├── .gitignore ├── Dockerfile ├── LICENSE.md ├── README.md ├── apache2_supervisor.conf ├── install.sh ├── nsca.conf └── run.sh /.gitignore: -------------------------------------------------------------------------------- 1 | .idea 2 | icinga2 3 | icingaweb2 4 | mysql 5 | libicinga.so 6 | docker-compose.yml 7 | install2.sh 8 | run2.sh -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:bionic 2 | 3 | COPY install.sh /tmp/install.sh 4 | COPY run.sh /run.sh 5 | COPY nsca.conf /etc/supervisor/conf.d/nsca.conf 6 | COPY apache2_supervisor.conf /etc/supervisor/conf.d/apache2.conf 7 | 8 | RUN chmod +x /tmp/install.sh && chmod +x /run.sh 9 | RUN /tmp/install.sh 10 | 11 | VOLUME ["/icinga2conf","/mysql","/icingaweb2"] 12 | 13 | EXPOSE 80 5667 5665 14 | 15 | CMD ["/run.sh"] 16 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015 ADITO Software GmbH 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | This is a Docker container with Icinga2 (Icingaweb2 and Icinag2-Classicui). 4 | 5 | ### Update 6 | 7 | 1. Update to icinga2 2.11.2-1 and icingaweb2 2.7.3 8 | 2. Now with Ubutu 18.04 9 | 3. Add supervisor service 10 | 4. Removed graphite from container, you need now a separated container with graphite 11 | 12 | ### Ports 13 | 14 | Icinga2 running on port **80** (redirect to host/icingaweb2) 15 | Icinga2 API on port **5665** (don't forgot to set user and password) 16 | Icinga2 NSCA on port **5667** (for receive passive checks) 17 | 18 | ## Variables 19 | 20 | Enable Active Directory Auth. You need the folder "/icingaweb2" in container. 21 | 22 | ENABLE_AD_AUTH=1 (optional) 23 | 24 | Active Directory name or name of a domain controller 25 | 26 | AD_NAME=example.com (optional) 27 | 28 | AD OU for Icingaweb2 Auth Users: 29 | 30 | AD_ROOT_DN=OU=accounts,OU=intern,DC=example,DC=com (optional) 31 | 32 | Path for User (only to list ad users) 33 | 34 | AD_BIND_DN=CN=aduser,OU=management,OU=accounts,OU=intern,DC=excample,DC=com (optional) 35 | 36 | Password for user 37 | 38 | AD_BIND_PW=PASSWORDHERE (optional) 39 | 40 | Enable Graphite 41 | 42 | ENABLEGRAPHITE=true/TRUE/0 43 | 44 | Graphite transport port 45 | 46 | GRAPHITE_TRANS=http or https 47 | 48 | Graphite host 49 | 50 | GRAPHITE_WEBHOST=192.168.100.203 51 | 52 | Graphite port for website 53 | 54 | GRAPHITE_WEBSITE_PORT = 55 | 56 | Graphite user 57 | 58 | GRAPHITE_USER= 59 | 60 | Graphite pass 61 | 62 | GRAPHITE_PASS= 63 | 64 | Graphite security, this option will be need for icinga2 to send the data, it's meen ssl or not 65 | 66 | GRAPHITE_SECUR = 0/1 67 | 68 | Graphite port for file /etc/icinga2/feature-available/graphite.conf 69 | 70 | GRAPHITE_HOST 71 | 72 | Graphite host (default 2003), but you need to define this 73 | 74 | GRAPHITE_PORT = 2003 75 | 76 | Notification Periode (0 for disable, default 30Min)(optional). If set to 0, Icinga will send notificaton only if status of service is changed. 77 | 78 | NOTIFICATION_INTERVAL=0 79 | 80 | Icinga2 password for "icingaadmin" 81 | 82 | ICINGA_PASS=icinga 83 | 84 | Mailserver for Email notifications. I use the tool "mailx" (heirloom-mailx) and my exchange server (email redirect from monitoring server ip is allow). 