# along with this program; if not, write to the Free Software Foundation
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
-if(UNIX OR CYGWIN)
- configure_file(icinga2-discover-agent.cmake ${CMAKE_CURRENT_BINARY_DIR}/icinga2-discover-agent @ONLY)
- configure_file(icinga2-forget-agent.cmake ${CMAKE_CURRENT_BINARY_DIR}/icinga2-forget-agent @ONLY)
- configure_file(icinga2-list-agents.cmake ${CMAKE_CURRENT_BINARY_DIR}/icinga2-list-agents @ONLY)
- configure_file(icinga2-setup-agent.cmake ${CMAKE_CURRENT_BINARY_DIR}/icinga2-setup-agent @ONLY)
-
- install(
- FILES ${CMAKE_CURRENT_BINARY_DIR}/icinga2-discover-agent ${CMAKE_CURRENT_BINARY_DIR}/icinga2-setup-agent
- ${CMAKE_CURRENT_BINARY_DIR}/icinga2-forget-agent ${CMAKE_CURRENT_BINARY_DIR}/icinga2-list-agents
- DESTINATION ${CMAKE_INSTALL_SBINDIR}
- PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
- )
-endif()
-
if(MSVC)
include_external_msproject(
icinga2setupagent
+++ /dev/null
-#!/usr/bin/env python
-# Icinga 2
-# Copyright (C) 2012-2014 Icinga Development Team (http://www.icinga.org)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
-
-from __future__ import print_function
-import socket, ssl, sys, json, os, hashlib, time
-
-def warning(*objs):
- print(*objs, file=sys.stderr)
-
-if len(sys.argv) < 2:
- warning("Syntax: %s <host> [<port>]" % (sys.argv[0]))
- sys.exit(1)
-
-host = sys.argv[1]
-if len(sys.argv) > 2:
- port = int(sys.argv[2])
-else:
- port = 5665
-
-agentpki = "@CMAKE_INSTALL_FULL_SYSCONFDIR@/icinga2/pki/agent"
-keyfile = agentpki + "/agent.key"
-certfile = agentpki + "/agent.crt"
-cafile = agentpki + "/ca.crt"
-
-if not os.path.isfile(certfile):
- warning("Certificate file (" + certfile + ") not found.")
- warning("Make sure the agent certificates are set up properly.")
- sys.exit(1)
-
-s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-
-# require a certificate from the server
-ssl_sock = ssl.wrap_socket(s,
- keyfile=keyfile,
- certfile=certfile,
- ca_certs=cafile,
- cert_reqs=ssl.CERT_REQUIRED)
-
-ssl_sock.connect((host, port))
-
-cn = None
-
-subject = ssl_sock.getpeercert()["subject"]
-
-for prdn in subject:
- rdn = prdn[0]
- if rdn[0] == "commonName":
- cn = rdn[1]
-
-if cn == None:
- warning("Agent certificate does not have a commonName:", repr(subject))
- sys.exit(1)
-
-ssl_sock.close()
-
-repository_file = "@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/lib/icinga2/api/repository/" + hashlib.sha256(cn).hexdigest() + ".repo"
-fp = open(repository_file, "w")
-repository_info = { "endpoint": cn, "seen": time.time(), "zone": cn, "repository": {} }
-json.dump(repository_info, fp)
-fp.close()
-
-peer_file = "@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/lib/icinga2/agent/repository/" + hashlib.sha256(cn).hexdigest() + ".settings"
-fp = open(peer_file, "w")
-peer_info = { "agent_host": host, "agent_port": port }
-json.dump(peer_info, fp)
-fp.close()
-
-print("Inventory information has been updated for agent '%s'." % (cn))
-sys.exit(0)
+++ /dev/null
-#!/usr/bin/env python
-# Icinga 2
-# Copyright (C) 2012-2014 Icinga Development Team (http://www.icinga.org)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
-
-from __future__ import print_function
-import sys, os, hashlib
-
-def warning(*objs):
- print(*objs, file=sys.stderr)
-
-if len(sys.argv) < 2:
- warning("Syntax: %s <identity>" % (sys.argv[0]))
- sys.exit(1)
-
-cn = sys.argv[1]
-
-inventory_file = "@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/lib/icinga2/agent/inventory/" + hashlib.sha256(cn).hexdigest()
-
-if not os.path.isfile(inventory_file):
- warning("There's no inventory file for agent '%s'." % (cn))
- sys.exit(0)
-
-os.unlink(inventory_file)
-
-peer_file = "@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/lib/icinga2/agent/inventory/" + hashlib.sha256(cn).hexdigest() + ".peer"
-
-if os.path.isfile(peer_file):
- os.unlink(peer_file)
-
-print("Inventory information has been removed for agent '%s'." % (cn))
-sys.exit(0)
+++ /dev/null
-#!/usr/bin/env python
-# Icinga 2
