Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API action restart-process fails on FreeBSD #6898

Closed
joachimmathes opened this issue Jan 16, 2019 · 2 comments · Fixed by #6901
Closed

API action restart-process fails on FreeBSD #6898

joachimmathes opened this issue Jan 16, 2019 · 2 comments · Fixed by #6901
Assignees
@Al2Klimov
Labels
area/api REST API bug Something isn't working
Milestone
2.10.3

Comments

@joachimmathes
Copy link

joachimmathes commented Jan 16, 2019
edited

If I run the API action restart-process, Icinga2 won't restart. The same happens when curl -k -s -u user:password -H 'Accept: application/json' -X POST \ 'https://localhost:5665/v1/config/packages/example-cmdb?pretty=1' tries to restart Icinga2.

Expected Behavior

curl -k -s -u user:password -H 'Accept: application/json' -X POST 'https://172.17.28.120:5665/v1/actions/restart-process?pretty=1'

should restart Icinga2

Current Behavior

curl -k -s -u user:password -H 'Accept: application/json' -X POST 'https://172.17.28.120:5665/v1/actions/restart-process?pretty=1'

does not restart Icinga2. Icinga2 log says:

[2019-01-16 10:52:38 +0100] critical/TcpSocket: Invalid socket: Address already in use
Context:
        (0) Activating object 'api' of type 'ApiListener'

[2019-01-16 10:52:38 +0100] critical/ApiListener: Cannot bind TCP socket for host '172.17.28.120' on port '5665'.
Context:
        (0) Activating object 'api' of type 'ApiListener'

[2019-01-16 10:52:38 +0100] critical/ApiListener: Cannot add listener on host '172.17.28.120' for port '5665'.
Context:
        (0) Activating object 'api' of type 'ApiListener'

Context

I want to avoid ssh access to Icinga2 master for dedicated hosts, that should be allowed to modify the Icinga2 configuration. As https://icinga.com/docs/icinga2/latest/doc/12-icinga2-api/#configuration-management tells me, access control and authorization via Icinga2 API is the way to go.

My Environment

  • Version used (icinga2 --version): r2.10.2-1
  • Operating System and version: FreeBSD 11.2-RELEASE-p7
  • Enabled features (icinga2 feature list): 
    Disabled features: command compatlog debuglog elasticsearch gelf ido-pgsql influxdb livestatus opentsdb perfdata statusdata syslog
Enabled features: api checker graphite ido-mysql mainlog notification
  • Config validation (icinga2 daemon -C): is valid
@Al2Klimov
Copy link
Member

Dear core devs,

AFAIK TcpSocket#Bind() does setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, ...) so this can't happen, can it?

@Al2Klimov Al2Klimov self-assigned this Jan 17, 2019
Al2Klimov added a commit that referenced this issue Jan 17, 2019
@Al2Klimov
TcpSocket#Bind(): also set SO_REUSEPORT
b2b44b4 
refs #6898
@Al2Klimov Al2Klimov mentioned this issue Jan 17, 2019
Merged
Al2Klimov added a commit that referenced this issue Jan 17, 2019
@Al2Klimov
TcpSocket#Bind(): also set SO_REUSEPORT
984f7be 
refs #6898
@dnsmichi dnsmichi added area/api REST API bug Something isn't working labels Jan 30, 2019
@dnsmichi dnsmichi added this to the 2.10.3 milestone Feb 4, 2019
@dnsmichi
Copy link
Contributor

dnsmichi commented Feb 8, 2019

https://twitter.com/bsdlme/status/1093889864859336704

@dnsmichi dnsmichi mentioned this issue Feb 11, 2019
Closed
dnsmichi pushed a commit that referenced this issue Feb 11, 2019
@Al2Klimov
TcpSocket#Bind(): also set SO_REUSEPORT
362c7eb 
refs #6898

(cherry picked from commit 984f7be)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Al2Klimov Al2Klimov

Labels
area/api REST API bug Something isn't working
Projects
None yet
Milestone
2.10.3
Development

Successfully merging a pull request may close this issue.

TcpSocket#Bind(): also set SO_REUSEPORT Icinga/icinga2
3 participants
@joachimmathes @dnsmichi @Al2Klimov