ID: 14491
Title: Kubernetes dashboards: Improve page header
Component: Multisite
Level: 1
Class: New feature
Version: 2.2.0i1
Kubernetes dashboard headers now hold the name of the currently displayed Cluster/Namespace/Daemonset/etc. So instead of the former general header "Kubernetes Cluster" the page title now says "Kubernetes Cluster <cluster_name>".
ID: 14692
Title: esx_vsphere_datastores: Used provisioned space added to details
Component: Checks & agents
Level: 1
Class: New feature
Version: 2.2.0i1
In case of provisioned space being bigger than total available space,
we showed used provisioned space in the perfometer but not in the
service details.
This led to confusion, so now the used provisioned space is also added
to service details.
ID: 14668
Title: VMware ESX, query esxi host inventory via vsphere server
Component: Checks & agents
Level: 1
Class: New feature
Version: 2.2.0i1
The vsphere agent can now query the esxi host information via the vsphere server.
Host information is made available via piggy back hosts. This is for useful if your
installation does not allow you direct access to the esxi hosts.
ID: 14470
Title: Fix host label search in monitoring search and quicksearch
Component: Multisite
Level: 1
Class: Bug fix
Version: 2.2.0i1
If host labels were searched with "hl:" prefix in previous 2.1 versions, no
search results were found, even if the search matched.
ID: 14606
Title: Agent Bakery: Optionally log to dedicated logfile
Component: Setup
Level: 2
Class: New feature
Version: 2.2.0i1
It's now possible to activate logging for the agent bakery.
When activated at <i>Global Settings - Setup - Agent bakery logging</t>,
the agent bakery will log messages to <tt>~/var/log/agent_bakery.log</tt>,
with the selected loglevel. This is applies equally to bakery jobs invoked via GUI
via command line.
Without activated logging, baking details are still available on the command line
when baking with command <tt>cmk --bake-agents -v</tt> as a site user.
Also, when baking on the GUI, on failure, error details are propagated to the executing
background job as they already used to be.
ID: 14465
Title: Fix rule match analyse for hosts
Component: Setup
Level: 1
Class: Bug fix
Version: 2.2.0i1
If rule matches for hosts were analyzed, e.g. via "Effective parameters" and a
matching rule, the rule page showed no matches, even if the host matched.
ID: 14468
Title: Extension packages: Fix error on usage of "mkp show"
Component: Multisite
Level: 1
Class: Bug fix
Version: 2.2.0i1
If the command "mkp show" was used with mkp files like "my_mkp.mkp", the error
"Cannot open package my_mkp.mkp: I/O operation on closed file" occurred.
ID: 14168
Title: Activate changes: Added additional central site hook: post-snapshop-creation
Component: Setup
Level: 1
Class: New feature
Version: 2.2.0i1
This hook can be used by custom plugins to further modify the snapshot content for the remote site.
The registered function gets the site_snapshot_settings as argument.
F+:
site_snapshot_settings: Dict[SiteId, SnapshotSettings]
SnapshotSettings = NamedTuple(
"SnapshotSettings",
[
("snapshot_path", str),
("work_dir", str),
("snapshot_components", List[ReplicationPath]),
("component_names", Set[str]),
("site_config", SiteConfiguration),
("create_pre_17_snapshot", bool),
])
F-:
Please keep in mind that the entire hook mechanism is intended only for very specialized tasks and experienced users.
If you make a mistake, things will break/disappear.
ID: 14715
Title: Agent controller: Do not verify TLS certificates by default when querying the agent receiver port from Checkmk REST API
Component: agents
Level: 1
Class: New feature
Version: 2.2.0i1
During registration, the agent controller (<tt>cmk-agent-ctl</tt>) queries the port on which the
agent receiver is listening from the Checkmk REST API, unless the port has been explicitly provided
on the command line. This query is attempted both with <tt>http</tt> and <tt>https</tt>. If both
queries fail, the controller aborts, otherwise, the result of the first sucessful query is used.
Before this werk, when attempting with <tt>https</tt>, the controller verified the TLS server
certificate presented by the Checkmk server. Hence, for the port query to succeed with
<tt>https</tt>, the host system had to trust the Checkmk server certificate. If a custom certificate
authority was used, the corresponding root certificate had to be added to the host's certificate
store.
As of this werk, the controller by default no longer verifies the server certificate when querying
the port with <tt>https</tt>. We do not consider this a security risk as this is just a query to
identify the receiver port. The resulting port uses a Checkmk internal certificate authority anyway,
which in turn is verified in any case. Furthermore, the verification can be re-enabled with the flag
<tt>--validate-api-cert</tt> (passed to <tt>cmk-agent-ctl register ...</tt>).
Note that this change has no impact on the subsequent communication between the monitored host and
the Checkmk server. After a successful registration, this communication will be TLS-encrypted,
indepedently of whether <tt>--validate-api-cert</tt> was used or not.
ID: 14714
Title: Agent controller: Respect <tt>--detect-proxy</tt> when querying port from Checkmk REST API
Component: agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
During registration, the agent controller (<tt>cmk-agent-ctl</tt>) queries the port on which the
agent receiver is listening from the Checkmk REST API, unless the port has been explicitly provided
on the command line. Before this werk, this call to the REST API did not respect the
<tt>--detect-proxy</tt> option, wich enables the detection and usage of sytem proxy settings.
Note that this werk does not change the default behavior, which is to connect directly without any
proxy server.