Title: Allow CA certificates without key usage restrictions
Class: fix
Compatible: compat
Component: wato
Date: 1700470697
Edition: cre
Level: 1
Version: 2.3.0b1
Prior to this Werk, certificates that did not include the KeyUsage extension were not considered CA certificates by Checkmk, as they lack the keyCertSign bit.
While CAs conforming with RFC 5280 MUST include the extension and set this bit, not all do in practice. Recommendation ITU-T X.509 considers only the basicConstraint "cA" required for CAs.
With this Werk, Checkmk will consider setting the cA basicConstraint but not the KeyUsage extension as valid for CA certificates. Note that certificates that do set the KeyUsage extension but lack the keyCertSign bit may still not be used for certificate signing.
Werk 15210 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: mk_oracle: change host and port to required fields in auth choices
Class: fix
Compatible: compat
Component: wato
Date: 1675686406
Edition: cre
Knowledge: doc
Level: 1
Version: 2.3.0b1
The Oracle plugin allowed the user to configure Login options without
actually configuring any details. This also resulted in the default values
for 'Hostname' or 'TCP-Port for Listener' to be ignored. This werk fixes
this issue.
------------------------------------<diff>-------------------------------------------
Title: mk_oracle: change host and port to required fields in auth choices
Class: fix
Compatible: compat
Component: wato
Date: 1675686406
Edition: cre
Knowledge: doc
Level: 1
- Version: 2.2.0i1
? ^ ^
+ Version: 2.3.0b1
? ^ ^
The Oracle plugin allowed the user to configure Login options without
actually configuring any details. This also resulted in the default values
for 'Hostname' or 'TCP-Port for Listener' to be ignored. This werk fixes
this issue.
-
Werk 15635 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: citrix_state: Fix Crashing Plugins
Class: fix
Compatible: compat
Component: checks
Date: 1687522021
Edition: cre
Knowledge: doc
Level: 1
Version: 2.3.0b1
This is a follow-up to Werk 15623. The following checks were not properly migrated in the 2.2.0
release:
LI: <tt>citrix_state.hosting_server</tt>
LI: <tt>citrix_state.controller</tt>
LI: <tt>citrix_state</tt>
With this Werk, they continue to work as they did in 2.1.0.
------------------------------------<diff>-------------------------------------------
Title: citrix_state: Fix Crashing Plugins
Class: fix
Compatible: compat
Component: checks
Date: 1687522021
Edition: cre
Knowledge: doc
Level: 1
- Version: 2.2.0p5
? ^ ^^
+ Version: 2.3.0b1
? ^ ^^
This is a follow-up to Werk 15623. The following checks were not properly migrated in the 2.2.0
release:
LI: <tt>citrix_state.hosting_server</tt>
LI: <tt>citrix_state.controller</tt>
LI: <tt>citrix_state</tt>
With this Werk, they continue to work as they did in 2.1.0.
-
Werk 15626 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: KUBE: Addition of CronJob Inventory
Class: feature
Compatible: compat
Component: checks
Date: 1686249924
Edition: cre
Knowledge: undoc
Level: 1
Version: 2.3.0b1
This feature extends the Kubernetes monitoring. The inventory of a CronJob host now features the
'Metadata' path, which is already available for other piggybacked hosts.
------------------------------------<diff>-------------------------------------------
Title: KUBE: Addition of CronJob Inventory
Class: feature
Compatible: compat
Component: checks
Date: 1686249924
Edition: cre
Knowledge: undoc
Level: 1
- Version: 2.2.0p3
? ^ ^^
+ Version: 2.3.0b1
? ^ ^^
This feature extends the Kubernetes monitoring. The inventory of a CronJob host now features the
'Metadata' path, which is already available for other piggybacked hosts.
Werk 15641 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: Prometheus: Properly Encode PromQL Queries
Class: fix
Compatible: compat
Component: checks
Date: 1694340058
Edition: cre
Knowledge: doc
Level: 1
Version: 2.3.0b1
The Prometheus agent allows specifying PromQL queries via the option <tt>Service creation using
PromQL queries</tt>. In 2.2.0, any query containing a '+' would not be encoded properly. For
example, the query
C+:
up{container=".+"}
C-:
would result in a HTTP request, which is interpreted by Prometheus as
C+:
up{container=". "}
C-:
------------------------------------<diff>-------------------------------------------
Title: Prometheus: Properly Encode PromQL Queries
Class: fix
Compatible: compat
Component: checks
Date: 1694340058
Edition: cre
Knowledge: doc
Level: 1
- Version: 2.2.0p10
? ^ ^ -
+ Version: 2.3.0b1
? ^ ^
The Prometheus agent allows specifying PromQL queries via the option <tt>Service creation using
PromQL queries</tt>. In 2.2.0, any query containing a '+' would not be encoded properly. For
example, the query
C+:
up{container=".+"}
C-:
would result in a HTTP request, which is interpreted by Prometheus as
C+:
up{container=". "}
C-:
Werk 15643 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: nvidia_smi: Show Use full PCI bus ID
Class: fix
Compatible: incomp
Component: checks
Date: 1695304807
Edition: cre
Knowledge: doc
Level: 1
State: unknown
Version: 2.3.0b1
This change affects users of the following checks:
* nvidia_smi_memory_util
* nvidia_smi_gpu_util
* nvidia_smi_en_de_coder_util
* nvidia_smi_power
* nvidia_smi_temperature
Previously, the PCI bus ID of NVIDIA GPUs would be incorrectly removed. This caused GPUs to be
omitted, which should have been discovered. With this Werk, the full PCI bus ID is used as a service
item. Users must rediscover the services.
