Change the icinga ca list command line to address changes in Icinga 2…

… 2.11 This patch addresses a change in the upcoming 2.11 Icinga 2 that will require `--all` in the ca list command to get all the certificates (though after 7 days they should be now deleted by default). This patch is backwards compatible by checking the running icinga2 version and if it's lower than 2.11, use the old command line. Please beware that you need to manually need to edit your sudoers to cope with the new parameter, so please check README. Basically you have to change from ``` Cmnd_Alias CA_CMDS = /usr/sbin/icinga2 ca list, /usr/sbin/icinga2 ca sign * ``` to ``` Cmnd_Alias CA_CMDS = /usr/sbin/icinga2 ca list, /usr/sbin/icinga2 ca sign *, /usr/sbin/icinga2 ca list --all ``` For more information see #6
nunofernandes · May 14, 2019 · 6adab78 · 6adab78
1 parent 8e83892
commit 6adab78
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -45,7 +45,7 @@ Clone the repository via Git to your Icinga Web 2 `modules` directory.
 ```
 # vi /etc/sudoers.d/apache
 
-Cmnd_Alias      CA_CMDS = /usr/sbin/icinga2 ca list, /usr/sbin/icinga2 ca sign *
+Cmnd_Alias      CA_CMDS = /usr/sbin/icinga2 ca list, /usr/sbin/icinga2 ca sign *, /usr/sbin/icinga2 ca list --all
 Cmnd_Alias      APACHE_COMMANDS = CA_CMDS
 User_Alias      APACHEUSERS = apache
 

diff --git a/application/controllers/IndexController.php b/application/controllers/IndexController.php
@@ -67,11 +67,41 @@ public function signCertificate($fingerprint)
 	return $output;
     }
 
+    public function icinga2Version()
+    {
+		$command = $this->icinga2bin . " --version";
+		$output = shell_exec($command." 2>&1");
+
+		$temp = preg_split('/\n/', $output, -1, PREG_SPLIT_NO_EMPTY);
+		$lines = preg_grep('/RLIMIT_/', $temp, PREG_GREP_INVERT);
+		$lines = array_values($lines);
+		# get first line
+		$version = $lines[0];
+		# Match version string
+		if (preg_match('/r(\d+)\.(\d+)/', $version, $matches)) {
+			$ret['major'] = $matches[1];
+			$ret['minor'] = $matches[2];
+			return $ret;
+		} else {
+			return;
+		}
+    }
+
     public function parseIcingaCaList()
     {
-	$command = $this->command . " ca list";
-	$output = shell_exec($command." 2>&1");
+		# check version of icinga2 (https://github.com/nunofernandes/icingaweb2-module-ca/issues/6)
+		$version = $this->icinga2Version();
+		if (!empty($version) and !empty($version['major']) and !empty($version['minor'])) {
+			if ($version['major'] == "2" and ((int)$version['minor'])<11) {
+				$command = $this->command . " ca list";
+			} else {
+				$command = $this->command . " ca list --all";
+			}
+		} else { # fallback to the new defaults and hope for the best
+			$command = $this->command . " ca list --all";
+		}
 
+		$output = shell_exec($command." 2>&1");
         $temp = preg_split('/\n/', $output, -1, PREG_SPLIT_NO_EMPTY);
         $lines = preg_grep('/RLIMIT_/', $temp, PREG_GREP_INVERT);
         $lines = array_values($lines);

diff --git a/module.info b/module.info
@@ -1,5 +1,5 @@
 Name: Ca
-Version: 1.0.2
+Version: 1.0.3
 Depends: monitoring (>= 2.5.1)
 Description: Icinga CA Manager
  This module manages the certificate requests for Icinga CA.