diff --git a/AUTHORS b/AUTHORS index 895a281d1d6..778b6529c8a 100644 --- a/AUTHORS +++ b/AUTHORS @@ -52,6 +52,7 @@ Christian Gut Christian Harke Christian Jonak Christian Lehmann +Christian Lauf Christian Loos Christian Schmidt Christopher Peterson <3893680+cspeterson@users.noreply.github.com> @@ -134,6 +135,7 @@ Jochen Friedrich Johannes Meyer Jonas Meurer Jordi van Scheijen +Josef Friedrich Joseph L. Casale jre3brg Julian Brost @@ -207,6 +209,7 @@ mocruz Muhammad Mominul Huque nemtrif Nicolai +Nicolas Berens Nicolas Limage Nicole Lang Niflou @@ -221,6 +224,7 @@ Patrick Dolinic Patrick Huy Paul Denning Paul Richards +Pavel Motyrev Pawel Szafer Per von Zweigbergk Peter Eckel <6815386+peteeckel@users.noreply.github.com> diff --git a/doc/01-about.md b/doc/01-about.md index 4a665534a8f..73e163bae42 100644 --- a/doc/01-about.md +++ b/doc/01-about.md @@ -67,4 +67,3 @@ Read more about development builds in the [development chapter](21-development.m Icinga 2 and the Icinga 2 documentation are licensed under the terms of the GNU General Public License Version 2. You will find a copy of this license in the LICENSE file included in the source package. - diff --git a/doc/02-installation.md b/doc/02-installation.md index fe9a45049e9..35a7aef1422 100644 --- a/doc/02-installation.md +++ b/doc/02-installation.md @@ -14,9 +14,16 @@ In case you are upgrading an existing setup, please ensure to follow the [upgrade documentation](16-upgrading-icinga-2.md#upgrading-icinga-2). + ## Add Icinga Package Repository -We recommend using our official repositories. Here's how to add it to your system: +We recommend using our official repositories. + +All the following commands should be executed as the root user. +As pipes and nested commands are used, it is recommended to switch to a root user session, e.g., using `sudo -i`. + +Here's how to add it to your system: + @@ -24,9 +31,13 @@ We recommend using our official repositories. Here's how to add it to your syste ```bash apt update -apt -y install apt-transport-https wget gnupg +apt -y install apt-transport-https wget -wget -O - https://packages.icinga.com/icinga.key | gpg --dearmor -o /usr/share/keyrings/icinga-archive-keyring.gpg +wget -O icinga-archive-keyring.deb "https://packages.icinga.com/icinga-archive-keyring_latest+debian$( + . /etc/os-release; echo "$VERSION_ID" +).deb" + +apt install ./icinga-archive-keyring.deb DIST=$(awk -F"[)(]+" '/VERSION=/ {print $2}' /etc/os-release); \ echo "deb [signed-by=/usr/share/keyrings/icinga-archive-keyring.gpg] https://packages.icinga.com/debian icinga-${DIST} main" > \ @@ -36,21 +47,6 @@ DIST=$(awk -F"[)(]+" '/VERSION=/ {print $2}' /etc/os-release); \ apt update ``` - -#### Debian Backports Repository - -This repository is required for Debian Stretch since Icinga v2.11. - -Debian Stretch: - -```bash -DIST=$(awk -F"[)(]+" '/VERSION=/ {print $2}' /etc/os-release); \ - echo "deb https://deb.debian.org/debian ${DIST}-backports main" > \ - /etc/apt/sources.list.d/${DIST}-backports.list - -apt update -``` - @@ -58,9 +54,13 @@ apt update ```bash apt update -apt -y install apt-transport-https wget gnupg +apt -y install apt-transport-https wget + +wget -O icinga-archive-keyring.deb "https://packages.icinga.com/icinga-archive-keyring_latest+ubuntu$( + . /etc/os-release; echo "$VERSION_ID" +).deb" -wget -O - https://packages.icinga.com/icinga.key | gpg --dearmor -o /usr/share/keyrings/icinga-archive-keyring.gpg +apt install ./icinga-archive-keyring.deb . /etc/os-release; if [ ! -z ${UBUNTU_CODENAME+x} ]; then DIST="${UBUNTU_CODENAME}"; else DIST="$(lsb_release -c| awk '{print $2}')"; fi; \ echo "deb [signed-by=/usr/share/keyrings/icinga-archive-keyring.gpg] https://packages.icinga.com/ubuntu icinga-${DIST} main" > \ @@ -72,41 +72,6 @@ apt update ``` - -### Raspbian Repository - -```bash -apt update -apt -y install apt-transport-https wget gnupg - -wget -O - https://packages.icinga.com/icinga.key | gpg --dearmor -o /usr/share/keyrings/icinga-archive-keyring.gpg - -DIST=$(awk -F"[)(]+" '/VERSION=/ {print $2}' /etc/os-release); \ - echo "deb [signed-by=/usr/share/keyrings/icinga-archive-keyring.gpg] https://packages.icinga.com/raspbian icinga-${DIST} main" > \ - /etc/apt/sources.list.d/icinga.list - echo "deb-src [signed-by=/usr/share/keyrings/icinga-archive-keyring.gpg] https://packages.icinga.com/raspbian icinga-${DIST} main" >> \ - /etc/apt/sources.list.d/icinga.list - -apt update -``` - - - -### CentOS Repository - -```bash -rpm --import https://packages.icinga.com/icinga.key -wget https://packages.icinga.com/centos/ICINGA-release.repo -O /etc/yum.repos.d/ICINGA-release.repo -``` - -The packages for CentOS depend on other packages which are distributed -as part of the [EPEL repository](https://fedoraproject.org/wiki/EPEL): - -```bash -yum install epel-release -``` - - ### RHEL Repository @@ -118,7 +83,6 @@ yum install epel-release Don't forget to fill in the username and password section with your credentials in the local .repo file. ```bash -rpm --import https://packages.icinga.com/icinga.key wget https://packages.icinga.com/subscription/rhel/ICINGA-release.repo -O /etc/yum.repos.d/ICINGA-release.repo ``` @@ -150,7 +114,6 @@ yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.r ### Fedora Repository ```bash -rpm --import https://packages.icinga.com/icinga.key dnf install -y 'dnf-command(config-manager)' dnf config-manager --add-repo https://packages.icinga.com/fedora/$(. /etc/os-release; echo "$VERSION_ID")/release ``` @@ -167,8 +130,6 @@ dnf config-manager --add-repo https://packages.icinga.com/fedora/$(. /etc/os-rel Don't forget to fill in the username and password section with your credentials in the local .repo file. ```bash -rpm --import https://packages.icinga.com/icinga.key - zypper ar https://packages.icinga.com/subscription/sles/ICINGA-release.repo zypper ref ``` @@ -186,17 +147,9 @@ SUSEConnect -p PackageHub/$VERSION_ID/x86_64 ### openSUSE Repository ```bash -rpm --import