Merge pull request #5719 from Icinga/feature/windows-wizard-2-8

Update Windows Wizard for 2.8 and new signing methods

CONTRIBUTING.md

@@ -258,14 +258,14 @@ You can help test-drive the latest Icinga 2 snapshot packages inside the
 Icinga 2 is written in C++ and uses the Boost libraries. We are also using the C++11 standard where applicable (please
 note the minimum required compiler versions in the [INSTALL.md](INSTALL.md) file.
 
-Icinga 2 can be built on Linux/Unix and Windows clients. In order to develop patches for Icinga 2,
+Icinga 2 can be built on Linux/Unix nodes and Windows clients. In order to develop patches for Icinga 2,
 you should prepare your own local build environment and know how to work with C++.
 
 More tips:
 
-* Requirements and source code installation is explained inside the [INSTALL.md](INSTALL.md) file.
+* Requirements and source code installation for Linux/Unix is explained inside the [INSTALL.md](INSTALL.md) file.
 * Debug requirements and GDB instructions can be found in the [documentation](https://github.com/Icinga/icinga2/blob/master/doc/20-development.md).
-* If you are planning to debug a Windows client, setup a Windows environment with [Visual Studio](https://www.visualstudio.com/vs/community/). An example can be found in [this blogpost](https://blog.netways.de/2015/08/24/developing-icinga-2-on-windows-10-using-visual-studio-2015/).
+* If you are planning to develop and debug the Windows client, setup a Windows environment with [Visual Studio](https://www.visualstudio.com/vs/community/). An example can be found in [this blogpost](https://blog.netways.de/2015/08/24/developing-icinga-2-on-windows-10-using-visual-studio-2015/).
 
 ## <a id="contributing-patches-documentation"></a> Documentation Patches
 
@@ -403,7 +403,7 @@ Edit the documentation file in the `doc/` directory. More details on documentati
 updates can be found [here](CONTRIBUTING.md#contributing-documentation).
 
 ```
-vim doc/7-icinga-template-library.md
+vim doc/10-icinga-template-library.md
 ```
 
 The CheckCommand documentation should be located in the same chapter

agent/windows-setup-agent/EndpointInputBox.Designer.cs

@@ -62,7 +62,6 @@
 			// 
 			// txtHost
 			// 
-			this.txtHost.Enabled = false;
 			this.txtHost.Location = new System.Drawing.Point(101, 103);
 			this.txtHost.Name = "txtHost";
 			this.txtHost.Size = new System.Drawing.Size(251, 20);
@@ -70,7 +69,6 @@
 			// 
 			// txtPort
 			// 
-			this.txtPort.Enabled = false;
 			this.txtPort.Location = new System.Drawing.Point(101, 134);
 			this.txtPort.Name = "txtPort";
 			this.txtPort.Size = new System.Drawing.Size(100, 20);
@@ -123,6 +121,8 @@
 			// chkConnect
 			// 
 			this.chkConnect.AutoSize = true;
+			this.chkConnect.Checked = true;
+			this.chkConnect.CheckState = System.Windows.Forms.CheckState.Checked;
 			this.chkConnect.Location = new System.Drawing.Point(18, 73);
 			this.chkConnect.Name = "chkConnect";
 			this.chkConnect.Size = new System.Drawing.Size(141, 17);

