2019-02-25 14:48:22 +01:00
|
|
|
/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
|
2014-04-12 04:21:09 +02:00
|
|
|
|
2014-05-03 20:02:22 +02:00
|
|
|
#ifndef APILISTENER_H
|
|
|
|
#define APILISTENER_H
|
|
|
|
|
2018-01-18 13:50:38 +01:00
|
|
|
#include "remote/apilistener-ti.hpp"
|
2015-06-22 11:11:21 +02:00
|
|
|
#include "remote/jsonrpcconnection.hpp"
|
2015-08-29 01:16:16 +02:00
|
|
|
#include "remote/httpserverconnection.hpp"
|
2014-05-25 16:23:35 +02:00
|
|
|
#include "remote/endpoint.hpp"
|
|
|
|
#include "remote/messageorigin.hpp"
|
2015-08-15 20:28:05 +02:00
|
|
|
#include "base/configobject.hpp"
|
2018-09-27 17:12:02 +02:00
|
|
|
#include "base/process.hpp"
|
2019-07-25 16:32:57 +02:00
|
|
|
#include "base/shared.hpp"
|
2014-05-25 16:23:35 +02:00
|
|
|
#include "base/timer.hpp"
|
|
|
|
#include "base/workqueue.hpp"
|
|
|
|
#include "base/tcpsocket.hpp"
|
|
|
|
#include "base/tlsstream.hpp"
|
2018-09-24 16:38:48 +02:00
|
|
|
#include "base/threadpool.hpp"
|
2019-07-08 16:41:47 +02:00
|
|
|
#include <atomic>
|
2020-02-05 15:53:56 +01:00
|
|
|
#include <boost/asio/io_context.hpp>
|
2019-02-08 11:43:47 +01:00
|
|
|
#include <boost/asio/ip/tcp.hpp>
|
2019-02-08 18:00:53 +01:00
|
|
|
#include <boost/asio/spawn.hpp>
|
2019-02-08 14:23:10 +01:00
|
|
|
#include <boost/asio/ssl/context.hpp>
|
2022-04-04 13:26:55 +02:00
|
|
|
#include <boost/thread/shared_mutex.hpp>
|
2020-10-19 12:31:57 +02:00
|
|
|
#include <cstdint>
|
2020-10-02 17:53:17 +02:00
|
|
|
#include <mutex>
|
2014-05-11 17:14:35 +02:00
|
|
|
#include <set>
|
2014-04-12 04:21:09 +02:00
|
|
|
|
|
|
|
namespace icinga
|
|
|
|
{
|
|
|
|
|
2015-06-22 11:11:21 +02:00
|
|
|
class JsonRpcConnection;
|
2014-05-03 20:02:22 +02:00
|
|
|
|
2016-01-26 10:46:27 +01:00
|
|
|
/**
|
|
|
|
* @ingroup remote
|
|
|
|
*/
|
|
|
|
struct ConfigDirInformation
|
|
|
|
{
|
|
|
|
Dictionary::Ptr UpdateV1;
|
|
|
|
Dictionary::Ptr UpdateV2;
|
2018-10-25 14:10:30 +02:00
|
|
|
Dictionary::Ptr Checksums;
|
2016-01-26 10:46:27 +01:00
|
|
|
};
|
|
|
|
|
2020-10-19 12:31:57 +02:00
|
|
|
/**
|
|
|
|
* If the version reported by icinga::Hello is not enough to tell whether
|
|
|
|
* the peer has a specific capability, add the latter to this bitmask.
|
|
|
|
*
|
|
|
|
* Note that due to the capability exchange via JSON-RPC and the state storage via JSON
|
|
|
|
* the bitmask numbers are stored in IEEE 754 64-bit floats.
|
|
|
|
* The latter have 53 digit bits which limit the bitmask.
|
|
|
|
* Not to run out of bits:
|
|
|
|
*
|
|
|
|
* Once all Icinga versions which don't have a specific capability are completely EOL,
|
|
|
|
* remove the respective capability checks and assume the peer has the capability.
|
|
|
|
* Once all Icinga versions which still check for the capability are completely EOL,
|
|
|
|
* remove the respective bit from icinga::Hello.
|
|
|
|
* Once all Icinga versions which still have the respective bit in icinga::Hello
|
|
|
|
* are completely EOL, remove the bit here.
|
|
|
|
* Once all Icinga versions which still have the respective bit here
|
|
|
|
* are completely EOL, feel free to re-use the bit.
|
|
|
|
*
|
|
|
|
* completely EOL = not supported, even if an important customer of us used it and
|
|
|
|
* not expected to appear in a multi-level cluster, e.g. a 4 level cluster with
|
|
|
|
* v2.11 -> v2.10 -> v2.9 -> v2.8 - v2.7 isn't here
|
|
|
|
*
|
|
|
|
* @ingroup remote
|
|
|
|
*/
|
|
|
|
enum class ApiCapabilities : uint_fast64_t
|
|
|
|
{
|
|
|
|
ExecuteArbitraryCommand = 1u
|
|
|
|
};
|
|
|
|
|
2014-04-12 04:21:09 +02:00
|
|
|
/**
|
2014-05-03 20:02:22 +02:00
|
|
|
* @ingroup remote
|
|
|
|
*/
|
2018-01-04 06:11:04 +01:00
|
|
|
class ApiListener final : public ObjectImpl<ApiListener>
|
2014-04-12 04:21:09 +02:00
|
|
|
{
|
|
|
|
public:
|
2014-11-03 00:44:04 +01:00
|
|
|
DECLARE_OBJECT(ApiListener);
|
|
|
|
DECLARE_OBJECTNAME(ApiListener);
|
2014-04-12 04:21:09 +02:00
|
|
|
|
2014-05-03 20:02:22 +02:00
|
|
|
static boost::signals2::signal<void(bool)> OnMasterChanged;
|
|
|
|
|
2018-01-04 04:25:35 +01:00
|
|
|
ApiListener();
|
2015-03-02 09:56:09 +01:00
|
|
|
|
2018-01-04 04:25:35 +01:00
|
|
|
static String GetApiDir();
|
2018-09-27 17:12:02 +02:00
|
|
|
static String GetApiZonesDir();
|
|
|
|
static String GetApiZonesStageDir();
|
2018-01-04 04:25:35 +01:00
|
|
|
static String GetCertsDir();
|
|
|
|
static String GetCaDir();
|
|
|
|
static String GetCertificateRequestsDir();
|
2014-04-12 04:21:09 +02:00
|
|
|
|
2022-03-29 16:36:13 +02:00
|
|
|
std::shared_ptr<X509> RenewCert(const std::shared_ptr<X509>& cert);
|
2018-01-04 04:25:35 +01:00
|
|
|
void UpdateSSLContext();
|
2014-04-12 04:21:09 +02:00
|
|
|
|
2018-01-04 04:25:35 +01:00
|
|
|
static ApiListener::Ptr GetInstance();
|
2017-09-05 14:21:30 +02:00
|
|
|
|
2018-01-04 04:25:35 +01:00
|
|
|
Endpoint::Ptr GetMaster() const;
|
|
|
|
bool IsMaster() const;
|
2014-05-03 20:02:22 +02:00
|
|
|
|
2018-01-04 04:25:35 +01:00
|
|
|
Endpoint::Ptr GetLocalEndpoint() const;
|
2015-11-24 15:25:55 +01:00
|
|
|
|
2014-11-13 11:23:57 +01:00
|
|
|
void SyncSendMessage(const Endpoint::Ptr& endpoint, const Dictionary::Ptr& message);
|
2015-08-15 20:28:05 +02:00
|
|
|
void RelayMessage(const MessageOrigin::Ptr& origin, const ConfigObject::Ptr& secobj, const Dictionary::Ptr& message, bool log);
|
2014-05-03 20:02:22 +02:00
|
|
|
|
2015-02-13 11:28:43 +01:00
|
|
|
static void StatsFunc(const Dictionary::Ptr& status, const Array::Ptr& perfdata);
|
2018-01-04 04:25:35 +01:00
|
|
|
std::pair<Dictionary::Ptr, Dictionary::Ptr> GetStatus();
|
2014-05-03 20:02:22 +02:00
|
|
|
|
2018-03-05 13:22:43 +01:00
|
|
|
bool AddAnonymousClient(const JsonRpcConnection::Ptr& aclient);
|
2015-06-22 11:11:21 +02:00
|
|
|
void RemoveAnonymousClient(const JsonRpcConnection::Ptr& aclient);
|
2018-01-04 04:25:35 +01:00
|
|
|
std::set<JsonRpcConnection::Ptr> GetAnonymousClients() const;
|
2015-06-22 11:11:21 +02:00
|
|
|
|
2015-08-29 01:16:16 +02:00
|
|
|
void AddHttpClient(const HttpServerConnection::Ptr& aclient);
|
|
|
|
void RemoveHttpClient(const HttpServerConnection::Ptr& aclient);
|
2018-01-04 04:25:35 +01:00
|
|
|
std::set<HttpServerConnection::Ptr> GetHttpClients() const;
|
2014-05-08 15:12:56 +02:00
|
|
|
|
2015-09-25 14:23:42 +02:00
