ID: 14636
Title: Extension package manager: Change in GUI workflows
Component: Setup
Level: 1
Class: New feature
Version: 2.2.0i1
This werk changes the way extension packages (<i>MKP</i>s) are uploaded, installed, modified and/or downloaded in the GUI.
This change is necessary to better support Checkmk version upgrades on large distributed installations.
The main difference is that the <i>upload</i> and the <i>enabling</i> of an MKP are implemented as two different steps.
Here is how common tasks are done now:
<b>Upload and install a package</b>:
Previously, this was one step.
It failed if packages were not suitable for the sites Checkmk version or if it collided with an already installed MKP.
Now can always upload the package.
It is then shown in the list of <i>available</i> packages.
>From this list, you can choose to <i>enable</i>, <i>download</i> and <i>remove</i> it.
The operation of "enabling" might still fail for the reasons mentioned above, in which case the MKP will be displayed in the list of "inactive" packages.
<b>Create new or edit existing MKPs</b>:
Users can edit active packages (during operation) or create new MKPs from unpackaged files in the <tt>local</tt> folder.
This is not changed.
Previously the MKP was created "on demand" if the user clicked the <i>download</i> button.
With this werk, the MKP is created immediately when the user hits "<i>Save</i>" in the package creation page.
ID: 13961
Title: cmk-update-config now removes unused host attributes
Component: REST API
Level: 1
Class: Bug fix
Version: 2.2.0i1
cmk-update-config will now remove host attributes that are no longer in use
according to an internally kept list.
Initially this list only contains the "snmp_v3_credentials" key, which might
have been wrongly added by the Host Diagnose page.
ID: 14815
Title: Fix crash in fileinfo groups plugin if no matching pattern is found
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
If no matching pattern is found in the fileinfo check it used to crash with a "TypeError". This has been fixed now.
No user interaction required.
ID: 14388
Title: Allow dollar sign in AuthUser IDs in Livestatus
Component: Livestatus
Level: 1
Class: Bug fix
Version: 2.2.0i1
Due to user ID sanitization in Livestatus (see Werk #14384), user IDs were not allowed to contain dollar signs (`$`).
While such user IDs cannot be configured in Wato, they can be present as LDAP users.
This Werk permits user IDs with dollar signs again.
ID: 14812
Title: Properly handle marked units on utf-8 systems
Component: agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
The systemd check used to miss failed units if the leading character is a UTF-8 character, i.e. ●,.
Now we do not print leading characters when the agent runs and find all failed units. If any exist.
This requires an agent update.
ID: 14699
Title: aws_agent: Remove Lambda and Route53 from CEE and CRE config
Component: Setup
Level: 1
Class: Bug fix
Version: 2.2.0i1
In version 2.1, Lambda and Route53 service configuration was
visible in the CRE and CEE editions. The configuration was
useless because the services themselves weren't released.
With this werk the configuration is removed from CRE and CEE
editions. The services are fully functional in the CPE edition.
ID: 14698
Title: aws_ecs: Monitor AWS Elastic Container Service (ECS)
Component: Checks & agents
Level: 1
Class: New feature
Version: 2.2.0i1
It's now possible to monitor AWS Elastic Container Service
(ECS) in Checkmk.
Five new checks have been added:
LI: AWS ECS: Clusters Summary
LI: AWS ECS: CPU Utilization
LI: AWS ECS: CPU Reservation
LI: AWS ECS: Memory Utilization
LI: AWS ECS: Memory Reservation
To monitor ECS you have to configure the related
special agent Amazon Web Services (AWS).
ID: 14697
Title: aws_agent: Fix tag filtering for AWS Glacier
Component: agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
Filtering AWS Glacier by tags didn't work correctly. In case tags were
configured for Glacier service in 'Amazon Web Services (AWS)' rule, no
Glacier vaults were discovered, even if they had the right tag.
ID: 14871
Title: Windows agent's ProgramData directory is accessible only with admins permissions
Component: Checks & agents
Level: 2
Class: Security fix
Version: 2.2.0i1
Previous to this Werk every authenticated Windows user could read some sensitive data
from the Windows agent working directory. To prevent issues with leaking sensitive data
we restrict the permission to read data of the Windows agent.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
(https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/…)
ID: 14626
Title: windows_tasks: Does not crash anymore if the "Scheduled Task State" is not available
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
There were cases when the "Scheduled Taks State" was not available in the agent output.
This caused the check to crash.
Now if this is the case, the check behaves the same as if the "Scheduled Task State" is equal to "Disabled".