h5. Overview
The 7.2.1 Rollup Patch installer version 4127 includes fixes for issues in checking Oracle databases via queries, the automation of removal of orphan downtime records, updates and improvements to the SLA dashboards and a Monarch script enhancement. It also removes JMX for the JOSSO component, which is a known vulnerability. For this reason, this patch is considered a security patch. The remaining fixes and enhancements are primarily for usability.
The following is a description of the main issues that are addressed by applying the Rollup Patch installer version 7.2.2-gw4127, incrementally. If you have an unpatched 7.2.1 system, this rollup patch will include all changes and updates made through patch 4125, and the additional changes listed here. There is no need to install other older patches first.
Each patch installer creates a backup directory that contains all the changed files for that patch. You may view the changed files on your system at:
{noformat}
/usr/local/groundwork/backup-gwNNNN/files
{noformat}
where NNNN is the number of the patch *prior* to the one currently installed. Thus, the files changed by patch 4122, for example, will appear when you install patch 4127 in
{noformat}
/usr/local/groundwork/backup-gw4122/files
{noformat}
and can be restored (rolled back to) from there. See instructions for roll back [here|DOC721:GWME-7.2.1-00 Rollup Patch Installer].
h4. Changes made in this patch installer
(beyond those included from patch 4125)
h5. Downtime management fix
* It is now possible to "preview" which orphan downtimes will be removed.
In patch 4125, we provided the enhancement to allow the removal of orphan downtimes with the command: {noformat}/usr/local/groundwork/foundation/container/rstools/php/bsmCheck/protected/yiic downtime removeorphans{noformat}
which can be added to cron for the nagios user.
This takes care of a database growth problem that happens when downtimes were set for hosts that were then deleted, and the downtimes were not (an issue which has since been dealt with in later versions).
We added an option in this patch: Adding {noformat}--preview{noformat} to this command will not delete anything, but will generate a list of downtimes that will be deleted when the command is run without the --preview option. This allows you to see which downtimes you are about to delete, which should make you more confident in the process. To summarize:
{noformat}/usr/local/groundwork/foundation/container/rstools/php/bsmCheck/protected/yiic downtime removeorphans{noformat}
removes all orphan downtimes.
{noformat}/usr/local/groundwork/foundation/container/rstools/php/bsmCheck/protected/yiic downtime removeorphans --preview{noformat}
shows you a list of orphan downtimes without removing them.
h5. Minor Bug fixes
* The following minor display and functional issues were repaired:
** [RSTOOL-467] - Option "SLAREPORT_REPORT_SERVER_SYNC" in Config file is not savable
** [RSTOOL-422] - SLA Dashboard: Widget display settings get reset after configuration of widget
** [RSTOOL-477] - SLA Dashboard view slows down after long display times
** [RSTOOL-402] - SLA Dashboard: Drag and drop of images not possible if over an image
** [RSTOOL-474] - SLA Dashboard: Width and length attributes of widget in dashboard not recalculated correctly to fit the display preferences
** [RSTOOL-482] - SLA Dashboard: Display preference settings of widget are re-enabled when cloning a widget
** [RSTOOL-488] - PHP Error[8]: Undefined index error in Publish Status application
** [RSTOOL-489] - SLA Dashboard: Newly added element widget can be behind an existing element on the dashboard
** [RSTOOL-490] - SLA Dashboard: Timetable widget data display does not adapt to total size of widget
** [RSTOOL-491] - SLA Dashboard: Predefined Elements crash the dashboard when deleted
** [RSTOOL-493] - SLA Dashboard: Timetable widget displays wrong content when not in the same timezone as the client
h5. Enhancements
* The following enhancements were made to the SLA functions:
** [RSTOOL-265] - SLA Dashboard: Added a Clock Widget for showing time of last refresh
** [RSTOOL-235] - SLA: The SLA Events tab now has dropdown filters for contract, customer, alias and hostname
** [RSTOOL-237] - SLA: The SLA Contract supports customer as dropdown on create object
** [RSTOOL-466] - SLA: Enhanced SLA contracts so external (SLA) and internal (OLA) contracts are differentiated
** [RSTOOL-475] - SLA Dashboard: Added InDowntime status to host and service status widget in SLA dashboard
** [RSTOOL-478] - BSM: If monitored service has downtime set, the BSM tree view now displays SCHEDULED state
** [RSTOOL-479] - SLA Reports: Increased performance of a filtered ServiceList when exporting to CSV
** [RSTOOL-470] - SLA Dashboard: Added ability to Create downtime from SLA dashboard (Service, Host, HostGroups, ServiceGroups and BSM Groups)
** [RSTOOL-463] - SLA: Added Event-list for Subservices (PARTIAL IMPLEMENTATION)
** [RSTOOL-450] - SLA: Added Filter for Servicelist with export to csv
** [RSTOOL-161] - Added capability to add more Customer or Client information to contracts
** [RSTOOL-481] - Added link from SLA Dashboard to downtime list
h5.
h5. Miscellaneous fixes
* The {{/usr/local/groundwork/nagios/libexec/check_oracle_db}} plugin has been overhauled.
