Fix wrong cert path for CLI commands

author Michael Friedrich <michael.friedrich@icinga.com>

Wed, 6 Sep 2017 12:38:35 +0000 (14:38 +0200)

committer Gunnar Beutner <gunnar.beutner@icinga.com>

Tue, 12 Sep 2017 10:52:49 +0000 (12:52 +0200)
author Michael Friedrich <michael.friedrich@icinga.com>
Wed, 6 Sep 2017 12:38:35 +0000 (14:38 +0200)
committer Gunnar Beutner <gunnar.beutner@icinga.com>
Tue, 12 Sep 2017 10:52:49 +0000 (12:52 +0200)
diff --git a/lib/cli/nodesetupcommand.cpp b/lib/cli/nodesetupcommand.cpp

index 895815d994b6edca543bd4471e2ded8ac6d3c142..c3422785bc9c0cac475611a4bf1d3a736c4a1f44 100644 (file)
--- a/lib/cli/nodesetupcommand.cpp
+++ b/lib/cli/nodesetupcommand.cpp
@@ -176,9 +176,9 @@ int NodeSetupCommand::SetupMaster(const boost::program_options::variables_map& v
             << " * The API listener is used for distributed monitoring setups.\n"
             << " */\n"
             << "object ApiListener \"api\" {\n"
-           << "  cert_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".crt\"\n"
-           << "  key_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".key\"\n"
-           << "  ca_path = LocalStateDir + \"/lib/icinga2/pki/ca.crt\"\n";
+           << "  cert_path = LocalStateDir + \"/lib/icinga2/certs/\" + NodeName + \".crt\"\n"
+           << "  key_path = LocalStateDir + \"/lib/icinga2/certs/\" + NodeName + \".key\"\n"
+           << "  ca_path = LocalStateDir + \"/lib/icinga2/certs/ca.crt\"\n";
  
         if (vm.count("listen")) {
                 std::vector<String> tokens;
@@ -380,9 +380,9 @@ int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm,
             << " * The API listener is used for distributed monitoring setups.\n"
             << " */\n"
             << "object ApiListener \"api\" {\n"
-           << "  cert_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".crt\"\n"
-           << "  key_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".key\"\n"
-           << "  ca_path = LocalStateDir + \"/lib/icinga2/pki/ca.crt\"\n";
+           << "  cert_path = LocalStateDir + \"/lib/icinga2/certs/\" + NodeName + \".crt\"\n"
+           << "  key_path = LocalStateDir + \"/lib/icinga2/certs/\" + NodeName + \".key\"\n"
+           << "  ca_path = LocalStateDir + \"/lib/icinga2/certs/ca.crt\"\n";
  
         if (vm.count("listen")) {
                 std::vector<String> tokens;
diff --git a/lib/cli/nodewizardcommand.cpp b/lib/cli/nodewizardcommand.cpp

index 91e89b6212f05e4dd593d1676857431d2e845f49..37c9d68bb8a121d6ec32fbc2efd5b4756afda225 100644 (file)
--- a/lib/cli/nodewizardcommand.cpp
+++ b/lib/cli/nodewizardcommand.cpp
@@ -92,7 +92,7 @@ int NodeWizardCommand::Run(const boost::program_options::variables_map& vm,
          * 5. Local CA
          * 6. New self signed certificate
          * 7. Request signed certificate from master
-        * 8. copy key information to /var/lib/icinga2/pki
+        * 8. copy key information to /var/lib/icinga2/certs
          * 9. enable ApiListener feature
          * 10. generate zones.conf with endpoints and zone objects
          * 11. set NodeName = cn in constants.conf
@@ -407,9 +407,9 @@ wizard_ticket:
                     << " * The API listener is used for distributed monitoring setups.\n"
                     << " */\n"
                     << "object ApiListener \"api\" {\n"
-                   << "  cert_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".crt\"\n"
-                   << "  key_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".key\"\n"
-                   << "  ca_path = LocalStateDir + \"/lib/icinga2/pki/ca.crt\"\n"
+                   << "  cert_path = LocalStateDir + \"/lib/icinga2/certs/\" + NodeName + \".crt\"\n"
+                   << "  key_path = LocalStateDir + \"/lib/icinga2/certs/\" + NodeName + \".key\"\n"
+                   << "  ca_path = LocalStateDir + \"/lib/icinga2/certs/ca.crt\"\n"
                     << "\n"
                     << "  accept_config = " << accept_config << "\n"
                     << "  accept_commands = " << accept_commands << "\n";
@@ -455,7 +455,7 @@ wizard_ticket:
                 NodeUtility::UpdateConstant("NodeName", cn);
                 NodeUtility::UpdateConstant("ZoneName", cn);
  
-               String ticketPath = Application::GetLocalStateDir() + "/lib/icinga2/pki/ticket";
+               String ticketPath = ApiListener::GetCertsDir() + "/ticket";
  
                 String tempTicketPath = Utility::CreateTempFile(ticketPath + ".XXXXXX", 0600, fp);
  
@@ -553,9 +553,9 @@ wizard_ticket:
                     << " * The API listener is used for distributed monitoring setups.\n"
                     << " */\n"
                     << "object ApiListener \"api\" {\n"
-                   << "  cert_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".crt\"\n"
-                   << "  key_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".key\"\n"
-                   << "  ca_path = LocalStateDir + \"/lib/icinga2/pki/ca.crt\"\n";
+                   << "  cert_path = LocalStateDir + \"/lib/icinga2/certs/\" + NodeName + \".crt\"\n"
+                   << "  key_path = LocalStateDir + \"/lib/icinga2/certs/\" + NodeName + \".key\"\n"
+                   << "  ca_path = LocalStateDir + \"/lib/icinga2/certs/ca.crt\"\n";
  
                 if (!bind_host.IsEmpty())
                         fp << "  bind_host = \"" << bind_host << "\"\n";
diff --git a/lib/remote/jsonrpcconnection-pki.cpp b/lib/remote/jsonrpcconnection-pki.cpp

index e14be3feb129abbe4cc64b4093eeecb4b328b3a5..fee37a30f54a7cb37f33c8617e699fa93c51ba7c 100644 (file)
--- a/lib/remote/jsonrpcconnection-pki.cpp
+++ b/lib/remote/jsonrpcconnection-pki.cpp
@@ -324,7 +324,8 @@ Value UpdateCertificateHandler(const MessageOrigin::Ptr& origin, const Dictionar
                     << boost::errinfo_file_name(tempCertPath));
         }
  
-       String ticketPath = Application::GetLocalStateDir() + "/lib/icinga2/pki/ticket";
+       /* Remove ticket for successful signing request. */
+       String ticketPath = ApiListener::GetCertsDir() + "/ticket";
  
         if (unlink(ticketPath.CStr()) < 0 && errno != ENOENT) {
                 BOOST_THROW_EXCEPTION(posix_error()
author	Michael Friedrich <michael.friedrich@icinga.com>
	Wed, 6 Sep 2017 12:38:35 +0000 (14:38 +0200)
committer	Gunnar Beutner <gunnar.beutner@icinga.com>
	Tue, 12 Sep 2017 10:52:49 +0000 (12:52 +0200)
lib/cli/nodesetupcommand.cpp		patch \| blob \| history
lib/cli/nodewizardcommand.cpp		patch \| blob \| history
lib/remote/jsonrpcconnection-pki.cpp		patch \| blob \| history