From b6b73c4a3aac3618ec236b7a93f1e5e89d2f8b34 Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Fri, 21 May 2021 09:40:27 +0200 Subject: [PATCH 1/5] Added checkmk agent installation and registration --- proxmox-zfs-postinstall.sh | 96 ++++++++++++++++++++++++++++++++++---- 1 file changed, 88 insertions(+), 8 deletions(-) diff --git a/proxmox-zfs-postinstall.sh b/proxmox-zfs-postinstall.sh index 54ca476..602701c 100644 --- a/proxmox-zfs-postinstall.sh +++ b/proxmox-zfs-postinstall.sh @@ -78,18 +78,15 @@ echo -e "zfs_arc_max:\t\t\t$(($ZFS_ARC_MAX_MEGABYTES))\tMB\t\t= 1 GB RAM per 1 T echo "" RESULT=not_set while [ "$(echo $RESULT | awk '{print tolower($0)}')" != "y" ] && [ "$(echo $RESULT | awk '{print tolower($0)}')" != "n" ] && [ "$(echo $RESULT | awk '{print tolower($0)}')" != "" ]; do - echo "If you want to apply the values by script policy type 'y', type 'n' to adjust the values yourself [Y/n]?" - read + read -p "If you want to apply the values by script policy type 'y', type 'n' to adjust the values yourself [Y/n]? " RESULT=${REPLY} done if [[ "$(echo $RESULT | awk '{print tolower($0)}')" == "n" ]]; then - echo "Please type in the desired value in MB for 'zfs_arc_min' [$(($ZFS_ARC_MIN_MEGABYTES))]:" - read + read -p "Please type in the desired value in MB for 'zfs_arc_min' [$(($ZFS_ARC_MIN_MEGABYTES))]: " if [[ ${REPLY} -gt 0 ]]; then ZFS_ARC_MIN_MEGABYTES=$((${REPLY})) fi - echo "Please type in the desired value in MB for 'zfs_arc_max' [$(($ZFS_ARC_MAX_MEGABYTES))]:" - read + read -p "Please type in the desired value in MB for 'zfs_arc_max' [$(($ZFS_ARC_MAX_MEGABYTES))]: " if [[ ${REPLY} -gt 0 ]]; then ZFS_ARC_MAX_MEGABYTES=$((${REPLY})) fi @@ -137,6 +134,32 @@ for interval in "${!auto_snap_keep[@]}"; do fi done +#### CHECKMK AGENT CONFIGURATION #### +read -p "Do you want to install checkmk agent of this machine? [y/N] " install_checkmk +if [[ "$install_checkmk" == "y" ]]; then + read -p "Please specify the base url to your checkmk server (e.g. https://check.zmb.rocks/bashclub): " cmk_agent_url + read -p "Enable agent encryption (requires setup of Agent Encryption on your checkmk instance). Do you want to activate agent encryption? [y/N] " cmk_encrypt + if [[ "$cmk_encrypt" == "y" ]]; then + read -p "Please enter the encryption passphrase: " cmk_enc_pass + fi + read -p "Register your machine on your checkmk server (requires preconfigured automation secret)? [y/N] " cmk_register + if [[ "$cmk_register" == "y" ]]; then + read -p "Please enter your automation secret: " cmk_secret + read -p "Please enter the folder where to store the host: " cmk_folder + cmk_site=$(echo $cmk_agent_url | cut -d'/' -f4) + read -p "Please enter the checkmk site name: [$cmk_site]" user_input + if [[ $(echo -n "$user_input") != "" ]]; then + cmk_site=$user_input + fi + echo "Please select which agent ip address to register:" + select ip in $(ip a | grep "inet " | cut -d ' ' -f6 | cut -d/ -f1); do + cmk_reg_ip=$ip + break + done + fi +fi + + ###### INSTALLER SECTION ###### # disable pve-enterprise repo and add pve-no-subscription