#!/usr/bin/env bash info (){ echo "$1" } #set -o errexit set -o nounset set -o pipefail NODENAME="$1" shift PG_ICINGA_USER_NAME="supervisor" PG_ICINGA_USER_PWD="th3Pass" PG_ICINGAWEB_USER_NAME="supervisor" PG_ICINGAWEB_USER_PWD="th3Pass" PG_DIRECTOR_USER_NAME="supervisor" PG_DIRECTOR_USER_PWD="th3Pass" PG_OPM_USER_NAME="opm" PG_OPM_USER_PWD="th3Pass" PG_GRAFANA_USER_NAME="supervisor" PG_GRAFANA_USER_PWD="th3Pass" set_hostname(){ info "#=============================================================================" info "# hostname and /etc/hosts setup" info "#=============================================================================" hostnamectl set-hostname "${NODENAME}" sed --in-place -e "s/\(127\.0\.0\.1\s*localhost$\)/\1 ${NODENAME}/" /etc/hosts } packages(){ info "#=============================================================================" info "# install required repos and packages" info "#=============================================================================" apt-get update || true apt-get -y install apt-transport-https wget gnupg software-properties-common DIST=$(awk -F"[)(]+" '/VERSION=/ {print $2}' /etc/os-release) echo "deb https://packages.icinga.com/debian icinga-${DIST} main" > "/etc/apt/sources.list.d/${DIST}-icinga.list" echo "deb-src https://packages.icinga.com/debian icinga-${DIST} main" >> "/etc/apt/sources.list.d/${DIST}-icinga.list" echo "deb https://packages.grafana.com/oss/deb stable main" > /etc/apt/sources.list.d/grafana.list echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list wget -q -O - https://packages.icinga.com/icinga.key | apt-key add - wget -q -O - https://packages.grafana.com/gpg.key | sudo apt-key add - wget -q -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add - apt-get update || true PACKAGES=( grafana icinga2 icinga2-ido-pgsql icingaweb2 icingaweb2-module-monitoring icingacli postgresql-client postgresql-14 php7.3-pgsql php7.3-imagick php7.3-intl nagios-plugins ) DEBIAN_FRONTEND=noninteractive apt install -q -y "${PACKAGES[@]}" systemctl --quiet --now enable postgresql@14 } icinga_setup(){ info "#=============================================================================" info "# Icinga setup" info "#=============================================================================" ## this part is already done by the standard icinga install with the user icinga2 ## and a random password, here we dont really care cat << __EOF__ | sudo -u postgres psql DROP ROLE IF EXISTS supervisor; DROP DATABASE IF EXISTS icinga2; CREATE ROLE ${PG_ICINGA_USER_NAME} WITH LOGIN SUPERUSER PASSWORD '${PG_ICINGA_USER_PWD}'; CREATE DATABASE icinga2; __EOF__ echo "*:*:*:${PG_ICINGA_USER_NAME}:${PG_ICINGA_USER_PWD}" > ~postgres/.pgpass chown postgres:postgres ~postgres/.pgpass chmod 600 ~postgres/.pgpass PGPASSFILE=~postgres/.pgpass psql -U $PG_ICINGA_USER_NAME -h 127.0.0.1 -d icinga2 -f /usr/share/icinga2-ido-pgsql/schema/pgsql.sql icingacli setup config directory --group icingaweb2 icingacli setup token create ## this part is already done by the standard icinga install with the user icinga2 cat << __EOF__ > /etc/icinga2/features-available/ido-pgsql.conf /** * The db_ido_pgsql library implements IDO functionality * for PostgreSQL. */ library "db_ido_pgsql" object IdoPgsqlConnection "ido-pgsql" { user = "${PG_ICINGA_USER_NAME}", password = "${PG_ICINGA_USER_PWD}", host = "localhost", database = "icinga2" } __EOF__ icinga2 feature enable ido-pgsql icinga2 feature enable command icinga2 feature enable perfdata #icinga2 node wizard icinga2 node setup --master --cn s1 --zone master systemctl restart icinga2.service } icinga_API(){ info "#=============================================================================" info "# Icinga API" info "#=============================================================================" icinga2 api setup cat <<__EOF__ >> /etc/icinga2/conf.d/api-users.conf object ApiUser "icingaapi" { password = "th3Pass" permissions = [ "*" ] } __EOF__ systemctl restart icinga2.service } icinga_web(){ info "#=============================================================================" info "# Icinga2 Web" info "#=============================================================================" if [ "$PG_ICINGA_USER_NAME" != "$PG_ICINGAWEB_USER_NAME" ]; then sudo -u postgres psql -c "CREATE ROLE ${PG_ICINGAWEB_USER_NAME} WITH LOGIN PASSWORD '${PG_ICINGAWEB_USER_PWD}';" fi sudo -u postgres psql -c "CREATE DATABASE icingaweb_db OWNER ${PG_ICINGAWEB_USER_NAME};" sed --in-place -e "s/;date\.timezone =/date.timezone = europe\/paris/" /etc/php/7.3/apache2/php.ini a2enconf icingaweb2 a2enmod rewrite a2dismod mpm_event a2enmod php7.3 systemctl restart apache2 } director(){ info "#=============================================================================" info "# Icinga director" info "#=============================================================================" # Create the database if [ "$PG_ICINGA_USER_NAME" != "$PG_DIRECTOR_USER_NAME" ]; then sudo -u postgres psql -c "CREATE