From 5c23c198f41edf3c7f68377fb48ce9f63a282fae Mon Sep 17 00:00:00 2001 From: Josef Friedrich Date: Fri, 29 Dec 2023 07:42:02 +0100 Subject: [PATCH 01/27] Fix typo in 12-icinga2-api.md --- doc/12-icinga2-api.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/12-icinga2-api.md b/doc/12-icinga2-api.md index e9bf226e993..cbb923e6710 100644 --- a/doc/12-icinga2-api.md +++ b/doc/12-icinga2-api.md @@ -814,7 +814,7 @@ parameters need to be passed inside the JSON body: Parameters | Type | Description ------------------|--------------|-------------------------- - templates | Array | **Optional.** Import existing configuration templates for this object type. Note: These templates must either be statically configured or provided in [config packages](12-icinga2-api.md#icinga2-api-config-management)- + templates | Array | **Optional.** Import existing configuration templates for this object type. Note: These templates must either be statically configured or provided in [config packages](12-icinga2-api.md#icinga2-api-config-management). attrs | Dictionary | **Required.** Set specific object attributes for this [object type](09-object-types.md#object-types). ignore\_on\_error | Boolean | **Optional.** Ignore object creation errors and return an HTTP 200 status instead. From b8107c81e945ac14d1e45d44b4d1547f043a4469 Mon Sep 17 00:00:00 2001 From: Josef Friedrich Date: Tue, 2 Jan 2024 12:40:31 +0100 Subject: [PATCH 02/27] Add Josef Friedrich to AUTHORS --- AUTHORS | 1 + 1 file changed, 1 insertion(+) diff --git a/AUTHORS b/AUTHORS index 895a281d1d6..05470962472 100644 --- a/AUTHORS +++ b/AUTHORS @@ -134,6 +134,7 @@ Jochen Friedrich Johannes Meyer Jonas Meurer Jordi van Scheijen +Josef Friedrich Joseph L. Casale jre3brg Julian Brost From 4c9f26723663a9796e522fd559160ddd34484f1e Mon Sep 17 00:00:00 2001 From: Nicolas Berens Date: Wed, 17 Jan 2024 09:46:21 +0100 Subject: [PATCH 03/27] remove bracket --- doc/12-icinga2-api.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/12-icinga2-api.md b/doc/12-icinga2-api.md index cbb923e6710..5a14c8e2da5 100644 --- a/doc/12-icinga2-api.md +++ b/doc/12-icinga2-api.md @@ -951,7 +951,7 @@ list the latter in the `restore_attrs` parameter. E.g.: ```bash curl -k -s -S -i -u root:icinga -H 'Accept: application/json' \ -X POST 'https://localhost:5665/v1/objects/hosts/example.localdomain' \ - -d '{ "restore_attrs": [ "address", "vars.os" ] }, "pretty": true }' + -d '{ "restore_attrs": [ "address", "vars.os" ], "pretty": true }' ``` ```json From ca035e6b131339243bd384a5f238ab71d9278a92 Mon Sep 17 00:00:00 2001 From: "Alexander A. Klimov" Date: Fri, 8 Mar 2024 11:28:08 +0100 Subject: [PATCH 04/27] AUTHORS: add Nicolas Berens --- AUTHORS | 1 + 1 file changed, 1 insertion(+) diff --git a/AUTHORS b/AUTHORS index 05470962472..e6be33d7f55 100644 --- a/AUTHORS +++ b/AUTHORS @@ -208,6 +208,7 @@ mocruz Muhammad Mominul Huque nemtrif Nicolai +Nicolas Berens Nicolas Limage Nicole Lang Niflou From 86eeee64e7d70acb05bc3f288b98b8e870bbb6f8 Mon Sep 17 00:00:00 2001 From: Pavel Motyrev Date: Mon, 13 May 2024 18:11:15 +0700 Subject: [PATCH 05/27] Update 06-distributed-monitoring.md fix typo --- doc/06-distributed-monitoring.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/06-distributed-monitoring.md b/doc/06-distributed-monitoring.md index 5d4db15e548..c729757130e 100644 --- a/doc/06-distributed-monitoring.md +++ b/doc/06-distributed-monitoring.md @@ -3183,7 +3183,7 @@ Create a certificate signing request (CSR) for the local instance: Sign the CSR with the previously created CA: ``` -[root@icinga2-master1.localdomain /root]# icinga2 pki sign-csr --csr icinga2-master1.localdomain.csr --cert icinga2-master1.localdomain +[root@icinga2-master1.localdomain /root]# icinga2 pki sign-csr --csr icinga2-master1.localdomain.csr --cert icinga2-master1.localdomain.crt ``` Repeat the steps for all instances in your setup. From 9101c11661ee5e025f344445fc651d854253cc5d Mon Sep 17 00:00:00 2001 From: Pavel Motyrev Date: Tue, 28 May 2024 10:55:16 +0700 Subject: [PATCH 06/27] Update AUTHORS --- AUTHORS | 1 + 1 file changed, 1 insertion(+) diff --git a/AUTHORS b/AUTHORS index e6be33d7f55..e84b14eb9d9 100644 --- a/AUTHORS +++ b/AUTHORS @@ -223,6 +223,7 @@ Patrick Dolinic Patrick Huy Paul Denning Paul Richards +Pavel Motyrev Pawel Szafer Per von Zweigbergk Peter Eckel <6815386+peteeckel@users.noreply.github.com> From 36d892e84060275afe508e46ba429ece2b22faa7 Mon Sep 17 00:00:00 2001 From: Alvar Penning Date: Mon, 8 Jan 2024 10:08:31 +0100 Subject: [PATCH 07/27] Document root user usage in installation The installation documentation currently implies that all commands are being prompted by the root user or an user with root-like privileges. This is now explicitly stated and, additionally, another if-guard was added to not include the "Add Icinga Package Repository" section for Windows, as it does not fit there. Closes #9959. --- doc/02-installation.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/doc/02-installation.md b/doc/02-installation.md index fe9a45049e9..f0d5a423c91 100644 --- a/doc/02-installation.md +++ b/doc/02-installation.md @@ -14,9 +14,16 @@ In case you are upgrading an existing setup, please ensure to follow the [upgrade documentation](16-upgrading-icinga-2.md#upgrading-icinga-2). + ## Add Icinga Package Repository -We recommend using our official repositories. Here's how to add it to your system: +We recommend using our official repositories. + +All the following commands should be executed as the root user. +As pipes and nested commands are used, it is recommended to switch to a root user session, e.g., using `sudo -i`. + +Here's how to add it to your system: + From 1d46a1e8241baf5bca9f567e63f20111699b168b Mon Sep 17 00:00:00 2001 From: Yonas Habteab Date: Fri, 26 Apr 2024 11:36:05 +0200 Subject: [PATCH 08/27] docs: Drop `last_in_downtime` attrs --- doc/09-object-types.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/doc/09-object-types.md b/doc/09-object-types.md index 93974ef7628..6b5d355abed 100644 --- a/doc/09-object-types.md +++ b/doc/09-object-types.md @@ -393,7 +393,6 @@ Runtime Attributes: last\_check\_result | CheckResult | The current [check result](08-advanced-topics.md#advanced-value-types-checkresult). last\_state\_change | Timestamp | When the last state change occurred (as a UNIX timestamp). last\_hard\_state\_change | Timestamp | When the last hard state change occurred (as a UNIX timestamp). - last\_in\_downtime | Boolean | Whether the host was in a downtime when the last check occurred. acknowledgement | Number | The acknowledgement type (0 = NONE, 1 = NORMAL, 2 = STICKY). acknowledgement\_expiry | Timestamp | When the acknowledgement expires (as a UNIX timestamp; 0 = no expiry). downtime\_depth | Number | Whether the host has one or more active downtimes. @@ -758,7 +757,6 @@ Runtime Attributes: last\_check\_result | CheckResult | The current [check result](08-advanced-topics.md#advanced-value-types-checkresult). last\_state\_change | Timestamp | When the last state change occurred (as a UNIX timestamp). last\_hard\_state\_change | Timestamp | When the last hard state change occurred (as a UNIX timestamp). - last\_in\_downtime | Boolean | Whether the service was in a downtime when the last check occurred. acknowledgement | Number | The acknowledgement type (0 = NONE, 1 = NORMAL, 2 = STICKY). acknowledgement\_expiry | Timestamp | When the acknowledgement expires (as a UNIX timestamp; 0 = no expiry). acknowledgement\_last\_change | Timestamp | When the acknowledgement has been set/cleared From ff4c6a68419af6af6cb77c31dd8b9d9b33556eca Mon Sep 17 00:00:00 2001 From: "Alexander A. Klimov" Date: Thu, 16 May 2024 13:13:13 +0200 Subject: [PATCH 09/27] Don't rpm --import https://packages.icinga.com/icinga.key just like on packages.icinga.com and for the same security reasons we don't use apt-key add anymore for: https://blog.cloudflare.com/dont-use-apt-key Our repos already reference https://packages.icinga.com/icinga.key