Icinga 2.14

CHANGELOG.md

@@ -7,6 +7,198 @@ documentation before upgrading to a new release.
 
 Released closed milestones can be found on [GitHub](https://github.com/Icinga/icinga2/milestones?state=closed).
 
+## 2.14.0 (2023-07-12)
+
+[Issues and PRs](https://github.com/Icinga/icinga2/issues?q=is%3Aclosed+milestone%3A2.14.0)
+
+### Notes
+
+Upgrading docs: https://icinga.com/docs/icinga2/snapshot/doc/16-upgrading-icinga-2/#upgrading-to-2-14
+
+Thanks to all contributors:
+[atj](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+is%3Aclosed+milestone%3A2.14.0+author%3Aatj),
+[atwebm](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+is%3Aclosed+milestone%3A2.14.0+author%3Aatwebm),
+[cspeterson](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+is%3Aclosed+milestone%3A2.14.0+author%3Acspeterson),
+[cycloon](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+is%3Aclosed+milestone%3A2.14.0+author%3Acycloon),
+[DamianoChini](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+is%3Aclosed+milestone%3A2.14.0+author%3ADamianoChini),
+[efuss](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+is%3Aclosed+milestone%3A2.14.0+author%3Aefuss),
+[fabieins](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+is%3Aclosed+milestone%3A2.14.0+author%3Afabieins),
+[haxtibal](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+is%3Aclosed+milestone%3A2.14.0+author%3Ahaxtibal),
+[jaapmarcus](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+is%3Aclosed+milestone%3A2.14.0+author%3Ajaapmarcus),
+[log1-c](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+is%3Aclosed+milestone%3A2.14.0+author%3Alog1-c),
+[lrupp](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+is%3Aclosed+milestone%3A2.14.0+author%3Alrupp),
+[maggu](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+is%3Aclosed+milestone%3A2.14.0+author%3Amaggu),
+[mcodato](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+is%3Aclosed+milestone%3A2.14.0+author%3Amcodato),
+[Napsty](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+is%3Aclosed+milestone%3A2.14.0+author%3ANapsty),
+[orbison](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+is%3Aclosed+milestone%3A2.14.0+author%3Aorbison),
+[peteeckel](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+is%3Aclosed+milestone%3A2.14.0+author%3Apeteeckel),
+[slalomsk8er](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+is%3Aclosed+milestone%3A2.14.0+author%3Aslalomsk8er),
+[stevie-sy](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+is%3Aclosed+milestone%3A2.14.0+author%3Astevie-sy),
+[Tqnsls](https://github.com/Icinga/icinga2/pulls?q=is%3Apr+is%3Aclosed+milestone%3A2.14.0+author%3ATqnsls)
+
+### Breaking Changes
+
+* Remove CheckResultReader (which has been deprecated since v2.9). #9714
+* Remove StatusDataWriter (which has been deprecated since v2.9). #9715
+* ElasticsearchWriter: drop support for Elasticsearch < v7. #9812
+* Consider a checkable unreachable once one Dependency fails.
+  Previously all of them had to fail. (Consult the upgrading docs.) #8218
+* API: reject config modifications during reload with HTTP status 503. #9445
+* `icinga2 daemon`: to reduce config load time, write file needed by
+  `icinga2 object list` only if `--dump-objects` is given. #9586 #9591
+* Default email notification scripts: link to Icinga DB Web,
+  not the monitoring module. (Consult the upgrading docs.) #9742 #9757
+* API: for security reasons hide TicketSalt in /v1/variables. #7863
+
+#### Icinga 2 Config DSL
+
+* Disallow global variable modification after config commit start (i.e.
+  inside `object/apply T "x" { ... }`) to reduce config load time. #9740
+* Forbid Dependency cycles at config load time. #8389
+* Allow only strings in the arrays Host#groups, Service#groups and
+  User#groups. Needed for consistency, especially by the IDO. #9057
+* Disallow empty object names. (They worked only partially anyway.) #9409
+
+#### Windows Agent only
+
+The official MSIs don't include the following features anymore.
+They weren't intended, tested or needed on Windows and only waste build time,
+bandwidth and disk space. Both new installations and upgrades are affected.
+
+* ElasticsearchWriter #9704
+* GelfWriter #9704
+* GraphiteWriter #9704
+* InfluxdbWriter and Influxdb2Writer #9704
+* OpenTsdbWriter #9704
+* PerfdataWriter #9704
+
+We also don't ship the following files anymore.
+(You can still obtain them manually.)
+
+* `NSCP.msi` (NSClient++ installer) #9703
+* [doc/](doc) (Icinga 2 markdown documentation) #9705
+
+On the other hand MSIs are now 75% smaller than before.
+
+### Enhancements
+
+* Significantly reduce config load time of large setups.
+  #8118 #9555 #9557 #9572 #9577 #9603 #9608 #9627 #9648 #9657 #9662
+* Allow to connect dependencies via redundancy groups. Only parents within
+  one group are assumed to provide redundancy for each other. #8218
+* Built-in check command ifw-api, communicates directly with the Icinga for
+  Windows REST API. (Doesn't spawn a PowerShell process for that.) #9062
+* JournaldLogger which logs to systemd journal. #9000
+* API: POST /v1/objects: allow to discard some previously modified attributes,
+  i.e. to restore the config files' values. #9783
+* ElasticsearchWriter: support Elasticsearch v8. #9812
+* Support `$env.ENV_VAR_NAME$` macros. #8302
+* Speed up Icinga DB config dump. #9524
+* Default mail notification scripts: also print `$host.notes$` and `$service.notes$`. #9713
+* Enable built-in OpenSSL DH parameters to allow DHE TLS ciphers. #9811
+* Clean up global default TLS cipher list to improve security. #9809
+* Influxdb(2)Writer: write more precise timestamps (nanoseconds). #9599
+
+### Bugfixes
+
+* Icinga DB feature: normalize several Redis data not to crash the Go daemon.
+  #9772 #9775 #9792 #9793 #9794 #9805
+* Fix parsing of perfdata across multiple lines in plugin output. #8969
+* icinga check: fix last reload failure time. #8429
+* Resolve macros inside custom vars of IcingaApplication. #9779
+* SELinux: allow Icinga and its plugins to write to syslog. #9688
+* ElasticsearchWriter: fix data buffer flush race condition during stop. #9810
+* Trigger flexible downtimes not in the past if checkable is already down. #9726
