Mirrors/zamba-lxc-toolbox
1
0
Fork 0
mirror of https://github.com/bashclub/zamba-lxc-toolbox synced 2025-08-14 09:42:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Thorsten Spille 2025-07-24 22:59:37 +02:00 committed by GitHub
parent d15a44d93b
commit 20bdad8596
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 193 additions and 346 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
src/icinga2/constants-service.conf
View File

@ -1,62 +1,35 @@
#!/bin/bash
#
# Zamba LXC Toolbox - Service Constants
# Service: icinga-stack
#
# Description: Enthält alle anwendungsspezifischen Konstanten und
# Variablen, die für OS-Upgrades relevant sind.
#
# --- Service Metadata ---
ZAMBA_SERVICE_NAME="Icinga2 Stack mit IcingaDB"
ZAMBA_SERVICE_DESC="Installiert Icinga2, IcingaDB, Icingaweb2, Director, Nginx, MariaDB, Redis, InfluxDB2 und Grafana."
# Tags zur besseren Filterung und Verwaltung des Containers
SERVICE_TAGS="monitoring,icinga,icingadb,grafana,influxdb,nginx,mariadb,redis"
# Authors:
# (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
# (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
# (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
# This file contains the project constants on service level
# --- LXC Container Configuration ---
# Diese Parameter steuern die Erstellung des LXC Containers durch das Zamba Framework.
# Debian Version, die als Basis für den Container dient
# Debian Version, which will be installed
LXC_TEMPLATE_VERSION="debian-12-standard"
# Erstellt einen unprivilegierten Container für erhöhte Sicherheit
LXC_UNPRIVILEGED="1"
# Erlaubt das Ausführen von z.B. Docker innerhalb dieses Containers
LXC_NESTING="1"
# Wird für bestimmte Sicherheits-Features benötigt, hier nicht erforderlich
LXC_KEYCTL="0"
# Erstellt einen Mountpoint (mp0) für geteilte Dateisysteme
LXC_MP=1
# Name des ZFS-Dateisystems, das als Mountpoint dient
# Create sharefs mountpoint
LXC_MP=0
# Defines the mountpoint of the filesystem shared by Zamba inside your LXC container (default: tank)
LXC_SHAREFS_MOUNTPOINT="tank"
# Optimierte Recordsize für Datenbanken und kleine Dateien
# Defines the recordsize of mp0
LXC_MP_RECORDSIZE="16K"
# Minimal benötigter Arbeitsspeicher in MB.
# 2048 MB wird für den Betrieb des gesamten Stacks (Icinga, DBs, Grafana) empfohlen.
LXC_MEM_MIN=2048
# Create unprivileged container
LXC_UNPRIVILEGED="1"
# enable nesting feature
LXC_NESTING="1"
# --- Service-spezifische Konfiguration ---
# enable keyctl feature
LXC_KEYCTL="0"
# Pfad zur Speicherung der generierten Zugangsdaten
CRED_FILE="/root/.zamba_credentials/icinga_stack.txt"
# Sets the minimum amount of RAM the service needs for operation
LXC_MEM_MIN=1024
# service dependent meta tags
SERVICE_TAGS="php-fpm,nginx,mariadb"
# --- OS-Versions-spezifische Variablen ---
# Diese Variablen müssen bei einem Upgrade des Basis-Betriebssystems
# (z.B. von Debian 12 auf 13) angepasst werden.
# Der Codename des Betriebssystems (wird für die Repository-Pfade benötigt)
# Dieser Wert wird normalerweise vom Framework (z.B. aus /etc/os-release) bereitgestellt.
# Falls nicht, wird hier ein Fallback gesetzt.
OS_CODENAME="${OS_CODENAME:-bookworm}"
# Die Standard-PHP-Version für die jeweilige Debian-Version.
# Debian 12 (Bookworm) -> "8.2"
# Debian 13 (Trixie) -> voraussichtlich "8.3"
PHP_VERSION="8.2"
CRED_FILE="/root/.zamba_credentials/icinga_stack.txt"

470
src/icinga2/install-service.sh
View File

@ -1,10 +1,8 @@
#!/bin/bash
#
# Zamba LXC Toolbox - Service Installer
# Service: icinga-stack
#
# Description: Führt die Installation und Konfiguration des Icinga2 Stacks mit IcingaDB durch.
#
source /root/functions.sh
source /root/zamba.conf
source /root/constants-service.conf
source /etc/os-release
# --- Internal Helper Functions ---
_generate_local_password() {
@ -12,148 +10,80 @@ _generate_local_password() {
}
# --- Service Functions (_install, _configure, _setup, _info) ---
curl -fsSL https://packages.icinga.com/icinga.key | gpg --dearmor -o /usr/share/keyrings/icinga-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/icinga-archive-keyring.gpg] https://packages.icinga.com/debian icinga-$(lsb_release -cs) main" > /etc/apt/sources.list.d/icinga.list
_install() {
echo ""
echo "================================================="
echo " Phase 1: Installation der Pakete (IcingaDB Edition)"
echo "================================================="
echo ""
echo "[INFO] System wird aktualisiert und Basispakete werden installiert."