and both RPM distro families properly handle that. --- doc/02-installation.md | 8 -------- 1 file changed, 8 deletions(-) diff --git a/doc/02-installation.md b/doc/02-installation.md index f0d5a423c91..f9b9087e5b5 100644 --- a/doc/02-installation.md +++ b/doc/02-installation.md @@ -102,7 +102,6 @@ apt update ### CentOS Repository ```bash -rpm --import https://packages.icinga.com/icinga.key wget https://packages.icinga.com/centos/ICINGA-release.repo -O /etc/yum.repos.d/ICINGA-release.repo ``` @@ -125,7 +124,6 @@ yum install epel-release Don't forget to fill in the username and password section with your credentials in the local .repo file. ```bash -rpm --import https://packages.icinga.com/icinga.key wget https://packages.icinga.com/subscription/rhel/ICINGA-release.repo -O /etc/yum.repos.d/ICINGA-release.repo ``` @@ -157,7 +155,6 @@ yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.r ### Fedora Repository ```bash -rpm --import https://packages.icinga.com/icinga.key dnf install -y 'dnf-command(config-manager)' dnf config-manager --add-repo https://packages.icinga.com/fedora/$(. /etc/os-release; echo "$VERSION_ID")/release ``` @@ -174,8 +171,6 @@ dnf config-manager --add-repo https://packages.icinga.com/fedora/$(. /etc/os-rel Don't forget to fill in the username and password section with your credentials in the local .repo file. ```bash -rpm --import https://packages.icinga.com/icinga.key - zypper ar https://packages.icinga.com/subscription/sles/ICINGA-release.repo zypper ref ``` @@ -193,8 +188,6 @@ SUSEConnect -p PackageHub/$VERSION_ID/x86_64 ### openSUSE Repository ```bash -rpm --import https://packages.icinga.com/icinga.key - zypper ar https://packages.icinga.com/openSUSE/ICINGA-release.repo zypper ref ``` @@ -217,7 +210,6 @@ zypper ar https://download.opensuse.org/repositories/server:/monitoring/15.3/ser Don't forget to fill in the username and password section with your credentials in the local .repo file. ```bash -rpm --import https://packages.icinga.com/icinga.key wget https://packages.icinga.com/subscription/amazon/ICINGA-release.repo -O /etc/yum.repos.d/ICINGA-release.repo ``` From e3626347bb40468f84e35f6a31559b28e491dee9 Mon Sep 17 00:00:00 2001 From: Yonas Habteab Date: Wed, 5 Jun 2024 15:13:59 +0200 Subject: [PATCH 10/27] Add missing `Object{created,deleted,modified}` docs --- doc/12-icinga2-api.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/doc/12-icinga2-api.md b/doc/12-icinga2-api.md index 5a14c8e2da5..c807105da25 100644 --- a/doc/12-icinga2-api.md +++ b/doc/12-icinga2-api.md @@ -1879,6 +1879,32 @@ Example for all object events: timestamp | Timestamp | Unix timestamp when the event happened. downtime | Dictionary | Serialized [Downtime](09-object-types.md#objecttype-downtime) object. +#### Event Stream Type: ObjectCreated + +| Name | Type | Description | +|--------------|-----------|----------------------------------------------------------------| +| type | String | Event type `ObjectCreated`. | +| timestamp | Timestamp | Unix timestamp when the event happened. | +| object\_type | String | Type of the newly created object, such as `Host` or `Service`. | +| object\_name | String | The full name of the object. | + +#### Event Stream Type: ObjectModified + +| Name | Type | Description | +|--------------|-----------|-----------------------------------------------------------| +| type | String | Event type `ObjectModified`. | +| timestamp | Timestamp | Unix timestamp when the event happened. | +| object\_type | String | Type of the modified object, such as `Host` or `Service`. | +| object\_name | String | The full name of the object. | + +#### Event Stream Type: ObjectDeleted + +| Name | Type | Description | +|--------------|-----------|----------------------------------------------------------| +| type | String | Event type `ObjectDeleted`. | +| timestamp | Timestamp | Unix timestamp when the event happened. | +| object\_type | String | Type of the deleted object, such as `Host` or `Service`. | +| object\_name | String | The full name of the object. | ### Event Stream Filter From 1461fc9ea1a69ab51123adbdff37a64df61d94cb Mon Sep 17 00:00:00 2001 From: Bernd Arnold Date: Thu, 30 Jun 2022 17:42:20 +0200 Subject: [PATCH 11/27] Docs: Add missing angle bracket --- doc/12-icinga2-api.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/12-icinga2-api.md b/doc/12-icinga2-api.md index c807105da25..e03785e244a 100644 --- a/doc/12-icinga2-api.md +++ b/doc/12-icinga2-api.md @@ -566,7 +566,7 @@ created by the API. ### Querying Objects You can request information about configuration objects by sending -a `GET` query to the `/v1/objects/` URL endpoint. `` URL endpoint. `` has to be replaced with the plural name of the object type you are interested in: From 52f4dbecc15d372d5229d5a1c3bed6b709ec1e75 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20Aleksandrovi=C4=8D=20Klimov?= Date: Mon, 19 Aug 2024 16:49:12 +0200 Subject: [PATCH 12/27] doc/03-monitoring-basics.md: fix invalid link address --- doc/03-monitoring-basics.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/03-monitoring-basics.md b/doc/03-monitoring-basics.md index 06ea0c166aa..e534b0d0132 100644 --- a/doc/03-monitoring-basics.md +++ b/doc/03-monitoring-basics.md @@ -1599,7 +1599,7 @@ A common pattern is to store the users and user groups on the host or service objects instead of the notification object itself. -The sample configuration provided in [hosts.conf](04-configuration.md#hosts-conf) and [notifications.conf](notifications-conf) +The sample configuration provided in [hosts.conf](04-configuration.md#hosts-conf) and [notifications.conf](04-configuration.md#notifications-conf) already provides an example for this question. > **Tip** From 39fbe560de1d1ae09c8b16d58064dacd3dd63226 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20Aleksandrovi=C4=8D=20Klimov?= Date: Tue, 20 Aug 2024 18:13:42 +0200 Subject: [PATCH 13/27] doc/21-development.md: fix bad link address --- doc/21-development.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/21-development.md b/doc/21-development.md index 27387f23567..cf7a54dd781 100644 --- a/doc/21-development.md +++ b/doc/21-development.md @@ -1935,7 +1935,7 @@ Download the [boost-binaries](https://sourceforge.net/projects/boost/files/boost - 64 for 64 bit builds ``` -https://sourceforge.net/projects/boost/files/boost-binaries/1.82.0/boost_1_85_0-msvc-14.2-64.exe/download +https://sourceforge.net/projects/boost/files/boost-binaries/1.85.0/boost_1_85_0-msvc-14.2-64.exe/download ``` Run the installer and leave the default installation path in `C:\local\boost_1_85_0`. From 8860f69623b5f33335f08834f2cd31af6f698aee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20Aleksandrovi=C4=8D=20Klimov?= Date: Wed, 21 Aug 2024 12:09:27 +0200 Subject: [PATCH 14/27] doc/02-installation.md: remove outdated info The Backports Repository is required for Debian 9, but we don't build even v10 anymore. --- doc/02-installation.md | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/doc/02-installation.md b/doc/02-installation.md index f9b9087e5b5..030f5bc441a 100644 --- a/doc/02-installation.md +++ b/doc/02-installation.md @@ -43,21 +43,6 @@ DIST=$(awk -F"[)(]+" '/VERSION=/ {print $2}' /etc/os-release); \ apt update ``` - -#### Debian Backports Repository - -This repository is required for Debian Stretch since Icinga v2.11. - -Debian Stretch: - -```bash -DIST=$(awk -F"[)(]+" '/VERSION=/ {print $2}' /etc/os-release); \ - echo "deb https://deb.debian.org/debian ${DIST}-backports main" > \ - /etc/apt/sources.list.d/${DIST}-backports.list - -apt update -``` - From b498c947060b96e16e87243b255a2e6d986dbac7 Mon Sep 17 00:00:00 2001 From: "Alexander A. Klimov" Date: Wed, 21 Aug 2024 11:24:14 +0200 Subject: [PATCH 15/27] doc/02-installation.md: remove Raspbian which is not supported anymore --- doc/02-installation.md | 27 ++++--------------------- doc/02-installation.md.d/03-Raspbian.md | 3 --- doc/13-addons.md | 2 +- 3 