'node wizard/setup' should always generate new certificates

Unless an existing certificate is found. The configuration (api feature, user) is always generated including a backup. fixes #9590
2015-07-08 15:32:47 +02:00 · 2015-07-08 15:32:47 +02:00 · 84d83a4453
parent f123c8218d
commit 84d83a4453
2 changed files with 44 additions and 9 deletions
--- a/lib/cli/nodesetupcommand.cpp
+++ b/lib/cli/nodesetupcommand.cpp
@ -128,11 +128,33 @@ int NodeSetupCommand::SetupMaster(const boost::program_options::variables_map& v
        if (vm.count("cn"))
                cn = vm["cn"].as<std::string>();

-	if (FeatureUtility::CheckFeatureDisabled("api")) {
-		Log(LogInformation, "cli", "'api' feature not enabled, running 'api setup' now.\n");
-		ApiSetupUtility::SetupMaster(cn);
-	} else
-		Log(LogInformation, "cli", "'api' feature already enabled.\n");
+	/* check whether the user wants to generate a new certificate or not */
+	String existing_path = PkiUtility::GetPkiPath() + "/" + cn + ".crt";
+
+	Log(LogInformation, "cli")
+	    << "Checking for existing certificates for common name '" << cn << "'...";
+
+	if (Utility::PathExists(existing_path)) {
+		Log(LogWarning, "cli")
+		    << "Certificate '" << existing_path << "' for CN '" << cn << "' already existing. Skipping certificate generation.";
+	} else {
+		Log(LogInformation, "cli")
+		    << "Certificates not yet generated. Running 'api setup' now.";
+
+		ApiSetupUtility::SetupMasterCertificates(cn);
+	}
+
+	Log(LogInformation, "cli", "Generating master configuration for Icinga 2.");
+	ApiSetupUtility::SetupMasterApiUser(cn);
+
+	if (!FeatureUtility::CheckFeatureEnabled("api")) {
+		ApiSetupUtility::SetupMasterEnableApi(cn);
+	} else {
+		Log(LogInformation, "cli")
+		    << "'api' feature already enabled.\n";
+	}
+
+	NodeUtility::GenerateNodeMasterIcingaConfig(cn);

 	/* read zones.conf and update with zone + endpoint information */

--- a/lib/cli/nodewizardcommand.cpp
+++ b/lib/cli/nodewizardcommand.cpp
@ -455,13 +455,26 @@ wizard_ticket:
 		String cn = answer;
 		cn.Trim();

-		std::cout << ConsoleColorTag(Console_Normal) << "Checking the 'api' feature...\n";
+		/* check whether the user wants to generate a new certificate or not */
+		String existing_path = PkiUtility::GetPkiPath() + "/" + cn + ".crt";

-		if (FeatureUtility::CheckFeatureDisabled("api")) {
-			std::cout << ConsoleColorTag(Console_Bold) << "'api' feature not enabled, running 'api setup' now.\n";
-			ApiSetupUtility::SetupMaster(cn);
+		std::cout << ConsoleColorTag(Console_Normal) << "Checking for existing certificates for common name '" << cn << "'...\n";
+
+		if (Utility::PathExists(existing_path)) {
+			std::cout << "Certificate '" << existing_path << "' for CN '" << cn << "' already existing. Skipping certificate generation.\n";
+		} else {
+			std::cout << "Certificates not yet generated. Running 'api setup' now.\n";
+			ApiSetupUtility::SetupMasterCertificates(cn);
 		}

+		std::cout << ConsoleColorTag(Console_Bold) << "Generating master configuration for Icinga 2.\n" << ConsoleColorTag(Console_Normal);
+		ApiSetupUtility::SetupMasterApiUser(cn);
+
+		if (!FeatureUtility::CheckFeatureEnabled("api"))
+			ApiSetupUtility::SetupMasterEnableApi(cn);
+		else
+			std::cout << "'api' feature already enabled.\n";
+
 		NodeUtility::GenerateNodeMasterIcingaConfig(cn);

 		/* apilistener config */