String ca_path = PkiUtility::GetLocalCaPath();
String ca = ca_path + "/ca.crt";
String ca_key = ca_path + "/ca.key";
+ String serial = ca_path + "/serial.txt";
String target_ca = pki_path + "/ca.crt";
Log(LogInformation, "cli")
Log(LogWarning, "cli")
<< "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << ca_key << "'. Verify it yourself!";
}
+ if (!Utility::SetFileOwnership(serial, user, group)) {
+ Log(LogWarning, "cli")
+ << "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << serial << "'. Verify it yourself!";
+ }
if (!Utility::SetFileOwnership(target_ca, user, group)) {
Log(LogWarning, "cli")
<< "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << target_ca << "'. Verify it yourself!";
String cert = pki_path + "/" + cn + ".crt";
String ca = pki_path + "/ca.crt";
-
if (!Utility::MkDirP(pki_path, 0700)) {
Log(LogCritical, "cli")
<< "Could not create local pki directory '" << pki_path << "'.";
String ca_path = PkiUtility::GetLocalCaPath();
String ca_key = ca_path + "/ca.key";
String ca = ca_path + "/ca.crt";
+ String serial = ca_path + "/serial.txt";
/* fix permissions: root -> icinga daemon user */
if (!Utility::SetFileOwnership(ca_path, user, group)) {
Log(LogWarning, "cli")
<< "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << ca_key << "'. Verify it yourself!";
}
+ if (!Utility::SetFileOwnership(serial, user, group)) {
+ Log(LogWarning, "cli")
+ << "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << serial << "'. Verify it yourself!";
+ }
if (!Utility::SetFileOwnership(node_cert, user, group)) {
Log(LogWarning, "cli")
<< "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << node_cert << "'. Verify it yourself!";
String bind_port = answer;
bind_port.Trim();
- std::cout << "Enabling the APIlistener feature.\n";
+ Log(LogInformation, "cli", "Enabling the Apilistener feature.");
std::vector<std::string> enable;
enable.push_back("api");
}
/* apilistener config */
- std::cout << "Generating local zones.conf.\n";
+ Log(LogInformation, "cli", "Generating local zones.conf.");
NodeUtility::GenerateNodeIcingaConfig(endpoints, cn, local_zone);
<< "CN '" << cn << "' does not match the default FQDN '" << Utility::GetFQDN() << "'. Requires update for NodeName constant in constants.conf!";
}
- std::cout << "Updating constants.conf\n";
+ Log(LogInformation, "cli", "Updating constants.conf.");
+
+ String constants_file = Application::GetSysconfDir() + "/icinga2/constants.conf";
- NodeUtility::CreateBackupFile(Application::GetSysconfDir() + "/icinga2/constants.conf");
+ NodeUtility::CreateBackupFile(constants_file);
NodeUtility::UpdateConstant("NodeName", cn);
+ Log(LogInformation, "cli")
+ << "Edit the constants.conf file '" << constants_file << "' and set a secure 'TicketSalt' constant.";
+
} else {
/* master setup */
std::cout << "Starting the Master setup routine...\n";
String ca_path = PkiUtility::GetLocalCaPath();
String ca = ca_path + "/ca.crt";
String ca_key = ca_path + "/ca.key";
+ String serial = ca_path + "/serial.txt";
String target_ca = pki_path + "/ca.crt";
Log(LogInformation, "cli")
Log(LogWarning, "cli")
<< "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << ca_key << "'. Verify it yourself!";
}
+ if (!Utility::SetFileOwnership(serial, user, group)) {
+ Log(LogWarning, "cli")
+ << "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << serial << "'. Verify it yourself!";
+ }
if (!Utility::SetFileOwnership(target_ca, user, group)) {
Log(LogWarning, "cli")
<< "Cannot set ownership for user '" << user << "' group '" << group << "' on file '" << target_ca << "'. Verify it yourself!";
#include "base/tlsutility.hpp"
#include "base/tlsstream.hpp"
#include "base/tcpsocket.hpp"
+#include "base/json.hpp"
#include "base/utility.hpp"
#include "remote/jsonrpc.hpp"
#include <fstream>
for (;;) {
response = JsonRpc::ReadMessage(stream);
- if (response->Get("id") != msgid)
+ if (response && response->Contains("error")) {
+ Log(LogCritical, "cli", "Could not fetch valid response. Please check the master log (notice or debug).");
+#ifdef _DEBUG
+ /* we shouldn't expose master errors to the user in production environments */
+ Log(LogCritical, "cli", response->Get("error"));
+#endif /* _DEBUG */
+ return 1;
+ }
+
+ if (response && (response->Get("id") != msgid))
continue;
break;
}
- if (!response->Contains("result")) {
- Log(LogCritical, "cli", "Request certificate did not return a valid result. Check the master log for details!");
+ if (!response) {
+ Log(LogCritical, "cli", "Could not fetch valid response. Please check the master log.");
return 1;
}
resultMessage->Set("result", afunc->Invoke(origin, message->Get("params")));
} catch (const std::exception& ex) {
+ //TODO: Add a user readable error message for the remote caller
resultMessage->Set("error", DiagnosticInformation(ex));
+ std::ostringstream info;
+ info << "Error while processing message for identity '" << m_Identity << "'";
+ Log(LogWarning, "ApiClient")
+ << info.str();
+ Log(LogDebug, "ApiClient")
+ << info.str() << "\n" << DiagnosticInformation(ex);
}
if (message->Contains("id")) {