agent/windows-setup-agent/SetupWizard.Designer.cs

@@ -54,14 +54,13 @@
 			this.lblListenerPort = new System.Windows.Forms.Label();
 			this.rdoListener = new System.Windows.Forms.RadioButton();
 			this.groupBox1 = new System.Windows.Forms.GroupBox();
+			this.btnEditEndpoint = new System.Windows.Forms.Button();
 			this.btnRemoveEndpoint = new System.Windows.Forms.Button();
 			this.btnAddEndpoint = new System.Windows.Forms.Button();
 			this.lvwEndpoints = new System.Windows.Forms.ListView();
 			this.colInstanceName = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
 			this.colHost = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
 			this.colPort = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
-			this.rdoNoMaster = new System.Windows.Forms.RadioButton();
-			this.rdoNewMaster = new System.Windows.Forms.RadioButton();
 			this.tbcPages = new System.Windows.Forms.TabControl();
 			this.tabRetrieveCertificate = new System.Windows.Forms.TabPage();
 			this.lblRetrieveCertificate = new System.Windows.Forms.Label();
@@ -81,7 +80,7 @@
 			this.txtError = new System.Windows.Forms.TextBox();
 			this.lblError = new System.Windows.Forms.Label();
 			this.picBanner = new System.Windows.Forms.PictureBox();
-			this.btnEditEndpoint = new System.Windows.Forms.Button();
+			this.introduction1 = new System.Windows.Forms.Label();
 			this.tabFinish.SuspendLayout();
 			this.tabConfigure.SuspendLayout();
 			this.tabParameters.SuspendLayout();
@@ -144,9 +143,9 @@
 			this.lblSetupCompleted.AutoSize = true;
 			this.lblSetupCompleted.Location = new System.Drawing.Point(34, 35);
 			this.lblSetupCompleted.Name = "lblSetupCompleted";
-			this.lblSetupCompleted.Size = new System.Drawing.Size(214, 13);
+			this.lblSetupCompleted.Size = new System.Drawing.Size(259, 13);
 			this.lblSetupCompleted.TabIndex = 0;
-			this.lblSetupCompleted.Text = "The Icinga 2 agent was set up successfully.";
+			this.lblSetupCompleted.Text = "The Icinga 2 Windows client was set up successfully.";
 			// 
 			// tabConfigure
 			// 
@@ -178,6 +177,7 @@
 			// 
 			// tabParameters
 			// 
+			this.tabParameters.Controls.Add(this.introduction1);
 			this.tabParameters.Controls.Add(this.groupBox3);
 			this.tabParameters.Controls.Add(this.txtTicket);
 			this.tabParameters.Controls.Add(this.lblTicket);
@@ -200,9 +200,9 @@
 			this.groupBox3.Controls.Add(this.chkInstallNSCP);
 			this.groupBox3.Controls.Add(this.chkAcceptConfig);
 			this.groupBox3.Controls.Add(this.chkAcceptCommands);
-			this.groupBox3.Location = new System.Drawing.Point(308, 359);
+			this.groupBox3.Location = new System.Drawing.Point(308, 291);
 			this.groupBox3.Name = "groupBox3";
-			this.groupBox3.Size = new System.Drawing.Size(301, 135);
+			this.groupBox3.Size = new System.Drawing.Size(301, 188);
 			this.groupBox3.TabIndex = 5;
 			this.groupBox3.TabStop = false;
 			this.groupBox3.Text = "Advanced Options";
@@ -210,31 +210,31 @@
 			// txtUser
 			// 
 			this.txtUser.Enabled = false;
-			this.txtUser.Location = new System.Drawing.Point(28, 111);
+			this.txtUser.Location = new System.Drawing.Point(28, 88);
 			this.txtUser.Name = "txtUser";
-			this.txtUser.Size = new System.Drawing.Size(267, 20);
+			this.txtUser.Size = new System.Drawing.Size(178, 20);
 			this.txtUser.TabIndex = 8;
 			this.txtUser.Text = "NT AUTHORITY\\NetworkService";
 			// 
 			// chkRunServiceAsThisUser
 			// 
 			this.chkRunServiceAsThisUser.AutoSize = true;
-			this.chkRunServiceAsThisUser.Location = new System.Drawing.Point(9, 88);
+			this.chkRunServiceAsThisUser.Location = new System.Drawing.Point(9, 65);
 			this.chkRunServiceAsThisUser.Name = "chkRunServiceAsThisUser";
-			this.chkRunServiceAsThisUser.Size = new System.Drawing.Size(142, 17);
+			this.chkRunServiceAsThisUser.Size = new System.Drawing.Size(183, 17);
 			this.chkRunServiceAsThisUser.TabIndex = 7;
-			this.chkRunServiceAsThisUser.Text = "Run service as this user:";
+			this.chkRunServiceAsThisUser.Text = "Run Icinga 2 service as this user:";
 			this.chkRunServiceAsThisUser.UseVisualStyleBackColor = true;
 			this.chkRunServiceAsThisUser.CheckedChanged += new System.EventHandler(this.chkRunServiceAsThisUser_CheckedChanged);
 			// 
 			// chkInstallNSCP
 			// 
 			this.chkInstallNSCP.AutoSize = true;
-			this.chkInstallNSCP.Location = new System.Drawing.Point(9, 65);
+			this.chkInstallNSCP.Location = new System.Drawing.Point(9, 114);
 			this.chkInstallNSCP.Name = "chkInstallNSCP";
-			this.chkInstallNSCP.Size = new System.Drawing.Size(149, 17);
+			this.chkInstallNSCP.Size = new System.Drawing.Size(190, 17);
 			this.chkInstallNSCP.TabIndex = 6;
-			this.chkInstallNSCP.Text = "Install/Update NSClient++";
+			this.chkInstallNSCP.Text = "Install/Update bundled NSClient++";
 			this.chkInstallNSCP.UseVisualStyleBackColor = true;
 			// 
 			// chkAcceptConfig
@@ -242,9 +242,9 @@
 			this.chkAcceptConfig.AutoSize = true;
 			this.chkAcceptConfig.Location = new System.Drawing.Point(9, 42);
 			this.chkAcceptConfig.Name = "chkAcceptConfig";
-			this.chkAcceptConfig.Size = new System.Drawing.Size(190, 17);
+			this.chkAcceptConfig.Size = new System.Drawing.Size(284, 17);
 			this.chkAcceptConfig.TabIndex = 1;
-			this.chkAcceptConfig.Text = "Accept config updates from master";
+			this.chkAcceptConfig.Text = "Accept config updates from master/satellite instance(s)";
 			this.chkAcceptConfig.UseVisualStyleBackColor = true;
