tyler.durden/icinga2
1
0
Fork 0
mirror of https://github.com/Icinga/icinga2.git synced 2025-05-23 07:50:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
14,020 Commits 279 Branches 120 Tags
Commit Graph

6493 Commits

Author SHA1 Message Date
Alexander A. Klimov
97cd05db7a Notification#BeginExecuteNotification(): on recovery clear last_notified_state_per_user 2023-12-13 13:21:22 +01:00
Alexander A. Klimov
44e9c6f40d Notification#BeginExecuteNotification(): discard likely duplicate problem notifications 2023-12-13 13:21:19 +01:00
Alexander A. Klimov
74f52c6fcd Introduce IsCaUptodate() by splitting IsCertUptodate() 2023-12-13 12:08:34 +01:00
Julian Brost
871fa67b52
Merge pull request #9885 from Icinga/renegotiation 2023-12-12 17:38:09 +01:00
Alexander A. Klimov
2cff763295 Cluster-sync Notification#last_notified_state_per_user 2023-12-12 15:29:50 +01:00
Alexander A. Klimov
b25ba7a316 Notification#BeginExecuteNotification(): track state change notifications 2023-12-07 12:43:30 +01:00
Julian Brost
d2a7117007
Merge pull request #9899 from Icinga/icinga2-crashes-silently-9897 
IcingaDB#SendConfigDelete(): fix missing nullptr check before deref
 2023-11-21 11:03:28 +01:00
Alexander Aleksandrovič Klimov
7fc7d054af
Merge pull request #9841 from WuerthPhoenix/fix-9840-lock-console-api-during-reload 2023-11-21 10:36:26 +01:00
Alexander A. Klimov
7174dc864d IcingaDB#SendConfigDelete(): fix missing nullptr check before deref 2023-11-10 17:43:33 +01:00
Alexander A. Klimov
9aaa9901bd Icinga DB downtime history: provide cancel_time where has_been_cancelled may be 1 
The table sla_history_downtime requires a downtime_end.
The Go daemon takes the cancel_time if has_been_cancelled is 1.
So we must supply a cancel_time whereever has_been_cancelled is 1.
Otherwise the Go daemon can't process some entries.
 2023-11-08 15:22:39 +01:00
Alexander A. Klimov
7ce9457a4a Disable TLS renegotiation 
The API doesn't need it and a customer's security scanner
is afraid of a potential DoS attack vector.
 2023-11-06 18:46:37 +01:00
Theo Buehler
1f06589f7a Remove dead code in GetSignatureAlgorithm() 
This code was added in commit 548eb93 and never did anything useful.
Using X509_get_signature_nid() or its expanded version in the pre-1.1
branch is the correct way of retrieving the signature algorithm of a
certificate.

CLA: trivial
 2023-10-20 18:55:44 +02:00
Julian Brost
bba6a76f4a
Merge pull request #9853 from Icinga/GelfWriter-m_StreamMutex 
GelfWriter: protect m_Stream via m_WorkQueue, not ObjectLock(this)
 2023-09-07 11:46:38 +02:00
Alexander Aleksandrovič Klimov
e5d988a2fe
Merge pull request #7799 from Icinga/bugfix/file-end 
Fix file endings
 2023-08-25 11:06:19 +02:00
Alexander A. Klimov
4ee10a6c20 GelfWriter: protect m_Stream via m_WorkQueue, not ObjectLock(this) 
On shutdown or HA re-connect ConfigObject#SetAuthority(false) is called which
does ObjectLock(this) and ConfigObject#Pause(). GelfWriter#Pause(), with the
above ObjectLock, calls m_WorkQueue.Join(). But items inside that also doing
ObjectLock(this) cause a deadlock.
 2023-08-24 17:48:09 +02:00
Alexander Aleksandrovič Klimov
993c9b742d
Make ObjectImpl<Logger>#GetSeverity() non-virtual 
After all it's not overridden.
 2023-08-15 13:03:31 +02:00
Mattia Codato
41e21cb8cf Prevent calls to command API while the configuration is reloading. 
Fixes #9840
 2023-08-09 08:45:04 +02:00
Alexander A. Klimov
1308ad62af Stream#Read(): remove de facto unused param allow_partial 
The only caller passes true, so no one forbids partial reads (even implicitly).
All usages in the implementation just assert it being true (allowed).
 2023-07-13 16:55:48 +02:00
Alexander Aleksandrovič Klimov
1af5109ad3
Merge pull request #9734 from Icinga/remove-unused-stream-peek- 
Remove unused Stream#Peek()
 2023-07-13 16:52:29 +02:00
Alexander A. Klimov
8f8a6ee2a0 Application::m_LastReloadFailed: if double isn't always lock free, use uint32_t 
which will overflow in 2106, not 2038.
This fixes a compile failure on 32-bit Raspbian.
 2023-07-10 10:51:02 +02:00
Alexander Aleksandrovič Klimov
000a776dfb
Built-in check command: ifw-api (#9062) 2023-07-06 14:18:21 +02:00
Julian Brost
26a75f8a6f
Merge pull request #9812 from Icinga/support-elasticsearch-8-0-9251 
ElasticsearchWriter: switch to v7+ URL schema to support v8
 2023-07-05 10:15:10 +02:00
Julian Brost
fe13b96226
Merge pull request #9809 from Icinga/reevaluate-and-update-default-tls-cipher-list-9808 
Copy and paste global default TLS cipher set from ssl-config.mozilla.org
 2023-07-03 19:13:10 +02:00
Alexander A. Klimov
617dda61fb Re-order global default TLS cipher list to prefer AES256 over AES128 2023-07-03 15:36:11 +02:00
Alexander A. Klimov
4c2e59a690 ElasticsearchWriter: switch to v7+ URL schema to support v8 
and OpenSearch 2. This breaks the EOL v5 and v6.
 2023-07-03 14:43:45 +02:00
Julian Brost
70d6b6e424
Merge pull request #9810 from Icinga/Al2Klimov-patch-8 
ElasticsearchWriter#Pause(): call Flush() only once
 2023-06-30 17:21:16 +02:00
Alexander Aleksandrovič Klimov
076eb59443
ElasticsearchWriter#Pause(): lock m_DataBufferMutex during Flush() 
just to be sure regarding race conditions.
 2023-06-30 14:57:18 +02:00
Julian Brost
a2e05f89e8 Enable built-in OpenSSL DH parameters to allow DHE TLS ciphers 
Non-ECC DHE ciphers in the `cipher_list` attribute of `ApiListener` (the
default value includes these) had no effect as no DH parameters were available
and therefore the server wouldn't offer these ciphers. OpenSSL provides
built-in DH parameters starting from version 1.1.0, however, these have to be
enables explicitly using the `SSL_CTX_set_dh_auto()` function. This commit does
so and thereby makes it possible to establish a connection to an Icinga 2
server using a DHE cipher.
 2023-06-29 12:06:26 +02:00
Alexander Aleksandrovič Klimov
d5e6ecec8a
ElasticsearchWriter#Pause(): call Flush() only once 
The first Flush() is redundant and may access m_DataBuffer at the same time as some Flush() in m_WorkQueue (race condition) which isn't joined, yet.
 2023-06-29 10:42:12 +02:00
Alexander A. Klimov
2e053b0e06 Copy and paste global default TLS cipher set from ssl-config.mozilla.org 
which got more secure by now, but still overlaps with v2.13.x' set.
 2023-06-28 14:49:08 +02:00
Julian Brost
a2926b8604
Merge pull request #9794 from Icinga/round-notification-times-begin-end-not-to-crash-go-daemon 
IcingaDB::PrepareObject(): round Notification#times.{begin,end} not to crash Go daemon
 2023-06-27 17:08:41 +02:00
Alexander A. Klimov
dccb678882 IcingaDB::PrepareObject(): cut off (null) negative Notification#times.{begin,end} not to crash Go daemon 
At least our PostgreSQL schema enforces positive values.
 2023-06-27 12:58:08 +02:00
Alexander A. Klimov
415b810abf IcingaDB::PrepareObject(): round Notification#times.{begin,end} not to crash Go daemon 
The latter expects ints, not floats - not to mention strings.
Luckily Icinga already enforces numeric strings so that we can cast it to number.
