user limit(?) in cgi.cfg

[sikhdev]

Hey Guys,

I have done everything I could think of to troubleshoot this issue and haven't gotten anywhere so I'm hoping you guys have something I might've missed.

We define a user list for the authorized_for_* variables to restrict access to our icinga instance. After upgrading from 1.6 to 1.10, I am noticing that our original list of users doesn't have access anymore. After doing some digging and manual tests, I discovered that only 111 users work and have no issues accessing our instance. User 112 and on don't get any access at all. The original list that works in 1.6 is 400+ users and the new list is about 280 users.

I looked through as many commits as I could between 1.6 and 1.10 and couldnt see any substantial changes to cgiauth that would've caused this issue to manifest itself. If I've missed something, I apologize in advance for wasting your time.

Thanks for your time and hoping I just overlooked something.

[wnieder]

What has changed apart from upgrading from 1.6 to 1.10 (OS / server / ...)?

One reason might be that the space for environment variables is now smaller. If possible please check the init script of Icinga 1.6.

BTW: even Icinga 1.10 is nearly four years old. Is there any reason for using such ancient versions?

Am 21.12.2017 um 22:17 schrieb sikhdev:

Hey Guys,

I have done everything I could think of to troubleshoot this issue and haven't gotten anywhere so I'm hoping you guys have something I might've missed.

We define a user list for the |authorizedfor*| variables to restrict access to our icinga instance. After upgrading from 1.6 to 1.10, I am noticing that our original list of users doesn't have access anymore. After doing some digging and manual tests, I discovered that only 111 users work and have no issues accessing our instance. User 112 and on don't get any access at all. The original list that works in 1.6 is 400+ users and the new list is about 280 users.

I looked through as many commits as I could between 1.6 and 1.10 and couldnt see any substantial changes to |cgiauth| that would've caused this issue to manifest itself. If I've missed something, I apologize in advance for wasting your time.

Thanks for your time and hoping I just overlooked something.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/Icinga/icinga-core/issues/1607, or mute the thread https://github.com/notifications/unsubscribe-auth/ACiMEbY79tmz8wFU6lNvXueaopR7gkGqks5tCsrggaJpZM4RKXSN.

[sikhdev]

Wow that was fast, thank you for such a fast reply.

So I definitely had the OS details in my original post and closed my tab and had to retype from memory.

Old OS: Ubuntu 12 New OS: Ubuntu 14

Reason for such an ancient version: cause "the work to upgrade to icinga2 would be too much work and at that point we should switch to a new monitoring platform". Personally, Icinga2 upgrade would be easier for us versus implementing a new monitoring platform but 🤷‍♂️ .

I ran a diff on the icinga scripts from /etc/init.d/icinga between 1.6 and 1.10 and not seeing any changes to the environment variable. Definitely didnt check this and glad you mentioned it, wouldnt of thought of it myself.

Any other help is appreciated. I know this is a old ass version and dont expect anyone to waste their time on it but unfortunately I have to :/ and hoping I don't have to abandon this project

[wnieder]

The init script contains lines to "load extra environment variables". I'd take a look at the two files mentioned as well.

Am 21.12.2017 um 23:00 schrieb sikhdev:

Wow that was fast, thank you for such a fast reply.

So I definitely had the OS details in my original post and closed my tab and had to retype from memory.

Old OS: Ubuntu 12 New OS: Ubuntu 14

Reason for such an ancient version: cause "the work to upgrade to icinga2 would be too much work and at that point we should switch to a new monitoring platform". Personally, Icinga2 upgrade would be easier for us versus implementing a new monitoring platform but 🤷‍♂️ .

I ran a diff on the icinga scripts from /etc/init.d/icinga between 1.6 and 1.10 and not seeing any changes to the environment variable. Definitely didnt check this and glad you mentioned it, wouldnt of thought of it myself.

Any other help is appreciated. I know this is a old ass version and dont expect anyone to waste their time on it but unfortunately I have to :/ and hoping I don't have to abandon this project

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/Icinga/icinga-core/issues/1607#issuecomment-353468399, or mute the thread https://github.com/notifications/unsubscribe-auth/ACiMEeB2GI4VOYDSqMHuCViSsQLyNSMOks5tCtUIgaJpZM4RKXSN.

[dnsmichi]

1.10 isn't supported anymore, you might just try 1.14.

[sikhdev]

@dnsmichi 1.14 doesnt exist for ubuntu 14 unless the repo isn't updaed. I am only seeing 1.10.3 in the ubuntu repo's which is where we are installing icinga from.

@wnieder I looked at both init files again, nothing stands out and the "load extra environment variables" doesn't exist in either files. I did a grep with -i just to make sure I didnt miss anything.

[sikhdev]

last update and I'll stop bothering you guys because it looks like this issue wont be fixed since Icinga-core/icinga1 is EOL.

I tried 1.14.2 from source and 1.13 from repo and neither fixed my issue. I tried the init file from 1.6 on my 1.10 install, still nothing.

I am assuming something changed in the code that I cant see but thats my best guess. nothing in the os upgrade makes me think it broke this user variable.

Thanks again for your help @dnsmichi @wnieder

[dnsmichi]

You're right with the assumption that this won't be fixed. 1.x was here for 9 years, it is time to focus on 2.x.