Michael Friedrich
1853254201
Pass the zonesVar override around
2019-06-19 14:46:11 +02:00
Michael Friedrich
2ed56b50a4
Ensure directory paths are created from stage -> prod
2019-06-19 14:46:11 +02:00
Michael Friedrich
c2d7063ae7
Better signal for checking the cluster config sync stage (ignore production)
2019-06-19 14:46:11 +02:00
Michael Friedrich
506eee2f7d
Fix crash
2019-06-19 14:46:11 +02:00
Michael Friedrich
2c39d69428
Implement first draft for cluster config staged sync
2019-06-19 14:46:11 +02:00
Michael Friedrich
3d363854e2
Disable stack traces for WQ exceptions (used in config compiler)
...
The ConfigItem class collects exceptions and reports them.
In contrast to our other DiagnosticInformation() calls,
verbosity is enabled any time.
This patch allows to re-enable the verbose output including
the stack traces, but disables this by default.
2019-06-19 14:26:34 +02:00
Michael Friedrich
9c92368774
SSL Context: Explicitly load ECC ciphers on el7
...
Otherwise curl/nss as client won't be able to use the
new default cipher list.
fixes #7247
2019-06-18 14:58:19 +02:00
Alexander A. Klimov
42a33cdc7d
Fix build errors with Boost v1.70
...
refs #7237
2019-06-07 16:30:34 +02:00
Michael Friedrich
65c8d43157
Add function docs for CA CLI commands
2019-06-07 10:33:55 +02:00
Michael Friedrich
b32d818d1b
CLI: Allow to list removed CSRs with 'ca list'
2019-06-07 10:33:55 +02:00
Michael Friedrich
a35828a6ff
CLI: Update ca remove/restore commands from my review
2019-06-07 10:33:55 +02:00
Andrew Jaffie
d95feb4950
Log messages now use CN, file permissions fixed, ca remove now will not remove CSR's that have already been signed.
2019-06-07 10:33:55 +02:00
Andrew Jaffie
6aa2e0c36b
Added ca restore command+docs to undo effects of ca remove
2019-06-07 10:33:55 +02:00
Andrew Jaffie
429f1ed317
Ignore repeated requests from client after using ca remove command
2019-06-07 10:33:55 +02:00
Andrew Jaffie
a970f7dcf9
Implemented cli command + documentation.
2019-06-07 10:33:55 +02:00
Alexander A. Klimov
ffd736f56f
LegacyTimePeriod::ProcessTimeRangeRaw(): support ranges across midnight
...
refs #5261
2019-06-06 13:11:34 +02:00
Michael Friedrich
9522a2e06f
Merge pull request #7218 from Icinga/feature/api-host-downtime-all-services
...
API Actions: Add downtime for all host services (child objects)
2019-06-06 12:53:42 +02:00
Michael Friedrich
f6fc81c6c3
Combine all_services with child_options for schedule-downtime API action
2019-06-06 11:37:22 +02:00
Michael Friedrich
e7c4253fa3
REST API: Allow to schedule downtimes for all services for one or more matching hosts
2019-06-06 11:37:22 +02:00
Michael Friedrich
f9a02fb813
Merge pull request #7208 from Icinga/bugfix/waiting-for-running-checks-6841
...
Actually wait for running checks
2019-06-06 11:16:34 +02:00
Michael Friedrich
6a8823f879
Avoid concurrent cluster config sync transactions
...
fixes #6660
2019-06-05 15:23:28 +02:00
Michael Friedrich
ef72cd4442
Merge pull request #7220 from Icinga/bugfix/asio-error-handling
...
Improve error handling with network connections (Boost ASIO)
2019-06-05 14:43:31 +02:00
Michael Friedrich
18211ddd23
Merge pull request #7209 from Icinga/bugfix/immediately-close-sockets
...
Close server connections and shutdown coroutines immediately on disconnect
2019-06-05 14:40:24 +02:00
Alexander A. Klimov
ad28380884
Close server connections and shutdown coroutines immediately on disconnect
2019-06-05 10:42:03 +02:00
Michael Friedrich
fd9887c5af
API: Harden default cipher list
...
According to https://www.acunetix.com/blog/articles/tls-ssl-cipher-hardening/
2019-06-05 09:55:43 +02:00
Michael Friedrich
3798089642
Improve error handling with network connections (Boost ASIO)
...
refs #7041
2019-06-05 09:42:51 +02:00
Michael Friedrich
146b337d4d
Merge pull request #7211 from Icinga/feature/asio-tls-version
...