85 | 86 | MAILSERVER=mail.example.com (optional) 87 | 88 | Email address for icingaadmin user 89 | 90 | EMAILADDR=user@example.com (optional) 91 | 92 | NSCA (passive checks) is enabled. Password here 93 | 94 | NSCAPASS=pass (optional) 95 | 96 | NSCA Port 97 | 98 | NSCAPORT=5667 (optional) 99 | 100 | Enable API, if var APIUSER defined. Access: https://monitoring.server.com:5665 101 | 102 | APIUSER=apiuser (optional) 103 | 104 | Password for api user. If not defined set default to "icingaapi2012m" 105 | 106 | APIPASS=apipass 107 | 108 | Remove monitoring service "swap" of the monitoring server self, for example if this container running in k8s (the swap is not enabled in kubernetes cluster) 109 | 110 | SWAPSERVICEOFF=true 111 | 112 | Remove monitoring service "disk" of the monitoring server self 113 | 114 | DISCSERVICEOFF=true 115 | 116 | Remove default services (serices.conf) 117 | 118 | REMOVEDEFAULTSVC = true/TRUE/1 119 | 120 | !Define host name 121 | 122 | docker run -h "hostname" 123 | 124 | For time sync 125 | 126 | -v /etc/localtime:/etc/localtime:ro 127 | 128 | ### Folder 129 | 130 | - /icingaweb2 131 | - /icinga2conf 132 | - /mysql 133 | - /var/lib/graphite/whisper 134 | 135 | 136 | ## Example 137 | 138 | sudo docker run -d -p 80:80 -p 5667:5667 -p 5665:5665 -p 8080:8080 -h monitoring.example.com \ 139 | -v /storage/icingaweb2:/icingaweb2 -v /storage/icinga2:/icinga2conf -v /storage/mysql:/mysql \ 140 | -e ENABLE_AD_AUTH="1" -e AD_NAME="example.com" -e AD_ROOT_DN="OU=accounts,OU=intern,DC=example,DC=com" \ 141 | -e AD_BIND_DN="CN=Icinga2 Auth,OU=accounts,OU=intern,DC=example,DC=com" -e AD_BIND_PW="PASSWORDHERE" \ 142 | -e NOTIFICATION_INTERVAL=0 ENABLEGRAPHITE=true -e GRAPHITE_TRANS=http -e GRAPHITE_HOST=192.168.42.59 -e GRAPHITE_WEBSITE_PORT=8081 -e GRAPHITE_USER=guest -e GRAPHITE_PASS=guest -e GRAPHITE_SECUR=0 -e GRAPHITE_PORT=2003 -e ICINGA_PASS="icinga" -e MAILSERVER="mail.example.com" \ 143 | -e EMAILADDR="user@example.com" -e NSCAPASS="pass" -e NSCAPORT="5667" -e APIUSER=root -e APIPASS=pass \ 144 | --name icinga2 -t adito/icinga2 145 | 146 | ## Example 2 (without AD) 147 | 148 | sudo docker run -i -p 80:80 -p 5667:5667 -p 5665:5665 -p 8080:8080 -h monitoring.example.com \ 149 | -v /storage/icingaweb2:/icingaweb2 -v /storage/icinga2:/icinga2conf -v /storage/mysql:/mysql \ 150 | -v /storage/graphite:/var/lib/graphite/whisper \ 151 | -e NOTIFICATION_INTERVAL=0 -e ENABLEGRAPHITE=true -e GRAPHITE_TRANS=http -e GRAPHITE_HOST=192.168.42.59 -e GRAPHITE_WEBSITE_PORT=8081 -e GRAPHITE_USER=guest -e GRAPHITE_PASS=guest -e GRAPHITE_SECUR=0 -e GRAPHITE_PORT=2003 \ 152 | -e APIUSER=root -e APIPASS=PASS -e ICINGA_PASS="icinga" \ 153 | -e MAILSERVER="mail.example.com" -e EMAILADDR="user@example.com" -e NSCAPASS="pass" -e NSCAPORT="5667" \ 154 | --name icinga2 -t adito/icinga2 155 | 156 | ## Example 3 (without AD and running in k8s cluster (disable swap and disk service)) 157 | 158 | sudo docker run -i -p 80:80 -p 5667:5667 -p 5665:5665 -p 8080:8080 -h monitoring.example.com \ 159 | -v /storage/icingaweb2:/icingaweb2 -v /storage/icinga2:/icinga2conf -v /storage/mysql:/mysql \ 160 | -v /storage/graphite:/var/lib/graphite/whisper \ 161 | -e NOTIFICATION_INTERVAL=0 ENABLEGRAPHITE=true \ 162 | -e GRAPHITE_TRANS=http -e GRAPHITE_HOST=192.168.42.59 \ 163 | -e GRAPHITE_WEBSITE_PORT=8081 -e GRAPHITE_USER=guest \ 164 | -e GRAPHITE_PASS=guest -e GRAPHITE_SECUR=0 -e GRAPHITE_PORT=2003 \ 165 | -e APIUSER=root -e APIPASS=PASS -e ICINGA_PASS="icinga" \ 166 | -e SWAPSERVICEOFF=true -e DISCSERVICEOFF=true \ 167 | -e MAILSERVER="mail.example.com" -e EMAILADDR="user@example.com" -e NSCAPASS="pass" -e NSCAPORT="5667" \ 168 | --name icinga2 -t adito/icinga2 -------------------------------------------------------------------------------- /apache2_supervisor.conf: -------------------------------------------------------------------------------- 1 | [program:apache2] 2 | command=apachectl -DFOREGROUND 3 | autostart=true 4 | autorestart=true 5 | startretries=1 6 | startsecs=1 7 | stderr_logfile=/var/log/apache2/supervisor.error.log 8 | stdout_logfile=/var/log/apache2/supervisor.access.log 9 | user=root 10 | -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | export DEBIAN_FRONTEND=noninteractive 4 | 5 | #Initial install 6 | apt update 7 | apt upgrade -y 8 | apt-get install -y --no-install-recommends apache2 ca-certificates curl dnsutils gnupg locales lsb-release mailutils mariadb-client mariadb-server php-curl php-ldap php-mysql procps pwgen supervisor unzip wget libdbd-mysql-perl 9 | 10 | #start mysql 11 | service mysql start 12 | 13 | #Add icinga2 key 14 | curl -s https://packages.icinga.com/icinga.key | apt-key add - 15 | echo "deb http://packages.icinga.org/ubuntu icinga-$(lsb_release -cs) main" > /etc/apt/sources.list.d/icinga2.list 16 | apt update 17 | apt-get install -y --no-install-recommends icinga2 icinga2-ido-mysql icingacli icingaweb2 icingaweb2-module-doc icingaweb2-module-monitoring monitoring-plugins nagios-nrpe-plugin nagios-plugins-contrib nagios-snmp-plugins nsca 18 | 19 | cat > /etc/icinga2/features-available/ido-mysql.conf << EOF 20 | library "db_ido_mysql" 21 | object IdoMysqlConnection "ido-mysql" { 22 | user = "root" 23 | password = "root" 24 | host = "localhost" 25 | database = "icinga2idomysql" 26 | } 27 | EOF 28 | 29 | #Configure icinga2 ido-mysql 30 | mysqladmin -u root password root 31 | 32 | #enable ido 33 | ln -s /etc/icinga2/features-available/ido-mysql.conf /etc/icinga2/features-available/ido-myql.conf 34 | icinga2 feature enable ido-mysql 35 | 36 | #enable apache mod 37 | a2enmod rewrite 38 | 39 | usermod -a -G icingaweb2 www-data; 40 | icingacli setup config directory --group icingaweb2; 41 | icinga2 api setup 42 | 43 | #create db for ido 44 | mysql -uroot -proot -e "CREATE DATABASE icinga2idomysql CHARACTER SET latin1;" 45 | mysql -uroot -proot -e "update mysql.user set password=password('root') where user='root';" 46 | mysql -uroot -proot -e "update mysql.user set plugin='' where user='root';" 47 | mysql -uroot -proot -e "flush privileges;" 48 | mysql -uroot -proot icinga2idomysql < /usr/share/icinga2-ido-mysql/schema/mysql.sql 49 | echo "date.timezone =Europe/Berlin" >> /etc/php/7.2/apache2/php.ini 50 | 51 | #create icingaweb db 52 | mysql -uroot -proot -e "CREATE DATABASE icingaweb;" 53 | mysql -uroot -proot icingaweb < /usr/share/icingaweb2/etc/schema/mysql.schema.sql 54 | 55 | #create user for icingaweb2 56 | #icingaadmin:icinga 57 | export pass=$(openssl passwd -1 icinga) 58 | mysql -uroot -proot -e "INSERT INTO icingaweb.icingaweb_user (name, active, password_hash) VALUES ('icingaadmin', 1, '$pass');" 59 | 60 | #authentication.ini 61 | cat > /etc/icingaweb2/authentication.ini << EOF 62 | [icingaweb2] 63 | backend = "db" 64 | resource = "icingaweb_db" 65 | EOF 66 | 67 | # #config.ini 68 | cat > /etc/icingaweb2/config.ini << EOF 69 | [global] 70 | show_stacktraces = "1" 71 | show_application_state_messages = "1" 72 | config_backend = "db" 73 | config_resource = "icingaweb_db" 74 | 75 | [logging] 76 | log = "syslog" 77 | level = "ERROR" 78 | application = "icingaweb2" 79 | facility = "user" 80 | EOF 81 | 82 | #groups.ini 83 | cat > /etc/icingaweb2/groups.ini << EOF 84 | [icingaweb2] 85 | backend = "db" 86 | resource = "icingaweb_db" 87 | EOF 88 | 89 | #resources.ini 90 | cat > /etc/icingaweb2/resources.ini << EOF 91 | [icingaweb_db] 92 | type = "db" 93 | db = "mysql" 94 | host = "localhost" 95 | port = "3306" 96 | dbname = "icingaweb" 97 | username = "root" 98 | password = "root" 99 | charset = "latin1" 100 | use_ssl = "0" 101 | 102 | [icinga_ido] 103 | type = "db" 104 | db = "mysql" 105 | host = "localhost" 106 | port = "3306" 107 | dbname = "icinga2idomysql" 108 | username = "root" 109 | password = "root" 110 | charset = "latin1" 111 | use_ssl = "0" 112 | EOF 113 | 114 | #roles.ini 115 | cat > /etc/icingaweb2/roles.ini << EOF 116 | [Administrators] 117 | users = "icingaadmin" 118 | permissions = "*" 119 | groups = "Administrators" 120 | EOF 121 | 122 | #Configuration Icingaweb Modules 123 | mkdir -p /etc/icingaweb2/modules/monitoring 124 | mkdir -p /etc/icingaweb2/enabledModules 125 | 126 | #Enable Monitoring Modules 127 | ln -s /usr/share/icingaweb2/modules/monitoring/ /etc/icingaweb2/enabledModules/monitoring 128 | 129 | #backends.ini 130 | cat > /etc/icingaweb2/modules/monitoring/backends.ini << EOF 131 | [icinga] 132 | type = "ido" 133 | resource = "icinga_ido" 134 | EOF 135 | 136 | #config.ini 137 | cat > /etc/icingaweb2/modules/monitoring/config.ini << EOF 138 | [security] 139 | protected_customvars = "*pw*,*pass*,community" 140 | EOF 141 | 142 | #Module installation - Graphite, Director 143 | #Director 144 | # mkdir -p /usr/share/icingaweb2/modules/ 145 | # mkdir -p /usr/share/icingaweb2/modules/director/ 146 | # wget -q --no-cookies -O - https://github.com/Icinga/icingaweb2-module-director/archive/v1.4.3.tar.gz | tar xz --strip-components=1 --directory=/usr/share/icingaweb2/modules/director --exclude=.gitignore -f - 147 | # ln -s /usr/share/icingaweb2/modules/director/ /etc/icingaweb2/enabledModules/director 148 | 149 | #Graphite 150 | mkdir -p /usr/share/icingaweb2/modules/graphite 151 | wget -q --no-cookies -O - "https://github.com/Icinga/icingaweb2-module-graphite/archive/v1.0.1.tar.gz" | tar xz --strip-components=1 --directory=/usr/share/icingaweb2/modules/graphite -f - 152 | 153 | rm /etc/icinga2/features-available/graphite.conf 154 | #config will be written in run.sh 155 | ln -s /usr/share/icingaweb2/modules/graphite/ /etc/icingaweb2/enabledModules/graphite 156 | 157 | mkdir -p /etc/icingaweb2/modules/graphite 158 | 159 | #fix https://github.com/Icinga/icingaweb2-module-graphite/pull/171/files 160 | sed -i '33s/protected $handles/protected $handles = []/' /etc/icingaweb2/enabledModules/graphite/library/vendor/iplx/Http/Client.php 161 | sed -i '33s/$ch = $this->handles ? array_pop($this->handles) : curl_init()/$ch = ! empty($this->handles) ? array_pop($this->handles) : curl_init()/' /etc/icingaweb2/enabledModules/graphite/library/vendor/iplx/Http/Client.php 162 | 163 | #graphite config will be enabled and wrote in run.sh 164 | 165 | #Add NSCA Config 166 | icinga2 feature enable command 167 | sed -i 's#command_file.