Resource Manager 6.8.0

This section contains important information about release 6.8.0 of Zenoss Resource Manager (Resource Manager).

New or updated features

This update includes the following performance, reliability, and usability enhancements:

Enhanced device configuration and invalidation processing

The performance issues that impacted timely invalidation processing and availability of device configurations for collectors have been resolved.

Overview

The old invalidations process has been replaced with a persistent configuration cache. The primary change is that the collector daemons will now ask for device configurations rather than waiting for ZenHub to push configurations. The EnterpriseCollector ZenPack has been updated to support the configuration cache.

Features

Device configurations are stored in the main Redis service and are referred to as the “configuration cache.”
The zenihubworker service has been removed. Invalidations are now processed by the Config Cache invalidator service.
Zenhub only gets configs from redis and delivers them and will never wait on a config build.
The new Configuration Cache service folder contains three new services:
- The builder service builds new device configurations (based on zenjobs). This service starts with two instances, but can be expanded as needed.
- The invalidator service monitors invalidations and marks configurations as invalidated.
- The manager service identifies configurations that should be recreated and tells the “builder” to build a new device configuration.

New zProperties have been added to support the new configuration cache:

Name	Description
zDeviceConfigBuildTimeout	The number of seconds before timing out a device configuration build.
zDeviceConfigPendingTimeout	The number of seconds a device configuration build may be queued before a timeout.
zDeviceConfigTTL	The maximum number of seconds to wait before rebuilding a device configuration.
zDeviceConfigMinimumTTL	The number of seconds the configuration is protected from being rebuilt.

You can tune the Configuration Cache services by editing the following settings in their respective configuration files.

In the manager service's configcache-manager.conf file, use the check-interval option to specify the interval, in seconds, of checking for retired, expired, or old configurations. The default value is 30.
In the invalidator service's configcache-invalidator.conf file, use the poll-intervaloption to specify the interval, in seconds, of checking for ZODB invalidations. The default value is 30.

You can also adjust collector services.

In each service's respective .conf file, use the device-config-update-interval option to specify the interval, in minutes, of polling ZenHub for new, updated, and removed device configurations. The default value is 5.

A configcache CLI command has been added to facilitate debugging and troubleshooting. This command has several sub-commands:

$ serviced service shell zope
INFO[0000] Loaded delegate keys from file                keyfile=/etc/serviced/delegate.keys location=localkeys.go:348 logger=auth

root@60167c7f06dc:/# su - zenoss

(zenoss) zenoss@60167c7f06dc:~$ configcache --help
usage: configcache [-h] {version,manager,invalidator,oidmap,device} ...

configcache commands

General Options:
  -h, --help            show this help message and exit

Commands:
  {version,manager,invalidator,oidmap,device}
    version             Display the version and exit
    manager             Determines whether device configs are old and regenerates them
    invalidator         Analyzes changes in ZODB to determine whether to update device configurations
    oidmap              Manage the OID Map cache
    device              Manage the device configuration cache

You can run the configcache command from any service container whose service definition includes a MariaDB-model (zodb_mariadb) endpoint. This includes zope, zenhub, zenhubworker, zenjobs, and others.

Security Compliance

The following updates and fixes support security compliance.

Python CVE fixes have been applied. These include:
- CVE-2020-26116
- CVE-2020-8492
- CVE-2022-0391
Java is updated to version 21
OpenSSL is updated to version 3.0.2 + security fixes
NetSNMP is updated to version 5.9.1

Enhanced SNMP trap filtering configuration

This enhancement includes the following features:

You can now configure zentrap filters without having access to collector config files. Navigate to Advanced > Settings > Events > SNMP Trap Filtering Rules. The updated configurations are sent to the collectors as part of normal configuration updates that don't require service restarts.
Any zentrap configurations previously defined in the zentrap service configuration files have been automatically migrated to the new configuration location. It’s important to review the migrated configuration and confirm that the migrated zentrap filter rules are appropriate.
The format of the filter configuration now features an optional first field that supplies a regular expression (regex) to match against collector names. Rules are applied only to zentrap services running on collectors whose name matches the regex. If there is no regex as the first field, then the wildcard default of .* is assumed, matching any collector.