Require TLS 1.2 for Cluster & REST API
2019-06-03 16:19:22 +02:00
Michael Friedrich
d82c067555
Require TLS 1.2 for Cluster & REST API
...
refs #7041
2019-05-29 17:08:36 +02:00
Michael Friedrich
438da67209
Merge pull request #7210 from Icinga/bugfix/boost-asio-deprecated
...
Quality: Replace deprecated get_io_service() with get_executor().context() for Boost ASIO
2019-05-29 15:40:19 +02:00
Michael Friedrich
99bb7fa99c
Merge pull request #7196 from Icinga/feature/network-cleanup
...
Cleanup old code (HTTP, Cluster)
2019-05-29 14:50:40 +02:00
Michael Friedrich
59b95ed1f0
Quality: Replace deprecated get_io_service() with get_executor().context() for Boost ASIO
...
refs #7041
2019-05-29 14:36:10 +02:00
Michael Friedrich
f5bc9b469c
Quality: Mark NetworkStream, TcpSocket & UnixSocket classes as deprecated
...
They're used inside the Livestatus feature which needs rework.
2019-05-29 14:17:36 +02:00
Alexander A. Klimov
705ab87b60
Actually wait for running checks
...
refs #6841
2019-05-29 10:33:29 +02:00
Michael Friedrich
120aba3919
Quality: Removed unused HttpChunkedEncoding class
2019-05-28 13:46:19 +02:00
Michael Friedrich
ba44c3921c
Quality: Remove old MakeSSLContext() interface
2019-05-28 13:03:34 +02:00
Michael Friedrich
e72721b62f
CLI: Remove broken troubleshoot command
...
It wasn't finished nor have we used it for support questions.
Issue templates, troubleshooting docs and external scripts
serve a better purpose here, especially with distributed systems.
2019-05-28 12:31:38 +02:00
Michael Friedrich
efd4e8ad40
Quality: Use Boost ASIO/IO engine in Graphite feature
...
This commit changes the reconnect priority to high.
Also add function docs.
2019-05-27 16:49:51 +02:00
Michael Friedrich
0466316019
Quality: Rewrite OpenTSDB to use Boost ASIO and I/O engine
...
The connection handling and code isn't really good, but not
really actively maintained either.
Besides that, the "telnet" method doesn't allow for TLS,
this needs a general rewrite against their HTTP API.
I've also added function documentation where applicable.
2019-05-27 15:09:26 +02:00
Michael Insel
a6a0631e99
Unify copyright headers
...
Update (left over) copyright headers to generic copyright headers.
2019-05-24 16:25:32 +02:00
Michael Friedrich
c77d6eb869
Quality: Drop unused boost/tuple header include
2019-05-24 15:50:43 +02:00
Michael Friedrich
5dbb6ad366
Quality: Remove old SocketEvent functionality
2019-05-24 15:50:43 +02:00
Michael Friedrich
c7a2fc556c
Quality: Purge old TlsStream functionality
2019-05-24 15:50:43 +02:00
Michael Friedrich
e606d14705
Quality: Clean JsonRPC class and add function docs
2019-05-24 15:50:43 +02:00
Michael Friedrich
f933aafd29
Quality: Purge old HTTP code in lib/remote
2019-05-24 15:50:43 +02:00
Michael Friedrich
5d0af5c879
Merge pull request #6813 from Icinga/feature/gelfwriter-tls-support
...
Implement TLS support for the GelfWriter feature
2019-05-24 15:50:18 +02:00
Michael Friedrich
2ba2134eda
Merge pull request #7156 from Icinga/feature/itl-sleep
...
Implement sleep CheckCommand
2019-05-24 15:42:46 +02:00
Alexander Stoll
471dbc79a3
Remove double whitespaces for notifications log message
...
Add space to checkable debug message to unify timestamp format
2019-05-22 14:13:14 +02:00
Michael Friedrich
a0c8f41d58
Debug Console: Use our new I/O engine for HTTP requests
...
refs #7041
2019-05-22 12:51:23 +02:00
Michael Insel
bb70613ed1
Fix wrong facility in GelfWriter log message
...
This fixes a wrong facility in GelfWriter log message (paused message).
2019-05-16 19:50:40 +02:00
Michael Insel
bc0ab93e44
Use new I/O engine in GelfWriter
2019-05-16 19:39:06 +02:00
Michael Insel
90bb423226
Implement TLS support for the GelfWriter
...
This implements TLS support for the GelfWriter.
2019-05-16 17:48:47 +02:00
Michael Friedrich
6ba67487ea
CLI: 'ca list' now lists pending CSRs by default, add '--all' parameter
...
https://puppet.com/docs/puppet/5.5/man/cert.html
2019-05-10 15:41:00 +02:00
Michael Friedrich
aed88ca477
Revert "CLI: Return non-zero on unknown sub commands"
...
