tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,543 Commits 347 Branches 117 Tags 180 MiB
Commit Graph

1939 Commits

Author SHA1 Message Date
Julian Brost fe13b96226
Merge pull request #9809 from Icinga/reevaluate-and-update-default-tls-cipher-list-9808 
Copy and paste global default TLS cipher set from ssl-config.mozilla.org
 2023-07-03 19:13:10 +02:00
Alexander A. Klimov 617dda61fb Re-order global default TLS cipher list to prefer AES256 over AES128 2023-07-03 15:36:11 +02:00
Julian Brost a2e05f89e8 Enable built-in OpenSSL DH parameters to allow DHE TLS ciphers 
Non-ECC DHE ciphers in the `cipher_list` attribute of `ApiListener` (the
default value includes these) had no effect as no DH parameters were available
and therefore the server wouldn't offer these ciphers. OpenSSL provides
built-in DH parameters starting from version 1.1.0, however, these have to be
enables explicitly using the `SSL_CTX_set_dh_auto()` function. This commit does
so and thereby makes it possible to establish a connection to an Icinga 2
server using a DHE cipher.
 2023-06-29 12:06:26 +02:00
Alexander A. Klimov 2e053b0e06 Copy and paste global default TLS cipher set from ssl-config.mozilla.org 
which got more secure by now, but still overlaps with v2.13.x' set.
 2023-06-28 14:49:08 +02:00
Julian Brost b0899d9ab4
Merge pull request #8429 from Icinga/bugfix/last-reload-attempt-failed-8428 
Share "Last reload attempt failed" time across Icinga process tree on *nix
 2023-05-30 11:42:21 +02:00
Julian Brost 2470e930eb
Merge pull request #9643 from Icinga/hardware_concurrency 
Always use Configuration#Concurrency, not `std:🧵:hardware_concurrency()`
 2023-05-23 19:23:14 +02:00
Alexander A. Klimov 3fae41ef22 Restart thread pool after freezing Configuration 
The user (-D) or we could have changed Configuration.Concurrency,
so correct the thread pool's thread amount.
 2023-05-23 14:41:35 +02:00
Alexander A. Klimov 32eb1680f7 Configuration.Concurrency: default to 1 until Configuration freeze 
not to start many threads before the user could override their amount (-D).
 2023-05-11 16:59:47 +02:00
Alexander A. Klimov 8fb5d53118 Track Configuration.Concurrency modifications 2023-05-11 15:41:35 +02:00
Alexander A. Klimov 5c330e9d4f Share "Last reload attempt failed" time across Icinga process tree on *nix 
... as only the umbrella process knows that time,
but the icinga check running in the main process also needs to know it.

refs #8428
 2023-05-08 14:42:21 +02:00
Julian Brost af9d67b262
Merge pull request #9726 from Icinga/43624b 
Remove -and notify- expired downtimes immediately, not every 60s II
 2023-05-02 11:25:03 +02:00
Alexander A. Klimov ba7102cae3 Explicitly stop started timers and wait for them 
before permitting their parent objects' destruction.
For the cases where the handlers have raw pointers to these objects.
 2023-04-14 14:52:04 +02:00
Alexander A. Klimov a66ace7245 Introduce SharedMemory 2023-04-04 13:40:27 +02:00
Alexander A. Klimov c41e5fd05d Support multiple redundant Timer#Start() calls 
so that only the first one changes l_AliveTimers (as in Timer#Stop()).
 2023-04-04 10:35:22 +02:00
Alexander A. Klimov 298f3b1973 Timer: actually support non-periodic timers 2023-04-04 10:35:22 +02:00
Alexander A. Klimov 3933502739 Timer#Start(): don't unnecessarily unlock/lock l_TimerMutex 
via new Timer#InternalRescheduleUnlocked()
 2023-04-04 10:35:22 +02:00
Alexander A. Klimov 13b9cfda41 Timer::TimerThreadProc(): don't unnecessarily unlock and lock l_TimerMutex 2023-04-04 10:35:22 +02:00
Alexander A. Klimov 1badbab002 Timer::TimerThreadProc(): keep a Timer alive while it's running 
to prevent the case: Timer callback destroys parent object -> destroys
Timer -> ~Timer() -> Stop(true) -> waits for the Timer callback to finish
-> deadlock.
 2023-04-04 10:35:22 +02:00
Alexander A. Klimov 9b00c1c4dd Timer: drop unnecessary base class 2023-04-04 10:35:22 +02:00
Alexander A. Klimov 24681b30f6 Make Timer::Ptr a std::shared_ptr 2023-04-04 10:35:22 +02:00
Alexander A. Klimov 9ee4d08722 Make Timer#Timer() private to enforce Timer::Create() usage 2023-04-04 10:35:22 +02:00
Alexander A. Klimov 21b68455ce Use Timer::Create() instead of new Timer() 
git ls-files -z |xargs -0 perl -pi -e 's/\bnew Timer\b/Timer::Create/g'

