Revisions of icinga2

Eric Schirra's avatar Eric Schirra (ecsos) accepted request 1223908 from Eric Schirra's avatar Eric Schirra (ecsos) (revision 189)
 - Update to 2.14.3
   - Security: fix TLS certificate validation bypass. CVE-2024-49369 (boo#1233310)
Eric Schirra's avatar Eric Schirra (ecsos) accepted request 1223902 from Eric Schirra's avatar Eric Schirra (ecsos) (revision 188)
 - Update to 2.14.3
   - Security: fix TLS certificate validation bypass. CVE-2024-49369
   - Security: update OpenSSL shipped on Windows to v3.0.15.
   - Windows: sign MSI packages with a certificate the OS trusts by default.
- Revision and cleanup of the spec file to remove errors and make it clearer.
Eric Schirra's avatar Eric Schirra (ecsos) accepted request 1139801 from Eric Schirra's avatar Eric Schirra (ecsos) (revision 186)
- Update to 2.14.2
  - InfluxDB: truncate timestamps to whole seconds to save disk space. #9969
  - HttpServerConnection: log request processing time as well. #9970
  - Update Boost shipped on Windows to v1.84. #9970
Eric Schirra's avatar Eric Schirra (ecsos) accepted request 1134463 from Eric Schirra's avatar Eric Schirra (ecsos) (revision 185)
- Update to 2.14.1
  * Security
    - Automatically renew own root CA and distribute it to all nodes. #9933
    - Update OpenSSL shipped on Windows to v3.0.12. #9946
    - Disable TLS renegotiation (handshake on existing connection). #9946
  * Bugfixes
    - Icinga DB feature: fix crash due to missing NULL pointer check. #9946
    - Icinga DB feature: fix data written into Redis crashing the Go daemon. #9946
    - GelfWriter: fix deadlock on stop/reload caused by busy queue. #9947
    - Don't lose notifications due to too long output, truncate it. #9947
  * Enhancements
    - Discard duplicate problem notifications due to state filtering. #9932
    - Speed up API filters targeting specific hosts/services to O(1). #9944
    - POST /v1/console/*: return HTTP 503 while Icinga is reloading. #9947
    - Update Boost shipped on Windows to v1.83. #9946
    - Documentation: several fixes and improvements. #9921
Eric Schirra's avatar Eric Schirra (ecsos) accepted request 1114137 from Eric Schirra's avatar Eric Schirra (ecsos) (revision 184)
- Update to 2.14.0
  * Breaking Changes
    - Remove CheckResultReader (which has been deprecated since v2.9). #9714
    - Remove StatusDataWriter (which has been deprecated since v2.9). #9715
    - ElasticsearchWriter: drop support for Elasticsearch < v7. #9812
    - Consider a checkable unreachable once one Dependency fails.
      Previously all of them had to fail. (Consult the upgrading docs.) #8218
    - API: reject config modifications during reload with HTTP status 503. #9445
    - icinga2 daemon: to reduce config load time, write file needed by
      icinga2 object list only if --dump-objects is given. #9586 #9591
    - Default email notification scripts: link to Icinga DB Web,
      not the monitoring module. (Consult the upgrading docs.) #9742 #9757
    - API: for security reasons hide TicketSalt in /v1/variables. #7863
  * Icinga 2 Config DSL
    - Disallow global variable modification after config commit start (i.e.
      inside object/apply T "x" { ... }) to reduce config load time. #9740
    - Forbid Dependency cycles at config load time. #8389
    - Allow only strings in the arrays Host#groups, Service#groups and
      User#groups. Needed for consistency, especially by the IDO. #9057
    - Disallow empty object names. (They worked only partially anyway.) #9409
  * Enhancements
    - Significantly reduce config load time of large setups.
