With the TLS connection improvements there was also another bug with hanging TLS connections unveiled. Turns out, this has been sitting there since 2.8.2 and not only affects JSON-RPC cluster connections but also HTTP request sessions, as being used inside the Director kickstart wizard for example. Tom is working on a fix for Director 1.6 in order to support older Icinga 2 versions too.
2.10.2 also fixes a programming mistake with the minimum version parameter for the “icinga” check, thanks for the patch, Max! The path constant changes in 2.10 introduced a regression with the cache file for
icinga2 object list being overridden with the legacy 1.x objects cache content. You’re safe when you have disabled the
statusdata feature before 2.10.2. SELinux would throw an error with package related changes, this has been fixed too. The documentation has been updated for removed/updated packages too.
Check the full changelog prior to upgrading packages from the official repositories.
It’s been a while since the last Vagrant box update and release, so here are the highlights of the past months combined into a new shiny 2.0 release :)
New provider: OpenStack
In the past week I’ve been playing with OpenStack. Johan was so kind to send a PR nearly 2 years ago, now the NETWAYS NWS cloud is ready for OpenStack and my tests. Small things were needed to adopt the box provisioning with floating IPs. If you are an experienced OpenStack user, you’ll know how to source everything into your environment. Everyone else just can follow the newly written docs :)
Huge shout-out to Johan from CSC for his contribution!
The namespace support in 2.10 caused a regression with the registered global scope being evaluated for API permissions with filters. This release fixes the problem, next to a problem with Windows packages not fully starting up. There’s also a fixed oversight with not setting a default environment constant. This affects setups checking the SNI header in external load balancers.
v2.10.1 also fixes a problem with application reload and missing event states in large scale environments.
Our friends from the Max-Planck-Institut for Marine Mikrobiologie kindly sponsored that acknowledgement notifications are now sent only to users which have been notified about a problem before – thanks a lot. Another sponsor asked for more child options for the ScheduledDowntime which are now released in 2.10.
2.10 also brings support for namespaces and allows us to keep the “globals” namespace clean. In addition to that, user-defined namespaces are possible and can be imported into the global namespace too. Read more about this feature here. An additional DSL feature is the support for references. You’ll also find new fine granular path constants in this release, e.g. ConfigDir instead of SysconfDir + “/icinga2”. The old constants are still intact but deprecated.
As promised in the 2.9.2 release post, we’ve been debugging TLS connection handling with many threads and TLS timeouts in large scale environments. This release adds a dynamic thread connection pool for both, cluster messages and HTTP requests. With the performance boost granted, we’ve also lowered the cluster reconnect interval from 60 to 10 seconds. This ensures that configuration deployments triggering a reload don’t leave clients behind.
Icinga 2 v2.9 introduced performance related changes inside the configuration compilation and activation order. This was to ensure a) no unwanted notifications b) use available CPU resources to speed up the overall validation process. These changes had a bad effect on configuration depending on a specific activation order, and slowed it down with many config objects of a specific type. The Icinga Director depends on get_host() being called in service objects to support specific service set overrides. In case you’re having trouble here, v2.9.2 is for you.
Stability and user experience were the main goals for this release. Please read the full Changelog for all the details and the Upgrading instructions to be on the safe side. Spoiler: as always, upgrade is safe and super easy. (more…)