docker/icinga-satellite
6
0
Fork 0
Code Issues Actions Packages Activity

Compare commits

base: docker:bffb738d2d16eb90a27da884dfbf4adedaf854bf
Branches Tags
docker:main
..
compare: docker:main
Branches Tags
docker:main

17 Commits
bffb738d2d ... main

Author SHA1 Message Date
anima
aabd87ebf7 Merge branch 'main' of https://git.ao-it.net/docker/icinga-satellite
All checks were successful
build container icinga2-stallite / build (push) Successful in -1h29m8s
Details
2025-09-20 18:51:25 +02:00
anima
382251fd13 add mqtt python lib sys wide 2025-09-20 18:50:02 +02:00
Schreiner Pascal
cb6abab960 add init true because some zombiprocesses 2025-06-05 23:46:28 +02:00
anima
3a475913b6 add python requests
All checks were successful
build container icinga2-stallite / build (push) Successful in 2m52s
Details
2025-02-23 01:24:07 +01:00
anima
a55a72b704 add timesync between host and container 2025-02-22 20:55:45 +01:00
anima
5b35fd5ae8 add python libs
All checks were successful
build container icinga2-stallite / build (push) Successful in 2m35s
Details
2025-02-22 20:42:16 +01:00
anima
8e51679aa9 add missing usage step 2025-02-02 18:58:27 +01:00
anima
e15dc918b2 add build state 2025-02-02 18:54:03 +01:00
anima
a601566429 inital version 2025-02-02 18:48:04 +01:00
anima
530d895ec0 add inital compose 2025-02-02 18:29:54 +01:00
anima
69a39ac67b fix test command
All checks were successful
build container icinga2-stallite / build (push) Successful in 1m2s
Details
2025-02-02 17:59:40 +01:00
anima
5c0d384614 optimized echo
Some checks failed
build container icinga2-stallite / build (push) Failing after 2m29s
Details
2025-02-02 17:55:38 +01:00
anima
f0fab7810e remove on test run 2025-02-02 17:54:52 +01:00
anima
3900090959 optimized echo
Some checks failed
build container icinga2-stallite / build (push) Failing after 2m11s
Details
2025-02-02 17:51:45 +01:00
anima
80aad854dc fix dir name 2025-02-02 17:50:39 +01:00
anima
a1f9a73af9 inital version
Some checks failed
build container icinga2-stallite / build (push) Failing after 2s
Details
2025-02-02 17:48:36 +01:00
anima
4a345c138f inital workflow 2025-02-02 16:52:05 +01:00
6 changed files with 258 additions and 0 deletions
Expand all files Collapse all files

52
.gitea/workflows/docker-build.yml Normal file
View File

@@ -0,0 +1,52 @@
name: build container icinga2-stallite
on:
push:
paths:
- 'Dockerfile'
- 'init.sh'
defaults:
run:
working-directory: ./icinga-satellite
env:
REGISTRY_HOST: ${{ vars.AOIT_GIT_URL }}
CONTAINER_TAG: ${{ gitea.repository }}
CONTAINER_VERSION: latest
CONTAINER_NAME: deploy_test-${{ gitea.run_id }}
jobs:
build:
runs-on: test
steps:
- name: clone repo
working-directory: ${{ gitea.workspace }}
run: git clone https://$TOKEN@$GIT_HOST/$GIT_REPO
env:
TOKEN: ${{ secrets.TOKEN_SVC_CI }}
GIT_HOST: ${{ vars.AOIT_GIT_URL }}
GIT_REPO: ${{ gitea.repository }}
- name: docker build
run: docker build -t $REGISTRY_HOST/$CONTAINER_TAG:$CONTAINER_VERSION .
- name: test docker container comes up
run: |
docker run --rm -d --name $CONTAINER_NAME $REGISTRY_HOST/$CONTAINER_TAG:$CONTAINER_VERSION
sleep $DEPLOY_TIME
docker exec $CONTAINER_NAME icinga2 daemon -C -X
env:
DEPLOY_TIME: 15
- name: cleanup container
if: always()
run: docker kill $CONTAINER_NAME
- name: upload container
run: |
docker login $REGISTRY_HOST -u $REGISTRY_USER -p $REGISTRY_PASS
docker push $REGISTRY_HOST/$CONTAINER_TAG:$CONTAINER_VERSION
docker logout
env:
REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
REGISTRY_PASS: ${{ secrets.TOKEN_SVC_DOCKER }}
- name: docker cleanup image and build cache
run: |
docker image rm $REGISTRY_HOST/$CONTAINER_TAG:$CONTAINER_VERSION
docker builder prune -af

