-
Notifications
You must be signed in to change notification settings - Fork 1
/
setup_icinga_client.sh
99 lines (82 loc) · 2.89 KB
/
setup_icinga_client.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
#!/bin/bash
#
# Icinga API user needs permissions (configure in roles):
#
# - module/director
# - director/api
# - director/deploy
# - director/hosts
#
#
APIACCESS="{{ pillar.icinga.apiaccess }}"
APIURL="{{ pillar.icinga.apiurl }}"
MASTERHOST="{{ pillar.icinga.masterhost }}"
MASTERZONE="{{ pillar.icinga.masterzone }}"
host="{{ grains.id }}"
i2user='nagios'
os="Linux"
osfamily="Debian"
zone="{ \
\"object_name\": \"${host}\", \
\"object_type\": \"object\", \
\"parent\": \"${MASTERZONE}\" \
}"
endpoint="{ \
\"object_name\": \"${host}\", \
\"object_type\": \"object\", \
\"zone\": \"${host}\" \
}"
self="{ \
\"address\": \"$(dig +noall +answer "${host}" A |awk '{print $5}')\", \
\"address6\": \"$(dig +noall +answer "${host}" AAAA |awk '{print $5}')\", \
\"display_name\": \"${host}\", \
\"imports\": [ \"BaseClusterzone\"], \
\"object_name\": \"${host}\", \
\"object_type\": \"object\", \
\"accept_config\": true, \
\"master_should_connect\": false, \
\"has_agent\": true, \
\"vars\": { \
\"os\": \"${os}\" \
} \
}"
echo "creating zone: $zone"
curl -s -S -u "$APIACCESS" -H "Accept: application/json" $APIURL/director/zone -X PUT -d "$zone" || \
curl -s -S -u "$APIACCESS" -H "Accept: application/json" $APIURL/director/zone?name=${host} -X POST -d "$zone" || exit 1
echo "done."
echo "creating host: $self"
curl -s -S -u "$APIACCESS" -H "Accept: application/json" $APIURL/director/host -X PUT -d "$self" || \
curl -s -S -u "$APIACCESS" -H "Accept: application/json" $APIURL/director/host?name=${host} -X POST -d "$self" || exit 1
echo "done."
echo "creating endpoint: $endpoint"
curl -s -S -u "$APIACCESS" -H "Accept: application/json" $APIURL/director/endpoint -X PUT -d "$endpoint" || \
curl -s -S -u "$APIACCESS" -H "Accept: application/json" $APIURL/director/endpoint?name=${host} -X POST -d "$endpoint" || exit 1
echo "done."
sleep 3
ticket=$(curl -s -f -u "$APIACCESS" -H "Accept: application/json" $APIURL/director/host/ticket?name=${host} -X GET)
ret=$?
if [ $ret -ne 0 ]; then exit 1; fi
ICINGA_PKI_DIR=/etc/icinga2/pki
ICINGA_USER=$i2user
mkdir -p $ICINGA_PKI_DIR
chown $ICINGA_USER $ICINGA_PKI_DIR
echo "icinga2 pki new-cert"
icinga2 pki new-cert --cn ${host} \
--key $ICINGA_PKI_DIR/${host}.key \
--cert $ICINGA_PKI_DIR/${host}.crt
if [ $? -ne 0 ]; then exit 1; fi
echo "icinga2 pki save-cert"
icinga2 pki save-cert --key $ICINGA_PKI_DIR/${host}.key \
--trustedcert $ICINGA_PKI_DIR/trusted-master.crt \
--host $MASTERHOST
if [ $? -ne 0 ]; then exit 1; fi
echo "icinga2 pki request, with ticket '$ticket'"
icinga2 pki request --host $MASTERHOST \
--port 5665 \
--ticket $(echo $ticket | tr -d '"') \
--key $ICINGA_PKI_DIR/${host}.key \
--cert $ICINGA_PKI_DIR/${host}.crt \
--trustedcert $ICINGA_PKI_DIR/trusted-master.crt \
--ca $ICINGA_PKI_DIR/ca.crt
if [ $? -ne 0 ]; then exit 1; fi
curl -s -S -f -u "$APIACCESS" -H "Accept: application/json" $APIURL/director/config/deploy -X POST || exit 1