mirror/bashclub.zamba-lxc-toolbox
1
0
Fork 0
mirror of https://git.bashclub.org/bashclub/zamba-lxc-toolbox.git synced 2025-08-15 15:12:27 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix

Browse source
This commit is contained in:
Thorsten Spille 2025-07-24 22:59:37 +02:00 committed by GitHub
parent d15a44d93b
commit 20bdad8596
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 193 additions and 346 deletions
Download patch file Download diff file Expand all files Collapse all files

69
src/icinga2/constants-service.conf
View file

@ -1,62 +1,35 @@
#!/bin/bash #!/bin/bash
#
# Zamba LXC Toolbox - Service Constants
# Service: icinga-stack
#
# Description: Enthält alle anwendungsspezifischen Konstanten und
# Variablen, die für OS-Upgrades relevant sind.
#
# --- Service Metadata --- # Authors:
ZAMBA_SERVICE_NAME="Icinga2 Stack mit IcingaDB" # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
ZAMBA_SERVICE_DESC="Installiert Icinga2, IcingaDB, Icingaweb2, Director, Nginx, MariaDB, Redis, InfluxDB2 und Grafana." # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
# Tags zur besseren Filterung und Verwaltung des Containers # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
SERVICE_TAGS="monitoring,icinga,icingadb,grafana,influxdb,nginx,mariadb,redis"
# This file contains the project constants on service level
# --- LXC Container Configuration --- # Debian Version, which will be installed
# Diese Parameter steuern die Erstellung des LXC Containers durch das Zamba Framework.
# Debian Version, die als Basis für den Container dient
LXC_TEMPLATE_VERSION="debian-12-standard" LXC_TEMPLATE_VERSION="debian-12-standard"
# Erstellt einen unprivilegierten Container für erhöhte Sicherheit # Create sharefs mountpoint
LXC_UNPRIVILEGED="1" LXC_MP=0
# Defines the mountpoint of the filesystem shared by Zamba inside your LXC container (default: tank)
# Erlaubt das Ausführen von z.B. Docker innerhalb dieses Containers
LXC_NESTING="1"
# Wird für bestimmte Sicherheits-Features benötigt, hier nicht erforderlich
LXC_KEYCTL="0"
# Erstellt einen Mountpoint (mp0) für geteilte Dateisysteme
LXC_MP=1
# Name des ZFS-Dateisystems, das als Mountpoint dient
LXC_SHAREFS_MOUNTPOINT="tank" LXC_SHAREFS_MOUNTPOINT="tank"
# Optimierte Recordsize für Datenbanken und kleine Dateien # Defines the recordsize of mp0
LXC_MP_RECORDSIZE="16K" LXC_MP_RECORDSIZE="16K"
# Minimal benötigter Arbeitsspeicher in MB. # Create unprivileged container
# 2048 MB wird für den Betrieb des gesamten Stacks (Icinga, DBs, Grafana) empfohlen. LXC_UNPRIVILEGED="1"
LXC_MEM_MIN=2048
# enable nesting feature
LXC_NESTING="1"
# --- Service-spezifische Konfiguration --- # enable keyctl feature
LXC_KEYCTL="0"
# Pfad zur Speicherung der generierten Zugangsdaten # Sets the minimum amount of RAM the service needs for operation
CRED_FILE="/root/.zamba_credentials/icinga_stack.txt" LXC_MEM_MIN=1024
# service dependent meta tags
SERVICE_TAGS="php-fpm,nginx,mariadb"
# --- OS-Versions-spezifische Variablen --- CRED_FILE="/root/.zamba_credentials/icinga_stack.txt"
# Diese Variablen müssen bei einem Upgrade des Basis-Betriebssystems
# (z.B. von Debian 12 auf 13) angepasst werden.
# Der Codename des Betriebssystems (wird für die Repository-Pfade benötigt)
# Dieser Wert wird normalerweise vom Framework (z.B. aus /etc/os-release) bereitgestellt.
# Falls nicht, wird hier ein Fallback gesetzt.
OS_CODENAME="${OS_CODENAME:-bookworm}"
# Die Standard-PHP-Version für die jeweilige Debian-Version.
# Debian 12 (Bookworm) -> "8.2"
# Debian 13 (Trixie) -> voraussichtlich "8.3"
PHP_VERSION="8.2"

470
src/icinga2/install-service.sh
View file

