Use Icinga 2 API to detect the IDO host/database/user in the setup wizard

[icinga-migration]

This issue has been migrated from Redmine: https://dev.icinga.com/issues/12638

Created by elippmann on 2016-09-05 06:13:10 +00:00

[lippserd]

Hi Alex,

The setup of the monitoring module could be simplified by fetching the Icinga 2 API for all necessary information. Of course the user has to provide API crendentials beforehand. Please have a look how we could implement this.

Cheers,
Eric

[Thomas-Gelf]

This absolutely makes sense and can be helpful especially for smallish setups. Some thoughts:

• Suggesting the database name (nearly) always makes sense, the field should be pre-filled in case the information is available
• Suggesting the host name makes sense for smaller setups with no clustering involved, the field could be filled per default
• I would not pre-fill the username at all, using the same user for web and core should be considered bad practice for various reasons. But we could offer a link or button allowing one to "copy" the user name, combined with a short notice telling him that we would advice against doing so.

Cheers,
Thomas

[Al2Klimov]

@Thomas-Gelf: You'd provide a button to do bad practice OOTB? C'mon...

[Thomas-Gelf]

Believe me, I wouldn't. Still, there is a lot of lazy people out there. And this is what this feature request asks for. I'm fine with all variants, as long as the username is not going to be populated with the one you can read through the API.

[Al2Klimov]

Note for the future myself:
TODO:

• rethink 430f823 (explicit CN?)
• ReST request w/ server CA

[Al2Klimov]

blocked by #2541

[Al2Klimov]

Note: 430f823 is OK.

[Al2Klimov]

blocked by #3016, not #2541

[Al2Klimov]

Note for the future myself at work: While playing around w/ TLS certchains for my home setup (really, I don't work on IW2 at half past 23:00 (especially on Fri 13th ;-) )) I discovered yet another "oh not again" factor: To validate a remote's TLS cert you have to store all CA's in the chain locally. (Yeah, that will be a kinda longer journey...) Luckily no problem in the I2 context.

[Al2Klimov]

blocked by #3036, not #3016

[Al2Klimov]

"To validate a remote's TLS cert you have to store all CA's in the chain locally." WRONG! The remote has to provide all intermediate CAs and may provide also the root CA.