mirror of https://github.com/Icinga/icinga2.git
Gunnar Beutner
parent
8d05fc99c9
commit
cdff792c11
|
|
@ -216,35 +216,17 @@ wizard_endpoint_loop_start:
|
||||||
if (choice.Contains("y"))
|
if (choice.Contains("y"))
|
||||||
goto wizard_endpoint_loop_start;
|
goto wizard_endpoint_loop_start;
|
||||||
|
|
||||||
std::cout << ConsoleColorTag(Console_Bold)
|
String master_host, master_port;
|
||||||
<< "Please specify the master connection for CSR auto-signing"
|
|
||||||
<< ConsoleColorTag(Console_Normal) << " (defaults to master endpoint host):\n";
|
|
||||||
|
|
||||||
wizard_master_host:
|
for (const String& endpoint : endpoints) {
|
||||||
std::cout << ConsoleColorTag(Console_Bold) << "Host"
|
std::vector<String> tokens = endpoint.Split(",");
|
||||||
<< ConsoleColorTag(Console_Normal) << " [" << master_endpoint_name << "]: ";
|
|
||||||
|
|
||||||
std::getline(std::cin, answer);
|
if (tokens.size() > 1)
|
||||||
|
master_host = tokens[1];
|
||||||
|
|
||||||
if (answer.empty() && !master_endpoint_name.IsEmpty())
|
if (tokens.size() > 2)
|
||||||
answer = master_endpoint_name;
|
master_port = tokens[2];
|
||||||
|
}
|
||||||
if (answer.empty() && master_endpoint_name.IsEmpty())
|
|
||||||
goto wizard_master_host;
|
|
||||||
|
|
||||||
String master_host = answer;
|
|
||||||
master_host = master_host.Trim();
|
|
||||||
|
|
||||||
std::cout << ConsoleColorTag(Console_Bold) << "Port"
|
|
||||||
<< ConsoleColorTag(Console_Normal) << " [" << tmpPort << "]: ";
|
|
||||||
|
|
||||||
std::getline(std::cin, answer);
|
|
||||||
|
|
||||||
if (!answer.empty())
|
|
||||||
tmpPort = answer;
|
|
||||||
|
|
||||||
String master_port = tmpPort;
|
|
||||||
master_port = master_port.Trim();
|
|
||||||
|
|
||||||
/* workaround for fetching the master cert */
|
/* workaround for fetching the master cert */
|
||||||
String pki_path = PkiUtility::GetPkiPath();
|
String pki_path = PkiUtility::GetPkiPath();
|
||||||
|
|
@ -283,70 +265,85 @@ wizard_master_host:
|
||||||
<< "' on file '" << node_key << "'. Verify it yourself!";
|
<< "' on file '" << node_key << "'. Verify it yourself!";
|
||||||
}
|
}
|
||||||
|
|
||||||
//save-cert and store the master certificate somewhere
|
boost::shared_ptr<X509> trustedcert;
|
||||||
Log(LogInformation, "cli")
|
|
||||||
<< "Fetching public certificate from master ("
|
|
||||||
<< master_host << ", " << master_port << "):\n";
|
|
||||||
|
|
||||||
boost::shared_ptr<X509> trustedcert = PkiUtility::FetchCert(master_host, master_port);
|
if (!master_host.IsEmpty()) {
|
||||||
if (!trustedcert) {
|
//save-cert and store the master certificate somewhere
|
||||||
Log(LogCritical, "cli", "Peer did not present a valid certificate.");
|
Log(LogInformation, "cli")
|
||||||
return 1;
|
<< "Fetching public certificate from master ("
|
||||||
|
<< master_host << ", " << master_port << "):\n";
|
||||||
|
|
||||||
|
trustedcert = PkiUtility::FetchCert(master_host, master_port);
|
||||||
|
if (!trustedcert) {
|
||||||
|
Log(LogCritical, "cli", "Peer did not present a valid certificate.");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
std::cout << ConsoleColorTag(Console_Bold) << "Certificate information:\n"
|
||||||
|
<< ConsoleColorTag(Console_Normal) << PkiUtility::GetCertificateInformation(trustedcert)
|
||||||
|
<< ConsoleColorTag(Console_Bold) << "\nIs this information correct?"
|
||||||
|
<< ConsoleColorTag(Console_Normal) << " [y/N]: ";
|
||||||
|
|
||||||
|
std::getline (std::cin, answer);
|
||||||
|
boost::algorithm::to_lower(answer);
|
||||||
|
if (answer != "y") {
|
||||||
|
Log(LogWarning, "cli", "Process aborted.");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
Log(LogInformation, "cli", "Received trusted master certificate.\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
std::cout << ConsoleColorTag(Console_Bold) << "Certificate information:\n"
|
|
||||||
<< ConsoleColorTag(Console_Normal) << PkiUtility::GetCertificateInformation(trustedcert)
|
|
||||||
<< ConsoleColorTag(Console_Bold) << "\nIs this information correct?"
