Skip to content
Permalink
Browse files

Move OMD packaging things to Check_MK git

We want to have a single git repository for developing Check_MK.
This makes several things a lot easier.

Change-Id: I73ba0ee498798efdb7a81b9c0dc009cc49827ef2
  • Loading branch information...
LarsMichelsen committed Jul 17, 2017
1 parent b5b9d6d commit 1e1d785b54a423e8895af1b99f61bfed33bce7c4
Showing 1,097 changed files with 38,046 additions and 568 deletions.
@@ -20,8 +20,10 @@ api
ar-lib ar-lib
autom4te.cache/ autom4te.cache/
ChangeLog ChangeLog
check_mk-*.spec
check_mk-*.tar.gz check_mk-*.tar.gz
check-mk-*.tar.gz
check-mk-*.build
check-mk-*.dsc
clang-analyzer/ clang-analyzer/
cmc-*.tar.gz cmc-*.tar.gz
cme-*.tar.gz cme-*.tar.gz
@@ -43,5 +45,4 @@ mkeventd/
stamp-h1 stamp-h1
tags tags
tests/web/data/* tests/web/data/*
var/
.idea/ .idea/
@@ -0,0 +1,13 @@
Title: Being more robust against duplicat engineIDs when monitoring SNMPv3 devices
Level: 1
Component: inline-snmp
Compatible: compat
Version: 1.2.7i2
Date: 1433506248
Class: fix

The engineID is defined to be a globally unique identifier of a SNMPv3 device, but it happens
that users configure the same engineID multiple times for different devices, which made
Check_MK only talk to one of them and reporting "No Response from host (Timeout 0/-24)" for
the other devices. This has been changed now that Check_MK disregards the misconfiguration
and works as usual.
@@ -0,0 +1,9 @@
Title: Handling invalid core config problems during updates more friendly
Level: 1
Component: omd
Class: fix
Compatible: compat
State: unknown
Version: 1.2.7i3
Date: 1435235503

@@ -0,0 +1,28 @@
Title: Base URL redirects preserve https protocols now
Level: 1
Component: packages
Class: fix
Compatible: compat
State: unknown
Version: 1.2.7i3
Date: 1435659455

Default redirects from /[site] and /[site]/ to /[site]/omd/ are
are now preserving the original requested protocol (http/https).
When using the apache shared mode (which is the default), having
the system apache service the pages via HTTPS, you will need to
configure the system apache to provide the X-Forwarded-Proto
request header to the site apache, which can be done by
adding the line 'RequestHeader set X-Forwarded-Proto "https"' to
the proxy configuration related to the site.

So if you want to secure your site using SSL, you will need
to configure the following things in the system apache:

a) Enable and configure HTTPS
b) Redirecting all HTTP requests to HTTPS
c) Set the request headers X-Forwarded-Proto, e.g.

<Location /[sitename]>
RequestHeader set X-Forwarded-Proto "https"
</Location>
@@ -0,0 +1,13 @@
Title: Improved performance of Check_MK NagVis Maps Snapin
Level: 2
Component: nagvis
Class: fix
Compatible: compat
State: unknown
Version: 1.2.7i3
Date: 1436188027

The NagVis Maps snapin of the Check_MK sidebar was not performing very well
when a lot of users were accessing the Check_MK GUI at the same time. NagVis
introduced a new caching for the snapin contents which should decrease the
loading time of the snapin dramatically.
@@ -0,0 +1,9 @@
Title: Updated rrdtool to version 1.5.4
Level: 1
Component: packages
Compatible: compat
Version: 1.2.7i3
Date: 1440594029
Class: feature


@@ -0,0 +1,9 @@
Title: Shipping check_mysql_health, check_oracle_health, check_nrpe and check_multi again
Level: 1
Component: packages
Compatible: compat
Version: 1.2.7i3
Date: 1445499247
Class: feature


@@ -0,0 +1,10 @@
Title: check_icmp: Fixed not using configured ping levels since IPv6 implementation
Level: 1
Component: packages
Class: fix
Compatible: compat
State: unknown
Version: 1.2.7i3
Date: 1445525306


@@ -0,0 +1,14 @@
Title: Fixed SNMP timeouts caused by invalid responses from devices
Level: 1
Component: inline-snmp
Class: fix
Compatible: compat
State: unknown
Version: 1.2.7i3
Date: 1447254477