ex. in Timer::Create() itself.
 2023-04-04 10:35:20 +02:00
Alexander A. Klimov bb1f574b69 Introduce factory method Timer::Create() 2023-04-04 10:35:10 +02:00
Alexander A. Klimov 335688909b Document why Timer::TimerThreadProc() can use Timer members during Timer#~Timer() call 2023-03-29 18:04:19 +02:00
Julian Brost 66b039df9c
Merge pull request #9497 from Icinga/9249 
Application::Exit(): don't exit(), but _exit(), even in debug build mode
 2023-03-10 16:04:54 +01:00
Alexander Aleksandrovič Klimov 55930c8042
ProcessSpawnImpl(): remove redundant _exit(128); 
Now this if doesn’t _exit(128) by itself, but "return" to the outer if which immediately _exit(128)s.
 2023-03-02 12:45:15 +01:00
Julian Brost cf517050bc
Merge pull request #9711 from Icinga/connect-cancel 
Connect(): don't try next DNS record if operation is canceled
 2023-03-01 15:49:53 +01:00
Alexander A. Klimov 79f1e0666a Connect(): don't try next DNS record if operation is canceled 
Instead return immediately to meet the caller's expectations.
 2023-02-28 10:57:54 +01:00
Julian Brost bda8be343b
Merge pull request #9662 from Icinga/Repair#9627 
Repair DSL Namespace values being constant broken in #9627
 2023-02-20 16:35:36 +01:00
Julian Brost d9767cff3f
Merge pull request #9675 from Icinga/third-party/nlohmann_json 
Update third-party/nlohmann_json to v3.9.1
 2023-02-20 15:31:32 +01:00
Julian Brost 3023009804
Merge pull request #9653 from Icinga/9631 
Setup all signal handlers with SA_RESTART flag
 2023-02-14 17:55:09 +01:00
Alexander A. Klimov 34d0b942b9 Update third-party/nlohmann_json to v3.9.1 
the latest version w/o Apache 2.0 licensed code which conflicts with GPL 2.
 2023-02-14 16:19:44 +01:00
Julian Brost e074e892ce
Merge pull request #9658 from Icinga/unfreeze 
Dictionary#*(): remove bool overrideFrozen if unused
 2023-02-10 19:42:00 +01:00
Alexander A. Klimov f3f2c943c7 ScriptGlobal::Set(): don't explicitly give Namespace#Set() its default values 2023-02-10 15:55:10 +01:00
Alexander A. Klimov e61b380808 Call Namespace#Set(), not #SetFieldByName() 
Namespace#SetFieldByName() calls #Set() anyway.
 2023-02-10 15:53:30 +01:00
Alexander A. Klimov 683095a165 Make globals.Internal values non-const by default 
That namespace is internal anyway.

Previous commit, icinga2 console:
Error: Constants must not be removed.

This commit fixes it.
 2023-02-10 15:47:25 +01:00
Alexander A. Klimov 02df94a46a Repair DSL Namespace values being constant broken in #9627 
master before #9627 (a0286e9c6):

<1> => namespace n { x = 42; x = 42 }
                             ^^^^^^
Constant must not be modified.
<2> =>

HEAD of #9627 (24b57f0d3):

<1> => namespace n { x = 42; x = 42 }
null
<2> =>
 2023-02-10 15:43:01 +01:00
Julian Brost 0dd35bb960
Merge pull request #9657 from Icinga/shared_mutex-Dictionary 
Use a shared_mutex for read `Dictionary` operations
 2023-02-10 15:15:52 +01:00
Alexander A. Klimov e9846f1827 ScriptGlobal::Set(): remove unused bool overrideFrozen 2023-02-10 11:33:46 +01:00
Alexander A. Klimov cd78da13d3 Dictionary#Clear(): remove unused bool overrideFrozen 2023-02-10 11:33:46 +01:00
Alexander A. Klimov 270c6392d4 Dictionary#Remove(): remove unused bool overrideFrozen 2023-02-10 11:33:46 +01:00
Alexander A. Klimov ca547d0292 Use a shared_mutex for read `Dictionary` operations 
This allows multiple parallel read operations resulting
in a overall speedup on systems with many cores.
 2023-02-10 11:31:51 +01:00
Alexander A. Klimov a9341eb4a0 Setup all signal handlers with SA_RESTART flag 
so interrupted syscalls get auto-restarted and callers
don't get or have to handle the EINTR error.
 2023-02-03 14:46:45 +01:00
Julian Brost c51037725a
Merge pull request #9466 from Icinga/flush-temp-files 
Deduplicate and stabilize fragile filesystem transactions
 2023-02-02 16:29:11 +01:00
Julian Brost fd1aa73d25 Fix config sync after freezing namespaces 
This was accidentally broken by #9627 because during config sync, a config
validation happens that uses `--define System.ZonesStageVarDir=...` which fails
on the now frozen namespace.

This commit changes this to use `Internal.ZonesStageVarDir` instead. After all,
this is used for internal functionality, users should not directly interact
with this flag.

Additionally, it no longer freezes the `Internal` namespace which actually
allows using `Internal.ZonesStageVarDir` in the first place. This also fixes
`--define Internal.Debug*` which was also broken by said PR. Freezing of the
`Internal` namespace is not necessary for performance reasons as it's not
searched implicitly (for example when accessing `globals.x`) and should users
actually interact with it, they should know by that name that they are on their
own.
 2023-02-01 12:29:47 +01:00
Alexander A. Klimov c953ba1206 Remove redundant ThreadPool#m_Threads 2023-01-27 16:34:11 +01:00
Alexander A. Klimov 288ad68649 ThreadPool#ThreadPool(): remove unused parameter 2023-01-27 16:32:29 +01:00
Alexander A. Klimov d22fdf2a7a Introduce AtomicFile#GetTempFilename() 2023-01-27 12:03:59 +01:00
Alexander A. Klimov 0367c9e099 Remove unused Utility::CreateTempFile() 2023-01-27 12:03:59 +01:00
Alexander A. Klimov b92fe23469 Deduplicate and stabilize fragile filesystem transactions 
by using AtomicFile so they ensure all or nothing of a file gets replaced.
 2023-01-27 12:03:56 +01:00