130b22e939
Icinga DB: remove usernotification history stream
...
These will be added to the normal notification stream so there is no more need
for this extra stream.
2021-09-15 14:47:25 +02:00
81e5feeb08
Icinga DB: Write IDs of notified users into notification history stream
2021-09-15 14:45:35 +02:00
de7808e32c
Make syslog facility handling reusable
...
The upcoming JournaldLogger will need the same syslog validation and
conversion logic, so factor it out from SyslogLogger to make it
reusable.
Also explicitely include syslog.h, which defines the syslog()
function.
2021-09-15 10:15:22 +02:00
95cdc00ad4
Merge pull request from GHSA-cxfm-8j5v-5qr2
...
Add TLS server certificate validation to ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer (v2)
2021-08-19 13:52:29 +02:00
dfc633074e
Merge pull request #8966 from Icinga/feature/scheduled_by
...
Icinga DB: introduce icinga:history:stream:downtime#scheduled_by
2021-08-16 16:37:08 +02:00
cb09d6833f
RedisConnection: remove now redundant setting of TLS verification parameters
...
This is now done in UnbufferedAsioTlsStream.
2021-08-13 17:24:24 +02:00
3ab347bfd4
GelfWriter: show error message of exceptions
2021-08-13 17:24:24 +02:00
8f3f692ecf
InfluxdbCommonWriter: actually verify TLS server certificates
...
And add a new option ssl_insecure_noverify to explicitly disable it if desired.
2021-08-13 17:24:24 +02:00
29e9df938c
GelfWriter: actually verify TLS server certificates
...
And add a new option insecure_noverify to explicitly disable it if desired.
2021-08-13 17:24:24 +02:00
5cada85e54
ElasticsearchWriter: actually verify TLS server certificates
...
And add a new option insecure_noverify to explicitly disable it if desired.
2021-08-13 17:24:24 +02:00
396f003c69
Enable hostname verification in UnbufferedAsioTlsStream
2021-08-13 10:58:10 +02:00
70b4558a62
Icinga DB: introduce icinga:history:stream:downtime#scheduled_by
...
... with the Downtime#scheduled_by attribute.
2021-08-09 20:07:38 +02:00
852d674ec0
Merge pull request #8957 from Icinga/bugfix/apilistener-detect-ipv6-support
...
ApiListener: Choose bind host default based on OS IPv6 support
2021-08-09 17:32:40 +02:00
ec73b417f2
ApiListener: Choose bind host default based on OS IPv6 support
2021-08-06 12:19:08 +02:00
782669f13b
IDO PgSQL: always use regular string literals
...
IdoPgsqlConnection::Escape() internally uses PQescapeStringConn() and its
documentation states the following:
Furthermore, PQescapeStringConn does not generate the single quotes that must
surround PostgreSQL string literals; they should be provided in the SQL
command that the result is inserted into.
So it's intended to use the result in 'string' literals, not in E'string'
literals as Icinga did. This results in problems as the behavior of
PQescapeStringConn() depends on how the current connection will interpret
regular single quoted literals, namely on the value of the
standard_conforming_strings variable.
The E'string' literals were initially introduced in
ac6f3f8acffix #1206 where PostgreSQL started
warning about escape sequences in string literals not supported by the SQL
standard (but by PostgreSQL depending on the value of
standard_conforming_strings). In the meantime the oldest PostgreSQL version on
any platform supported by Icinga increased to 9.2 (CentOS 7) and starting with
9.1, standard_conforming_strings is enabled by default, so there will be no
warnings about escape sequences (as the warning is only issued if the escape
sequence is actually interpreted by PostgreSQL).
2021-08-05 11:39:32 +02:00
e3a5d613aa
Icinga DB: clean up vanished objects from icinga:checksum:*:state
...
... not to let it grow non-stop.
2021-08-05 11:32:47 +02:00
3aa2289c59
Merge pull request #8946 from Icinga/bugfix/old-packages
...