|
|
|
static double CalculateZoneLag(const Endpoint::Ptr& endpoint);
|
|
|
|
|
2015-08-20 16:43:03 +02:00
|
|
|
/* filesync */
|
2015-08-04 14:47:44 +02:00
|
|
|
static Value ConfigUpdateHandler(const MessageOrigin::Ptr& origin, const Dictionary::Ptr& params);
|
2020-09-11 13:38:35 +02:00
|
|
|
void HandleConfigUpdate(const MessageOrigin::Ptr& origin, const Dictionary::Ptr& params);
|
2017-12-13 12:54:14 +01:00
|
|
|
|
2015-08-20 16:43:03 +02:00
|
|
|
/* configsync */
|
|
|
|
static void ConfigUpdateObjectHandler(const ConfigObject::Ptr& object, const Value& cookie);
|
|
|
|
static Value ConfigUpdateObjectAPIHandler(const MessageOrigin::Ptr& origin, const Dictionary::Ptr& params);
|
|
|
|
static Value ConfigDeleteObjectAPIHandler(const MessageOrigin::Ptr& origin, const Dictionary::Ptr& params);
|
2017-12-13 12:54:14 +01:00
|
|
|
|
2019-04-16 16:37:38 +02:00
|
|
|
/* API config packages */
|
|
|
|
void SetActivePackageStage(const String& package, const String& stage);
|
|
|
|
String GetActivePackageStage(const String& package);
|
|
|
|
void RemoveActivePackageStage(const String& package);
|
|
|
|
|
2015-08-04 14:47:44 +02:00
|
|
|
static Value HelloAPIHandler(const MessageOrigin::Ptr& origin, const Dictionary::Ptr& params);
|
2016-05-11 12:50:08 +02:00
|
|
|
|
2018-01-04 04:25:35 +01:00
|
|
|
static void UpdateObjectAuthority();
|
2016-05-11 12:50:08 +02:00
|
|
|
|
2018-01-04 04:25:35 +01:00
|
|
|
static bool IsHACluster();
|
2017-05-12 10:48:11 +02:00
|
|
|
static String GetFromZoneName(const Zone::Ptr& fromZone);
|
2016-08-04 10:12:55 +02:00
|
|
|
|
2018-01-04 04:25:35 +01:00
|
|
|
static String GetDefaultCertPath();
|
|
|
|
static String GetDefaultKeyPath();
|
|
|
|
static String GetDefaultCaPath();
|
2017-10-16 15:32:57 +02:00
|
|
|
|
2019-07-08 16:41:47 +02:00
|
|
|
static inline
|
|
|
|
bool UpdatedObjectAuthority()
|
|
|
|
{
|
|
|
|
return m_UpdatedObjectAuthority.load();
|
|
|
|
}
|
|
|
|
|
2018-09-13 18:05:31 +02:00
|
|
|
double GetTlsHandshakeTimeout() const override;
|
|
|
|
void SetTlsHandshakeTimeout(double value, bool suppress_events, const Value& cookie) override;
|
|
|
|
|
2014-05-03 20:02:22 +02:00
|
|
|
protected:
|
2018-01-04 05:12:56 +01:00
|
|
|
void OnConfigLoaded() override;
|
|
|
|
void OnAllConfigLoaded() override;
|
|
|
|
void Start(bool runtimeCreated) override;
|
|
|
|
void Stop(bool runtimeDeleted) override;
|
2014-04-15 13:11:14 +02:00
|
|
|
|
2018-01-11 07:08:09 +01:00
|
|
|
void ValidateTlsProtocolmin(const Lazy<String>& lvalue, const ValidationUtils& utils) override;
|
2018-09-13 18:05:31 +02:00
|
|
|
void ValidateTlsHandshakeTimeout(const Lazy<double>& lvalue, const ValidationUtils& utils) override;
|
2016-08-01 05:32:47 +02:00
|
|
|
|
2014-04-12 04:21:09 +02:00
|
|
|
private:
|
2019-07-25 16:45:39 +02:00
|
|
|
Shared<boost::asio::ssl::context>::Ptr m_SSLContext;
|
2022-04-04 13:26:55 +02:00
|
|
|
boost::shared_mutex m_SSLContextMutex;
|
2017-09-18 15:25:29 +02:00
|
|
|
|
2021-02-02 10:16:04 +01:00
|
|
|
mutable std::mutex m_AnonymousClientsLock;
|
|
|
|
mutable std::mutex m_HttpClientsLock;
|