      #8118 #9555 #9557 #9572 #9577 #9603 #9608 #9627 #9648 #9657 #9662
    - Allow to connect dependencies via redundancy groups. Only parents within
      one group are assumed to provide redundancy for each other. #8218
    - Built-in check command ifw-api, communicates directly with the Icinga for
      Windows REST API. (Doesn't spawn a PowerShell process for that.) #9062
    - JournaldLogger which logs to systemd journal. #9000
    - API: POST /v1/objects: allow to discard some previously modified attributes,
      i.e. to restore the config files' values. #9783
    - ElasticsearchWriter: support Elasticsearch v8. #9812
    - Support $env.ENV_VAR_NAME$ macros. #8302
    - Speed up Icinga DB config dump. #9524
    - Default mail notification scripts: also print $host.notes$ and $service.notes$. #9713
    - Enable built-in OpenSSL DH parameters to allow DHE TLS ciphers. #9811
    - Clean up global default TLS cipher list to improve security. #9809
    - Influxdb(2)Writer: write more precise timestamps (nanoseconds). #9599
  * Bugfixes
    - Icinga DB feature: normalize several Redis data not to crash the Go daemon.
      #9772 #9775 #9792 #9793 #9794 #9805
    - Fix parsing of perfdata across multiple lines in plugin output. #8969
    - icinga check: fix last reload failure time. #8429 #9827
    - Resolve macros inside custom vars of IcingaApplication. #9779
    - SELinux: allow Icinga and its plugins to write to syslog. #9688
    - ElasticsearchWriter: fix data buffer flush race condition during stop. #9810
    - Trigger flexible downtimes not in the past if checkable is already down. #9726
    - Send downtime expiration notifications immediately, not after up to a minute. #9726
  * Cluster
    - Don't hang in timed out connection attempt. #9711 #9725
    - Fix lost acknowledgements after re-connect. #9718
    - cluster-zone check: don't complain about not connected
      other local zone members if there aren't any. #8595
    - Allow agent to update executions delegated to it via /v1/actions/execute-command. #8627
  * API
    - Disallow breaking inter-object relationships by changing
      relationship attributes at runtime, e.g. Service#host_name. #9407
    - Correct several HTTP response status codes. #7958 #9354
    - Correct Boolean field types previously reported by /v1/types as Number. #9514
  * CLI
    - icinga2 daemon: fix -DConfiguration.Concurrency= flag
      which now allows to override the number of threads. #9643
    - icinga2 node wizard: avoid unnecessary chown(2) which may fail and abort the wizard. #8744
    - Correct several log messages. #8895 #8965 #9663
  * ITL
    - Add linux_netdev check command. #9045
    + Command Argument Changes
      - disk: don't pass -m (disk_megabytes) by default. #9642
      - disk: pass -X fuse.portal (disk_exclude_type) by default. #9459
      - http: support multiple -k (http_header) as array. #8574
      - icmp: double defaults for -w (icmp_wpl) and -c (icmp_cpl). #9041
      - logfiles: pass --winwarncrit (logfiles_winwarncrit) without argument. #9056
      - nwc_health: pass SNMPv3-only args only when using SNMPv3. #9095
      - vmware-esx-dc-runtime-tools and vmware-esx-soap-vm-runtime-tools:
      - rename --open-vm-tools to --open_vm_tools_ok (vmware_openvmtools). #9611
Eric Schirra's avatar Eric Schirra (ecsos) accepted request 1104874 from Bernhard Wiedemann's avatar Bernhard Wiedemann (bmwiedemann) (revision 183)
Use fixed hostname string (boo#1084909)
Eric Schirra's avatar Eric Schirra (ecsos) accepted request 1098792 from Eric Schirra's avatar Eric Schirra (ecsos) (revision 182)
- Update to 2.13.8
  * Bugfixes
    - Icinga DB feature: normalize several Redis data not to crash the Go daemon. #9814
    - Don't hang in timed out connection attempt. #9815
    - Trigger flexible downtimes not in the past if checkable is already down. #9817
    - ElasticsearchWriter: fix data buffer flush race condition during stop. #9818
    - SELinux: allow Icinga and its plugins to write to syslog. #9819
    - Fix lost acknowledgements after re-connect. #9820
    - Fix parsing of perfdata across multiple lines in plugin output. #9821
