icinga2/init.sh

#!/bin/bash

ICINGA2_FILE_API_CONF=/etc/icinga2/features-enabled/api.conf
ICINGA2_FILE_API_USER_CONF=/etc/icinga2/conf.d/api-users.conf
ICINGA2_FILE_ICINGADB_CONF=/etc/icinga2/features-enabled/icingadb.conf
ICINGA2_FILE_INFLUXDB_CONF=/etc/icinga2/features-enabled/influxdb.conf

ICINGA2_CONF_DIR='/etc/icinga2/conf.d'
ICINGA2_ZONE_MASTER='/etc/icinga2/zones.d/master'
ICINGA2_GLOBAL_TEMPLATES='/etc/icinga2/zones.d/global-templates'

## init icinga config files if need
if [ -z "$(ls -A /data)" ]; then
	echo init icinga2 config
	cp -ax /data-init/* /data
	rm -rf /data-init

    ## init node as master and global templates
    icinga2 node setup --master --disable-confd
    mkdir -p $ICINGA2_GLOBAL_TEMPLATES
    mkdir -p $ICINGA2_ZONE_MASTER
    mv $ICINGA2_CONF_DIR/hosts.conf $ICINGA2_ZONE_MASTER/
    mv $ICINGA2_CONF_DIR/*.conf $ICINGA2_GLOBAL_TEMPLATES/
    mv $ICINGA2_GLOBAL_TEMPLATES/api-users.conf $ICINGA2_CONF_DIR/

    ## only on inital setup replace one time the api root user password if a env var is set
    if [ ! -z "$ICINGA2_API_USER_ROOT_PASS" ]; then
        echo set inital api root user password
        sed -i "s|password = \".*\"|password = \"$ICINGA2_API_USER_ROOT_PASS\"|g" $ICINGA2_FILE_API_USER_CONF
    fi
    
    ## only on inital setup create a icingaweb api user if env var is set
    ## permission source: https://icinga.com/docs/icinga-web/latest/modules/monitoring/doc/05-Command-Transports/
    if [ ! -z "$ICINGA2_API_USER_ICINGAWEB_PASS" ]; then
        echo set inital icingadb api user
        echo 'object ApiUser "icingaweb2" {' >> $ICINGA2_FILE_API_USER_CONF
        echo "  password = \"$ICINGA2_API_USER_ICINGAWEB_PASS\"" >> $ICINGA2_FILE_API_USER_CONF
        echo '  permissions = [ "status/query", "actions/*", "objects/modify/*", "objects/query/*" ]' >> $ICINGA2_FILE_API_USER_CONF
        echo '}' >> $ICINGA2_FILE_API_USER_CONF
    fi

    ## only on inital setup create a pki-ticket api user if env var is set
    ## permission source: https://icinga.com/docs/icinga-2/latest/doc/06-distributed-monitoring/#csr-auto-signing-on-the-master
    if [ ! -z "$ICINGA2_API_USER_SATELLITE_PASS" ]; then
        echo set inital pki-ticket api user
        echo 'object ApiUser "pki-ticket" {' >> $ICINGA2_FILE_API_USER_CONF
        echo "  password = \"$ICINGA2_API_USER_SATELLITE_PASS\"" >> $ICINGA2_FILE_API_USER_CONF
        echo '  permissions = [ "actions/generate-ticket" ]' >> $ICINGA2_FILE_API_USER_CONF
        echo '}' >> $ICINGA2_FILE_API_USER_CONF

    fi
    
fi




## enable icingadb feature if not active
if [ ! -f "$ICINGA2_FILE_ICINGADB_CONF" ]; then
    echo enable icingadb
    /usr/sbin/icinga2 feature enable icingadb
fi

## icingadb: replace redis conf is env vars set (anytime)
if [ ! -z "$ICINGA2_ICINGADB_REDIS_HOST" ]; then
    echo set new redis host
    sed -i "s|\(//\)*host = \".*\"|host = \"$ICINGA2_ICINGADB_REDIS_HOST\"|g" $ICINGA2_FILE_ICINGADB_CONF
fi
if [ ! -z "$ICINGA2_ICINGADB_REDIS_PORT" ]; then
    echo set new redis port
    sed -i "s|\(//\)*port = .*|port = $ICINGA2_ICINGADB_REDIS_PORT|g" $ICINGA2_FILE_ICINGADB_CONF
fi
if [ ! -z "$ICINGA2_ICINGADB_REDIS_PASS" ]; then
    echo set new redis password
    sed -i "s|\(//\)*password = \".*\"|password = \"$ICINGA2_ICINGADB_REDIS_PASS\"|g" $ICINGA2_FILE_ICINGADB_CONF
fi

## enable icingadb feature if not active
if [ ! -f "$ICINGA2_FILE_INFLUXDB_CONF" ]; then
    echo enable influxdb
    /usr/sbin/icinga2 feature enable influxdb
    sed -i "s|//|  |g" $ICINGA2_FILE_INFLUXDB_CONF
fi

if [ ! -z "$ICINGA2_INFLUXDB_HOST" ]; then
    echo set new influxdb host
    sed -i "s|\(//\)*host = \".*\"|host = \"$ICINGA2_INFLUXDB_HOST\"|g" $ICINGA2_FILE_INFLUXDB_CONF
fi

if [ ! -z "$ICINGA2_INFLUXDB_PORT" ]; then
    echo set new influxdb port
    sed -i "s|\(//\)*port = \".*\"|port = $ICINGA2_INFLUXDB_PORT|g" $ICINGA2_FILE_INFLUXDB_CONF
fi

if [ ! -z "$ICINGA2_INFLUXDB_DB" ]; then
    echo set new influxdb database
    sed -i "s|\(//\)*database = \".*\"|database = \"$ICINGA2_INFLUXDB_DB\"|g" $ICINGA2_FILE_INFLUXDB_CONF
fi

# run CMD
exec "$@"