upstream/icinga2
1
0
Fork 0
mirror of https://github.com/Icinga/icinga2.git synced 2026-04-21 22:29:50 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 8
13197 commits 291 branches 130 tags 195 MiB
Commit graph

1035 commits

Author SHA1 Message Date
Michael Friedrich
a4b48fc7f4 Update code docs 2019-06-19 14:46:11 +02:00
Michael Friedrich
fcc1799a5d Split config file sync updates, part I 
This commit also introduces a playground for checksums,
whilst refactoring the code in large parts.
 2019-06-19 14:46:11 +02:00
Michael Friedrich
9df389a843 Improve logging for ignored config updates where we are authoritative for (config master) 2019-06-19 14:46:11 +02:00
Michael Friedrich
efc2289178 Remove duplicated validation paths in function signatures 2019-06-19 14:46:11 +02:00
Michael Friedrich
043824a6a9 Leave partial deletes as is, this is dealt with stage purge later 2019-06-19 14:46:11 +02:00
Michael Friedrich
b3fa51a5dc Code Documentation: Config file sync 
Adds headers to all functions including parameters. This unveils
certain unused ones too.
 2019-06-19 14:46:11 +02:00
Michael Friedrich
604a8a041d Update log message and implement recursive diff delete 2019-06-19 14:46:11 +02:00
Michael Friedrich
2acf3a6941 Indicate a warning in the 'icinga' check when cluster stage validation failed 
- success: clear the last failed attribute
- failed: populate it with the output and current timestamp

This can be used to highlight this in the 'icinga' check task.
Since 2.9 we don't have problems with circular library dependencies
with just one linked binary, therefore it is safe to include libremote
in libmethods here.
 2019-06-19 14:46:11 +02:00
Michael Friedrich
46cb806b3f Add a note for config updates V1 and V2 
Old clients sync !.conf via update_v2 message, we cannot
remove this handling for the time being.
 2019-06-19 14:46:11 +02:00
Michael Friedrich
83c11962b2 Only remove directories if they exist during sync 2019-06-19 14:46:11 +02:00
Michael Friedrich
4e9439f2d8 Ensure that config master zones.d -> var-api-zones sync removes deleted files 2019-06-19 14:46:11 +02:00
Michael Friedrich
9d53db1401 Purge stage and production directories before copying files 
The cluster-message -> production diff is still intact, we're
just taking care of unwanted/deleted files here.
 2019-06-19 14:46:11 +02:00
Michael Friedrich
86108e6a1e Improve logging and code quality 2019-06-19 14:46:11 +02:00
Michael Friedrich
fb367e12cc Store the last failed zone stage sync validation as runtime ApiListener attribute 2019-06-19 14:46:11 +02:00
Michael Friedrich
a91bbe8acd Fix constant value for zone var override 2019-06-19 14:46:11 +02:00
Michael Friedrich
e3e68caaa3 Inherit parent process arguments for defined path constants 2019-06-19 14:46:11 +02:00
Michael Friedrich
e545884952 Improve logging for staged config sync 2019-06-19 14:46:11 +02:00
Michael Friedrich
1853254201 Pass the zonesVar override around 2019-06-19 14:46:11 +02:00
Michael Friedrich
2ed56b50a4 Ensure directory paths are created from stage -> prod 2019-06-19 14:46:11 +02:00
Michael Friedrich
c2d7063ae7 Better signal for checking the cluster config sync stage (ignore production) 2019-06-19 14:46:11 +02:00
Michael Friedrich
506eee2f7d Fix crash 2019-06-19 14:46:11 +02:00
Michael Friedrich
2c39d69428 Implement first draft for cluster config staged sync 2019-06-19 14:46:11 +02:00
Alexander A. Klimov
42a33cdc7d Fix build errors with Boost v1.70 
refs #7237
 2019-06-07 16:30:34 +02:00
Michael Friedrich
b32d818d1b CLI: Allow to list removed CSRs with 'ca list' 2019-06-07 10:33:55 +02:00
Andrew Jaffie
429f1ed317 Ignore repeated requests from client after using ca remove command 2019-06-07 10:33:55 +02:00
Michael Friedrich
6a8823f879 Avoid concurrent cluster config sync transactions 
fixes #6660
 2019-06-05 15:23:28 +02:00
Michael Friedrich
ef72cd4442
Merge pull request #7220 from Icinga/bugfix/asio-error-handling 
Improve error handling with network connections (Boost ASIO)
 2019-06-05 14:43:31 +02:00
Michael Friedrich
18211ddd23
Merge pull request #7209 from Icinga/bugfix/immediately-close-sockets 
Close server connections and shutdown coroutines immediately on disconnect
 2019-06-05 14:40:24 +02:00
Alexander A. Klimov
ad28380884 Close server connections and shutdown coroutines immediately on disconnect 2019-06-05 10:42:03 +02:00
Michael Friedrich
fd9887c5af API: Harden default cipher list 
According to https://www.acunetix.com/blog/articles/tls-ssl-cipher-hardening/
 2019-06-05 09:55:43 +02:00
Michael Friedrich
3798089642 Improve error handling with network connections (Boost ASIO) 
refs #7041
 2019-06-05 09:42:51 +02:00
Michael Friedrich
146b337d4d
Merge pull request #7211 from Icinga/feature/asio-tls-version 
Require TLS 1.2 for Cluster & REST API
 2019-06-03 16:19:22 +02:00
Michael Friedrich
d82c067555 Require TLS 1.2 for Cluster & REST API 
refs #7041
 2019-05-29 17:08:36 +02:00
Michael Friedrich
438da67209
Merge pull request #7210 from Icinga/bugfix/boost-asio-deprecated 
Quality: Replace deprecated get_io_service() with get_executor().context() for Boost ASIO
 2019-05-29 15:40:19 +02:00
Michael Friedrich
59b95ed1f0 Quality: Replace deprecated get_io_service() with get_executor().context() for Boost ASIO 
refs #7041
 2019-05-29 14:36:10 +02:00
Michael Friedrich
120aba3919 Quality: Removed unused HttpChunkedEncoding class 2019-05-28 13:46:19 +02:00
Michael Friedrich
e606d14705 Quality: Clean JsonRPC class and add function docs 2019-05-24 15:50:43 +02:00
Michael Friedrich
f933aafd29 Quality: Purge old HTTP code in lib/remote 2019-05-24 15:50:43 +02:00
Michael Friedrich
af42e2dfc0
Merge pull request #7178 from Icinga/bugfix/api-package-repair 
API: Automatically repair broken _api package
 2019-05-10 14:40:48 +02:00
Michael Friedrich
6c9c65323e Workaround for boost::filesystem and Visual Studio on Windows 2019-05-10 13:38:12 +02:00
Michael Friedrich
6cce9c0fdd API: Automatically repair broken packages 
This partially reverts #7150 and avoids exceptions
inside the flow. Each time an empty active stage
is detected, Icinga tries to repair it from the
the given directory tree.