+* Send downtime expiration notifications immediately, not after up to a minute. #9726
+
+#### Cluster
+
+* Don't hang in timed out connection attempt. #9711 #9725
+* Fix lost acknowledgements after re-connect. #9718
+* cluster-zone check: don't complain about not connected
+  other local zone members if there aren't any. #8595
+* Allow agent to update executions delegated to it via /v1/actions/execute-command. #8627
+
+#### API
+
+* Disallow breaking inter-object relationships by changing
+  relationship attributes at runtime, e.g. Service#host_name. #9407
+* Correct several HTTP response status codes. #7958 #9354
+* Correct Boolean field types previously reported by /v1/types as Number. #9514
+
+#### CLI
+
+* `icinga2 daemon`: fix -DConfiguration.Concurrency= flag
+  which now allows to override the number of threads. #9643
+* `icinga2 node wizard`: avoid unnecessary chown(2) which may fail and abort the wizard. #8744
+* Correct several log messages. #8895 #8965 #9663
+
+### ITL
+
+Add linux\_netdev check command. #9045
+
+#### Command Argument Changes
+
+* disk: don't pass -m (disk\_megabytes) by default. #9642
+* disk: pass -X fuse.portal (disk\_exclude\_type) by default. #9459
+* http: support multiple -k (http\_header) as array. #8574
+* icmp: double defaults for -w (icmp\_wpl) and -c (icmp\_cpl). #9041
+* logfiles: pass --winwarncrit (logfiles\_winwarncrit) without argument. #9056
+* nwc\_health: pass SNMPv3-only args only when using SNMPv3. #9095
+* vmware-esx-dc-runtime-tools and vmware-esx-soap-vm-runtime-tools:
+  rename --open-vm-tools to --open\_vm\_tools\_ok (vmware\_openvmtools). #9611
+
+#### New Command Arguments
+
+| Command                          | Argument                   | Custom Variable                          | PR    |
+|----------------------------------|----------------------------|------------------------------------------|-------|
+| disk                             | -P                         | disk\_inode\_perfdata                    | #9494 |
+| esxi\_hardware                   | --format                   | esxi\_hardware\_format                   | #9435 |
+| esxi\_hardware                   | --pretty                   | esxi\_hardware\_pretty                   | #9435 |
+| http                             | --verify-host              | http\_verify\_host                       | #8005 |
+| icingacli-businessprocess        | --ack-is-ok                | icingacli\_businessprocess\_ackisok      | #9103 |
+| icingacli-businessprocess        | --blame                    | icingacli\_businessprocess\_blame        | #9103 |
+| icingacli-businessprocess        | --colors                   | icingacli\_businessprocess\_colors       | #9103 |
+| icingacli-businessprocess        | --downtime-is-ok           | icingacli\_businessprocess\_downtimeisok | #9103 |
+| icingacli-businessprocess        | --root-cause               | icingacli\_businessprocess\_rootcause    | #9103 |
+| mem                              | -a                         | mem\_available                           | #9385 |
+| mongodb                          | --disable\_retry\_writes   | mongodb\_disableretrywrites              | #9539 |
+| mongodb                          | --ssl-ca-cert-file         | mongodb\_ssl\_ca\_cert\_file             | #9610 |
+| mysql                            | --extra-opts               | mysql\_extra\_opts                       | #9197 |
+| nrpe                             | -3                         | nrpe\_version\_3                         | #9296 |
+| nrpe                             | -D                         | nrpe\_no\_logging                        | #9016 |
+| nrpe                             | -P                         | nrpe\_payload\_size                      | #9032 |
+| pgsql                            | --extra-opts               | pgsql\_extra\_opts                       | #9197 |
+| postgres                         | $PGCONTROLDATA (env. var.) | postgres\_pgcontroldata                  | #8929 |
+| postgres                         | --datadir                  | postgres\_datadir                        | #8924 |
+| postgres                         | --language                 | postgres\_language                       | #8924 |
+| postgres                         | --perflimit                | postgres\_perflimit                      | #8924 |
+| ssl\_cert                        | --ignore-host-cn           | ssl\_cert\_ignore\_host\_cn              | #9512 |
+| ssl\_cert                        | --ignore-ocsp-errors       | ssl\_cert\_ignore\_ocsp\_errors          | #9512 |
+| ssl\_cert                        | --ignore-ocsp-timeout      | ssl\_cert\_ignore\_ocsp\_timeout         | #9512 |
+| ssl\_cert                        | --ignore-tls-renegotiation | ssl\_cert\_ignore\_tls\_renegotiation    | #9042 |
+| ssl\_cert                        | --proxy                    | ssl\_cert\_proxy                         | #8927 |
+| tcp                              | --sni                      | tcp\_sni                                 | #9347 |
+| vmware-esx-dc-runtime-tools      | --no\_vm\_tools\_ok        | vmware\_novmtools                        | #9611 |
+| vmware-esx-soap-vm-runtime-tools | --no\_vm\_tools\_ok        | vmware\_novmtools                        | #9611 |
+
+### Miscellaneous
+
+* Require GCC 7+ for building to enable C++17. #9133 #9485 #9489
+* Require CMake v2.8.12+ for building.
+  (Compatibility with older ones will be removed from a future CMake version.) #9706
+* Repair config reload on OpenBSD by using waitpid(2), not a SIGCHLD handler. #9518
+* Ignore SIGHUP in main process to allow `/etc/rc.d/icinga2 reload`
+  sending it to all Icinga 2 processes on OpenBSD. #9622
+* Fix crash in debug build on macOS when API and debug log are enabled. #9497
+* Update Boost shipped on Windows to v1.82. #9761
+* Update OpenSSL shipped on Windows to v3.0.9. #9787
+* Update vendored https://github.com/nlohmann/json to v3.9.1. #9675
+* Update vendored https://github.com/nemtrif/utfcpp to v3.2.3. #9683
+* Documentation: several fixes and improvements.  #8954 #9741 #9763 #9767 #9769 #9777
+* Several code quality improvements. #8815 #9106 #9250
+  #9508 #9517 #9537 #9594 #9605 #9606 #9641 #9658 #9702 #9717 #9738
+
 ## 2.13.7 (2023-02-16)
 