 			// 
 			// chkAcceptCommands
@@ -252,42 +252,42 @@
 			this.chkAcceptCommands.AutoSize = true;
 			this.chkAcceptCommands.Location = new System.Drawing.Point(9, 19);
 			this.chkAcceptCommands.Name = "chkAcceptCommands";
-			this.chkAcceptCommands.Size = new System.Drawing.Size(171, 17);
+			this.chkAcceptCommands.Size = new System.Drawing.Size(265, 17);
 			this.chkAcceptCommands.TabIndex = 0;
-			this.chkAcceptCommands.Text = "Accept commands from master";
+			this.chkAcceptCommands.Text = "Accept commands from master/satellite instance(s)";
 			this.chkAcceptCommands.UseVisualStyleBackColor = true;
 			// 
 			// txtTicket
 			// 
-			this.txtTicket.Location = new System.Drawing.Point(98, 45);
+			this.txtTicket.Location = new System.Drawing.Point(136, 56);
 			this.txtTicket.Name = "txtTicket";
-			this.txtTicket.Size = new System.Drawing.Size(340, 20);
+			this.txtTicket.Size = new System.Drawing.Size(378, 20);
 			this.txtTicket.TabIndex = 1;
 			// 
 			// lblTicket
 			// 
 			this.lblTicket.AutoSize = true;
-			this.lblTicket.Location = new System.Drawing.Point(9, 48);
+			this.lblTicket.Location = new System.Drawing.Point(9, 59);
 			this.lblTicket.Name = "lblTicket";
-			this.lblTicket.Size = new System.Drawing.Size(71, 13);
+			this.lblTicket.Size = new System.Drawing.Size(117, 13);
 			this.lblTicket.TabIndex = 4;
-			this.lblTicket.Text = "Setup Ticket:";
+			this.lblTicket.Text = "Setup Ticket (optional):";
 			// 
 			// txtInstanceName
 			// 
-			this.txtInstanceName.Location = new System.Drawing.Point(98, 16);
+			this.txtInstanceName.Location = new System.Drawing.Point(136, 27);
 			this.txtInstanceName.Name = "txtInstanceName";
-			this.txtInstanceName.Size = new System.Drawing.Size(340, 20);
+			this.txtInstanceName.Size = new System.Drawing.Size(378, 20);
 			this.txtInstanceName.TabIndex = 0;
 			// 
 			// lblInstanceName
 			// 
 			this.lblInstanceName.AutoSize = true;
-			this.lblInstanceName.Location = new System.Drawing.Point(9, 20);
+			this.lblInstanceName.Location = new System.Drawing.Point(11, 30);
 			this.lblInstanceName.Name = "lblInstanceName";
-			this.lblInstanceName.Size = new System.Drawing.Size(82, 13);
+			this.lblInstanceName.Size = new System.Drawing.Size(121, 13);
 			this.lblInstanceName.TabIndex = 3;
-			this.lblInstanceName.Text = "Instance Name:";
+			this.lblInstanceName.Text = "Instance Name (FQDN):";
 			// 
 			// groupBox2
 			// 
@@ -295,9 +295,9 @@
 			this.groupBox2.Controls.Add(this.txtListenerPort);
 			this.groupBox2.Controls.Add(this.lblListenerPort);
 			this.groupBox2.Controls.Add(this.rdoListener);
-			this.groupBox2.Location = new System.Drawing.Point(8, 359);
+			this.groupBox2.Location = new System.Drawing.Point(8, 291);
 			this.groupBox2.Name = "groupBox2";
-			this.groupBox2.Size = new System.Drawing.Size(294, 135);
+			this.groupBox2.Size = new System.Drawing.Size(298, 188);
 			this.groupBox2.TabIndex = 2;
 			this.groupBox2.TabStop = false;
 			this.groupBox2.Text = "TCP Listener";
@@ -318,7 +318,7 @@
 			// txtListenerPort
 			// 
 			this.txtListenerPort.Enabled = false;
-			this.txtListenerPort.Location = new System.Drawing.Point(132, 51);
+			this.txtListenerPort.Location = new System.Drawing.Point(66, 47);
 			this.txtListenerPort.Name = "txtListenerPort";
 			this.txtListenerPort.Size = new System.Drawing.Size(84, 20);
 			this.txtListenerPort.TabIndex = 8;
@@ -327,7 +327,7 @@
 			// lblListenerPort
 			// 
 			this.lblListenerPort.AutoSize = true;
-			this.lblListenerPort.Location = new System.Drawing.Point(43, 55);
+			this.lblListenerPort.Location = new System.Drawing.Point(31, 51);
 			this.lblListenerPort.Name = "lblListenerPort";
 			this.lblListenerPort.Size = new System.Drawing.Size(29, 13);
 			this.lblListenerPort.TabIndex = 1;
@@ -338,9 +338,9 @@
 			this.rdoListener.AutoSize = true;
 			this.rdoListener.Location = new System.Drawing.Point(11, 24);
 			this.rdoListener.Name = "rdoListener";
-			this.rdoListener.Size = new System.Drawing.Size(250, 17);
+			this.rdoListener.Size = new System.Drawing.Size(283, 17);
 			this.rdoListener.TabIndex = 7;
-			this.rdoListener.Text = "Listen for connections from the master instance:";
+			this.rdoListener.Text = "Listen for connections from master/satellite instance(s):";
 			this.rdoListener.UseVisualStyleBackColor = true;
 			this.rdoListener.CheckedChanged += new System.EventHandler(this.RadioListener_CheckedChanged);
 			// 
@@ -350,19 +350,28 @@
 			this.groupBox1.Controls.Add(this.btnRemoveEndpoint);
 			this.groupBox1.Controls.Add(this.btnAddEndpoint);
 			this.groupBox1.Controls.Add(this.lvwEndpoints);
-			this.groupBox1.Controls.Add(this.rdoNoMaster);
-			this.groupBox1.Controls.Add(this.rdoNewMaster);
-			this.groupBox1.Location = new System.Drawing.Point(8, 77);
+			this.groupBox1.Location = new System.Drawing.Point(8, 94);
 			this.groupBox1.Name = "groupBox1";
-			this.groupBox1.Size = new System.Drawing.Size(601, 276);
+			this.groupBox1.Size = new System.Drawing.Size(601, 191);
 			this.groupBox1.TabIndex = 1;
 			this.groupBox1.TabStop = false;
-			this.groupBox1.Text = "Master Instance";
+			this.groupBox1.Text = "Parent master/satellite instance(s) for this client";
+			// 
+			// btnEditEndpoint
+			// 
+			this.btnEditEndpoint.Enabled = false;
+			this.btnEditEndpoint.Location = new System.Drawing.Point(520, 48);
+			this.btnEditEndpoint.Name = "btnEditEndpoint";
+			this.btnEditEndpoint.Size = new System.Drawing.Size(75, 23);
+			this.btnEditEndpoint.TabIndex = 7;
+			this.btnEditEndpoint.Text = "Edit";
+			this.btnEditEndpoint.UseVisualStyleBackColor = true;
+			this.btnEditEndpoint.Click += new System.EventHandler(this.btnEditEndpoint_Click);
 			// 
 			// btnRemoveEndpoint
 			// 
 			this.btnRemoveEndpoint.Enabled = false;
-			this.btnRemoveEndpoint.Location = new System.Drawing.Point(520, 141);
+			this.btnRemoveEndpoint.Location = new System.Drawing.Point(520, 77);
 			this.btnRemoveEndpoint.Name = "btnRemoveEndpoint";
 			this.btnRemoveEndpoint.Size = new System.Drawing.Size(75, 23);
 			this.btnRemoveEndpoint.TabIndex = 6;
@@ -372,7 +381,7 @@
 			// 
 			// btnAddEndpoint
 			// 
-			this.btnAddEndpoint.Location = new System.Drawing.Point(520, 83);
+			this.btnAddEndpoint.Location = new System.Drawing.Point(520, 19);
 			this.btnAddEndpoint.Name = "btnAddEndpoint";
 			this.btnAddEndpoint.Size = new System.Drawing.Size(75, 23);
 			this.btnAddEndpoint.TabIndex = 5;
@@ -387,9 +396,9 @@
 			this.colHost,
 			this.colPort});
 			this.lvwEndpoints.FullRowSelect = true;
-			this.lvwEndpoints.Location = new System.Drawing.Point(11, 83);
+			this.lvwEndpoints.Location = new System.Drawing.Point(6, 19);
 			this.lvwEndpoints.Name = "lvwEndpoints";
-			this.lvwEndpoints.Size = new System.Drawing.Size(500, 176);
+			this.lvwEndpoints.Size = new System.Drawing.Size(500, 166);
 			this.lvwEndpoints.TabIndex = 4;
 			this.lvwEndpoints.UseCompatibleStateImageBehavior = false;
 			this.lvwEndpoints.View = System.Windows.Forms.View.Details;
@@ -410,32 +419,6 @@
 			this.colPort.Text = "Port";
 			this.colPort.Width = 80;
 			// 
-			// rdoNoMaster
-			//
-			this.rdoNoMaster.AutoSize = true;
-			this.rdoNoMaster.Checked = true;
-			this.rdoNoMaster.Location = new System.Drawing.Point(11, 50);
-			this.rdoNoMaster.Name = "rdoNoMaster";
-			this.rdoNoMaster.Size = new System.Drawing.Size(374, 17);
-			this.rdoNoMaster.TabIndex = 3;
-			this.rdoNoMaster.TabStop = true;
-			this.rdoNoMaster.Text = "This instance should report its check results to an existing Icinga 2 master:";
-			this.rdoNoMaster.UseVisualStyleBackColor = true;
-			this.rdoNoMaster.CheckedChanged += new System.EventHandler(this.RadioMaster_CheckedChanged);
-			//
-			// rdoNewMaster
-			//
-			this.rdoNewMaster.AutoSize = true;
-			this.rdoNewMaster.Enabled = false;
-			this.rdoNewMaster.Location = new System.Drawing.Point(11, 22);
-			this.rdoNewMaster.Name = "rdoNewMaster";
-			this.rdoNewMaster.Size = new System.Drawing.Size(167, 17);
-			this.rdoNewMaster.TabIndex = 2;
-			this.rdoNewMaster.TabStop = true;
-			this.rdoNewMaster.Text = "This is a new master instance.";
-			this.rdoNewMaster.UseVisualStyleBackColor = true;
-			this.rdoNewMaster.CheckedChanged += new System.EventHandler(this.RadioMaster_CheckedChanged);
-			//
 			// tbcPages
 			// 
 			this.tbcPages.Appearance = System.Windows.Forms.TabAppearance.FlatButtons;
@@ -585,7 +568,7 @@
 			this.lblX509Prompt.Name = "lblX509Prompt";
 			this.lblX509Prompt.Size = new System.Drawing.Size(201, 13);
 			this.lblX509Prompt.TabIndex = 0;
-			this.lblX509Prompt.Text = "Please verify the master\'s SSL certificate:";
+			this.lblX509Prompt.Text = "Please verify the master/satellite\'s SSL certificate:";
 			// 
 			// tabError
 			// 
@@ -628,16 +611,14 @@
 			this.picBanner.TabIndex = 1;
 			this.picBanner.TabStop = false;
 			// 
-			// btnEditEndpoint
+			// introduction1
 			// 
-			this.btnEditEndpoint.Enabled = false;
-			this.btnEditEndpoint.Location = new System.Drawing.Point(520, 112);
-			this.btnEditEndpoint.Name = "btnEditEndpoint";
-			this.btnEditEndpoint.Size = new System.Drawing.Size(75, 23);
-			this.btnEditEndpoint.TabIndex = 7;
-			this.btnEditEndpoint.Text = "Edit";
-			this.btnEditEndpoint.UseVisualStyleBackColor = true;
-			this.btnEditEndpoint.Click += new System.EventHandler(this.btnEditEndpoint_Click);
+			this.introduction1.AutoSize = true;
+			this.introduction1.Location = new System.Drawing.Point(11, 3);
+			this.introduction1.Name = "introduction1";
+			this.introduction1.Size = new System.Drawing.Size(269, 13);
+			this.introduction1.TabIndex = 6;
+			this.introduction1.Text = "Welcome to the Icinga 2 Windows Client Setup Wizard!";
 			// 
 			// SetupWizard
 			// 
@@ -667,7 +648,6 @@
 			this.groupBox2.ResumeLayout(false);
 			this.groupBox2.PerformLayout();
 			this.groupBox1.ResumeLayout(false);
-			this.groupBox1.PerformLayout();
 			this.tbcPages.ResumeLayout(false);
 			this.tabRetrieveCertificate.ResumeLayout(false);
 			this.tabRetrieveCertificate.PerformLayout();
@@ -707,8 +687,6 @@
 		private System.Windows.Forms.ListView lvwEndpoints;
 		private System.Windows.Forms.ColumnHeader colHost;
 		private System.Windows.Forms.ColumnHeader colPort;
-		private System.Windows.Forms.RadioButton rdoNoMaster;
-		private System.Windows.Forms.RadioButton rdoNewMaster;
 		private System.Windows.Forms.TabControl tbcPages;
 		private System.Windows.Forms.TabPage tabVerifyCertificate;
 		private System.Windows.Forms.Label lblX509Prompt;
@@ -737,6 +715,7 @@
 		private System.Windows.Forms.TextBox txtUser;
 		private System.Windows.Forms.CheckBox chkRunServiceAsThisUser;
 		private System.Windows.Forms.Button btnEditEndpoint;
+		private System.Windows.Forms.Label introduction1;
 	}
 }
 