ConfigPackageUtility::ValidatePackageName(): always tolerate already existing packages
2021-08-02 20:27:27 +02:00
57df803e35
ConfigPackageUtility::ValidatePackageName(): always tolerate already existing packages
...
... not to require migrating invalid ones.
2021-08-02 15:40:14 +02:00
c1df4b70f5
ConfigPackageUtility::PackageExists(): accept invalid package names, too
2021-08-02 15:40:14 +02:00
c666f81361
De-couple package and stage name validation
2021-08-02 15:40:14 +02:00
40c186515b
Merge pull request #8942 from Icinga/bugfix/idb-hashes
...
Icinga DB: keep state checksums consistent
2021-07-29 21:54:58 +02:00
6fa44c8e4e
Merge pull request #8941 from Icinga/bugfix/icingadb-init-all-connections-before-sync
...
Icinga DB: ensure all connections are ready on first use
2021-07-29 17:33:29 +02:00
afca6c001e
Merge pull request #8916 from Icinga/feature/icingadb-last_comment_id
...
Icinga DB: introduce Checkable#last_comment_id
2021-07-29 17:29:51 +02:00
8476627e91
Icinga DB: keep state checksums consistent
...
I.e. make hashes in hashmaps and stream the same.
2021-07-29 12:43:40 +02:00
5c10fffa3b
Icinga DB: introduce Checkable#last_comment_id
2021-07-29 12:22:12 +02:00
173a93c487
Split IcingaDB#SendStatusUpdate(), separate stream and history
2021-07-29 12:22:12 +02:00
2818245e01
Introduce Checkable#GetLastComment()
2021-07-29 12:10:42 +02:00
5923950e61
Merge pull request #8919 from Icinga/bugfix/idb-del-state-chksm
...
Icinga DB: HDEL also icinga:checksum:*:state, not only icinga:*:state
2021-07-29 11:08:33 +02:00
929ebd0f6c
IcingaDB: start initial sync after all child connections are established
...
Icinga started the initial config sync right after the first Redis connection
was established. If any other connections would take longer to connect than
when it's first needed, queries were discarded.
2021-07-28 15:27:32 +02:00
a50120c399
IcingaDB: start parent connection after children are initialized
...
The loop in the connected callback of the parent connection uses m_Rcons which
previously was only initialized after that connection was already started.
2021-07-28 15:27:20 +02:00
f4b2bbc7af
Merge pull request #8940 from Icinga/bugfix/redisconnection-reset-callback
...
RedisConnection: copy callback before calling it
2021-07-28 15:19:26 +02:00
9d5ae0f6fa
Merge pull request #8899 from Icinga/feature/icingadb-connect_timeout
...
Introduce IcingaDB#connect_timeout
2021-07-28 13:52:00 +02:00
cc8d3fbedd
Merge pull request #8937 from Icinga/bugfix/timeout-always-unknown
...
Override exit code on process timeout
2021-07-28 11:56:42 +02:00
4c7199fd7d
RedisConnection: copy callback before calling it
...
This allows the callback to call RedisConnection::SetConnectedCallback() to set
another callback for this connection. This sets m_ConnectedCallback and thereby
destroys the std::function while it's running resulting in undefined behavior.
By operating on a copy, m_ConnectedCallback can be set without affecting the
currently running callback.
2021-07-28 11:34:17 +02:00
ff2abaa687
Merge pull request #8917 from Icinga/bugfix/idb-state-del-prio
...
Icinga DB: HDEL from *:state with same prio as HSET
2021-07-28 11:08:10 +02:00
0919df5aa1
Introduce IcingaDB#connect_timeout
2021-07-27 21:59:09 +02:00
504fdda76c
Introduce DEFAULT_CONNECT_TIMEOUT
2021-07-27 21:57:02 +02:00
9169c805a8
Merge pull request #8933 from Icinga/bugfix/icinga-db-only-start-multiple-redis-connections-after-the-first-one-succeeded-8920
...