*#command_file=/run/icinga2/cmd/icinga2.cmd#g' /etc/nsca.cfg 168 | 169 | #disable main log 170 | icinga2 feature disable mainlog 171 | 172 | #Add /icinga2conf 173 | echo "include_recursive \"/icinga2conf\"" >> /etc/icinga2/icinga2.conf 174 | 175 | apt clean 176 | rm -rf /var/lib/apt/lists/* 177 | -------------------------------------------------------------------------------- /nsca.conf: -------------------------------------------------------------------------------- 1 | [program:nsca] 2 | command=/usr/sbin/nsca -c /etc/nsca.cfg -f --daemon 3 | autostart=true 4 | autorestart=true 5 | startretries=1 6 | startsecs=1 7 | -------------------------------------------------------------------------------- /run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #set -e 3 | 4 | MYSQLOLD="/var/lib/mysql" 5 | MYSQLNEW="/mysql" 6 | MYSQLCONF="/etc/mysql/mariadb.conf.d/50-server.cnf" 7 | 8 | echo "$MYSQLOLD" 9 | echo "$MYSQLNEW" 10 | 11 | #Check folder /mysql. exit if not exist 12 | if [ ! -d "$MYSQLNEW" ]; then 13 | echo "Folder $MYSQLNEW not found. Exit" 14 | exit 1 15 | else 16 | cp -Rn $MYSQLOLD / 17 | echo "Copy $MYSQLOLD to /" 18 | 19 | #Change default path for mysql 20 | sed -i "s#datadir.*#datadir = /mysql#g" $MYSQLCONF 21 | 22 | #Change permissions icingaweb2 and icinga2 custom configuration folder 23 | echo "Change permissions of $MYSQLNEW to mysql:mysql" 24 | chown mysql:mysql -R $MYSQLNEW 25 | 26 | UP=$(ps aux | grep mysql | wc -l); 27 | if [ "$UP" -ne 2 ]; 28 | then 29 | service mysql start 30 | else 31 | echo "cannot start mysql service" 32 | exit 1 33 | fi 34 | fi 35 | 36 | #write html redirect 37 | rm -Rf /var/www/html/index.html 38 | cat > /var/www/html/index.php << EOF 39 | 42 | EOF 43 | 44 | #Check env 45 | #check Icingaadmin password 46 | if [ -z "$ICINGA_PASS" ]; then 47 | export ICINGA_PASS="icinga" 48 | echo "Set icingaadmin pass to icinga" 49 | else 50 | echo $ICINGA_PASS 51 | fi 52 | 53 | #check mailserver variable 54 | if [ -z "MAILSERVER" ]; then 55 | echo "Mailserver not defined" 56 | else 57 | #Define mailsend command and write this to /etc/icinga2/scripts/mail-host-notification.sh 58 | sed -i 's#/usr/bin/.*#/usr/bin/printf \"%b\" \"$template\" | mailx -r '\"monitoring@$HOSTNAME\"' -s \"$NOTIFICATIONTYPE - $HOSTDISPLAYNAME is $HOSTSTATE\" -S smtp='\"$MAILSERVER\"' $USEREMAIL#g' /etc/icinga2/scripts/mail-host-notification.sh 59 | sed -i 's#/usr/bin/.*#/usr/bin/printf \"%b\" \"$template\" | mailx -r '\"monitoring@$HOSTNAME\"' -s \"$NOTIFICATIONTYPE - $HOSTDISPLAYNAME - $SERVICEDISPLAYNAME is $SERVICESTATE\" -S smtp='\"$MAILSERVER\"' $USEREMAIL#g' /etc/icinga2/scripts/mail-service-notification.sh 60 | fi 61 | 62 | #check email variable 63 | if [ -z "$EMAILADDR" ]; then 64 | echo "Email for icingaadmin not defined" 65 | else 66 | sed -i "11s/.*/enable_notifications = true/g" /etc/icinga2/conf.d/users.conf 67 | sed -i 's/'"root@localhost"'/'"$EMAILADDR"'/' /etc/icinga2/conf.d/users.conf 68 | fi 69 | 70 | #check if NSCA Password is defined 71 | if [ -z "$NSCAPASS" ]; then 72 | echo "nsca password not defined" 73 | else 74 | echo "password=$NSCAPASS" >> /etc/nsca.cfg 75 | fi 76 | 77 | #check if NSCA Port ist defined. If not define set stardardport 5667 78 | if [ -z "$NSCAPORT" ]; then 79 | sed -i "s/server_port.