https://packages.icinga.com/icinga.key - zypper ar https://packages.icinga.com/openSUSE/ICINGA-release.repo zypper ref ``` - -You need to additionally add the `server:monitoring` repository to fulfill dependencies: - -```bash -zypper ar https://download.opensuse.org/repositories/server:/monitoring/15.3/server:monitoring.repo -``` @@ -210,7 +163,6 @@ zypper ar https://download.opensuse.org/repositories/server:/monitoring/15.3/ser Don't forget to fill in the username and password section with your credentials in the local .repo file. ```bash -rpm --import https://packages.icinga.com/icinga.key wget https://packages.icinga.com/subscription/amazon/ICINGA-release.repo -O /etc/yum.repos.d/ICINGA-release.repo ``` @@ -239,36 +191,21 @@ You can install Icinga 2 by using your distribution's package manager to install the `icinga2` package. The following commands must be executed with `root` permissions unless noted otherwise. - + !!! tip If you have [SELinux](22-selinux.md) enabled, the package `icinga2-selinux` is also required. - + -#### Debian / Ubuntu / Raspbian / Raspberry Pi OS +#### Debian / Ubuntu / Raspberry Pi OS ```bash apt install icinga2 ``` - - -#### CentOS - -!!! info - - Note that installing Icinga 2 is only supported on CentOS 7 as CentOS 8 is EOL. - -```bash -yum install icinga2 -systemctl enable icinga2 -systemctl start icinga2 -``` - - #### RHEL 8 or Later @@ -357,26 +294,15 @@ to determine where to find the plugin binaries. additional check plugins into your Icinga 2 setup. - + -#### Debian / Ubuntu / Raspbian / Raspberry Pi OS +#### Debian / Ubuntu / Raspberry Pi OS ```bash apt install monitoring-plugins ``` - - -#### CentOS - -The packages for CentOS depend on other packages which are distributed as part of the EPEL repository. - -```bash -yum install nagios-plugins-all -``` - - #### RHEL @@ -464,7 +390,7 @@ Restart Icinga 2 for these changes to take effect. systemctl restart icinga2 ``` - + ## Set up Icinga DB Icinga DB is a set of components for publishing, synchronizing and @@ -516,20 +442,6 @@ yum install icingadb-redis ``` - - -##### CentOS - - -!!! info - - Note that installing Icinga DB Redis is only supported on CentOS 7 as CentOS 8 is EOL. - -```bash -yum install icingadb-redis -``` - - ##### Debian / Ubuntu / Raspberry Pi OS @@ -643,9 +555,6 @@ you have completed the instructions here and can proceed to [install the Icinga DB daemon on Amazon Linux](https://icinga.com/docs/icinga-db/latest/doc/02-Installation/01-Amazon-Linux/#installing-icinga-db-package), - -[install the Icinga DB daemon on CentOS](https://icinga.com/docs/icinga-db/latest/doc/02-Installation/02-CentOS/#installing-icinga-db-package), - [install the Icinga DB daemon on Debian](https://icinga.com/docs/icinga-db/latest/doc/02-Installation/03-Debian/#installing-icinga-db-package), diff --git a/doc/02-installation.md.d/03-Raspbian.md b/doc/02-installation.md.d/03-Raspbian.md deleted file mode 100644 index fc48d6c67f5..00000000000 --- a/doc/02-installation.md.d/03-Raspbian.md +++ /dev/null @@ -1,3 +0,0 @@ -# Install Icinga 2 on Raspbian - - diff --git a/doc/02-installation.md.d/05-CentOS.md b/doc/02-installation.md.d/05-CentOS.md deleted file mode 100644 index 4d766b21c5e..00000000000 --- a/doc/02-installation.md.d/05-CentOS.md +++ /dev/null @@ -1,3 +0,0 @@ -# Install Icinga 2 on CentOS - - diff --git a/doc/03-monitoring-basics.md b/doc/03-monitoring-basics.md index 06ea0c166aa..f36b8ec59fd 100644 --- a/doc/03-monitoring-basics.md +++ b/doc/03-monitoring-basics.md @@ -1599,7 +1599,7 @@ A common pattern is to store the users and user groups on the host or service objects instead of the notification object itself. -The sample configuration provided in [hosts.conf](04-configuration.md#hosts-conf) and [notifications.conf](notifications-conf) +The sample configuration provided in [hosts.conf](04-configuration.md#hosts-conf) and [notifications.conf](04-configuration.md#notifications-conf) already provides an example for this question. > **Tip** @@ -2729,7 +2729,7 @@ Requirements: * Icinga 2 as client on the remote node * icinga user with sudo permissions to the httpd daemon -Example on CentOS 7: +Example on RHEL: ``` # visudo diff --git a/doc/05-service-monitoring.md b/doc/05-service-monitoring.md index 097fb118476..e798b303e06 100644 --- a/doc/05-service-monitoring.md +++ b/doc/05-service-monitoring.md @@ -51,7 +51,7 @@ described. Try running the plugin after setup and [ensure it works](05-service-m Prior to using the check plugin with Icinga 2 you should ensure that it is working properly by trying to run it on the console using whichever user Icinga 2 is running as: -RHEL/CentOS/Fedora +RHEL/Fedora ```bash sudo -u icinga /usr/lib64/nagios/plugins/check_mysql_health --help @@ -111,7 +111,7 @@ Can't locate Net/SNMP.pm in @INC (you may need to install the Net::SNMP module) Prior to installing the Perl module via CPAN, look for a distribution specific package, e.g. `libnet-snmp-perl` on Debian/Ubuntu or `perl-Net-SNMP` -on RHEL/CentOS. +on RHEL. #### Optional: Custom Path diff --git a/doc/06-distributed-monitoring.md b/doc/06-distributed-monitoring.md index 5d4db15e548..b05f4a8c8a5 100644 --- a/doc/06-distributed-monitoring.md +++ b/doc/06-distributed-monitoring.md @@ -264,7 +264,7 @@ The setup wizard will ensure that the following steps are taken: * Update the [ApiListener](06-distributed-monitoring.md#distributed-monitoring-apilistener) and [constants](04-configuration.md#constants-conf) configuration. * Update the [icinga2.conf](04-configuration.md#icinga2-conf) to disable the `conf.d` inclusion, and add the `api-users.conf` file inclusion. -Here is an example of a master setup for the `icinga2-master1.localdomain` node on CentOS 7: +Here is an example of a master setup for the `icinga2-master1.localdomain` node: ``` [root@icinga2-master1.localdomain /]# icinga2 node wizard @@ -1031,9 +1031,7 @@ in `/etc/icinga2/icinga2.conf`. > Defaults to disabled. Now it