Icinga DB: only start multiple Redis connections after the first one succeeded
2021-07-27 21:52:21 +02:00
4d2f694805
Merge pull request #8897 from Icinga/feature/icingadb-pass-db
...
RedisConnection: AUTH and SELECT
2021-07-27 21:51:46 +02:00
2d75bbd8ed
Merge pull request #8915 from Icinga/bugfix/icingadb-prio-state
...
Icinga DB: priorize state > config
2021-07-27 20:22:26 +02:00
dcb5fcc7ba
Merge pull request #8923 from Icinga/bugfix/idb-del-icinga-nextupdate-
...
Icinga DB: DEL icinga:nextupdate:* along with the other keys to delete
2021-07-27 19:05:43 +02:00
07cb6cd1cb
Merge pull request #8930 from Icinga/bugfix/wq-balance
...
WorkQueue#ParallelFor(): optionally don't pre-glue items together to chunks of different size
2021-07-27 19:05:26 +02:00
42eb055c5f
Merge pull request #8921 from Icinga/bugfix/timeperiod-dst
...
TimePeriod/ScheduledDowntime: improve DST handling
2021-07-27 18:11:34 +02:00
07145d2e61
Merge pull request #8913 from Icinga/feature/remove-child-downtimes
...
API Action "remove-downtime": Also remove child downtimes
2021-07-27 18:02:15 +02:00
a55939e462
Override exit code on process timeout
...
As Icinga first sends a SIGTERM to a check plugin on timeout to allow it to
terminate gracefully, this is not really part of the plugin API specification
and we cannot assume that plugins will handle this correctly and still exit
with an exit code that maps to UNKNOWN. Therefore, once Icinga decides to kill
a process, force its exit code to 128 to be sure the state will be UNKNOWN
after a timeout.
2021-07-27 17:57:19 +02:00
e45b43a4d9
Icinga DB: only start multiple Redis connections after the first one succeeded
...
refs #8920
2021-07-27 12:21:04 +02:00
e1e8ec2ea2
RedisConnection: AUTH and SELECT
...
... or PING to trigger NOAUTH.
2021-07-27 12:05:27 +02:00
fcda3a7283
Icinga DB: HDEL also icinga:checksum:*:state, not only icinga:*:state
...
... as they belong together.
2021-07-26 17:35:56 +02:00
392fd8a75c
Icinga DB: HDEL from *:state with same prio as HSET
...
... to ensure the right modifications order per key.
2021-07-26 17:30:38 +02:00
ae9b371128
Icinga DB: priorize state > config
...
I.e. do the following in parallel (highest priority first):
* Stream state changes to icinga:runtime:state
* Sync config and initial state,
then let queued runtime updates to the just synced state pass
2021-07-26 16:39:18 +02:00
9684fe8141
Merge pull request #8544 from Icinga/feature/icingadb-tls
...
Icinga DB: support TLS
2021-07-26 15:50:52 +02:00
497a8dd993
Icinga DB: DEL icinga:nextupdate:* along with the other keys to delete
...
... not on config dump finish.
2021-07-26 11:44:21 +02:00
8731d84299
WorkQueue#ParallelFor(): optionally don't pre-glue items together to chunks of different size
...
... to equally distribute the load across the workers.
2021-07-26 11:40:43 +02:00
7217959206
API Action 'remove-downtime': Also remove child downtimes
2021-07-23 13:53:44 +02:00
8a30657ce9
Icinga DB: write state updates to icinga:runtime:state
...
... allowing the Go daemon to priorize state updates.
2021-07-23 11:52:28 +02:00
4273f30157
LegacyTimePeriod: Prevent modification of input parameters
...
Many functions of LegacyTimePeriod take a tm pointer as an input parameter and
then pass it to mktime() which actually modifies it. This causes problems if
tm_isdst was intentionally set to -1 (to automatically detect whether DST is
active at some time) and then a function is called that implicitly sets
tm_isdst and then the values of tm are modified in a way that crosses a DST
change. This resulted in 1 hour offsets with ScheduledDowntimes on days with
DST changes.
2021-07-22 15:17:06 +02:00
37e53eaa68
Icinga DB: support TLS
2021-07-22 14:34:07 +02:00
50bc7a7f3d
Icinga DB: HDEL also icinga:checksum:*, not only icinga:*
2021-07-22 14:13:12 +02:00
7f7637c9b8
Introduce DEFAULT_TLS_CIPHERS and DEFAULT_TLS_PROTOCOLMIN
2021-07-22 11:12:33 +02:00
80a1128ec7
Introduce SetupSslContext()
2021-07-22 11:12:33 +02:00
fbcaf82e3e
InitSslContext(): fall back to default root CAs
2021-07-22 11:12:33 +02:00
2728603c29
Rename SetupSslContext() to InitSslContext()
2021-07-22 11:12:33 +02:00
2b04e0a754
Merge pull request #8894 from Icinga/bugfix/icinga-db-redis-connection-logging-spam-8883
...
RedisConnection: log info messages only once
2021-07-21 18:00:24 +02:00
d073d2268e
Merge pull request #8719 from Icinga/feature/influxdb-2-8711
...
Introduce Influxdb2Writer
2021-07-21 17:59:58 +02:00
da922ca157
RedisConnection: log info messages only once
...
refs #8883
2021-07-20 17:52:12 +02:00
2fbaf933bc
Merge pull request #8634 from Icinga/feature/icingadb-stats-log
...
RedisConnection: log actual query performance
2021-07-20 17:46:57 +02:00
9d4b0f1268
Introduce Influxdb2Writer
...
refs #8711
2021-07-20 16:21:36 +02:00
d26aa9fb34
InfluxdbCommonWriter: abstract InfluxdbWriter
...
refs #8711
2021-07-20 16:21:36 +02:00
da394b2ab0
Implement scheduling_source attribute ( #6326 )
...
* Implement scheduling_source attribute
This implements the attribute `scheduling_source` for hosts and services to show which endpoint is running the scheduler for the check.
refs #4814
2021-07-20 11:10:26 +02:00
67c4ebedd3
Combine all Redis connections' logs
2021-07-16 18:50:41 +02:00
e6a9631a02
Icinga DB: silence WorkQueue performance
2021-07-16 18:50:41 +02:00
82c3827b66
RedisConnection: log actual query performance
2021-07-16 18:50:41 +02:00
89472a9e51
Merge pull request #8425 from Icinga/bugfix/hosts-128-characters-7472
...
IDO MySQL: support larger host and service names
2021-07-16 18:34:29 +02:00
e4bfb4898d
IDO MySQL: support larger host and service names
...
refs #7472
2021-07-15 11:16:13 +02:00
9f43c143d7
Merge pull request from GHSA-98wp-jc6q-x5q5
...
API: hide ApiListener#ticket_salt
2021-07-15 11:13:35 +02:00
f17b97fd7e
Merge pull request from GHSA-wrpw-pmr8-qgj7
...
Remove passwords from API
2021-07-15 11:12:29 +02:00
b63eb2aa3d
Merge pull request #8855 from Icinga/bugfix/inconsistent-ido-schema-versions-8852
...
Fix IDO MySQL schema version (as in v2.11 upgrade)
2021-07-14 18:09:27 +02:00
bad8059969
Merge pull request #8761 from Icinga/feature/icingadb-perfdata
...
Icinga DB: introduce icinga:*:state#normalized_performance_data
2021-07-07 12:29:21 +02:00
ef73136076
Merge pull request #8830 from Icinga/feature/idb-passive-overdue
...
Icinga DB: no active checks? Not overdue!
2021-07-07 11:15:04 +02:00
7d2a1bbffe
Merge pull request #8310 from Icinga/feature/scheduleddowntime-change-remove-downtimes-8309
...
