2026-01-27 09:06:40 -05:00
|
|
|
// SPDX-FileCopyrightText: 2012 Icinga GmbH <https://icinga.com>
|
|
|
|
|
// SPDX-License-Identifier: GPL-2.0-or-later
|
2015-07-21 10:10:13 -04:00
|
|
|
|
|
|
|
|
#include "remote/configstageshandler.hpp"
|
2015-08-28 11:58:29 -04:00
|
|
|
#include "remote/configpackageutility.hpp"
|
2025-07-22 05:25:03 -04:00
|
|
|
#include "remote/configobjectslock.hpp"
|
2015-07-21 10:10:13 -04:00
|
|
|
#include "remote/httputility.hpp"
|
2015-09-28 02:57:25 -04:00
|
|
|
#include "remote/filterutility.hpp"
|
2015-07-21 10:10:13 -04:00
|
|
|
#include "base/application.hpp"
|
2022-03-07 11:52:08 -05:00
|
|
|
#include "base/defer.hpp"
|
2015-07-21 10:10:13 -04:00
|
|
|
#include "base/exception.hpp"
|
|
|
|
|
|
|
|
|
|
using namespace icinga;
|
|
|
|
|
|
|
|
|
|
REGISTER_URLHANDLER("/v1/config/stages", ConfigStagesHandler);
|
|
|
|
|
|
Handle concurrent config package updates gracefully
Previously, we used a simple boolean to track the state of the package updates,
and didn't reset it back when the config validation was successful because it was
assumed that if we successfully validated the config beforehand, then the worker
would also successfully reload the config afterwards, and that the old worker would
be terminated. However, this assumption is not always true due to a number of reasons
that I can't even think of right now, but the most obvious one is that after we successfully
validated the config, the config might have changed again before the worker was able
to reload it. If that happens, then the new worker might fail to successfully validate
the config due to the recent changes, in which case the old worker would remain active,
and this flag would still be set to true, causing any subsequent requests to fail with a
`423` until you manually restart the Icinga 2 service.
So, in order to prevent such a situation, we are additionally tracking the last time a reload
failed and allow to bypass the `m_RunningPackageUpdates` flag only if the last reload failed
time was changed since the previous request.
2025-06-18 05:58:18 -04:00
|
|
|
static bool l_RunningPackageUpdates(false);
|
|
|
|
|
// A timestamp that indicates the last time an Icinga 2 reload failed.
|
|
|
|
|
static double l_LastReloadFailedTime(0);
|
|
|
|
|
static std::mutex l_RunningPackageUpdatesMutex; // Protects the above two variables.
|
2022-03-07 11:52:08 -05:00
|
|
|
|
2019-02-15 04:33:01 -05:00
|
|
|
bool ConfigStagesHandler::HandleRequest(
|
2025-06-11 04:28:16 -04:00
|
|
|
const WaitGroup::Ptr&,
|
2026-01-22 06:41:21 -05:00
|
|
|
const HttpApiRequest& request,
|
|
|
|
|
HttpApiResponse& response,
|
2025-09-11 07:12:23 -04:00
|
|
|
boost::asio::yield_context& yc
|
2019-02-15 04:33:01 -05:00
|
|
|
)
|
2015-07-21 10:10:13 -04:00
|
|
|
{
|
2019-02-15 04:33:01 -05:00
|
|
|
namespace http = boost::beast::http;
|
|
|
|
|
|
2025-07-23 03:37:05 -04:00
|
|
|
auto url = request.Url();
|
|
|
|
|
auto user = request.User();
|
|
|
|
|
auto params = request.Params();
|
|
|
|
|
|
2019-02-15 04:33:01 -05:00
|
|
|
if (url->GetPath().size() > 5)
|
2015-09-28 10:08:14 -04:00
|
|
|
return false;
|
2015-07-28 07:57:59 -04:00
|
|
|
|
2019-02-15 04:33:01 -05:00
|
|
|
if (request.method() == http::verb::get)
|
2025-09-11 07:12:23 -04:00
|
|
|
HandleGet(request, response, yc);
|
2019-02-15 04:33:01 -05:00
|
|
|
else if (request.method() == http::verb::post)
|
2025-07-23 03:37:05 -04:00
|
|
|
HandlePost(request, response);
|
2019-02-15 04:33:01 -05:00
|
|
|
else if (request.method() == http::verb::delete_)
|
2025-07-23 03:37:05 -04:00
|
|
|
HandleDelete(request, response);
|
2015-07-21 10:10:13 -04:00
|
|
|
else
|
2015-09-28 10:08:14 -04:00
|
|
|
return false;
|
2015-07-21 10:10:13 -04:00
|
|
|
|
2015-07-28 07:57:59 -04:00
|
|
|
return true;
|