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y wget gpg apt-transport-https curl sudo lsb-release
curl -fsSL https://packages.netways.de/icinga/netways.key | gpg --dearmor -o /usr/share/keyrings/netways-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/netways-archive-keyring.gpg] https://packages.netways.de/icinga/debian/ icinga-$(lsb_release -cs) main" > /etc/apt/sources.list.d/netways.list
echo "[INFO] Repositories für Icinga, Netways, InfluxDB und Grafana werden hinzugefügt."
# Icinga Repo
if [ ! -f /etc/apt/sources.list.d/icinga.list ]; then
curl -fsSL https://packages.icinga.com/icinga.key | gpg --dearmor -o /usr/share/keyrings/icinga-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/icinga-archive-keyring.gpg] https://packages.icinga.com/debian icinga-${OS_CODENAME} main" > /etc/apt/sources.list.d/icinga.list
fi
curl -fsSL https://repos.influxdata.com/influxdata-archive_compat.key | gpg --dearmor -o /usr/share/keyrings/influxdata-archive_compat-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/influxdata-archive_compat-keyring.gpg] https://repos.influxdata.com/debian $(lsb_release -cs) stable" > /etc/apt/sources.list.d/influxdata.list
# Netways Repo for additional modules
if [ ! -f /etc/apt/sources.list.d/netways.list ]; then
curl -fsSL https://packages.netways.de/icinga/netways.key | gpg --dearmor -o /usr/share/keyrings/netways-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/netways-archive-keyring.gpg] https://packages.netways.de/icinga/debian/ icinga-${OS_CODENAME} main" > /etc/apt/sources.list.d/netways.list
fi
wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor -o /usr/share/keyrings/grafana-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/grafana-archive-keyring.gpg] https://apt.grafana.com stable main" > /etc/apt/sources.list.d/grafana.list
# InfluxDB Repo
if [ ! -f /etc/apt/sources.list.d/influxdata.list ]; then
curl -fsSL https://repos.influxdata.com/influxdata-archive_compat.key | gpg --dearmor -o /usr/share/keyrings/influxdata-archive_compat-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/influxdata-archive_compat-keyring.gpg] https://repos.influxdata.com/debian ${OS_CODENAME} stable" > /etc/apt/sources.list.d/influxdata.list
fi
apt update
# Grafana Repo
if [ ! -f /etc/apt/sources.list.d/grafana.list ]; then
wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor -o /usr/share/keyrings/grafana-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/grafana-archive-keyring.gpg] https://apt.grafana.com stable main" > /etc/apt/sources.list.d/grafana.list
fi
echo "[INFO] Paketlisten werden erneut aktualisiert."
apt-get update
apt-get install -y icinga2 nginx php${PHP_VERSION}-fpm php${PHP_VERSION}-mysql php${PHP_VERSION}-intl php${PHP_VERSION}-xml php${PHP_VERSION}-gd php${PHP_VERSION}-ldap php${PHP_VERSION}-imagick \
mariadb-server mariadb-client influxdb2 grafana imagemagick icingaweb2 icingacli icinga-php-library icingaweb2-module-reactbundle \
icinga-director icingadb icingadb-redis icingadb-web icingaweb2-module-perfdatagraphs icingaweb2-module-perfdatagraphs-influxdbv2
echo "[INFO] Hauptkomponenten werden installiert (PHP Version: ${PHP_VERSION})."
apt-get install -y \
icinga2 \
nginx php${PHP_VERSION}-fpm php${PHP_VERSION}-mysql php${PHP_VERSION}-intl php${PHP_VERSION}-xml php${PHP_VERSION}-gd php${PHP_VERSION}-ldap php${PHP_VERSION}-imagick \
mariadb-server mariadb-client \
redis-server redis-tools \
influxdb2 \
grafana \
imagemagick \
icingaweb2 icingacli \
icinga-php-library \
icingaweb2-module-reactbundle \
icinga-director \
icingadb \
icingadb-redis \
icingadb-web \
icingaweb2-module-perfdatagraphs \
icingaweb2-module-perfdatagraphs-influxdbv2
}
_configure() {
echo ""
echo "================================================="
echo " Phase 2: Konfiguration der Komponenten (IcingaDB Edition)"
echo "================================================="
echo ""
ICINGAWEB_DB_PASS=$(_generate_local_password 24)
DIRECTOR_DB_PASS=$(_generate_local_password 24)
ICINGA_IDO_DB_PASS=$(_generate_local_password 24)
ICINGA_API_USER_PASS=$(_generate_local_password 24)
ICINGAWEB_ADMIN_PASS=$(_generate_local_password 16)
GRAFANA_ADMIN_PASS=$(_generate_local_password 16)
INFLUX_ADMIN_TOKEN=$(_generate_local_password 40)
# 1. Passwörter generieren
echo "[INFO] Passwörter und API-Keys werden generiert."
ICINGAWEB_DB_PASS=$(_generate_local_password 24)
DIRECTOR_DB_PASS=$(_generate_local_password 24)
ICINGADB_PASS=$(_generate_local_password 24)
ICINGA_API_USER_PASS=$(_generate_local_password 24)
ICINGAWEB_ADMIN_PASS=$(_generate_local_password 16)
GRAFANA_ADMIN_PASS=$(_generate_local_password 16)
INFLUX_ADMIN_TOKEN=$(_generate_local_password 40)
# 2. MariaDB konfigurieren
echo "[INFO] MariaDB wird konfiguriert."
# Ensure MariaDB is running for configuration
systemctl start mariadb
while ! mysqladmin ping -h localhost --silent; do sleep 1; done
mysql -e "CREATE DATABASE IF NOT EXISTS icingaweb2 CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
mysql -e "CREATE DATABASE IF NOT EXISTS director CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
mysql -e "CREATE DATABASE IF NOT EXISTS icingadb CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
mysql -e "CREATE USER IF NOT EXISTS 'icingaweb2'@'localhost' IDENTIFIED BY '${ICINGAWEB_DB_PASS}';"
mysql -e "CREATE USER IF NOT EXISTS 'director'@'localhost' IDENTIFIED BY '${DIRECTOR_DB_PASS}';"
mysql -e "CREATE USER IF NOT EXISTS 'icingadb'@'localhost' IDENTIFIED BY '${ICINGADB_PASS}';"
systemctl start mariadb
while ! mysqladmin ping -h localhost --silent; do sleep 1; done
mysql -e "GRANT ALL PRIVILEGES ON icingaweb2.* TO 'icingaweb2'@'localhost';"
mysql -e "GRANT ALL PRIVILEGES ON director.* TO 'director'@'localhost';"
mysql -e "GRANT ALL PRIVILEGES ON icingadb.* TO 'icingadb'@'localhost';"
mysql -e "FLUSH PRIVILEGES;"
mysql -e "CREATE DATABASE IF NOT EXISTS icingaweb2 CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
mysql -e "CREATE DATABASE IF NOT EXISTS director CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
mysql -e "CREATE DATABASE IF NOT EXISTS icinga_ido CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
# 3. Redis konfigurieren
echo "[INFO] Erstelle systemd-Override für Redis-Server."
mkdir -p /etc/systemd/system/redis-server.service.d
bash -c "cat > /etc/systemd/system/redis-server.service.d/override.conf" <<EOF
[Service]
# Deaktiviert die systemd-Benachrichtigung, um Kompatibilitätsprobleme in Containern zu vermeiden.
Supervised=no
EOF
# 4. InfluxDB 2 konfigurieren
echo "[INFO] InfluxDB 2 wird konfiguriert."
systemctl start influxdb
influx setup --skip-verify --username admin --password "$GRAFANA_ADMIN_PASS" --org icinga --bucket icinga --token "$INFLUX_ADMIN_TOKEN" -f
INFLUX_ICINGA_TOKEN=$(influx auth create --org icinga --all-access --json | grep -oP '"token": "\K[^"]+')
if [ -z "$INFLUX_ICINGA_TOKEN" ]; then echo "[ERROR] Konnte InfluxDB Token nicht erstellen." >&2; exit 1; fi
mysql -e "CREATE USER IF NOT EXISTS 'icingaweb2'@'localhost' IDENTIFIED BY '${ICINGAWEB_DB_PASS}';"
mysql -e "CREATE USER IF NOT EXISTS 'director'@'localhost' IDENTIFIED BY '${DIRECTOR_DB_PASS}';"
mysql -e "CREATE USER IF NOT EXISTS 'icinga_ido'@'localhost' IDENTIFIED BY '${ICINGA_IDO_DB_PASS}';"
# 5. Credentials-Datei schreiben
echo "[INFO] Zugangsdaten werden in ${CRED_FILE} gespeichert."
