Checkmk werks level2

checkmk-werks-lvl2@lists.checkmk.com

1355 discussions

Check_MK Werk 7081: Reworked "Distributed Monitoring" page

by Lars Michelsen

ID: 7081 Title: Reworked "Distributed Monitoring" page Component: WATO Level: 2 Class: New feature Version: 1.6.0i1 The "Distributed Monitoring" pages have been reworked to make it easier to manage multiple Check_MK site connections. The list page is now showing less site configuration details. Instead of these columns status columns have been added to visualize whether or not your site connections can currently be used. One column shows the current status of the Livestatus connection, which is needed by the GUI to gather the monitoring status from the site. In case your livestatus connection is not configured properly, you may have a look at the status and hover the icon for more information about the reason. One possible reason for a non functional Livestatus connection may be a TLS connection issue (if you use encrypted Livestatus). You can use this site to inspect the remote site certificate and establish a trust with this certificate to allow the GUI to connect with that site. The replication status column tells you whether or not the configuration replication connection is working.

5 years, 9 months

Check_MK Werk 7017: Livestatus via TCP can now be encrypted

by Lars Michelsen

ID: 7017 Title: Livestatus via TCP can now be encrypted Component: Livestatus Level: 2 Class: New feature Version: 1.6.0i1 Livestatus has been a plain text protocol since it's invention. This is normally OK for system local connections via unix socket or TCP connections in secure networks. Users always had the choice to secure the communication using TLS (e.g. via stunnel), SSH, VPN or some other solution that encrypts the communication in their local setup. To improve the security for all users of Check_MK, we have now changed the Livestatus TCP communication to be encrypted by default using TLS. This is realized using an internal CA and internally generated certificates. Existing sites that already have Livestatus via TCP enabled before updating to 1.6 still use the unencrypted communication for compatibility. An analyze configuration" test will create a CRITICAL message about the unencrypted Livestatus TCP configuration in this situation. Technical details: <ul> <li>For new sites Livestatus via TCP is encrypted by default. Existing sites which already have Livestatus via TCP enabled during the update keep the communication unencrypted for compatibility reasons. This is managed using the new 'omd config' option LIVESTATUS_TCP_TLS. This setting can also be managed through the "Global Settings > Site Management".</li> <li>During update or site creation a site local CA certificate is created to manage the sites local certificates.</li> <li>The site local certificate is created automatically during update or site creation.</li> <li>The sites local CA and certificates are stored in 'etc/ssl'. The CA certificate is always located at 'etc/ssl/ca.pem'.</li> <li>The keys are 2048 bit RSA keys and the certificates are signed using SHA512.</li> <li>The CA certificate is valid for 10 years, the site certificates are valid for 3 years.</li> <li>Check_MK / OMD code may use 'omdlib.certs.SiteLocalCA(site_id)' to use the local CA</li> <li>stunnel is introduced as site internal daemon that serves the TLS wrapped socket once it has been enabled through 'omd config'. </ul>

5 years, 9 months

Check_MK Werk 7056: Kubernetes monitoring

by Tom Baerwinkel

ID: 7056 Title: Kubernetes monitoring Component: Checks & agents Level: 2 Class: New feature Version: 1.6.0i1 A special agent and multiple checks to support the monitoring of Kubernetes clusters are added. For a detailled description of the features and a setup guide please refer to the official Check_MK guide: https://mathias-kettner.de/cms_monitoring_kubernetes.html

5 years, 9 months

Check_MK Werk 6702: Introduced various performance improvements for cmc config generation (e.g. multiprocessing)

by Andreas Boesl

ID: 6702 Title: Introduced various performance improvements for cmc config generation (e.g. multiprocessing) Component: cmc Level: 2 Class: New feature Version: 1.6.0i1 Previous versions only used one CPU core for the config generation. The time to generate the config highly depends on the number of hosts, services and especially rulesets. Lots of the underlying computation code has been changed, caches and functions were optimized. As a result Check_MK is now able to distribute the work load of the config generation over several CPUs. Per default, this feature is activated. Unless configured otherwise, it uses up to 75% of the available CPUs during the config generation, leaving some CPUs for running monitoring core. A new configuration option <tt>Generate monitoring configuration via multiprocessing</tt> has been introduced. You can either switch of multiprocessing or configure the number of used CPUs manually. Tests have shown that the performance can increased by a factor of 5-10 on a 8 CPU core setup.

