tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Rename PKI arguments 

fixes #7427
This commit is contained in:
Michael Friedrich 2014-10-22 15:36:39 +02:00
parent 177117cbe1
commit 6bfd6312f5
7 changed files with 74 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
agent/windows-setup-agent/AgentWizard.cs
View File

@ -149,7 +149,7 @@ namespace Icinga
if (!File.Exists(pathPrefix + ".crt")) {
if (!RunProcess(Icinga2InstallDir + "\\sbin\\icinga2.exe",
"pki new-cert --cn \"" + txtInstanceName.Text + "\" --keyfile \"" + pathPrefix + ".key\" --certfile \"" + pathPrefix + ".crt\"",
"pki new-cert --cn \"" + txtInstanceName.Text + "\" --key \"" + pathPrefix + ".key\" --cert \"" + pathPrefix + ".crt\"",
out output)) {
ShowErrorText(output);
return;
@ -161,7 +161,7 @@ namespace Icinga
_TrustedFile = Path.GetTempFileName();
if (!RunProcess(Icinga2InstallDir + "\\sbin\\icinga2.exe",
"pki save-cert --host \"" + host + "\" --port \"" + port + "\" --keyfile \"" + pathPrefix + ".key\" --certfile \"" + pathPrefix + ".crt\" --trustedfile \"" + _TrustedFile + "\"",
"pki save-cert --host \"" + host + "\" --port \"" + port + "\" --key \"" + pathPrefix + ".key\" --cert \"" + pathPrefix + ".crt\" --trustedcert \"" + _TrustedFile + "\"",
out output)) {
ShowErrorText(output);
return;

8
doc/4-monitoring-remote-systems.md
View File

@ -197,8 +197,8 @@ object name.
Example:
# icinga2 pki new-cert --cn icinga2a --keyfile icinga2a.key --csrfile icinga2a.csr
# icinga2 pki sign-csr --csrfile icinga2a.csr --certfile icinga2a.crt
# icinga2 pki new-cert --cn icinga2a --key icinga2a.key --csr icinga2a.csr
# icinga2 pki sign-csr --csr icinga2a.csr --cert icinga2a.crt
# vim cluster.conf
@ -241,8 +241,8 @@ following command:
Now create a certificate and key file for each node running the following command
(replace `icinga2a` with the required hostname):
# icinga2 pki new-cert --cn icinga2a --keyfile icinga2a.key --csrfile icinga2a.csr
# icinga2 pki sign-csr --csrfile icinga2a.csr --certfile icinga2a.crt
# icinga2 pki new-cert --cn icinga2a --key icinga2a.key --csr icinga2a.csr
# icinga2 pki sign-csr --csr icinga2a.csr --cert icinga2a.crt
Repeat the step for all nodes in your cluster scenario.

