Alexander A. Klimov
19c632e44b
Add timeout for boost::asio::ssl::stream#async_shutdown()
...
refs #7203
2020-06-17 10:33:35 +02:00
Alexander A. Klimov
647f1547a9
Generalize I/O timeout emulation
2020-06-17 10:31:40 +02:00
Noah Hilverling
84b052b314
Merge pull request #7926 from Icinga/bugfix/jsonrpcconnection-handleandwriteheartbeats-m_endpoint-getname
...
JsonRpcConnection#HandleAndWriteHeartbeats(): check !!#m_Endpoint
2020-06-03 15:46:38 +02:00
Noah Hilverling
d5d89b7f39
Merge pull request #7970 from Icinga/bugfix/reconnect-loop
...
RequestCertificateHandler(): don't disconnect nodes already integrated into the cluster
2020-04-27 13:05:22 +02:00
Alexander A. Klimov
5a5cf1a2eb
RequestCertificateHandler(): don't disconnect nodes already integrated into the cluster
...
... not to cause a reconnect loop.
2020-04-08 13:29:55 +02:00
Alexander Aleksandrovič Klimov
2e22ceb23e
Merge pull request #7936 from Icinga/bugfix/config-sync-failed-reload-7742
...
ApiListener::ConfigUpdateHandler(): make the whole process mutually exclusive
2020-04-07 15:55:14 +02:00
Markus Frosch
b5fa7569f2
apilistener: Make SO_REUSEPORT optional
2020-03-31 18:03:59 +02:00
Michael Insel
51e534ff4c
Fix CA verification regression
...
Uninitialized bool values may evaluate to true while it should be false.
2020-03-29 16:05:29 +02:00
Alexander A. Klimov
38f3108c1a
ApiListener::HandleConfigUpdate(): make the whole process mutually exclusive
...
refs #7742
2020-03-23 17:33:14 +01:00
Alexander A. Klimov
dc3062a9b0
ApiListener::ConfigUpdateHandler(): block as less as possible
...
refs #7742
2020-03-23 17:31:59 +01:00
Alexander A. Klimov
5e7a675009
JsonRpcConnection#HandleAndWriteHeartbeats(): check !!#m_Endpoint
2020-03-18 11:58:27 +01:00
Noah Hilverling
4c9e4959f3
Merge pull request #7823 from Icinga/bugfix/unify-application-start-times
...
Fix timing point for Application::GetStartTime() (related to command endpoint grace period)
2020-03-09 09:45:57 +01:00
Noah Hilverling
c9ab04d511
Merge pull request #7841 from Icinga/bugfix/jsonrpcconnection-sendmessage-keepalive
...
JsonRpcConnection#Send*Message(): keep this alive
2020-03-03 10:46:33 +01:00
Michael Friedrich
13d2416e29
Fix regression from JsonRPC PKI CA verification checks
...
refs #7835
2020-02-27 12:31:02 +01:00
Michael Friedrich
456b0779bb
JsonRpcConnection PKI: Document swalled exception
2020-02-20 15:15:54 +01:00
Alexander A. Klimov
0f84ce0470
Consider a JsonRpcConnection being seen on a single byte of TLS payload, not only a whole message
2020-02-19 11:11:53 +01:00
Michael Friedrich
a91b9f2ddf
Pki: Extend GetCertificateInformation() with version, serial, signature algorithm, SANs
2020-02-17 17:44:10 +01:00
Michael Friedrich
24397fbee8
CA Proxy: Catch exceptions from VerifyCertificate()
2020-02-17 17:43:11 +01:00
Alexander A. Klimov
fbce756007
JsonRpcConnection#Send*Message(): keep this alive
2020-02-17 16:12:07 +01:00
Michael Friedrich
d53eb34520
Unify Application::GetStartTime() and drop GetMainTime()
...
This essentially moves the start time into the scope when main
starts to "do something", after the reload and configuration handling
is done.
2020-02-11 17:26:15 +01:00
Michael Friedrich
d99f76bdae
Merge pull request #7767 from Icinga/bugfix/replay-log-windows-rename
...
Ensure that log replay files are properly renamed on Windows
2020-02-10 11:42:25 +01:00
Michael Friedrich
8324970ab9
Merge pull request #7809 from Icinga/bugfix/handshake-timeout-7805
...
Close connections w/o sucessful TLS handshakes during 10s
2020-02-07 16:01:30 +01:00
Michael Friedrich
7488d2614b
Merge pull request #7811 from Icinga/bugfix/config-sync-log
...
Cluster config sync: Use a more friendly message when configs are equal and don't need a reload
2020-02-06 14:32:46 +01:00
Alexander A. Klimov
35c9f2e7b3
Close connections w/o sucessful TLS handshakes during 10s
...
refs #7805
2020-02-05 15:53:56 +01:00
Michael Friedrich
cdfc6e6f50
Cluster config sync: Use a more friendly message when configs are equal and don't need a reload
...
This also adds an entry to the troubleshooting docs.
2020-02-05 15:31:41 +01:00
Michael Friedrich
0da46c1d4b
Ensure that log replay files are properly renamed on Windows
...
rename() without _unlink() before doesn't work on Windows.
This commits also adds an error message which was swallowed
previously.
2020-01-20 11:41:43 +01:00
Alexander A. Klimov
3d841d5f64
Don't send event::Heartbeat to unauthenticated peers
...
refs #7746
2020-01-13 11:21:38 +01:00
Michael Insel
9d55a8264d
Fix open connections when agent waits for CA approval
...
This closes the agent connection when the certificate sign requests
waits for CA approval.
refs #7680
2019-12-03 21:19:39 +01:00
Matthias Baur
177c45d787
Improve error message for POST queries
...
If the user does a POST query but forgets to add the
'X-HTTP-Method-Override: GET' HTP header, the error message was
misleading. This changes the error message to a more detailed message
which might give the user a better understanding what the problem
could be.
Fixes #7675 .
2019-12-03 11:39:40 +01:00
Michael Insel
859658ab98
Fix TLS context copies in ApiListener
...
This avoids copying the TLS context in the ApiListener class and removes
the obsolete variable.
This is a follow-up from #7654
2019-11-29 16:03:38 +01:00
Michael Insel
8431ea52ee
Make SSL context const again
...
Turns out that the switch to the class member variable inside the lambda
expression is sufficient to fix the issue.
2019-11-25 23:42:32 +01:00
Michael Insel
016a6c3f25
Fix ApiListener const SSL context
...
This makes the SSL context in ApiListener::SpawnCoroutine non-const to
address an issue when an agent recieves an signed certificate from the
master and tries to update the SSL context. This also uses the class
member variable which is captured by `this` in the lamda expression.
fixes #7650
2019-11-25 22:21:09 +01:00
Michael Friedrich
b1787883f7
Merge pull request #7535 from tigercomputing/Icinga/feature/config-stage-activate-parameter
...
API /v1/config/stages 'activate' parameter
2019-11-15 12:58:03 +01:00
Michael Friedrich
38080405df
Merge pull request #7528 from Icinga/bugfix/api-put-error-handling
...
API: Handle permission exceptions soon enough, returning 404
2019-11-15 11:53:59 +01:00
Alexander A. Klimov
f601ba51e0
Revert "Eventqueue: Remove unused code"
...
This reverts commit a7873da89d
.
2019-11-02 14:00:23 +01:00
Michael Friedrich
cb20b4829a
Cluster Config Sync: Check the timestamp prior to config file checksums
...
Otherwise old configuration received from a secondary master/satellite
could always trigger a config change & reload.
2019-10-22 14:07:10 +02:00
Alexander A. Klimov
aa4cad7482
Replace std::shared_ptr<Expression> with Expression::Ptr
...
refs #7361
2019-10-21 17:10:51 +02:00
Alexander A. Klimov
ba1ce9c853
Replace std::shared_ptr<boost::asio::ssl::context> with Shared<boost::asio::ssl::context>::Ptr
2019-10-21 16:12:46 +02:00
Alexander A. Klimov
a1fef92835
Replace std::shared_ptr<boost::asio::ip::tcp::acceptor> with Shared<boost::asio::ip::tcp::acceptor>::Ptr
2019-10-21 16:12:46 +02:00
Alexander A. Klimov
a1683568a1
Replace std::shared_ptr<AsioTlsStream> with Shared<AsioTlsStream>::Ptr
2019-10-21 16:12:35 +02:00
Michael Friedrich
e7c07062f8
Avoid syncing .authorititative marker received from < 2.11 parent nodes
2019-10-02 10:49:02 +02:00
Chris Boot
aece8d61e2
Introduce 'activate' parameter to config stage handling
...