62
Dockerfile Normal file
View File

@@ -0,0 +1,62 @@
FROM debian:bookworm-slim
LABEL maintainer="docker@ao-it.net"
## prepare requirements
RUN ["bash", "-exo", "pipefail", "-c", "\
export DEBIAN_FRONTEND=noninteractive ; \
apt update ; \
apt install -y wget gnupg ; \
wget -O - https://packages.icinga.com/icinga.key | \
gpg --dearmor -o /usr/share/keyrings/icinga-archive-keyring.gpg ; \
source /etc/os-release ; \
echo \"deb [signed-by=/usr/share/keyrings/icinga-archive-keyring.gpg] https://packages.icinga.com/debian icinga-${VERSION_CODENAME} main\" > /etc/apt/sources.list.d/${VERSION_CODENAME}-icinga.list ; \
echo \"deb-src [signed-by=/usr/share/keyrings/icinga-archive-keyring.gpg] https://packages.icinga.com/debian icinga-${VERSION_CODENAME} main\" >> /etc/apt/sources.list.d/${VERSION_CODENAME}-icinga.list ; \
apt clean all ; \
rm -vrf /var/lib/apt/lists/* "]
## install icinga2
RUN ["bash", "-exo", "pipefail", "-c", "\
export DEBIAN_FRONTEND=noninteractive ; \
apt update ; \
apt install -y icinga2 monitoring-plugins ; \
mkdir -p /run/icinga2 ; \
chown nagios: /run/icinga2 ; \
apt clean all ; \
rm -vrf /var/lib/apt/lists/* "]
## install feature requirements for checks
RUN ["bash", "-exo", "pipefail", "-c", "\
apt update ; \
apt-get install -y \
python3-requests \
python3-easysnmp \
python3-paho-mqtt \
python3-nagiosplugin ; \
apt clean all ; \
rm -vrf /var/lib/apt/lists/* "]
## create persistend data store
RUN ["bash", "-exo", "pipefail", "-c", "\
mkdir -p /var/lib/icinga2/certs ; \
chown -R nagios:nagios /var/lib/icinga2/certs ; \
mkdir -p /data ; \
mkdir -p /data-init/etc/ ; \
mkdir -p /data-init/var/ ; \
mkdir -p /data-init/plugins ; \
mv /etc/icinga2 /data-init/etc/ ; \
mv /var/lib/icinga2 /data-init/var/ ; \
mv /usr/lib/nagios/plugins /data-init/ ; \
ln -vs /data/etc/icinga2 /etc/icinga2 ; \
ln -vs /data/var/icinga2 /var/lib/icinga2 ; \
ln -vs /data/plugins /usr/lib/nagios/plugins "]
COPY init.sh /root/init.sh
EXPOSE 5665
VOLUME ["/data"]
WORKDIR /data
USER root
## run init.sh always!
ENTRYPOINT [ "bash", "/root/init.sh" ]
CMD [ "/usr/sbin/icinga2", "daemon" ]

66
README.md Normal file
View File

@@ -0,0 +1,66 @@
# Icinga2 Satellite
[![Build Status](https://git.ao-it.net/docker/icinga-satellite/actions/workflows/docker-build.yml/badge.svg?branch=main&event=push)](https://git.ao-it.net/docker/icinga-satellite/actions?workflow=docker-build.yml&actor=0&status=0)
## Requirements
* need a running icinga2 master instance
* ticket & zone config in master instance
* see: [Icinga: Master Setup](https://icinga.com/docs/icinga-2/latest/doc/06-distributed-monitoring/#master-setup)
ATTENTION: primary designed for:
* [AO-IT: icinga-stack](https://git.ao-it.net/docker/icinga-stack)
* [AO-IT: icinga2](https://git.ao-it.net/docker/icinga2)
* [AO-IT: icingaweb2](https://git.ao-it.net/docker/icinga-satellite)
Maybe you need more setup setps if you use other base!
## usage
### master instance
## example zone.conf
* [Icinga: Zones](https://icinga.com/docs/icinga-2/latest/doc/06-distributed-monitoring/#zones)
* [Icinga: Endpoints](https://icinga.com/docs/icinga-2/latest/doc/06-distributed-monitoring/#endpoints)
> DO NOT copy&paste this config !
> Replace first all $VARS
```
object Endpoint "master.example.com" {
}
object Zone "master" {
endpoints = [ "master.example.com" ]
}
// your new config to do:
object Endpoint "$ICINGA_SATELLITE_CN" {
host = "1.2.3.4" // ip or
host = "$ICINGA_SATELLITE_CN" // hostname
}
object Zone "$ICINGA_SATELLITE_ZONE" {
parent = "$ICINGA_PARENT_CN"
endpoints = [ "$ICINGA_SATELLITE_CN" ]
}
// end: new config to do
object Zone "global-templates" {
global = true
}
object Zone "director-global" {
global = true
}
```
create new zone on master
```
mkdir zones.d/$ICINGA_SATELLITE_ZONE
nano zones.d/$ICINGA_SATELLITE_ZONE/hosts.conf
```
### satellite node
```
git clone https://git.ao-it.net/docker/icinga-satellite
cd icinga-satellite
cp env.sample .env
nano .env # set your env
docker compose up
```

