info:
  summary: install opensuse leap 15.6 and icinga
  description: |+
               This KankuFile downloads the openSUSE Leap 15.6 image
               from devel:kanku:images and installs/configures 

               * icinga2
               * icingaweb2
               * mariadb
               * graphana

Kanku::Util::IPTables:
  start_port: 49001


domain_name: icinga2
default_job: kanku-job
login_user: root
login_pass: kankudai

qemu:
  user: 

jobs:
 kanku-job:
  -
    use_module: Kanku::Handler::SetJobContext
    options:
      host_interface: eth0
  -
    use_module: Kanku::Handler::OBSCheck
    options:
      api_url: https://api.opensuse.org/public
      # Please have a look at
      # https://build.opensuse.org/project/show/devel:kanku:images
      # to find more official Images
      project: devel:kanku:images
      repository: images_leap_15_6
      package: openSUSE-Leap-15.6-JeOS
      use_oscrc: 0
  -
    use_module: Kanku::Handler::ImageDownload
  -
    use_module: Kanku::Handler::CreateDomain
    options:
      memory: 2G
      vcpu: 2
      use_9p: 1
      #root_disk_size: 10737418240
      #forward_port_list: tcp:22,tcp:443
  -
    use_module: Kanku::Handler::PrepareSSH
  -
    use_module: Kanku::Handler::ExecuteCommandViaSSH
    options:
      commands:
        - zypper ar https://download.opensuse.org/repositories/server:/monitoring/15.6/server:monitoring.repo
        - zypper --gpg-auto-import-keys ref -s
        # packages for debugging only, could be removed in production env
        # Install packages
        - zypper -n in apache2 icinga2 icingaweb2 icingacli php7-ldap php7-dom php7-imagick php7-pdo php7-curl php7-mysql php7-pgsql mariadb mariadb-client icinga2-ido-mysql monitoring-plugins monitoring-plugins-ping monitoring-plugins-procs monitoring-plugins-ssh monitoring-plugins-load monitoring-plugins-http monitoring-plugins-disk monitoring-plugins-users monitoring-plugins-swap influxdb grafana icingaweb2-module-grafana
        # Prepare apache
        - a2enmod php7
        - a2enmod rewrite
        - a2enmod version
        # Start and prepare influxdb
        - systemctl start influxdb
        - systemctl enable influxdb
        - |+
          cat <<FILE > /tmp/setup_influxdb.sh
          #!/bin/bash

          DB_NAME=icinga2
          DB_USER=icinga2
          DB_PASS=icinga2

          influx <<EOF
          create database \$DB_NAME;
          create user \$DB_USER with password '\$DB_PASS';
          grant all on \$DB_NAME to \$DB_USER;
          EOF
          FILE
        - sh /tmp/setup_influxdb.sh
        # prepare and start grafana
        - mkdir -p /etc/grafana/conf/provisioning
        - cp /tmp/kanku/icinga2-with-influxdb_rev1.json /etc/grafana/conf/provisioning
        - systemctl start grafana-server
        - systemctl enable grafana-server
        # prepare and start icinga2
        - cp /tmp/kanku/_etc_icinga2_conf.d_services.conf /etc/icinga2/conf.d/services.conf
        - cp /tmp/kanku/_etc_icinga2_features-available_influxdb.conf /etc/icinga2/features-available/influxdb.conf
        - systemctl start icinga2
        - systemctl enable icinga2
        - systemctl start apache2
        - systemctl enable apache2
        - icingacli setup config directory --group icingaweb2
        # - icingacli setup token create
        - systemctl start mysql
        - systemctl enable mysql
        - |+ 
          cat <<FILE > /tmp/secure_mysql.sh
          #!/bin/bash
          
          zypper -n in pwgen
          
          MYSQL_ROOT_PWD=\$(pwgen -1)
          
          mysqladmin password \$MYSQL_ROOT_PWD
          echo -en "[client]\npassword=\$MYSQL_ROOT_PWD\n" > /root/.my.cnf
          
          mysql -e "DELETE FROM mysql.user WHERE User='';"
          mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
          mysql -e "DROP DATABASE test;"
          mysql -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%';"
          mysql -e "FLUSH PRIVILEGES;"
          
          exit 0;
          FILE
        - sh -e /tmp/secure_mysql.sh
        - |+
          cat <<FILE > /tmp/setup_database.sh
          #!/bin/bash
          
          ################################################################################
          # SETTINGS
          ################################################################################
          
          ICINGA2_DB_NAME=icinga
          ICINGA2_DB_USER=icinga
          ICINGA2_DB_PASS=icinga
          
