if (!File.Exists(pathPrefix + ".crt")) {
if (!RunProcess(Icinga2InstallDir + "\\sbin\\icinga2.exe",
- "pki new-cert --cn \"" + txtInstanceName.Text + "\" --keyfile \"" + pathPrefix + ".key\" --certfile \"" + pathPrefix + ".crt\"",
+ "pki new-cert --cn \"" + txtInstanceName.Text + "\" --key \"" + pathPrefix + ".key\" --cert \"" + pathPrefix + ".crt\"",
out output)) {
ShowErrorText(output);
return;
_TrustedFile = Path.GetTempFileName();
if (!RunProcess(Icinga2InstallDir + "\\sbin\\icinga2.exe",
- "pki save-cert --host \"" + host + "\" --port \"" + port + "\" --keyfile \"" + pathPrefix + ".key\" --certfile \"" + pathPrefix + ".crt\" --trustedfile \"" + _TrustedFile + "\"",
+ "pki save-cert --host \"" + host + "\" --port \"" + port + "\" --key \"" + pathPrefix + ".key\" --cert \"" + pathPrefix + ".crt\" --trustedcert \"" + _TrustedFile + "\"",
out output)) {
ShowErrorText(output);
return;
Example:
- # icinga2 pki new-cert --cn icinga2a --keyfile icinga2a.key --csrfile icinga2a.csr
- # icinga2 pki sign-csr --csrfile icinga2a.csr --certfile icinga2a.crt
+ # icinga2 pki new-cert --cn icinga2a --key icinga2a.key --csr icinga2a.csr
+ # icinga2 pki sign-csr --csr icinga2a.csr --cert icinga2a.crt
# vim cluster.conf
Now create a certificate and key file for each node running the following command
(replace `icinga2a` with the required hostname):
- # icinga2 pki new-cert --cn icinga2a --keyfile icinga2a.key --csrfile icinga2a.csr
- # icinga2 pki sign-csr --csrfile icinga2a.csr --certfile icinga2a.crt
+ # icinga2 pki new-cert --cn icinga2a --key icinga2a.key --csr icinga2a.csr
+ # icinga2 pki sign-csr --csr icinga2a.csr --cert icinga2a.crt
Repeat the step for all nodes in your cluster scenario.
std::vector<String> AgentSetupCommand::GetArgumentSuggestions(const String& argument, const String& word) const
{
- if (argument == "keyfile" || argument == "certfile" || argument == "trustedcert")
+ if (argument == "key" || argument == "cert" || argument == "trustedcert")
return GetBashCompletionSuggestions("file", word);
else if (argument == "host")
return GetBashCompletionSuggestions("hostname", word);
if (vm.count("cn"))
cn = vm["cn"].as<std::string>();
- String keyfile = local_pki_path + "/" + cn + ".key";
- String certfile = local_pki_path + "/" + cn + ".crt";
- String cafile = PkiUtility::GetLocalCaPath() + "/ca.crt";
+ String key = local_pki_path + "/" + cn + ".key";
+ String cert = local_pki_path + "/" + cn + ".crt";
+ String ca = PkiUtility::GetLocalCaPath() + "/ca.crt";
- if (PkiUtility::NewCert(cn, keyfile, Empty, certfile) > 0) {
+ if (PkiUtility::NewCert(cn, key, Empty, cert) > 0) {
Log(LogCritical, "cli", "Failed to create self-signed certificate");
}
Log(LogInformation, "cli")
<< "Moving certificates to " << pki_path << ".";
- String target_keyfile = pki_path + "/" + cn + ".key";
- String target_certfile = pki_path + "/" + cn + ".crt";
- String target_cafile = pki_path + "/ca.crt";
+ String target_key = pki_path + "/" + cn + ".key";
+ String target_cert = pki_path + "/" + cn + ".crt";
+ String target_ca = pki_path + "/ca.crt";
//TODO
- PkiUtility::CopyCertFile(keyfile, target_keyfile);
- PkiUtility::CopyCertFile(certfile, target_certfile);
- PkiUtility::CopyCertFile(cafile, target_cafile);
+ PkiUtility::CopyCertFile(key, target_key);
+ PkiUtility::CopyCertFile(cert, target_cert);
+ PkiUtility::CopyCertFile(ca, target_ca);
std::cout << ConsoleColorTag(Console_ForegroundRed | Console_Bold) << "PLACEHOLDER" << ConsoleColorTag(Console_Normal) << std::endl;