Enhanced syslog monitoring

This enhancement includes the following features:

You can now configure syslog parsers from the UI. Navigate to Advanced > Settings > Events > Syslog Parsers. The updated configurations are delivered to the collectors as part of the normal configuration updates that don't require restarting the service.
You can configure the default priority in Advanced > Settings > Events > Default Syslog Priority.
Events generated by zensyslog are now filtered at the collector level before the events are sent for further processing.
You can configure filters in Advanced > Settings > Events > Syslog Message Filtering Rules. The updated configurations are delivered to the collectors as part of the normal configuration updates that don't require restarting the service.
The dictionary format includes keys and values: the keys are the event field names for evaluation and the values are lists of regular expressions for matching within the event field. If the content of a generated syslog event field matches any of the supplied regex, then the event is dropped and not sent for further processing.
In Advanced > Settings > Events, you can select the Mirror Syslog Event’s Summary values to Message field. When selected, the syslog event's summary is copied to the message. When cleared, the raw syslog message is preserved in the message field of the event.

Enhanced Monitoring Template Management

You can now replace or extend monitoring templates with other monitoring templates for both ZenPackLib and non-ZenPackLib devices and components.

You can define monitoring templates that end in -replacement or -addition. When you define devices and components in ZenPacks, the following occurs:

The -replacement templates are used instead of the existing template with the same base name.
The -addition templates are used in addition to the base templates or the replacement templates.

Product Improvements

The following issues were fixed as part of this release.

Improved Performance

Added support for the recent daylight saving time (DST) changes in the Mexico time zones.
Previously, failures occurred when the number of concurrent SNMP devices being monitored exceeded an internal limit. This internal limit has been removed.
The issue that caused user interfaces to become unresponsive has been resolved. In some cases, Resource Manager only loaded the top bars and stylesheets for pages, but not the contents. A new page loading configuration fixed the issue.
The issue that caused a server timeout error when an administrator saved edits to permissions has been resolved.
The issue that caused trap filtering to improperly function has been resolved.
The issue that caused the "/Devices is not a valid organizer" error has been resolved. When the zenmodeler displayed this error in the log, its reactor was disabled and needed to be restarted. The zenmodeler is now more resilient.
Previously, SNMP discovery was not parallelized. It has now been parallelized.

Improved Functionality

Users with a custom role who are granted the Maintenance Windows Edit permission now have the ability to add a maintenance window from the Devices Administration page. When the user navigates to the Infrastructure > Devices > Device Administration page and clicks Add, the Add New Maintenance Window dialog box opens.
The issue that caused sequencing errors for a series of mappings that have identical event class keys has been fixed. Previously, when you reordered event classes in the Edit Event Class mapping window in one session, the sequencing logic caused issues in subsequent sessions. Now the sequencing logic is consistent for duplicate event class keys.
The issue that caused component graphs with 200 or more components to fail to load or to page crash has been fixed.

Graphs now load in a timely manner by limiting the display to 50 graphs per page, with an option to load additional graphs in increments of 50 by clicking the Show more graphs button, ensuring smooth page loading and management of a large number of graphs without overwhelming the user interface.

Additionally, the number of graphs displayed on the same page is now manageable, as users can specify the desired amount using the Amount field. The default value is 50.
The issue that caused no results to return after a Resource Manager user issued a command for a selected device has been resolved. Command results now appear as expected.
Previously, in the Events > Event Archive page, when a user assigned with the ZenUser role clicked the new window pop-up icon, the View Event Details window didn't open. Instead, the URL redirected to the login or home page. This issue has been fixed.
The issue that caused confusion when copying a template in the user interface has been resolved. Previously, when a template was copied in the UI, the new copy belonged to the ZenPack that owned the original template. Now the copy of the template doesn't inherit ownership by the Zenpack.

Security

The urllib3 HTTP client library for Python has been updated to resolve the CVE-2023-43804 security issue.

Known Issues

The Resource Manager 6.8 upgrade includes a new version of Apache HBase, updating from 1.1.8 to 2.6.0. This process requires an export of previously collected device metrics prior to the upgrade. When the upgrade is complete, exported metrics can be imported.

See the Installing Resource Manger for details.

