Merge branch 'main' of https://git.ao-it.net/docker/icinga-satellite

.gitea/workflows/docker-build.yml

@@ -7,7 +7,7 @@ on:
 
 defaults:
   run:
-    working-directory: ./icinga2-satellite
+    working-directory: ./icinga-satellite
 
 env:
   REGISTRY_HOST: ${{ vars.AOIT_GIT_URL }}
@@ -30,9 +30,9 @@ jobs:
         run: docker build -t $REGISTRY_HOST/$CONTAINER_TAG:$CONTAINER_VERSION .
       - name: test docker container comes up
         run: | 
-          docker run --rm -d --name $CONTAINER_NAME -p $TEST_PORT:$TEST_PORT -e ICINGA2_API_USER_ROOT_PASS=$TMP_API_PASS $REGISTRY_HOST/$CONTAINER_TAG:$CONTAINER_VERSION
+          docker run --rm -d --name $CONTAINER_NAME $REGISTRY_HOST/$CONTAINER_TAG:$CONTAINER_VERSION
           sleep $DEPLOY_TIME
-          docker exec $CONTAINER_NAME icinga2 -C -X
+          docker exec $CONTAINER_NAME icinga2 daemon -C -X
         env:
           DEPLOY_TIME: 15
       - name: cleanup container

Dockerfile

@@ -24,6 +24,17 @@ RUN ["bash", "-exo", "pipefail", "-c", "\
     apt clean all ; \
     rm -vrf /var/lib/apt/lists/* "]
 
+## install feature requirements for checks
+RUN ["bash", "-exo", "pipefail", "-c", "\
+apt update ; \
+apt-get install -y \
+    python3-requests \
+    python3-easysnmp \
+    python3-paho-mqtt \
+    python3-nagiosplugin ; \
+apt clean all ; \
+rm -vrf /var/lib/apt/lists/* "]
+
 ## create persistend data store
 RUN ["bash", "-exo", "pipefail", "-c", "\
     mkdir -p /var/lib/icinga2/certs ; \

README.md

@@ -0,0 +1,66 @@
+# Icinga2 Satellite
+[![Build Status](https://git.ao-it.net/docker/icinga-satellite/actions/workflows/docker-build.yml/badge.svg?branch=main&event=push)](https://git.ao-it.net/docker/icinga-satellite/actions?workflow=docker-build.yml&actor=0&status=0)
+
+## Requirements
+* need a running icinga2 master instance
+* ticket & zone config in master instance
+  * see: [Icinga: Master Setup](https://icinga.com/docs/icinga-2/latest/doc/06-distributed-monitoring/#master-setup)
+
+ATTENTION: primary designed for:
+* [AO-IT: icinga-stack](https://git.ao-it.net/docker/icinga-stack)
+* [AO-IT: icinga2](https://git.ao-it.net/docker/icinga2)
+* [AO-IT: icingaweb2](https://git.ao-it.net/docker/icinga-satellite)
+
+Maybe you need more setup setps if you use other base!
+
+## usage
+### master instance
+## example zone.conf
+* [Icinga: Zones](https://icinga.com/docs/icinga-2/latest/doc/06-distributed-monitoring/#zones)  
+* [Icinga: Endpoints](https://icinga.com/docs/icinga-2/latest/doc/06-distributed-monitoring/#endpoints)
+
+> DO NOT copy&paste this config !  
+> Replace first all $VARS
+
+```
+object Endpoint "master.example.com" {
+}
+object Zone "master" {
+        endpoints = [ "master.example.com" ]
+}
+
+// your new config to do:
+object Endpoint "$ICINGA_SATELLITE_CN" {
+        host = "1.2.3.4"                // ip or
+        host = "$ICINGA_SATELLITE_CN"   // hostname
+}
+object Zone "$ICINGA_SATELLITE_ZONE" {
+        parent = "$ICINGA_PARENT_CN"
+        endpoints = [ "$ICINGA_SATELLITE_CN" ]
+}
+// end: new config to do
+
+object Zone "global-templates" {
+        global = true
+}
+
+object Zone "director-global" {
+        global = true
+}
+
+```
+
+create new zone on master
+```
+mkdir zones.d/$ICINGA_SATELLITE_ZONE
+nano zones.d/$ICINGA_SATELLITE_ZONE/hosts.conf 
+```
+
+### satellite node
+```
+git clone https://git.ao-it.net/docker/icinga-satellite
+cd icinga-satellite
+cp env.sample .env
+nano .env # set your env
+docker compose up
+```

