Icinga 2 bugfix release 2.3.4

i2_pcc_check_mysql_healthIcinga 2 v2.3.4 incorporates a couple of bug fixes and also adds additional plugin check command definitions for the database plugins such as check_mysql_health or check_postgres.

Packages builds for various distributions should be available soon.

Changelog

Changes

  • Bugfixes
  • ITL: Check commands for various databases
  • Improve validation messages for time periods
  • Update max_check_attempts in generic-{host,service} templates
  • Update logrotate configuration

Issues

  • Feature 8760: Add database plugins to ITL
  • Feature 8803: Agent Wizard: add options for API defaults
  • Feature 8893: Improve timeperiod validation error messages
  • Feature 8895: Add explanatory note for Icinga2 client documentation
  • Bug 8808: logrotate doesn’t work on Ubuntu
  • Bug 8821: command_endpoint check_results are not replicated to other endpoints in the same zone
  • Bug 8879: Reword documentation of check_address
  • Bug 8881: Add arguments to the UPS check
  • Bug 8889: Fix a minor markdown error
  • Bug 8892: Validation errors for time ranges which span the DST transition
  • Bug 8894: Default max_check_attempts should be lower for hosts than for services
  • Bug 8913: Windows Build: Flex detection
  • Bug 8917: Node wizard should only accept ‘y’, ‘n’, ‘Y’ and ‘N’ as answers for boolean questions
  • Bug 8919: Fix complexity class for Dictionary::Get
  • Bug 8987: Fix a typo
  • Bug 9012: Typo in graphite feature enable documentation
  • Bug 9014: Don’t update scheduleddowntime table w/ trigger_time column when only adding a downtime
  • Bug 9016: Downtimes which have been triggered are not properly recorded in the database
  • Bug 9017: scheduled_downtime_depth column is not reset when a downtime ends or when a downtime is being removed
  • Bug 9021: Multiple log messages w/ “Attempting to send notifications for notification object”
  • Bug 9041: Acknowledging problems w/ expire time does not add the expiry information to the related comment for IDO and compat
  • Bug 9045: Vim syntax: Match groups before host/service/user objects
  • Bug 9049: check_disk order of command arguments
  • Bug 9050: web.conf is not in the RPM package
  • Bug 9064: troubleshoot truncates crash reports
  • Bug 9069: Documentation: set_if usage with boolean values and functions
  • Bug 9073: custom attributes with recursive macro function calls causing sigabrt

Contribute Icinga 2 Plugin Check Command definitions

While at first sight we’ve only included the monitoring plugins and their CheckCommand definitions, we’ve been working closely with community contributors and team members to make it easier for everyone to contribute their own command definitions.

There are certain advantanges sending your definitions upstream:

  • everyone can use and update/fix them
  • one single place for configs and documentation
  • developers may suggest updates and help with best practices
  • you don’t need to care about copying the command definitions to all your instances (because the icinga2 package already provides them)

There is a detailed wiki howto available. Looking forward to your contributions! :-)

Icinga @ SIG-NOC meeting

GA_logo_and_strapline_smal_new2It has been nearly 3 years when I attended the 6th TF-NOC meeting in Dublin, presenting Icinga to all NREN participants (research and education networking organisations). At that time I was working at ACOnet at the University of Vienna which slightly changed into NETWAYS and Nuremberg later that year. After-all this task force is community/developer friendly so I was allowed to follow their actions, discussions and upcoming meetings. At last years OSMC Ernst Heiri from SWITCH was asking if I could spare some time to come present the latest Icinga 2 development in Stuttgart this year.

Well, time goes by, and then there was a discussion on open source log collection & monitoring tools going on, where I’ve stepped into remarking the things we’ve talked about in the Icinga 2 & Graylog talk at OSMC 2014, and much more. Considering that I also know a little Logstash from my Icinga 2 training sessions, attending the 12th TF-NOC meeting for an in-depth Icinga 2 presentation and also sharing my ideas on log monitoring in open panels was pure fun.

There are changes in terms of naming going on – Terena & Dante joined forces under the Géant Association, while the Task Force (TF) is being migrated to a Special Interest Group (SIG). Therefore this meeting was in the end called “SIG NOC meeting“. Apart from the confusing stuff (my presentation slides show the wrong logo ;)) I’ve got the opportunity to talk about Icinga 2 nearly 2 hours.

