Commit Graph

679 Commits

Author SHA1 Message Date
Alexander A. Klimov 5c330e9d4f Share "Last reload attempt failed" time across Icinga process tree on *nix
... as only the umbrella process knows that time,
but the icinga check running in the main process also needs to know it.

refs #8428
2023-05-08 14:42:21 +02:00
Alexander A. Klimov 2ee776b5ab Disallow config modifications via API during reload
Once the new main process has read the config,
it misses subsequent modifications from the old process otherwise.
2023-04-12 14:45:40 +02:00
Julian Brost e87e1ea73f Freeze globals namespace during config load
This allows for a faster config load due to less locking required.

The change is slightly backwards-incompatible. Before, you could manipulate the
globals namespace at a later stage, but disallowing this feels reasonable for
the performance benefit alone (which especially shows on many-core machines).
Apart from that, it's doubtful if doing so is even useful at all as the DSL
provides no mechanism for you to synchronize your operations that may run in
parallel. The data structures itself are protected from race conditions, but
anything implemented on top of this may still be subject to race conditions.
And even if some user has a good reason for doing this, there's a feasible
workaround by creating your own namespace like globals.mutable and using that
instead.
2023-03-30 18:07:51 +02:00
Alexander A. Klimov 5b63407d15 Forbid dependency cycles 2023-02-06 12:33:48 +01:00
Julian Brost c51037725a
Merge pull request #9466 from Icinga/flush-temp-files
Deduplicate and stabilize fragile filesystem transactions
2023-02-02 16:29:11 +01:00
Julian Brost 3eb85797ce
Merge pull request #9622 from Icinga/9563
Main process: ignore SIGHUP
2023-02-02 11:36:13 +01:00
Alexander Aleksandrovič Klimov 4e021e0105
Merge pull request #9648 from Icinga/frozen-namespace-config-validation
Fix config sync after freezing namespaces
2023-02-01 17:07:57 +01:00
Julian Brost 2b43354080
Merge pull request #8744 from Icinga/bugfix/unnecessary-chown-8743
NodeUtility::WriteNodeConfigObjects(): avoid unneccessary Utility::SetFileOwnership()
2023-02-01 14:27:46 +01:00
Julian Brost fd1aa73d25 Fix config sync after freezing namespaces
This was accidentally broken by #9627 because during config sync, a config
validation happens that uses `--define System.ZonesStageVarDir=...` which fails
on the now frozen namespace.

This commit changes this to use `Internal.ZonesStageVarDir` instead. After all,
this is used for internal functionality, users should not directly interact
with this flag.

Additionally, it no longer freezes the `Internal` namespace which actually
allows using `Internal.ZonesStageVarDir` in the first place. This also fixes
`--define Internal.Debug*` which was also broken by said PR. Freezing of the
`Internal` namespace is not necessary for performance reasons as it's not
searched implicitly (for example when accessing `globals.x`) and should users
actually interact with it, they should know by that name that they are on their
own.
2023-02-01 12:29:47 +01:00
Alexander A. Klimov fd93feaec7 Include Utility::SetFileOwnership() inside FS transactions
to make them even more atomic.
2023-01-27 12:03:59 +01:00
Alexander A. Klimov b92fe23469 Deduplicate and stabilize fragile filesystem transactions
by using AtomicFile so they ensure all or nothing of a file gets replaced.
2023-01-27 12:03:56 +01:00
Alexander A. Klimov d059885d9b Main process: ignore SIGHUP
On OpenBSD rcctl reload icinga2 SIGHUPs all "icinga2" processes,
not just our umbrella. We must handle this.
2023-01-03 18:29:31 +01:00
Alexander A. Klimov f71612d8f3 icinga2 object list: warn on possibly outdated config 2022-11-24 10:50:17 +01:00
Alexander A. Klimov 0767c6ef87 icinga2 daemon -C: write icinga2.debug only if --dump-objects given
to save config (re)load time.
2022-11-23 12:54:33 +01:00
Alexander A. Klimov 61f7e029cb Replace two-variants enum with bool 2022-10-07 15:14:33 +02:00
Alexander A. Klimov 22bfcf9ac5 icinga2 daemon: remove no-op SIGCHLD handling
1. Don't set a custom handler for SIGCHLD (in the umbrella process)
   as that handler doesn't actually handle SIGCHLD anymore
2. Don't reset the SIGCHLD handler (in the worker process)
   as there's nothing to reset anymore due to the above change
3. Don't block SIGCHLD across fork(2) as its handler doesn't change anymore
   due to the above changes
2022-09-07 12:12:09 +02:00
Alexander A. Klimov 3de714489c Remove unused UnixWorkerState::Failed 2022-09-07 12:08:33 +02:00
Alexander A. Klimov df9008bfc4 StartUnixWorker(): watch forked child via waitpid(), not SIGCHLD handler
Before:

