ID: 14687
Title: Fixed JSON encoding outside the BMP for Livestatus
Component: Livestatus
Level: 1
Class: Bug fix
Version: 2.2.0i1
Livestatus used an incorrect way of encoding Unicode characters outside of
the Basic Multilingual Plane (BMP) for the JSON output format. This
affected characters like e.g. emojis, various symbols, characters from
ancient languages, etc.
ID: 14703
Title: sap_hana: Fix agent plugin crash when querying fileinfo
Component: agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
The mk_sap_hana agent plugin crashed when querying fileinfo if there are
multiple hosts in the system.
The error returned by the agent was:
"single-row query returns more than one row SQLSTATE".
ID: 14986
Title: FileNotFoundError in update-pre-hooks script "01_mkp-disable-outdated"
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
This fixes the 'FileNotFoundError' that was encountered upon upgrade from Checkmk 2.1.0p16 to p17 or 2.0.0p30 to p31.
While this bug produces a nasty traceback during update, it is unlikely that users suffer any consequences.
You can safely ignore this issue, <b>unless</b> you have a distributed setup with deviating remote site versions and you want to have a different set of MKPs installed on them (depending on the remote sites version).
Since this feature is very new, it is unlikely that you are using it.
If it is the case however, you have to disable and re-enable the affected MKP on the central site.
You might still see this traceback during the sync to a remote sites with a higher version than the central site, but you can ignore it.
After upgrading to 2.0.0p32 or 2.1.0p17 there is nothing to be done.
ID: 15033
Title: check_mk_agent.linux: increase refresh interval for chrony section
Component: agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
Prior to this werk, the chrony cached section had the same value for both age validity
and the refresh interval. This led to an occasional CRIT status on the associating service
as this was influenced by the timing of the refresh mechanism, the cache file writeout duration
as well as the section processing duration on Checkmk's side. This werk, therefore, increases
the age validity of the cached section.
ID: 14905
Title: REST API: Allow single item lists for the sites parameter on the host/service status endpoints
Component: REST API
Level: 1
Class: Bug fix
Version: 2.2.0i1
This werk fixes an issue with the host/service status endpoints when using a single
item list for the sites parameter.
ID: 14702
Title: ps: Fix crash if user or cgroup are empty
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
Discovery previously crashed in case of a process with
an empty user or cgroup.
ID: 14827
Title: Re-work agent plugin for monitoring SSH daemon configuration
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
The agent plugin for monitoring the SSH daemon configuration (<tt>mk_sshd_config</tt>) has been
re-worked. The previous version of the plugin used the contents of <tt>/etc/ssh/sshd_config</tt> to
monitor the daemon configuration. This is problematic in multiple ways:
LI: Include directives, such as <tt>Include /etc/ssh/sshd_config.d/*.conf</tt>, are not taken into account, resulting in potentially wrong monitoring results.
LI: Match directives are evaluated incorrectly, leading to monitoring results such as "PasswordAuthentication: noyes".
LI: Defaults are not taken into account properly. For example, under Ubuntu, the default is that password authentication is enabled if not explictly configured differently.
The re-worked version of the agent plugin reports the effective daemon configuration queried via
<tt>sshd -T</tt>. This evaluates include directives and takes into daemon defaults, but does
explicitly not evaluate Match directives. Hence, as an example, even if Checkmk reports that
password authentication is off, this does not garantuee that no user can ssh into the system using a
password.
This werk is marked as incompatible for two reasons:
LI: The behavioural changes listed above.
LI: <tt>sshd -T</tt> will likely require root permissions to execute successfully. Hence, the new version of the plugin will likely not work on systems where the agent is executed as non-root.
Finally, note that the configuration option <tt>ChallengeResponseAuthentication</tt> is deprecated
and has been replaced with <tt>KbdInteractiveAuthentication</tt>. If configured to monitor this
option, Checkmk now checks for both keys and only alerts if neither of the two is found.
ID: 14975
Title: mk_postgres.py: correct UNIX socket not found when instances are configured
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
You are affected by this werk if you have configured one or more PostgreSQL
instances that should be monitored by an agent plugin of Checkmk version >
1.6.0. This means that you are using the rule "Instances settings" in the
ruleset "PostgreSQL database nd sessions (Linux, Windows)". In order to apply
this fix, the agent plugin must be reinstalled on the host.
When PostgreSQL instances are configured explicity via the respective .env and
.pgpass config files, the agent plugin was no longer able to determine the
correct "psql" binary to use in order to run SQL queries via the commandline.
This lead to an error message similar to:
<br>
psql: error: connection to server on socket "/var/run/postgresql/.s.PGSQL.123"
failed: No such file or directory
<br>
This has been fixed.
ID: 13967
Title: "Topic" attribute for host tags is now optional in REST API
Component: REST API
Level: 1
Class: Bug fix
Version: 2.2.0i1
When creating a host tag group using the REST API, it is now optional to specify a topic.
When reading a host tag group without a specifically set topic, it will be displayed as "Tags".
This matches the behaviour of the GUI.
ID: 13968
Title: Unknown sites in host_config endpoints will now be marked as such
Component: REST API
Level: 1
Class: Bug fix
Version: 2.2.0i1
Having a host configured with an unknown site would return a 500 status code error on endpoints such as "/domain-types/host_config/collections/all".
This is common in a distributed monitoring environment.
Instead the site field under the "extensions" and "attributes" key will now return the site id prefixed with "Unknown Site:".
This matches the behaviour of the GUI.