repo @@ -192,10 +215,67 @@ echo $ZFS_ARC_MAX_BYTES > /sys/module/zfs/parameters/zfs_arc_max cat << EOF > /etc/modprobe.d/zfs.conf options zfs zfs_arc_min=$ZFS_ARC_MIN_BYTES -options zfs zfs_arc_max=$ZFS_ARC_MAX_BYTES +options zfs zfs_arc_min=$ZFS_ARC_MAX_BYTES EOF +if [[ "$install_checkmk" == "y" ]]; then + echo "Installing checkmk agent..." + if [[ $( echo -n "$(openssl s_client -connect $(echo $cmk_agent_url | cut -d'/' -f3):443 <<< "Q" 2>/dev/null | grep "Verify return code" | cut -d ' ' -f4)" ) -gt 0 ]]; then + wget_opts="--no-check-certificate" + curl_opts="--insecure" + fi + wget -q -O /usr/local/bin/check_mk_agent $wget_opts $cmk_agent_url/check_mk/agents/check_mk_agent.linux + chmod +x /usr/local/bin/check_mk_agent + /usr/local/bin/check_mk_agent > /dev/null + wget -q -O /etc/systemd/system/check_mk.socket $wget_opts $cmk_agent_url/check_mk/agents/cfg_examples/systemd/check_mk.socket + cat << EOF > /etc/systemd/system/check_mk@.service +# systemd service definition file +[Unit] +Description=Check_MK + +[Service] +# "-" path prefix makes systemd record the exit code, +# but the unit is not set to failed. +ExecStart=-/usr/local/bin/check_mk_agent +Type=forking + +User=root +Group=root + +StandardInput=socket +EOF + + #AgentDirectory: /etc/check_mk + if [[ "$cmk_encrypt" == "y" ]]; then + cat << EOF > /etc/check_mk/encryption.cfg +ENCRYPTED=yes +PASSPHRASE='$cmk_enc_pass' +EOF + chmod 600 /etc/check_mk/encryption.cfg + fi + + #DataDirectory: /var/lib/check_mk_agent + #SpoolDirectory: /var/lib/check_mk_agent/spool + #PluginsDirectory: /usr/lib/check_mk_agent/plugins + wget -q -O /usr/lib/check_mk_agent/plugins/smart $wget_opts $cmk_agent_url/check_mk/agents/plugins/smart + chmod +x /usr/lib/check_mk_agent/plugins/smart + wget -q -O /usr/lib/check_mk_agent/plugins/mk_inventory $wget_opts $cmk_agent_url/check_mk/agents/plugins/mk_inventory.linux + chmod +x /usr/lib/check_mk_agent/plugins/mk_inventory + wget -q -O /usr/lib/check_mk_agent/plugins/mk_apt $wget_opts $cmk_agent_url/check_mk/agents/plugins/mk_apt + chmod +x /usr/lib/check_mk_agent/plugins/mk_apt + #LocalDirectory: /usr/lib/check_mk_agent/local + systemctl daemon-reload + systemctl enable check_mk.socket + systemctl restart sockets.target + + if [[ "$cmk_register" == "y" ]]; then + cmk_request="request={\"hostname\":\"$(echo -n $(hostname -f))\",\"folder\":\"$cmk_folder\",\"attributes\":{\"ipaddress\":\"$cmk_reg_ip\",\"site\":\"$cmk_site\",\"tag_agent\":\"\"},\"create_folders\":\"1\"}" + curl $curl_opts "$cmk_agent_url/check_mk/webapi.py?action=add_host&_secret=$cmk_secret&_username=automation" -d $cmk_request + curl $curl_opts "$cmk_agent_url/check_mk/webapi.py?action=activate_changes&_secret=$cmk_secret&_username=automation" -d "request={\"sites\":[\"$cmk_site\"],\"allow_foreign_changes\":\"0\"}" + fi +fi + echo "Updating initramfs - This will take some time..." update-initramfs -u -k all > /dev/null 2>&1 -echo "Proxmox postinstallation finished!" +echo "Proxmox postinstallation finished!" \ No newline at end of file From