tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,353 Commits 347 Branches 117 Tags 201 MiB
Commit Graph

697 Commits

Author SHA1 Message Date
Michael Friedrich 804c00ece5
Merge pull request #6999 from Icinga/bugfix/compiler-warnings 
Suppress or fix compiler warnings
 2019-03-18 08:44:30 +01:00
Alexander A. Klimov bf92e32496 Suppress or fix compiler warnings 2019-03-08 14:07:29 +01:00
Alexander A. Klimov 37b044ecda PkiUtility::NewCa(): just warn if the CA files already exist 2019-03-01 14:37:45 +01:00
Michael Friedrich e2df11520e
Merge pull request #6970 from Icinga/bugfix/perfdata-gaps 
Improve reload handling for features (metric & queue flush, activation priority)
 2019-02-26 15:38:15 +01:00
Michael Friedrich 458f997a18 Replace Copyright header with a short version, part II 2019-02-25 15:09:36 +01:00
Michael Friedrich d14a88235d Replace Copyright header with a short version, part I 
CLion -> replace in path
 2019-02-25 14:48:22 +01:00
Michael Friedrich ab7a799369 Implement ReloadTimeout constant and wait for enqueued checks on Stop() 2019-02-25 09:03:47 +01:00
Alexander A. Klimov 9558ebc0f4 Secure ApiUser::GetByAuthHeader() against timing attacks 2019-02-22 16:59:36 +01:00
Michael Friedrich b08d485a41
Merge pull request #6857 from Icinga/bugfix/check_nscp_api-query-sorted-6536 
Url#m_Query: preserve order
 2019-02-11 17:57:32 +01:00
Peter Eckel 5d59863725 Avoid duplicating non-zero count message replay messages in the debug log 2019-02-11 13:54:17 +01:00
Michael Friedrich b16c22448e Cluster: Delete object message should log that 
Atm it is a copy-paste error and irritates during debugging.
Coming from my analysis of existing cluster messages.
 2019-01-28 17:39:22 +01:00
Jean Flach 2aff6a5887 Don't run UpdateObjectAuthority for Comments and Downtimes 2019-01-10 11:44:14 +01:00
Michael Friedrich e1a941e5c7
Merge pull request #6880 from Icinga/bugfix/pki-requestcertificate-no-cert 
pki::RequestCertificate: handle missing certificate/CSR
 2019-01-09 09:30:27 +01:00
Alexander A. Klimov 4a7960f21b pki::RequestCertificate: handle missing certificate/CSR 2019-01-08 11:49:44 +01:00
Alexander A. Klimov f4ab0737d1 HttpServerConnection#DataAvailableHandler(): reduce log spam 2019-01-07 15:32:19 +01:00
Alexander A. Klimov eeb609d4ae Url#m_Query: preserve order 
refs #6536
 2018-12-21 11:52:37 +01:00
Michael Friedrich b58ce84b0e
Merge pull request #6817 from Icinga/bugfix/stalled-tls-connections-6816 
HttpServerConnection#DataAvailableHandler(): be aware of being called multiple times concurrently
 2018-12-05 11:35:35 +01:00
Alexander A. Klimov 7e630c7732 HttpServerConnection#DataAvailableHandler(): be aware of being called multiple times concurrently 
refs #6816
 2018-12-03 19:05:41 +01:00
Michael Friedrich 5f25eb6b2d Add a code comment for connection: close handling 2018-12-03 14:40:50 +01:00
Sven Wegener a83dbc9de5 Restore 'Connection: close' behaviour in HTTP responses 
Actually the `corked` functionality caused problems with
not closing connections properly.

Full Analysis: https://github.com/Icinga/icinga2/issues/6799#issuecomment-443710338

Full credits to @swegener :)

fixes #6799
 2018-12-03 14:27:37 +01:00
Alexander A. Klimov 8de5326d23 Remove redundand check for object existence on creation via API 
refs #3937
 2018-11-29 17:51:53 +01:00
Michael Friedrich 5406ce6540 Ensure that API/JSON-RPC messages in the same session are processed and not stalled 
This basically drops the "corked" implementation which just stalled the
TLS IO polling after some requests. If you need sort of rate limiting
for these events, use an external TLS proxy which terminates that in front
of Icinga.

fixes #6635
 2018-10-29 12:57:24 +01:00
Michael Friedrich 6de4cef3ae
Merge pull request #6719 from Icinga/fix/finished-reconnect-message 
Do not send 'finished reconnecting...' if failed
 2018-10-24 11:51:34 +02:00
Michael Friedrich bd8e9f55da
Merge pull request #6662 from Icinga/bugfix/keep-http-connection-open-until-stream-eof 
Keep the HTTP server connection open until the stream is EOF
 2018-10-24 11:31:06 +02:00
Michael Friedrich 3cb2c1d143 icinga.com: Update everything else 2018-10-18 09:50:53 +02:00
Michael Friedrich dea5ec614e icinga.com: Update CMakeLists.txt 2018-10-18 09:35:18 +02:00
Michael Friedrich 44c3b83769 icinga.com: Update '*.ti' 2018-10-18 09:30:00 +02:00
Michael Friedrich dab53448bc icinga.com: Update *.{h,c}pp 2018-10-18 09:27:04 +02:00
Michael Friedrich 34de8104b8 Fix regression with API permission filters and namespaces in v2.10 
fixes #6682
 2018-10-15 15:47:11 +02:00
Michael Friedrich 85e161ea1e Silence config compiler logging for runtime created objects 
This is especially problematic with many single creation requests,
e.g. many downtimes created via Icinga Web 2 & the REST API.

