Mirrors/zamba-lxc-toolbox
1
0
Fork 0
mirror of https://github.com/bashclub/zamba-lxc-toolbox synced 2025-08-16 18:52:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Thorsten Spille 2025-07-24 22:59:37 +02:00 committed by GitHub
parent d15a44d93b
commit 20bdad8596
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 193 additions and 346 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
src/icinga2/constants-service.conf
View File

@ -1,62 +1,35 @@
#!/bin/bash #!/bin/bash
#
# Zamba LXC Toolbox - Service Constants
# Service: icinga-stack
#
# Description: Enthält alle anwendungsspezifischen Konstanten und
# Variablen, die für OS-Upgrades relevant sind.
#
# --- Service Metadata --- # Authors:
ZAMBA_SERVICE_NAME="Icinga2 Stack mit IcingaDB" # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
ZAMBA_SERVICE_DESC="Installiert Icinga2, IcingaDB, Icingaweb2, Director, Nginx, MariaDB, Redis, InfluxDB2 und Grafana." # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
# Tags zur besseren Filterung und Verwaltung des Containers # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
SERVICE_TAGS="monitoring,icinga,icingadb,grafana,influxdb,nginx,mariadb,redis"
# This file contains the project constants on service level
# --- LXC Container Configuration --- # Debian Version, which will be installed
# Diese Parameter steuern die Erstellung des LXC Containers durch das Zamba Framework.
# Debian Version, die als Basis für den Container dient
LXC_TEMPLATE_VERSION="debian-12-standard" LXC_TEMPLATE_VERSION="debian-12-standard"
# Erstellt einen unprivilegierten Container für erhöhte Sicherheit # Create sharefs mountpoint
LXC_UNPRIVILEGED="1" LXC_MP=0
# Defines the mountpoint of the filesystem shared by Zamba inside your LXC container (default: tank)
# Erlaubt das Ausführen von z.B. Docker innerhalb dieses Containers
LXC_NESTING="1"
# Wird für bestimmte Sicherheits-Features benötigt, hier nicht erforderlich
LXC_KEYCTL="0"
# Erstellt einen Mountpoint (mp0) für geteilte Dateisysteme
LXC_MP=1
# Name des ZFS-Dateisystems, das als Mountpoint dient
LXC_SHAREFS_MOUNTPOINT="tank" LXC_SHAREFS_MOUNTPOINT="tank"
# Optimierte Recordsize für Datenbanken und kleine Dateien # Defines the recordsize of mp0
LXC_MP_RECORDSIZE="16K" LXC_MP_RECORDSIZE="16K"
# Minimal benötigter Arbeitsspeicher in MB. # Create unprivileged container
# 2048 MB wird für den Betrieb des gesamten Stacks (Icinga, DBs, Grafana) empfohlen. LXC_UNPRIVILEGED="1"
LXC_MEM_MIN=2048
# enable nesting feature
LXC_NESTING="1"
# --- Service-spezifische Konfiguration --- # enable keyctl feature
LXC_KEYCTL="0"
# Sets the minimum amount of RAM the service needs for operation
LXC_MEM_MIN=1024
# service dependent meta tags
SERVICE_TAGS="php-fpm,nginx,mariadb"
# Pfad zur Speicherung der generierten Zugangsdaten
CRED_FILE="/root/.zamba_credentials/icinga_stack.txt" CRED_FILE="/root/.zamba_credentials/icinga_stack.txt"
# --- OS-Versions-spezifische Variablen ---
# Diese Variablen müssen bei einem Upgrade des Basis-Betriebssystems
# (z.B. von Debian 12 auf 13) angepasst werden.
# Der Codename des Betriebssystems (wird für die Repository-Pfade benötigt)
# Dieser Wert wird normalerweise vom Framework (z.B. aus /etc/os-release) bereitgestellt.
# Falls nicht, wird hier ein Fallback gesetzt.
OS_CODENAME="${OS_CODENAME:-bookworm}"
# Die Standard-PHP-Version für die jeweilige Debian-Version.
# Debian 12 (Bookworm) -> "8.2"
# Debian 13 (Trixie) -> voraussichtlich "8.3"
PHP_VERSION="8.2"

412
src/icinga2/install-service.sh
View File

@ -1,10 +1,8 @@
#!/bin/bash
# source /root/functions.sh
# Zamba LXC Toolbox - Service Installer source /root/zamba.conf
# Service: icinga-stack source /root/constants-service.conf
# source /etc/os-release
# Description: Führt die Installation und Konfiguration des Icinga2 Stacks mit IcingaDB durch.
#
# --- Internal Helper Functions --- # --- Internal Helper Functions ---
_generate_local_password() { _generate_local_password() {
@ -12,148 +10,80 @@ _generate_local_password() {
} }
# --- Service Functions (_install, _configure, _setup, _info) --- curl -fsSL https://packages.icinga.com/icinga.key | gpg --dearmor -o /usr/share/keyrings/icinga-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/icinga-archive-keyring.gpg] https://packages.icinga.com/debian icinga-$(lsb_release -cs) main" > /etc/apt/sources.list.d/icinga.list
_install() { curl -fsSL https://packages.netways.de/icinga/netways.key | gpg --dearmor -o /usr/share/keyrings/netways-archive-keyring.gpg
echo "" echo "deb [signed-by=/usr/share/keyrings/netways-archive-keyring.gpg] https://packages.netways.de/icinga/debian/ icinga-$(lsb_release -cs) main" > /etc/apt/sources.list.d/netways.list
echo "================================================="
echo " Phase 1: Installation der Pakete (IcingaDB Edition)"
echo "================================================="
echo ""
echo "[INFO] System wird aktualisiert und Basispakete werden installiert." curl -fsSL https://repos.influxdata.com/influxdata-archive_compat.key | gpg --dearmor -o /usr/share/keyrings/influxdata-archive_compat-keyring.gpg
export DEBIAN_FRONTEND=noninteractive echo "deb [signed-by=/usr/share/keyrings/influxdata-archive_compat-keyring.gpg] https://repos.influxdata.com/debian $(lsb_release -cs) stable" > /etc/apt/sources.list.d/influxdata.list
apt-get update
apt-get install -y wget gpg apt-transport-https curl sudo lsb-release
echo "[INFO] Repositories für Icinga, Netways, InfluxDB und Grafana werden hinzugefügt." wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor -o /usr/share/keyrings/grafana-archive-keyring.gpg
# Icinga Repo echo "deb [signed-by=/usr/share/keyrings/grafana-archive-keyring.gpg] https://apt.grafana.com stable main" > /etc/apt/sources.list.d/grafana.list
if [ ! -f /etc/apt/sources.list.d/icinga.list ]; then
curl -fsSL https://packages.icinga.com/icinga.key | gpg --dearmor -o /usr/share/keyrings/icinga-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/icinga-archive-keyring.gpg] https://packages.icinga.com/debian icinga-${OS_CODENAME} main" > /etc/apt/sources.list.d/icinga.list
fi
# Netways Repo for additional modules apt update
if [ ! -f /etc/apt/sources.list.d/netways.list ]; then
curl -fsSL https://packages.netways.de/icinga/netways.key | gpg --dearmor -o /usr/share/keyrings/netways-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/netways-archive-keyring.gpg] https://packages.netways.de/icinga/debian/ icinga-${OS_CODENAME} main" > /etc/apt/sources.list.d/netways.list
fi
# InfluxDB Repo apt-get install -y icinga2 nginx php${PHP_VERSION}-fpm php${PHP_VERSION}-mysql php${PHP_VERSION}-intl php${PHP_VERSION}-xml php${PHP_VERSION}-gd php${PHP_VERSION}-ldap php${PHP_VERSION}-imagick \
if [ ! -f /etc/apt/sources.list.d/influxdata.list ]; then mariadb-server mariadb-client influxdb2 grafana imagemagick icingaweb2 icingacli icinga-php-library icingaweb2-module-reactbundle \
curl -fsSL https://repos.influxdata.com/influxdata-archive_compat.key | gpg --dearmor -o /usr/share/keyrings/influxdata-archive_compat-keyring.gpg icinga-director icingadb icingadb-redis icingadb-web icingaweb2-module-perfdatagraphs icingaweb2-module-perfdatagraphs-influxdbv2
echo "deb [signed-by=/usr/share/keyrings/influxdata-archive_compat-keyring.gpg] https://repos.influxdata.com/debian ${OS_CODENAME} stable" > /etc/apt/sources.list.d/influxdata.list
fi
# Grafana Repo
if [ ! -f /etc/apt/sources.list.d/grafana.list ]; then
wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor -o /usr/share/keyrings/grafana-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/grafana-archive-keyring.gpg] https://apt.grafana.com stable main" > /etc/apt/sources.list.d/grafana.list
fi
