Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Node setup: auto-store ticket salt #8073

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Node setup: auto-store ticket salt #8073

wants to merge 1 commit into from

Conversation

Al2Klimov
Copy link
Member

@Al2Klimov Al2Klimov commented Jun 29, 2020
edited
Loading

... not to have to run daemon -C after node wizard before pki ticket.

pki ticket requires TicketSalt. It reads it from a file daemon -C writes. I.e. I have to run daemon -C after node wizard before I can run pki ticket. This change lets pki ticket write TicketSalt by itself.

fixes #8072
closes #8070

@Al2Klimov Al2Klimov added enhancement New feature or request area/setup Installation, systemd, sample files labels Jun 29, 2020
@Al2Klimov Al2Klimov added this to the 2.13.0 milestone Jun 29, 2020
@Al2Klimov Al2Klimov self-assigned this Jun 29, 2020
@Al2Klimov
Copy link
Member Author

Before

➜  icinga2 git:(master) prefix/sbin/icinga2 node setup --master
information/cli: Checking in existing certificates for common name 'alexanders-mbp.int.netways.de'...
information/cli: Certificates not yet generated. Running 'api setup' now.
information/cli: Generating new CA.
information/base: Writing private key to '/Users/aklimov/NET/WS/icinga2/prefix/var/lib/icinga2/ca//ca.key'.
information/base: Writing X509 certificate to '/Users/aklimov/NET/WS/icinga2/prefix/var/lib/icinga2/ca//ca.crt'.
information/cli: Generating new CSR in '/Users/aklimov/NET/WS/icinga2/prefix/var/lib/icinga2/certs//alexanders-mbp.int.netways.de.csr'.
information/base: Writing private key to '/Users/aklimov/NET/WS/icinga2/prefix/var/lib/icinga2/certs//alexanders-mbp.int.netways.de.key'.
information/base: Writing certificate signing request to '/Users/aklimov/NET/WS/icinga2/prefix/var/lib/icinga2/certs//alexanders-mbp.int.netways.de.csr'.
information/cli: Signing CSR with CA and writing certificate to '/Users/aklimov/NET/WS/icinga2/prefix/var/lib/icinga2/certs//alexanders-mbp.int.netways.de.crt'.
information/pki: Writing certificate to file '/Users/aklimov/NET/WS/icinga2/prefix/var/lib/icinga2/certs//alexanders-mbp.int.netways.de.crt'.
information/cli: Copying CA certificate to '/Users/aklimov/NET/WS/icinga2/prefix/var/lib/icinga2/certs//ca.crt'.
information/cli: Generating master configuration for Icinga 2.
information/cli: Adding new ApiUser 'root' in '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/conf.d/api-users.conf'.
information/cli: Reading '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/icinga2.conf'.
information/cli: Enabling the 'api' feature.
Enabling feature api. Make sure to restart Icinga 2 for these changes to take effect.
information/cli: Generating zone and object configuration.
information/cli: Dumping config items to file '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/zones.conf'.
information/cli: Created backup file '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/zones.conf.orig'.
information/cli: Updating the APIListener feature.
information/cli: Created backup file '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/features-available/api.conf.orig'.
information/cli: Updating 'NodeName' constant in '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/constants.conf'.
information/cli: Created backup file '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/constants.conf.orig'.
information/cli: Updating 'ZoneName' constant in '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/constants.conf'.
information/cli: Backup file '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/constants.conf.orig' already exists. Skipping backup.
information/cli: Updating 'TicketSalt' constant in '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/constants.conf'.
information/cli: Backup file '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/constants.conf.orig' already exists. Skipping backup.
information/cli: Edit the api feature config file '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/features-available/api.conf' and set a secure 'ticket_salt' attribute.
information/cli: Make sure to restart Icinga 2.
➜  icinga2 git:(master) prefix/sbin/icinga2 pki ticket --cn lolcat
critical/cli: Ticket salt (--salt) must be specified.
➜  icinga2 git:(master)

After

➜  icinga2 git:(feature/node-setup-auto-store-ticket-salt-8072) prefix/sbin/icinga2 node setup --master
information/cli: Checking in existing certificates for common name 'alexanders-mbp.int.netways.de'...
information/cli: Certificates not yet generated. Running 'api setup' now.
information/cli: Generating new CA.
information/base: Writing private key to '/Users/aklimov/NET/WS/icinga2/prefix/var/lib/icinga2/ca//ca.key'.
information/base: Writing X509 certificate to '/Users/aklimov/NET/WS/icinga2/prefix/var/lib/icinga2/ca//ca.crt'.
information/cli: Generating new CSR in '/Users/aklimov/NET/WS/icinga2/prefix/var/lib/icinga2/certs//alexanders-mbp.int.netways.de.csr'.
information/base: Writing private key to '/Users/aklimov/NET/WS/icinga2/prefix/var/lib/icinga2/certs//alexanders-mbp.int.netways.de.key'.
information/base: Writing certificate signing request to '/Users/aklimov/NET/WS/icinga2/prefix/var/lib/icinga2/certs//alexanders-mbp.int.netways.de.csr'.
information/cli: Signing CSR with CA and writing certificate to '/Users/aklimov/NET/WS/icinga2/prefix/var/lib/icinga2/certs//alexanders-mbp.int.netways.de.crt'.
information/pki: Writing certificate to file '/Users/aklimov/NET/WS/icinga2/prefix/var/lib/icinga2/certs//alexanders-mbp.int.netways.de.crt'.
information/cli: Copying CA certificate to '/Users/aklimov/NET/WS/icinga2/prefix/var/lib/icinga2/certs//ca.crt'.
information/cli: Generating master configuration for Icinga 2.
information/cli: Adding new ApiUser 'root' in '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/conf.d/api-users.conf'.
information/cli: Reading '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/icinga2.conf'.
information/cli: Enabling the 'api' feature.
Enabling feature api. Make sure to restart Icinga 2 for these changes to take effect.
information/cli: Generating zone and object configuration.
information/cli: Dumping config items to file '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/zones.conf'.
information/cli: Created backup file '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/zones.conf.orig'.
information/cli: Updating the APIListener feature.
information/cli: Created backup file '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/features-available/api.conf.orig'.
information/cli: Updating 'NodeName' constant in '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/constants.conf'.
information/cli: Created backup file '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/constants.conf.orig'.
information/cli: Updating 'ZoneName' constant in '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/constants.conf'.
information/cli: Backup file '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/constants.conf.orig' already exists. Skipping backup.
information/cli: Updating 'TicketSalt' constant in '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/constants.conf'.
information/cli: Backup file '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/constants.conf.orig' already exists. Skipping backup.
information/cli: Edit the api feature config file '/Users/aklimov/NET/WS/icinga2/prefix/etc/icinga2/features-available/api.conf' and set a secure 'ticket_salt' attribute.
information/cli: Make sure to restart Icinga 2.
➜  icinga2 git:(feature/node-setup-auto-store-ticket-salt-8072) prefix/sbin/icinga2 pki ticket --cn lolcat
afddb0349477dc23d35ea776e6eb26599407c424
➜  icinga2 git:(feature/node-setup-auto-store-ticket-salt-8072)

@Al2Klimov Al2Klimov removed their assignment Jun 29, 2020
@Al2Klimov Al2Klimov force-pushed the feature/node-setup-auto-store-ticket-salt-8072 branch from 58c62e2 to dec6360 Compare December 14, 2020 15:51
@Al2Klimov Al2Klimov modified the milestones: 2.13.0, 2.14.0 Jun 2, 2021
@Al2Klimov
Copy link
Member Author

@cla-bot check

@cla-bot cla-bot bot added the cla/signed label Aug 4, 2021
@julianbrost julianbrost removed their request for review November 30, 2021 15:46
@julianbrost julianbrost removed this from the 2.14.0 milestone Jan 23, 2023
@Al2Klimov
Node setup: auto-store ticket salt
4032cdb 
... not to have to run daemon -C after node wizard before pki ticket.

refs #8072
@Al2Klimov Al2Klimov force-pushed the feature/node-setup-auto-store-ticket-salt-8072 branch from dec6360 to 4032cdb Compare June 7, 2023 11:27
@Al2Klimov
Copy link
Member Author

@julianbrost I prefer this PR in favor of the OP-closes one. And you?

@Al2Klimov Al2Klimov mentioned this pull request Jan 2, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yhabteab yhabteab Awaiting requested review from yhabteab

At least 1 approving review is required to merge this pull request.

Assignees

@julianbrost julianbrost

Labels
area/setup Installation, systemd, sample files cla/signed enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Node setup: auto-store ticket salt
2 participants
@Al2Klimov @julianbrost