if (!vm.count("trustedcert")) {
Log(LogCritical, "cli")
<< "Please pass the trusted cert retrieved from the master\n"
- << "(Hint: 'icinga2 pki save-cert --host <masterhost> --port <5665> --keyfile local.key --certfile local.crt --trustedfile master.crt').";
+ << "(Hint: 'icinga2 pki save-cert --host <masterhost> --port <5665> --key local.key --cert local.crt --trustedcert master.crt').";
return 1;
}
String local_pki_path = PkiUtility::GetLocalPkiPath();
- String keyfile = local_pki_path + "/" + cn + ".key";
- String certfile = local_pki_path + "/" + cn + ".crt";
- String cafile = PkiUtility::GetLocalCaPath() + "/ca.crt";
+ String key = local_pki_path + "/" + cn + ".key";
+ String cert = local_pki_path + "/" + cn + ".crt";
+ String ca = PkiUtility::GetLocalCaPath() + "/ca.crt";
//TODO: local CA or any other one?
- if (!Utility::PathExists(cafile)) {
+ if (!Utility::PathExists(ca)) {
Log(LogCritical, "cli")
- << "CA file '" << cafile << "' does not exist. Please generate a new CA first.\n"
+ << "CA file '" << ca << "' does not exist. Please generate a new CA first.\n"
<< "Hist: 'icinga2 pki new-ca'";
return 1;
}
- if (!Utility::PathExists(keyfile)) {
+ if (!Utility::PathExists(key)) {
Log(LogCritical, "cli")
- << "Private key file '" << keyfile << "' does not exist. Please generate a new certificate first.\n"
+ << "Private key file '" << key << "' does not exist. Please generate a new certificate first.\n"
<< "Hist: 'icinga2 pki new-cert'";
return 1;
}
- if (!Utility::PathExists(certfile)) {
+ if (!Utility::PathExists(cert)) {
Log(LogCritical, "cli")
- << "Cert file '" << certfile << "' does not exist. Please generate a new certificate first.\n"
+ << "Cert file '" << cert << "' does not exist. Please generate a new certificate first.\n"
<< "Hist: 'icinga2 pki new-cert'";
return 1;
}
String port = "5665";
- PkiUtility::RequestCertificate(master_host, master_port, keyfile, certfile, cafile, trustedcert, ticket);
+ PkiUtility::RequestCertificate(master_host, master_port, key, cert, ca, trustedcert, ticket);
/*
* 5. get public key signed by the master, private key and ca.crt and copy it to /etc/icinga2/pki
{
visibleDesc.add_options()
("cn", po::value<std::string>(), "Common Name")
- ("keyfile", po::value<std::string>(), "Key file path (output")
- ("csrfile", po::value<std::string>(), "CSR file path (optional, output)")
- ("certfile", po::value<std::string>(), "Certificate file path (optional, output)");
+ ("key", po::value<std::string>(), "Key file path (output")
+ ("csr", po::value<std::string>(), "CSR file path (optional, output)")
+ ("cert", po::value<std::string>(), "Certificate file path (optional, output)");
}
std::vector<String> PKINewCertCommand::GetArgumentSuggestions(const String& argument, const String& word) const
{
- if (argument == "keyfile" || argument == "csrfile" || argument == "certfile")
+ if (argument == "key" || argument == "csr" || argument == "cert")
return GetBashCompletionSuggestions("file", word);
else
return CLICommand::GetArgumentSuggestions(argument, word);
return 1;
}
- if (!vm.count("keyfile")) {
- Log(LogCritical, "cli", "Key file path (--keyfile) must be specified.");
+ if (!vm.count("key")) {
+ Log(LogCritical, "cli", "Key file path (--key) must be specified.");
return 1;
}
- String csrfile, certfile;
+ String csr, cert;
- if (vm.count("csrfile"))
- csrfile = vm["csrfile"].as<std::string>();
