From 59b5e2d29c404fee28448050b1d6e8d5d6cf24e0 Mon Sep 17 00:00:00 2001 From: Thomas Preissler Date: Tue, 26 Oct 2021 23:27:33 +0100 Subject: [PATCH 1/5] Introduce -dist files, and gitignore .env and secrets.env --- .env-dist | 7 +++++++ .gitignore | 1 + secrets.env-dist | 51 ++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 59 insertions(+) create mode 100644 .env-dist create mode 100644 secrets.env-dist diff --git a/.env-dist b/.env-dist new file mode 100644 index 0000000..691ed4e --- /dev/null +++ b/.env-dist @@ -0,0 +1,7 @@ +# .env file. This file is read by Dockerfile and docker-compose.yaml + +# Icinga2 machine information +# for instance myfirstmaster, mysecondsatellite +FIRSTNAME=icinga2-master-1 +# GUESS WHAT +DOMAINNAME=example.com diff --git a/.gitignore b/.gitignore index 3b81cb8..afd336a 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ icinga2-master-* .env *.swn secrets.env +.env diff --git a/secrets.env-dist b/secrets.env-dist new file mode 100644 index 0000000..46f98c5 --- /dev/null +++ b/secrets.env-dist @@ -0,0 +1,51 @@ +# Put your secrets here. +# Remember! Containers can only read this file, while settings in docker-compose.yaml and Dockerfile(s) are read by .env file +# Master or satellite? +TYPE=master + +# influxdb/PNP +PERFDATA=influxdb + +# Localtime +LOCALTIME=Europe/London + +# Maria Db +MYSQL_ROOT_PASSWORD=prova +ICINGA_PASSWORD=prova +ICINGAWEB2_PASSWORD=prova + +# Icinga2 / Icingaweb2 +ICINGA2_USER_FULLNAME=Icinga2 super cool user +ICINGAWEB2_ADMIN_USER=icingaadmin +ICINGAWEB2_ADMIN_PASS=icinga + +# Set 'master' if you are configuring a master +ICINGA2_ZONE=master + +# The following are used by a satellite setup: +ICINGA2_MASTER_IP=xxxxx +ICINGA2_PORT=5665 +ICINGA2_MASTER=xxxx +ICINGA2_TICKET=xxx + +# Icinga Director +DIRECTOR_DB=director +DIRECTOR_USER=director +DIRECTOR_USER_PASSWORD=secret + +# Icinga Endpoint +DIRECTOR_EP=icinga2-master-1-core +DIRECTOR_EP_USER=director +DIRECTOR_EP_PASSWORD=director + +# INFLUXDB configuration +INFLUXDB_DB=icinga2 +INFLUXDB_USER=icinga2 +INFLUXDB_USER_PASSWORD=segretissimo + +# Grafana configuration - ignore if you are using pnp +GF_DEFAULT_INSTANCE_NAME=icinga2-grafana +GF_SECURITY_ADMIN_PASSWORD=secretissimo +GF_AUTH_ANONYMOUS=true +GF_ORG_NAME=Randsolutions SRL #your society +GF_ORG_ROLE=viewer #to just view graphs without authentication From 6b2cf0294eaf50d14e678ff6c4fa3afcc1fdc973 Mon Sep 17 00:00:00 2001 From: Thomas Preissler Date: Tue, 26 Oct 2021 23:27:50 +0100 Subject: [PATCH 2/5] Update README.md --- README.md | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index da613ca..e7b49ed 100644 --- a/README.md +++ b/README.md @@ -8,24 +8,23 @@ It is slightly based on the original Dockerfile by [https://github.com/jjethwa/i 1. Features four containers: - core: the icinga2 system, plus the ssmtp facility - - web: icingaweb2, the web-based, eye-candy gui, plus pnp4nagios + - web: icingaweb2, the web-based, eye-candy gui and director - sql: library/mariadb (no modification, no dockerfile, just as-is) - snmptrap: an snmptrap system based on snmptt, snmptrapd -1. Based on debian:jessie-slim (core, snmptrap) and debian:stretch-slim (web) +1. Based on debian:bullseye-slim (core, snmptrap) and debian:bullseye-slim (web) 1. Key-Features: - icinga2 - auto-setup as a satellite or a master, you choose! - icingacli - icingaweb2 - - icingaweb2-pnp4nagios module + - director + required modules - ssmtp - MariaDB - Supervisor - Apache2 - SSL Support - - pnp4nagios - a bunch of special plugins for monitoring ups, printer and temp sensor (via SNMP) ## Usage @@ -89,6 +88,7 @@ The following two files are used to store variables: - .env - secrets.env +Examples are provided via their respective -dist files. Please use those as a starting point. The .env file is read by the docker-compose and contains the two variables: | Variable | Description & Usage | @@ -115,13 +115,22 @@ The secrets.env is ready by containers and contains the variables employed to co | ICINGA2\_PORT | core | port of your master (satellite setup) | | ICINGA2\_MASTER | core | FQDN of your master (satellite setup) | | ICINGA2\_TICKET | core | ticket generated by the master for your satellite (type icinga2 pki ticket --cn yoursatellitefqdn on master) | +| DIRECTOR_DB | sql, web | DB for Director | +| DIRECTOR_USER | sql, web | DB user for Director | +| DIRECTOR_USER_PASSWORD | sql, web | DB user password for Directory | +| DIRECTOR_EP | web | Endpoint name used by Director | +| DIRECTOR_EP_USER | web | Username for endpoint name | +| DIRECTOR_EP_PASSWORD | web | Password for endpoint name | +| INFLUXDB_DB | core | Influx DB name | +| INFLUXDB_USER | core | Username to connect to Influx | +| INFLUXDB_USER_PASSWORD | core | Password for connecting to Influx DB | | SMTP\_ROOT | core | user that gets the mail | -|SMTP\_MAILHOST | core | smtp server address | -|SMTP\_PORT | core | smtp server port | -|SMTP\_USER | core | smtp server user | -|SMTP\_PASS | core | smtp server password | -|SMTP\_USE\_STARTTLS | core | use starttls? yes/no | -|SMTP\_FROM\_OVERRIDE | core| smtp from override? yes/no | +| SMTP\_MAILHOST | core | smtp server address | +| SMTP\_PORT | core | smtp server port | +| SMTP\_USER | core | smtp server user | +| SMTP\_PASS | core | smtp server password | +| SMTP\_USE\_STARTTLS | core | use starttls? yes/no | +| SMTP\_FROM\_OVERRIDE | core| smtp from override? yes/no | From b328f9a4aa41b8ad8ab7e65476f823d17d116b50 Mon Sep 17 00:00:00 2001 From: Thomas Preissler Date: Tue, 26 Oct 2021 23:28:16 +0100 Subject: [PATCH 3/5] Re-add grafana container again, but commented out --- docker-compose-grafana.template | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docker-compose-grafana.template b/docker-compose-grafana.template index c084c6a..367d34b 100644 --- a/docker-compose-grafana.template +++ b/docker-compose-grafana.template @@ -29,6 +29,13 @@ services: hostname: ${FIRSTNAME}-sql volumes: - ./${FIRSTNAME}-container/lib/mysql:/var/lib/mysql +# grafana: +# image: grafana/grafana +# env_file: ./secrets.env +# domainname: ${DOMAINNAME} +# hostname: ${FIRSTNAME}-grafana +# volumes: +# - ./${FIRSTNAME}-container/lib/grafana:/var/lib/grafana influxdb: image: arm32v7/influxdb env_file: ./secrets.env From 0fc06f9a5eedff4f3ded1408905bdc9fc207e592 Mon Sep 17 00:00:00 2001 From: Thomas Preissler Date: Tue, 26 Oct 2021 23:33:21 +0100 Subject: [PATCH 4/5] Comment ofr influxdb on x86_64 --- docker-compose-grafana.template | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-compose-grafana.template b/docker-compose-grafana.template index 367d34b..e7b8451 100644 --- a/docker-compose-grafana.template +++ b/docker-compose-grafana.template @@ -37,6 +37,7 @@ services: # volumes: # - ./${FIRSTNAME}-container/lib/grafana:/var/lib/grafana influxdb: + # just use "influxdb" on x86_64 image: arm32v7/influxdb env_file: ./secrets.env domainname: ${DOMAINNAME} From e4a1ccd1750e56acba9bee1862287f5f1f474cfa Mon Sep 17 00:00:00 2001 From: Thomas Preissler Date: Fri, 29 Oct 2021 10:23:53 +0100 Subject: [PATCH 5/5] Reorganize director to ensure it's all ok after container restarts --- core/content/opt/run | 18 ----------- web/content/opt/run | 4 +-- web/content/opt/setup/director | 47 +++++------------------------ web/content/opt/setup/icingaweb2 | 51 +++++++++++++++++++++++++++++++- 4 files changed, 58 insertions(+), 62 deletions(-) diff --git a/core/content/opt/run b/core/content/opt/run index 3a706b3..a7c847c 100755 --- a/core/content/opt/run +++ b/core/content/opt/run @@ -105,24 +105,6 @@ object IdoMysqlConnection "ido-mysql" { END fi -cat >> /etc/icinga2/conf.d/api-users.conf <<-END - -object ApiUser "director" { - password = "director" - permissions = [ "*" ] - //client_cn = "" -} - -END - -cat >> /etc/icinga2/zones.d/director.conf <<-END - -object Zone "director-global" { - global = true -} - -END - icinga2 feature enable ido-mysql #ssmtp factory defaults diff --git a/web/content/opt/run b/web/content/opt/run index 494f444..de5f903 100755 --- a/web/content/opt/run +++ b/web/content/opt/run @@ -54,9 +54,7 @@ if [ ! -d "/var/lib/mysql/director" ]; then END fi -if ! id "icingadirector" &>/dev/null; then - /opt/setup/director -fi +/opt/setup/director # If we cannot find nagvis conf, run conf script if [ ! -f "/usr/local/nagvis/etc/nagvis.ini.php" ]; then diff --git a/web/content/opt/setup/director b/web/content/opt/setup/director index 32bb320..b28d46b 100755 --- a/web/content/opt/setup/director +++ b/web/content/opt/setup/director @@ -1,47 +1,14 @@ #!/bin/bash -mkdir -p /etc/icingaweb2/modules/director - -cat >> /etc/icingaweb2/resources.ini <<-END - -[Director DB] -type = "db" -db = "mysql" -host = "sql" -dbname = "director" -username = "director" -password = "${DIRECTOR_USER_PASSWORD}" -charset = "utf8" -END - -cat >> /etc/icingaweb2/modules/director/config.ini <<-END - -[db] -resource = "Director DB" -END - -cat >> /etc/icingaweb2/modules/director/kickstart.ini <<-END - -[config] -endpoint = ${DIRECTOR_EP} -; host = 127.0.0.1 -; port = 5665 -username = ${DIRECTOR_EP_USER} -password = ${DIRECTOR_EP_USER} - -END - -# Now finally, we can enable everything -icingacli module enable director -icingacli module enable reactbundle -icingacli module enable ipl -icingacli module enable incubator - # Add the user to run its daemon -useradd -r -g icingaweb2 -G www-data -d /var/lib/icingadirector -s /bin/false icingadirector -install -d -o icingadirector -g icingaweb2 -m 0750 /var/lib/icingadirector +if ! id "icingadirector" &>/dev/null; then + useradd -r -g icingaweb2 -G www-data -d /var/lib/icingadirector -s /bin/false icingadirector +fi +if [ ! -e /var/lib/icingadirector ] ; then + install -d -o icingadirector -g icingaweb2 -m 0750 /var/lib/icingadirector +fi su - icingadirector -s /bin/bash -c "/usr/bin/icingacli director daemon run" & -# Run the DB schema import +# Run the DB migration icingacli director migration run --verbose diff --git a/web/content/opt/setup/icingaweb2 b/web/content/opt/setup/icingaweb2 index 03f12e3..2a248cc 100755 --- a/web/content/opt/setup/icingaweb2 +++ b/web/content/opt/setup/icingaweb2 @@ -103,6 +103,22 @@ cat >> /etc/icingaweb2/modules/monitoring/config.ini <<-END protected_customvars = "*pw*,*pass*,community" END +cat >> /etc/icinga2/conf.d/api-users.conf <<-END + +object ApiUser "director" { + password = "director" + permissions = [ "*" ] + //client_cn = "" +} +END + +cat >> /etc/icinga2/zones.d/director.conf <<-END + +object Zone "director-global" { + global = true +} +END + # cookie in config.ini cat >> /etc/icingaweb2/config.ini <<-END @@ -110,6 +126,36 @@ cat >> /etc/icingaweb2/config.ini <<-END path = / END +mkdir -p /etc/icingaweb2/modules/director + +cat >> /etc/icingaweb2/resources.ini <<-END + +[Director DB] +type = "db" +db = "mysql" +host = "sql" +dbname = "director" +username = "director" +password = "${DIRECTOR_USER_PASSWORD}" +charset = "utf8" +END + +cat >> /etc/icingaweb2/modules/director/config.ini <<-END + +[db] +resource = "Director DB" +END + +cat >> /etc/icingaweb2/modules/director/kickstart.ini <<-END + +[config] +endpoint = ${DIRECTOR_EP} +; host = 127.0.0.1 +; port = 5665 +username = ${DIRECTOR_EP_USER} +password = ${DIRECTOR_EP_USER} +END + # enable modules icingacli module enable monitoring icingacli module enable doc @@ -118,7 +164,10 @@ icingacli module enable cube icingacli module enable map icingacli module enable nagvis icingacli module enable company +icingacli module enable director +icingacli module enable reactbundle +icingacli module enable ipl +icingacli module enable incubator # commit ourselves touch /etc/icingaweb2/CONFIGURED -