mirror of
https://github.com/Icinga/icingadb.git
synced 2026-02-18 18:18:00 -05:00
Icinga DB - Backend moderne
3a6df542f7
The get_overdues.lua script uses a temporary Redis key to store data. So far, this key was a random UUID, not being prefixed or namespaced. This does not work when applying Redis ACLs on keys, as this random key is unpredictable. Now, this key is prefixed with "icingadb:temp:". This was initially reported in the Community Forum[^0] where the user applied ACLs to the Redis user for Icinga DB. It was easy to reproduce this by creating or reconfiguring a dedicated Redis user, allowing all operations on keys in the "icinga:" and "icingadb:" namespaces. > 127.0.0.1:6380> ACL SETUSER icingadb on >icingadb ~icinga:* ~icingadb:* +@all > OK > 127.0.0.1:6380> ACL LIST > 1) "user default on nopass sanitize-payload ~* &* +@all" > 2) "user icingadb on sanitize-payload #1631be4f74353b72282ba144d82b6764f885feefc99c15c2c5f37b5c65bb3006 ~icinga:* ~icingadb:* resetchannels +@all" After a while, the previous code failed as expected. > 2026-01-07T11:22:10.253Z FATAL icingadb NOPERM No permissions to access a key > can't execute Redis script > github.com/icinga/icingadb/pkg/icingadb/overdue.Sync.sync > /go/src/github.com/Icinga/icingadb/pkg/icingadb/overdue/sync.go:164 > github.com/icinga/icingadb/pkg/icingadb/overdue.Sync.Sync.func3 > /go/src/github.com/Icinga/icingadb/pkg/icingadb/overdue/sync.go:70 > golang.org/x/sync/errgroup.(*Group).Go.func1 > /go/pkg/mod/golang.org/x/sync@v0.19.0/errgroup/errgroup.go:93 > runtime.goexit > /usr/local/go/src/runtime/asm_amd64.s:1700 With this change, Icinga DB only uses these two namespaces and continuous to operate. [^0]: https://community.icinga.com/t/redis-user-acl-for-icingadb/15309 |
||
|---|---|---|
| .github | ||
| cmd | ||
| doc | ||
| internal | ||
| pkg | ||
| schema | ||
| tests | ||
| tools | ||
| .gitattributes | ||
| .gitignore | ||
| .golangci.yml | ||
| .mailmap | ||
| AUTHORS | ||
| CHANGELOG.md | ||
| config.example.yml | ||
| Containerfile | ||
| go.mod | ||
| go.sum | ||
| LICENSE | ||
| README.md | ||
Icinga DB
Icinga DB is a set of components for publishing, synchronizing and visualizing monitoring data in the Icinga ecosystem, consisting of:
- The Icinga DB daemon, which synchronizes monitoring data between a Redis®* server and a database
- Icinga 2 with its Icinga DB feature enabled, responsible for publishing the data to the Redis® server, i.e. configuration and its runtime updates, check results, state changes, downtimes, acknowledgements, notifications, and other events such as flapping
- And Icinga Web with the Icinga DB Web module enabled, which connects to both Redis® and the database to display and work with the most up-to-date data
Documentation
Icinga DB documentation is available at icinga.com/docs.
License
Icinga DB and the Icinga DB documentation are licensed under the terms of the GNU General Public License Version 2.