c99d4a0d71e64e8b7ef6c5d6bb8ff16b84db67c4 Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Fri, 21 May 2021 13:21:44 +0200 Subject: [PATCH 2/5] Extended cmk agent --- proxmox-zfs-postinstall.sh | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/proxmox-zfs-postinstall.sh b/proxmox-zfs-postinstall.sh index 602701c..df830f7 100644 --- a/proxmox-zfs-postinstall.sh +++ b/proxmox-zfs-postinstall.sh @@ -225,7 +225,13 @@ if [[ "$install_checkmk" == "y" ]]; then curl_opts="--insecure" fi wget -q -O /usr/local/bin/check_mk_agent $wget_opts $cmk_agent_url/check_mk/agents/check_mk_agent.linux + wget -q -O /usr/local/bin/mk-job $wget_opts $cmk_agent_url/check_mk/agents/mk-job + wget -q -O /usr/local/bin/check_mk_caching_agent $wget_opts $cmk_agent_url/check_mk/agents/check_mk_caching_agent.linux + wget -q -O /usr/local/bin/waitmax $wget_opts $cmk_agent_url/check_mk/agents/waitmax chmod +x /usr/local/bin/check_mk_agent + chmod +x /usr/local/bin/mk-job + chmod +x /usr/local/bin/check_mk_caching_agent + chmod +x /usr/local/bin/waitmax /usr/local/bin/check_mk_agent > /dev/null wget -q -O /etc/systemd/system/check_mk.socket $wget_opts $cmk_agent_url/check_mk/agents/cfg_examples/systemd/check_mk.socket cat << EOF > /etc/systemd/system/check_mk@.service @@ -245,8 +251,9 @@ Group=root StandardInput=socket EOF - #AgentDirectory: /etc/check_mk + mkdir -p /etc/check_mk if [[ "$cmk_encrypt" == "y" ]]; then + mkdir -p /etc/check_mk cat << EOF > /etc/check_mk/encryption.cfg ENCRYPTED=yes PASSPHRASE='$cmk_enc_pass' @@ -254,9 +261,11 @@ EOF chmod 600 /etc/check_mk/encryption.cfg fi - #DataDirectory: /var/lib/check_mk_agent - #SpoolDirectory: /var/lib/check_mk_agent/spool - #PluginsDirectory: /usr/lib/check_mk_agent/plugins + mkdir -p /var/lib/check_mk_agent + mkdir -p /var/lib/check_mk_agent/spool + mkdir -p /var/lib/check_mk_agent/job + mkdir -p /usr/lib/check_mk_agent/local + mkdir -p /usr/lib/check_mk_agent/plugins wget -q -O /usr/lib/check_mk_agent/plugins/smart $wget_opts $cmk_agent_url/check_mk/agents/plugins/smart chmod +x /usr/lib/check_mk_agent/plugins/smart wget -q -O /usr/lib/check_mk_agent/plugins/mk_inventory $wget_opts $cmk_agent_url/check_mk/agents/plugins/mk_inventory.linux @@ -269,7 +278,7 @@ EOF systemctl restart sockets.target if [[ "$cmk_register" == "y" ]]; then - cmk_request="request={\"hostname\":\"$(echo -n $(hostname -f))\",\"folder\":\"$cmk_folder\",\"attributes\":{\"ipaddress\":\"$cmk_reg_ip\",\"site\":\"$cmk_site\",\"tag_agent\":\"\"},\"create_folders\":\"1\"}" + cmk_request="request={\"hostname\":\"$(echo -n $(hostname -f))\",\"folder\":\"$cmk_folder\",\"attributes\":{\"ipaddress\":\"$cmk_reg_ip\",\"site\":\"$cmk_site\",\"tag_agent\":\"cmk-agent\"},\"create_folders\":\"1\"}" curl $curl_opts "$cmk_agent_url/check_mk/webapi.py?action=add_host&_secret=$cmk_secret&_username=automation" -d $cmk_request curl $curl_opts "$cmk_agent_url/check_mk/webapi.py?action=activate_changes&_secret=$cmk_secret&_username=automation" -d "request={\"sites\":[\"$cmk_site\"],\"allow_foreign_changes\":\"0\"}" fi From 35ff4215bb9d5e7b59440a98553e022a596ebe31 Mon Sep 17 00:00:00 2001 From: Thorsten Spille Date: Wed, 9 Jun 2021 14:42:12 +0200 Subject: [PATCH 3/5] Fixed zfs_arc parameters --- proxmox-zfs-postinstall.