@ -1,10 +1,8 @@
#!/bin/bash
# source /root/functions.sh
# Zamba LXC Toolbox - Service Installer source /root/zamba.conf
# Service: icinga-stack source /root/constants-service.conf
# source /etc/os-release
# Description: Führt die Installation und Konfiguration des Icinga2 Stacks mit IcingaDB durch.
#
# --- Internal Helper Functions --- # --- Internal Helper Functions ---
_generate_local_password() { _generate_local_password() {
@ -12,148 +10,80 @@ _generate_local_password() {
} }
# --- Service Functions (_install, _configure, _setup, _info) --- curl -fsSL https://packages.icinga.com/icinga.key | gpg --dearmor -o /usr/share/keyrings/icinga-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/icinga-archive-keyring.gpg] https://packages.icinga.com/debian icinga-$(lsb_release -cs) main" > /etc/apt/sources.list.d/icinga.list
_install() { curl -fsSL https://packages.netways.de/icinga/netways.key | gpg --dearmor -o /usr/share/keyrings/netways-archive-keyring.gpg
echo "" echo "deb [signed-by=/usr/share/keyrings/netways-archive-keyring.gpg] https://packages.netways.de/icinga/debian/ icinga-$(lsb_release -cs) main" > /etc/apt/sources.list.d/netways.list
echo "================================================="
echo " Phase 1: Installation der Pakete (IcingaDB Edition)"
echo "================================================="
echo ""
echo "[INFO] System wird aktualisiert und Basispakete werden installiert."
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y wget gpg apt-transport-https curl sudo lsb-release
echo "[INFO] Repositories für Icinga, Netways, InfluxDB und Grafana werden hinzugefügt." curl -fsSL https://repos.influxdata.com/influxdata-archive_compat.key | gpg --dearmor -o /usr/share/keyrings/influxdata-archive_compat-keyring.gpg
# Icinga Repo echo "deb [signed-by=/usr/share/keyrings/influxdata-archive_compat-keyring.gpg] https://repos.influxdata.com/debian $(lsb_release -cs) stable" > /etc/apt/sources.list.d/influxdata.list
if [ ! -f /etc/apt/sources.list.d/icinga.list ]; then
curl -fsSL https://packages.icinga.com/icinga.key | gpg --dearmor -o /usr/share/keyrings/icinga-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/icinga-archive-keyring.gpg] https://packages.icinga.com/debian icinga-${OS_CODENAME} main" > /etc/apt/sources.list.d/icinga.list
fi
# Netways Repo for additional modules wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor -o /usr/share/keyrings/grafana-archive-keyring.gpg
if [ ! -f /etc/apt/sources.list.d/netways.list ]; then echo "deb [signed-by=/usr/share/keyrings/grafana-archive-keyring.gpg] https://apt.grafana.com stable main" > /etc/apt/sources.list.d/grafana.list
curl -fsSL https://packages.netways.de/icinga/netways.key | gpg --dearmor -o /usr/share/keyrings/netways-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/netways-archive-keyring.gpg] https://packages.netways.de/icinga/debian/ icinga-${OS_CODENAME} main" > /etc/apt/sources.list.d/netways.list
fi
# InfluxDB Repo apt update
if [ ! -f /etc/apt/sources.list.d/influxdata.list ]; then
curl -fsSL https://repos.influxdata.com/influxdata-archive_compat.key | gpg --dearmor -o /usr/share/keyrings/influxdata-archive_compat-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/influxdata-archive_compat-keyring.gpg] https://repos.influxdata.com/debian ${OS_CODENAME} stable" > /etc/apt/sources.list.d/influxdata.list
fi
# Grafana Repo apt-get install -y icinga2 nginx php${PHP_VERSION}-fpm php${PHP_VERSION}-mysql php${PHP_VERSION}-intl php${PHP_VERSION}-xml php${PHP_VERSION}-gd php${PHP_VERSION}-ldap php${PHP_VERSION}-imagick \
if [ ! -f /etc/apt/sources.list.d/grafana.list ]; then mariadb-server mariadb-client influxdb2 grafana imagemagick icingaweb2 icingacli icinga-php-library icingaweb2-module-reactbundle \
wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor -o /usr/share/keyrings/grafana-archive-keyring.gpg icinga-director icingadb icingadb-redis icingadb-web icingaweb2-module-perfdatagraphs icingaweb2-module-perfdatagraphs-influxdbv2
echo "deb [signed-by=/usr/share/keyrings/grafana-archive-keyring.gpg] https://apt.grafana.com stable main" > /etc/apt/sources.list.d/grafana.list
fi
echo "[INFO] Paketlisten werden erneut aktualisiert."
apt-get update
echo "[INFO] Hauptkomponenten werden installiert (PHP Version: ${PHP_VERSION})."
apt-get install -y \
icinga2 \
nginx php${PHP_VERSION}-fpm php${PHP_VERSION}-mysql php${PHP_VERSION}-intl php${PHP_VERSION}-xml php${PHP_VERSION}-gd php${PHP_VERSION}-ldap php${PHP_VERSION}-imagick \
mariadb-server mariadb-client \
redis-server redis-tools \
influxdb2 \
grafana \
imagemagick \
icingaweb2 icingacli \
icinga-php-library \
icingaweb2-module-reactbundle \
icinga-director \
icingadb \
icingadb-redis \
icingadb-web \
icingaweb2-module-perfdatagraphs \
icingaweb2-module-perfdatagraphs-influxdbv2
}
_configure() { ICINGAWEB_DB_PASS=$(_generate_local_password 24)
echo "" DIRECTOR_DB_PASS=$(_generate_local_password 24)
echo "=================================================" ICINGA_IDO_DB_PASS=$(_generate_local_password 24)
echo " Phase 2: Konfiguration der Komponenten (IcingaDB Edition)" ICINGA_API_USER_PASS=$(_generate_local_password 24)
echo "=================================================" ICINGAWEB_ADMIN_PASS=$(_generate_local_password 16)
echo "" GRAFANA_ADMIN_PASS=$(_generate_local_password 16)
INFLUX_ADMIN_TOKEN=$(_generate_local_password 40)
# 1. Passwörter generieren systemctl start mariadb
echo "[INFO] Passwörter und API-Keys werden generiert." while ! mysqladmin ping -h localhost --silent; do sleep 1; done
ICINGAWEB_DB_PASS=$(_generate_local_password 24)
DIRECTOR_DB_PASS=$(_generate_local_password 24)
ICINGADB_PASS=$(_generate_local_password 24)
ICINGA_API_USER_PASS=$(_generate_local_password 24)
ICINGAWEB_ADMIN_PASS=$(_generate_local_password 16)
GRAFANA_ADMIN_PASS=$(_generate_local_password 16)
INFLUX_ADMIN_TOKEN=$(_generate_local_password 40)
# 2. MariaDB konfigurieren
echo "[INFO] MariaDB wird konfiguriert."
# Ensure MariaDB is running for configuration
systemctl start mariadb
while ! mysqladmin ping -h localhost --silent; do sleep 1; done
mysql -e "CREATE DATABASE IF NOT EXISTS icingaweb2 CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
mysql -e "CREATE DATABASE IF NOT EXISTS director CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
mysql -e "CREATE DATABASE IF NOT EXISTS icingadb CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
mysql -e "CREATE USER IF NOT EXISTS 'icingaweb2'@'localhost' IDENTIFIED BY '${ICINGAWEB_DB_PASS}';"
mysql -e "CREATE USER IF NOT EXISTS 'director'@'localhost' IDENTIFIED BY '${DIRECTOR_DB_PASS}';"
mysql -e "CREATE USER IF NOT EXISTS 'icingadb'@'localhost' IDENTIFIED BY '${ICINGADB_PASS}';"
mysql -e "GRANT ALL PRIVILEGES ON icingaweb2.* TO 'icingaweb2'@'localhost';" mysql -e "CREATE DATABASE IF NOT EXISTS icingaweb2 CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
mysql -e "GRANT ALL PRIVILEGES ON director.* TO 'director'@'localhost';" mysql -e "CREATE DATABASE IF NOT EXISTS director CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
mysql -e "GRANT ALL PRIVILEGES ON icingadb.* TO 'icingadb'@'localhost';" mysql -e "CREATE DATABASE IF NOT EXISTS icinga_ido CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
mysql -e "FLUSH PRIVILEGES;"
# 3. Redis konfigurieren mysql -e "CREATE USER IF NOT EXISTS 'icingaweb2'@'localhost' IDENTIFIED BY '${ICINGAWEB_DB_PASS}';"
echo "[INFO] Erstelle systemd-Override für Redis-Server." mysql -e "CREATE USER IF NOT EXISTS 'director'@'localhost' IDENTIFIED BY '${DIRECTOR_DB_PASS}';"
mkdir -p /etc/systemd/system/redis-server.service.d mysql -e "CREATE USER IF NOT EXISTS 'icinga_ido'@'localhost' IDENTIFIED BY '${ICINGA_IDO_DB_PASS}';"
bash -c "cat > /etc/systemd/system/redis-server.service.d/override.conf" <<EOF
[Service]
# Deaktiviert die systemd-Benachrichtigung, um Kompatibilitätsprobleme in Containern zu vermeiden.
Supervised=no
EOF
# 4. InfluxDB 2 konfigurieren
echo "[INFO] InfluxDB 2 wird konfiguriert."