2015-06-22 11:11:21 +02:00
|
|
|
std::set<JsonRpcConnection::Ptr> m_AnonymousClients;
|
2015-08-29 01:16:16 +02:00
|
|
|
std::set<HttpServerConnection::Ptr> m_HttpClients;
|
2017-09-18 15:25:29 +02:00
|
|
|
|
2014-04-12 04:21:09 +02:00
|
|
|
Timer::Ptr m_Timer;
|
2016-07-21 12:27:18 +02:00
|
|
|
Timer::Ptr m_ReconnectTimer;
|
2016-08-17 09:19:05 +02:00
|
|
|
Timer::Ptr m_AuthorityTimer;
|
2017-09-07 15:31:38 +02:00
|
|
|
Timer::Ptr m_CleanupCertificateRequestsTimer;
|
2019-04-26 14:51:28 +02:00
|
|
|
Timer::Ptr m_ApiPackageIntegrityTimer;
|
2022-03-30 18:38:57 +02:00
|
|
|
Timer::Ptr m_RenewOwnCertTimer;
|
2019-04-26 14:51:28 +02:00
|
|
|
|
2015-11-24 15:25:55 +01:00
|
|
|
Endpoint::Ptr m_LocalEndpoint;
|
|
|
|
|
|
|
|
static ApiListener::Ptr m_Instance;
|
2019-07-08 16:41:47 +02:00
|
|
|
static std::atomic<bool> m_UpdatedObjectAuthority;
|
2014-04-12 04:21:09 +02:00
|
|
|
|
2018-01-04 04:25:35 +01:00
|
|
|
void ApiTimerHandler();
|
|
|
|
void ApiReconnectTimerHandler();
|
|
|
|
void CleanupCertificateRequestsTimerHandler();
|
2019-04-26 14:51:28 +02:00
|
|
|
void CheckApiPackageIntegrity();
|
2014-04-12 04:21:09 +02:00
|
|
|
|
2014-08-25 08:27:19 +02:00
|
|
|
bool AddListener(const String& node, const String& service);
|
2014-06-23 10:00:02 +02:00
|
|
|
void AddConnection(const Endpoint::Ptr& endpoint);
|
2014-04-12 04:21:09 +02:00
|
|
|
|
2020-02-05 15:53:56 +01:00
|
|
|
void NewClientHandler(
|
|
|
|
boost::asio::yield_context yc, const Shared<boost::asio::io_context::strand>::Ptr& strand,
|
|
|
|
const Shared<AsioTlsStream>::Ptr& client, const String& hostname, ConnectionRole role
|
|
|
|
);
|
|
|
|
void NewClientHandlerInternal(
|
|
|
|
boost::asio::yield_context yc, const Shared<boost::asio::io_context::strand>::Ptr& strand,
|
|
|
|
const Shared<AsioTlsStream>::Ptr& client, const String& hostname, ConnectionRole role
|
|
|
|
);
|
2022-04-04 13:26:55 +02:00
|
|
|
void ListenerCoroutineProc(boost::asio::yield_context yc, const Shared<boost::asio::ip::tcp::acceptor>::Ptr& server);
|
2019-02-08 18:00:53 +01:00
|
|
|
|
2014-05-03 20:02:22 +02:00
|
|
|
WorkQueue m_RelayQueue;
|
2018-01-04 09:43:49 +01:00
|
|
|
WorkQueue m_SyncQueue{0, 4};
|
2014-05-03 20:02:22 +02:00
|
|
|
|
2021-02-02 10:16:04 +01:00
|
|
|
std::mutex m_LogLock;
|
2014-05-03 20:02:22 +02:00
|
|
|
Stream::Ptr m_LogFile;
|
2018-01-04 09:43:49 +01:00
|
|
|
size_t m_LogMessageCount{0};
|
2014-05-03 20:02:22 +02:00
|
|
|
|
2019-04-10 14:17:36 +02:00
|
|
|
bool RelayMessageOne(const Zone::Ptr& zone, const MessageOrigin::Ptr& origin, const Dictionary::Ptr& message, const Endpoint::Ptr& currentZoneMaster);
|
2015-08-15 20:28:05 +02:00
|
|
|
void SyncRelayMessage(const MessageOrigin::Ptr& origin, const ConfigObject::Ptr& secobj, const Dictionary::Ptr& message, bool log);
|
|
|
|
void PersistMessage(const Dictionary::Ptr& message, const ConfigObject::Ptr& secobj);
|
2014-04-13 09:22:27 +02:00
|
|
|
|
2018-01-04 04:25:35 +01:00
|
|
|
void OpenLogFile();
|
|
|
|
void RotateLogFile();
|
|
|
|
void CloseLogFile();
|
2014-05-03 20:02:22 +02:00
|
|
|
static void LogGlobHandler(std::vector<int>& files, const String& file);
|
2015-06-22 11:11:21 +02:00
|
|
|
void ReplayLog(const JsonRpcConnection::Ptr& client);
|
2014-05-13 13:18:27 +02:00
|
|
|
|
2017-10-16 15:32:57 +02:00
|
|
|
static void CopyCertificateFile(const String& oldCertPath, const String& newCertPath);
|
|
|
|
|
2019-02-08 11:43:47 +01:00
|
|
|
void UpdateStatusFile(boost::asio::ip::tcp::endpoint localEndpoint);
|
2018-08-09 11:54:34 +02:00
|
|
|
void RemoveStatusFile();
|
|
|
|
|
2015-09-10 17:48:06 +02:00
|
|
|
/* filesync */
|
2020-11-16 17:38:03 +01:00
|
|
|
static std::mutex m_ConfigSyncStageLock;
|
2019-05-13 11:26:39 +02:00
|
|
|
|
2018-10-25 14:10:30 +02:00
|
|
|
void SyncLocalZoneDirs() const;
|
|
|
|
void SyncLocalZoneDir(const Zone::Ptr& zone) const;
|
2022-03-29 16:45:18 +02:00
|
|
|
void RenewOwnCert();
|
2018-10-25 14:10:30 +02:00
|
|
|
|
|
|
|
void SendConfigUpdate(const JsonRpcConnection::Ptr& aclient);
|
|
|
|
|
2016-01-26 10:46:27 +01:00
|
|
|
static Dictionary::Ptr MergeConfigUpdate(const ConfigDirInformation& config);
|
2014-06-10 11:40:43 +02:00
|
|
|
|
2018-10-25 14:10:30 +02:00
|
|
|
static ConfigDirInformation LoadConfigDir(const String& dir);
|
2016-01-26 10:46:27 +01:00
|
|
|
static void ConfigGlobHandler(ConfigDirInformation& config, const String& path, const String& file);
|
2015-09-10 17:48:06 +02:00
|
|
|
|
2020-11-17 09:31:45 +01:00
|
|
|
static void TryActivateZonesStage(const std::vector<String>& relativePaths);
|
2018-09-27 17:12:02 +02:00
|
|
|
|
2018-10-25 14:10:30 +02:00
|
|
|
static String GetChecksum(const String& content);
|
2018-10-26 16:05:21 +02:00
|
|
|
static bool CheckConfigChange(const ConfigDirInformation& oldConfig, const ConfigDirInformation& newConfig);
|
2018-10-25 14:10:30 +02:00
|
|
|
|
2018-09-28 11:08:58 +02:00
|
|
|
void UpdateLastFailedZonesStageValidation(const String& log);
|
2018-10-23 17:23:34 +02:00
|
|
|
void ClearLastFailedZonesStageValidation();
|
2018-09-28 11:08:58 +02:00
|
|
|
|
2015-09-10 17:48:06 +02:00
|
|
|
/* configsync */
|
2015-08-20 16:43:03 +02:00
|
|
|
void UpdateConfigObject(const ConfigObject::Ptr& object, const MessageOrigin::Ptr& origin,
|
2017-12-19 15:50:05 +01:00
|
|
|
const JsonRpcConnection::Ptr& client = nullptr);
|
2015-09-10 17:48:06 +02:00
|
|
|
void DeleteConfigObject(const ConfigObject::Ptr& object, const MessageOrigin::Ptr& origin,
|
2017-12-19 15:50:05 +01:00
|
|
|
const JsonRpcConnection::Ptr& client = nullptr);
|
2015-09-15 16:09:56 +02:00
|
|
|
void SendRuntimeConfigObjects(const JsonRpcConnection::Ptr& aclient);
|
2015-11-25 13:11:41 +01:00
|
|
|
|
2016-02-04 11:30:27 +01:00
|
|
|
void SyncClient(const JsonRpcConnection::Ptr& aclient, const Endpoint::Ptr& endpoint, bool needSync);
|
2019-04-16 16:37:38 +02:00
|
|
|
|
|
|
|
/* API Config Packages */
|
2021-02-02 10:16:04 +01:00
|
|
|
mutable std::mutex m_ActivePackageStagesLock;
|
2019-04-16 16:37:38 +02:00
|
|
|
std::map<String, String> m_ActivePackageStages;
|
|
|
|
|
|
|
|
void UpdateActivePackageStagesCache();
|
2014-04-12 04:21:09 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2014-05-03 20:02:22 +02:00
|
|
|
#endif /* APILISTENER_H */
|