|
|
||||||
<< ConsoleColorTag(Console_Normal) << " [y/N]: ";
|
|
||||||
|
|
||||||
std::getline (std::cin, answer);
|
|
||||||
boost::algorithm::to_lower(answer);
|
|
||||||
if (answer != "y") {
|
|
||||||
Log(LogWarning, "cli", "Process aborted.");
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
Log(LogInformation, "cli", "Received trusted master certificate.\n");
|
|
||||||
|
|
||||||
wizard_ticket:
|
wizard_ticket:
|
||||||
std::cout << ConsoleColorTag(Console_Bold)
|
std::cout << ConsoleColorTag(Console_Bold)
|
||||||
<< "Please specify the request ticket generated on your Icinga 2 master."
|
<< "Please specify the request ticket generated on your Icinga 2 master (optional)."
|
||||||
<< ConsoleColorTag(Console_Normal) << "\n"
|
<< ConsoleColorTag(Console_Normal) << "\n"
|
||||||
<< " (Hint: # icinga2 pki ticket --cn '" << cn << "'): ";
|
<< " (Hint: # icinga2 pki ticket --cn '" << cn << "'): ";
|
||||||
|
|
||||||
std::getline(std::cin, answer);
|
std::getline(std::cin, answer);
|
||||||
|
|
||||||
if (answer.empty())
|
if (answer.empty()) {
|
||||||
goto wizard_ticket;
|
std::cout << ConsoleColorTag(Console_Bold) << "\n"
|
||||||
|
<< "No ticket was specified. Please approve the certificate signing request manually\n"
|
||||||
|
<< "on the master (see 'icinga2 ca list' and 'icinga2 ca sign --help' for details)."
|
||||||
|
<< ConsoleColorTag(Console_Normal) << "\n\n";
|
||||||
|
}
|
||||||
|
|
||||||
String ticket = answer;
|
String ticket = answer;
|
||||||
ticket = ticket.Trim();
|
ticket = ticket.Trim();
|
||||||
|
|
||||||
Log(LogInformation, "cli")
|
if (!master_host.IsEmpty()) {
|
||||||
<< "Requesting certificate with ticket '" << ticket << "'.\n";
|
if (ticket.IsEmpty()) {
|
||||||
|
Log(LogInformation, "cli")
|
||||||
|
<< "Requesting certificate without a ticket.";
|
||||||
|
} else {
|
||||||
|
Log(LogInformation, "cli")
|
||||||
|
<< "Requesting certificate with ticket '" << ticket << "'.";
|
||||||
|
}
|
||||||
|
|
||||||
String target_ca = pki_path + "/ca.crt";
|
String target_ca = pki_path + "/ca.crt";
|
||||||
|
|
||||||
if (Utility::PathExists(target_ca))
|
if (Utility::PathExists(target_ca))
|
||||||
NodeUtility::CreateBackupFile(target_ca);
|
NodeUtility::CreateBackupFile(target_ca);
|
||||||
if (Utility::PathExists(node_cert))
|
if (Utility::PathExists(node_cert))
|
||||||
NodeUtility::CreateBackupFile(node_cert);
|
NodeUtility::CreateBackupFile(node_cert);
|
||||||
|
|
||||||
if (PkiUtility::RequestCertificate(master_host, master_port, node_key,
|
if (PkiUtility::RequestCertificate(master_host, master_port, node_key,
|
||||||
node_cert, target_ca, trustedcert, ticket) > 0) {
|
node_cert, target_ca, trustedcert, ticket) > 0) {
|
||||||
Log(LogCritical, "cli")
|
Log(LogCritical, "cli")
|
||||||
<< "Failed to fetch signed certificate from master '"
|
<< "Failed to fetch signed certificate from master '"
|
||||||
<< master_host << ", "
|
<< master_host << ", "
|
||||||
<< master_port <<"'. Please try again.";
|
<< master_port <<"'. Please try again.";
|
||||||
goto wizard_ticket;
|
goto wizard_ticket;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* fix permissions (again) when updating the signed certificate */
|
/* fix permissions (again) when updating the signed certificate */
|
||||||
if (!Utility::SetFileOwnership(node_cert, user, group)) {
|
if (!Utility::SetFileOwnership(node_cert, user, group)) {
|
||||||
Log(LogWarning, "cli")
|
Log(LogWarning, "cli")
|
||||||
<< "Cannot set ownership for user '" << user
|
<< "Cannot set ownership for user '" << user
|
||||||
<< "' group '" << group << "' on file '"
|
<< "' group '" << group << "' on file '"
|
||||||
<< node_cert << "'. Verify it yourself!";
|
<< node_cert << "'. Verify it yourself!";
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* apilistener config */
|
/* apilistener config */
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue