Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

icinga2 pki ticket: print hint if --salt missing #8070

Closed
wants to merge 1 commit into from
Closed

icinga2 pki ticket: print hint if --salt missing #8070

wants to merge 1 commit into from

Conversation

Al2Klimov
Copy link
Member

@Al2Klimov Al2Klimov commented Jun 26, 2020
edited
Loading

No description provided.

@Al2Klimov Al2Klimov self-assigned this Jun 26, 2020
@Al2Klimov
Copy link
Member Author

Before

➜  icinga2 git:(master) prefix/sbin/icinga2 node setup --master
information/cli: Checking in existing certificates for common name 'alexanders-mbp.int.netways.de'...
information/cli: Certificates not yet generated. Running 'api setup' now.
information/cli: Generating new CA.
information/base: Writing private key to '/Users/aklimov/NET/WS/icinga2/prefix/var/lib/icinga2/ca//ca.key'.
information/base: Writing X509 certificate to '/Users/aklimov/NET/WS/icinga2/prefix/var/lib/icinga2/ca//ca.crt'.
information/cli: Generating new CSR in '/Users/aklimov/NET/WS/icinga2/prefix/var/lib/icinga2/certs//alexanders-mbp.int.netways.de.csr'.
information/base: Writing private key to '/Users/aklimov/NET/WS/icinga2/prefix/var/lib/icinga2/certs//alexanders-mbp.int.netways.de.key'.
information/base: Writing certificate signing request to '/Users/aklimov/NET/WS/icinga2/prefix/var/lib/icinga2/certs//alexanders-mbp.int.netways.de.csr'.
information/cli: Signing CSR with CA and writing certificate to '/Users/aklimov/NET/WS/icinga2/prefix/var/lib/icinga2/certs//alexanders-mbp.int.netways.de.crt'.
information/pki: Writing certificate to file '/Users/aklimov/NET/WS/icinga2/prefix/var/lib/icinga2/certs//alexanders-mbp.int.netways.de.crt'.
information/cli: Copying CA certificate to '/Users/aklimov/NET/WS/icinga2/prefix/var/lib/icinga2/certs//ca.crt'.
information/cli: Generating master configuration for Icinga 2.
information/cli: Adding new ApiUser 'root' in '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/conf.d/api-users.conf'.
information/cli: Reading '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/icinga2.conf'.
information/cli: Enabling the 'api' feature.
Enabling feature api. Make sure to restart Icinga 2 for these changes to take effect.
information/cli: Generating zone and object configuration.
information/cli: Dumping config items to file '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/zones.conf'.
information/cli: Created backup file '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/zones.conf.orig'.
information/cli: Updating the APIListener feature.
information/cli: Created backup file '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/features-available/api.conf.orig'.
information/cli: Updating 'NodeName' constant in '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/constants.conf'.
information/cli: Created backup file '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/constants.conf.orig'.
information/cli: Updating 'ZoneName' constant in '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/constants.conf'.
information/cli: Backup file '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/constants.conf.orig' already exists. Skipping backup.
information/cli: Updating 'TicketSalt' constant in '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/constants.conf'.
information/cli: Backup file '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/constants.conf.orig' already exists. Skipping backup.
information/cli: Edit the api feature config file '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/features-available/api.conf' and set a secure 'ticket_salt' attribute.
information/cli: Make sure to restart Icinga 2.
➜  icinga2 git:(master) prefix/sbin/icinga2 pki ticket --cn lolcat
critical/cli: Ticket salt (--salt) must be specified.
➜  icinga2 git:(master)