When a SNMP device which has a bug in it's SNMP implementation is responding
with a value which can not be parsed, e.g. a number which is increasing the
maximum value of a 32bit integer, the packet was dropped. The SNMP engine
was retrying to fetch the data and finally timing out. These timeouts
has been fixed now.
@@ -0,0 +1,11 @@
Title: New dependency Python OpenSSL
Level: 1
Component: packages
Compatible: compat
Version: 1.2.7i3
Date: 1452846171
Class: fix

The current Check_MK release requires a new dependency to be installed.
It is the Python OpenSSL module which is named python-openssl on most
distributions and pyOpenSSL on RedHat/CentOS.
@@ -0,0 +1,14 @@
Title: msi generation: improved error handling, removed version information from product name
Level: 1
Component: packages
Class: fix
Compatible: compat
Version: 1.2.7i2
Date: 1433838935

The agent version is no longer displayed in the product name.
This is because some software management tools have troubles to detect the same
product family if the name differs.

Additionally the error handling during the msi generation (done by the agent bakery)
has been improved.
@@ -0,0 +1,13 @@
Title: Set correct bash environment for cronjobs
Level: 1
Component: omd
Compatible: compat
Version: 1.2.7i3
Date: 1460720891
Class: fix

There were certain scenarios were the .profile file was not loaded for crontabs.
This fix always sets these environment variables for the crontabs
SHELL=/bin/bash
BASH_ENV=$OMD_ROOT/.profile

@@ -0,0 +1,9 @@
Title: "omd cp --no-rrds" now excludes ~/var/check_mk/rrd/*
Level: 1
Component: omd
Compatible: compat
Version: 1.4.0i3
Date: 1479201047
Class: fix


@@ -0,0 +1,29 @@
Title: Fixed SSL connection issues in different situations
Level: 1
Component: omd
Class: fix
Compatible: compat
Edition: cre
State: unknown
Version: 1.5.0i1
Date: 1497013634

Whenever a server component of Check_MK opens a SSL connection it uses the trusted certificate
authorities to verify the SSL certificate of the destination server. This is used for example
when performing WATO replication to slave sites or when special agents are communicating via
HTTPS.

In older Check_MK versions the system wide trusted CAs were used to do the verification. During
development of Check_MK 1.4 different parts of Check_MK that establish communications via HTTPS
have been refactored to use a new library (python requests) which does not care about the system
wide trusted CAs by default. This lead to SSL verification errors because former verifyable
certificates were now not verifyable anymore. The error messages were different in this situation,
one example is: "SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed".

The first change is that we have now fixed that to get the old functionality back. Check_MK is
now searching <tt>/etc/ssl/certs</tt> or </tt>/etc/pki/tls/certs</tt> for system wide trusted
CAs by default.

The second change is that we have now added a new global setting which you can use to change
the behaviour: <i>Site Management &gt; Trusted certificate authorities for SSL</i>. You can
disable trusting system wide trusted CAs and upload your custom CAs if you need it.
@@ -0,0 +1,12 @@
Title: Add missing empty directories after copying sites with omd cp -N
Level: 1
Component: omd
Compatible: compat
Version: 1.2.7i2
Date: 1433859685
Class: fix

If you copied a site using the option <tt>-N</tt> on <tt>omd cp</tt> then
several directories would be missing - namely those that contain the omitted
data (log files, performance data etc.). This has been fixed and the empty
directories are correctly being created in the copy now.
@@ -0,0 +1,10 @@
Title: Added OpenHardwareMonitor as a (soft) dependency for the windows agent
Level: 1
Component: packages
Compatible: compat
Version: 1.2.7i3
Date: 1453210138
Class: feature

This adds a stripped down version of OpenHardwareMonitor as a plugin for the windows agent that can
(soon) be enabled through the bakery to enable monitoring of hardware sensors.
@@ -0,0 +1,14 @@
Title: rrdcached: added commands to suspend writing to rrd files
Level: 1
Component: packages
Compatible: compat
Version: 1.2.7i3
Date: 1462804440
Class: feature

using these commands, one can backup rrd files in a consistent state.
There are four new commands in total, 2 for suspend, 2 for resume,
one each applying to individual files (SUSPEND/RESUME) and one each
for all files at once (SUSPENDALL/RESUMEALL).
Please note that these mechanisms are independent from each other so
you can't use RESUMEALL to release files suspended with SUSPEND
@@ -0,0 +1,9 @@
Title: CentOS 5.5: Shipping with compatible simplejson module now
Level: 1
Component: distros
Compatible: compat
Version: 1.2.7i3
Date: 1454497687
Class: fix