2015-07-21 10:10:13 -04:00
|
|
|
}
|
|
|
|
|
|
2025-09-11 07:12:23 -04:00
|
|
|
void ConfigStagesHandler::HandleGet(const HttpApiRequest& request, HttpApiResponse& response, boost::asio::yield_context& yc)
|
2015-07-21 10:10:13 -04:00
|
|
|
{
|
2019-02-15 04:33:01 -05:00
|
|
|
namespace http = boost::beast::http;
|
|
|
|
|
|
2025-07-23 03:37:05 -04:00
|
|
|
auto url = request.Url();
|
|
|
|
|
auto user = request.User();
|
|
|
|
|
auto params = request.Params();
|
|
|
|
|
|
2015-09-28 02:57:25 -04:00
|
|
|
FilterUtility::CheckPermission(user, "config/query");
|
|
|
|
|
|
2019-02-15 04:33:01 -05:00
|
|
|
if (url->GetPath().size() >= 4)
|
|
|
|
|
params->Set("package", url->GetPath()[3]);
|
2015-07-21 10:10:13 -04:00
|
|
|
|
2019-02-15 04:33:01 -05:00
|
|
|
if (url->GetPath().size() >= 5)
|
|
|
|
|
params->Set("stage", url->GetPath()[4]);
|
2015-07-21 10:10:13 -04:00
|
|
|
|
2015-08-28 11:58:29 -04:00
|
|
|
String packageName = HttpUtility::GetLastParameter(params, "package");
|
2015-07-29 07:39:58 -04:00
|
|
|
String stageName = HttpUtility::GetLastParameter(params, "stage");
|
2015-07-21 10:10:13 -04:00
|
|
|
|
2021-08-02 07:09:04 -04:00
|
|
|
if (!ConfigPackageUtility::ValidatePackageName(packageName))
|
2018-04-05 11:17:30 -04:00
|
|
|
return HttpUtility::SendJsonError(response, params, 400, "Invalid package name '" + packageName + "'.");
|
2015-09-22 11:58:12 -04:00
|
|
|
|
2021-08-02 07:09:04 -04:00
|
|
|
if (!ConfigPackageUtility::ValidateStageName(stageName))
|
2018-04-05 11:17:30 -04:00
|
|
|
return HttpUtility::SendJsonError(response, params, 400, "Invalid stage name '" + stageName + "'.");
|
2015-07-21 10:10:13 -04:00
|
|
|
|
2015-08-28 11:58:29 -04:00
|
|
|
std::vector<std::pair<String, bool> > paths = ConfigPackageUtility::GetFiles(packageName, stageName);
|
2015-07-21 10:10:13 -04:00
|
|
|
|
2015-08-28 11:58:29 -04:00
|
|
|
String prefixPath = ConfigPackageUtility::GetPackageDir() + "/" + packageName + "/" + stageName + "/";
|
2015-07-21 10:10:13 -04:00
|
|
|
|
2025-09-11 07:12:23 -04:00
|
|
|
auto generatorFunc = [&prefixPath](const std::pair<String, bool>& kv) -> Value {
|
|
|
|
|
return new Dictionary{
|
2018-01-11 05:17:38 -05:00
|
|
|
{ "type", kv.second ? "directory" : "file" },
|
2025-09-11 07:12:23 -04:00
|
|
|
{ "name", kv.first.SubStr(prefixPath.GetLength()) },
|
|
|
|
|
};
|
|
|
|
|
};
|
2015-07-21 10:10:13 -04:00
|
|
|
|
2025-09-11 07:12:23 -04:00
|
|
|
Dictionary::Ptr result = new Dictionary{{"results", new ValueGenerator{paths, generatorFunc}}};
|
|
|
|
|
result->Freeze();
|
2015-07-21 10:10:13 -04:00
|
|
|
|
2019-02-15 04:33:01 -05:00
|
|
|
response.result(http::status::ok);
|
2025-09-11 07:12:23 -04:00
|
|
|
HttpUtility::SendJsonBody(response, params, result, yc);
|
2015-07-21 10:10:13 -04:00
|
|
|
}
|
|
|
|
|
|
2026-01-22 06:41:21 -05:00
|
|
|
void ConfigStagesHandler::HandlePost(const HttpApiRequest& request, HttpApiResponse& response)
|
2015-07-21 10:10:13 -04:00
|
|
|
{
|
2019-02-15 04:33:01 -05:00
|
|
|
namespace http = boost::beast::http;
|
|
|
|
|
|
2025-07-23 03:37:05 -04:00
|
|
|
auto url = request.Url();
|
|
|
|
|
auto user = request.User();
|
|
|
|
|
auto params = request.Params();
|
|
|
|
|
|
2015-09-28 02:57:25 -04:00
|
|
|
FilterUtility::CheckPermission(user, "config/modify");
|
|
|
|
|
|
2019-02-15 04:33:01 -05:00
|
|
|
if (url->GetPath().size() >= 4)
|
|
|
|
|
params->Set("package", url->GetPath()[3]);
|
2015-07-21 10:10:13 -04:00
|
|
|
|
2015-08-28 11:58:29 -04:00
|
|
|
String packageName = HttpUtility::GetLastParameter(params, "package");
|
2015-07-21 10:10:13 -04:00
|
|
|
|
2021-08-02 07:09:04 -04:00
|
|
|
if (!ConfigPackageUtility::ValidatePackageName(packageName))
|
2018-04-05 11:17:30 -04:00
|
|
|
return HttpUtility::SendJsonError(response, params, 400, "Invalid package name '" + packageName + "'.");
