Commit Graph

5872 Commits

Author SHA1 Message Date
Alexander Aleksandrovič Klimov 4d2f694805
Merge pull request #8897 from Icinga/feature/icingadb-pass-db
RedisConnection: AUTH and SELECT
2021-07-27 21:51:46 +02:00
Alexander Aleksandrovič Klimov 2d75bbd8ed
Merge pull request #8915 from Icinga/bugfix/icingadb-prio-state
Icinga DB: priorize state > config
2021-07-27 20:22:26 +02:00
Noah Hilverling dcb5fcc7ba
Merge pull request #8923 from Icinga/bugfix/idb-del-icinga-nextupdate-
Icinga DB: DEL icinga:nextupdate:* along with the other keys to delete
2021-07-27 19:05:43 +02:00
Noah Hilverling 07cb6cd1cb
Merge pull request #8930 from Icinga/bugfix/wq-balance
WorkQueue#ParallelFor(): optionally don't pre-glue items together to chunks of different size
2021-07-27 19:05:26 +02:00
Julian Brost 42eb055c5f
Merge pull request #8921 from Icinga/bugfix/timeperiod-dst
TimePeriod/ScheduledDowntime: improve DST handling
2021-07-27 18:11:34 +02:00
Noah Hilverling 07145d2e61
Merge pull request #8913 from Icinga/feature/remove-child-downtimes
API Action "remove-downtime": Also remove child downtimes
2021-07-27 18:02:15 +02:00
Julian Brost a55939e462 Override exit code on process timeout
As Icinga first sends a SIGTERM to a check plugin on timeout to allow it to
terminate gracefully, this is not really part of the plugin API specification
and we cannot assume that plugins will handle this correctly and still exit
with an exit code that maps to UNKNOWN. Therefore, once Icinga decides to kill
a process, force its exit code to 128 to be sure the state will be UNKNOWN
after a timeout.
2021-07-27 17:57:19 +02:00
Alexander A. Klimov e45b43a4d9 Icinga DB: only start multiple Redis connections after the first one succeeded
refs #8920
2021-07-27 12:21:04 +02:00
Alexander A. Klimov e1e8ec2ea2 RedisConnection: AUTH and SELECT
... or PING to trigger NOAUTH.
2021-07-27 12:05:27 +02:00
Alexander A. Klimov fcda3a7283 Icinga DB: HDEL also icinga:checksum:*:state, not only icinga:*:state
... as they belong together.
2021-07-26 17:35:56 +02:00
Alexander A. Klimov 392fd8a75c Icinga DB: HDEL from *:state with same prio as HSET
... to ensure the right modifications order per key.
2021-07-26 17:30:38 +02:00
Alexander A. Klimov ae9b371128 Icinga DB: priorize state > config
I.e. do the following in parallel (highest priority first):

