Fix wrong cert path for CLI commands

refs #5450
Icinga · Sep 12, 2017 · ce88e89 · ce88e89
1 parent a7fe646
commit ce88e89
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 15 deletions.
diff --git a/lib/cli/nodesetupcommand.cpp b/lib/cli/nodesetupcommand.cpp
@@ -176,9 +176,9 @@ int NodeSetupCommand::SetupMaster(const boost::program_options::variables_map& v
 	    << " * The API listener is used for distributed monitoring setups.\n"
 	    << " */\n"
 	    << "object ApiListener \"api\" {\n"
-	    << "  cert_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".crt\"\n"
-	    << "  key_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".key\"\n"
-	    << "  ca_path = LocalStateDir + \"/lib/icinga2/pki/ca.crt\"\n";
+	    << "  cert_path = LocalStateDir + \"/lib/icinga2/certs/\" + NodeName + \".crt\"\n"
+	    << "  key_path = LocalStateDir + \"/lib/icinga2/certs/\" + NodeName + \".key\"\n"
+	    << "  ca_path = LocalStateDir + \"/lib/icinga2/certs/ca.crt\"\n";
 
 	if (vm.count("listen")) {
 		std::vector<String> tokens;
@@ -380,9 +380,9 @@ int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm,
 	    << " * The API listener is used for distributed monitoring setups.\n"
 	    << " */\n"
 	    << "object ApiListener \"api\" {\n"
-	    << "  cert_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".crt\"\n"
-	    << "  key_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".key\"\n"
-	    << "  ca_path = LocalStateDir + \"/lib/icinga2/pki/ca.crt\"\n";
+	    << "  cert_path = LocalStateDir + \"/lib/icinga2/certs/\" + NodeName + \".crt\"\n"
+	    << "  key_path = LocalStateDir + \"/lib/icinga2/certs/\" + NodeName + \".key\"\n"
+	    << "  ca_path = LocalStateDir + \"/lib/icinga2/certs/ca.crt\"\n";
 
 	if (vm.count("listen")) {
 		std::vector<String> tokens;

diff --git a/lib/cli/nodewizardcommand.cpp b/lib/cli/nodewizardcommand.cpp
@@ -92,7 +92,7 @@ int NodeWizardCommand::Run(const boost::program_options::variables_map& vm,
 	 * 5. Local CA
 	 * 6. New self signed certificate
 	 * 7. Request signed certificate from master
-	 * 8. copy key information to /var/lib/icinga2/pki
+	 * 8. copy key information to /var/lib/icinga2/certs
 	 * 9. enable ApiListener feature
 	 * 10. generate zones.conf with endpoints and zone objects
 	 * 11. set NodeName = cn in constants.conf
@@ -407,9 +407,9 @@ int NodeWizardCommand::Run(const boost::program_options::variables_map& vm,
 		    << " * The API listener is used for distributed monitoring setups.\n"
 		    << " */\n"
 		    << "object ApiListener \"api\" {\n"
-		    << "  cert_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".crt\"\n"
-		    << "  key_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".key\"\n"
-		    << "  ca_path = LocalStateDir + \"/lib/icinga2/pki/ca.crt\"\n"
+		    << "  cert_path = LocalStateDir + \"/lib/icinga2/certs/\" + NodeName + \".crt\"\n"
+		    << "  key_path = LocalStateDir + \"/lib/icinga2/certs/\" + NodeName + \".key\"\n"
+		    << "  ca_path = LocalStateDir + \"/lib/icinga2/certs/ca.crt\"\n"
 		    << "\n"
 		    << "  accept_config = " << accept_config << "\n"
 		    << "  accept_commands = " << accept_commands << "\n";
@@ -455,7 +455,7 @@ int NodeWizardCommand::Run(const boost::program_options::variables_map& vm,
 		NodeUtility::UpdateConstant("NodeName", cn);
 		NodeUtility::UpdateConstant("ZoneName", cn);
 
-		String ticketPath = Application::GetLocalStateDir() + "/lib/icinga2/pki/ticket";
+		String ticketPath = ApiListener::GetCertsDir() + "/ticket";
 
 		String tempTicketPath = Utility::CreateTempFile(ticketPath + ".XXXXXX", 0600, fp);
 
@@ -553,9 +553,9 @@ int NodeWizardCommand::Run(const boost::program_options::variables_map& vm,
 		    << " * The API listener is used for distributed monitoring setups.\n"
 		    << " */\n"
 		    << "object ApiListener \"api\" {\n"
-		    << "  cert_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".crt\"\n"
-		    << "  key_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".key\"\n"
-		    << "  ca_path = LocalStateDir + \"/lib/icinga2/pki/ca.crt\"\n";
+		    << "  cert_path = LocalStateDir + \"/lib/icinga2/certs/\" + NodeName + \".crt\"\n"
+		    << "  key_path = LocalStateDir + \"/lib/icinga2/certs/\" + NodeName + \".key\"\n"
+		    << "  ca_path = LocalStateDir + \"/lib/icinga2/certs/ca.crt\"\n";
 
 		if (!bind_host.IsEmpty())
 			fp << "  bind_host = \"" << bind_host << "\"\n";

diff --git a/lib/remote/jsonrpcconnection-pki.cpp b/lib/remote/jsonrpcconnection-pki.cpp
@@ -324,7 +324,8 @@ Value UpdateCertificateHandler(const MessageOrigin::Ptr& origin, const Dictionar
 		    << boost::errinfo_file_name(tempCertPath));
 	}
 
-	String ticketPath = Application::GetLocalStateDir() + "/lib/icinga2/pki/ticket";
+	/* Remove ticket for successful signing request. */
+	String ticketPath = ApiListener::GetCertsDir() + "/ticket";
 
 	if (unlink(ticketPath.CStr()) < 0 && errno != ENOENT) {
 		BOOST_THROW_EXCEPTION(posix_error()