After

➜  icinga2 git:(feature/pki-ticket-salt-hint) prefix/sbin/icinga2 node setup --master
information/cli: Checking in existing certificates for common name 'alexanders-mbp.int.netways.de'...
information/cli: Certificates not yet generated. Running 'api setup' now.
information/cli: Generating new CA.
information/base: Writing private key to '/Users/aklimov/NET/WS/icinga2/prefix/var/lib/icinga2/ca//ca.key'.
information/base: Writing X509 certificate to '/Users/aklimov/NET/WS/icinga2/prefix/var/lib/icinga2/ca//ca.crt'.
information/cli: Generating new CSR in '/Users/aklimov/NET/WS/icinga2/prefix/var/lib/icinga2/certs//alexanders-mbp.int.netways.de.csr'.
information/base: Writing private key to '/Users/aklimov/NET/WS/icinga2/prefix/var/lib/icinga2/certs//alexanders-mbp.int.netways.de.key'.
information/base: Writing certificate signing request to '/Users/aklimov/NET/WS/icinga2/prefix/var/lib/icinga2/certs//alexanders-mbp.int.netways.de.csr'.
information/cli: Signing CSR with CA and writing certificate to '/Users/aklimov/NET/WS/icinga2/prefix/var/lib/icinga2/certs//alexanders-mbp.int.netways.de.crt'.
information/pki: Writing certificate to file '/Users/aklimov/NET/WS/icinga2/prefix/var/lib/icinga2/certs//alexanders-mbp.int.netways.de.crt'.
information/cli: Copying CA certificate to '/Users/aklimov/NET/WS/icinga2/prefix/var/lib/icinga2/certs//ca.crt'.
information/cli: Generating master configuration for Icinga 2.
information/cli: Adding new ApiUser 'root' in '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/conf.d/api-users.conf'.
information/cli: Reading '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/icinga2.conf'.
information/cli: Enabling the 'api' feature.
Enabling feature api. Make sure to restart Icinga 2 for these changes to take effect.
information/cli: Generating zone and object configuration.
information/cli: Dumping config items to file '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/zones.conf'.
information/cli: Created backup file '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/zones.conf.orig'.
information/cli: Updating the APIListener feature.
information/cli: Created backup file '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/features-available/api.conf.orig'.
information/cli: Updating 'NodeName' constant in '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/constants.conf'.
information/cli: Created backup file '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/constants.conf.orig'.
information/cli: Updating 'ZoneName' constant in '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/constants.conf'.
information/cli: Backup file '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/constants.conf.orig' already exists. Skipping backup.
information/cli: Updating 'TicketSalt' constant in '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/constants.conf'.
information/cli: Backup file '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/constants.conf.orig' already exists. Skipping backup.
information/cli: Edit the api feature config file '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/features-available/api.conf' and set a secure 'ticket_salt' attribute.
information/cli: Make sure to restart Icinga 2.
➜  icinga2 git:(feature/pki-ticket-salt-hint) prefix/sbin/icinga2 pki ticket --cn lolcat
critical/cli: Ticket salt (--salt) must be specified. (Did you run 'icinga2 daemon -C' first?)
➜  icinga2 git:(feature/pki-ticket-salt-hint) prefix/sbin/icinga2 daemon -C
[2020-06-26 11:38:11 +0200] information/cli: Icinga application loader (version: v2.12.0-rc1-53-gf35fa8255; debug)
[2020-06-26 11:38:11 +0200] information/cli: Loading configuration file(s).
[2020-06-26 11:38:11 +0200] information/ConfigItem: Committing config item(s).
[2020-06-26 11:38:11 +0200] information/ApiListener: My API identity: alexanders-mbp.int.netways.de
[2020-06-26 11:38:11 +0200] information/ConfigItem: Instantiated 1 ApiListener.
[2020-06-26 11:38:11 +0200] information/ConfigItem: Instantiated 235 CheckCommands.
[2020-06-26 11:38:11 +0200] information/ConfigItem: Instantiated 1 NotificationComponent.
[2020-06-26 11:38:11 +0200] information/ConfigItem: Instantiated 1 FileLogger.
[2020-06-26 11:38:11 +0200] information/ConfigItem: Instantiated 1 ApiUser.
[2020-06-26 11:38:11 +0200] information/ConfigItem: Instantiated 1 Host.
[2020-06-26 11:38:11 +0200] information/ConfigItem: Instantiated 1 Endpoint.
[2020-06-26 11:38:11 +0200] information/ConfigItem: Instantiated 2 HostGroups.
[2020-06-26 11:38:11 +0200] information/ConfigItem: Instantiated 1 IcingaApplication.
[2020-06-26 11:38:11 +0200] information/ConfigItem: Instantiated 12 Notifications.
[2020-06-26 11:38:11 +0200] information/ConfigItem: Instantiated 2 NotificationCommands.
[2020-06-26 11:38:11 +0200] information/ConfigItem: Instantiated 1 UserGroup.
[2020-06-26 11:38:11 +0200] information/ConfigItem: Instantiated 3 TimePeriods.
[2020-06-26 11:38:11 +0200] information/ConfigItem: Instantiated 1 ScheduledDowntime.
[2020-06-26 11:38:11 +0200] information/ConfigItem: Instantiated 11 Services.
[2020-06-26 11:38:11 +0200] information/ConfigItem: Instantiated 3 ServiceGroups.
[2020-06-26 11:38:11 +0200] information/ConfigItem: Instantiated 3 Zones.
[2020-06-26 11:38:11 +0200] information/ConfigItem: Instantiated 1 User.
[2020-06-26 11:38:11 +0200] information/ConfigItem: Instantiated 1 CheckerComponent.
[2020-06-26 11:38:11 +0200] information/ScriptGlobal: Dumping variables to file '/Users/aklimov/NET/WS/icinga2/prefix/var/cache/icinga2/icinga2.vars'
[2020-06-26 11:38:11 +0200] information/cli: Finished validating the configuration file(s).
➜  icinga2 git:(feature/pki-ticket-salt-hint) prefix/sbin/icinga2 pki ticket --cn lolcat
b18ffab1b082d5282aeaa7047f26c0867654c3d9
➜  icinga2 git:(feature/pki-ticket-salt-hint)

