Browse Source

Add /setup.sh script and support for a server-side .chihuahuarc file

The setup script sets up a debian server to be used with Chihuahua and can be used like this:
sudo sh <(curl https://status.example.org/setup.sh)

The .chihuahuarc file can be used to set environment variables and generally run shell commands to set up a Chihuahua session, and needs to be in the user directory of the SSH user Chihuahua will use. It basically works like a .bashrc.
tags/v1.4
Moritz Marquardt 5 months ago
parent
commit
87f0022a87
4 changed files with 53 additions and 1 deletions
  1. 1
    0
      Dockerfile
  2. 15
    0
      api.go
  3. 1
    1
      check.go
  4. 36
    0
      setup.go

+ 1
- 0
Dockerfile View File

@@ -20,5 +20,6 @@ COPY --from=build /tmp/chihuahua /bin/chihuahua
EXPOSE 80
ENV ADDRESS :80
ENV PATH /usr/lib/monitoring-plugins:/usr/local/bin:/usr/bin:/bin
ENV HOME /data
WORKDIR /data
CMD ["/bin/chihuahua", "-c", "/data/chihuahua.yml"]

+ 15
- 0
api.go View File

@@ -3,8 +3,11 @@ package chihuahua
//go:generate go-bindata -pkg web -fs -prefix web -o web/data.go -ignore data\\.go web web/icons

import (
"io/ioutil"
"net/http"
"os"
"path/filepath"
"strings"

"codeberg.org/momar/chihuahua/types"
"codeberg.org/momar/chihuahua/web"
@@ -55,7 +58,19 @@ func Api(servers map[string]*types.Server) {
return nil
}

getSetupScript := func(req *air.Request, res *air.Response) error {
files, _ := filepath.Glob(filepath.Join(os.Getenv("HOME"), ".ssh/id_*.pub"))
keys := ""
for _, file := range files {
key, _ := ioutil.ReadFile(file)
keys += strings.TrimSpace(string(key)) + "\n"
}
res.WriteString(SetupScript(string(keys)))
return nil
}

app := air.New()
app.GET("/setup.sh", getSetupScript)
app.GET("/checks", getCheck)
app.GET("/checks/:server", getCheck)
app.GET("/checks/:server/:check", getCheck)

+ 1
- 1
check.go View File

@@ -21,7 +21,7 @@ func RunCheck(checkName string, check *types.Check, shell []string) {
logg.Tag("check", checkName).Debug("Executing command: %#v", append(shell, check.Command))
ctx, cancel := context.WithTimeout(context.Background(), ConnectionTimeout)
defer cancel()
c := exec.CommandContext(ctx, shell[0], append(shell[1:], check.Command)...)
c := exec.CommandContext(ctx, shell[0], append(shell[1:], "[ -e ~/.chihuahuarc ] && source ~/.chihuahuarc; " + check.Command)...)
var errbuf bytes.Buffer
c.Stderr = &errbuf
output, err := c.Output()

+ 36
- 0
setup.go View File

@@ -0,0 +1,36 @@
package chihuahua

import "strings"

func SetupScript(keys string) string {
return `#!/bin/sh
# Install basic monitoring-plugins
apt-get install -y monitoring-plugins

# Create user "chihuahua" and add authorized SSH keys
useradd -M -d /var/chihuahua -r -s /bin/sh chihuahua
mkdir -p /var/chihuahua/.ssh
echo 'export PATH="/var/chihuahua/:/usr/lib/nagios/plugins/:/usr/local/bin:/usr/bin:/bin"' > /var/chihuahua/.chihuahuarc

cat <<'EOF' > /var/chihuahua/.ssh/authorized_keys
` + strings.TrimSpace(keys) + `
EOF

# Add "check_sudo" script to securely run checks as root
cat <<'EOF' > /usr/local/bin/check_sudo
#!/bin/sh
[ $# -gt 0 ] || { echo "Usage: sudo /usr/local/bin/check_sudo check_... ..."; exit 3; }
cmd=$(realpath --canonicalize-existing --no-symlinks "/usr/lib/nagios/plugins/$1" | grep --max-count 1 '^/usr/lib/nagios/plugins/check_') || { echo "Not a nagios plugin."; exit 3; }
shift
exec "$cmd" "$@"
EOF
cat <<'EOF' > /var/chihuahua/check_sudo
#!/bin/sh
sudo /usr/local/bin/check_sudo "$@"
EOF
chmod +x /usr/local/bin/check_sudo /var/chihuahua/check_sudo
grep chihuahua /etc/sudoers >/dev/null || { echo 'chihuahua ALL=(root) NOPASSWD: /usr/local/bin/check_sudo' >> /etc/sudoers; }

chown -R chihuahua:chihuahua /var/chihuahua
`
}

Loading…
Cancel
Save