[icinga-checkins] icinga.org: icinga2/master: Fix handling of the CA certificate in " node wizard"

git at icinga.org git at icinga.org
Thu Nov 13 15:25:45 CET 2014


Module: icinga2
Branch: master
Commit: 37242ef609454349c46c58f17d44b9cee560aa3d
URL:    https://git.icinga.org/?p=icinga2.git;a=commit;h=37242ef609454349c46c58f17d44b9cee560aa3d

Author: Gunnar Beutner <gunnar.beutner at netways.de>
Date:   Thu Nov 13 15:25:15 2014 +0100

Fix handling of the CA certificate in "node wizard"

fixes #7656

---

 lib/cli/nodewizardcommand.cpp |   21 +++++----------------
 1 file changed, 5 insertions(+), 16 deletions(-)

diff --git a/lib/cli/nodewizardcommand.cpp b/lib/cli/nodewizardcommand.cpp
index ffc9b1c..ab75e5a 100644
--- a/lib/cli/nodewizardcommand.cpp
+++ b/lib/cli/nodewizardcommand.cpp
@@ -145,7 +145,7 @@ int NodeWizardCommand::Run(const boost::program_options::variables_map& vm, cons
 
 wizard_endpoint_loop_start:
 
-		std::cout << ConsoleColorTag(Console_Bold) << "Master Common Name" << ConsoleColorTag(Console_Normal) << " (CN from your master setup, defaults to FQDN): ";
+		std::cout << ConsoleColorTag(Console_Bold) << "Master Common Name" << ConsoleColorTag(Console_Normal) << " (CN from your master setup): ";
 
 		std::getline(std::cin, answer);
 		boost::algorithm::to_lower(answer);
@@ -159,7 +159,7 @@ wizard_endpoint_loop_start:
 		endpoint_buffer.Trim();
 
 		std::cout << ConsoleColorTag(Console_Bold) << "Please fill out the master connection information:" << ConsoleColorTag(Console_Normal) << "\n";
-		std::cout << ConsoleColorTag(Console_Bold) << "Master endpoint host" << ConsoleColorTag(Console_Normal) << " (required, your master's IP address or FQDN): ";
+		std::cout << ConsoleColorTag(Console_Bold) << "Master endpoint host" << ConsoleColorTag(Console_Normal) << " (optional, your master's IP address or FQDN): ";
 
 		std::getline(std::cin, answer);
 		boost::algorithm::to_lower(answer);
@@ -227,9 +227,6 @@ wizard_master_host:
 		String node_cert = pki_path + "/" + cn + ".crt";
 		String node_key = pki_path + "/" + cn + ".key";
 
-		//new-ca, new-cert
-		PkiUtility::NewCa();
-
 		if (!Utility::MkDirP(pki_path, 0700)) {
 			Log(LogCritical, "cli")
 			    << "Could not create local pki directory '" << pki_path << "'.";
@@ -282,16 +279,6 @@ wizard_master_host:
 			    << "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << node_key << "'. Verify it yourself!";
 		}
 
-		String target_ca = pki_path + "/ca.crt";
-
-		Utility::CopyFile(ca, target_ca);
-
-		/* fix permissions: root -> icinga daemon user */
-		if (!Utility::SetFileOwnership(target_ca, user, group)) {
-			Log(LogWarning, "cli")
-			    << "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << target_ca << "'. Verify it yourself!";
-		}
-
 		//save-cert and store the master certificate somewhere
 
 		Log(LogInformation, "cli", "Generating self-signed certifiate:");
@@ -327,7 +314,9 @@ wizard_ticket:
 		Log(LogInformation, "cli")
 		    << "Processing self-signed certificate request. Ticket '" << ticket << "'.\n";
 
-		if (PkiUtility::RequestCertificate(master_host, master_port, node_key, node_cert, ca, trusted_cert, ticket) > 0) {
+		String target_ca = pki_path + "/ca.crt";
+
+		if (PkiUtility::RequestCertificate(master_host, master_port, node_key, node_cert, target_ca, trusted_cert, ticket) > 0) {
 			Log(LogCritical, "cli")
 			    << "Failed to fetch signed certificate from master '" << master_host << ", "
 			    << master_port <<"'. Please try again.";



More information about the icinga-checkins mailing list