tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,955 Commits 347 Branches 120 Tags 194 MiB
Commit Graph

1727 Commits

Author SHA1 Message Date
Michael Friedrich 6682a427d4 TLS: Ensure to specify options in one place 
`SetTlsProtocolminToSSLContext()` may have overridden
previous flags.

refs 

refs 
refs
2019-07-15 13:29:55 +02:00
Michael Friedrich 524e2368be Respect OpenSSL 1.1.0 vs older 2019-07-12 14:56:08 +02:00
Michael Friedrich 32d288f243 TLS: Fetch the cipher list and log them for debugging 2019-07-12 14:39:17 +02:00
Michael Friedrich 38b7f10e0e Array: Move Join into the base class, available for programmers 2019-07-12 14:36:55 +02:00
Michael Friedrich 0d25ae0e08 Quality: Prefer BOOST_{,UN}LIKELY gcc optimizer macros over our own 
Our macro collides with Boost::DateTime and the gregorian classes
and I don't see any reason why we shouldn't use Boost::Config
being already there.
 2019-07-09 13:20:53 +02:00
Michael Friedrich 065067c8b5
Merge pull request from Icinga/bugfix/openssl-1-0-1-7280 
Use SSL_CTX_set_ecdh_auto only if available
 2019-07-04 14:27:45 +02:00
Alexander A. Klimov 6568017658 Use SSL_CTX_set_ecdh_auto only if available 
refs
2019-07-04 13:05:31 +02:00
Michael Friedrich 4bc02c6c2c Buildfix for Windows with non-unity builds 2019-07-03 13:23:14 +02:00
Michael Friedrich f63d9cce4a
Merge pull request from Icinga/bugfix/throw-default 
Avoid "~Class() throw() = default;"
 2019-07-02 12:33:54 +02:00
Diana Flach ad0ff9839d Fix Icinga when calling array.remove() 
fixes
2019-06-28 16:37:29 +02:00
Alexander A. Klimov 5b841db4a0 Avoid "~Class() throw() = default;" 2019-06-28 09:07:33 +02:00
Michael Friedrich 3d363854e2 Disable stack traces for WQ exceptions (used in config compiler) 
The ConfigItem class collects exceptions and reports them.
In contrast to our other DiagnosticInformation() calls,
verbosity is enabled any time.

This patch allows to re-enable the verbose output including
the stack traces, but disables this by default.
 2019-06-19 14:26:34 +02:00
Michael Friedrich 9c92368774 SSL Context: Explicitly load ECC ciphers on el7 
Otherwise curl/nss as client won't be able to use the
new default cipher list.

fixes
2019-06-18 14:58:19 +02:00
Alexander A. Klimov 42a33cdc7d Fix build errors with Boost v1.70 
refs
2019-06-07 16:30:34 +02:00
Michael Friedrich 146b337d4d
Merge pull request from Icinga/feature/asio-tls-version 
Require TLS 1.2 for Cluster & REST API
 2019-06-03 16:19:22 +02:00
Michael Friedrich d82c067555 Require TLS 1.2 for Cluster & REST API 
refs
2019-05-29 17:08:36 +02:00
Michael Friedrich 438da67209
Merge pull request from Icinga/bugfix/boost-asio-deprecated 
Quality: Replace deprecated get_io_service() with get_executor().context() for Boost ASIO
 2019-05-29 15:40:19 +02:00
Michael Friedrich 99bb7fa99c
Merge pull request from Icinga/feature/network-cleanup 
Cleanup old code (HTTP, Cluster)
 2019-05-29 14:50:40 +02:00
Michael Friedrich 59b95ed1f0 Quality: Replace deprecated get_io_service() with get_executor().context() for Boost ASIO 
refs
2019-05-29 14:36:10 +02:00
Michael Friedrich f5bc9b469c Quality: Mark NetworkStream, TcpSocket & UnixSocket classes as deprecated 
They're used inside the Livestatus feature which needs rework.
 2019-05-29 14:17:36 +02:00
Michael Friedrich ba44c3921c Quality: Remove old MakeSSLContext() interface 2019-05-28 13:03:34 +02:00
Michael Insel a6a0631e99 Unify copyright headers 
Update (left over) copyright headers to generic copyright headers.
 2019-05-24 16:25:32 +02:00
Michael Friedrich 5dbb6ad366 Quality: Remove old SocketEvent functionality 2019-05-24 15:50:43 +02:00
Michael Friedrich c7a2fc556c Quality: Purge old TlsStream functionality 2019-05-24 15:50:43 +02:00
Michael Friedrich 368383bedd
Merge pull request from Elias481/fix/serializer-object-locking-7003 
Lock all kind of Objects during serialization
 2019-05-10 14:39:27 +02:00
Elias Ohm 4c86c370bb fixup errbuf length in the other files and avoid using the static buffer in one place (for thread safety and code consistency reasons) 2019-05-09 09:30:12 +02:00
Elias Ohm e75f063552 bring some things in line 
- account for documented buffer size openssl 1.1.x for error string (>=256 bytes)
- use nullptr instead of NULL
- fix/streamline null-checks
 2019-05-09 00:22:24 +02:00
Jean Flach 9a0d894f10 Don't use deprecated RSA_generate_key 
fixes
2019-05-08 23:46:31 +02:00
Michael Friedrich 78e24c53f1 DB IDO: Do not deactivate objects during application reload/restart 
This follows the same principle as with the shutdown handler,
and was introduced with the changed reload handling with 2.9.
Previously IsShuttingDown() was sufficient which got set at one
location.