+ if (vm.count("csr"))
+ csr = vm["csr"].as<std::string>();
- if (vm.count("certfile"))
- certfile = vm["certfile"].as<std::string>();
+ if (vm.count("cert"))
+ cert = vm["cert"].as<std::string>();
- return PkiUtility::NewCert(vm["cn"].as<std::string>(), vm["keyfile"].as<std::string>(), csrfile, certfile);
+ return PkiUtility::NewCert(vm["cn"].as<std::string>(), vm["key"].as<std::string>(), csr, cert);
}
boost::program_options::options_description& hiddenDesc) const
{
visibleDesc.add_options()
- ("keyfile", po::value<std::string>(), "Key file path (input)")
- ("certfile", po::value<std::string>(), "Certificate file path (input + output)")
- ("cafile", po::value<std::string>(), "CA file path (output)")
- ("trustedfile", po::value<std::string>(), "Trusted certificate file path (input)")
+ ("key", po::value<std::string>(), "Key file path (input)")
+ ("cert", po::value<std::string>(), "Certificate file path (input + output)")
+ ("ca", po::value<std::string>(), "CA file path (output)")
+ ("trustedcert", po::value<std::string>(), "Trusted certificate file path (input)")
("host", po::value<std::string>(), "Icinga 2 host")
("port", po::value<std::string>(), "Icinga 2 port")
("ticket", po::value<std::string>(), "Icinga 2 PKI ticket");
std::vector<String> PKIRequestCommand::GetArgumentSuggestions(const String& argument, const String& word) const
{
- if (argument == "keyfile" || argument == "certfile" || argument == "cafile" || argument == "trustedfile")
+ if (argument == "key" || argument == "cert" || argument == "ca" || argument == "trustedcert")
return GetBashCompletionSuggestions("file", word);
else if (argument == "host")
return GetBashCompletionSuggestions("hostname", word);
return 1;
}
- if (!vm.count("keyfile")) {
- Log(LogCritical, "cli", "Key input file path (--keyfile) must be specified.");
+ if (!vm.count("key")) {
+ Log(LogCritical, "cli", "Key input file path (--key) must be specified.");
return 1;
}
- if (!vm.count("certfile")) {
- Log(LogCritical, "cli", "Certificate output file path (--certfile) must be specified.");
+ if (!vm.count("cert")) {
+ Log(LogCritical, "cli", "Certificate output file path (--cert) must be specified.");
return 1;
}
- if (!vm.count("cafile")) {
- Log(LogCritical, "cli", "CA certificate output file path (--cafile) must be specified.");
+ if (!vm.count("ca")) {
+ Log(LogCritical, "cli", "CA certificate output file path (--ca) must be specified.");
return 1;
}
- if (!vm.count("trustedfile")) {
- Log(LogCritical, "cli", "Trusted certificate input file path (--trustedfile) must be specified.");
+ if (!vm.count("trustedcert")) {
+ Log(LogCritical, "cli", "Trusted certificate input file path (--trustedcert) must be specified.");
return 1;
}
if (vm.count("port"))
port = vm["port"].as<std::string>();
- return PkiUtility::RequestCertificate(vm["host"].as<std::string>(), port, vm["keyfile"].as<std::string>(),
- vm["certfile"].as<std::string>(), vm["cafile"].as<std::string>(), vm["trustedfile"].as<std::string>(),
+ return PkiUtility::RequestCertificate(vm["host"].as<std::string>(), port, vm["key"].as<std::string>(),
+ vm["cert"].as<std::string>(), vm["ca"].as<std::string>(), vm["trustedcert"].as<std::string>(),
vm["ticket"].as<std::string>());
}
boost::program_options::options_description& hiddenDesc) const
{
visibleDesc.add_options()
- ("keyfile", po::value<std::string>(), "Key file path (input)")
- ("certfile", po::value<std::string>(), "Certificate file path (input)")