files changed, 5 insertions(+), 27 deletions(-) delete mode 100644 doc/02-installation.md.d/03-Raspbian.md diff --git a/doc/02-installation.md b/doc/02-installation.md index 030f5bc441a..7070db6737d 100644 --- a/doc/02-installation.md +++ b/doc/02-installation.md @@ -64,25 +64,6 @@ apt update ``` - -### Raspbian Repository - -```bash -apt update -apt -y install apt-transport-https wget gnupg - -wget -O - https://packages.icinga.com/icinga.key | gpg --dearmor -o /usr/share/keyrings/icinga-archive-keyring.gpg - -DIST=$(awk -F"[)(]+" '/VERSION=/ {print $2}' /etc/os-release); \ - echo "deb [signed-by=/usr/share/keyrings/icinga-archive-keyring.gpg] https://packages.icinga.com/raspbian icinga-${DIST} main" > \ - /etc/apt/sources.list.d/icinga.list - echo "deb-src [signed-by=/usr/share/keyrings/icinga-archive-keyring.gpg] https://packages.icinga.com/raspbian icinga-${DIST} main" >> \ - /etc/apt/sources.list.d/icinga.list - -apt update -``` - - ### CentOS Repository @@ -229,9 +210,9 @@ with `root` permissions unless noted otherwise. If you have [SELinux](22-selinux.md) enabled, the package `icinga2-selinux` is also required. - + -#### Debian / Ubuntu / Raspbian / Raspberry Pi OS +#### Debian / Ubuntu / Raspberry Pi OS ```bash apt install icinga2 @@ -341,9 +322,9 @@ to determine where to find the plugin binaries. additional check plugins into your Icinga 2 setup. - + -#### Debian / Ubuntu / Raspbian / Raspberry Pi OS +#### Debian / Ubuntu / Raspberry Pi OS ```bash apt install monitoring-plugins diff --git a/doc/02-installation.md.d/03-Raspbian.md b/doc/02-installation.md.d/03-Raspbian.md deleted file mode 100644 index fc48d6c67f5..00000000000 --- a/doc/02-installation.md.d/03-Raspbian.md +++ /dev/null @@ -1,3 +0,0 @@ -# Install Icinga 2 on Raspbian - - diff --git a/doc/13-addons.md b/doc/13-addons.md index c3823f53da3..f92982a9458 100644 --- a/doc/13-addons.md +++ b/doc/13-addons.md @@ -32,7 +32,7 @@ vim /etc/icinga2/conf.d/templates.conf Install the package `nano-icinga2` with your distribution's package manager. -**Note:** On Debian, Ubuntu, Raspbian and Raspberry Pi OS, the syntax files are installed with the `icinga2-common` package already. +**Note:** On Debian, Ubuntu and Raspberry Pi OS, the syntax files are installed with the `icinga2-common` package already. Copy the `/etc/nanorc` sample file to your home directory. From cb75435891b309c790b83e339a361ac89ec97433 Mon Sep 17 00:00:00 2001 From: "Alexander A. Klimov" Date: Wed, 21 Aug 2024 11:48:19 +0200 Subject: [PATCH 16/27] .deb: let user install icinga-archive-keyring package --- doc/02-installation.md | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/doc/02-installation.md b/doc/02-installation.md index 7070db6737d..4b5956bc596 100644 --- a/doc/02-installation.md +++ b/doc/02-installation.md @@ -31,9 +31,13 @@ Here's how to add it to your system: ```bash apt update -apt -y install apt-transport-https wget gnupg +apt -y install apt-transport-https wget -wget -O - https://packages.icinga.com/icinga.key | gpg --dearmor -o /usr/share/keyrings/icinga-archive-keyring.gpg +wget -O icinga-archive-keyring.deb "https://packages.icinga.com/icinga-archive-keyring_latest+debian$( + . /etc/os-release; echo "$VERSION_ID" +).deb" + +apt install ./icinga-archive-keyring.deb DIST=$(awk -F"[)(]+" '/VERSION=/ {print $2}' /etc/os-release); \ echo "deb [signed-by=/usr/share/keyrings/icinga-archive-keyring.gpg] https://packages.icinga.com/debian icinga-${DIST} main" > \ @@ -50,9 +54,13 @@ apt update ```bash apt update -apt -y install apt-transport-https wget gnupg +apt -y install apt-transport-https wget + +wget -O icinga-archive-keyring.deb "https://packages.icinga.com/icinga-archive-keyring_latest+ubuntu$( + . /etc/os-release; echo "$VERSION_ID" +).deb" -wget -O - https://packages.icinga.com/icinga.key | gpg --dearmor -o /usr/share/keyrings/icinga-archive-keyring.gpg +apt install ./icinga-archive-keyring.deb . /etc/os-release; if [ ! -z ${UBUNTU_CODENAME+x} ]; then DIST="${UBUNTU_CODENAME}"; else DIST="$(lsb_release -c| awk '{print $2}')"; fi; \ echo "deb [signed-by=/usr/share/keyrings/icinga-archive-keyring.gpg] https://packages.icinga.com/ubuntu icinga-${DIST} main" > \ From caa22c670382d2b2f652d244048447b444901855 Mon Sep 17 00:00:00 2001 From: Josef Friedrich Date: Thu, 12 Sep 2024 08:39:15 +0200 Subject: [PATCH 17/27] Remove trailing whitespaces in the markdown files of the documentation --- doc/01-about.md | 1 - doc/10-icinga-template-library.md | 2 +- doc/11-cli-commands.md | 2 +- doc/12-icinga2-api.md | 12 ++++++------ doc/14-features.md | 2 +- doc/18-library-reference.md | 6 +++--- doc/19-technical-concepts.md | 8 ++++---- doc/22-selinux.md | 8 ++++---- doc/23-migrating-from-icinga-1x.md | 2 +- doc/24-appendix.md | 1 - 10 files changed, 21 insertions(+), 23 deletions(-) diff --git a/doc/01-about.md b/doc/01-about.md index 4a665534a8f..73e163bae42 100644 --- a/doc/01-about.md +++ b/doc/01-about.md @@ -67,4 +67,3 @@ Read more about development builds in the [development chapter](21-development.m Icinga 2 and the Icinga 2 documentation are licensed under the terms of the GNU General Public License Version 2. You will find a copy of this license in the LICENSE file included in the source package. - diff --git a/doc/10-icinga-template-library.md b/doc/10-icinga-template-library.md index a8d9c7b7f31..0777a5b5029 100644 --- a/doc/10-icinga-template-library.md +++ b/doc/10-icinga-template-library.md @@ -3447,7 +3447,7 @@ thola_identify_discover_timeouts | **Optional.** The number of discover timeou > **Note**: > -> One of the variables `thola_identify_model`, `thola_identify_os_version`, +> One of the variables `thola_identify_model`, `thola_identify_os_version`, > `thola_identify_vendor` or `thola_identify_serial_number` must be set ##### thola-memory-usage diff --git a/doc/11-cli-commands.md b/doc/11-cli-commands.md index 457656cb08d..cd130a8f087 100644 --- a/doc/11-cli-commands.md +++ b/doc/11-cli-commands.md @@ -22,7 +22,7 @@ Supported commands: * api setup (setup for API) * ca list (lists all certificate signing requests) * ca restore (restores a removed certificate request) - * ca remove (removes an outstanding certificate request) + * ca remove (removes an outstanding certificate request) * ca sign (signs an outstanding certificate request) * console (Icinga debug console) * daemon (starts Icinga 2) diff --git a/doc/12-icinga2-api.md b/doc/12-icinga2-api.md index e03785e244a..471a628a2ad 100644 --- a/doc/12-icinga2-api.md +++ b/doc/12-icinga2-api.md @@ -115,7 +115,7 @@ You can also use [jq](https://stedolan.github.io/jq/) or `python -m json.tool` in combination with curl on the CLI. ```bash -curl ... | jq +curl ... | jq curl ... | python -m json.tool ``` @@ -1658,14 +1658,14 @@ Send a `POST` request to the URL endpoint `/v1/actions/execute-command`. --------------|------------|-------------- ttl | Number | **Required.** The time to live of the execution expressed in seconds. command_type | String | **Optional.** The command type: `CheckCommand` or `EventCommand` or `NotificationCommand`. Default: `EventCommand` - command | String | **Optional.** The command to execute. Its type must the same as `command_type`. It can be a macro string. Default: depending on the `command_type` it's either `$check_command$`, `$event_command$` or `$notification_command$` + command | String | **Optional.** The command to execute. Its type must the same as `command_type`. It can be a macro string. Default: depending on the `command_type` it's either `$check_command$`, `$event_command$` or `$notification_command$` endpoint | String | **Optional.** The endpoint to execute the command on. It can be a macro string. Default: `$command_endpoint$`. macros | Dictionary | **Optional.** Macro overrides. Default: `{}` - user | String | **Optional.** The user used for the notification command. + user | String | **Optional.** The user used for the notification command. notification | String | **Optional.** The notification used for the notification command. - + Example: - + ```bash curl -k -s -S -i -u root:icinga -H 'Accept: application/json' \ -X POST 'https://localhost:5665/v1/actions/execute-command' \ @@ -2638,7 +2638,7 @@ Name | Language | Description [BitBar for OSX](https://getbitbar.com/plugins/Dev/Icinga2/icinga2.24m.py) | Python | macOS tray app for highlighting the host/service status [Icinga 2 Multistatus](https://chrome.google.com/webstore/detail/icinga-multi-status/khabbhcojgkibdeipanmiphceeoiijal/related) | - | Chrome Extension [Naglite4](https://github.com/wftech/icinga2-naglite4) | Python | Naglite3 rewrite using the Icinga 2 REST API. -[icinga-telegram-bot](https://github.com/joni1993/icinga-telegram-bot) | Python | Telegram Bot using the Icinga 2 REST API +[icinga-telegram-bot](https://github.com/joni1993/icinga-telegram-bot) | Python | Telegram Bot using the Icinga 2 REST API ### Manage Objects diff --git a/doc/14-features.md b/doc/14-features.md index 19cb54b0142..159cfc7f459 100644 --- a/doc/14-features.md +++ b/doc/14-features.md @@ -52,7 +52,7 @@ Icinga DB is a set of components for publishing, synchronizing and visualizing monitoring data in the Icinga ecosystem, consisting of: * Icinga 2 with its `icingadb` feature enabled, - responsible for publishing monitoring data to a Redis server, i.e. configuration and its runtime updates, + responsible for publishing monitoring data to a Redis server, i.e. configuration and its runtime updates, check results, state changes, downtimes, acknowledgements, notifications, and other events such as flapping * The [Icinga DB daemon](https://icinga.com/docs/icinga-db), which synchronizes the data between the Redis server and a database diff --git a/doc/18-library-reference.md b/doc/18-library-reference.md index feb5d5d43c8..592178664c9 100644 --- a/doc/18-library-reference.md +++ b/doc/18-library-reference.md @@ -1648,9 +1648,9 @@ Example: function set_x(val) { this.x = val } - + dict = {} - + set_x.call(dict, 7) /* Invokes set_x using `dict` as `this` */ ``` @@ -1671,7 +1671,7 @@ Example: function set_x(val) { this.x = val } - + var dict = {} var args = [ 7 ] diff --git a/doc/19-technical-concepts.md b/doc/19-technical-concepts.md index b3a05617038..3f4b3812b39 100644 --- a/doc/19-technical-concepts.md +++ b/doc/19-technical-concepts.md @@ -1887,7 +1887,7 @@ source | String | The execution UUID Special handling, calls `ClusterEvents::EnqueueCheck()` for command endpoint checks. This function enqueues check tasks into a queue which is controlled in `RemoteCheckThreadProc()`. -If the `endpoint` parameter is specified and is not equal to the local endpoint then the message is forwarded to the correct endpoint zone. +If the `endpoint` parameter is specified and is not equal to the local endpoint then the message is forwarded to the correct endpoint zone. ##### Permissions @@ -1932,7 +1932,7 @@ executions | Dictionary | Executions to be updated ##### Functions **Event Sender:** `ClusterEvents::ExecutedCommandAPIHandler`, `ClusterEvents::UpdateExecutionsAPIHandler`, `ApiActions::ExecuteCommand` -**Event Receiver:** `ClusterEvents::UpdateExecutionsAPIHandler` +**Event Receiver:** `ClusterEvents::UpdateExecutionsAPIHandler` ##### Permissions @@ -1962,7 +1962,7 @@ Key | Type | Description host | String | Host name. service | String | Service name. execution | String | The execution ID executed. -exitStatus | Number | The command exit status. +exitStatus | Number | The command exit status. output | String | The command output. start | Number | The unix timestamp at the start of the command execution end | Number | The unix timestamp at the end of the command execution @@ -1970,7 +1970,7 @@ end | Number | The unix timestamp at the end of the command ex ##### Functions **Event Sender:** `ClusterEvents::ExecuteCheckFromQueue`, `ClusterEvents::ExecuteCommandAPIHandler` -**Event Receiver:** `ClusterEvents::ExecutedCommandAPIHandler` +**Event Receiver:** `ClusterEvents::ExecutedCommandAPIHandler` ##### Permissions diff --git a/doc/22-selinux.md b/doc/22-selinux.md index 6c64c6f87a3..ae06037f2d5 100644 --- a/doc/22-selinux.md +++ b/doc/22-selinux.md @@ -116,19 +116,19 @@ The policy provides a role `icinga2adm_r` for confining an user which enables an SELinux is based on the least level of access required for a service to run. Using booleans you can grant more access in a defined way. The Icinga 2 policy package provides the following booleans. -**icinga2_can_connect_all** +**icinga2_can_connect_all** Having this boolean enabled allows icinga2 to connect to all ports. This can be necessary if you use features which connect to unconfined services, for example the [influxdb writer](14-features.md#influxdb-writer). -**icinga2_run_sudo** +**icinga2_run_sudo** To allow Icinga 2 executing plugins via sudo you can toogle this boolean. It is disabled by default, resulting in error messages like `execvpe(sudo) failed: Permission denied`. -**httpd_can_write_icinga2_command** +**httpd_can_write_icinga2_command** To allow httpd to write to the command pipe of icinga2 this boolean has to be enabled. This is enabled by default, if not needed you can disable it for more security. -**httpd_can_connect_icinga2_api** +**httpd_can_connect_icinga2_api** Enabling this boolean allows httpd to connect to the API of icinga2 (Ports labeled `icinga2_port_t`). This is enabled by default, if not needed you can disable it for more security. diff --git a/doc/23-migrating-from-icinga-1x.md b/doc/23-migrating-from-icinga-1x.md index 62b5667d4ca..14a30cf2ed6 100644 --- a/doc/23-migrating-from-icinga-1x.md +++ b/doc/23-migrating-from-icinga-1x.md @@ -804,7 +804,7 @@ define service { } ``` -Icinga 2 supports objects and (global) variables, but does not make a difference +Icinga 2 supports objects and (global) variables, but does not make a difference between the main configuration file or any other included file. icinga2.conf: diff --git a/doc/24-appendix.md b/doc/24-appendix.md index e0f0b2f2ae9..d04b9e3ddc6 100644 --- a/doc/24-appendix.md +++ b/doc/24-appendix.md @@ -692,4 +692,3 @@ the [servicegroups](24-appendix.md#schema-livestatus-servicegroups-table-attribu All [services](24-appendix.md#schema-livestatus-services-table-attributes) table attributes grouped with the [hostgroups](24-appendix.md#schema-livestatus-hostgroups-table-attributes) table prefixed with `hostgroup_`. - From 90e1addd969c0c7eaff2286a6cc7f966f11556b1 Mon Sep 17 00:00:00 2001 From: Josef Friedrich Date: Thu, 12 Sep 2024 08:46:27 +0200 Subject: [PATCH 18/27] Fix typo in the api documentation --- doc/12-icinga2-api.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/12-icinga2-api.md b/doc/12-icinga2-api.md index 471a628a2ad..c682befa836 100644 --- a/doc/12-icinga2-api.md +++ b/doc/12-icinga2-api.md @@ -2374,7 +2374,7 @@ Creation, modification and deletion of templates at runtime is not supported. ### Querying Templates You can request information about configuration templates by sending -a `GET` query to the `/v1/templates/` URL endpoint. `` URL endpoint. `` has to be replaced with the plural name of the object type you are interested in: From c63d679693c9ea5f001c93517a457f8682d3f8d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20Aleksandrovi=C4=8D=20Klimov?= Date: Mon, 16 Sep 2024 16:13:02 +0200 Subject: [PATCH 19/27] Linux Dev Environment: fix /usr/local/icinga2/etc ownership We instruct the users to build as root and chown just /usr/local/icinga2/var, but at least `icinga2 api setup` also needs to modify /usr/local/icinga2/etc. --- doc/21-development.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/21-development.md b/doc/21-development.md index cf7a54dd781..5b597cf1815 100644 --- a/doc/21-development.md +++ b/doc/21-development.md @@ -1423,7 +1423,7 @@ The source installation doesn't set proper permissions, this is handled in the package builds which are officially supported. ```bash -chown -R icinga:icinga /usr/local/icinga2/var/ +chown -R icinga:icinga /usr/local/icinga2/{etc,var}/ /usr/local/icinga2/lib/icinga2/prepare-dirs /usr/local/icinga2/etc/sysconfig/icinga2 /usr/local/icinga2/sbin/icinga2 api setup @@ -1476,7 +1476,7 @@ The source installation doesn't set proper permissions, this is handled in the package builds which are officially supported. ```bash -chown -R icinga:icinga /usr/local/icinga2/var/ +chown -R icinga:icinga /usr/local/icinga2/{etc,var}/ /usr/local/icinga2/lib/icinga2/prepare-dirs /usr/local/icinga2/etc/sysconfig/icinga2 /usr/local/icinga2/sbin/icinga2 api setup @@ -1540,7 +1540,7 @@ The source installation doesn't set proper permissions, this is handled in the package builds which are officially supported. ```bash -chown -R icinga:icinga /usr/local/icinga2/var/ +chown -R icinga:icinga /usr/local/icinga2/{etc,var}/ /usr/local/icinga2/lib/icinga2/prepare-dirs /usr/local/icinga2/etc/sysconfig/icinga2 /usr/local/icinga2/sbin/icinga2 api setup From b43e5e162056c24ffc1c581c3dbd47aa27a27e08 Mon Sep 17 00:00:00 2001 From: "Alexander A. Klimov" Date: Thu, 22 Aug 2024 12:58:14 +0200 Subject: [PATCH 20/27] doc/: don't mention CentOS It's EOL. --- doc/02-installation.md | 62 +------------------------ doc/02-installation.md.d/05-CentOS.md | 3 -- doc/03-monitoring-basics.md | 2 +- doc/05-service-monitoring.md | 4 +- doc/06-distributed-monitoring.md | 15 +++--- doc/11-cli-commands.md | 2 +- doc/14-features.md | 20 -------- doc/21-development.md | 67 +++++++++------------------ tools/selinux/icinga2.te | 2 +- 9 files changed, 36 insertions(+), 141 deletions(-) delete mode 100644 doc/02-installation.md.d/05-CentOS.md diff --git a/doc/02-installation.md b/doc/02-installation.md index 4b5956bc596..8c78e6c5522 100644 --- a/doc/02-installation.md +++ b/doc/02-installation.md @@ -72,21 +72,6 @@ apt update ``` - -### CentOS Repository - -```bash -wget https://packages.icinga.com/centos/ICINGA-release.repo -O /etc/yum.repos.d/ICINGA-release.repo -``` - -The packages for CentOS depend on other packages which are distributed -as part of the [EPEL repository](https://fedoraproject.org/wiki/EPEL): - -```bash -yum install epel-release -``` - - ### RHEL Repository @@ -212,7 +197,7 @@ You can install Icinga 2 by using your distribution's package manager to install the `icinga2` package. The following commands must be executed with `root` permissions unless noted otherwise. - + !!! tip If you have [SELinux](22-selinux.md) enabled, the package `icinga2-selinux` is also required. @@ -227,21 +212,6 @@ apt install icinga2 ``` - - -#### CentOS - -!!! info - - Note that installing Icinga 2 is only supported on CentOS 7 as CentOS 8 is EOL. - -```bash -yum install icinga2 -systemctl enable icinga2 -systemctl start icinga2 -``` - - #### RHEL 8 or Later @@ -339,17 +309,6 @@ apt install monitoring-plugins ``` - - -#### CentOS - -The packages for CentOS depend on other packages which are distributed as part of the EPEL repository. - -```bash -yum install nagios-plugins-all -``` - - #### RHEL @@ -437,7 +396,7 @@ Restart Icinga 2 for these changes to take effect. systemctl restart icinga2 ``` - + ## Set up Icinga DB Icinga DB is a set of components for publishing, synchronizing and @@ -489,20 +448,6 @@ yum install icingadb-redis ``` - - -##### CentOS - - -!!! info - - Note that installing Icinga DB Redis is only supported on CentOS 7 as CentOS 8 is EOL. - -```bash -yum install icingadb-redis -``` - - ##### Debian / Ubuntu / Raspberry Pi OS @@ -616,9 +561,6 @@ you have completed the instructions here and can proceed to [install the Icinga DB daemon on Amazon Linux](https://icinga.com/docs/icinga-db/latest/doc/02-Installation/01-Amazon-Linux/#installing-icinga-db-package), - -[install the Icinga DB daemon on CentOS](https://icinga.com/docs/icinga-db/latest/doc/02-Installation/02-CentOS/#installing-icinga-db-package), - [install the Icinga DB daemon on Debian](https://icinga.com/docs/icinga-db/latest/doc/02-Installation/03-Debian/#installing-icinga-db-package), diff --git a/doc/02-installation.md.d/05-CentOS.md b/doc/02-installation.md.d/05-CentOS.md deleted file mode 100644 index 4d766b21c5e..00000000000 --- a/doc/02-installation.md.d/05-CentOS.md +++ /dev/null @@ -1,3 +0,0 @@ -# Install Icinga 2 on CentOS - - diff --git a/doc/03-monitoring-basics.md b/doc/03-monitoring-basics.md index e534b0d0132..f36b8ec59fd 100644 --- a/doc/03-monitoring-basics.md +++ b/doc/03-monitoring-basics.md @@ -2729,7 +2729,7 @@ Requirements: * Icinga 2 as client on the remote node * icinga user with sudo permissions to the httpd daemon -Example on CentOS 7: +Example on RHEL: ``` # visudo diff --git a/doc/05-service-monitoring.md b/doc/05-service-monitoring.md index 097fb118476..e798b303e06 100644 --- a/doc/05-service-monitoring.md +++ b/doc/05-service-monitoring.md @@ -51,7 +51,7 @@ described. Try running the plugin after setup and [ensure it works](05-service-m Prior to using the check plugin with Icinga 2 you should ensure that it is working properly by trying to run it on the console using whichever user Icinga 2 is running as: -RHEL/CentOS/Fedora +RHEL/Fedora ```bash sudo -u icinga /usr/lib64/nagios/plugins/check_mysql_health --help @@ -111,7 +111,7 @@ Can't locate Net/SNMP.pm in @INC (you may need to install the Net::SNMP module) Prior to installing the Perl module via CPAN, look for a distribution specific package, e.g. `libnet-snmp-perl` on Debian/Ubuntu or `perl-Net-SNMP` -on RHEL/CentOS. +on RHEL. #### Optional: Custom Path diff --git a/doc/06-distributed-monitoring.md b/doc/06-distributed-monitoring.md index c729757130e..1f24cb96fab 100644 --- a/doc/06-distributed-monitoring.md +++ b/doc/06-distributed-monitoring.md @@ -264,7 +264,7 @@ The setup wizard will ensure that the following steps are taken: * Update the [ApiListener](06-distributed-monitoring.md#distributed-monitoring-apilistener) and [constants](04-configuration.md#constants-conf) configuration. * Update the [icinga2.conf](04-configuration.md#icinga2-conf) to disable the `conf.d` inclusion, and add the `api-users.conf` file inclusion. -Here is an example of a master setup for the `icinga2-master1.localdomain` node on CentOS 7: +Here is an example of a master setup for the `icinga2-master1.localdomain` node: ``` [root@icinga2-master1.localdomain /]# icinga2 node wizard @@ -1031,9 +1031,7 @@ in `/etc/icinga2/icinga2.conf`. > Defaults to disabled. Now it is time to validate the configuration and to restart the Icinga 2 daemon -on both nodes. - -Example on CentOS 7: +on both nodes: ``` [root@icinga2-agent1.localdomain /]# icinga2 daemon -C @@ -1112,7 +1110,8 @@ Save the changes and validate the configuration on the master node: ``` [root@icinga2-master1.localdomain /]# icinga2 daemon -C ``` -Restart the Icinga 2 daemon (example for CentOS 7): + +Restart the Icinga 2 daemon: ``` [root@icinga2-master1.localdomain /]# systemctl restart icinga2 @@ -1221,9 +1220,7 @@ object ApiListener "api" { ``` Now it is time to validate the configuration and to restart the Icinga 2 daemon -on both nodes. - -Example on CentOS 7: +on both nodes: ``` [root@icinga2-satellite1.localdomain /]# icinga2 daemon -C @@ -1285,7 +1282,7 @@ Save the changes and validate the configuration on the master node: [root@icinga2-master1.localdomain /]# icinga2 daemon -C ``` -Restart the Icinga 2 daemon (example for CentOS 7): +Restart the Icinga 2 daemon: ``` [root@icinga2-master1.localdomain /]# systemctl restart icinga2 diff --git a/doc/11-cli-commands.md b/doc/11-cli-commands.md index cd130a8f087..2fdcfc447c1 100644 --- a/doc/11-cli-commands.md +++ b/doc/11-cli-commands.md @@ -73,7 +73,7 @@ RPM and Debian packages install the bash completion files into You need to install the `bash-completion` package if not already installed. -RHEL/CentOS/Fedora: +RHEL/Fedora: ```bash yum install bash-completion diff --git a/doc/14-features.md b/doc/14-features.md index 159cfc7f459..4a6e1ce489a 100644 --- a/doc/14-features.md +++ b/doc/14-features.md @@ -815,16 +815,6 @@ apt-get install