From: Michael Friedrich Date: Wed, 6 Sep 2017 12:38:35 +0000 (+0200) Subject: Fix wrong cert path for CLI commands X-Git-Tag: v2.8.0~87^2~17 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ce88e89cc04a7e7aebc7088ef1c5e4cff42ef504;p=icinga2 Fix wrong cert path for CLI commands refs #5450 --- diff --git a/lib/cli/nodesetupcommand.cpp b/lib/cli/nodesetupcommand.cpp index 895815d99..c3422785b 100644 --- a/lib/cli/nodesetupcommand.cpp +++ b/lib/cli/nodesetupcommand.cpp @@ -176,9 +176,9 @@ int NodeSetupCommand::SetupMaster(const boost::program_options::variables_map& v << " * The API listener is used for distributed monitoring setups.\n" << " */\n" << "object ApiListener \"api\" {\n" - << " cert_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".crt\"\n" - << " key_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".key\"\n" - << " ca_path = LocalStateDir + \"/lib/icinga2/pki/ca.crt\"\n"; + << " cert_path = LocalStateDir + \"/lib/icinga2/certs/\" + NodeName + \".crt\"\n" + << " key_path = LocalStateDir + \"/lib/icinga2/certs/\" + NodeName + \".key\"\n" + << " ca_path = LocalStateDir + \"/lib/icinga2/certs/ca.crt\"\n"; if (vm.count("listen")) { std::vector tokens; @@ -380,9 +380,9 @@ int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm, << " * The API listener is used for distributed monitoring setups.\n" << " */\n" << "object ApiListener \"api\" {\n" - << " cert_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".crt\"\n" - << " key_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".key\"\n" - << " ca_path = LocalStateDir + \"/lib/icinga2/pki/ca.crt\"\n"; + << " cert_path = LocalStateDir + \"/lib/icinga2/certs/\" + NodeName + \".crt\"\n" + << " key_path = LocalStateDir + \"/lib/icinga2/certs/\" + NodeName + \".key\"\n" + << " ca_path = LocalStateDir + \"/lib/icinga2/certs/ca.crt\"\n"; if (vm.count("listen")) { std::vector tokens; diff --git a/lib/cli/nodewizardcommand.cpp b/lib/cli/nodewizardcommand.cpp index 91e89b621..37c9d68bb 100644 --- a/lib/cli/nodewizardcommand.cpp +++ b/lib/cli/nodewizardcommand.cpp @@ -92,7 +92,7 @@ int NodeWizardCommand::Run(const boost::program_options::variables_map& vm, * 5. Local CA * 6. New self signed certificate * 7. Request signed certificate from master - * 8. copy key information to /var/lib/icinga2/pki + * 8. copy key information to /var/lib/icinga2/certs * 9. enable ApiListener feature * 10. generate zones.conf with endpoints and zone objects * 11. set NodeName = cn in constants.conf @@ -407,9 +407,9 @@ wizard_ticket: << " * The API listener is used for distributed monitoring setups.\n" << " */\n" << "object ApiListener \"api\" {\n" - << " cert_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".crt\"\n" - << " key_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".key\"\n" - << " ca_path = LocalStateDir + \"/lib/icinga2/pki/ca.crt\"\n" + << " cert_path = LocalStateDir + \"/lib/icinga2/certs/\" + NodeName + \".crt\"\n" + << " key_path = LocalStateDir + \"/lib/icinga2/certs/\" + NodeName + \".key\"\n" + << " ca_path = LocalStateDir + \"/lib/icinga2/certs/ca.crt\"\n" << "\n" << " accept_config = " << accept_config << "\n" << " accept_commands = " << accept_commands << "\n"; @@ -455,7 +455,7 @@ wizard_ticket: NodeUtility::UpdateConstant("NodeName", cn); NodeUtility::UpdateConstant("ZoneName", cn); - String ticketPath = Application::GetLocalStateDir() + "/lib/icinga2/pki/ticket"; + String ticketPath = ApiListener::GetCertsDir() + "/ticket"; String tempTicketPath = Utility::CreateTempFile(ticketPath + ".XXXXXX", 0600, fp); @@ -553,9 +553,9 @@ wizard_ticket: << " * The API listener is used for distributed monitoring setups.\n" << " */\n" << "object ApiListener \"api\" {\n" - << " cert_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".crt\"\n" - << " key_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".key\"\n" - << " ca_path = LocalStateDir + \"/lib/icinga2/pki/ca.crt\"\n"; + << " cert_path = LocalStateDir + \"/lib/icinga2/certs/\" + NodeName + \".crt\"\n" + << " key_path = LocalStateDir + \"/lib/icinga2/certs/\" + NodeName + \".key\"\n" + << " ca_path = LocalStateDir + \"/lib/icinga2/certs/ca.crt\"\n"; if (!bind_host.IsEmpty()) fp << " bind_host = \"" << bind_host << "\"\n"; diff --git a/lib/remote/jsonrpcconnection-pki.cpp b/lib/remote/jsonrpcconnection-pki.cpp index e14be3feb..fee37a30f 100644 --- a/lib/remote/jsonrpcconnection-pki.cpp +++ b/lib/remote/jsonrpcconnection-pki.cpp @@ -324,7 +324,8 @@ Value UpdateCertificateHandler(const MessageOrigin::Ptr& origin, const Dictionar << boost::errinfo_file_name(tempCertPath)); } - String ticketPath = Application::GetLocalStateDir() + "/lib/icinga2/pki/ticket"; + /* Remove ticket for successful signing request. */ + String ticketPath = ApiListener::GetCertsDir() + "/ticket"; if (unlink(ticketPath.CStr()) < 0 && errno != ENOENT) { BOOST_THROW_EXCEPTION(posix_error()