Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[dev.icinga.com #12915] Fully automated Agent rollout #486

Closed
icinga-migration opened this issue Oct 13, 2016 · 5 comments
Closed

[dev.icinga.com #12915] Fully automated Agent rollout #486

icinga-migration opened this issue Oct 13, 2016 · 5 comments
Assignees
Milestone

Comments

@icinga-migration
Copy link

This issue has been migrated from Redmine: https://dev.icinga.com/issues/12915

Created by tgelf on 2016-10-13 11:27:55 +00:00

Assignee: tgelf
Status: Assigned
Target Version: (none)
Last Update: 2016-10-13 11:27:55 +00:00 (in Redmine)


Given that the Agents can reach a) their CA master and b) the Director I could imagine the following workflow:

  • I assign an API key to a specific host template. This key allows you to create new agent hosts using exactly this single host template. Nothing more. No read access, not even for it's one object. Host template field restrictions should apply.
  • The CREATE request generates a dedicated API key for the new host and ships that key in it's response.
  • The Agent can now use that key to retrieve it's ticket for certificate signing, to fetch it's customized icinga2.conf or just the information required to create such: ca host, parent zone and node(s), their addresses in case the Agent should connect to it's parent(s)

This would for example allow to ship a single script to all your Windows servers without the need to customize the script on every agent.


Relations:

@icinga-migration
Copy link
Author

Updated by tgelf on 2016-10-24 05:48:08 +00:00

  • Relates set to 12900

@freddy4711
Copy link

Hello,

I am very interested in this feature, as we are planning a new landscape with Windows and Linux agents. Is there any progress on that feature?

@LordHepipud
Copy link
Contributor

Hello,

you can take a look on the Icinga 2 PowerShell Module on my GitHub Account: https://github.com/LordHepipud/icinga2-powershell-module

It's the same PowerShell Script / Module beeing used within the Director, but new developments are added there in first place. Right now you still have to configure all arguments for the script manually, but creating hosts, receiving the certificate and installing / configuring the Agent is possible right away.

What you can do for example is execute the Script with PowerShell remote execution or by Group Policies for identical hosts who should report to the same Icinga 2 instance. In that case you can still manage a large amount of Windows machines at the same time.

For Linux you could use tools like Puppet or Ansible for example, to do the job.

Best regards

@Thomas-Gelf
Copy link
Contributor

Things are working forward. Depending on how much time I'll need to spend on other tasks there is a good chance that this could be implemented within this week - we'll see. @LordHepipud is working on the related PowerShell code in parallel.

director_self-service

@Thomas-Gelf Thomas-Gelf added this to the 1.4.0 milestone Jul 6, 2017
Thomas-Gelf added a commit that referenced this issue Jul 6, 2017
Thomas-Gelf added a commit that referenced this issue Jul 6, 2017
Thomas-Gelf added a commit that referenced this issue Jul 6, 2017
Thomas-Gelf added a commit that referenced this issue Jul 6, 2017
Thomas-Gelf added a commit that referenced this issue Jul 6, 2017
Thomas-Gelf added a commit that referenced this issue Jul 6, 2017
Thomas-Gelf added a commit that referenced this issue Jul 6, 2017
Thomas-Gelf added a commit that referenced this issue Jul 6, 2017
Thomas-Gelf added a commit that referenced this issue Jul 13, 2017
@Thomas-Gelf
Copy link
Contributor

@LordHepipud: could you please test the current implementation?

Thomas-Gelf added a commit that referenced this issue Jul 13, 2017
Thomas-Gelf added a commit that referenced this issue Jul 13, 2017
Thomas-Gelf added a commit that referenced this issue Jul 14, 2017
Thomas-Gelf added a commit that referenced this issue Jul 14, 2017
Thomas-Gelf added a commit that referenced this issue Jul 14, 2017
Thomas-Gelf added a commit that referenced this issue Jul 14, 2017
Thomas-Gelf added a commit that referenced this issue Jul 14, 2017
Thomas-Gelf added a commit that referenced this issue Jul 14, 2017
Thomas-Gelf added a commit that referenced this issue Jul 14, 2017
Thomas-Gelf added a commit that referenced this issue Jul 14, 2017
Thomas-Gelf added a commit that referenced this issue Jul 14, 2017
Thomas-Gelf added a commit that referenced this issue Jul 14, 2017
Thomas-Gelf added a commit that referenced this issue Jul 14, 2017
Thomas-Gelf added a commit that referenced this issue Jul 14, 2017
Thomas-Gelf added a commit that referenced this issue Jul 14, 2017
Thomas-Gelf added a commit that referenced this issue Jul 14, 2017
Thomas-Gelf added a commit that referenced this issue Jul 14, 2017
Thomas-Gelf added a commit that referenced this issue Jul 14, 2017
Thomas-Gelf added a commit that referenced this issue Jul 14, 2017
Thomas-Gelf added a commit that referenced this issue Jul 14, 2017
Thomas-Gelf added a commit that referenced this issue Jul 14, 2017
Thomas-Gelf added a commit that referenced this issue Jul 14, 2017
Thomas-Gelf added a commit that referenced this issue Jul 14, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants