mirror of https://github.com/Icinga/icinga2.git
parent
1d4065ba94
commit
d67679c0ec
|
@ -242,6 +242,11 @@ wizard_master_host:
|
||||||
<< "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << pki_path << "'. Verify it yourself!";
|
<< "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << pki_path << "'. Verify it yourself!";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (Utility::PathExists(node_key))
|
||||||
|
NodeUtility::CreateBackupFile(node_key, 0600);
|
||||||
|
if (Utility::PathExists(node_cert))
|
||||||
|
NodeUtility::CreateBackupFile(node_cert, 0640);
|
||||||
|
|
||||||
if (PkiUtility::NewCert(cn, node_key, Empty, node_cert) > 0) {
|
if (PkiUtility::NewCert(cn, node_key, Empty, node_cert) > 0) {
|
||||||
Log(LogCritical, "cli")
|
Log(LogCritical, "cli")
|
||||||
<< "Failed to create new self-signed certificate for CN '" << cn << "'. Please try again.";
|
<< "Failed to create new self-signed certificate for CN '" << cn << "'. Please try again.";
|
||||||
|
@ -264,6 +269,9 @@ wizard_master_host:
|
||||||
|
|
||||||
String trusted_cert = PkiUtility::GetPkiPath() + "/trusted-master.crt";
|
String trusted_cert = PkiUtility::GetPkiPath() + "/trusted-master.crt";
|
||||||
|
|
||||||
|
if (Utility::PathExists(trusted_cert))
|
||||||
|
NodeUtility::CreateBackupFile(trusted_cert, 0640);
|
||||||
|
|
||||||
if (PkiUtility::SaveCert(master_host, master_port, node_key, node_cert, trusted_cert) > 0) {
|
if (PkiUtility::SaveCert(master_host, master_port, node_key, node_cert, trusted_cert) > 0) {
|
||||||
Log(LogCritical, "cli")
|
Log(LogCritical, "cli")
|
||||||
<< "Failed to fetch trusted master certificate. Please try again.";
|
<< "Failed to fetch trusted master certificate. Please try again.";
|
||||||
|
@ -291,6 +299,11 @@ wizard_ticket:
|
||||||
|
|
||||||
String target_ca = pki_path + "/ca.crt";
|
String target_ca = pki_path + "/ca.crt";
|
||||||
|
|
||||||
|
if (Utility::PathExists(target_ca))
|
||||||
|
NodeUtility::CreateBackupFile(target_ca, 0640);
|
||||||
|
if (Utility::PathExists(node_cert))
|
||||||
|
NodeUtility::CreateBackupFile(node_cert, 0640);
|
||||||
|
|
||||||
if (PkiUtility::RequestCertificate(master_host, master_port, node_key, node_cert, target_ca, trusted_cert, ticket) > 0) {
|
if (PkiUtility::RequestCertificate(master_host, master_port, node_key, node_cert, target_ca, trusted_cert, ticket) > 0) {
|
||||||
Log(LogCritical, "cli")
|
Log(LogCritical, "cli")
|
||||||
<< "Failed to fetch signed certificate from master '" << master_host << ", "
|
<< "Failed to fetch signed certificate from master '" << master_host << ", "
|
||||||
|
@ -433,6 +446,11 @@ wizard_ticket:
|
||||||
Log(LogInformation, "cli")
|
Log(LogInformation, "cli")
|
||||||
<< "Generating new CSR in '" << csr << "'.";
|
<< "Generating new CSR in '" << csr << "'.";
|
||||||
|
|
||||||
|
if (Utility::PathExists(key))
|
||||||
|
NodeUtility::CreateBackupFile(key, 0600);
|
||||||
|
if (Utility::PathExists(csr))
|
||||||
|
NodeUtility::CreateBackupFile(csr, 0640);
|
||||||
|
|
||||||
if (PkiUtility::NewCert(cn, key, csr, "") > 0) {
|
if (PkiUtility::NewCert(cn, key, csr, "") > 0) {
|
||||||
Log(LogCritical, "cli", "Failed to create certificate signing request.");
|
Log(LogCritical, "cli", "Failed to create certificate signing request.");
|
||||||
return 1;
|
return 1;
|
||||||
|
@ -444,6 +462,9 @@ wizard_ticket:
