As a follow up question to How to set up Icinga2 remote client without using CLI wizard?, I want to setup the master in an automated way.
Asked
Active
Viewed 3,503 times
1 Answers
1
Example script to solve the question above. Enjoy!
HOSTNAME=`cat /etc/hostname`
icinga2 pki new-ca
chown nagios:nagios /etc/icinga2/pki
icinga2 pki new-cert --cn ${HOSTNAME} --key /etc/icinga2/pki/${HOSTNAME}.key --csr /etc/icinga2/pki/${HOSTNAME}.csr --cert /etc/icinga2/pki/${HOSTNAME}.crt
icinga2 pki sign-csr --csr /etc/icinga2/pki/${HOSTNAME}.csr --cert /etc/icinga2/pki/${HOSTNAME}.crt # typo fixed :)
cp -vR --preserve=all /var/lib/icinga2/ca/ca.crt /etc/icinga2/pki
cat >/etc/icinga2/zones.conf << EOFZONECONF
/**
* Generated by $0.
*/
object Endpoint "${HOSTNAME}" {
}
object Zone "master" {
//this is the local node master named = "master"
endpoints = [ "${HOSTNAME}" ]
}
EOFZONECONF
icinga2 feature enable api
# The next three lines modify the NodeName and TicketSalt assignments
sed -i "s/\/\/const NodeName.*/const NodeName = \"${HOSTNAME}\"/" /etc/icinga2/constants.conf
SALT=`cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 16 | head -n 1`
sed -i "s/const TicketSalt.*/const TicketSalt = \"${SALT}\"/" /etc/icinga2/constants.conf
service icinga2 restart
-
Could you explain what this means? – Nixphoe Oct 20 '15 at 13:30
-
Are you familiar with icinga? – louisgab Oct 20 '15 at 13:31
-
You are not generating the csr you are signing later. – dnsmichi Oct 31 '15 at 22:21
-
Nice catch! I missed a line when copy pasting / editing for this entry, now added at line 4 above. – louisgab Nov 05 '15 at 14:44