Icinga 2 v2.5 released

We’ve come a long way with our new release Icinga 2 v2.5. After the 2.4 release in November we’ve focussed on fixing many of the remaining bugs. 2.5 isn’t just a feature release – it includes all the bugfixes from the past months.

 

InfluxDB

vagrant_icinga2_influxdb_grafanaA big thank you to Simon Murray & DataCentred for contributing the new InfluxDB feature! Dive into the documentation details or just try it out yourself. We’ve also added a new Vagrant box “icinga2x-influxdb” just for Icinga 2, InfluxDB and Grafana :)

 

Timeperiod Excludes

Don’t want to be notified during the holidays? Add an on-call exclusion for a specific time period? We’re really happy that Phillipp Dallig contributed the long awaited time period exclusion and inclusion feature to Icinga 2. You’ll also find updated examples for specific time ranges in the documentation.

 

IDO Performance

The IDO database feature now supports an incremental config dump. Future restarts only update what really changed instead of a full config dump. This tremendously decreases the database reconnect time on restart making it 10 times (!) faster than before. We’ve tested this with large scale customer environments (Example with 60k services, 2000 clients, 60k dependencies running in an HA cluster).

2.4.10

[2016-08-17 13:06:03 +0200] information/IdoMysqlConnection: Finished reconnecting to MySQL IDO database in 320.08 second(s).

2.5.0

[2016-08-17 14:31:17 +0200] information/IdoMysqlConnection: Finished reconnecting to MySQL IDO database in 29.4937 second(s).

 

API

There are two new endpoints added which allow you to fetch global variables (/v1/variables) as well as defined template names (/v1/templates). Notification state and type filters can now be specified as string values (e.g. “OK”).

There’s also a new API action /v1/actions/generate-ticket which allows you to fetch the ticket required for client setups with CSR auto-signing. That way your automated setups will work like a breeze – make sure to check the updated documentation bits too.

 

Cluster

We’ve fixed a bug where one faulty client would cause other clients to disconnect. While analysing cluster stability issues we’ve also added more detailed log messages. There is a known issue with messages routing for zones with more than two endpoints – we recommend to only have two endpoints in a zone for now.

Uwe Ebel contributed the API/Cluster configuration attributes for the accept cipher list as well as the minimum TLS version – thanks a lot!

 

Documentation

icinga2_distributed_automation_docker_clientWe weren’t happy with the documentation chapters explaining how the cluster works and how the Icinga 2 client has to be installed. It was complicated and our community channels were literally flooded with questions. We’ve taken the hard road and purged away the old content.

You’ll now find two new chapters inside the documentation:

  • Service Monitoring – a good starting point for plugin integration and more examples based on the numerous CheckCommand definitions (thanks everyone for contributing!).
  • Distributed Monitoring with Master, Satellites and Clients – from roles to zones to setup to configuration modes (“top down” and “bottom up”) to scenarios. All done with real-world examples and newly added images helping you getting your distributed environment going.

The distributed monitoring chapter also explains how to automate your client setup in a Docker client by example. We’ve also made sure to add best practices and advanced hints which we learned from you, our community :)

 

More Release Highlights

  • Debian and RHEL packages for vim/nano syntax highlighting.
  • DateTime type for formatting timestamps in the configuration DSL.
  • Performance improvements for config validation.
  • Many bugfixes for check execution, notifications, downtimes, etc.

 

Changes

When upgrading your distributed environment ensure to upgrade your master and satellite instances to v2.5 first. Clients using v2.4.x may still work, but should be upgraded as well.

An IDO database schema update is required (2.5.0.sql). The categories attribute requires the array notation (deprecation warning is logged).

The icinga2.conf file includes plugins-contrib, manubulon, nscp, windows-plugin by default on new installations. This helps deploying checks even more easy but may collide with your own CheckCommands synced in global zones.

 

Update Icinga 2

Prior to upgrading your production environment you should test the new release in your staging environment as always. Make sure to read the full Changelog. Note: There was a release critical bug in 2.5.0 so we decided to go for a fixed 2.5.1 release.

