Icinga X.509 Module

We are pleased to announce the first open source release of our X.509 module for Icinga.
The X.509 module for Icinga keeps track of certificates as they are deployed in a network environment.
It does this by scanning networks for TLS services and collects whatever certificates it finds along the way.
The certificates are verified using its own trust store. (more…)

Icinga Web 2.6.2 Bugfix Release

Host groups with filterWe are happy to announce a new bugfix release for Icinga Web 2.
Official packages are available on packages.icinga.com. Community repositories might need a while to catch up.
Version 2.6.2 addresses the following topics:

  • Database connections to MySQL 8 no longer fail
  • LDAP connections now have a timeout configuration which defaults to 5 seconds
  • User groups are now correctly loaded for externally authenticated users
  • Filters are respected for all links in the host and service group overviews
  • Fixed permission problems where host and service actions provided by modules were missing
  • Fixed an SQL error in the contact list view when filtering for host groups
  • Fixed time zone (DST) detection
  • Fixed the contact details view if restrictions are active
  • Doc parser and documentation fixes

You can find all issues and features related to this release on our Roadmap.

Icinga 2.10.2 bugfix release

With the TLS connection improvements there was also another bug with hanging TLS connections unveiled. Turns out, this has been sitting there since 2.8.2 and not only affects JSON-RPC cluster connections but also HTTP request sessions, as being used inside the Director kickstart wizard for example. Tom is working on a fix for Director 1.6 in order to support older Icinga 2 versions too.
2.10.2 also fixes a programming mistake with the minimum version parameter for the “icinga” check, thanks for the patch, Max! The path constant changes in 2.10 introduced a regression with the cache file for icinga2 object list being overridden with the legacy 1.x objects cache content. You’re safe when you have disabled the statusdata feature before 2.10.2. SELinux would throw an error with package related changes, this has been fixed too. The documentation has been updated for removed/updated packages too.
Check the full changelog prior to upgrading packages from the official repositories.

Icinga Vagrant Boxes 2.0: OpenStack provider and enhanced scenarios

It’s been a while since the last Vagrant box update and release, so here are the highlights of the past months combined into a new shiny 2.0 release 🙂
 

New provider: OpenStack

In the past week I’ve been playing with OpenStack. Johan was so kind to send a PR nearly 2 years ago, now the NETWAYS NWS cloud is ready for OpenStack and my tests. Small things were needed to adopt the box provisioning with floating IPs. If you are an experienced OpenStack user, you’ll know how to source everything into your environment. Everyone else just can follow the newly written docs 🙂
Huge shout-out to Johan from CSC for his contribution!
(more…)

Icinga 2.10.1 bugfix release

The namespace support in 2.10 caused a regression with the registered global scope being evaluated for API permissions with filters. This release fixes the problem, next to a problem with Windows packages not fully starting up. There’s also a fixed oversight with not setting a default environment constant. This affects setups checking the SNI header in external load balancers.
v2.10.1 also fixes a problem with application reload and missing event states in large scale environments.
(more…)

Icinga 2.10 released: Namespaces, Notifications, TLS Performance

Our friends from the Max-Planck-Institut for Marine Mikrobiologie kindly sponsored that acknowledgement notifications are now sent only to users which have been notified about a problem before – thanks a lot. Another sponsor asked for more child options for the ScheduledDowntime which are now released in 2.10.
2.10 also brings support for namespaces and allows us to keep the “globals” namespace clean. In addition to that, user-defined namespaces are possible and can be imported into the global namespace too. Read more about this feature here. An additional DSL feature is the support for references. You’ll also find new fine granular path constants in this release, e.g. ConfigDir instead of SysconfDir + “/icinga2”. The old constants are still intact but deprecated.
As promised in the 2.9.2 release post, we’ve been debugging TLS connection handling with many threads and TLS timeouts in large scale environments. This release adds a dynamic thread connection pool for both, cluster messages and HTTP requests. With the performance boost granted, we’ve also lowered the cluster reconnect interval from 60 to 10 seconds. This ensures that configuration deployments triggering a reload don’t leave clients behind.
(more…)