Title: Changed local override mechanism for Checkmk plugins
Class: feature
Compatible: incomp
Component: checks
Date: 1700031909
Edition: cre
Level: 1
Version: 2.3.0b1
This Werk affects users that have modified existing plugins shipped with Checkmk (or intend to do so in the future).
Other plugins are not affected by this change.
In Checkmk, users can "hide" shipped plugin files by putting a corresponding file with the same path in the sites <tt>local/</tt> folder.
Checkmk will always prefer the files found there over the shipped ones, allowing users to effectively "patch" a sites plugins.
While this mechanism <i>probably</i> will continue to work (<i>maybe</i>), it is discouraged and no longer supported.
Users that want to modify, replace or extend an existing plugin are advised to make a copy of the plugin, <b>give it a new name</b> and disable the shipped one in the <i>Setup</i>.
We believe this step is necessary in order to provide a good user experience for plugin developers and a smooth upgrade process for plugin users.
These are the main reasons:
<ul>
<li>
While the APIs for plugin development deliberately do not care about the files names the plugins are in, the current mechanism works based on a file name.
This effectively makes the file name part of the APIs.
Strictly speaking, moving a plugin to a different file (or splitting large files up) would require an incompatible Werk, as it might break users local overrides.
This was mostly not done in the past, and is not sustainable in the future.
(Also the Werk only alerts users to the problem, they would still have to deal with it).
</li>
<li>
In the wake of new APIs for plugin development (corresponding Werks will follow), plugins will be moved to new locations in the filesystem a lot, exacerbating the above problem.
</li>
<li>
One of the advantages of the future APIs will be that plugins are bundled by their topic (e.g. all plugins related to Kubernetes might be found in <tt>cmk/plugins/kube</tt>, be it special agents, <i>WATO</i> rulespecs, check plugins or graph definitions).
As a result, some changes to the plugin loading mechanism have to be made, resulting in hard to predict results if combined with the above shadowing mechanism.
</li>
</ul>
Title: Limit length of Hostname
Class: security
Compatible: compat
Component: wato
Date: 1699601325
Edition: cre
Level: 1
Version: 2.3.0b1
Prior to this Werk it was possible to create Hosts with arbitrary length.
Since Checkmk stores information in files which paths contain the hostname these path could exceed the allowed length leading to various errors to an extend that rendered the usage of parts of the GUI useless.
We found this vulnerability internally.
<b>Affected Versions</b>:
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0
<b>Vulnerability Management</b>:
We have rated the issue with a CVSS Score of 2.7 (Low) with the following CVSS vector:
<tt>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L</tt>.
We assigned CVE-2023-23549 to this vulnerability.
<b>Changes</b>:
This Werk adds a maximum length of 253 characters for the hostname.
Title: audit log: Add options to hide object and object type
Class: feature
Compatible: compat
Component: wato
Date: 1699875661
Edition: cre
Level: 1
Version: 2.3.0b1
This werk introduces the option to toggle the 'object' and
'object type' columns in the audit log table.
Werk 16145 was deleted. The following Werk is no longer relevant.
Title: "Always up" hosts can always notify
Class: fix
Compatible: compat
Component: core
Date: 1699884551
Edition: cee
Level: 1
Version: 2.3.0b1
Do not postpone notifications for "always up" hosts.
The notification logic would wrongly assume that "always up" hosts may,
in fact, be down and erroneously postpone notifications. This has been
fixed, such hosts are never down.
Title: Redesign of audit log page
Class: feature
Compatible: compat
Component: multisite
Date: 1699865170
Edition: cre
Level: 1
Version: 2.3.0b1
Werk #16072 introduced the regulare rotating of the wato audit log.
The audit log page was now adjusted to also show archived/rotated logs.
Therefore, you are now asked to choose a file to view instead of showing the current log
on opening the page.
Besides that, the "Clear" option was renamed to "Archive" because the current
log file is archived not cleared.
Title: Add wato audit log to logrotate cronjob
Class: fix
Compatible: incomp
Component: omd
Date: 1699864221
Edition: cre
Level: 1
Version: 2.3.0b1
The wato audit log ~/var/check_mk/wato/log/wato_audit.log was not rotated
regularly. This lead to an ever growing audit log, which could not be viewed
anymore once it reached several hundred MB of log lines.
Therefore, the audit log will now rotate regularly to archive files bigger than
300MB.
Existing logfiles greater 300MB will be splitted up on update and the source
file will be backed up as wato_audit.log_backup.
Title: netapp_api_luns: Add vserver and volume name
Class: feature
Compatible: compat
Component: checks
Date: 1698062759
Edition: cre
Level: 1
Version: 2.3.0b1
If you have a Setup with Multiple Netapps and Thousands of Luns, it was not
possible to figure out to where a Lun belongs.
With this Werk, this information is now part of the service output.
Title: "Always up" hosts can always notify
Class: fix
Compatible: compat
Component: core
Date: 1699884551
Edition: cee
Level: 1
Version: 2.3.0b1
Do not postpone notifications for "always up" hosts.
The notification logic would wrongly assume that "always up" hosts may,
in fact, be down and erroneously postpone notifications. This has been
fixed, such hosts are never down.
Title: downtimes: can now delete downtimes from remote sites
Class: fix
Compatible: compat
Component: rest-api
Date: 1699869696
Edition: cre
Level: 1
Version: 2.3.0b1
As a result a previous change to the downtimes delete endpoint,
we introduced a bug which prevented downtime deletion on
remote sites.
This werk addresses this issue. Downtimes on remote sites are now
deleted as expected.
Title: jolokia_metrics_app_sess: incorrectly applied lower levels
Class: fix
Compatible: incomp
Component: checks
Date: 1699617831
Edition: cre
Level: 1
Version: 2.3.0b1
The plugin <i>Java Virtual Machine: Number of Sessions</i> (<tt>jolokia_metrics_app_sess</tt>) applied the configured levels incorrectly.
This werk is only incompatible for users that adjusted there configuration to compensate this bug.
If this is the case for you, please adjust your "lower levels" in the ruleset <i>JVM session count</i>.