|
(CVE-2013-6456) -- LXC device hotplug handling. For more information
on this CVE, see
http://secunia.com/advisories/56187
Changes from previous version (not summarised, sorry):
Features:
bhyve: add a basic driver (Roman Bogorodskiy),
add LXC from native conversion tool (Cédric Bosdonnat),
vbox: add support for v4.2.20+ and v4.3.4+ (Jean-Baptiste Rouault),
Introduce Libvirt Wireshark dissector (Yuto KAWAMURA)
Security:
CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC hotunplug code (Daniel P. Berrange),
CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC chardev hostdev hotplug (Daniel P. Berrange),
CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC block hostdev hotplug (Daniel P. Berrange),
CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC USB hotplug (Daniel P. Berrange),
CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC disk hotplug (Daniel P. Berrange),
CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC shutdown/reboot code (Eric Blake)
Documentation:
bhyve: add basic documentation (Roman Bogorodskiy),
Add docs about use of systemd journal for logging (Daniel P. Berrange),
Auto-generate the table of contents in logging doc (Daniel P. Berrange),
Fix heading level in logging docs (Daniel P. Berrange),
Document the keyboard as a valid input type (Ján Tomko),
bandwidth: Adjust documentation (John Ferlan),
remove <auth> from secret XML format (Ján Tomko),
LXC: added some doc on domxml-from-native with mention of limitations (Cédric Bosdonnat),
libxl: fix libxlDoDomainSave documentation (Jim Fehlig),
grammar fixes in formatdomain (Chen Hanxiao),
maint: fix grammar in conf file (Eric Blake),
Fix minor typo in governance doc (Justin Clift),
Write up the project governance process (Daniel P. Berrange),
man: shm-merge-across-nodes is optional (Ján Tomko),
docs/page.xls: remove unnecessary namespace attribute (Pavel Hrdina),
add a permalink to html headers (Dan Kenigsberg),
storage: Add document for possible problem on volume detection (Osier Yang),
Add "note" for node-memory-tune (Osier Yang),
Improve the document for nodesuspend (Osier Yang),
refer to the correct event ID for DomainEventIOErrorReasonCallback (Claudio Bley),
Add sample output of Wireshark dissector (Yuto KAWAMURA),
Add missing space in <clock> documentation (Christophe Fergeau)
Portability:
build: skip virportallocatortest on cygwin (Eric Blake),
build: ignore cygwin toolchain droppings (Eric Blake),
build: avoid ld_preload tests on mingw (Eric Blake),
build: fix cgroups on non-Linux (Eric Blake),
build: fix build on 32-bit hosts (Eric Blake),
maint: update to latest gnulib, for older autoconf (Eric Blake),
Fix build of portallocator on mingw (Ján Tomko),
lxc: Don't shadow global symbol "link" (Peter Krempa),
storage: Fix build with older compilers afeter gluster snapshot series (Peter Krempa),
spec: add missing dep of libvirt-daemon-config-network (Thierry Parmentelat),
spec: require libvirt-daemon-driver-interface only when built (Thierry Parmentelat),
Fixed build with clang. (Cédric Bosdonnat),
Rename 'index' in virCapabilitiesGetCpusForNode (Ján Tomko),
qemuxml2argvmock: Mock time() on non-linux platforms too (Michal Privoznik),
build: Fix 'make rpm' in VPATH with wireshark (Martin Kletzander),
Remove windows thread implementation in favour of pthreads (Daniel P. Berrange),
Fix pthread_sigmask check for mingw32 without winpthreads (Daniel P. Berrange),
Skip check-augeas-lockd when QEMU is disabled (Daniel P. Berrange),
maint: add configure checks for BSD CPU affinity (Roman Bogorodskiy),
BSD: implement virProcess{Get,Set}Affinity (Roman Bogorodskiy),
tests: Fix PCI test data filenames for Windows (Matthias Bolte),
wireshark: Fix VPATH build (Jiri Denemark),
Honour prefix in wireshark install dir (Daniel P. Berrange),
Use AC_PATH_PROG to search for dmidecode (Roman Bogorodskiy)
Bug fixes:
bhyve: defined domains should be persistent (Roman Bogorodskiy),
Fix journald PRIORITY values (Daniel P. Berrange),
spec: Fix braces around macros (Peter Krempa),
spec: Use correct versions of libgfapi in RHEL builds (Peter Krempa),
network: unplug bandwidth and call networkRunHook only when appropriate (Laine Stump),
network: don't even call networkRunHook if there is no network (Laine Stump),
Fix memory leak in virSCSIDeviceListDel() (Nehal J Wani),
libxl: queue domain event earlier in shutdown handler (Jim Fehlig),
virsh: mark CPU usage field names as translatable (Ján Tomko),
virsh: initialize str to NULL to solve a build issue (Chen Hanxiao),
virsh: Don't leak buffer if GetFDs fails in cmdCreate (Ján Tomko),
libvirt-guests: Wait for libvirtd to initialize (Michal Privoznik),
virSystemdCreateMachine: Set dependencies for slices (Michal Privoznik),
Ignore additional fields in iscsiadm output (Ján Tomko),
libxl: always use libxlVmCleanupJob in shutdown thread (Jim Fehlig),
qemu: adjust maxmem/maxvcpu computation (Eric Blake),
Fix multiple bugs in LXC domainMemoryStats driver (Daniel P. Berrange),
Fix misspelled cpuacct.usage_percpu in cgroup mock. (Thorsten Behrens),
virsh: fix memleak when starting a guest with invalid fd (Jincheng Miao),
networkRunHook: Run hook only if possible (Michal Privoznik),
bridge_driver.h: Fix build --without-network (Michal Privoznik),
Fix conflicting types of virInitctlSetRunLevel (Ján Tomko),
Fix reset of cgroup when detaching USB device from LXC guests (Daniel P. Berrange),
Fix path used for USB device attach with LXC (Daniel P. Berrange),
Don't block use of USB with containers (Daniel P. Berrange),
storage: gluster: Don't leak private data when storage file init fails (Peter Krempa),
storage: handle NULL return from virGetStorageVol (Michael Chapman),
Fix leaks in vircapstest (Ján Tomko),
AppArmor: Fix the place where the template should be installed (Cédric Bosdonnat),
Libvirt lose sheepdogs volumes on pool refresh or restart. When restarting sheepdog pool, all volumes are missing. This patch add automatically all volume from the added pool. (Joel SIMOES),
maint: fix line numbers in check-aclrules reports (Yuri Myasoedov),
qemu: Use correct permissions when determining the image chain (Peter Krempa),
virpci: Resolve coverity issues (John Ferlan),
qemu: keep pre-migration domain state after failed migration (Martin Kletzander),
qemu: Fix crash in virDomainMemoryStats with old qemu (Jiri Denemark),
network: disallow <bandwidth>/<mac> for bridged/macvtap/hostdev networks (Laine Stump),
Honor blacklist for modprobe command (John Ferlan),
qemu: be sure we're using the updated value of backend during hotplug (Laine Stump),
Resolve Coverity dead_error_begin (John Ferlan),
qemu: Fix the error message for scsi host device's shareable checking (Osier Yang),
xen: fix parsing xend http response (Jim Fehlig),
storage: Fix the memory leak (Osier Yang),
Fix buffer size in linuxNodeGetCPUstats (Bing Bu Cao),
util: Correct the NUMA node range checking (Osier Yang),
qemu: Avoid crash in qemuDiskGetActualType (Peter Krempa),
linuxNodeGetCPUStats: Correctly handle cpu prefix (Bing Bu Cao),
qemu: snapshot: Forbid snapshots when backing is a scsi passthrough disk (Peter Krempa),
qemu: snapshot: Avoid libvirtd crash when qemu crashes while snapshotting (Peter Krempa),
lxc: Fix coverity (Martin Kletzander),
qemu: Don't detach devices if passthrough doesn't work (Jincheng Miao),
pci: Fix failure paths in detach (Jiri Denemark),
virSecuritySELinuxSetFileconHelper: Don't fail on read-only NFS (Michal Privoznik),
Fix possible memory leak in virsh-domain-monitor.c in cmdDomblklist (Pavel Hrdina)
Improvements:
virsh: add --all flag to 'event' command (Eric Blake),
virsh: support remaining domain events (Eric Blake),
bhyve: support domain undefine (Roman Bogorodskiy),
Add comments describing the different log sources (Daniel P. Berrange),
Include error domain and code in log messages from errors (Daniel P. Berrange),
Send virLogMetadata fields onto the journal (Daniel P. Berrange),
qemu: Enable 'host-passthrough' cpu mode for arm (Oleg Strikov),
domblkstat: Produce error message that at least sounds like English (Michal Privoznik),
virDomainBlockStats(Flags): Produce saner error message on empty disk path (Michal Privoznik),
tests: avoid littering /tmp (Eric Blake),
sanlock: Truncate domain names longer than SANLK_NAME_LEN (Jiri Denemark),
maint: Fix minor typo (unkown) (Yuri Chornoivan),
libxl: Recognise ARM architectures (Ian Campbell),
virsh: Honour -q in domblklist, vcpupin and emulatorpin (Michal Privoznik),
spec: make systemd_daemon usage configurable (Eric Blake),
spec: require device-mapper-devel for storage-disk (Eric Blake),
spec: explicitly avoid bhyve on Linux (Eric Blake),
build: use --with-systemd-daemon as configure option (Eric Blake),
virNetDevVethCreate: Serialize callers (Michal Privoznik),
network: include plugged interface XML in "plugged" network hook (Laine Stump),
conf: output actual netdev status in <interface> XML (Laine Stump),
conf: new function virDomainActualNetDefContentsFormat (Laine Stump),
conf: re-situate <bandwidth> element in <interface> (Laine Stump),
conf: make virDomainNetDefFormat a public function (Laine Stump),
conf: handle null pointer in virNetDevVlanFormat (Laine Stump),
conf: clarify what is returned for actual bandwidth and vlan (Laine Stump),
rbd: Set timeout options for librados (Wido den Hollander),
rbd: Include return statuses from librados/librbd in logging (Wido den Hollander),
virsh: kill over-engineered asprintf failure recovery (Eric Blake),
virsh: use more compact VIR_ENUM_IMPL (Eric Blake),
libxl: handle on_crash coredump actions (Jim Fehlig),
libxl: add dump dir to libxlDriverConfig object (Jim Fehlig),
libxl: honor domain lifecycle event configuration (Jim Fehlig),
Ensure systemd cgroup ownership is delegated to container with userns (Richard Weinberger),
bhyve: implement node information reporting (Roman Bogorodskiy),
Add virStringReplace method for substring replacement (Daniel P. Berrange),
Add virStringSearch method for regex matching (Manuel VIVES),
virNetServerRun: Notify systemd that we're accepting clients (Michal Privoznik),
Add a stub for virCgroupGetDomainTotalCpuStats (Ján Tomko),
maint: update to latest gnulib (Eric Blake),
virsh: add net-event command (Eric Blake),
virsh: add event command, for lifecycle events (Eric Blake),
virsh: common code for waiting for an event (Eric Blake),
virsh: common code for parsing --seconds (Eric Blake),
libxl: queue shutdown event on domain shutdown (Jim Fehlig),
Rename virDomainGetRootFilesystem to virDomainGetFilesystemForTarget (Daniel P. Berrange),
Introduce new OOM testing support (Daniel P. Berrange),
Add unit test for virCgroupGetPercpuStats. (Thorsten Behrens),
Add unit test for virCgroupGetMemoryUsage. (Thorsten Behrens),
Add unit test for virCgroupGetBlkioIo*Serviced (Thorsten Behrens),
Widening API change - accept empty path for virDomainBlockStats (Thorsten Behrens),
Implement lxcDomainBlockStats* for lxc driver (Thorsten Behrens),
Implement domainGetCPUStats for lxc driver. (Thorsten Behrens),
Make qemuGetDomainTotalCPUStats a virCgroup function. (Thorsten Behrens),
Implement domainMemoryStats API slot for LXC driver. (Thorsten Behrens),
Add util virCgroupGetBlkioIo*Serviced methods. (Thorsten Behrens),
lxc: Add destroy support for suspended domains (Richard Weinberger),
libxl: use job functions in libxlDomainSetSchedulerParametersFlags (Jim Fehlig),
libxl: use job functions in libxlDomainSetAutostart (Jim Fehlig),
libxl: use job functions in device attach and detach functions (Jim Fehlig),
libxl: use job functions in vcpu set and pin functions (Jim Fehlig),
libxl: use job functions in libxlDomainCoreDump (Jim Fehlig),
libxl: use job functions in domain save operations (Jim Fehlig),
libxl: use job functions when cleaning up a domain (Jim Fehlig),
libxl: use job functions in libxlDomain{Suspend,Resume} (Jim Fehlig),
libxl: use job functions in libxlDomainSetMemoryFlags (Jim Fehlig),
libxl: use job functions in libxlVmStart (Jim Fehlig),
libxl: Add job support to libxl driver (Jim Fehlig),
libxl: remove libxlVmReap function (Jim Fehlig),
libxl: always set vm id to -1 on shutdown (Jim Fehlig),
qemu: Use virtio network device for aarch64/virt (Oleg Strikov),
Add a default USB keyboard and USB mouse for PPC64 (Li Zhang),
xen: format xen config for USB keyboard (Li Zhang),
qemu: format qemu command line for USB keyboard (Li Zhang),
qemu: Add USB keyboard capability (Li Zhang),
conf: Remove the implicit PS2 devices for non-X86 platforms (Li Zhang),
conf: Add keyboard input device type (Li Zhang),
conf: Add one interface to add default input devices (Li Zhang),
network: Taint networks that are using hook script (Michal Privoznik),
network: Introduce network hooks (Michal Privoznik),
network_conf: Expose virNetworkDefFormatInternal (Michal Privoznik),
Add helper for running code in separate namespaces (Daniel P. Berrange),
Add virFileMakeParentPath helper function (Daniel P. Berrange),
Move check for cgroup devices ACL upfront in LXC hotplug (Daniel P. Berrange),
Disks are always block devices, never character devices (Daniel P. Berrange),
Record hotplugged USB device in LXC live guest config (Daniel P. Berrange),
qemu: Implement VIR_DOMAIN_TAINT_HOOK (Michal Privoznik),
virDomainTaintFlags: Introduce VIR_DOMAIN_TAINT_HOOK (Michal Privoznik),
Add tests for secret XML parsing (Ján Tomko),
Forgot to add lxcconf2xmldata to dist. (Cédric Bosdonnat),
Support IPv6 in port allocator (Ján Tomko),
Split out bind() from virPortAllocatorAcquire (Ján Tomko),
qemu: snapshot: Add support for external active snapshots on gluster (Peter Krempa),
qemu: snapshot: Use new APIs to detect presence of existing storage files (Peter Krempa),
qemu: Switch snapshot deletion to the new API functions (Peter Krempa),
storage: Add storage file backends for gluster (Peter Krempa),
storage: add file functions for local and block files (Peter Krempa),
storage: Add file storage APIs in the default storage driver (Peter Krempa),
conf: Move qemuSnapshotDiskGetActualType to virDomainSnapshotDiskGetActualType (Peter Krempa),
conf: Move qemuDiskGetActualType to virDomainDiskGetActualType (Peter Krempa),
spec: add missing dep of libvirt-daemon-config-nwfilter (Eric Blake),
lxc from native: removed now remaining useless line (Cédric Bosdonnat),
Fix stream related spelling mistakes (Philipp Hahn),
LXC from native: convert blkio throttle config (Cédric Bosdonnat),
LXC from native: map vlan network type (Cédric Bosdonnat),
LXC from native: map block filesystems (Cédric Bosdonnat),
LXC from native: map lxc.arch to /domain/os/type@arch (Cédric Bosdonnat),
LXC from native: add lxc.cgroup.blkio.* mapping (Cédric Bosdonnat),
LXC from native: map lxc.cgroup.cpuset.* (Cédric Bosdonnat),
LXC from native: map lxc.cgroup.cpu.* (Cédric Bosdonnat),
LXC from native: migrate memory tuning (Cédric Bosdonnat),
LXC from native: convert lxc.id_map into <idmap> (Cédric Bosdonnat),
LXC from native: convert macvlan network configuration (Cédric Bosdonnat),
LXC from native: convert lxc.tty to console devices (Cédric Bosdonnat),
LXC from native: convert phys network types to net hostdev devices (Cédric Bosdonnat),
LXC from native: migrate veth network configuration (Cédric Bosdonnat),
LXC from native: implement no network conversion (Cédric Bosdonnat),
LXC from native: migrate fstab and lxc.mount.entry (Cédric Bosdonnat),
LXC from native: import rootfs (Cédric Bosdonnat),
LXC driver: started implementing connectDomainXMLFromNative (Cédric Bosdonnat),
Improve virConf parse to handle LXC config format (Cédric Bosdonnat),
event: pass reason for PM events (Eric Blake),
event: convert remaining domain events to new style (Eric Blake),
event: client RPC protocol tweaks for domain lifecycle events (Eric Blake),
event: prepare client to track domain callbackID (Eric Blake),
event: server RPC protocol tweaks for domain lifecycle events (Eric Blake),
event: dynamically manage server-side RPC domain events (Eric Blake),
qemu: Implement a stub cpuArchDriver.baseline() handler for aarch64 (Oleg Strikov),
libxl: register for domain events immediately after creation (Jim Fehlig),
libxl: rename libxlCreateDomEvents to libxlDomEventsRegister (Jim Fehlig),
vircapstest: Introduce virCapabilitiesGetCpusForNodemask test (Pradipta Kr. Banerjee),
Handle non-sequential NUMA node numbers (Pradipta Kr. Banerjee),
storage: gluster: Set volume metadata in a separate function (Peter Krempa),
qemu: introduce spiceport chardev backend (Martin Kletzander),
qemu: remove pointless condition (Martin Kletzander),
qemu: rework '-serial none' (Martin Kletzander),
conf: introduce spiceport chardev backend (Martin Kletzander),
rbd: Use rbd_create3 to create RBD format 2 images by default (Wido den Hollander),
build: correctly check for SOICGIFVLAN GET_VLAN_VID_CMD command (Laine Stump),
virNetworkLoadState: Disallow mangled 'floor' element (Michal Privoznik),
networkStartNetwork: Be more verbose (Michal Privoznik),
qemu: hyperv: Add support for timer enlightenments (Peter Krempa),
conf: Enforce supported options for certain timers (Peter Krempa),
schema: Fix guest timer specification schema according to the docs (Peter Krempa),
apparmor: Improve profiles (Felix Geyer),
Add glusterfs to VIR_CONNECT_LIST_STORAGE_POOLS_FILTERS_POOL_TYPE (Christophe Fergeau),
libxl: remove unneeded locking of driver when restoring (Jim Fehlig),
libxl: improve subprocess handling (Jim Fehlig),
libxl: handle domain shutdown events in a thread (Jim Fehlig),
libxl: remove list of timer registrations from libxlDomainObjPrivate (Jim Fehlig),
libxl: fix leaking libxlDomainObjPrivate (Jim Fehlig),
qemu_driver: Introduce <filesystem/> support in device attach/detach (Matthieu Coudron),
virDomainHostdev{Insert,Delete}: Replace VIR_REALLOC_N by VIR_{APPEND,DELETE}_ELEMENT (Matthieu Coudron),
qemuxml2argvtest: Set timezone (Michal Privoznik),
virsh: only report filled values in nodecpustats (Ján Tomko),
BSD: implement nodeGetCPUStats (Roman Bogorodskiy),
qemu: blockjob: Print correct file name in error message (Peter Krempa),
maint: Change the text of the NULLSTR() macro to "<null>" (Peter Krempa),
qemuxml2argvtest: Test localtime clock basis (Michal Privoznik),
qemuBuildClockArgStr: Allow localtime clock basis (Michal Privoznik),
Generate a valid imagelabel even for type 'none' (Ján Tomko),
event: move event filtering to daemon (regression fix) (Eric Blake),
rpm: create libvirt-wireshark sub-package (Eric Blake),
tests: Add test for new virkmod functions (John Ferlan),
utils: Introduce functions for kernel module manipulation (John Ferlan),
network: change default of forwardPlainNames to 'yes' (Laine Stump),
network: only prevent forwarding of DNS requests for unqualified names (Laine Stump),
virnetdevbandwidthtest: Link with libxml2 (Michal Privoznik),
spice: don't force user to specify spicevmc channel (Martin Kletzander),
virnetdevbandwidthtest: Introduce some more tests (Michal Privoznik),
virnetdevbandwidthtest: fix hard coded /sbin/tc (Cédric Bosdonnat),
Push nwfilter update locking up to top level (Daniel P. Berrange),
Add a read/write lock implementation (Daniel P. Berrange),
tests: Modify the scsi util tests (Osier Yang),
util: Accept test data path for scsi device's sg_path (Osier Yang),
tests: Add tests for scsi utils (Osier Yang),
util: Add one argument for several scsi utils (Osier Yang),
qemu: Don't fail if the SCSI host device is shareable between domains (Osier Yang),
virnetdevbandwidthtest: Introduce testVirNetDevBandwidthSet (Michal Privoznik),
virCommand: Introduce virCommandSetDryRun (Michal Privoznik),
snapshot: Add support for specifying snapshot disk backing type (Peter Krempa),
tests: Add more tests for virConnectBaselineCPU (Jiri Denemark),
cpu: Try to use source CPU model in virConnectBaselineCPU (Jiri Denemark),
cpu: Fix VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES (Jiri Denemark),
tests: Better support for VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES (Jiri Denemark),
Reword error message for oversized cpu time fields (Ján Tomko),
Simplify linuxNodeGetCPUStats (Ján Tomko),
Add hw random number generator (/dev/hwrng) to cgroup ACL (Pradipta Kr. Banerjee),
tests: Introduce virnetdevbandwidthtest (Michal Privoznik),
Add test for linuxNodeGetCPUStats (Ján Tomko),
Move test-local declarations to nodeinfopriv.h (Ján Tomko),
qemu: Enable 'host-passthrough' cpu mode for aarch64 (Oleg Strikov),
Block info query: Add check for transient domain (John Ferlan),
maint: update to latest gnulib, for mingw improvements (Eric Blake),
util: Add "shareable" field for virSCSIDevice struct (Osier Yang),
storage: Fix autostart of pool with "fc_host" type adapter (Osier Yang),
api: require write permission for guest agent interaction (Eric Blake),
virtlockd: make re-exec more robust (Michael Chapman),
build: add $(prefix) to SYSTEMD_UNIT_DIR (Laine Stump),
spice: expose the QEMU disable file transfer option (Francesco Romani),
spice: detect if qemu can disable file transfer (Francesco Romani),
lxc: allow to setup throttle blkio cgroup through virsh (Gao feng),
Add test for transient disk support in VMX files (Wout Mertens),
Make syntax check notice assignments w/o surrounding spaces. (Thorsten Behrens),
maint: align whitespaces with project conventions. (Thorsten Behrens),
virpcitest: Test virPCIDeviceDetach failure (Jiri Denemark),
virpcimock: Add PCI driver which always fails (Jiri Denemark),
virpcitest: More tests for device detach and reattach (Jiri Denemark),
virpcimock: Mock /sys/bus/pci/drivers_probe (Jiri Denemark),
pci: Publish some internal code for virpcitest (Jiri Denemark),
virpcitest: Show PCI device tested by each test (Jiri Denemark),
pci: Make reattach work for unbound devices (Jiri Denemark),
qemu: allow to setup throttle blkio cgroup through virsh (Gao feng),
virsh: add setting throttle blkio cgroup option to blkiotune (Gao feng),
blkio: Setting throttle blkio cgroup for domain (Gao feng),
domain: introduce xml elements for throttle blkio cgroup (Gao feng),
maint: replace remaining virLib*Error with better names (Eric Blake),
maint: simplify driver registration at startup (Eric Blake),
maint: clean up error reporting in migration (Eric Blake),
maint: don't lose error on canceled migration (Eric Blake),
maint: avoid nested use of virConnect{Ref,Close} (Eric Blake),
maint: don't leave garbage on early API exit (Eric Blake),
qemu: Change the default unix monitor timeout (Martin Kletzander),
storage: Sheepdog: Separate creating of the volume from building (Peter Krempa),
storage: RBD: Separate creating of the volume from building (Peter Krempa),
storage: Support deletion of volumes on gluster pools (Peter Krempa),
conf: Always use VIR_ERR_CONFIG_UNSUPPORTED on enumFromString() failures (Christophe Fergeau)
Cleanups:
build-sys: Removed unused variable from configure.ac (Christophe Fergeau),
qemu: remove memset params array to zero in qemuDomainGetPercpuStats (Gao feng),
util: Fix the indention (Osier Yang),
virsh: Fix the string breaking style (Osier Yang)
|
|
PR pkg/48465 by ISIHARA Takanori.
Version 5.6
IMPROVEMENTS:
* SMTP AUTH LOGIN support added (MS Exchange SMTP authentication
should now work).
* favicon.ico added to the HTTP interface.
BUGFIXES:
* If an undefined checksum test was used and the file did not exist
on Monit start, Monit would return an error.
* If the configuration file ended with a comment but with no trailing LF
character, Monit would return syntax error.
* If a service timed out after too many restarts and alert was used as
the action, then the Timeout flag remained set even if the service
recovered.
* SmartOS zone system memory usage report fix.
* Escape mail messages properly for sending via SMTP.
* Escape XML messages properly.
* Compilation: fix the configure script to support default compiler
paths when searching for OpenSSL (fixes library search on multi-
architecture platforms like Debian and Ubuntu).
Version 5.5.1
IMPROVEMENTS:
* Info and debug messages are no longer sent to stderr, only to stdout.
Thanks to Sergey Kirpitchev for initial patch.
* Improved output from 'check program', If the program returns an error
message, include only that message in alert $DESCRIPTION so users can
compose their own alert format. If program provided no output on
error, use a default message.
* Improved "check system", $HOST can now be used as a service name.
$HOST will expand to the system hostname. Example: check system $HOST
BUGFIXES:
* Fixed "Unable to read magic" which was reported on first Monit start.
Version 5.5
IMPROVEMENTS:
* check program:
- Multiple exit values can be tested within single program check
- Exit value test supports multiple cycles option ("for X cycles")
- If exit value test matches and the stderr has no data, try stdout
Example syntax:
check program mytest with path "/usr/bin/mytest.sh" with timeout 1000 seconds
if status == 2 then exec "/usr/local/bin/fix_script.sh"
if status == 2 for 6 cycles then unmonitor
if status == 10 then alert
* Renamed mail header (message-id and mime-version) to prevent
triggering spam check of capitalization. Thanks to Ryan Lee
for tips.
* The 'check system <name>' statement sets the system hostname in mail
alerts and initial hostname in M/Monit.
* Increase the default mailserver timeout to 30 seconds.
* Add support for OpenBSD 5.x
BUGFIXES:
* Fix the rare hung on linux which may occur during program execution.
Thanks to Nick Upson for report.
* In the case that the process start/restart execution failed,
monit kept "Execution failed" flag even if the process was
recovered later (for example it was starting slowly or manually
recovered).
* Fix the mail alert (strict SMTP implementation) to pass
MTA-side sanity checks like postscreen. Thanks to Len Conrad
for report.
* The -t option tests the configuration file syntax even if the
file permissions are wrong. Thanks to Adam Nielsen for report.
* Do not display the default non-existence test for the check
program (not applicable in the check program context).