icinga2-ido-mysql default. You can skip the automated setup and install/upgrade the database manually if you prefer. -###### CentOS 7 - -!!! info - - Note that installing `icinga2-ido-mysql` is only supported on CentOS 7 as CentOS 8 is EOL. - -```bash -yum install icinga2-ido-mysql -``` - ###### RHEL 8 ```bash @@ -914,16 +904,6 @@ apt-get install icinga2-ido-pgsql You can skip the automated setup and install/upgrade the database manually if you prefer that. -###### CentOS 7 - -!!! info - - Note that installing `icinga2-ido-pgsql` is only supported on CentOS 7 as CentOS 8 is EOL. - -```bash -yum install icinga2-ido-pgsql -``` - ###### RHEL 8 ```bash diff --git a/doc/21-development.md b/doc/21-development.md index 5b597cf1815..13d3207d9ba 100644 --- a/doc/21-development.md +++ b/doc/21-development.md @@ -48,7 +48,7 @@ or `icinga2-ido-mysql`. Distribution | Command -------------------|------------------------------------------ Debian/Ubuntu | `apt-get install icinga2-dbg` -RHEL/CentOS | `yum install icinga2-debuginfo` +RHEL | `yum install icinga2-debuginfo` Fedora | `dnf install icinga2-debuginfo icinga2-bin-debuginfo icinga2-ido-mysql-debuginfo` SLES/openSUSE | `zypper install icinga2-bin-debuginfo icinga2-ido-mysql-debuginfo` @@ -65,7 +65,7 @@ Install GDB in your development environment. Distribution | Command -------------------|------------------------------------------ Debian/Ubuntu | `apt-get install gdb` -RHEL/CentOS | `yum install gdb` +RHEL | `yum install gdb` Fedora | `dnf install gdb` SLES/openSUSE | `zypper install gdb` @@ -537,7 +537,7 @@ packages. If you encounter a problem, please [open a new issue](https://github.com/Icinga/icinga2/issues/new/choose) on GitHub and mention that you're testing the snapshot packages. -#### RHEL/CentOS +#### RHEL 2.11+ requires the EPEL repository for Boost 1.66+. @@ -1332,9 +1332,6 @@ autocmd BufWinLeave * call clearmatches() ### Linux Dev Environment -Based on CentOS 7, we have an early draft available inside the Icinga Vagrant boxes: -[centos7-dev](https://github.com/Icinga/icinga-vagrant/tree/master/centos7-dev). - If you're compiling Icinga 2 natively without any virtualization layer in between, this usually is faster. This is also the reason why developers on macOS prefer native builds over Linux or Windows VMs. Don't forget to test the actual code on Linux later! Socket specific @@ -1357,21 +1354,20 @@ mkdir -p release debug Proceed with the specific distribution examples below. Keep in mind that these instructions are best effort and sometimes out-of-date. Git Master may contain updates. -* [CentOS 7](21-development.md#development-linux-dev-env-centos) +* [Fedora 40](21-development.md#development-linux-dev-env-fedora) * [Debian 10 Buster](21-development.md#development-linux-dev-env-debian) * [Ubuntu 18 Bionic](21-development.md#development-linux-dev-env-ubuntu) - -#### CentOS 7 +#### Fedora 40 ```bash -yum -y install gdb vim git bash-completion htop centos-release-scl +yum -y install gdb vim git bash-completion htop yum -y install rpmdevtools ccache \ - cmake make devtoolset-11-gcc-c++ flex bison \ - openssl-devel boost169-devel systemd-devel \ + cmake make gcc-c++ flex bison \ + openssl-devel boost-devel systemd-devel \ mysql-devel postgresql-devel libedit-devel \ - devtoolset-11-libstdc++-devel + libstdc++-devel groupadd icinga groupadd icingacmd @@ -1389,35 +1385,30 @@ slower but allows for better debugging insights. For benchmarks, change `CMAKE_BUILD_TYPE` to `RelWithDebInfo` and build inside the `release` directory. -First, off export some generics for Boost. - -```bash -export I2_BOOST="-DBoost_NO_BOOST_CMAKE=TRUE -DBoost_NO_SYSTEM_PATHS=TRUE -DBOOST_LIBRARYDIR=/usr/lib64/boost169 -DBOOST_INCLUDEDIR=/usr/include/boost169 -DBoost_ADDITIONAL_VERSIONS='1.69;1.69.0'" -``` - -Second, add the prefix path to it. +First, override the default prefix path. ```bash -export I2_GENERIC="$I2_BOOST -DCMAKE_INSTALL_PREFIX=/usr/local/icinga2" +export I2_GENERIC="-DCMAKE_INSTALL_PREFIX=/usr/local/icinga2" ``` -Third, define the two build types with their specific CMake variables. +Second, define the two build types with their specific CMake variables. ```bash export I2_DEBUG="-DCMAKE_BUILD_TYPE=Debug -DICINGA2_UNITY_BUILD=OFF $I2_GENERIC" export I2_RELEASE="-DCMAKE_BUILD_TYPE=RelWithDebInfo -DICINGA2_WITH_TESTS=ON -DICINGA2_UNITY_BUILD=ON $I2_GENERIC" ``` -Fourth, depending on your likings, you may add a bash alias for building, +Third, depending on your likings, you may use a bash alias for building, or invoke the commands inside: ```bash -alias i2_debug="cd /root/icinga2; mkdir -p debug; cd debug; scl enable devtoolset-11 -- cmake $I2_DEBUG ..; make -j2; sudo make -j2 install; cd .." -alias i2_release="cd /root/icinga2; mkdir -p release; cd release; scl enable devtoolset-11 -- cmake $I2_RELEASE ..; make -j2; sudo make -j2 install; cd .." +alias i2_debug="cd /root/icinga2; mkdir -p debug; cd debug; cmake $I2_DEBUG ..; make -j2; sudo make -j2 install; cd .." +alias i2_release="cd /root/icinga2; mkdir -p release; cd release; cmake $I2_RELEASE ..; make -j2; sudo make -j2 install; cd .." ``` -This is taken from the [centos7-dev](https://github.com/Icinga/icinga-vagrant/tree/master/centos7-dev) Vagrant box. - +```bash +i2_debug +``` The source installation doesn't set proper permissions, this is handled in the package builds which are officially supported. @@ -1429,7 +1420,7 @@ chown -R icinga:icinga /usr/local/icinga2/{etc,var}/ /usr/local/icinga2/sbin/icinga2 api setup vim /usr/local/icinga2/etc/icinga2/conf.d/api-users.conf -/usr/local/icinga2/lib/icinga2/sbin/icinga2 daemon +/usr/local/icinga2/lib64/icinga2/sbin/icinga2 daemon ``` #### Debian 10 @@ -2203,7 +2194,7 @@ Icinga application using a dist tarball (including notes for distributions): * Debian/Ubuntu: libpq-dev * postgresql-dev on Alpine * libedit (CLI console) - * RHEL/Fedora: libedit-devel on CentOS (RHEL requires rhel-7-server-optional-rpms) + * RHEL/Fedora: libedit-devel (RHEL requires rhel-7-server-optional-rpms) * Debian/Ubuntu/Alpine: libedit-dev * Termcap (only required if libedit doesn't already link against termcap/ncurses) * RHEL/Fedora: libtermcap-devel @@ -2351,7 +2342,7 @@ can be used to disable the usage of `git describe`. ### Building RPMs -#### Build Environment on RHEL, CentOS, Fedora, Amazon Linux +#### Build Environment on RHEL, Fedora, Amazon Linux Setup your build environment: @@ -2407,7 +2398,7 @@ spectool -g ../SPECS/icinga2.spec cd $HOME/rpmbuild ``` -Install the build dependencies. Example for CentOS 7: +Install the build dependencies: ```bash yum -y install libedit-devel ncurses-devel gcc-c++ libstdc++-devel openssl-devel \ @@ -2436,21 +2427,9 @@ rpmbuild -ba SPECS/icinga2.spec The following packages are required to build the SELinux policy module: * checkpolicy -* selinux-policy (selinux-policy on CentOS 6, selinux-policy-devel on CentOS 7) +* selinux-policy-devel * selinux-policy-doc -##### RHEL/CentOS 7 - -The RedHat Developer Toolset is required for building Icinga 2 beforehand. -This contains a C++ compiler which supports C++17 features. - -```bash -yum install centos-release-scl -``` - -Dependencies to devtools-11 are used in the RPM SPEC, so the correct tools -should be used for building. - ##### Amazon Linux If you prefer to build packages offline, a suitable Vagrant box is located diff --git a/tools/selinux/icinga2.te b/tools/selinux/icinga2.te index 1b9f0513f09..0f50908dac3 100644 --- a/tools/selinux/icinga2.te +++ b/tools/selinux/icinga2.te @@ -205,7 +205,7 @@ corenet_tcp_connect_lmtp_port(icinga2_t) # Allow icinga2 to connect to redis using unix domain sockets stream_connect_pattern(icinga2_t, redis_var_run_t, redis_var_run_t, redis_t) -# Just like `redis_tcp_connect(icinga2_t)`, though this interface does not exist on centos7 +# Just like `redis_tcp_connect(icinga2_t)`, though this interface does not exist on Amazon Linux 2 corenet_tcp_recvfrom_labeled(icinga2_t, redis_t) corenet_tcp_sendrecv_redis_port(icinga2_t) corenet_tcp_connect_redis_port(icinga2_t) From ac220ba65146c826301acc415b06dbfbec6c4860 Mon Sep 17 00:00:00 2001 From: Yonas Habteab Date: Mon, 21 Oct 2024 12:35:09 +0200 Subject: [PATCH 21/27] docs: Add `$` to the escape sequences section feat: Add the `$` character to the escape sequences table. --- doc/17-language-reference.