echo "[INFO] Paketlisten werden erneut aktualisiert." ICINGAWEB_DB_PASS=$(_generate_local_password 24)
apt-get update DIRECTOR_DB_PASS=$(_generate_local_password 24)
ICINGA_IDO_DB_PASS=$(_generate_local_password 24)
ICINGA_API_USER_PASS=$(_generate_local_password 24)
ICINGAWEB_ADMIN_PASS=$(_generate_local_password 16)
GRAFANA_ADMIN_PASS=$(_generate_local_password 16)
INFLUX_ADMIN_TOKEN=$(_generate_local_password 40)
echo "[INFO] Hauptkomponenten werden installiert (PHP Version: ${PHP_VERSION})." systemctl start mariadb
apt-get install -y \ while ! mysqladmin ping -h localhost --silent; do sleep 1; done
icinga2 \
nginx php${PHP_VERSION}-fpm php${PHP_VERSION}-mysql php${PHP_VERSION}-intl php${PHP_VERSION}-xml php${PHP_VERSION}-gd php${PHP_VERSION}-ldap php${PHP_VERSION}-imagick \
mariadb-server mariadb-client \
redis-server redis-tools \
influxdb2 \
grafana \
imagemagick \
icingaweb2 icingacli \
icinga-php-library \
icingaweb2-module-reactbundle \
icinga-director \
icingadb \
icingadb-redis \
icingadb-web \
icingaweb2-module-perfdatagraphs \
icingaweb2-module-perfdatagraphs-influxdbv2
}
_configure() { mysql -e "CREATE DATABASE IF NOT EXISTS icingaweb2 CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
echo "" mysql -e "CREATE DATABASE IF NOT EXISTS director CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
echo "=================================================" mysql -e "CREATE DATABASE IF NOT EXISTS icinga_ido CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
echo " Phase 2: Konfiguration der Komponenten (IcingaDB Edition)"
echo "================================================="
echo ""
# 1. Passwörter generieren mysql -e "CREATE USER IF NOT EXISTS 'icingaweb2'@'localhost' IDENTIFIED BY '${ICINGAWEB_DB_PASS}';"
echo "[INFO] Passwörter und API-Keys werden generiert." mysql -e "CREATE USER IF NOT EXISTS 'director'@'localhost' IDENTIFIED BY '${DIRECTOR_DB_PASS}';"
ICINGAWEB_DB_PASS=$(_generate_local_password 24) mysql -e "CREATE USER IF NOT EXISTS 'icinga_ido'@'localhost' IDENTIFIED BY '${ICINGA_IDO_DB_PASS}';"
DIRECTOR_DB_PASS=$(_generate_local_password 24)
ICINGADB_PASS=$(_generate_local_password 24)
ICINGA_API_USER_PASS=$(_generate_local_password 24)
ICINGAWEB_ADMIN_PASS=$(_generate_local_password 16)
GRAFANA_ADMIN_PASS=$(_generate_local_password 16)
INFLUX_ADMIN_TOKEN=$(_generate_local_password 40)
# 2. MariaDB konfigurieren mysql -e "GRANT ALL PRIVILEGES ON icingaweb2.* TO 'icingaweb2'@'localhost';"
echo "[INFO] MariaDB wird konfiguriert." mysql -e "GRANT ALL PRIVILEGES ON director.* TO 'director'@'localhost';"
# Ensure MariaDB is running for configuration mysql -e "GRANT ALL PRIVILEGES ON icinga_ido.* TO 'icinga_ido'@'localhost';"
systemctl start mariadb mysql -e "FLUSH PRIVILEGES;"
while ! mysqladmin ping -h localhost --silent; do sleep 1; done
mysql -e "CREATE DATABASE IF NOT EXISTS icingaweb2 CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;" systemctl start influxdb
mysql -e "CREATE DATABASE IF NOT EXISTS director CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;" influx setup --skip-verify --username admin --password "$GRAFANA_ADMIN_PASS" --org icinga --bucket icinga --token "$INFLUX_ADMIN_TOKEN" -f
mysql -e "CREATE DATABASE IF NOT EXISTS icingadb CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;" INFLUX_ICINGA_TOKEN=$(influx auth create --org icinga --all-access --json | grep -oP '"token": "\K[^"]+')
if [ -z "$INFLUX_ICINGA_TOKEN" ]; then echo "[ERROR] Konnte InfluxDB Token nicht erstellen." >&2; exit 1; fi
mysql -e "CREATE USER IF NOT EXISTS 'icingaweb2'@'localhost' IDENTIFIED BY '${ICINGAWEB_DB_PASS}';"
mysql -e "CREATE USER IF NOT EXISTS 'director'@'localhost' IDENTIFIED BY '${DIRECTOR_DB_PASS}';"
mysql -e "CREATE USER IF NOT EXISTS 'icingadb'@'localhost' IDENTIFIED BY '${ICINGADB_PASS}';"
mysql -e "GRANT ALL PRIVILEGES ON icingaweb2.* TO 'icingaweb2'@'localhost';" mkdir -p "$(dirname "$CRED_FILE")" && chmod 700 "$(dirname "$CRED_FILE")"
mysql -e "GRANT ALL PRIVILEGES ON director.* TO 'director'@'localhost';" {
mysql -e "GRANT ALL PRIVILEGES ON icingadb.* TO 'icingadb'@'localhost';"
mysql -e "FLUSH PRIVILEGES;"
# 3. Redis konfigurieren
echo "[INFO] Erstelle systemd-Override für Redis-Server."
