Commit Graph

13930 Commits

Author SHA1 Message Date
Alexander Aleksandrovič Klimov 383773eb2b
Merge pull request #10264 from Icinga/DependencyGraph-ConfigObject
DependencyGraph: use ConfigObject*, not Object*
2024-12-18 13:36:56 +01:00
Alexander A. Klimov 3a09cf72d6 DependencyGraph: use ConfigObject*, not Object*
This saves dynamic_cast<ConfigObject*> + if() on every item of GetChildren().
2024-12-17 18:33:05 +01:00
Julian Brost 452386cdb6
Merge pull request #10005 from Icinga/graceful-tls-disconnect
Add a dedicated method for disconnecting TLS connections
2024-12-12 16:20:14 +01:00
Julian Brost 3642ca3369
Merge pull request #10263 from Icinga/DependencyGraph-parent-child
DependencyGraph: switch "parent" and "child" terminology
2024-12-12 15:13:08 +01:00
Julian Brost a506d562ae Add comment for remaining uses of async_shutdown() why it's safe
The reason for introducing AsioTlsStream::GracefulDisconnect() was to handle
the TLS shutdown properly with a timeout since it involves a timeout. However,
the implementation of this timeout involves spwaning coroutines which are
redundant in some cases. This commit adds comments to the remaining calls of
async_shutdown() stating why calling it is safe in these places.
2024-12-12 12:10:59 +01:00
Julian Brost e6d103d0dd HttpServerConnection: use AsioTlsStream::GracefulDisconnect()
This new helper function has proper timeout handling which was missing here.
2024-12-12 12:10:59 +01:00
Julian Brost 007e3fbe7e JsonRpcConnection: use AsioTlsStream::GracefulDisconnect()
This new helper functions allows deduplicating the timeout handling for
`async_shutdown()`.
2024-12-12 12:10:59 +01:00
Julian Brost 56d5811283 AsioTlsStream: add GracefulDisconnect() and ForceDisconnect()
Calling `AsioTlsStream::async_shutdown()` performs a TLS shutdown which
exchanges messages (that's why it takes a `yield_context`) and thus has the
potential to block the coroutine. Therefore, it should be protected with a
timeout. As `async_shutdown()` doesn't simply take a timeout, this has to be
implemented using a timer. So far, these timers are scattered throughout the
codebase with some places missing them entirely. This commit adds helper
functions to properly shutdown a TLS connection with a single function call.
2024-12-12 12:10:59 +01:00
Alexander A. Klimov 188ba53b74 DependencyGraph: switch "parent" and "child" terminology
The .ti files call `DependencyGraph::AddDependency(this, service.get())`. Obviously, `service.get()` is the parent and `this` (Downtime, Notification, ...) is the child. The DependencyGraph terminology should reflect this not to confuse its future users.
2024-12-04 10:57:30 +01:00
Julian Brost e50eb52291
Merge pull request #9825 from Icinga/Al2Klimov-patch-8
Doc: Distributed Monitoring: add section "External CA/PKI"
2024-12-02 10:00:55 +01:00
Alexander Aleksandrovič Klimov 8f51f54f19
Merge pull request #10221 from Icinga/Al2Klimov-patch-7
JsonRpcConnection: don't write new messages on shutdown
2024-11-29 09:24:10 +01:00
Julian Brost b8f6d7344d
Merge pull request #10258 from Icinga/Al2Klimov-patch-11
GHA: Linux: don't track all supported distro versions
2024-11-27 17:20:25 +01:00
Julian Brost 57df92fa51
Merge pull request #10141 from Icinga/log-slow-http-rpc-processing
Log HTTP/RPC message processing stats
2024-11-27 17:15:36 +01:00
Alexander A. Klimov cca5f6603b GHA: Linux: don't track all supported distro versions
Instead just give a generic explanation per distro.
2024-11-27 15:20:28 +01:00
Alexander A. Klimov 501175229c Doc: Distributed Monitoring: add section "External CA/PKI"
The following already works:

* Custom key sizes, e.g. 2048 bits
* Custom key types, e.g. ECC
* Multiple trusted root CAs in `/var/lib/icinga2/certs/ca.crt`
* Different root CAs per cluster subtree, as long as each node trusts the
  issuers of the certificates of all nodes it's directly connected to
* Any number of intermediate CAs
2024-11-27 14:49:06 +01:00
Yonas Habteab 4564c068fe JsonRpcConnection: Log message processing time stats
Co-Authored-By: Julian Brost <julian.brost@icinga.com>
2024-11-27 09:57:38 +01:00
Yonas Habteab e0b053cbe1 HttpServerConnection: Log noticable CPU semaphore wait time 2024-11-27 09:57:38 +01:00
Julian Brost 4b884ea953
Merge pull request #10253 from Icinga/Al2Klimov-patch-11
GHA: update supported Fedora versions
2024-11-27 09:54:30 +01:00
Julian Brost 5c7bbf17c5
Merge pull request #10251 from Icinga/drop-ubuntu-23-10
GHA: Drop ubuntu 23.{04,10} (EOL)
2024-11-26 16:19:05 +01:00
Alexander Aleksandrovič Klimov 22b36b7cfb
GHA: update supported Fedora versions
Add v41, drop EOL v37, v38.
2024-11-26 11:15:53 +01:00
Christian Lauf b7335841a3
Enhance documentation regarding internal icinga config sync check (#10101)
* Update 10-icinga-template-library.md