On SIGCHLD from the forked worker the umbrella process sets a failure flag.
StartUnixWorker() recognises that and does waitpid(), failure message, etc..
On OpenBSD we can't tell the signal source, so we always set the failure flag.
That's not how our IPC shall work, that breaks the IPC sooner or later.

After:

No SIGCHLD handling and no failure flag setting.
Instead StartUnixWorker()'s wait loop uses waitpid(x,y,WNOHANG)
to avoid false positives while watching the forked worker.
2022-09-07 11:46:46 +02:00
Yonas Habteab a0607aceff Fix compiler warnings don't move local variables 2022-02-22 17:51:43 +01:00
Alexander Aleksandrovič Klimov 58e329bc03
Merge pull request #7874 from Icinga/feature/sd_notify-7329
sd_notify() systemd about what we're doing right now
2021-06-28 18:20:15 +02:00
Julian Brost 36ce7d961f Rename silent parameter of ConfigItem::ActivateItems()
As silent now no longer only controls the generation of log messages, a better
name is required. This changes its name, inverts its value to reflect the new
name and adds a documentation comment.
2021-06-21 16:07:36 +02:00
Alexander A. Klimov f0c763465b sd_notify() systemd about what we're doing right now
refs #7329
2021-06-01 18:07:39 +02:00
Alexander A. Klimov c2fa95e9ce NodeUtility::WriteNodeConfigObjects(): avoid unneccessary Utility::SetFileOwnership()
refs #8743
2021-04-29 19:14:59 +02:00
Alexander Aleksandrovič Klimov ef8619f76b
Merge pull request #8601 from Icinga/feature/replace-std-boost-bind-with-lambdas-7006
Feature: Replace std/boost::bind() with lambdas
2021-03-18 17:56:13 +01:00
Yonas Habteab 43ba2da39c Replace std/boost::bind() function with lambda expression 2021-03-10 16:29:40 +01:00
Alexander Aleksandrovič Klimov aa4f53009e
Merge pull request #8614 from Icinga/bugfix/runworker-exceptions
Improve handling of exceptions thrown by RunWorker
2021-02-08 16:22:35 +01:00
Julian Brost 54a8c7b434 Try to log useful information for exceptions thrown by RunWorker 2021-02-05 15:43:27 +01:00
Alexander A. Klimov c3388e9af6 Use std::mutex, not boost::mutex 2021-02-03 09:54:57 +01:00
Julian Brost d7833a5977 Catch exceptions thrown by RunWorker on Windows
The same is already done on other platforms in line 529.
2021-01-27 15:48:28 +01:00
Alexander Aleksandrovič Klimov 986bedd9a0
Merge pull request #8594 from Icinga/feature/remove-upq-from-activate-items
Remove upq from ConfigItem::ActivateItems
2021-01-15 12:09:57 +01:00
Alexander A. Klimov 931b9307ae StartUnixWorker(): don't exit() on fork() failure
... but let the caller handle the failure.