-# Copyright (C) 2012-2014 Icinga Development Team (http://www.icinga.org)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
-
-import sys, os, json
-from datetime import datetime
-
-repository_dir = "@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/lib/icinga2/api/repository/"
-
-repository = {}
-
-for root, dirs, files in os.walk(repository_dir):
- for file in files:
- if len(file) != 69:
- continue
-
- fp = open(root + file, "r")
- repository_info = json.load(fp)
- fp.close()
-
- if not "endpoint" in repository_info:
- continue
-
- if not "seen" in repository_info:
- repository_info["seen"] = 0
-
- repository[repository_info["endpoint"]] = repository_info
-
- try:
- fp = open(root + file + ".settings", "r")
- peer_info = json.load(fp)
- fp.close()
-
- repository[repository_info["endpoint"]]["peer"] = peer_info
- except:
- pass
-
-if len(sys.argv) > 1 and sys.argv[1] == "--batch":
- json.dump(repository, sys.stdout)
-else:
- for agent, agent_info in repository.items():
- if "peer" in agent_info:
- peer_info = agent_info["peer"]
- peer_addr = "peer address: %s:%s" % (peer_info["agent_host"], peer_info["agent_port"])
- else:
- peer_addr = "no peer address"
-
- print "* %s (%s, last seen: %s)" % (agent, peer_addr, datetime.fromtimestamp(agent_info["seen"]))
-
- for host, services in agent_info["repository"].items():
- print " * %s" % (host)
-
- for service in services:
- print " * %s" % (service)
-
-sys.exit(0)
-
+++ /dev/null
-#!/bin/sh
-ICINGA2PKIDIR=@CMAKE_INSTALL_FULL_DATADIR@/icinga2/pki
-ICINGA2CONFIG=@CMAKE_INSTALL_FULL_SYSCONFDIR@/icinga2
-
-name=`hostname --fqdn`
-
-echo "Agent name: $name"
-
-if [ -n "$1" ]; then
- if [ ! -e $ICINGA2CONFIG/pki/$name.key ]; then
- echo "You haven't generated a private key for this Icinga 2 instance"
- echo "yet. Please run this script without any parameters to generate a key."
- exit 1
- fi
-
- if [ ! -e "$1" ]; then
- echo "The specified key bundle does not exist."
- exit 1
- fi
-
- if ! base64 -i -d $1 | tar zt >/dev/null 2>&1; then
- echo "The bundle file is invalid or corrupted."
- exit 1
- fi
-
- while true; do
- echo -n "Are you setting up a new master instance? [n] "
- if ! read master; then
- exit 1
- fi
-
- if [ "$master" = "y" -o "$master" = "n" -o -z "$master" ]; then
- break
- fi
-
- echo "Please enter 'y' or 'n'."
- done
-
- if [ -z "$master" ]; then
- master=n
- fi
-
- upstream_name=""
-
- if [ "$master" = "n" ]; then
- while true; do
- echo -n "Master Icinga instance name: "
- if ! read upstream_name; then
- exit 1
- fi
-
- if [ -n "$upstream_name" ]; then
- break
- fi
-
- echo "Please enter an instance name."
- done
- fi
-
- listener_port=""
-
- while true; do
- echo -n "Which TCP port should the agent listen on? [5665] "
- if ! read listener_port; then
- exit 1
- fi
-
- break
- done
-
- if [ -z "$listener_port" ]; then
- listener_port=5665
- fi
-
- upstream_connect=n
-
- if [ "$master" = "n" ]; then
- while true; do
- echo -n "Do you want this agent instance to connect to the master instance? [y] "
- if ! read upstream_connect; then
- exit 1
- fi
-
- if [ "$upstream_connect" = "y" -o "$upstream_connect" = "n" -o -z "$upstream_connect" ]; then
- break
- fi
-
- echo "Please enter 'y' or 'n'."
- done
-
- if [ -z "$upstream_connect" ]; then
- upstream_connect=y
- fi
-
- if [ "$upstream_connect" = "y" ]; then
- echo -n "Master instance IP address/hostname [$upstream_name]: "
- if ! read upstream_host; then
- exit 1
- fi
-
- if [ -z "$upstream_host" ]; then
- upstream_host=$upstream_name
- fi
-
- echo -n "Master instance port [5665]: "
- if ! read upstream_port; then
- exit 1
- fi
-
- if [ -z "$upstream_port" ]; then
- upstream_port=5665
- fi
- fi
- fi
-
- echo "Installing the certificate bundle..."
- base64 -i -d < $1 | tar -C $ICINGA2CONFIG/pki/ -zx || exit 1
- chown @ICINGA2_USER@:@ICINGA2_GROUP@ $ICINGA2CONFIG/pki/* || exit 1
-
- echo "Setting up api.conf..."
- cat >$ICINGA2CONFIG/features-available/api.conf <<AGENT
-/**
- * The API listener is used for distributed monitoring setups.
