The setup script sets up a debian server to be used with Chihuahua and can be used like this: sudo sh <(curl https://status.example.org/setup.sh) The .chihuahuarc file can be used to set environment variables and generally run shell commands to set up a Chihuahua session, and needs to be in the user directory of the SSH user Chihuahua will use. It basically works like a .bashrc.tags/v1.4
@@ -20,5 +20,6 @@ COPY --from=build /tmp/chihuahua /bin/chihuahua | |||
EXPOSE 80 | |||
ENV ADDRESS :80 | |||
ENV PATH /usr/lib/monitoring-plugins:/usr/local/bin:/usr/bin:/bin | |||
ENV HOME /data | |||
WORKDIR /data | |||
CMD ["/bin/chihuahua", "-c", "/data/chihuahua.yml"] |
@@ -3,8 +3,11 @@ package chihuahua | |||
//go:generate go-bindata -pkg web -fs -prefix web -o web/data.go -ignore data\\.go web web/icons | |||
import ( | |||
"io/ioutil" | |||
"net/http" | |||
"os" | |||
"path/filepath" | |||
"strings" | |||
"codeberg.org/momar/chihuahua/types" | |||
"codeberg.org/momar/chihuahua/web" | |||
@@ -55,7 +58,19 @@ func Api(servers map[string]*types.Server) { | |||
return nil | |||
} | |||
getSetupScript := func(req *air.Request, res *air.Response) error { | |||
files, _ := filepath.Glob(filepath.Join(os.Getenv("HOME"), ".ssh/id_*.pub")) | |||
keys := "" | |||
for _, file := range files { | |||
key, _ := ioutil.ReadFile(file) | |||
keys += strings.TrimSpace(string(key)) + "\n" | |||
} | |||
res.WriteString(SetupScript(string(keys))) | |||
return nil | |||
} | |||
app := air.New() | |||
app.GET("/setup.sh", getSetupScript) | |||
app.GET("/checks", getCheck) | |||
app.GET("/checks/:server", getCheck) | |||
app.GET("/checks/:server/:check", getCheck) |
@@ -21,7 +21,7 @@ func RunCheck(checkName string, check *types.Check, shell []string) { | |||
logg.Tag("check", checkName).Debug("Executing command: %#v", append(shell, check.Command)) | |||
ctx, cancel := context.WithTimeout(context.Background(), ConnectionTimeout) | |||
defer cancel() | |||
c := exec.CommandContext(ctx, shell[0], append(shell[1:], check.Command)...) | |||
c := exec.CommandContext(ctx, shell[0], append(shell[1:], "[ -e ~/.chihuahuarc ] && source ~/.chihuahuarc; " + check.Command)...) | |||
var errbuf bytes.Buffer | |||
c.Stderr = &errbuf | |||
output, err := c.Output() |
@@ -0,0 +1,36 @@ | |||
package chihuahua | |||
import "strings" | |||
func SetupScript(keys string) string { | |||
return `#!/bin/sh | |||
# Install basic monitoring-plugins | |||
apt-get install -y monitoring-plugins | |||
# Create user "chihuahua" and add authorized SSH keys | |||
useradd -M -d /var/chihuahua -r -s /bin/sh chihuahua | |||
mkdir -p /var/chihuahua/.ssh | |||
echo 'export PATH="/var/chihuahua/:/usr/lib/nagios/plugins/:/usr/local/bin:/usr/bin:/bin"' > /var/chihuahua/.chihuahuarc | |||
cat <<'EOF' > /var/chihuahua/.ssh/authorized_keys | |||
` + strings.TrimSpace(keys) + ` | |||
EOF | |||
# Add "check_sudo" script to securely run checks as root | |||
cat <<'EOF' > /usr/local/bin/check_sudo | |||
#!/bin/sh | |||
[ $# -gt 0 ] || { echo "Usage: sudo /usr/local/bin/check_sudo check_... ..."; exit 3; } | |||
cmd=$(realpath --canonicalize-existing --no-symlinks "/usr/lib/nagios/plugins/$1" | grep --max-count 1 '^/usr/lib/nagios/plugins/check_') || { echo "Not a nagios plugin."; exit 3; } | |||
shift | |||
exec "$cmd" "$@" | |||
EOF | |||
cat <<'EOF' > /var/chihuahua/check_sudo | |||
#!/bin/sh | |||
sudo /usr/local/bin/check_sudo "$@" | |||
EOF | |||
chmod +x /usr/local/bin/check_sudo /var/chihuahua/check_sudo | |||
grep chihuahua /etc/sudoers >/dev/null || { echo 'chihuahua ALL=(root) NOPASSWD: /usr/local/bin/check_sudo' >> /etc/sudoers; } | |||
chown -R chihuahua:chihuahua /var/chihuahua | |||
` | |||
} |