mirror of https://github.com/Icinga/icinga2.git
Michael Friedrich
parent
30718813c9
commit
f69527599f
|
|
@ -167,6 +167,7 @@ int NodeSetupCommand::SetupMaster(const boost::program_options::variables_map& v
|
|||
String ca_path = PkiUtility::GetLocalCaPath();
|
||||
String ca = ca_path + "/ca.crt";
|
||||
String ca_key = ca_path + "/ca.key";
|
||||
String serial = ca_path + "/serial.txt";
|
||||
String target_ca = pki_path + "/ca.crt";
|
||||
|
||||
Log(LogInformation, "cli")
|
||||
|
|
@ -188,6 +189,10 @@ int NodeSetupCommand::SetupMaster(const boost::program_options::variables_map& v
|
|||
Log(LogWarning, "cli")
|
||||
<< "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << ca_key << "'. Verify it yourself!";
|
||||
}
|
||||
if (!Utility::SetFileOwnership(serial, user, group)) {
|
||||
Log(LogWarning, "cli")
|
||||
<< "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << serial << "'. Verify it yourself!";
|
||||
}
|
||||
if (!Utility::SetFileOwnership(target_ca, user, group)) {
|
||||
Log(LogWarning, "cli")
|
||||
<< "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << target_ca << "'. Verify it yourself!";
|
||||
|
|
@ -363,7 +368,6 @@ int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm,
|
|||
String cert = pki_path + "/" + cn + ".crt";
|
||||
String ca = pki_path + "/ca.crt";
|
||||
|
||||
|
||||
if (!Utility::MkDirP(pki_path, 0700)) {
|
||||
Log(LogCritical, "cli")
|
||||
<< "Could not create local pki directory '" << pki_path << "'.";
|
||||
|
|
|
|||
|
|
@ -254,6 +254,7 @@ wizard_master_host:
|
|||
String ca_path = PkiUtility::GetLocalCaPath();
|
||||
String ca_key = ca_path + "/ca.key";
|
||||
String ca = ca_path + "/ca.crt";
|
||||
String serial = ca_path + "/serial.txt";
|
||||
|
||||
/* fix permissions: root -> icinga daemon user */
|
||||
if (!Utility::SetFileOwnership(ca_path, user, group)) {
|
||||
|
|
@ -268,6 +269,10 @@ wizard_master_host:
|
|||
Log(LogWarning, "cli")
|
||||
<< "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << ca_key << "'. Verify it yourself!";
|
||||
}
|
||||
if (!Utility::SetFileOwnership(serial, user, group)) {
|
||||
Log(LogWarning, "cli")
|
||||
<< "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << serial << "'. Verify it yourself!";
|
||||
}
|
||||
if (!Utility::SetFileOwnership(node_cert, user, group)) {
|
||||
Log(LogWarning, "cli")
|
||||
<< "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << node_cert << "'. Verify it yourself!";
|
||||
|
|
@ -351,7 +356,7 @@ wizard_ticket:
|
|||
String bind_port = answer;
|
||||
bind_port.Trim();
|
||||
|
||||
std::cout << "Enabling the APIlistener feature.\n";
|
||||
Log(LogInformation, "cli", "Enabling the Apilistener feature.");
|
||||
|
||||
std::vector<std::string> enable;
|
||||
enable.push_back("api");
|
||||
|
|
@ -396,7 +401,7 @@ wizard_ticket:
|
|||
}
|
||||
|
||||
/* apilistener config */
|
||||
std::cout << "Generating local zones.conf.\n";
|
||||
Log(LogInformation, "cli", "Generating local zones.conf.");
|
||||
|
||||
NodeUtility::GenerateNodeIcingaConfig(endpoints, cn, local_zone);
|
||||
|
||||
|
|
@ -405,12 +410,17 @@ wizard_ticket:
|
|||
<< "CN '" << cn << "' does not match the default FQDN '" << Utility::GetFQDN() << "'. Requires update for NodeName constant in constants.conf!";
|
||||
}
|
||||
|
||||
std::cout << "Updating constants.conf\n";
|
||||
Log(LogInformation, "cli", "Updating constants.conf.");
|
||||
|
||||
NodeUtility::CreateBackupFile(Application::GetSysconfDir() + "/icinga2/constants.conf");