Also, the code now takes into account that it should
create the package storage on startup, whether within
the API object, or if disabled, inside the application.

Caching the active stages for packages in memory
only is in effect with the API feature being enabled.
This is useful for other deployed config packages,
not only the internal one.

fixes #7173
refs #7150
refs #7119
fixes #6959
 2019-05-10 12:48:34 +02:00
Elias Ohm
4c86c370bb fixup errbuf length in the other files and avoid using the static buffer in one place (for thread safety and code consistency reasons) 2019-05-09 09:30:12 +02:00
Michael Friedrich
03324b2fb6 Config packages: Catch active stage exceptions in rare cases 
Typically this already is detected on startup.
 2019-05-08 16:43:27 +02:00
Michael Friedrich
704aabcb63 Avoid dead-lock with config packages and active stages 2019-05-08 16:06:46 +02:00
Elias Ohm
c10ff9dd72 try without initialization of frame Locals which are not used for permissions filter and as far as I can see also not for query filters 2019-05-02 09:03:30 +02:00
Elias Ohm
53febdea81 use current frame scope for permission filter function calls 2019-05-02 07:35:19 +02:00
Michael Friedrich
502c43fb12 Active packages: Don't try to fix broken config packages which are not cached yet 2019-04-30 12:19:35 +02:00
Michael Friedrich
2bca7a5bb5 Repair broken API config packages at runtime 
This means a new timer which checks every 5m whether the
active-stage can be read, and if not, it overwrites the
file on disk with the details from memory.
 2019-04-26 14:53:36 +02:00
Michael Friedrich
f92c134b0a Cluster: Don't try to sync objects from broken _api package 2019-04-26 14:43:38 +02:00
Michael Friedrich
c821e73364 Cache the API package stage name with a active-stage fallback 
This prevents reading the file everytime the stageName is required
for when creating a runtime object via REST API.
 2019-04-26 13:40:27 +02:00
Michael Friedrich
37de1a919b
Merge pull request #7088 from Icinga/feature/asio-event-queue 
Implement new event queue for ASIO consumers
 2019-04-25 16:54:43 +02:00
Michael Friedrich
a7873da89d Eventqueue: Remove unused code 2019-04-25 16:21:07 +02:00
Alexander A. Klimov
e86e3cc234 EventsFilter#Push(): ensure not to modify the global namespace 2019-04-25 15:56:38 +02:00
Alexander A. Klimov
c209cf830b /v1/events: don't over-consume CPU-bound threads 2019-04-25 15:56:38 +02:00
Alexander A. Klimov
5e8b4280bc New event queue: handle empty filter 2019-04-25 15:56:38 +02:00
Alexander A. Klimov
94db282fd1 /v1/events: remove anti-deadlock hack 2019-04-25 15:56:38 +02:00
Alexander A. Klimov
81713d0509 /v1/events: use new event queue 2019-04-25 15:56:38 +02:00
Alexander A. Klimov
7688994601 Implement new event queue for ASIO consumers 2019-04-25 15:56:38 +02:00
Michael Friedrich
0438c866f8
Merge pull request #7102 from Icinga/feature/boost-fs-7101 
Replace self-written filesystem ops with boost.filesystem
 2019-04-25 15:53:55 +02:00
Alexander A. Klimov
5afef1015d Replace unlink() with boost::filesystem::remove() 
refs #7101
 2019-04-25 09:53:02 +02:00
Alexander A. Klimov
5a17722c1f Replace _unlink() + rename() with boost::filesystem::rename() 
refs #7101
 2019-04-25 09:53:02 +02:00
Alexander A. Klimov
ba842403ce Fix circular #include 
refs #6985
 2019-04-25 08:25:28 +02:00
Michael Friedrich
1ac693bf13
Merge pull request #7137 from Icinga/bugfix/disconnect-log-more-spam 
JsonRpcConnection: reduce log spam on disconnect
 2019-04-23 14:50:18 +02:00
Michael Friedrich
0f804d126b
Merge pull request #7133 from Icinga/feature/boost-asio-pki 
Use new I/O engine in PkiUtility::FetchCert() and PkiUtility::RequestCertificate()
 2019-04-23 14:27:48 +02:00
Alexander A. Klimov
a6cd3e65cb JsonRpcConnection: reduce log spam on disconnect 2019-04-23 14:09:07 +02:00
Michael Friedrich
20d51d21dc
Merge pull request #7127 from Icinga/bugfix/replay-log 
ApiListener#RotateLogFile(): don't overwrite previous log
 2019-04-23 12:08:12 +02:00
Michael Friedrich
5fb191bbeb
Merge pull request #7126 from Icinga/bugfix/replay-logs-6932 
ApiListener#ApiTimerHandler(): delete all replayed logs
 2019-04-23 12:07:02 +02:00
Alexander A. Klimov
407e77883c ApiListener#ReplayLog(): read current log file too instead of rotating 2019-04-18 17:22:36 +02:00
Alexander A. Klimov
997d84bfa0 ApiListener#RotateLogFile(): don't overwrite previous log 2019-04-18 17:22:33 +02:00
Alexander A. Klimov
9b489cf9b9 ApiListener#ApiTimerHandler(): delete all replayed logs 
refs #6932
 2019-04-18 17:00:40 +02:00
Alexander A. Klimov
f44e847717 Rotate replay log on shutdown, not on startup 2019-04-17 14:18:20 +02:00
Michael Friedrich
64568f5966
Merge pull request #7121 from Icinga/bugfix/concurrent-checks 
Fix that MaxConcurrentChecks constant is overridden from 'checker' feature
 2019-04-17 13:14:32 +02:00
Michael Friedrich
ab97d606db
Merge pull request #7122 from Icinga/bugfix/evaluatefilter-change-globals 
FilterUtility::EvaluateFilter(): ensure not to modify the global namespace
 2019-04-16 17:40:20 +02:00
Alexander A. Klimov
bdadb53940 FilterUtility::EvaluateFilter(): ensure not to modify the global namespace 2019-04-16 15:53:44 +02:00
Michael Friedrich
b906714254 Fix that MaxConcurrentChecks constant is overridden from 'checker' feature 
Note: This drops the deprecated concurrent_checks setting from the checker feature
entirely and refactors the underlaying code handling.

