Stability and user experience were the main goals for this release. Please read the full Changelog for all the details and the Upgrading instructions to be on the safe side. Spoiler: as always, upgrade is safe and super easy.
First of all, this release addresses a security issue reported by Boyd Ansems. Users with director/audit permission had the possibility to inject SQL. Upgrade to v1.5.0 or revoke that permission from Users you do not trust.
Command Inspection got a lot of love. It looks better, feels better – and provides the whole command as executed with a lot of context information:
It not only allows you to copy & paste the command for troubleshooting reasons. It also directly links to the configuration of the related object – in exactly the version that has been used for that single check execution. You re-deployed a new configuration twice in the meantime? Doesn’t matter, you’ll see the configuration as it looked like once the command has been executed in the file that has been deployed at the time being.
Inspection Links are now available for all Hosts and Services, and also the Endpoint Object Inspection got some improvements.
Microservices are the new SOA. In theory everything has a shiny new REST API, state is on the network and relational databases are dead dinosaurs. In practice, even large enterprises manage a lot of data in half-baked CMDBs and zillions of MS Excel files.
With Icinga Director we want to automate monitoring, but not by forcing you to re-invent the wheel. Icinga 2 and Icinga Director are work horses designed to eat whatever you feed them. And if that’s a huge Microsoft Excel file, then please, go for it. Do not even deal with all the issues involved with exporting an ill-formatted Excel file to CSV.
This is available since quite some time, but never has been part of an official release version. In two distinct customer projects we not only implemented support for XSLX, the Microsoft Excel 2007+ format. Also the Director itself got quite some related features. It now provides Property Modifiers to fix ill-formatted IP addresses in your Excel sheets and a Black/White-list feature to skip invalid rows.
Under the hood we are already one more step ahead. As you probably know, Property Modifiers can be implemented in your very own module and hook into the Icinga Director. Newly implemented capabilities allowed us to model GROUP BY-like functionality and aggregate functions in a customer module. Sooner or late such features will be made publicly available.
For those of you who never heard about the Fileshipper Icinga Web 2 module: it allows you to ship raw Icinga 2 configuration through the Icinga Director and provides an Import Source for CSV, JSON, XML, XSLX and YAML files.
Many small features have been implemented. Instead of failing with an ugly error, it’s now forbidden to delete Commands that are still in use:
Related to command usage, tables now allow to filter for used or unused commands:
When modifying a command, it immediately makes you aware of the fact that it is not in use:
When instead being used it not only shows you that it is being used – it also links to the related objects. This is also true for Notification Commands:
External Commands cannot be modified or deleted, but they offer the very same feature:
Service Variable Overrides
One of the most powerful Icinga Director features are the so-called Overrides. Even when your Chassis Temperature check is an Apply Rule assigned to every host of a specific vendor, this still allows you to tweak the configured threshold for single hosts.
A lot of fine-tuning related to this feature took place in v1.5.0. Just to name a few changes:
- Lots of small bug fixes. No matter whether a Service has been inherited from a Host template, assigned via apply rule or being part of a Service Set which once again has been applied or inherited – the feature just works
- Internally, overrides are stored in a special Host Custom Variable. This used to collide with the “replace” policy on Sync Rules, as the Sync rule then overruled your overrides. With v1.5.0 this variable is not going to be touched on Sync
- It is now not only possible to tweak thresholds, you’re also able to blacklist specific applied/inherited services on single hosts. Technically, this renders an ignore filter for the related apply rule. But for the user it feels like deleting a specific service directly on a specific host
- Sync Rules are able to flag a service with “use_var_overrides”. This allows to sync new default thresholds for single services while preserving manual changes applied by your users. All above changes and more tweaks have been applied to make this feature feel natural and self-explaining.
As you can see the Services list on every Host shows crossed out Services in case they have been blacklisted.
More UI features
A lot of small improvements took place. Custom Variables based on Data Lists make creating Apply Rules easier by suggesting available values. Config Preview often directly links related objects:
You’ll find more UI improvements in our Changelog.
Import/Export, Admin Features
There are some hidden goodies for admins or user granted enough permissions. Multiple views offer the possibility to show the executed SQL queries, a feature that comes in handy when it goes to troubleshoot restrictions or when you want to model custom code based on existing logic.
While our REST API of course ships JSON data, it’s now also possible to get a JSON export with a simple click in the UI.
It is now possible to clone Import Sources and Sync Rules. You can export and/or import them on the CLI. And given a configured DB Resource for a foreign Director instance this can be a one-liner:
icingacli director export importsources \ | icingacli director import importsources --dbResourceName 'Director in PROD'
A lot more related work took place under the hood, we’ll merge new related features to the master soon.
Permissions and Restrictions
Since v1.4.0 it is possible to restrict access to Hosts based on Hostgroup membership. While this may sound very simple and restricted, people understood it’s real power once they realized that this works fine even when all your group memberships are based on dynamic Apply Rules.
Version 1.4.x contained some related bugs, it partially failed for static group memberships and users have been able to lock them out from hosts they should have been allowed to modify. v1.5.0 addresses those and similar issues.
Multi-Selection is a useful but not so well known Feature in Icinga Web 2 and some of it’s modules. You can select multiple rows via SHIFT/CTRL-click to trigger actions on multiple objects. New in v1.5.0 is that this way you can not only add Services but also Service Sets to multiple hosts at once.
We made a huge step forward in modularizing lots of our library code, the result will soon be published as our new Icinga PHP library (ipl). This will allow us to provide features that matured in some module (like Director) for other modules too.
I’m glad to announce that Markus Frosch from Netways will be granted Development time to work exclusively on the Director project. He is a long time contributor made a fantastic job helping to prepare this release.