Icinga DB: Config no_user_modify and Support Redis username authentication #10102
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This was referenced Jul 30, 2024
oxzi
added a commit
that referenced
this pull request
Jul 31, 2024
As seen in the recent GHA run for #10102, CentOS is now dysfunctional. > Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=container error was > 14: curl#6 - "Could not resolve host: mirrorlist.centos.org; Unknown error" > $ host mirrorlist.centos.org > Host mirrorlist.centos.org not found: 3(NXDOMAIN) Since CentOS Linux 7 has reached its end of life at June 30 together with RHEL7's end of maintenance, there will be no further updates. https://blog.centos.org/2023/04/end-dates-are-coming-for-centos-stream-8-and-centos-linux-7/
Closed
oxzi
added a commit
that referenced
this pull request
Jul 31, 2024
As seen in the recent GHA run for #10102, the two Windows Actions have failed. The output log contains: > DEBUG: 27+ >>>> ctest.exe -C "${env:CMAKE_BUILD_TYPE}" -T test -O $env:ICINGA2_BUILDPATH/Test.xml > --output-on-failure --log_level=all > CMake Error: Unknown argument: --log_level=all > CMake Error: Run 'ctest --help' for all supported options. After consulting ctest(1), older versions included, I have never found a mention of the "--log_level" flag. Since the useful "--output-on-failure" flag is already set, which will "[o]utput anything outputted by the test program if the test should fail", I do not see any further reason for more logging information. This flag was introduced in 7665143, but I have not found any reasoning for the flag in particular.
oxzi
added a commit
that referenced
this pull request
Jul 31, 2024
As seen in the recent GHA run for #10102, the two Windows Actions have failed. The output log contains: > DEBUG: 27+ >>>> ctest.exe -C "${env:CMAKE_BUILD_TYPE}" -T test -O $env:ICINGA2_BUILDPATH/Test.xml > --output-on-failure --log_level=all > CMake Error: Unknown argument: --log_level=all > CMake Error: Run 'ctest --help' for all supported options. After consulting ctest(1), older versions included, I have never found a mention of the "--log_level" flag. Since the useful "--output-on-failure" flag is already set, which will "[o]utput anything outputted by the test program if the test should fail", I do not see any further reason for more logging information. This flag was introduced in 7665143, but I have not found any reasoning for the flag in particular.
oxzi
force-pushed
the
icingadb-redis-username
branch
from
acb8c79
to
bc5e7ec
Compare
|
Rebased after the last two CI fixes were merged. |
Al2Klimov
pushed a commit
that referenced
this pull request
Aug 6, 2024
As seen in the recent GHA run for #10102, the two Windows Actions have failed. The output log contains: > DEBUG: 27+ >>>> ctest.exe -C "${env:CMAKE_BUILD_TYPE}" -T test -O $env:ICINGA2_BUILDPATH/Test.xml > --output-on-failure --log_level=all > CMake Error: Unknown argument: --log_level=all > CMake Error: Run 'ctest --help' for all supported options. After consulting ctest(1), older versions included, I have never found a mention of the "--log_level" flag. Since the useful "--output-on-failure" flag is already set, which will "[o]utput anything outputted by the test program if the test should fail", I do not see any further reason for more logging information. This flag was introduced in 7665143, but I have not found any reasoning for the flag in particular.
Al2Klimov
pushed a commit
that referenced
this pull request
Aug 6, 2024
As seen in the recent GHA run for #10102, the two Windows Actions have failed. The output log contains: > DEBUG: 27+ >>>> ctest.exe -C "${env:CMAKE_BUILD_TYPE}" -T test -O $env:ICINGA2_BUILDPATH/Test.xml > --output-on-failure --log_level=all > CMake Error: Unknown argument: --log_level=all > CMake Error: Run 'ctest --help' for all supported options. After consulting ctest(1), older versions included, I have never found a mention of the "--log_level" flag. Since the useful "--output-on-failure" flag is already set, which will "[o]utput anything outputted by the test program if the test should fail", I do not see any further reason for more logging information. This flag was introduced in 7665143, but I have not found any reasoning for the flag in particular.
Al2Klimov
previously approved these changes
Aug 26, 2024
yhabteab
reviewed
Sep 11, 2024
oxzi
force-pushed
the
icingadb-redis-username
branch
from
bc5e7ec
to
55b31a9
Compare
oxzi
changed the title
yhabteab
reviewed
Sep 20, 2024
oxzi
force-pushed
the
icingadb-redis-username
branch
from
55b31a9
to
34d4a42
Compare
yhabteab
previously approved these changes
Sep 24, 2024
Al2Klimov
reviewed
Sep 24, 2024
Al2Klimov
reviewed
Sep 25, 2024
oxzi
force-pushed
the
icingadb-redis-username
branch
from
34d4a42
to
c86ce03
Compare
oxzi
changed the title
Al2Klimov
reviewed
Oct 22, 2024
Al2Klimov
requested changes
Oct 23, 2024
Each configuration field of an IcingaDB Object was marked with no_user_modify as modifications via the API would not result in an actual change. While the Object would be updated, the internal Redis connection would not be restarted, resulting in an unexpected behavior. The missing db_index was added to the documentation.
The Redis ACL system was introduced with Redis 6.0. It introduced users with precisely granular permissions. This change allows Icinga 2 to use the Icinga DB feature against a Redis with an ACL user. This was reflected in the documentation, next to the already implemented, but undocumented Redis database. Closes #9536.
oxzi
force-pushed
the
icingadb-redis-username
branch
from
c86ce03
to
98f60fd
Compare
Al2Klimov
approved these changes
Oct 24, 2024
yhabteab
approved these changes
Nov 7, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Icinga DB: Config no_user_modify
Each configuration field of an IcingaDB Object was marked with no_user_modify as modifications via the API would not result in an actual change. While the Object would be updated, the internal Redis connection would not be restarted, resulting in an unexpected behavior.
The missing db_index was added to the documentation.
Icinga DB: Support Redis username authentication
The Redis ACL system was introduced with Redis 6.0. It introduced users with precisely granular permissions. This change allows Icinga 2 to use the Icinga DB feature against a Redis with an ACL user.
This was reflected in the documentation, next to the already implemented, but undocumented Redis database.
Closes #9536.