Also affects ReloadTimeout which is new for 2.11.

fixes #7111
 2019-04-16 15:04:57 +02:00
Elias Ohm
1e7cd4afc8 * use dedicated permissions namespace for scriptframe in filterutility to allow proper parallel execution 
* fixes issue https://github.com/Icinga/icinga2/issues/6785 where permission checks get wrong result because permissions checks are done within a shared namespaces without using only unique keys
  * mitigates issue https://github.com/Icinga/icinga2/issues/6874 where segmentation faults occur because of concurrent access to non threadsafe parts of namespace (a fix for thread safety of namespaces which would be an alternative approach to get rid of these segfaults is out of scope of this fix as 6785 needs to be fixed anyway and this is the straight-forwards) way to fix that
* do the same for eventqueue (not certain whether events can be processed in parallel but I expect it is the case)
 2019-04-12 08:10:57 +02:00
Michael Friedrich
973b03dcb2
Merge pull request #7109 from Icinga/feature/enhance-cluster-message-send-code-docs 
Improve code docs for cluster message routing conditions
 2019-04-11 11:20:46 +02:00
Michael Friedrich
b24a3be083 Improve code docs for cluster message routing conditions 
refs #6781
 2019-04-10 14:17:36 +02:00
Alexander A. Klimov
de04bb13a8 JsonRpcConnection: reduce log spam on disconnect 2019-04-09 13:53:41 +02:00
Michael Friedrich
f177d8786d HttpServerConnection: Log the user agent field for new requests too 
refs #7041
 2019-04-05 15:08:09 +02:00
Michael Friedrich
b1042c3689
Merge pull request #7076 from Icinga/bugfix/eventqueue-leak 
/v1/events: terminate on disconnect
 2019-04-05 10:31:30 +02:00
Alexander A. Klimov
2e4e2e1a79 /v1/events: don't deadlock other coroutines 2019-04-05 09:22:42 +02:00
Michael Friedrich
5c3a9b77d7 Always update object authority, even w/o API feature 
Regression from #7062

