From 7551233f0b438d51a8d14d125b4c7bae501e809e Mon Sep 17 00:00:00 2001 From: Lord Hepipud Date: Sat, 30 May 2020 14:19:34 +0200 Subject: [PATCH] Improves error handling during certificate generation --- .../installer/Install-IcingaAgentCertificates.psm1 | 13 ++++++++----- .../misc/Start-IcingaAgentInstallWizard.psm1 | 4 ++-- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/lib/core/icingaagent/installer/Install-IcingaAgentCertificates.psm1 b/lib/core/icingaagent/installer/Install-IcingaAgentCertificates.psm1 index a9ff5fd..afa00be 100644 --- a/lib/core/icingaagent/installer/Install-IcingaAgentCertificates.psm1 +++ b/lib/core/icingaagent/installer/Install-IcingaAgentCertificates.psm1 @@ -10,7 +10,8 @@ function Install-IcingaAgentCertificates() ); if ([string]::IsNullOrEmpty($Hostname)) { - throw 'Failed to install Icinga Agent certificates. Please provide a hostname'; + Write-IcingaConsoleError 'Failed to install Icinga Agent certificates. Please provide a hostname'; + return $FALSE; } # Default for Icinga 2.8.0 and above @@ -34,13 +35,14 @@ function Install-IcingaAgentCertificates() ); if ((Start-IcingaAgentCertificateProcess -Arguments $arguments) -eq $FALSE) { - throw 'Failed to generate host certificate'; + Write-IcingaConsoleError 'Failed to generate host certificate'; + return $FALSE; } } if ([string]::IsNullOrEmpty($Endpoint) -And [string]::IsNullOrEmpty($CACert)) { Write-IcingaConsoleWarning 'Your host certificates have been generated successfully. Please either specify an endpoint to connect to or provide the path to a valid ca.crt'; - return $TRUE; + return $FALSE; } if (-Not [string]::IsNullOrEmpty($Endpoint)) { @@ -68,7 +70,7 @@ function Install-IcingaAgentCertificates() Write-IcingaConsoleError 'Unable to connect to your provided Icinga CA. Please verify the entered configuration is correct.' ` 'If you are not able to connect to your Icinga CA from this machine, you will have to provide the path' ` 'to your Icinga ca.crt and use the CA-Proxy certificate handling.'; - return $TRUE; + return $FALSE; } } @@ -88,7 +90,8 @@ function Install-IcingaAgentCertificates() ); if ((Start-IcingaAgentCertificateProcess -Arguments $arguments) -eq $FALSE) { - throw 'Failed to sign Icinga certificate'; + Write-IcingaConsoleError 'Failed to sign Icinga certificate'; + return $FALSE; } if ([string]::IsNullOrEmpty($Ticket)) { diff --git a/lib/core/icingaagent/misc/Start-IcingaAgentInstallWizard.psm1 b/lib/core/icingaagent/misc/Start-IcingaAgentInstallWizard.psm1 index 93004ed..e1c1c07 100644 --- a/lib/core/icingaagent/misc/Start-IcingaAgentInstallWizard.psm1 +++ b/lib/core/icingaagent/misc/Start-IcingaAgentInstallWizard.psm1 @@ -544,9 +544,9 @@ function Start-IcingaAgentInstallWizard() } Register-IcingaBackgroundDaemon -Command 'Start-IcingaServiceCheckDaemon'; Install-IcingaAgentBaseFeatures; - Install-IcingaAgentCertificates -Hostname $Hostname -Endpoint $CAEndpoint -Port $CAPort -CACert $CAFile -Ticket $Ticket | Out-Null; + $CertsInstalled = Install-IcingaAgentCertificates -Hostname $Hostname -Endpoint $CAEndpoint -Port $CAPort -CACert $CAFile -Ticket $Ticket; Write-IcingaAgentApiConfig -Port $CAPort; - if ($EmptyCA -eq $TRUE) { + if ($EmptyCA -eq $TRUE -Or $CertsInstalled -eq $FALSE) { Disable-IcingaAgentFeature 'api'; Write-IcingaConsoleWarning -Message '{0}{1}{2}{3}{4}' -Objects 'Your Icinga Agent API feature has been disabled. Please provide either your ca.crt ', 'or connect to a parent node for certificate requests. You can run "Install-IcingaAgentCertificates" ',