add option for ticket api user

2025-02-02 20:18:03 +01:00
parent 962dbfac9c
commit 04ff12a14f
2 changed files with 23 additions and 1 deletions
--- a/README.md
+++ b/README.md
@@ -26,3 +26,17 @@ All other var can be use at is, because all is in docker network and not exposed
 Hints: 
 * API user setup only runs once at start up!
 * Redis conf runs every time
+
+## vars 
+
+var | description | note 
+--- | --- | ---
+ICINGA2_API_USER_ROOT_PASS | replace `root` API user randome password with this | only on first setup
+ICINGA2_API_USER_ICINGAWEB_PASS | create API user `icingadb` with this password | only on first setup, if not set user will not create
+ICINGA2_API_USER_SATELLITE_PASS | create API user `pki-ticket` with this password | only on first setup, if not set user will not create
+ICINGA2_ICINGADB_REDIS_HOST | set redis db host | can set by every startup
+ICINGA2_ICINGADB_REDIS_PORT | set redis db port | can set by every startup
+ICINGA2_ICINGADB_REDIS_PASS | set redis db password | usually not required can set by every startup
+ICINGA2_INFLUXDB_HOST | set influx db host | can set by every startup
+ICINGA2_INFLUXDB_PORT | set influx db port | can set by every startup
+ICINGA2_INFLUXDB_DB | set influx db name | can set by every startup
--- a/init.sh
+++ b/init.sh
@@ -32,6 +32,14 @@ if [ ! -f "$ICINGA2_FILE_API_CONF" ]; then
        echo '  permissions = [ "status/query", "actions/*", "objects/modify/*", "objects/query/*" ]' >> $ICINGA2_FILE_API_USER_CONF
        echo '}' >> $ICINGA2_FILE_API_USER_CONF
    fi
+    if [ ! -z "$ICINGA2_API_USER_SATELLITE_PASS" ]; then
+        echo set inital icingadb api user
+        echo 'object ApiUser "pki-ticket" {' >> $ICINGA2_FILE_API_USER_CONF
+        echo "  password = \"$ICINGA2_API_USER_SATELLITE_PASS\"" >> $ICINGA2_FILE_API_USER_CONF
+        echo '  permissions = [ "actions/generate-ticket" ]' >> $ICINGA2_FILE_API_USER_CONF
+        echo '}' >> $ICINGA2_FILE_API_USER_CONF
+
+    fi
 fi

 ## enable icingadb feature if not active