compose.yml

@@ -0,0 +1,18 @@
+services: 
+  icinga-satellite:
+    image: git.ao-it.net/docker/icinga-satellite:latest
+    init: true
+    hostname: ${ICINGA_SATELLITE_CN:-satellite.example.com}
+    restart: always
+    ports:
+      - 5665:5665
+    volumes:
+      - ./files:/data
+      - /etc/localtime:/etc/localtime:ro
+    environment:
+      ICINGA2_JOIN_TICKET: ${ICINGA_JOIN_TICKET}
+      ICINGA2_PARENT_HOST: ${ICINGA_PARENT_HOST:-icinga.example.com}
+      ICINGA2_PARENT_CN: ${ICINGA_PARENT_CN:-icinga.example.com}
+      ICINGA2_PARENT_ZONE: ${ICINGA_PARENT_ZONE:-master}
+      ICINGA2_SATELLITE_CN: ${ICINGA_SATELLITE_CN:-satellite.example.com}
+      ICINGA2_SATELLITE_ZONE: ${ICINGA_SATELLITE_ZONE:-icinga-satellite}

env.sample

@@ -0,0 +1,6 @@
+ICINGA_JOIN_TICKET:  # generate on master node with: icinga2 pki ticket --cn $ICINGA_SATELLITE_CN
+ICINGA_PARENT_HOST: icinga.example.com  # set ip is different from CN (FQDN)
+ICINGA_PARENT_CN: icinga.example.com
+ICINGA_PARENT_ZONE: master
+ICINGA_SATELLITE_CN: satellite.example.com
+ICINGA_SATELLITE_ZONE: icinga-satelliete-zone

init.sh

@@ -8,7 +8,7 @@ if [ -z "$(ls -A /data)" ]; then
 	rm -rf /data-init
     ## create satellite cert 
     if [ ! -z "$ICINGA2_SATELLITE_CN" ]; then
-        echo generate new cert
+        echo generate new cert for node: $ICINGA2_SATELLITE_CN
         icinga2 pki new-cert --cn $ICINGA2_SATELLITE_CN \
         --key /var/lib/icinga2/certs/$ICINGA2_SATELLITE_CN.key \
         --cert /var/lib/icinga2/certs/$ICINGA2_SATELLITE_CN.crt
@@ -27,7 +27,7 @@ if [ -z "$(ls -A /data)" ]; then
     REQUIRED_VARS=("ICINGA2_PARENT_CN" "ICINGA2_PARENT_ZONE" "ICINGA2_PARENT_HOST" \
         "ICINGA2_SATELLITE_CN" "ICINGA2_SATELLITE_ZONE" "ICINGA2_JOIN_TICKET" )
     INIT_SATELLITE=true
-    echo check env var for auto setup
+    echo check env vars for auto setup
     for VAR in "${REQUIRED_VARS[@]}"; do
         if [ -z "${!VAR}" ]; then
             echo "'$VAR' not set"
@@ -45,7 +45,7 @@ if [ -z "$(ls -A /data)" ]; then
         --trustedcert /var/lib/icinga2/certs/trusted-parent.crt \
         --accept-commands --accept-config --disable-confd
     else
-        echo satellite not init must do manually
+        echo satellite not initialized, must do manually
     fi
 fi