agent/windows-setup-agent/SetupWizard.cs

@@ -189,26 +189,26 @@ namespace Icinga
 
 			string args = "";
 
-			if (rdoNewMaster.Checked)
-				args += " --master";
-
 			Invoke((MethodInvoker)delegate
 			{
 				string master_host, master_port;
 				GetMasterHostPort(out master_host, out master_port);
 
-				args += " --master_host " + master_host + "," + master_port;
+				args += " --master_host " + Convert.ToString(master_host).Trim()
+				    + "," + Convert.ToString(master_port).Trim();
 
 				foreach (ListViewItem lvi in lvwEndpoints.Items) {
-					args += " --endpoint " + lvi.SubItems[0].Text;
+					args += " --endpoint " + Convert.ToString(lvi.SubItems[0].Text).Trim();
 
-					if (lvi.SubItems.Count > 1)
-						args += "," + lvi.SubItems[1].Text + "," + lvi.SubItems[2].Text;
+					if (lvi.SubItems.Count > 1) {
+						args += "," + Convert.ToString(lvi.SubItems[1].Text).Trim()
+						    + "," + Convert.ToString(lvi.SubItems[2].Text).Trim();
+					}
 				}
 			});
 
 			if (rdoListener.Checked)
-				args += " --listen ::," + txtListenerPort.Text;
+				args += " --listen ::," + Convert.ToString(txtListenerPort.Text).Trim();
 
 			if (chkAcceptConfig.Checked)
 				args += " --accept-config";
@@ -216,10 +216,14 @@ namespace Icinga
 			if (chkAcceptCommands.Checked)
 				args += " --accept-commands";
 
-			args += " --ticket \"" + txtTicket.Text + "\"";
+			string ticket = Convert.ToString(txtTicket.Text).Trim();
+
+			if (ticket.Length > 0)
+				args += " --ticket \"" + ticket + "\"";
+
 			args += " --trustedcert \"" + _TrustedFile + "\"";
-			args += " --cn \"" + txtInstanceName.Text + "\"";
-			args += " --zone \"" + txtInstanceName.Text + "\"";
+			args += " --cn \"" + Convert.ToString(txtInstanceName.Text).Trim() + "\"";
+			args += " --zone \"" + Convert.ToString(txtInstanceName.Text) + "\"";
 
 			if (!RunProcess(Program.Icinga2InstallDir + "\\sbin\\icinga2.exe",
 				"node setup" + args,
@@ -229,16 +233,19 @@ namespace Icinga
 			}
 
 			SetConfigureStatus(50, "Setting ACLs for the Icinga 2 directory...");
+
+			string serviceUser = Convert.ToString(txtUser.Text).Trim();
+
 			DirectoryInfo di = new DirectoryInfo(Program.Icinga2InstallDir);
 			DirectorySecurity ds = di.GetAccessControl();
-			FileSystemAccessRule rule = new FileSystemAccessRule(txtUser.Text,
+			FileSystemAccessRule rule = new FileSystemAccessRule(serviceUser,
 				FileSystemRights.Modify,
 				InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow);
 			try {
 				ds.AddAccessRule(rule);
 				di.SetAccessControl(ds);
 			} catch (System.Security.Principal.IdentityNotMappedException) {
-				ShowErrorText("Could not set ACLs for \"" + txtUser.Text + "\". Identitiy is not mapped.\n");
+				ShowErrorText("Could not set ACLs for user \"" + serviceUser + "\". Identitiy is not mapped.\n");
 				return;
 			}
 
@@ -256,10 +263,10 @@ namespace Icinga
 			}
 
 			if (!RunProcess(Program.Icinga2InstallDir + "\\sbin\\icinga2.exe",
-				"--scm-install --scm-user \"" + txtUser.Text + "\" daemon",
+				"--scm-install --scm-user \"" + serviceUser + "\" daemon",
 				out output)) {
 				ShowErrorText("\nRunning command 'icinga2.exe --scm-install --scm-user \"" +
-					txtUser.Text + "\" daemon' produced the following output:\n" + output);
+					serviceUser + "\" daemon' produced the following output:\n" + output);
 				return;
 			}
 
@@ -275,6 +282,14 @@ namespace Icinga
 
 			SetConfigureStatus(100, "Finished.");
 
+			// Override the completed text
+			lblSetupCompleted.Text = "The Icinga 2 Windows client was set up successfully.";
+
+			// Add a note for the user for ticket-less signing
+			if (ticket.Length == 0) {
+				lblSetupCompleted.Text += "\n\nTicket was not specified. Please sign the certificate request on the Icinga 2 master node (requires v2.8+).";
+			}
+
 			FinishConfigure();
 		}
 
@@ -311,14 +326,8 @@ namespace Icinga
 					return;
 				}
 
-				if (txtTicket.Text.Length == 0) {
-					Warning("Please enter an agent ticket.");
-					return;
-				}
-
-				if (rdoNoMaster.Checked) {
 				if (lvwEndpoints.Items.Count == 0) {
-						Warning("You need to add at least one master endpoint.");
+					Warning("You need to add at least one master/satellite endpoint.");
 					return;
 				}
 
@@ -327,7 +336,6 @@ namespace Icinga
 					Warning("Please enter a remote host and port for at least one of your endpoints.");
 					return;
 				}
-				}
 
 				if (rdoListener.Checked && (txtListenerPort.Text == "")) {
 					Warning("You need to specify a listener port.");
@@ -335,7 +343,7 @@ namespace Icinga
 				}
 
 				if (txtUser.Text.Length == 0) {
-					Warning("Icinga2 user may not be empty.");
+					Warning("Icinga 2 service user may not be empty.");
 					return;
 				}
 			}
@@ -373,35 +381,12 @@ namespace Icinga
 				thread.Start();
 			}
 
-			/*if (tbcPages.SelectedTab == tabParameters &&
-				!File.Exists(Icinga2DataDir + "\\etc\\icinga2\\pki\\agent\\agent.crt")) {
-				byte[] bytes = Convert.FromBase64String(txtBundle.Text);
-				MemoryStream ms = new MemoryStream(bytes);
-				GZipStream gz = new GZipStream(ms, CompressionMode.Decompress);
-				MemoryStream ms2 = new MemoryStream();
-
-				byte[] buffer = new byte[512];
-				int rc;
-				while ((rc = gz.Read(buffer, 0, buffer.Length)) > 0)
-					ms2.Write(buffer, 0, rc);
-				ms2.Position = 0;
-				TarReader tr = new TarReader(ms2);
-				tr.ReadToEnd(Icinga2DataDir + "\\etc\\icinga2\\pki\\agent");
-			}*/
-
 			if (tbcPages.SelectedTab == tabConfigure) {
 				Thread thread = new Thread(ConfigureService);
 				thread.Start();
 			}
 		}
 