    - cluster-zone check: don't complain about not connected
  other local zone members if there aren't any. #9822
  * Updates
    - Update Boost shipped on Windows to v1.82. #9816
    - Update OpenSSL shipped on Windows to v3.0.9. #9816
    - Update vendored https://github.com/nlohmann/json to v3.9.1. #9816
    - Update vendored https://github.com/nemtrif/utfcpp to v3.2.3. #9816
Eric Schirra's avatar Eric Schirra (ecsos) accepted request 1066252 from Eric Schirra's avatar Eric Schirra (ecsos) (revision 181)
- Update to 2.13.7
  * Security
    - Windows: update bundled OpenSSL to v1.1.1t. #9672
  * Bugfixes
    - SELinux: fix user and domain creation by explicitly setting the role. #9690
    - Signal handlers: don't interrupt and break plugins spawning. #9682
    - Icinga DB: take check\_period into account during overdue calculation. #9679
    - Avoid corrupted files: use fsync(2)/FlushFileBuffers() everywhere. #9681
    - Solaris: fix compile error. #9680
  * Enhancements
    - Windows: update bundled Boost to v1.81. #9678
    - Documentation: several fixes and improvements. #9671
- Drop icinga2-boost.patch because now in upstream.
Eric Schirra's avatar Eric Schirra (ecsos) accepted request 1062996 from Eric Schirra's avatar Eric Schirra (ecsos) (revision 180)
- Add icinga2-boost.patch to make compilable on Boost v1.81 
  and fix build error on Tumbleweed.
Eric Schirra's avatar Eric Schirra (ecsos) accepted request 1034594 from Eric Schirra's avatar Eric Schirra (ecsos) (revision 179)
- Update to 2.13.6
  * Bugfixes
    - Improve the throughput of the Icinga DB feature. #9550
    - Multiple changes to speed up evaluation of apply rules. #9559 #9565 #9558
    - Fix a possible crash on config loading related to ignore_on_error. #9560
    - Check API user permission on objects returned by joins. #9561
    - Windows: update bundled Boost and OpenSSL versions. #9562 #9567
Eric Schirra's avatar Eric Schirra (ecsos) accepted request 994645 from Eric Schirra's avatar Eric Schirra (ecsos) (revision 178)
- Update to 2.13.5
  * Bugfixes
    - Ensure not to write an incomplete (i.e. corrupt) state file. #9467
    - ITL: Render vars.apt_upgrade=true as --upgrade, not --upgrade=true. #9458
    - Icinga DB: Add missing Redis SELinux policy. #9473
    - Windows: Don't spam the event log with non-error startup messages. #9457
    - Windows: Update bundled version of OpenSSL. #9460
    - Docs: Update RHEL 8 installation instructions. #9482
    - Docs: Add RHEL 9 installation instructions. #9482
Eric Schirra's avatar Eric Schirra (ecsos) accepted request 986199 from Eric Schirra's avatar Eric Schirra (ecsos) (revision 177)
- Update to 2.13.4
  * Bugfixes
    - Fix a race-condition involving object attribute updates that could result in a crash. #9395
    - After a host recovered, only send problem notifications for services after they have been 
      rechecked afterwards to avoid false - notifications. #9348
    - Speed up config validation by avoiding redundant serialization of objects. #9400
    - Add a separator attribute to allow using arguments like --key=value as required by some 
      check plugins. This fixes the --upgrade and --dist-upgrade arguments of check_apt. #9397
    - Windows: Update bundled versions of Boost and OpenSSL. #9360 #9415
  * Icinga DB
    - Add an icingadb CheckCommand to allow checking if Icinga DB is healthy. #9417
    - Update documentation related to Icinga DB. #9423
    - Fix a bug where history events could miss the environment ID. #9396
    - Properly serialize attributes of command arguments when explicitly set to null. #9398
    - Rename some attributes to make the database schema more consistent. #9399 #9419 #9421
    - Make the error message more helpful if the API isn't set up #9418
Lars Vogdt's avatar Lars Vogdt (lrupp) committed (revision 176)
- add icinga2-vim_syntax.patch:
  When upgrading vim to version 8 the syntax file does not work anymore:
  line xxx:
    E10: \ should be followed by /, ? or &
  Reason: The line continuation does not work, as vim is reading 
  syntax files now in vi-compatible mode. The patch sets the 
  nocompatible mode manually for that syntax file.
