# ------------------------------------------------------------------------------ # Install check_mk agent using xinetd superserver # This file is part of the init.sh project # Copyright (c) 2019-2023 Geoffray Levasseur # ------------------------------------------------------------------------------ # This file is distributed under 3-clause BSD license. # The complete license agreement can be obtained at: # https://opensource.org/licenses/BSD-3-Clause # ------------------------------------------------------------------------------ # Variable: # * MK_SERVER: Server IP address # * MK_SITE: The check_mk site (or instance) to use # * MK_URL: The URL to use to download the agent # * MK_SECRET: The secret to use to register the agent # * MK_USER: The user to use to register # ------------------------------------------------------------------------------ export VER_install_mkagent="0.1.0" export DEP_install_mkagent="" # ------------------------------------------------------------------------------ # Extract CheckMK version from the server get_checkmk_version_from_server() { local ip="$1" local site="${2:-$MK_SITE}" local proto out v header local re_version='[0-9]+\.[0-9]+(\.[0-9]+)?p?[0-9]+' [[ -n "$MK_VERSION" ]] && { printf '%s' "$MK_VERSION"; return 0; } for proto in http https; do # 1) Tentative via version.py (souvent non protégée) if out=$(curl -fsS --max-time 3 "$proto://$ip/$site/check_mk/version.py" 2>/dev/null); then v=$(grep -oE "$re_version" <<<"$out" | head -n1) [[ -n "$v" ]] && { printf '%s' "$v"; return 0; } fi # 2) Tentative via login.py (page de connexion) if out=$(curl -fsS --max-time 3 "$proto://$ip/$site/check_mk/login.py" 2>/dev/null); then v=$(grep -oE "$re_version" <<<"$out" | grep -vE '2\.[0-9]{1,3}\.[0-9]{2,3}' | head -n1) [[ -n "$v" ]] && { printf '%s' "$v"; return 0; } fi # 3) En-têtes HTTP éventuels header=$(curl -fsSI --max-time 3 "$proto://$ip/$site/" 2>/dev/null || true) if [[ -n "$header" ]]; then v=$(grep -oiE "$re_version" <<<"$header" | head -n1) [[ -n "$v" ]] && { printf '%s' "$v"; return 0; } fi # 4) Fallback : page d'accueil, mais filtrer les faux positifs du JS out=$(curl -fsS --max-time 5 "$proto://$ip/$site/" 2>/dev/null || true) if [[ -n "$out" ]]; then # Filtre plus strict : commence par 1.x ou 2.x et max 2 chiffres après le point v=$(grep -oE "$re_version" <<<"$out" \ | grep -E '^2\.[0-9]+(\.[0-9]+)?p?[0-9]*$' \ | grep -vE '\.[0-9]{3,}' \ | head -n1) [[ -n "$v" ]] && { printf '%s-1' "$v"; return 0; } fi done return 1 } install_mkagent() { local debfile="/tmp/check-mk-agent_latest_all.deb" prnt I "Downloading CheckMK agent from: $MK_URL" # try primary URL if ! wget -q "$MK_URL" -O "$debfile"; then prnt W "Primary download failed. Attempting to detect server version and fallback..." local mkver mkver=$(get_checkmk_version_from_server "$MK_SERVER_IP" 2>/dev/null || true) if [[ -n "$mkver" ]]; then prnt I "Detected Check_MK version: $mkver — building fallback URL" # replace the literal 'latest' token in MK_URL with the detected version local fallback_url fallback_url="${MK_URL/latest/$mkver}" prnt I "Trying fallback URL: $fallback_url" if ! wget -q "$fallback_url" -O "$debfile"; then prnt E "Fallback download with version $mkver failed." die 163 fi else prnt E "Unable to detect Check_MK version on $MK_SERVER_IP and primary download failed." die 163 fi fi # On non-systemd systems, install xinetd before the .deb to avoid postinst failures if ! pidof systemd >/dev/null; then pkginst xinetd fi # Install agent package pkginst "$debfile" rm -f "$debfile" # Enable service depending on init system if pidof systemd >/dev/null; then systemctl enable --now check-mk-agent.socket else backup_dist /etc/xinetd.d/check-mk-agent install_file cmk/check_mk /etc/xinetd.d/check-mk-agent tag_file /etc/xinetd.d/check-mk-agent sed -i -e "s/@MK_SERVER_IP@/$MK_SERVER_IP/" /etc/xinetd.d/check-mk-agent svc_restart xinetd fi # Debian plugin if [[ $PKG_MAN == "apt-get" ]]; then mkdir -pv /usr/lib/check_mk_agent/plugins/3600 install_file cmk/mk_apt /usr/lib/check_mk_agent/plugins/3600/mk_apt fi # Registration (if secret provided) if [[ -n $MK_SECRET ]]; then local secret prnt I "Fetching secret $MK_SECRET..." secret=$(fetch_secret "$MK_SECRET") if [[ -e /var/lib/cmk-agent/cmk-agent-ctl.gz ]]; then gunzip -v -f /var/lib/cmk-agent/cmk-agent-ctl.gz chmod -v +x /var/lib/cmk-agent/cmk-agent-ctl fi if [[ -x /var/lib/cmk-agent/cmk-agent-ctl ]]; then /var/lib/cmk-agent/cmk-agent-ctl register \ --hostname "$HOSTNAME" \ --server "$MK_SERVER_IP" \ --site "$MK_SITE" \ --user "$MK_USER" \ --password "$secret" else prnt W "Agent control tool not found; skipping registration." fi unset secret else prnt W "No secret configured, agent cannot be registered." fi } precheck_install_mkagent() { if [[ -z $MK_SITE ]]; then prnt E "Undeclared check_mk site to use." die 162 fi if [[ -z $MK_URL ]]; then prnt E "Undeclared check_mk download URL." die 162 fi if [[ -z $MK_SERVER_IP ]]; then prnt E "Undeclared check_mk server." die 162 fi if [[ $PKG_MAN == "apt-get" ]]; then file_must_exists cmk/check_mk cmk/mk_apt fi if [[ -z $MK_SECRET ]]; then prnt W "No secret set for CheckMK, registration won't be possible." if [[ -z $MK_USER ]]; then prnt E "A CheckMK user is required to register." die 162 fi fi } export -f install_mkagent export -f precheck_install_mkagent # EOF