From 61819506205227adce343267b69d0d5a2f6e3f13 Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Thu, 11 Nov 2021 21:07:55 +0100 Subject: [PATCH 01/12] docs: Replace warning log level with warn warning is not a valid log level but warn is. --- config.yml.example | 2 +- doc/03-Configuration.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config.yml.example b/config.yml.example index d8940a86..a5ee70a2 100644 --- a/config.yml.example +++ b/config.yml.example @@ -11,7 +11,7 @@ redis: address: redis:6380 logging: - # Default logging level. Can be set to 'fatal', 'error', 'warning', 'info' or 'debug'. + # Default logging level. Can be set to 'fatal', 'error', 'warn', 'info' or 'debug'. # If not set, defaults to 'info'. level: diff --git a/doc/03-Configuration.md b/doc/03-Configuration.md index 746b2622..fca27cfe 100644 --- a/doc/03-Configuration.md +++ b/doc/03-Configuration.md @@ -41,7 +41,7 @@ Configuration of the logging component used by Icinga DB. Option | Description -------------------------|----------------------------------------------- -level | **Optional.** Specifies the default logging level. Can be set to `fatal`, `error`, `warning`, `info` or `debug`. Defaults to `info`. +level | **Optional.** Specifies the default logging level. Can be set to `fatal`, `error`, `warn`, `info` or `debug`. Defaults to `info`. output | **Optional.** Configures the logging output. Can be set to `console` (stderr) or `systemd-journald`. If not set, logs to systemd-journald when running under systemd, otherwise stderr. interval | **Optional.** Interval for periodic logging defined as [duration string](#duration-string). Defaults to `"20s"`. options | **Optional.** Map of component name to logging level in order to set a different logging level for each component instead of the default one. See [logging components](#logging-components) for details. From b49422a010c495d3bd1e75ac2b4f0bfb41eacb28 Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Thu, 11 Nov 2021 21:09:03 +0100 Subject: [PATCH 02/12] Use localhost in our example config --- config.yml.example | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config.yml.example b/config.yml.example index a5ee70a2..192b872a 100644 --- a/config.yml.example +++ b/config.yml.example @@ -1,14 +1,14 @@ # This is the configuration file for Icinga DB. database: - host: icingadb + host: localhost port: 3306 database: icingadb user: icingadb password: icingadb redis: - address: redis:6380 + address: localhost:6380 logging: # Default logging level. Can be set to 'fatal', 'error', 'warn', 'info' or 'debug'. From 746dfa39f867ff7911451e35a4076be0e5da81f3 Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Thu, 11 Nov 2021 21:10:12 +0100 Subject: [PATCH 03/12] Comment out flat config keys that have a default value There is a problem with logging.interval where the YAML decoder resets the value to 0. Note that this is only a quick fix and should be reverted once the YAML decoder has been fixed. --- config.yml.example | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/config.yml.example b/config.yml.example index 192b872a..68058280 100644 --- a/config.yml.example +++ b/config.yml.example @@ -13,17 +13,17 @@ redis: logging: # Default logging level. Can be set to 'fatal', 'error', 'warn', 'info' or 'debug'. # If not set, defaults to 'info'. - level: +# level: info # Logging output. Can be set to 'console' (stderr) or 'systemd-journald'. # If not set, logs to systemd-journald when running under systemd, otherwise stderr. - output: +# output: # Interval for periodic logging defined as duration string. # A duration string is a sequence of decimal numbers and a unit suffix, such as "20s". # Valid units are "ms", "s", "m", "h". # Defaults to "20s". - interval: +# interval: 20s # Map of component-logging level pairs to define a different log level than the default value for each component. options: From b95e48f40bbaca04322272fce62911e3be3d93cf Mon Sep 17 00:00:00 2001 From: Henrik Triem Date: Fri, 12 Nov 2021 13:29:49 +0100 Subject: [PATCH 04/12] Add Fedora, CentOS 8, dnf and some cleanup --- doc/02-Installation.md | 49 +++++++++++++++++++++++++++++++----------- 1 file changed, 37 insertions(+), 12 deletions(-) diff --git a/doc/02-Installation.md b/doc/02-Installation.md index acf7ad0e..18d69fcb 100644 --- a/doc/02-Installation.md +++ b/doc/02-Installation.md @@ -5,20 +5,17 @@ * Local Redis instance (Will be installed during this documentation) * MySQL/MariaDB server with `icingadb` database, user and schema imports (Will be installed during this documentation) -Supported enterprise distributions: - -* RHEL/CentOS 7/8 -* Debian 10 Buster -* Ubuntu 18 Bionic -* SLES 15.1 - ## Setting up Icinga DB ### Package Repositories In order to install the latest release candidate, you have to add our `testing` repository as shown below. +We assume that you have our `release` repository already activated. +The following commands must be executed with root permissions unless noted otherwise. -#### RHEL/CentOS Repositories +#### RHEL/CentOS/Fedora Repositories + +Make sure you have wget installed. ``` rpm --import https://packages.icinga.com/icinga.key @@ -74,7 +71,15 @@ apt-get update ### Installing Icinga DB -RHEL/CentOS 7/8: +RHEL/CentOS 8/Fedora: + +``` +dnf install icingadb +systemctl enable icingadb +systemctl start icingadb +``` + +RHEL/CentOS 7: ``` yum install icingadb @@ -96,7 +101,16 @@ apt-get install icingadb ### Installing Icinga DB Redis -RHEL/CentOS 7/8: +RHEL/CentOS 8/Fedora: + +``` +dnf install icingadb-redis + +systemctl enable icingadb-redis +systemctl start icingadb-redis +``` + +RHEL/CentOS 7: ``` yum install icingadb-redis @@ -124,7 +138,18 @@ apt-get install icingadb-redis #### Installing MySQL/MariaDB database server -RHEL/CentOS 7/8: +RHEL/CentOS 8/Fedora: + +``` +dnf install mariadb-server mariadb + +systemctl enable mariadb +systemctl start mariadb + +mysql_secure_installation +``` + +RHEL/CentOS 7: ``` yum install mariadb-server mariadb @@ -178,7 +203,7 @@ After creating the database you can import the Icinga DB schema using the following command. Enter the root password into the prompt when asked. ``` -cat /usr/share/icingadb/schema/mysql/schema.sql | mysql -uroot icingadb -p +cat /usr/share/icingadb/schema/mysql/schema.sql | mysql -u root icingadb -p ``` ### Running Icinga DB From 19043239f15aa0a3aba2416e23f814085fae948e Mon Sep 17 00:00:00 2001 From: Henrik Triem <43344334+htriem@users.noreply.github.com> Date: Fri, 12 Nov 2021 14:07:27 +0100 Subject: [PATCH 05/12] Change icinga-redis to icingadb-redis in remote Redis --- doc/02-Installation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/02-Installation.md b/doc/02-Installation.md index 18d69fcb..56af4c92 100644 --- a/doc/02-Installation.md +++ b/doc/02-Installation.md @@ -223,7 +223,7 @@ systemctl start icingadb ### Enable remote Redis connections -By default `icingadb-redis` listens only on `127.0.0.1`. If you want to change that (e.g. Icinga Web 2), just change `bind 127.0.0.1 ::1` and `protected-mode yes` in `/etc/icinga-redis/icingadb-redis.conf` to the interface you want to use and `protected-mode no`. +By default `icingadb-redis` listens only on `127.0.0.1`. If you want to change that (e.g. Icinga Web 2), just change `bind 127.0.0.1 ::1` and `protected-mode yes` in `/etc/icingadb-redis/icingadb-redis.conf` to the interface you want to use and `protected-mode no`. > WARNING: Make sure your host is secured by some kind of firewall, if you open Redis to an external interface. Redis, by default, does not have any authentication that prevent others from accessing it. From 40932fa33d82af77a135b09f7fb06eedb6a595ce Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Fri, 12 Nov 2021 13:49:18 +0100 Subject: [PATCH 06/12] Add upgrading docs --- README.md | 14 -------------- doc/04-Upgrading.md | 21 +++++++++++++++++++++ 2 files changed, 21 insertions(+), 14 deletions(-) create mode 100644 doc/04-Upgrading.md diff --git a/README.md b/README.md index 4b1504f0..e7e5342e 100644 --- a/README.md +++ b/README.md @@ -1,17 +1,3 @@ -# IMPORTANT (28.05.2021) - -> :warning: **We've changed a lot to prepare for Icinga DB 1.0.0 RC2** :warning: - -You will have to do the following steps to upgrade Icinga DB to the current master: - -1. Completely stop Icinga 2 and Icinga DB -2. Flush your Redis (`redis-cli flushall`) - We made a lot of changes to our Redis schema, so this is necessary -3. Upgrade Icinga 2 to the latest snapshot/master -4. Upgrade Icinga DB to latest master -5. Upgrade the Icinga DB SQL schema (`mysql icingadb < schema/mysql/upgrades/1.0.0-rc2.sql`) -6. Copy `config.yml.example` to `config.yml` and change it to your needs (The config file has changed and we don't use the old `icingadb.ini` config anymore) -7. Start Icinga 2 and Icinga DB (For Icinga DB use `go run cmd/icingadb/main.go`) - # Icinga DB ![Icinga Logo](https://icinga.com/wp-content/uploads/2014/06/icinga_logo.png) diff --git a/doc/04-Upgrading.md b/doc/04-Upgrading.md new file mode 100644 index 00000000..37f40844 --- /dev/null +++ b/doc/04-Upgrading.md @@ -0,0 +1,21 @@ +# Upgrading Icinga DB + +## Upgrading to Icinga DB RC2 + +Icinga DB RC2 is a complete rewrite compared to RC1. Because of this, a lot has changed in the Redis and database +schema, which is why they have to be deleted and recreated. The configuration file has changed from `icingadb.ini` +to `config.yml`. Instead of the INI format, we are now using YAML and have introduced more configuration options. We +have also changed the packages of `icingadb-redis`, which is why the Redis CLI commands are now prefixed with `icingadb` +instead of just `icinga`, i.e. the Redis CLI is now accessed via `icingadb-redis-cli`. + +Please follow the steps below to upgrade to Icinga DB RC2: + +1. Stop Icinga 2 and Icinga DB. +2. Flush your Redis instances using `icinga-redis-cli flushall` (note the `icinga` prefix as we did not + upgrade `icingadb-redis` yet) and stop them afterwards. +3. Upgrade Icinga 2 to version 2.13.2 or newer. +4. Remove the `icinga-redis` package where installed as it may conflict with `icingadb-redis`. +5. Install Icinga DB Redis (`icingadb-redis`) on your primary Icinga 2 nodes to version 6.2.6 or newer. +6. Upgrade Icinga DB to RC2. +7. Drop the Icinga DB MySQL database and recreate it using the provided schema. +8. Start Icinga DB Redis, Icinga 2 and Icinga DB. From 8322ff7840fcd5c8a5fc91357a195a92373c0e19 Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Fri, 12 Nov 2021 14:41:03 +0100 Subject: [PATCH 07/12] Fix whitespaces and too long lines in installation docs --- doc/02-Installation.md | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/doc/02-Installation.md b/doc/02-Installation.md index 56af4c92..8b9a633b 100644 --- a/doc/02-Installation.md +++ b/doc/02-Installation.md @@ -9,9 +9,9 @@ ### Package Repositories -In order to install the latest release candidate, you have to add our `testing` repository as shown below. -We assume that you have our `release` repository already activated. -The following commands must be executed with root permissions unless noted otherwise. +In order to install the latest release candidate, you have to add our `testing` repository as shown below. We assume +that you have our `release` repository already activated. The following commands must be executed with root permissions +unless noted otherwise. #### RHEL/CentOS/Fedora Repositories @@ -68,7 +68,6 @@ wget -O - https://packages.icinga.com/icinga.key | apt-key add - apt-get update ``` - ### Installing Icinga DB RHEL/CentOS 8/Fedora: @@ -182,8 +181,8 @@ mysql_secure_installation Note that if you're using a version of MySQL < 5.7 or MariaDB < 10.2, the following server options must be set: ``` -innodb_file_format=barracuda -innodb_file_per_table=1 +innodb_file_format=barracuda +innodb_file_per_table=1 innodb_large_prefix=1 ``` @@ -223,10 +222,14 @@ systemctl start icingadb ### Enable remote Redis connections -By default `icingadb-redis` listens only on `127.0.0.1`. If you want to change that (e.g. Icinga Web 2), just change `bind 127.0.0.1 ::1` and `protected-mode yes` in `/etc/icingadb-redis/icingadb-redis.conf` to the interface you want to use and `protected-mode no`. +By default `icingadb-redis` listens only on `127.0.0.1`. If you want to change that (e.g. Icinga Web 2), just +change `bind 127.0.0.1 ::1` and `protected-mode yes` in `/etc/icingadb-redis/icingadb-redis.conf` to the interface you +want to use and `protected-mode no`. -> WARNING: Make sure your host is secured by some kind of firewall, if you open Redis to an external interface. Redis, by default, does not have any authentication that prevent others from accessing it. +> WARNING: Make sure your host is secured by some kind of firewall, if you open Redis to an external interface. +> Redis, by default, does not have any authentication that prevent others from accessing it. ### Icinga DB Web -Consult the [Icinga DB Web documentation](https://icinga.com/docs/icingadb/latest/icingadb-web/doc/02-Installation/) on how to connect Icinga Web 2 with Icinga DB. +Consult the [Icinga DB Web documentation](https://icinga.com/docs/icingadb/latest/icingadb-web/doc/02-Installation/) on +how to connect Icinga Web 2 with Icinga DB. From 785fd425d90ad331aa8470fc827406e07007a8b2 Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Fri, 12 Nov 2021 14:42:07 +0100 Subject: [PATCH 08/12] Improve MySQL commands in installation docs --- doc/02-Installation.md | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/doc/02-Installation.md b/doc/02-Installation.md index 8b9a633b..b32727b7 100644 --- a/doc/02-Installation.md +++ b/doc/02-Installation.md @@ -193,16 +193,12 @@ Set up a MySQL database for Icinga DB: CREATE DATABASE icingadb; GRANT ALL ON icingadb.