Commit Graph

1881 Commits

Author SHA1 Message Date
Alexander A. Klimov 06b504f291 Adjust PID file management
refs #5230
2019-07-15 17:04:53 +02:00
Alexander A. Klimov 37a3e7e4d5 Application::RunEventLoop(): forward restart requests to umbrella process
refs #5230
2019-07-15 15:23:37 +02:00
Alexander A. Klimov d6bc5a1a18 Remove old signal handlers
refs #5230
2019-07-15 15:06:29 +02:00
Michael Friedrich 6682a427d4 TLS: Ensure to specify options in one place
`SetTlsProtocolminToSSLContext()` may have overridden
previous flags.

refs #7277

refs #7041
refs #7211
2019-07-15 13:29:55 +02:00
Michael Friedrich 524e2368be Respect OpenSSL 1.1.0 vs older 2019-07-12 14:56:08 +02:00
Michael Friedrich 32d288f243 TLS: Fetch the cipher list and log them for debugging 2019-07-12 14:39:17 +02:00
Michael Friedrich 38b7f10e0e Array: Move Join into the base class, available for programmers 2019-07-12 14:36:55 +02:00
Michael Friedrich 0d25ae0e08 Quality: Prefer BOOST_{,UN}LIKELY gcc optimizer macros over our own
Our macro collides with Boost::DateTime and the gregorian classes
and I don't see any reason why we shouldn't use Boost::Config
being already there.
2019-07-09 13:20:53 +02:00
Michael Friedrich 065067c8b5
Merge pull request #7281 from Icinga/bugfix/openssl-1-0-1-7280
Use SSL_CTX_set_ecdh_auto only if available
2019-07-04 14:27:45 +02:00
Alexander A. Klimov 6568017658 Use SSL_CTX_set_ecdh_auto only if available
refs #7280
2019-07-04 13:05:31 +02:00
Michael Friedrich 4bc02c6c2c Buildfix for Windows with non-unity builds 2019-07-03 13:23:14 +02:00
Michael Friedrich f63d9cce4a
Merge pull request #7261 from Icinga/bugfix/throw-default
Avoid "~Class() throw() = default;"
2019-07-02 12:33:54 +02:00
Diana Flach ad0ff9839d Fix Icinga when calling array.remove()
fixes #7265
2019-06-28 16:37:29 +02:00
Alexander A. Klimov 5b841db4a0 Avoid "~Class() throw() = default;" 2019-06-28 09:07:33 +02:00
Michael Friedrich 3d363854e2 Disable stack traces for WQ exceptions (used in config compiler)
The ConfigItem class collects exceptions and reports them.
In contrast to our other DiagnosticInformation() calls,
verbosity is enabled any time.

This patch allows to re-enable the verbose output including
the stack traces, but disables this by default.
2019-06-19 14:26:34 +02:00
Michael Friedrich 9c92368774 SSL Context: Explicitly load ECC ciphers on el7
Otherwise curl/nss as client won't be able to use the
new default cipher list.

fixes #7247
2019-06-18 14:58:19 +02:00
Alexander A. Klimov 42a33cdc7d Fix build errors with Boost v1.70
refs #7237
2019-06-07 16:30:34 +02:00
Michael Friedrich 146b337d4d
Merge pull request #7211 from Icinga/feature/asio-tls-version
Require TLS 1.2 for Cluster & REST API
2019-06-03 16:19:22 +02:00
Michael Friedrich d82c067555 Require TLS 1.2 for Cluster & REST API
refs #7041
2019-05-29 17:08:36 +02:00
Michael Friedrich 438da67209
Merge pull request #7210 from Icinga/bugfix/boost-asio-deprecated
Quality: Replace deprecated get_io_service() with get_executor().context() for Boost ASIO
2019-05-29 15:40:19 +02:00
Michael Friedrich 99bb7fa99c
Merge pull request #7196 from Icinga/feature/network-cleanup
Cleanup old code (HTTP, Cluster)
2019-05-29 14:50:40 +02:00
Michael Friedrich 59b95ed1f0 Quality: Replace deprecated get_io_service() with get_executor().context() for Boost ASIO
refs #7041
2019-05-29 14:36:10 +02:00
Michael Friedrich f5bc9b469c Quality: Mark NetworkStream, TcpSocket & UnixSocket classes as deprecated
They're used inside the Livestatus feature which needs rework.
2019-05-29 14:17:36 +02:00
Michael Friedrich ba44c3921c Quality: Remove old MakeSSLContext() interface 2019-05-28 13:03:34 +02:00
Michael Insel a6a0631e99 Unify copyright headers
Update (left over) copyright headers to generic copyright headers.
2019-05-24 16:25:32 +02:00
Michael Friedrich 5dbb6ad366 Quality: Remove old SocketEvent functionality 2019-05-24 15:50:43 +02:00
Michael Friedrich c7a2fc556c Quality: Purge old TlsStream functionality 2019-05-24 15:50:43 +02:00
Michael Friedrich 368383bedd
Merge pull request #7154 from Elias481/fix/serializer-object-locking-7003
Lock all kind of Objects during serialization
2019-05-10 14:39:27 +02:00
Elias Ohm 4c86c370bb fixup errbuf length in the other files and avoid using the static buffer in one place (for thread safety and code consistency reasons) 2019-05-09 09:30:12 +02:00
Elias Ohm e75f063552 bring some things in line
- account for documented buffer size openssl 1.1.x for error string (>=256 bytes)
- use nullptr instead of NULL
- fix/streamline null-checks
2019-05-09 00:22:24 +02:00
Jean Flach 9a0d894f10 Don't use deprecated RSA_generate_key
fixes #4635
2019-05-08 23:46:31 +02:00
Michael Friedrich 78e24c53f1 DB IDO: Do not deactivate objects during application reload/restart
This follows the same principle as with the shutdown handler,
and was introduced with the changed reload handling with 2.9.
Previously IsShuttingDown() was sufficient which got set at one
location.

