1 /******************************************************************************
3 * Copyright (C) 2012-2014 Icinga Development Team (http://www.icinga.org) *
5 * This program is free software; you can redistribute it and/or *
6 * modify it under the terms of the GNU General Public License *
7 * as published by the Free Software Foundation; either version 2 *
8 * of the License, or (at your option) any later version. *
10 * This program is distributed in the hope that it will be useful, *
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
13 * GNU General Public License for more details. *
15 * You should have received a copy of the GNU General Public License *
16 * along with this program; if not, write to the Free Software Foundation *
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. *
18 ******************************************************************************/
20 #include "cli/agentwizardcommand.hpp"
21 #include "cli/agentutility.hpp"
22 #include "cli/pkiutility.hpp"
23 #include "cli/featureutility.hpp"
24 #include "base/logger.hpp"
25 #include "base/console.hpp"
26 #include "base/application.hpp"
27 #include "base/tlsutility.hpp"
28 #include <boost/foreach.hpp>
29 #include <boost/algorithm/string/join.hpp>
30 #include <boost/algorithm/string/replace.hpp>
31 #include <boost/algorithm/string/case_conv.hpp>
37 using namespace icinga;
38 namespace po = boost::program_options;
40 REGISTER_CLICOMMAND("agent/wizard", AgentWizardCommand);
42 String AgentWizardCommand::GetDescription(void) const
44 return "Wizard for Icinga 2 agent setup.";
47 String AgentWizardCommand::GetShortDescription(void) const
49 return "wizard for agent setup";
53 * The entry point for the "agent wizard" CLI command.
55 * @returns An exit status.
57 int AgentWizardCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
60 * The wizard will get all information from the user,
61 * and then call all required functions.
64 std::cout << "Welcome to the Icinga 2 Setup Wizard!\n"
66 << "We'll guide you through all required configuration details.\n"
68 << "If you have questions, please consult the documentation at http://docs.icinga.org\n"
69 << "or join the community support channels at https://support.icinga.org\n"
72 //TODO: Add sort of bash completion to path input?
74 /* 0. master or agent setup?
76 * 2. Master information for autosigning
77 * 3. Trusted cert location
78 * 4. CN to use (defaults to FQDN)
80 * 6. New self signed certificate
81 * 7. Request signed certificate from master
82 * 8. copy key information to /etc/icinga2/pki
83 * 9. enable ApiListener feature
84 * 10. generate zones.conf with endpoints and zone objects
85 * 11. set NodeName = cn in constants.conf
86 * 12. reload icinga2, or tell the user to
90 bool is_agent_setup = true;
92 std::cout << "Please specify if this is an agent setup ('no' installs a master setup) [Y/n]: ";
93 std::getline (std::cin, answer);
95 boost::algorithm::to_lower(answer);
97 if (Utility::Match("^n*", answer))
98 is_agent_setup = false;
101 if (is_agent_setup) {
102 /* agent setup part */
103 std::cout << "Starting the Agent setup routine...\n";
106 std::cout << "Please specifiy the common name (CN) [" << Utility::GetFQDN() << "]: ";
108 std::getline(std::cin, answer);
109 boost::algorithm::to_lower(answer);
112 answer = Utility::GetFQDN();
117 //TODO: Ask for endpoint config instead, and use that for master_host/port
118 std::vector<std::string> endpoints;
120 String endpoint_buffer;
122 std::cout << "Please specify the master endpoint(s) this agent should connect to:\n";
123 String master_endpoint_name;
125 wizard_endpoint_loop_start:
127 std::cout << "Master CN: ";
129 std::getline(std::cin, answer);
130 boost::algorithm::to_lower(answer);
133 Log(LogWarning, "cli", "Master CN is required! Please retry.");
134 goto wizard_endpoint_loop_start;
137 endpoint_buffer = answer;
138 endpoint_buffer.Trim();
140 std::cout << "Master endpoint host: ";
142 std::getline(std::cin, answer);
143 boost::algorithm::to_lower(answer);
145 if (!answer.empty()) {
148 endpoint_buffer += "," + tmp;
149 master_endpoint_name = tmp; //store the endpoint name for later
152 std::cout << "Master endpoint port: ";
154 std::getline(std::cin, answer);
155 boost::algorithm::to_lower(answer);
157 if (!answer.empty()) {
160 endpoint_buffer += "," + answer;