This functionality allows a stage to be uploaded and validated as
normal, but not activated. This is useful to pre-flight an Icinga config
package before it is applied to a monitoring cluster, for example in a
CI pipeline.
2019-09-24 17:17:19 +01:00
Michael Friedrich
f419efd778
API: Handle permission exceptions soon enough, returning 404
...
fixes #7513
2019-09-23 09:48:50 +02:00
Michael Friedrich
eddb40a913
CSR Auto-signing: Add debug logging for skipped signing
2019-09-18 11:53:58 +02:00
Michael Friedrich
d3eb62301e
API: Add AES128-GCM-SHA256 compatible cipher for el6
...
fixes #7501
2019-09-16 14:19:22 +02:00
Michael Friedrich
9ec246a2f4
Revert: Always reset Boost beast buffer in HttpServerConnection#ProcessMessages #7476
...
Not a simple revert but also adds a comment for the buffer.
refs #7476
2019-09-12 17:00:17 +02:00
Michael Friedrich
2c0e0da2d9
Introduce IoEngine::SpawnCoroutine wrapping asio::spawn and Boost exceptions
...
This is required to
- catch all exceptions and wrap them into Boost exceptions. They
are the only ones allowed with Boost.Coroutine.
- set a dedicated coroutine stack size for Windows.
refs #7431
2019-09-09 16:40:35 +02:00
Michael Friedrich
5fa7331cc9
Quality: Replace deprecated Boost IO service code
...
https://github.com/boostorg/asio/issues/110
https://www.boost.org/doc/libs/1_66_0/doc/html/boost_asio/example/cpp03/services/logger_service.hpp
2019-09-09 15:27:57 +02:00
Alexander A. Klimov
0a9563b3db
HttpServerConnection#ProcessMessages(): avoid I/O if shutting down
...
refs #7431
2019-09-09 13:37:44 +02:00
Alexander A. Klimov
b85b8b9697
HttpServerConnection#ProcessMessages(): avoid I/O after boost::asio::error::operation_aborted
...
refs #7431
2019-09-09 13:29:47 +02:00
Alexander A. Klimov
dfaeb88ac3
{HttpServer,JsonRpc}Connection#Disconnect(): cancel I/O ops ASAP
...
refs #7431
2019-09-09 13:11:51 +02:00
Michael Friedrich
b3c48e7520
Merge pull request #7485 from Icinga/bugfix/api-disconnect-defer
...
Avoid the Defer-Disconnect destructor pattern with Boost.Coroutines
2019-09-09 11:41:34 +02:00
Michael Friedrich
c5aa978912
Rewrite error handling in HttpServerConnection#EnsureValidHeaders()
...
Throwing local exceptions unnecessarily pollutes the exception
stack with immediate unwinding. Avoid this pattern at all cost within
Boost.Coroutines. MSVC may handle exceptions differently and cause
problems with stack unwinding.
refs #7431
refs #7351
2019-09-09 11:03:21 +02:00
Michael Friedrich
17d4d17307
Avoid the Defer-Disconnect destructor pattern with Boost.Coroutines
...
Exceptions in Disconnect() might be thrown (this has been reworked
into error_code locally) which are swallowed inside the Destructor
for being dangerous. On the other hand, swallowing them may
corrupt the stack unwinding operation from the coroutine layer.
The best is to avoid Defer inside lib/remote and call Disconnect()
directly after breaking from other operations.
refs #7351
refs #7431
2019-09-09 10:57:13 +02:00
Michael Friedrich
ebb0826be0
JsonRpcConnection: Don't swallow exceptions in Boost.Coroutine
...
refs #7351
2019-09-09 09:26:12 +02:00
Michael Friedrich
cdacd545c6
Merge pull request #7477 from Icinga/bugfix/api-boost-exceptions-errors
...