This reverts commit 00bc0b2303
.
2019-05-10 15:16:05 +02:00
Michael Friedrich
af42e2dfc0
Merge pull request #7178 from Icinga/bugfix/api-package-repair
...
API: Automatically repair broken _api package
2019-05-10 14:40:48 +02:00
Michael Friedrich
368383bedd
Merge pull request #7154 from Elias481/fix/serializer-object-locking-7003
...
Lock all kind of Objects during serialization
2019-05-10 14:39:27 +02:00
Michael Friedrich
6c9c65323e
Workaround for boost::filesystem and Visual Studio on Windows
2019-05-10 13:38:12 +02:00
Michael Friedrich
6cce9c0fdd
API: Automatically repair broken packages
...
This partially reverts #7150 and avoids exceptions
inside the flow. Each time an empty active stage
is detected, Icinga tries to repair it from the
the given directory tree.
Also, the code now takes into account that it should
create the package storage on startup, whether within
the API object, or if disabled, inside the application.
Caching the active stages for packages in memory
only is in effect with the API feature being enabled.
This is useful for other deployed config packages,
not only the internal one.
fixes #7173
refs #7150
refs #7119
fixes #6959
2019-05-10 12:48:34 +02:00
Elias Ohm
4c86c370bb
fixup errbuf length in the other files and avoid using the static buffer in one place (for thread safety and code consistency reasons)
2019-05-09 09:30:12 +02:00
Elias Ohm
e75f063552
bring some things in line
...
- account for documented buffer size openssl 1.1.x for error string (>=256 bytes)
- use nullptr instead of NULL
- fix/streamline null-checks
2019-05-09 00:22:24 +02:00
Jean Flach
9a0d894f10
Don't use deprecated RSA_generate_key
...
fixes #4635
2019-05-08 23:46:31 +02:00
Michael Friedrich
03324b2fb6
Config packages: Catch active stage exceptions in rare cases
...
Typically this already is detected on startup.
2019-05-08 16:43:27 +02:00
Michael Friedrich
704aabcb63
Avoid dead-lock with config packages and active stages
2019-05-08 16:06:46 +02:00
Michael Friedrich
736e0806d7
Merge pull request #7164 from Icinga/bugfix/notification-times-validate
...
Improve validation for times.{begin,end} in notification objects
2019-05-07 15:58:44 +02:00
Michael Friedrich
296fc06890
Merge pull request #7163 from Icinga/bugfix/db-ido-reachable
...
DB IDO: Use cached reachable state
2019-05-07 15:21:21 +02:00
Michael Friedrich
8ae206cd5d
Improve validation for times.{begin,end} in notification objects
...
fixes #6939
2019-05-07 15:20:06 +02:00
Michael Friedrich
5553438249
DB IDO: Use cached reachable state
...
fixes #6844
2019-05-07 13:47:09 +02:00
Michael Friedrich
00bc0b2303
CLI: Return non-zero on unknown sub commands
...
fixes #6585
2019-05-07 12:43:53 +02:00
Michael Friedrich
4197bc9bcd
CLI: Fix updates for NodeName/ZoneName constants
...
fixes #7117
2019-05-06 10:19:56 +02:00
Michael Friedrich
edaaaae1e8
Merge pull request #7155 from Elias481/bugfix/evaluatefilter-assign-this-scope-6874
...
use current frame scope for permission filter function calls
2019-05-03 16:53:40 +02:00
Michael Friedrich
78e24c53f1
DB IDO: Do not deactivate objects during application reload/restart
...
This follows the same principle as with the shutdown handler,
and was introduced with the changed reload handling with 2.9.
Previously IsShuttingDown() was sufficient which got set at one
location.
SigUsr2 as handler introduced a new location where m_ShuttingDown
is not necessarily set yet. Since this handler gets called when
l_Restarting is enabled, we'll use this flag to avoid config update
events resulting in object deactivation (object->IsActive() always
returns false).
refs #5996
refs #6691
refs #6970
fixes #7125
2019-05-03 15:40:48 +02:00
htriem
75df3879f2
Implement sleep CheckCommand in memory
...