*/server_port=5667/g" /etc/nsca.cfg 80 | else 81 | sed -i "s/server_port.*/server_port=$NSCAPORT/g" /etc/nsca.cfg 82 | fi 83 | 84 | #Check if /icingaweb2 folder exist 85 | if [[ ! -d /icingaweb2 ]]; then 86 | echo "folder /icingaweb2 not exist. Exit" 87 | exit 1 88 | fi 89 | 90 | if [[ -s /icingaweb2/resources.ini ]]; then 91 | rm /etc/icingaweb2/resources.ini 92 | ln -s /icingaweb2/resources.ini /etc/icingaweb2/resources.ini 93 | else 94 | cp /etc/icingaweb2/resources.ini /icingaweb2/resources.ini 95 | rm /etc/icingaweb2/resources.ini 96 | ln -s /icingaweb2/resources.ini /etc/icingaweb2/resources.ini 97 | fi 98 | if [[ -s /icingaweb2/authentication.ini ]]; then 99 | rm /etc/icingaweb2/authentication.ini 100 | ln -s /icingaweb2/authentication.ini /etc/icingaweb2/authentication.ini 101 | else 102 | cp /etc/icingaweb2/authentication.ini /icingaweb2/authentication.ini 103 | rm /etc/icingaweb2/authentication.ini 104 | ln -s /icingaweb2/authentication.ini /etc/icingaweb2/authentication.ini 105 | fi 106 | if [[ -s /icingaweb2/roles.ini ]]; then 107 | rm /etc/icingaweb2/roles.ini 108 | ln -s /icingaweb2/roles.ini /etc/icingaweb2/roles.ini 109 | else 110 | cp /etc/icingaweb2/roles.ini /icingaweb2/roles.ini 111 | rm /etc/icingaweb2/roles.ini 112 | ln -s /icingaweb2/roles.ini /etc/icingaweb2/roles.ini 113 | fi 114 | if [[ -s /icingaweb2/groups.ini ]]; then 115 | rm /etc/icingaweb2/groups.ini 116 | ln -s /icingaweb2/groups.ini /etc/icingaweb2/groups.ini 117 | else 118 | cp /etc/icingaweb2/groups.ini /icingaweb2/groups.ini 119 | rm /etc/icingaweb2/groups.ini 120 | ln -s /icingaweb2/groups.ini /etc/icingaweb2/groups.ini 121 | fi 122 | 123 | #Check if /icinga2conf folder exist 124 | if [[ ! -d /icinga2conf ]]; then 125 | echo "folder /icinga2conf not exist. Exit" 126 | exit 1 127 | fi 128 | 129 | #check if notifications.conf exist, if exist delete in /etc/icinga2 130 | if [[ -s /icinga2conf/notifications.conf ]]; then 131 | rm /etc/icinga2/conf.d/notifications.conf 132 | else 133 | mv /etc/icinga2/conf.d/notifications.conf /icinga2conf/notifications.conf 134 | 135 | interval=$(cat /icinga2conf/notifications.conf | grep interval | wc -l); 136 | if [ "$interval" -eq 2 ]; 137 | then 138 | echo "Icinga2 check interval is set" 139 | else 140 | #Check if NOTIFICATION_INTERVAL is defined 141 | if [ -z "$NOTIFICATION_INTERVAL" ]; then 142 | echo "default" 143 | else 144 | sed -i "17i\interval = $NOTIFICATION_INTERVAL" /icinga2conf/notifications.conf 145 | sed -i "26i\interval = $NOTIFICATION_INTERVAL" /icinga2conf/notifications.conf 146 | fi 147 | fi 148 | fi 149 | 150 | #check apipass variable 151 | if [ -z "$APIUSER" ]; then 152 | echo "API user not defined" 153 | icinga2 feature disable api 154 | rm -Rf /etc/icinga2/conf.d/api-users.conf 155 | else 156 | echo "API user defined as ${APIUSER}" 157 | mkdir -p /etc/icingaweb2/modules/monitoring 158 | icinga2 feature enable api 159 | 160 | if [[ -s /icinga2conf/api-users.conf ]]; then 161 | rm /etc/icinga2/conf.d/api-users.conf 162 | else 163 | rm -Rf /etc/icinga2/conf.d/api-users.conf 164 | echo "object ApiUser \"$APIUSER\" {" > /icinga2conf/api-users.conf 165 | if [ -z "$APIPASS" ]; then 166 | echo "Password not defined, set default \"icingaapi2012m\"" 167 | echo "password = \"icingaapi2012m\" " >> /icinga2conf/api-users.conf 168 | else 169 | echo "password = \"$APIPASS\" " >> /icinga2conf/api-users.conf 170 | fi 171 | 172 | echo " permissions = [ \"*\"]" >> /icinga2conf/api-users.conf 173 | echo "}" >> /icinga2conf/api-users.conf 174 | fi 175 | 176 | #create access data to use in icinga2 (to set acknowledge, downtime, etc) 177 | echo "[icinga2]" > /etc/icingaweb2/modules/monitoring/commandtransports.ini 178 | echo " transport = \"api\" " >> /etc/icingaweb2/modules/monitoring/commandtransports.ini 179 | echo " port = \"5665\" " >> /etc/icingaweb2/modules/monitoring/commandtransports.ini 180 | echo " host = \"0.0.0.0\" " >> /etc/icingaweb2/modules/monitoring/commandtransports.ini 181 | echo " username = \"$APIUSER\" " >> /etc/icingaweb2/modules/monitoring/commandtransports.ini 182 | echo " password = \"$APIPASS\" " >> /etc/icingaweb2/modules/monitoring/commandtransports.ini 183 | fi 184 | #check, if it's needed to disable service "swap" for monitoring host self 185 | if [ "$SWAPSERVICEOFF" = "true" ] || [ "$SWAPSERVICEOFF" = "TRUE" ] || [ "$SWAPSERVICEOFF" = "1" ]; then 186 | sed -i '/apply Service "swap" {/','/}/d' /etc/icinga2/conf.d/services.conf 187 | fi 188 | 189 | #var to disable disk check 190 | if [ "$DISCSERVICEOFF" = "true" ] || [ "$DISCSERVICEOFF" = "TRUE" ] || [ "$DISCSERVICEOFF" = "1" ]; then 191 | sed -i '/apply Service for (disk => config in host.vars.disks) {/','/}/d' /etc/icinga2/conf.d/services.conf 192 | fi 193 | 194 | 195 | #check if AD Auth is enabled 196 | if [[ $ENABLE_AD_AUTH -eq "1" ]]; then 197 | #Add AD Auth (resources.ini) 198 | echo "[ad]" >> /icingaweb2/resources.ini 199 | echo "type = \"ldap\"" >> /icingaweb2/resources.ini 200 | echo "hostname = \"$AD_NAME\"" >> /icingaweb2/resources.ini 201 | echo "port = \"389\" " >> /icingaweb2/resources.ini 202 | echo "root_dn = \"$AD_ROOT_DN\"" >> /icingaweb2/resources.ini 203 | echo "bind_dn = \"$AD_BIND_DN\"" >> /icingaweb2/resources.ini 204 | echo "bind_pw = \"$AD_BIND_PW\"" >> /icingaweb2/resources.ini 205 | 206 | echo "[AD]" >> /icingaweb2/authentication.ini 207 | echo "resource = \"ad\" " >> /icingaweb2/authentication.ini 208 | echo "backend = \"msldap\" " >> /icingaweb2/authentication.ini 209 | 210 | echo "[ad]" >> /icingaweb2/resources.ini 211 | echo " type = \"ldap\"" >> /icingaweb2/resources.ini 212 | echo "hostname = \"$AD_NAME\"" >> /icingaweb2/resources.ini 213 | echo "port = \"389\" " >> /icingaweb2/resources.ini 214 | echo "root_dn = \"$AD_ROOT_DN\"" >> /icingaweb2/resources.ini 215 | echo "bind_dn = \"$AD_BIND_DN\"" >> /icingaweb2/resources.ini 216 | echo "bind_pw = \"$AD_BIND_PW\"" >> /icingaweb2/resources.ini 217 | 218 | #Add authentication.ini 219 | echo "[AD]" >> /icingaweb2/resources.ini 220 | echo "resource = \"ad\" " >> /icingaweb2/authentication.ini 221 | echo "backend = \"msldap\" " >> /icingaweb2/authentication.ini 222 | fi 223 | 224 | if [[ ! -s /icinga2conf/users.conf ]]; then 225 | mv /etc/icinga2/conf.d/users.conf /icinga2conf/users.conf 226 | else 227 | rm -f /etc/icinga2/conf.d/users.conf 228 | fi 229 | 230 | if [[ ! -s /icinga2conf/passive.conf ]]; then 231 | #Icinga2 Passive Check template (Host and Service) 