|
2015-07-21 10:10:13 -04:00
|
|
|
|
2017-09-03 10:15:40 -04:00
|
|
|
bool reload = true;
|
2018-04-06 04:13:08 -04:00
|
|
|
|
2017-09-03 10:15:40 -04:00
|
|
|
if (params->Contains("reload"))
|
|
|
|
|
reload = HttpUtility::GetLastParameter(params, "reload");
|
|
|
|
|
|
2019-09-24 12:17:19 -04:00
|
|
|
bool activate = true;
|
|
|
|
|
|
|
|
|
|
if (params->Contains("activate"))
|
|
|
|
|
activate = HttpUtility::GetLastParameter(params, "activate");
|
|
|
|
|
|
2015-07-21 10:10:13 -04:00
|
|
|
Dictionary::Ptr files = params->Get("files");
|
|
|
|
|
|
|
|
|
|
String stageName;
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
if (!files)
|
|
|
|
|
BOOST_THROW_EXCEPTION(std::invalid_argument("Parameter 'files' must be specified."));
|
|
|
|
|
|
2019-09-24 12:17:19 -04:00
|
|
|
if (reload && !activate)
|
|
|
|
|
BOOST_THROW_EXCEPTION(std::invalid_argument("Parameter 'reload' must be false when 'activate' is false."));
|
|
|
|
|
|
2025-07-22 05:25:03 -04:00
|
|
|
ConfigObjectsSharedLock configObjectsSharedLock(std::try_to_lock);
|
|
|
|
|
if (!configObjectsSharedLock) {
|
|
|
|
|
HttpUtility::SendJsonError(response, params, 503, "Icinga is reloading");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
Handle concurrent config package updates gracefully
Previously, we used a simple boolean to track the state of the package updates,
and didn't reset it back when the config validation was successful because it was
assumed that if we successfully validated the config beforehand, then the worker
would also successfully reload the config afterwards, and that the old worker would
be terminated. However, this assumption is not always true due to a number of reasons
that I can't even think of right now, but the most obvious one is that after we successfully
validated the config, the config might have changed again before the worker was able
to reload it. If that happens, then the new worker might fail to successfully validate
the config due to the recent changes, in which case the old worker would remain active,
and this flag would still be set to true, causing any subsequent requests to fail with a
`423` until you manually restart the Icinga 2 service.
So, in order to prevent such a situation, we are additionally tracking the last time a reload
failed and allow to bypass the `m_RunningPackageUpdates` flag only if the last reload failed
time was changed since the previous request.
2025-06-18 05:58:18 -04:00
|
|
|
{
|
|
|
|
|
std::lock_guard runningPackageUpdatesLock(l_RunningPackageUpdatesMutex);
|
|
|
|
|
double currentReloadFailedTime = Application::GetLastReloadFailed();
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Once the m_RunningPackageUpdates flag is set, it typically remains set until the current worker process is
|
|
|
|
|
* terminated, in which case the new worker will have its own m_RunningPackageUpdates flag set to false.
|
|
|
|
|
* However, if the reload fails for any reason, the m_RunningPackageUpdates flag will remain set to true
|
|
|
|
|
* in the current worker process, which will prevent any further package updates from being processed until
|
|
|
|
|
* the next Icinga 2 restart.
|
|
|
|
|
*
|
|
|
|
|
* So, in order to prevent such a situation, we are additionally tracking the last time a reload failed
|
|
|
|
|
* and allow to bypass the m_RunningPackageUpdates flag only if the last reload failed time was changed
|
|
|
|
|
* since the previous request.
|
|
|
|
|
*/
|
|
|
|
|
if (l_RunningPackageUpdates && l_LastReloadFailedTime == currentReloadFailedTime) {
|
|
|
|
|
return HttpUtility::SendJsonError(
|
|
|
|
|
response, params, 423,
|
|
|
|
|
"Conflicting request, there is already an ongoing package update in progress. Please try it again later."