5 years, 9 months

Check_MK Werk 7018: Livestatus can now be configured to connect via IPv6

by Lars Michelsen

ID: 7018 Title: Livestatus can now be configured to connect via IPv6 Component: Multisite Level: 2 Class: New feature Version: 1.6.0i1 In previous versions it was not possible to connect the GUI to a remote site via Livestatus using IPv6. This is now possible and can be configured from the "Distributed Monitoring" configuration. Technically this was prevented by several smaller things. The internal Livestatus xinetd configuration now allows ::/0 besides 0.0.0.0 by default. In case you have modified this setting and want to use IPv6, you may have to add the IPv6 addresses of your choice to this option. The site configuration GUI is now able to handle IPv6 addresses properly. The internally used livestatus.py Livestatus client implementation supports IPv6 now. Livestatus proxy can now connect to Livestatus via IPv6 and also the cascading proxy feature, which is used to make the local unix socket of a site available via the network, can now be used with IPv6 in addition to the already existing IPv4 support.

5 years, 10 months

Check_MK Werk 6965: Fixed socket timeout handling in check_mkevents active check

by Sven Panne

ID: 6965 Title: Fixed socket timeout handling in check_mkevents active check Component: Checks & agents Level: 2 Class: Bug fix Version: 1.6.0i1 The microseconds part of the socket timeout was not set, so a "Numerical argument out of domain" error could happen randomly. This has been fixed.

5 years, 10 months

Check_MK Werk 6984: docker_node_disk_usage, docker_node_info, docker_node_images, docker_node_network: Extract sections to plugin

by Konstantin Büttner

ID: 6984 Title: docker_node_disk_usage, docker_node_info, docker_node_images, docker_node_network: Extract sections to plugin Component: Checks & agents Level: 2 Class: Bug fix Version: 1.6.0i1 Due to poor performance of commands such as <tt>docker system df</tt> in some environments, the check_mk_agent would be slowed down to the point of unusability. To address this, these sections have been extracted into the <tt>mk_docker_node</tt> agent plugin, allowing them to be run asynchronously. If you update the agent and you need these sections, you will have to deploy the plugin to continue monitoring docker node information.

5 years, 10 months

Check_MK Werk 6930: Service discovery page can now handle long running tasks

by Lars Michelsen

ID: 6930 Title: Service discovery page can now handle long running tasks Component: WATO Level: 2 Class: New feature Version: 1.6.0i1 The service discovery page of the configuration GUI could end up in timeouts when working with devices that need a long time to process the discovery process. This mostly affected either large or slow responding SNMP devices. The discovery page is now initially loading almost immediately and then starts fetching the content in the background. The potential long running tasks (full scan or autmatic refresh) are performed in the background. While these actions are performed, the GUI shows the already known check table in a read only mode. Discovering services of hosts monitored by remote sites using a pre 1.6 version is possible but can still end up in timeouts. The new logic is only used by sites using version 1.6 or newer.

5 years, 10 months

Check_MK Werk 6920: HTTP proxies can now be configured globally

by Lars Michelsen

ID: 6920 Title: HTTP proxies can now be configured globally Component: Core & setup Level: 2 Class: New feature Version: 1.6.0i1 To enable components to connect to external resources in proxied networks more easily it is now possible to configure several HTTP proxies using the global setting "HTTP proxies". Imagine a scenario where your monitoring server is located in your company internal network and you need to make a connection to a external HTTP server in the internet while you can only connect to this server using a proxy server. In the past the most spread option is to set the HTTP(S)_PROXY environment variables for such a call and hope that the program you use for the connection supports these envrionment variables. Now it is possible to configure the proxies using the GUI in a central place and refer to these settings from different parts of your configuration. These proxies will be usable by e.g. special agents, notification scripts and active checks, which need to use a proxy for their work. As example the pushover notification script has been migrated to support the global proxy settings. Note to notification script developers: You have to name the notification proxy element of the Dictionary parameters valuespec "proxy_url" to make it work as expected with globally configured proxies. Note to special agent and active check developers: There is a new function available get_http_proxy(http_proxy). Pass the "http_proxy" value a user configured using the HTTPProxyReference valuespec to this function an you will get back the proxy URL as string or None in case no proxy should be set via command line (see "pydoc cmk_base.check_api.get_http_proxy_for_cmdline" for further information). CMK-1407

5 years, 11 months

Check_MK Werk 6964: Fixed matching of literal strings when C++11 regex engine is used.

by Sven Panne

ID: 6964 Title: Fixed matching of literal strings when C++11 regex engine is used. Component: Livestatus Level: 2 Class: Bug fix Version: 1.6.0i1 Livestatus and CMC can use one of two regex engines: Either then one from the C++11 standard library or the one from the RE2 library. Normal builds ship the latter, only a manually built Livestatus should ever use the former. Nevertheless, both should work, but the C++11 variant had a quoting bug, resulting in incorrect matching. This has been fixed.

5 years, 11 months

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Checkmk werks level2