|
||||
String constants_file = Application::GetSysconfDir() + "/icinga2/constants.conf";
|
||||
|
||||
NodeUtility::CreateBackupFile(constants_file);
|
||||
|
||||
NodeUtility::UpdateConstant("NodeName", cn);
|
||||
|
||||
Log(LogInformation, "cli")
|
||||
<< "Edit the constants.conf file '" << constants_file << "' and set a secure 'TicketSalt' constant.";
|
||||
|
||||
} else {
|
||||
/* master setup */
|
||||
std::cout << "Starting the Master setup routine...\n";
|
||||
|
|
@ -474,6 +484,7 @@ wizard_ticket:
|
|||
String ca_path = PkiUtility::GetLocalCaPath();
|
||||
String ca = ca_path + "/ca.crt";
|
||||
String ca_key = ca_path + "/ca.key";
|
||||
String serial = ca_path + "/serial.txt";
|
||||
String target_ca = pki_path + "/ca.crt";
|
||||
|
||||
Log(LogInformation, "cli")
|
||||
|
|
@ -495,6 +506,10 @@ wizard_ticket:
|
|||
Log(LogWarning, "cli")
|
||||
<< "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << ca_key << "'. Verify it yourself!";
|
||||
}
|
||||
if (!Utility::SetFileOwnership(serial, user, group)) {
|
||||
Log(LogWarning, "cli")
|
||||
<< "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << serial << "'. Verify it yourself!";
|
||||
}
|
||||
if (!Utility::SetFileOwnership(target_ca, user, group)) {
|
||||
Log(LogWarning, "cli")
|
||||
<< "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << target_ca << "'. Verify it yourself!";
|
||||
|
|
|
|||
|
|
@ -24,6 +24,7 @@
|
|||
#include "base/tlsutility.hpp"
|
||||
#include "base/tlsstream.hpp"
|
||||
#include "base/tcpsocket.hpp"
|
||||
#include "base/json.hpp"
|
||||
#include "base/utility.hpp"
|
||||
#include "remote/jsonrpc.hpp"
|
||||
#include <fstream>
|
||||
|
|
@ -239,14 +240,23 @@ int PkiUtility::RequestCertificate(const String& host, const String& port, const
|
|||
for (;;) {
|
||||
response = JsonRpc::ReadMessage(stream);
|
||||
|
||||
if (response->Get("id") != msgid)
|
||||
if (response && response->Contains("error")) {
|
||||
Log(LogCritical, "cli", "Could not fetch valid response. Please check the master log (notice or debug).");
|
||||
#ifdef _DEBUG
|
||||
/* we shouldn't expose master errors to the user in production environments */
|
||||
Log(LogCritical, "cli", response->Get("error"));
|
||||
#endif /* _DEBUG */
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (response && (response->Get("id") != msgid))
|
||||
continue;
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
if (!response->Contains("result")) {
|
||||
Log(LogCritical, "cli", "Request certificate did not return a valid result. Check the master log for details!");
|
||||
if (!response) {
|
||||
Log(LogCritical, "cli", "Could not fetch valid response. Please check the master log.");
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -184,7 +184,14 @@ bool ApiClient::ProcessMessage(void)
|
|||
|
||||
resultMessage->Set("result", afunc->Invoke(origin, message->Get("params")));
|
||||
} catch (const std::exception& ex) {
|
||||
//TODO: Add a user readable error message for the remote caller
|
||||
resultMessage->Set("error", DiagnosticInformation(ex));
|
||||
std::ostringstream info;
|
||||
info << "Error while processing message for identity '" << m_Identity << "'";
|
||||
Log(LogWarning, "ApiClient")
|
||||
<< info.str();
|
||||
Log(LogDebug, "ApiClient")
|
||||
<< info.str() << "\n" << DiagnosticInformation(ex);
|
||||
}
|
||||
|
||||
if (message->Contains("id")) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue