tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,735 Commits 347 Branches 117 Tags 197 MiB
Commit Graph

4676 Commits

Author SHA1 Message Date
Michael Friedrich 0f804d126b
Merge pull request #7133 from Icinga/feature/boost-asio-pki 
Use new I/O engine in PkiUtility::FetchCert() and PkiUtility::RequestCertificate()
 2019-04-23 14:27:48 +02:00
Alexander A. Klimov a6cd3e65cb JsonRpcConnection: reduce log spam on disconnect 2019-04-23 14:09:07 +02:00
Michael Friedrich 20d51d21dc
Merge pull request #7127 from Icinga/bugfix/replay-log 
ApiListener#RotateLogFile(): don't overwrite previous log
 2019-04-23 12:08:12 +02:00
Michael Friedrich 5fb191bbeb
Merge pull request #7126 from Icinga/bugfix/replay-logs-6932 
ApiListener#ApiTimerHandler(): delete all replayed logs
 2019-04-23 12:07:02 +02:00
Alexander A. Klimov 14fdfff770 Use new I/O engine in InfluxdbWriter 2019-04-23 11:59:37 +02:00
Michael Friedrich dee8fbf248
Merge pull request #7128 from Icinga/feature/re-write-objectlock-7123 
Re-write ObjectLock's implementation details
 2019-04-23 11:53:40 +02:00
Alexander A. Klimov c1fa07899c Introduce OptionalTlsStream 2019-04-23 11:25:26 +02:00
Alexander A. Klimov 407e77883c ApiListener#ReplayLog(): read current log file too instead of rotating 2019-04-18 17:22:36 +02:00
Alexander A. Klimov 997d84bfa0 ApiListener#RotateLogFile(): don't overwrite previous log 2019-04-18 17:22:33 +02:00
Alexander A. Klimov 9b489cf9b9 ApiListener#ApiTimerHandler(): delete all replayed logs 
refs #6932
 2019-04-18 17:00:40 +02:00
Alexander A. Klimov d8c9fdf1d4 Make Object#m_Mutex std::recursive_mutex 
refs #7123
 2019-04-17 18:26:29 +02:00
Alexander A. Klimov 7e6868bc99 Make Object#m_LockOwner std::atomic<std:🧵:id> 
refs #7123
 2019-04-17 18:26:23 +02:00
Alexander A. Klimov f9f998334d ObjectLock: deduplicate constructors 
refs #7123
 2019-04-17 16:47:41 +02:00
Alexander A. Klimov f44e847717 Rotate replay log on shutdown, not on startup 2019-04-17 14:18:20 +02:00
Michael Friedrich 02db12ae02
Merge pull request #7050 from Icinga/feature/previous-state-change 
Implement previous_state_change
 2019-04-17 13:17:41 +02:00
Michael Friedrich 3665430005
Merge pull request #7112 from Icinga/bugfix/service-handled 
Include host state in Service#handled and Service#severity
 2019-04-17 13:16:23 +02:00
Michael Friedrich 64568f5966
Merge pull request #7121 from Icinga/bugfix/concurrent-checks 
Fix that MaxConcurrentChecks constant is overridden from 'checker' feature
 2019-04-17 13:14:32 +02:00
Michael Friedrich ab97d606db
Merge pull request #7122 from Icinga/bugfix/evaluatefilter-change-globals 
FilterUtility::EvaluateFilter(): ensure not to modify the global namespace
 2019-04-16 17:40:20 +02:00
Alexander A. Klimov 5afda77943 Namespace: place ObjectLock in all methods 2019-04-16 17:38:58 +02:00
Michael Friedrich ecbfdc2732
Merge pull request #7113 from Elias481/fix/incorrect-usage-of-global-namespace-6874-6785 
use dedicated permissions namespace for scriptframe in filterutility
 2019-04-16 16:02:16 +02:00
Alexander A. Klimov bdadb53940 FilterUtility::EvaluateFilter(): ensure not to modify the global namespace 2019-04-16 15:53:44 +02:00
Michael Friedrich b906714254 Fix that MaxConcurrentChecks constant is overridden from 'checker' feature 
Note: This drops the deprecated concurrent_checks setting from the checker feature
entirely and refactors the underlaying code handling.

Also affects ReloadTimeout which is new for 2.11.

fixes #7111
 2019-04-16 15:04:57 +02:00
Michael Friedrich 44d0c9013b Ignore synced config zones where no config item exists 
The culprit is that we're in compiling configuration stage here,
we don't have access to `Zone::GetByName()` as objects have not
been activated yet.

Our best guess is from a config item loaded before (e.g. from zones.conf)
since no-one can sync zones via cluster config sync either.

It may not be 100% correct since the zone object itself may be invalid.
Still, if the zone object validator fails later, the config breaks either way.

The problem with removal of these directories is dealt by the cluster
config sync with stages.

refs #6727
refs #6716
 2019-04-15 17:38:43 +02:00
Michael Friedrich e0d9814feb
Merge pull request #7116 from Icinga/feature/no-reachable 
Drop Checkable#reachable in favor of #last_reachable
 2019-04-15 13:40:06 +02:00
Alexander A. Klimov d7b63143cf Drop Checkable#reachable in favor of #last_reachable 2019-04-12 13:03:11 +02:00
Elias Ohm 1e7cd4afc8 * use dedicated permissions namespace for scriptframe in filterutility to allow proper parallel execution 
* fixes issue https://github.com/Icinga/icinga2/issues/6785 where permission checks get wrong result because permissions checks are done within a shared namespaces without using only unique keys
  * mitigates issue https://github.com/Icinga/icinga2/issues/6874 where segmentation faults occur because of concurrent access to non threadsafe parts of namespace (a fix for thread safety of namespaces which would be an alternative approach to get rid of these segfaults is out of scope of this fix as 6785 needs to be fixed anyway and this is the straight-forwards) way to fix that
* do the same for eventqueue (not certain whether events can be processed in parallel but I expect it is the case)
 2019-04-12 08:10:57 +02:00
Alexander A. Klimov 66949dd018 Service: reduce severity while host is down 2019-04-11 11:36:23 +02:00
Alexander A. Klimov ae18536b0f Service: be handled while host is down 2019-04-11 11:25:45 +02:00
Michael Friedrich 973b03dcb2
Merge pull request #7109 from Icinga/feature/enhance-cluster-message-send-code-docs 
Improve code docs for cluster message routing conditions
 2019-04-11 11:20:46 +02:00
Michael Friedrich b24a3be083 Improve code docs for cluster message routing conditions 
refs #6781
 2019-04-10 14:17:36 +02:00
Michael Friedrich 2b3511d8a6
Merge pull request #7097 from Icinga/bugfix/disconnect-log-spam 
JsonRpcConnection: reduce log spam on disconnect
 2019-04-09 16:57:31 +02:00
Alexander A. Klimov de04bb13a8 JsonRpcConnection: reduce log spam on disconnect 2019-04-09 13:53:41 +02:00
Alexander A. Klimov 896d447e11 Add Checkable#problem and #handled 2019-04-09 11:34:59 +02:00
Alexander A. Klimov d33cfdf3c0 Declare Checkable#IsStateOK() const 2019-04-09 11:26:34 +02:00
Alexander A. Klimov acf28fb5b0 Expose Checkable#reachable 2019-04-09 11:09:02 +02:00
Michael Friedrich f177d8786d HttpServerConnection: Log the user agent field for new requests too 
refs #7041
 2019-04-05 15:08:09 +02:00
Michael Friedrich b1042c3689
Merge pull request #7076 from Icinga/bugfix/eventqueue-leak 
/v1/events: terminate on disconnect
 2019-04-05 10:31:30 +02:00
Alexander A. Klimov 2e4e2e1a79 /v1/events: don't deadlock other coroutines 2019-04-05 09:22:42 +02:00
Michael Friedrich cd325410ec
Merge pull request #7078 from Icinga/feature/deprecate-command-pipe-adjust-logs 
Deprecate ExternalCommandListener feature ('command') and adjust log warnings to the roadmap
 2019-04-03 14:59:36 +02:00
Michael Friedrich c785a0678f Deprecate ExternalCommandListener feature ('command') and adjust log warnings to the roadmap 
They won't be removed with 2.11 thus far. Users should
be guided to the roadmap which holds all details instead
of hardcoding a version in the code.
 2019-04-03 14:39:10 +02:00
Michael Friedrich 84019ba27a Fix notification skip for local non-API enabled setups 
W/o local endpoint, these reminder notifications would
have been skipped otherwise.

PR #6935 improved the logging and made this problem visible.

Thanks @nilmerg :)
 2019-04-03 13:50:21 +02:00
Michael Friedrich 5c3a9b77d7 Always update object authority, even w/o API feature 
Regression from #7062

Thanks @nilmerg :)
 2019-04-03 13:48:24 +02:00
Alexander A. Klimov 2e5af2922b /v1/events: terminate on disconnect 2019-04-03 09:59:45 +02:00
Alexander A. Klimov 4c5ee0dbbf EventQueue#WaitForEvent(): re-add timeout 2019-04-03 09:53:45 +02:00
Michael Friedrich c6eaee611c
Merge pull request #7074 from Icinga/feature/cli-run-as-icinga-not-root 
Impersonate as Icinga user, not root
 2019-04-03 09:52:08 +02:00
Alexander A. Klimov 28d46052b0 HttpServerConnection#StartStreaming(): auto-detect disconnection 2019-04-03 09:50:52 +02:00
Michael Friedrich c2f180395a
Merge pull request #7000 from Icinga/bugfix/goto-loop 
Don't abuse goto for building simple loops
 2019-04-03 09:46:17 +02:00
Alexander A. Klimov c284cf0b68 HttpServerConnection: encapsulate streaming start indicator 2019-04-02 17:37:29 +02:00
Michael Friedrich 7ca8c3ec2f Impersonate as Icinga user, not root 
This requires write permissions for

- etc/features-*
- etc/*.conf
- var/{lib,cache}/icinga2/*

Typically permissions are handled by prepare-dirs,
or the respective CLI commands are run as root either way.