* Stream state changes to icinga:runtime:state
* Sync config and initial state,
  then let queued runtime updates to the just synced state pass
2021-07-26 16:39:18 +02:00
Alexander Aleksandrovič Klimov 9684fe8141
Merge pull request #8544 from Icinga/feature/icingadb-tls
Icinga DB: support TLS
2021-07-26 15:50:52 +02:00
Alexander A. Klimov 497a8dd993 Icinga DB: DEL icinga:nextupdate:* along with the other keys to delete
... not on config dump finish.
2021-07-26 11:44:21 +02:00
Alexander A. Klimov 8731d84299 WorkQueue#ParallelFor(): optionally don't pre-glue items together to chunks of different size
... to equally distribute the load across the workers.
2021-07-26 11:40:43 +02:00
Noah Hilverling 7217959206 API Action 'remove-downtime': Also remove child downtimes 2021-07-23 13:53:44 +02:00
Alexander A. Klimov 8a30657ce9 Icinga DB: write state updates to icinga:runtime:state
... allowing the Go daemon to priorize state updates.
2021-07-23 11:52:28 +02:00
Julian Brost 4273f30157 LegacyTimePeriod: Prevent modification of input parameters
Many functions of LegacyTimePeriod take a tm pointer as an input parameter and
then pass it to mktime() which actually modifies it. This causes problems if
tm_isdst was intentionally set to -1 (to automatically detect whether DST is
active at some time) and then a function is called that implicitly sets
tm_isdst and then the values of tm are modified in a way that crosses a DST
change. This resulted in 1 hour offsets with ScheduledDowntimes on days with
DST changes.
2021-07-22 15:17:06 +02:00
Alexander A. Klimov 37e53eaa68 Icinga DB: support TLS 2021-07-22 14:34:07 +02:00
Alexander A. Klimov 50bc7a7f3d Icinga DB: HDEL also icinga:checksum:*, not only icinga:* 2021-07-22 14:13:12 +02:00
Alexander A. Klimov 7f7637c9b8 Introduce DEFAULT_TLS_CIPHERS and DEFAULT_TLS_PROTOCOLMIN 2021-07-22 11:12:33 +02:00
Alexander A. Klimov 80a1128ec7 Introduce SetupSslContext() 2021-07-22 11:12:33 +02:00
Alexander A. Klimov fbcaf82e3e InitSslContext(): fall back to default root CAs 2021-07-22 11:12:33 +02:00
Alexander A. Klimov 2728603c29 Rename SetupSslContext() to InitSslContext() 2021-07-22 11:12:33 +02:00
Alexander Aleksandrovič Klimov 2b04e0a754
Merge pull request #8894 from Icinga/bugfix/icinga-db-redis-connection-logging-spam-8883
RedisConnection: log info messages only once
2021-07-21 18:00:24 +02:00
Alexander Aleksandrovič Klimov d073d2268e
Merge pull request #8719 from Icinga/feature/influxdb-2-8711
Introduce Influxdb2Writer
2021-07-21 17:59:58 +02:00
Alexander A. Klimov da922ca157 RedisConnection: log info messages only once
refs #8883
2021-07-20 17:52:12 +02:00
Alexander Aleksandrovič Klimov 2fbaf933bc
Merge pull request #8634 from Icinga/feature/icingadb-stats-log
RedisConnection: log actual query performance
2021-07-20 17:46:57 +02:00
Alexander A. Klimov 9d4b0f1268 Introduce Influxdb2Writer
refs #8711
2021-07-20 16:21:36 +02:00
Alexander A. Klimov d26aa9fb34 InfluxdbCommonWriter: abstract InfluxdbWriter
refs #8711
2021-07-20 16:21:36 +02:00
Michael Insel da394b2ab0
Implement scheduling_source attribute (#6326)
* Implement scheduling_source attribute

This implements the attribute `scheduling_source` for hosts and services to show which endpoint is running the scheduler for the check.