Version 5.4
IMPROVEMENTS:
* New process uptime test added. Allows to do some action in
the case that the process uptime matches the given limit.
For example to restart the process once per 3 days:
if uptime > 3 days then restart
* Linux uCLibc support: use internal getloadavg implementation
in the case that the system libc doesn't implement it.
BUGFIXES:
* The monit hostname will fallback to plain machine's hostname if the
lookup for FQDN hostname didn't found matching entry. The problem
was, that based on the order in the /etc/hosts the FQDN lookup
returned sometimes 'localhost' instead of the FQDN hostname.
* The CPU usage for multi-threaded processes on multi-core machine was
reported incorrectly in the case that the process used more CPU
resources then equivalent to one core. Thanks to Tom Pepper for patch.
* The content match test now sends one event per cycle and pattern.
Even if there are multiple lines matching the same pattern, only
one event will be generated. Also the event rate is fixed now, so
it is possible to require match for X cycles before generating the
event.
* The /proc/ files content match test was skipped, as the file size on
the procfs is 0, so monit supposed that there is no content to read.
* FreeBSD: If the monitored process had children with multiple threads,
the total memory usage was reported incorrectly. Thanks to Phil Kulin
for reporting the problem.
* Allow reading status and perform Monit actions when using client SSL
certificate. Previously, if Monit http server was setup to use ssl
and a client cert, status and action failed. Thanks to Markus Linnala
for initial patch.
* When the process is starting/stopping, do the process state check more
effectively to not stress the low power devices with aggresive polling.
Thanks to Thomas Petazzoni for initial patch.
* Make the process start/stop wait resistant to large time changes.
* Compilation: If PAM is enabled but the PAM headers or library are not
found by the configure script, it will report error.
* Cross-compilation: the configure checks the setjmp and vsnprintf with
test program which usually cannot be executed when cross-compiling
for other architecture. The configure script now takes the following
arguments which allow to specify whether the setjmp works on this
platform and whether the vsnprintf is C99 compliant. Thanks to
Thomas Petazzoni for patch.
./configure \
libmonit_cv_setjmp_available=[yes|no] \
libmonit_cv_vsnprintf_c99_conformant=[yes|no]
* Manual page language fixes. Thanks to Jonathan Boulle for patch.
Version 5.3.2
BUGFIXES:
* Fix bug #34801: The file content match test did reset of the
read position in the case that the unmonitor or stop action
was done. When the file monitoring was enabled again, the
content match test was applied to the content which was
tested already.
* Log error details in the case that the name resolving failed.
* Fix the system cpu usage statistics when pattern based process
check is used and the service is restarted. Thanks to Wayne
Lawrence for report.
* AIX 6.1 compile fix. Thanks to Benedikt Wegmann for patch.
* Debian Bug#652715: "include files not found" warning. Do not
display the warning if the include directory is empty.
Version 5.3.1
IMPROVEMENTS:
* Log the particular connection attempt failure in debug mode
when the retry is enabled.
* Monit can deliver events and status to independent M/Monit
instances if multiple mmonit URLs are set:
set mmonit https://user1:pass1@mmonit1/collector
https://user2:pass2@mmonit2/collector
BUGFIXES:
* The ICMP echo (ping) test may report false positive error
if the machine where Monit is running has heavy ICMP
traffic generated by other applications.
* The file content match test will be performed even on the
existing content when Monit starts. The last position is
saved to the statefile, so monit won't generate alert
after restart. Note that when you start the monit 5.3.1
the first time, it can do actions for content match which
was handled by previous monit version already as the
previous monit versions didn't saved the position.
* Make the monitoring state persistent for manual mode services.
* Display the memory usage total % in the status overview.
The memory usage in kB displayed the total already, so the
percentage didn't match.
* Fix the HTML overview page alignment in the Internet Explorer.
Thanks to Darhl Thomason for patch.
* Extend the SSL library search path for Debian Sid.
* Fix Solaris 10 compilation and Sun Studio support.
* Fix sporadic SSL routines:func(169):reason(161) errors
* If MySQL protocol test failed, report the correct MySQL
error code. Thanks to Vitaly Lipatov for patch.
Version 5.3
* New 'check program' statement added. Allows to check the exit
status of an external program or script from Monit.
* Added crontab style support for individual services. You can
now specify when an individual service should run its checks
(or not run). You can now, for instance, specify that apache
should be checked continuously, except between 1AM-5AM on
Sunday.
* Connection retry option added. Allows to retry a network
connection in the same testing cycle before reporting an error.
* Detailed protocol connection errors are now included in alerts.
* The HTML overview page displays the CPU and memory total now
(including children), so real service related usage is displayed
also for services which spawn worker processes, such as Apache
or Spamassassin.
* HTML view improvements
* Fix MySQL protocol test: MySQL 5.5.12 returns new error code in
the case of authentication failure.
* Fix Debian bug #621047: monit fails to build after SSLv2 removal
* Fix crash on Solaris which may occur if the system load is zero.
Thanks to Paul Sun for report.
* The stacktrace logging on error is disabled in -v (verbose) mode
as it was too verbose for common service debugging tasks, it can
be enabled using -vv option.
* Improve how fast Monit check if a program was started or stopped.
Thanks to Michael Renner for patch.
* Fix the monitoring state presentation during service restart which
temporarily displayed "Not monitored", whereas the monitoring was
enabled.
* The "data collected" is updated only if the check was not skipped.
Version 5.2.5
* Fix process match check - when the monitored process failed and
was restarted by Monit, Monit didn't recognized it is running
after the restart and reported start failure (similar on stop).
Thanks to Kenichi Futatsumori for report and helping to root
cause the problem.
* Fix Debian #617259: symbolic links in the filesystem check doesn't
work. Thanks to Sergey B Kirpichev for report.
* Fix Debian bug #614984: smtp protocol test issues both EHLO and
HELO. Thanks to Sergey B Kirpichev for report.
* Fix bug #32583: Multiple SIP OPTIONS messages use the same header
data. Thanks to Hugh Waite for patch.
* Try harder to get FQDN hostname for the host where monit is running.
The hostname in the $HOST variable which is used in the mail sender
may thus change. Thanks to Sergey B Kirpichev for patch.
* AIX: Fix the time display which was off by GMT difference. Thanks
to Helen Chen for report.
* AIX: Fix the M/Monit heartbeat. Thanks to Helen Chen for report.
* Support symbolic link to monit configuration file.
* Fix crash when monit daemon start delay option was used and monit
was signalized to stop before the start delay passed. Thanks to
John Schult for report.
Version 5.2.4
NEW FEATURES AND FUNCTIONS:
* Added the "procmatch" CLI command which allows for easy testing
of pattern for process match check. The command takes regular
expression as an argument and displays all running processes
matching the pattern. Example usage:
$ monit procmatch "iChatAgent"
* Set the default log file mask to 0640 (originally it was 0664).
Thanks to Sergey B Kirpichev.
* Reduced monit memory footprint by ca. 10%.
BUGFIXES:
* FreeBSD, NetBSD, OpenBSD, MacOSX, Solaris filesystem check fix:
If block/character device was used in the filesystem path instead
of mountpoint, monit reported usage of wrong filesystem.
