It wasn't finished nor have we used it for support questions.
Issue templates, troubleshooting docs and external scripts
serve a better purpose here, especially with distributed systems.
This partially reverts #7150 and avoids exceptions
inside the flow. Each time an empty active stage
is detected, Icinga tries to repair it from the
the given directory tree.
Also, the code now takes into account that it should
create the package storage on startup, whether within
the API object, or if disabled, inside the application.
Caching the active stages for packages in memory
only is in effect with the API feature being enabled.
This is useful for other deployed config packages,
not only the internal one.
fixes#7173
refs #7150
refs #7119fixes#6959
The culprit is that we're in compiling configuration stage here,
we don't have access to `Zone::GetByName()` as objects have not
been activated yet.
Our best guess is from a config item loaded before (e.g. from zones.conf)
since no-one can sync zones via cluster config sync either.
It may not be 100% correct since the zone object itself may be invalid.
Still, if the zone object validator fails later, the config breaks either way.
The problem with removal of these directories is dealt by the cluster
config sync with stages.
refs #6727
refs #6716
This requires write permissions for
- etc/features-*
- etc/*.conf
- var/{lib,cache}/icinga2/*
Typically permissions are handled by prepare-dirs,
or the respective CLI commands are run as root either way.
fixes#4947
icinga2.service used `-e ${ICINGA2_ERROR_LOG}`, but this is documented
as having no effect without `-d`. Furthermore, icinga2 under systemd
unconditionally logged everything to the system log (but without setting
the log level etc), which contradicted the documentation. (Issue #6339)
Stop icinga2 on systemd from logging to stdout - and hence the system log -
once it has finished starting up. Just like when you start icinga2 from a
terminal using `-d`. And just like -d, we stop logging fatal errors to
stderr, and instead write to the log file passed with `-e`.
As per docs, mainlog (icinga2.log) is already enabled by default. And
pre-startup messages including config errors will still appear in the
system log.
This uses a new option --close-stdio, which has the same effect on logging as
--daemonize, but does not fork or call setsid().
For this purpose, I moved setsid() up and into Daemonize().
Consequence of that last point: if anyone is weird enough to specify a TTY
device file as the fatal error log (-e option), that will become icinga's
controlling terminal, which you generally don't want as a daemon. This
makes it consistent with the existing behaviour for icinga mainlog. For
this reason you're supposed to use O_NOCTTY in Linux daemons. But I wasn't
sure where icinga would want to put the ugly `#ifdef _WIN32 ... #else ...`.
Standardize on exit() / _exit() (this depends whether we are considered
to be the "main" fork, which should run anything registered with atexit()).
Exclude `return false` and throwing exceptions.
This fixes the error path for fork(). Daemonize() would return false, but
the `return false` error convention was not tested in the caller.
It also fixes the error message for fork() to show the error code.
Everyone loves `strace`, but sysadmins should not have to rerun their
daemons under it just to see an error code.
Also in case an exception is thrown, show its diagnostic information
instead of dropping it on the floor. In the log message, I mention why we
are uninitializing and then initializing the app at this point.
For the reader, it pushes all the weirdness into the error convention of
Daemonize(). This comes back to the exit() / _exit() distinction. Once
we have forked, we technically don't want to allow the parent process to
exit(), so we don't want to return to the caller.
This fixes an unnecessary blank in the updating configuraiton log message.
information/cli: Updating ' "conf.d"' include in '/etc/icinga2/icinga2.conf'.
Should be:
information/cli: Updating '"conf.d"' include in '/etc/icinga2/icinga2.conf'.
This adds the ability to make global zones configurable during the node
wizard/setup. The implementation will add the given global zones to the default
included global zones.
--oneline can now be used to print out only the password hash string.
This can be used to update ApiUser passwords through the API. There is
also now a validation to make use salt does not contain a '$' which
would break verification.
Andrew Jaffie
Michael Friedrich
Alexander A. Klimov
Michael Insel
Alan Jenkins
Gunnar Beutner
Markus Frosch
Markus Frosch
Bas Couwenberg
Jean Flach
Michael Insel
Gunnar Beutner
Michael
Noah Hilverling
Jean Flach