@@ -0,0 +1,10 @@
Title: Fixed broken NagVis Maps snapin
Level: 1
Component: nagvis
Class: fix
Compatible: compat
State: unknown
Version: 1.2.7i3
Date: 1455522475


@@ -0,0 +1,12 @@
Title: Silently ignoring deprecated "gadget_type" option now
Level: 1
Component: nagvis
Compatible: compat
Version: 1.2.7i3
Date: 1456864328
Class: fix

Changed handling of deprecated map object attributes: They are silently
ignored by NagVis now. We inform users about deprecated (useless)
attributes in the ChangeLog and will mark old options in the documentation,
but the map loading will not be affected by the deprecated options anymore
@@ -0,0 +1,9 @@
Title: BI-Backend: Is now handling the acknowledgement and downtime infos of BI
Level: 1
Component: nagvis
Compatible: compat
Version: 1.2.7i3
Date: 1456864378
Class: feature


@@ -0,0 +1,18 @@
Title: Fixed possible broken Check_MK web cron job when HTTPS is configured
Level: 1
Component: packages
Class: fix
Compatible: compat
State: unknown
Version: 1.2.7i3
Date: 1458230991

When configuring a system apache for service the webpages via HTTPS and not
via HTTP, the default Check_MK web cron job which is executed once each minute
was not executed correctly because it used http://localhost/[siteid] to call
the cron job. This URL is only working when the system apache is listening
on port 80 (HTTP) at least on localhost.

We have now changed the default cron job to directly use the site apache instead
of the system apache for calling the cron job. This is working even when the
system apache is configured to only listen via HTTPS.
@@ -0,0 +1,14 @@
Title: Shipping pyOpenSSL for Ubuntu 12.04 (precise)
Level: 1
Component: packages
Compatible: compat
Version: 1.2.7i3
Date: 1458548991
Class: fix

This fixes an issue with the agent bakery where agents could not be signed.

Normally Ubuntu 12.04 has pyOpenSSL installed in version 0.12 which has a bug
in the sign method (https://bugs.launchpad.net/pyopenssl/+bug/653830).

Shipping pyOpenSSL 0.13.1 now.
@@ -0,0 +1,10 @@
Title: Added missing MySQL-python module (needed by check_sql check)
Level: 1
Component: packages
Class: fix
Compatible: compat
State: unknown
Version: 1.2.7i3
Date: 1458820847


@@ -0,0 +1,25 @@
Title: Updated NSCA to be compatible with clients of newer distros
Level: 1
Component: packages
Class: fix
Compatible: incomp
State: unknown
Version: 1.2.7i3
Date: 1459428947

Some distros ship newer version of send_nsca which are not compatible
anymore with the old NSCA 2.7 server shipped with Check_MK. So we had
to update NSCA to 2.9.1.

The version is incompatible in one detail: If you are submitting
multiple check results at once you can not use new lines (\n) anymore.
You will have to change it to use the ETB character. This was a subtile
and not well documented change in NSCA. The help text of send_nsca
contains the following text:

===
When submitting multiple simultaneous results, separate each set with the ETB
character (^W or 0x17)
===

This commit is related: https://github.com/NagiosEnterprises/nsca/commit/7256213ef1b3b937e991a8ff5d8782de98d5a11b
@@ -0,0 +1,9 @@
Title: Fixed wrong redirect from /[site] to :80/[site] in case of HTTPS configuration
Level: 1
Component: omd
Compatible: compat
Version: 1.2.7i3
Date: 1460381649
Class: fix


@@ -0,0 +1,9 @@
Title: Fixed local dokuwiki settings being overwritten during updates
Level: 1
Component: packages
Compatible: compat
Version: 1.2.7i3
Date: 1460715938
Class: fix


@@ -0,0 +1,9 @@
Title: dokuwiki: Fixed broken cookie auth when customizing dokuwiki via GUI
Level: 1
Component: packages
Compatible: compat
Version: 1.2.7i3
Date: 1460716009
Class: fix


0 comments on commit 1e1d785

Please sign in to comment.
You can’t perform that action at this time.