@Al2Klimov Al2Klimov removed their assignment Jun 26, 2020
@Al2Klimov Al2Klimov marked this pull request as ready for review June 26, 2020 09:41
@Al2Klimov Al2Klimov added enhancement New feature or request area/cli Command line helpers area/setup Installation, systemd, sample files labels Jun 26, 2020
@Al2Klimov Al2Klimov added this to the 2.13.0 milestone Jun 26, 2020
This was referenced Jun 26, 2020
Open
Open
@Al2Klimov Al2Klimov removed this from the 2.13.0 milestone Jun 29, 2020
@Al2Klimov Al2Klimov self-assigned this Jun 29, 2020
@Al2Klimov Al2Klimov added the stalled Blocked or not relevant yet label Jun 29, 2020
@Al2Klimov Al2Klimov added this to the 2.13.0 milestone Nov 23, 2020
@Al2Klimov Al2Klimov modified the milestones: 2.13.0, 2.14.0 Jun 2, 2021
@Al2Klimov
Copy link
Member Author

@cla-bot check

@cla-bot cla-bot bot added the cla/signed label Aug 4, 2021
@Al2Klimov Al2Klimov removed their assignment Aug 10, 2021
@Al2Klimov Al2Klimov self-assigned this Aug 10, 2021
@Al2Klimov Al2Klimov removed their assignment Aug 10, 2021
@Al2Klimov Al2Klimov removed this from the 2.14.0 milestone Aug 10, 2021
yhabteab
yhabteab reviewed Dec 21, 2023
View reviewed changes
lib/cli/pkiticketcommand.cpp Outdated
Comment on lines 53 to 55
if (noSaltInVars) {
log << " (Did you run 'icinga2 daemon -C' first?)";
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No TicketSalt in vars could also mean that you have not run neither node setup nor node wizard, so this would not be meaningful suggestion in that case.

@Al2Klimov Al2Klimov force-pushed the feature/pki-ticket-salt-hint branch from f35fa82 to 550fa25 Compare April 3, 2024 12:57
@Al2Klimov Al2Klimov requested a review from yhabteab April 3, 2024 12:57
@Al2Klimov Al2Klimov closed this Nov 6, 2024
@icinga-probot icinga-probot bot deleted the feature/pki-ticket-salt-hint branch November 6, 2024 16:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yhabteab yhabteab Awaiting requested review from yhabteab

Assignees
No one assigned
Labels
area/cli Command line helpers area/setup Installation, systemd, sample files cla/signed enhancement New feature or request stalled Blocked or not relevant yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Al2Klimov @yhabteab