tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,917 Commits 347 Branches 117 Tags 199 MiB
Commit Graph

820 Commits

Author SHA1 Message Date
Michael Friedrich 20d51d21dc
Merge pull request #7127 from Icinga/bugfix/replay-log 
ApiListener#RotateLogFile(): don't overwrite previous log
 2019-04-23 12:08:12 +02:00
Michael Friedrich 5fb191bbeb
Merge pull request #7126 from Icinga/bugfix/replay-logs-6932 
ApiListener#ApiTimerHandler(): delete all replayed logs
 2019-04-23 12:07:02 +02:00
Alexander A. Klimov 407e77883c ApiListener#ReplayLog(): read current log file too instead of rotating 2019-04-18 17:22:36 +02:00
Alexander A. Klimov 997d84bfa0 ApiListener#RotateLogFile(): don't overwrite previous log 2019-04-18 17:22:33 +02:00
Alexander A. Klimov 9b489cf9b9 ApiListener#ApiTimerHandler(): delete all replayed logs 
refs #6932
 2019-04-18 17:00:40 +02:00
Alexander A. Klimov f44e847717 Rotate replay log on shutdown, not on startup 2019-04-17 14:18:20 +02:00
Michael Friedrich 64568f5966
Merge pull request #7121 from Icinga/bugfix/concurrent-checks 
Fix that MaxConcurrentChecks constant is overridden from 'checker' feature
 2019-04-17 13:14:32 +02:00
Michael Friedrich ab97d606db
Merge pull request #7122 from Icinga/bugfix/evaluatefilter-change-globals 
FilterUtility::EvaluateFilter(): ensure not to modify the global namespace
 2019-04-16 17:40:20 +02:00
Alexander A. Klimov bdadb53940 FilterUtility::EvaluateFilter(): ensure not to modify the global namespace 2019-04-16 15:53:44 +02:00
Michael Friedrich b906714254 Fix that MaxConcurrentChecks constant is overridden from 'checker' feature 
Note: This drops the deprecated concurrent_checks setting from the checker feature
entirely and refactors the underlaying code handling.

Also affects ReloadTimeout which is new for 2.11.

fixes #7111
 2019-04-16 15:04:57 +02:00
Elias Ohm 1e7cd4afc8 * use dedicated permissions namespace for scriptframe in filterutility to allow proper parallel execution 
* fixes issue https://github.com/Icinga/icinga2/issues/6785 where permission checks get wrong result because permissions checks are done within a shared namespaces without using only unique keys
  * mitigates issue https://github.com/Icinga/icinga2/issues/6874 where segmentation faults occur because of concurrent access to non threadsafe parts of namespace (a fix for thread safety of namespaces which would be an alternative approach to get rid of these segfaults is out of scope of this fix as 6785 needs to be fixed anyway and this is the straight-forwards) way to fix that
* do the same for eventqueue (not certain whether events can be processed in parallel but I expect it is the case)
 2019-04-12 08:10:57 +02:00
Michael Friedrich 973b03dcb2
Merge pull request #7109 from Icinga/feature/enhance-cluster-message-send-code-docs 
Improve code docs for cluster message routing conditions
 2019-04-11 11:20:46 +02:00
Michael Friedrich b24a3be083 Improve code docs for cluster message routing conditions 
refs #6781
 2019-04-10 14:17:36 +02:00
Alexander A. Klimov de04bb13a8 JsonRpcConnection: reduce log spam on disconnect 2019-04-09 13:53:41 +02:00
Michael Friedrich f177d8786d HttpServerConnection: Log the user agent field for new requests too 
refs #7041
 2019-04-05 15:08:09 +02:00
Michael Friedrich b1042c3689
Merge pull request #7076 from Icinga/bugfix/eventqueue-leak 
/v1/events: terminate on disconnect
 2019-04-05 10:31:30 +02:00
Alexander A. Klimov 2e4e2e1a79 /v1/events: don't deadlock other coroutines 2019-04-05 09:22:42 +02:00
Michael Friedrich 5c3a9b77d7 Always update object authority, even w/o API feature 
Regression from #7062

Thanks @nilmerg :)
 2019-04-03 13:48:24 +02:00
Alexander A. Klimov 2e5af2922b /v1/events: terminate on disconnect 2019-04-03 09:59:45 +02:00
Alexander A. Klimov 4c5ee0dbbf EventQueue#WaitForEvent(): re-add timeout 2019-04-03 09:53:45 +02:00
Alexander A. Klimov 28d46052b0 HttpServerConnection#StartStreaming(): auto-detect disconnection 2019-04-03 09:50:52 +02:00
Alexander A. Klimov c284cf0b68 HttpServerConnection: encapsulate streaming start indicator 2019-04-02 17:37:29 +02:00
Alexander A. Klimov 09a2e04f4b EventQueue#WaitForEvent(): don't lock I/O thread while locking mutex 2019-04-02 14:38:06 +02:00
Alexander A. Klimov 00d859234e Use new I/O engine in PkiUtility::FetchCert() and PkiUtility::RequestCertificate() 2019-04-01 17:18:00 +02:00
Alexander A. Klimov 6e7932f157 Add non-async overloads for JsonRpc::ReadMessage() and JsonRpc::SendMessage() 2019-04-01 17:11:10 +02:00
Alexander A. Klimov f2d9d91e83 Introduce UnbufferedAsioTlsStream#GetPeerCertificate() 2019-04-01 17:11:09 +02:00
Michael Friedrich 5c2aaf6380 Improve error logging on connection failure (cluster) 2019-04-01 16:13:37 +02:00
Alexander A. Klimov 64b2ac4b30 ApiListener: drop unused thread pool 2019-04-01 15:06:17 +02:00
Alexander A. Klimov 3a6caa2800 Respect Accept:application/json where possible 2019-04-01 13:31:16 +02:00
Alexander A. Klimov 24c9542b5b HttpServerConnection: fix side effect of HTTP parser's default body limit 2019-04-01 13:31:16 +02:00
Alexander A. Klimov d428bdf384 Add missing includes 2019-04-01 13:31:16 +02:00
Alexander A. Klimov 5b2c1f023d Rename preventGc to keepAlive 2019-04-01 13:31:16 +02:00
Alexander A. Klimov 5208448b76 Restore the previous performance of replaying logs 2019-04-01 13:31:16 +02:00
Alexander A. Klimov 79e95d2355 Introduce JsonRpcConnection#SendMessageInternal() 2019-04-01 13:31:16 +02:00
Alexander A. Klimov e6d78bf361 Move some TCP/TLS logic out of ApiListener 
... for re-using it
 2019-04-01 13:31:16 +02:00
Alexander A. Klimov 8b3efe5759 Introduce AsioConditionVariable 2019-04-01 13:31:16 +02:00
Alexander A. Klimov e129c561d5 HttpServerConnection: don't disconnect during sending response 2019-04-01 13:31:16 +02:00
Alexander A. Klimov 326bf66255 ApiListener: use setsockopt(), not tcp::acceptor#set_option() 2019-04-01 13:31:16 +02:00
Alexander A. Klimov b5fddaf3ce ApiListener: log why bind(2) failed 2019-04-01 13:31:16 +02:00
Alexander A. Klimov 19625e62ef ApiListener: fix self-made security hole 2019-04-01 13:31:16 +02:00
Alexander A. Klimov 87b0c452db HttpServerConnection: re-add automatic disconnect 2019-04-01 13:31:16 +02:00
Alexander A. Klimov f029fd4884 Re-add HttpServerConnection#Disconnect() 2019-04-01 13:31:16 +02:00
Alexander A. Klimov 16913cb977 JsonRpcConnection: add missing CpuBoundWork 2019-04-01 13:31:16 +02:00
Alexander A. Klimov a451327b81 JsonRpcConnection: re-add num_json_rpc_work_queue_item_rate 2019-04-01 13:31:16 +02:00
Alexander A. Klimov a54bd9d5c4 JsonRpcConnection: re-add automatic disconnect 2019-04-01 13:31:16 +02:00
Alexander A. Klimov 7aae8bd265 JsonRpcConnection: re-add heartbeats 2019-04-01 13:31:16 +02:00
Alexander A. Klimov 84b411501b Re-add JsonRpcConnection#Disconnect() 2019-04-01 13:31:16 +02:00
Alexander A. Klimov 2d16b02520 ApiListener#NewClientHandlerInternal(): shut down TLS stream 2019-04-01 13:30:42 +02:00
Alexander A. Klimov c46157d552 ApiListener: fix self-made security hole 2019-04-01 11:40:14 +02:00
Alexander A. Klimov f9fff54da2 ApiListener: don't require a valid certificate for the TLS handshake to complete 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 6c86c127f1 Port JsonRpcConnection to Boost ASIO 2019-04-01 11:40:14 +02:00
Alexander A. Klimov c76947e8b9 JsonRpc::ReadMessage(): add Boost ASIO overload 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 48b5824e37 ApiListener: send icinga::Hello message 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 49ac7777e0 JsonRpc::SendMessage(): add Boost ASIO overload 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 832365195d ApiListener: connect(2) via Boost ASIO 2019-04-01 11:40:14 +02:00
Alexander A. Klimov e9a64abd09 ApiListener#ListenerCoroutineProc(): catch more edge cases 2019-04-01 11:40:14 +02:00
Alexander A. Klimov a6813ec786 ApiListener: restore previous bind(2) behavior 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 493a97f4f3 EnsureAcceptHeader(): fix wrong condition 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 8c5d629d35 /v1/events: don't truncate any events 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 7681ec10a4 /v1/events: don't lock I/O thread 2019-04-01 11:40:14 +02:00
Alexander A. Klimov fd239ba3fe Adjust /v1/events, too 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 1941c1da28 Adjust all HTTP handlers (ex. /v1/events) 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 9ae1d732af HttpServerConnection: actually handle requests 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 7fe0431ada HttpServerConnection: verify requests via Boost ASIO + Beast 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 04a9879acc Add HttpUtility::SendJsonError() overload for Boost/Beast 2019-04-01 11:40:14 +02:00
Alexander A. Klimov fc22cbaf09 Add HttpUtility::SendJsonBody() overload for Boost/Beast 2019-04-01 11:40:14 +02:00
Alexander A. Klimov e21956e26e ApiListener: detect protocol 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 539855bac1 ApiListener: verify peer 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 720c53ab77 ApiListener: perform TLS handshake 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 2615967e7f Make ApiListener#m_SSLContext a Boost ASIO SSL context 2019-04-01 11:40:14 +02:00
Alexander A. Klimov e4f3422b3a ApiListener: listen(2) via Boost ASIO 2019-04-01 11:40:14 +02:00
Michael Friedrich 4a26a48778 Code Quality: Move authority.cpp into the ApiListener class scope 2019-04-01 08:51:18 +02:00
Michael Friedrich 149f640fd8 Improve DB IDO HA failover behaviour 
- Decrease Object Authority updates to 10s (was 30s)
- Decrease failover timeout to 30s (was 60s)
- Decrease cold startup (after (re)start) with no OA updates to 30s (was 60s)
- Immediately connect on Resume()
- Fix query priority which got broken with #6970
- Add more logging when a failover is in progress

```
[2019-03-29 16:13:53 +0100] information/IdoMysqlConnection: Last update by endpoint 'master1' was 8.33246s ago (< failover timeout of 30s). Retrying.

[2019-03-29 16:14:23 +0100] information/IdoMysqlConnection: Last update by endpoint 'master1' was 38.3288s ago. Taking over 'ido-mysql' in HA zone 'master'.
```

- Add more logging for reconnect and disconnect handling
- Add 'last_failover' attribute to IDO*Connection objects

refs #6970
 2019-04-01 08:50:00 +02:00
Michael Friedrich 804c00ece5
Merge pull request #6999 from Icinga/bugfix/compiler-warnings 
Suppress or fix compiler warnings
 2019-03-18 08:44:30 +01:00
Alexander A. Klimov bf92e32496 Suppress or fix compiler warnings 2019-03-08 14:07:29 +01:00
Alexander A. Klimov 37b044ecda PkiUtility::NewCa(): just warn if the CA files already exist 2019-03-01 14:37:45 +01:00
Michael Friedrich e2df11520e
Merge pull request #6970 from Icinga/bugfix/perfdata-gaps 
Improve reload handling for features (metric & queue flush, activation priority)
 2019-02-26 15:38:15 +01:00
Michael Friedrich 458f997a18 Replace Copyright header with a short version, part II 2019-02-25 15:09:36 +01:00
Michael Friedrich d14a88235d Replace Copyright header with a short version, part I 
CLion -> replace in path
 2019-02-25 14:48:22 +01:00
Michael Friedrich ab7a799369 Implement ReloadTimeout constant and wait for enqueued checks on Stop() 2019-02-25 09:03:47 +01:00
Alexander A. Klimov 9558ebc0f4 Secure ApiUser::GetByAuthHeader() against timing attacks 2019-02-22 16:59:36 +01:00
Michael Friedrich b08d485a41
Merge pull request #6857 from Icinga/bugfix/check_nscp_api-query-sorted-6536 
Url#m_Query: preserve order
 2019-02-11 17:57:32 +01:00
Peter Eckel 5d59863725 Avoid duplicating non-zero count message replay messages in the debug log 2019-02-11 13:54:17 +01:00
Michael Friedrich b16c22448e Cluster: Delete object message should log that 
Atm it is a copy-paste error and irritates during debugging.
Coming from my analysis of existing cluster messages.
 2019-01-28 17:39:22 +01:00
Jean Flach 2aff6a5887 Don't run UpdateObjectAuthority for Comments and Downtimes 2019-01-10 11:44:14 +01:00
Michael Friedrich e1a941e5c7
Merge pull request #6880 from Icinga/bugfix/pki-requestcertificate-no-cert 
pki::RequestCertificate: handle missing certificate/CSR
 2019-01-09 09:30:27 +01:00
Alexander A. Klimov 4a7960f21b pki::RequestCertificate: handle missing certificate/CSR 2019-01-08 11:49:44 +01:00
Alexander A. Klimov f4ab0737d1 HttpServerConnection#DataAvailableHandler(): reduce log spam 2019-01-07 15:32:19 +01:00
Alexander A. Klimov eeb609d4ae Url#m_Query: preserve order 
refs #6536
 2018-12-21 11:52:37 +01:00
Michael Friedrich b58ce84b0e
Merge pull request #6817 from Icinga/bugfix/stalled-tls-connections-6816 
HttpServerConnection#DataAvailableHandler(): be aware of being called multiple times concurrently
 2018-12-05 11:35:35 +01:00
Alexander A. Klimov 7e630c7732 HttpServerConnection#DataAvailableHandler(): be aware of being called multiple times concurrently 
refs #6816
 2018-12-03 19:05:41 +01:00
Michael Friedrich 5f25eb6b2d Add a code comment for connection: close handling 2018-12-03 14:40:50 +01:00
Sven Wegener a83dbc9de5 Restore 'Connection: close' behaviour in HTTP responses 
Actually the `corked` functionality caused problems with
not closing connections properly.

Full Analysis: https://github.com/Icinga/icinga2/issues/6799#issuecomment-443710338

Full credits to @swegener :)

fixes #6799
 2018-12-03 14:27:37 +01:00
Alexander A. Klimov 8de5326d23 Remove redundand check for object existence on creation via API 
refs #3937
 2018-11-29 17:51:53 +01:00
Michael Friedrich 5406ce6540 Ensure that API/JSON-RPC messages in the same session are processed and not stalled 
This basically drops the "corked" implementation which just stalled the
TLS IO polling after some requests. If you need sort of rate limiting
for these events, use an external TLS proxy which terminates that in front
of Icinga.

fixes #6635
 2018-10-29 12:57:24 +01:00
Michael Friedrich 6de4cef3ae
Merge pull request #6719 from Icinga/fix/finished-reconnect-message 
Do not send 'finished reconnecting...' if failed
 2018-10-24 11:51:34 +02:00
Michael Friedrich bd8e9f55da
Merge pull request #6662 from Icinga/bugfix/keep-http-connection-open-until-stream-eof 
Keep the HTTP server connection open until the stream is EOF
 2018-10-24 11:31:06 +02:00
Michael Friedrich 3cb2c1d143 icinga.com: Update everything else 2018-10-18 09:50:53 +02:00
Michael Friedrich dea5ec614e icinga.com: Update CMakeLists.txt 2018-10-18 09:35:18 +02:00
Michael Friedrich 44c3b83769 icinga.com: Update '*.ti' 2018-10-18 09:30:00 +02:00