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/proxmox-zfs-postinstall.sh b/proxmox-zfs-postinstall.sh index df830f7..27185cc 100644 --- a/proxmox-zfs-postinstall.sh +++ b/proxmox-zfs-postinstall.sh @@ -215,7 +215,7 @@ echo $ZFS_ARC_MAX_BYTES > /sys/module/zfs/parameters/zfs_arc_max cat << EOF > /etc/modprobe.d/zfs.conf options zfs zfs_arc_min=$ZFS_ARC_MIN_BYTES -options zfs zfs_arc_min=$ZFS_ARC_MAX_BYTES +options zfs zfs_arc_max=$ZFS_ARC_MAX_BYTES EOF if [[ "$install_checkmk" == "y" ]]; then @@ -287,4 +287,4 @@ fi echo "Updating initramfs - This will take some time..." update-initramfs -u -k all > /dev/null 2>&1 -echo "Proxmox postinstallation finished!" \ No newline at end of file +echo "Proxmox postinstallation finished!" From 6eba30b5a29fa00f5a219e37dee122b978ff441b Mon Sep 17 00:00:00 2001 From: Thorsten Spille Date: Wed, 7 Jul 2021 00:38:10 +0200 Subject: [PATCH 4/5] Added PVE7 Support OS Codename read from `/etc/os-release` and pve-no-subscription will be set on that base. --- proxmox-zfs-postinstall.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/proxmox-zfs-postinstall.sh b/proxmox-zfs-postinstall.sh index 27185cc..7f6e807 100644 --- a/proxmox-zfs-postinstall.sh +++ b/proxmox-zfs-postinstall.sh @@ -14,6 +14,8 @@ PVE_CONF_BACKUP_TARGET=rpool/pveconf # Define timer for your backup cronjob (default: every 15 minutes fron 3 through 59) PVE_CONF_BACKUP_CRON_TIMER="3,18,33,48 * * * *" +# Get Debian version info +source /etc/os-release ###### SYSTEM INFO AND INTERACTIVE CONFIGURATION SECTION ###### @@ -167,7 +169,7 @@ if [[ "$(uname -r)" == *"-pve" ]]; then echo "Deactivating pve-enterprise repository" mv /etc/apt/sources.list.d/pve-enterprise.list /etc/apt/sources.list.d/pve-enterprise.list.bak > /dev/null 2>&1 echo "Activating pve-no-subscription repository" - echo "deb http://download.proxmox.com/debian/pve buster pve-no-subscription" > /etc/apt/sources.list.d/pve-no-subscription.list + echo "deb http://download.proxmox.com/debian/pve $VERSION_CODENAME pve-no-subscription" > /etc/apt/sources.list.d/pve-no-subscription.list fi echo "Getting latest package lists" apt update > /dev/null 2>&1 From 5f1c14533c0b8598187586cb2050cf8de92432aa Mon Sep 17 00:00:00 2001 From: Thorsten Spille Date: Wed, 7 Jul 2021 00:40:15 +0200 Subject: [PATCH 5/5] Update README.md --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index ad1d5eb..e124504 100644 --- a/README.md +++ b/README.md @@ -9,4 +9,6 @@ Following settings are made: - Configure snapshot retention for `zfs-auto-snapshot` interactively - `zfs_arc_[min|max]` will be calculated by size sum of all zpools in 512 MB steps - Configure backup of `/etc` folder to new zfs dataset on `rpool/pveconf` -- configure `vm.swappiness` interactively +- Configure `vm.swappiness` interactively +- Install checkmk Agent with optional encryption and registration +- Added Support for Proxmox VE 7.0