mkdir -p "$(dirname "$CRED_FILE")" && chmod 700 "$(dirname "$CRED_FILE")"
{
echo "# --- Icinga Monitoring Stack Credentials ---"
echo "URL: https://${ZAMBA_HOSTNAME:-$(hostname -f)}/icingaweb2; Benutzer: icingaadmin; Passwort: ${ICINGAWEB_ADMIN_PASS}"
echo "URL: https://${ZAMBA_HOSTNAME:-$(hostname -f)}/grafana; Benutzer: admin; Passwort: ${GRAFANA_ADMIN_PASS}"
echo "InfluxDB Admin Token: ${INFLUX_ADMIN_TOKEN}"
echo "Icinga Director API: Benutzer: director; Passwort: ${ICINGA_API_USER_PASS}"
} > "$CRED_FILE" && chmod 600 "$CRED_FILE"
mysql -e "GRANT ALL PRIVILEGES ON icingaweb2.* TO 'icingaweb2'@'localhost';"
mysql -e "GRANT ALL PRIVILEGES ON director.* TO 'director'@'localhost';"
mysql -e "GRANT ALL PRIVILEGES ON icinga_ido.* TO 'icinga_ido'@'localhost';"
mysql -e "FLUSH PRIVILEGES;"
# 6. Icinga2 Konfigurationsdateien schreiben
echo "[INFO] Icinga2 Konfigurationsdateien werden geschrieben."
bash -c "cat > /etc/icinga2/features-available/icingadb.conf" <<EOF
systemctl start influxdb
influx setup --skip-verify --username admin --password "$GRAFANA_ADMIN_PASS" --org icinga --bucket icinga --token "$INFLUX_ADMIN_TOKEN" -f
INFLUX_ICINGA_TOKEN=$(influx auth create --org icinga --all-access --json | grep -oP '"token": "\K[^"]+')
if [ -z "$INFLUX_ICINGA_TOKEN" ]; then echo "[ERROR] Konnte InfluxDB Token nicht erstellen." >&2; exit 1; fi
mkdir -p "$(dirname "$CRED_FILE")" && chmod 700 "$(dirname "$CRED_FILE")"
{
echo "# --- Icinga Monitoring Stack Credentials ---"
echo "URL: https://${ZAMBA_HOSTNAME:-$(hostname -f)}/icingaweb2; Benutzer: icingaadmin; Passwort: ${ICINGAWEB_ADMIN_PASS}"
echo "URL: https://${ZAMBA_HOSTNAME:-$(hostname -f)}/grafana; Benutzer: admin; Passwort: ${GRAFANA_ADMIN_PASS}"
echo "InfluxDB Admin Token: ${INFLUX_ADMIN_TOKEN}"
echo "Icinga Director API: Benutzer: director; Passwort: ${ICINGA_API_USER_PASS}"
} > "$CRED_FILE" && chmod 600 "$CRED_FILE"
systemctl enable --now icingadb-redis
bash -c "cat > /etc/icinga2/features-available/icingadb.conf" <<EOF
library "icingadb"
object IcingaDB "icingadb" {
host = "127.0.0.1"
port = 6379
port = 6380
}
EOF
bash -c "cat > /etc/icinga2/conf.d/api-users.conf" <<EOF
bash -c "cat > /etc/icinga2/conf.d/api-users.conf" <<EOF
object ApiUser "director" {
password = "${ICINGA_API_USER_PASS}"
permissions = [ "object/modify/*", "object/query/*", "status/query", "actions/*", "events/*" ]
}
EOF
bash -c "cat > /etc/icinga2/features-available/influxdb2-writer.conf" <<EOF
bash -c "cat > /etc/icinga2/features-available/influxdb2-writer.conf" <<EOF
object Influxdb2Writer "influxdb2-writer" {
host = "http://127.0.0.1:8086"
organization = "icinga"
@ -161,31 +91,27 @@ object Influxdb2Writer "influxdb2-writer" {
auth_token = "${INFLUX_ICINGA_TOKEN}"
}
EOF
local FQDN=$(hostname -f)
bash -c "cat > /etc/icinga2/zones.conf" <<EOF
object Endpoint "${FQDN}" {}
object Zone "master" { endpoints = [ "${FQDN}" ] }
object Endpoint "$(hostname -f)" {}
object Zone "master" { endpoints = [ "$(hostname -f)" ] }
object Zone "global-templates" { global = true }
object Zone "director-global" { global = true }
EOF
# 7. IcingaDB konfigurieren
echo "[INFO] IcingaDB wird konfiguriert."