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/doc/17-language-reference.md b/doc/17-language-reference.md index 5686d558af1..53bea28a3a5 100644 --- a/doc/17-language-reference.md +++ b/doc/17-language-reference.md @@ -97,6 +97,7 @@ Character | Escape sequence --------------------------|------------------------------------ " | \\" \\ | \\\\ +$ | $$ <TAB> | \\t <CARRIAGE-RETURN> | \\r <LINE-FEED> | \\n @@ -107,6 +108,10 @@ In addition to these pre-defined escape sequences you can specify arbitrary ASCII characters using the backslash character (\\) followed by an ASCII character in octal encoding. +In Icinga 2, the `$` character is reserved for resolving [runtime macros](03-monitoring-basics.md#runtime-macros). +However, in situations where a string that isn't intended to be used as a runtime macro contains the `$` character, +it is necessary to escape it with another `$` character. + ### Multi-line String Literals Strings spanning multiple lines can be specified by enclosing them in From a3fcd5bbefc84d2a3d071e27a3f250302bc2ead0 Mon Sep 17 00:00:00 2001 From: Yonas Habteab Date: Mon, 21 Oct 2024 12:38:53 +0200 Subject: [PATCH 22/27] docs: Add missing space --- doc/14-features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/14-features.md b/doc/14-features.md index 4a6e1ce489a..6ad4d109522 100644 --- a/doc/14-features.md +++ b/doc/14-features.md @@ -106,7 +106,7 @@ The current naming schema is defined as follows. The [Icinga Web 2 Graphite modu depends on this schema. The default prefix for hosts and services is configured using -[runtime macros](03-monitoring-basics.md#runtime-macros)like this: +[runtime macros](03-monitoring-basics.md#runtime-macros) like this: ``` icinga2.$host.name$.host.$host.check_command$ From 3b40ba1fe4490364096aee1df23dbf8c4123d40d Mon Sep 17 00:00:00 2001 From: "Alexander A. Klimov" Date: Thu, 24 Oct 2024 09:44:36 +0200 Subject: [PATCH 23/27] doc/: fix "a HA" -> "an HA" --- doc/06-distributed-monitoring.md | 2 +- doc/15-troubleshooting.md | 2 +- doc/19-technical-concepts.md | 2 +- lib/icinga/checkable-check.cpp | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/06-distributed-monitoring.md b/doc/06-distributed-monitoring.md index 1f24cb96fab..b81f22b4b19 100644 --- a/doc/06-distributed-monitoring.md +++ b/doc/06-distributed-monitoring.md @@ -3131,7 +3131,7 @@ object Endpoint "icinga2-master2.localdomain" { > **Note** > > This is required if you decide to change an already running single endpoint production -> environment into a HA-enabled cluster zone with two endpoints. +> environment into an HA-enabled cluster zone with two endpoints. > The [initial setup](06-distributed-monitoring.md#distributed-monitoring-scenarios-ha-master-clients) > with 2 HA masters doesn't require this step. diff --git a/doc/15-troubleshooting.md b/doc/15-troubleshooting.md index 4cc733854f7..e01c0d3f379 100644 --- a/doc/15-troubleshooting.md +++ b/doc/15-troubleshooting.md @@ -878,7 +878,7 @@ actively attempts to schedule and execute checks. Otherwise the node does not fe } ``` -You may ask why this analysis is important? Fair enough - if the numbers are not inverted in a HA zone +You may ask why this analysis is important? Fair enough - if the numbers are not inverted in an HA zone with two members, this may give a hint that the cluster nodes are in a split-brain scenario, or you've found a bug in the cluster. diff --git a/doc/19-technical-concepts.md b/doc/19-technical-concepts.md index 3f4b3812b39..de68bdd6320 100644 --- a/doc/19-technical-concepts.md +++ b/doc/19-technical-concepts.md @@ -651,7 +651,7 @@ authority = endpoints[Utility::SDBM(object->GetName()) % endpoints.size()] == my that by querying the `paused` attribute for all objects via REST API or debug console on both endpoints. -Endpoints inside a HA zone calculate the object authority independent from each other. +Endpoints inside an HA zone calculate the object authority independent from each other. This object authority is important for selected features explained below. Since features are configuration objects too, you must ensure that all nodes diff --git a/lib/icinga/checkable-check.cpp b/lib/icinga/checkable-check.cpp index f0af81bdd96..6e3b8764b83 100644 --- a/lib/icinga/checkable-check.cpp +++ b/lib/icinga/checkable-check.cpp @@ -363,7 +363,7 @@ Checkable::ProcessingResult Checkable::ProcessCheckResult(const CheckResult::Ptr // Don't recompute the next check when the current check isn't generated by this endpoint. When the check is // remotely generated we should've already received the "SetNextCheck" event before the "event::CheckResult" // cluster event. Otherwise, the next check received before this check will be invalidated and cause the Checkable - // "next_check/next_update" in a HA setup to always be different from the other endpoint as the "m_SchedulingOffset" + // "next_check/next_update" in an HA setup to always be different from the other endpoint as the "m_SchedulingOffset" // is randomly initialised on each node. if (!origin) { if (cr->GetActive()) { From 60a7152ef9fdf8fbbe92b5bce48471d524d3b457 Mon Sep 17 00:00:00 2001 From: "Alexander A. Klimov" Date: Wed, 8 May 2024 17:40:05 +0200 Subject: [PATCH 24/27] Document how to enable/disable Debug Output on the fly This is a good alternative to `icinga2 feature enable debuglog`: * Object creation/deletion via API happens immediately and requires no restart * Hence, the debug log is enabled exactly as long as desired Co-authored-by: alvar <8402811+oxzi@users.noreply.github.com> --- doc/15-troubleshooting.md | 58 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/doc/15-troubleshooting.md b/doc/15-troubleshooting.md index e01c0d3f379..945ceed1ee9 100644 --- a/doc/15-troubleshooting.md +++ b/doc/15-troubleshooting.md @@ -176,6 +176,64 @@ C:\> cd C:\ProgramData\icinga2\var\log\icinga2 C:\ProgramData\icinga2\var\log\icinga2> Get-Content .\debug.log -tail 10 -wait ``` +### Enable/Disable Debug Output on the fly + +The `debuglog` feature can also be created and deleted at runtime without having to restart Icinga 2. +Technically, this is possible because this feature is a [FileLogger](09-object-types.md#objecttype-filelogger) +that can be managed through the [API](12-icinga2-api.md#icinga2-api-config-objects). + +This is a good alternative to `icinga2 feature enable debuglog` as object +creation/deletion via API happens immediately and requires no restart. + +The above matters in setups large enough for the reload to take a while. +Especially these produce a lot of debug log output until disabled again. + +!!! info + + In case of [an HA zone](06-distributed-monitoring.md#distributed-monitoring-scenarios-ha-master-agents), + the following API examples toggle the feature on both nodes. + +#### Enable Debug Output on the fly + +```bash +curl -k -s -S -i -u root:icinga -H 'Accept: application/json' \ + -X PUT 'https://localhost:5665/v1/objects/fileloggers/on-the-fly-debug-file' \ + -d '{ "attrs": { "severity": "debug", "path": "/var/log/icinga2/on-the-fly-debug.log" }, "pretty": true }' +``` + +```json +{ + "results": [ + { + "code": 200.0, + "status": "Object was created." + } + ] +} +``` + +#### Disable Debug Output on the fly + +This works only for debug loggers enabled on the fly as above! + +```bash +curl -k -s -S -i -u root:icinga -H 'Accept: application/json' \ + -X DELETE 'https://localhost:5665/v1/objects/fileloggers/on-the-fly-debug-file?pretty=1' +``` + +```json +{ + "results": [ + { + "code": 200.0, + "name": "on-the-fly-debug-file", + "status": "Object was deleted.", + "type": "FileLogger" + } + ] +} +``` + ## Icinga starts/restarts/reloads very slowly ### Try swapping out the allocator From 840415590ecb74e5318b16d743ced31ea5fca7fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20Aleksandrovi=C4=8D=20Klimov?