Implements a check task with Utility::Sleep and custom var parameter sleep_time (default value: 1s)
refs #6964
2019-05-02 16:24:42 +02:00
Elias Ohm
c10ff9dd72
try without initialization of frame Locals which are not used for permissions filter and as far as I can see also not for query filters
2019-05-02 09:03:30 +02:00
Elias Ohm
53febdea81
use current frame scope for permission filter function calls
2019-05-02 07:35:19 +02:00
Elias Ohm
cdd843a998
another small adjustment by the way just to ensure the object on stack ist the same as the one serialized further in case the object does not implement locking on mutation (besides it's mor efficient to not fetch the same value twice)
2019-05-01 12:09:24 +02:00
Elias Ohm
44ac6cf1ec
add some object locking to the Dump method (which could theoreticylly suffer from same reace condition as serializer)
2019-05-01 11:49:07 +02:00
Michael Friedrich
759b090f81
Merge pull request #7150 from Icinga/bugfix/api-config-package-active-stage-name
...
Ensure that runtime created API objects survive a restart
2019-04-30 14:22:13 +02:00
Michael Friedrich
f206cba394
Merge pull request #7152 from Elias481/fix/mysql8-headers-compatibility
...
account for adjusted interface of mysql8
2019-04-30 14:20:18 +02:00
Michael Friedrich
502c43fb12
Active packages: Don't try to fix broken config packages which are not cached yet
2019-04-30 12:19:35 +02:00
Michael Friedrich
8a258de9bc
Merge pull request #6734 from leeclemens/remove-redundant-indexes
...
db ido: remove redundant mysql indexes
2019-04-29 09:13:22 +02:00
Elias Ohm
615f019c2e
account for adjusted interface of mysql8 (now utilizes c99 bools instead of my_bool labelled chars)
2019-04-29 00:18:15 +02:00
Elias Ohm
91296c2a25
Lock Objects during serialization
...
old behaviour was to only lock arrays, dictionaries and namespaces but not other objects
2019-04-28 22:13:19 +02:00
Michael Friedrich
2bca7a5bb5
Repair broken API config packages at runtime
...
This means a new timer which checks every 5m whether the
active-stage can be read, and if not, it overwrites the
file on disk with the details from memory.
2019-04-26 14:53:36 +02:00
Michael Friedrich
f92c134b0a
Cluster: Don't try to sync objects from broken _api package
2019-04-26 14:43:38 +02:00
Michael Friedrich
0d6d48fd59
Daemon: Deal with exceptions from broken _api package
2019-04-26 14:43:10 +02:00
Michael Friedrich
c821e73364
Cache the API package stage name with a active-stage fallback
...
This prevents reading the file everytime the stageName is required
for when creating a runtime object via REST API.
2019-04-26 13:40:27 +02:00
Michael Friedrich
1078a0a824
Add --cn parameter to 'api setup' CLI command allowing hostname overrides
...
fixes #6649
2019-04-26 10:52:05 +02:00
Michael Friedrich
3dc9927284
Merge pull request #7124 from Icinga/bugfix/namespace-thread-safe
...
Namespace: place ObjectLock in all methods
2019-04-26 08:26:59 +02:00
Michael Friedrich
37de1a919b
Merge pull request #7088 from Icinga/feature/asio-event-queue
...
Implement new event queue for ASIO consumers
2019-04-25 16:54:43 +02:00
Michael Friedrich
a7873da89d
Eventqueue: Remove unused code
2019-04-25 16:21:07 +02:00
Alexander A. Klimov
e86e3cc234
EventsFilter#Push(): ensure not to modify the global namespace
2019-04-25 15:56:38 +02:00
Alexander A. Klimov
c209cf830b
/v1/events: don't over-consume CPU-bound threads
2019-04-25 15:56:38 +02:00
Alexander A. Klimov
5e8b4280bc
New event queue: handle empty filter
2019-04-25 15:56:38 +02:00
Alexander A. Klimov
94db282fd1
/v1/events: remove anti-deadlock hack
2019-04-25 15:56:38 +02:00
Alexander A. Klimov
81713d0509
/v1/events: use new event queue
2019-04-25 15:56:38 +02:00
Alexander A. Klimov
90d9cd9257
Feed new event queue with events
2019-04-25 15:56:38 +02:00
Alexander A. Klimov
7688994601
Implement new event queue for ASIO consumers
2019-04-25 15:56:38 +02:00
Michael Friedrich
a630d0185f
Merge pull request #6722 from Icinga/feature/notification-result
...
Add notification result store/sync
2019-04-25 15:56:14 +02:00
Michael Friedrich
0438c866f8
Merge pull request #7102 from Icinga/feature/boost-fs-7101
...
Replace self-written filesystem ops with boost.filesystem
2019-04-25 15:53:55 +02:00
Alexander A. Klimov
5afef1015d
Replace unlink() with boost::filesystem::remove()
...
refs #7101
2019-04-25 09:53:02 +02:00
Alexander A. Klimov
5a17722c1f
Replace _unlink() + rename() with boost::filesystem::rename()
...
refs #7101
2019-04-25 09:53:02 +02:00
Alexander A. Klimov
f1f7d0c4d6
Work around boost::filesystem::path bug on VS
...
refs #7101
2019-04-25 09:53:01 +02:00
Alexander A. Klimov
af78cd6050
Use Boost.Filesystem
...
refs #7101
2019-04-25 09:53:01 +02:00
Michael Friedrich
0d9d39c64b
Fix preprocessor macro comment
2019-04-25 08:25:28 +02:00
Alexander A. Klimov
ba842403ce
Fix circular #include
...
refs #6985
2019-04-25 08:25:28 +02:00
Alexander A. Klimov
5151f6567e
ThreadPool: use the Boost ASIO thread pool under the hood
2019-04-25 08:25:28 +02:00
Michael Friedrich
56894bea17
Buildfix
...
Obviously tired.
fixes #7138
fixes #7139
2019-04-24 12:10:57 +02:00
Michael Friedrich
df25b183cb
Add log message for log rotate; update docs
...
refs #6737
2019-04-24 11:53:27 +02:00
Alexander A. Klimov
7a8f8fd734
Timer::TimerThreadProc(): use C++11 lambda instead of bind()
...
refs #6737
2019-04-24 11:51:17 +02:00
Alexander A. Klimov
622f684124
StreamLogger#BindStream(): set #m_FlushLogTimer only if needed
...
refs #6737
2019-04-24 11:47:02 +02:00
Elias Ohm
52e3db279a
Fix for double-free (and possibly other memory-corruption related) crashes at logrotate time
...
this is a direct fix of the issue revealing the problem that leads to crash
verification done with a patched icinga2 where the execution-order of the code lines of counter-parts involved in re-incrementing/decrementing Timer:Ptr is forced to be the one that leads to the obeserverd segfaults
refs #6737
2019-04-24 11:42:54 +02:00
Michael Friedrich
43e9ae5f8d
Merge pull request #7135 from Icinga/feature/boost-asio-elasticsearchwriter
...
Use new I/O engine in ElasticsearchWriter
2019-04-23 14:53:00 +02:00
Michael Friedrich
1ac693bf13
Merge pull request #7137 from Icinga/bugfix/disconnect-log-more-spam
...
JsonRpcConnection: reduce log spam on disconnect
2019-04-23 14:50:18 +02:00
Alexander A. Klimov
3f0066e33b
Use new I/O engine in ElasticsearchWriter
2019-04-23 14:33:19 +02:00
Michael Friedrich
856877d1fe
Merge pull request #7134 from Icinga/feature/boost-asio-influxdbwriter
...
Use new I/O engine in InfluxdbWriter
2019-04-23 14:31:42 +02:00
Michael Friedrich
0f804d126b
Merge pull request #7133 from Icinga/feature/boost-asio-pki
...
Use new I/O engine in PkiUtility::FetchCert() and PkiUtility::RequestCertificate()
2019-04-23 14:27:48 +02:00
Alexander A. Klimov
a6cd3e65cb
JsonRpcConnection: reduce log spam on disconnect
2019-04-23 14:09:07 +02:00
Michael Friedrich
20d51d21dc
Merge pull request #7127 from Icinga/bugfix/replay-log
...
ApiListener#RotateLogFile(): don't overwrite previous log
2019-04-23 12:08:12 +02:00
Michael Friedrich
5fb191bbeb
Merge pull request #7126 from Icinga/bugfix/replay-logs-6932
...
ApiListener#ApiTimerHandler(): delete all replayed logs
2019-04-23 12:07:02 +02:00
Alexander A. Klimov
14fdfff770
Use new I/O engine in InfluxdbWriter
2019-04-23 11:59:37 +02:00
Michael Friedrich
dee8fbf248
Merge pull request #7128 from Icinga/feature/re-write-objectlock-7123
...
Re-write ObjectLock's implementation details
2019-04-23 11:53:40 +02:00
Alexander A. Klimov
c1fa07899c
Introduce OptionalTlsStream
2019-04-23 11:25:26 +02:00
Alexander A. Klimov
407e77883c
ApiListener#ReplayLog(): read current log file too instead of rotating
2019-04-18 17:22:36 +02:00
Alexander A. Klimov
997d84bfa0
ApiListener#RotateLogFile(): don't overwrite previous log
2019-04-18 17:22:33 +02:00
Alexander A. Klimov
9b489cf9b9
ApiListener#ApiTimerHandler(): delete all replayed logs
...
refs #6932
2019-04-18 17:00:40 +02:00
Alexander A. Klimov
d8c9fdf1d4
Make Object#m_Mutex std::recursive_mutex
...
refs #7123
2019-04-17 18:26:29 +02:00
Alexander A. Klimov
7e6868bc99
Make Object#m_LockOwner std::atomic<std: 🧵 :id>
...
refs #7123
2019-04-17 18:26:23 +02:00
Alexander A. Klimov
f9f998334d
ObjectLock: deduplicate constructors
...
refs #7123
2019-04-17 16:47:41 +02:00
Alexander A. Klimov
f44e847717
Rotate replay log on shutdown, not on startup
2019-04-17 14:18:20 +02:00
Michael Friedrich
02db12ae02
Merge pull request #7050 from Icinga/feature/previous-state-change
...
Implement previous_state_change
2019-04-17 13:17:41 +02:00
Michael Friedrich
3665430005
Merge pull request #7112 from Icinga/bugfix/service-handled
...
Include host state in Service#handled and Service#severity
2019-04-17 13:16:23 +02:00
Michael Friedrich
64568f5966
Merge pull request #7121 from Icinga/bugfix/concurrent-checks
...
Fix that MaxConcurrentChecks constant is overridden from 'checker' feature
2019-04-17 13:14:32 +02:00
Michael Friedrich
ab97d606db
Merge pull request #7122 from Icinga/bugfix/evaluatefilter-change-globals
...
FilterUtility::EvaluateFilter(): ensure not to modify the global namespace
2019-04-16 17:40:20 +02:00
Alexander A. Klimov
5afda77943
Namespace: place ObjectLock in all methods
2019-04-16 17:38:58 +02:00
Michael Friedrich
ecbfdc2732
Merge pull request #7113 from Elias481/fix/incorrect-usage-of-global-namespace-6874-6785
...
use dedicated permissions namespace for scriptframe in filterutility
2019-04-16 16:02:16 +02:00
Alexander A. Klimov
bdadb53940
FilterUtility::EvaluateFilter(): ensure not to modify the global namespace
2019-04-16 15:53:44 +02:00
Michael Friedrich
b906714254
Fix that MaxConcurrentChecks constant is overridden from 'checker' feature
...
Note: This drops the deprecated concurrent_checks setting from the checker feature
entirely and refactors the underlaying code handling.
Also affects ReloadTimeout which is new for 2.11.
fixes #7111
2019-04-16 15:04:57 +02:00
Michael Friedrich
44d0c9013b
Ignore synced config zones where no config item exists
...
The culprit is that we're in compiling configuration stage here,
we don't have access to `Zone::GetByName()` as objects have not
been activated yet.
Our best guess is from a config item loaded before (e.g. from zones.conf)
since no-one can sync zones via cluster config sync either.
It may not be 100% correct since the zone object itself may be invalid.
Still, if the zone object validator fails later, the config breaks either way.
The problem with removal of these directories is dealt by the cluster
config sync with stages.
refs #6727
refs #6716
2019-04-15 17:38:43 +02:00
Michael Friedrich
e0d9814feb
Merge pull request #7116 from Icinga/feature/no-reachable
...
Drop Checkable#reachable in favor of #last_reachable
2019-04-15 13:40:06 +02:00
Alexander A. Klimov
d7b63143cf
Drop Checkable#reachable in favor of #last_reachable
2019-04-12 13:03:11 +02:00
Elias Ohm
1e7cd4afc8
* use dedicated permissions namespace for scriptframe in filterutility to allow proper parallel execution
...
* fixes issue https://github.com/Icinga/icinga2/issues/6785 where permission checks get wrong result because permissions checks are done within a shared namespaces without using only unique keys
* mitigates issue https://github.com/Icinga/icinga2/issues/6874 where segmentation faults occur because of concurrent access to non threadsafe parts of namespace (a fix for thread safety of namespaces which would be an alternative approach to get rid of these segfaults is out of scope of this fix as 6785 needs to be fixed anyway and this is the straight-forwards) way to fix that
* do the same for eventqueue (not certain whether events can be processed in parallel but I expect it is the case)
2019-04-12 08:10:57 +02:00
Alexander A. Klimov
66949dd018
Service: reduce severity while host is down
2019-04-11 11:36:23 +02:00
Alexander A. Klimov
ae18536b0f
Service: be handled while host is down
2019-04-11 11:25:45 +02:00
Michael Friedrich
973b03dcb2
Merge pull request #7109 from Icinga/feature/enhance-cluster-message-send-code-docs
...
Improve code docs for cluster message routing conditions
2019-04-11 11:20:46 +02:00
Michael Friedrich
b24a3be083
Improve code docs for cluster message routing conditions
...
refs #6781
2019-04-10 14:17:36 +02:00
Michael Friedrich
2b3511d8a6
Merge pull request #7097 from Icinga/bugfix/disconnect-log-spam
...
