Commit Graph

49 Commits

Author SHA1 Message Date
Julian Brost 67175c43c0
Merge pull request #10102 from Icinga/icingadb-redis-username
Icinga DB: Config no_user_modify and Support Redis username authentication
2024-11-12 17:04:20 +01:00
Alvar Penning 98f60fd78e
Icinga DB: Support Redis username authentication
The Redis ACL system was introduced with Redis 6.0. It introduced users
with precisely granular permissions. This change allows Icinga 2 to use
the Icinga DB feature against a Redis with an ACL user.

This was reflected in the documentation, next to the already
implemented, but undocumented Redis database.

Closes #9536.
2024-10-24 09:18:19 +02:00
Alexander A. Klimov 7a4ba59961 Remove redundant "Validation failed" prefix from ValidationError exceptions
ValidationError#ValidationError() already prefixes #m_What,
which #what() returns, with "Validation failed for object".
2024-10-23 13:06:12 +02:00
Alexander A. Klimov ba7102cae3 Explicitly stop started timers and wait for them
before permitting their parent objects' destruction.
For the cases where the handlers have raw pointers to these objects.
2023-04-14 14:52:04 +02:00
Alexander A. Klimov 21b68455ce Use Timer::Create() instead of new Timer()
git ls-files -z |xargs -0 perl -pi -e 's/\bnew Timer\b/Timer::Create/g'

ex. in Timer::Create() itself.
2023-04-04 10:35:20 +02:00
Julian Brost 9b24056e05
Merge pull request #9346 from Icinga/icingadb-check
Introduce Icinga DB check (like the IDO one)
2022-06-28 18:24:29 +02:00
Julian Brost 2fafffb85f Icinga DB Check: fix race-condition with IcingaDB::Start()
IcingaDB::GetConnection() uses IcingaDB::m_Rcon which is only initialized in
IcingaDB::Start(), therefore add a nullptr check to the check command.
Additionally, as m_Rcon is potentially accessed concurrently, add a copy of the
value that is safe for concurrent use.
2022-06-28 13:33:00 +02:00
Alexander A. Klimov 88c8d29ee6 Remove Icinga DB perfdata from Icinga check
as the Icinga DB check already yields it.
2022-06-22 13:25:29 +02:00
Julian Brost 6b4681ee9e Icinga DB: make error message more helpful if API isn't set up 2022-06-20 14:57:19 +02:00
Julian Brost ad218c9a12 Icinga DB: initialize environment ID during config validation
IcingaDB may receive callbacks from Boost signals before being fully started.
This resulted in situations where m_EnvironmentId was used before it was
initialized properly. This is fixed by initializing it earlier (during the
config validation stage). However, at this stage, it should not yet write to
disk, therefore, persisting the environment ID to disk is delayed until later
in the startup process.

Initializing at this stage has an extra benefit: if there is an error for some
reason (possibly corrupt icingadb.env file), this now shows up as a nice error
during config validation.

Additionally, this replaces the use of std::call_once with std::mutex due to
bug in libstdc++ (see inline comment for reference).
2022-06-10 14:19:58 +02:00
Alexander A. Klimov 6b5106ffdd IcingaDB#Stop(): don't block shutdown, timeout instead 2022-03-02 16:39:44 +01:00
Alexander A. Klimov 50fee6aeb9 Icinga DB: include amount of history kept in memory in /v1/status 2022-03-02 16:39:37 +01:00
Alexander A. Klimov 8ea62f7fc7 Icinga DB: keep history in memory until written to Redis
by putting the messages into a Bulker and retrying each chunk.
2022-03-02 16:39:37 +01:00
Julian Brost 6007848146 IcingaDB: export environment_id via API
Primarily required for Icinga DB integration tests at the moment, but could
also be helpful in other situations.
2021-11-05 14:14:37 +01:00
Julian Brost 4ade4c757b IcingaDB: write new environment to icinga:stats stream 2021-11-05 14:14:37 +01:00
Julian Brost 525dd50859 IcingaDB: introduce a new environment ID derived from the CA public key
In order to avoid changes to the environment ID, it is now no longer derived
from the Environment constant but instead from the public key of the CA
certificate. This ensures that it is different between clusters by default, so
no additional changes have to be done to allow two clusters to use Icinga DB to
write into the same database.

To prevent the ID from changing when the CA certificate is replaced, it is also
persisted into the file /var/lib/icinga2/icingadb.env, so if that file exists,
it takes precedence over the CA certificate.
2021-11-05 14:14:37 +01:00
Julian Brost 929ebd0f6c IcingaDB: start initial sync after all child connections are established
Icinga started the initial config sync right after the first Redis connection
was established. If any other connections would take longer to connect than
when it's first needed, queries were discarded.
2021-07-28 15:27:32 +02:00
Julian Brost a50120c399 IcingaDB: start parent connection after children are initialized
The loop in the connected callback of the parent connection uses m_Rcons which
previously was only initialized after that connection was already started.
2021-07-28 15:27:20 +02:00
Alexander A. Klimov 0919df5aa1 Introduce IcingaDB#connect_timeout 2021-07-27 21:59:09 +02:00
Alexander Aleksandrovič Klimov 9169c805a8
Merge pull request #8933 from Icinga/bugfix/icinga-db-only-start-multiple-redis-connections-after-the-first-one-succeeded-8920
Icinga DB: only start multiple Redis connections after the first one succeeded
2021-07-27 21:52:21 +02:00
Alexander Aleksandrovič Klimov 2d75bbd8ed
Merge pull request #8915 from Icinga/bugfix/icingadb-prio-state
Icinga DB: priorize state > config
2021-07-27 20:22:26 +02:00
Alexander A. Klimov e45b43a4d9 Icinga DB: only start multiple Redis connections after the first one succeeded
refs #8920
2021-07-27 12:21:04 +02:00
Alexander A. Klimov ae9b371128 Icinga DB: priorize state > config
I.e. do the following in parallel (highest priority first):

* Stream state changes to icinga:runtime:state
* Sync config and initial state,
  then let queued runtime updates to the just synced state pass
2021-07-26 16:39:18 +02:00
Alexander A. Klimov 37e53eaa68 Icinga DB: support TLS 2021-07-22 14:34:07 +02:00
Alexander A. Klimov 67c4ebedd3 Combine all Redis connections' logs 2021-07-16 18:50:41 +02:00
Alexander Aleksandrovič Klimov b2c3ff6b27
Merge pull request #8638 from Icinga/feature/icingadb-multi-conns
Icinga DB: use one Redis connection per config object type
2021-06-23 18:01:04 +02:00
Alexander A. Klimov d1e15a220c Icinga DB: use one Redis connection per config object type 2021-06-08 17:52:04 +02:00
Julian Brost 9f6cbc38f2
Merge pull request #8754 from Icinga/feature/icingadb-replace-lua-with-xadd-maxlen
Icinga DB: Use XADD ... MAXLEN 1 instead of a custom Lua script
2021-06-04 13:52:30 +02:00
Noah Hilverling 4005d81a43 Icinga DB: Sync state using runtime updates 2021-05-07 08:41:38 +02:00
Julian Brost a5dc52dea5 IcingaDB: use XADD MAXLEN instead of custom Lua script for heartbeats
The existing Lua script adds a new entry to a stream and then deletes all older
entries. The same can be achieved by using `XADD ... MAXLEN 1`.
2021-05-03 17:21:11 +02:00
Noah Hilverling aca8d063dc Icinga DB: Change redis key prefix to 'icinga:*' 2021-04-27 21:27:46 +02:00
Julian Brost 41f7124692 Icinga DB: cache environment ID instead of recomputing it every time 2021-03-23 17:09:32 +01:00
Alexander A. Klimov ed57d31400 Icinga DB: HMSET the same fields only once 2021-02-24 13:37:36 +01:00
Julian Brost 2d080f14eb IcingaDB: start initial dump in callback instead of timer
Previously, the initial config dump was started in a timer executed
every 15 seconds. During the first execution of the timer, the Redis
connection is typically not established yet. Therefore, this delayed the
initial sync by up to 15 seconds.

This commit instead triggers the sync from a callback that is executed
after the connection is successfully established.

The timer is removed completely. On first glance, it looks like it would
ensure that a lost connection is reestablished, but this is handled
internally by RedisConnection. After the config has been dumped once,
that timer wouldn't ever attempt a reconnect anyways.
2021-01-20 09:31:27 +01:00
Alexander A. Klimov fc72cca70e Icinga DB: don't use the work queue for publishing stats 2020-05-15 11:17:25 +02:00
Alexander A. Klimov ff0efbc2a2 Drop IcingaDB#HandleEvents() 2020-03-04 14:37:17 +01:00
Alexander A. Klimov 54d555bd92 Drop IcingaDB#SendEvent() 2020-03-04 14:36:43 +01:00
Alexander A. Klimov 867481de7c Connect IcingaDB::StateChangeHandler to Checkable::OnAcknowledgementSet instead of calling it in IcingaDB#SendEvent() 2020-03-04 14:36:07 +01:00
Alexander A. Klimov efa548fbdf Connect IcingaDB::UpdateState to Checkable::OnNewCheckResult instead of calling it in IcingaDB#SendEvent() 2020-03-04 14:34:43 +01:00
Alexander A. Klimov f6f7d9b635 IcingaDB: suppress state sync until config sync finished 2019-12-18 13:41:56 +01:00
Noah Hilverling 5b8b777691 IcingaDB: Add timestamp to stats stream 2019-12-05 10:34:41 +01:00
Alexander A. Klimov 416e1d72bf IcingaDB#PublishStats(): make icinga:stats a stream 2019-12-03 12:01:13 +01:00
Alexander A. Klimov e391c0e7b5 RedisConnection: introduce extensible priorities 2019-12-02 17:21:00 +01:00
Alexander A. Klimov ba6550dc58 IcingaDB: get rid of icinga:{subscription,event}* 2019-11-27 11:42:09 +01:00
Michael Friedrich 9d9804d50a Styleguide for IcingaDB 2019-11-02 18:01:31 +01:00
Michael Friedrich 904f2ce7d4 IcingaDB: Silence some developer logging 2019-11-02 15:47:51 +01:00
Michael Friedrich 61d9130dd0 Fix Copyright headers 2019-11-02 14:00:24 +01:00
Alexander A. Klimov 071a1489aa PUBLISH to icinga:stats with high priority
refs #57
2019-11-02 14:00:24 +01:00
Alexander Aleksandrovič Klimov 13ab7eb609 Rename redis to icingadb 2019-11-02 14:00:24 +01:00