-		private void RadioMaster_CheckedChanged(object sender, EventArgs e)
-		{
-			lvwEndpoints.Enabled = !rdoNewMaster.Checked;
-			btnAddEndpoint.Enabled = !rdoNewMaster.Checked;
-			btnRemoveEndpoint.Enabled = !rdoNewMaster.Checked && lvwEndpoints.SelectedItems.Count > 0;
-		}
-
 		private void RadioListener_CheckedChanged(object sender, EventArgs e)
 		{
 			txtListenerPort.Enabled = rdoListener.Checked;
@@ -488,7 +473,7 @@ namespace Icinga
 
 			ListViewItem lvi = lvwX509Fields.SelectedItems[0];
 
-			txtX509Field.Text = (string)lvi.Tag;
+			txtX509Field.Text = Convert.ToString(lvi.Tag);
 		}
 
 		private void btnRemoveEndpoint_Click(object sender, EventArgs e)

doc/06-distributed-monitoring.md

@@ -386,7 +386,7 @@ existing master node setup. If you haven't done so already, please [run the mast
 Icinga 2 on the master node must be running and accepting connections on port `5665`.
 
 
-### Client/Satellite Linux Setup <a id="distributed-monitoring-setup-client-linux"></a>
+### Client/Satellite Setup on Linux <a id="distributed-monitoring-setup-client-linux"></a>
 
 Please ensure that you've run all the steps mentioned in the [client/satellite section](06-distributed-monitoring.md#distributed-monitoring-setup-satellite-client).
 
@@ -583,21 +583,21 @@ You can verify that the certificate files are stored in the `/var/lib/icinga2/ce
 > signing requests and responses might need some minutes to fully update the client certificates.
 >
 > If you have chosen to use [On-Demand CSR Signing](06-distributed-monitoring.md#distributed-monitoring-setup-on-demand-csr-signing)
-> certificates need to be signed on the master first.
+> certificates need to be signed on the master first. Ticket-less setups require at least Icinga 2 v2.8+ on all involved instances.
 
-Now that you've successfully installed a satellite/client, please proceed to
+Now that you've successfully installed a Linux/Unix satellite/client instance, please proceed to
 the [configuration modes](06-distributed-monitoring.md#distributed-monitoring-configuration-modes).
 
 
 
-### Client/Satellite Windows Setup <a id="distributed-monitoring-setup-client-windows"></a>
+### Client Setup on Windows <a id="distributed-monitoring-setup-client-windows"></a>
 
 Download the MSI-Installer package from [https://packages.icinga.com/windows/](https://packages.icinga.com/windows/).
 
 Requirements:
 
 * Windows Vista/Server 2008 or higher
-* [Microsoft .NET Framework 2.0](https://www.microsoft.com/de-de/download/details.aspx?id=1639)
+* [Microsoft .NET Framework 2.0](https://www.microsoft.com/de-de/download/details.aspx?id=1639) for the setup wizard
 
 The installer package includes the [NSClient++](https://www.nsclient.org/) package
 so that Icinga 2 can use its built-in plugins. You can find more details in
@@ -605,6 +605,10 @@ so that Icinga 2 can use its built-in plugins. You can find more details in
 The Windows package also installs native [monitoring plugin binaries](06-distributed-monitoring.md#distributed-monitoring-windows-plugins)
 to get you started more easily.
 
+> **Note**
+>
+> Please note that Icinga 2 was designed to run as light-weight client on Windows.
+> There is no support for satellite instances.
 
 #### Windows Client Setup Start <a id="distributed-monitoring-setup-client-windows-start"></a>
 
@@ -616,16 +620,22 @@ Run the MSI-Installer package and follow the instructions shown in the screensho
 ![Icinga 2 Windows Setup](images/distributed-monitoring/icinga2_windows_setup_installer_04.png)
 ![Icinga 2 Windows Setup](images/distributed-monitoring/icinga2_windows_setup_installer_05.png)
 
-The graphical installer will offer to run the Icinga 2 setup wizard after the installation.
-You can also manually run the Icinga 2 setup wizard from the Start menu.
+The graphical installer offers to run the Icinga 2 setup wizard after the installation. Select
+the check box to proceed.
 
-On a fresh installation the setup wizard will guide you through the initial configuration and offer to use CSR auto-signing for generating the SSL certificate.
-You'll need the following configuration details:
+> **Tip**
+>
+> You can also run the Icinga 2 setup wizard from the Start menu later.
+
+On a fresh installation the setup wizard guides you through the initial configuration.
+It also provides a mechanism to send a certificate request to the [CSR signing master](distributed-monitoring-setup-sign-certificates-master).
+
+The following configuration details are required:
 
   Parameter           | Description
   --------------------|--------------------
-  Common name (CN)    | **Required.** By convention this should be the host's FQDN. Defaults to the FQDN.
-  Request ticket      | **Required.** Paste the previously generated [ticket number](06-distributed-monitoring.md#distributed-monitoring-setup-csr-auto-signing).
+  Instance name       | **Required.** By convention this should be the host's FQDN. Defaults to the FQDN.
+  Setup ticket        | **Optional.** Paste the previously generated [ticket number](06-distributed-monitoring.md#distributed-monitoring-setup-csr-auto-signing). If left blank, the certificate request must be [signed on the master node](06-distributed-monitoring.md#distributed-monitoring-setup-on-demand-csr-signing).
 
 Fill in the required information and click `Add` to add a new master connection.
 
@@ -634,30 +644,32 @@ Fill in the required information and click `Add` to add a new master connection.
 Add the following details:
 
   Parameter                      | Description
-  ---------------------|--------------------
-  Instance name        | **Required.** The master endpoint name.
-  Master endpoint host | **Required if the the client needs to connect to the master.** The master's IP address or FQDN. This information is included in the `Endpoint` object configuration in the `zones.conf` file.
-  Master endpoint port | **Optional if the the client needs to connect to the master.** The master's listening port. This information is included in the `Endpoint` object configuration.
+  -------------------------------|-------------------------------
+  Instance name                  | **Required.** The master/satellite endpoint name where this client is a direct child of.
+  Master/Satellite endpoint host | **Required.** The master or satellite's IP address or FQDN. This information is included in the `Endpoint` object configuration in the `zones.conf` file.
+  Master/Satellite endpoint port | **Optional.** The master or satellite's listening port. This information is included in the `Endpoint` object configuration.
 