bash -c "cat > /etc/icingadb/config.yml" <<EOF
bash -c "cat > /etc/icingadb/config.yml" <<EOF
database:
dsn: icingadb@tcp(127.0.0.1:3306)/icingadb
password: ${ICINGADB_PASS}
redis:
host: 127.0.0.1
port: 6379
port: 6380
logging:
level: info
output: stdout
EOF
icinga2 feature enable icingadb
systemctl restart icinga2
# 8. Icinga Web 2 Konfigurationsdateien schreiben
echo "[INFO] Icinga Web 2 Konfigurationsdateien werden geschrieben."
mkdir -p /etc/icingaweb2
mkdir -p /etc/icingaweb2
bash -c "cat > /etc/icingaweb2/resources.ini" <<EOF
[icingaweb_db]
type = "db"
@ -214,15 +140,13 @@ username = "icingadb"
password = "${ICINGADB_PASS}"
charset = "utf8mb4"
EOF
# 9. Grafana konfigurieren
echo "[INFO] Grafana wird konfiguriert."
systemctl stop grafana-server
grafana-cli admin reset-admin-password "$GRAFANA_ADMIN_PASS"
systemctl start grafana-server
mkdir -p /etc/grafana/provisioning/datasources
bash -c "cat > /etc/grafana/provisioning/datasources/influxdb.yaml" <<EOF
systemctl stop grafana-server
grafana-cli admin reset-admin-password "$GRAFANA_ADMIN_PASS"
systemctl start grafana-server
mkdir -p /etc/grafana/provisioning/datasources
bash -c "cat > /etc/grafana/provisioning/datasources/influxdb.yaml" <<EOF
apiVersion: 1
datasources:
- name: InfluxDB-Icinga
@ -232,17 +156,15 @@ datasources:
jsonData: { version: "Flux", organization: "icinga", defaultBucket: "icinga" }
secureJsonData: { token: "${INFLUX_ICINGA_TOKEN}" }
EOF
chown grafana:grafana /etc/grafana/provisioning/datasources/influxdb.yaml
# 10. Nginx TLS Konfiguration
echo "[INFO] Nginx für TLS wird konfiguriert."
mkdir -p /etc/nginx/ssl
if [ ! -L /etc/nginx/ssl/fullchain.pem ]; then
ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/nginx/ssl/fullchain.pem
ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/nginx/ssl/privkey.pem
fi
chown grafana:grafana /etc/grafana/provisioning/datasources/influxdb.yaml
bash -c "cat > /etc/nginx/sites-available/icinga-stack" <<EOF
mkdir -p /etc/nginx/ssl
if [ ! -L /etc/nginx/ssl/fullchain.pem ]; then
ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/nginx/ssl/fullchain.pem
ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/nginx/ssl/privkey.pem
fi
bash -c "cat > /etc/nginx/sites-available/icinga-stack" <<EOF
server {
listen 80;
server_name ${ZAMBA_HOSTNAME:-$(hostname -f)};
@ -272,70 +194,46 @@ server {
}
}
EOF
ln -sf /etc/nginx/sites-available/icinga-stack /etc/nginx/sites-enabled/
rm -f /etc/nginx/sites-enabled/default
sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/' "/etc/php/${PHP_VERSION}/fpm/php.ini"
sed -i "s|;date.timezone =|date.timezone = $(cat /etc/timezone)|" "/etc/php/${PHP_VERSION}/fpm/php.ini"
}
ln -sf /etc/nginx/sites-available/icinga-stack /etc/nginx/sites-enabled/
rm -f /etc/nginx/sites-enabled/default
_setup() {
echo ""
echo "================================================="
echo " Phase 3: Setup und finaler Neustart (IcingaDB Edition)"
echo "================================================="
echo ""
echo "[INFO] Icinga2 API wird initialisiert und Zertifikate werden erstellt."
icinga2 api setup
echo "[INFO] Aktiviere und starte alle Dienste in der korrekten Reihenfolge."
