ID: 14735
Title: Agent Bakery: Cleanup orphaned packages
Component: agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
When narrowing down packages using the "Agent bakery packages" agent ruleset,
it may happen that a host is assigned to two different agent packages after baking.
This may happen when you start using the abovementioned rule. On baking, this will result
in a new agent package for the matched hosts. If nothing else happens to the package
that the hosts were assigned to previously, the now-unselected platforms will remain
for the previous package.
As they are explicitly unwanted by setting the rule, these orphaned packages are now cleaned up.
ID: 14720
Title: Fix <ii>Percentage of service problems</ii> dashlet in custom dashboards
Component: Multisite
Level: 1
Class: Bug fix
Version: 2.2.0i1
Depending on the current configuration, the dashlet <ii>Percentage of service problems</ii> reported
"Sorry, you cannot create combined graphs for more than 100 objects"
when used in custom dashboards. This regression was introduced with werk <a href="https://checkmk.com/werk/14423">#14423</a>.
Note that this werk only affects custom dashboards, not builtin dashboards such as the main
dashboard. It is possible that werk #14423 results in the error message also being displayed in the
main dashboard, on which this werk has no impact. Note that this probably means that the
<ii>Percentage of total service problems</ii> graph in the main dashboard was showing wrong values
prior to werk #14423.
ID: 13734
Title: mk_oracle: Do not empty cache if the plugin is triggered from multiple sites
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
ID: 14679
Title: apache_status plugin falls back on ss if netstat is not installed
Component: agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
If netstat is not installed the apache status plugin will fallback to ss.
ID: 14292
Title: Fix possible broken web access after updating to 2.1.0p10
Component: Site Management
Level: 1
Class: Bug fix
Version: 2.2.0i1
Checkmk 2.1.0p10 changed the handling of the apache configuration with werk
#14290. This change introduced a new issue which could break the system apache
configuration in case a sites apache configuration was not yet updated to the
new system apache configuration.
The problem appears because as of 2.1.0p10 the file
<tt>etc/apache/apache-own.conf</tt> was removed from all sites. However, this
file must only be removed for sites which already updated the apache config.
In case you experience this issue, you can either update your apache
configuration with <tt>omd update-apache-config [SITE_ID]</tt> or restore your
old <tt>etc/apache/apache-own.conf</tt> in your site and restart the system
apache again.
ID: 14555
Title: KUBE: kube_pod_containers replaces \n in check summary
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
Previously, the check kube_pod_containers would crash with
C+:
raise ValueError("'\\n' not allowed in 'summary'")
C-:
This was because any linebreak in the detailed description of the container state was written to the
checks summary. With this werk, linebreaks are replaced with '; '.
ID: 14482
Title: Use proper HMAC for cookie signing
Component: Setup
Level: 1
Class: Security fix
Version: 2.2.0i1
Previously to this Werk the Session cookies were signed with with calculating a
SHA256 hash over username, session id, a serial plus a secret. This could in
theory lead to a "partial message collision".
Since we parse the data given in the cookie and test for validity, we are
confident that such an attack is not possible. But to be future-proof we switch
to proper HMAC for signing the cookie value. This will invalidate all session
cookies for a site. Therefore all users have to reauthenticate to retrieve new
valid cookies.
ID: 14719
Title: Local customizations might need adjustment due refactorings in GUI code (<tt>PasswordFromStore</tt>)
Component: Setup
Level: 1
Class: New feature
Version: 2.2.0i1
This werk only affects users of non-tribe29 local customizations (single files and MKPs from non-
tribe29 sources such as the Checkmk exchange).
Before this werk, the Checkmk codebase offered two convenience functions for creating
<tt>ValueSpecs</tt> for passwords (either entered directly or selected from the password store):
<tt>IndividualOrStoredPassword</tt> and <tt>PasswordFromStore</tt>. These two functions had
misleading names and were therefore renamed:
LI: <tt>IndividualOrStoredPassword</tt> was renamed to <tt>TransformToIndividualOrStoredPassword</tt>,
because this actually reflects what the returned <tt>ValueSpec</tt> does: It allows users to either
directly enter a password or select one from the store. Furthermore, it also handles legacy
configurations which did not offer the option to use the password store.
LI: <tt>PasswordFromStore</tt> was renamed to <tt>IndividualOrStoredPassword</tt>, which also
reflects its purpose: either directly enter a password or to select one from the store, but without
the handling of legacy configurations.
To stay compatible, we recommend to simply use <tt>IndividualOrStoredPassword</tt> instead of
<tt>PasswordFromStore</tt> in Checkmk 2.1 customizations, which will continue working when upgrading
to 2.2.
Note that this only affects non-tribe29 customizations because as of the writing of this werk, any
customization produced by tribe29 will be obsolete with Checkmk 2.2.
ID: 14676
Title: Item description in CheckParameterRuleSpecWithItem mandatory
Component: Setup
Level: 1
Class: Bug fix
Version: 2.2.0i1
This change might break existing MKPs.
When writing a new rulespec for a check with an item the item_spec could be left blank.
However those are needed to properly render the rulespec and allow to enable a rulespec only for
specific services of a check plugin.
Now the item_spec parameter is mandatory. The item_name, and item_help parameters have been removed, with werk #14677.
Below is an example how to register a new rulespec for a check with an item.
C+:
rulespec_registry.register(
CheckParameterRulespecWithItem(
check_group_name="a_check",
item_spec=lambda: TextInput(title="fitting item name", help="inline help text"),
group=RulespecGroupCheckParametersApplications,
parameter_valuespec=_parameter_valuespec_network,
title=lambda: "A good title",
)
)
C-:
ID: 14782
Title: Monitor systemd sockets as summary services
Component: Checks & agents
Level: 1
Class: New feature
Version: 2.2.0i1
With this werk, a new summary check (corresponding to Systemd Service Summary) is available.