------------------------------------<diff>-------------------------------------------
Title: nvidia_smi: Show Use full PCI bus ID
Class: fix
Compatible: incomp
Component: checks
Date: 1695304807
Edition: cre
Knowledge: doc
Level: 1
State: unknown
- Version: 2.2.0p11
? ^ ^ -
+ Version: 2.3.0b1
? ^ ^
This change affects users of the following checks:
* nvidia_smi_memory_util
* nvidia_smi_gpu_util
* nvidia_smi_en_de_coder_util
* nvidia_smi_power
* nvidia_smi_temperature
Previously, the PCI bus ID of NVIDIA GPUs would be incorrectly removed. This caused GPUs to be
omitted, which should have been discovered. With this Werk, the full PCI bus ID is used as a service
item. Users must rediscover the services.
Werk 15610 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: Fix <tt>Error in LIVESTATUS_TCP_ONLY_FROM</tt> during <tt>omd config</tt>
Class: fix
Compatible: compat
Component: omd
Date: 1683186871
Edition: cre
Knowledge: doc
Level: 2
Version: 2.3.0b1
If a user ran the command <tt>omd config</tt> and selected <tt>Distributed Monitoring >
LIVESTATUS_TCP_ONLY_FROM</tt>, then the following error was shown
C+:
Error in LIVESTATUS_TCP_ONLY_FROM
C-:
With this Werk, the error no longer occurs.
------------------------------------<diff>-------------------------------------------
Title: Fix <tt>Error in LIVESTATUS_TCP_ONLY_FROM</tt> during <tt>omd config</tt>
Class: fix
Compatible: compat
Component: omd
Date: 1683186871
Edition: cre
Knowledge: doc
Level: 2
- Version: 2.2.0b7
? ^ ^
+ Version: 2.3.0b1
? ^ ^
If a user ran the command <tt>omd config</tt> and selected <tt>Distributed Monitoring >
LIVESTATUS_TCP_ONLY_FROM</tt>, then the following error was shown
C+:
Error in LIVESTATUS_TCP_ONLY_FROM
C-:
With this Werk, the error no longer occurs.
Werk 15609 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: KUBE: Limit collection time for <tt>Persistent Volume Claims & Persistent Volumes</tt>
Class: fix
Compatible: compat
Component: checks
Date: 1682683781
Edition: cre
Knowledge: doc
Level: 1
Version: 2.3.0b1
This change affects those using the <tt>Kubernetes</tt> together with the feature <tt>Collect
information about Persistent Volume Claims & Persistent Volumes</tt> (available in 2.2.0 and above).
With this feature turned on, the Kubernetes agent will contact the kubelet on each node via a proxy
provided by the Kubernetes API server. This means the data collection depends on the number of
nodes and the latency of the Pod network. If this data collection takes too long, the Kubernetes
agent may timeout. This in turn causes the previously collected API data to be discarded.
With this Werk, the data collection time is limited to 30 seconds. The omission of the data causes
the omission of metrics from the <tt>PVC</tt> service of a Pod. This is consistent with how missing
data is handled, if the corresponding kubelet is down.
------------------------------------<diff>-------------------------------------------
Title: KUBE: Limit collection time for <tt>Persistent Volume Claims & Persistent Volumes</tt>
Class: fix
Compatible: compat
Component: checks
Date: 1682683781
Edition: cre
Knowledge: doc
Level: 1
- Version: 2.2.0b7
? ^ ^
+ Version: 2.3.0b1
? ^ ^
This change affects those using the <tt>Kubernetes</tt> together with the feature <tt>Collect
information about Persistent Volume Claims & Persistent Volumes</tt> (available in 2.2.0 and above).
With this feature turned on, the Kubernetes agent will contact the kubelet on each node via a proxy
provided by the Kubernetes API server. This means the data collection depends on the number of
nodes and the latency of the Pod network. If this data collection takes too long, the Kubernetes
agent may timeout. This in turn causes the previously collected API data to be discarded.
With this Werk, the data collection time is limited to 30 seconds. The omission of the data causes
the omission of metrics from the <tt>PVC</tt> service of a Pod. This is consistent with how missing
data is handled, if the corresponding kubelet is down.
Title: metrics: Fix Internal Server Error when decimal timestamps are provided
Class: fix
Compatible: compat
Component: rest-api
Date: 1700216654
Edition: cre
Level: 1
Version: 2.3.0b1
Prior to this werk, when a timestamp contained decimal values the endpoint would return status 500 (Internal server error). This change fixes that and now it returns 400 (Bad Request) and a brief explanation of the error.