Note, 2nd: The notification bug was not fully fixed. Go for 2.5.2 including this fix and one for gruop members in DB IDO.

Updated packages are available soon.

Special thanks to all contributors and testers making Icinga 2 v2.5 great! Simon, Philipp, Uwe, Rune, Tobias, Blerim, Bernd, Eric, Markus, Hannes, Dirk, Matthias, Emanuel … you know who you are :)

vim, Puppet, Vagrant and Icinga 2 syntax highlighting

vim is my preferred editor after all. Even I hack Icinga 2 code with vim way faster than any other interface. vim requires some configuration love of course.

Many distributions do not install vim or set it as default editor. In the Git training sessions on Debian/Ubuntu we’ll have a lab for making vim the default for example. Inside the CentOS base box used for the Icinga 2 Vagrant boxes I’ll also ensure via puppet manifest to install the vim package.

Now for the configuration bits – one keeps a local $HOME/.vimrc with own customizations. That works fine for your own workstation but what if you want to automate such setups and distribute a custom vimrc config on all your servers? You could keep just a file and sync that using Puppet manifests of course. But what about the mentioned default editor settings? And you do not want to break anything with a syntax error?

I’ve found this puppet-vim module pretty nifty and helpful. The most recent commit inside the Vagrant boxes uses it already.

class { 'vim':
  opt_bg_shading => 'light',
}

There are many other options available such as setting it as default editor on Debian. To mention some more:

  • opt_nocompatible
  • opt_bg_shading – I prefer a light background, also easier on a beamer for an Icinga Camp demo
  • opt_lastposition – jump to the last position when opening a file. I definitely want that everywhere.
  • opt_syntax – enable syntax highlighting. On older systems or Debian this is disabled by default.
  • opt_misc – sets some interesting default values for incremental search, etc.:
    [‘hlsearch’,’showcmd’,’showmatch’,’ignorecase’,’smartcase’,’incsearch’,’autowrite’,’hidden’]

In case you ask – why do you care so much about vim? I wanted to integrate the new Icinga 2 vim syntax highlighting packages into the Vagrant boxes. Just install “vim-icinga2” (currently snapshot packages, available with 2.5.0) and you’re ready to go. This is also part of our Icinga 2 training sessions helping you to understand keywords and object definitions far more easy.

  package { 'vim-icinga2':
    ensure => 'latest',
    require => [ Class['icinga_rpm'], Class['vim'] ],
    alias => 'vim-icinga2'
  }

Enjoy vim everywhere :-)

vagrant_icinga2_vim_syntax_highlighting

Icinga Web 2 v2.3.4, v2.2.2 and v2.1.4 Releases

We’re happy to announce the releases of the Icinga Web 2 versions 2.3.4, 2.2.2 and 2.1.4.

Besides some minor bug fixes, Icinga Web 2 version 2.3.4 tackles problems with external links and HTML in plugin output. Those were no longer rendered correctly in the previous version. You’ll find all issues for version 2.3.4 over here.

All released versions fix the possibility of remote code execution via the remote command transport. Thanks to you guys for reporting this issue. If you’re using the remote command transport, make sure to upgrade as soon as possible.

As usual you can get the packages here or check out our releases from Github.

If you’re wondering what happened with version 2.3.3, we had some packaging problems which forced us to increase the version number.

Icinga 2 v2.4.9 bugfix release

We’ve just released another minor version which fixes a few more bugs:

What’s New in Version 2.4.9

Bugfixes

  • Bug 11801 (Perfdata): Error: Function call ‘rename’ for file ‘/var/spool/icinga2/tmp/service-perfdata’ failed with error code 2, ‘No such file or directory’
  • Bug 11804 (Configuration): Segfault when trying to start 2.4.8
  • Bug 11807 (Compat): Command Pipe thread 100% CPU Usage

Icinga 2 v2.4.8 bugfix release

We’ve just released another new minor version for Icinga 2. Some of the highlights for this version include the ability to limit the maximum number of concurrent checks that are run by Icinga. There are also a rather large number of bugfixes.

Packages for 2.4.8 should be available shortly. Here’s the list of all changes for this version:

What’s New in Version 2.4.8

Changes

* Bugfixes
* Support for limiting the maximum number of concurrent checks (new configuration option)
* HA-aware features now wait for connected cluster nodes in the same zone (e.g. DB IDO)
* The ‘icinga’ check now alerts on failed reloads

Feature

  • Feature 8137 (Checker): Maximum concurrent service checks
  • Feature 9236 (Perfdata): PerfdataWriter: Better failure handling for file renames across file systems
  • Feature 9997 (libmethods): “icinga” check should have state WARNING when the last reload failed
  • Feature 10581 (ITL): Provide icingacli in the ITL
  • Feature 11556 (libbase): Add support for subjectAltName in SSL certificates
  • Feature 11651 (CLI): Implement SNI support for the CLI commands
  • Feature 11720 (ITL): ‘disk’ CheckCommand: Exclude ‘cgroup’ and ‘tracefs’ by default
  • Feature 11748 (Cluster): Remove unused cluster commands
  • Feature 11765 (Cluster): Only activate HARunOnce objects once there’s a cluster connection
  • Feature 11768 (Documentation): Add the category to the generated changelog

Bugfixes

  • Bug 9989 (Configuration): Service apply without name possible
  • Bug 10426 (libicinga): Icinga crashes with a segfault on receiving a lot of check results for nonexisting hosts/services
  • Bug 10717 (Configuration): Comments and downtimes of deleted checkable objects are not deleted
  • Bug 11046 (Cluster): Icinga2 agent gets stuck after disconnect and won’t relay messages
  • Bug 11112 (Compat): Empty author/text attribute for comment/downtimes external commands causing crash
  • Bug 11147 (libicinga): “day -X” time specifications are parsed incorrectly
  • Bug 11158 (libicinga): Crash with empty ScheduledDowntime ‘ranges’ attribute
  • Bug 11374 (API): Icinga2 API: deleting service with cascade=1 does not delete dependant notification
  • Bug 11390 (Compat): Command pipe overloaded: Can’t send external Icinga command to the local command file
  • Bug 11396 (API): inconsistent API /v1/objects/* response for PUT requests
  • Bug 11589 (libicinga): notification sent out during flexible downtime
  • Bug 11645 (Documentation): Incorrect chapter headings for Object#to_string and Object#type
  • Bug 11646 (Configuration): Wrong log severity causes segfault
  • Bug 11686 (API): Icinga Crash with the workflow Create_Host-> Downtime for the Host -> Delete Downtime -> Remove Host
  • Bug 11711 (libicinga): Expired downtimes are not removed
  • Bug 11714 (libbase): Crash in UnameHelper
  • Bug 11742 (Documentation): Missing documentation for event commands w/ execution bridge
  • Bug 11757 (API): API: Missing error handling for invalid JSON request body
  • Bug 11767 (DB IDO): Ensure that program status updates are immediately updated in DB IDO
  • Bug 11779 (API): Incorrect variable names for joined fields in filters

Icinga Web 2 v2.3.2, v2.2.0 and v2.1.3 hotfix releases

These ones are security-releases fixing a privilege escalation issue in the monitoring module for authenticated users. (thanks to Michael Günther from Recurity Labs for discovering this issue and to gbretsch for reporting it)
New packages for them are in progress.

What’s New in Version 2.1.3

Bugfixes

  • Fix a privilege escalation issue in the monitoring module for authenticated users

What’s New in Version 2.2.1

Bugfixes

  • Fix a privilege escalation issue in the monitoring module for authenticated users

What’s New in Version 2.3.2

Feature

  • Feature 11629: Simplified event-history date and time representation

Bugfixes

  • Fix a privilege escalation issue in the monitoring module for authenticated users
  • Bug 10486: Menu rendering fails when no monitoring backend was configured
  • Bug 10847: Warn about illogical dates
  • Bug 10848: Can’t change items per page if filter is in modify state
  • Bug 11392: Can’t configure monitoring backend via the web interface when no monitoring backend was configured