SigUsr2 as handler introduced a new location where m_ShuttingDown
is not necessarily set yet. Since this handler gets called when
l_Restarting is enabled, we'll use this flag to avoid config update
events resulting in object deactivation (object->IsActive() always
returns false).

refs 
refs 
refs 

fixes
2019-05-03 15:40:48 +02:00
Elias Ohm cdd843a998 another small adjustment by the way just to ensure the object on stack ist the same as the one serialized further in case the object does not implement locking on mutation (besides it's mor efficient to not fetch the same value twice) 2019-05-01 12:09:24 +02:00
Elias Ohm 91296c2a25 Lock Objects during serialization 
old behaviour was to only lock arrays, dictionaries and namespaces but not other objects
 2019-04-28 22:13:19 +02:00
Michael Friedrich 3dc9927284
Merge pull request from Icinga/bugfix/namespace-thread-safe 
Namespace: place ObjectLock in all methods
 2019-04-26 08:26:59 +02:00
Michael Friedrich 0438c866f8
Merge pull request from Icinga/feature/boost-fs-7101 
Replace self-written filesystem ops with boost.filesystem
 2019-04-25 15:53:55 +02:00
Alexander A. Klimov 5afef1015d Replace unlink() with boost::filesystem::remove() 
refs
2019-04-25 09:53:02 +02:00
Alexander A. Klimov 5a17722c1f Replace _unlink() + rename() with boost::filesystem::rename() 
refs
2019-04-25 09:53:02 +02:00
Alexander A. Klimov f1f7d0c4d6 Work around boost::filesystem::path bug on VS 
refs
2019-04-25 09:53:01 +02:00
Alexander A. Klimov af78cd6050 Use Boost.Filesystem 
refs
2019-04-25 09:53:01 +02:00
Michael Friedrich 0d9d39c64b Fix preprocessor macro comment 2019-04-25 08:25:28 +02:00
Alexander A. Klimov ba842403ce Fix circular #include 
refs
2019-04-25 08:25:28 +02:00
Alexander A. Klimov 5151f6567e ThreadPool: use the Boost ASIO thread pool under the hood 2019-04-25 08:25:28 +02:00
Michael Friedrich 56894bea17 Buildfix 
Obviously tired.

fixes 
fixes
2019-04-24 12:10:57 +02:00
Michael Friedrich df25b183cb Add log message for log rotate; update docs 
refs
2019-04-24 11:53:27 +02:00
Alexander A. Klimov 7a8f8fd734 Timer::TimerThreadProc(): use C++11 lambda instead of bind() 
refs
2019-04-24 11:51:17 +02:00
Alexander A. Klimov 622f684124 StreamLogger#BindStream(): set #m_FlushLogTimer only if needed 
refs
2019-04-24 11:47:02 +02:00
Elias Ohm 52e3db279a Fix for double-free (and possibly other memory-corruption related) crashes at logrotate time 
this is a direct fix of the issue revealing the problem that leads to crash

verification done with a patched icinga2 where the execution-order of the code lines of counter-parts involved in re-incrementing/decrementing Timer:Ptr is forced to be the one that leads to the obeserverd segfaults

refs
2019-04-24 11:42:54 +02:00
Michael Friedrich 856877d1fe
Merge pull request from Icinga/feature/boost-asio-influxdbwriter 
Use new I/O engine in InfluxdbWriter
 2019-04-23 14:31:42 +02:00
Michael Friedrich 0f804d126b
Merge pull request from Icinga/feature/boost-asio-pki 
Use new I/O engine in PkiUtility::FetchCert() and PkiUtility::RequestCertificate()
 2019-04-23 14:27:48 +02:00
Michael Friedrich dee8fbf248
Merge pull request from Icinga/feature/re-write-objectlock-7123 
Re-write ObjectLock's implementation details
 2019-04-23 11:53:40 +02:00
Alexander A. Klimov c1fa07899c Introduce OptionalTlsStream 2019-04-23 11:25:26 +02:00
Alexander A. Klimov d8c9fdf1d4 Make Object#m_Mutex std::recursive_mutex 
refs
2019-04-17 18:26:29 +02:00
Alexander A. Klimov 7e6868bc99 Make Object#m_LockOwner std::atomic<std:🧵:id> 
refs
2019-04-17 18:26:23 +02:00
Alexander A. Klimov f9f998334d ObjectLock: deduplicate constructors 
refs
2019-04-17 16:47:41 +02:00
Alexander A. Klimov 5afda77943 Namespace: place ObjectLock in all methods 2019-04-16 17:38:58 +02:00
Michael Friedrich b906714254 Fix that MaxConcurrentChecks constant is overridden from 'checker' feature 
Note: This drops the deprecated concurrent_checks setting from the checker feature
entirely and refactors the underlaying code handling.

Also affects ReloadTimeout which is new for 2.11.

fixes
2019-04-16 15:04:57 +02:00
Michael Friedrich c2f180395a
Merge pull request from Icinga/bugfix/goto-loop 
Don't abuse goto for building simple loops
 2019-04-03 09:46:17 +02:00
Alexander A. Klimov cfd0d86b9b Use C++11 atomics for our intrusive pointers 2019-04-02 13:54:30 +02:00
Alexander A. Klimov f4a78380e9 Add non-async overloads for NetString::ReadStringFromStream() and NetString::WriteStringToStream() 2019-04-01 17:11:10 +02:00
Alexander A. Klimov d1e87bdc45 Connect(): add non-async overload 2019-04-01 17:11:09 +02:00
Alexander A. Klimov f2d9d91e83 Introduce UnbufferedAsioTlsStream#GetPeerCertificate() 2019-04-01 17:11:09 +02:00
Alexander A. Klimov d428bdf384 Add missing includes 2019-04-01 13:31:16 +02:00
Alexander A. Klimov bf23e5392b UnbufferedAsioTlsStream: don't rely on *this in decltype()s for methods' return types 2019-04-01 13:31:16 +02:00
Alexander A. Klimov 7ec1e638a8 Turn shortcut UnbufferedAsioTlsStream::Parent into a base class 2019-04-01 13:31:16 +02:00
Alexander A. Klimov e6d78bf361 Move some TCP/TLS logic out of ApiListener 
... for re-using it
 2019-04-01 13:31:16 +02:00
Alexander A. Klimov 79220ee647 io-engine.hpp: fix missing namespace 2019-04-01 13:31:16 +02:00
Alexander A. Klimov 8b3efe5759 Introduce AsioConditionVariable 2019-04-01 13:31:16 +02:00
Alexander A. Klimov d3392d1579 Rename AsioTlsStreamHack to UnbufferedAsioTlsStream 2019-04-01 13:31:16 +02:00
Alexander A. Klimov b384f859c9 Make IoEngine::m_CpuBoundSemaphore signed 2019-04-01 13:31:16 +02:00
Alexander A. Klimov e26774c7f8 IoEngine: adjust I/O threads 2019-04-01 13:31:16 +02:00
Alexander A. Klimov b26808414c NetString::ReadStringFromStream(): add Boost ASIO overload 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 43658de529 NetString::WriteStringToStream(): add Boost ASIO overload 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 282f8fd173 IoEngine: explicitly join I/O threads 2019-04-01 11:40:14 +02:00
Alexander A. Klimov ac72ca4ae6 Don't warn that Boost.Coroutine v1 is deprecated 2019-04-01 11:40:14 +02:00
Alexander A. Klimov d7b465ce74 Implement IoBoundWorkSlot 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 2d7714802d Allow CpuBoundWork to be done before end of scope 2019-04-01 11:40:14 +02:00
Alexander A. Klimov e21956e26e ApiListener: detect protocol 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 2615967e7f Make ApiListener#m_SSLContext a Boost ASIO SSL context 2019-04-01 11:40:14 +02:00
Alexander A. Klimov c547e9a863 Implement basic I/O engine 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 7c7c5e28f5 Implement LazyInit<T> 2019-04-01 11:40:14 +02:00
Michael Friedrich 149f640fd8 Improve DB IDO HA failover behaviour 
- Decrease Object Authority updates to 10s (was 30s)
- Decrease failover timeout to 30s (was 60s)
- Decrease cold startup (after (re)start) with no OA updates to 30s (was 60s)
- Immediately connect on Resume()
- Fix query priority which got broken with 
- Add more logging when a failover is in progress

```
[2019-03-29 16:13:53 +0100] information/IdoMysqlConnection: Last update by endpoint 'master1' was 8.33246s ago (< failover timeout of 30s). Retrying.

[2019-03-29 16:14:23 +0100] information/IdoMysqlConnection: Last update by endpoint 'master1' was 38.3288s ago. Taking over 'ido-mysql' in HA zone 'master'.
```

