bodsch/gist:2cc3c1fe5f5869df28de53ccddfaffd6

## gistfile1.txt
#!/bin/bash

set -e

ICINGA_VERSION=$(icinga2 --version | head -n1 | awk -F 'version: ' '{printf $2}' | grep -Po '(?<=r)\d.\d')
ICINGA_CERT_SERVICE_BA_USER=admin
ICINGA_CERT_SERVICE_BA_PASSWORD=admin
ICINGA_CERT_SERVICE_API_USER=root
ICINGA_CERT_SERVICE_API_PASSWORD=${ICINGA_CERT_SERVICE_API_PASSWORD:-''}
HOSTNAME=$(grep '^const NodeName' /etc/icinga2/constants.conf | awk -F ' = ' '{printf $2}' | sed -e 's|"||g')
ICINGA_CERT_SERVICE_SERVER=${ICINGA_CERT_SERVICE_SERVER:-''}
ICINGA_CERT_SERVICE_PORT=4567

ICINGA_CERT_DIR="/etc/icinga2/pki"

[ "${ICINGA_VERSION}" = "2.8" ] && ICINGA_CERT_DIR="/var/lib/icinga2/certs"

[ -d ${ICINGA_CERT_DIR} ] || mkdir -vp ${ICINGA_CERT_DIR}


[ -z ${HOSTNAME} ] && exit 1

WORK_DIR=/tmp

mkdir -vp ${WORK_DIR}/pki/${HOSTNAME}
cd ${WORK_DIR}/pki/${HOSTNAME}

    curl \
      --request GET \
      --user ${ICINGA_CERT_SERVICE_BA_USER}:${ICINGA_CERT_SERVICE_BA_PASSWORD} \
      --silent \
      --header "X-API-USER: ${ICINGA_CERT_SERVICE_API_USER}" \
      --header "X-API-KEY: ${ICINGA_CERT_SERVICE_API_PASSWORD}" \
      --output /tmp/request_${HOSTNAME}.json \
      http://${ICINGA_CERT_SERVICE_SERVER}:${ICINGA_CERT_SERVICE_PORT}/v2/request/${HOSTNAME}


checksum=$(jq --raw-output .checksum /tmp/request_${HOSTNAME}.json)
masterName=$(jq --raw-output .master_name /tmp/request_${HOSTNAME}.json)

ICINGA_MASTER=${masterName}

    curl \
      --request GET \
      --user ${ICINGA_CERT_SERVICE_BA_USER}:${ICINGA_CERT_SERVICE_BA_PASSWORD} \
      --silent \
      --header "X-API-USER: ${ICINGA_CERT_SERVICE_API_USER}" \
      --header "X-API-KEY: ${ICINGA_CERT_SERVICE_API_PASSWORD}" \
      --header "X-CHECKSUM: ${checksum}" \
      --output ${WORK_DIR}/pki/${HOSTNAME}/${HOSTNAME}.tgz \
       http://${ICINGA_CERT_SERVICE_SERVER}:${ICINGA_CERT_SERVICE_PORT}/v2/cert/${HOSTNAME}

tar -xzf ${HOSTNAME}.tgz

mv * ${ICINGA_CERT_DIR}/

chown -R icinga ${ICINGA_CERT_DIR}

cat << EOF > /etc/icinga2/zones.conf

object Endpoint "${masterName}" {
  ### Folgende Zeile legt fest, dass der Satellite die Verbindung zum Master aufbaut und nicht umgekehrt
  host = "${ICINGA_MASTER}"
  port = "5665"
}

