mirror of
https://github.com/Icinga/icinga2.git
synced 2025-07-24 22:24:44 +02:00
parent
c00495c5c7
commit
260c6d7438
@ -61,7 +61,7 @@ void NodeSetupCommand::InitParameters(boost::program_options::options_descriptio
|
|||||||
("master_host", po::value<std::string>(), "The name of the master host for auto-signing the csr; syntax: host[,port]")
|
("master_host", po::value<std::string>(), "The name of the master host for auto-signing the csr; syntax: host[,port]")
|
||||||
("endpoint", po::value<std::vector<std::string> >(), "Connect to remote endpoint; syntax: cn[,host,port]")
|
("endpoint", po::value<std::vector<std::string> >(), "Connect to remote endpoint; syntax: cn[,host,port]")
|
||||||
("listen", po::value<std::string>(), "Listen on host,port")
|
("listen", po::value<std::string>(), "Listen on host,port")
|
||||||
("ticket", po::value<std::string>(), "Generated ticket number for this request")
|
("ticket", po::value<std::string>(), "Generated ticket number for this request (optional)")
|
||||||
("trustedcert", po::value<std::string>(), "Trusted master certificate file")
|
("trustedcert", po::value<std::string>(), "Trusted master certificate file")
|
||||||
("cn", po::value<std::string>(), "The certificate's common name")
|
("cn", po::value<std::string>(), "The certificate's common name")
|
||||||
("accept-config", "Accept config from master")
|
("accept-config", "Accept config from master")
|
||||||
@ -236,15 +236,7 @@ int NodeSetupCommand::SetupMaster(const boost::program_options::variables_map& v
|
|||||||
|
|
||||||
int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap)
|
int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap)
|
||||||
{
|
{
|
||||||
/* require ticket number (generated on master) and at least one endpoint */
|
/* require at least one endpoint. Ticket is optional. */
|
||||||
|
|
||||||
if (!vm.count("ticket")) {
|
|
||||||
Log(LogCritical, "cli")
|
|
||||||
<< "Please pass the ticket number generated on master\n"
|
|
||||||
<< "(Hint: 'icinga2 pki ticket --cn " << Utility::GetFQDN() << "').";
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!vm.count("endpoint")) {
|
if (!vm.count("endpoint")) {
|
||||||
Log(LogCritical, "cli", "You need to specify at least one endpoint (--endpoint).");
|
Log(LogCritical, "cli", "You need to specify at least one endpoint (--endpoint).");
|
||||||
return 1;
|
return 1;
|
||||||
@ -255,10 +247,18 @@ int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm,
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
String ticket = vm["ticket"].as<std::string>();
|
String ticket;
|
||||||
|
|
||||||
Log(LogInformation, "cli")
|
if (vm.count("ticket"))
|
||||||
<< "Verifying ticket '" << ticket << "'.";
|
ticket = vm["ticket"].as<std::string>();
|
||||||
|
|
||||||
|
if (ticket.IsEmpty()) {
|
||||||
|
Log(LogInformation, "cli")
|
||||||
|
<< "Requesting certificate without a ticket.";
|
||||||
|
} else {
|
||||||
|
Log(LogInformation, "cli")
|
||||||
|
<< "Requesting certificate with ticket '" << ticket << "'.";
|
||||||
|
}
|
||||||
|
|
||||||
/* require master host information for auto-signing requests */
|
/* require master host information for auto-signing requests */
|
||||||
|
|
||||||
@ -340,8 +340,11 @@ int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm,
|
|||||||
|
|
||||||
Log(LogInformation, "cli", "Requesting a signed certificate from the parent Icinga node.");
|
Log(LogInformation, "cli", "Requesting a signed certificate from the parent Icinga node.");
|
||||||
|
|
||||||
if (PkiUtility::RequestCertificate(master_host, master_port, key, cert, ca, trustedcert, ticket) != 0) {
|
if (PkiUtility::RequestCertificate(master_host, master_port, key, cert, ca, trustedcert, ticket) > 0) {
|
||||||
Log(LogCritical, "cli", "Failed to request certificate from parent Icinga node.");
|
Log(LogCritical, "cli")
|
||||||
|
<< "Failed to fetch signed certificate from parent Icinga node '"
|
||||||
|
<< master_host << ", "
|
||||||
|
<< master_port << "'. Please try again.";
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -444,30 +447,32 @@ int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm,
|
|||||||
NodeUtility::UpdateConstant("NodeName", cn);
|
NodeUtility::UpdateConstant("NodeName", cn);
|
||||||
NodeUtility::UpdateConstant("ZoneName", vm["zone"].as<std::string>());
|
NodeUtility::UpdateConstant("ZoneName", vm["zone"].as<std::string>());
|
||||||
|
|
||||||
String ticketPath = ApiListener::GetCertsDir() + "/ticket";
|
if (!ticket.IsEmpty()) {
|
||||||
|
String ticketPath = ApiListener::GetCertsDir() + "/ticket";
|
||||||
|
|
||||||
String tempTicketPath = Utility::CreateTempFile(ticketPath + ".XXXXXX", 0600, fp);
|
String tempTicketPath = Utility::CreateTempFile(ticketPath + ".XXXXXX", 0600, fp);
|
||||||
|
|
||||||
if (!Utility::SetFileOwnership(tempTicketPath, user, group)) {
|
if (!Utility::SetFileOwnership(tempTicketPath, user, group)) {
|
||||||
Log(LogWarning, "cli")
|
Log(LogWarning, "cli")
|
||||||
<< "Cannot set ownership for user '" << user
|
<< "Cannot set ownership for user '" << user
|
||||||
<< "' group '" << group
|
<< "' group '" << group
|
||||||
<< "' on file '" << tempTicketPath << "'. Verify it yourself!";
|
<< "' on file '" << tempTicketPath << "'. Verify it yourself!";
|
||||||
}
|
}
|
||||||
|
|
||||||
fp << ticket;
|
fp << ticket;
|
||||||
|
|
||||||
fp.close();
|
fp.close();
|
||||||
|
|
||||||
#ifdef _WIN32
|
#ifdef _WIN32
|
||||||
_unlink(ticketPath.CStr());
|
_unlink(ticketPath.CStr());
|
||||||
#endif /* _WIN32 */
|
#endif /* _WIN32 */
|
||||||
|
|
||||||
if (rename(tempTicketPath.CStr(), ticketPath.CStr()) < 0) {
|
if (rename(tempTicketPath.CStr(), ticketPath.CStr()) < 0) {
|
||||||
BOOST_THROW_EXCEPTION(posix_error()
|
BOOST_THROW_EXCEPTION(posix_error()
|
||||||
<< boost::errinfo_api_function("rename")
|
<< boost::errinfo_api_function("rename")
|
||||||
<< boost::errinfo_errno(errno)
|
<< boost::errinfo_errno(errno)
|
||||||
<< boost::errinfo_file_name(tempTicketPath));
|
<< boost::errinfo_file_name(tempTicketPath));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* tell the user to reload icinga2 */
|
/* tell the user to reload icinga2 */
|
||||||
|
@ -374,7 +374,7 @@ wizard_ticket:
|
|||||||
Log(LogCritical, "cli")
|
Log(LogCritical, "cli")
|
||||||
<< "Failed to fetch signed certificate from master '"
|
<< "Failed to fetch signed certificate from master '"
|
||||||
<< parentHost << ", "
|
<< parentHost << ", "
|
||||||
<< parentPort <<"'. Please try again.";
|
<< parentPort << "'. Please try again.";
|
||||||
goto wizard_ticket;
|
goto wizard_ticket;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user