is time to validate the configuration and to restart the Icinga 2 daemon -on both nodes. - -Example on CentOS 7: +on both nodes: ``` [root@icinga2-agent1.localdomain /]# icinga2 daemon -C @@ -1112,7 +1110,8 @@ Save the changes and validate the configuration on the master node: ``` [root@icinga2-master1.localdomain /]# icinga2 daemon -C ``` -Restart the Icinga 2 daemon (example for CentOS 7): + +Restart the Icinga 2 daemon: ``` [root@icinga2-master1.localdomain /]# systemctl restart icinga2 @@ -1221,9 +1220,7 @@ object ApiListener "api" { ``` Now it is time to validate the configuration and to restart the Icinga 2 daemon -on both nodes. - -Example on CentOS 7: +on both nodes: ``` [root@icinga2-satellite1.localdomain /]# icinga2 daemon -C @@ -1285,7 +1282,7 @@ Save the changes and validate the configuration on the master node: [root@icinga2-master1.localdomain /]# icinga2 daemon -C ``` -Restart the Icinga 2 daemon (example for CentOS 7): +Restart the Icinga 2 daemon: ``` [root@icinga2-master1.localdomain /]# systemctl restart icinga2 @@ -3134,7 +3131,7 @@ object Endpoint "icinga2-master2.localdomain" { > **Note** > > This is required if you decide to change an already running single endpoint production -> environment into a HA-enabled cluster zone with two endpoints. +> environment into an HA-enabled cluster zone with two endpoints. > The [initial setup](06-distributed-monitoring.md#distributed-monitoring-scenarios-ha-master-clients) > with 2 HA masters doesn't require this step. @@ -3183,7 +3180,7 @@ Create a certificate signing request (CSR) for the local instance: Sign the CSR with the previously created CA: ``` -[root@icinga2-master1.localdomain /root]# icinga2 pki sign-csr --csr icinga2-master1.localdomain.csr --cert icinga2-master1.localdomain +[root@icinga2-master1.localdomain /root]# icinga2 pki sign-csr --csr icinga2-master1.localdomain.csr --cert icinga2-master1.localdomain.crt ``` Repeat the steps for all instances in your setup. @@ -3230,6 +3227,53 @@ information/pki: Writing certificate to file 'icinga2-satellite1.localdomain.crt Copy and move these certificates to the respective instances e.g. with SSH/SCP. +#### External CA/PKI + +Icinga works best with its own certificates. +The commands described above take care of the optimal certificate properties. +Also, Icinga renews them periodically at runtime to avoid expiry. +But you can also provide your own certificates, +just like to any other application which uses TLS. + +!!! warning + + The only serious reasons to generate own certificates are company policies. + You are responsible for making Icinga working with your certificates, + as well as for [expiry monitoring](10-icinga-template-library.md#plugin-check-command-ssl_cert) + and renewal. + + Especially `icinga2 pki` CLI commands do not expect such certificates. + + Also, do not provide your custom CA private key to Icinga 2! + Otherwise, it will automatically renew leaf certificates + with our hardcoded properties, not your custom ones. + +The CA certificate must be located in `/var/lib/icinga2/certs/ca.crt`. +The basic requirements for all leaf certificates are: + +* Located in `/var/lib/icinga2/certs/NODENAME.crt` + and `/var/lib/icinga2/certs/NODENAME.key` +* Subject with CN matching the endpoint name +* A DNS SAN matching the endpoint name + +Pretty much everything else is limited only by your company policy +and the OpenSSL versions your Icinga nodes use. E.g. the following works: + +* Custom key sizes, e.g. 2048 bits +* Custom key types, e.g. ECC +* Any number of intermediate CAs (but see limitations below) +* Multiple trusted root CAs in `/var/lib/icinga2/certs/ca.crt` +* Different root CAs per cluster subtree, as long as each node trusts the + certificate issuers of all nodes it's directly connected to + +Intermediate CA restrictions: + +* Each side has to provide its intermediate CAs along with the leaf certificate + in `/var/lib/icinga2/certs/NODENAME.crt`, ordered from leaf to root. +* Intermediate CAs may not be used directly as root CAs. To trust only specific + intermediate CAs, cross-sign them with themselves, so that you get equal + certificates except that they're self-signed. Use them as root CAs in Icinga. + ## Automation These hints should get you started with your own automation tools (Puppet, Ansible, Chef, Salt, etc.) diff --git a/doc/09-object-types.md b/doc/09-object-types.md index 93974ef7628..6b5d355abed 100644 --- a/doc/09-object-types.md +++ b/doc/09-object-types.md @@ -393,7 +393,6 @@ Runtime Attributes: last\_check\_result | CheckResult | The current [check result](08-advanced-topics.md#advanced-value-types-checkresult). last\_state\_change | Timestamp | When the last state change occurred (as a UNIX timestamp). last\_hard\_state\_change | Timestamp | When the last hard state change occurred (as a UNIX timestamp). - last\_in\_downtime | Boolean | Whether the host was in a downtime when the last check occurred. acknowledgement | Number | The acknowledgement type (0 = NONE, 1 = NORMAL, 2 = STICKY). acknowledgement\_expiry | Timestamp | When the acknowledgement expires (as a UNIX timestamp; 0 = no expiry). downtime\_depth | Number | Whether the host has one or more active downtimes. @@ -758,7 +757,6 @@ Runtime Attributes: last\_check\_result | CheckResult | The current [check result](08-advanced-topics.md#advanced-value-types-checkresult). last\_state\_change | Timestamp | When the last state change occurred (as a UNIX timestamp). last\_hard\_state\_change | Timestamp | When the last hard state change occurred (as a UNIX timestamp). - last\_in\_downtime | Boolean | Whether the service was in a downtime when the last check occurred. acknowledgement | Number | The acknowledgement type (0 = NONE, 1 = NORMAL, 2 = STICKY). acknowledgement\_expiry | Timestamp | When the acknowledgement expires (as a UNIX timestamp; 0 = no expiry). acknowledgement\_last\_change | Timestamp | When the acknowledgement has been set/cleared diff --git a/doc/10-icinga-template-library.md b/doc/10-icinga-template-library.md index a8d9c7b7f31..b11e53f55cd 100644 --- a/doc/10-icinga-template-library.md +++ b/doc/10-icinga-template-library.md @@ -75,8 +75,10 @@ plugin scripts. ### icinga -Check command for the built-in `icinga` check. This check returns performance -data for the current Icinga instance, reports as warning if the last reload failed and optionally allows for minimum version checks. +Check command for the built-in `icinga` check. This check returns performance data for the current Icinga instance, +reports as warning if the last reload or config sync failed and optionally allows for minimum version checks. + +For the config sync check to work, it must be run on the satellite or agent. Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters): @@ -3447,7 +3449,7 @@ thola_identify_discover_timeouts | **Optional.** The number of discover timeou > **Note**: > -> One of the variables `thola_identify_model`, `thola_identify_os_version`, +> One of the variables `thola_identify_model`, `thola_identify_os_version`, > `thola_identify_vendor` or `thola_identify_serial_number` must be set ##### thola-memory-usage diff --git a/doc/11-cli-commands.md b/doc/11-cli-commands.md index 457656cb08d..2fdcfc447c1 100644 --- a/doc/11-cli-commands.md +++ b/doc/11-cli-commands.md @@ -22,7 +22,7 @@ Supported commands: * api setup (setup for API) * ca list (lists all certificate signing requests) * ca restore (restores a removed certificate request) - * ca remove (removes an outstanding certificate request) + * ca remove (removes an outstanding certificate request) * ca sign (signs an outstanding certificate request) * console (Icinga debug console) * daemon (starts Icinga 2) @@ -73,7 +73,7 @@ RPM and Debian packages install the bash completion files into You need to install the `bash-completion` package if not already installed. -RHEL/CentOS/Fedora: +RHEL/Fedora: ```bash yum install bash-completion diff --git a/doc/12-icinga2-api.md b/doc/12-icinga2-api.md index e9bf226e993..c682befa836 100644 --- a/doc/12-icinga2-api.md +++ b/doc/12-icinga2-api.md @@ -115,7 +115,7 @@ You can also use [jq](https://stedolan.github.io/jq/) or `python -m json.tool` in combination with curl on the CLI. ```bash -curl ... | jq +curl ... | jq curl ... | python -m json.tool ``` @@ -566,7 +566,7 @@ created by the API. ### Querying Objects You can request information about configuration objects by sending -a `GET` query to the `/v1/objects/` URL endpoint. `` URL endpoint. `` has to be replaced with the plural name of the object type you are interested in: @@ -814,7 +814,7 @@ parameters need to be passed inside the JSON body: Parameters | Type | Description ------------------|--------------|-------------------------- - templates | Array | **Optional.** Import existing configuration templates for this object type. Note: These templates must either be statically configured or provided in [config packages](12-icinga2-api.md#icinga2-api-config-management)- + templates | Array | **Optional.** Import existing configuration templates for this object type. Note: These templates must either be statically configured or provided in [config packages](12-icinga2-api.md#icinga2-api-config-management). attrs | Dictionary | **Required.** Set specific object attributes for this [object type](09-object-types.md#object-types). ignore\_on\_error | Boolean | **Optional.** Ignore object creation errors and return an HTTP 200 status instead. @@ -951,7 +951,7 @@ list the latter in the `restore_attrs` parameter. E.g.: ```bash curl -k -s -S -i -u root:icinga -H 'Accept: application/json' \ -X POST 'https://localhost:5665/v1/objects/hosts/example.localdomain' \ - -d '{ "restore_attrs": [ "address", "vars.os" ] }, "pretty": true }' + -d '{ "restore_attrs": [ "address", "vars.os" ], "pretty": true }' ``` ```json @@ -1658,14 +1658,14 @@ Send a `POST` request to the URL endpoint `/v1/actions/execute-command`. --------------|------------|-------------- ttl | Number | **Required.** The time to live of the execution expressed in seconds. command_type | String | **Optional.** The command type: `CheckCommand` or `EventCommand` or `NotificationCommand`. Default: `EventCommand` - command | String | **Optional.** The command to execute. Its type must the same as `command_type`. It can be a macro string. Default: depending on the `command_type` it's either `$check_command$`, `$event_command$` or `$notification_command$` + command | String | **Optional.** The command to execute. Its type must the same as `command_type`. It can be a macro string. Default: depending on the `command_type` it's either `$check_command$`, `$event_command$` or `$notification_command$` endpoint | String | **Optional.** The endpoint to execute the command on. It can be a macro string. Default: `$command_endpoint$`. macros | Dictionary | **Optional.** Macro overrides. Default: `{}` - user | String | **Optional.** The user used for the notification command. + user | String | **Optional.** The user used for the notification command. notification | String | **Optional.