JsonRpcConnection: reduce log spam on disconnect
2019-04-09 16:57:31 +02:00
Alexander A. Klimov
de04bb13a8
JsonRpcConnection: reduce log spam on disconnect
2019-04-09 13:53:41 +02:00
Alexander A. Klimov
896d447e11
Add Checkable#problem and #handled
2019-04-09 11:34:59 +02:00
Alexander A. Klimov
d33cfdf3c0
Declare Checkable#IsStateOK() const
2019-04-09 11:26:34 +02:00
Alexander A. Klimov
acf28fb5b0
Expose Checkable#reachable
2019-04-09 11:09:02 +02:00
Michael Friedrich
f177d8786d
HttpServerConnection: Log the user agent field for new requests too
...
refs #7041
2019-04-05 15:08:09 +02:00
Michael Friedrich
b1042c3689
Merge pull request #7076 from Icinga/bugfix/eventqueue-leak
...
/v1/events: terminate on disconnect
2019-04-05 10:31:30 +02:00
Alexander A. Klimov
2e4e2e1a79
/v1/events: don't deadlock other coroutines
2019-04-05 09:22:42 +02:00
Michael Friedrich
cd325410ec
Merge pull request #7078 from Icinga/feature/deprecate-command-pipe-adjust-logs
...
Deprecate ExternalCommandListener feature ('command') and adjust log warnings to the roadmap
2019-04-03 14:59:36 +02:00
Michael Friedrich
c785a0678f
Deprecate ExternalCommandListener feature ('command') and adjust log warnings to the roadmap
...
They won't be removed with 2.11 thus far. Users should
be guided to the roadmap which holds all details instead
of hardcoding a version in the code.
2019-04-03 14:39:10 +02:00
Michael Friedrich
84019ba27a
Fix notification skip for local non-API enabled setups
...
W/o local endpoint, these reminder notifications would
have been skipped otherwise.
PR #6935 improved the logging and made this problem visible.
Thanks @nilmerg :)
2019-04-03 13:50:21 +02:00
Michael Friedrich
5c3a9b77d7
Always update object authority, even w/o API feature
...
Regression from #7062
Thanks @nilmerg :)
2019-04-03 13:48:24 +02:00
Alexander A. Klimov
2e5af2922b
/v1/events: terminate on disconnect
2019-04-03 09:59:45 +02:00
Alexander A. Klimov
4c5ee0dbbf
EventQueue#WaitForEvent(): re-add timeout
2019-04-03 09:53:45 +02:00
Michael Friedrich
c6eaee611c
Merge pull request #7074 from Icinga/feature/cli-run-as-icinga-not-root
...
Impersonate as Icinga user, not root
2019-04-03 09:52:08 +02:00
Alexander A. Klimov
28d46052b0
HttpServerConnection#StartStreaming(): auto-detect disconnection
2019-04-03 09:50:52 +02:00
Michael Friedrich
c2f180395a
Merge pull request #7000 from Icinga/bugfix/goto-loop
...
Don't abuse goto for building simple loops
2019-04-03 09:46:17 +02:00
Alexander A. Klimov
c284cf0b68
HttpServerConnection: encapsulate streaming start indicator
2019-04-02 17:37:29 +02:00
Michael Friedrich
7ca8c3ec2f
Impersonate as Icinga user, not root
...
This requires write permissions for
- etc/features-*
- etc/*.conf
- var/{lib,cache}/icinga2/*
Typically permissions are handled by prepare-dirs,
or the respective CLI commands are run as root either way.