Not to stop working completely just because of fork() failure during a reload.
2021-01-14 13:40:18 +01:00
Julian Brost 0c6abc817b Remove upq from ConfigItem::ActivateItems
Since commit d9010c7b9f, ActivateItems no
longer uses the WorkQueue upq to perform tasks but instead performs
these locally. One instance of `upq.Join()`/`upq.HasExceptions()`
remained in the function, but I believe this was just missed when
removing the `upq.Enqueue()` call just before.

This commit removes the corresponding parameter and updates all call
sites accordingly.
2021-01-13 15:19:55 +01:00
Alexander Aleksandrovič Klimov d996d1e201
Merge pull request #8580 from bebehei/typo
Fix typo seemless -> seamless
2021-01-11 13:45:08 +01:00
Alexander Aleksandrovič Klimov 862add5f3f
Merge pull request #8512 from Icinga/bugfix/zombie-processes
Revert "icinga2 daemon: reap remaining child processes after reload"
2021-01-11 11:38:20 +01:00
Benedikt Heine 8a455e8150 Fix typo seemless -> seamless 2020-12-25 23:27:08 +01:00
Alexander A. Klimov 8c6bfdcf54 Revert "icinga2 daemon: reap remaining child processes after reload"
This reverts commit 91265a5b0e
which isn't needed anymore as Icinga 2 isn't PID 1 anymore.
2020-12-14 13:38:35 +01:00
Julian Brost 4c0247c02d Allow specifying a CRL in `icinga2 pki verify` 2020-12-09 12:12:01 +01:00
Julian Brost e86bd24348 Verify certificates against CRL before renewing them
When a CRL is specified in the ApiListener configuration, Icinga 2 only
used it when connections were established so far, but not when a
certificate is requested. This allows a node to automatically renew a
revoked certificate if it meets the other conditions for auto-renewal
(issued before 2017 or expires in less than 30 days).
2020-12-09 12:10:59 +01:00
Alexander Aleksandrovič Klimov 4926353269
Merge pull request #8277 from Icinga/bugfix/latency-8196
Call Process::InitializeSpawnHelper() ASAP
2020-10-16 16:49:06 +02:00
Alexander Aleksandrovič Klimov d6a4db935f
Merge pull request #8374 from Icinga/bugfix/docker-memory-leak
icinga2 daemon: reap remaining child processes after reload
2020-10-16 10:33:49 +02:00
Alexander Aleksandrovič Klimov 1f55338cbd
Merge pull request #8166 from Icinga/bugfix/logrotate-crash-8050
Ensure the daemon doesn't get killed by logrotate
2020-10-15 10:39:47 +02:00
Alexander A. Klimov 91265a5b0e icinga2 daemon: reap remaining child processes after reload
... as we may be PID 1.
2020-10-15 10:25:14 +02:00
Alexander A. Klimov d3f6a97a7e Ensure the daemon doesn't get killed by logrotate
refs #8050
2020-10-14 14:02:44 +02:00
Alexander A. Klimov 177f930375 Call Process::InitializeSpawnHelper() ASAP
refs #8196
2020-09-23 11:49:13 +02:00
Alexander A. Klimov 3617f05836 icinga2 pki save-cert: allow to specify --key and --cert
refs #7992
2020-04-28 17:34:00 +02:00
Michael Friedrich 06d0c3ea4e
Merge pull request #7843 from Icinga/feature/cli-pki-verify
CLI: Add `pki verify` command for better TLS certificate troubleshooting
2020-02-25 09:07:24 +01:00
Michael Friedrich 12b6c1aab9 CLI: Improve error handling for 'pki verify' command 2020-02-20 15:10:57 +01:00
Michael Friedrich e4e26d66a6 Build fix 2020-02-17 18:40:28 +01:00
Michael Friedrich 6f263a4922 Add `pki verify` CLI command: print, signed by CA, valid CA, CN match 2020-02-17 18:10:51 +01:00
Michael Friedrich cfd9b80027
Merge pull request #7838 from Icinga/bugfix/catch-exception-in-node-setup
Catch exception when trusted cert is not readable during node setup on agent/satellite
2020-02-14 09:51:17 +01:00