In addition to the config compiler messages, apply rule matches are
also in there which are removed by this patch.
 2018-10-09 16:41:17 +02:00
Michael Friedrich 83a428c1ba Keep the HTTP server connection open until the stream is EOF 
fixes #4968
 2018-10-09 16:01:43 +02:00
Michael Friedrich e6eb703b36
Merge pull request #6661 from Icinga/bugfix/cache-http-peer-address 
Cache the peer address in the HTTP server
 2018-10-09 16:00:27 +02:00
Michael Friedrich 5c32a5a7dc Cache the peer address in the HTTP server 
Later socket calls are expensive and might lead
into a race condition on close when logging it.

refs #6655
 2018-10-09 15:40:16 +02:00
Michael Friedrich 58cfc3955d
Merge pull request #6658 from Icinga/bugfix/api-connection-close-req-by-client 
Ensure that HTTP/1.0 or 'Connection: close' headers are properly disconnecting the client
 2018-10-09 13:49:22 +02:00
Michael Friedrich 9352f4bfb3
Merge pull request #6657 from Icinga/feature/api-debug-log-request-body 
Enable the HTTP request body debug log entry for release builds
 2018-10-09 13:29:00 +02:00
Michael Friedrich 13239c3172 Ensure that HTTP/1.0 or Connection: close headers are properly disconnecting the client 
Test results: https://github.com/Icinga/icinga2/issues/6514#issuecomment-428155731

fixes #6514
 2018-10-09 13:23:23 +02:00
Michael Friedrich 73263b7702 Enable the HTTP request body debug log entry for release builds 
fixes #4282
 2018-10-09 12:55:53 +02:00
Michael Friedrich 57081176de Improve logging for disconnected HTTP clients 
Previously this was inside the debug log, with the
new socket printers we can enhance checking for proper
connects and disconnects.

refs #6514
 2018-10-09 12:22:19 +02:00
Michael Friedrich 82178e3b33 Don't inherit daemonize parameter from parent process 2018-09-27 20:30:19 +02:00
Thomas Forrer 816cae98fa Fix config validation problem (startup.log) during /v1/config/stages API call 
copy all arguments of parent process in AsyncTryActivateStage
 2018-09-27 20:27:09 +02:00
Michael Friedrich 64e273afdd
Merge pull request #6639 from Icinga/fix/windows-api-log-rename 
Ensure to _unlink before renaming replay log on Windows
 2018-09-27 08:02:00 +02:00
Michael Friedrich c979f86e4e
Merge pull request #6632 from Icinga/feature/cluster-faster-reconnect 
Increase the cluster reconnect frequency to 10s
 2018-09-25 17:07:01 +02:00
Michael Friedrich cbde35ff22 Use a dynamic thread pool for API connections 
The full analysis is located in #6517.

fixes #6517
 2018-09-25 12:43:10 +02:00
Michael Friedrich cd819f74f4 Increase the cluster reconnect frequency to 10s 
This is blocked by #6517.

refs #6234
 2018-09-25 12:36:30 +02:00
Michael Friedrich 29701b4db5 Add ApiListener#tls_handshake_timeout option 
This allows to specify the previously hardcoded
timeout of 10s.

refs #6517
 2018-09-14 09:20:09 +02:00
Michael Friedrich dd59964702
Merge pull request #6596 from Icinga/bugfix/gcc-8-f28-hardening-crash 
Fix crash on API queries with Fedora 28 hardening and GCC 8
 2018-09-11 20:44:12 +02:00
Noah Hilverling 3854ed683b Improve TLS handshake exception logging 2018-09-06 15:58:42 +02:00
Michael Friedrich 1f4f6282c7 Fix crash on API queries with Fedora 28 hardening and GCC 8 
The actual fix is to handle nullptr references differently
for an empty filter expression. The other changes include
oob checks not necesarily involved.

fixes #6533
 2018-09-06 09:56:04 +02:00
Michael Friedrich 9a75f47fc5 Allow to configure anonymous clients limit inside the ApiListener object 
Previously this was hardcoded, and for security reasons users might want
to adjust this value. This affects CSR signing requests as well as
clients which have not yet been configured as endpoints on the current
node.

refs #6566
 2018-09-05 17:45:35 +02:00
Michael Friedrich a1ec919f5b Raise the message size for anonymous client and pki request calls to 1MB 
If one sends the full certificate chain, this previous limit of 64KB
could be hit.
 2018-09-05 17:44:05 +02:00