18
compose.yml Normal file
View File

@@ -0,0 +1,18 @@
services:
icinga-satellite:
image: git.ao-it.net/docker/icinga-satellite:latest
init: true
hostname: ${ICINGA_SATELLITE_CN:-satellite.example.com}
restart: always
ports:
- 5665:5665
volumes:
- ./files:/data
- /etc/localtime:/etc/localtime:ro
environment:
ICINGA2_JOIN_TICKET: ${ICINGA_JOIN_TICKET}
ICINGA2_PARENT_HOST: ${ICINGA_PARENT_HOST:-icinga.example.com}
ICINGA2_PARENT_CN: ${ICINGA_PARENT_CN:-icinga.example.com}
ICINGA2_PARENT_ZONE: ${ICINGA_PARENT_ZONE:-master}
ICINGA2_SATELLITE_CN: ${ICINGA_SATELLITE_CN:-satellite.example.com}
ICINGA2_SATELLITE_ZONE: ${ICINGA_SATELLITE_ZONE:-icinga-satellite}

6
env.sample Normal file
View File

@@ -0,0 +1,6 @@
ICINGA_JOIN_TICKET: # generate on master node with: icinga2 pki ticket --cn $ICINGA_SATELLITE_CN
ICINGA_PARENT_HOST: icinga.example.com # set ip is different from CN (FQDN)
ICINGA_PARENT_CN: icinga.example.com
ICINGA_PARENT_ZONE: master
ICINGA_SATELLITE_CN: satellite.example.com
ICINGA_SATELLITE_ZONE: icinga-satelliete-zone

54
init.sh Normal file
View File

@@ -0,0 +1,54 @@
#!/bin/bash
## init icinga if need
if [ -z "$(ls -A /data)" ]; then
## init icinga config files
echo init icinga2 config
cp -ax /data-init/* /data
rm -rf /data-init
## create satellite cert
if [ ! -z "$ICINGA2_SATELLITE_CN" ]; then
echo generate new cert for node: $ICINGA2_SATELLITE_CN
icinga2 pki new-cert --cn $ICINGA2_SATELLITE_CN \
--key /var/lib/icinga2/certs/$ICINGA2_SATELLITE_CN.key \
--cert /var/lib/icinga2/certs/$ICINGA2_SATELLITE_CN.crt
fi
## get parent cert
if [ ! -z "$ICINGA2_PARENT_HOST" ]; then
echo get parent cert
icinga2 pki save-cert \
--trustedcert /var/lib/icinga2/certs/trusted-parent.crt \
--host $ICINGA2_PARENT_HOST
fi
## join parent
### see: https://icinga.com/docs/icinga-2/latest/doc/06-distributed-monitoring/#node-setup
REQUIRED_VARS=("ICINGA2_PARENT_CN" "ICINGA2_PARENT_ZONE" "ICINGA2_PARENT_HOST" \
"ICINGA2_SATELLITE_CN" "ICINGA2_SATELLITE_ZONE" "ICINGA2_JOIN_TICKET" )
INIT_SATELLITE=true
echo check env vars for auto setup
for VAR in "${REQUIRED_VARS[@]}"; do
if [ -z "${!VAR}" ]; then
echo "'$VAR' not set"
INIT_SATELLITE=false
fi
done
if [ "$INIT_SATELLITE" = true ]; then
echo init satellite
icinga2 node setup --ticket $ICINGA2_JOIN_TICKET \
--cn $ICINGA2_SATELLITE_CN \
--endpoint $ICINGA2_PARENT_CN \
--zone $ICINGA2_SATELLITE_ZONE \
--parent_zone $ICINGA2_PARENT_ZONE \
--parent_host $ICINGA2_PARENT_HOST \
--trustedcert /var/lib/icinga2/certs/trusted-parent.crt \
--accept-commands --accept-config --disable-confd
else
echo satellite not initialized, must do manually
fi
fi
# run CMD
exec "$@"