Thanks @nilmerg :)
 2019-04-03 13:48:24 +02:00
Alexander A. Klimov
2e5af2922b /v1/events: terminate on disconnect 2019-04-03 09:59:45 +02:00
Alexander A. Klimov
4c5ee0dbbf EventQueue#WaitForEvent(): re-add timeout 2019-04-03 09:53:45 +02:00
Alexander A. Klimov
28d46052b0 HttpServerConnection#StartStreaming(): auto-detect disconnection 2019-04-03 09:50:52 +02:00
Alexander A. Klimov
c284cf0b68 HttpServerConnection: encapsulate streaming start indicator 2019-04-02 17:37:29 +02:00
Alexander A. Klimov
09a2e04f4b EventQueue#WaitForEvent(): don't lock I/O thread while locking mutex 2019-04-02 14:38:06 +02:00
Alexander A. Klimov
00d859234e Use new I/O engine in PkiUtility::FetchCert() and PkiUtility::RequestCertificate() 2019-04-01 17:18:00 +02:00
Alexander A. Klimov
6e7932f157 Add non-async overloads for JsonRpc::ReadMessage() and JsonRpc::SendMessage() 2019-04-01 17:11:10 +02:00
Alexander A. Klimov
f2d9d91e83 Introduce UnbufferedAsioTlsStream#GetPeerCertificate() 2019-04-01 17:11:09 +02:00
Michael Friedrich
5c2aaf6380 Improve error logging on connection failure (cluster) 2019-04-01 16:13:37 +02:00
Alexander A. Klimov
64b2ac4b30 ApiListener: drop unused thread pool 2019-04-01 15:06:17 +02:00
Alexander A. Klimov
3a6caa2800 Respect Accept:application/json where possible 2019-04-01 13:31:16 +02:00
Alexander A. Klimov
24c9542b5b HttpServerConnection: fix side effect of HTTP parser's default body limit 2019-04-01 13:31:16 +02:00
Alexander A. Klimov
d428bdf384 Add missing includes 2019-04-01 13:31:16 +02:00
Alexander A. Klimov
5b2c1f023d Rename preventGc to keepAlive 2019-04-01 13:31:16 +02:00
Alexander A. Klimov
5208448b76 Restore the previous performance of replaying logs 2019-04-01 13:31:16 +02:00
Alexander A. Klimov
79e95d2355 Introduce JsonRpcConnection#SendMessageInternal() 2019-04-01 13:31:16 +02:00
Alexander A. Klimov
e6d78bf361 Move some TCP/TLS logic out of ApiListener 
... for re-using it
 2019-04-01 13:31:16 +02:00
Alexander A. Klimov
8b3efe5759 Introduce AsioConditionVariable 2019-04-01 13:31:16 +02:00
Alexander A. Klimov
e129c561d5 HttpServerConnection: don't disconnect during sending response 2019-04-01 13:31:16 +02:00
Alexander A. Klimov
326bf66255 ApiListener: use setsockopt(), not tcp::acceptor#set_option() 2019-04-01 13:31:16 +02:00
Alexander A. Klimov
b5fddaf3ce ApiListener: log why bind(2) failed 2019-04-01 13:31:16 +02:00
Alexander A. Klimov
19625e62ef ApiListener: fix self-made security hole 2019-04-01 13:31:16 +02:00
Alexander A. Klimov
87b0c452db HttpServerConnection: re-add automatic disconnect 2019-04-01 13:31:16 +02:00
Alexander A. Klimov
f029fd4884 Re-add HttpServerConnection#Disconnect() 2019-04-01 13:31:16 +02:00
Alexander A. Klimov
16913cb977 JsonRpcConnection: add missing CpuBoundWork 2019-04-01 13:31:16 +02:00
Alexander A. Klimov
a451327b81 JsonRpcConnection: re-add num_json_rpc_work_queue_item_rate 2019-04-01 13:31:16 +02:00
Alexander A. Klimov
a54bd9d5c4 JsonRpcConnection: re-add automatic disconnect 2019-04-01 13:31:16 +02:00
Alexander A. Klimov
7aae8bd265 JsonRpcConnection: re-add heartbeats 2019-04-01 13:31:16 +02:00
Alexander A. Klimov
84b411501b Re-add JsonRpcConnection#Disconnect() 2019-04-01 13:31:16 +02:00
Alexander A. Klimov
2d16b02520 ApiListener#NewClientHandlerInternal(): shut down TLS stream 2019-04-01 13:30:42 +02:00
Alexander A. Klimov
c46157d552 ApiListener: fix self-made security hole 2019-04-01 11:40:14 +02:00
Alexander A. Klimov
f9fff54da2 ApiListener: don't require a valid certificate for the TLS handshake to complete 2019-04-01 11:40:14 +02:00
Alexander A. Klimov
6c86c127f1 Port JsonRpcConnection to Boost ASIO 2019-04-01 11:40:14 +02:00
Alexander A. Klimov
c76947e8b9 JsonRpc::ReadMessage(): add Boost ASIO overload 2019-04-01 11:40:14 +02:00
Alexander A. Klimov
48b5824e37 ApiListener: send icinga::Hello message 2019-04-01 11:40:14 +02:00
Alexander A. Klimov
49ac7777e0 JsonRpc::SendMessage(): add Boost ASIO overload 2019-04-01 11:40:14 +02:00
Alexander A. Klimov
832365195d ApiListener: connect(2) via Boost ASIO 2019-04-01 11:40:14 +02:00
Alexander A. Klimov
e9a64abd09 ApiListener#ListenerCoroutineProc(): catch more edge cases 2019-04-01 11:40:14 +02:00
Alexander A. Klimov
a6813ec786 ApiListener: restore previous bind(2) behavior 2019-04-01 11:40:14 +02:00
Alexander A. Klimov
493a97f4f3 EnsureAcceptHeader(): fix wrong condition 2019-04-01 11:40:14 +02:00
Alexander A. Klimov
8c5d629d35 /v1/events: don't truncate any events 2019-04-01 11:40:14 +02:00
Alexander A. Klimov
7681ec10a4 /v1/events: don't lock I/O thread 2019-04-01 11:40:14 +02:00
Alexander A. Klimov
fd239ba3fe Adjust /v1/events, too 2019-04-01 11:40:14 +02:00
Alexander A. Klimov
1941c1da28 Adjust all HTTP handlers (ex. /v1/events) 2019-04-01 11:40:14 +02:00
Alexander A. Klimov
9ae1d732af HttpServerConnection: actually handle requests 2019-04-01 11:40:14 +02:00
Alexander A. Klimov
7fe0431ada HttpServerConnection: verify requests via Boost ASIO + Beast 2019-04-01 11:40:14 +02:00
Alexander A. Klimov
04a9879acc Add HttpUtility::SendJsonError() overload for Boost/Beast 2019-04-01 11:40:14 +02:00
Alexander A. Klimov
fc22cbaf09 Add HttpUtility::SendJsonBody() overload for Boost/Beast 2019-04-01 11:40:14 +02:00
Alexander A. Klimov
e21956e26e ApiListener: detect protocol 2019-04-01 11:40:14 +02:00
Alexander A. Klimov
539855bac1 ApiListener: verify peer 2019-04-01 11:40:14 +02:00
Alexander A. Klimov
720c53ab77 ApiListener: perform TLS handshake 2019-04-01 11:40:14 +02:00
Alexander A. Klimov
2615967e7f Make ApiListener#m_SSLContext a Boost ASIO SSL context 2019-04-01 11:40:14 +02:00
Alexander A. Klimov
e4f3422b3a ApiListener: listen(2) via Boost ASIO 2019-04-01 11:40:14 +02:00
Michael Friedrich
4a26a48778 Code Quality: Move authority.cpp into the ApiListener class scope 2019-04-01 08:51:18 +02:00
Michael Friedrich
149f640fd8 Improve DB IDO HA failover behaviour 
- Decrease Object Authority updates to 10s (was 30s)
- Decrease failover timeout to 30s (was 60s)
- Decrease cold startup (after (re)start) with no OA updates to 30s (was 60s)
- Immediately connect on Resume()
- Fix query priority which got broken with #6970
- Add more logging when a failover is in progress

```
[2019-03-29 16:13:53 +0100] information/IdoMysqlConnection: Last update by endpoint 'master1' was 8.33246s ago (< failover timeout of 30s). Retrying.

[2019-03-29 16:14:23 +0100] information/IdoMysqlConnection: Last update by endpoint 'master1' was 38.3288s ago. Taking over 'ido-mysql' in HA zone 'master'.
```

