Checkmk werks level1

checkmk-werks-lvl1@lists.checkmk.com

1 participants
15953 discussions

Checkmk Werk 14184: Fixed broken hostname filter for parent/child topology

by Andreas Boesl

ID: 14184 Title: Fixed broken hostname filter for parent/child topology Component: Multisite Level: 1 Class: Bug fix Version: 2.3.0b1

1 year, 7 months

Checkmk Werk 14183: Added parent/child topology link to host page menu

by Andreas Boesl

ID: 14183 Title: Added parent/child topology link to host page menu Component: Multisite Level: 1 Class: New feature Version: 2.3.0b1

1 year, 7 months

Checkmk Werk 14965: Dedicated CA for agent certificates

by Andreas Umbreit

ID: 14965 Title: Dedicated CA for agent certificates Component: Checks & agents Level: 1 Class: Security fix Version: 2.2.0b1 On agent registration, the contacted site issues an x509 certificate to the requesting agent controller. Previously, this agent certificate has been signed by the site-local CA, that's also used to issue certificates used for distributed monitoring, and to issue the agent receiver's certificate. Starting with this Werk, each Checkmk site will use a dedicated agent CA to issue certificates to requesting agent controllers. This change slighly improves security, as agent receiver and agent controller can't be authenticated with the same root certificate anymore, making it impossible to act as each other. While this situation has effectively been prevented before, this is now assured already on transport level, rather than on application level. To prevent locking out registered agents, preexisting (Created with a Checkmk version prior to this Werk) Checkmk sites will still accept certificates issued by the site CA in parallel to the new agent CA. New sites will only accept certificates issued by the agent CA. This change is also loosely coupled with the new certificate lifetime mentioned in Werk #14964. Since active agent controllers will automatically renew their certificate to a new lifetime-limited one, this also means that they will migrate to new new CA automatically. As an additional benefit, experienced users now can replace the agent signing CA with their own one. This has to be done directly at the site's home directory, though. The new agent CA is located at <tt>~/etc/ssl/agents/ca.pem</tt> and can be replaced with a new one in the same format. To migrate from one CA to another, it's also possible to add additional trusted root certificates to <tt>~/etc/ssl/agents/</tt>. Even though this Werk is related to security, it does not fix any exploitable issue. To aid automatic scanners, we assign a CVSS score of 0 (None) (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N).

1 year, 7 months

Checkmk Werk 14964: Agent controller certificate lifetime

by Andreas Umbreit

ID: 14964 Title: Agent controller certificate lifetime Component: Checks & agents Level: 1 Class: New feature Version: 2.3.0b1 The TLS encryption for agent communication (introduced with Checkmk 2.1) makes use of x509 Certificates to authenticate the agent against the Checkmk site. Therefore, the Checkmk site issues a certificate to the agent controller of a host on agent registration. Previously, these certificates used to have a virtually unlimited expiration period. Starting with this Werk, agent certificates will only be issued with a limited expiration period. This period is configurable with the global setting "Site management/Agent certificates" and defaults to 5 years. You can choose from various values, with a minumum of 3 months and a maximum of 50 years. The agent controller will automatically renew the agent certificate in time before it expires, provided that it's running. The same holds true for legacy certificates with a too-long validity period. That said, inactive TLS agents (agent controller daemon(Linux)/Checkmk agent service(Windows) not running) will actually lose their registration on certificate expiration. To resume agent communication, you'll then have to re-register the agent.

1 year, 7 months

Checkmk Werk 15220: time period: put endpoint now returns 200 with edited time period config

by Gav

ID: 15220 Title: time period: put endpoint now returns 200 with edited time period config Component: REST API Level: 1 Class: Bug fix Version: 2.2.0b1 The time period put endpoint previously returned a 204 and no data response. This werk is a fix to return the time period object along with a status code of 200 to align with our other put endpoints.

1 year, 7 months

Checkmk Werk 15382: service: remove non functioning endpoint example from swagger-ui

by Wontek Hong

ID: 15382 Title: service: remove non functioning endpoint example from swagger-ui Component: REST API Level: 1 Class: Bug fix Version: 2.2.0i1 The "Try out" in Swagger-UI does not work for endpoint examples which make use of the "query" query parameter. The change must be adapted on the Swagger side. In the meantime, such endpoints will be removed to avoid any confusion and the user should refer to the examples in the ReDoc instead.

1 year, 7 months

Checkmk Werk 15236: Host renaming got stuck when "Automatically create monitoring agents" was activated

by Moritz Kiemer

ID: 15236 Title: Host renaming got stuck when "Automatically create monitoring agents" was activated Component: Setup Level: 1 Class: Bug fix Version: 2.2.0i1 When the configuration option "Automatically create monitoring agents" was enabled, the operation "rename host" got stuck indefinitely. You can recover from this by killing the (second) apache processes accessing <tt>multisite.mk</tt> and restarting (CMC and apache): C+: OMD[mySite]:~$ fuser etc/check_mk/multisite.mk /opt/omd/sites/mySite/etc/check_mk/multisite.mk: 2294054 2294059 2294332 OMD[mySite]:~$ kill 2294059 OMD[mySite]:~$ omd restart C-:

1 year, 7 months

Checkmk Werk 15125: Fix cleanup of PDF tmp files in ~/tmp/check_mk

by Ronny Bruska

ID: 15125 Title: Fix cleanup of PDF tmp files in ~/tmp/check_mk Component: Multisite Level: 1 Class: Bug fix Version: 2.2.0i1 Created PDF tmp files were not cleaned up in folder ~/tmp/check_mk. Newly created PDF tmp files will be created in folder ~/tmp/check_mk/pdf and the new cronjob "cleanup_pdf_tmp_files", running every day at 00:15, will cleanup PDF tmp files older one day in this folder.

1 year, 7 months

Checkmk Werk 15146: azure_virtualmachines: Remove resource group from summary

by Sofia Colakovic

ID: 15146 Title: azure_virtualmachines: Remove resource group from summary Component: Checks & agents Level: 1 Class: New feature Version: 2.2.0i1 Previously, the resource group was shown in a summary of a VM service if VMs are maped to separate hosts (option 'Map data to the VM itself' in the agent config). With the werk 15261, the cmk/azure/resource_group:<group> label was added to all Azure hosts, which made this data redundant.

1 year, 7 months

Checkmk Werk 14794: Enable using Rulesets for section plugins

by Timotheus Bachinger

ID: 14794 Title: Enable using Rulesets for section plugins Component: Checks & agents Level: 1 Class: Bug fix Version: 2.2.0i1 This werk is relevant for you if: <ul> <li> you implemented a host label function that is configurable via WATO <li> you do not have a discovery function that uses the same ruleset </ul> Previously, this was not possible. You may have encountered the following error: C+: Error running automation call restart (exit code 1), error: Invalid configuration variable 'YOUR_RULESET' --> Found 1 invalid variables If you use own helper variables, please prefix them with _. C-: Anyway - this is fixed now.

1 year, 7 months

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Checkmk werks level1