Fixed Issues

ID	Description
ZEN-28951	Added support for multiple SNMP v3 auth and priv types
ZEN-29911	Multigraph reports now correctly display group names
ZEN-30583	Added an option to the zendisc utility to skip discovering devices if their IP is already assigned as an interface of a device component
ZEN-33224	Time ranges in "First Seen" and "Last Seen" fields no longer prevent events from closing
ZEN-33856	Corrected Log4j vulnerability CVE-2021-44228 in Solr service
ZEN-34274	HBase upgraded to 2.6
ZEN-34314	Solr upgrade removes apache.commons.text dependency
ZEN-34402	Added support for RHEL 8.10
ZEN-34405	Zenoss.resmgr and development Docker images rebased to Ubuntu 22.04
ZEN-34493	Added Percona toolkit dependencies
ZEN-34496	Added the ability to handle certificate chains in CyberArk integration
ZEN-34539	Performance improvement for `dmd.JobManager.getAllJobs` method
ZEN-34622	Improved zenhubworker's "zenhub answering" healthcheck
ZEN-34645	Copies of ZenPack templates are no longer owned by the ZenPack
ZEN-34646	Added -replacement and -additional template processing to base platform for non-ZPL objects
ZEN-34855	Fixed the mapping procedure in the DiscoveryMapping ZenPack
ZEN-34856	zenhubworkers now notify zenhub prior to restart after call limit reached
ZEN-34858	Added default SNMP MIBs to the new Ubuntu-based Docker image
ZEN-34861 ZEN-34885	Improved handling for maintenance windows in the America/Mexico_City time zone
ZEN-34862	Event class mapping sequences now sort on sequence ID instead of mapping name
ZEN-34863	DeviceRouter remodel method checks permissions against device UID instead of router endpoint
ZEN-34864	Event Archive "pop-out" button no longer redirects to login
ZEN-34866	Deleting a device from a device class now presents correct Remove Device dialog
ZEN-34867	Updated Celery to v4.4.7 to improve performance and address zenjobs timeout issues
ZEN-34871	Improved CPU commitment handling across Resource Manager services
ZEN-34874	Event Console device links now open correct device after selecting multiple events
ZEN-34882	Pagination added to Component Graphs feature
ZEN-34883	Custom roles can now add maintenance window
ZEN-34897	zeneventserver correctly exposes IncidentManagement and ZenETL REST endpoints
ZEN-34900	Control Center version is displayed correctly on Advanced >Versions tab
ZEN-34912	libcurl4 updated to 7.81
ZEN-34955	Internal zope metrics collect correctly after zope config update
ZEN-34956	Removed unused RabbitMQ version
ZEN-34960	Templates - Available templates now list on device overview and Infrastructure > Devices pages
ZEN-34968	Solr config updated for version 9.6.1
ZEN-34982	Added model API for zenjobs-monitor service to enable montoring by RMMonitor ZenPack
ZEN-34995	Improved service CPU commitment handling for Impact, ImpactServer, Capacity
ZEN-35012	Improved migration script sanity checking
ZEN-35014	Event `manager` field correctly shows container ID of originating service
ZEN-35015	Corrected traceback for GuestDeviceJobs on cloud provider devices
ZEN-35016	Corrected auth issue when following external links into an event details page
ZEN-35017	Improved Kibana timestamps and log entries for zenhubworker (adm) service
ZEN-35018	Corrected issue with Infrastructure page Refresh button
ZEN-35020	SNMP trap filtering correctly handles v1 traps
ZEN-35021	RouteMap modeler plugin now correctly models IDPR and EIGRP routes
ZEN-35023	Latest version of ZenPacks.zenoss.Microsoft.HyperV added to `/opt/zenoss/packs`
ZEN-35025	Corrected "Received response 400 from Central Query" error in zenpython
ZEN-35032	Increased default HBase HMaster and RegionServer RAM commitments from 1G to 2G
ZEN-35033	HBase - Corrected logging and service metrics in Control Center
ZEN-35035	zenmodeler now correctly obeys startat and cycletime directives
ZEN-35037	Disabled external plugins in zeneventserver.conf
ZEN-35038	Improved zope's "zope answering" healthcheck
ZEN-35061	"zenoss-installer" script renamed to "zenoss-install-host-validate"
ZEN-35063	Improved error logging and exception handling when iterating over the content of a relation
ZEN-35065	HBase - adjusted install/upgrade procedures for new version
ZEN-35072	Improved SNMP v3 trap handling
ZEN-35077	Improved zproxy pagespeed caching
ZEN-35084	OpenTSDB - added javax.xml.bind dependency to prevent timeout errors
ZEN-35088	PyMySQL - upgraded to version 0.10.1
ZEN-35103	Improved zentrap's handling of zProperty misconfiguration
ZEN-35106	RabbitMQ - upgraded to 3.9.27
ZEN-35107	MariaDB - upgraded to 10.6.18
ZEN-35116	Redis - upgraded to 6.0.16
ZEN-35124	Solr - added a timeout to the "Solr answering" healthcheck
ZEN-35132	Corrected issue with zenhubworker
ZEN-35138	MariaDB - corrected init process for version 10.6.18
ZEN-35144	Updated "zenoss-install-host-validate" for Resource Manager 6.8
ZEN-35146	Improved logging for SNMP v3 security module
ZEN-35148	Improved handling of manageIp/ipaddress relationships when managing IpAddress objects
ZEN-35157	Removed redundant "NOAUTH" and "NOPRIV" options from zSnmpAuthType and zSnmpPrivType zProperties

ZenPacks updated

The following ZenPacks are included in this update: