Commit Graph

11104 Commits

Author SHA1 Message Date
Michael Insel 90bb423226 Implement TLS support for the GelfWriter
This implements TLS support for the GelfWriter.
2019-05-16 17:48:47 +02:00
Dirk Goetz a4f2006884 Docs: Add Master-Master-Replication as option for mysql
(cherry picked from commit c4f1ad7abb)
2019-05-16 16:54:27 +02:00
Michael Friedrich d5b2081d76 Docs: Add initial sync for secondary HA masters, hints on IDO DB clusters
refs #6492

(cherry picked from commit c2542710b7)
2019-05-16 16:53:29 +02:00
Michael Friedrich 9d658530ce Docs: Improve features chapter and add details on HA setups
refs #4855

(cherry picked from commit 07790e456b)
2019-05-16 16:53:06 +02:00
Michael Friedrich 5f4f50b9af Docs: Add note for reachability calculation with checks disabled
refs #6844

(cherry picked from commit 15326caf38)
2019-05-16 16:49:10 +02:00
Michael Friedrich 1d14b75fc1 Update AUTHORS 2019-05-16 16:48:25 +02:00
Alexander A. Klimov 40a19e41d0 ApiListener#ReplayLog(): read current log file too instead of rotating
(cherry picked from commit 407e77883c)
2019-05-16 16:45:58 +02:00
Alexander A. Klimov c55e4e122f ApiListener#RotateLogFile(): don't overwrite previous log
(cherry picked from commit 997d84bfa0)
2019-05-16 16:32:53 +02:00
Alexander A. Klimov 206fb222c0 Rotate replay log on shutdown, not on startup
(cherry picked from commit f44e847717)
2019-05-16 16:32:45 +02:00
Alexander A. Klimov 511772e08a ApiListener#ApiTimerHandler(): delete all replayed logs
refs #6932

(cherry picked from commit 9b489cf9b9)
2019-05-16 16:32:22 +02:00
Elias Ohm b623274918 another small adjustment by the way just to ensure the object on stack ist the same as the one serialized further in case the object does not implement locking on mutation (besides it's mor efficient to not fetch the same value twice)
(cherry picked from commit cdd843a998)
2019-05-16 16:31:09 +02:00
Elias Ohm 22fcdd868d add some object locking to the Dump method (which could theoreticylly suffer from same reace condition as serializer)
(cherry picked from commit 44ac6cf1ec)
2019-05-16 16:31:01 +02:00
Elias Ohm 68418eb6bc Lock Objects during serialization
old behaviour was to only lock arrays, dictionaries and namespaces but not other objects

(cherry picked from commit 91296c2a25)
2019-05-16 16:30:53 +02:00
Alexander A. Klimov ae3590023b Namespace: place ObjectLock in all methods
(cherry picked from commit 5afda77943)
2019-05-16 16:19:29 +02:00
Elias Ohm c6f84e24da try without initialization of frame Locals which are not used for permissions filter and as far as I can see also not for query filters
(cherry picked from commit c10ff9dd72)
2019-05-16 16:17:06 +02:00
Elias Ohm 14cb6ec741 use current frame scope for permission filter function calls
(cherry picked from commit 53febdea81)
2019-05-16 16:16:58 +02:00
Alexander A. Klimov 967616d88e FilterUtility::EvaluateFilter(): ensure not to modify the global namespace
(cherry picked from commit bdadb53940)
2019-05-16 16:16:51 +02:00
Elias Ohm 8315ea86d7 * use dedicated permissions namespace for scriptframe in filterutility to allow proper parallel execution
* fixes issue https://github.com/Icinga/icinga2/issues/6785 where permission checks get wrong result because permissions checks are done within a shared namespaces without using only unique keys
  * mitigates issue https://github.com/Icinga/icinga2/issues/6874 where segmentation faults occur because of concurrent access to non threadsafe parts of namespace (a fix for thread safety of namespaces which would be an alternative approach to get rid of these segfaults is out of scope of this fix as 6785 needs to be fixed anyway and this is the straight-forwards) way to fix that
* do the same for eventqueue (not certain whether events can be processed in parallel but I expect it is the case)

(cherry picked from commit 1e7cd4afc8)
2019-05-16 16:12:21 +02:00
Michael Friedrich 6e822672be Add log message for log rotate; update docs
refs #6737

(cherry picked from commit df25b183cb)
2019-05-16 15:28:52 +02:00
Alexander A. Klimov 98d674f780 Timer::TimerThreadProc(): use C++11 lambda instead of bind()
refs #6737

(cherry picked from commit 7a8f8fd734)
2019-05-16 15:27:53 +02:00
Alexander A. Klimov f551666a7d StreamLogger#BindStream(): set #m_FlushLogTimer only if needed
refs #6737

(cherry picked from commit 622f684124)
2019-05-16 15:27:29 +02:00
Elias Ohm 304ba1fd6c Fix for double-free (and possibly other memory-corruption related) crashes at logrotate time
this is a direct fix of the issue revealing the problem that leads to crash

verification done with a patched icinga2 where the execution-order of the code lines of counter-parts involved in re-incrementing/decrementing Timer:Ptr is forced to be the one that leads to the obeserverd segfaults

refs #6737

(cherry picked from commit 52e3db279a)
2019-05-16 15:26:47 +02:00
marxin 54538986b8 Documentation: add missing argument to chkconfig command.
(cherry picked from commit dd0c7a28dd)
2019-05-16 15:25:01 +02:00
Michael Friedrich 0927078685 Docs: Use jo to format JSON body for API actions, esp. unix timestamps
(cherry picked from commit 21225c6b48)
2019-05-16 15:23:56 +02:00
Michael Friedrich 469cd2503c CLI: Fix updates for NodeName/ZoneName constants
fixes #7117

(cherry picked from commit 4197bc9bcd)
2019-05-16 15:23:35 +02:00
Michael Friedrich d0ac7f464d DB IDO: Do not deactivate objects during application reload/restart
This follows the same principle as with the shutdown handler,
and was introduced with the changed reload handling with 2.9.
Previously IsShuttingDown() was sufficient which got set at one
location.

SigUsr2 as handler introduced a new location where m_ShuttingDown
is not necessarily set yet. Since this handler gets called when
l_Restarting is enabled, we'll use this flag to avoid config update
events resulting in object deactivation (object->IsActive() always
returns false).

refs #5996
refs #6691
refs #6970

fixes #7125

(cherry picked from commit 78e24c53f1)
2019-05-16 15:22:16 +02:00
Michael Friedrich 553bc54297 Improve REST API docs
- Better explanation for filters and filter_vars
- Update examples to use filters in the body only, don't fuck around with the URL parameters.
- Better explain actions and their intent
- More insights into config packages and their intention
- Improve API clients and add the tables from icinga2-api-examples
- Formatting for CLI requests

(cherry picked from commit 31170db123)
2019-05-16 14:52:37 +02:00
Michael Friedrich e55cad5c1a Fix headings in the docs
refs #6918

(cherry picked from commit e909302fd9)
2019-05-16 14:52:33 +02:00
Michael Friedrich defb5b505f Docs: Improve config object types chapter
(cherry picked from commit 2ce82b56d4)
2019-05-16 14:49:56 +02:00
Alexander A. Klimov 9c0507f725 Doc: adjust default of ApiListener#bind_host
(cherry picked from commit 915525dbcd)
2019-05-16 14:46:00 +02:00
Michael Friedrich d6b4c96d02 Add technical concept docs for our internal JSON-RPC message API
(cherry picked from commit 3c591a03b0)
2019-05-16 14:40:40 +02:00
Michael Friedrich 1149ed7506 Technical Concepts: Add config compiler references
(cherry picked from commit 2196027611)
2019-05-16 14:40:09 +02:00
Peter Eckel 2a1a3726bf Avoid duplicating non-zero count message replay messages in the debug log
(cherry picked from commit 5d59863725)
2019-05-16 14:31:12 +02:00
Robert Scheck bb503cce16 Strip '\r' in notification messages to avoid 'Content-Type: application/octet-stream'
Without this patch, an accidential `\r` in e.g. `$NOTIFICATIONCOMMENT`
leads to a `Content-Type: application/octet-stream` header in e-mails.
The accidential `\r` might slip in usually using Icinga/Nagios apps...
2019-05-16 12:44:29 +02:00
Michael Friedrich d94e300907
Merge pull request #7181 from Icinga/feature/x509-check-command
Add check command for x509's host check
2019-05-16 10:02:51 +02:00
Sascha Westermann a761adad8a Fix System-V return codes according to LSB
- "status"-calls use different exit codes, refer to http://refspecs.linuxbase.org/LSB_3.0.0/LSB-PDA/LSB-PDA/iniscrptact.html
- the "status"-call in "condrestart" returned an error if the daemon was not running: this has been fixed
2019-05-14 11:22:05 +02:00
Johannes Meyer 45433e5c91
doc: Add section for x509 to the ITL chapter 2019-05-13 15:57:27 +02:00
Johannes Meyer 7403139622
Add check command for x509's host check
The refererred PR: https://github.com/Icinga/icingaweb2-module-x509/pull/47
2019-05-13 14:36:27 +02:00
Michael Friedrich 66df1e9542 Docs: Fix typos 2019-05-13 08:34:38 +02:00
Michael Friedrich e8c6e3da32
Merge pull request #7026 from Icinga/feature/ca-list-all
CLI: 'ca list' lists pending CSRs by default, add '--all' parameter
2019-05-10 16:41:53 +02:00
Michael Friedrich 9fa611cd37
Merge pull request #7179 from Napsty/feature/itl-esxi-hardware-regex
Add new -r parameter for esxi_hardware command
2019-05-10 16:22:54 +02:00
Michael Friedrich 6ba67487ea CLI: 'ca list' now lists pending CSRs by default, add '--all' parameter
https://puppet.com/docs/puppet/5.5/man/cert.html
2019-05-10 15:41:00 +02:00
Michael Friedrich 47ce864fae
Merge pull request #7180 from Icinga/bugfix/revert-exit-code
Revert "CLI: Return non-zero on unknown sub commands"
2019-05-10 15:17:51 +02:00
Michael Friedrich aed88ca477 Revert "CLI: Return non-zero on unknown sub commands"
This reverts commit 00bc0b2303.
2019-05-10 15:16:05 +02:00
Napsty e385c3b515 Add new -r parameter for esxi_hardware command 2019-05-10 14:51:11 +02:00
Michael Friedrich af42e2dfc0
Merge pull request #7178 from Icinga/bugfix/api-package-repair
API: Automatically repair broken _api package
2019-05-10 14:40:48 +02:00
Michael Friedrich 368383bedd
Merge pull request #7154 from Elias481/fix/serializer-object-locking-7003
Lock all kind of Objects during serialization
2019-05-10 14:39:27 +02:00
Napsty 2332bc30d0 Add new -r parameter for esxi_hardware command 2019-05-10 13:46:11 +02:00
Michael Friedrich 6c9c65323e Workaround for boost::filesystem and Visual Studio on Windows 2019-05-10 13:38:12 +02:00
Michael Friedrich ed4e68430b
Merge pull request #7172 from Elias481/fix/generate-rsa-4635-org
Account for OpenSSL library evolution
2019-05-10 13:24:01 +02:00