ID: 14361
Title: Windows agent uses retry_count correctly
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
Previously, Windows agent used retry_count as a maximal allowed
count of plugin's failures. If the count of failures exceeded the
limit set by retry_count, then the plugin had been excluded from
execution. Such behavior may break monitoring or updating in
some cases.
Since this release, the retry_count is defined as a maximally
allowed count of attempts to call a plugin before clearing the
previously gathered data (also known as a cache). This approach
is fully compliant with the documentation, the help and the
functionality of the Linux agent.
The incompatibility in this werk is limited by definition: the
Windows agent will continue to call a plugin even if the number
of errors exceeds retry_count. This is the same behavior as when
retry_count is not set at all.
IMPORTANT: Windows agent always ignores retry_count for synchronous
plugins. Windows agent may decrease value of retry_count if the
value is set too high.
ID: 14150
Title: Traceback in "Percentage of total service problems" dashlet with missing monitoring data
Component: Multisite
Level: 1
Class: Bug fix
Version: 2.2.0i1
When using a "Percentage of total service problems" dashlet without the necessary monitoring data the
dashlet would display a traceback of the error.
The error also occured in the Main dashboard which uses this dashlet by default.
Now the error message is displayed as a text message in the dashlet.
ID: 14482
Title: Use proper HMAC for cookie signing
Component: Setup
Level: 1
Class: Security fix
Version: 2.2.0i1
Previously to this Werk the Session cookies were signed with with calculating a
SHA256 hash over username, session id, a serial plus a secret. This could in
theory lead to a "partial message collision".
Since we parse the data given in the cookie and test for validity, we are
confident that such an attack is not possible. But to be future-proof we switch
to proper HMAC for signing the cookie value. This will invalidate all session
cookies for a site. Therefore all users have to reauthenticate to retrieve new
valid cookies.
ID: 14360
Title: Controller communicates with Windows agent using mailslot
Component: Checks & agents
Level: 1
Class: New feature
Version: 2.2.0i1
Previously, the Windows agent controller used TCP-IP as a channel to
local Windows agent, but this type of communication can lead to port
conflicts. Also, mailslots inherently provide slightly better level
of local security.
If, for some reason it is required to use TCP-IP as a channel,
you may set system.controller.agent_channel in the check_mk.user.yml
to any appropriate value, for example, "localhost:28250".
ID: 14658
Title: dcd config: fix save mechanism for checkbox based host attribute tags
Component: Setup
Level: 1
Class: Bug fix
Version: 2.2.0i1
Previously, the dcd failed during the host bulk discovery step if the
configuration contained a host attribute tag that was enabled via a checkbox.
This werk fixes this problem
ID: 14666
Title: ps - Size per processes: Change graph visual display order
Component: metrics
Level: 1
Class: Bug fix
Version: 2.2.0i1
For graphs of "ps" containing information about "Size per processes" the visual ordering of the graphs is fixed.
Before "Resident size" and "Virtual Size" were stacked on top of each other, which was wrong.
Resident size is a subset of virtual size. The data of the graph "Resident size" is now visually in front of the other graphs.
ID: 14466
Title: Fix ValueError on usage of empty service level filter
Component: Multisite
Level: 1
Class: Bug fix
Version: 2.2.0i1
If "Host service level" or "Service service level" was used without "From" and
"To" values in views, the error "ValueError: invalid literal for int() with
base 10: ''" occurred.