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
l_RunningPackageUpdates = true;
|
|
|
|
|
l_LastReloadFailedTime = currentReloadFailedTime;
|
2022-03-07 11:52:08 -05:00
|
|
|
}
|
|
|
|
|
|
Handle concurrent config package updates gracefully
Previously, we used a simple boolean to track the state of the package updates,
and didn't reset it back when the config validation was successful because it was
assumed that if we successfully validated the config beforehand, then the worker
would also successfully reload the config afterwards, and that the old worker would
be terminated. However, this assumption is not always true due to a number of reasons
that I can't even think of right now, but the most obvious one is that after we successfully
validated the config, the config might have changed again before the worker was able
to reload it. If that happens, then the new worker might fail to successfully validate
the config due to the recent changes, in which case the old worker would remain active,
and this flag would still be set to true, causing any subsequent requests to fail with a
`423` until you manually restart the Icinga 2 service.
So, in order to prevent such a situation, we are additionally tracking the last time a reload
failed and allow to bypass the `m_RunningPackageUpdates` flag only if the last reload failed
time was changed since the previous request.
2025-06-18 05:58:18 -04:00
|
|
|
auto resetPackageUpdates (Shared<Defer>::Make([]() {
|
|
|
|
|
std::lock_guard lock(l_RunningPackageUpdatesMutex);
|
|
|
|
|
l_RunningPackageUpdates = false;
|
|
|
|
|
}));
|
2022-03-07 11:52:08 -05:00
|
|
|
|
2021-02-02 04:16:04 -05:00
|
|
|
std::unique_lock<std::mutex> lock(ConfigPackageUtility::GetStaticPackageMutex());
|
2019-05-08 10:06:46 -04:00
|
|
|
|
2015-08-28 11:58:29 -04:00
|
|
|
stageName = ConfigPackageUtility::CreateStage(packageName, files);
|
2015-07-21 10:10:13 -04:00
|
|
|
|
|
|
|
|
/* validate the config. on success, activate stage and reload */
|
2022-03-07 11:52:08 -05:00
|
|
|
ConfigPackageUtility::AsyncTryActivateStage(packageName, stageName, activate, reload, resetPackageUpdates);
|
2015-07-21 10:10:13 -04:00
|
|
|
} catch (const std::exception& ex) {
|
2017-12-20 09:31:05 -05:00
|
|
|
return HttpUtility::SendJsonError(response, params, 500,
|
2018-04-06 04:13:08 -04:00
|
|
|
"Stage creation failed.",
|
|
|
|
|
DiagnosticInformation(ex));
|
2015-07-21 10:10:13 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2017-09-03 10:15:40 -04:00
|
|
|
String responseStatus = "Created stage. ";
|
2018-04-06 04:13:08 -04:00
|
|
|
|
|
|
|
|
if (reload)
|
|
|
|
|
responseStatus += "Reload triggered.";
|
|
|
|
|
else
|
|
|
|
|
responseStatus += "Reload skipped.";
|
2017-09-03 10:15:40 -04:00
|
|
|
|
2018-01-11 05:17:38 -05:00
|
|
|
Dictionary::Ptr result1 = new Dictionary({
|
|
|
|
|
{ "package", packageName },
|
|
|
|
|
{ "stage", stageName },
|
|
|
|
|
{ "code", 200 },
|
|
|
|
|
{ "status", responseStatus }
|
|
|
|
|
});
|
2015-07-21 10:10:13 -04:00
|
|
|
|
2018-01-11 05:17:38 -05:00
|
|
|
Dictionary::Ptr result = new Dictionary({
|
|
|
|
|
{ "results", new Array({ result1 }) }
|
|
|
|
|
});
|
2015-07-21 10:10:13 -04:00
|
|
|
|
2019-02-15 04:33:01 -05:00
