Icinga 2.8.3 released

Today we are releasing a new support version of Icinga 2.8, a small one to pass the time until 2.9. This release includes fixes for the InfluxDB and Elasticsearch features. Please note that Elasticsearch 6 support is coming with 2.9. In addition to the fixes we’ve added support for multiple check parameters for the check_nscp_api plugin and working sysconfig/defaults variables support, you’ll also find many documentation updates. For this release you don’t need to follow any special upgrade procedure, upgrading is safe.

Additional changes and details can be found in the changelog.

As always official packages are available on packages.icinga.com while community repositories might need a bit to catch up.

Update 2018-04-25 16:45 CEST: Users reported problems from a regression. We have therefore released v2.8.4.

Icinga 2.8.2 released

Today we release Version Icinga 2.8.2, a bugfix release with a focus on security. Most of these have been brought to our attention by the community and we are very thankful for that. Special thanks to Michael H., Julian and Michael O., who helped by reporting and assisting us in fixing security bugs. CVEs have also been requested for these issues, they are as follows: CVE-2017-16933, CVE-2018-6532, CVE-2018-6533, CVE-2018-6534, CVE-2018-6535, CVE-2018-6536. The full advisory from Michaels point of view can be found on his website.

As a side effect of these fixes a few things need to be considered during the upgrade:
For one, the init.conf is gone. Everything that used to be configured in there, ie. Icinga user, Icinga group and resource limits, are now found in the sysconfig file (usually /etc/sysconfig/icinga2). This means if you did manually edit init.conf, to change the user icinga 2 runs as for example, you will have to move these changes to the sysconfig. See the documentation for details. Secondly we added the cli command icinga2 api user which can be used to create ApiUser object configuration with hashed password strings.

If you did not change anything in init.conf, all of this is optional and additive and the upgrade path is safe.

Additional changes and details can be found in the changelog.

Updating is strongly recommended. We are striving to make Icinga 2 as secure as possible, to that end we created a security mailbox for you to send us security reports and vulnerability information. We support the responsible disclosure of vulnerabilities and therefore ask for sufficient time to patch the issue before publishing the details.

Official packages are available on packages.icinga.com. Community repositories might need a while to catch up.

Flapping in Icinga 2.8.0

The author viewing the code for the first time

Flapping detection is a feature many monitoring suites offer. It is mainly used to detect unfortunately chosen thresholds, but can also help in detecting network issues or similar. In most cases two thresholds are used, high and low. If the flapping value, which is the percentage of state changes over a set time, gets higher than the high threshold, it is considered flapping. It will then stay flapping until the value drops below the low threshold.

(more…)