          ICINGAWEB2_DB_NAME=icingaweb2
          ICINGAWEB2_DB_USER=icingaweb2
          ICINGAWEB2_DB_PASS=icingaweb2
          ICINGAWEB2_DB_RES=icingaweb2
          
          ICINGAWEB2_ADMIN_USER=admin
          ICINGAWEB2_ADMIN_GROUP=admin
          ICINGAWEB2_ADMIN_PASS=opensuse
          
          ICINGAWEB2_SCHEMA_FILE=/usr/share/icingaweb2/schema/mysql.schema.sql
          
          ################################################################################
          # MAIN
          ################################################################################
          
          ### icinga2
          mysql -e "create database \$ICINGA2_DB_NAME"
          mysql -e "CREATE USER '\$ICINGA2_DB_USER'@'localhost' IDENTIFIED BY '\$ICINGA2_DB_PASS'"
          mysql -e "GRANT ALL PRIVILEGES ON \$ICINGA2_DB_NAME.* TO '\$ICINGA2_DB_USER'@'localhost'"
          
          mysql \$ICINGA2_DB_NAME < /usr/share/icinga2-ido-mysql/schema/mysql.sql
          
          icinga2 feature enable ido-mysql
          icinga2 feature enable command
          icinga2 feature enable influxdb
          #icinga2 feature enable api
          systemctl restart icinga2
          
          
          ## icingaweb2
          ### database
          mysql -e "create database \$ICINGAWEB2_DB_NAME"
          mysql -e "CREATE USER '\$ICINGAWEB2_DB_USER'@'localhost' IDENTIFIED BY '\$ICINGAWEB2_DB_PASS'"
          mysql -e "GRANT ALL PRIVILEGES ON \$ICINGAWEB2_DB_NAME.* TO '\$ICINGAWEB2_DB_USER'@'localhost'"
          mysql -D icingaweb2 < \$ICINGAWEB2_SCHEMA_FILE
          PWHASH=\$(openssl passwd -1 \$ICINGAWEB2_ADMIN_PASS)
          mysql -e "INSERT INTO icingaweb_user (name, active, password_hash) VALUES ('\$ICINGAWEB2_ADMIN_USER', 1, '\$PWHASH')" \$ICINGAWEB2_DB_NAME
          
          # FIXME: clarify if needed on opensuse
          icingacli setup config directory
          
          cat <<EOF > /etc/icingaweb2/resources.ini
          [\$ICINGAWEB2_DB_RES]
          type                = "db"
          db                  = "mysql"
          host                = "localhost"
          port                = "3306"
          dbname              = \$ICINGAWEB2_DB_NAME
          username            = \$ICINGAWEB2_DB_USER
          password            = \$ICINGAWEB2_DB_PASS
          
          
          [icinga2]
          type                = "db"
          db                  = "mysql"
          host                = "localhost"
          port                = "3306"
          dbname              = \$ICINGA2_DB_NAME
          username            = \$ICINGA2_DB_USER
          password            = \$ICINGA2_DB_PASS
          EOF
          
          cat <<EOF > /etc/icingaweb2/authentication.ini
          [auth_db]
          backend  = db
          resource = \$ICINGAWEB2_DB_RES
          EOF
          
          cat <<EOF > /etc/icingaweb2/groups.ini
          [icingaweb2]
          backend = "db"
          resource = \$ICINGAWEB2_DB_RES
          EOF
          
          cat <<EOF > /etc/icingaweb2/roles.ini
          [admin]
          users="\$ICINGAWEB2_ADMIN_USER"
          groups="\$ICINGAWEB2_ADMIN_GROUP"
          permissions="*"
          monitoring/filter/objects = "*"
          EOF
          
          ###
          mkdir -p /etc/icingaweb2/modules/monitoring/
          cat <<EOF > /etc/icingaweb2/modules/monitoring/backends.ini
          [icinga2]
          disabled = "0"
          type = "ido"
          resource = "icinga2"
          EOF
          
          mkdir -p /etc/icingaweb2/enabledModules/
          ln -s /usr/share/icingaweb2/modules/monitoring /etc/icingaweb2/enabledModules/monitoring
          
          usermod -a -G icingaweb2 wwwrun
          
          cat <<EOF >/srv/www/htdocs/index.html
          <head>
          <meta http-equiv="refresh" content="0; url=/icingaweb2" />
          </head>
          EOF
          
          exit 0

          FILE

        - sh -e /tmp/setup_database.sh