object Zone "master" {
      endpoints = [ "${masterName}" ]
}

object Endpoint NodeName {
}

object Zone ZoneName {
  endpoints = [ NodeName ]
  parent = "master"
}

object Zone "global-templates" {
  global = true
}

EOF

chown icinga: /etc/icinga2/*

icinga2 daemon --validate

echo "done"
	#!/bin/bash

	set -e

	ICINGA_VERSION=$(icinga2 --version \| head -n1 \| awk -F 'version: ' '{printf $2}' \| grep -Po '(?<=r)\d.\d')
	ICINGA_CERT_SERVICE_BA_USER=admin
	ICINGA_CERT_SERVICE_BA_PASSWORD=admin
	ICINGA_CERT_SERVICE_API_USER=root
	ICINGA_CERT_SERVICE_API_PASSWORD=${ICINGA_CERT_SERVICE_API_PASSWORD:-''}
	HOSTNAME=$(grep '^const NodeName' /etc/icinga2/constants.conf \| awk -F ' = ' '{printf $2}' \| sed -e 's\|"\|\|g')
	ICINGA_CERT_SERVICE_SERVER=${ICINGA_CERT_SERVICE_SERVER:-''}
	ICINGA_CERT_SERVICE_PORT=4567

	ICINGA_CERT_DIR="/etc/icinga2/pki"

	[ "${ICINGA_VERSION}" = "2.8" ] && ICINGA_CERT_DIR="/var/lib/icinga2/certs"

	[ -d ${ICINGA_CERT_DIR} ] \|\| mkdir -vp ${ICINGA_CERT_DIR}



	[ -z ${HOSTNAME} ] && exit 1

	WORK_DIR=/tmp

	mkdir -vp ${WORK_DIR}/pki/${HOSTNAME}
	cd ${WORK_DIR}/pki/${HOSTNAME}

	curl \
	--request GET \
	--user ${ICINGA_CERT_SERVICE_BA_USER}:${ICINGA_CERT_SERVICE_BA_PASSWORD} \
	--silent \
	--header "X-API-USER: ${ICINGA_CERT_SERVICE_API_USER}" \
	--header "X-API-KEY: ${ICINGA_CERT_SERVICE_API_PASSWORD}" \
	--output /tmp/request_${HOSTNAME}.json \
	http://${ICINGA_CERT_SERVICE_SERVER}:${ICINGA_CERT_SERVICE_PORT}/v2/request/${HOSTNAME}


	checksum=$(jq --raw-output .checksum /tmp/request_${HOSTNAME}.json)
	masterName=$(jq --raw-output .master_name /tmp/request_${HOSTNAME}.json)

	ICINGA_MASTER=${masterName}

	curl \
	--request GET \
	--user ${ICINGA_CERT_SERVICE_BA_USER}:${ICINGA_CERT_SERVICE_BA_PASSWORD} \
	--silent \
	--header "X-API-USER: ${ICINGA_CERT_SERVICE_API_USER}" \
	--header "X-API-KEY: ${ICINGA_CERT_SERVICE_API_PASSWORD}" \
	--header "X-CHECKSUM: ${checksum}" \
	--output ${WORK_DIR}/pki/${HOSTNAME}/${HOSTNAME}.tgz \
	http://${ICINGA_CERT_SERVICE_SERVER}:${ICINGA_CERT_SERVICE_PORT}/v2/cert/${HOSTNAME}

	tar -xzf ${HOSTNAME}.tgz

	mv * ${ICINGA_CERT_DIR}/

	chown -R icinga ${ICINGA_CERT_DIR}

	cat << EOF > /etc/icinga2/zones.conf

	object Endpoint "${masterName}" {
	### Folgende Zeile legt fest, dass der Satellite die Verbindung zum Master aufbaut und nicht umgekehrt
	host = "${ICINGA_MASTER}"
	port = "5665"
	}

	object Zone "master" {
	endpoints = [ "${masterName}" ]
	}

	object Endpoint NodeName {
	}

	object Zone ZoneName {
	endpoints = [ NodeName ]
	parent = "master"
	}

	object Zone "global-templates" {
	global = true
	}

	EOF

	chown icinga: /etc/icinga2/*

	icinga2 daemon --validate

	echo "done"