Fixes icinga2 certs path for newer versions 2.8+

Fixes #45867
2025-04-17 10:10:20 +00:00 · 2018-11-22 16:27:31 +02:00 · 2018-11-22 16:27:31 +02:00 · a1dddce6fd
commit a1dddce6fd
parent 4d9e2a0f16
3 changed files with 57 additions and 26 deletions
--- a/salt/modules/icinga2.py
+++ b/salt/modules/icinga2.py
@ -10,11 +10,11 @@ Module to provide icinga2 compatibility to salt.
 # Import python libs
 from __future__ import absolute_import, print_function, unicode_literals
 import logging
-import subprocess

 # Import Salt libs
 import salt.utils.path
 import salt.utils.platform
+from salt.utils.icinga2 import get_certs_path, execute

 log = logging.getLogger(__name__)

@ -32,18 +32,6 @@ def __virtual__():
    return (False, 'Icinga2 not installed.')


-def _execute(cmd, ret_code=False):
-    process = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE)
-    if ret_code:
-        return process.wait()
-    output, error = process.communicate()
-    if output:
-        log.debug(output)
-        return output
-    log.debug(error)
-    return error
-
-
 def generate_ticket(domain):
    '''
    Generate and save an icinga2 ticket.
@ -58,7 +46,7 @@ def generate_ticket(domain):
        salt '*' icinga2.generate_ticket domain.tld

    '''
-    result = _execute(["icinga2", "pki", "ticket", "--cn", domain])
+    result = execute(["icinga2", "pki", "ticket", "--cn", domain])
    return result


@ -76,7 +64,7 @@ def generate_cert(domain):
        salt '*' icinga2.generate_cert domain.tld

    '''
-    result = _execute(["icinga2", "pki", "new-cert", "--cn", domain, "--key", "/etc/icinga2/pki/{0}.key".format(domain), "--cert", "/etc/icinga2/pki/{0}.crt".format(domain)], ret_code=True)
+    result = execute(["icinga2", "pki", "new-cert", "--cn", domain, "--key", "{0}{1}.key".format(get_certs_path(), domain), "--cert", "{0}{1}.crt".format(get_certs_path(), domain)], ret_code=True)
    return result


@ -94,8 +82,8 @@ def save_cert(domain, master):
        salt '*' icinga2.save_cert domain.tld master.domain.tld

    '''
-    result = _execute(["icinga2", "pki", "save-cert", "--key", "/etc/icinga2/pki/{0}.key".format(domain), "--cert", "/etc/icinga2/pki/{0}.cert".format(domain), "--trustedcert",
-                       "/etc/icinga2/pki/trusted-master.crt", "--host", master], ret_code=True)
+    result = execute(["icinga2", "pki", "save-cert", "--key", "{0}{1}.key".format(get_certs_path(), domain), "--cert", "{0}{1}.cert".format(get_certs_path(), domain), "--trustedcert",
+                       "{0}trusted-master.crt".format(get_certs_path()), "--host", master], ret_code=True)
    return result


@ -114,8 +102,8 @@ def request_cert(domain, master, ticket, port):
        salt '*' icinga2.request_cert domain.tld master.domain.tld TICKET_ID

    '''
-    result = _execute(["icinga2", "pki", "request", "--host", master, "--port", port, "--ticket", ticket, "--key", "/etc/icinga2/pki/{0}.key".format(domain), "--cert",
-                       "/etc/icinga2/pki/{0}.crt".format(domain), "--trustedcert", "/etc/icinga2/pki/trusted-master.crt", "--ca", "/etc/icinga2/pki/ca.crt"], ret_code=True)
+    result = execute(["icinga2", "pki", "request", "--host", master, "--port", port, "--ticket", ticket, "--key", "{0}{1}.key".format(get_certs_path(), domain), "--cert",
+                       "{0}{1}.crt".format(get_certs_path(), domain), "--trustedcert", "{0}trusted-master.crt".format{get_certs_path()), "--ca", "{0}ca.crt".format(get_certs_path())], ret_code=True)
    return result


@ -134,6 +122,6 @@ def node_setup(domain, master, ticket):
        salt '*' icinga2.node_setup domain.tld master.domain.tld TICKET_ID

    '''
-    result = _execute(["icinga2", "node", "setup", "--ticket", ticket, "--endpoint", master, "--zone", domain, "--master_host", master, "--trustedcert", "/etc/icinga2/pki/trusted-master.crt"],
+    result = execute(["icinga2", "node", "setup", "--ticket", ticket, "--endpoint", master, "--zone", domain, "--master_host", master, "--trustedcert", "{0}trusted-master.crt".format(get_certs_path())],
                       ret_code=True)
    return result
--- a/salt/states/icinga2.py
+++ b/salt/states/icinga2.py
@ -27,6 +27,7 @@ import os.path
 from salt.ext import six
 import salt.utils.files
 import salt.utils.stringutils
+from salt.utils.icinga2 import get_certs_path


 def __virtual__():
@ -140,8 +141,8 @@ def generate_cert(name):
           'changes': {},
           'result': True,
           'comment': ''}
-    cert = "/etc/icinga2/pki/{0}.crt".format(name)
-    key = "/etc/icinga2/pki/{0}.key".format(name)
+    cert = "{0}{1}.crt".format(get_certs_path(), name)
+    key = "{0}{1}.key".format(get_certs_path(), name)

    # Checking if execution is needed.
    if os.path.isfile(cert) and os.path.isfile(key):
@ -175,7 +176,7 @@ def save_cert(name, master):
           'changes': {},
           'result': True,
           'comment': ''}
-    cert = "/etc/icinga2/pki/trusted-master.crt"
+    cert = "{0}trusted-master.crt".format(get_certs_path())

    # Checking if execution is needed.
    if os.path.isfile(cert):
@ -214,7 +215,7 @@ def request_cert(name, master, ticket, port="5665"):
           'changes': {},
           'result': True,
           'comment': ''}
-    cert = "/etc/icinga2/pki/ca.crt"
+    cert = "{0}ca.crt".format(get_certs_path())

    # Checking if execution is needed.
    if os.path.isfile(cert):
@ -254,8 +255,8 @@ def node_setup(name, master, ticket):
           'changes': {},
           'result': True,
           'comment': ''}
-    cert = "/etc/icinga2/pki/{0}.crt.orig".format(name)
-    key = "/etc/icinga2/pki/{0}.key.orig".format(name)
+    cert = "{0}{1}.crt.orig".format(get_certs_path(), name)
+    key = "{0}{1}.key.orig".format(get_certs_path(), name)

    # Checking if execution is needed.
    if os.path.isfile(cert) and os.path.isfile(cert):
--- a/salt/utils/icinga2.py
+++ b/salt/utils/icinga2.py
@ -0,0 +1,42 @@
+# -*- coding: utf-8 -*-
+'''
+Icinga2 Common Utils
+=================
+
+This module provides common functionality for icinga2 module and state.
+
+.. versionadded:: 2018.8.3
+'''
+
+# Import python libs
+import logging
+import subprocess
+import re
+
+# Import Salt libs
+import salt.utils.path
+
+log = logging.getLogger(__name__)
+
+
+def execute(cmd, ret_code=False):
+    process = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE)
+    if ret_code:
+        return process.wait()
+    output, error = process.communicate()
+    if output:
+        log.debug(output)
+        return output
+    log.debug(error)
+    return error
+
+
+def get_certs_path():
+    icinga2_output = execute([salt.utils.path.which('icinga2'), "--version"])
+    version = re.search('r\d+\.\d+', icinga2_output).group(0)
+    # Return new certs path for icinga2 >= 2.8
+    if int(version.split('.')[1]) >= 8:
+        return '/var/lib/icinga2/certs/'
+    # Keep backwords compatibility with older icinga2
+    return '/etc/icinga2/pki/'
+