fixes #4947
 2019-04-02 17:05:48 +02:00
Alexander A. Klimov 09a2e04f4b EventQueue#WaitForEvent(): don't lock I/O thread while locking mutex 2019-04-02 14:38:06 +02:00
Alexander A. Klimov cfd0d86b9b Use C++11 atomics for our intrusive pointers 2019-04-02 13:54:30 +02:00
Alexander A. Klimov 00d859234e Use new I/O engine in PkiUtility::FetchCert() and PkiUtility::RequestCertificate() 2019-04-01 17:18:00 +02:00
Alexander A. Klimov 6e7932f157 Add non-async overloads for JsonRpc::ReadMessage() and JsonRpc::SendMessage() 2019-04-01 17:11:10 +02:00
Alexander A. Klimov f4a78380e9 Add non-async overloads for NetString::ReadStringFromStream() and NetString::WriteStringToStream() 2019-04-01 17:11:10 +02:00
Alexander A. Klimov d1e87bdc45 Connect(): add non-async overload 2019-04-01 17:11:09 +02:00
Alexander A. Klimov f2d9d91e83 Introduce UnbufferedAsioTlsStream#GetPeerCertificate() 2019-04-01 17:11:09 +02:00
Michael Friedrich 5c2aaf6380 Improve error logging on connection failure (cluster) 2019-04-01 16:13:37 +02:00
Alexander A. Klimov 64b2ac4b30 ApiListener: drop unused thread pool 2019-04-01 15:06:17 +02:00
Alexander A. Klimov 3a6caa2800 Respect Accept:application/json where possible 2019-04-01 13:31:16 +02:00
Alexander A. Klimov 24c9542b5b HttpServerConnection: fix side effect of HTTP parser's default body limit 2019-04-01 13:31:16 +02:00
Alexander A. Klimov d428bdf384 Add missing includes 2019-04-01 13:31:16 +02:00
Alexander A. Klimov bf23e5392b UnbufferedAsioTlsStream: don't rely on *this in decltype()s for methods' return types 2019-04-01 13:31:16 +02:00
Alexander A. Klimov 7ec1e638a8 Turn shortcut UnbufferedAsioTlsStream::Parent into a base class 2019-04-01 13:31:16 +02:00
Alexander A. Klimov 5b2c1f023d Rename preventGc to keepAlive 2019-04-01 13:31:16 +02:00
Alexander A. Klimov 5208448b76 Restore the previous performance of replaying logs 2019-04-01 13:31:16 +02:00
Alexander A. Klimov 79e95d2355 Introduce JsonRpcConnection#SendMessageInternal() 2019-04-01 13:31:16 +02:00
Alexander A. Klimov e6d78bf361 Move some TCP/TLS logic out of ApiListener 
... for re-using it
 2019-04-01 13:31:16 +02:00
Alexander A. Klimov 79220ee647 io-engine.hpp: fix missing namespace 2019-04-01 13:31:16 +02:00
Alexander A. Klimov 8b3efe5759 Introduce AsioConditionVariable 2019-04-01 13:31:16 +02:00
Alexander A. Klimov d3392d1579 Rename AsioTlsStreamHack to UnbufferedAsioTlsStream 2019-04-01 13:31:16 +02:00
Alexander A. Klimov e129c561d5 HttpServerConnection: don't disconnect during sending response 2019-04-01 13:31:16 +02:00
Alexander A. Klimov b384f859c9 Make IoEngine::m_CpuBoundSemaphore signed 2019-04-01 13:31:16 +02:00
Alexander A. Klimov 326bf66255 ApiListener: use setsockopt(), not tcp::acceptor#set_option() 2019-04-01 13:31:16 +02:00
Alexander A. Klimov b5fddaf3ce ApiListener: log why bind(2) failed 2019-04-01 13:31:16 +02:00
Alexander A. Klimov e26774c7f8 IoEngine: adjust I/O threads 2019-04-01 13:31:16 +02:00
Alexander A. Klimov 19625e62ef ApiListener: fix self-made security hole 2019-04-01 13:31:16 +02:00
Alexander A. Klimov 87b0c452db HttpServerConnection: re-add automatic disconnect 2019-04-01 13:31:16 +02:00
Alexander A. Klimov f029fd4884 Re-add HttpServerConnection#Disconnect() 2019-04-01 13:31:16 +02:00
Alexander A. Klimov 16913cb977 JsonRpcConnection: add missing CpuBoundWork 2019-04-01 13:31:16 +02:00
Alexander A. Klimov a451327b81 JsonRpcConnection: re-add num_json_rpc_work_queue_item_rate 2019-04-01 13:31:16 +02:00
Alexander A. Klimov a54bd9d5c4 JsonRpcConnection: re-add automatic disconnect 2019-04-01 13:31:16 +02:00
Alexander A. Klimov 7aae8bd265 JsonRpcConnection: re-add heartbeats 2019-04-01 13:31:16 +02:00
Alexander A. Klimov 84b411501b Re-add JsonRpcConnection#Disconnect() 2019-04-01 13:31:16 +02:00
Alexander A. Klimov 2d16b02520 ApiListener#NewClientHandlerInternal(): shut down TLS stream 2019-04-01 13:30:42 +02:00
Alexander A. Klimov c46157d552 ApiListener: fix self-made security hole 2019-04-01 11:40:14 +02:00
Alexander A. Klimov f9fff54da2 ApiListener: don't require a valid certificate for the TLS handshake to complete 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 6c86c127f1 Port JsonRpcConnection to Boost ASIO 2019-04-01 11:40:14 +02:00
Alexander A. Klimov c76947e8b9 JsonRpc::ReadMessage(): add Boost ASIO overload 2019-04-01 11:40:14 +02:00
Alexander A. Klimov b26808414c NetString::ReadStringFromStream(): add Boost ASIO overload 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 48b5824e37 ApiListener: send icinga::Hello message 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 49ac7777e0 JsonRpc::SendMessage(): add Boost ASIO overload 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 43658de529 NetString::WriteStringToStream(): add Boost ASIO overload 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 832365195d ApiListener: connect(2) via Boost ASIO 2019-04-01 11:40:14 +02:00
Alexander A. Klimov e9a64abd09 ApiListener#ListenerCoroutineProc(): catch more edge cases 2019-04-01 11:40:14 +02:00
Alexander A. Klimov a6813ec786 ApiListener: restore previous bind(2) behavior 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 282f8fd173 IoEngine: explicitly join I/O threads 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 493a97f4f3 EnsureAcceptHeader(): fix wrong condition 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 8c5d629d35 /v1/events: don't truncate any events 2019-04-01 11:40:14 +02:00
Alexander A. Klimov ac72ca4ae6 Don't warn that Boost.Coroutine v1 is deprecated 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 7681ec10a4 /v1/events: don't lock I/O thread 2019-04-01 11:40:14 +02:00