232 | echo "template Service \"passive-service\" { " > /icinga2conf/passive.conf 233 | echo " max_check_attempts = 2" >> /icinga2conf/passive.conf 234 | echo " check_interval = 3m " >> /icinga2conf/passive.conf 235 | echo " retry_interval = 0 " >> /icinga2conf/passive.conf 236 | echo " " >> /icinga2conf/passive.conf 237 | echo " enable_active_checks = true " >> /icinga2conf/passive.conf 238 | echo " " >> /icinga2conf/passive.conf 239 | echo " check_command = \"passive\" " >> /icinga2conf/passive.conf 240 | echo " " >> /icinga2conf/passive.conf 241 | echo " vars.notification[\"mail\"] = { " >> /icinga2conf/passive.conf 242 | echo " groups = [ \"icingaadmins\" ] " >> /icinga2conf/passive.conf 243 | echo " } " >> /icinga2conf/passive.conf 244 | echo "} " >> /icinga2conf/passive.conf 245 | echo " " >> /icinga2conf/passive.conf 246 | echo "template Host \"passive-host\" { " >> /icinga2conf/passive.conf 247 | echo " max_check_attempts = 2 " >> /icinga2conf/passive.conf 248 | echo " check_interval = 3m " >> /icinga2conf/passive.conf 249 | echo " retry_interval = 0 " >> /icinga2conf/passive.conf 250 | echo " " >> /icinga2conf/passive.conf 251 | echo " enable_active_checks = true " >> /icinga2conf/passive.conf 252 | echo " " >> /icinga2conf/passive.conf 253 | echo " check_command = \"passive\" " >> /icinga2conf/passive.conf 254 | echo " " >> /icinga2conf/passive.conf 255 | echo " vars.notification[\"mail\"] = { " >> /icinga2conf/passive.conf 256 | echo " groups = [ \"icingaadmins\" ] " >> /icinga2conf/passive.conf 257 | echo " } " >> /icinga2conf/passive.conf 258 | echo "} " >> /icinga2conf/passive.conf 259 | fi 260 | 261 | pass=$(openssl passwd -1 $ICINGA_PASS) 262 | mysql -uroot -proot icingaweb -e "update icingaweb_user set password_hash='$pass' where name='icingaadmin';" 263 | echo "configure icingaweb user $pass" 264 | 265 | #Enable Graphite 266 | if [ "$ENABLEGRAPHITE" = "true" ] || [ "$ENABLEGRAPHITE" = "TRUE" ] || [ "$ENABLEGRAPHITE" = "1" ]; then 267 | cat > /etc/icingaweb2/modules/graphite/config.ini << EOF 268 | [graphite] 269 | url = "$GRAPHITE_TRANS://$GRAPHITE_WEBHOST:$GRAPHITE_WEBSITE_PORT" 270 | user = "$GRAPHITE_USER" 271 | password = "$GRAPHITE_PASS" 272 | insecure = "$GRAPHITE_SECUR" 273 | EOF 274 | cat > /etc/icinga2/features-available/graphite.conf << EOF 275 | library "perfdata" 276 | object GraphiteWriter "graphite" { 277 | host = "$GRAPHITE_HOST" 278 | port = $GRAPHITE_PORT 279 | enable_send_thresholds = true 280 | } 281 | EOF 282 | 283 | icinga2 feature enable graphite 284 | 285 | fi 286 | 287 | if [ "$REMOVEDEFAULTSVC" = "true" ] || [ "$REMOVEDEFAULTSVC" = "TRUE" ] || [ "$REMOVEDEFAULTSVC" = "1" ]; then 288 | rm -rf /etc/icinga2/conf.d/services.conf 289 | fi 290 | 291 | 292 | #Change permissions icingaweb2 and icinga2 custom configuration folder 293 | sed -i "s/vars.os.*/#vars.os = \"Linux\"/g" /etc/icinga2/conf.d/hosts.conf 294 | 295 | #Restart service 296 | service apache2 stop 297 | service nsca stop 298 | /etc/init.d/supervisor stop 299 | 300 | #Start icinga2 301 | service icinga2 start 302 | 303 | rm /etc/init.d/apache2 304 | rm /etc/init.d/nsca 305 | rm /etc/init.d/supervisor 306 | 307 | supervisord -n -c /etc/supervisor/supervisord.conf 308 | --------------------------------------------------------------------------------