cc3965c3ce
Merge pull request #10065 from Icinga/heavy-update-missing-table-relations
...
Update `object#config_hash` after all relations queries
2024-05-22 15:38:31 +02:00
1019398d55
Update object#config_hash after all relations queries
2024-05-22 13:39:30 +02:00
3d64240ee3
Merge pull request #10066 from Icinga/Checkable-RemoveAllDowntimes
...
Remove unused Checkable#RemoveAllDowntimes()
2024-05-21 17:13:16 +02:00
e2bdb8a2f1
Remove unused Checkable#RemoveAllDowntimes()
2024-05-21 14:28:39 +02:00
f9adf18111
IcingaDB#SerializeState(): limit execution_time and latency to 2^32-1
...
not to write higher values into Redis than the Icinga DB schema can hold.
This fixes yet another potential Go daemon crash.
2024-05-15 12:55:41 +02:00
8c2eb3c1ed
Merge pull request #10049 from Icinga/AddDowntime-trigger_name
...
Downtime::AddDowntime(): NULL-check pointer before deref not to crash
2024-05-06 10:26:26 +02:00
d8f8d64f1a
Merge pull request #10027 from macdems/master
...
Fix missing values in PerfData normalization
2024-04-25 19:38:21 +02:00
2bb5cc62e2
Fix missing values in PerfData normalization
2024-04-25 17:41:12 +02:00
5f80ac17aa
l_LegacyDowntimesCache: delete removed objects not to leak memory
2024-04-25 12:13:52 +02:00
c0f87dd4c9
/v1/actions/schedule-downtime: reject request on invalid trigger_name
...
For this purpose lookup the specified Downtime. Also pass Downtime objects,
not just names, to Downtime::AddDowntime() not to lookup it twice.
2024-04-25 12:13:52 +02:00
f0b5239a15
[Refactor] Downtime::GetDowntimeIDFromLegacyID(): return the Downtime itself
...
not just its name.
2024-04-25 12:13:52 +02:00
28b0f7a48c
[Refactor] l_LegacyDowntimesCache: store Downtime objects, not just their names
...
to avoid names of vanished objects.
2024-04-24 12:33:56 +02:00
bb13e98ca5
PluginCheckTask::ProcessFinishedHandler(): warn about exit codes outside 0..3
...
in the plugin output as well, in addition to the warning log.
2024-04-23 17:45:31 +02:00
e33befabfb
Make ProcessResult#ExitStatus and CheckResult#exit_status 64-bit ints
...
so that they can hold Windows exit codes like 3221225477 (>2147483647).
2024-04-23 17:45:31 +02:00
5c17465a19
OpenTsdbWriter#CheckResultHandler(): skip custom tags with empty values
...
refs #7724
2024-04-18 11:36:21 +02:00
31be43ff6c
Merge pull request #10018 from Icinga/revert-9980-config-sync-conflicts
...
Revert "Process `config::update/delete` cluster events gracefully"
2024-03-08 16:58:28 +01:00
af97431bfb
Merge pull request #10006 from Icinga/http-error-handling
...
HttpServerConnection: use exceptions for error handling
2024-03-08 15:06:51 +01:00
a924a49cd8
Revert "Process `config::update/delete` cluster events gracefully"
2024-03-07 17:17:17 +01:00
097ba00a9c
Merge pull request #10008 from Icinga/Al2Klimov-patch-12
...
Don't unnecessarily shuffle items before config validation
2024-03-07 16:44:38 +01:00
629038344b
OpenTsdbWriter#CheckResultHandler(): clarify log messages
...
Clarify which "host or service" an "Unable to resolve macro" debug log message refers to.
2024-02-22 10:34:35 +01:00
abea2f270c
Merge pull request #9997 from Icinga/ListenerCoroutineProc-remote_endpoint
...
ApiListener#ListenerCoroutineProc(): get remote endpoint ASAP for logging
2024-02-20 13:46:02 +01:00
51cdd593da
Don't unnecessarily shuffle items before config validation
...
Before ae693cb7e1#9577 ) we've repeatedly looped over all items in parallel like this:
while not types.done:
for t in types:
if not t.done and t.dependencies.done:
with parallel(all_items, CONCURRENCY) as some_items:
for i in some_items:
if i.type is t:
i.commit()
I.e. all items got distributed over CONCURRENCY threads, but not always equally. E.g. it was the hosts' turn, but only two threads got hosts and did all the work. The others didn't do actual work (due to the lack of hosts in their queue) which reduced the performance. c721c302cd#6581 ) fixed it by shuffling all_items first. ae693cb7e1#9577 ) made the latter unnecessary by replacing the above algorithm with this:
while not types.done:
for t in types:
if not t.done and t.dependencies.done:
with parallel(all_items[t], CONCURRENCY) as some_items:
for i in some_items:
if i.type is t:
i.commit()
I.e. parallel() gets only items of type t, so all threads get e.g. hosts.
2024-02-19 14:26:06 +01:00
700c5a13d7
HttpServerConnection: use exceptions for error handling
...
When a HTTP connection dies prematurely while the response is sent,
`http::async_write()` sets the error code to something like broken pipe for
example. When calling `async_flush()` afterwards, it sometimes happens that
this never returns. This results in a resource leak as the coroutine isn't
cleaned up. This commit makes the individual functions throw exceptions instead
of silently ignoring the errors, resulting in the function terminating early
and also resulting in an error being logged as well.
2024-02-19 14:12:41 +01:00
04ef105caa
Merge pull request #9980 from Icinga/config-sync-conflicts
...
Process `config::update/delete` cluster events gracefully
2024-02-19 13:49:41 +01:00
7d1c887a32
Merge pull request #9999 from Icinga/reset-log-message-count-correctly
...
ApiListener: Reset `m_LogMessageCount` when rotating
2024-02-15 17:06:16 +01:00
9db1c4aca3
Merge pull request #8011 from Icinga/bugfix/reset-sigpipe-6912
...
Reset all signal handlers of child processes
2024-02-15 12:22:36 +01:00
456144c1dc
ApiListener: Process cluster config updates sequentially
2024-02-14 14:25:53 +01:00
40011b0584
Introduce `ObjectNamesMutex` helper class
2024-02-14 14:25:53 +01:00
1a8ce5a90e
Merge pull request #9575 from Icinga/WorkQueue-ParallelFor
...
WorkQueue#ParallelFor(): allocate lambda once per thread, not once per item
2024-02-14 12:59:50 +01:00
2be08aa2e0
Merge pull request #9992 from Icinga/remove-redundat-cpu-bound-work
...
Drop redundant `CpuBoundWork` usage in `JsonRpcConnection::Disconnect()`
2024-02-13 15:51:34 +01:00
fc6a106345
Merge pull request #9994 from Icinga/redundant-cpu-bound-work-usages
...
Drop redundant `CpuBoundWork` usages in `lib/remote`
2024-02-13 14:53:59 +01:00
48eb563ca0
Merge pull request #9736 from Icinga/stream-read-allow_partial
...
Stream#Read(): remove de facto unused param allow_partial
2024-02-13 13:04:15 +01:00
008fcd1744
Preserve runtime objects in a tmp file for the entire validation process
...
Given that the internal `config::Update` cluster events are using this
as well to create received runtime objects, we don't want to persist
first the conf file and the load and validate it with `CompileFile`.
Otherwise, we are forced to remove the newly created file whenever we
can't validate, commit or activate it. This also would also have the
downside that two cluster events for the same object arriving at the
same moment from two different endpoints would result in two different
threads simultaneously creating and loading the same config file -
whereby only one of the surpasses the validation, while the other is
facing an object `re-definition` error and tries to remove that config
file it mistakenly thinks it has created. As a consequence, an object
successfully created by the former is implicitly deleted by the latter
thread, causing the objects to mysteriously disappear.
2024-02-12 15:18:32 +01:00
6e66cd9aff
ApiListener: Reset `m_LogMessageCount` when rotating
...
Closing and re-opening that very same log file shouldn't reset the
counter, otherwise some log files may exceed the max limit per file as
their offset indicator is reset each time they are re-opened.
2024-02-09 18:04:20 +01:00
eb813cfb99
HttpServerConnection: Drop superfluous `CpuBoundWork` usage
2024-02-09 15:17:26 +01:00
62e1d7650d
ApiListener#ListenerCoroutineProc(): get remote endpoint ASAP for logging
...
On incoming connection timeout we log the remote endpoint which isn't
available if it was already disconnected - an exception is thrown. Get it
as long as we're still connected not to lose it, nor to get an exception.
2024-02-09 12:27:25 +01:00
32531fe909
EventsHandler: Drop superfluous `CpuBoundWork` usage
2024-02-09 12:00:50 +01:00
c7293de91d
IoEngine: Always log coroutine exception diagnostics
...
While analyzing a possible memory leak, we encountered several coroutine
exception messages, which unfortunately do not provide any information
about what exactly went wrong, as exception diagnostics were previously
only logged at the notice level.
2024-02-08 12:09:06 +01:00
72266434df
Drop redundant `CpuBoundWork` usages in `lib/remote`
2024-02-08 11:30:23 +01:00
e2793f1d88
Drop redundant `CpuBoundWork` usage in `JsonRpcConnection::Disconnect()`
...
Although there is locking involved here, it shoudln't take too long for
the thread to actually acquire it, since there aren't that many threads
dealing with endpoint clients concurrently. It's just wasting pointless
time trying to obtain a CPU slot.
2024-02-08 11:24:55 +01:00
e9fcbf400f
Merge pull request #9966 from Icinga/Al2Klimov-patch-3
...
HttpServerConnection: remove duplicate ")" from a log message
2024-01-18 10:46:51 +01:00
d48b369554
Reset all signal handlers of child processes
...
... not to disturb check plugins.
refs #6912
2024-01-17 12:25:59 +01:00
966b46e808
Merge pull request #9965 from Icinga/http-request-time
...
HttpServerConnection: log request processing time as well
2024-01-17 11:30:33 +01:00
b1fe15f694
Merge pull request #9962 from Icinga/influx-disk-9948
...
Influx DB: truncate timestamps to whole seconds to save disk space
2024-01-17 08:50:16 +01:00
b6874cc8d4
HttpServerConnection: log request processing time as well
2024-01-16 17:52:07 +01:00
6a4cb5c12c
HttpServerConnection: remove duplicate ")" from a log message
...
The commit 5c32a5a7dc
2024-01-16 16:31:00 +01:00
cc9db3756f
Revert "Influx DB: don't unneccessarily truncate timestamps to whole seconds"
...
This reverts commit eaa3cd83ad
2024-01-16 12:19:48 +01:00
fc5b1178c6
Revert "Remove no-op InfluxDB URL param"
...
This reverts commit 21f548d3c0
2024-01-16 12:19:47 +01:00
28b2db8446
Merge pull request #9851 from Icinga/Al2Klimov-patch-3
...
Make ObjectImpl<Logger>#GetSeverity() non-virtual
2023-12-22 12:44:51 +01:00
6c03598678
Merge pull request #9896 from Icinga/provide-cancel_time-where-has_been_cancelled-may-be-1
...
Disallow triggering a cancelled downtime, but provide cancel_time in Icinga DB downtime history where has_been_cancelled may be 1
2023-12-20 10:03:09 +01:00
949d983a76
Merge pull request #9895 from Icinga/targeted-api-filter
...
FilterUtility::GetFilterTargets(): don't run filter for specific object(s) for all objects
2023-12-19 15:18:41 +01:00
8b2e28a869
Merge pull request #9891 from Icinga/renew-the-ca-9890
...
ApiListener#Start(): auto-renew CA on its owner
2023-12-19 14:57:47 +01:00
96cfc4abe8
Merge pull request #9887 from Icinga/argument-list-too-long-9340
...
PluginNotificationTask::ScriptFunc(): on Linux truncate output and comment
2023-12-19 14:36:57 +01:00
175153ce6a
PluginNotificationTask::ScriptFunc(): on Linux truncate output and comment
...
not to run into an exec(3) error E2BIG due to a too long argument.
This sends a notification with truncated output instead of not sending.
2023-12-19 12:21:03 +01:00
966216f4ba
RequestCertificateHandler(): also renew if CA needs a renewal
...
and a newer one is available.
2023-12-18 15:28:11 +01:00
551c3afa60
CertificateToString(): allow raw pointer input
2023-12-18 15:28:11 +01:00
bc778116e9
ApiListener#Start(): auto-renew CA on its owner
...
otherwise it would expire.
2023-12-18 15:28:11 +01:00
36a08b0497
ApiListener#RenewCert(): enable optional CA creation
2023-12-18 15:28:11 +01:00
7b55df6f11
CreateCertIcingaCA(EVP_PKEY*, X509_NAME*): enable optional CA creation
2023-12-18 15:28:11 +01:00
953eeba061
Merge pull request #9893 from Icinga/do-not-re-notify-if-filtered-states-don-t-change-4503
...
Discard likely duplicate problem notifications via Notification#last_notified_state_per_user
2023-12-13 16:13:28 +01:00
ecfc9033b0
FilterUtility::GetFilterTargets(): don't run filter for specific object(s) for all objects
2023-12-13 16:02:50 +01:00
15191bcd74
ApplyRule::GetTarget*s(): support constant strings from variables
...
in addition to literal strings. This is for sandboxed filters with some
variables pre-set by the caller. They're "constant" in that scope, too.
2023-12-13 16:02:50 +01:00
a04cef1890
Introduce DictExpression#GetExpressions()
2023-12-13 16:02:50 +01:00
8bcae97ecc
Introduce Dictionary#GetRef()
2023-12-13 16:02:50 +01:00
97cd05db7a
Notification#BeginExecuteNotification(): on recovery clear last_notified_state_per_user
2023-12-13 13:21:22 +01:00
44e9c6f40d
Notification#BeginExecuteNotification(): discard likely duplicate problem notifications
2023-12-13 13:21:19 +01:00
74f52c6fcd
Introduce IsCaUptodate() by splitting IsCertUptodate()
2023-12-13 12:08:34 +01:00
871fa67b52
Merge pull request #9885 from Icinga/renegotiation
2023-12-12 17:38:09 +01:00
2cff763295
Cluster-sync Notification#last_notified_state_per_user
2023-12-12 15:29:50 +01:00
b25ba7a316
Notification#BeginExecuteNotification(): track state change notifications
2023-12-07 12:43:30 +01:00
d2a7117007
Merge pull request #9899 from Icinga/icinga2-crashes-silently-9897
...
IcingaDB#SendConfigDelete(): fix missing nullptr check before deref
2023-11-21 11:03:28 +01:00
7fc7d054af
Merge pull request #9841 from WuerthPhoenix/fix-9840-lock-console-api-during-reload
2023-11-21 10:36:26 +01:00
7174dc864d
IcingaDB#SendConfigDelete(): fix missing nullptr check before deref
2023-11-10 17:43:33 +01:00
9aaa9901bd
Icinga DB downtime history: provide cancel_time where has_been_cancelled may be 1
...
The table sla_history_downtime requires a downtime_end.
The Go daemon takes the cancel_time if has_been_cancelled is 1.
So we must supply a cancel_time whereever has_been_cancelled is 1.
Otherwise the Go daemon can't process some entries.
2023-11-08 15:22:39 +01:00
7ce9457a4a
Disable TLS renegotiation
...
The API doesn't need it and a customer's security scanner
is afraid of a potential DoS attack vector.
2023-11-06 18:46:37 +01:00
1f06589f7a
Remove dead code in GetSignatureAlgorithm()
...
This code was added in commit 548eb93
2023-10-20 18:55:44 +02:00
bba6a76f4a
Merge pull request #9853 from Icinga/GelfWriter-m_StreamMutex
...
GelfWriter: protect m_Stream via m_WorkQueue, not ObjectLock(this)
2023-09-07 11:46:38 +02:00
e5d988a2fe
Merge pull request #7799 from Icinga/bugfix/file-end
...
Fix file endings
2023-08-25 11:06:19 +02:00
4ee10a6c20
GelfWriter: protect m_Stream via m_WorkQueue, not ObjectLock(this)
...
On shutdown or HA re-connect ConfigObject#SetAuthority(false) is called which
does ObjectLock(this) and ConfigObject#Pause(). GelfWriter#Pause(), with the
above ObjectLock, calls m_WorkQueue.Join(). But items inside that also doing
ObjectLock(this) cause a deadlock.
2023-08-24 17:48:09 +02:00
993c9b742d
Make ObjectImpl<Logger>#GetSeverity() non-virtual
...
After all it's not overridden.
2023-08-15 13:03:31 +02:00
41e21cb8cf
Prevent calls to command API while the configuration is reloading.
...
Fixes #9840
2023-08-09 08:45:04 +02:00
1308ad62af
Stream#Read(): remove de facto unused param allow_partial
...
The only caller passes true, so no one forbids partial reads (even implicitly).
All usages in the implementation just assert it being true (allowed).
2023-07-13 16:55:48 +02:00
1af5109ad3
Merge pull request #9734 from Icinga/remove-unused-stream-peek-
...
Remove unused Stream#Peek()
2023-07-13 16:52:29 +02:00
8f8a6ee2a0
Application::m_LastReloadFailed: if double isn't always lock free, use uint32_t
...
which will overflow in 2106, not 2038.
This fixes a compile failure on 32-bit Raspbian.
2023-07-10 10:51:02 +02:00
000a776dfb
Built-in check command: ifw-api ( #9062 )
2023-07-06 14:18:21 +02:00
26a75f8a6f
Merge pull request #9812 from Icinga/support-elasticsearch-8-0-9251
...
ElasticsearchWriter: switch to v7+ URL schema to support v8
2023-07-05 10:15:10 +02:00
fe13b96226
Merge pull request #9809 from Icinga/reevaluate-and-update-default-tls-cipher-list-9808
...
Copy and paste global default TLS cipher set from ssl-config.mozilla.org
2023-07-03 19:13:10 +02:00
617dda61fb
Re-order global default TLS cipher list to prefer AES256 over AES128
2023-07-03 15:36:11 +02:00
4c2e59a690
ElasticsearchWriter: switch to v7+ URL schema to support v8
...
and OpenSearch 2. This breaks the EOL v5 and v6.
2023-07-03 14:43:45 +02:00
70d6b6e424
Merge pull request #9810 from Icinga/Al2Klimov-patch-8
...
ElasticsearchWriter#Pause(): call Flush() only once
2023-06-30 17:21:16 +02:00
076eb59443
ElasticsearchWriter#Pause(): lock m_DataBufferMutex during Flush()
...
just to be sure regarding race conditions.
2023-06-30 14:57:18 +02:00
a2e05f89e8
Enable built-in OpenSSL DH parameters to allow DHE TLS ciphers
...
Non-ECC DHE ciphers in the `cipher_list` attribute of `ApiListener` (the
default value includes these) had no effect as no DH parameters were available
and therefore the server wouldn't offer these ciphers. OpenSSL provides
built-in DH parameters starting from version 1.1.0, however, these have to be
enables explicitly using the `SSL_CTX_set_dh_auto()` function. This commit does
so and thereby makes it possible to establish a connection to an Icinga 2
server using a DHE cipher.
2023-06-29 12:06:26 +02:00
d5e6ecec8a
ElasticsearchWriter#Pause(): call Flush() only once
...
The first Flush() is redundant and may access m_DataBuffer at the same time as some Flush() in m_WorkQueue (race condition) which isn't joined, yet.
2023-06-29 10:42:12 +02:00
2e053b0e06
Copy and paste global default TLS cipher set from ssl-config.mozilla.org
...
which got more secure by now, but still overlaps with v2.13.x' set.
2023-06-28 14:49:08 +02:00
a2926b8604
Merge pull request #9794 from Icinga/round-notification-times-begin-end-not-to-crash-go-daemon
...
IcingaDB::PrepareObject(): round Notification#times.{begin,end} not to crash Go daemon
2023-06-27 17:08:41 +02:00
dccb678882
IcingaDB::PrepareObject(): cut off (null) negative Notification#times.{begin,end} not to crash Go daemon
...
At least our PostgreSQL schema enforces positive values.
2023-06-27 12:58:08 +02:00
415b810abf
IcingaDB::PrepareObject(): round Notification#times.{begin,end} not to crash Go daemon
...
The latter expects ints, not floats - not to mention strings.
Luckily Icinga already enforces numeric strings so that we can cast it to number.
2023-06-27 12:53:08 +02:00
9cf519316e
Merge pull request #9805 from Icinga/checkcommand-timeout-0-crashes-icinga-db-daemon-9804
...
IcingaDB::PrepareObject(): cut off (0) negative Command#timeout for Redis
2023-06-27 10:45:02 +02:00
c08d3beeb1
Merge pull request #9785 from Icinga/Al2Klimov-patch-8
...
Icinga DB: also write ConfigObject#original_attributes into Redis
2023-06-27 10:24:41 +02:00
bd11bc2eb4
Merge pull request #9793 from Icinga/unmarshal-number-42-5-into-go-struct-field-notification-notification_interval
...
IcingaDB::PrepareObject(): round Notification#interval and limit it to >=0
2023-06-27 10:12:13 +02:00
Alexander Aleksandrovič Klimov
Yonas Habteab
Maciej Dems
Julian Brost
Eric Lippmann
Alexander Aleksandrovič Klimov
Theo Buehler
Mattia Codato