Eric Schirra's avatar Eric Schirra (ecsos) accepted request 972380 from Eric Schirra's avatar Eric Schirra (ecsos) (revision 175)
- Update to 2.13.3
  * API
    - The /v1/config/stages endpoint now immediately rejects parallel config updates
      instead of accepting and then later failing to verify and activate them. #9328
  * Certificates
    - The lifetime of newly issued node certificates is reduced from 15 years to 397 days. #9337
    - Compare cluster certificate tickets in constant time. #9333
  * Notifications
    - Fix a crash that could happen while sending notifications shortly after Icinga 2 started. #9124
    - Fix missing or redundant notifications after certain combinations of state changes happened
      while notifications were suppressed, for example during a downtime. #9285
* Checks and Commands
    - Fix a deadlock when processing check results for checkables with dependencies. #9228
    - Fix a message routing loop that can happen for event commands that are executed within a zone
      using command_endpoint that resulted in excessive execution of the command. #9260
  * Downtimes
    - Fix scheduling of downtimes for all services on child hosts. #9159
    - Creating fixed downtimes starting immediately now send a corresponding notification. #9158
    - Fix some issues involving daylight saving time changes that could result in an hour missing
      from scheduled downtimes. This fix applies to time periods as well. #9238
  * Configuration
    - Fix the evaluation order of default templates when used in combination with apply rules.
      Now default templates are imported first as stated in the documentation
      and as it already happens for objects defined without using apply. #9290
  * IDO
    - Fix an issue where contacts were not written correctly to the notification history
      if multiple IDO instances are active on the same node. #9242
    - Explicitly set the encoding for MySQL connections as a workaround for changed defaults in Debian bullseye. #9312
    - Ship a MySQL schema upgrade that fixes inconsistent version information in the full schema file
      and upgrade files which could have resulted in inaccurate reports of an outdated schema version. #9139
  * Performance Data Writers
    - Fix a race condition in the InfluxDB Writers that could result in a crash. #9237
    - Fix a log message where Influxdb2Writer logged as InfluxdbWriter. #9315
    - All writers no longer send metrics multiple times after HA failovers. #9322
  * Build
    - Fix the order of linker flags to fix builds on some ARM platforms. #9164
    - Fix a regression introduced in 2.13.2 preventing non-unity builds. #9094
    - Fix an issue when building within an unrelated Git repository, version information
      from that repository could incorrectly be used for Icinga 2. #9155
    - Windows: Update bundled Boost version to 1.78.0 and OpenSSL to 1.1.1n #9325
  * Internals
    - Fix some race conditions due to missing synchronization. 
      These race conditions should not have caused any practical problems
      besides incorrect numbers in debug log message. #9306
    - Move the startup.log and status files created when validating incoming cluster config updates
      to /var/lib/icinga2/api and always keep the last failed startup.log to ease debugging. #9335
  * Icinga DB
    - The severity attribute was updated to match the sort order Icinga Web 2 uses for the IDO.
      The documentation for this attribute was already incorrect before
      and was updated to reflect the current functionality. #9239 #9240
    - Fix the is_sticky attribute for comments. #9303
    - Fix missing updates of is_reachable and severity in the state tables. #9241
    - Removing an acknowledgement no longer incorrectly writes comment history. #9302
    - Fix multiple issues so that in an HA zone, both nodes now write consistent history. #9157 #9182 #9190
    - Fix that history events are no longer written when state information should be updated. #9252
    - Fix an issue where incomplete comment history events were generated. #9301
    - Note: when removing comments using the API, the dedicated remove-comment action
      should be used instead of the objects API, otherwise no history event will be generated.
    - Fix handling of non-integer values for the order attribute of command arguments. #9181
    - Note: You should only specify integer values for order, other values are converted to 
      integer before use so using fractional numbers there has no effect.
