tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,933 Commits 347 Branches 117 Tags 197 MiB
Commit Graph

925 Commits

Author SHA1 Message Date
Alexander A. Klimov 0a9563b3db HttpServerConnection#ProcessMessages(): avoid I/O if shutting down 
refs #7431
 2019-09-09 13:37:44 +02:00
Alexander A. Klimov b85b8b9697 HttpServerConnection#ProcessMessages(): avoid I/O after boost::asio::error::operation_aborted 
refs #7431
 2019-09-09 13:29:47 +02:00
Alexander A. Klimov dfaeb88ac3 {HttpServer,JsonRpc}Connection#Disconnect(): cancel I/O ops ASAP 
refs #7431
 2019-09-09 13:11:51 +02:00
Michael Friedrich b3c48e7520
Merge pull request #7485 from Icinga/bugfix/api-disconnect-defer 
Avoid the Defer-Disconnect destructor pattern with Boost.Coroutines
 2019-09-09 11:41:34 +02:00
Michael Friedrich c5aa978912 Rewrite error handling in HttpServerConnection#EnsureValidHeaders() 
Throwing local exceptions unnecessarily pollutes the exception
stack with immediate unwinding. Avoid this pattern at all cost within
Boost.Coroutines. MSVC may handle exceptions differently and cause
problems with stack unwinding.

refs #7431
refs #7351
 2019-09-09 11:03:21 +02:00
Michael Friedrich 17d4d17307 Avoid the Defer-Disconnect destructor pattern with Boost.Coroutines 
Exceptions in Disconnect() might be thrown (this has been reworked
into error_code locally) which are swallowed inside the Destructor
for being dangerous. On the other hand, swallowing them may
corrupt the stack unwinding operation from the coroutine layer.

The best is to avoid Defer inside lib/remote and call Disconnect()
directly after breaking from other operations.

refs #7351
refs #7431
 2019-09-09 10:57:13 +02:00
Michael Friedrich ebb0826be0 JsonRpcConnection: Don't swallow exceptions in Boost.Coroutine 
refs #7351
 2019-09-09 09:26:12 +02:00
Michael Friedrich cdacd545c6
Merge pull request #7477 from Icinga/bugfix/api-boost-exceptions-errors 
HttpServerConnection: Prefer error codes over Boost exceptions
 2019-09-06 10:22:42 +02:00
Michael Friedrich a208f7baf0 HttpServerConnection: Prefer error codes over Boost exceptions 
When run within a coroutine, exceptions on Windows may influence
bad behaviour here. Instead, we'll check for the error code
and extract the message from memory. In contrast to exceptions
which are stored on the stack frame and then return, this costs
a little more memory but simplifies the logic.

This doesn't fix the linked issue, but is related to the analysis.

refs #7431
 2019-09-06 10:06:17 +02:00
Michael Friedrich eabba2de42 Always reset Boost beast buffer in HttpServerConnection#ProcessMessages 
refs #7431
 2019-09-06 09:31:16 +02:00
Michael Friedrich f62db49d3e
Merge pull request #7451 from Icinga/bugfix/update-docs 
Update docs: Fix online URL, cipher list
 2019-08-28 08:59:28 +02:00
Michael Friedrich 0915c84530 Update doc URL for the API info handler at /v1 2019-08-27 16:47:07 +02:00
Alexander A. Klimov c24312b870 JsonRpcConnection#Disconnect(): unregister the connection ASAP 
refs #7444
 2019-08-23 17:14:13 +02:00
Michael Friedrich 2760748d78 Fix and improve logging for runtime object sync 
config::UpdateObject would create a new object, but this may
have been silently ignored with 'ignore_on_error' - downtimes, etc.
Since we cannot simply fetch the error from inside the config compiler,
we'd just check whether there's a config object created at this stage.
This happens synchronously, and once there is, log something.

The previous code always logged the creation, even if the downtime
was ignored, e.g. when the first master sent one for local host objects.

This commit also adds more details: identity, endpoint, zone to extract
the MessageOrigin details into log messages for better troubleshooting
and debugging.

refs #7198
 2019-08-15 09:29:05 +02:00
Michael Friedrich 7c1f716dad Fix cookie with ActivateItems 2019-08-13 16:09:26 +02:00
Michael Friedrich c30edd0a34 Fix message origin for runtime created config object (create/delete events) 2019-08-13 15:05:47 +02:00
Michael Friedrich 743dcad35d Improve logging for downtime/ack events (add, remove, expire) 
fixes #7374
 2019-08-06 13:28:58 +02:00
Michael Friedrich c42a2583f0 Cluster sync: Only sync valid UTF8 content (text config, no binaries) 
- *.conf files are sanitized automatically.
- Other files detect sanitizing and treat that as unsupported type

refs #7382
 2019-08-02 16:06:32 +02:00
Michael Friedrich ebd6735c70 TLS Ciphers: Add compatibility suites for older agents (el7) 2019-07-30 10:55:29 +02:00
Michael Friedrich eff6e7662c Fix style and comments 2019-07-15 09:54:35 +02:00
Diana Flach 5fbc052aba Cluster Sync: Improve log messages 2019-07-15 09:54:26 +02:00
Michael Friedrich b00e1d0c67 Config sync: Count the updates and log them 
```
[2019-07-10 12:34:27 +0200] information/ApiListener: Received configuration updates (2) from endpoint 'master1' are equal to production, not triggering reload.
```
 2019-07-15 09:54:09 +02:00
Diana Flach 87d4575af8 Cluster Sync: Ensure that files are synced everytime 2019-07-15 09:53:47 +02:00
Alexander A. Klimov 3f4cb0936c Add ApiListener::UpdatedObjectAuthority() 
refs #7086
 2019-07-11 12:58:07 +02:00
Michael Friedrich 46287c92e6 Cluster: Avoid checking for checksum length with internal files in use 
fixes #7282
 2019-07-04 13:52:31 +02:00
Janne Heß 3e801fbd5a Fix Path to staged files 
The paths in the list are relative, not absolute to the stage directory.
 2019-06-26 02:04:06 +02:00
Michael Friedrich 08a47600be Config sync: Only copy paths to prod which are actually there 
Stored files may be removed by external sources.
 2019-06-19 17:00:50 +02:00
Michael Friedrich db4cc13770 Config Sync: Only log config files for stage, no metadata 2019-06-19 16:09:16 +02:00
Michael Friedrich 577e42e137 Quality: Comments and logs in cluster config sync 2019-06-19 14:46:11 +02:00
Michael Friedrich 3852c51c9f Cluster sync: Don't load/sync the .authoritative config file marker 
This would influence everything else, and it isn't needed anywhere
but the master instance (zones.d -> var-zones).
 2019-06-19 14:46:11 +02:00
Michael Friedrich 0aa6f1a3b3 Use boost::filesystem & Utility classes for file IO 2019-06-19 14:46:11 +02:00
Michael Friedrich 6add9f9ecb Avoid concurrent cluster config sync transactions 
fixes #6660
 2019-06-19 14:46:11 +02:00
Michael Friedrich af8624dcf1 Apply ReloadTimeout for 2.11 2019-06-19 14:46:11 +02:00
Michael Friedrich b3b7abdfe8 Spam the log with config file copies from stage to prod 2019-06-19 14:46:11 +02:00
Michael Friedrich 4c6150b254 Improve checksum logic and logging 2019-06-19 14:46:11 +02:00
Michael Friedrich f92f6f7f8c Improve checksum checks for each file content 2019-06-19 14:46:11 +02:00
Michael Friedrich a6ddef17d9 Enhace logging when config change yes/no will trigger further reload actions 2019-06-19 14:46:11 +02:00
Michael Friedrich c230e503e6 Fix global checksum calculation 2019-06-19 14:46:11 +02:00
Michael Friedrich 7a02990ef8 Refactor the client sync, part II (WIP, currently checksums generate an endless loop) 2019-06-19 14:46:11 +02:00
Michael Friedrich 6105ace50f Improve variable names in ApiListener::SendConfigUpdate() 2019-06-19 14:46:11 +02:00
Michael Friedrich a4b48fc7f4 Update code docs 2019-06-19 14:46:11 +02:00
Michael Friedrich fcc1799a5d Split config file sync updates, part I 
This commit also introduces a playground for checksums,
whilst refactoring the code in large parts.
 2019-06-19 14:46:11 +02:00
Michael Friedrich 9df389a843 Improve logging for ignored config updates where we are authoritative for (config master) 2019-06-19 14:46:11 +02:00
Michael Friedrich efc2289178 Remove duplicated validation paths in function signatures 2019-06-19 14:46:11 +02:00
Michael Friedrich 043824a6a9 Leave partial deletes as is, this is dealt with stage purge later 2019-06-19 14:46:11 +02:00
Michael Friedrich b3fa51a5dc Code Documentation: Config file sync 
Adds headers to all functions including parameters. This unveils
certain unused ones too.
 2019-06-19 14:46:11 +02:00
Michael Friedrich 604a8a041d Update log message and implement recursive diff delete 2019-06-19 14:46:11 +02:00
Michael Friedrich 2acf3a6941 Indicate a warning in the 'icinga' check when cluster stage validation failed 
- success: clear the last failed attribute
- failed: populate it with the output and current timestamp