systemctl start influxdb
influx setup --skip-verify --username admin --password "$GRAFANA_ADMIN_PASS" --org icinga --bucket icinga --token "$INFLUX_ADMIN_TOKEN" -f
INFLUX_ICINGA_TOKEN=$(influx auth create --org icinga --all-access --json | grep -oP '"token": "\K[^"]+')
if [ -z "$INFLUX_ICINGA_TOKEN" ]; then echo "[ERROR] Konnte InfluxDB Token nicht erstellen." >&2; exit 1; fi
# 5. Credentials-Datei schreiben mysql -e "GRANT ALL PRIVILEGES ON icingaweb2.* TO 'icingaweb2'@'localhost';"
echo "[INFO] Zugangsdaten werden in ${CRED_FILE} gespeichert." mysql -e "GRANT ALL PRIVILEGES ON director.* TO 'director'@'localhost';"
mkdir -p "$(dirname "$CRED_FILE")" && chmod 700 "$(dirname "$CRED_FILE")" mysql -e "GRANT ALL PRIVILEGES ON icinga_ido.* TO 'icinga_ido'@'localhost';"
{ mysql -e "FLUSH PRIVILEGES;"
echo "# --- Icinga Monitoring Stack Credentials ---"
echo "URL: https://${ZAMBA_HOSTNAME:-$(hostname -f)}/icingaweb2; Benutzer: icingaadmin; Passwort: ${ICINGAWEB_ADMIN_PASS}"
echo "URL: https://${ZAMBA_HOSTNAME:-$(hostname -f)}/grafana; Benutzer: admin; Passwort: ${GRAFANA_ADMIN_PASS}"
echo "InfluxDB Admin Token: ${INFLUX_ADMIN_TOKEN}"
echo "Icinga Director API: Benutzer: director; Passwort: ${ICINGA_API_USER_PASS}"
} > "$CRED_FILE" && chmod 600 "$CRED_FILE"
# 6. Icinga2 Konfigurationsdateien schreiben systemctl start influxdb
echo "[INFO] Icinga2 Konfigurationsdateien werden geschrieben." influx setup --skip-verify --username admin --password "$GRAFANA_ADMIN_PASS" --org icinga --bucket icinga --token "$INFLUX_ADMIN_TOKEN" -f
bash -c "cat > /etc/icinga2/features-available/icingadb.conf" <<EOF INFLUX_ICINGA_TOKEN=$(influx auth create --org icinga --all-access --json | grep -oP '"token": "\K[^"]+')
if [ -z "$INFLUX_ICINGA_TOKEN" ]; then echo "[ERROR] Konnte InfluxDB Token nicht erstellen." >&2; exit 1; fi
mkdir -p "$(dirname "$CRED_FILE")" && chmod 700 "$(dirname "$CRED_FILE")"
{
echo "# --- Icinga Monitoring Stack Credentials ---"
echo "URL: https://${ZAMBA_HOSTNAME:-$(hostname -f)}/icingaweb2; Benutzer: icingaadmin; Passwort: ${ICINGAWEB_ADMIN_PASS}"
echo "URL: https://${ZAMBA_HOSTNAME:-$(hostname -f)}/grafana; Benutzer: admin; Passwort: ${GRAFANA_ADMIN_PASS}"
echo "InfluxDB Admin Token: ${INFLUX_ADMIN_TOKEN}"
echo "Icinga Director API: Benutzer: director; Passwort: ${ICINGA_API_USER_PASS}"
} > "$CRED_FILE" && chmod 600 "$CRED_FILE"
systemctl enable --now icingadb-redis
bash -c "cat > /etc/icinga2/features-available/icingadb.conf" <<EOF
library "icingadb" library "icingadb"
object IcingaDB "icingadb" { object IcingaDB "icingadb" {
host = "127.0.0.1" host = "127.0.0.1"
port = 6379 port = 6380
} }
EOF EOF
bash -c "cat > /etc/icinga2/conf.d/api-users.conf" <<EOF bash -c "cat > /etc/icinga2/conf.d/api-users.conf" <<EOF
object ApiUser "director" { object ApiUser "director" {
password = "${ICINGA_API_USER_PASS}" password = "${ICINGA_API_USER_PASS}"
permissions = [ "object/modify/*", "object/query/*", "status/query", "actions/*", "events/*" ] permissions = [ "object/modify/*", "object/query/*", "status/query", "actions/*", "events/*" ]
} }
EOF EOF
bash -c "cat > /etc/icinga2/features-available/influxdb2-writer.conf" <<EOF bash -c "cat > /etc/icinga2/features-available/influxdb2-writer.conf" <<EOF
object Influxdb2Writer "influxdb2-writer" { object Influxdb2Writer "influxdb2-writer" {
host = "http://127.0.0.1:8086" host = "http://127.0.0.1:8086"
organization = "icinga" organization = "icinga"
@ -161,31 +91,27 @@ object Influxdb2Writer "influxdb2-writer" {
auth_token = "${INFLUX_ICINGA_TOKEN}" auth_token = "${INFLUX_ICINGA_TOKEN}"
} }
EOF EOF
local FQDN=$(hostname -f)
bash -c "cat > /etc/icinga2/zones.conf" <<EOF bash -c "cat > /etc/icinga2/zones.conf" <<EOF
object Endpoint "${FQDN}" {} object Endpoint "$(hostname -f)" {}
object Zone "master" { endpoints = [ "${FQDN}" ] } object Zone "master" { endpoints = [ "$(hostname -f)" ] }
object Zone "global-templates" { global = true } object Zone "global-templates" { global = true }
object Zone "director-global" { global = true } object Zone "director-global" { global = true }
EOF EOF
bash -c "cat > /etc/icingadb/config.yml" <<EOF
# 7. IcingaDB konfigurieren
echo "[INFO] IcingaDB wird konfiguriert."