** The notification used for the notification command. - + Example: - + ```bash curl -k -s -S -i -u root:icinga -H 'Accept: application/json' \ -X POST 'https://localhost:5665/v1/actions/execute-command' \ @@ -1879,6 +1879,32 @@ Example for all object events: timestamp | Timestamp | Unix timestamp when the event happened. downtime | Dictionary | Serialized [Downtime](09-object-types.md#objecttype-downtime) object. +#### Event Stream Type: ObjectCreated + +| Name | Type | Description | +|--------------|-----------|----------------------------------------------------------------| +| type | String | Event type `ObjectCreated`. | +| timestamp | Timestamp | Unix timestamp when the event happened. | +| object\_type | String | Type of the newly created object, such as `Host` or `Service`. | +| object\_name | String | The full name of the object. | + +#### Event Stream Type: ObjectModified + +| Name | Type | Description | +|--------------|-----------|-----------------------------------------------------------| +| type | String | Event type `ObjectModified`. | +| timestamp | Timestamp | Unix timestamp when the event happened. | +| object\_type | String | Type of the modified object, such as `Host` or `Service`. | +| object\_name | String | The full name of the object. | + +#### Event Stream Type: ObjectDeleted + +| Name | Type | Description | +|--------------|-----------|----------------------------------------------------------| +| type | String | Event type `ObjectDeleted`. | +| timestamp | Timestamp | Unix timestamp when the event happened. | +| object\_type | String | Type of the deleted object, such as `Host` or `Service`. | +| object\_name | String | The full name of the object. | ### Event Stream Filter @@ -2348,7 +2374,7 @@ Creation, modification and deletion of templates at runtime is not supported. ### Querying Templates You can request information about configuration templates by sending -a `GET` query to the `/v1/templates/` URL endpoint. `` URL endpoint. `` has to be replaced with the plural name of the object type you are interested in: @@ -2612,7 +2638,7 @@ Name | Language | Description [BitBar for OSX](https://getbitbar.com/plugins/Dev/Icinga2/icinga2.24m.py) | Python | macOS tray app for highlighting the host/service status [Icinga 2 Multistatus](https://chrome.google.com/webstore/detail/icinga-multi-status/khabbhcojgkibdeipanmiphceeoiijal/related) | - | Chrome Extension [Naglite4](https://github.com/wftech/icinga2-naglite4) | Python | Naglite3 rewrite using the Icinga 2 REST API. -[icinga-telegram-bot](https://github.com/joni1993/icinga-telegram-bot) | Python | Telegram Bot using the Icinga 2 REST API +[icinga-telegram-bot](https://github.com/joni1993/icinga-telegram-bot) | Python | Telegram Bot using the Icinga 2 REST API ### Manage Objects diff --git a/doc/13-addons.md b/doc/13-addons.md index c3823f53da3..f92982a9458 100644 --- a/doc/13-addons.md +++ b/doc/13-addons.md @@ -32,7 +32,7 @@ vim /etc/icinga2/conf.d/templates.conf Install the package `nano-icinga2` with your distribution's package manager. -**Note:** On Debian, Ubuntu, Raspbian and Raspberry Pi OS, the syntax files are installed with the `icinga2-common` package already. +**Note:** On Debian, Ubuntu and Raspberry Pi OS, the syntax files are installed with the `icinga2-common` package already. Copy the `/etc/nanorc` sample file to your home directory. diff --git a/doc/14-features.md b/doc/14-features.md index 19cb54b0142..6ad4d109522 100644 --- a/doc/14-features.md +++ b/doc/14-features.md @@ -52,7 +52,7 @@ Icinga DB is a set of components for publishing, synchronizing and visualizing monitoring data in the Icinga ecosystem, consisting of: * Icinga 2 with its `icingadb` feature enabled, - responsible for publishing monitoring data to a Redis server, i.e. configuration and its runtime updates, + responsible for publishing monitoring data to a Redis server, i.e. configuration and its runtime updates, check results, state changes, downtimes, acknowledgements, notifications, and other events such as flapping * The [Icinga DB daemon](https://icinga.com/docs/icinga-db), which synchronizes the data between the Redis server and a database @@ -106,7 +106,7 @@ The current naming schema is defined as follows. The [Icinga Web 2 Graphite modu depends on this schema. The default prefix for hosts and services is configured using -[runtime macros](03-monitoring-basics.md#runtime-macros)like this: +[runtime macros](03-monitoring-basics.md#runtime-macros) like this: ``` icinga2.$host.name$.host.$host.check_command$ @@ -815,16 +815,6 @@ apt-get install icinga2-ido-mysql default. You can skip the automated setup and install/upgrade the database manually if you prefer. -###### CentOS 7 - -!!! info - - Note that installing `icinga2-ido-mysql` is only supported on CentOS 7 as CentOS 8 is EOL. - -```bash -yum install icinga2-ido-mysql -``` - ###### RHEL 8 ```bash @@ -914,16 +904,6 @@ apt-get install icinga2-ido-pgsql You can skip the automated setup and install/upgrade the database manually if you prefer that. -###### CentOS 7 - -!!! info - - Note that installing `icinga2-ido-pgsql` is only supported on CentOS 7 as CentOS 8 is EOL. - -```bash -yum install icinga2-ido-pgsql -``` - ###### RHEL 8 ```bash diff --git a/doc/15-troubleshooting.md b/doc/15-troubleshooting.md index 4cc733854f7..5afbebea924 100644 --- a/doc/15-troubleshooting.md +++ b/doc/15-troubleshooting.md @@ -176,6 +176,64 @@ C:\> cd C:\ProgramData\icinga2\var\log\icinga2 C:\ProgramData\icinga2\var\log\icinga2> Get-Content .\debug.log -tail 10 -wait ``` +### Enable/Disable Debug Output on the fly + +The `debuglog` feature can also be created and deleted at runtime without having to restart Icinga 2. +Technically, this is possible because this feature is a [FileLogger](09-object-types.md#objecttype-filelogger) +that can be managed through the [API](12-icinga2-api.md#icinga2-api-config-objects). + +This is a good alternative to `icinga2 feature enable debuglog` as object +creation/deletion via API happens immediately and requires no restart. + +The above matters in setups large enough for the reload to take a while. +Especially these produce a lot of debug log output until disabled again. + +!!! info + + In case of [an HA zone](06-distributed-monitoring.md#distributed-monitoring-scenarios-ha-master-agents), + the following API examples toggle the feature on both nodes. + +#### Enable Debug Output on the fly + +```bash +curl -k -s -S -i -u root:icinga -H 'Accept: application/json' \ + -X PUT 'https://localhost:5665/v1/objects/fileloggers/on-the-fly-debug-file' \ + -d '{ "attrs": { "severity": "debug", "path": "/var/log/icinga2/on-the-fly-debug.log" }, "pretty": true }' +``` + +```json +{ + "results": [ + { + "code": 200.0, + "status": "Object