mkdir -p /etc/systemd/system/redis-server.service.d
bash -c "cat > /etc/systemd/system/redis-server.service.d/override.conf" <<EOF
[Service]
# Deaktiviert die systemd-Benachrichtigung, um Kompatibilitätsprobleme in Containern zu vermeiden.
Supervised=no
EOF
# 4. InfluxDB 2 konfigurieren
echo "[INFO] InfluxDB 2 wird konfiguriert."
systemctl start influxdb
influx setup --skip-verify --username admin --password "$GRAFANA_ADMIN_PASS" --org icinga --bucket icinga --token "$INFLUX_ADMIN_TOKEN" -f
INFLUX_ICINGA_TOKEN=$(influx auth create --org icinga --all-access --json | grep -oP '"token": "\K[^"]+')
if [ -z "$INFLUX_ICINGA_TOKEN" ]; then echo "[ERROR] Konnte InfluxDB Token nicht erstellen." >&2; exit 1; fi
# 5. Credentials-Datei schreiben
echo "[INFO] Zugangsdaten werden in ${CRED_FILE} gespeichert."
mkdir -p "$(dirname "$CRED_FILE")" && chmod 700 "$(dirname "$CRED_FILE")"
{
echo "# --- Icinga Monitoring Stack Credentials ---" echo "# --- Icinga Monitoring Stack Credentials ---"
echo "URL: https://${ZAMBA_HOSTNAME:-$(hostname -f)}/icingaweb2; Benutzer: icingaadmin; Passwort: ${ICINGAWEB_ADMIN_PASS}" echo "URL: https://${ZAMBA_HOSTNAME:-$(hostname -f)}/icingaweb2; Benutzer: icingaadmin; Passwort: ${ICINGAWEB_ADMIN_PASS}"
echo "URL: https://${ZAMBA_HOSTNAME:-$(hostname -f)}/grafana; Benutzer: admin; Passwort: ${GRAFANA_ADMIN_PASS}" echo "URL: https://${ZAMBA_HOSTNAME:-$(hostname -f)}/grafana; Benutzer: admin; Passwort: ${GRAFANA_ADMIN_PASS}"
echo "InfluxDB Admin Token: ${INFLUX_ADMIN_TOKEN}" echo "InfluxDB Admin Token: ${INFLUX_ADMIN_TOKEN}"
echo "Icinga Director API: Benutzer: director; Passwort: ${ICINGA_API_USER_PASS}" echo "Icinga Director API: Benutzer: director; Passwort: ${ICINGA_API_USER_PASS}"
} > "$CRED_FILE" && chmod 600 "$CRED_FILE" } > "$CRED_FILE" && chmod 600 "$CRED_FILE"
# 6. Icinga2 Konfigurationsdateien schreiben systemctl enable --now icingadb-redis
echo "[INFO] Icinga2 Konfigurationsdateien werden geschrieben." bash -c "cat > /etc/icinga2/features-available/icingadb.conf" <<EOF
bash -c "cat > /etc/icinga2/features-available/icingadb.conf" <<EOF
library "icingadb" library "icingadb"
object IcingaDB "icingadb" { object IcingaDB "icingadb" {
host = "127.0.0.1" host = "127.0.0.1"
port = 6379 port = 6380
} }
EOF EOF
bash -c "cat > /etc/icinga2/conf.d/api-users.conf" <<EOF bash -c "cat > /etc/icinga2/conf.d/api-users.conf" <<EOF
object ApiUser "director" { object ApiUser "director" {
password = "${ICINGA_API_USER_PASS}" password = "${ICINGA_API_USER_PASS}"
permissions = [ "object/modify/*", "object/query/*", "status/query", "actions/*", "events/*" ] permissions = [ "object/modify/*", "object/query/*", "status/query", "actions/*", "events/*" ]
} }
EOF EOF
bash -c "cat > /etc/icinga2/features-available/influxdb2-writer.conf" <<EOF bash -c "cat > /etc/icinga2/features-available/influxdb2-writer.conf" <<EOF
object Influxdb2Writer "influxdb2-writer" { object Influxdb2Writer "influxdb2-writer" {
host = "http://127.0.0.1:8086" host = "http://127.0.0.1:8086"
organization = "icinga" organization = "icinga"
@ -161,31 +91,27 @@ object Influxdb2Writer "influxdb2-writer" {
auth_token = "${INFLUX_ICINGA_TOKEN}" auth_token = "${INFLUX_ICINGA_TOKEN}"
} }
EOF EOF
local FQDN=$(hostname -f)
bash -c "cat > /etc/icinga2/zones.conf" <<EOF bash -c "cat > /etc/icinga2/zones.conf" <<EOF
object Endpoint "${FQDN}" {} object Endpoint "$(hostname -f)" {}
object Zone "master" { endpoints = [ "${FQDN}" ] } object Zone "master" { endpoints = [ "$(hostname -f)" ] }
object Zone "global-templates" { global = true } object Zone "global-templates" { global = true }
object Zone "director-global" { global = true } object Zone "director-global" { global = true }
EOF EOF
bash -c "cat > /etc/icingadb/config.yml" <<EOF
# 7. IcingaDB konfigurieren
echo "[INFO] IcingaDB wird konfiguriert."