The presentation catches up with plenty of things you might already know but is rather long-ish with ~80 slides. It also required me to do some heavy re-factoring of the Icinga Vagrant boxes used for the demo (no more custom VM as seen 3 years ago!). The feedback on the talk was awesome, and also shed some light into NREN network operators (NOC teams) and their problems. Multi-path dependencies, network topology scan & simulation or even Shibboleth as auth provider for Icinga Web 2 were those to mention, next to discussions on existing issues or just some real-life hints.

During the two days one thing was clear – integration of tools in your existing stack is more important than ever. While changes might happen slowly, one should consider evaluating how the tool does fit into the environment, including interfaces and apis for data exchange (take for instance, Icinga 2 + Puppet + Logstash + Graphite). On another note: How to deal with alerts and connect that to the ticket systems – where the RT integration in Icinga Web 2 proofed itself as a pretty good idea :) Or – why would one need Rackview, HP Openview and Icinga, how about only using one tool (Icinga)?

The meeting was pretty much Splunk dominated in terms of logs and their presentation was more of a sales one – they didn’t see my Icinga 2 presentation before which emphasizes on the integration part. Logstash/ELK and Graylog are far beyond Splunk in my humble opinion – at least from what I’ve seen during the meeting. Adding my own knowledge on several aspects on combining log monitoring with other tools (even the fancy sflow-to-elasticsearch project) from my managed service colleagues at NETWAYS worked out pretty well. I am confident that the participants will consider a closer look deeply into Icinga 2 as well as ELK / Graylog in the future.

It really was a pleasure being there, I am looking forward to future meetings – and even more NRENs already using Icinga 2 :-)

Icinga 1.13.0 released

logo_icingaWhile you may have seen a lot of updates in our 2.x development head, Icinga 1.x is still alive and being patched and bug-fixed. Some smaller features have also been incorporated into 1.13.0 so consider upgrading your existing installation.

 

Changelog Core, IDOUtils, Classic UI

CHANGES

  • Remove deprecated event_profiling_enabled from icinga.cfg
  • Remove deprecated broker_module from icinga.cfg (use module object configuration instead)
  • Add module config examples in modules/ directory (livestatus, mod_gearman, pnp4nagios, flapjack)
  • Move contrib/downtimes to tools/downtimes and add ‘make install-downtimes’

FEATURES

  • Feature #1867: Recurring Downtimes
  • Feature #6353: deprecate icinga.cfg:broker_module; add more module examples
  • Feature #8007: Implement an option to disable transactions
  • Feature #8139: Add functions for registering file descriptors closed on fork()
  • Feature #8140: Add Check Result List Mutex for NEB modules
  • Feature #8426: Remove constraint from *dependencies tables
  • Feature #8440: Enhance idomod logging

FIXES

  • Bug #6263: Race condition in init.d scripts’ stop
  • Bug #6762: Icinga crashes when “args” attribute is not specified for modules
  • Bug #7004: GET form param has no effect on cmd.cgi acks (again)
  • Bug #8202: Cool tip text for refresh of hosts and services says “I’m so lonely up here. Where should I go?”
  • Bug #8441: require the ‘config_file’ argument in idomod modules configuration
  • Bug #8445: cmd.cgi use_ack_end_time param does not enable tickbox in form

Download icinga-1.13.0 here.

Changelog Web

Security

  • Ewoud Kohl van Wijngaarden found a way for an SQL injection in Icinga Web’s API. An authenticated user could inject SQL code via a crafted JSON filter (#7924, CVE-2015-2685)

We recommend to update your installation to 1.13.0 as the features are minimal invasive.

Notable changes and features

  • The log now contains the ip address of a user login failed, or the user just logged in and out (#7357)
  • We implemented a command log that contains any command that is send to the Icinga core by an user – written to a separate log file command-20XX-XX-XX.log (#7893)
  • (Bug) Acknowledgments where sent without a proper sticky declaration. This problem has been fixed and host or service acknowledgments are now sticky by default – what it should and was intended to be. (#5838 #7003) Please review our documentation if you are not sure what sticky means.
  • Grids can now display customvariables. Because customvariables are customised on every installation, this feature is disabled by default. See  doc/grids_and_customvars.md for further information.

Other bugs

  • When using Kerberos authentication in a web server a user could receive all credentials when he had a role that had no credentials set (#7892) In our tests that only happens with Kerberos users.
  • When a user could not be imported during login the database exception was not generated correctly (#8301)
  • Don’t contact more authentication providers than necessary during login. Thanks to Victor Hahn (#8341)
  • Fixed the irritating error during application state reset (#8523) The state was always cleared, but an error popped up for the user.

Download icinga-web-1.13.0 here.