HttpServerConnection: Prefer error codes over Boost exceptions
2019-09-06 10:22:42 +02:00
Michael Friedrich
a208f7baf0
HttpServerConnection: Prefer error codes over Boost exceptions
...
When run within a coroutine, exceptions on Windows may influence
bad behaviour here. Instead, we'll check for the error code
and extract the message from memory. In contrast to exceptions
which are stored on the stack frame and then return, this costs
a little more memory but simplifies the logic.
This doesn't fix the linked issue, but is related to the analysis.
refs #7431
2019-09-06 10:06:17 +02:00
Michael Friedrich
eabba2de42
Always reset Boost beast buffer in HttpServerConnection#ProcessMessages
...
refs #7431
2019-09-06 09:31:16 +02:00
Michael Friedrich
f62db49d3e
Merge pull request #7451 from Icinga/bugfix/update-docs
...
Update docs: Fix online URL, cipher list
2019-08-28 08:59:28 +02:00
Michael Friedrich
0915c84530
Update doc URL for the API info handler at /v1
2019-08-27 16:47:07 +02:00
Alexander A. Klimov
c24312b870
JsonRpcConnection#Disconnect(): unregister the connection ASAP
...
refs #7444
2019-08-23 17:14:13 +02:00
Michael Friedrich
2760748d78
Fix and improve logging for runtime object sync
...
config::UpdateObject would create a new object, but this may
have been silently ignored with 'ignore_on_error' - downtimes, etc.
Since we cannot simply fetch the error from inside the config compiler,
we'd just check whether there's a config object created at this stage.
This happens synchronously, and once there is, log something.
The previous code always logged the creation, even if the downtime
was ignored, e.g. when the first master sent one for local host objects.
This commit also adds more details: identity, endpoint, zone to extract
the MessageOrigin details into log messages for better troubleshooting
and debugging.
refs #7198
2019-08-15 09:29:05 +02:00
Michael Friedrich
7c1f716dad
Fix cookie with ActivateItems
2019-08-13 16:09:26 +02:00
Michael Friedrich
c30edd0a34
Fix message origin for runtime created config object (create/delete events)
2019-08-13 15:05:47 +02:00
Michael Friedrich
743dcad35d
Improve logging for downtime/ack events (add, remove, expire)
...
fixes #7374
2019-08-06 13:28:58 +02:00
Michael Friedrich
c42a2583f0
Cluster sync: Only sync valid UTF8 content (text config, no binaries)
...
- *.conf files are sanitized automatically.
- Other files detect sanitizing and treat that as unsupported type
refs #7382
2019-08-02 16:06:32 +02:00
Michael Friedrich
ebd6735c70
TLS Ciphers: Add compatibility suites for older agents (el7)
2019-07-30 10:55:29 +02:00
Michael Friedrich
eff6e7662c
Fix style and comments
2019-07-15 09:54:35 +02:00
Diana Flach
5fbc052aba
Cluster Sync: Improve log messages
2019-07-15 09:54:26 +02:00
Michael Friedrich
b00e1d0c67
Config sync: Count the updates and log them
...
```
[2019-07-10 12:34:27 +0200] information/ApiListener: Received configuration updates (2) from endpoint 'master1' are equal to production, not triggering reload.
```
2019-07-15 09:54:09 +02:00
Diana Flach
87d4575af8
Cluster Sync: Ensure that files are synced everytime
2019-07-15 09:53:47 +02:00
Alexander A. Klimov
3f4cb0936c
Add ApiListener::UpdatedObjectAuthority()
...
refs #7086
2019-07-11 12:58:07 +02:00
Michael Friedrich
46287c92e6
Cluster: Avoid checking for checksum length with internal files in use
...
fixes #7282
2019-07-04 13:52:31 +02:00
Janne Heß
3e801fbd5a
Fix Path to staged files
...
The paths in the list are relative, not absolute to the stage directory.
2019-06-26 02:04:06 +02:00
Michael Friedrich
08a47600be
Config sync: Only copy paths to prod which are actually there
...
Stored files may be removed by external sources.
