From: Michael Friedrich <michael.friedrich@netways.de>
Date: Wed, 8 Jul 2015 13:32:47 +0000 (+0200)
Subject: 'node wizard/setup' should always generate new certificates
X-Git-Tag: v2.4.0~522
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=84d83a4453360ea289362fe79b74fc76c25a8a15;p=icinga2

'node wizard/setup' should always generate new certificates

Unless an existing certificate is found. The configuration
(api feature, user) is always generated including a backup.

fixes #9590
---

diff --git a/lib/cli/nodesetupcommand.cpp b/lib/cli/nodesetupcommand.cpp
index 0c4ce0ff2..9d6616baa 100644
--- a/lib/cli/nodesetupcommand.cpp
+++ b/lib/cli/nodesetupcommand.cpp
@@ -128,11 +128,33 @@ int NodeSetupCommand::SetupMaster(const boost::program_options::variables_map& v
         if (vm.count("cn"))
                 cn = vm["cn"].as<std::string>();
 
-	if (FeatureUtility::CheckFeatureDisabled("api")) {
-		Log(LogInformation, "cli", "'api' feature not enabled, running 'api setup' now.\n");
-		ApiSetupUtility::SetupMaster(cn);
-	} else
-		Log(LogInformation, "cli", "'api' feature already enabled.\n");
+	/* check whether the user wants to generate a new certificate or not */
+	String existing_path = PkiUtility::GetPkiPath() + "/" + cn + ".crt";
+
+	Log(LogInformation, "cli")
+	    << "Checking for existing certificates for common name '" << cn << "'...";
+
+	if (Utility::PathExists(existing_path)) {
+		Log(LogWarning, "cli")
+		    << "Certificate '" << existing_path << "' for CN '" << cn << "' already existing. Skipping certificate generation.";
+	} else {
+		Log(LogInformation, "cli")
+		    << "Certificates not yet generated. Running 'api setup' now.";
+
+		ApiSetupUtility::SetupMasterCertificates(cn);
+	}
+
+	Log(LogInformation, "cli", "Generating master configuration for Icinga 2.");
+	ApiSetupUtility::SetupMasterApiUser(cn);
+
+	if (!FeatureUtility::CheckFeatureEnabled("api")) {
+		ApiSetupUtility::SetupMasterEnableApi(cn);
+	} else {
+		Log(LogInformation, "cli")
+		    << "'api' feature already enabled.\n";
+	}
+
+	NodeUtility::GenerateNodeMasterIcingaConfig(cn);
 
 	/* read zones.conf and update with zone + endpoint information */
 
diff --git a/lib/cli/nodewizardcommand.cpp b/lib/cli/nodewizardcommand.cpp
index 0ac3809e0..db3b2194f 100644
--- a/lib/cli/nodewizardcommand.cpp
+++ b/lib/cli/nodewizardcommand.cpp
@@ -455,13 +455,26 @@ wizard_ticket:
 		String cn = answer;
 		cn.Trim();
 
-		std::cout << ConsoleColorTag(Console_Normal) << "Checking the 'api' feature...\n";
+		/* check whether the user wants to generate a new certificate or not */
+		String existing_path = PkiUtility::GetPkiPath() + "/" + cn + ".crt";
 
-		if (FeatureUtility::CheckFeatureDisabled("api")) {
-			std::cout << ConsoleColorTag(Console_Bold) << "'api' feature not enabled, running 'api setup' now.\n";
-			ApiSetupUtility::SetupMaster(cn);
+		std::cout << ConsoleColorTag(Console_Normal) << "Checking for existing certificates for common name '" << cn << "'...\n";
+
+		if (Utility::PathExists(existing_path)) {
+			std::cout << "Certificate '" << existing_path << "' for CN '" << cn << "' already existing. Skipping certificate generation.\n";
+		} else {
+			std::cout << "Certificates not yet generated. Running 'api setup' now.\n";
+			ApiSetupUtility::SetupMasterCertificates(cn);
 		}
 
+		std::cout << ConsoleColorTag(Console_Bold) << "Generating master configuration for Icinga 2.\n" << ConsoleColorTag(Console_Normal);
+		ApiSetupUtility::SetupMasterApiUser(cn);
+
+		if (!FeatureUtility::CheckFeatureEnabled("api"))
+			ApiSetupUtility::SetupMasterEnableApi(cn);
+		else
+			std::cout << "'api' feature already enabled.\n";
+
 		NodeUtility::GenerateNodeMasterIcingaConfig(cn);
 
 		/* apilistener config */