ID: 14668
Title: VMware ESX, query esxi host inventory via vsphere server
Component: Checks & agents
Level: 1
Class: New feature
Version: 2.2.0i1
The vsphere agent can now query the esxi host information via the vsphere server.
Host information is made available via piggy back hosts. This is for useful if your
installation does not allow you direct access to the esxi hosts.
ID: 14470
Title: Fix host label search in monitoring search and quicksearch
Component: Multisite
Level: 1
Class: Bug fix
Version: 2.2.0i1
If host labels were searched with "hl:" prefix in previous 2.1 versions, no
search results were found, even if the search matched.
ID: 14606
Title: Agent Bakery: Optionally log to dedicated logfile
Component: Setup
Level: 2
Class: New feature
Version: 2.2.0i1
It's now possible to activate logging for the agent bakery.
When activated at <i>Global Settings - Setup - Agent bakery logging</t>,
the agent bakery will log messages to <tt>~/var/log/agent_bakery.log</tt>,
with the selected loglevel. This is applies equally to bakery jobs invoked via GUI
via command line.
Without activated logging, baking details are still available on the command line
when baking with command <tt>cmk --bake-agents -v</tt> as a site user.
Also, when baking on the GUI, on failure, error details are propagated to the executing
background job as they already used to be.
ID: 14465
Title: Fix rule match analyse for hosts
Component: Setup
Level: 1
Class: Bug fix
Version: 2.2.0i1
If rule matches for hosts were analyzed, e.g. via "Effective parameters" and a
matching rule, the rule page showed no matches, even if the host matched.
ID: 14468
Title: Extension packages: Fix error on usage of "mkp show"
Component: Multisite
Level: 1
Class: Bug fix
Version: 2.2.0i1
If the command "mkp show" was used with mkp files like "my_mkp.mkp", the error
"Cannot open package my_mkp.mkp: I/O operation on closed file" occurred.
ID: 14168
Title: Activate changes: Added additional central site hook: post-snapshop-creation
Component: Setup
Level: 1
Class: New feature
Version: 2.2.0i1
This hook can be used by custom plugins to further modify the snapshot content for the remote site.
The registered function gets the site_snapshot_settings as argument.
F+:
site_snapshot_settings: Dict[SiteId, SnapshotSettings]
SnapshotSettings = NamedTuple(
"SnapshotSettings",
[
("snapshot_path", str),
("work_dir", str),
("snapshot_components", List[ReplicationPath]),
("component_names", Set[str]),
("site_config", SiteConfiguration),
("create_pre_17_snapshot", bool),
])
F-:
Please keep in mind that the entire hook mechanism is intended only for very specialized tasks and experienced users.
If you make a mistake, things will break/disappear.
ID: 14715
Title: Agent controller: Do not verify TLS certificates by default when querying the agent receiver port from Checkmk REST API
Component: agents
Level: 1
Class: New feature
Version: 2.2.0i1
During registration, the agent controller (<tt>cmk-agent-ctl</tt>) queries the port on which the
agent receiver is listening from the Checkmk REST API, unless the port has been explicitly provided
on the command line. This query is attempted both with <tt>http</tt> and <tt>https</tt>. If both
queries fail, the controller aborts, otherwise, the result of the first sucessful query is used.
Before this werk, when attempting with <tt>https</tt>, the controller verified the TLS server
certificate presented by the Checkmk server. Hence, for the port query to succeed with
<tt>https</tt>, the host system had to trust the Checkmk server certificate. If a custom certificate
authority was used, the corresponding root certificate had to be added to the host's certificate
store.
As of this werk, the controller by default no longer verifies the server certificate when querying
the port with <tt>https</tt>. We do not consider this a security risk as this is just a query to
identify the receiver port. The resulting port uses a Checkmk internal certificate authority anyway,
which in turn is verified in any case. Furthermore, the verification can be re-enabled with the flag
<tt>--validate-api-cert</tt> (passed to <tt>cmk-agent-ctl register ...</tt>).
Note that this change has no impact on the subsequent communication between the monitored host and
the Checkmk server. After a successful registration, this communication will be TLS-encrypted,
indepedently of whether <tt>--validate-api-cert</tt> was used or not.
ID: 14714
Title: Agent controller: Respect <tt>--detect-proxy</tt> when querying port from Checkmk REST API
Component: agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
During registration, the agent controller (<tt>cmk-agent-ctl</tt>) queries the port on which the
agent receiver is listening from the Checkmk REST API, unless the port has been explicitly provided
on the command line. Before this werk, this call to the REST API did not respect the
<tt>--detect-proxy</tt> option, wich enables the detection and usage of sytem proxy settings.
Note that this werk does not change the default behavior, which is to connect directly without any
proxy server.
ID: 14608
Title: Agent Bakery: Stabilize bake & sign
Component: cmc
Level: 1
Class: Bug fix
Version: 2.2.0i1
In some situations, it could happen that some agent packages are signed
with an invalid signature after baking/signing with "Bake and sign agents"
action.<br>
The cause for this was that the signature of pre-existing packages sometimes
wouldn't get updated if the package had to be repackaged for a bakery revision update.
This resulted in the agent updater being unable to update affected hosts
and exiting with message <tt>signature #<i>n</i> is invalid</tt>, and the
matching <i>Check_MK</i> service showing a <i>WARN</t> state.
Signatures will be fixed and updates will continue to work after first
bake&sign action after applying this Werk.
ID: 14721
Title: Crash using the cmk_site_statistics (core PIDs) filter
Component: Multisite
Level: 1
Class: Bug fix
Version: 2.2.0i1
When using the cmk_site_statistics (core PIDs) filter with no monitoring data present the
view would crash.
Note: This filter is not intended to be used in views and should only be used in host and service
problem graphs.
But due to compatibility the filter is not removed from view filters.
Now the view no longer crashes but rather displays a warning.