bash -c "cat > /etc/icingadb/config.yml" <<EOF
database: database:
dsn: icingadb@tcp(127.0.0.1:3306)/icingadb dsn: icingadb@tcp(127.0.0.1:3306)/icingadb
password: ${ICINGADB_PASS} password: ${ICINGADB_PASS}
redis: redis:
host: 127.0.0.1 host: 127.0.0.1
port: 6379 port: 6380
logging: logging:
level: info level: info
output: stdout output: stdout
EOF EOF
icinga2 feature enable icingadb
systemctl restart icinga2
# 8. Icinga Web 2 Konfigurationsdateien schreiben mkdir -p /etc/icingaweb2
echo "[INFO] Icinga Web 2 Konfigurationsdateien werden geschrieben."
mkdir -p /etc/icingaweb2
bash -c "cat > /etc/icingaweb2/resources.ini" <<EOF bash -c "cat > /etc/icingaweb2/resources.ini" <<EOF
[icingaweb_db] [icingaweb_db]
type = "db" type = "db"
@ -214,15 +140,13 @@ username = "icingadb"
password = "${ICINGADB_PASS}" password = "${ICINGADB_PASS}"
charset = "utf8mb4" charset = "utf8mb4"
EOF EOF
# 9. Grafana konfigurieren systemctl stop grafana-server
echo "[INFO] Grafana wird konfiguriert." grafana-cli admin reset-admin-password "$GRAFANA_ADMIN_PASS"
systemctl stop grafana-server systemctl start grafana-server
grafana-cli admin reset-admin-password "$GRAFANA_ADMIN_PASS"
systemctl start grafana-server mkdir -p /etc/grafana/provisioning/datasources
bash -c "cat > /etc/grafana/provisioning/datasources/influxdb.yaml" <<EOF
mkdir -p /etc/grafana/provisioning/datasources
bash -c "cat > /etc/grafana/provisioning/datasources/influxdb.yaml" <<EOF
apiVersion: 1 apiVersion: 1
datasources: datasources:
- name: InfluxDB-Icinga - name: InfluxDB-Icinga
@ -232,17 +156,15 @@ datasources:
jsonData: { version: "Flux", organization: "icinga", defaultBucket: "icinga" } jsonData: { version: "Flux", organization: "icinga", defaultBucket: "icinga" }
secureJsonData: { token: "${INFLUX_ICINGA_TOKEN}" } secureJsonData: { token: "${INFLUX_ICINGA_TOKEN}" }
EOF EOF
chown grafana:grafana /etc/grafana/provisioning/datasources/influxdb.yaml chown grafana:grafana /etc/grafana/provisioning/datasources/influxdb.yaml
# 10. Nginx TLS Konfiguration
echo "[INFO] Nginx für TLS wird konfiguriert."
mkdir -p /etc/nginx/ssl
if [ ! -L /etc/nginx/ssl/fullchain.pem ]; then
ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/nginx/ssl/fullchain.pem
ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/nginx/ssl/privkey.pem
fi
bash -c "cat > /etc/nginx/sites-available/icinga-stack" <<EOF mkdir -p /etc/nginx/ssl
if [ ! -L /etc/nginx/ssl/fullchain.pem ]; then
ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/nginx/ssl/fullchain.pem
ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/nginx/ssl/privkey.pem
fi
bash -c "cat > /etc/nginx/sites-available/icinga-stack" <<EOF
server { server {
listen 80; listen 80;
server_name ${ZAMBA_HOSTNAME:-$(hostname -f)}; server_name ${ZAMBA_HOSTNAME:-$(hostname -f)};
@ -272,70 +194,46 @@ server {
} }
} }
EOF EOF
ln -sf /etc/nginx/sites-available/icinga-stack /etc/nginx/sites-enabled/
rm -f /etc/nginx/sites-enabled/default
sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/' "/etc/php/${PHP_VERSION}/fpm/php.ini" ln -sf /etc/nginx/sites-available/icinga-stack /etc/nginx/sites-enabled/
sed -i "s|;date.timezone =|date.timezone = $(cat /etc/timezone)|" "/etc/php/${PHP_VERSION}/fpm/php.ini" rm -f /etc/nginx/sites-enabled/default
}
_setup() { sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/' "/etc/php/${PHP_VERSION}/fpm/php.ini"
echo "" sed -i "s|;date.timezone =|date.timezone = $(cat /etc/timezone)|" "/etc/php/${PHP_VERSION}/fpm/php.ini"
echo "================================================="
echo " Phase 3: Setup und finaler Neustart (IcingaDB Edition)"
echo "================================================="
echo ""
echo "[INFO] Icinga2 API wird initialisiert und Zertifikate werden erstellt."
