With the TLS connection improvements there was also another bug with hanging TLS connections unveiled. Turns out, this has been sitting there since 2.8.2 and not only affects JSON-RPC cluster connections but also HTTP request sessions, as being used inside the Director kickstart wizard for example. Tom is working on a fix for Director 1.6 in order to support older Icinga 2 versions too.
2.10.2 also fixes a programming mistake with the minimum version parameter for the “icinga” check, thanks for the patch, Max! The path constant changes in 2.10 introduced a regression with the cache file for
icinga2 object list being overridden with the legacy 1.x objects cache content. You’re safe when you have disabled the
statusdata feature before 2.10.2. SELinux would throw an error with package related changes, this has been fixed too. The documentation has been updated for removed/updated packages too.
Check the full changelog prior to upgrading packages from the official repositories.
The namespace support in 2.10 caused a regression with the registered global scope being evaluated for API permissions with filters. This release fixes the problem, next to a problem with Windows packages not fully starting up. There’s also a fixed oversight with not setting a default environment constant. This affects setups checking the SNI header in external load balancers.
v2.10.1 also fixes a problem with application reload and missing event states in large scale environments.
Our friends from the Max-Planck-Institut for Marine Mikrobiologie kindly sponsored that acknowledgement notifications are now sent only to users which have been notified about a problem before – thanks a lot. Another sponsor asked for more child options for the ScheduledDowntime which are now released in 2.10.
2.10 also brings support for namespaces and allows us to keep the “globals” namespace clean. In addition to that, user-defined namespaces are possible and can be imported into the global namespace too. Read more about this feature here. An additional DSL feature is the support for references. You’ll also find new fine granular path constants in this release, e.g. ConfigDir instead of SysconfDir + “/icinga2”. The old constants are still intact but deprecated.
As promised in the 2.9.2 release post, we’ve been debugging TLS connection handling with many threads and TLS timeouts in large scale environments. This release adds a dynamic thread connection pool for both, cluster messages and HTTP requests. With the performance boost granted, we’ve also lowered the cluster reconnect interval from 60 to 10 seconds. This ensures that configuration deployments triggering a reload don’t leave clients behind.
Icinga 2 v2.9 introduced performance related changes inside the configuration compilation and activation order. This was to ensure a) no unwanted notifications b) use available CPU resources to speed up the overall validation process. These changes had a bad effect on configuration depending on a specific activation order, and slowed it down with many config objects of a specific type. The Icinga Director depends on get_host() being called in service objects to support specific service set overrides. In case you’re having trouble here, v2.9.2 is for you.
Under the hood, Icinga 2 uses many constants and reserved keywords, e.g. “Critical” or “Zone” which are respected by the config parser and compiler. This sometimes leads to errors when users accidentally override such things, or re-define their own global constants. v2.10 introduces namespaces for this purpose, and ensures that such accidents won’t happen anymore.
What exactly is a namespace?
Think of a defined “room” for variables, functions, etc. which can be defined similar to constants. They are isolated from other namespaces and must be loaded by the user/developer. Namespaces need a defined name – we prefer to use a capitalized string, e.g. “MyNamespace”. This helps to immediately qualify this as customization when reading the configuration.
Icinga 2 v2.10 uses namespaces which are registered and loaded by default. In order to test this, open the debug console on a test VM which has the snapshot packages installed. Fetch the keys in global namespace “globals” first.
Icinga 2.9.0 provided many many bugfixes and one change has unfortunately been overseen. If you use an init system different to Systemd (e.g. Sysvinit) or the “-d/–daemonize” option in your containers, issue #6445 causes troubles. This is visible with logging, cluster connects, IDO database writing. Users reported problems on CentOS 6, SLES 11, Ubuntu 14, Debian 8, Gentoo (both with Sysvinit).
Thanks to the quality feedback from community members and contributors, we’ve analysed and fixed the problem last week. Next to that, Dirk has updated the SELinux policy to allow Systemd notifies, and another fix deals with init script sourcing on non-posix systems.
Release packages for v2.9.1 are available on https://packages.icinga.com. Linux/Unix masters, satellites, clients require the update, Windows clients are not affected.