Disallow config modifications via API during reload

Once the new main process has read the config,
it misses subsequent modifications from the old process otherwise.
This commit is contained in:
Alexander A. Klimov 2023-04-12 14:45:40 +02:00
parent 64e000df56
commit 2ee776b5ab
5 changed files with 66 additions and 0 deletions

View File

@ -3,6 +3,7 @@
#include "cli/daemoncommand.hpp"
#include "cli/daemonutility.hpp"
#include "remote/apilistener.hpp"
#include "remote/configobjectslock.hpp"
#include "remote/configobjectutility.hpp"
#include "config/configcompiler.hpp"
#include "config/configcompilercontext.hpp"
@ -801,6 +802,10 @@ int DaemonCommand::Run(const po::variables_map& vm, const std::vector<std::strin
sd_notify(0, "RELOADING=1");
#endif /* HAVE_SYSTEMD */
// The old process is still active, yet.
// Its config changes would not be visible to the new one after config load.
ConfigObjectsExclusiveLock lock;
pid_t nextWorker = StartUnixWorker(configs);
switch (nextWorker) {

View File

@ -12,6 +12,7 @@
#include "icinga/clusterevents.hpp"
#include "remote/apiaction.hpp"
#include "remote/apilistener.hpp"
#include "remote/configobjectslock.hpp"
#include "remote/filterutility.hpp"
#include "remote/pkiutility.hpp"
#include "remote/httputility.hpp"
@ -254,6 +255,12 @@ Dictionary::Ptr ApiActions::AcknowledgeProblem(const ConfigObject::Ptr& object,
return ApiActions::CreateResult(409, (service ? "Service " : "Host ") + checkable->GetName() + " is already acknowledged.");
}
ConfigObjectsSharedLock lock (std::try_to_lock);
if (!lock) {
return ApiActions::CreateResult(503, "Icinga is reloading.");
}
Comment::AddComment(checkable, CommentAcknowledgement, HttpUtility::GetLastParameter(params, "author"),
HttpUtility::GetLastParameter(params, "comment"), persistent, timestamp, sticky == AcknowledgementSticky);
checkable->AcknowledgeProblem(HttpUtility::GetLastParameter(params, "author"),
@ -272,6 +279,12 @@ Dictionary::Ptr ApiActions::RemoveAcknowledgement(const ConfigObject::Ptr& objec
"Cannot remove acknowledgement for non-existent checkable object "
+ object->GetName() + ".");
ConfigObjectsSharedLock lock (std::try_to_lock);
if (!lock) {
return ApiActions::CreateResult(503, "Icinga is reloading.");
}
String removedBy (HttpUtility::GetLastParameter(params, "author"));
checkable->ClearAcknowledgement(removedBy);
@ -297,6 +310,12 @@ Dictionary::Ptr ApiActions::AddComment(const ConfigObject::Ptr& object,
timestamp = HttpUtility::GetLastParameter(params, "expiry");
}
ConfigObjectsSharedLock lock (std::try_to_lock);
if (!lock) {
return ApiActions::CreateResult(503, "Icinga is reloading.");
}
String commentName = Comment::AddComment(checkable, CommentUser,
HttpUtility::GetLastParameter(params, "author"),
HttpUtility::GetLastParameter(params, "comment"), false, timestamp);
@ -316,6 +335,12 @@ Dictionary::Ptr ApiActions::AddComment(const ConfigObject::Ptr& object,
Dictionary::Ptr ApiActions::RemoveComment(const ConfigObject::Ptr& object,
const Dictionary::Ptr& params)
{
ConfigObjectsSharedLock lock (std::try_to_lock);
if (!lock) {
return ApiActions::CreateResult(503, "Icinga is reloading.");
}
auto author (HttpUtility::GetLastParameter(params, "author"));
Checkable::Ptr checkable = dynamic_pointer_cast<Checkable>(object);
@ -388,6 +413,12 @@ Dictionary::Ptr ApiActions::ScheduleDowntime(const ConfigObject::Ptr& object,
}
}
ConfigObjectsSharedLock lock (std::try_to_lock);
if (!lock) {
return ApiActions::CreateResult(503, "Icinga is reloading.");
}
Downtime::Ptr downtime = Downtime::AddDowntime(checkable, author, comment, startTime, endTime,
fixed, triggerName, duration);
String downtimeName = downtime->GetName();
@ -500,6 +531,12 @@ Dictionary::Ptr ApiActions::ScheduleDowntime(const ConfigObject::Ptr& object,
Dictionary::Ptr ApiActions::RemoveDowntime(const ConfigObject::Ptr& object,
const Dictionary::Ptr& params)
{
ConfigObjectsSharedLock lock (std::try_to_lock);
if (!lock) {
return ApiActions::CreateResult(503, "Icinga is reloading.");
}
auto author (HttpUtility::GetLastParameter(params, "author"));
Checkable::Ptr checkable = dynamic_pointer_cast<Checkable>(object);

View File

@ -1,6 +1,7 @@
/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
#include "remote/createobjecthandler.hpp"
#include "remote/configobjectslock.hpp"
#include "remote/configobjectutility.hpp"
#include "remote/httputility.hpp"
#include "remote/jsonrpcconnection.hpp"
@ -94,6 +95,13 @@ bool CreateObjectHandler::HandleRequest(
if (params)
verbose = HttpUtility::GetLastParameter(params, "verbose");
ConfigObjectsSharedLock lock (std::try_to_lock);
if (!lock) {
HttpUtility::SendJsonError(response, params, 503, "Icinga is reloading");
return true;
}
/* Object creation can cause multiple errors and optionally diagnostic information.
* We can't use SendJsonError() here.
*/

View File

@ -1,6 +1,7 @@
/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
#include "remote/deleteobjecthandler.hpp"
#include "remote/configobjectslock.hpp"
#include "remote/configobjectutility.hpp"
#include "remote/httputility.hpp"
#include "remote/filterutility.hpp"
@ -66,6 +67,13 @@ bool DeleteObjectHandler::HandleRequest(
bool cascade = HttpUtility::GetLastParameter(params, "cascade");
bool verbose = HttpUtility::GetLastParameter(params, "verbose");
ConfigObjectsSharedLock lock (std::try_to_lock);
if (!lock) {
HttpUtility::SendJsonError(response, params, 503, "Icinga is reloading");
return true;
}
ArrayData results;
bool success = true;

View File

@ -1,6 +1,7 @@
/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
#include "remote/modifyobjecthandler.hpp"
#include "remote/configobjectslock.hpp"
#include "remote/httputility.hpp"
#include "remote/filterutility.hpp"
#include "remote/apiaction.hpp"
@ -77,6 +78,13 @@ bool ModifyObjectHandler::HandleRequest(
if (params)
verbose = HttpUtility::GetLastParameter(params, "verbose");
ConfigObjectsSharedLock lock (std::try_to_lock);
if (!lock) {
HttpUtility::SendJsonError(response, params, 503, "Icinga is reloading");
return true;
}
ArrayData results;
for (const ConfigObject::Ptr& obj : objs) {