This can be used to highlight this in the 'icinga' check task.
Since 2.9 we don't have problems with circular library dependencies
with just one linked binary, therefore it is safe to include libremote
in libmethods here.
 2019-06-19 14:46:11 +02:00
Michael Friedrich 46cb806b3f Add a note for config updates V1 and V2 
Old clients sync !.conf via update_v2 message, we cannot
remove this handling for the time being.
 2019-06-19 14:46:11 +02:00
Michael Friedrich 83c11962b2 Only remove directories if they exist during sync 2019-06-19 14:46:11 +02:00
Michael Friedrich 4e9439f2d8 Ensure that config master zones.d -> var-api-zones sync removes deleted files 2019-06-19 14:46:11 +02:00
Michael Friedrich 9d53db1401 Purge stage and production directories before copying files 
The cluster-message -> production diff is still intact, we're
just taking care of unwanted/deleted files here.
 2019-06-19 14:46:11 +02:00
Michael Friedrich 86108e6a1e Improve logging and code quality 2019-06-19 14:46:11 +02:00
Michael Friedrich fb367e12cc Store the last failed zone stage sync validation as runtime ApiListener attribute 2019-06-19 14:46:11 +02:00
Michael Friedrich a91bbe8acd Fix constant value for zone var override 2019-06-19 14:46:11 +02:00
Michael Friedrich e3e68caaa3 Inherit parent process arguments for defined path constants 2019-06-19 14:46:11 +02:00
Michael Friedrich e545884952 Improve logging for staged config sync 2019-06-19 14:46:11 +02:00
Michael Friedrich 1853254201 Pass the zonesVar override around 2019-06-19 14:46:11 +02:00
Michael Friedrich 2ed56b50a4 Ensure directory paths are created from stage -> prod 2019-06-19 14:46:11 +02:00
Michael Friedrich c2d7063ae7 Better signal for checking the cluster config sync stage (ignore production) 2019-06-19 14:46:11 +02:00
Michael Friedrich 506eee2f7d Fix crash 2019-06-19 14:46:11 +02:00
Michael Friedrich 2c39d69428 Implement first draft for cluster config staged sync 2019-06-19 14:46:11 +02:00
Alexander A. Klimov 42a33cdc7d Fix build errors with Boost v1.70 
refs #7237
 2019-06-07 16:30:34 +02:00
Michael Friedrich b32d818d1b CLI: Allow to list removed CSRs with 'ca list' 2019-06-07 10:33:55 +02:00
Andrew Jaffie 429f1ed317 Ignore repeated requests from client after using ca remove command 2019-06-07 10:33:55 +02:00
Michael Friedrich 6a8823f879 Avoid concurrent cluster config sync transactions 
fixes #6660
 2019-06-05 15:23:28 +02:00
Michael Friedrich ef72cd4442
Merge pull request #7220 from Icinga/bugfix/asio-error-handling 
Improve error handling with network connections (Boost ASIO)
 2019-06-05 14:43:31 +02:00
Michael Friedrich 18211ddd23
Merge pull request #7209 from Icinga/bugfix/immediately-close-sockets 
Close server connections and shutdown coroutines immediately on disconnect
 2019-06-05 14:40:24 +02:00
Alexander A. Klimov ad28380884 Close server connections and shutdown coroutines immediately on disconnect 2019-06-05 10:42:03 +02:00
Michael Friedrich fd9887c5af API: Harden default cipher list 
According to https://www.acunetix.com/blog/articles/tls-ssl-cipher-hardening/
 2019-06-05 09:55:43 +02:00
Michael Friedrich 3798089642 Improve error handling with network connections (Boost ASIO) 
refs #7041
 2019-06-05 09:42:51 +02:00
Michael Friedrich 146b337d4d
Merge pull request #7211 from Icinga/feature/asio-tls-version 
Require TLS 1.2 for Cluster & REST API
 2019-06-03 16:19:22 +02:00
Michael Friedrich d82c067555 Require TLS 1.2 for Cluster & REST API 
refs #7041
 2019-05-29 17:08:36 +02:00
Michael Friedrich 438da67209
Merge pull request #7210 from Icinga/bugfix/boost-asio-deprecated 
Quality: Replace deprecated get_io_service() with get_executor().context() for Boost ASIO
 2019-05-29 15:40:19 +02:00
Michael Friedrich 59b95ed1f0 Quality: Replace deprecated get_io_service() with get_executor().context() for Boost ASIO 
refs #7041
 2019-05-29 14:36:10 +02:00
Michael Friedrich 120aba3919 Quality: Removed unused HttpChunkedEncoding class 2019-05-28 13:46:19 +02:00
Michael Friedrich e606d14705 Quality: Clean JsonRPC class and add function docs 2019-05-24 15:50:43 +02:00
Michael Friedrich f933aafd29 Quality: Purge old HTTP code in lib/remote 2019-05-24 15:50:43 +02:00
Michael Friedrich af42e2dfc0
Merge pull request #7178 from Icinga/bugfix/api-package-repair 
API: Automatically repair broken _api package
 2019-05-10 14:40:48 +02:00
Michael Friedrich 6c9c65323e Workaround for boost::filesystem and Visual Studio on Windows 2019-05-10 13:38:12 +02:00
Michael Friedrich 6cce9c0fdd API: Automatically repair broken packages 
This partially reverts #7150 and avoids exceptions
inside the flow. Each time an empty active stage
is detected, Icinga tries to repair it from the
the given directory tree.