164 endpoints.push_back(endpoint_buffer);
166 std::cout << "Add more master endpoints? [y/N]";
167 std::getline (std::cin, answer);
169 boost::algorithm::to_lower(answer);
171 if (Utility::Match("^y*", answer))
172 goto wizard_endpoint_loop_start;
175 std::cout << "Please specify the master connection for auto-signing:\n";
178 std::cout << "Host [" << master_endpoint_name << "]: ";
180 std::getline(std::cin, answer);
181 boost::algorithm::to_lower(answer);
183 if (answer.empty() && !master_endpoint_name.IsEmpty())
184 answer = master_endpoint_name;
186 if (answer.empty() && master_endpoint_name.IsEmpty())
187 goto wizard_master_host;
189 String master_host = answer;
192 std::cout << "Port [5665]: ";
194 std::getline(std::cin, answer);
195 boost::algorithm::to_lower(answer);
200 String master_port = answer;
203 /* workaround for fetching the master cert - TODO */
204 String agent_cert = PkiUtility::GetPkiPath() + "/" + cn + ".crt";
205 String agent_key = PkiUtility::GetPkiPath() + "/" + cn + ".key";
210 if (PkiUtility::NewCert(cn, agent_key, Empty, agent_cert) > 0) {
211 Log(LogCritical, "cli")
212 << "Failed to create new self-signed certificate for CN '" << cn << "'. Please try again.";
216 /* store ca in /etc/icinga2/pki */
218 String ca = PkiUtility::GetLocalCaPath() + "/ca.crt";
219 String pki_path = PkiUtility::GetPkiPath();
221 String target_ca = pki_path + "/ca.crt";
223 Utility::CopyFile(ca, target_ca);
225 //save-cert and store the master certificate somewhere
227 std::cout << "Generating self-signed certifiate:\n";
230 std::cout << "Fetching public certificate from master ("
231 << master_host << ", " << master_port << "):\n";
233 String trusted_cert = PkiUtility::GetPkiPath() + "/trusted-master.crt";
235 if (PkiUtility::SaveCert(master_host, master_port, agent_key, agent_cert, trusted_cert) > 0) {
236 Log(LogCritical, "cli")
237 << "Failed to fetch trusted master certificate. Please try again.";
241 std::cout << "Stored trusted master certificate in '" << trusted_cert << "'.\n";
244 std::cout << "Please specify the request ticket generated on your Icinga 2 master."
245 << " (Hint: '# icinga2 pki ticket --cn " << cn << "'):\n";
247 std::getline(std::cin, answer);
248 boost::algorithm::to_lower(answer);
253 String ticket = answer;
256 std::cout << "Processing self-signed certificate request. Ticket '" << ticket << "'.\n";
258 if (PkiUtility::RequestCertificate(master_host, master_port, agent_key, agent_cert, ca, trusted_cert, ticket) > 0) {
259 Log(LogCritical, "cli")
260 << "Failed to fetch signed certificate from master '" << master_host << ", "
261 << master_port <<"'. Please try again.";
265 /* apilistener config */
266 std::cout << "Please specify the API bind host/port (optional):\n";
267 std::cout << "Bind Host []: ";
269 std::getline(std::cin, answer);
270 boost::algorithm::to_lower(answer);
272 String bind_host = answer;
275 std::cout << "Bind Port []: ";
277 std::getline(std::cin, answer);
278 boost::algorithm::to_lower(answer);
280 String bind_port = answer;
283 std::cout << "Enabling the APIlistener feature.\n";
285 std::vector<std::string> enable;
286 enable.push_back("api");
287 FeatureUtility::EnableFeatures(enable);
289 String apipath = FeatureUtility::GetFeaturesAvailablePath() + "/api.conf";
290 AgentUtility::CreateBackupFile(apipath);
292 String apipathtmp = apipath + ".tmp";
295 fp.open(apipathtmp.CStr(), std::ofstream::out | std::ofstream::trunc);
298 << " * The API listener is used for distributed monitoring setups.\n"
300 << "object ApiListener \"api\" {\n"
301 << " cert_path = SysconfDir + \"/icinga2/pki/\" + NodeName + \".crt\"\n"
302 << " key_path = SysconfDir + \"/icinga2/pki/\" + NodeName + \".key\"\n"
303 << " ca_path = SysconfDir + \"/icinga2/pki/ca.crt\"\n";
305 if (!bind_host.IsEmpty())
306 fp << " bind_host = \"" << bind_host << "\"\n";
307 if (!bind_port.IsEmpty())
308 fp << " bind_port = " << bind_port << "\n";
311 << " ticket_salt = TicketSalt\n"
317 _unlink(apipath.CStr());
320 if (rename(apipathtmp.CStr(), apipath.CStr()) < 0) {
321 BOOST_THROW_EXCEPTION(posix_error()
322 << boost::errinfo_api_function("rename")
323 << boost::errinfo_errno(errno)
324 << boost::errinfo_file_name(apipathtmp));
327 /* apilistener config */
328 std::cout << "Generating local zones.conf.\n";
330 AgentUtility::GenerateAgentIcingaConfig(endpoints, cn);