Explicitly name the config-sync check feature of the icinga check, as before this was a little bit too undocumented making it unknown to me.
Also mention where the check has to executed in order to bring the desired results.

* Update 15-troubleshooting.md

Add 4h typical error point for configuration stored outside of /etc/icinga2/zones.d. For when a non-distributed setup was migrated to a distributed setup.
Also link to the internal icinga CheckCommand to promote its existance.

* Update 15-troubleshooting.md

Remove "-" from link

* Revert "Update 15-troubleshooting.md"

This reverts commit bb25ba3ff5.

* Update AUTHORS

Add myself to AUTHORS

* Update doc/15-troubleshooting.md

Co-authored-by: alvar <8402811+oxzi@users.noreply.github.com>

* Update doc/10-icinga-template-library.md

Co-authored-by: alvar <8402811+oxzi@users.noreply.github.com>

* Update doc/15-troubleshooting.md

Co-authored-by: alvar <8402811+oxzi@users.noreply.github.com>

---------

Co-authored-by: alvar <8402811+oxzi@users.noreply.github.com>
2024-11-26 10:52:05 +01:00
Yonas Habteab a19246aca7 GHA: Drop ubuntu 23.{04,10} (EOL) 2024-11-25 17:10:08 +01:00
Yonas Habteab 3218908595
Merge pull request #10214 from Icinga/useless-http-coroutines
HttpServerConnection: Don't spawn useless coroutines
2024-11-19 15:53:54 +01:00
Yonas Habteab 2931aea9bb
Merge pull request #7818 from Icinga/bugfix/no_more_notifications-7758
Don't set Notification#no_more_notifications on custom notifications
2024-11-15 14:43:12 +01:00
Alexander A. Klimov 35a705752f Don't set Notification#no_more_notifications on custom notifications 2024-11-15 13:03:22 +01:00
Alexander Aleksandrovič Klimov 211bae87b5
Merge pull request #10205 from Icinga/Al2Klimov-patch-11
openSUSE install docs: remove false info
2024-11-15 11:30:03 +01:00
Yonas Habteab f3e7f193c2
Merge pull request #10232 from Icinga/itl-check_procs-exclude-process
ITL: Add --exclude-process to check_procs
2024-11-15 10:19:58 +01:00
Yonas Habteab 5c0f9bfdaa HttpServerConnection: Don't spawn useless coroutines
Currently, for each `Disconnect()` call, we spawn a coroutine, but every
one of them is just usesless, except the first one. However, since all
`Disconnect()` usages share the same asio strand and cannot interfere
with each other, spawning another coroutine within `Disconnect()` isn't
even necessary. When a coroutine calls `Disconnect()` now, it will
immediately initiate an async shutdown of the socket, potentially causing
the coroutine to yield and allowing the others to resume. Therefore, the
`m_ShuttingDown` flag is still required by the coroutines to be checked
regularly.
2024-11-14 16:47:01 +01:00
Yonas Habteab d68ee3fcf8
Merge pull request #10224 from Icinga/Empty-constant
Make icinga::Empty constant to prevent accidental changes
2024-11-14 10:35:36 +01:00
Alvar Penning e620f9515b
ITL: Add --exclude-process to check_procs
For check_procs, both the Monitoring Plugins' implementation[0] and the
Nagios Plugin[1] are supporting the "-X" or "--exclude-process" flag to
exclude one or many processes by name. However, this flag is missing
here in the Icinga Template Library.

The Nagios Plugin implementation also comes with "-j" and "-g" for
FreeBSD jails and Linux cgroups, respectively. But, to keep it
compatible, I would ignore these for the moment.

Closes #10226.

[0]: https://www.monitoring-plugins.org/doc/man/check_procs.html
[1]: https://nagios-plugins.org/doc/man/check_procs.html
2024-11-13 09:36:06 +01:00
Alexander Aleksandrovič Klimov 7a20d987f6
Merge pull request #10231 from Icinga/probot/sync-changelog/master/cf162e85d013a95fa31107284bdc969410de4bd7 2024-11-12 22:00:09 +01:00
Alexander A. Klimov dfa2912983 CHANGELOG.md: add v2.14.3 2024-11-12 19:21:36 +00:00
Alexander Aleksandrovič Klimov cf162e85d0
Merge pull request #10230 from Icinga/probot/sync-changelog/master/1d37a60d1b6d62875bb0c2d4c7151157123bb48a 2024-11-12 20:21:25 +01:00
Alexander A. Klimov fa480f225a CHANGELOG.md: add v2.13.10 2024-11-12 17:46:17 +00:00
Alexander Aleksandrovič Klimov 1d37a60d1b
Merge pull request #10229 from Icinga/probot/sync-changelog/master/67175c43c0c09dfba50bed8eff33a66c4b37062d
CHANGELOG.md: add v2.11.12
2024-11-12 18:46:05 +01:00
Alexander A. Klimov d9b280be7b CHANGELOG.md: add v2.11.12 2024-11-12 16:04:47 +00:00
Julian Brost 67175c43c0
Merge pull request #10102 from Icinga/icingadb-redis-username
Icinga DB: Config no_user_modify and Support Redis username authentication
2024-11-12 17:04:20 +01:00
Julian Brost 5817e7666b
Merge commit from fork
Security: fix TLS certificate validation bypass
2024-11-12 15:01:57 +01:00
Alexander A. Klimov 09160ea9eb Make icinga::Empty constant to prevent accidental changes 2024-11-11 16:31:04 +01:00
Alexander Aleksandrovič Klimov aa7f159a0f
JsonRpcConnection: don't write new messages on shutdown
In fact, this is already done for the outer loop (for each bulk), just not yet for the inner one (for each message of a bulk). So once the remote signals EOF, don't try to process the remaining queue until write error (which can't be associated with a particular message anyway, due to buffering), but just let the peer go. Flush already half-written messages, though, if possible.
2024-11-07 17:32:12 +01:00
Alexander Aleksandrovič Klimov 9a8620d923
Merge pull request #10213 from Icinga/do-not-read-data-on-disconnect
JsonRpcConnection: Don't read any data on shutdown
2024-11-07 12:32:02 +01:00
Alexander Aleksandrovič Klimov 0fde1ef632
Merge pull request #10215 from Icinga/Al2Klimov-patch-3
Atomic<T>#Atomic(T): fix C++ compliance
2024-11-06 13:33:46 +01:00
Alexander Aleksandrovič Klimov fb64c4f057
Atomic#Atomic(): remove superfluous atomic write 2024-11-06 11:37:02 +01:00
Alexander Aleksandrovič Klimov a77259adc1
Atomic<T>#Atomic(T): fix C++ compliance
by not calling `std::atomic<T>::atomic(void)`.

After the latter the instance "does not contain a T object, and its only valid uses are destruction and initialization by std::atomic_init" which we don't call. So the only safe option is `std::atomic<T>::atomic(T)`.

https://en.cppreference.com/w/cpp/atomic/atomic/atomic
2024-11-05 13:15:22 +01:00
Yonas Habteab 1c34610a78 JsonRpcConnection: Don't read any data on shutdown
When the `Desconnect()` method is called, clients are not disconnected
immediately. Instead, a new coroutine is spawned using the same strand
as the other coroutines. This coroutine calls `async_shutdown` on the
TCP socket, which might be blocking. However, in order not to block
indefintely, the `Timeout` class cancels all operations on the socket
after `10` seconds. Though, the timeout does not trigger the handler
immediately; it creates spawns another coroutine using the same strand
as in the `JsonRpcConnection` class. This can cause unexpected delays if
e.g. `HandleIncomingMessages` gets resumed before the coroutine from the
timeout class. Apart from that, the coroutine for writing messages uses
the same condition, making the two symmetrical.
2024-10-31 17:09:13 +01:00
Yonas Habteab d894792c36
Merge pull request #10209 from Icinga/log-error-context-only-once
ApiListener: Log error context only once
2024-10-31 13:14:42 +01:00
Alexander Aleksandrovič Klimov 5f487aff1b
Merge pull request #10201 from Icinga/Validation-failed
Remove redundant "Validation failed" prefix from ValidationError exceptions
2024-10-31 12:30:39 +01:00
Yonas Habteab 8574357443 ApiListener: Log error context only once
When logging at the warning level, the logger will automatically look up
for registered context and append them to the log entry accordingly.
2024-10-30 16:55:13 +01:00
Yonas Habteab 92399a9d9c
Merge pull request #10208 from Icinga/unused-variables
JsonRpcConnection: Drop unused `m_NextHeartbeat` variable
2024-10-30 16:34:46 +01:00
Alexander Aleksandrovič Klimov 65a642dbee
Merge pull request #9981 from Icinga/Al2Klimov-patch-3
Document how to enable/disable Debug Output on the fly
2024-10-30 16:18:45 +01:00