Commit Graph

328 Commits

Author SHA1 Message Date
Julian Brost 67175c43c0
Merge pull request #10102 from Icinga/icingadb-redis-username
Icinga DB: Config no_user_modify and Support Redis username authentication
2024-11-12 17:04:20 +01:00
Alvar Penning 98f60fd78e
Icinga DB: Support Redis username authentication
The Redis ACL system was introduced with Redis 6.0. It introduced users
with precisely granular permissions. This change allows Icinga 2 to use
the Icinga DB feature against a Redis with an ACL user.

This was reflected in the documentation, next to the already
implemented, but undocumented Redis database.

Closes #9536.
2024-10-24 09:18:19 +02:00
Alvar Penning 57fab7f39e
Icinga DB: Config no_user_modify
Each configuration field of an IcingaDB Object was marked with
no_user_modify as modifications via the API would not result in an
actual change. While the Object would be updated, the internal Redis
connection would not be restarted, resulting in an unexpected behavior.

The missing db_index was added to the documentation.
2024-10-24 09:18:09 +02:00
Alexander A. Klimov 7a4ba59961 Remove redundant "Validation failed" prefix from ValidationError exceptions
ValidationError#ValidationError() already prefixes #m_What,
which #what() returns, with "Validation failed for object".
2024-10-23 13:06:12 +02:00
Alexander A. Klimov dc4869c3aa IcingaDB::TimestampToMilliseconds(): limit output to four year digits
Too high timestamps may overflow uint64_t (and the YYYY format) and negative
ones don't fit into uint64_t. Those may crash our Go daemon.
2024-09-30 16:54:40 +02:00
Yonas Habteab 26f43b0b48 IcingaDB: Don't sync partially initialised objects 2024-09-11 14:08:27 +02:00
Alexander A. Klimov f9adf18111 IcingaDB#SerializeState(): limit execution_time and latency to 2^32-1
not to write higher values into Redis than the Icinga DB schema can hold.
This fixes yet another potential Go daemon crash.
2024-05-15 12:55:41 +02:00
Alexander Aleksandrovič Klimov 6c03598678
Merge pull request #9896 from Icinga/provide-cancel_time-where-has_been_cancelled-may-be-1
Disallow triggering a cancelled downtime, but provide cancel_time in Icinga DB downtime history where has_been_cancelled may be 1
2023-12-20 10:03:09 +01:00
Alexander A. Klimov 7174dc864d IcingaDB#SendConfigDelete(): fix missing nullptr check before deref 2023-11-10 17:43:33 +01:00
Alexander A. Klimov 9aaa9901bd Icinga DB downtime history: provide cancel_time where has_been_cancelled may be 1
The table sla_history_downtime requires a downtime_end.
The Go daemon takes the cancel_time if has_been_cancelled is 1.
So we must supply a cancel_time whereever has_been_cancelled is 1.
Otherwise the Go daemon can't process some entries.
2023-11-08 15:22:39 +01:00
Alexander Aleksandrovič Klimov e5d988a2fe
Merge pull request #7799 from Icinga/bugfix/file-end
Fix file endings
2023-08-25 11:06:19 +02:00
Julian Brost a2926b8604
Merge pull request #9794 from Icinga/round-notification-times-begin-end-not-to-crash-go-daemon
IcingaDB::PrepareObject(): round Notification#times.{begin,end} not to crash Go daemon
2023-06-27 17:08:41 +02:00
Alexander A. Klimov dccb678882 IcingaDB::PrepareObject(): cut off (null) negative Notification#times.{begin,end} not to crash Go daemon
At least our PostgreSQL schema enforces positive values.
2023-06-27 12:58:08 +02:00
Alexander A. Klimov 415b810abf IcingaDB::PrepareObject(): round Notification#times.{begin,end} not to crash Go daemon
The latter expects ints, not floats - not to mention strings.
Luckily Icinga already enforces numeric strings so that we can cast it to number.
2023-06-27 12:53:08 +02:00
Julian Brost 9cf519316e
Merge pull request #9805 from Icinga/checkcommand-timeout-0-crashes-icinga-db-daemon-9804
IcingaDB::PrepareObject(): cut off (0) negative Command#timeout for Redis
2023-06-27 10:45:02 +02:00
Julian Brost c08d3beeb1
Merge pull request #9785 from Icinga/Al2Klimov-patch-8
Icinga DB: also write ConfigObject#original_attributes into Redis
2023-06-27 10:24:41 +02:00
Julian Brost bd11bc2eb4
Merge pull request #9793 from Icinga/unmarshal-number-42-5-into-go-struct-field-notification-notification_interval
IcingaDB::PrepareObject(): round Notification#interval and limit it to >=0
2023-06-27 10:12:13 +02:00
Alexander A. Klimov d641a3c799 IcingaDB::PrepareObject(): cut off (0) negative Command#timeout for Redis
not to crash the Go daemon which expects positive values there.
2023-06-26 15:36:47 +02:00
Alexander A. Klimov 273aa6f997 IcingaDB::PrepareObject(): round Notification#interval and limit it to >=0
otherwise, e.g. with -42.5, the Go daemon crashes. It expects uints there.
2023-06-19 12:46:40 +02:00
Alexander A. Klimov 9f08bad395 IcingaDB::PrepareObject(): convert non-null Checkable#check_timeout to number
and, in case of null, fall back to Checkable#check_command.timeout, just like
IcingaDB#SerializeState(). Otherwise the Go daemon crashes. It expects a number.
2023-06-15 12:29:42 +02:00
Alexander A. Klimov 385fe2fd76 Icinga DB: also write ConfigObject#original_attributes into Redis
for the case the Go daemon decides to sync them into DB.
2023-06-12 12:53:25 +02:00
Julian Brost 8a42c3bf18
Merge pull request #9775 from Icinga/icingadb-service-crashes-on-negative-downtime-duration-or-end-before-start-9774
Icinga DB: don't write negative Downtime durations into Redis
2023-05-31 11:37:42 +02:00
Alexander A. Klimov 75eaa81c06 Icinga DB: don't write negative Downtime durations into Redis
via `std::max(0, x)` not to crash the Go daemon which can't handle such.
2023-05-30 17:56:03 +02:00
Alexander A. Klimov ad618e9716 Icinga DB feature: normalize *Command.arguments[*].{required,skip_key,repeat_key} to boolean
At the moment, the Icinga DB feature will use that value as-is and
serialize it to JSON, resulting in a crash in Icinga DB down the road
because it expects a boolean.
2023-05-24 16:04:14 +02:00
Alexander A. Klimov 9376a311ea Fix file endings
git ls-files -z \
	|grep -zEe '^lib/' \
	|grep -zEe '\.[ch]pp$' \
	|xargs -0 perl -p0i -e 's/\n*(?!(?:.|\n))/\n/'
2023-05-17 18:05:13 +02:00
Alexander A. Klimov ba7102cae3 Explicitly stop started timers and wait for them
before permitting their parent objects' destruction.
For the cases where the handlers have raw pointers to these objects.
2023-04-14 14:52:04 +02:00
Alexander A. Klimov 21b68455ce Use Timer::Create() instead of new Timer()
git ls-files -z |xargs -0 perl -pi -e 's/\bnew Timer\b/Timer::Create/g'