icinga2 api setup
echo "[INFO] Aktiviere und starte alle Dienste in der korrekten Reihenfolge."
systemctl enable icinga2 mariadb redis-server nginx php${PHP_VERSION}-fpm influxdb grafana-server icingadb
systemctl daemon-reload # Um Redis-Override zu laden
systemctl start mariadb icinga2 api setup
systemctl start redis-server systemctl enable icinga2 mariadb nginx php${PHP_VERSION}-fpm influxdb grafana-server icingadb icingadb-redis
echo "[INFO] Warte auf MariaDB-Dienst..." systemctl start mariadb
while ! mysqladmin ping -h localhost --silent; do sleep 2; done while ! mysqladmin ping -h localhost --silent; do sleep 2; done
echo "[INFO] MariaDB ist bereit." systemctl start icinga2 icingadb-redis nginx php${PHP_VERSION}-fpm influxdb grafana-server icingadb
echo "[INFO] Warte auf Redis-Dienst..." IWEB_SCHEMA="/usr/share/icingaweb2/schema/mysql.schema.sql"
while ! redis-cli ping | grep -q PONG; do sleep 2; done DIRECTOR_SCHEMA="/usr/share/icingaweb2/modules/director/schema/mysql.sql"
echo "[INFO] Redis ist bereit." ICINGADB_SCHEMA="/usr/share/icingadb/schema/mysql/schema.sql"
# Starte restliche Dienste if [ ! -f "$IWEB_SCHEMA" ]; then echo "[ERROR] IcingaWeb-Schema nicht gefunden: $IWEB_SCHEMA" >&2; exit 1; fi
systemctl start icinga2 nginx php${PHP_VERSION}-fpm influxdb grafana-server icingadb if [ ! -f "$DIRECTOR_SCHEMA" ]; then echo "[ERROR] Director-Schema nicht gefunden: $DIRECTOR_SCHEMA" >&2; exit 1; fi
if [ ! -f "$ICINGADB_SCHEMA" ]; then echo "[ERROR] IcingaDB-Schema nicht gefunden: $ICINGADB_SCHEMA" >&2; exit 1; fi
echo "[INFO] Datenbank-Schemas werden importiert."
local IWEB_SCHEMA="/usr/share/icingaweb2/schema/mysql.schema.sql"
local DIRECTOR_SCHEMA="/usr/share/icingaweb2/modules/director/schema/mysql.sql"
local ICINGADB_SCHEMA="/usr/share/icingadb/schema/mysql/schema.sql"
if [ ! -f "$IWEB_SCHEMA" ]; then echo "[ERROR] IcingaWeb-Schema nicht gefunden: $IWEB_SCHEMA" >&2; exit 1; fi
if [ ! -f "$DIRECTOR_SCHEMA" ]; then echo "[ERROR] Director-Schema nicht gefunden: $DIRECTOR_SCHEMA" >&2; exit 1; fi
if [ ! -f "$ICINGADB_SCHEMA" ]; then echo "[ERROR] IcingaDB-Schema nicht gefunden: $ICINGADB_SCHEMA" >&2; exit 1; fi
if ! mysql -e "use icingaweb2; show tables;" | grep -q "icingaweb_user"; then if ! mysql -e "use icingaweb2; show tables;" | grep -q "icingaweb_user"; then
echo "[INFO] Importiere IcingaWeb2-Schema..." echo "[INFO] Importiere IcingaWeb2-Schema..."
mysql icingaweb2 < "$IWEB_SCHEMA" mysql icingaweb2 < "$IWEB_SCHEMA"
fi fi
if ! mysql -e "use director; show tables;" | grep -q "director_datafield"; then
echo "[INFO] Importiere Icinga Director-Schema..."
mysql director < "$DIRECTOR_SCHEMA"
fi
if ! mysql -e "use icingadb; show tables;" | grep -q "icingadb_schema_migration"; then
echo "[INFO] Importiere IcingaDB-Schema..."
mysql icingadb < "$ICINGADB_SCHEMA"
fi
echo "[INFO] Icinga2 Features werden aktiviert."
icinga2 feature enable icingadb api influxdb2-writer >/dev/null
echo "[INFO] Erstelle Icinga Web 2 Kernkonfiguration." if ! mysql -e "use director; show tables;" | grep -q "director_datafield"; then
bash -c "cat > /etc/icingaweb2/config.ini" <<EOF echo "[INFO] Importiere Icinga Director-Schema..."