|
||||||
Log(LogInformation, "cli")
|
Log(LogInformation, "cli")
|
||||||
<< "Signing CSR with CA and writing certificate to '" << cert << "'.";
|
<< "Signing CSR with CA and writing certificate to '" << cert << "'.";
|
||||||
|
|
||||||
|
if (Utility::PathExists(cert))
|
||||||
|
NodeUtility::CreateBackupFile(cert, 0640);
|
||||||
|
|
||||||
if (PkiUtility::SignCsr(csr, cert) != 0) {
|
if (PkiUtility::SignCsr(csr, cert) != 0) {
|
||||||
Log(LogCritical, "cli", "Could not sign CSR.");
|
Log(LogCritical, "cli", "Could not sign CSR.");
|
||||||
return 1;
|
return 1;
|
||||||
|
@ -460,37 +481,28 @@ wizard_ticket:
|
||||||
Log(LogInformation, "cli")
|
Log(LogInformation, "cli")
|
||||||
<< "Copying CA certificate to '" << target_ca << "'.";
|
<< "Copying CA certificate to '" << target_ca << "'.";
|
||||||
|
|
||||||
|
if (Utility::PathExists(target_ca))
|
||||||
|
NodeUtility::CreateBackupFile(target_ca);
|
||||||
|
|
||||||
/* does not overwrite existing files! */
|
/* does not overwrite existing files! */
|
||||||
Utility::CopyFile(ca, target_ca);
|
Utility::CopyFile(ca, target_ca);
|
||||||
|
|
||||||
/* fix permissions: root -> icinga daemon user */
|
/* fix permissions: root -> icinga daemon user */
|
||||||
if (!Utility::SetFileOwnership(ca_path, user, group)) {
|
std::vector<String> files;
|
||||||
Log(LogWarning, "cli")
|
files.push_back(ca_path);
|
||||||
<< "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << ca_path << "'. Verify it yourself!";
|
files.push_back(ca);
|
||||||
}
|
files.push_back(ca_key);
|
||||||
if (!Utility::SetFileOwnership(ca, user, group)) {
|
files.push_back(serial);
|
||||||
Log(LogWarning, "cli")
|
files.push_back(target_ca);
|
||||||
<< "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << ca << "'. Verify it yourself!";
|
files.push_back(key);
|
||||||
}
|
files.push_back(csr);
|
||||||
if (!Utility::SetFileOwnership(ca_key, user, group)) {
|
files.push_back(cert);
|
||||||
Log(LogWarning, "cli")
|
|
||||||
<< "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << ca_key << "'. Verify it yourself!";
|
BOOST_FOREACH(const String& file, files) {
|
||||||
}
|
if (!Utility::SetFileOwnership(file, user, group)) {
|
||||||
if (!Utility::SetFileOwnership(serial, user, group)) {
|
Log(LogWarning, "cli")
|
||||||
Log(LogWarning, "cli")
|
<< "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << file << "'. Verify it yourself!";
|
||||||
<< "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << serial << "'. Verify it yourself!";
|
}
|
||||||
}
|
|
||||||
if (!Utility::SetFileOwnership(target_ca, user, group)) {
|
|
||||||
Log(LogWarning, "cli")
|
|
||||||
<< "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << target_ca << "'. Verify it yourself!";
|
|
||||||
}
|
|
||||||
if (!Utility::SetFileOwnership(key, user, group)) {
|
|
||||||
Log(LogWarning, "cli")
|
|
||||||
<< "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << key << "'. Verify it yourself!";
|
|
||||||
}
|
|
||||||
if (!Utility::SetFileOwnership(csr, user, group)) {
|
|
||||||
Log(LogWarning, "cli")
|
|
||||||
<< "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << csr << "'. Verify it yourself!";
|
|
||||||
}
|
}
|
||||||
|
|
||||||
NodeUtility::GenerateNodeMasterIcingaConfig(cn);
|
NodeUtility::GenerateNodeMasterIcingaConfig(cn);
|
||||||
|
|
Loading…
Reference in New Issue