 ![Icinga 2 Windows Setup](images/distributed-monitoring/icinga2_windows_setup_wizard_02.png)
 
-Optionally, you can enable the following settings:
+Optionally enable the following settings:
 
   Parameter                         | Description
-  --------------------|--------------------
+  ----------------------------------|----------------------------------
   Accept config                     | **Optional.** Whether this node accepts configuration sync from the master node (required for [config sync mode](06-distributed-monitoring.md#distributed-monitoring-top-down-config-sync)). For [security reasons](06-distributed-monitoring.md#distributed-monitoring-security) this is disabled by default.
   Accept commands                   | **Optional.** Whether this node accepts command execution messages from the master node (required for [command endpoint mode](06-distributed-monitoring.md#distributed-monitoring-top-down-command-endpoint)). For [security reasons](06-distributed-monitoring.md#distributed-monitoring-security) this is disabled by default.
+  Run Icinga 2 service as this user | **Optional.** Specify a different Windows user. This defaults to `NT AUTHORITY\Network Service` and is required for more privileged service checks.
   Install NSClient++                | **Optional.** The Windows installer bundles the NSClient++ installer for additional [plugin checks](06-distributed-monitoring.md#distributed-monitoring-windows-nscp).
 
 ![Icinga 2 Windows Setup](images/distributed-monitoring/icinga2_windows_setup_wizard_03.png)
 
-The next step allows you to verify the CA presented by the master.
+Verify the certificate from the master/satellite instance where this node should connect to.
 
 ![Icinga 2 Windows Setup](images/distributed-monitoring/icinga2_windows_setup_wizard_04.png)
 
+
 #### Bundled NSClient++ Setup <a id="distributed-monitoring-setup-client-windows-nsclient"></a>
 
-If you have chosen to install/update the NSClient++ package, the Icinga 2 setup wizard will ask
+If you have chosen to install/update the NSClient++ package, the Icinga 2 setup wizard asks
 you to do so.
 
 ![Icinga 2 Windows Setup NSClient++](images/distributed-monitoring/icinga2_windows_setup_wizard_05_nsclient_01.png)
@@ -675,7 +687,7 @@ NSClient++ does not install a sample configuration by default. Change this as sh
 ![Icinga 2 Windows Setup NSClient++](images/distributed-monitoring/icinga2_windows_setup_wizard_05_nsclient_04.png)
 
 Generate a secure password and enable the web server module. **Note**: The webserver module is
-available starting with NSClient++ 0.5.0. Icinga 2 v2.6+ including this version is required.
+available starting with NSClient++ 0.5.0. Icinga 2 v2.6+ is required which includes this version.
 
 ![Icinga 2 Windows Setup NSClient++](images/distributed-monitoring/icinga2_windows_setup_wizard_05_nsclient_05.png)
 
@@ -689,25 +701,37 @@ configuration file.
 
 ![Icinga 2 Windows Setup NSClient++](images/distributed-monitoring/icinga2_windows_setup_wizard_05_nsclient_07.png)
 
-The NSClient++ REST API can be used to query metrics. Future Icinga 2 versions will add
-more integrations. Additional details can be found in this [blog post](https://www.icinga.com/2016/09/16/nsclient-0-5-0-rest-api-and-icinga-2-integration/).
+The NSClient++ REST API can be used to query metrics. [check_nscp_api](06-distributed-monitoring.md#distributed-monitoring-windows-nscp-check-api)
+uses this transport method.
+
 
 #### Finish Windows Client Setup <a id="distributed-monitoring-setup-client-windows-finish"></a>
 
-Finish the setup wizard.
+Finish the Windows setup wizard.
 
-![Icinga 2 Windows Setup](images/distributed-monitoring/icinga2_windows_setup_wizard_06.png)
+![Icinga 2 Windows Setup](images/distributed-monitoring/icinga2_windows_setup_wizard_06_finish_with_ticket.png)
 
-After the installation and configuration Icinga 2 is automatically started as a Windows service.
+If you did not provide a setup ticket, you need to sign the certificate request on the master.
+The setup wizards tells you to do so. The Icinga 2 service is running at this point already
+and will automatically receive and update a signed client certificate.
+
+> **Note**
+>
+> Ticket-less setups require at least Icinga 2 v2.8+ on all involved instances.
+
+
+![Icinga 2 Windows Setup](images/distributed-monitoring/icinga2_windows_setup_wizard_06_finish_no_ticket.png)
+
+Icinga 2 is automatically started as a Windows service.
 
 ![Icinga 2 Windows Setup](images/distributed-monitoring/icinga2_windows_running_service.png)
 
 The Icinga 2 configuration is stored inside the `C:\ProgramData\icinga2` directory.
-If you click `Examine Config` in the setup wizard, it will open a new Explorer window.
+Click `Examine Config` in the setup wizard to open a new Explorer window.
 
 ![Icinga 2 Windows Setup](images/distributed-monitoring/icinga2_windows_setup_wizard_examine_config.png)
 
-The configuration files can be modified with your favorite editor.
+The configuration files can be modified with your favorite editor e.g. Notepad.
 
 In order to use the [top down](06-distributed-monitoring.md#distributed-monitoring-top-down) client
 configuration prepare the following steps.
@@ -720,7 +744,7 @@ the `zones.conf` file in your preferred editor. Add the following lines if not e
       global = true
     }
 
-Note: Packages >= 2.7 provide this configuration by default.
+Note: Packages >= 2.8 provide this configuration by default.
 