44
lib/cli/agentsetupcommand.cpp
View File

@ -70,7 +70,7 @@ void AgentSetupCommand::InitParameters(boost::program_options::options_descripti
std::vector<String> AgentSetupCommand::GetArgumentSuggestions(const String& argument, const String& word) const
{
if (argument == "keyfile" || argument == "certfile" || argument == "trustedcert")
if (argument == "key" || argument == "cert" || argument == "trustedcert")
return GetBashCompletionSuggestions("file", word);
else if (argument == "host")
return GetBashCompletionSuggestions("hostname", word);
@ -133,11 +133,11 @@ int AgentSetupCommand::SetupMaster(const boost::program_options::variables_map&
if (vm.count("cn"))
cn = vm["cn"].as<std::string>();
String keyfile = local_pki_path + "/" + cn + ".key";
String certfile = local_pki_path + "/" + cn + ".crt";
String cafile = PkiUtility::GetLocalCaPath() + "/ca.crt";
String key = local_pki_path + "/" + cn + ".key";
String cert = local_pki_path + "/" + cn + ".crt";
String ca = PkiUtility::GetLocalCaPath() + "/ca.crt";
if (PkiUtility::NewCert(cn, keyfile, Empty, certfile) > 0) {
if (PkiUtility::NewCert(cn, key, Empty, cert) > 0) {
Log(LogCritical, "cli", "Failed to create self-signed certificate");
}
@ -150,14 +150,14 @@ int AgentSetupCommand::SetupMaster(const boost::program_options::variables_map&
Log(LogInformation, "cli")
<< "Moving certificates to " << pki_path << ".";
String target_keyfile = pki_path + "/" + cn + ".key";
String target_certfile = pki_path + "/" + cn + ".crt";
String target_cafile = pki_path + "/ca.crt";
String target_key = pki_path + "/" + cn + ".key";
String target_cert = pki_path + "/" + cn + ".crt";
String target_ca = pki_path + "/ca.crt";
//TODO
PkiUtility::CopyCertFile(keyfile, target_keyfile);
PkiUtility::CopyCertFile(certfile, target_certfile);
PkiUtility::CopyCertFile(cafile, target_cafile);
PkiUtility::CopyCertFile(key, target_key);
PkiUtility::CopyCertFile(cert, target_cert);
PkiUtility::CopyCertFile(ca, target_ca);
std::cout << ConsoleColorTag(Console_ForegroundRed | Console_Bold) << "PLACEHOLDER" << ConsoleColorTag(Console_Normal) << std::endl;
@ -248,7 +248,7 @@ int AgentSetupCommand::SetupAgent(const boost::program_options::variables_map& v
if (!vm.count("trustedcert")) {
Log(LogCritical, "cli")
<< "Please pass the trusted cert retrieved from the master\n"
<< "(Hint: 'icinga2 pki save-cert --host <masterhost> --port <5665> --keyfile local.key --certfile local.crt --trustedfile master.crt').";
<< "(Hint: 'icinga2 pki save-cert --host <masterhost> --port <5665> --key local.key --cert local.crt --trustedcert master.crt').";
return 1;
}
@ -276,28 +276,28 @@ int AgentSetupCommand::SetupAgent(const boost::program_options::variables_map& v
String local_pki_path = PkiUtility::GetLocalPkiPath();
String keyfile = local_pki_path + "/" + cn + ".key";
String certfile = local_pki_path + "/" + cn + ".crt";
String cafile = PkiUtility::GetLocalCaPath() + "/ca.crt";
String key = local_pki_path + "/" + cn + ".key";
String cert = local_pki_path + "/" + cn + ".crt";
String ca = PkiUtility::GetLocalCaPath() + "/ca.crt";
//TODO: local CA or any other one?
if (!Utility::PathExists(cafile)) {
if (!Utility::PathExists(ca)) {
Log(LogCritical, "cli")
<< "CA file '" << cafile << "' does not exist. Please generate a new CA first.\n"
<< "CA file '" << ca << "' does not exist. Please generate a new CA first.\n"
<< "Hist: 'icinga2 pki new-ca'";
return 1;
}
if (!Utility::PathExists(keyfile)) {
if (!Utility::PathExists(key)) {
Log(LogCritical, "cli")
<< "Private key file '" << keyfile << "' does not exist. Please generate a new certificate first.\n"
<< "Private key file '" << key << "' does not exist. Please generate a new certificate first.\n"
<< "Hist: 'icinga2 pki new-cert'";
return 1;
}
if (!Utility::PathExists(certfile)) {
if (!Utility::PathExists(cert)) {
Log(LogCritical, "cli")
<< "Cert file '" << certfile << "' does not exist. Please generate a new certificate first.\n"
<< "Cert file '" << cert << "' does not exist. Please generate a new certificate first.\n"
<< "Hist: 'icinga2 pki new-cert'";
return 1;
}
@ -308,7 +308,7 @@ int AgentSetupCommand::SetupAgent(const boost::program_options::variables_map& v
String port = "5665";
PkiUtility::RequestCertificate(master_host, master_port, keyfile, certfile, cafile, trustedcert, ticket);
PkiUtility::RequestCertificate(master_host, master_port, key, cert, ca, trustedcert, ticket);
/*
* 5. get public key signed by the master, private key and ca.crt and copy it to /etc/icinga2/pki