- ("trustedfile", po::value<std::string>(), "Trusted certificate file path (output)")
+ ("key", po::value<std::string>(), "Key file path (input)")
+ ("cert", po::value<std::string>(), "Certificate file path (input)")
+ ("trustedcert", po::value<std::string>(), "Trusted certificate file path (output)")
("host", po::value<std::string>(), "Icinga 2 host")
("port", po::value<std::string>(), "Icinga 2 port");
}
std::vector<String> PKISaveCertCommand::GetArgumentSuggestions(const String& argument, const String& word) const
{
- if (argument == "keyfile" || argument == "certfile" || argument == "trustedfile")
+ if (argument == "key" || argument == "cert" || argument == "trustedcert")
return GetBashCompletionSuggestions("file", word);
else if (argument == "host")
return GetBashCompletionSuggestions("hostname", word);
return 1;
}
- if (!vm.count("keyfile")) {
- Log(LogCritical, "cli", "Key input file path (--keyfile) must be specified.");
+ if (!vm.count("key")) {
+ Log(LogCritical, "cli", "Key input file path (--key) must be specified.");
return 1;
}
- if (!vm.count("certfile")) {
- Log(LogCritical, "cli", "Certificate input file path (--certfile) must be specified.");
+ if (!vm.count("cert")) {
+ Log(LogCritical, "cli", "Certificate input file path (--cert) must be specified.");
return 1;
}
- if (!vm.count("trustedfile")) {
- Log(LogCritical, "cli", "Trusted certificate output file path (--trustedfile) must be specified.");
+ if (!vm.count("trustedcert")) {
+ Log(LogCritical, "cli", "Trusted certificate output file path (--trustedcert) must be specified.");
return 1;
}
if (vm.count("port"))
port = vm["port"].as<std::string>();
- return PkiUtility::SaveCert(vm["host"].as<std::string>(), port, vm["keyfile"].as<std::string>(), vm["certfile"].as<std::string>(), vm["trustedfile"].as<std::string>());
+ return PkiUtility::SaveCert(vm["host"].as<std::string>(), port, vm["key"].as<std::string>(), vm["cert"].as<std::string>(), vm["trustedcert"].as<std::string>());
}
boost::program_options::options_description& hiddenDesc) const
{
visibleDesc.add_options()
- ("csrfile", po::value<std::string>(), "CSR file path (input)")
- ("certfile", po::value<std::string>(), "Certificate file path (output)");
+ ("csr", po::value<std::string>(), "CSR file path (input)")
+ ("cert", po::value<std::string>(), "Certificate file path (output)");
}
std::vector<String> PKISignCSRCommand::GetArgumentSuggestions(const String& argument, const String& word) const
{
- if (argument == "csrfile" || argument == "certfile")
+ if (argument == "csr" || argument == "cert")
return GetBashCompletionSuggestions("file", word);
else
return CLICommand::GetArgumentSuggestions(argument, word);
*/
int PKISignCSRCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
{
- if (!vm.count("csrfile")) {
- Log(LogCritical, "cli", "Certificate signing request file path (--csrfile) must be specified.");
+ if (!vm.count("csr")) {
+ Log(LogCritical, "cli", "Certificate signing request file path (--csr) must be specified.");
return 1;
}
- if (!vm.count("certfile")) {
- Log(LogCritical, "cli", "Certificate file path (--certfile) must be specified.");
+ if (!vm.count("cert")) {
+ Log(LogCritical, "cli", "Certificate file path (--cert) must be specified.");
return 1;
}
- return PkiUtility::SignCsr(vm["csrfile"].as<std::string>(), vm["certfile"].as<std::string>());
+ return PkiUtility::SignCsr(vm["csr"].as<std::string>(), vm["cert"].as<std::string>());
}