= Date: Mon, 28 Oct 2024 12:12:35 +0100 Subject: [PATCH 25/27] openSUSE install docs: remove false info No packages to be installed according to these instructions require the given repo. --- doc/02-installation.md | 6 ------ 1 file changed, 6 deletions(-) diff --git a/doc/02-installation.md b/doc/02-installation.md index 8c78e6c5522..35a7aef1422 100644 --- a/doc/02-installation.md +++ b/doc/02-installation.md @@ -150,12 +150,6 @@ SUSEConnect -p PackageHub/$VERSION_ID/x86_64 zypper ar https://packages.icinga.com/openSUSE/ICINGA-release.repo zypper ref ``` - -You need to additionally add the `server:monitoring` repository to fulfill dependencies: - -```bash -zypper ar https://download.opensuse.org/repositories/server:/monitoring/15.3/server:monitoring.repo -``` From c966f18f964ccdfef3c42f2cc59f3de39471940e Mon Sep 17 00:00:00 2001 From: Christian Lauf Date: Tue, 26 Nov 2024 10:52:05 +0100 Subject: [PATCH 26/27] Enhance documentation regarding internal icinga config sync check (#10101) * Update 10-icinga-template-library.md Explicitly name the config-sync check feature of the icinga check, as before this was a little bit too undocumented making it unknown to me. Also mention where the check has to executed in order to bring the desired results. * Update 15-troubleshooting.md Add 4h typical error point for configuration stored outside of /etc/icinga2/zones.d. For when a non-distributed setup was migrated to a distributed setup. Also link to the internal icinga CheckCommand to promote its existance. * Update 15-troubleshooting.md Remove "-" from link * Revert "Update 15-troubleshooting.md" This reverts commit bb25ba3ff5d2797b95cc6c6d5d4fc64e342164f1. * Update AUTHORS Add myself to AUTHORS * Update doc/15-troubleshooting.md Co-authored-by: alvar <8402811+oxzi@users.noreply.github.com> * Update doc/10-icinga-template-library.md Co-authored-by: alvar <8402811+oxzi@users.noreply.github.com> * Update doc/15-troubleshooting.md Co-authored-by: alvar <8402811+oxzi@users.noreply.github.com> --------- Co-authored-by: alvar <8402811+oxzi@users.noreply.github.com> --- AUTHORS | 1 + doc/10-icinga-template-library.md | 6 ++++-- doc/15-troubleshooting.md | 3 +++ 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/AUTHORS b/AUTHORS index e84b14eb9d9..778b6529c8a 100644 --- a/AUTHORS +++ b/AUTHORS @@ -52,6 +52,7 @@ Christian Gut Christian Harke Christian Jonak Christian Lehmann +Christian Lauf Christian Loos Christian Schmidt Christopher Peterson <3893680+cspeterson@users.noreply.github.com> diff --git a/doc/10-icinga-template-library.md b/doc/10-icinga-template-library.md index 0777a5b5029..b11e53f55cd 100644 --- a/doc/10-icinga-template-library.md +++ b/doc/10-icinga-template-library.md @@ -75,8 +75,10 @@ plugin scripts. ### icinga -Check command for the built-in `icinga` check. This check returns performance -data for the current Icinga instance, reports as warning if the last reload failed and optionally allows for minimum version checks. +Check command for the built-in `icinga` check. This check returns performance data for the current Icinga instance, +reports as warning if the last reload or config sync failed and optionally allows for minimum version checks. + +For the config sync check to work, it must be run on the satellite or agent. Custom variables passed as [command parameters](03-monitoring-basics.md#command-passing-parameters): diff --git a/doc/15-troubleshooting.md b/doc/15-troubleshooting.md index 945ceed1ee9..5afbebea924 100644 --- a/doc/15-troubleshooting.md +++ b/doc/15-troubleshooting.md @@ -1698,6 +1698,9 @@ Typical errors are: * The api feature doesn't [accept config](06-distributed-monitoring.md#distributed-monitoring-top-down-config-sync). This is logged into `/var/lib/icinga2/icinga2.log`. * The received configuration zone is not configured in [zones.conf](04-configuration.md#zones-conf) and Icinga denies it. This is logged into `/var/lib/icinga2/icinga2.log`. * The satellite/agent has local configuration in `/etc/icinga2/zones.d` and thinks it is authoritive for this zone. It then denies the received update. Purge the content from `/etc/icinga2/zones.d`, `/var/lib/icinga2/api/zones/*` and restart Icinga to fix this. +* Configuration parts stored outside of `/etc/icinga2/zones.d` on the master, for example a constant in `/etc/icinga2/constants.conf`, are then missing on the satellite/agent. + +Note that if set up, the [built-in icinga CheckCommand](10-icinga-template-library.md#icinga) will notify you in case the config sync wasn't successful. #### New configuration does not trigger a reload From e2361d014fdccd14b0b1b1e216bf95daeb4e4f03 Mon Sep 17 00:00:00 2001 From: "Alexander A. Klimov" Date: Tue, 18 Jun 2024 15:06:34 +0200 Subject: [PATCH 27/27] Doc: Distributed Monitoring: add section "External CA/PKI" The following already works: * Custom key sizes, e.g. 2048 bits * Custom key types, e.g. ECC * Multiple trusted root CAs in `/var/lib/icinga2/certs/ca.crt` * Different root CAs per cluster subtree, as long as each node trusts the issuers of the certificates of all nodes it's directly connected to * Any number of intermediate CAs --- doc/06-distributed-monitoring.md | 47 ++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/doc/06-distributed-monitoring.md b/doc/06-distributed-monitoring.md index b81f22b4b19..b05f4a8c8a5 100644 --- a/doc/06-distributed-monitoring.md +++ b/doc/06-distributed-monitoring.md @@ -3227,6 +3227,53 @@ information/pki: Writing certificate to file 'icinga2-satellite1.localdomain.crt Copy and move these certificates to the respective instances e.g. with SSH/SCP. +#### External CA/PKI + +Icinga works best with its own certificates. +The commands described above take care of the optimal certificate properties. +Also, Icinga renews them periodically at runtime to avoid expiry. +But you can also provide your own certificates, +just like to any other application which uses TLS. + +!!! warning + + The only serious reasons to generate own certificates are company policies. + You are responsible for making Icinga working with your certificates, + as well as for [expiry monitoring](10-icinga-template-library.md#plugin-check-command-ssl_cert) + and renewal. + + Especially `icinga2 pki` CLI commands do not expect such certificates. + + Also, do not provide your custom CA private key to Icinga 2! + Otherwise, it will automatically renew leaf certificates + with our hardcoded properties, not your custom ones. + +The CA certificate must be located in `/var/lib/icinga2/certs/ca.crt`. +The basic requirements for all leaf certificates are: + +* Located in `/var/lib/icinga2/certs/NODENAME.crt` + and `/var/lib/icinga2/certs/NODENAME.key` +* Subject with CN matching the endpoint name +* A DNS SAN matching the endpoint name + +Pretty much everything else is limited only by your company policy +and the OpenSSL versions your Icinga nodes use. E.g. the following works: + +* Custom key sizes, e.g. 2048 bits +* Custom key types, e.g. ECC +* Any number of intermediate CAs (but see limitations below) +* Multiple trusted root CAs in `/var/lib/icinga2/certs/ca.crt` +* Different root CAs per cluster subtree, as long as each node trusts the + certificate issuers of all nodes it's directly connected to + +Intermediate CA restrictions: + +* Each side has to provide its intermediate CAs along with the leaf certificate + in `/var/lib/icinga2/certs/NODENAME.crt`, ordered from leaf to root. +* Intermediate CAs may not be used directly as root CAs. To trust only specific + intermediate CAs, cross-sign them with themselves, so that you get equal + certificates except that they're self-signed. Use them as root CAs in Icinga. + ## Automation These hints should get you started with your own automation tools (Puppet, Ansible, Chef, Salt, etc.)