fixes #4947
2019-04-02 17:05:48 +02:00
Alexander A. Klimov
09a2e04f4b
EventQueue#WaitForEvent(): don't lock I/O thread while locking mutex
2019-04-02 14:38:06 +02:00
Alexander A. Klimov
cfd0d86b9b
Use C++11 atomics for our intrusive pointers
2019-04-02 13:54:30 +02:00
Alexander A. Klimov
00d859234e
Use new I/O engine in PkiUtility::FetchCert() and PkiUtility::RequestCertificate()
2019-04-01 17:18:00 +02:00
Alexander A. Klimov
6e7932f157
Add non-async overloads for JsonRpc::ReadMessage() and JsonRpc::SendMessage()
2019-04-01 17:11:10 +02:00
Alexander A. Klimov
f4a78380e9
Add non-async overloads for NetString::ReadStringFromStream() and NetString::WriteStringToStream()
2019-04-01 17:11:10 +02:00
Alexander A. Klimov
d1e87bdc45
Connect(): add non-async overload
2019-04-01 17:11:09 +02:00
Alexander A. Klimov
f2d9d91e83
Introduce UnbufferedAsioTlsStream#GetPeerCertificate()
2019-04-01 17:11:09 +02:00
Michael Friedrich
5c2aaf6380
Improve error logging on connection failure (cluster)
2019-04-01 16:13:37 +02:00
Alexander A. Klimov
64b2ac4b30
ApiListener: drop unused thread pool
2019-04-01 15:06:17 +02:00
Alexander A. Klimov
3a6caa2800
Respect Accept:application/json where possible
2019-04-01 13:31:16 +02:00
Alexander A. Klimov
24c9542b5b
HttpServerConnection: fix side effect of HTTP parser's default body limit
2019-04-01 13:31:16 +02:00
Alexander A. Klimov
d428bdf384
Add missing includes
2019-04-01 13:31:16 +02:00
Alexander A. Klimov
bf23e5392b
UnbufferedAsioTlsStream: don't rely on *this in decltype()s for methods' return types
2019-04-01 13:31:16 +02:00
Alexander A. Klimov
7ec1e638a8
Turn shortcut UnbufferedAsioTlsStream::Parent into a base class
2019-04-01 13:31:16 +02:00
Alexander A. Klimov
5b2c1f023d
Rename preventGc to keepAlive
2019-04-01 13:31:16 +02:00
Alexander A. Klimov
5208448b76
Restore the previous performance of replaying logs
2019-04-01 13:31:16 +02:00
Alexander A. Klimov
79e95d2355
Introduce JsonRpcConnection#SendMessageInternal()
2019-04-01 13:31:16 +02:00
Alexander A. Klimov
e6d78bf361
Move some TCP/TLS logic out of ApiListener
...
... for re-using it
2019-04-01 13:31:16 +02:00
Alexander A. Klimov
79220ee647
io-engine.hpp: fix missing namespace
2019-04-01 13:31:16 +02:00
Alexander A. Klimov
8b3efe5759
Introduce AsioConditionVariable
2019-04-01 13:31:16 +02:00
Alexander A. Klimov
d3392d1579
Rename AsioTlsStreamHack to UnbufferedAsioTlsStream
2019-04-01 13:31:16 +02:00
Alexander A. Klimov
e129c561d5
HttpServerConnection: don't disconnect during sending response
2019-04-01 13:31:16 +02:00
Alexander A. Klimov
b384f859c9
Make IoEngine::m_CpuBoundSemaphore signed
2019-04-01 13:31:16 +02:00
Alexander A. Klimov
326bf66255
ApiListener: use setsockopt(), not tcp::acceptor#set_option()
2019-04-01 13:31:16 +02:00
Alexander A. Klimov
b5fddaf3ce
ApiListener: log why bind(2) failed
2019-04-01 13:31:16 +02:00
Alexander A. Klimov
e26774c7f8
IoEngine: adjust I/O threads
2019-04-01 13:31:16 +02:00
Alexander A. Klimov
19625e62ef
ApiListener: fix self-made security hole
2019-04-01 13:31:16 +02:00
Alexander A. Klimov
87b0c452db
HttpServerConnection: re-add automatic disconnect
2019-04-01 13:31:16 +02:00
Alexander A. Klimov
f029fd4884
Re-add HttpServerConnection#Disconnect()
2019-04-01 13:31:16 +02:00
Alexander A. Klimov
16913cb977
JsonRpcConnection: add missing CpuBoundWork
2019-04-01 13:31:16 +02:00
Alexander A. Klimov
a451327b81
JsonRpcConnection: re-add num_json_rpc_work_queue_item_rate
2019-04-01 13:31:16 +02:00
Alexander A. Klimov
a54bd9d5c4
JsonRpcConnection: re-add automatic disconnect
2019-04-01 13:31:16 +02:00
Alexander A. Klimov
7aae8bd265
JsonRpcConnection: re-add heartbeats
2019-04-01 13:31:16 +02:00
Alexander A. Klimov
84b411501b
Re-add JsonRpcConnection#Disconnect()
2019-04-01 13:31:16 +02:00
Alexander A. Klimov
2d16b02520
ApiListener#NewClientHandlerInternal(): shut down TLS stream
2019-04-01 13:30:42 +02:00
Alexander A. Klimov
c46157d552
ApiListener: fix self-made security hole
2019-04-01 11:40:14 +02:00
Alexander A. Klimov
f9fff54da2
ApiListener: don't require a valid certificate for the TLS handshake to complete
2019-04-01 11:40:14 +02:00