systemctl enable icinga2 mariadb redis-server nginx php${PHP_VERSION}-fpm influxdb grafana-server icingadb
systemctl daemon-reload # Um Redis-Override zu laden
sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/' "/etc/php/${PHP_VERSION}/fpm/php.ini"
sed -i "s|;date.timezone =|date.timezone = $(cat /etc/timezone)|" "/etc/php/${PHP_VERSION}/fpm/php.ini"
systemctl start mariadb
systemctl start redis-server
icinga2 api setup
systemctl enable icinga2 mariadb nginx php${PHP_VERSION}-fpm influxdb grafana-server icingadb icingadb-redis
echo "[INFO] Warte auf MariaDB-Dienst..."
while ! mysqladmin ping -h localhost --silent; do sleep 2; done
echo "[INFO] MariaDB ist bereit."
systemctl start mariadb
while ! mysqladmin ping -h localhost --silent; do sleep 2; done
systemctl start icinga2 icingadb-redis nginx php${PHP_VERSION}-fpm influxdb grafana-server icingadb
echo "[INFO] Warte auf Redis-Dienst..."
while ! redis-cli ping | grep -q PONG; do sleep 2; done
echo "[INFO] Redis ist bereit."
IWEB_SCHEMA="/usr/share/icingaweb2/schema/mysql.schema.sql"
DIRECTOR_SCHEMA="/usr/share/icingaweb2/modules/director/schema/mysql.sql"
ICINGADB_SCHEMA="/usr/share/icingadb/schema/mysql/schema.sql"
# Starte restliche Dienste
systemctl start icinga2 nginx php${PHP_VERSION}-fpm influxdb grafana-server icingadb
echo "[INFO] Datenbank-Schemas werden importiert."
local IWEB_SCHEMA="/usr/share/icingaweb2/schema/mysql.schema.sql"
local DIRECTOR_SCHEMA="/usr/share/icingaweb2/modules/director/schema/mysql.sql"
local ICINGADB_SCHEMA="/usr/share/icingadb/schema/mysql/schema.sql"
if [ ! -f "$IWEB_SCHEMA" ]; then echo "[ERROR] IcingaWeb-Schema nicht gefunden: $IWEB_SCHEMA" >&2; exit 1; fi
if [ ! -f "$DIRECTOR_SCHEMA" ]; then echo "[ERROR] Director-Schema nicht gefunden: $DIRECTOR_SCHEMA" >&2; exit 1; fi
if [ ! -f "$ICINGADB_SCHEMA" ]; then echo "[ERROR] IcingaDB-Schema nicht gefunden: $ICINGADB_SCHEMA" >&2; exit 1; fi
if [ ! -f "$IWEB_SCHEMA" ]; then echo "[ERROR] IcingaWeb-Schema nicht gefunden: $IWEB_SCHEMA" >&2; exit 1; fi
if [ ! -f "$DIRECTOR_SCHEMA" ]; then echo "[ERROR] Director-Schema nicht gefunden: $DIRECTOR_SCHEMA" >&2; exit 1; fi
if [ ! -f "$ICINGADB_SCHEMA" ]; then echo "[ERROR] IcingaDB-Schema nicht gefunden: $ICINGADB_SCHEMA" >&2; exit 1; fi
if ! mysql -e "use icingaweb2; show tables;" | grep -q "icingaweb_user"; then
echo "[INFO] Importiere IcingaWeb2-Schema..."
mysql icingaweb2 < "$IWEB_SCHEMA"
fi
if ! mysql -e "use director; show tables;" | grep -q "director_datafield"; then
echo "[INFO] Importiere Icinga Director-Schema..."
mysql director < "$DIRECTOR_SCHEMA"
fi
if ! mysql -e "use icingadb; show tables;" | grep -q "icingadb_schema_migration"; then
echo "[INFO] Importiere IcingaDB-Schema..."
mysql icingadb < "$ICINGADB_SCHEMA"
fi
echo "[INFO] Icinga2 Features werden aktiviert."
icinga2 feature enable icingadb api influxdb2-writer >/dev/null
if ! mysql -e "use icingaweb2; show tables;" | grep -q "icingaweb_user"; then
echo "[INFO] Importiere IcingaWeb2-Schema..."
mysql icingaweb2 < "$IWEB_SCHEMA"
fi
echo "[INFO] Erstelle Icinga Web 2 Kernkonfiguration."
bash -c "cat > /etc/icingaweb2/config.ini" <<EOF
if ! mysql -e "use director; show tables;" | grep -q "director_datafield"; then
echo "[INFO] Importiere Icinga Director-Schema..."