- Add more logging for reconnect and disconnect handling
- Add 'last_failover' attribute to IDO*Connection objects

refs #6970
 2019-04-01 08:50:00 +02:00
Michael Friedrich
804c00ece5
Merge pull request #6999 from Icinga/bugfix/compiler-warnings 
Suppress or fix compiler warnings
 2019-03-18 08:44:30 +01:00
Alexander A. Klimov
bf92e32496 Suppress or fix compiler warnings 2019-03-08 14:07:29 +01:00
Alexander A. Klimov
37b044ecda PkiUtility::NewCa(): just warn if the CA files already exist 2019-03-01 14:37:45 +01:00
Michael Friedrich
e2df11520e
Merge pull request #6970 from Icinga/bugfix/perfdata-gaps 
Improve reload handling for features (metric & queue flush, activation priority)
 2019-02-26 15:38:15 +01:00
Michael Friedrich
458f997a18 Replace Copyright header with a short version, part II 2019-02-25 15:09:36 +01:00
Michael Friedrich
d14a88235d Replace Copyright header with a short version, part I 
CLion -> replace in path
 2019-02-25 14:48:22 +01:00
Michael Friedrich
ab7a799369 Implement ReloadTimeout constant and wait for enqueued checks on Stop() 2019-02-25 09:03:47 +01:00
Alexander A. Klimov
9558ebc0f4 Secure ApiUser::GetByAuthHeader() against timing attacks 2019-02-22 16:59:36 +01:00
Michael Friedrich
b08d485a41
Merge pull request #6857 from Icinga/bugfix/check_nscp_api-query-sorted-6536 
Url#m_Query: preserve order
 2019-02-11 17:57:32 +01:00
Peter Eckel
5d59863725 Avoid duplicating non-zero count message replay messages in the debug log 2019-02-11 13:54:17 +01:00
Michael Friedrich
b16c22448e Cluster: Delete object message should log that 
Atm it is a copy-paste error and irritates during debugging.
Coming from my analysis of existing cluster messages.
 2019-01-28 17:39:22 +01:00
Jean Flach
2aff6a5887 Don't run UpdateObjectAuthority for Comments and Downtimes 2019-01-10 11:44:14 +01:00
Michael Friedrich
e1a941e5c7
Merge pull request #6880 from Icinga/bugfix/pki-requestcertificate-no-cert 
pki::RequestCertificate: handle missing certificate/CSR
 2019-01-09 09:30:27 +01:00
Alexander A. Klimov
4a7960f21b pki::RequestCertificate: handle missing certificate/CSR 2019-01-08 11:49:44 +01:00
Alexander A. Klimov
f4ab0737d1 HttpServerConnection#DataAvailableHandler(): reduce log spam 2019-01-07 15:32:19 +01:00
Alexander A. Klimov
eeb609d4ae Url#m_Query: preserve order 
refs #6536
 2018-12-21 11:52:37 +01:00
Michael Friedrich
b58ce84b0e
Merge pull request #6817 from Icinga/bugfix/stalled-tls-connections-6816 
HttpServerConnection#DataAvailableHandler(): be aware of being called multiple times concurrently
 2018-12-05 11:35:35 +01:00
Alexander A. Klimov
7e630c7732 HttpServerConnection#DataAvailableHandler(): be aware of being called multiple times concurrently 
refs #6816
 2018-12-03 19:05:41 +01:00
Michael Friedrich
5f25eb6b2d Add a code comment for connection: close handling 2018-12-03 14:40:50 +01:00
Sven Wegener
a83dbc9de5 Restore 'Connection: close' behaviour in HTTP responses 
Actually the `corked` functionality caused problems with
not closing connections properly.

Full Analysis: https://github.com/Icinga/icinga2/issues/6799#issuecomment-443710338

Full credits to @swegener :)

fixes #6799
 2018-12-03 14:27:37 +01:00
Alexander A. Klimov
8de5326d23 Remove redundand check for object existence on creation via API 
refs #3937
 2018-11-29 17:51:53 +01:00
Michael Friedrich
5406ce6540 Ensure that API/JSON-RPC messages in the same session are processed and not stalled 
This basically drops the "corked" implementation which just stalled the
TLS IO polling after some requests. If you need sort of rate limiting
for these events, use an external TLS proxy which terminates that in front
of Icinga.

fixes #6635
 2018-10-29 12:57:24 +01:00
Michael Friedrich
6de4cef3ae
Merge pull request #6719 from Icinga/fix/finished-reconnect-message 
Do not send 'finished reconnecting...' if failed
 2018-10-24 11:51:34 +02:00
Michael Friedrich
bd8e9f55da
Merge pull request #6662 from Icinga/bugfix/keep-http-connection-open-until-stream-eof 
Keep the HTTP server connection open until the stream is EOF
 2018-10-24 11:31:06 +02:00
Michael Friedrich
3cb2c1d143 icinga.com: Update everything else 2018-10-18 09:50:53 +02:00
Michael Friedrich
dea5ec614e icinga.com: Update CMakeLists.txt 2018-10-18 09:35:18 +02:00
Michael Friedrich
44c3b83769 icinga.com: Update '*.ti' 2018-10-18 09:30:00 +02:00
Michael Friedrich
dab53448bc icinga.com: Update *.{h,c}pp 2018-10-18 09:27:04 +02:00
Michael Friedrich
34de8104b8 Fix regression with API permission filters and namespaces in v2.10 
fixes #6682
 2018-10-15 15:47:11 +02:00
Michael Friedrich
85e161ea1e Silence config compiler logging for runtime created objects 
This is especially problematic with many single creation requests,
e.g. many downtimes created via Icinga Web 2 & the REST API.

In addition to the config compiler messages, apply rule matches are
also in there which are removed by this patch.
 2018-10-09 16:41:17 +02:00
Michael Friedrich
83a428c1ba Keep the HTTP server connection open until the stream is EOF 
fixes #4968
 2018-10-09 16:01:43 +02:00
Michael Friedrich
e6eb703b36
Merge pull request #6661 from Icinga/bugfix/cache-http-peer-address 
Cache the peer address in the HTTP server
 2018-10-09 16:00:27 +02:00
Michael Friedrich
5c32a5a7dc Cache the peer address in the HTTP server 
Later socket calls are expensive and might lead
into a race condition on close when logging it.

refs #6655
 2018-10-09 15:40:16 +02:00
Michael Friedrich
58cfc3955d
Merge pull request #6658 from Icinga/bugfix/api-connection-close-req-by-client 
Ensure that HTTP/1.0 or 'Connection: close' headers are properly disconnecting the client
 2018-10-09 13:49:22 +02:00
Michael Friedrich
9352f4bfb3
Merge pull request #6657 from Icinga/feature/api-debug-log-request-body 
Enable the HTTP request body debug log entry for release builds
 2018-10-09 13:29:00 +02:00
Michael Friedrich
13239c3172 Ensure that HTTP/1.0 or Connection: close headers are properly disconnecting the client 
Test results: https://github.com/Icinga/icinga2/issues/6514#issuecomment-428155731

fixes #6514
 2018-10-09 13:23:23 +02:00
Michael Friedrich
73263b7702 Enable the HTTP request body debug log entry for release builds 
fixes #4282
 2018-10-09 12:55:53 +02:00
Michael Friedrich
57081176de Improve logging for disconnected HTTP clients 
Previously this was inside the debug log, with the
new socket printers we can enhance checking for proper
connects and disconnects.

refs #6514
 2018-10-09 12:22:19 +02:00
Michael Friedrich
82178e3b33 Don't inherit daemonize parameter from parent process 2018-09-27 20:30:19 +02:00
Thomas Forrer
816cae98fa Fix config validation problem (startup.log) during /v1/config/stages API call 
copy all arguments of parent process in AsyncTryActivateStage
 2018-09-27 20:27:09 +02:00
Michael Friedrich
64e273afdd
Merge pull request #6639 from Icinga/fix/windows-api-log-rename 
Ensure to _unlink before renaming replay log on Windows
 2018-09-27 08:02:00 +02:00
Michael Friedrich
c979f86e4e
Merge pull request #6632 from Icinga/feature/cluster-faster-reconnect 
Increase the cluster reconnect frequency to 10s
 2018-09-25 17:07:01 +02:00
Michael Friedrich
cbde35ff22 Use a dynamic thread pool for API connections 
The full analysis is located in #6517.

fixes #6517
 2018-09-25 12:43:10 +02:00
Michael Friedrich
cd819f74f4 Increase the cluster reconnect frequency to 10s 
This is blocked by #6517.

refs #6234
 2018-09-25 12:36:30 +02:00
Michael Friedrich
29701b4db5 Add ApiListener#tls_handshake_timeout option 
This allows to specify the previously hardcoded
timeout of 10s.

refs #6517
 2018-09-14 09:20:09 +02:00
Michael Friedrich
dd59964702
Merge pull request #6596 from Icinga/bugfix/gcc-8-f28-hardening-crash 
Fix crash on API queries with Fedora 28 hardening and GCC 8
 2018-09-11 20:44:12 +02:00
Noah Hilverling
3854ed683b Improve TLS handshake exception logging 2018-09-06 15:58:42 +02:00
Michael Friedrich
1f4f6282c7 Fix crash on API queries with Fedora 28 hardening and GCC 8 
The actual fix is to handle nullptr references differently
for an empty filter expression. The other changes include
oob checks not necesarily involved.

fixes #6533
 2018-09-06 09:56:04 +02:00
Michael Friedrich
9a75f47fc5 Allow to configure anonymous clients limit inside the ApiListener object 
Previously this was hardcoded, and for security reasons users might want
to adjust this value. This affects CSR signing requests as well as
clients which have not yet been configured as endpoints on the current
node.

refs #6566
 2018-09-05 17:45:35 +02:00
Michael Friedrich
a1ec919f5b Raise the message size for anonymous client and pki request calls to 1MB 
If one sends the full certificate chain, this previous limit of 64KB
could be hit.
 2018-09-05 17:44:05 +02:00
Michael Friedrich
237fd520db
Merge pull request #6509 from gunnarbeutner/feature/real-constants 
Implement support for namespaces
 2018-08-24 12:10:10 +02:00
Michael Friedrich
7a22113f86
Merge pull request #6570 from Icinga/bugfix/tls-anonymous-clients-limit 
Increase limit for simultaneously connected anonymous TLS clients
 2018-08-23 17:13:41 +02:00
Michael Friedrich
0dd168fe80 Increase limit for simultaneously connected anonymous TLS clients 2018-08-23 17:10:51 +02:00
Michael Friedrich
6a71b75f63 ApiListener: Dump the state file port detail as number 
refs #6511
 2018-08-22 12:57:47 +02:00
Gunnar Beutner
e678fa1aa5 Refactor Application::*Const() 2018-08-13 15:27:05 +02:00
Gunnar Beutner
8fda8d72ac Implement support for the namespace and using keywords 2018-08-13 13:44:31 +02:00
Gunnar Beutner
1a8692d972 Implement support for namespaces 2018-08-13 13:44:31 +02:00
Michael Friedrich
060a1ebbd9
Merge pull request #6512 from Icinga/feature/sni-environment 
Refactor environment for API connections
 2018-08-10 13:15:48 +02:00
Michael Friedrich
97513965e6 Introduce IcingaApplication#environment 
Precedence as follows:

- DEnvironment=...
- const Environment = ...
- object IcingaApplication "app" { environment = "..." }

The wrapped script constant handling is required
since we cannot directly link from libremote (SNI handling)
to libicinga where the object resides. Instead we'll
use the Application class helpers for hiding the ScriptGlobal
calls.
 2018-08-10 12:49:48 +02:00
Michael Friedrich
a4c689e5cf Build fix for CentOS 7 and non-unity builds 2018-08-09 16:23:24 +02:00
Michael Friedrich
b350512b11 Rename to Environment constant 2018-08-09 13:19:33 +02:00
Markus Frosch
eb02d9041d Refactor environment for API connections 
* Const renamed to `ApiEnvironment`
* Handling moved to ApiListener
* Now a property of ApiListener
 2018-08-09 13:19:33 +02:00
Michael Friedrich
f1e7e635a2
Merge pull request #6531 from Icinga/feature/zone-all_parents 
Expose Zone#all_parents via API
 2018-08-09 13:11:23 +02:00
Michael Friedrich
ecb73e08ed Implement ApiListener status file removal on shutdown 2018-08-09 11:54:34 +02:00
Noah Hilverling
7b977b2c52 Do not send 'finished reconnecting...' if failed 2018-08-09 08:29:27 +02:00
Markus Frosch
20269a89d0 ApiListener: Add support for dynamic port handling 2018-08-08 17:42:57 +02:00
Alexander A. Klimov
ea5614f7df Expose Zone#all_parents via API 2018-08-08 14:38:02 +02:00
Alexander A. Klimov
7bcbd9b497 Rename Zone#GetAllParents() to Zone#GetAllParentsRaw() 2018-08-08 14:38:02 +02:00
Markus Frosch
9fbc40615a Improve path handling in cmake and daemon 2018-08-07 14:10:26 +02:00
Michael Friedrich
1d22b6e176
Merge pull request #6410 from Icinga/remove-dead-code 
Remove unused code
 2018-07-27 15:56:52 +02:00
Markus Frosch
ddc5b951b3
Revert "Implement support for the --env command-line argument" 2018-07-26 17:09:06 +02:00
Michael Friedrich
46e71a83dc
Merge pull request #6414 from Icinga/feature/icinga-envs 
Implement support for the --env command-line argument
 2018-07-26 10:09:42 +02:00
Michael Friedrich
038b2fb94c
Merge pull request #6379 from Icinga/global-zone-validation 
Throw config error when using global zones as parent
 2018-07-26 10:01:46 +02:00
Jean Flach
2b44eff8da Fix "Discard" message being warning 2018-07-26 09:39:03 +02:00
Alexander A. Klimov
ac6afadb5a Make HttpServerConnection#m_DataHandlerMutex a boost::recursive_mutex 
refs #6428
 2018-07-09 14:40:32 +02:00
Gunnar Beutner
c577554073 Implement support for the --env command-line argument 2018-06-27 13:15:52 +02:00
Jean Flach
4159682cf8 Remove unused code 
These methods and types were used only by the Icinga Studio
 2018-06-25 10:09:30 +02:00
Michael Friedrich
a1c2eb3d87 Ensure to _unlink before renaming replay log on Windows 2018-06-22 11:12:09 +02:00
Michael Friedrich
0ffb8af8e3 Conform to RFC for CRLF in HTTP requests 
refs #6242
 2018-06-21 16:53:44 +02:00
Michael Friedrich
cfd6c79a03
Merge pull request #6387 from Icinga/fix/remove-broken-api-user-hash 
Remove ApiUser password_hash functionality
 2018-06-19 14:26:32 +02:00
Michael Friedrich
2fd6709952 Remove ApiUser password_hash functionality 
This affects and fixes

- Windows reload
- Config validation
- RHEL 7.5 OpenSSL memory corruption
- Hash algorithm, requested changes

refs #6378
refs #6279
refs #6278
 2018-06-19 11:32:03 +02:00
Alexander A. Klimov
a0fca599da HttpRequest#ParseBody(): indicate success on complete body 
refs #6184
 2018-06-18 16:02:22 +02:00
Jean Flach
ee9be90fa7 Throw config error when using global zones as parent 2018-06-15 14:40:09 +02:00
Michael Friedrich
8c3c4704d2
Merge pull request #6371 from Icinga/bugfix/socket-io-handling-with-http-json-rpc-6361 
ApiListener#NewClientHandlerInternal(): Explicitly close the TLS stream on any failure
 2018-06-15 14:35:48 +02:00
Michael Friedrich
b9bfe70444 Fix missing name for workqueue while creating runtime objects via API 
fixes #6364
 2018-06-15 14:25:03 +02:00
Alexander A. Klimov
7741517df7 ApiListener#NewClientHandlerInternal(): Explicitly close the TLS stream on any failure 
refs #6361
 2018-06-14 15:03:04 +02:00
Michael Friedrich
447dad91c0 Increase header size to 8KB for HTTP requests 
This is the default for Tomcat and Apache too
and avoids problems with cookies and long URLs.

