Branch: refs/heads/master
Home:
https://github.com/Checkmk/checkmk
Commit: 89b83afc27e7d4c9811c481cc6fe5251f6bf44fa
https://github.com/Checkmk/checkmk/commit/89b83afc27e7d4c9811c481cc6fe5251f…
Author: Benedikt Seidl <benedikt.seidl(a)checkmk.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M cmk/utils/werks/werkv1.py
Log Message:
-----------
fix typo: Not all werks are NOT_COMPATIBLE
Change-Id: I71aee915ec0b54d6a020a9b8cec2db8f058be418
Commit: 0ffe9fd2831998be765a72275af46b0fb2408bea
https://github.com/Checkmk/checkmk/commit/0ffe9fd2831998be765a72275af46b0fb…
Author: Benedikt Seidl <benedikt.seidl(a)checkmk.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M CHANGES
Log Message:
-----------
Update CHANGES
Change-Id: If2166e33c12f3aff19dcf27d047ad4742a87c7a9
Commit: e458e6fddbf2cece6801dd94b7c814f01cf2be3e
https://github.com/Checkmk/checkmk/commit/e458e6fddbf2cece6801dd94b7c814f01…
Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
A .werks/15189
M cmk/base/diagnostics.py
Log Message:
-----------
15189 SEC Don't log automation user credentials when generating performance graph
diagnostics
Prior to this Werk, creating a Support Diagnostic report including the
option "Performance Graphs of Checkmk Server" caused the automation
secret of the user "automation" to be logged to the site Apache access
log file (var/log/apache/access_log). This affected both creating the
diagnostic report via the GUI (Setup > Maintenance > Support diagnostics)
and via the command line
(cmk --create-diagnostics-dump --performance-graphs).
With this Werk the credentials are no longer written to the log file.
Note that no automatic sanitization of the log file is attempted by
applying this patch.
This issue was discovered during internal review.
Affected Versions:
- 2.2.0 (beta)
- 2.1.0
- 2.0.0
Mitigations:
Users are advised to change the secret of the user "automation" via the
User Management UI.
If this is not an option for you, delete or manually sanitize the Apache
access log file and any backup of the file. Remove any line that
contains a POST to
<your site URL>/report.py?_username=automation&_secret=<...>.
Refrain from using the affected functionality before applying this patch
or manually sanitize the file afterwards.
Vulnerability Management:
We have rated the issue with a CVSS Score of 4.4 (Medium) with the
following CVSS vector:
<tt>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N</tt>.
We have assigned CVE-2023-31207.
Change-Id: I5b903fb3c1d186219f7718acf3d6efa498e9f5cf
Commit: ad9de1d7ef2bb8f58bda1c1f001e59b0470bc2ca
https://github.com/Checkmk/checkmk/commit/ad9de1d7ef2bb8f58bda1c1f001e59b04…
Author: Joerg Herbel <joerg.herbel(a)checkmk.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M cmk/gui/watolib/activate_changes.py
M omd/packages/omd/skel.permissions
R omd/packages/omd/skel/etc/omd/allocated_ports
M tests/integration/omd/test_permissions.py
M tests/unit/cmk/gui/watolib/test_activate_changes.py
Log Message:
-----------
Purge remainders of allocated_ports
In 2.2, we have an update action to remove this file. Hence, when a user
will update to 2.3, this file will not be present, which means that we
can now completely purge the last remainders.
FEED-7861
Change-Id: I59bcec08a83103f77a541c74e8226d5901cc9987
Commit: 1dd13a068067a359a565cec1cd2f16aacfd21b52
https://github.com/Checkmk/checkmk/commit/1dd13a068067a359a565cec1cd2f16aac…
Author: Joerg Herbel <joerg.herbel(a)checkmk.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M omd/packages/apache-omd/APACHE_TCP_PORT
M omd/packages/check_mk/AGENT_RECEIVER_PORT
M omd/packages/mk-livestatus/LIVESTATUS_TCP_PORT
A omd/packages/omd/next_free_port
M omd/packages/omd/omd.make
R omd/packages/omd/port_is_used
Log Message:
-----------
Give better name to script which finds next free port
Change-Id: Iaf1f978ae5c8c13d395ede9e17d75d621644ec28
Commit: 7279e22687bb1c84133810c7c62f1211b9ce41c6
https://github.com/Checkmk/checkmk/commit/7279e22687bb1c84133810c7c62f1211b…
Author: Solomon Jacobs <solomon.jacobs(a)tribe29.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M cmk/special_agents/agent_kube.py
M cmk/special_agents/utils_kubernetes/api_server.py
M cmk/special_agents/utils_kubernetes/query.py
Log Message:
-----------
kube: introduce requests session as api_client I
This commit prepares the making the calls to the Kubernetes API server
asynchronous. The Kubernetes Python client does offer an async option
itself. With this option, the HTTP requests not be executed in the main
thread. However, they will still be blocking each other.
Moreover, the client cannot be pickled, thus multiprocessing is also not
possible.
Therefore, we now move to a different option. This change modifies the
smallest of the API classes. More updates will follow.
CMK-12359
Change-Id: Ia111cb8d320257162823aed3604657d19b6da9c2
Commit: 8858a1c748d240e5448831d57a2b1d1c02ab39f4
https://github.com/Checkmk/checkmk/commit/8858a1c748d240e5448831d57a2b1d1c0…
Author: Solomon Jacobs <solomon.jacobs(a)tribe29.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M cmk/base/plugins/agent_based/kube_cluster_api_health.py
M cmk/base/plugins/agent_based/kube_node_kubelet.py
M cmk/base/plugins/agent_based/utils/kube.py
M cmk/special_agents/utils_kubernetes/api_server.py
M cmk/special_agents/utils_kubernetes/schemata/api.py
M tests/unit/cmk/base/plugins/agent_based/test_inventory_kube_node.py
M tests/unit/cmk/base/plugins/agent_based/test_kube_cluster_api_health.py
M tests/unit/cmk/base/plugins/agent_based/test_kube_node_kubelet.py
M tests/unit/cmk/special_agents/utils_kubernetes/test_api_server.py
Log Message:
-----------
kube: delete unnecessary secondary query
Based on the Kubernetes source
https://github.com/kubernetes/kubernetes/blob/release-1.22/staging/src/k8s.…
our logic duplicates what Kubernetes does internally anyway.
This was confirmed with two separate kinds of Kubelet errors.
CMK-12359
Change-Id: I6b83358db172d9ced596086097c2eac1b956858c
Commit: c7a8be4d9bb5f3b76537dc377e55ab0ea055b1dd
https://github.com/Checkmk/checkmk/commit/c7a8be4d9bb5f3b76537dc377e55ab0ea…
Author: Solomon Jacobs <solomon.jacobs(a)tribe29.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M cmk/special_agents/utils_kubernetes/api_server.py
M tests/unit/cmk/special_agents/utils_kubernetes/test_api_server.py
Log Message:
-----------
kube: introduce requests session as api_client II
This commit prepares the making the calls to the Kubernetes API server
asynchronous. The Kubernetes Python client does offer an async option
itself. With this option, the HTTP requests not be executed in the main
thread. However, they will still be blocking each other.
Moreover, the client cannot be pickled, thus multiprocessing is also not
possible.
Therefore, we now move to a different option. This change modifies the
CoreAPI calls, which did not use the client for deserialization.
CMK-12359
Change-Id: Ieac2633aa7db94e53ab89d3cd16369409a732974
Commit: 3cbc44d54eb3456dea75a81fd8e67d3980a124da
https://github.com/Checkmk/checkmk/commit/3cbc44d54eb3456dea75a81fd8e67d398…
Author: Solomon Jacobs <solomon.jacobs(a)tribe29.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M cmk/special_agents/agent_kube.py
M cmk/special_agents/utils_kubernetes/api_server.py
Log Message:
-----------
kube: introduce requests session as api_client III
This commit prepares the making the calls to the Kubernetes API server
asynchronous. The Kubernetes Python client does offer an async option
itself. With this option, the HTTP requests not be executed in the main
thread. However, they will still be blocking each other.
Moreover, the client cannot be pickled, thus multiprocessing is also not
possible.
Therefore, we now move to a different option. This change completes the
transition. It also introduces a new way of calling the Kubernetes
client to still perform the deserialization.
CMK-12359
Change-Id: I0cd8f14f4d6c79b6abb602533d57fb0ccd5445f7
Commit: 0eee86e9ca3f0e98ea0bab1d0618130239d6a8b2
https://github.com/Checkmk/checkmk/commit/0eee86e9ca3f0e98ea0bab1d061813023…
Author: Solomon Jacobs <solomon.jacobs(a)tribe29.com>
Date: 2023-05-04 (Thu, 04 May 2023)
Changed paths:
M cmk/special_agents/utils_kubernetes/api_server.py
Log Message:
-----------
kube: centralize kubelet calls
CMK-12359
Change-Id: Ieadc7ac66bcd3a457d4d32eed93865b473a148bb
Compare:
https://github.com/Checkmk/checkmk/compare/f67967b775fb...0eee86e9ca3f