mysql director < "$DIRECTOR_SCHEMA"
fi
if ! mysql -e "use icingadb; show tables;" | grep -q "icingadb_schema_migration"; then
echo "[INFO] Importiere IcingaDB-Schema..."
mysql icingadb < "$ICINGADB_SCHEMA"
fi
icinga2 feature enable icingadb api influxdb2-writer
bash -c "cat > /etc/icingaweb2/config.ini" <<EOF
[global]
show_stacktraces = "0"
config_backend = "db"
@ -345,34 +243,35 @@ log = "file"
log_file = "/var/log/icingaweb2/icingaweb2.log"
level = "ERROR"
EOF
bash -c "cat > /etc/icingaweb2/authentication.ini" <<EOF
bash -c "cat > /etc/icingaweb2/authentication.ini" <<EOF
[icinga-web-admin]
backend = "db"
resource = "icingaweb_db"
EOF
bash -c "cat > /etc/icingaweb2/roles.ini" <<EOF
bash -c "cat > /etc/icingaweb2/roles.ini" <<EOF
[Administrators]
users = "icingaadmin"
permissions = "*"
groups = "Administrators"
EOF
mkdir -p /etc/icingaweb2/modules/monitoring
bash -c "cat > /etc/icingaweb2/modules/monitoring/backends.ini" <<EOF
mkdir -p /etc/icingaweb2/modules/monitoring
bash -c "cat > /etc/icingaweb2/modules/monitoring/backends.ini" <<EOF
[icingadb]
backend = "icingadb"
resource = "icingadb"
EOF
mkdir -p /etc/icingaweb2/modules/director
bash -c "cat > /etc/icingaweb2/modules/director/config.ini" <<EOF
mkdir -p /etc/icingaweb2/modules/director
bash -c "cat > /etc/icingaweb2/modules/director/config.ini" <<EOF
[db]
resource = "director_db"
EOF
# Konfiguration für perfdatagraphs
mkdir -p /etc/icingaweb2/modules/perfdatagraphs
bash -c "cat > /etc/icingaweb2/modules/perfdatagraphs/config.ini" <<EOF
mkdir -p /etc/icingaweb2/modules/perfdatagraphs
bash -c "cat > /etc/icingaweb2/modules/perfdatagraphs/config.ini" <<EOF
[influxdb2]
backend = "influxdb2"
url = "http://127.0.0.1:8086"
@ -384,42 +283,42 @@ bucket = "icinga"
backend = "influxdb2"
EOF
echo "[INFO] Icinga Web 2 Module werden in korrekter Reihenfolge aktiviert."
icingacli module enable ipl
icingacli module enable reactbundle
icingacli module enable incubator
icingacli module enable director
icingacli module enable icingadb
icingacli module enable perfdatagraphs
echo "[INFO] Icinga Web 2 Module werden in korrekter Reihenfolge aktiviert."
icingacli module enable ipl
icingacli module enable reactbundle
icingacli module enable incubator
icingacli module enable director
icingacli module enable icingadb
icingacli module enable perfdatagraphs
echo "[INFO] Alle Services werden neu gestartet, um die finale Konfiguration zu laden."
systemctl restart mariadb
systemctl restart redis-server
systemctl restart icinga2
systemctl restart php${PHP_VERSION}-fpm
systemctl restart nginx
systemctl restart grafana-server
systemctl restart icingadb
echo "[INFO] Alle Services werden neu gestartet, um die finale Konfiguration zu laden."
systemctl restart mariadb
systemctl restart redis-server
systemctl restart icinga2
systemctl restart php${PHP_VERSION}-fpm
systemctl restart nginx
systemctl restart grafana-server
systemctl restart icingadb
echo "[INFO] Füge Icinga Web 2 Admin-Benutzer direkt in die Datenbank ein."
local PASSWORD_HASH=$(php -r "echo password_hash('${ICINGAWEB_ADMIN_PASS}', PASSWORD_BCRYPT);")
mysql icingaweb2 -e "INSERT INTO icingaweb_user (name, active, password_hash) VALUES ('icingaadmin', 1, '${PASSWORD_HASH}') ON DUPLICATE KEY UPDATE password_hash='${PASSWORD_HASH}';"
echo "[INFO] Warte auf Icinga Web 2 und API..."
local counter=0
while ! icingacli director migration run >/dev/null 2>&1; do
counter=$((counter + 1))
if [ "$counter" -gt 15 ]; then
echo "[ERROR] Icinga Director wurde nach 30 Sekunden nicht bereit." >&2
exit 1
fi
echo "[INFO] Director ist noch nicht bereit, warte 2 Sekunden... (Versuch ${counter}/15)"
sleep 2
done
echo "[INFO] Icinga Director ist bereit."
echo "[INFO] Füge Icinga Web 2 Admin-Benutzer direkt in die Datenbank ein."