refs #4814
2021-07-20 11:10:26 +02:00
Alexander A. Klimov 67c4ebedd3 Combine all Redis connections' logs 2021-07-16 18:50:41 +02:00
Alexander A. Klimov e6a9631a02 Icinga DB: silence WorkQueue performance 2021-07-16 18:50:41 +02:00
Alexander A. Klimov 82c3827b66 RedisConnection: log actual query performance 2021-07-16 18:50:41 +02:00
Alexander Aleksandrovič Klimov 89472a9e51
Merge pull request #8425 from Icinga/bugfix/hosts-128-characters-7472
IDO MySQL: support larger host and service names
2021-07-16 18:34:29 +02:00
Alexander A. Klimov e4bfb4898d IDO MySQL: support larger host and service names
refs #7472
2021-07-15 11:16:13 +02:00
Julian Brost 9f43c143d7
Merge pull request from GHSA-98wp-jc6q-x5q5
API: hide ApiListener#ticket_salt
2021-07-15 11:13:35 +02:00
Julian Brost f17b97fd7e
Merge pull request from GHSA-wrpw-pmr8-qgj7
Remove passwords from API
2021-07-15 11:12:29 +02:00
Alexander Aleksandrovič Klimov b63eb2aa3d
Merge pull request #8855 from Icinga/bugfix/inconsistent-ido-schema-versions-8852
Fix IDO MySQL schema version (as in v2.11 upgrade)
2021-07-14 18:09:27 +02:00
Alexander Aleksandrovič Klimov bad8059969
Merge pull request #8761 from Icinga/feature/icingadb-perfdata
Icinga DB: introduce icinga:*:state#normalized_performance_data
2021-07-07 12:29:21 +02:00
Noah Hilverling ef73136076
Merge pull request #8830 from Icinga/feature/idb-passive-overdue
Icinga DB: no active checks? Not overdue!
2021-07-07 11:15:04 +02:00
Julian Brost 7d2a1bbffe
Merge pull request #8310 from Icinga/feature/scheduleddowntime-change-remove-downtimes-8309
On ScheduledDowntime change: remove downtimes created before change
2021-07-07 10:44:08 +02:00
Julian Brost 6d6844c102
Merge pull request #8874 from Icinga/bugfix/fixed-dt-end-notify
Checkable::NotifyDowntimeEnd(): don't send Downtime end notification unless triggered
2021-07-07 10:43:28 +02:00
Alexander Aleksandrovič Klimov bee83ead8b
Merge pull request #8730 from Icinga/bugfix/ido-stop-progstat-8727
IDO: update program status on stop
2021-07-06 18:07:38 +02:00
Alexander A. Klimov 43e4ab4760 Checkable::NotifyDowntimeEnd(): don't send Downtime end notification unless triggered
... for fixed Downtimes as well.
2021-07-06 12:50:44 +02:00
Alexander A. Klimov e9118d6b09 Fix IDO MySQL schema version (as in v2.11 upgrade) 2021-07-05 19:17:53 +02:00
Alexander A. Klimov 4373acf8ed Ido*sqlConnection::Reconnect(): de-couple MySQL and Postgres schema versions 2021-07-05 19:17:51 +02:00
Alexander A. Klimov 9e2f58ea9f IdoCheckTask: de-couple MySQL and Postgres schema versions 2021-07-05 19:14:07 +02:00
Alexander A. Klimov 9d1a112edf Icinga DB: introduce icinga:*:state#normalized_performance_data 2021-07-05 19:05:32 +02:00
Alexander A. Klimov ea5411a6e0 PluginUtility::FormatPerfdata(): normalize UoMs if desired 2021-07-05 19:05:32 +02:00
Julian Brost 401d3cdc9e Remove passwords from API
IdoMysqlConnection, IdoPgsqlConnection, IcingaDB, and ElasticsearchWriter
require passwords in their configuration to authenticate against external
services. This commit ensures that these can no longer be accessed using the
API.
2021-07-05 15:09:54 +02:00
Alexander Aleksandrovič Klimov b7efbd0bba
Merge pull request #8626 from Icinga/bugfix/recreate-object-invisible-ido-8584
Ido*sqlConnection#InternalDeactivateObject(): mark object inactive also in memory
2021-07-02 16:34:28 +02:00
Alexander A. Klimov 07d768f166 API: hide ApiListener#ticket_salt 2021-07-02 16:29:53 +02:00
Alexander A. Klimov 666c5818bb On ScheduledDowntime change: remove future downtimes created before change
refs #8309
2021-07-02 10:37:29 +02:00
Alexander Aleksandrovič Klimov b07d181c4a
Merge pull request #8631 from Icinga/feature/icingadb-scheduleddowntime
Icinga DB: introduce icinga:downtime#scheduled_by
2021-06-30 19:03:53 +02:00
Alexander Aleksandrovič Klimov 31f97d3e6a
Merge pull request #8828 from Icinga/bugfix/execute-command-origin-check
event::ExecuteCommand: add missing origin check
2021-06-29 18:08:07 +02:00
Alexander Aleksandrovič Klimov 692f5aa615
Merge pull request #8718 from Icinga/feature/tls-1.3
Support TLS 1.3
2021-06-29 17:52:55 +02:00
Alexander Aleksandrovič Klimov 6048d0e800
Merge pull request #8373 from Icinga/feature/improve-crashlog
Improve crashlog
2021-06-29 17:52:25 +02:00
Alexander Aleksandrovič Klimov 00af435c13
Merge pull request #8725 from Icinga/bugfix/icingadb-serialize-leaves
Icinga DB: serialize icinga:config:checkcommand:argument#value and #set_if as expected
2021-06-29 17:51:41 +02:00
Alexander A. Klimov bcc3870f3a On ScheduledDowntime change: ignore downtimes created before change
... while creating new downtimes.