* NetBSD filesystem check: Fix space usage report.
* Fix memory usage monitoring in OpenVZ VPS 2.6.32 virtual hosts.
Thanks to Kelly for report.
* If the protocol test failed, show the request in the event. Thanks
to Marco for report.
* Randomize the mail message id to prevent duplicates in the case, that
the same hostname is used on multiple hosts running monit and messages
are generated in the same second in parallel. Thanks to Sergey B
Kirpichev.
* Spelling fixes. Thanks to Sergey B Kirpichev.
Version 5.2.3
BUGFIXES:
* Mysql protocol test supports mysql 5.5.x and newer now.
Version 5.2.2
BUGFIXES:
* Fix crash on MacOSX
* ICMP echo test (ping):
- bug #31128: do not log error if different response type is received
- bug #31129: do not require root to use ping test. Privilege to create
raw socket is still required, but on some platforms such as Solaris it
can be granted to non-root users too. If the user has no permission to
perform ping, monit will skip the icmp test and log message (in debug
mode only).
* rsync protocol test:
- wait for full server response and verify exit was received
- bug #31249: send full version to rsync server. Thanks to John Hall
for report
Version 5.2.1
BUGFIXES:
* HTTP and URL protocol tests: Fixed a problem where HTTP protocol
tests using a specific request always failed. This bug may also
affect URL tests. The problem was caused by faulty URL encoding. In
the process of fixing this bug the new feature that allowed slash in
service names has been reverted and instead will be added in a later
release.
Version 5.2
NEW FEATURES AND FUNCTIONS:
* Added support for monitoring processes without pidfile using pattern
matching. You can use POSIX regular expressions or string matching
process name with arguments as provided by the 'ps' utility. If the
pattern matches multiple processes, the first match is used.
Example:
check process debian
matching "/usr/lib/vmware/bin/vmware-vmx .*deb.vmx"
* Added support for swap monitoring. Example:
check system myserver
if swap usage > 25% then alert
* Allow to override the default action when service doesn't exist. The
default action is restart, it can be customized with following
statement:
if [does] not exist [[<x> times within] <y> cycles] then <action1>
* Monit automatically registers credentials with M/Monit now, so it's
not necessary to set it manually in M/Monit anymore. To disable
credentials registration:
set mmonit https://monit:monit@10.0.0.1:8443/collector
and register without credentials
* Added memcache protocol test. Thanks to Sébastien Debrard for the
patch.
* Added openssl FIPS to Monit httpd. Thanks to Lior Okman for the
patch.
* The 'check system' can now use start/stop program statements too.
* Added the option to set the "Reply-To" mail header in mail-format.
* Display backtrace on error if debug mode is enabled (requires
backtrace support in libc)
BUGFIXES:
* Show real process uptime - formerly the presented uptime was based
on create and modify timestamp of process' pidfile which provides
invalid uptime if the pidfile is replaced and process keeps running
with original PID. Thanks to Nima Chavooshi for report.
* When user triggered action for some service (such as stop) and
before that action completed user triggered another action for the
same service (such as start), the second action has been ignored.
Monit will not accept new action and return temporary error until
the previous action completed.
* If process resource usage gathering failed, retry next cycle as the
error can be temporary.
* Fixed sporadic failures when SSL was used.
* ICMP echo test (ping):
- fixed sporadic false positive/negative
- removed limit of 20 pings per cycle
* DNS test:
- accept NS root request refusal as correct response because
server reacts on request
- accept authority answer as alternative to record. Thanks to
Nick Osborn for patch
* RADIUS test fix. Thanks to Alan DeKok for patch.
* M/Monit heartbeat is fully independent of testing cycle now to
prevent false positive when service test blocks.
* Fixed SMTP STARTTLS protocol, required for servers that adhere
strictly to RFC 3207 4.2. Thanks to Lorenzo A. Sedano Cadinanos for
patch.
* Service name:
- allow the service name to start with "/"
- fixed handling of the service names which contain "/" in the
name in Monit web interface. Thanks to Artyom Khafizov for
patch.
* When 'check system' is not defined, monit adds it automatically
using hostname for service name. If existing service was defined
with the same service name (matching hostname), monit didn't added
the entry and reported confusing error message pointing to the end
of configuration file. Thanks to Thorsten Kampe for report and help.
* Remove extra NL characters from message when resource succeeded
event is sent. The extra NL character may break the mail headers.
Thanks to Hanno Boeck for patch.
* Fixed display of cpu user/system/wait usage which temporarily
displayed -1.0% between two monitoring cycles while cpu monitoring
was initializing. Thanks to Marcus Muelbuesch for report.
* Fixed display of port response time as -1 if 'monit status' was
called in the middle of service test.
* Fixed display of service initializing state after monit start or
reload.
* Fixed MONIT_DESCRIPTION environment variable. Thanks to Marco
Roeland for patch
* AIX:
- fixed compilation
- fixed system load average monitoring
- fixed ICMP echo test
* Mac OS X:
- allow monitoring of system-wide load average, cpu and memory
usage even if
Monit is running as non-root user
* NetBSD:
- fixed ICMP echo test
Version 5.1.1
BUGFIXES:
* Fix FTP protocol test. Thanks to Axel Reinhold for report.
* Fix the HTTP protocol test's hostheader option which was added in 5.1.
Thanks to Naoya Nakazawa for report.
* Removed warning about missing system service check. Missing system service
check is not error and it shouldn't be reported as such.
* Fix manual page formating. Thanks to Stefan Alfredsson for report.
Version 5.1
NEW FEATURES AND FUNCTIONS:
* It is now possible to define any action for the restart timeout rule.
Multiple restart timeout rules can also be defined. Example:
if 3 restarts within 5 cycles then exec "/foo/bar"
if 8 restarts within 10 cycles then unmonitor
* Service can be added to multiple groups. Thanks to Brad Gessler
for suggestion. Syntax:
check filesystem wwwdata with path /www
group www
group filesystem
* Added GPS protocol test. Thanks to Sebastien Debrard for patch.
* Added RADIUS protocol test. Thanks to Alan DeKok for patch. Example syntax:
check process radiusd with pidfile /var/run/radiusd.pid
start program = "/etc/init.d/freeradius start"
stop program = "/etc/init.d/freeradius stop"
if failed
host 127.0.0.1 port 2000 type udp protocol radius secret testing1234
then alert
if 5 restarts within 5 cycles then timeout
* The HTTP protocol test now supports a hostheader option which allows to
override Host header in HTTP request. It can be used for example
to test a farm of HTTP servers by IP addresses and to set specific
Host header. Thanks to Brady Catherman for patch. Example:
if failed host 192.168.1.100 protocol http hostheader "example.com" then alert
* If an error occur during Monit command-line execution, report the error
and exit with 1, so it is possible to react if Monit is used from a script.
On success, 0 is returned as usual. Previously, Monit always exited with
0 even if an error occurred.
