tyler.durden/icinga2
1
0
Fork 0
mirror of https://github.com/Icinga/icinga2.git synced 2025-08-30 14:08:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
11,669 Commits 273 Branches 124 Tags
Commit Graph

946 Commits

Author SHA1 Message Date
Alexander A. Klimov
d48144968c Version 2.11.11 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEql0VxA4bnBDSGn4985WONmaH6mMFAmEdLVsACgkQ85WONmaH
 6mPLHxAArGT90S6mKYcTK+H4NE1jBVOclGdqAsEnjPmwiRZo6U+Wc4y2CqZXNbK3
 Dm+LAQ8C8xukOZFz+2jtUuTg40rywb0A2lZt1dm0qmUMNQ7C3z46pd5glsYniXPm
 4qIGV4wHc9/Cnw8CC6gq5dfcRWrsV/BlaJ1OXBYF9tU0fJkIHBaEnKU3tUVe8mCi
 zmlFEL06NxvbVkewB7YAAiHZA7nePYfkC8gt4F/fgo3nDW8xZrjUcJRpa72cAebL
 thmtpCgsmtO1ObVuBFrjoJJ3Y+/+KUL/mZXKfqXbWEvp34OEFappN/b8KaUoNzT0
 PkGSnyH30zgOnnNRmo+q1vWPnFMW5t8GmJzOphg1oA1GUM7H6rXOz3AiJAAOUVBV
 JY6xD/L7kZL3Y0SAvH1Uit72Obu/9KZTU5PDaSDO/oZt0Ww3ZznqxK7WMqIESqBt
 TlBqhuTaLMq3uZeQ4EaSC6v4PgG8ljhw6rf6//fs33TG1w/7M6BiB8Gu68BHt4LD
 B2w/amb+B/46/eOlqdodytCrRQUzh6RGecIWwgyCdMzZgOjk3GDCPHi7DdAb80/v
 ds0LS8L6AirMlE85XJy5fxaskvvKLV5XqcZo5xPIMXlI3zQM0Ni/RSm4KH957Dtw
 L567ZNBjPrD/5+j5/TwjIa269PZFF3APqyVfST4HMGJDEOirPwU=
 =paiQ
 -----END PGP SIGNATURE-----

Merge tag 'v2.11.11' into feature/v1-actions-execute-command-8034-2.11.9

Version 2.11.11

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEql0VxA4bnBDSGn4985WONmaH6mMFAmEdLVsACgkQ85WONmaH
# 6mPLHxAArGT90S6mKYcTK+H4NE1jBVOclGdqAsEnjPmwiRZo6U+Wc4y2CqZXNbK3
# Dm+LAQ8C8xukOZFz+2jtUuTg40rywb0A2lZt1dm0qmUMNQ7C3z46pd5glsYniXPm
# 4qIGV4wHc9/Cnw8CC6gq5dfcRWrsV/BlaJ1OXBYF9tU0fJkIHBaEnKU3tUVe8mCi
# zmlFEL06NxvbVkewB7YAAiHZA7nePYfkC8gt4F/fgo3nDW8xZrjUcJRpa72cAebL
# thmtpCgsmtO1ObVuBFrjoJJ3Y+/+KUL/mZXKfqXbWEvp34OEFappN/b8KaUoNzT0
# PkGSnyH30zgOnnNRmo+q1vWPnFMW5t8GmJzOphg1oA1GUM7H6rXOz3AiJAAOUVBV
# JY6xD/L7kZL3Y0SAvH1Uit72Obu/9KZTU5PDaSDO/oZt0Ww3ZznqxK7WMqIESqBt
# TlBqhuTaLMq3uZeQ4EaSC6v4PgG8ljhw6rf6//fs33TG1w/7M6BiB8Gu68BHt4LD
# B2w/amb+B/46/eOlqdodytCrRQUzh6RGecIWwgyCdMzZgOjk3GDCPHi7DdAb80/v
# ds0LS8L6AirMlE85XJy5fxaskvvKLV5XqcZo5xPIMXlI3zQM0Ni/RSm4KH957Dtw
# L567ZNBjPrD/5+j5/TwjIa269PZFF3APqyVfST4HMGJDEOirPwU=
# =paiQ
# -----END PGP SIGNATURE-----
# gpg: Signatur vom Mi 18 Aug 17:55:07 2021 CEST
# gpg:                mittels RSA-Schlüssel AA5D15C40E1B9C10D21A7E3DF3958E366687EA63
# gpg: Signatur kann nicht geprüft werden: No public key
 2023-02-09 10:36:38 +01:00
Alexander A. Klimov
9b1c447339 Version 2.11.9 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE/QahNshZYA8kVY+rcVbnuuF3SgAFAmCvSioACgkQcVbnuuF3
 SgAZbw//c++hPaa4ldpanyP8fCYs3+36TsgheZvFbRmCp/nCzoRG102S3kusUQJB
 R2driSpvnay1mPDlMp7WXNZBg6zpf45K7C98hROis5zdXD3qAR8yXi3EOOfa+ANI
 irPbjVmrZ6gdfKaiI8gi6tc+P1aNjEfs8TZ3F1hp7EAgYwFB9nPlHLbH6n37W1Fc
 dwu3XBtTbTHqZtDPKeq9kQ9pJd20mEzm4boZLidicuJw0g7QllzP2Pzks6jLDplK
 8EhpZ4Vg19LEcefXDm9seVWW6X3BxyXn0AKhvCYTD0ycQ5rdXUeAUjMwcHehq2Yo
 Np2JMdUcI1LD3Q5ZJwhiNraRAI112qWEyeUbyL9XFDuYCgcNpprQgu0j+3sRu3Mk
 5QXMAaFFkTwga+f1VCdKhHFsf3xxTvPi288z71e2QRyOAMsgeQtsfSaJq+WFGeqL
 14tDfq7SQimu27IJSkhFXx554Gu/P64ggYvmFhJ0F/sHDIbaWx+kOpKQX0eULN8P
 VqtiyoG/QlgrdPCOaA5nQnSa8+iaO6hA5boWtjXgSxTx040cwhg0CbYlmpzj8l1G
 MNDhgEprx3sAaCsYlgDczjyKEHDZbn8IQTU8vcSfaGFcSwGF1t8kOTJiGd1UXp2I
 nLuYO+oBlJElOHBgzTn+W6yvgWz5NL9UMwTE9CZOcef0GAUTbbQ=
 =x1Jw
 -----END PGP SIGNATURE-----

Merge tag 'v2.11.9' into feature/v1-actions-execute-command-8034-2.11.9

Version 2.11.9

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE/QahNshZYA8kVY+rcVbnuuF3SgAFAmCvSioACgkQcVbnuuF3
# SgAZbw//c++hPaa4ldpanyP8fCYs3+36TsgheZvFbRmCp/nCzoRG102S3kusUQJB
# R2driSpvnay1mPDlMp7WXNZBg6zpf45K7C98hROis5zdXD3qAR8yXi3EOOfa+ANI
# irPbjVmrZ6gdfKaiI8gi6tc+P1aNjEfs8TZ3F1hp7EAgYwFB9nPlHLbH6n37W1Fc
# dwu3XBtTbTHqZtDPKeq9kQ9pJd20mEzm4boZLidicuJw0g7QllzP2Pzks6jLDplK
# 8EhpZ4Vg19LEcefXDm9seVWW6X3BxyXn0AKhvCYTD0ycQ5rdXUeAUjMwcHehq2Yo
# Np2JMdUcI1LD3Q5ZJwhiNraRAI112qWEyeUbyL9XFDuYCgcNpprQgu0j+3sRu3Mk
# 5QXMAaFFkTwga+f1VCdKhHFsf3xxTvPi288z71e2QRyOAMsgeQtsfSaJq+WFGeqL
# 14tDfq7SQimu27IJSkhFXx554Gu/P64ggYvmFhJ0F/sHDIbaWx+kOpKQX0eULN8P
# VqtiyoG/QlgrdPCOaA5nQnSa8+iaO6hA5boWtjXgSxTx040cwhg0CbYlmpzj8l1G
# MNDhgEprx3sAaCsYlgDczjyKEHDZbn8IQTU8vcSfaGFcSwGF1t8kOTJiGd1UXp2I
# nLuYO+oBlJElOHBgzTn+W6yvgWz5NL9UMwTE9CZOcef0GAUTbbQ=
# =x1Jw
# -----END PGP SIGNATURE-----
# gpg: Signatur vom Do 27 Mai 09:28:42 2021 CEST
# gpg:                mittels RSA-Schlüssel FD06A136C859600F24558FAB7156E7BAE1774A00
# gpg: Signatur kann nicht geprüft werden: No public key
 2021-10-22 18:56:08 +02:00
Alexander A. Klimov
caf697b868 API: hide ApiListener#ticket_salt 2021-07-09 09:30:01 +02:00
Noah Hilverling
013ff97ae1
Merge pull request #8870 from Icinga/bugfix/downtime-for-host-service-with-long-name-8022-211 
ConfigObjectUtility::GetObjectConfigPath(): hash names of not already existing objects
 2021-07-07 10:39:03 +02:00
Julian Brost
2131318c48 Add timeout for all new connections 
This commit adds a timeout for both establishing new outgoing and incoming
connections. This timeout applies to everything until the connection is in a
state where either JsonRpcConnection or HttpServerConnection takes over.
 2021-07-06 11:33:48 +02:00
Julian Brost
2dc5c9e47b GetObjectConfigPath: only truncate and hash comment and downtime filenames 
This partially reverts 68a0079c26686363b6202a8abd2712d2bf96d9f2 and keeps the
fix only for comment and downtime objects for now. For reasoning, please see
the comment in the code.
 2021-07-05 16:18:40 +02:00
Julian Brost
3db48de0e6 GetObjectPath: ensure use of escaped name in all cases and use TruncateUsingHash() 
68a0079c26686363b6202a8abd2712d2bf96d9f2 introduced two problems that are fixed
with this commit:
1. The new truncated/hashed name did not use EscapeName()
2. There was a possible collision of names when creating objects with a full
   name of format "[80 characters]...[40 hex digits]" (i.e. the same as the
   truncated/hashed variant but short enough that it isn't hashed)
 2021-07-05 16:18:40 +02:00
Alexander A. Klimov
c174456ed3 ConfigObjectUtility::GetObjectConfigPath(): hash names of not already existing objects 
... to avoid too long file names.

refs #8022
 2021-07-05 16:18:40 +02:00
Alexander A. Klimov
83eba2b316 ConfigObjectUtility#CreateObject(): check config objects for duplicates 
... not to delete already existing objects during a trial of re-creation.

refs #7726
 2021-05-25 19:39:17 +02:00
Julian Brost
058d267397 Use content_length method for setting the Content-Length header 
Boost.Beast changed the signature of the previously used generic `set`
method so that it no longer accepts integer types, however there is
alreay a more specific method for setting the Content-Length header, so
use this one instead.
 2021-05-20 16:28:30 +02:00
Julian Brost
c510fe4dfe Verify certificates against CRL before renewing them 
When a CRL is specified in the ApiListener configuration, Icinga 2 only
used it when connections were established so far, but not when a
certificate is requested. This allows a node to automatically renew a
revoked certificate if it meets the other conditions for auto-renewal
(issued before 2017 or expires in less than 30 days).
 2020-12-15 10:38:37 +01:00
Noah Hilverling
03b728b83e Fix runtime config updates not working for objects without zone 
refs #8533
 2020-12-10 17:07:04 +01:00
Julian Brost
905cf5aa65 Use ERR_error_string_n() instead of ERR_error_string() 
Explicitly pass the actual length of the buffer to avoid overflows.
 2020-12-09 12:23:07 +01:00
Julian Brost
7d546aa2d8 ApiListener: merge new config validation and actication functions 
Merge AsyncTryActivateZonesStage and TryActivateZonesStageCallback and
name the result TryActivateZonesStage. The old split was a leftover from
the one being a callback function with no actual meaningful separation.
 2020-11-27 11:24:17 +01:00
Julian Brost
a96e6c3861 Use std::mutex instead of Spinlock 2020-11-27 11:24:17 +01:00
Julian Brost
3081d9942d API filesync: wait for validation process to exit 
This avoid having to pass a lock implictly using the captured variables
of a lambda.
 2020-11-27 11:24:17 +01:00
Alexander A. Klimov
eb454b8517 Introduce Endpoint#capabilities 
refs #8034
 2020-11-20 17:41:45 +01:00
Alexander A. Klimov
11957d4ccc Introduce Endpoint#icinga_version 
... and set it to e.g. 21200 via icinga::Hello.
 2020-11-20 17:38:26 +01:00
Mattia Codato
edd32b4e26 AuthenticatedApiUser name refactor 2020-11-20 17:38:26 +01:00
Mattia Codato
ef3ed6b826 Make authenticatedApiUser a static property of ActionsHandler 2020-11-20 17:38:26 +01:00
Mattia Codato
cb8a083e11 Get API user from ActionsHandler 2020-11-20 17:38:26 +01:00
Benjamin Groeber
8bd829b4ae Allow apiactions to return sucecss http codes different from 200 2020-11-20 17:38:26 +01:00
Julian Brost
6b8a018afb
Merge pull request #8486 from Icinga/bugfix/config-sync-only-remove-files-if-timestamp-changed 
Config sync: Only remove files, if timestamp changed
 2020-11-16 17:36:42 +01:00
Noah Hilverling
f184c1bc57 Config sync: Only remove files, if timestamp changed 2020-11-16 17:33:20 +01:00
Noah Hilverling
c40a4c5cbc
Merge pull request #8475 from Icinga/bugfix/replay-log-blocks 
Start ApiListener#SyncClient() in the thread pool
 2020-11-16 14:34:40 +01:00
Noah Hilverling
cd819e3801
Merge pull request #8473 from Icinga/bugfix/message-routing-for-global-zones-2.11 
Fix cluster message routing for global zones
 2020-11-16 14:32:52 +01:00
Julian Brost
de44bf5e71 Close anonymous connections after 10 seconds 
Anonymous connections are normally only used for requesting a
certificate and are closed after this request is received. However, the
request is only sent if the child has successfully verified the
certificate of its parent so that it is an authenticated connection from
its perspective. In case this verification fails, both ends view it as
an anonymous connection and never actually use it but attempt a
reconnect after 10 seconds leaking the connection. Therefore close it
after a timeout.
 2020-11-13 16:33:04 +01:00
Alexander A. Klimov
ba87ae8109 Start ApiListener#SyncClient() in the thread pool 
... not hosting the coroutines not to block them.

Otherwise a large replay log would block messages sending
until the peer disconnects us.
 2020-11-12 14:14:20 +01:00
Julian Brost
1adfe851b1 Fix cluster message routing for global zones 
RelayMessageOne used to relay the message only to one other endpoint for
other zones, which is fine, as long as the target zone is a child/parent
zone but breaks if the target zone is a global one. In this case, the
message has to be forwarded within the local zone as well as to one node
in each child zone.
 2020-11-12 09:49:56 +01:00
Noah Hilverling
d80eb89908
Merge pull request #8457 from Icinga/bugfix/replay-object-deletion-2.11 
Log config object deletions to replay log
 2020-11-10 11:31:49 +01:00
Alexander Aleksandrovič Klimov
97cda44e7d
Merge pull request #8399 from Icinga/feature/one-connection 
ApiListener#NewClientHandlerInternal(): reject connections from already connected endpoints
 2020-11-10 11:17:21 +01:00
Alexander Aleksandrovič Klimov
3c97ab6d47
Merge pull request #8454 from Icinga/feature/http-status-codes-in-icinga-mainlog-7053 
Include HTTP status codes in log
 2020-11-10 11:13:26 +01:00
Noah Hilverling
b2a235c54a API: Don't accept object updates for unknown zone 2020-11-09 16:21:40 +01:00
Julian Brost
b330d8a74e Log config object deletions to replay log 
The initial config object sync for each new connection (in
`ApiListener::SendRuntimeConfigObjects()`) only considers currently
existing objects and has no way to pass the information that objects
were deleted in the meantime.