On ScheduledDowntime change: remove downtimes created before change
2021-07-07 10:44:08 +02:00
6d6844c102
Merge pull request #8874 from Icinga/bugfix/fixed-dt-end-notify
...
Checkable::NotifyDowntimeEnd(): don't send Downtime end notification unless triggered
2021-07-07 10:43:28 +02:00
bee83ead8b
Merge pull request #8730 from Icinga/bugfix/ido-stop-progstat-8727
...
IDO: update program status on stop
2021-07-06 18:07:38 +02:00
43e4ab4760
Checkable::NotifyDowntimeEnd(): don't send Downtime end notification unless triggered
...
... for fixed Downtimes as well.
2021-07-06 12:50:44 +02:00
e9118d6b09
Fix IDO MySQL schema version (as in v2.11 upgrade)
2021-07-05 19:17:53 +02:00
4373acf8ed
Ido*sqlConnection::Reconnect(): de-couple MySQL and Postgres schema versions
2021-07-05 19:17:51 +02:00
9e2f58ea9f
IdoCheckTask: de-couple MySQL and Postgres schema versions
2021-07-05 19:14:07 +02:00
9d1a112edf
Icinga DB: introduce icinga:*:state#normalized_performance_data
2021-07-05 19:05:32 +02:00
ea5411a6e0
PluginUtility::FormatPerfdata(): normalize UoMs if desired
2021-07-05 19:05:32 +02:00
401d3cdc9e
Remove passwords from API
...
IdoMysqlConnection, IdoPgsqlConnection, IcingaDB, and ElasticsearchWriter
require passwords in their configuration to authenticate against external
services. This commit ensures that these can no longer be accessed using the
API.
2021-07-05 15:09:54 +02:00
b7efbd0bba
Merge pull request #8626 from Icinga/bugfix/recreate-object-invisible-ido-8584
...
Ido*sqlConnection#InternalDeactivateObject(): mark object inactive also in memory
2021-07-02 16:34:28 +02:00
07d768f166
API: hide ApiListener#ticket_salt
2021-07-02 16:29:53 +02:00
666c5818bb
On ScheduledDowntime change: remove future downtimes created before change
...
refs #8309
2021-07-02 10:37:29 +02:00
b07d181c4a
Merge pull request #8631 from Icinga/feature/icingadb-scheduleddowntime
...
Icinga DB: introduce icinga:downtime#scheduled_by
2021-06-30 19:03:53 +02:00
31f97d3e6a
Merge pull request #8828 from Icinga/bugfix/execute-command-origin-check
...
event::ExecuteCommand: add missing origin check
2021-06-29 18:08:07 +02:00
692f5aa615
Merge pull request #8718 from Icinga/feature/tls-1.3
...
Support TLS 1.3
2021-06-29 17:52:55 +02:00
6048d0e800
Merge pull request #8373 from Icinga/feature/improve-crashlog
...
Improve crashlog
2021-06-29 17:52:25 +02:00
00af435c13
Merge pull request #8725 from Icinga/bugfix/icingadb-serialize-leaves
...
Icinga DB: serialize icinga:config:checkcommand:argument#value and #set_if as expected
2021-06-29 17:51:41 +02:00
bcc3870f3a
On ScheduledDowntime change: ignore downtimes created before change
...
... while creating new downtimes.
refs #8309
2021-06-29 17:08:41 +02:00
1ee26ac89e
Introduce Downtime#config_owner_hash
...
refs #8309
2021-06-29 16:38:33 +02:00
8f585bd2ee
event::ExecuteCommand: add missing origin check
...
Only handle messages with a trusted origin in
ClusterEvents::ExecuteCommandAPIHandler. Previously, it would not locally
execute any command but forward them to other nodes where they would then have
a trusted origin and be executed.
2021-06-29 11:15:22 +02:00
Julian Brost
Tobias Deiminger
Noah Hilverling
Alexander Aleksandrovič Klimov
Noah Hilverling
Michael Insel
Julian Brost