ROLE ${PG_DIRECTOR_USER_NAME} WITH LOGIN PASSWORD '${PG_DIRECTOR_USER_PWD}';" fi sudo -u postgres psql -c "CREATE DATABASE director_db OWNER ${PG_DIRECTOR_USER_NAME};" sudo -iu postgres psql -d director_db -c "CREATE EXTENSION pgcrypto;" ## Prereq MODULE_NAME=incubator MODULE_VERSION=v0.11.0 MODULES_PATH="/usr/share/icingaweb2/modules" MODULE_PATH="${MODULES_PATH}/${MODULE_NAME}" RELEASES="https://github.com/Icinga/icingaweb2-module-${MODULE_NAME}/archive" mkdir "$MODULE_PATH" \ && wget -q $RELEASES/${MODULE_VERSION}.tar.gz -O - \ | tar xfz - -C "$MODULE_PATH" --strip-components 1 icingacli module enable "${MODULE_NAME}" ## Director MODULE_VERSION="1.8.1" ICINGAWEB_MODULEPATH="/usr/share/icingaweb2/modules" REPO_URL="https://github.com/icinga/icingaweb2-module-director" TARGET_DIR="${ICINGAWEB_MODULEPATH}/director" URL="${REPO_URL}/archive/v${MODULE_VERSION}.tar.gz" useradd -r -g icingaweb2 -d /var/lib/icingadirector -s /bin/false icingadirector install -d -o icingadirector -g icingaweb2 -m 0750 /var/lib/icingadirector install -d -m 0755 "${TARGET_DIR}" wget -q -O - "$URL" | tar xfz - -C "${TARGET_DIR}" --strip-components 1 cp "${TARGET_DIR}/contrib/systemd/icinga-director.service" /etc/systemd/system/ icingacli module enable director systemctl daemon-reload systemctl enable icinga-director.service systemctl start icinga-director.service # The permission have to be like this to let icingaweb activate modules chown -R www-data:icingaweb2 /etc/icingaweb2 } grafana(){ info "#=============================================================================" info "# Grafana" info "#=============================================================================" if [ "$PG_ICINGA_USER_NAME" != "$PG_GRAFANA_USER_NAME" ]; then sudo -u postgres psql -c "CREATE ROLE ${PG_GRAFANA_USER_NAME} WITH LOGIN PASSWORD '${PG_GRAFANA_USER_PWD}';" fi sudo -u postgres psql -c "CREATE DATABASE grafana OWNER ${PG_GRAFANA_USER_NAME};" cat << __EOF__ > /etc/grafana/grafana.ini [database] # You can configure the database connection by specifying type, host, name, user and password # as separate properties or as on string using the url property. # Either "mysql", "postgres" or "sqlite3", it's your choice type = postgres host = 127.0.0.1:5432 name = grafana user = $PG_GRAFANA_USER_NAME password = $PG_GRAFANA_USER_PWD __EOF__ systemctl --quiet --now enable grafana-server.service } opm(){ info "#=============================================================================" info "# OPM" info "#=============================================================================" ## OPM Install DEBIAN_FRONTEND=noninteractive apt install -q -y postgresql-server-dev-10 libdbd-pg-perl git build-essential cd /usr/local/src || exit 1 git clone https://github.com/OPMDG/opm-core.git git clone https://github.com/OPMDG/opm-wh_nagios.git cd /usr/local/src/opm-wh_nagios/pg/ || exit 1 make install cd /usr/local/src/opm-core/pg/ || exit 1 make install ## OPM db setup cat << __EOF__ | sudo -iu postgres psql CREATE ROLE ${PG_OPM_USER_NAME} WITH LOGIN PASSWORD '${PG_OPM_USER_PWD}'; CREATE DATABASE opm OWNER ${PG_OPM_USER_NAME}; __EOF__ cat << __EOF__ | sudo -iu postgres psql -d opm CREATE EXTENSION opm_core; CREATE EXTENSION wh_nagios CASCADE; SELECT * FROM grant_dispatcher('wh_nagios', 'opm'); __EOF__ ## OPM dispatcher cat < /etc/opm_dispatcher.conf daemon=0 directory=/var/spool/icinga2/perfdata frequency=5 db_connection_string=dbi:Pg:dbname=opm host=localhost db_user=${PG_OPM_USER_NAME} db_password=${PG_OPM_USER_PWD} debug=0 syslog=1 hostname_filter = /^$/ # Empty hostname. Never happens service_filter = /^$/ # Empty service label_filter = /^$/ # Empty label EOF cat <<'EOF' > /etc/systemd/system/opm_dispatcher.service [Unit] Description=dispatcher nagios, import perf files from icinga to opm [Service] User=nagios Group=nagios ExecStart=/usr/local/src/opm-wh_nagios/bin/nagios_dispatcher.pl -c /etc/opm_dispatcher.conf # start right after boot Type=simple # restart on crash Restart=always # after 10s RestartSec=10 [Install] WantedBy=multi-user.target EOF ## OPM planned task cat <<'EOF' > /etc/systemd/system/opm_dispatch_record.service [Unit] Description=Run wh_nagios.dispatch_record() on OPM database [Service] Type=oneshot User=postgres Group=postgres SyslogIdentifier=opm_dispatch_record ExecStart=/usr/bin/psql -U postgres -d opm -c "SELECT * FROM wh_nagios.dispatch_record()" EOF cat <<'EOF' > /etc/systemd/system/opm_dispatch_record.timer [Unit] Description=Timer to run wh_nagios.dispatch_record() on OPM [Timer] OnBootSec=60s OnUnitInactiveSec=1min [Install] WantedBy=timers.target EOF systemctl daemon-reload systemctl enable opm_dispatcher systemctl start opm_dispatcher systemctl enable opm_dispatch_record.timer systemctl start opm_dispatch_record.timer ## To check once everything is setup (icingaweb is setup) # sudo journalctl -fu opm_dispatcher # sudo ournalctl -ft opm_dispatch_record ## Grants for graphana sudo -iu postgres psql -c "CREATE ROLE grafana WITH LOGIN PASSWORD 'th3Pass'" cat <