24
lib/cli/pkinewcertcommand.cpp
View File

@ -41,14 +41,14 @@ void PKINewCertCommand::InitParameters(boost::program_options::options_descripti
{
visibleDesc.add_options()
("cn", po::value<std::string>(), "Common Name")
("keyfile", po::value<std::string>(), "Key file path (output")
("csrfile", po::value<std::string>(), "CSR file path (optional, output)")
("certfile", po::value<std::string>(), "Certificate file path (optional, output)");
("key", po::value<std::string>(), "Key file path (output")
("csr", po::value<std::string>(), "CSR file path (optional, output)")
("cert", po::value<std::string>(), "Certificate file path (optional, output)");
}
std::vector<String> PKINewCertCommand::GetArgumentSuggestions(const String& argument, const String& word) const
{
if (argument == "keyfile" || argument == "csrfile" || argument == "certfile")
if (argument == "key" || argument == "csr" || argument == "cert")
return GetBashCompletionSuggestions("file", word);
else
return CLICommand::GetArgumentSuggestions(argument, word);
@ -66,18 +66,18 @@ int PKINewCertCommand::Run(const boost::program_options::variables_map& vm, cons
return 1;
}
if (!vm.count("keyfile")) {
Log(LogCritical, "cli", "Key file path (--keyfile) must be specified.");
if (!vm.count("key")) {
Log(LogCritical, "cli", "Key file path (--key) must be specified.");
return 1;
}
String csrfile, certfile;
String csr, cert;
if (vm.count("csrfile"))
csrfile = vm["csrfile"].as<std::string>();
if (vm.count("csr"))
csr = vm["csr"].as<std::string>();
if (vm.count("certfile"))
certfile = vm["certfile"].as<std::string>();
if (vm.count("cert"))
cert = vm["cert"].as<std::string>();
return PkiUtility::NewCert(vm["cn"].as<std::string>(), vm["keyfile"].as<std::string>(), csrfile, certfile);
return PkiUtility::NewCert(vm["cn"].as<std::string>(), vm["key"].as<std::string>(), csr, cert);
}

30
lib/cli/pkirequestcommand.cpp
View File

@ -41,10 +41,10 @@ void PKIRequestCommand::InitParameters(boost::program_options::options_descripti
boost::program_options::options_description& hiddenDesc) const
{
visibleDesc.add_options()
("keyfile", po::value<std::string>(), "Key file path (input)")
("certfile", po::value<std::string>(), "Certificate file path (input + output)")
("cafile", po::value<std::string>(), "CA file path (output)")
("trustedfile", po::value<std::string>(), "Trusted certificate file path (input)")
("key", po::value<std::string>(), "Key file path (input)")
("cert", po::value<std::string>(), "Certificate file path (input + output)")
("ca", po::value<std::string>(), "CA file path (output)")
("trustedcert", po::value<std::string>(), "Trusted certificate file path (input)")
("host", po::value<std::string>(), "Icinga 2 host")
("port", po::value<std::string>(), "Icinga 2 port")
("ticket", po::value<std::string>(), "Icinga 2 PKI ticket");
@ -52,7 +52,7 @@ void PKIRequestCommand::InitParameters(boost::program_options::options_descripti
std::vector<String> PKIRequestCommand::GetArgumentSuggestions(const String& argument, const String& word) const
{
if (argument == "keyfile" || argument == "certfile" || argument == "cafile" || argument == "trustedfile")
if (argument == "key" || argument == "cert" || argument == "ca" || argument == "trustedcert")
return GetBashCompletionSuggestions("file", word);
else if (argument == "host")
return GetBashCompletionSuggestions("hostname", word);
@ -74,23 +74,23 @@ int PKIRequestCommand::Run(const boost::program_options::variables_map& vm, cons
return 1;
}
if (!vm.count("keyfile")) {
Log(LogCritical, "cli", "Key input file path (--keyfile) must be specified.");
if (!vm.count("key")) {
Log(LogCritical, "cli", "Key input file path (--key) must be specified.");
return 1;
}
if (!vm.count("certfile")) {
Log(LogCritical, "cli", "Certificate output file path (--certfile) must be specified.");
if (!vm.count("cert")) {
Log(LogCritical, "cli", "Certificate output file path (--cert) must be specified.");
return 1;
}
if (!vm.count("cafile")) {
Log(LogCritical, "cli", "CA certificate output file path (--cafile) must be specified.");
if (!vm.count("ca")) {
Log(LogCritical, "cli", "CA certificate output file path (--ca) must be specified.");
return 1;
}
if (!vm.count("trustedfile")) {
Log(LogCritical, "cli", "Trusted certificate input file path (--trustedfile) must be specified.");
if (!vm.count("trustedcert")) {
Log(LogCritical, "cli", "Trusted certificate input file path (--trustedcert) must be specified.");
return 1;
}
@ -104,7 +104,7 @@ int PKIRequestCommand::Run(const boost::program_options::variables_map& vm, cons
if (vm.count("port"))
port = vm["port"].as<std::string>();
return PkiUtility::RequestCertificate(vm["host"].as<std::string>(), port, vm["keyfile"].as<std::string>(),
vm["certfile"].as<std::string>(), vm["cafile"].as<std::string>(), vm["trustedfile"].as<std::string>(),
return PkiUtility::RequestCertificate(vm["host"].as<std::string>(), port, vm["key"].as<std::string>(),
vm["cert"].as<std::string>(), vm["ca"].as<std::string>(), vm["trustedcert"].as<std::string>(),
vm["ticket"].as<std::string>());
}

