ID: 10528
Title: Host changes from normal monitoring users were not always applied on the first save
Component: WATO
Level: 2
Class: Bug fix
Version: 1.7.0i1
Users without the role <tt>Read access to all hosts and folders</tt> had to save hosts twice to get their changes applied.
ID: 10580
Title: Memory check plugins: Unify service descriptions
Component: Checks & agents
Level: 2
Class: New feature
Version: 1.7.0i1
Several Memory check plugins have been unified with respect to their service
description, which is now simply "Memory" or "Memory $ITEM$".
In order to use these new service descriptions you have to enable them below
{Global settings}, {Use new service descriptions}. Renaming of existing services
has many implications - including existing rules, performance data and availability
history - these renamings are disabled per default for existing installations.
Here you can switch to the new descriptions for selected check types.
Renaming the services will mean you loose all historic data. If you want to rename
the services but keep the recorded metrics, you have to rename the RRD files in
<tt>~/var/pnp4nagios/perfdata/$HOST$</tt> or <tt>~/var/check_mk/rrd/$HSOT$</tt>
according to the service name change.
Affected check plugins are:
LI:aix_memory
LI:brocade_sys.mem
LI:cisco_mem
LI:cisco_mem_asa
LI:cisco_mem_asa64
LI:db2_mem
LI:docker_container_mem
LI:esx_vsphere_hostsystem.mem_usage
LI:esx_vsphere_hostsystem.mem_usage_cluster
LI:fortigate_memory
LI:fortigate_memory_base
LI:fortigate_node.memory
LI:hr_mem
LI:huawei_switch_mem
LI:innovaphone_mem
LI:juniper_mem
LI:juniper_screenos_mem
LI:juniper_trpz_mem
LI:mem.used
LI:mem.win
LI:netscaler_mem
LI:solaris_mem
LI:sophos_memory
LI:statgrab_mem
LI:tplink_mem
ID: 10432
Title: cmk-update-agent.exe: Fix security issue on Windows
Component: agents
Level: 2
Class: Security fix
Version: 1.7.0i1
Recently, a vulnerability of PyInstaller, that we use to compile
the cmk-update-agent.exe executable on windows to one file, has been
discovered, see
<a href=https://github.com/pyinstaller/pyinstaller/security/advisories/GHSA-7f…>here</a>.
Only the windows version of the cmk-update-agent binary is affected. Unix versions and the python script
are not affected.
We fix this issue by updating to PyIntaller 3.6.
ID: 10677
Title: Windows plugins and local checks can be called using non-system account
Component: Checks & agents
Level: 2
Class: New feature
Version: 1.7.0i1
Previously the plugins and local check were always called using <i>Windows
System account</i>. Such approach could restrict access to some resources,
for example, network shares. Now this problem has been resolved.
The new ruleset in Bakery <tt>Run plugins and local checks using non-system
account</tt> gives the possibility to run any Windows script using a given
user account.
There are two modes of the rule:
<i>group mode</i>, in this case Windows Agent provides its own internal
user in the requested group to run a script.
<i>user mode</i>, in this case the credentials for the given user account
must be fully specified.
The <i>group mode</i> is more secure, because no credentials need to be
stored anywhere, except in the agent internally. When using the
<i>user mode</i>, the provided credentials are stored on all Checkmk
servers to which the configuration is applied. Also, the credentials will
be baked into the distributed to target systems agent bakery
packages(MSI files).
The same functionality in Raw Edition can be achieved using Agent configuration
file.
To set <i>group mode</i> for desired plugin pattern you should assign
the name of the local group to the key <tt>group</tt>. To set <i>user mode</i>
for desired plugin pattern you should assign string with user name and password
separated with one space to the key <tt>user</tt>. Detailed example you may found
in the provided configuration file.
We highly recommend using the <i>group mode</i> whenever possible.
ID: 10123
Title: Fixed race condition when changing host check command.
Component: cmc
Level: 2
Class: Bug fix
Version: 1.7.0i1
When the kind of a host check command was changed, e.g. from an active check
to smart ping, there was a small time window for scheduling to go wrong.
This resulted in endless log lines of the form "invalid command line '@foo'
for bar", and the only way to resume normal operation was to restart the
Checkmk Micro Core, reloading was not enough. This has been fixed.
ID: 10651
Title: prometheus_custom: Addition of Prometheus custom check plugin
Component: Checks & agents
Level: 2
Class: New feature
Version: 1.7.0i1
This commit adds the functionality of the Prometheus custom check
plugin to Checkmk. It allows the user to define PromQL queries and
generate services based upon the query results. The generic check
also displays information should a PromQL expression return invalid
or faulty results.
ID: 10122
Title: Fixed performance regression for event console history queries.
Component: Event Console
Level: 2
Class: Bug fix
Version: 1.7.0i1
The event console history queries had a rather serious performance
regression in 1.6.0: For common queries, the EC tries to pre-filter the
history via egrep before doing further filtering itself. This pre-filtering
was broken due to a typo and has been repaired now.
ID: 10639
Title: agent_prometheus: Addition of Prometheus Special Agent to Checkmk
Component: Checks & agents
Level: 2
Class: New feature
Version: 1.7.0i1
This change introduces the underlying structure of the Prometheus
Special Agent into Checkmk. It provides connection functionality
along with preparation for subsequent service generation resulting
from Prometheus metrics.
ID: 7287
Title: Fixed incorrect processing of SNMP datasource configuration
Component: WATO
Level: 2
Class: Bug fix
Version: 1.7.0i1
Due to an incorrect old configuration conversion routine the snmp datasource setting for a host was incorrectly set/reset to <tt>No SNMP<tt>.
This could be observed on the edit host page, for example. It only applied to hosts where the agent tag group was explicitly set.
This incorrectly transformed snmp setting was written back to disk, when the host itself was saved or when there were any changes made in the host tags configuration.
Changes in the host tag configuration had a greater impact because they forced a complete rewrite of all host configurations.
ID: 10553
Title: Extended Checkmk crash reporting
Component: Multisite
Level: 2
Class: New feature
Version: 1.7.0i1
The crash reporting functionality of Checkmk has been extended. In previous versions
of Checkmk it was possible to report only GUI and check plugin related crashes to the
Checkmk team.
With this change Checkmk is able to collect crashes from all components of Checkmk.
These crashes can be displayed in the central user interface in distributed setups.
You can access the crashes using the view <tt>Views > Other > Crash reports</tt>.
This view shows you a list of all captured crashes. You can open the details of
a crash by clicking on the crash ID and send them to the Checkmk team or download
the crash package.
These crash reports are stored locally in each site below <tt>var/check_mk/crashes</tt>.
There is a cleanup mechanism in place which removes all crashes except the last 20
per component.