 You don't need any local configuration on the client except for
 CheckCommand definitions which can be synced using the global zone
@@ -746,10 +770,14 @@ and restart the `icinga2` service. Alternatively, you can use the `net {start,st
 
 ![Icinga 2 Windows Service Start/Stop](images/distributed-monitoring/icinga2_windows_cmd_admin_net_start_stop.png)
 
-Now that you've successfully installed a satellite/client, please proceed to
+Now that you've successfully installed a Windows client, please proceed to
 the [detailed configuration modes](06-distributed-monitoring.md#distributed-monitoring-configuration-modes).
 
-
+> **Note**
+>
+> The certificate location changed in v2.8 to `%ProgramData%\var\lib\icinga2\certs`.
+> Please read the [upgrading chapter](16-upgrading-icinga-2.md#upgrading-to-2-8-certificate-paths)
+> for more details.
 
 ## Configuration Modes <a id="distributed-monitoring-configuration-modes"></a>
 
@@ -853,7 +881,7 @@ for syncing check commands later:
       global = true
     }
 
-Note: Packages >= 2.7 provide this configuration by default.
+Note: Packages >= 2.8 provide this configuration by default.
 
 You don't need any local configuration on the client except for
 CheckCommand definitions which can be synced using the global zone
@@ -1795,7 +1823,7 @@ the global configuration files:
       global = true
     }
 
-Note: Packages >= 2.7 provide this configuration by default.
+Note: Packages >= 2.8 provide this configuration by default.
 
 Similar to the zone configuration sync you'll need to create a new directory in
 `/etc/icinga2/zones.d`:
@@ -2562,7 +2590,7 @@ Add an additional global zone. Please note the `>>` append mode.
     }
     EOF
 
-Note: Packages >= 2.7 provide this configuration by default.
+Note: Packages >= 2.8 provide this configuration by default.
 
 If this client node is configured as [remote command endpoint execution](06-distributed-monitoring.md#distributed-monitoring-top-down-command-endpoint)
 you can safely disable the `checker` feature. The `node setup` CLI command already disabled the `notification` feature.

doc/16-upgrading-icinga-2.md

@@ -108,7 +108,6 @@ The node CLI command does not provide `list` or `update-config` anymore.
 > The old migration guide can be found on [GitHub](https://github.com/Icinga/icinga2/blob/v2.7.0/doc/06-distributed-monitoring.md#bottom-up-migration-to-top-down-).
 
 The clients don't need to have a local `conf.d` directory included.
-The setup wizards for Linux and Windows attempt to disable this by default.
 
 Icinga 2 continues to run with the generated and imported configuration.
 You are advised to [migrate](https://github.com/Icinga/icinga2/issues/4798)

lib/cli/nodesetupcommand.cpp

@@ -61,7 +61,7 @@ void NodeSetupCommand::InitParameters(boost::program_options::options_descriptio
 		("master_host", po::value<std::string>(), "The name of the master host for auto-signing the csr; syntax: host[,port]")
 		("endpoint", po::value<std::vector<std::string> >(), "Connect to remote endpoint; syntax: cn[,host,port]")
 		("listen", po::value<std::string>(), "Listen on host,port")
-		("ticket", po::value<std::string>(), "Generated ticket number for this request")
+		("ticket", po::value<std::string>(), "Generated ticket number for this request (optional)")
 		("trustedcert", po::value<std::string>(), "Trusted master certificate file")
 		("cn", po::value<std::string>(), "The certificate's common name")
 		("accept-config", "Accept config from master")
@@ -236,15 +236,7 @@ int NodeSetupCommand::SetupMaster(const boost::program_options::variables_map& v
 
 int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap)
 {
-	/* require ticket number (generated on master) and at least one endpoint */
-
-	if (!vm.count("ticket")) {
-		Log(LogCritical, "cli")
-		    << "Please pass the ticket number generated on master\n"
-		    << "(Hint: 'icinga2 pki ticket --cn " << Utility::GetFQDN() << "').";
-		return 1;
-	}
-
+	/* require at least one endpoint. Ticket is optional. */
 	if (!vm.count("endpoint")) {
 		Log(LogCritical, "cli", "You need to specify at least one endpoint (--endpoint).");
 		return 1;
@@ -255,10 +247,18 @@ int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm,
 		return 1;
 	}
 
-	String ticket = vm["ticket"].as<std::string>();
+	String ticket;
 
+	if (vm.count("ticket"))
+		ticket = vm["ticket"].as<std::string>();
+
+	if (ticket.IsEmpty()) {
 		Log(LogInformation, "cli")
-	    << "Verifying ticket '" << ticket << "'.";
+		    << "Requesting certificate without a ticket.";
+	} else {
+		Log(LogInformation, "cli")
+		    << "Requesting certificate with ticket '" << ticket << "'.";
+	}
 
 	/* require master host information for auto-signing requests */
 
@@ -340,8 +340,11 @@ int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm,
 
 	Log(LogInformation, "cli", "Requesting a signed certificate from the parent Icinga node.");
 
-	if (PkiUtility::RequestCertificate(master_host, master_port, key, cert, ca, trustedcert, ticket) != 0) {
-		Log(LogCritical, "cli", "Failed to request certificate from parent Icinga node.");
+	if (PkiUtility::RequestCertificate(master_host, master_port, key, cert, ca, trustedcert, ticket) > 0) {
+		Log(LogCritical, "cli")
+		    << "Failed to fetch signed certificate from parent Icinga node '"
+		    << master_host << ", "
+		    << master_port << "'. Please try again.";
 		return 1;
 	}
 
@@ -444,6 +447,7 @@ int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm,
 	NodeUtility::UpdateConstant("NodeName", cn);
 	NodeUtility::UpdateConstant("ZoneName", vm["zone"].as<std::string>());
 
+	if (!ticket.IsEmpty()) {
 		String ticketPath = ApiListener::GetCertsDir() + "/ticket";
 
 		String tempTicketPath = Utility::CreateTempFile(ticketPath + ".XXXXXX", 0600, fp);
@@ -469,6 +473,7 @@ int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm,
 			    << boost::errinfo_errno(errno)
 			    << boost::errinfo_file_name(tempTicketPath));
 		}
+	}
 
 	/* tell the user to reload icinga2 */
 	Log(LogInformation, "cli", "Make sure to restart Icinga 2.");