ID: 13569
Title: Make ntopng integration vlan aware
Component: ntopng_integration
Level: 1
Class: New feature
Version: 2.1.0i1
In the past, the ntopng integration could not deal with vlan aware ntopng instances.
A Host in ntopng is in this case suffixed with its vlan id, e.g.: 10.1.2.3@4
With this werk, the ntopng integration into checkmk is now vlan aware.
Keep in mind, that this feature is still experimental as we're trying to gain more information about such setups.
ID: 13256
Title: veeam_backup_status: loading of Veeam Powershell modules improved
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.1.0i1
Loading of Veeam Powershell Snapin is not supported anymore so this fix tries to load the
new module first and falls back to the Snapin if that didn't work.
ID: 13481
Title: check_mk_agent.freebsd: rename MK_TMPDIR to MK_VARDIR
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.1.0i1
This werk only affects users with custom plugins for the FreeBSD
agent that use the environment variable `MK_TMPDIR`.
The variable has been renamed to `MK_VARDIR`, to be consistent with
the other *nix agents.
ID: 13082
Title: scheduling host downtimes with REST API from read-only sites
Component: Core & setup
Level: 1
Class: Bug fix
Version: 2.1.0i1
This Werk fixes a bug which was introduced in Werk 13080.
When a site was used as "read-only", (or any other setup which allows
only access to Livestatus but doesn't have a config) setting downtimes
was not possible.
This Werk fixes this. Setting downtimes is now also possible:
* on sites with no configuration
* for hosts which have already been deleted in the configuration, but the change has not been activated yet.
No user intervention is necessary to make this work.
ID: 13706
Title: <tt>esx_vsphere_counters_diskio</tt>: Fix summarized read and write latency
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.1.0i1
In summary mode, the check plugin <tt>esx_vsphere_counters_diskio</tt> reported
inconsistent read and write latencies. The overall latency is averaged across
the individual disks but the read and write latencies were summed up instead of
averaged. As of this werk, they are averaged instead.
ID: 13198
Title: Stop showing automation secrets
Component: Setup
Level: 1
Class: New feature
Version: 2.1.0i1
Before this Werk, on the edit_user page the automation secret could be viewed.
This could be abused by other vulnerabilities (e.g. XSS) to retrieve this
secret to abuse it later.
When creating a new automation user / edit an automation secret you should
write the secret down (e.g. in a password store).
ID: 13687
Title: mssql_blocked_sessions: Duplicate service description
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.1.0i1
Some users may encounter the warning <i>"Duplicate service description
(auto check) 'MSSQLBlocked Sessions'"</i>, when updating the services
of said plugin.
If this affects you, have to select <i>"MSSQL Blocked Sessions"</i> in the rule
set <i>"Use new service descriptions"</i>.
ID: 13485
Title: docker_container_health: crash upon multiline health test script
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.1.0i1
In case of a multiline container health test the service now reports the
first line in the summary, and the full health test in the service details.
ID: 13134
Title: custom_files: Place plugins under the right directory on windows
Component: agents
Level: 1
Class: Bug fix
Version: 2.1.0i1
This Werk fixes a regression that got introduced with Checkmk 2.0.0p18.
The changes from Werk #13131 lead to the situation that custom files placed
under <tt>~/var/check_mk/agents/custom/<pkg>/lib/plugins</tt> accidentally
got packaged directly under the Windows agent's installation directory.
Now, they get placed correctly under <tt><install_dir>\plugins</tt>,
as it was the case before the regression.
ID: 13610
Title: Notification spooler connections can now be encrypted
Component: Notifications
Level: 2
Class: New feature
Version: 2.1.0i1
Notification spooler (mknotifyd) connections communicated via a plain text procotol
since its introduction. This is ok for local connections or in secure networks.
To secure the connections users had the choice to use TLS (e.g. via stunnel), SSH, VPN
or another solution that encrypts the communication in their local setup.
To improve the security for all users it is now possible to configure the encryption
via TLS directly in Checkmk. An analyze configuration test will create a CRITICAL
message about unencrypted mknotifyd connections.
After an update from Checkmk version 2.0 the encryption setting for existing, outgoing
connections is "Use unverified TLS encryption, fall back to plain text" and "Plain text
communication" for existing, incoming connections. This way mknotifyd connections remain
functional after an update and may be migrated gradually to encrypted connections in
larger setups.
To encrypt mknotifyd connections between two sites, you have to update both sites to
Checkmk version 2.1. Afterwards you have to adapt the "Notification spooler configuration"
in the "Global settings". For incoming and outgoing connections you have to set the
"Encryption" to "Encrypt communication with TLS". After an activate changes the
communication is encrypted. For new incoming and ougoing connections "Encrypt
communication with TLS" is the default.
Internally, mknotifyd connections use the internal CA that is used by livestatus as well.
To support outgoing connections from a remote site to a central site, the CA of the
central site is added to the "Trusted certificate authorities for SSL" in the "Global
settings" for new sites and during an update from version 2.0.