         echo "Disabling notification feature..."
  54         @CMAKE_INSTALL_FULL_SBINDIR@/icinga2-disable-feature notification
  55
  56         echo ""
  57         echo "The key bundle was installed successfully and the agent component"
  58         echo "was enabled. Please make sure to restart Icinga 2 for these changes"
  59         echo "to take effect."
  60         exit 0
  61 fi
  62
  63 name=$(hostname --fqdn)
  64
  65 echo "Host name: $name"
  66
  67 mkdir -p $ICINGA2CONFIG/pki/agent
  68 chmod 700 $ICINGA2CONFIG/pki
  69 chown @ICINGA2_USER@:@ICINGA2_GROUP@ $ICINGA2CONFIG/pki || exit 1
  70 chmod 700 $ICINGA2CONFIG/pki/agent
  71 chown @ICINGA2_USER@:@ICINGA2_GROUP@ $ICINGA2CONFIG/pki/agent || exit 1
  72
  73 if [ -e $ICINGA2CONFIG/pki/agent/agent.key ]; then
  74         echo "You already have agent certificates in $ICINGA2CONFIG/pki/agent/"
  75         exit 1
  76 fi
  77
  78 REQ_COMMON_NAME="$name" KEY_DIR="$ICINGA2CONFIG/pki/agent" openssl req -config $ICINGA2PKIDIR/openssl-quiet.cnf -new -newkey rsa:4096 -keyform PEM -keyout $ICINGA2CONFIG/pki/agent/agent.key -outform PEM -out $ICINGA2CONFIG/pki/agent/agent.csr -nodes && \
  79         chmod 600 $ICINGA2CONFIG/pki/agent/agent.key
  80
  81 echo "Please sign the following X509 CSR using the Agent CA:"
  82 echo ""
  83
  84 cat $ICINGA2CONFIG/pki/agent/agent.csr
  85
  86 echo ""
  87
  88 echo "You can use the icinga2-sign-key command to sign the CSR. Once signed the"
  89 echo "key bundle can be installed using $0 <bundle>."
  90 exit 0