    - Add a dependency on icingadb-redis.service to the systemd service file
      so that Redis is stopped after Icinga 2. #9304
    - Buffer history events in memory when the Redis connection is lost. #9271
    - Add the previous soft state to the state tables. #9214
    - Add missing locking on object runtime updates. #9300
- Changes from 2.13.2
  * Icinga DB
    - Prefix command_id with command type #9085
    - Decouple environment from Icinga 2 Environment constant #9082
    - Make icinga:history:stream:*#event_id deterministic #9076
    - Add downtime.duration & service_state.host_id to Redis #9084
    - Sync checkables along with their states first #9081
    - Flush both buffered states and state checksums on initial dump #9079
    - Introduce icinga:history:stream:downtime#scheduled_by #9080
    - Actually write parent to parent_id of zones #9078
    - Set value in milliseconds for program_start in stats/heartbeat #9077
    - Clean up vanished objects from icinga:checksum:*:state #9074
    - Remove usernotification history stream #9073
    - Write IDs of notified users into notification history stream #9071
    - Make CheckResult#scheduling_source available to Icinga DB #9072
    - Stream runtime state updates only to icinga:runtime:state #9068
    - Publish Redis schema version via XADD icinga:schema #9069
    - Don't include checkable types in history IDs #9070
    - Remove unused Redis key 'icinga:zone:parent' #9075
Eric Schirra's avatar Eric Schirra (ecsos) accepted request 936051 from Eric Schirra's avatar Eric Schirra (ecsos) (revision 174)
Rollback to revision 171 - version 2.13.1 because 2.13.2 does not build for Tumbleweed.
Lars Vogdt's avatar Lars Vogdt (lrupp) committed (revision 173)
remove link to Factory
Lars Vogdt's avatar Lars Vogdt (lrupp) committed (revision 172)
- Update to 2.13.2
  This version only includes changes needed for the release of Icinga DB 
  1.0.0 RC2 and doesn't include any other bugfixes or features.
  Icinga DB
  + Prefix command_id with command type #9085
  + Decouple environment from Icinga 2 Environment constant #9082
  + Make icinga:history:stream:*#event_id deterministic #9076
  + Add downtime.duration & service_state.host_id to Redis #9084
  + Sync checkables along with their states first #9081
  + Flush both buffered states and state checksums on initial dump #9079
  + Introduce icinga:history:stream:downtime#scheduled_by #9080
  + Actually write parent to parent_id of zones #9078
  + Set value in milliseconds for program_start in stats/heartbeat #9077
  + Clean up vanished objects from icinga:checksum:*:state #9074
  + Remove usernotification history stream #9073
  + Write IDs of notified users into notification history stream #9071
  + Make CheckResult#scheduling_source available to Icinga DB #9072
  + Stream runtime state updates only to icinga:runtime:state #9068
  + Publish Redis schema version via XADD icinga:schema #9069
  + Don't include checkable types in history IDs #9070
  + Remove unused Redis key 'icinga:zone:parent' #9075
Eric Schirra's avatar Eric Schirra (ecsos) accepted request 913176 from Eric Schirra's avatar Eric Schirra (ecsos) (revision 171)
- Update to 2.13.1
  * Security
    - CVE-2021-37698: Add TLS server certificate validation to ElasticsearchWriter, GelfWriter,
      InfluxdbWriter and Influxdb2Writer (GHSA-cxfm-8j5v-5qr2)
    Depending on your setup, manual intervention beyond installing the new versions may be required,
    so please read the more detailed information in the release blog post carefully.