PASSWORD_HASH=$(php -r "echo password_hash('${ICINGAWEB_ADMIN_PASS}', PASSWORD_BCRYPT);")
mysql icingaweb2 -e "INSERT INTO icingaweb_user (name, active, password_hash) VALUES ('icingaadmin', 1, '${PASSWORD_HASH}') ON DUPLICATE KEY UPDATE password_hash='${PASSWORD_HASH}';"
echo "[INFO] Icinga Director Setup wird ausgeführt."
bash -c "cat > /etc/icingaweb2/modules/director/kickstart.ini" <<EOF
echo "[INFO] Warte auf Icinga Web 2 und API..."
counter=0
while ! icingacli director migration run >/dev/null 2>&1; do
counter=$((counter + 1))
if [ "$counter" -gt 15 ]; then
echo "[ERROR] Icinga Director wurde nach 30 Sekunden nicht bereit." >&2
exit 1
fi
echo "[INFO] Director ist noch nicht bereit, warte 2 Sekunden... (Versuch ${counter}/15)"
sleep 2
done
echo "[INFO] Icinga Director ist bereit."
echo "[INFO] Icinga Director Setup wird ausgeführt."
bash -c "cat > /etc/icingaweb2/modules/director/kickstart.ini" <<EOF
[config]
endpoint = "$(hostname -f)"
host = "127.0.0.1"
@ -427,50 +326,25 @@ port = "5665"
username = "director"
password = "${ICINGA_API_USER_PASS}"
EOF
icingacli director kickstart run
rm /etc/icingaweb2/modules/director/kickstart.ini
icingacli director kickstart run
rm /etc/icingaweb2/modules/director/kickstart.ini
echo "[INFO] Director Konfiguration wird angewendet."
icingacli director config deploy
}
echo "[INFO] Director Konfiguration wird angewendet."
icingacli director config deploy
_info() {
echo ""
echo "================================================="
echo " Installation des Icinga Monitoring Stacks abgeschlossen"
echo "================================================="
echo ""
echo "Die Konfiguration wurde erfolgreich abgeschlossen."
echo "Alle notwendigen Passwörter, Logins und API-Keys wurden generiert."
echo ""
echo "Sie finden alle Zugangsdaten in der folgenden Datei:"
echo " ${CRED_FILE}"
echo ""
echo "Wichtige URLs:"
echo " Icinga Web 2: https://${ZAMBA_HOSTNAME:-$(hostname -f)}/icingaweb2"
echo " IcingaDB Web: https://${ZAMBA_HOSTNAME:-$(hostname -f)}/icingadb-web"
echo " Grafana: https://${ZAMBA_HOSTNAME:-$(hostname -f)}/grafana"
echo ""
}
# --- Main Execution Logic ---
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
if [ "$EUID" -ne 0 ]; then
echo "[ERROR] Dieses Skript muss als Root ausgeführt werden."
exit 1
fi
if [ -f ./constants-service.conf ]; then
source ./constants-service.conf
else
echo "[ERROR] Die Datei 'constants-service.conf' wird für den Standalone-Betrieb benötigt."
exit 1
fi
ZAMBA_HOSTNAME=${ZAMBA_HOSTNAME:-$(hostname -f)}
set -euo pipefail
_install
_configure
_setup
_info
set +euo pipefail
exit 0
fi
echo ""
echo "================================================="
echo " Installation des Icinga Monitoring Stacks abgeschlossen"
echo "================================================="
echo ""
echo "Die Konfiguration wurde erfolgreich abgeschlossen."
echo "Alle notwendigen Passwörter, Logins und API-Keys wurden generiert."
echo ""
echo "Sie finden alle Zugangsdaten in der folgenden Datei:"
echo " ${CRED_FILE}"
echo ""
echo "Wichtige URLs:"
echo " Icinga Web 2: https://${ZAMBA_HOSTNAME:-$(hostname -f)}/icingaweb2"
echo " IcingaDB Web: https://${ZAMBA_HOSTNAME:-$(hostname -f)}/icingadb-web"
echo " Grafana: https://${ZAMBA_HOSTNAME:-$(hostname -f)}/grafana"
echo ""