SigUsr2 as handler introduced a new location where m_ShuttingDown
is not necessarily set yet. Since this handler gets called when
l_Restarting is enabled, we'll use this flag to avoid config update
events resulting in object deactivation (object->IsActive() always
returns false).

refs #5996
refs #6691
refs #6970

fixes #7125
2019-05-03 15:40:48 +02:00
Elias Ohm cdd843a998 another small adjustment by the way just to ensure the object on stack ist the same as the one serialized further in case the object does not implement locking on mutation (besides it's mor efficient to not fetch the same value twice) 2019-05-01 12:09:24 +02:00
Elias Ohm 91296c2a25 Lock Objects during serialization
old behaviour was to only lock arrays, dictionaries and namespaces but not other objects
2019-04-28 22:13:19 +02:00
Michael Friedrich 3dc9927284
Merge pull request #7124 from Icinga/bugfix/namespace-thread-safe
Namespace: place ObjectLock in all methods
2019-04-26 08:26:59 +02:00
Michael Friedrich 0438c866f8
Merge pull request #7102 from Icinga/feature/boost-fs-7101
Replace self-written filesystem ops with boost.filesystem
2019-04-25 15:53:55 +02:00
Alexander A. Klimov 5afef1015d Replace unlink() with boost::filesystem::remove()
refs #7101
2019-04-25 09:53:02 +02:00
Alexander A. Klimov 5a17722c1f Replace _unlink() + rename() with boost::filesystem::rename()
refs #7101
2019-04-25 09:53:02 +02:00
Alexander A. Klimov f1f7d0c4d6 Work around boost::filesystem::path bug on VS
refs #7101
2019-04-25 09:53:01 +02:00
Alexander A. Klimov af78cd6050 Use Boost.Filesystem
refs #7101
2019-04-25 09:53:01 +02:00
Michael Friedrich 0d9d39c64b Fix preprocessor macro comment 2019-04-25 08:25:28 +02:00
Alexander A. Klimov ba842403ce Fix circular #include
refs #6985
2019-04-25 08:25:28 +02:00
Alexander A. Klimov 5151f6567e ThreadPool: use the Boost ASIO thread pool under the hood 2019-04-25 08:25:28 +02:00
Michael Friedrich 56894bea17 Buildfix
Obviously tired.

fixes #7138
fixes #7139
2019-04-24 12:10:57 +02:00
Michael Friedrich df25b183cb Add log message for log rotate; update docs
refs #6737
2019-04-24 11:53:27 +02:00
Alexander A. Klimov 7a8f8fd734 Timer::TimerThreadProc(): use C++11 lambda instead of bind()
refs #6737
2019-04-24 11:51:17 +02:00
Alexander A. Klimov 622f684124 StreamLogger#BindStream(): set #m_FlushLogTimer only if needed
refs #6737
2019-04-24 11:47:02 +02:00
Elias Ohm 52e3db279a Fix for double-free (and possibly other memory-corruption related) crashes at logrotate time
this is a direct fix of the issue revealing the problem that leads to crash

verification done with a patched icinga2 where the execution-order of the code lines of counter-parts involved in re-incrementing/decrementing Timer:Ptr is forced to be the one that leads to the obeserverd segfaults

refs #6737
2019-04-24 11:42:54 +02:00
Michael Friedrich 856877d1fe
Merge pull request #7134 from Icinga/feature/boost-asio-influxdbwriter
Use new I/O engine in InfluxdbWriter
2019-04-23 14:31:42 +02:00
Michael Friedrich 0f804d126b
Merge pull request #7133 from Icinga/feature/boost-asio-pki
Use new I/O engine in PkiUtility::FetchCert() and PkiUtility::RequestCertificate()
2019-04-23 14:27:48 +02:00
Michael Friedrich dee8fbf248
Merge pull request #7128 from Icinga/feature/re-write-objectlock-7123
Re-write ObjectLock's implementation details
2019-04-23 11:53:40 +02:00
Alexander A. Klimov c1fa07899c Introduce OptionalTlsStream 2019-04-23 11:25:26 +02:00
Alexander A. Klimov d8c9fdf1d4 Make Object#m_Mutex std::recursive_mutex
refs #7123
2019-04-17 18:26:29 +02:00
Alexander A. Klimov 7e6868bc99 Make Object#m_LockOwner std::atomic<std:🧵:id>
refs #7123
2019-04-17 18:26:23 +02:00
Alexander A. Klimov f9f998334d ObjectLock: deduplicate constructors
refs #7123
2019-04-17 16:47:41 +02:00
Alexander A. Klimov 5afda77943 Namespace: place ObjectLock in all methods 2019-04-16 17:38:58 +02:00
Michael Friedrich b906714254 Fix that MaxConcurrentChecks constant is overridden from 'checker' feature
Note: This drops the deprecated concurrent_checks setting from the checker feature
entirely and refactors the underlaying code handling.

Also affects ReloadTimeout which is new for 2.11.

fixes #7111
2019-04-16 15:04:57 +02:00
Alexander A. Klimov c4389103bd Fix Windows command escape for \"
refs #4849
2019-04-08 10:58:50 +02:00
Michael Friedrich c2f180395a
Merge pull request #7000 from Icinga/bugfix/goto-loop
Don't abuse goto for building simple loops
2019-04-03 09:46:17 +02:00
Alexander A. Klimov cfd0d86b9b Use C++11 atomics for our intrusive pointers 2019-04-02 13:54:30 +02:00
Alexander A. Klimov f4a78380e9 Add non-async overloads for NetString::ReadStringFromStream() and NetString::WriteStringToStream() 2019-04-01 17:11:10 +02:00
Alexander A. Klimov d1e87bdc45 Connect(): add non-async overload 2019-04-01 17:11:09 +02:00
Alexander A. Klimov f2d9d91e83 Introduce UnbufferedAsioTlsStream#GetPeerCertificate() 2019-04-01 17:11:09 +02:00
Alexander A. Klimov d428bdf384 Add missing includes 2019-04-01 13:31:16 +02:00
Alexander A. Klimov bf23e5392b UnbufferedAsioTlsStream: don't rely on *this in decltype()s for methods' return types 2019-04-01 13:31:16 +02:00
Alexander A. Klimov 7ec1e638a8 Turn shortcut UnbufferedAsioTlsStream::Parent into a base class 2019-04-01 13:31:16 +02:00
Alexander A. Klimov e6d78bf361 Move some TCP/TLS logic out of ApiListener
... for re-using it
2019-04-01 13:31:16 +02:00
Alexander A. Klimov 79220ee647 io-engine.hpp: fix missing namespace 2019-04-01 13:31:16 +02:00
Alexander A. Klimov 8b3efe5759 Introduce AsioConditionVariable 2019-04-01 13:31:16 +02:00
Alexander A. Klimov d3392d1579 Rename AsioTlsStreamHack to UnbufferedAsioTlsStream 2019-04-01 13:31:16 +02:00
Alexander A. Klimov b384f859c9 Make IoEngine::m_CpuBoundSemaphore signed 2019-04-01 13:31:16 +02:00
Alexander A. Klimov e26774c7f8 IoEngine: adjust I/O threads 2019-04-01 13:31:16 +02:00
Alexander A. Klimov b26808414c NetString::ReadStringFromStream(): add Boost ASIO overload 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 43658de529 NetString::WriteStringToStream(): add Boost ASIO overload 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 282f8fd173 IoEngine: explicitly join I/O threads 2019-04-01 11:40:14 +02:00
Alexander A. Klimov ac72ca4ae6 Don't warn that Boost.Coroutine v1 is deprecated 2019-04-01 11:40:14 +02:00
Alexander A. Klimov d7b465ce74 Implement IoBoundWorkSlot 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 2d7714802d Allow CpuBoundWork to be done before end of scope 2019-04-01 11:40:14 +02:00
Alexander A. Klimov e21956e26e ApiListener: detect protocol 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 2615967e7f Make ApiListener#m_SSLContext a Boost ASIO SSL context 2019-04-01 11:40:14 +02:00
Alexander A. Klimov c547e9a863 Implement basic I/O engine 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 7c7c5e28f5 Implement LazyInit<T> 2019-04-01 11:40:14 +02:00
Michael Friedrich 149f640fd8 Improve DB IDO HA failover behaviour
- Decrease Object Authority updates to 10s (was 30s)
- Decrease failover timeout to 30s (was 60s)
- Decrease cold startup (after (re)start) with no OA updates to 30s (was 60s)
- Immediately connect on Resume()
- Fix query priority which got broken with #6970
- Add more logging when a failover is in progress

```
[2019-03-29 16:13:53 +0100] information/IdoMysqlConnection: Last update by endpoint 'master1' was 8.33246s ago (< failover timeout of 30s). Retrying.

[2019-03-29 16:14:23 +0100] information/IdoMysqlConnection: Last update by endpoint 'master1' was 38.3288s ago. Taking over 'ido-mysql' in HA zone 'master'.
```

- Add more logging for reconnect and disconnect handling
- Add 'last_failover' attribute to IDO*Connection objects

refs #6970
2019-04-01 08:50:00 +02:00
Michael Friedrich 6ace8001d8
Merge pull request #7019 from Icinga/feature/new-json-library
Replace YAJL with nlohmann::json
2019-03-18 17:26:57 +01:00
Alexander A. Klimov 0cf10c6306 Make buildable with VS 2017 2019-03-18 15:07:57 +01:00
Alexander A. Klimov 2a05b46431 Auto-sanitize data before en-/decoding JSON 2019-03-18 15:07:57 +01:00
Alexander A. Klimov 9daca0b216 Get rid of YAJL 2019-03-18 15:07:57 +01:00
Alexander A. Klimov 5882594b43 JsonEncode(): use nlohmann::json 2019-03-18 15:07:57 +01:00
Alexander A. Klimov 1b0367b740 JsonDecode(): use nlohmann::json::sax_parse() 2019-03-18 15:07:57 +01:00
Michael Friedrich 724b34c6f2 Integrate nlohmann_json into CMake
Better integration into base/json.cpp

Signed-off-by: Alexander A. Klimov <alexander.klimov@icinga.com>
2019-03-18 15:07:50 +01:00
Michael Friedrich 2de8bac588
Merge pull request #6990 from Icinga/bugfix/influxdbwriter-oom-6989
InfluxdbWriter: don't leak sockets
2019-03-18 14:38:04 +01:00
Michael Friedrich ea80d93efc
Merge pull request #7014 from Icinga/feature/utf8cpp
Utility::ValidateUTF8(): use UTF8-CPP
2019-03-18 10:57:03 +01:00
Michael Friedrich 804c00ece5
Merge pull request #6999 from Icinga/bugfix/compiler-warnings
Suppress or fix compiler warnings
2019-03-18 08:44:30 +01:00
Alexander A. Klimov a72f4db5c9 Utility::ValidateUTF8(): use UTF8-CPP 2019-03-15 13:34:20 +01:00
Michael Friedrich 026ed837ac
Merge pull request #6976 from Icinga/bugfix/so_reuseport-missing
Don't require OS headers to provide SO_REUSEPORT
2019-03-13 10:30:08 +01:00
Alexander A. Klimov ac354f9e80 Don't abuse goto for building simple loops 2019-03-08 14:59:01 +01:00
Alexander A. Klimov bf92e32496 Suppress or fix compiler warnings 2019-03-08 14:07:29 +01:00
Alexander A. Klimov a9841a9197 Defer: ensure not to throw any exceptions out of a destructor
refs #6989
2019-03-01 14:29:35 +01:00
Michael Friedrich e2df11520e
Merge pull request #6970 from Icinga/bugfix/perfdata-gaps
Improve reload handling for features (metric & queue flush, activation priority)
2019-02-26 15:38:15 +01:00
Alexander A. Klimov bf0c68757f Don't require OS headers to provide SO_REUSEPORT 2019-02-26 11:25:44 +01:00
Michael Friedrich 458f997a18 Replace Copyright header with a short version, part II 2019-02-25 15:09:36 +01:00
Michael Friedrich d14a88235d Replace Copyright header with a short version, part I
CLion -> replace in path
2019-02-25 14:48:22 +01:00
Michael Friedrich ab7a799369 Implement ReloadTimeout constant and wait for enqueued checks on Stop() 2019-02-25 09:03:47 +01:00
Alexander A. Klimov 9558ebc0f4 Secure ApiUser::GetByAuthHeader() against timing attacks 2019-02-22 16:59:36 +01:00
Michael Friedrich 89634c2eb6 Re-add Defer functionality 2019-02-22 15:27:34 +01:00
Michael Friedrich a25e2b1038 Stop object in reversed activation priority order
This stops the checker component first, then notifications, then
features, then config objects, then the API feature and logger(s).

Patch taken from @al2klimov
2019-02-20 12:38:57 +01:00
Michael Friedrich 5da1cbd096 Revert "Respect activation priority also on deactivation"
This reverts commit 8ad1717055.
2019-02-19 14:30:44 +01:00
Michael Friedrich a2f5b7a02c Revert "CheckerComponent#Stop(): wait for all running checks"
This reverts commit 1eaad0637b.
2019-02-19 14:05:00 +01:00
Michael Friedrich d98c0704c4 Debug: Log calls to ConfigObject::Deactivate()
Only available in debug builds.
2019-02-19 13:49:52 +01:00
Michael Friedrich 0467c488e9
Merge pull request #6908 from Icinga/bugfix/perfdata-gaps
Ensure all perfdata to be written
2019-02-11 17:27:44 +01:00
Michael Friedrich 7a865aefd9
Merge pull request #6854 from Icinga/bugfix/unamehelper-inefficient-6452
Make UnameHelper() efficient
2019-02-11 16:57:17 +01:00
Alexander A. Klimov 8ad1717055 Respect activation priority also on deactivation 2019-02-06 11:17:45 +01:00
Michael Friedrich 4339240b46
Merge pull request #6858 from Icinga/feature/string-builder
Make string builder reusable
2019-02-04 16:05:20 +01:00
Michael Friedrich 77572c4424
Merge pull request #6901 from Icinga/bugfix/so_reuseport-6898
TcpSocket#Bind(): also set SO_REUSEPORT
2019-02-04 14:21:20 +01:00
Michael Friedrich b58cb17e4b Fix Convert::ToLong(double val) 2019-01-30 14:47:59 +01:00
Alexander A. Klimov 1eaad0637b CheckerComponent#Stop(): wait for all running checks 2019-01-24 15:09:39 +01:00
Alexander A. Klimov 984f7be030 TcpSocket#Bind(): also set SO_REUSEPORT
refs #6898
2019-01-17 12:13:44 +01:00
Alexander A. Klimov 61860563a6 Make string builder reusable 2018-12-21 12:43:04 +01:00
Alexander A. Klimov 17e86f98a2 Make UnameHelper() efficient
refs #6452
2018-12-20 16:37:04 +01:00
Michael Friedrich bf4ecbed69 Revert "ThreadPool#Stop(): discard non-processed queue items"
This reverts commit 30e6d0f809.

refs #6815
2018-12-06 09:56:49 +01:00
Michael Friedrich 08c1539561
Merge pull request #6815 from Icinga/bugfix/reload-while-api-dos
ThreadPool#Stop(): discard non-processed queue items
2018-12-05 11:11:49 +01:00
Alexander A. Klimov 30e6d0f809 ThreadPool#Stop(): discard non-processed queue items 2018-12-03 16:38:52 +01:00
Michael Friedrich f3cd3eb870 DSL: Implement getenv()
This patch also restores Utility::GetFromEnvironment()
and replaces the hardcoded `getenv()` calls.
2018-11-19 18:11:16 +01:00
Michael Friedrich 90de216cbb
Merge pull request #6479 from Icinga/feature/socketevents-inherit-object-6477
SocketEvents: inherit from Stream
2018-11-12 17:06:37 +01:00
Michael Friedrich 1f5555e1d6 Fix possible double free in StreamLogger::BindStream()
refs #6737
2018-11-08 15:51:58 +01:00
Alexander A. Klimov a2ae01e64b Socket engine: drop life support objects
refs #6477
2018-10-30 13:46:20 +01:00
Alexander A. Klimov 5134ccaf56 Make SocketEventDescriptor#EventInterface a SocketEvents::Ptr
refs #6477
2018-10-30 13:46:20 +01:00
Alexander A. Klimov a9a9469868 SocketEvents: inherit from Stream
refs #6477
2018-10-30 13:46:20 +01:00
Michael Friedrich 5406ce6540 Ensure that API/JSON-RPC messages in the same session are processed and not stalled
This basically drops the "corked" implementation which just stalled the
TLS IO polling after some requests. If you need sort of rate limiting
for these events, use an external TLS proxy which terminates that in front
of Icinga.

fixes #6635
2018-10-29 12:57:24 +01:00
Michael Friedrich 7e1942e8e7
Merge pull request #6718 from Icinga/bugfix/ssl-shutdown
Call SSL_shutdown() at least twice
2018-10-24 11:46:32 +02:00
Michael Friedrich dea5ec614e icinga.com: Update CMakeLists.txt 2018-10-18 09:35:18 +02:00
Michael Friedrich 44c3b83769 icinga.com: Update '*.ti' 2018-10-18 09:30:00 +02:00
Michael Friedrich dab53448bc icinga.com: Update *.{h,c}pp 2018-10-18 09:27:04 +02:00
Michael Friedrich af6c8a1f50 Add missing shutdown/program state dumps for SIGUSR2 reload handler
Credits to @west0rmann finding the issue and providing the initial fix.

fixes #6689
fixes #6592
2018-10-16 12:36:43 +02:00
Michael Friedrich 43a571e013 Don't throw an error when namespace indexers don't find a valid key
Examples:

```
globals["abc"]
globals.def
```

The patch for the Icinga Director unfortunately only solves the
master, and as discussed with @lippserd we need to ensure that
satellites and clients with 2.10 can be restarted without any errors
from deployed configuration.

refs #6509
refs icinga/icingaweb2-module-director#1654
2018-10-11 12:42:56 +02:00
Michael Friedrich 4be9f418a9 Revert "Initialize Socket Event Engine on application startup"
This reverts commit c8dcd1297f.

We cannot do this during application startup, since Daemonize()
kills the threads again.

refs #6514
refs #6630
2018-10-09 19:38:29 +02:00
Michael Friedrich 96c0de9bea Allow to override MaxConcurrentChecks constant 2018-09-27 20:23:00 +02:00
Michael Friedrich c8dcd1297f Initialize Socket Event Engine on application startup
Previously this happened inside the TlsStream constructor
during the first connection attempt.
2018-09-24 15:50:59 +02:00
Michael Friedrich 3038b150a9
Merge pull request #6616 from Icinga/feature/tls-handshake-timeout-config
Add ApiListener#tls_handshake_timeout option
2018-09-17 11:20:12 +02:00
Michael Friedrich b81ac972b9 Silence compiler warning for nice() 2018-09-14 14:29:52 +02:00
Michael Friedrich 29701b4db5 Add ApiListener#tls_handshake_timeout option
This allows to specify the previously hardcoded
timeout of 10s.

refs #6517
2018-09-14 09:20:09 +02:00
Michael Friedrich f297881e23 Call SSL_shutdown() at least twice 2018-09-10 16:10:16 +02:00
Michael Friedrich 1c2a59bf63
Merge pull request #6591 from Icinga/bugfix/lto-builds-static-initialize-namespaces
Fix static initializer priority for namespaces in LTO builds
2018-09-04 16:54:30 +02:00
Michael Friedrich 19993df380 Fix static initializer priority for namespaces in LTO builds
fixes #6575
2018-09-04 16:36:22 +02:00
Jean Flach 72cc41d14e
Merge pull request #6356 from sourcejedi/fix/systemd
Fix logging under systemd
2018-09-04 15:24:43 +02:00
Michael Friedrich bc844aca06 Fix non-unity builds on CentOS 7 with std::shared_ptr
refs #6509
2018-09-03 15:32:28 +02:00
Alan Jenkins a0fb0bbfe3 fix "Console" log to flush
It's called "Console", which would be line-buffered anyway.  But, it's
implemented as std::cout.  This might be piped to a logger, as in
daemontools or systemd.  In this case it will not be a TTY, and log lines
should be flushed without too much delay.  Let's just flush each message.

Let's not introduce a static instance of StreamLogger (flushed by interval
timer).  That's too stressful to read, because static instances are really
annoying to order.  Example citation: "Yay, our static destructors are
pretty much beyond repair at this point." -- application.cpp.

I don't know if there will be any need to optimize logging syscalls.  The
init script uses `--daemonize`.  I think the systemd service should also
avoid using the "Console" log after startup (see next commit).  The
documentation does not warn that the syslog feature is less efficient
in system calls than mainlog; deferred flusing does not seem to be a highly
prominent feature.  There's no cool comment in the code about how much the
syscalls were slowing down some use case (or qualifying that this
optimization can only eliminate syscalls on platforms with both mutexes and
clocks that can work without syscalls).
2018-08-25 09:54:55 +01:00
Gunnar Beutner e678fa1aa5 Refactor Application::*Const() 2018-08-13 15:27:05 +02:00
Gunnar Beutner 1a0311a49f Implement namespace support for the keys() function 2018-08-13 13:44:31 +02:00
Gunnar Beutner 8fda8d72ac Implement support for the namespace and using keywords 2018-08-13 13:44:31 +02:00
Gunnar Beutner 10d6f70a85 Move constants and functions into different namespaces 2018-08-13 13:44:31 +02:00
Gunnar Beutner 1a8692d972 Implement support for namespaces 2018-08-13 13:44:31 +02:00
Gunnar Beutner 9d513d8f05 Implement support for modifying frozen attributes 2018-08-13 13:44:31 +02:00
Gunnar Beutner d9c0b6f806 Refactor REGISTER_SCRIPTFUNCTION_* macros 2018-08-13 13:44:31 +02:00
Michael Friedrich 97513965e6 Introduce IcingaApplication#environment
Precedence as follows:

- DEnvironment=...
- const Environment = ...
- object IcingaApplication "app" { environment = "..." }

The wrapped script constant handling is required
since we cannot directly link from libremote (SNI handling)
to libicinga where the object resides. Instead we'll
use the Application class helpers for hiding the ScriptGlobal
calls.
2018-08-10 12:49:48 +02:00
Markus Frosch 20269a89d0 ApiListener: Add support for dynamic port handling 2018-08-08 17:42:57 +02:00
Michael Friedrich 9be3ee1a1a Update output for `--version`
This moves the system and build information before
the application paths which are normally not that important.
2018-08-07 18:46:18 +02:00
Markus Frosch 9fbc40615a Improve path handling in cmake and daemon 2018-08-07 14:10:26 +02:00
Michael Friedrich 8bac1dc99e
Merge pull request #6521 from gunnarbeutner/feature/references
Implement references
2018-08-07 12:00:19 +02:00
Gunnar Beutner 24de1963b1
Merge pull request #6526 from Icinga/bugfix/wpessimizing-move-6524
icinga::PackObject(): shorten conversion to string
2018-08-07 10:05:18 +02:00
Alexander A. Klimov 137f5363c4 icinga::PackObject(): shorten conversion to string
refs #6524
2018-08-07 09:57:08 +02:00
Gunnar Beutner 8bfd419702 Implement references 2018-08-07 07:44:48 +02:00
Michael Friedrich 33492420f3
Merge pull request #6427 from gunnarbeutner/fix/recursive-serialize
Improve error message for serializing objects with recursive references
2018-08-03 11:03:42 +02:00
Gunnar Beutner 56cf64f590 Improve error message for serializing objects with recursive references 2018-08-02 11:06:24 +02:00
Jean Flach 065bc23d9a
Merge pull request #6508 from gunnarbeutner/feature/dictionary-clear
Implement the Dictionary#clear script function
2018-08-02 10:30:08 +02:00
Gunnar Beutner a5a0119799 Implement the Dictionary#clear script function 2018-08-02 08:45:19 +02:00
Jean Flach 2e3a1ff0c6
Merge pull request #6498 from Icinga/bugfix/match-regex-match-any-regression
Fix regression with MatchAny false conditions on match/regex/cidr_match
2018-07-27 17:28:13 +02:00
Michael Friedrich 72c0f07661 Fix regression with MatchAny false conditions on match/regex/cidr_match
fixes #6496
2018-07-27 16:55:37 +02:00
Michael Friedrich 8e682ce9b1 Improve error logging for match/regex/cidr_match functions and unsupported dictionary usage
fixes #6442
2018-07-27 16:34:50 +02:00
Alexander A. Klimov dd8cb42969 Implement object packer for consistent hashing 2018-07-26 17:36:48 +02:00
Michael Friedrich 020bd86b4c
Merge pull request #6408 from Icinga/bugfix/objectlock-unlock-m_lockowner
ObjectLock#Unlock(): don't reset m_Object->m_LockOwner too early
2018-07-26 10:02:26 +02:00
Michael Friedrich fcc32957cb
Merge pull request #6455 from Icinga/feature/filelogger-started
Log something when the Filelogger has been started
2018-07-26 10:01:06 +02:00
Michael Friedrich 62e91e1891
Merge pull request #6430 from Icinga/fix/workqueue-log-message
Fix negative 'empty in' value in WorkQueue log message
2018-07-26 09:59:53 +02:00
Michael Friedrich b1adad0a42
Merge pull request #6456 from Icinga/feature/logger-flush-dev
Keep notes for immediately log flushing
2018-07-26 09:58:59 +02:00
Michael Friedrich 14d88d90a0
Merge pull request #6470 from sebastic/spelling-errors
Fix spelling errors.
2018-07-23 17:59:45 +02:00
Bas Couwenberg 0891380789 Fix spelling errors.
* occured -> occurred
 * dosen't -> doesn't
2018-07-21 10:38:09 +02:00
Alexander A. Klimov f71bad96d5 Start and stop the timer thread lazily
refs #6461
2018-07-20 15:36:15 +02:00
Michael Friedrich 7519d23892 Add debug logging for daemonize/timers
The previous commit is 1:1 the same I've implemented
here already. Great teamwork with Alex :)

refs #6445
2018-07-19 13:34:12 +02:00
Alexander A. Klimov d15e1006f3 Re-introduce Timer::Initialize()
refs #6445
2018-07-19 13:22:37 +02:00
Michael Friedrich fd381ff5e0 Keep notes for immediately log flushing
Disabled, but kept for future debugging sessions.
Helps with things like #6455
2018-07-19 12:51:30 +02:00
Michael Friedrich 7c2e999f1f Log something when the Filelogger has been started
Helps to see whether the logger object is active,
spotted during #6445
2018-07-19 12:48:29 +02:00
Michael Insel 4170bd5205 Fix negative 'empty in' value in WorkQueue log message
This fixes a negative 'empty in' value in WorkQueue log messages.
2018-07-10 19:21:04 +02:00
Alexander A. Klimov 02645c59ff ObjectLock#Unlock(): don't reset m_Object->m_LockOwner too early 2018-06-22 14:13:09 +02:00
Michael Friedrich ba680dc829
Merge pull request #6405 from Icinga/bugfix/windows-reload-behaviour-6378
TcpSocket#Bind(): reuse socket addresses on Windows, too
2018-06-22 12:25:28 +02:00
Alexander A. Klimov 79878ea286 TcpSocket#Bind(): reuse socket addresses on Windows, too
refs #6378
2018-06-22 10:33:31 +02:00
Michael Friedrich 257ad12646 Use SSL_pending() for remaining TLS stream data
We've used this previously, and according to the OpenSSL
docs we should just use it. From our experience everything
done different to the API functions from OpenSSL causes
undefined behaviour in the worst case.

This commit also breaks the packet size limit into a more
readable version, including logs for development debug builds.

refs #6242
2018-06-21 15:58:05 +02:00
Michael Friedrich cc294e14d2
Merge pull request #6393 from Icinga/bugfix/elasticsearchwriter-not-writing-6354
Stream#ReadLine(): fix false positive buffer underflow indicator
2018-06-21 15:06:21 +02:00
Alexander A. Klimov 1c213877a4 Stream#ReadLine(): simplify algorithm
refs #6354
2018-06-20 17:28:52 +02:00
Alexander A. Klimov 3c7851107c TlsStream#IsEof(): fix false positive EOF indicator
refs #6242
2018-06-20 16:55:33 +02:00
Alexander A. Klimov 02d1f1cc57 Stream#ReadLine(): fix false positive buffer underflow indicator
refs #6354
2018-06-20 09:59:18 +02:00
Michael Friedrich cfd6c79a03
Merge pull request #6387 from Icinga/fix/remove-broken-api-user-hash
Remove ApiUser password_hash functionality
2018-06-19 14:26:32 +02:00
Michael Friedrich 2fd6709952 Remove ApiUser password_hash functionality
This affects and fixes

- Windows reload
- Config validation
- RHEL 7.5 OpenSSL memory corruption
- Hash algorithm, requested changes

refs #6378
refs #6279
refs #6278
2018-06-19 11:32:03 +02:00
Michael Friedrich 9b99c9d106 Remove leftover for sysconfig file parsing
refs #6255
2018-06-18 19:25:48 +02:00
Jean Flach 9a5d464448 Revert "Fix Windows reload"
This reverts commit 691e3cfd57.
2018-06-12 12:19:16 +02:00
Michael Friedrich bf0737ded5
Merge pull request #6328 from Icinga/sysconfig-env
Rework sysconfig file/startup environment
2018-06-05 13:27:36 +02:00
Jean Flach ed4e008e79 Rework sysconfig file
The sysconfig file now only contains the defaults as comments, changes
made there are given to the init.d script, prepare-dirs, safe-reload and
Icinga 2 itself. If nothing is set in the sysconfig file (as is the
default as all lines are commented out) the defaults are used.

fixes #6255
2018-05-23 15:18:42 +02:00
Jean Flach 08a14cd136 Ensure that password hash generation from OpenSSL is atomic
This is supposed to solve a problem with segfaults caused by
race conditions withing the random byte generation of OpenSSL.

fixes #6279
2018-05-23 10:55:14 +02:00
Michael Friedrich 6660a45c41 Implement Array::Unique() and add unit tests
refs #4732
2018-05-09 17:25:55 +02:00
Jean Flach c54e042942 Add activation priorities for config object types
This patch ensures that specific configuration types
are pre-activated and post-activated. In general,
logging is first, then common configuration objects
like host/service, downtimes, etc.
In the end, all features are activated after to ensure
that notifications are only sent once downtimes are applied.
A similar thing happens for starting with checks too early.
The ApiListener feature runs first to allow cluster connections
at first glance.

fixes #6057
fixes #6231
2018-05-04 11:25:47 +02:00
Jean Flach 88dc230294
Merge pull request #6285 from Icinga/feature/config-validation-timestamps
Add support for config validation log timestamps
2018-05-03 14:22:39 +02:00
Michael Friedrich e606a443b7 Add support for config validation log timestamps
This also adds implicit support for the startup.log
generated from API config package validation, e.g. used by
the Icinga Director.

fixes #3455
2018-05-03 11:35:29 +02:00
Michael Friedrich 1102f60b43 Revert "Implement support for ECC certificates"
This reverts commit 10691db5b1.

refs #5555
refs #6200
2018-05-02 16:54:07 +02:00
Jean Flach 0b1d5013ac Revert "fixup set rlimit stack failed condition"
This reverts commit bf959371c4.

fixes #6257
2018-04-25 14:26:40 +02:00
Jean Flach 2c8dfcc1aa Fix typo 2018-04-23 10:18:31 +02:00
Michael Friedrich e6f214fa29 Log warning when sysconfig file cannot be read
refs #6215
2018-04-19 10:09:09 +02:00
Jean Flach 8b0126411b Add improved error messages for resource limits
refs #6215
2018-04-19 08:55:05 +02:00
Jan Beich 106be295eb Explicitly use long with boost::posix_time
In file included from lib/base/base_unity.cpp:61:
lib/base/timer.cpp:295:31: error: no matching conversion for functional-style cast from 'double' to 'boost::posix_time::milliseconds' (aka 'subsecond_duration<boost::posix_time::time_duration, 1000>')
                        l_TimerCV.timed_wait(lock, boost::posix_time::milliseconds(wait * 1000));
                                                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from lib/remote/remote_unity.cpp:19:
lib/remote/eventqueue.cpp:111:30: error: no matching conversion for functional-style cast from 'double' to 'boost::posix_time::milliseconds' (aka 'subsecond_duration<boost::posix_time::time_duration, 1000>')
                if (!m_CV.timed_wait(lock, boost::posix_time::milliseconds(timeout * 1000)))
                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from lib/checker/checker_unity.cpp:1:
lib/checker/checkercomponent.cpp:128:26: error: no matching conversion for functional-style cast from 'double' to 'boost::posix_time::milliseconds' (aka 'subsecond_duration<boost::posix_time::time_duration, 1000>')
                        m_CV.timed_wait(lock, boost::posix_time::milliseconds(wait * 1000));
                                              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/local/include/boost/date_time/time_duration.hpp:270:30: note: candidate constructor (the implicit copy constructor) not viable: no known conversion from 'double' to 'const boost::date_time::subsecond_duration<boost::posix_time::time_duration, 1000>' for 1st argument
  class BOOST_SYMBOL_VISIBLE subsecond_duration : public base_duration
                             ^
/usr/local/include/boost/date_time/time_duration.hpp:270:30: note: candidate constructor (the implicit move constructor) not viable: no known conversion from 'double' to 'boost::date_time::subsecond_duration<boost::posix_time::time_duration, 1000>' for 1st argument
/usr/local/include/boost/date_time/time_duration.hpp:286:59: note: candidate template ignored: disabled by 'enable_if' [with T = double]
                                typename boost::enable_if<boost::is_integral<T>, void>::type* = 0) :
                                                          ^
2018-04-15 04:06:11 +00:00
Michael Friedrich da9b3991aa
Merge pull request #6163 from Icinga/fix/handle-restart
Fix reload handling by updating the PID file before process overtake
2018-04-03 17:18:29 +02:00
Jean Flach 92f7242db1
Merge pull request #6119 from tclh123/dev
fixup set rlimit stack failed condition
2018-03-21 09:56:47 +01:00
Jean Flach a742e64e4d Fix reload handling
Make sure we have written the new PID before letting it take over.
2018-03-14 10:43:59 +01:00
Gunnar Beutner 9cd5298d8b Ensure that SetCorked() works properly 2018-03-06 09:03:35 +01:00
Gunnar Beutner b172a67867 Fix incorrect argument type for JsonRpc::SendMessage 2018-03-06 08:58:19 +01:00
Jean Flach 1bdd14b428 Limit anonymous connections to 25 2018-03-05 13:22:43 +01:00
Noah Hilverling 54ff60cd8c Limit JSON-RPC message size 2018-03-05 10:29:05 +01:00
Gunnar Beutner a3bf8cd26e
Merge pull request #6133 from Icinga/fix/cork-socket
Limit the number of HTTP/JSON-RPC requests we read in parallel
2018-02-28 12:48:06 +01:00
Gunnar Beutner a9fb714578
Merge pull request #6116 from Icinga/fix/windows-service-restart
Fix Windows reload
2018-02-28 12:23:53 +01:00
Jean Flach d0cf7c654e Use cork in tlsstream and HTTP connection 2018-02-28 11:40:58 +01:00
Jean Flach 7d103aaf1b Add cork 2018-02-28 11:40:58 +01:00
Jean Flach 01c7f20170 Require systemd headers
Only mandatory if using systemd
2018-02-27 15:54:58 +01:00
lihan cc24ae217e fixup set rlimit stack failed condition 2018-02-27 12:56:36 +08:00
Gunnar Beutner ef488a3ebc Replace boost::algorithm::split calls with String::Split 2018-02-26 08:27:18 +01:00
Jean Flach 691e3cfd57 Fix Windows reload 2018-02-23 17:01:46 +01:00
Jean Flach 6bb2ed4258 Merge branch 'feature/security-features' 2018-02-21 16:19:54 +01:00
Jean Flach 184580f705
Merge pull request #6103 from Icinga/fix/http-security-fixes
HTTP Security fixes
2018-02-21 15:04:02 +01:00
Jean Flach 85f45d9b94 Minor codestyle and doc changes 2018-02-21 14:52:44 +01:00
Jean Flach eda9bce8cb
Merge pull request #6104 from Icinga/fix/nullptr-deref
Fix nullptr dereferences
2018-02-21 13:56:09 +01:00
Jean Flach a71ab1e126 Rename macro RequireNotNull to REQUIRE_NOT_NULL 2018-02-21 13:47:46 +01:00
Noah Hilverling 6bebdf8a87 Add marco RequireNotNull
This is used to fix a number of possible nullptr dereferences
2018-02-21 13:47:46 +01:00
Jean Flach c8c193a9d8 Remove need for RunAsUser/Group
They are now read form the sysconfig file which is owned by root
2018-02-20 14:16:43 +01:00
Jean Flach 8ffa4f04a7 Add timeout for TLS handshakes 2018-02-20 13:32:04 +01:00
Jean Flach 0a0795f09d Code style 2018-02-16 11:47:13 +01:00
Jean Flach 65a806f5dc Move new password functions into tlsutility 2018-02-15 13:09:22 +01:00
Jean Flach 92e2faaa08 Hash API password and comparison
fixes #4920
2018-02-15 13:09:22 +01:00
Noah Hilverling e1e06ce767
Merge pull request #5988 from Icinga/fix/concurrent-checks-limit-cluster
Fix concurrent checks limit while using command_endpoint
2018-02-06 14:13:49 +01:00
Gunnar Beutner e361b3c427 Implement support for frozen arrays and dictionaries 2018-01-30 12:22:04 +01:00
Noah Hilverling 97bd91dda2 Replace concurrent_checks in CheckerComponent by global MaxConcurrentChecks
refs #4841
2018-01-29 14:50:24 +01:00
Jean Flach 51d5a3e457 Fix missing include 2018-01-26 14:38:55 +01:00
Jean Flach cc73eed2af
Merge pull request #5992 from Icinga/feature/remove-includes
Remove unused includes
2018-01-25 09:13:02 +01:00
Gunnar Beutner 0cc9af6bee Remove duplicate semicolons 2018-01-24 12:07:52 +01:00
Gunnar Beutner 94e6be1a65 Remove unused includes 2018-01-22 09:52:29 +01:00
Jean Flach c418a9611e Add systemd watchdog and adjust reload behaviour 2018-01-19 16:52:36 +01:00
Jean Flach 1da6b2c883 Fix whitespaces in CMakeLists files
Uses 2 space indentation as standard
2018-01-19 09:19:40 +01:00
Gunnar Beutner 7702cb056a
Merge pull request #6009 from Icinga/fix/build-fix-gcc
Build fix for ancient versions of GCC
2018-01-18 15:29:50 +01:00
Jean Flach 37e890f513
Merge pull request #6008 from Icinga/fix/cmake-3-0-compat
Fix compatibility with CMake < 3.1
2018-01-18 15:26:10 +01:00
Gunnar Beutner 9d436605f0 Fix compatibility with CMake < 3.1 2018-01-18 15:12:46 +01:00
Gunnar Beutner aa76ddf7f2 Build fix for ancient versions of GCC 2018-01-18 15:12:14 +01:00
Jean Flach f9b378edc6 Fix missing include
fixes #6001
2018-01-18 10:54:49 +01:00
Gunnar Beutner 2a9dceb367 Use CMake object libraries for our libs 2018-01-17 04:28:21 +01:00
Gunnar Beutner c2fb9fe226 Use initializer lists for arrays and dictionaries 2018-01-16 12:27:44 +01:00
Michael Friedrich 01aee7954e
Merge pull request #5969 from Icinga/feature/wq-stats-mutex
Remove the WorkQueue::m_StatsMutex instance variable
2018-01-11 13:38:40 +01:00