bash -c "cat > /etc/icingadb/config.yml" <<EOF
database: database:
dsn: icingadb@tcp(127.0.0.1:3306)/icingadb dsn: icingadb@tcp(127.0.0.1:3306)/icingadb
password: ${ICINGADB_PASS} password: ${ICINGADB_PASS}
redis: redis:
host: 127.0.0.1 host: 127.0.0.1
port: 6379 port: 6380
logging: logging:
level: info level: info
output: stdout output: stdout
EOF EOF
icinga2 feature enable icingadb
systemctl restart icinga2
# 8. Icinga Web 2 Konfigurationsdateien schreiben mkdir -p /etc/icingaweb2
echo "[INFO] Icinga Web 2 Konfigurationsdateien werden geschrieben."
mkdir -p /etc/icingaweb2
bash -c "cat > /etc/icingaweb2/resources.ini" <<EOF bash -c "cat > /etc/icingaweb2/resources.ini" <<EOF
[icingaweb_db] [icingaweb_db]
type = "db" type = "db"
@ -215,14 +141,12 @@ password = "${ICINGADB_PASS}"
charset = "utf8mb4" charset = "utf8mb4"
EOF EOF
# 9. Grafana konfigurieren systemctl stop grafana-server
echo "[INFO] Grafana wird konfiguriert." grafana-cli admin reset-admin-password "$GRAFANA_ADMIN_PASS"
systemctl stop grafana-server systemctl start grafana-server
grafana-cli admin reset-admin-password "$GRAFANA_ADMIN_PASS"
systemctl start grafana-server
mkdir -p /etc/grafana/provisioning/datasources mkdir -p /etc/grafana/provisioning/datasources
bash -c "cat > /etc/grafana/provisioning/datasources/influxdb.yaml" <<EOF bash -c "cat > /etc/grafana/provisioning/datasources/influxdb.yaml" <<EOF
apiVersion: 1 apiVersion: 1
datasources: datasources:
- name: InfluxDB-Icinga - name: InfluxDB-Icinga
@ -232,17 +156,15 @@ datasources:
jsonData: { version: "Flux", organization: "icinga", defaultBucket: "icinga" } jsonData: { version: "Flux", organization: "icinga", defaultBucket: "icinga" }
secureJsonData: { token: "${INFLUX_ICINGA_TOKEN}" } secureJsonData: { token: "${INFLUX_ICINGA_TOKEN}" }
EOF EOF
chown grafana:grafana /etc/grafana/provisioning/datasources/influxdb.yaml chown grafana:grafana /etc/grafana/provisioning/datasources/influxdb.yaml
# 10. Nginx TLS Konfiguration mkdir -p /etc/nginx/ssl
echo "[INFO] Nginx für TLS wird konfiguriert." if [ ! -L /etc/nginx/ssl/fullchain.pem ]; then
mkdir -p /etc/nginx/ssl
if [ ! -L /etc/nginx/ssl/fullchain.pem ]; then
ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/nginx/ssl/fullchain.pem ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/nginx/ssl/fullchain.pem
ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/nginx/ssl/privkey.pem ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/nginx/ssl/privkey.pem
fi fi
bash -c "cat > /etc/nginx/sites-available/icinga-stack" <<EOF bash -c "cat > /etc/nginx/sites-available/icinga-stack" <<EOF
server { server {
listen 80; listen 80;
server_name ${ZAMBA_HOSTNAME:-$(hostname -f)}; server_name ${ZAMBA_HOSTNAME:-$(hostname -f)};
@ -272,70 +194,46 @@ server {
} }
} }
EOF EOF
ln -sf /etc/nginx/sites-available/icinga-stack /etc/nginx/sites-enabled/
rm -f /etc/nginx/sites-enabled/default
sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/' "/etc/php/${PHP_VERSION}/fpm/php.ini" ln -sf /etc/nginx/sites-available/icinga-stack /etc/nginx/sites-enabled/
sed -i "s|;date.timezone =|date.timezone = $(cat /etc/timezone)|" "/etc/php/${PHP_VERSION}/fpm/php.ini" rm -f /etc/nginx/sites-enabled/default
}
_setup() { sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/' "/etc/php/${PHP_VERSION}/fpm/php.ini"
echo "" sed -i "s|;date.timezone =|date.timezone = $(cat /etc/timezone)|" "/etc/php/${PHP_VERSION}/fpm/php.ini"