22
lib/cli/pkisavecertcommand.cpp
View File

@ -40,16 +40,16 @@ void PKISaveCertCommand::InitParameters(boost::program_options::options_descript
boost::program_options::options_description& hiddenDesc) const
{
visibleDesc.add_options()
("keyfile", po::value<std::string>(), "Key file path (input)")
("certfile", po::value<std::string>(), "Certificate file path (input)")
("trustedfile", po::value<std::string>(), "Trusted certificate file path (output)")
("key", po::value<std::string>(), "Key file path (input)")
("cert", po::value<std::string>(), "Certificate file path (input)")
("trustedcert", po::value<std::string>(), "Trusted certificate file path (output)")
("host", po::value<std::string>(), "Icinga 2 host")
("port", po::value<std::string>(), "Icinga 2 port");
}
std::vector<String> PKISaveCertCommand::GetArgumentSuggestions(const String& argument, const String& word) const
{
if (argument == "keyfile" || argument == "certfile" || argument == "trustedfile")
if (argument == "key" || argument == "cert" || argument == "trustedcert")
return GetBashCompletionSuggestions("file", word);
else if (argument == "host")
return GetBashCompletionSuggestions("hostname", word);
@ -71,18 +71,18 @@ int PKISaveCertCommand::Run(const boost::program_options::variables_map& vm, con
return 1;
}
if (!vm.count("keyfile")) {
Log(LogCritical, "cli", "Key input file path (--keyfile) must be specified.");
if (!vm.count("key")) {
Log(LogCritical, "cli", "Key input file path (--key) must be specified.");
return 1;
}
if (!vm.count("certfile")) {
Log(LogCritical, "cli", "Certificate input file path (--certfile) must be specified.");
if (!vm.count("cert")) {
Log(LogCritical, "cli", "Certificate input file path (--cert) must be specified.");
return 1;
}
if (!vm.count("trustedfile")) {
Log(LogCritical, "cli", "Trusted certificate output file path (--trustedfile) must be specified.");
if (!vm.count("trustedcert")) {
Log(LogCritical, "cli", "Trusted certificate output file path (--trustedcert) must be specified.");
return 1;
}
@ -91,5 +91,5 @@ int PKISaveCertCommand::Run(const boost::program_options::variables_map& vm, con
if (vm.count("port"))
port = vm["port"].as<std::string>();
return PkiUtility::SaveCert(vm["host"].as<std::string>(), port, vm["keyfile"].as<std::string>(), vm["certfile"].as<std::string>(), vm["trustedfile"].as<std::string>());
return PkiUtility::SaveCert(vm["host"].as<std::string>(), port, vm["key"].as<std::string>(), vm["cert"].as<std::string>(), vm["trustedcert"].as<std::string>());
}

16
lib/cli/pkisigncsrcommand.cpp
View File

@ -40,13 +40,13 @@ void PKISignCSRCommand::InitParameters(boost::program_options::options_descripti
boost::program_options::options_description& hiddenDesc) const
{
visibleDesc.add_options()
("csrfile", po::value<std::string>(), "CSR file path (input)")
("certfile", po::value<std::string>(), "Certificate file path (output)");
("csr", po::value<std::string>(), "CSR file path (input)")
("cert", po::value<std::string>(), "Certificate file path (output)");
}
std::vector<String> PKISignCSRCommand::GetArgumentSuggestions(const String& argument, const String& word) const
{
if (argument == "csrfile" || argument == "certfile")
if (argument == "csr" || argument == "cert")
return GetBashCompletionSuggestions("file", word);
else
return CLICommand::GetArgumentSuggestions(argument, word);
@ -59,15 +59,15 @@ std::vector<String> PKISignCSRCommand::GetArgumentSuggestions(const String& argu
*/
int PKISignCSRCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
{
if (!vm.count("csrfile")) {
Log(LogCritical, "cli", "Certificate signing request file path (--csrfile) must be specified.");
if (!vm.count("csr")) {
Log(LogCritical, "cli", "Certificate signing request file path (--csr) must be specified.");
return 1;
}
if (!vm.count("certfile")) {
Log(LogCritical, "cli", "Certificate file path (--certfile) must be specified.");
if (!vm.count("cert")) {
Log(LogCritical, "cli", "Certificate file path (--cert) must be specified.");
return 1;
}
return PkiUtility::SignCsr(vm["csrfile"].as<std::string>(), vm["certfile"].as<std::string>());
return PkiUtility::SignCsr(vm["csr"].as<std::string>(), vm["cert"].as<std::string>());
}