refs #8309
2021-06-29 17:08:41 +02:00
Alexander A. Klimov 1ee26ac89e Introduce Downtime#config_owner_hash
refs #8309
2021-06-29 16:38:33 +02:00
Julian Brost 8f585bd2ee event::ExecuteCommand: add missing origin check
Only handle messages with a trusted origin in
ClusterEvents::ExecuteCommandAPIHandler. Previously, it would not locally
execute any command but forward them to other nodes where they would then have
a trusted origin and be executed.
2021-06-29 11:15:22 +02:00
Julian Brost 0e7a05ad7a Support TLS 1.3 2021-06-29 11:08:47 +02:00
Alexander Aleksandrovič Klimov 58e329bc03
Merge pull request #7874 from Icinga/feature/sd_notify-7329
sd_notify() systemd about what we're doing right now
2021-06-28 18:20:15 +02:00
Julian Brost 5fdfd47176
Merge pull request #8848 from Icinga/bugfix/harden-scheduled-downtimes
ScheduledDowntime::TimerProc(): Catch exceptions to make sure other downtimes are still created
2021-06-28 17:16:57 +02:00
Julian Brost d1839471f4
Merge pull request #8846 from Icinga/bugfix/logger-default-severity
Set a default severity for loggers
2021-06-28 17:15:26 +02:00
Alexander Aleksandrovič Klimov cd1f9e22f0
Merge pull request #8646 from Icinga/bugfix/trigger-fixed-downtimes-immediately
Downtime#Start(): trigger fixed downtimes immediately instead of waiting for the timer
2021-06-24 18:12:03 +02:00
Noah Hilverling f48ad574d7 ScheduledDowntime::TimerProc(): Catch exceptions to make sure other downtimes are still created 2021-06-24 14:05:08 +02:00
Noah Hilverling 8af66ce44c
Merge pull request #8710 from Icinga/feature/windows-event-log
Add support for Windows Event Log and write early log messages to it
2021-06-24 09:19:50 +02:00
Noah Hilverling 1fae2f3974
Merge pull request #8769 from Icinga/bugfix/new-connection-timeout
Add timeout for full Icinga connection handshake
2021-06-24 09:18:37 +02:00
Alexander A. Klimov d8e5e07c4f Downtime#Start(): trigger fixed downtimes immediately instead of waiting for the timer
... not to cause e.g. notifications if a problem occurs
between the downtime start time and the timer routine.
2021-06-23 19:16:15 +02:00
Alexander Aleksandrovič Klimov 9f24107a08
Merge pull request #8748 from Icinga/bugfix/icingadb-cv-function
JsonEncode(): encode non-[]/{} objects as strings, not null
2021-06-23 18:01:21 +02:00
Alexander Aleksandrovič Klimov b2c3ff6b27
Merge pull request #8638 from Icinga/feature/icingadb-multi-conns
Icinga DB: use one Redis connection per config object type
2021-06-23 18:01:04 +02:00
Alexander A. Klimov 0fd474ee8d Hide $NOTIFY_SOCKET from plugins
refs #7329
2021-06-23 17:42:25 +02:00
Julian Brost 963ad9dd1c Set a default severity for loggers
So far, the documentation has claimed that loggers have a default severity
(information for FileLogger and warning for SyslogLogger). However, this was
not the case and not setting the severity resulted in a configuration error.

This commit changes the default value to be information for all loggers.
2021-06-23 16:57:44 +02:00
Alexander A. Klimov 190e2f8fd9 Icinga DB: introduce icinga:downtime#scheduled_by 2021-06-23 16:49:19 +02:00
Alexander Aleksandrovič Klimov 2cd9c1d902
Merge pull request #8835 from Icinga/bugfix/api-filename-truncation
Fix/restrict truncation of filenames for API-created objects
2021-06-23 12:06:31 +02:00
Julian Brost 56060bc8d5 ApiListener: Deprecate tls_handshake_timeout in favor of connect_timeout 2021-06-23 11:21:42 +02:00
Julian Brost 84d778580f Add timeout for all new connections
This commit adds a timeout for both establishing new outgoing and incoming
connections. This timeout applies to everything until the connection is in a
state where either JsonRpcConnection or HttpServerConnection takes over.
2021-06-23 11:21:42 +02:00
Julian Brost fbed8a0463
Merge pull request #8768 from Icinga/bugfix/scheduleddowntime-interfer
ScheduledDowntime: ignore not related Downtimes while creating Downtimes
2021-06-22 15:48:37 +02:00
Julian Brost 02f761798c
Merge pull request #8825 from Icinga/bugfix/validate-config-package-name
ConfigPackageUtility::ValidateName: replace broken regex
2021-06-22 15:45:38 +02:00
Julian Brost 54a7da437d
Merge pull request #8447 from Icinga/feature/deprecated-relative-removal
Relativize future removals of deprecated features
2021-06-22 12:05:33 +02:00
Julian Brost 36ce7d961f Rename silent parameter of ConfigItem::ActivateItems()
As silent now no longer only controls the generation of log messages, a better
name is required. This changes its name, inverts its value to reflect the new
name and adds a documentation comment.
2021-06-21 16:07:36 +02:00
Julian Brost 05ca30a6a0 Write early log messages to the Windows Event Log
When Icinga 2 is started as a service, the early log messages generated
until the FileLogger object is activated are lost and make it really
hard to debug issues that (only) occur when Icinga 2 reloads.

