The following already works:
* Custom key sizes, e.g. 2048 bits
* Custom key types, e.g. ECC
* Multiple trusted root CAs in `/var/lib/icinga2/certs/ca.crt`
* Different root CAs per cluster subtree, as long as each node trusts the
issuers of the certificates of all nodes it's directly connected to
* Any number of intermediate CAs
* Update 10-icinga-template-library.md
Explicitly name the config-sync check feature of the icinga check, as before this was a little bit too undocumented making it unknown to me.
Also mention where the check has to executed in order to bring the desired results.
* Update 15-troubleshooting.md
Add 4h typical error point for configuration stored outside of /etc/icinga2/zones.d. For when a non-distributed setup was migrated to a distributed setup.
Also link to the internal icinga CheckCommand to promote its existance.
* Update 15-troubleshooting.md
Remove "-" from link
* Revert "Update 15-troubleshooting.md"
This reverts commit bb25ba3ff5.
* Update AUTHORS
Add myself to AUTHORS
* Update doc/15-troubleshooting.md
Co-authored-by: alvar <8402811+oxzi@users.noreply.github.com>
* Update doc/10-icinga-template-library.md
Co-authored-by: alvar <8402811+oxzi@users.noreply.github.com>
* Update doc/15-troubleshooting.md
Co-authored-by: alvar <8402811+oxzi@users.noreply.github.com>
---------
Co-authored-by: alvar <8402811+oxzi@users.noreply.github.com>
For check_procs, both the Monitoring Plugins' implementation[0] and the
Nagios Plugin[1] are supporting the "-X" or "--exclude-process" flag to
exclude one or many processes by name. However, this flag is missing
here in the Icinga Template Library.
The Nagios Plugin implementation also comes with "-j" and "-g" for
FreeBSD jails and Linux cgroups, respectively. But, to keep it
compatible, I would ignore these for the moment.
Closes#10226.
[0]: https://www.monitoring-plugins.org/doc/man/check_procs.html
[1]: https://nagios-plugins.org/doc/man/check_procs.html
This is a good alternative to `icinga2 feature enable debuglog`:
* Object creation/deletion via API happens immediately and requires no restart
* Hence, the debug log is enabled exactly as long as desired
Co-authored-by: alvar <8402811+oxzi@users.noreply.github.com>
The Redis ACL system was introduced with Redis 6.0. It introduced users
with precisely granular permissions. This change allows Icinga 2 to use
the Icinga DB feature against a Redis with an ACL user.
This was reflected in the documentation, next to the already
implemented, but undocumented Redis database.
Closes#9536.
Each configuration field of an IcingaDB Object was marked with
no_user_modify as modifications via the API would not result in an
actual change. While the Object would be updated, the internal Redis
connection would not be restarted, resulting in an unexpected behavior.
The missing db_index was added to the documentation.
We instruct the users to build as root and chown just /usr/local/icinga2/var, but at least `icinga2 api setup` also needs to modify /usr/local/icinga2/etc.
* check_ssl_cert: integrate new option to set maximum validity
check_ssl_cert has a new option with a new default: --maximum-validity. This change allows for services to use that option to override the default of 397 days. It is needed, if you have internal certificates that have a longer duration.
---------
Co-authored-by: Alexander A. Klimov <alexander.klimov@icinga.com>