From: Michael Friedrich Date: Fri, 2 Aug 2019 14:06:36 +0000 (+0200) Subject: Docs: Add config sync restrictions to upgrading docs X-Git-Tag: v2.11.0~1^2~49^2 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=20266cd1b1c5729ebe4069bd089f96dc83b3568f;p=icinga2 Docs: Add config sync restrictions to upgrading docs --- diff --git a/doc/16-upgrading-icinga-2.md b/doc/16-upgrading-icinga-2.md index 08e66aed4..e73d5e5bf 100644 --- a/doc/16-upgrading-icinga-2.md +++ b/doc/16-upgrading-icinga-2.md @@ -172,6 +172,15 @@ Since the config sync change detection now uses checksums, this may fail with anything else than syncing configuration text files. Syncing binary files were never supported, but rumors say that some users do so. +This is now prohibited and logged. + +``` +[2019-08-02 16:03:19 +0200] critical/ApiListener: Ignoring file '/etc/icinga2/zones.d/global-templates/forbidden.exe' for cluster config sync: Does not contain valid UTF8. Binary files are not supported. +Context: + (0) Creating config update for file '/etc/icinga2/zones.d/global-templates/forbidden.exe' + (1) Activating object 'api' of type 'ApiListener' +``` + Such binaries wrapped into JSON-RPC cluster messages may always cause changes and trigger reload loops. In order to prevent such harm in production, use infrastructure tools such as Foreman, Puppet, Ansible, etc. to install