 2023-06-27 12:53:08 +02:00
Julian Brost
9cf519316e
Merge pull request #9805 from Icinga/checkcommand-timeout-0-crashes-icinga-db-daemon-9804 
IcingaDB::PrepareObject(): cut off (0) negative Command#timeout for Redis
 2023-06-27 10:45:02 +02:00
Julian Brost
c08d3beeb1
Merge pull request #9785 from Icinga/Al2Klimov-patch-8 
Icinga DB: also write ConfigObject#original_attributes into Redis
 2023-06-27 10:24:41 +02:00
Julian Brost
bd11bc2eb4
Merge pull request #9793 from Icinga/unmarshal-number-42-5-into-go-struct-field-notification-notification_interval 
IcingaDB::PrepareObject(): round Notification#interval and limit it to >=0
 2023-06-27 10:12:13 +02:00
Alexander A. Klimov
d641a3c799 IcingaDB::PrepareObject(): cut off (0) negative Command#timeout for Redis 
not to crash the Go daemon which expects positive values there.
 2023-06-26 15:36:47 +02:00
Julian Brost
5350aa3c72
Merge pull request #9792 from Icinga/icingadb-conversion-of-strings-to-number-types-to-avoid-crashes-9791 
IcingaDB::PrepareObject(): convert non-null Checkable#check_timeout to number
 2023-06-26 15:03:21 +02:00
Alexander A. Klimov
273aa6f997 IcingaDB::PrepareObject(): round Notification#interval and limit it to >=0 
otherwise, e.g. with -42.5, the Go daemon crashes. It expects uints there.
 2023-06-19 12:46:40 +02:00
Alexander A. Klimov
9f08bad395 IcingaDB::PrepareObject(): convert non-null Checkable#check_timeout to number 
and, in case of null, fall back to Checkable#check_command.timeout, just like
IcingaDB#SerializeState(). Otherwise the Go daemon crashes. It expects a number.
 2023-06-15 12:29:42 +02:00
Alexander A. Klimov
1587431945 POST /v1/objects: allow array of attrs to undo modifications of 2023-06-13 16:40:33 +02:00
Alexander A. Klimov
385fe2fd76 Icinga DB: also write ConfigObject#original_attributes into Redis 
for the case the Go daemon decides to sync them into DB.
 2023-06-12 12:53:25 +02:00
Julian Brost
7c381ae12f
Merge pull request #9779 from Icinga/macroprocessor-resolvemacro-quasi-cv-object-icingaapplication 
MacroProcessor::ResolveMacro(): treat quasi-CV-object IcingaApplication as real CV-object
 2023-05-31 20:41:31 +02:00
Alexander A. Klimov
a9c80ffb2e MacroProcessor::ResolveMacro(): treat quasi-CV-object IcingaApplication as real CV-object 
As MacroProcessor checked just for CustomVarObject base class, but
IcingaApplication provided the vars attribute by itself, it had to also
resolve CV macros by itself. That logic diverged from MacroProcessor so that
macros inside IcingaApplication CVs weren't resolved. Until now.
 2023-05-31 16:35:09 +02:00
Julian Brost
8a42c3bf18
Merge pull request #9775 from Icinga/icingadb-service-crashes-on-negative-downtime-duration-or-end-before-start-9774 
Icinga DB: don't write negative Downtime durations into Redis
 2023-05-31 11:37:42 +02:00
Alexander A. Klimov
75eaa81c06 Icinga DB: don't write negative Downtime durations into Redis 
via `std::max(0, x)` not to crash the Go daemon which can't handle such.
 2023-05-30 17:56:03 +02:00
Julian Brost
b0899d9ab4
Merge pull request #8429 from Icinga/bugfix/last-reload-attempt-failed-8428 
Share "Last reload attempt failed" time across Icinga process tree on *nix
 2023-05-30 11:42:21 +02:00
Julian Brost
d871c5c837
Merge pull request #9772 from Icinga/icinga-db-feature-should-normalize-command-arguments-required-skip_key-repeat_key-to-boolean-9576 
Icinga DB feature: normalize *Command.arguments[*].{required,skip_key…
 2023-05-25 11:54:01 +02:00
Alexander A. Klimov
ad618e9716 Icinga DB feature: normalize *Command.arguments[*].{required,skip_key,repeat_key} to boolean 
At the moment, the Icinga DB feature will use that value as-is and
serialize it to JSON, resulting in a crash in Icinga DB down the road
because it expects a boolean.
 2023-05-24 16:04:14 +02:00
Julian Brost
2470e930eb
Merge pull request #9643 from Icinga/hardware_concurrency 
Always use Configuration#Concurrency, not `std:🧵:hardware_concurrency()`
 2023-05-23 19:23:14 +02:00