was created." + } + ] +} +``` + +#### Disable Debug Output on the fly + +This works only for debug loggers enabled on the fly as above! + +```bash +curl -k -s -S -i -u root:icinga -H 'Accept: application/json' \ + -X DELETE 'https://localhost:5665/v1/objects/fileloggers/on-the-fly-debug-file?pretty=1' +``` + +```json +{ + "results": [ + { + "code": 200.0, + "name": "on-the-fly-debug-file", + "status": "Object was deleted.", + "type": "FileLogger" + } + ] +} +``` + ## Icinga starts/restarts/reloads very slowly ### Try swapping out the allocator @@ -878,7 +936,7 @@ actively attempts to schedule and execute checks. Otherwise the node does not fe } ``` -You may ask why this analysis is important? Fair enough - if the numbers are not inverted in a HA zone +You may ask why this analysis is important? Fair enough - if the numbers are not inverted in an HA zone with two members, this may give a hint that the cluster nodes are in a split-brain scenario, or you've found a bug in the cluster. @@ -1640,6 +1698,9 @@ Typical errors are: * The api feature doesn't [accept config](06-distributed-monitoring.md#distributed-monitoring-top-down-config-sync). This is logged into `/var/lib/icinga2/icinga2.log`. * The received configuration zone is not configured in [zones.conf](04-configuration.md#zones-conf) and Icinga denies it. This is logged into `/var/lib/icinga2/icinga2.log`. * The satellite/agent has local configuration in `/etc/icinga2/zones.d` and thinks it is authoritive for this zone. It then denies the received update. Purge the content from `/etc/icinga2/zones.d`, `/var/lib/icinga2/api/zones/*` and restart Icinga to fix this. +* Configuration parts stored outside of `/etc/icinga2/zones.d` on the master, for example a constant in `/etc/icinga2/constants.conf`, are then missing on the satellite/agent. + +Note that if set up, the [built-in icinga CheckCommand](10-icinga-template-library.md#icinga) will notify you in case the config sync wasn't successful. #### New configuration does not trigger a reload diff --git a/doc/17-language-reference.md b/doc/17-language-reference.md index 5686d558af1..53bea28a3a5 100644 --- a/doc/17-language-reference.md +++ b/doc/17-language-reference.md @@ -97,6 +97,7 @@ Character | Escape sequence --------------------------|------------------------------------ " | \\" \\ | \\\\ +$ | $$ <TAB> | \\t <CARRIAGE-RETURN> | \\r <LINE-FEED> | \\n @@ -107,6 +108,10 @@ In addition to these pre-defined escape sequences you can specify arbitrary ASCII characters using the backslash character (\\) followed by an ASCII character in octal encoding. +In Icinga 2, the `$` character is reserved for resolving [runtime macros](03-monitoring-basics.md#runtime-macros). +However, in situations where a string that isn't intended to be used as a runtime macro contains the `$` character, +it is necessary to escape it with another `$` character. + ### Multi-line String Literals Strings spanning multiple lines can be specified by enclosing them in diff --git a/doc/18-library-reference.md b/doc/18-library-reference.md index feb5d5d43c8..592178664c9 100644 --- a/doc/18-library-reference.md +++ b/doc/18-library-reference.md @@ -1648,9 +1648,9 @@ Example: function set_x(val) { this.x = val } - + dict = {} - + set_x.call(dict, 7) /* Invokes set_x using `dict` as `this` */ ``` @@ -1671,7 +1671,7 @@ Example: function set_x(val) { this.x = val } - + var dict = {} var args = [ 7 ] diff --git a/doc/19-technical-concepts.md b/doc/19-technical-concepts.md index b3a05617038..de68bdd6320 100644 --- a/doc/19-technical-concepts.md +++ b/doc/19-technical-concepts.md @@ -651,7 +651,7 @@ authority = endpoints[Utility::SDBM(object->GetName()) % endpoints.size()] == my that by querying the `paused` attribute for all objects via REST API or debug console on both endpoints. -Endpoints inside a HA zone calculate the object authority independent from each other. +Endpoints inside an HA zone calculate the object authority independent from each other. This object authority is important for selected features explained below. Since features are configuration objects too, you must ensure that all nodes @@ -1887,7 +1887,7 @@ source | String | The execution UUID Special handling, calls `ClusterEvents::EnqueueCheck()` for command endpoint checks. This function enqueues check tasks into a queue which is controlled in `RemoteCheckThreadProc()`. -If the `endpoint` parameter is specified and is not equal to the local endpoint then the message is forwarded to the correct endpoint zone. +If the `endpoint` parameter is specified and is not equal to the local endpoint then the message is forwarded to the correct endpoint zone. ##### Permissions @@ -1932,7 +1932,7 @@ executions | Dictionary | Executions to be updated ##### Functions **Event Sender:** `ClusterEvents::ExecutedCommandAPIHandler`, `ClusterEvents::UpdateExecutionsAPIHandler`, `ApiActions::ExecuteCommand` -**Event Receiver:** `ClusterEvents::UpdateExecutionsAPIHandler` +**Event Receiver:** `ClusterEvents::UpdateExecutionsAPIHandler` ##### Permissions @@ -1962,7 +1962,7 @@ Key | Type | Description host | String | Host name. service | String | Service name. execution | String | The execution ID executed. -exitStatus | Number | The command exit status. +exitStatus | Number | The command exit status. output | String | The command output. start | Number | The unix timestamp at the start of the command execution end | Number | The unix timestamp at the end of the command execution @@ -1970,7 +1970,7 @@ end | Number | The unix timestamp at the end of the command ex ##### Functions **Event Sender:** `ClusterEvents::ExecuteCheckFromQueue`, `ClusterEvents::ExecuteCommandAPIHandler` -**Event Receiver:** `ClusterEvents::ExecutedCommandAPIHandler` +**Event Receiver:** `ClusterEvents::ExecutedCommandAPIHandler` ##### Permissions diff --git a/doc/21-development.md b/doc/21-development.md index 27387f23567..13d3207d9ba 100644 --- a/doc/21-development.md +++ b/doc/21-development.md @@ -48,7 +48,7 @@ or `icinga2-ido-mysql`. Distribution | Command -------------------|------------------------------------------ Debian/Ubuntu | `apt-get install icinga2-dbg` -RHEL/CentOS | `yum install icinga2-debuginfo` +RHEL | `yum install icinga2-debuginfo` Fedora | `dnf install icinga2-debuginfo icinga2-bin-debuginfo icinga2-ido-mysql-debuginfo` SLES/openSUSE | `zypper install icinga2-bin-debuginfo icinga2-ido-mysql-debuginfo` @@ -65,7 +65,7 @@ Install GDB in your development environment. Distribution | Command -------------------|------------------------------------------ Debian/Ubuntu | `apt-get install gdb` -RHEL/CentOS | `yum install gdb` +RHEL | `yum install gdb` Fedora | `dnf install gdb` SLES/openSUSE | `zypper install gdb` @@ -537,7 +537,7 @@ packages. If you encounter a problem, please [open a new issue](https://github.com/Icinga/icinga2/issues/new/choose) on GitHub and mention that you're testing the snapshot packages. -#### RHEL/CentOS +#### RHEL 2.11+ requires the EPEL repository for Boost 1.66+. @@ -1332,9 +1332,6 @@ autocmd BufWinLeave * call clearmatches() ### Linux Dev Environment -Based on CentOS 7, we have an early draft available inside the Icinga Vagrant boxes: -[centos7-dev](https://github.com/Icinga/icinga-vagrant/tree/master/centos7-dev). - If you're compiling Icinga 2 natively without any virtualization layer in between, this usually is faster. This is also the reason why developers on macOS prefer native builds over Linux or Windows VMs. Don't forget to test the actual code on Linux later! Socket specific @@ -1357,21 +1354,20 @@ mkdir -p release debug Proceed with the specific distribution examples below. Keep in mind that these instructions are best effort and sometimes out-of-date. Git Master may contain updates. -* [CentOS 7](21-development.md#development-linux-dev-env-centos) +* [Fedora 40](21-development.md#development-linux-dev-env-fedora) * [Debian 10 Buster](21-development.md#development-linux-dev-env-debian) * [Ubuntu 18 Bionic](21-development.md#development-linux-dev-env-ubuntu) - -#### CentOS 7 +#### Fedora 40 ```bash -yum -y install gdb vim git bash-completion htop centos-release-scl +yum -y install gdb vim git bash-completion htop yum -y install rpmdevtools ccache \ - cmake make devtoolset-11-gcc-c++ flex bison \ - openssl-devel boost169-devel systemd-devel \ + cmake make gcc-c++ flex bison \ + openssl-devel boost-devel systemd-devel \ mysql-devel postgresql-devel libedit-devel \ - devtoolset-11-libstdc++-devel + libstdc++-devel groupadd icinga groupadd icingacmd @@ -1389,47 +1385,42 @@ slower but allows for better debugging insights. For benchmarks, change `CMAKE_BUILD_TYPE` to `RelWithDebInfo` and build inside the `release` directory. -First, off export some generics for Boost. - -```bash -export I2_BOOST="-DBoost_NO_BOOST_CMAKE=TRUE -DBoost_NO_SYSTEM_PATHS=TRUE -DBOOST_LIBRARYDIR=/usr/lib64/boost169 -DBOOST_INCLUDEDIR=/usr/include/boost169 -DBoost_ADDITIONAL_VERSIONS='1.69;1.69.0'" -``` - -Second, add the prefix path to it. +First, override the default prefix path. ```bash -export I2_GENERIC="$I2_BOOST -DCMAKE_INSTALL_PREFIX=/usr/local/icinga2" +export I2_GENERIC="-DCMAKE_INSTALL_PREFIX=/usr/local/icinga2" ``` -Third, define the two build types with their specific CMake variables. +Second, define the two build types with their specific CMake variables. ```bash export I2_DEBUG="-DCMAKE_BUILD_TYPE=Debug -DICINGA2_UNITY_BUILD=OFF $I2_GENERIC" export I2_RELEASE="-DCMAKE_BUILD_TYPE=RelWithDebInfo -DICINGA2_WITH_TESTS=ON -DICINGA2_UNITY_BUILD=ON $I2_GENERIC" ``` -Fourth, depending on your likings, you may add a bash alias for building, +Third, depending on your likings, you may use a bash alias for building, or invoke the commands inside: ```bash -alias i2_debug="cd /root/icinga2; mkdir -p debug; cd debug; scl enable devtoolset-11 -- cmake $I2_DEBUG ..; make -j2; sudo make -j2 install; cd .." -alias i2_release="cd /root/icinga2; mkdir -p release; cd release; scl enable devtoolset-11 -- cmake $I2_RELEASE ..; make -j2; sudo make -j2 install; cd .." +alias i2_debug="cd /root/icinga2; mkdir -p debug; cd debug; cmake $I2_DEBUG ..; make -j2; sudo make -j2 install; cd .." +alias i2_release="cd /root/icinga2; mkdir -p release; cd release; cmake $I2_RELEASE ..; make -j2; sudo make -j2 install; cd .." ``` -This is taken from the [centos7-dev](https://github.com/Icinga/icinga-vagrant/tree/master/centos7-dev) Vagrant box. - +```bash +i2_debug +``` The source installation doesn't set proper permissions, this is handled in the package builds which are officially supported. ```bash -chown -R icinga:icinga /usr/local/icinga2/var/ +chown -R icinga:icinga /usr/local/icinga2/{etc,var}/ /usr/local/icinga2/lib/icinga2/prepare-dirs /usr/local/icinga2/etc/sysconfig/icinga2 /usr/local/icinga2/sbin/icinga2 api setup vim /usr/local/icinga2/etc/icinga2/conf.d/api-users.conf -/usr/local/icinga2/lib/icinga2/sbin/icinga2 daemon +/usr/local/icinga2/lib64/icinga2/sbin/icinga2 daemon ``` #### Debian 10 @@ -1476,7 +1467,7 @@ The source installation doesn't set proper permissions, this is handled in the package builds which are officially supported. ```bash -chown -R icinga:icinga /usr/local/icinga2/var/ +chown -R icinga:icinga /usr/local/icinga2/{etc,var}/ /usr/local/icinga2/lib/icinga2/prepare-dirs /usr/local/icinga2/etc/sysconfig/icinga2 /usr/local/icinga2/sbin/icinga2 api setup @@ -1540,7 +1531,7 @@ The source installation doesn't set proper permissions, this is handled in the package builds which are officially supported. ```bash -chown -R icinga:icinga /usr/local/icinga2/var/ +chown -R icinga:icinga /usr/local/icinga2/{etc,var}/ /usr/local/icinga2/lib/icinga2/prepare-dirs /usr/local/icinga2/etc/sysconfig/icinga2 /usr/local/icinga2/sbin/icinga2 api setup @@ -1935,7 +1926,7 @@ Download the [boost-binaries](https://sourceforge.net/projects/boost/files/boost - 64 for 64 bit builds ``` -https://sourceforge.net/projects/boost/files/boost-binaries/1.82.0/boost_1_85_0-msvc-14.2-64.exe/download +https://sourceforge.net/projects/boost/files/boost-binaries/1.85.0/boost_1_85_0-msvc-14.2-64.exe/download ``` Run the installer and leave the default installation path in `C:\local\boost_1_85_0`. @@ -2203,7 +2194,7 @@ Icinga application using a dist tarball (including notes for distributions): * Debian/Ubuntu: libpq-dev * postgresql-dev on Alpine * libedit (CLI console) - * RHEL/Fedora: libedit-devel on CentOS (RHEL requires rhel-7-server-optional-rpms) + * RHEL/Fedora: libedit-devel (RHEL requires rhel-7-server-optional-rpms) * Debian/Ubuntu/Alpine: libedit-dev * Termcap (only required if libedit doesn't already link against termcap/ncurses) * RHEL/Fedora: libtermcap-devel @@ -2351,7 +2342,7 @@ can be used to disable the usage of `git describe`. ### Building RPMs -#### Build Environment on RHEL, CentOS, Fedora, Amazon Linux +#### Build Environment on RHEL, Fedora, Amazon Linux Setup your build environment: @@ -2407,7 +2398,7 @@ spectool -g ../SPECS/icinga2.spec cd $HOME/rpmbuild ``` -Install the build dependencies. Example for CentOS 7: +Install the build dependencies: ```bash yum -y install libedit-devel ncurses-devel gcc-c++ libstdc++-devel openssl-devel \ @@ -2436,21 +2427,9 @@ rpmbuild -ba SPECS/icinga2.spec The following packages are required to build the SELinux policy module: * checkpolicy -* selinux-policy (selinux-policy on CentOS 6, selinux-policy-devel on CentOS 7) +* selinux-policy-devel * selinux-policy-doc -##### RHEL/CentOS 7 - -The RedHat Developer Toolset is required for building Icinga 2 beforehand. -This contains a C++ compiler which supports C++17 features. - -```bash -yum install centos-release-scl -``` - -Dependencies to devtools-11 are used in the RPM SPEC, so the correct tools -should be used for building. - ##### Amazon Linux If you prefer to build packages offline, a suitable Vagrant box is located diff --git a/doc/22-selinux.md b/doc/22-selinux.md index 6c64c6f87a3..ae06037f2d5 100644 --- a/doc/22-selinux.md +++ b/doc/22-selinux.md @@ -116,19 +116,19 @@ The policy provides a role `icinga2adm_r` for confining an user which enables an SELinux is based on the least level of access required for a service to run. Using booleans you can grant more access in a defined way. The Icinga 2 policy package provides the following booleans. -**icinga2_can_connect_all** +**icinga2_can_connect_all** Having this boolean enabled allows icinga2 to connect to all ports. This can be necessary if you use features which connect to unconfined services, for example the [influxdb writer](14-features.md#influxdb-writer). -**icinga2_run_sudo** +**icinga2_run_sudo** To allow Icinga 2 executing plugins via sudo you can toogle this boolean. It is disabled by default, resulting in error messages like `execvpe(sudo) failed: Permission denied`. -**httpd_can_write_icinga2_command** +**httpd_can_write_icinga2_command** To allow httpd to write to the command pipe of icinga2 this boolean has to be enabled. This is enabled by default, if not needed you can disable it for more security. -**httpd_can_connect_icinga2_api** +**httpd_can_connect_icinga2_api** Enabling this boolean allows httpd to connect to the API of icinga2 (Ports labeled `icinga2_port_t`). This is enabled by default, if not needed you can disable it for more security. diff --git a/doc/23-migrating-from-icinga-1x.md b/doc/23-migrating-from-icinga-1x.md index 62b5667d4ca..14a30cf2ed6 100644 --- a/doc/23-migrating-from-icinga-1x.md +++ b/doc/23-migrating-from-icinga-1x.md @@ -804,7 +804,7 @@ define service { } ``` -Icinga 2 supports objects and (global) variables, but does not make a difference +Icinga 2 supports objects and (global) variables, but does not make a difference between the main configuration file or any other included file. icinga2.conf: diff --git a/doc/24-appendix.md b/doc/24-appendix.md index e0f0b2f2ae9..d04b9e3ddc6 100644 --- a/doc/24-appendix.md +++ b/doc/24-appendix.md @@ -692,4 +692,3 @@ the [servicegroups](24-appendix.md#schema-livestatus-servicegroups-table-attribu All [services](24-appendix.md#schema-livestatus-services-table-attributes) table attributes grouped with the [hostgroups](24-appendix.md#schema-livestatus-hostgroups-table-attributes) table prefixed with `hostgroup_`. - diff --git a/lib/icinga/checkable-check.cpp b/lib/icinga/checkable-check.cpp index f0af81bdd96..6e3b8764b83 100644 --- a/lib/icinga/checkable-check.cpp +++ b/lib/icinga/checkable-check.cpp @@ -363,7 +363,7 @@ Checkable::ProcessingResult Checkable::ProcessCheckResult(const CheckResult::Ptr // Don't recompute the next check when the current check isn't generated by this endpoint. When the check is // remotely generated we should've already received the "SetNextCheck" event before the "event::CheckResult" // cluster event. Otherwise, the next check received before this check will be invalidated and cause the Checkable - // "next_check/next_update" in a HA setup to always be different from the other endpoint as the "m_SchedulingOffset" + // "next_check/next_update" in an HA setup to always be different from the other endpoint as the "m_SchedulingOffset" // is randomly initialised on each node. if (!origin) { if (cr->GetActive()) { diff --git a/tools/selinux/icinga2.te b/tools/selinux/icinga2.te index 1b9f0513f09..0f50908dac3 100644 --- a/tools/selinux/icinga2.te +++ b/tools/selinux/icinga2.te @@ -205,7 +205,7 @@ corenet_tcp_connect_lmtp_port(icinga2_t) # Allow icinga2 to connect to redis using unix domain sockets stream_connect_pattern(icinga2_t, redis_var_run_t, redis_var_run_t, redis_t) -# Just like `redis_tcp_connect(icinga2_t)`, though this interface does not exist on centos7 +# Just like `redis_tcp_connect(icinga2_t)`, though this interface does not exist on Amazon Linux 2 corenet_tcp_recvfrom_labeled(icinga2_t, redis_t) corenet_tcp_sendrecv_redis_port(icinga2_t) corenet_tcp_connect_redis_port(icinga2_t)