- Add more logging for reconnect and disconnect handling
- Add 'last_failover' attribute to IDO*Connection objects

refs
2019-04-01 08:50:00 +02:00
Michael Friedrich 6ace8001d8
Merge pull request from Icinga/feature/new-json-library 
Replace YAJL with nlohmann::json
 2019-03-18 17:26:57 +01:00
Alexander A. Klimov 0cf10c6306 Make buildable with VS 2017 2019-03-18 15:07:57 +01:00
Alexander A. Klimov 2a05b46431 Auto-sanitize data before en-/decoding JSON 2019-03-18 15:07:57 +01:00
Alexander A. Klimov 9daca0b216 Get rid of YAJL 2019-03-18 15:07:57 +01:00
Alexander A. Klimov 5882594b43 JsonEncode(): use nlohmann::json 2019-03-18 15:07:57 +01:00
Alexander A. Klimov 1b0367b740 JsonDecode(): use nlohmann::json::sax_parse() 2019-03-18 15:07:57 +01:00
Michael Friedrich 724b34c6f2 Integrate nlohmann_json into CMake 
Better integration into base/json.cpp

Signed-off-by: Alexander A. Klimov <alexander.klimov@icinga.com>
 2019-03-18 15:07:50 +01:00
Michael Friedrich 2de8bac588
Merge pull request from Icinga/bugfix/influxdbwriter-oom-6989 
InfluxdbWriter: don't leak sockets
 2019-03-18 14:38:04 +01:00
Michael Friedrich ea80d93efc
Merge pull request from Icinga/feature/utf8cpp 
Utility::ValidateUTF8(): use UTF8-CPP
 2019-03-18 10:57:03 +01:00
Michael Friedrich 804c00ece5
Merge pull request from Icinga/bugfix/compiler-warnings 
Suppress or fix compiler warnings
 2019-03-18 08:44:30 +01:00
Alexander A. Klimov a72f4db5c9 Utility::ValidateUTF8(): use UTF8-CPP 2019-03-15 13:34:20 +01:00
Michael Friedrich 026ed837ac
Merge pull request from Icinga/bugfix/so_reuseport-missing 
Don't require OS headers to provide SO_REUSEPORT
 2019-03-13 10:30:08 +01:00
Alexander A. Klimov ac354f9e80 Don't abuse goto for building simple loops 2019-03-08 14:59:01 +01:00
Alexander A. Klimov bf92e32496 Suppress or fix compiler warnings 2019-03-08 14:07:29 +01:00
Alexander A. Klimov a9841a9197 Defer: ensure not to throw any exceptions out of a destructor 
refs
2019-03-01 14:29:35 +01:00
Michael Friedrich e2df11520e
Merge pull request from Icinga/bugfix/perfdata-gaps 
Improve reload handling for features (metric & queue flush, activation priority)
 2019-02-26 15:38:15 +01:00
Alexander A. Klimov bf0c68757f Don't require OS headers to provide SO_REUSEPORT 2019-02-26 11:25:44 +01:00
Michael Friedrich 458f997a18 Replace Copyright header with a short version, part II 2019-02-25 15:09:36 +01:00
Michael Friedrich d14a88235d Replace Copyright header with a short version, part I 
CLion -> replace in path
 2019-02-25 14:48:22 +01:00
Michael Friedrich ab7a799369 Implement ReloadTimeout constant and wait for enqueued checks on Stop() 2019-02-25 09:03:47 +01:00
Alexander A. Klimov 9558ebc0f4 Secure ApiUser::GetByAuthHeader() against timing attacks 2019-02-22 16:59:36 +01:00