ex. in Timer::Create() itself.
2023-04-04 10:35:20 +02:00
Alexander A. Klimov f2974c07cf Centralise default icinga.* and env.* macros 2023-02-17 15:33:36 +01:00
Alexander A. Klimov b2b49caf61 Macros: support $env.ENV_VAR_NAME$
refs #6259
2023-02-10 17:21:29 +01:00
Julian Brost 1c066fc02e Simplify NamespaceValue class hierarchy to one struct without member functions
This commit removes EmbeddedNamespaceValue and ConstEmbeddedNamespaceValue and
reduces NamespaceValue down to a simple struct without inheritance or member
functions. The code from these clases is inlined into the Namespace class. The
class hierarchy determining whether a value is const is moved to an attribute
of NamespaceValue.

This is done in preparation for changes to the locking in the Namespace class.
Currently, it relies on a recursive mutex. In the future, a shared mutex
(read/write lock) should be used instead, which cannot allow recursive locking
(without failing or risk deadlocking on lock upgrades). With this change, all
operations requiring a lock for one operation are within one function, no
recursive locking is not needed any more.
2023-01-19 17:55:11 +01:00
Julian Brost 91cbb856fe
Merge pull request #9521 from Icinga/noop-log-msgs
Logger: don't render log messages which will be disposed anyway
2022-10-11 19:05:03 +02:00
Yonas Habteab a656444d78 RedisConnection: Don't log queries that are going to be discarded 2022-10-11 13:28:08 +02:00
Julian Brost 2a4dc083ae
Merge pull request #9524 from Icinga/introduce-object-idx
Introduce object identifier attr
2022-10-07 10:19:59 +02:00
Yonas Habteab 85c77bd878 IcingaDB: Cache generated object hash 2022-09-12 17:23:06 +02:00
Alexander A. Klimov 5e9f95c007 Icinga DB: on every check result update state only 1x, not 3x in a row
Before (time: vertical, stack: horizontal):

* Checkable::ExecuteCheck
  * Checkable::UpdateNextCheck
    * IcingaDB::NextCheckChangedHandler
      * HSET icinga:host:state
      * HSET icinga:checksum:host:state
      * ZADD icinga:nextupdate:host
  * RandomCheckTask::ScriptFunc
    * Checkable::ProcessCheckResult
      * Checkable::UpdateNextCheck
        * IcingaDB::NextCheckChangedHandler
          * HSET icinga:host:state
          * HSET icinga:checksum:host:state
          * ZADD icinga:nextupdate:host
      * IcingaDB::NewCheckResultHandler
        * HSET icinga:host:state
        * HSET icinga:checksum:host:state
        * ZADD icinga:nextupdate:host
  * IcingaDB::StateChangeHandler
    * XADD icinga:runtime:state
    * IcingaDB::ForwardHistoryEntries
      * XADD icinga:history:stream:state

After:

* Checkable::ExecuteCheck
  * Checkable::UpdateNextCheck
  * RandomCheckTask::ScriptFunc
    * Checkable::ProcessCheckResult
      * Checkable::UpdateNextCheck
      * IcingaDB::NewCheckResultHandler
        * HSET icinga:host:state
        * HSET icinga:checksum:host:state
        * ZADD icinga:nextupdate:host
  * IcingaDB::StateChangeHandler
    * XADD icinga:runtime:state
    * IcingaDB::ForwardHistoryEntries
      * XADD icinga:history:stream:state

The first state + nextupdate (for overdue) update comes from next_check being
set to now + interval immediately before doing the actual check (not to trigger
it twice). This update is not only not important for the end user, but even
inappropriate. The end user SHALL see next_check being e.g. in -4s, not 5m, as
the check is running at the moment.

The second one is just redundant as IcingaDB::NewCheckResultHandler (the third
one) is called anyway and will update state + nextupdate as well.
2022-09-06 10:10:14 +02:00
Alexander A. Klimov a2362ebf17 IcingaDB::VersionChangedHandler(): don't handle not synced types
not to surprise (and crash) the Icinga DB daemon with unknown types.
2022-08-10 13:24:44 +02:00
Alexander A. Klimov 32871ca40c IcingaDB::SendCustomVarsChanged(): don't delete custom vars of not synced types
not to surprise (and crash) the Icinga DB daemon with unknown types.
2022-08-10 11:40:53 +02:00
Julian Brost bd2118c4cd
Merge pull request #9420 from Icinga/IcingaDB-soft_state
Icinga DB: icinga:*:state: rename state to soft_state
2022-06-29 12:24:52 +02:00
Alexander A. Klimov ba9a5c614c Icinga DB: icinga:*:state: rename state to soft_state 2022-06-29 11:49:06 +02:00
Julian Brost 9b24056e05
Merge pull request #9346 from Icinga/icingadb-check
Introduce Icinga DB check (like the IDO one)
2022-06-28 18:24:29 +02:00
Julian Brost 3222fab05a Icinga DB Check: don't check runtime update backlog during full sync 2022-06-28 13:33:00 +02:00
Julian Brost 4f125753bf Icinga DB Check: ignore suppressed queries in Redis backlog check
If some kind of query is not supposed to be processed at the moment, there is
little point in checking it. During a full dump, state updates are suppressed
(i.e. delayed), so when a dump takes very long, this would have resulted in a
false Redis backlog warning.
2022-06-28 13:33:00 +02:00
Julian Brost 5550fb713c Icinga DB Check: include ongoing dumps in OK message
Also use the "current" and "full dump/sync" terminology in the other messages.
2022-06-28 13:33:00 +02:00
Julian Brost 3ded7a9268 Icinga DB Check: rename dump/sync related perfdata values
Scope all values using current/last instead of takes/took.
2022-06-28 13:33:00 +02:00
Julian Brost e36bc92a2c Icinga DB Check: add unit hints to all rates 2022-06-28 13:33:00 +02:00
Julian Brost eaae7d5863 Icinga DB Check: update not connected message
The check makes no attempt to explicitly connect to Redis, it uses the
connection of the IcingaDB feature, so this message better describes the state
in this situation.
2022-06-28 13:33:00 +02:00
Julian Brost 2fafffb85f Icinga DB Check: fix race-condition with IcingaDB::Start()
IcingaDB::GetConnection() uses IcingaDB::m_Rcon which is only initialized in
IcingaDB::Start(), therefore add a nullptr check to the check command.
Additionally, as m_Rcon is potentially accessed concurrently, add a copy of the
value that is safe for concurrent use.
2022-06-28 13:33:00 +02:00
Julian Brost 953e113465 Icinga DB Check: remove markdown headings from output
icingadb-web shows multiple lines from the check output collapsed into a single
line. The lines containing just minuses make this look cluttered and making
making it a heading provides little to no benefit. Even when rendering markdown
in the check output at some point, having the lists labeled using normal
paragraphs would look just fine.
2022-06-28 13:33:00 +02:00
Julian Brost c59d44cd8b Icinga DB Check: rename perfdata values
- Add icinga2_ and icingadb_ prefixes to make clear which component is
  responsible for the value.
- Rename heartbeat_lag to heartbeat_age, describes it better in my opinion and
  sound a bit less like something that should be as close to zero as possible.
- Rename redis_dump/database_sync into full_dump/full_sync as this is how these
  operations are refered to in log messages as well.
- Rename Redis backlog into Redis query backlog, makes it a bit clearer in my
  opinion.
- Rename runtime_backlog into runtime_update_backlog, as the component in
  Icinga DB is called that way and this naming is also exposed in log messages.
- Rename dump_config/state/history into config/state/history_dump, makes it
  sound more natural.
2022-06-28 13:33:00 +02:00
Julian Brost d0382f71ab Icinga DB Check: rename variables from takes to duration
Sounds more natural in my opinion and I doubt that many users would get that
due to the difference between takes/took, this refers to ongoing dumps.
2022-06-28 13:33:00 +02:00