echo "================================================="
echo " Phase 3: Setup und finaler Neustart (IcingaDB Edition)"
echo "================================================="
echo ""
echo "[INFO] Icinga2 API wird initialisiert und Zertifikate werden erstellt." icinga2 api setup
icinga2 api setup systemctl enable icinga2 mariadb nginx php${PHP_VERSION}-fpm influxdb grafana-server icingadb icingadb-redis
echo "[INFO] Aktiviere und starte alle Dienste in der korrekten Reihenfolge." systemctl start mariadb
systemctl enable icinga2 mariadb redis-server nginx php${PHP_VERSION}-fpm influxdb grafana-server icingadb while ! mysqladmin ping -h localhost --silent; do sleep 2; done
systemctl daemon-reload # Um Redis-Override zu laden systemctl start icinga2 icingadb-redis nginx php${PHP_VERSION}-fpm influxdb grafana-server icingadb
systemctl start mariadb IWEB_SCHEMA="/usr/share/icingaweb2/schema/mysql.schema.sql"
systemctl start redis-server DIRECTOR_SCHEMA="/usr/share/icingaweb2/modules/director/schema/mysql.sql"
ICINGADB_SCHEMA="/usr/share/icingadb/schema/mysql/schema.sql"
echo "[INFO] Warte auf MariaDB-Dienst..." if [ ! -f "$IWEB_SCHEMA" ]; then echo "[ERROR] IcingaWeb-Schema nicht gefunden: $IWEB_SCHEMA" >&2; exit 1; fi
while ! mysqladmin ping -h localhost --silent; do sleep 2; done if [ ! -f "$DIRECTOR_SCHEMA" ]; then echo "[ERROR] Director-Schema nicht gefunden: $DIRECTOR_SCHEMA" >&2; exit 1; fi
echo "[INFO] MariaDB ist bereit." if [ ! -f "$ICINGADB_SCHEMA" ]; then echo "[ERROR] IcingaDB-Schema nicht gefunden: $ICINGADB_SCHEMA" >&2; exit 1; fi
echo "[INFO] Warte auf Redis-Dienst..."
while ! redis-cli ping | grep -q PONG; do sleep 2; done
echo "[INFO] Redis ist bereit."
# Starte restliche Dienste if ! mysql -e "use icingaweb2; show tables;" | grep -q "icingaweb_user"; then
systemctl start icinga2 nginx php${PHP_VERSION}-fpm influxdb grafana-server icingadb
echo "[INFO] Datenbank-Schemas werden importiert."
local IWEB_SCHEMA="/usr/share/icingaweb2/schema/mysql.schema.sql"
local DIRECTOR_SCHEMA="/usr/share/icingaweb2/modules/director/schema/mysql.sql"
local ICINGADB_SCHEMA="/usr/share/icingadb/schema/mysql/schema.sql"
if [ ! -f "$IWEB_SCHEMA" ]; then echo "[ERROR] IcingaWeb-Schema nicht gefunden: $IWEB_SCHEMA" >&2; exit 1; fi
if [ ! -f "$DIRECTOR_SCHEMA" ]; then echo "[ERROR] Director-Schema nicht gefunden: $DIRECTOR_SCHEMA" >&2; exit 1; fi
if [ ! -f "$ICINGADB_SCHEMA" ]; then echo "[ERROR] IcingaDB-Schema nicht gefunden: $ICINGADB_SCHEMA" >&2; exit 1; fi
if ! mysql -e "use icingaweb2; show tables;" | grep -q "icingaweb_user"; then
echo "[INFO] Importiere IcingaWeb2-Schema..." echo "[INFO] Importiere IcingaWeb2-Schema..."
mysql icingaweb2 < "$IWEB_SCHEMA" mysql icingaweb2 < "$IWEB_SCHEMA"
fi fi
if ! mysql -e "use director; show tables;" | grep -q "director_datafield"; then if ! mysql -e "use director; show tables;" | grep -q "director_datafield"; then
echo "[INFO] Importiere Icinga Director-Schema..." echo "[INFO] Importiere Icinga Director-Schema..."
mysql director < "$DIRECTOR_SCHEMA" mysql director < "$DIRECTOR_SCHEMA"
fi fi
if ! mysql -e "use icingadb; show tables;" | grep -q "icingadb_schema_migration"; then if ! mysql -e "use icingadb; show tables;" | grep -q "icingadb_schema_migration"; then
echo "[INFO] Importiere IcingaDB-Schema..." echo "[INFO] Importiere IcingaDB-Schema..."
mysql icingadb < "$ICINGADB_SCHEMA" mysql icingadb < "$ICINGADB_SCHEMA"
fi fi
icinga2 feature enable icingadb api influxdb2-writer
echo "[INFO] Icinga2 Features werden aktiviert." bash -c "cat > /etc/icingaweb2/config.ini" <<EOF
icinga2 feature enable icingadb api influxdb2-writer >/dev/null
echo "[INFO] Erstelle Icinga Web 2 Kernkonfiguration."
bash -c "cat > /etc/icingaweb2/config.ini" <<EOF
[global] [global]
show_stacktraces = "0" show_stacktraces = "0"
config_backend = "db" config_backend = "db"
@ -345,34 +243,35 @@ log = "file"
log_file = "/var/log/icingaweb2/icingaweb2.log" log_file = "/var/log/icingaweb2/icingaweb2.log"
level = "ERROR" level = "ERROR"
EOF EOF
bash -c "cat > /etc/icingaweb2/authentication.ini" <<EOF
bash -c "cat > /etc/icingaweb2/authentication.ini" <<EOF
[icinga-web-admin] [icinga-web-admin]
backend = "db" backend = "db"
resource = "icingaweb_db" resource = "icingaweb_db"
EOF EOF
bash -c "cat > /etc/icingaweb2/roles.ini" <<EOF
bash -c "cat > /etc/icingaweb2/roles.ini" <<EOF
[Administrators] [Administrators]
users = "icingaadmin" users = "icingaadmin"
permissions = "*" permissions = "*"
groups = "Administrators" groups = "Administrators"
EOF EOF
mkdir -p /etc/icingaweb2/modules/monitoring mkdir -p /etc/icingaweb2/modules/monitoring
bash -c "cat > /etc/icingaweb2/modules/monitoring/backends.ini" <<EOF bash -c "cat > /etc/icingaweb2/modules/monitoring/backends.ini" <<EOF
[icingadb] [icingadb]
backend = "icingadb" backend = "icingadb"
resource = "icingadb" resource = "icingadb"
EOF EOF
mkdir -p /etc/icingaweb2/modules/director mkdir -p /etc/icingaweb2/modules/director
bash -c "cat > /etc/icingaweb2/modules/director/config.ini" <<EOF bash -c "cat > /etc/icingaweb2/modules/director/config.ini" <<EOF
[db] [db]
resource = "director_db" resource = "director_db"
EOF EOF
# Konfiguration für perfdatagraphs mkdir -p /etc/icingaweb2/modules/perfdatagraphs
mkdir -p /etc/icingaweb2/modules/perfdatagraphs bash -c "cat > /etc/icingaweb2/modules/perfdatagraphs/config.ini" <<EOF
bash -c "cat > /etc/icingaweb2/modules/perfdatagraphs/config.ini" <<EOF
[influxdb2] [influxdb2]
backend = "influxdb2" backend = "influxdb2"
url = "http://127.0.0.1:8086" url = "http://127.0.0.1:8086"
@ -384,30 +283,30 @@ bucket = "icinga"
backend = "influxdb2" backend = "influxdb2"
EOF EOF
echo "[INFO] Icinga Web 2 Module werden in korrekter Reihenfolge aktiviert." echo "[INFO] Icinga Web 2 Module werden in korrekter Reihenfolge aktiviert."
icingacli module enable ipl icingacli module enable ipl
icingacli module enable reactbundle icingacli module enable reactbundle
icingacli module enable incubator icingacli module enable incubator
icingacli module enable director icingacli module enable director
icingacli module enable icingadb icingacli module enable icingadb
icingacli module enable perfdatagraphs icingacli module enable perfdatagraphs
echo "[INFO] Alle Services werden neu gestartet, um die finale Konfiguration zu laden." echo "[INFO] Alle Services werden neu gestartet, um die finale Konfiguration zu laden."
systemctl restart mariadb systemctl restart mariadb
systemctl restart redis-server systemctl restart redis-server
systemctl restart icinga2 systemctl restart icinga2
systemctl restart php${PHP_VERSION}-fpm systemctl restart php${PHP_VERSION}-fpm
systemctl restart nginx systemctl restart nginx
systemctl restart grafana-server systemctl restart grafana-server
systemctl restart icingadb systemctl restart icingadb
echo "[INFO] Füge Icinga Web 2 Admin-Benutzer direkt in die Datenbank ein." echo "[INFO] Füge Icinga Web 2 Admin-Benutzer direkt in die Datenbank ein."
local PASSWORD_HASH=$(php -r "echo password_hash('${ICINGAWEB_ADMIN_PASS}', PASSWORD_BCRYPT);") PASSWORD_HASH=$(php -r "echo password_hash('${ICINGAWEB_ADMIN_PASS}', PASSWORD_BCRYPT);")
mysql icingaweb2 -e "INSERT INTO icingaweb_user (name, active, password_hash) VALUES ('icingaadmin', 1, '${PASSWORD_HASH}') ON DUPLICATE KEY UPDATE password_hash='${PASSWORD_HASH}';" mysql icingaweb2 -e "INSERT INTO icingaweb_user (name, active, password_hash) VALUES ('icingaadmin', 1, '${PASSWORD_HASH}') ON DUPLICATE KEY UPDATE password_hash='${PASSWORD_HASH}';"
echo "[INFO] Warte auf Icinga Web 2 und API..." echo "[INFO] Warte auf Icinga Web 2 und API..."
local counter=0 counter=0
while ! icingacli director migration run >/dev/null 2>&1; do while ! icingacli director migration run >/dev/null 2>&1; do
counter=$((counter + 1)) counter=$((counter + 1))
if [ "$counter" -gt 15 ]; then if [ "$counter" -gt 15 ]; then
echo "[ERROR] Icinga Director wurde nach 30 Sekunden nicht bereit." >&2 echo "[ERROR] Icinga Director wurde nach 30 Sekunden nicht bereit." >&2
@ -415,11 +314,11 @@ EOF
fi fi
echo "[INFO] Director ist noch nicht bereit, warte 2 Sekunden... (Versuch ${counter}/15)" echo "[INFO] Director ist noch nicht bereit, warte 2 Sekunden... (Versuch ${counter}/15)"
sleep 2 sleep 2
done done
echo "[INFO] Icinga Director ist bereit." echo "[INFO] Icinga Director ist bereit."
echo "[INFO] Icinga Director Setup wird ausgeführt." echo "[INFO] Icinga Director Setup wird ausgeführt."
bash -c "cat > /etc/icingaweb2/modules/director/kickstart.ini" <<EOF bash -c "cat > /etc/icingaweb2/modules/director/kickstart.ini" <<EOF
[config] [config]
endpoint = "$(hostname -f)" endpoint = "$(hostname -f)"
host = "127.0.0.1" host = "127.0.0.1"
@ -427,50 +326,25 @@ port = "5665"
username = "director" username = "director"
password = "${ICINGA_API_USER_PASS}" password = "${ICINGA_API_USER_PASS}"
EOF EOF
icingacli director kickstart run icingacli director kickstart run
rm /etc/icingaweb2/modules/director/kickstart.ini rm /etc/icingaweb2/modules/director/kickstart.ini
echo "[INFO] Director Konfiguration wird angewendet." echo "[INFO] Director Konfiguration wird angewendet."
icingacli director config deploy icingacli director config deploy
}
_info() { echo ""
echo "" echo "================================================="
echo "=================================================" echo " Installation des Icinga Monitoring Stacks abgeschlossen"
echo " Installation des Icinga Monitoring Stacks abgeschlossen" echo "================================================="
echo "=================================================" echo ""
echo "" echo "Die Konfiguration wurde erfolgreich abgeschlossen."
echo "Die Konfiguration wurde erfolgreich abgeschlossen." echo "Alle notwendigen Passwörter, Logins und API-Keys wurden generiert."
echo "Alle notwendigen Passwörter, Logins und API-Keys wurden generiert." echo ""
echo "" echo "Sie finden alle Zugangsdaten in der folgenden Datei:"
echo "Sie finden alle Zugangsdaten in der folgenden Datei:" echo " ${CRED_FILE}"
echo " ${CRED_FILE}" echo ""
echo "" echo "Wichtige URLs:"
echo "Wichtige URLs:" echo " Icinga Web 2: https://${ZAMBA_HOSTNAME:-$(hostname -f)}/icingaweb2"
echo " Icinga Web 2: https://${ZAMBA_HOSTNAME:-$(hostname -f)}/icingaweb2" echo " IcingaDB Web: https://${ZAMBA_HOSTNAME:-$(hostname -f)}/icingadb-web"
echo " IcingaDB Web: https://${ZAMBA_HOSTNAME:-$(hostname -f)}/icingadb-web" echo " Grafana: https://${ZAMBA_HOSTNAME:-$(hostname -f)}/grafana"
echo " Grafana: https://${ZAMBA_HOSTNAME:-$(hostname -f)}/grafana" echo ""
echo ""
}
# --- Main Execution Logic ---
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
if [ "$EUID" -ne 0 ]; then
echo "[ERROR] Dieses Skript muss als Root ausgeführt werden."
exit 1
fi
if [ -f ./constants-service.conf ]; then
source ./constants-service.conf
else
echo "[ERROR] Die Datei 'constants-service.conf' wird für den Standalone-Betrieb benötigt."
exit 1
fi
ZAMBA_HOSTNAME=${ZAMBA_HOSTNAME:-$(hostname -f)}
set -euo pipefail
_install
_configure
_setup
_info
set +euo pipefail
exit 0
fi