mysql director < "$DIRECTOR_SCHEMA"
fi
if ! mysql -e "use icingadb; show tables;" | grep -q "icingadb_schema_migration"; then
echo "[INFO] Importiere IcingaDB-Schema..."
mysql icingadb < "$ICINGADB_SCHEMA"
fi
icinga2 feature enable icingadb api influxdb2-writer
bash -c "cat > /etc/icingaweb2/config.ini" <<EOF
[global] [global]
show_stacktraces = "0" show_stacktraces = "0"
config_backend = "db" config_backend = "db"
@ -345,34 +243,35 @@ log = "file"
log_file = "/var/log/icingaweb2/icingaweb2.log" log_file = "/var/log/icingaweb2/icingaweb2.log"
level = "ERROR" level = "ERROR"
EOF EOF
bash -c "cat > /etc/icingaweb2/authentication.ini" <<EOF
bash -c "cat > /etc/icingaweb2/authentication.ini" <<EOF
[icinga-web-admin] [icinga-web-admin]
backend = "db" backend = "db"
resource = "icingaweb_db" resource = "icingaweb_db"
EOF EOF
bash -c "cat > /etc/icingaweb2/roles.ini" <<EOF
bash -c "cat > /etc/icingaweb2/roles.ini" <<EOF
[Administrators] [Administrators]
users = "icingaadmin" users = "icingaadmin"
permissions = "*" permissions = "*"
groups = "Administrators" groups = "Administrators"
EOF EOF
mkdir -p /etc/icingaweb2/modules/monitoring mkdir -p /etc/icingaweb2/modules/monitoring
bash -c "cat > /etc/icingaweb2/modules/monitoring/backends.ini" <<EOF bash -c "cat > /etc/icingaweb2/modules/monitoring/backends.ini" <<EOF
[icingadb] [icingadb]
backend = "icingadb" backend = "icingadb"
resource = "icingadb" resource = "icingadb"
EOF EOF
mkdir -p /etc/icingaweb2/modules/director mkdir -p /etc/icingaweb2/modules/director
bash -c "cat > /etc/icingaweb2/modules/director/config.ini" <<EOF bash -c "cat > /etc/icingaweb2/modules/director/config.ini" <<EOF
[db] [db]
resource = "director_db" resource = "director_db"
EOF EOF
# Konfiguration für perfdatagraphs mkdir -p /etc/icingaweb2/modules/perfdatagraphs
mkdir -p /etc/icingaweb2/modules/perfdatagraphs bash -c "cat > /etc/icingaweb2/modules/perfdatagraphs/config.ini" <<EOF
bash -c "cat > /etc/icingaweb2/modules/perfdatagraphs/config.ini" <<EOF
[influxdb2] [influxdb2]
backend = "influxdb2" backend = "influxdb2"
url = "http://127.0.0.1:8086" url = "http://127.0.0.1:8086"
@ -384,42 +283,42 @@ bucket = "icinga"
backend = "influxdb2" backend = "influxdb2"
EOF EOF
echo "[INFO] Icinga Web 2 Module werden in korrekter Reihenfolge aktiviert." echo "[INFO] Icinga Web 2 Module werden in korrekter Reihenfolge aktiviert."
icingacli module enable ipl icingacli module enable ipl
icingacli module enable reactbundle icingacli module enable reactbundle
icingacli module enable incubator icingacli module enable incubator
icingacli module enable director icingacli module enable director
icingacli module enable icingadb icingacli module enable icingadb
icingacli module enable perfdatagraphs icingacli module enable perfdatagraphs
echo "[INFO] Alle Services werden neu gestartet, um die finale Konfiguration zu laden." echo "[INFO] Alle Services werden neu gestartet, um die finale Konfiguration zu laden."
systemctl restart mariadb systemctl restart mariadb
systemctl restart redis-server systemctl restart redis-server
systemctl restart icinga2 systemctl restart icinga2
systemctl restart php${PHP_VERSION}-fpm systemctl restart php${PHP_VERSION}-fpm
systemctl restart nginx systemctl restart nginx
systemctl restart grafana-server systemctl restart grafana-server
systemctl restart icingadb systemctl restart icingadb
echo "[INFO] Füge Icinga Web 2 Admin-Benutzer direkt in die Datenbank ein." echo "[INFO] Füge Icinga Web 2 Admin-Benutzer direkt in die Datenbank ein."