332 if (cn != Utility::GetFQDN()) {
333 Log(LogWarning, "cli")
334 << "CN '" << cn << "' does not match the default FQDN '" << Utility::GetFQDN() << "'. Requires update for NodeName constant in constants.conf!";
337 std::cout << "Updating constants.conf\n";
339 AgentUtility::CreateBackupFile(Application::GetSysconfDir() + "/icinga2/constants.conf");
341 AgentUtility::UpdateConstant("NodeName", cn);
345 std::cout << "Starting the Master setup routine...\n";
348 std::cout << "Please specifiy the common name (CN) (leave blank for default FQDN): ";
350 std::getline(std::cin, answer);
351 boost::algorithm::to_lower(answer);
354 answer = Utility::GetFQDN();
359 if (PkiUtility::NewCa() > 0) {
360 Log(LogWarning, "cli", "Found CA, skipping and using the existing one.");
363 String pki_path = PkiUtility::GetPkiPath();
365 if (!Utility::MkDirP(pki_path, 0700)) {
366 Log(LogCritical, "cli")
367 << "Could not create local pki directory '" << pki_path << "'.";
371 String key = pki_path + "/" + cn + ".key";
372 String csr = pki_path + "/" + cn + ".csr";
374 if (PkiUtility::NewCert(cn, key, csr, "") > 0) {
375 Log(LogCritical, "cli", "Failed to create self-signed certificate");
379 /* Sign the CSR with the CA key */
381 String cert = pki_path + "/" + cn + ".crt";
383 if (PkiUtility::SignCsr(csr, cert) != 0) {
384 Log(LogCritical, "cli", "Could not sign CSR.");
388 /* Copy CA certificate to /etc/icinga2/pki */
390 String ca = PkiUtility::GetLocalCaPath() + "/ca.crt";
391 String target_ca = pki_path + "/ca.crt";
393 Log(LogInformation, "cli")
394 << "Copying CA certificate to '" << target_ca << "'.";
396 /* does not overwrite existing files! */
397 Utility::CopyFile(ca, target_ca);
399 //TODO: Fix permissions for CA dir (root -> icinga)
401 AgentUtility::GenerateAgentMasterIcingaConfig(cn);
403 /* apilistener config */
404 std::cout << "Please specify the API bind host/port (optional):\n";
405 std::cout << "Bind Host []: ";
407 std::getline(std::cin, answer);
408 boost::algorithm::to_lower(answer);
410 String bind_host = answer;
413 std::cout << "Bind Port []: ";
415 std::getline(std::cin, answer);
416 boost::algorithm::to_lower(answer);
418 String bind_port = answer;
421 std::cout << "Enabling the APIlistener feature.\n";
423 std::vector<std::string> enable;
424 enable.push_back("api");
425 FeatureUtility::EnableFeatures(enable);
427 String apipath = FeatureUtility::GetFeaturesAvailablePath() + "/api.conf";
428 AgentUtility::CreateBackupFile(apipath);
430 String apipathtmp = apipath + ".tmp";
433 fp.open(apipathtmp.CStr(), std::ofstream::out | std::ofstream::trunc);
436 << " * The API listener is used for distributed monitoring setups.\n"
438 << "object ApiListener \"api\" {\n"
439 << " cert_path = SysconfDir + \"/icinga2/pki/\" + NodeName + \".crt\"\n"
440 << " key_path = SysconfDir + \"/icinga2/pki/\" + NodeName + \".key\"\n"
441 << " ca_path = SysconfDir + \"/icinga2/pki/ca.crt\"\n";
443 if (!bind_host.IsEmpty())
444 fp << " bind_host = \"" << bind_host << "\"\n";
445 if (!bind_port.IsEmpty())
446 fp << " bind_port = " << bind_port << "\n";
449 << " ticket_salt = TicketSalt\n"
455 _unlink(apipath.CStr());
458 if (rename(apipathtmp.CStr(), apipath.CStr()) < 0) {
459 BOOST_THROW_EXCEPTION(posix_error()
460 << boost::errinfo_api_function("rename")
461 << boost::errinfo_errno(errno)
462 << boost::errinfo_file_name(apipathtmp));
465 /* update constants.conf with NodeName = CN + TicketSalt = random value */
466 if (cn != Utility::GetFQDN()) {
467 Log(LogWarning, "cli")
468 << "CN '" << cn << "' does not match the default FQDN '" << Utility::GetFQDN() << "'. Requires update for NodeName constant in constants.conf!";
471 Log(LogInformation, "cli", "Updating constants.conf.");
473 AgentUtility::CreateBackupFile(Application::GetSysconfDir() + "/icinga2/constants.conf");
475 AgentUtility::UpdateConstant("NodeName", cn);
477 String salt = RandomString(16);
479 AgentUtility::UpdateConstant("TicketSalt", salt);
481 Log(LogInformation, "cli")
482 << "Edit the api feature config file '" << apipath << "' and set a secure 'ticket_salt' attribute.";
485 std::cout << "Now restart your Icinga 2 agent to finish the installation!\n";
487 std::cout << "If you encounter problems or bugs, please do not hesitate to\n"
488 << "get in touch with the community at https://support.icinga.org" << std::endl;