tyler.durden/icinga2
1
0
Fork 0
mirror of https://github.com/Icinga/icinga2.git synced 2025-08-23 10:38:16 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,231 Commits 275 Branches 124 Tags
Commit Graph

1050 Commits

Author SHA1 Message Date
Julian Brost
0690a1ce70 testing 2024-02-09 17:13:45 +01:00
Julian Brost
04cbeac49e Log long-running and long-waiting CpuBoundWork tasks 2024-02-09 17:13:45 +01:00
Yonas Habteab
5c844504e5 HttpServerConnection: Drop superfluous CpuBoundWork usage 2024-02-09 16:03:26 +01:00
Yonas Habteab
dbf1ebdc82 EventsHandler: Drop superfluous CpuBoundWork usage 2024-02-09 12:13:40 +01:00
Yonas Habteab
cd7d413d9e Drop redundant CpuBoundWork usages in lib/remote 2024-02-09 12:13:40 +01:00
Julian Brost
78c5ebd588 HttpServerConnection: log disconnected message after the client was actually disconnected 
Previously, the "HTTP client disconnected" message was logged before shutting
down the connection even started.
 2024-02-09 12:05:09 +01:00
Julian Brost
1a11ad2147 HttpServerConnection: add timeout for TLS shutdown in Disconnect() 
`async_shutdown()` performs a TLS shutdown, which exchanges messages, which can
hang. Therefore, it has to be protected by a timeout that cancels it if needed.
 2024-02-09 12:05:09 +01:00
Julian Brost
06584c2880 HttpServerConnection: use exceptions for error handling 
When a HTTP connection dies prematurely while the response is sent,
`http::async_write()` sets the error code to something like broken pipe for
example. When calling `async_flush()` afterwards, it sometimes happens that
this never returns. This results in a resource leak as the coroutine isn't
cleaned up. This commit makes the individual functions throw exceptions instead
of silently ignoring the errors, resulting in the function terminating early
and also resulting in an error being logged as well.
 2024-02-09 12:05:09 +01:00
Yonas Habteab
2054525e78 Drop redundant CpuBoundWork usage in JsonRpcConnection::Disconnect() 
Although there is locking involved here, it shoudln't take too long for
the thread to actually acquire it, since there aren't that many threads
dealing with endpoint clients concurrently. It's just wasting pointless
time trying to obtain a CPU slot.
 2024-02-09 11:06:28 +01:00
Alexander A. Klimov
7a8bd0f6ea RequestCertificateHandler(): also renew if CA needs a renewal 
and a newer one is available.
 2023-12-18 17:07:44 +01:00
Alexander A. Klimov
e7a50f3e7c ApiListener#Start(): auto-renew CA on its owner 
otherwise it would expire.
 2023-12-18 17:07:44 +01:00
Alexander A. Klimov
1e31bc13f0 ApiListener#RenewCert(): enable optional CA creation 2023-12-18 17:07:44 +01:00
Alexander A. Klimov
e0e10a7efa ApiListener#NewClientHandlerInternal(): on basic_socket#cancel() (due to timeout) don't ssl::stream#async_shutdown() 
If a connection hangs for too long in ApiListener#NewClientHandler(),
ApiListener#AddConnection()'s Timeout calls boost::asio::basic_socket#cancel()
on that connection to trigger an exception which unwinds
ApiListener#NewClientHandler(). Previously that unwind could trigger a Defer
which called boost::asio::ssl::stream#async_shutdown() which extended the hang.
 2023-07-03 17:16:26 +02:00
Alexander Aleksandrovič Klimov
6dfc21f9bd
Merge pull request #9678 from Icinga/181b213 
Bump Boost to v1.81
 2023-02-16 16:23:50 +01:00
Alexander A. Klimov
34844c146d Deduplicate and stabilize fragile filesystem transactions 
by using AtomicFile so they ensure all or nothing of a file gets replaced.
 2023-02-15 17:19:57 +01:00
Alexander A. Klimov
f84ffdad68 Handle boost::beast::http::basic_fields#operator[]() signature change (v1.81) 
Use always working std::string(x), not broken x.to_string().
(x is a return value.)
 2023-02-15 10:41:31 +01:00
Yonas Habteab
adc42e101d Evaluate permission filters also on all joined relations 2022-10-31 13:01:12 +01:00
Yonas Habteab
02524f5993 ObjectQueryHandler: Check user permissions on joined relations 2022-10-31 13:01:12 +01:00
Yonas Habteab
21b55cb1ac FilterUtility: Outsource permission matching from CheckPermission() to a separate method 2022-10-31 13:01:12 +01:00
Julian Brost
e289ec689e
Merge pull request #9337 from Icinga/Al2Klimov-patch-3-213 
Let new cluster certificates expire after 397 days, not 15 years
 2022-04-11 21:20:39 +02:00
Julian Brost
5ea4c24c0e
Merge pull request #9335 from Icinga/bugfix/startup-log-213 
Place startup.log and status in /var/lib/icinga2/api, not /var/lib/icinga2/api/zones-stage
 2022-04-11 18:40:16 +02:00
Julian Brost
8b58de4431
Merge pull request #9333 from Icinga/bugfix/compare-cluster-tickets-in-constant-time-213 
Compare cluster tickets in constant time
 2022-04-11 16:30:51 +02:00
Alexander A. Klimov
763431aa35 Protect ApiListener#m_SSLContext with a mutex 2022-04-11 12:43:54 +02:00
Alexander A. Klimov
f63b364d91 Renew certificates also periodically 2022-04-11 12:43:54 +02:00
Alexander A. Klimov
ed3862782f ApiListener#Start(): auto-renew own cert if CA owner 
otherwise that particular cert would expire.
 2022-04-11 12:43:54 +02:00
Alexander A. Klimov
88d2da22f4 Introduce ApiListener#RenewCert() 2022-04-11 12:43:54 +02:00
Alexander A. Klimov
83911d0e05 Introduce IsCertUptodate() 2022-04-11 12:43:54 +02:00
Alexander A. Klimov
1ffc9f8120 Request certificate renewal also master2->master1 
not only sat->master to prevent master2's certificate from expiring.
 2022-04-11 12:43:53 +02:00
Alexander A. Klimov
4fb9e7421e Write also /var/lib/icinga2/api/zones-stage-startup-last-failed.log 
in addition to /var/lib/icinga2/api/zones-stage-startup.log
to prevent the next success to overwrite the last failure.
 2022-04-11 12:28:12 +02:00
Alexander A. Klimov
3b03050340 Place startup.log and status in /var/lib/icinga2/api, not /var/lib/icinga2/api/zones-stage 
not to loose them.
 2022-04-11 12:28:12 +02:00
Alexander A. Klimov
18067df94d Compare cluster tickets in constant time 
Just to be sure.
 2022-04-11 11:42:06 +02:00
Yonas Habteab
8037a2f384 ConfigStagesHandler: Don't allow concurrent package updates anymore 
To prevent Icinga2 from being restarted while
one or more requests are still in progress and end up
as corrupted stages without status file and startup logs.
 2022-04-07 11:58:04 +02:00
Yonas Habteab
668eb4bd0a ConfigPackageUtility: Don't reset ongoing package updates on config validation success and process is going to be reloaded 2022-04-07 11:58:04 +02:00
Alexander Aleksandrovič Klimov
3aa2289c59
Merge pull request #8946 from Icinga/bugfix/old-packages 
ConfigPackageUtility::ValidatePackageName(): always tolerate already existing packages
 2021-08-02 20:27:27 +02:00
Alexander A. Klimov
57df803e35 ConfigPackageUtility::ValidatePackageName(): always tolerate already existing packages 
... not to require migrating invalid ones.
 2021-08-02 15:40:14 +02:00
Alexander A. Klimov
c1df4b70f5 ConfigPackageUtility::PackageExists(): accept invalid package names, too 2021-08-02 15:40:14 +02:00
Alexander A. Klimov
c666f81361 De-couple package and stage name validation 2021-08-02 15:40:14 +02:00
Alexander A. Klimov
504fdda76c Introduce DEFAULT_CONNECT_TIMEOUT 2021-07-27 21:57:02 +02:00
Alexander A. Klimov
7f7637c9b8 Introduce DEFAULT_TLS_CIPHERS and DEFAULT_TLS_PROTOCOLMIN 2021-07-22 11:12:33 +02:00
Alexander A. Klimov
80a1128ec7 Introduce SetupSslContext() 2021-07-22 11:12:33 +02:00
Julian Brost
9f43c143d7
Merge pull request from GHSA-98wp-jc6q-x5q5 
API: hide ApiListener#ticket_salt
 2021-07-15 11:13:35 +02:00
Alexander A. Klimov
07d768f166 API: hide ApiListener#ticket_salt 2021-07-02 16:29:53 +02:00
Alexander Aleksandrovič Klimov
692f5aa615
Merge pull request #8718 from Icinga/feature/tls-1.3 
Support TLS 1.3
 2021-06-29 17:52:55 +02:00
Julian Brost
0e7a05ad7a Support TLS 1.3 2021-06-29 11:08:47 +02:00
Noah Hilverling
8af66ce44c
Merge pull request #8710 from Icinga/feature/windows-event-log 
Add support for Windows Event Log and write early log messages to it
 2021-06-24 09:19:50 +02:00
Noah Hilverling
1fae2f3974
Merge pull request #8769 from Icinga/bugfix/new-connection-timeout 
Add timeout for full Icinga connection handshake
 2021-06-24 09:18:37 +02:00
Alexander Aleksandrovič Klimov
2cd9c1d902
Merge pull request #8835 from Icinga/bugfix/api-filename-truncation 
Fix/restrict truncation of filenames for API-created objects
 2021-06-23 12:06:31 +02:00
Julian Brost
56060bc8d5 ApiListener: Deprecate tls_handshake_timeout in favor of connect_timeout 2021-06-23 11:21:42 +02:00
Julian Brost
84d778580f Add timeout for all new connections 
This commit adds a timeout for both establishing new outgoing and incoming
connections. This timeout applies to everything until the connection is in a
state where either JsonRpcConnection or HttpServerConnection takes over.
 2021-06-23 11:21:42 +02:00
Julian Brost
36ce7d961f Rename silent parameter of ConfigItem::ActivateItems() 
As silent now no longer only controls the generation of log messages, a better
name is required. This changes its name, inverts its value to reflect the new
name and adds a documentation comment.
 2021-06-21 16:07:36 +02:00