* TO 'icingadb'@'127.0.0.1' IDENTIFIED BY 'icingadb'; -FLUSH PRIVILEGES; - -quit ``` -After creating the database you can import the Icinga DB schema using the -following command. Enter the root password into the prompt when asked. +After creating the database, you can import the Icinga DB schema using the following command: ``` -cat /usr/share/icingadb/schema/mysql/schema.sql | mysql -u root icingadb -p +mysql -u root -p icingadb From 69a08978477045ff480a9b3b4b79291532947793 Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Fri, 12 Nov 2021 14:43:33 +0100 Subject: [PATCH 09/12] Change default configuration file path --- pkg/config/config.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/config/config.go b/pkg/config/config.go index 3308d02d..78788b4a 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -39,7 +39,7 @@ type Flags struct { // Version decides whether to just print the version and exit. Version bool `long:"version" description:"print version and exit"` // Config is the path to the config file - Config string `short:"c" long:"config" description:"path to config file" required:"true" default:"./config.yml"` + Config string `short:"c" long:"config" description:"path to config file" required:"true" default:"/etc/icingadb/config.yml"` } // FromYAMLFile returns a new Config value created from the given YAML config file. From f21f50e958b2a8350a23f367dc935e96781ac4fe Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Fri, 12 Nov 2021 14:46:41 +0100 Subject: [PATCH 10/12] Reduce max_hmget_connections to 8 --- pkg/icingaredis/client.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/icingaredis/client.go b/pkg/icingaredis/client.go index 3a7922b9..2af5e825 100644 --- a/pkg/icingaredis/client.go +++ b/pkg/icingaredis/client.go @@ -29,7 +29,7 @@ type Client struct { // Options define user configurable Redis options. type Options struct { Timeout time.Duration `yaml:"timeout" default:"30s"` - MaxHMGetConnections int `yaml:"max_hmget_connections" default:"4096"` + MaxHMGetConnections int `yaml:"max_hmget_connections" default:"8"` HMGetCount int `yaml:"hmget_count" default:"4096"` HScanCount int `yaml:"hscan_count" default:"4096"` XReadCount int `yaml:"xread_count" default:"4096"` From 8acc6234129159fb43e4542a059a3b6022ab9a6b Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Fri, 12 Nov 2021 15:47:23 +0100 Subject: [PATCH 11/12] Refine remote Redis installation docs chapter --- doc/02-Installation.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/doc/02-Installation.md b/doc/02-Installation.md index b32727b7..7abb81ac 100644 --- a/doc/02-Installation.md +++ b/doc/02-Installation.md @@ -218,12 +218,13 @@ systemctl start icingadb ### Enable remote Redis connections -By default `icingadb-redis` listens only on `127.0.0.1`. If you want to change that (e.g. Icinga Web 2), just -change `bind 127.0.0.1 ::1` and `protected-mode yes` in `/etc/icingadb-redis/icingadb-redis.conf` to the interface you -want to use and `protected-mode no`. +By default `icingadb-redis` listens only on `127.0.0.1`. If you want to change that, e.g. for Icinga Web 2 or Icinga 2 +running on another node, just change `bind 127.0.0.1 ::1` and `protected-mode yes` +in `/etc/icingadb-redis/icingadb-redis.conf` to the interface you want to use and to `protected-mode no`. -> WARNING: Make sure your host is secured by some kind of firewall, if you open Redis to an external interface. -> Redis, by default, does not have any authentication that prevent others from accessing it. +> WARNING: By default, Redis does not have any authentication that prevents others from accessing it. +> If you open Redis to an external interface, make sure that you set up appropriate firewall rules or configure TLS +> with certificate authentication on Redis and its consumers, i.e. Icinga 2, Icinga DB and Icinga Web 2. ### Icinga DB Web From 222ece91aef84de2ab8df5fcd906dc89a6c3eafd Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Fri, 12 Nov 2021 15:49:27 +0100 Subject: [PATCH 12/12] Docs: Fix default config file location --- doc/02-Installation.md | 2 +- doc/03-Configuration.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/02-Installation.md b/doc/02-Installation.md index 7abb81ac..4e853e0d 100644 --- a/doc/02-Installation.md +++ b/doc/02-Installation.md @@ -206,7 +206,7 @@ mysql -u root -p icingadb -The configuration is stored in `/etc/icingadb/icingadb.yml`. +The configuration is stored in `/etc/icingadb/config.yml`. See [config.yml.example](../config.yml.example) for an example configuration. ## Redis Configuration