 This security release updates Boost and OpenSSL libraries bundled on Windows

ICINGA2_VERSION

@@ -1,2 +1,2 @@
-Version: 2.13.0
+Version: 2.14.0
 Revision: 1

doc/16-upgrading-icinga-2.md

@@ -8,6 +8,33 @@ Specific version upgrades are described below. Please note that version
 updates are incremental. An upgrade from v2.6 to v2.8 requires to
 follow the instructions for v2.7 too.
 
+## Upgrading to v2.14 <a id="upgrading-to-2-14"></a>
+
+### Dependencies and Redundancy Groups <a id="upgrading-to-2-14-dependencies"></a>
+
+Before Icinga v2.12 all dependencies were cumulative.
+I.e. the child was considered reachable only if no dependency was violated.
+In v2.12 and v2.13, all dependencies were redundant.
+I.e. the child was considered unreachable only if no dependency was fulfilled.
+
+v2.14 restores the pre-v2.12 behavior, but allows to override it.
+I.e. you can still make any number of your dependencies redundant, as you wish.
+For details read the docs' [redundancy groups section](03-monitoring-basics.md#dependencies-redundancy-groups).
+
+### Email Notification Scripts <a id="upgrading-to-2-14-email-notification"></a>
+
+The email notification scripts shipped with Icinga 2 (/etc/icinga2/scripts)
+now link to Icinga DB Web, not the monitoring module.
+Both new and existing installations are affected unless you've altered the scripts.
+
+In the latter case package managers won't upgrade those "config" files in-place,
+but just put files with similar names into the same directory.
+This allows you to patch them by yourself based on diff(1).
+
+On the other hand, if you want to stick to the monitoring module for now,
+add any comments to the notification scripts before upgrading.
+This way package managers won't touch those files.
+
 ## Upgrading to v2.13 <a id="upgrading-to-2-13"></a>
 
 ### DB IDO Schema Update <a id="upgrading-to-2-13-db-ido"></a>