tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,349 Commits 347 Branches 117 Tags 180 MiB
Commit Graph

5591 Commits

Author SHA1 Message Date
Yonas Habteab d27f533e5f ApiListener: Update the ssl cont after each accepting incoming connection 2021-01-14 18:40:20 +01:00
Yonas Habteab 057254695d Utility: Introduce new helper function Utility::GetFileCreationTime() 2021-01-14 18:39:14 +01:00
Alexander Aleksandrovič Klimov d996d1e201
Merge pull request #8580 from bebehei/typo 
Fix typo seemless -> seamless
 2021-01-11 13:45:08 +01:00
Alexander Aleksandrovič Klimov 635a8c5d4c
Merge pull request #8088 from Icinga/bugfix/log-two-nodes-run-on-different-versions-8075 
Display logmessage if two nodes run on different versions
 2021-01-11 12:30:30 +01:00
Alexander Aleksandrovič Klimov 862add5f3f
Merge pull request #8512 from Icinga/bugfix/zombie-processes 
Revert "icinga2 daemon: reap remaining child processes after reload"
 2021-01-11 11:38:20 +01:00
Benedikt Heine 8a455e8150 Fix typo seemless -> seamless 2020-12-25 23:27:08 +01:00
Julian Brost 00d8703aad
Merge pull request #7847 from Icinga/feature/log-trim-trailing-newlines-7828 
Log: trim trailing newlines
 2020-12-23 14:20:43 +01:00
Julian Brost eab07a7318 Provide a conversion function from icinga::String to boost::string_view 
Boost.Beast changed the signature of
boost::beast::http::basic_fields::set in version 1.74 so that no longer
allows passing an icinga::String instance as value. This adds a
conversion function so that it works again.
 2020-12-22 16:27:38 +01:00
Julian Brost 339b37a985 Use content_length method for setting the Content-Length header 
Boost.Beast changed the signature of the previously used generic `set`
method so that it no longer accepts integer types, however there is
alreay a more specific method for setting the Content-Length header, so
use this one instead.
 2020-12-22 16:27:38 +01:00
Alexander A. Klimov 4051bc9c8f ConfigObjectUtility#CreateObject(): check config objects for duplicates 
... not to delete already existing objects during a trial of re-creation.

refs #7726
 2020-12-16 16:45:22 +01:00
Yonas Habteab 8eb4f2e062 ApiListener: Display log message if two nodes run on different versions 2020-12-16 16:09:28 +01:00
Noah Hilverling f7e368564f
Merge pull request from GHSA-pcmr-2p2f-r7j6 
Verify certificates against CRL before renewing them (2.13)
 2020-12-15 12:30:19 +01:00
Alexander Aleksandrovič Klimov 6b04ef6e5d
Merge pull request #7871 from Icinga/feature/more-uoms-for-perfdata-7225 
PerfdataValue: add UoMs
 2020-12-14 18:42:49 +01:00
Alexander A. Klimov 8c6bfdcf54 Revert "icinga2 daemon: reap remaining child processes after reload" 
This reverts commit 91265a5b0e
which isn't needed anymore as Icinga 2 isn't PID 1 anymore.
 2020-12-14 13:38:35 +01:00
Alexander Aleksandrovič Klimov 915a3c3001
Merge pull request #8436 from Icinga/bugfix/children-recover-too-late 
On recovery: re-check children
 2020-12-11 15:41:31 +01:00
Alexander Aleksandrovič Klimov 366a97bf19
Merge pull request #8541 from Icinga/bugfix/openssl-error-buffer 
Use proper buffer size for OpenSSL error messages
 2020-12-09 16:08:19 +01:00
Julian Brost 4c0247c02d Allow specifying a CRL in `icinga2 pki verify` 2020-12-09 12:12:01 +01:00
Julian Brost e86bd24348 Verify certificates against CRL before renewing them 
When a CRL is specified in the ApiListener configuration, Icinga 2 only
used it when connections were established so far, but not when a
certificate is requested. This allows a node to automatically renew a
revoked certificate if it meets the other conditions for auto-renewal
(issued before 2017 or expires in less than 30 days).
 2020-12-09 12:10:59 +01:00
Julian Brost bbfd1ecfc8 Use ERR_error_string_n() instead of ERR_error_string() 
Explicitly pass the actual length of the buffer to avoid overflows.
 2020-12-08 13:08:18 +01:00
Julian Brost c0fc9a86c5 Increase size of buffer for OpenSSL error messages 
According to man 3 ERR_error_string, "buf must be at least 256 bytes
long", therefore increase the buffer size to 256 everywhere.
 2020-12-08 13:08:18 +01:00
Julian Brost 61d7ec4bf7 Remove std::string to_string(const errinfo_openssl_error& e) 
The function was never used and it's implementation contains a bug where
a buffer of too small size is used as a paramter to ERR_error_string.
According to the `man 3 ERR_error_info`, the buffer has to be at least
256 bytes in size.

Also the function seems of limited use as it allows to output the tag
object used with additional error information for exceptions in Boost.
However, you boost::get_error_info<>() just returns the value type but
not the full tag object from the exception.
 2020-12-08 13:05:38 +01:00
Alexander A. Klimov b8bb8cb946 Configuration.ApiBindHost: default to :: 
refs #8183
 2020-12-04 16:52:58 +01:00
Julian Brost f2a532de32
Merge pull request #8035 from Icinga/feature/expiry-date-comments-4663 
/v1/actions/add-comment: add param expiry
 2020-12-04 15:48:50 +01:00
Alexander Aleksandrovič Klimov 6f33c2f90c
Merge pull request #8314 from Icinga/feature/add-support-influxdb-basic-auth-7644 
Add support Influxdb basic auth
 2020-12-03 11:00:04 +01:00
Yonas Habteab 2ade57bcbb Add support influxdb basic auth 
fixes #7644
 2020-12-02 16:48:03 +01:00
Alexander A. Klimov 854939a8ce On recovery: re-check children 2020-12-02 12:24:40 +01:00
Alexander A. Klimov 668bf06424 Don't fire suppressed notifications if last parent recovery >= last check result 2020-12-02 12:03:19 +01:00
Alexander Aleksandrovič Klimov bee4ac7f7c
Merge pull request #8040 from Icinga/feature/v1-actions-execute-command-8034 
Add API endpoint: /v1/actions/execute-command
 2020-12-02 10:53:24 +01:00
Alexander Aleksandrovič Klimov 3f4b09f01c
Merge pull request #8488 from Icinga/feature/improve-config-sync-locking 
Improve config sync locking
 2020-11-27 17:55:15 +01:00
Alexander Aleksandrovič Klimov 81ed8d5629
Merge pull request #8321 from Icinga/bugfix/cant-create-api-user-w-password-8164 
Allow to create API User w/ password
 2020-11-25 15:40:07 +01:00
Alexander A. Klimov 1343fd538d Start ApiListener#SyncClient() in the thread pool 
... not hosting the coroutines not to block them.

Otherwise a large replay log would block messages sending
until the peer disconnects us.
 2020-11-24 17:25:43 +01:00
Alexander Aleksandrovič Klimov 3dcc6c32f3
Merge pull request #8479 from Icinga/bugfix/close-anonymous-connections 
Close anonymous connections after 10 seconds
 2020-11-24 16:44:09 +01:00
Julian Brost 2a2924855f
Merge pull request #7922 from Icinga/feature/http-status-codes-in-icinga-mainlog-7053 
Include HTTP status codes in log
 2020-11-24 16:35:58 +01:00
Julian Brost da407660f2
Merge pull request #8500 from Icinga/bugfix/config-sync-only-remove-files-if-timestamp-changed 
Config sync: Only remove files, if timestamp changed
 2020-11-24 16:34:12 +01:00
Julian Brost c154d4d50e
Merge pull request #8466 from Icinga/feature/one-connection 
ApiListener#NewClientHandlerInternal(): reject connections from already connected endpoints
 2020-11-24 16:33:15 +01:00
Noah Hilverling 83b4d8e69d Config sync: Only remove files, if timestamp changed 2020-11-24 10:44:38 +01:00
Alexander Aleksandrovič Klimov 39bc1590f6
Merge pull request #8440 from Icinga/bugfix/message-routing-for-global-zones 
Fix cluster message routing for global zones
 2020-11-24 10:41:17 +01:00
Alexander Aleksandrovič Klimov e84a4a290d
Merge pull request #8450 from Icinga/bugfix/do-not-accept-api-updates-for-unknown-zone 
API: Don't accept object updates for unknown global zone
 2020-11-24 10:40:20 +01:00
Alexander A. Klimov 5cfac1f643 Fix function and variable names 
refs #8034
 2020-11-23 16:43:47 +01:00
Alexander A. Klimov fa61711c21 Introduce ReportIdoCheck() 
... for code deduplication

refs #8034
 2020-11-23 16:40:32 +01:00
Alexander A. Klimov 0ad1ab20aa Fix code style 
refs #8034
 2020-11-23 16:39:24 +01:00
Julian Brost 3f15963651 Remove SpinLock 
No longer needed as its only user now uses std::mutex.
 2020-11-17 09:40:34 +01:00
Julian Brost 70c9d49ebc ApiListener: merge new config validation and actication functions 
Merge AsyncTryActivateZonesStage and TryActivateZonesStageCallback and
name the result TryActivateZonesStage. The old split was a leftover from
the one being a callback function with no actual meaningful separation.
 2020-11-17 09:37:13 +01:00
Noah Hilverling 2d1980c10d
Merge pull request #8476 from Icinga/docs/api-action-api-function 
Clarify difference between API actions and functions in their docstrings
 2020-11-17 08:17:05 +01:00
Julian Brost e4610e7dbd Use std::mutex instead of Spinlock 2020-11-16 17:38:03 +01:00
Julian Brost 74b65f1642 API filesync: wait for validation process to exit 
This avoid having to pass a lock implictly using the captured variables
of a lambda.
 2020-11-16 17:10:57 +01:00
Julian Brost 4c8c4c75ec Add Process::WaitForResult to allow waiting for the process to finish 2020-11-16 17:10:26 +01:00
Alexander Aleksandrovič Klimov 5f3b5934fa
Merge pull request #8195 from Icinga/feature/terminate-pretty-json-output-w-n-8194 
JsonEncode(): suffix pretty JSON w/ \n
 2020-11-13 17:08:46 +01:00
Alexander Aleksandrovič Klimov 66c4dc35a8
Merge pull request #7931 from Icinga/feature/program_version-livestatus-7895 
Livestatus: append app name to program_version
 2020-11-13 17:08:11 +01:00
Julian Brost d1edcb909c Close anonymous connections after 10 seconds 
Anonymous connections are normally only used for requesting a
certificate and are closed after this request is received. However, the
request is only sent if the child has successfully verified the
certificate of its parent so that it is an authenticated connection from
its perspective. In case this verification fails, both ends view it as
an anonymous connection and never actually use it but attempt a
reconnect after 10 seconds leaking the connection. Therefore close it
after a timeout.
 2020-11-12 18:01:11 +01:00