local PASSWORD_HASH=$(php -r "echo password_hash('${ICINGAWEB_ADMIN_PASS}', PASSWORD_BCRYPT);") PASSWORD_HASH=$(php -r "echo password_hash('${ICINGAWEB_ADMIN_PASS}', PASSWORD_BCRYPT);")
mysql icingaweb2 -e "INSERT INTO icingaweb_user (name, active, password_hash) VALUES ('icingaadmin', 1, '${PASSWORD_HASH}') ON DUPLICATE KEY UPDATE password_hash='${PASSWORD_HASH}';" mysql icingaweb2 -e "INSERT INTO icingaweb_user (name, active, password_hash) VALUES ('icingaadmin', 1, '${PASSWORD_HASH}') ON DUPLICATE KEY UPDATE password_hash='${PASSWORD_HASH}';"
echo "[INFO] Warte auf Icinga Web 2 und API..."
local counter=0
while ! icingacli director migration run >/dev/null 2>&1; do
counter=$((counter + 1))
if [ "$counter" -gt 15 ]; then
echo "[ERROR] Icinga Director wurde nach 30 Sekunden nicht bereit." >&2
exit 1
fi
echo "[INFO] Director ist noch nicht bereit, warte 2 Sekunden... (Versuch ${counter}/15)"
sleep 2
done
echo "[INFO] Icinga Director ist bereit."
echo "[INFO] Icinga Director Setup wird ausgeführt." echo "[INFO] Warte auf Icinga Web 2 und API..."
bash -c "cat > /etc/icingaweb2/modules/director/kickstart.ini" <<EOF counter=0
while ! icingacli director migration run >/dev/null 2>&1; do
counter=$((counter + 1))
if [ "$counter" -gt 15 ]; then
echo "[ERROR] Icinga Director wurde nach 30 Sekunden nicht bereit." >&2
exit 1
fi
echo "[INFO] Director ist noch nicht bereit, warte 2 Sekunden... (Versuch ${counter}/15)"
sleep 2
done
echo "[INFO] Icinga Director ist bereit."
echo "[INFO] Icinga Director Setup wird ausgeführt."
bash -c "cat > /etc/icingaweb2/modules/director/kickstart.ini" <<EOF
[config] [config]
endpoint = "$(hostname -f)" endpoint = "$(hostname -f)"
host = "127.0.0.1" host = "127.0.0.1"
@ -427,50 +326,25 @@ port = "5665"
username = "director" username = "director"
password = "${ICINGA_API_USER_PASS}" password = "${ICINGA_API_USER_PASS}"
EOF EOF
icingacli director kickstart run icingacli director kickstart run
rm /etc/icingaweb2/modules/director/kickstart.ini rm /etc/icingaweb2/modules/director/kickstart.ini
echo "[INFO] Director Konfiguration wird angewendet." echo "[INFO] Director Konfiguration wird angewendet."
icingacli director config deploy icingacli director config deploy
}
_info() { echo ""
echo "" echo "================================================="
echo "=================================================" echo " Installation des Icinga Monitoring Stacks abgeschlossen"
echo " Installation des Icinga Monitoring Stacks abgeschlossen" echo "================================================="
echo "=================================================" echo ""
echo "" echo "Die Konfiguration wurde erfolgreich abgeschlossen."
echo "Die Konfiguration wurde erfolgreich abgeschlossen." echo "Alle notwendigen Passwörter, Logins und API-Keys wurden generiert."
echo "Alle notwendigen Passwörter, Logins und API-Keys wurden generiert." echo ""
echo "" echo "Sie finden alle Zugangsdaten in der folgenden Datei:"
echo "Sie finden alle Zugangsdaten in der folgenden Datei:" echo " ${CRED_FILE}"
echo " ${CRED_FILE}" echo ""
echo "" echo "Wichtige URLs:"
echo "Wichtige URLs:" echo " Icinga Web 2: https://${ZAMBA_HOSTNAME:-$(hostname -f)}/icingaweb2"
echo " Icinga Web 2: https://${ZAMBA_HOSTNAME:-$(hostname -f)}/icingaweb2" echo " IcingaDB Web: https://${ZAMBA_HOSTNAME:-$(hostname -f)}/icingadb-web"
echo " IcingaDB Web: https://${ZAMBA_HOSTNAME:-$(hostname -f)}/icingadb-web" echo " Grafana: https://${ZAMBA_HOSTNAME:-$(hostname -f)}/grafana"
echo " Grafana: https://${ZAMBA_HOSTNAME:-$(hostname -f)}/grafana" echo ""
echo ""
}
# --- Main Execution Logic ---
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
if [ "$EUID" -ne 0 ]; then
echo "[ERROR] Dieses Skript muss als Root ausgeführt werden."
exit 1
fi
if [ -f ./constants-service.conf ]; then
source ./constants-service.conf
else
echo "[ERROR] Die Datei 'constants-service.conf' wird für den Standalone-Betrieb benötigt."
exit 1
fi
ZAMBA_HOSTNAME=${ZAMBA_HOSTNAME:-$(hostname -f)}
set -euo pipefail
_install
_configure
_setup
_info
set +euo pipefail
exit 0
fi