Cluster sync: Only sync valid UTF8 content (text config, no binaries)

[dnsmichi]

• *.conf files are sanitized automatically.
• Other files detect sanitizing and treat that as unsupported type

refs #7382

[dnsmichi]

Tests

My local mini cluster.

Binary file in zones.d

cp sslscan.exe etc-a/icinga2/zones.d/master/
./icinga2a daemon

...

[2019-08-02 16:39:36 +0200] information/ConfigItem: Triggering Start signal for config items
[2019-08-02 16:39:36 +0200] information/FileLogger: 'main-log' started.
[2019-08-02 16:39:36 +0200] information/ApiListener: 'api' started.
[2019-08-02 16:39:37 +0200] critical/ApiListener: Ignoring file 'etc-a/icinga2/zones.d/master/sslscan.exe' for cluster config sync: Does not contain valid UTF8. Binary files are not supported.
Context:
	(0) Creating config update for file 'etc-a/icinga2/zones.d/master/sslscan.exe'
	(1) Activating object 'api' of type 'ApiListener'

[2019-08-02 16:39:37 +0200] information/ApiListener: Copying 4 zone configuration files for zone 'master' to 'var-a/lib/icinga2/api/zones/master'.
[2019-08-02 16:39:37 +0200] information/ApiListener: Updating configuration file: var-a/lib/icinga2/api/zones/master//_etc/agent-tmpl.conf
[2019-08-02 16:39:37 +0200] information/ApiListener: Updating configuration file: var-a/lib/icinga2/api/zones/master//_etc/downtime.conf
[2019-08-02 16:39:37 +0200] information/ApiListener: Updating configuration file: var-a/lib/icinga2/api/zones/master//_etc/h.conf
[2019-08-02 16:39:37 +0200] information/ApiListener: Updating configuration file: var-a/lib/icinga2/api/zones/master//_etc/notify.conf
[2019-08-02 16:39:37 +0200] information/ApiListener: Copying 1 zone configuration files for zone 'agent' to 'var-a/lib/icinga2/api/zones/agent'.
[2019-08-02 16:39:37 +0200] information/ApiListener: Updating configuration file: var-a/lib/icinga2/api/zones/agent//_etc/host.conf
[2019-08-02 16:39:37 +0200] information/ApiListener: Started new listener on '[::]:5665'
[2019-08-02 16:39:37 +0200] information/DbConnection: 'ido-mysql' started.

Binary file in var-lib

Just in case someone thinks being a genius.

mv etc-a/icinga2/zones.d/master/sslscan.exe var-a/lib/icinga2/api/zones/master/_etc/

./icinga2a daemon

The config sync already takes care of purging the production stage.

[2019-08-02 16:47:03 +0200] information/ApiListener: Copying 4 zone configuration files for zone 'master' to 'var-a/lib/icinga2/api/zones/master'.
[2019-08-02 16:47:03 +0200] information/ApiListener: Updating configuration file: var-a/lib/icinga2/api/zones/master//_etc/agent-tmpl.conf
[2019-08-02 16:47:03 +0200] information/ApiListener: Updating configuration file: var-a/lib/icinga2/api/zones/master//_etc/downtime.conf
[2019-08-02 16:47:03 +0200] information/ApiListener: Updating configuration file: var-a/lib/icinga2/api/zones/master//_etc/h.conf
[2019-08-02 16:47:03 +0200] information/ApiListener: Updating configuration file: var-a/lib/icinga2/api/zones/master//_etc/notify.conf

Binary in config stage

Oh, even more genius. That doesn't work, the master doesn't use this.

Binary in config stage, secondary master

One could still this.

cp /usr/local/icinga/icinga2/etc/icinga2/zones.d/global-templates/sslscan.exe  var-b/lib/icinga2/api/zones-stage/master/_etc/

./icinga2b daemon

doesn't work either, the stage directory is purged.

Binary in stage, disallowed purge by user

If for some reason, the daemon is not allowed to purge, there is another security door closed: The same mechanism which reads the files on the config master is applied for all endpoint config syncs.

[dnsmichi]

@lippserd I'll join you on Monday for this.

[dnsmichi]

Offline meeting: This is the route to go, we cannot allow any binary content being used in our cluster messages. There's better tools for this.