** It will no longer generate a misleading OK result when in fact the underlying SQL query produced no result rows.
** Additional types of query-execution exceptions are now correctly sensed as failures.
** Command-line option flags are now parsed correctly. This will prevent argument-position errors, such as swapping the order of the warning and critical thresholds, which would have gone unnoticed by the previous version of the plugin. (Correct ordering of the plugin options is no longer presumed. With this new version and the correct option flags, options may now be specified in any order.)
** Much better debug output is now provided, under control of the new {{\-d}} option. This can assist in manual-run situations where there is some mystery as to what the script is seeing internally as results from the underlying SQL query.
** Most importantly, the {{\-n}} option value can now be the heading of the column whose values you wish to compare against the warning and critical thresholds. This is far more reliable that using a column number, partly because the column numbering starts with 0 (which is probably unexpected, and was formerly undocumented), and because there was no obvious way to check that you had actually selected the particular column you were interested in. As of the availability of this version of the plugin, using a column number is therefore deprecated, in favor of the heading.
** A proper usage message is now available. It can be spilled out by running the plugin without any arguments. It is quite extensive, and documents in detail the requirements for the SQL query to be run.
** A bunch of other internal improvements have been made as well, such as emitting more descriptive error messages.
* The {{/usr/local/groundwork/core/monarch/bin/monarch_assign_service_to_host}} help message has been fixed to reflect actual usage.
* The {{/usr/local/groundwork/core/monarch/bin/monarch_assign_gdma_service_to_host}} script has been added. It differs from {{monarch_assign_service_to_host}} in that it ensures that any service externals assigned to the generic service are copied over to the host-service if it is newly created. In contrast, {{monarch_assign_service_to_host}} just completely ignores service externals.
h5. Security fix
GroundWork 7.2.1 has a vulnerability in JOSSO JMX, CVE-2015-2342, CVE-2015-0225. This can be worked around by updating the configuration of JOSSO, or by applying this patch. Contact [email protected] if you need more details.
The 7.2.1 Rollup Patch installer version 4127 includes fixes for issues in checking Oracle databases via queries, the automation of removal of orphan downtime records, updates and improvements to the SLA dashboards and a Monarch script enhancement. It also removes JMX for the JOSSO component, which is a known vulnerability. For this reason, this patch is considered a security patch. The remaining fixes and enhancements are primarily for usability.
The following is a description of the main issues that are addressed by applying the Rollup Patch installer version 7.2.2-gw4127, incrementally. If you have an unpatched 7.2.1 system, this rollup patch will include all changes and updates made through patch 4125, and the additional changes listed here. There is no need to install other older patches first.
Each patch installer creates a backup directory that contains all the changed files for that patch. You may view the changed files on your system at:
{noformat}
/usr/local/groundwork/backup-gwNNNN/files
{noformat}
where NNNN is the number of the patch *prior* to the one currently installed. Thus, the files changed by patch 4122, for example, will appear when you install patch 4127 in
{noformat}
/usr/local/groundwork/backup-gw4122/files
{noformat}
and can be restored (rolled back to) from there. See instructions for roll back [here|DOC721:GWME-7.2.1-00 Rollup Patch Installer].
h4. Changes made in this patch installer
(beyond those included from patch 4125)
h5. Downtime management fix
* It is now possible to "preview" which orphan downtimes will be removed.
In patch 4125, we provided the enhancement to allow the removal of orphan downtimes with the command: {noformat}/usr/local/groundwork/foundation/container/rstools/php/bsmCheck/protected/yiic downtime removeorphans{noformat}
which can be added to cron for the nagios user.
This takes care of a database growth problem that happens when downtimes were set for hosts that were then deleted, and the downtimes were not (an issue which has since been dealt with in later versions).
We added an option in this patch: Adding {noformat}--preview{noformat} to this command will not delete anything, but will generate a list of downtimes that will be deleted when the command is run without the --preview option. This allows you to see which downtimes you are about to delete, which should make you more confident in the process. To summarize:
{noformat}/usr/local/groundwork/foundation/container/rstools/php/bsmCheck/protected/yiic downtime removeorphans{noformat}
removes all orphan downtimes.