  * Bugfixes
    - IDO PgSQL: Fix a string quoting regression introduced in 2.13.0 #8958
    - ApiListener: Automatically fall back to IPv4 in default configuration on systems without IPv6 support #8961
Eric Schirra's avatar Eric Schirra (ecsos) accepted request 910005 from Eric Schirra's avatar Eric Schirra (ecsos) (revision 170)
- Update to 2.13.0
  * Enhancements
    + Core
      - PerfdataValue: Add units of measurement #7871
      - Flapping: Allow to ignore states in flapping detection #8600
    + Cluster
        Display log message if two nodes run on incompatible versions #8088
    + API
      - /v1/actions/remove-downtime: Also remove child downtimes #8913
      - Add API endpoint: /v1/actions/execute-command #8040
      - /v1/actions/add-comment: Add param expiry #8035
      - API-Event StateChange & CheckResult: Add acknowledgement and downtime_depth #7736
      - Implement new API events ObjectCreated, ObjectDeleted and ObjectModified #8083
      - Implement scheduling_endpoint attribute to checkable #6326
    + Windows
      - Add support for Windows Event Log and write early log messages to it #8710
    + IDO
      - MySQL: support larger host and service names #8425
    + ITL
      - Add -S parameter for esxi_hardware ITL #8814
      - Add CheckCommands for Thola #8683
      - Add option ignore-sct for ssl_cert to ITL #8625
      - Improve check_dns command when used with monitoring-plugins 2.3 #8589
      - Add parameter -f to snmp-process #8569
      - Add systemd CheckCommand #8568
      - Add new options for ipmi-sensor #8498
      - check_snmp_int: support -a #8003
      - check_fail2ban: Add parameter fail2ban_jail to monitor a specific jail only #7960
      - check_nrpe: Add parameters needed for PKI usage #7907
    + Metrics
      - Support InfluxDB 2.0 #8719
      - Add support for InfluxDB basic auth #8314
    + Docs
      - Add info about ongoing support for IDO #8446
      - Improve instructions on how to setup a Windows dev env #8400
      - Improve instructions for installing wixtoolset on Windows #8397
      - Add section about usage of satellites #8458
      - Document command for verifying the parent node's certificate #8221
      - Clarify TimePeriod/ScheduledDowntime time zone handling #8001
    + Misc
      - Support TLS 1.3 #8718
      - Livestatus: append app name to program_version #7931
      - sd_notify() systemd about what we're doing right now #7874
  * Bugfixes
    + Core
      - Fix state not being UNKNOWN after process timeout #8937
      - Set a default severity for loggers #8846
      - Fix integer overflow when converting large unsigned integers to string #8742
      - StartUnixWorker(): don't exit() on fork() failure #8427
      - Fix perf data parser not recognizing scientific notation #8492
      - Close FDs based on /proc/self/fd #8442
      - Fix check source getting overwritten on passive check result #8158
      - Clean up temp files #8157
      - Improve perf data parser to allow for special output (e.g. ASCII tables) #8008
      - On check timeout first send SIGTERM #7918
    + Cluster
      - Drop passive check results for unreachable hosts/services #8267
      - Fix state timestamps set by the same check result differing across nodes #8101
    + API
      - Do not override status codes that are not 200 #8532
      - Update the SSL context after accepting incoming connections #8515
      - Allow to create API User with password #8321
      - Send Content-Type as API response header too #8108
      - Display a correct status when removing a downtime #8104
      - Display log message if a permission error occurs #8087
      - Replace broken package name validation regex #8825 #8946
    + Windows
      - Fix Windows command escape for " #7092
    + Notifications/Downtimes
      - Fix no re-notification for non OK state changes with time delay #8562
      - TimePeriod/ScheduledDowntime: Improve DST handling #8921
      - Don't send notifications while suppressed by checkable #8513
      - Fix a crash while removing a downtime from a disappeared checkable #8229
    + IDO
      - Update program status on stop #8730
      - Also mark objects inactive in memory on object deactivation #8626
      - IdoCheckTask: Don't override checkable critical with warn state #8613
      - PostgreSQL: Do not set standard_conforming_strings to off #8123
    + ITL
      - check_http: Fix assignment of check_adress blocking check by hostname #8109
      - check_mysql: Don't set -H if -s is given #8020
    + Metrics
      - OpenTSDB-Writer: Remove incorrect space causing missing tag error #8245
Displaying revisions 1 - 20 of 189
openSUSE Build Service is sponsored by