From 2eaae1f7339efaf1eef898eb1d6d79e5291896f6 Mon Sep 17 00:00:00 2001 From: Michael Friedrich Date: Thu, 25 Jun 2015 17:46:08 +0200 Subject: [PATCH] Update documentation for ApiUser object & node wizard fixes #9471 --- doc/10-icinga2-client.md | 32 ++++++++++++++++++++------------ doc/6-object-types.md | 21 ++++++++++++++++++++- lib/cli/apisetuputility.cpp | 2 +- 3 files changed, 41 insertions(+), 14 deletions(-) diff --git a/doc/10-icinga2-client.md b/doc/10-icinga2-client.md index 35d3a9b8a..7dce86de9 100644 --- a/doc/10-icinga2-client.md +++ b/doc/10-icinga2-client.md @@ -76,32 +76,39 @@ for example). Make sure to answer the first question with `n` (no). - # icinga2 node wizard + nbmif /etc/icinga2 # icinga2 node wizard Welcome to the Icinga 2 Setup Wizard! We'll guide you through all required configuration details. Please specify if this is a satellite setup ('n' installs a master setup) [Y/n]: n Starting the Master setup routine... - Please specifiy the common name (CN) [icinga2-node1.localdomain]: + Please specifiy the common name (CN) [icinga2-node1.localdomain]: + Checking the 'api' feature... + 'api' feature not enabled, running 'api setup' now. + information/cli: Generating new CA. + information/base: Writing private key to '/var/lib/icinga2/ca/ca.key'. information/base: Writing X509 certificate to '/var/lib/icinga2/ca/ca.crt'. information/cli: Initializing serial file in '/var/lib/icinga2/ca/serial.txt'. information/cli: Generating new CSR in '/etc/icinga2/pki/icinga2-node1.localdomain.csr'. + information/base: Writing private key to '/etc/icinga2/pki/icinga2-node1.localdomain.key'. information/base: Writing certificate signing request to '/etc/icinga2/pki/icinga2-node1.localdomain.csr'. information/cli: Signing CSR with CA and writing certificate to '/etc/icinga2/pki/icinga2-node1.localdomain.crt'. + information/cli: Copying CA certificate to '/etc/icinga2/pki/ca.crt'. + + information/cli: Adding new ApiUser 'root' in '/etc/icinga2/conf.d/api-users.conf'. + + information/cli: Enabling the ApiListener feature. + + Enabling feature api. Make sure to restart Icinga 2 for these changes to take effect. information/cli: Dumping config items to file '/etc/icinga2/zones.conf'. - information/cli: Created backup file '/etc/icinga2/zones.conf.orig'. Please specify the API bind host/port (optional): - Bind Host []: - Bind Port []: - information/cli: Enabling the APIlistener feature. - Enabling feature api. Make sure to restart Icinga 2 for these changes to take effect. - information/cli: Created backup file '/etc/icinga2/features-available/api.conf.orig'. + Bind Host []: + Bind Port []: information/cli: Updating constants.conf. - information/cli: Created backup file '/etc/icinga2/constants.conf.orig'. information/cli: Updating constants file '/etc/icinga2/constants.conf'. information/cli: Updating constants file '/etc/icinga2/constants.conf'. Done. @@ -111,10 +118,11 @@ Make sure to answer the first question with `n` (no). The setup wizard will do the following: -* Generate a local CA in `/var/lib/icinga2/ca` or use the existing one -* Generate a new CSR, sign it with the local CA and copying it into `/etc/icinga2/pki` +* Check if the `api` feature is already enabled, and if not: + * Generate a local CA in `/var/lib/icinga2/ca` or use the existing one + * Generate a new CSR, sign it with the local CA and copying it into `/etc/icinga2/pki` + * Enabling the API feature, and setting optional `bind_host` and `bind_port` * Generate a local zone and endpoint configuration for this master based on FQDN -* Enabling the API feature, and setting optional `bind_host` and `bind_port` * Setting the `NodeName` and `TicketSalt` constants in [constants.conf](4-configuring-icinga-2.md#constants-conf) The setup wizard does not automatically restart Icinga 2. diff --git a/doc/6-object-types.md b/doc/6-object-types.md index be38d2d5f..42a13d921 100644 --- a/doc/6-object-types.md +++ b/doc/6-object-types.md @@ -9,7 +9,8 @@ description are explained as well. ## ApiListener ApiListener objects are used for distributed monitoring setups -specifying the certificate files used for ssl authorization. +and API usage specifying the certificate files used for ssl +authorization and additional restrictions. The `NodeName` constant must be defined in [constants.conf](4-configuring-icinga-2.md#constants-conf). @@ -35,6 +36,24 @@ Configuration Attributes: accept\_config |**Optional.** Accept zone configuration. Defaults to `false`. accept\_commands |**Optional.** Accept remote commands. Defaults to `false`. +## ApiUser + +ApiUser objects are used for authentication against the Icinga 2 API. + +Example: + + object ApiUser "root" { + password = "mysecretapipassword" + } + + +Configuration Attributes: + + Name |Description + --------------------------|-------------------------- + password |**Optional.** Password string. + client\_cn |**Optional.** Client Common Name (CN). + ## CheckCommand A check command definition. Additional default command custom attributes can be diff --git a/lib/cli/apisetuputility.cpp b/lib/cli/apisetuputility.cpp index 0c7ed775f..46314f5fa 100644 --- a/lib/cli/apisetuputility.cpp +++ b/lib/cli/apisetuputility.cpp @@ -158,7 +158,7 @@ int ApiSetupUtility::SetupMaster(const String& cn) fp.open(apiuserspathtmp.CStr(), std::ofstream::out | std::ofstream::trunc); fp << "/**\n" - << " * The API users are used for authentication against the API.\n" + << " * The APIUser objects are used for authentication against the API.\n" << " */\n" << "object ApiUser \"" << api_username << "\" {\n" << " password = \"" << api_password << "\"\n" -- 2.40.0