This commit logs config object deletions to the replay log if required
so that there is a chance that it will be propagated to nodes that were
offline when the deletion happened.

Note that this can only be considered a workaround as the replay log
might be pruned or could even be completely disabled. Also, there still
seems to be a race-condition between the config sync and replay log of
multiple new connections at the same time.
 2020-11-09 15:55:51 +01:00
Alexander A. Klimov
29e5d7def7 Include HTTP status codes in log 
refs #7053
 2020-11-09 10:20:13 +01:00
Alexander A. Klimov
38110e55d3 ApiListener#NewClientHandlerInternal(): reject connections from already connected endpoints 2020-10-26 15:20:58 +01:00
Julian Brost
c5ce54918e Catch exceptions in the thread running HandleConfigUpdate 
With dc3062a9b06fed69cdbb1508ace6eb2f77f87553, exceptions in this code
path were no longer caught properly. This commit restores exception
handling for this function.
 2020-10-13 14:27:47 +02:00
Alexander Aleksandrovič Klimov
dd8b786b3b
Merge pull request #8292 from Icinga/bugfix/icinga2-doesn-t-close-connections-7203-211 
Add timeout for boost::asio::ssl::stream#async_shutdown()
 2020-10-13 13:58:39 +02:00
Julian Brost
21b30322c9
Merge pull request #8308 from Icinga/bugfix/configsyncstagelock-unlock-owner 
Make ApiListener::m_ConfigSyncStageLock a SpinLock
 2020-10-13 13:37:08 +02:00
Alexander A. Klimov
b6b3ac0ab8 Make ApiListener::m_ConfigSyncStageLock a SpinLock 2020-10-02 17:54:36 +02:00
Alexander A. Klimov
b24f438daa Add timeout for boost::asio::ssl::stream#async_shutdown() 
refs #7203
 2020-09-28 15:39:33 +02:00
Noah Hilverling
198090d072
Merge pull request #8230 from Icinga/bugfix/open-connections-2116 
Fix open connections when agent waits for CA approval
 2020-09-14 09:32:31 +02:00
Alexander A. Klimov
a3626d8980 Buildfix 2020-09-11 17:07:40 +02:00
Alexander A. Klimov
89c188996b RequestCertificateHandler(): don't disconnect nodes already integrated into the cluster 
... not to cause a reconnect loop.
 2020-09-11 16:19:43 +02:00
Michael Insel
0ed108bfa2 Fix open connections when agent waits for CA approval 
This closes the agent connection when the certificate sign requests
waits for CA approval.

refs #7680
 2020-09-11 16:17:37 +02:00
Noah Hilverling
6701db4dba
Merge pull request #8225 from Icinga/bugfix/last-zone-sync-stage-validation-failed-7642-2116 
Clear ApiListener#last_failed_zones_stage_validation on config::Update if config not changed
 2020-09-11 14:24:50 +02:00
Alexander A. Klimov
9632d3f634 Clear ApiListener#last_failed_zones_stage_validation on config::Update if config not changed 
refs #7642
 2020-09-11 13:50:32 +02:00
Alexander A. Klimov
dcc3c32dcd Close connections w/o sucessful TLS handshakes during 10s 
refs #7805
 2020-09-11 11:07:50 +02:00
Noah Hilverling
a5370f7d15
Merge pull request #8097 from Icinga/bugfix/don-not-close-connection-on-missing-heartbeat-8095 
Don't close connection on missing heartbeat
 2020-07-29 14:12:07 +02:00
Yonas Habteab
a0a5348895 Remove all codes related to the heartbeat timeout 
until now, if the timeout is exceeded, the connection is immediately terminated.
But since we do not want to disconnect even if the timeout is exceeded, it is
better to send the messages without timeout and have deleted everything that
related to the heartbeat timeout. We also have another mechanism in
JRPC::CheckLiveness that does the disconnect.
 2020-07-29 14:10:42 +02:00