|
|
|
response.result(http::status::ok);
|
2017-12-20 09:31:05 -05:00
|
|
|
HttpUtility::SendJsonBody(response, params, result);
|
2015-07-21 10:10:13 -04:00
|
|
|
}
|
|
|
|
|
|
2026-01-22 06:41:21 -05:00
|
|
|
void ConfigStagesHandler::HandleDelete(const HttpApiRequest& request, HttpApiResponse& response)
|
2015-07-21 10:10:13 -04:00
|
|
|
{
|
2019-02-15 04:33:01 -05:00
|
|
|
namespace http = boost::beast::http;
|
|
|
|
|
|
2025-07-23 03:37:05 -04:00
|
|
|
auto url = request.Url();
|
|
|
|
|
auto user = request.User();
|
|
|
|
|
auto params = request.Params();
|
|
|
|
|
|
2015-09-28 02:57:25 -04:00
|
|
|
FilterUtility::CheckPermission(user, "config/modify");
|
|
|
|
|
|
2019-02-15 04:33:01 -05:00
|
|
|
if (url->GetPath().size() >= 4)
|
|
|
|
|
params->Set("package", url->GetPath()[3]);
|
2015-07-21 10:10:13 -04:00
|
|
|
|
2019-02-15 04:33:01 -05:00
|
|
|
if (url->GetPath().size() >= 5)
|
|
|
|
|
params->Set("stage", url->GetPath()[4]);
|
2015-07-21 10:10:13 -04:00
|
|
|
|
2015-08-28 11:58:29 -04:00
|
|
|
String packageName = HttpUtility::GetLastParameter(params, "package");
|
2015-07-29 07:39:58 -04:00
|
|
|
String stageName = HttpUtility::GetLastParameter(params, "stage");
|
2015-07-21 10:10:13 -04:00
|
|
|
|
2021-08-02 07:09:04 -04:00
|
|
|
if (!ConfigPackageUtility::ValidatePackageName(packageName))
|
2018-04-05 11:17:30 -04:00
|
|
|
return HttpUtility::SendJsonError(response, params, 400, "Invalid package name '" + packageName + "'.");
|
2015-07-21 10:10:13 -04:00
|
|
|
|
2021-08-02 07:09:04 -04:00
|
|
|
if (!ConfigPackageUtility::ValidateStageName(stageName))
|
2018-04-05 11:17:30 -04:00
|
|
|
return HttpUtility::SendJsonError(response, params, 400, "Invalid stage name '" + stageName + "'.");
|
2015-07-21 10:10:13 -04:00
|
|
|
|
2025-07-22 05:25:03 -04:00
|
|
|
ConfigObjectsSharedLock lock(std::try_to_lock);
|
|
|
|
|
if (!lock) {
|
|
|
|
|
HttpUtility::SendJsonError(response, params, 503, "Icinga is reloading");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-21 10:10:13 -04:00
|
|
|
try {
|
2015-08-28 11:58:29 -04:00
|
|
|
ConfigPackageUtility::DeleteStage(packageName, stageName);
|
2015-07-21 10:10:13 -04:00
|
|
|
} catch (const std::exception& ex) {
|
2017-12-20 09:31:05 -05:00
|
|
|
return HttpUtility::SendJsonError(response, params, 500,
|
2018-04-05 11:17:30 -04:00
|
|
|
"Failed to delete stage '" + stageName + "' in package '" + packageName + "'.",
|
2018-04-06 04:13:08 -04:00
|
|
|
DiagnosticInformation(ex));
|
2015-07-21 10:10:13 -04:00
|
|
|
}
|
|
|
|
|
|
2018-01-11 05:17:38 -05:00
|
|
|
Dictionary::Ptr result1 = new Dictionary({
|
|
|
|
|
{ "code", 200 },
|
2018-04-06 04:13:08 -04:00
|
|
|
{ "package", packageName },
|
|
|
|
|
{ "stage", stageName },
|
2018-01-11 05:17:38 -05:00
|
|
|
{ "status", "Stage deleted." }
|
|
|
|
|
});
|
2015-07-21 10:10:13 -04:00
|
|
|
|
2018-01-11 05:17:38 -05:00
|
|
|
Dictionary::Ptr result = new Dictionary({
|
|
|
|
|
{ "results", new Array({ result1 }) }
|
|
|
|
|
});
|
2015-07-21 10:10:13 -04:00
|
|
|
|
2019-02-15 04:33:01 -05:00
|
|
|
response.result(http::status::ok);
|
2017-12-20 09:31:05 -05:00
|
|
|
HttpUtility::SendJsonBody(response, params, result);
|
2015-07-21 10:10:13 -04:00
|
|
|
}
|
