'node wizard/setup' should always generate new certificates

Unless an existing certificate is found. The configuration
(api feature, user) is always generated including a backup.

fixes #9590

diff --git a/lib/cli/nodesetupcommand.cpp b/lib/cli/nodesetupcommand.cpp
index 0c4ce0ff26c82158e0f33fecc370685006ec63f9..9d6616baa8efd8c26455e54328e41d76d2ffa6d1 100644 (file)
--- a/lib/cli/nodesetupcommand.cpp
+++ b/lib/cli/nodesetupcommand.cpp
@@ -128,11 +128,33 @@ int NodeSetupCommand::SetupMaster(const boost::program_options::variables_map& v
         if (vm.count("cn"))
                 cn = vm["cn"].as<std::string>();
 
-       if (FeatureUtility::CheckFeatureDisabled("api")) {
-               Log(LogInformation, "cli", "'api' feature not enabled, running 'api setup' now.\n");
-               ApiSetupUtility::SetupMaster(cn);
-       } else
-               Log(LogInformation, "cli", "'api' feature already enabled.\n");
+       /* check whether the user wants to generate a new certificate or not */
+       String existing_path = PkiUtility::GetPkiPath() + "/" + cn + ".crt";
+
+       Log(LogInformation, "cli")
+           << "Checking for existing certificates for common name '" << cn << "'...";
+
+       if (Utility::PathExists(existing_path)) {
+               Log(LogWarning, "cli")
+                   << "Certificate '" << existing_path << "' for CN '" << cn << "' already existing. Skipping certificate generation.";
+       } else {
+               Log(LogInformation, "cli")
+                   << "Certificates not yet generated. Running 'api setup' now.";
+
+               ApiSetupUtility::SetupMasterCertificates(cn);
+       }
+
+       Log(LogInformation, "cli", "Generating master configuration for Icinga 2.");
+       ApiSetupUtility::SetupMasterApiUser(cn);
+
+       if (!FeatureUtility::CheckFeatureEnabled("api")) {
+               ApiSetupUtility::SetupMasterEnableApi(cn);
+       } else {
+               Log(LogInformation, "cli")
+                   << "'api' feature already enabled.\n";
+       }
+
+       NodeUtility::GenerateNodeMasterIcingaConfig(cn);
 
        /* read zones.conf and update with zone + endpoint information */
 

diff --git a/lib/cli/nodewizardcommand.cpp b/lib/cli/nodewizardcommand.cpp
index 0ac3809e06474618c5199cd61b0ca50715f951f7..db3b2194f93dc7cb4910ef5f20d0f30229253e94 100644 (file)
--- a/lib/cli/nodewizardcommand.cpp
+++ b/lib/cli/nodewizardcommand.cpp
@@ -455,13 +455,26 @@ wizard_ticket:
                String cn = answer;
                cn.Trim();
 
-               std::cout << ConsoleColorTag(Console_Normal) << "Checking the 'api' feature...\n";
+               /* check whether the user wants to generate a new certificate or not */
+               String existing_path = PkiUtility::GetPkiPath() + "/" + cn + ".crt";
 
-               if (FeatureUtility::CheckFeatureDisabled("api")) {
-                       std::cout << ConsoleColorTag(Console_Bold) << "'api' feature not enabled, running 'api setup' now.\n";
-                       ApiSetupUtility::SetupMaster(cn);
+               std::cout << ConsoleColorTag(Console_Normal) << "Checking for existing certificates for common name '" << cn << "'...\n";
+
+               if (Utility::PathExists(existing_path)) {
+                       std::cout << "Certificate '" << existing_path << "' for CN '" << cn << "' already existing. Skipping certificate generation.\n";
+               } else {
+                       std::cout << "Certificates not yet generated. Running 'api setup' now.\n";
+                       ApiSetupUtility::SetupMasterCertificates(cn);
                }
 
+               std::cout << ConsoleColorTag(Console_Bold) << "Generating master configuration for Icinga 2.\n" << ConsoleColorTag(Console_Normal);
+               ApiSetupUtility::SetupMasterApiUser(cn);
+
+               if (!FeatureUtility::CheckFeatureEnabled("api"))
+                       ApiSetupUtility::SetupMasterEnableApi(cn);
+               else
+                       std::cout << "'api' feature already enabled.\n";
+
                NodeUtility::GenerateNodeMasterIcingaConfig(cn);
 
                /* apilistener config */