From a1f9a73af9cbeb49c0f845f603874d40fe3195cf Mon Sep 17 00:00:00 2001
From: anima <p.schreiner@4nima.de>
Date: Sun, 2 Feb 2025 17:48:36 +0100
Subject: [PATCH] inital version

---
 Dockerfile | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
 init.sh    | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 105 insertions(+)
 create mode 100644 Dockerfile
 create mode 100644 init.sh

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..f26f00b
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,51 @@
+FROM debian:bookworm-slim
+LABEL maintainer="docker@ao-it.net"
+
+## prepare requirements
+RUN ["bash", "-exo", "pipefail", "-c", "\
+    export DEBIAN_FRONTEND=noninteractive ; \
+    apt update ; \ 
+    apt install -y wget gnupg ; \
+    wget -O - https://packages.icinga.com/icinga.key | \
+    gpg --dearmor -o /usr/share/keyrings/icinga-archive-keyring.gpg ; \
+    source /etc/os-release ; \
+    echo \"deb [signed-by=/usr/share/keyrings/icinga-archive-keyring.gpg] https://packages.icinga.com/debian icinga-${VERSION_CODENAME} main\" > /etc/apt/sources.list.d/${VERSION_CODENAME}-icinga.list ; \
+    echo \"deb-src [signed-by=/usr/share/keyrings/icinga-archive-keyring.gpg] https://packages.icinga.com/debian icinga-${VERSION_CODENAME} main\" >> /etc/apt/sources.list.d/${VERSION_CODENAME}-icinga.list ; \
+    apt clean all ; \
+    rm -vrf /var/lib/apt/lists/* "]
+
+## install icinga2 
+RUN ["bash", "-exo", "pipefail", "-c", "\
+    export DEBIAN_FRONTEND=noninteractive ; \
+    apt update ; \
+    apt install -y icinga2 monitoring-plugins ; \
+    mkdir -p /run/icinga2 ; \
+    chown nagios: /run/icinga2 ; \
+    apt clean all ; \
+    rm -vrf /var/lib/apt/lists/* "]
+
+## create persistend data store
+RUN ["bash", "-exo", "pipefail", "-c", "\
+    mkdir -p /var/lib/icinga2/certs ; \
+    chown -R nagios:nagios /var/lib/icinga2/certs ; \
+    mkdir -p /data ; \
+    mkdir -p /data-init/etc/ ; \
+    mkdir -p /data-init/var/ ; \
+    mkdir -p /data-init/plugins ; \
+    mv /etc/icinga2 /data-init/etc/ ; \
+    mv /var/lib/icinga2 /data-init/var/ ; \
+    mv /usr/lib/nagios/plugins /data-init/ ; \
+    ln -vs /data/etc/icinga2 /etc/icinga2 ; \
+    ln -vs /data/var/icinga2 /var/lib/icinga2 ; \
+    ln -vs /data/plugins /usr/lib/nagios/plugins "]
+
+COPY init.sh /root/init.sh
+    
+EXPOSE 5665
+VOLUME ["/data"]
+WORKDIR /data
+USER root
+
+## run init.sh always!
+ENTRYPOINT [ "bash", "/root/init.sh" ]
+CMD [ "/usr/sbin/icinga2", "daemon" ]
\ No newline at end of file
diff --git a/init.sh b/init.sh
new file mode 100644
index 0000000..7995d0e
--- /dev/null
+++ b/init.sh
@@ -0,0 +1,54 @@
+#!/bin/bash
+
+## init icinga if need
+if [ -z "$(ls -A /data)" ]; then
+    ## init icinga config files
+	echo init icinga2 config
+	cp -ax /data-init/* /data
+	rm -rf /data-init
+    ## create satellite cert 
+    if [ ! -z "$ICINGA2_SATELLITE_CN" ]; then
+        echo generate new cert
+        icinga2 pki new-cert --cn $ICINGA2_SATELLITE_CN \
+        --key /var/lib/icinga2/certs/$ICINGA2_SATELLITE_CN.key \
+        --cert /var/lib/icinga2/certs/$ICINGA2_SATELLITE_CN.crt
+    fi
+    
+    ## get parent cert
+    if [ ! -z "$ICINGA2_PARENT_HOST" ]; then
+        echo get parent cert
+        icinga2 pki save-cert \
+        --trustedcert /var/lib/icinga2/certs/trusted-parent.crt \
+        --host $ICINGA2_PARENT_HOST
+    fi
+
+    ## join parent
+    ### see: https://icinga.com/docs/icinga-2/latest/doc/06-distributed-monitoring/#node-setup
+    REQUIRED_VARS=("ICINGA2_PARENT_CN" "ICINGA2_PARENT_ZONE" "ICINGA2_PARENT_HOST" \
+        "ICINGA2_SATELLITE_CN" "ICINGA2_SATELLITE_ZONE" "ICINGA2_JOIN_TICKET" )
+    INIT_SATELLITE=true
+    echo check env var for auto setup
+    for VAR in "${REQUIRED_VARS[@]}"; do
+        if [ -z "${!VAR}" ]; then
+            echo "'$VAR' not set"
+            INIT_SATELLITE=false
+        fi
+    done
+    if [ "$INIT_SATELLITE" = true ]; then
+        echo init satellite
+        icinga2 node setup --ticket $ICINGA2_JOIN_TICKET \
+        --cn $ICINGA2_SATELLITE_CN \
+        --endpoint $ICINGA2_PARENT_CN \
+        --zone $ICINGA2_SATELLITE_ZONE \
+        --parent_zone $ICINGA2_PARENT_ZONE \
+        --parent_host $ICINGA2_PARENT_HOST \
+        --trustedcert /var/lib/icinga2/certs/trusted-parent.crt \
+        --accept-commands --accept-config --disable-confd
+    else
+        echo satellite not init must do manually
+    fi
+fi
+
+
+# run CMD
+exec "$@"
\ No newline at end of file