2019-06-19 17:00:50 +02:00
Michael Friedrich
db4cc13770
Config Sync: Only log config files for stage, no metadata
2019-06-19 16:09:16 +02:00
Michael Friedrich
577e42e137
Quality: Comments and logs in cluster config sync
2019-06-19 14:46:11 +02:00
Michael Friedrich
3852c51c9f
Cluster sync: Don't load/sync the .authoritative config file marker
...
This would influence everything else, and it isn't needed anywhere
but the master instance (zones.d -> var-zones).
2019-06-19 14:46:11 +02:00
Michael Friedrich
0aa6f1a3b3
Use boost::filesystem & Utility classes for file IO
2019-06-19 14:46:11 +02:00
Michael Friedrich
6add9f9ecb
Avoid concurrent cluster config sync transactions
...
fixes #6660
2019-06-19 14:46:11 +02:00
Michael Friedrich
af8624dcf1
Apply ReloadTimeout for 2.11
2019-06-19 14:46:11 +02:00
Michael Friedrich
b3b7abdfe8
Spam the log with config file copies from stage to prod
2019-06-19 14:46:11 +02:00
Michael Friedrich
4c6150b254
Improve checksum logic and logging
2019-06-19 14:46:11 +02:00
Michael Friedrich
f92f6f7f8c
Improve checksum checks for each file content
2019-06-19 14:46:11 +02:00
Michael Friedrich
a6ddef17d9
Enhace logging when config change yes/no will trigger further reload actions
2019-06-19 14:46:11 +02:00
Michael Friedrich
c230e503e6
Fix global checksum calculation
2019-06-19 14:46:11 +02:00
Michael Friedrich
7a02990ef8
Refactor the client sync, part II (WIP, currently checksums generate an endless loop)
2019-06-19 14:46:11 +02:00
Michael Friedrich
6105ace50f
Improve variable names in ApiListener::SendConfigUpdate()
2019-06-19 14:46:11 +02:00
Michael Friedrich
a4b48fc7f4
Update code docs
2019-06-19 14:46:11 +02:00
Michael Friedrich
fcc1799a5d
Split config file sync updates, part I
...
This commit also introduces a playground for checksums,
whilst refactoring the code in large parts.
2019-06-19 14:46:11 +02:00
Michael Friedrich
9df389a843
Improve logging for ignored config updates where we are authoritative for (config master)
2019-06-19 14:46:11 +02:00
Michael Friedrich
efc2289178
Remove duplicated validation paths in function signatures
2019-06-19 14:46:11 +02:00
Michael Friedrich
043824a6a9
Leave partial deletes as is, this is dealt with stage purge later
2019-06-19 14:46:11 +02:00
Michael Friedrich
b3fa51a5dc
Code Documentation: Config file sync
...
Adds headers to all functions including parameters. This unveils
certain unused ones too.
2019-06-19 14:46:11 +02:00
Michael Friedrich
604a8a041d
Update log message and implement recursive diff delete
2019-06-19 14:46:11 +02:00
Michael Friedrich
2acf3a6941
Indicate a warning in the 'icinga' check when cluster stage validation failed
...
- success: clear the last failed attribute
- failed: populate it with the output and current timestamp
This can be used to highlight this in the 'icinga' check task.
Since 2.9 we don't have problems with circular library dependencies
with just one linked binary, therefore it is safe to include libremote
in libmethods here.
2019-06-19 14:46:11 +02:00
Michael Friedrich
46cb806b3f
Add a note for config updates V1 and V2
...
Old clients sync !.conf via update_v2 message, we cannot
remove this handling for the time being.
2019-06-19 14:46:11 +02:00
Michael Friedrich
83c11962b2
Only remove directories if they exist during sync
2019-06-19 14:46:11 +02:00
Michael Friedrich
4e9439f2d8
Ensure that config master zones.d -> var-api-zones sync removes deleted files
2019-06-19 14:46:11 +02:00
Michael Friedrich
9d53db1401
Purge stage and production directories before copying files
...
The cluster-message -> production diff is still intact, we're
just taking care of unwanted/deleted files here.
2019-06-19 14:46:11 +02:00