* Do not require SSL version type when specifying SSL communication with M/Monit
(SSL version is set to auto).
* If the Monit http interface failed to start, provide more details about
the reason.
BUGFIXES:
* Support resource monitoring (cpu usage, etc.) when Monit is running
inside virtual environment. Tested on:
- FreeBSD jail
- Solaris zone
- Linux Vserver
* Fix #26752: inside Solaris Zone, Monit failed to detect children
and computed host memory wrong
* On Solaris, FreeBSD, NetBSD and OpenBSD, Monit no longer needs to run as root user
in order to be able to watch process resource usage (cpu and memory).
* Send heartbeat to M/Monit even if Monit is busy in a long testing cycle to prevent
false alerts about non-responsive Monit agent.
* Fixed SMTP protocol test which may sometimes incorrectly
report ESMTP protocol failure. Thanks to Axel Reinhold for
report.
* Fixed content match check which reported only first
match during the same cycle. Thanks to Pavel Shevaev for
report.
* Allow for the use of complete SSL certificate chains.
Thanks to Lawrence Tan for patch.
* Added support for multiline greetings to FTP protocol test.
Thanks to Giovanni D'Cristina for report.
* Fix Debian Bug #541139: uses gethostbyname() and thus does
not work with "options inet6" in /etc/resolv.conf. Thanks to
Michael Stapelberg for patch.
* If Monit configuration allowed http interface access for a read-only
user and it was specified as the first allow entry, Monit command line
commands failed because it used the read-only account so commands
like start, stop, etc. were rejected. Monit will now use full access
regardless of allow option order. Thanks to Thorsten Kampe for report.
* Passive monitoring mode fixed. Thanks to Nelson Vale for report.
* Fixed #27784: wait_start/wait_stop can advance too quickly.
Thanks to Randy Puro for report.
* Solaris resource usage fixed when Monit was compiled with optimizations enabled.
* Fixed #28369: escape XML properly
* Check service name uniqueness when 'check system' is missing in monitrc and virtual
system service with name set to local hostname is added. Thanks to Marcus Muelbuesch
for report.
* Fix crash when queued event delivery was retried for service which was no longer
configured in Monit.
Version 5.0.3
BUGFIXES:
* Fixed #26664: crash on service timeout or unmonitor action
(introduced in 5.0.2). Thanks to Bretislav Kubesa and
Michael Shigorin for report.
* Removed the configure --without-resource option. If the user
who is running Monit doesn't have permissions to check the
processes state, the related checks are disabled dynamically.
Version 5.0.2
BUGFIXES:
* 35 improvements based on code scan with Klocwork
(http://www.klocwork.com/) which we were evaluating.
Huge thanks to Klocwork for their great product.
* Fixed #26382: if start or stop script for some service didn't
exist, monit logged error during configuration file parsing and
refused to start. Monit now just logs warning and continues.
Version 5.0.1
BUGFIXES:
* Fixed a bug where Monit did not stop logging succeeded events.
This bug occurred if PID, PPID, timestamp or size change tests
were used and failed and then succeeded again.
Version 5.0
NEW FEATURES AND FUNCTIONS:
* M/Monit support added. If you run Monit on more than one
server, you can use M/Monit to manage and control all your
Monit enabled servers from one simple Web Interface. See
http://mmonit.com/ for details.
* Support use of symbolic links in filesystem check. Thanks to
Aleksander Kamenik for suggestion. Example:
check filesystem rootfs path
/dev/disk/by-uuid/4ef973f7-67d1-4bb0-8223-cb1c692b72e4
if space usage > 95% then alert
if inode usage > 95% then alert
* If no 'set mailserver' was defined in monitrc, Monit tried to
fallback to localhost:25 SMTP server. This fallback was removed
since it may be confusing. If you want to deliver mail alerts
from Monit, the 'set mailserver' option is necessary. In case
it is missing, Monit will log appropriate error and hint to add
it.
* The generic send/expect protocol test limited the expect input
to 256 bytes. It's possible to set the input buffer for expect
globally - for example: set expectbuffer 20 kb Thanks to Asil
Carlin for suggestion.
* The following event types were added CONTENT, FSFLAGS, PID and
PPID and the following generic event types CHANGED and MATCH were
removed and replaced by the above types and with the existing SIZE,
CHECKSUM, TIMESTAMP events so the information is more specific
The event types are internal to Monit and unless you have used
either CHANGED or MATCH event in your alert filters, no change
is necessary (alerts are delivered as usual, the tests just use
different types internally).
* Monit now generates a unique id on first start and store the id
in a permanent file. This id is used in protocol communication
between Monit and M/Monit to pair a Monit instance with it's
host entry in M/Monit. By default the id file is placed in
$HOME/.monit.id. The location can be changed by using the set
idfile statement, for example:
set idfile /var/monit.id
* Monit now keep its service monitoring state even on Monit
restart. Previously Monit dropped the state when it was stopped
correctly. Services in manual monitoring mode will remember the
monitoring state across Monit restarts. If Monit is used in a
cluster, it is recommended to place the state file in a
temporary filesystem incase the primary machine will crash and
the the spare machine takeover, the state will be dropped on
reboot for the crashed machine and the services in manual
monitoring mode won't be started on reboot. For example the
"set statefile /tmp/monit.state" can be used to place the state
file in the /tmp/ filesystem.
* Added a protocol test for testing the LMTP protocol. Thanks
to Fco. Javier Felix for patch.
* Added the start delay option for daemon statement which allows
to pause Monit on its startup for a while. If monitored
services are started by init scripts in parallel on system
boot, Monit may be too fast and detect that the service is not
running (yet) and restart the service. Note that it's still
recommended Monit is setup to be responsible for service
startup (that is, don't use init to start Monit controlled
services, instead use Monit). This will ensure correct startup
without need for a start delay since Monit will have full
control of service startup. Many users start services from init
on boot anyway, so in such cases this option will solve their
problems. Default start delay is 0 which corresponds to the
current behavior. Example syntax which will make Monit wait one
minute before starting its first monitoring cycle:
--8<--
set daemon 5 with start delay 60
--8<--
Thanks to Fco. Javier Felix for patch.
* Added PAM support for Monit http interface authentication. Note
that PAM is not supported on all platforms - currently works on
Linux, Mac OS X, FreeBSD, NetBSD. Monit uses the PAM service "monit".
Here is a Monit PAM service example for Mac OS X which is able
to authenticate system users for Monit access -
/etc/pam.d/monit:
--8<--
# monit: auth account password session
auth sufficient pam_securityserver.so
auth sufficient pam_unix.so
auth required pam_deny.so
account required pam_permit.so
--8<--
And configuration for monitrc which allows only group admins
to access the http interface:
--8<--
set httpd port 2812 allow @admin
--8<--
See the PAM manual page for details on how to configure the PAM
service on your system and the available PAM plugins. Thanks to
Wilhelm Meier for patch.
* Added more detailed reports for Monit resource tests on service
recovery. Thanks to Lars Kotthoff for patch.
* Set locale to C.
* Added a protocol test for testing the SIP protocol which is
used by popular communication servers such as Asterisk and
FreeSWITCH. We received two patches for this protocol and have
taken code from both and merged them. Many thanks to Bret
McDanel and to Pierrick Grasland for supplying the patches.
* Added MONIT_DESCRIPTION to the list of environment variables
available to programs started by monit. Thanks to Morten
Bressendorff Schmidt for patch.
* If a service group is specified for Monit CLI action,
Monit no longer requires the "all" verb, so the following
command is possible:
monit -g web stop
If group is not specified (i.e. the -g option is omitted), the
service name or "all" is still required as a safeguard.
* Added an option to the 'set mailserver' statement so it is
possible to override the hostname used in SMTP EHLO/HELO and in
the Message-ID header when sending mail. Monit defaults to use
the localhost name. I.e. what you get when executing this
command 'uname -n'. Overriding the host name can be useful if
the host does not have a DNS entry and if the receiving
mailserver uses DNS verification as spam protection. The new
override option is:
set mailserver foo.bar.baz using hostname "my.monit.host"
* A new Event_Action type was added which reports actions
performed on Monit's administrator request (either via web
interface or CLI). If you don't want to received these events,
you can set the mail-filter for "action" event type.
* NOTA BENE: Monit start action is synchronous now. This improves
the startup sequence for dependent services, since Monit will
wait for parent service to start before trying to start the
child.
* It is now possible to define execution timeout for start and
stop commands. That is, how long Monit will wait after
executing a command before it assume execution failed. If the
timeout option is omitted, Monit defaults to 30 seconds. You
can override the timeout for example for services which are
starting slower.
Example syntax:
start program = "/bin/foo start" with timeout 60 seconds
* The event passed state is renamed to succeeded as this name
more reflects the state of things.
* The device service test is renamed to filesystem.
BUGFIXES:
* Some linux virtualization platforms report CPU count as 0.
Monit then dynamically disabled CPU usage monitoring. In such
case we now override the CPU count from 0 to 1 so resource
usage monitoring can continue. Thanks to Jenny Hopkins for
report.
* Increased the server socket backlog queue which will make Monit
able to handle more services. Thanks to Jochen Kramer.
* Fixed #24866: Email messages such as: cpu wait usage check
succeeded [current cpu wait usage=17.4%] were displayed as
"...usage<SOMEGARBAGE>.4%". The problem was incorrect transfer
encoding header in the email (the body itself was OK). Thanks
to Dave Cheney for report.
* When a Monit shutdown requested was issued while Monit were
working and testing services, Monit did not shutdown until all
work were done, i.e. until all services were tested. Monit will
now shutdown faster - as soon as it finish testing the current
service.
* Monit blocked/unblocked SIGTERM, SIGINT SIGHUP and SIGUSR1
signals during operation to protect certain code sections. When
a signal was sent during such a time, for example to stop
Monit, it was dropped and had to be retried in order to stop
Monit. This limitation is now removed and signals will be
processed at any time. Thanks to Nicola Tiling for report.
* If the Monit httpd allow option did not include a
user:password, Monit CLI logged the following error (even if
the action was performed anyway):
Cleartext credentials needed for basic authorization!
This error was false - even access restriction based on
host/net is sufficient - user and password is just one of
possible options (not requirement). Thanks to Gilad Benjamini
for report.
* Allow localhost as a value for the host header in the http
protocol test instead of setting an empty host header and let
the http server decide
* The 'if changed checksum ...' test can now be used even if a
monitored file doesn't exist at Monit startup. Thanks to Joe
Shang for report.
* If both event handlers (M/Monit and mail alerts) temporarily
failed at once and event queue was enabled, events will be
stored in the queue and delivered in the next cycle. However, a
bug caused delivery to be retried for every cycle for both
handlers if just one of them was recovered. Monit could then
deliver the same message multiple times until both handlers
recovered. The problem is now fixed and only one copy of the
event is sent even if only one handler did recover.
* Make unit in size test optional and default to byte unless
specified. So it is possible to write, if size > 1000 then ..
* Fixed handling of invalid input files in event queue handler.
Thanks to Fco.Javier Felix for patch.
* Set the content type to text/html for Monit web interface POST
responses. Thanks to Rich Drummond for patch.
* Fixed #23530: configure script will return error if bison,
byacc or yacc are not found at Monit compile time.
* Fix CPU and memory monitoring on Solaris (it was disabled on
Monit start)
* AIX fixes and extensions, Monit should run on AIX without
problems, including cpu, memory and filesystem monitoring
(tested with AIX 5.3). Thanks to Brian Downey for support
and help.
* HP-UX fixes and extensions, Monit should run on HP-UX without
problems, including cpu, memory and filesystem monitoring.
Thanks to Brian Downey for support and help.
* Fixed #23467: Don't exit, only issue a warning if the "include"
statement did not find any files to include.
* Fixed #23530: Event queue did not work with the default
unlimited slots.
* Fixed #23617: The process cpu usage is initializing in the
first cycle so the value is set to 0% - if the 'cpu usage <
xyz%' test was used to check that the process usage is higher
then given level, it was always true. Monit now skips the
process cpu usage check in the first cycle.
* Make sure Monit alerts has a unique message id. Thanks to Steve
Purcell for report
* Fixed possible crash when Monit is watching VPS environment on
Linux which reports number of CPUs as 0. Thanks to Marius
Schmidt for report.
* Cleanup event states during a service stop/unmonitor so old
events are not sent when the service is started/monitored again.
* Fixed #21989: Monit could start two instances of the process
when service restart is performed and the process is starting
slowly. Thanks to Nick Upson, Aaron Scamehorn and David Greaves
for report.
* Fixed #21550: Fix crash when Monit event queue contained an
empty file. Thanks to Douglas J Hunley for report.
* Fixed possible crash when the 'if changed checksum' test was
used along with restart action. Thanks to Brian Candler for
report.
* Fixed #22075: Allow using a mail address as username when using
SMTP authentication.
* Fixed #22191 and #19823: If the file content test does not match
anymore, reset the service error state. (Previous versions did
not clear the error state and kept showing a match in the status
listing and in the http interface).
* The 'if changed size ...' test can now be used even if the
monitored file does not exist on monit's start.
* If a htpasswd file is used to control Monit http interface
access and the hash type is set to MD5 but the file contains
wrong format (non-MD5), report the error and keep running.
Formerly Monit exited with an assert exception. Thanks to
Adrian Bridgett for report.
BACKWARD INCOMPATIBLE CHANGES:
* The current CPU usage test which checked the cpu usage of the
process itself plus the cpu usage of child processes was
renamed to TOTALCPU (otherwise it works the same). The new CPU
usage test checks the CPU usage of the process itself only.
This change was introduced to align the syntax with MEMORY and
TOTALMEMORY tests and to allow to test the CPU usage of
processes which fork child processes but the user don't want to
include children (such as Mythtv). Users who are using the CPU
check for services like Apache webserver to watch total cpu
utilization (including children) should rename the CPU
statement in their configuration to TOTALCPU.
|