- */
-
-object ApiListener "api" {
- cert_path = SysconfDir + "/icinga2/pki/" + NodeName + ".crt"
- key_path = SysconfDir + "/icinga2/pki/" + NodeName + ".key"
- ca_path = SysconfDir + "/icinga2/pki/ca.crt"
-
- bind_port = "$listener_port"
-}
-
-AGENT
-
- echo "Setting up zones.conf..."
- cat >$ICINGA2CONFIG/zones.conf <<ZONES
-/*
- * Endpoint and Zone configuration for a cluster setup
- * This local example requires `NodeName` defined in
- * constants.conf.
- */
-
-object Endpoint NodeName {
- host = NodeName
-}
-
-object Zone ZoneName {
-ZONES
-
- if [ "$upstream_connect" = "y" ]; then
- cat >>$ICINGA2CONFIG/zones.conf <<ZONES
- parent = "$upstream_name"
-ZONES
- fi
-
- cat >>$ICINGA2CONFIG/zones.conf <<ZONES
- endpoints = [ NodeName ]
-}
-
-ZONES
-
- if [ "$upstream_connect" = "y" ]; then
- cat >>$ICINGA2CONFIG/zones.conf <<ZONES
-object Endpoint "$upstream_name" {
- host = "$upstream_host"
- port = "$upstream_port"
-}
-
-object Zone "$upstream_name" {
- endpoints = [ "$upstream_name" ]
-}
-ZONES
- fi
-
- sed -i "s/NodeName = \"localhost\"/NodeName = \"$name\"/" /etc/icinga2/constants.conf
-
- echo "Enabling API feature..."
- @CMAKE_INSTALL_FULL_SBINDIR@/icinga2 feature enable api
-
- if [ ! -e "@CMAKE_INSTALL_FULL_SYSCONFDIR@/monitoring" ]; then
- ln -s $ICINGA2CONFIG/conf.d/hosts/localhost @CMAKE_INSTALL_FULL_SYSCONFDIR@/monitoring
- fi
-
- if [ "$master" = "n" ]; then
- echo "Disabling notification feature..."
- @CMAKE_INSTALL_FULL_SBINDIR@/icinga2 feature disable notification
- fi
-
- echo ""
- echo "The key bundle was installed successfully and the agent component"
- echo "was enabled. Please make sure to restart Icinga 2 for these changes"
- echo "to take effect."
- exit 0
-fi
-
-mkdir -p $ICINGA2CONFIG/pki
-chmod 700 $ICINGA2CONFIG/pki
-chown @ICINGA2_USER@:@ICINGA2_GROUP@ $ICINGA2CONFIG/pki || exit 1
-
-if [ -e $ICINGA2CONFIG/pki/$name.crt ]; then
- echo "You already have agent certificates in $ICINGA2CONFIG/pki/"
- exit 1
-fi
-
-REQ_COMMON_NAME="$name" KEY_DIR="$ICINGA2CONFIG/pki/" openssl req -config $ICINGA2PKIDIR/openssl-quiet.cnf -new -newkey rsa:4096 -keyform PEM -keyout $ICINGA2CONFIG/pki/$name.key -outform PEM -out $ICINGA2CONFIG/pki/$name.csr -nodes && \
- chmod 600 $ICINGA2CONFIG/pki/$name.key
-
-echo "Please sign the following CSR using the Agent CA:"
-echo ""
-
-cat $ICINGA2CONFIG/pki/$name.csr
-
-echo ""
-
-echo "You can use the icinga2-sign-key command to sign the CSR. Once signed the"
-echo "key bundle can be installed using $0 <bundle>."
-exit 0
import subprocess, json
-inventory_json = subprocess.check_output(["icinga2-list-agents", "--batch"])
+inventory_json = subprocess.check_output(["icinga2", "agent", "list", "--batch"])
inventory = json.loads(inventory_json)
for agent, agent_info in inventory.items():
debian/tmp/etc/logrotate.d
debian/tmp/etc/bash_completion.d
tools/syntax/* usr/share/icinga2-common/syntax
-usr/sbin/icinga2-*-agent
-usr/sbin/icinga2-list-agents
usr/share/icinga2
%config(noreplace) %attr(0640,%{icinga_user},%{icinga_group}) %{_sysconfdir}/%{name}/zones.d/*
%config(noreplace) %{_sysconfdir}/%{name}/scripts/*
%{_sbindir}/%{name}
-%{_sbindir}/%{name}-setup-agent
-%{_sbindir}/%{name}-discover-agent
-%{_sbindir}/%{name}-forget-agent
-%{_sbindir}/%{name}-list-agents
%{_sbindir}/%{name}-prepare-dirs
%exclude %{_libdir}/%{name}/libdb_ido_mysql*
%exclude %{_libdir}/%{name}/libdb_ido_pgsql*
projects / icinga2 / commitdiff