fixes #6355
 2018-06-06 20:25:36 +02:00
Michael Friedrich
f788878f79 Update log message for skipped certificate renewal 
Users kept asking about it, still it is just an "information"
that this isn't needed yet.
 2018-05-18 17:04:03 +02:00
Michael Friedrich
7f579db9af
Merge pull request #6305 from gunnarbeutner/feature/environment-variable 
Introduce the 'Environment' variable
 2018-05-15 14:04:50 +02:00
Gunnar Beutner
9c1e00eb94 Introduce the 'Environment' variable 2018-05-15 12:02:15 +02:00
Michael Friedrich
f070d2136a Ensure that user input for groups is unique on API object creation 
refs #4732
 2018-05-09 17:26:10 +02:00
Jean Flach
c54e042942 Add activation priorities for config object types 
This patch ensures that specific configuration types
are pre-activated and post-activated. In general,
logging is first, then common configuration objects
like host/service, downtimes, etc.
In the end, all features are activated after to ensure
that notifications are only sent once downtimes are applied.
A similar thing happens for starting with checks too early.
The ApiListener feature runs first to allow cluster connections
at first glance.

fixes #6057
fixes #6231
 2018-05-04 11:25:47 +02:00
Michael Friedrich
a8b5d8e64a
Merge pull request #6205 from Icinga/feature/api-verbose-errors 
API: Unify verbose error messages
 2018-04-17 16:40:11 +02:00
Jan Beich
106be295eb Explicitly use long with boost::posix_time 
In file included from lib/base/base_unity.cpp:61:
lib/base/timer.cpp:295:31: error: no matching conversion for functional-style cast from 'double' to 'boost::posix_time::milliseconds' (aka 'subsecond_duration<boost::posix_time::time_duration, 1000>')
                        l_TimerCV.timed_wait(lock, boost::posix_time::milliseconds(wait * 1000));
                                                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from lib/remote/remote_unity.cpp:19:
lib/remote/eventqueue.cpp:111:30: error: no matching conversion for functional-style cast from 'double' to 'boost::posix_time::milliseconds' (aka 'subsecond_duration<boost::posix_time::time_duration, 1000>')
                if (!m_CV.timed_wait(lock, boost::posix_time::milliseconds(timeout * 1000)))
                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from lib/checker/checker_unity.cpp:1:
lib/checker/checkercomponent.cpp:128:26: error: no matching conversion for functional-style cast from 'double' to 'boost::posix_time::milliseconds' (aka 'subsecond_duration<boost::posix_time::time_duration, 1000>')
                        m_CV.timed_wait(lock, boost::posix_time::milliseconds(wait * 1000));
                                              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/local/include/boost/date_time/time_duration.hpp:270:30: note: candidate constructor (the implicit copy constructor) not viable: no known conversion from 'double' to 'const boost::date_time::subsecond_duration<boost::posix_time::time_duration, 1000>' for 1st argument
  class BOOST_SYMBOL_VISIBLE subsecond_duration : public base_duration
                             ^
/usr/local/include/boost/date_time/time_duration.hpp:270:30: note: candidate constructor (the implicit move constructor) not viable: no known conversion from 'double' to 'boost::date_time::subsecond_duration<boost::posix_time::time_duration, 1000>' for 1st argument
/usr/local/include/boost/date_time/time_duration.hpp:286:59: note: candidate template ignored: disabled by 'enable_if' [with T = double]
                                typename boost::enable_if<boost::is_integral<T>, void>::type* = 0) :
                                                          ^
 2018-04-15 04:06:11 +00:00
Michael Friedrich
b53685db59 Fix error handling on config package delete 2018-04-12 19:24:08 +02:00
Michael Friedrich
194c99a86e Allow to disable brackets for the Url class and Format() 
This commit also adds unit tests.

refs #5706
 2018-04-06 15:22:17 +02:00
Michael Friedrich
1b31ec8378 Fix verbose errors in config files handler 2018-04-06 12:55:03 +02:00
Michael Friedrich
17846e04d8 Fix verbose error message in modify object handler 2018-04-06 12:52:17 +02:00
Michael Friedrich
6b2decb44b Fix verbose error handling in variable and template query handlers 2018-04-06 12:50:06 +02:00
Noah Hilverling
24752f3733
Merge pull request #6204 from Icinga/fix/api-create-object-exists-errors 
API: Check if objects exists and return proper error message
 2018-04-06 12:47:31 +02:00
Michael Friedrich
3e83e94c15 Fix object and status query verbose errors 2018-04-06 12:47:20 +02:00
Michael Friedrich
bd7598cb1b API: Check if objects exists and return proper error message 2018-04-06 12:32:27 +02:00
Michael Friedrich
c4a6ab0211 Add diagnostic_information as verbose error to config object handlers 2018-04-06 12:26:49 +02:00
Jean Flach
6d81c5c34f
Merge pull request #6199 from Icinga/fix/action-http-code 
Return 500 when no api action is successful
 2018-04-06 11:20:43 +02:00
Jean Flach
f133c7914e Build fix 2018-04-06 10:43:33 +02:00
Michael Friedrich
a00197e919 Refactor actions error messages 2018-04-06 10:30:27 +02:00
Michael Friedrich
4bf731fc16 More config stages refactoring 2018-04-06 10:13:08 +02:00
Noah Hilverling
22c3a7933e Fix API action status codes 2018-04-06 10:06:15 +02:00
Michael Friedrich
36cdf8a0d2 More refactoring of config packages errors 2018-04-06 09:53:54 +02:00
Michael Friedrich
de2d18d85d Enhance error handling in type query handler 2018-04-05 17:23:26 +02:00
Michael Friedrich
7f015c0d2f Enhance error handling in config packages handler 2018-04-05 17:21:14 +02:00
Michael Friedrich
75c5e6f6b0 Enhance error handling in config stages handler 2018-04-05 17:17:30 +02:00