Also, the code now takes into account that it should
create the package storage on startup, whether within
the API object, or if disabled, inside the application.

Caching the active stages for packages in memory
only is in effect with the API feature being enabled.
This is useful for other deployed config packages,
not only the internal one.

fixes #7173
refs #7150
refs #7119
fixes #6959
 2019-05-10 12:48:34 +02:00
Elias Ohm 4c86c370bb fixup errbuf length in the other files and avoid using the static buffer in one place (for thread safety and code consistency reasons) 2019-05-09 09:30:12 +02:00
Michael Friedrich 03324b2fb6 Config packages: Catch active stage exceptions in rare cases 
Typically this already is detected on startup.
 2019-05-08 16:43:27 +02:00
Michael Friedrich 704aabcb63 Avoid dead-lock with config packages and active stages 2019-05-08 16:06:46 +02:00
Elias Ohm c10ff9dd72 try without initialization of frame Locals which are not used for permissions filter and as far as I can see also not for query filters 2019-05-02 09:03:30 +02:00
Elias Ohm 53febdea81 use current frame scope for permission filter function calls 2019-05-02 07:35:19 +02:00
Michael Friedrich 502c43fb12 Active packages: Don't try to fix broken config packages which are not cached yet 2019-04-30 12:19:35 +02:00
Michael Friedrich 2bca7a5bb5 Repair broken API config packages at runtime 
This means a new timer which checks every 5m whether the
active-stage can be read, and if not, it overwrites the
file on disk with the details from memory.
 2019-04-26 14:53:36 +02:00
Michael Friedrich f92c134b0a Cluster: Don't try to sync objects from broken _api package 2019-04-26 14:43:38 +02:00
Michael Friedrich c821e73364 Cache the API package stage name with a active-stage fallback 
This prevents reading the file everytime the stageName is required
for when creating a runtime object via REST API.
 2019-04-26 13:40:27 +02:00
Michael Friedrich 37de1a919b
Merge pull request #7088 from Icinga/feature/asio-event-queue 
Implement new event queue for ASIO consumers
 2019-04-25 16:54:43 +02:00
Michael Friedrich a7873da89d Eventqueue: Remove unused code 2019-04-25 16:21:07 +02:00
Alexander A. Klimov e86e3cc234 EventsFilter#Push(): ensure not to modify the global namespace 2019-04-25 15:56:38 +02:00
Alexander A. Klimov c209cf830b /v1/events: don't over-consume CPU-bound threads 2019-04-25 15:56:38 +02:00
Alexander A. Klimov 5e8b4280bc New event queue: handle empty filter 2019-04-25 15:56:38 +02:00
Alexander A. Klimov 94db282fd1 /v1/events: remove anti-deadlock hack 2019-04-25 15:56:38 +02:00
Alexander A. Klimov 81713d0509 /v1/events: use new event queue 2019-04-25 15:56:38 +02:00
Alexander A. Klimov 7688994601 Implement new event queue for ASIO consumers 2019-04-25 15:56:38 +02:00
Michael Friedrich 0438c866f8
Merge pull request #7102 from Icinga/feature/boost-fs-7101 
Replace self-written filesystem ops with boost.filesystem
 2019-04-25 15:53:55 +02:00
Alexander A. Klimov 5afef1015d Replace unlink() with boost::filesystem::remove() 
refs #7101
 2019-04-25 09:53:02 +02:00