With this commit, these early log messages are written to the Windows
Event Log.
2021-06-21 15:15:54 +02:00
Julian Brost 6de9f58810 Add WindowsEventLogLogger 2021-06-21 15:15:54 +02:00
Julian Brost 118df982f1 GetObjectConfigPath: only truncate and hash comment and downtime filenames
This partially reverts 68a0079c26 and keeps the
fix only for comment and downtime objects for now. For reasoning, please see
the comment in the code.
2021-06-17 16:21:01 +02:00
Julian Brost e079762c8e GetObjectPath: ensure use of escaped name in all cases and use TruncateUsingHash()
68a0079c26 introduced two problems that are fixed
with this commit:
1. The new truncated/hashed name did not use EscapeName()
2. There was a possible collision of names when creating objects with a full
   name of format "[80 characters]...[40 hex digits]" (i.e. the same as the
   truncated/hashed variant but short enough that it isn't hashed)
2021-06-17 16:21:01 +02:00
Julian Brost 97d6876803 Utility: add a function to truncate strings while avoiding collisions 2021-06-17 16:21:01 +02:00
Julian Brost 005fac0a23
Merge pull request #8742 from Icinga/bugfix/double-to-string
Convert::ToString(double): handle integral values too large for long long correctly
2021-06-15 12:28:15 +02:00
Julian Brost c40b18ef61 ConfigPackageUtility::ValidateName: replace broken regex
The old validation regex matched if the name consists only of invalid
character, not that it does not contain them, i.e. something like "foo/bar" was
considered valid.

This commit replaces the regex with a check that all characters in the name are
allowed characters.
2021-06-15 12:16:54 +02:00
Julian Brost b8218a3c0e IcingaDB::UpdateAllConfigObjects: explicitly capture variables in lambda 2021-06-15 11:52:53 +02:00
Alexander A. Klimov 9c567c0bde Icinga DB: no active checks? Not overdue! 2021-06-08 19:17:03 +02:00
Alexander A. Klimov d1e15a220c Icinga DB: use one Redis connection per config object type 2021-06-08 17:52:04 +02:00
Julian Brost 06999faf25 Allow using E in perfdata both as exponent and unit prefix 2021-06-08 12:37:13 +02:00
Julian Brost f346a9eea4
Merge pull request #8652 from Icinga/bugfix/l_appversionint-0-8628
l_AppVersionInt: respect versions like r2.12.0, not just v2.12.0
2021-06-07 16:07:04 +02:00
Julian Brost 62cbe72cdb
Merge pull request #8492 from Icinga/bugfix/perfdata-scientific-notation
Fix perfdata parser not recognize scientific notation
2021-06-07 15:29:52 +02:00
Julian Brost 9f6cbc38f2
Merge pull request #8754 from Icinga/feature/icingadb-replace-lua-with-xadd-maxlen
Icinga DB: Use XADD ... MAXLEN 1 instead of a custom Lua script
2021-06-04 13:52:30 +02:00
Alexander A. Klimov f0c763465b sd_notify() systemd about what we're doing right now
refs #7329
2021-06-01 18:07:39 +02:00
Alexander Aleksandrovič Klimov dbcb2549aa
Merge pull request #8708 from Icinga/bugfix/reminder-notification-after-timeperiod-with-interval-0
Make sure not to send reminder notification, if problem notification has been suppressed by TimePeriod
2021-05-25 16:09:36 +02:00
Alexander Aleksandrovič Klimov 0156434b2e
Merge pull request #8677 from Icinga/bugfix/mysql-one-transaction-for-programstatus
IDO: Use own transaction for program status and make sure InternalNewTransaction() gets executed
2021-05-20 11:49:07 +02:00