add icinga master init

2025-02-02 21:06:31 +01:00
parent 558f5bea02
commit e5b25658d8
2 changed files with 19 additions and 0 deletions
--- a/init.sh
+++ b/init.sh
@@ -5,13 +5,26 @@ ICINGA2_FILE_API_USER_CONF=/etc/icinga2/conf.d/api-users.conf
 ICINGA2_FILE_ICINGADB_CONF=/etc/icinga2/features-enabled/icingadb.conf
 ICINGA2_FILE_INFLUXDB_CONF=/etc/icinga2/features-enabled/influxdb.conf

+ICINGA2_CONF_DIR='/etc/icinga2/conf.d'
+ICINGA2_ZONE_MASTER='/etc/icinga2/zones.d/master'
+ICINGA2_GLOBAL_TEMPLATES='/etc/icinga2/zones.d/global-templates'
+
 ## init icinga config files if need
 if [ -z "$(ls -A /data)" ]; then
 	echo init icinga2 config
 	cp -ax /data-init/* /data
 	rm -rf /data-init
+
+    ## init node as master and global templates
+    icinga2 node setup --master --disable-confd
+    mkdir -p $ICINGA2_GLOBAL_TEMPLATES
+    mkdir -p $ICINGA2_ZONE_MASTER
+    mv $ICINGA2_CONF_DIR/hosts.conf $ICINGA2_ZONE_MASTER/
+    mv $ICINGA2_CONF_DIR/*.conf $ICINGA2_GLOBAL_TEMPLATES/
+    mv $ICINGA2_GLOBAL_TEMPLATES/api-users.conf $ICINGA2_CONF_DIR/
 fi

+
 ## init api user
 if [ ! -f "$ICINGA2_FILE_API_CONF" ]; then
    echo run api setup because no config exists
@@ -32,6 +45,9 @@ if [ ! -f "$ICINGA2_FILE_API_CONF" ]; then
        echo '  permissions = [ "status/query", "actions/*", "objects/modify/*", "objects/query/*" ]' >> $ICINGA2_FILE_API_USER_CONF
        echo '}' >> $ICINGA2_FILE_API_USER_CONF
    fi
+
+    ## only on inital setup create a pki-ticket api user if env var is set
+    ## permission source: https://icinga.com/docs/icinga-2/latest/doc/06-distributed-monitoring/#csr-auto-signing-on-the-master
    if [ ! -z "$ICINGA2_API_USER_SATELLITE_PASS" ]; then
        echo set inital icingadb api user
        echo 'object ApiUser "pki-ticket" {' >> $ICINGA2_FILE_API_USER_CONF