{noformat}/usr/local/groundwork/foundation/container/rstools/php/bsmCheck/protected/yiic downtime removeorphans --preview{noformat}
shows you a list of orphan downtimes without removing them.
h5. Minor Bug fixes
* The following minor display and functional issues were repaired:
** [RSTOOL-467] - Option "SLAREPORT_REPORT_SERVER_SYNC" in Config file is not savable
** [RSTOOL-422] - SLA Dashboard: Widget display settings get reset after configuration of widget
** [RSTOOL-477] - SLA Dashboard view slows down after long display times
** [RSTOOL-402] - SLA Dashboard: Drag and drop of images not possible if over an image
** [RSTOOL-474] - SLA Dashboard: Width and length attributes of widget in dashboard not recalculated correctly to fit the display preferences
** [RSTOOL-482] - SLA Dashboard: Display preference settings of widget are re-enabled when cloning a widget
** [RSTOOL-488] - PHP Error[8]: Undefined index error in Publish Status application
** [RSTOOL-489] - SLA Dashboard: Newly added element widget can be behind an existing element on the dashboard
** [RSTOOL-490] - SLA Dashboard: Timetable widget data display does not adapt to total size of widget
** [RSTOOL-491] - SLA Dashboard: Predefined Elements crash the dashboard when deleted
** [RSTOOL-493] - SLA Dashboard: Timetable widget displays wrong content when not in the same timezone as the client
h5. Enhancements
* The following enhancements were made to the SLA functions:
** [RSTOOL-265] - SLA Dashboard: Added a Clock Widget for showing time of last refresh
** [RSTOOL-235] - SLA: The SLA Events tab now has dropdown filters for contract, customer, alias and hostname
** [RSTOOL-237] - SLA: The SLA Contract supports customer as dropdown on create object
** [RSTOOL-466] - SLA: Enhanced SLA contracts so external (SLA) and internal (OLA) contracts are differentiated
** [RSTOOL-475] - SLA Dashboard: Added InDowntime status to host and service status widget in SLA dashboard
** [RSTOOL-478] - BSM: If monitored service has downtime set, the BSM tree view now displays SCHEDULED state
** [RSTOOL-479] - SLA Reports: Increased performance of a filtered ServiceList when exporting to CSV
** [RSTOOL-470] - SLA Dashboard: Added ability to Create downtime from SLA dashboard (Service, Host, HostGroups, ServiceGroups and BSM Groups)
** [RSTOOL-463] - SLA: Added Event-list for Subservices (PARTIAL IMPLEMENTATION)
** [RSTOOL-450] - SLA: Added Filter for Servicelist with export to csv
** [RSTOOL-161] - Added capability to add more Customer or Client information to contracts
** [RSTOOL-481] - Added link from SLA Dashboard to downtime list
h5.
h5. Miscellaneous fixes
* The {{/usr/local/groundwork/nagios/libexec/check_oracle_db}} plugin has been overhauled.
** It will no longer generate a misleading OK result when in fact the underlying SQL query produced no result rows.
** Additional types of query-execution exceptions are now correctly sensed as failures.
** Command-line option flags are now parsed correctly. This will prevent argument-position errors, such as swapping the order of the warning and critical thresholds, which would have gone unnoticed by the previous version of the plugin. (Correct ordering of the plugin options is no longer presumed. With this new version and the correct option flags, options may now be specified in any order.)
** Much better debug output is now provided, under control of the new {{\-d}} option. This can assist in manual-run situations where there is some mystery as to what the script is seeing internally as results from the underlying SQL query.
** Most importantly, the {{\-n}} option value can now be the heading of the column whose values you wish to compare against the warning and critical thresholds. This is far more reliable that using a column number, partly because the column numbering starts with 0 (which is probably unexpected, and was formerly undocumented), and because there was no obvious way to check that you had actually selected the particular column you were interested in. As of the availability of this version of the plugin, using a column number is therefore deprecated, in favor of the heading.
** A proper usage message is now available. It can be spilled out by running the plugin without any arguments. It is quite extensive, and documents in detail the requirements for the SQL query to be run.
** A bunch of other internal improvements have been made as well, such as emitting more descriptive error messages.
* The {{/usr/local/groundwork/core/monarch/bin/monarch_assign_service_to_host}} help message has been fixed to reflect actual usage.
* The {{/usr/local/groundwork/core/monarch/bin/monarch_assign_gdma_service_to_host}} script has been added. It differs from {{monarch_assign_service_to_host}} in that it ensures that any service externals assigned to the generic service are copied over to the host-service if it is newly created. In contrast, {{monarch_assign_service_to_host}} just completely ignores service externals.
h5. Security fix
GroundWork 7.2.1 has a vulnerability in JOSSO JMX, CVE-2015-2342, CVE-2015-0225. This can be worked around by updating the configuration of JOSSO, or by applying this patch. Contact [email protected] if you need more details.