The scan creates many temp files and doesn't end

[gianmarco-mameli]

Describe the bug

When a scan job is launched, automatically via cron job or manually, I noticed many file created on a subfolder inside /tmp, that contains files with prefix intermediateXXXXXXXX or certXXXXXXX.
The task doesn't not complete and I need to kill it to avoid filling the disk space.

To Reproduce

1. Launch a scan job via icingacli or via cron job
2. Look at /tmp/xxxxxxxxxxxxx to see the temporary files created, some of them with 20+ mb of size
3. The task doesn't complete and I need to kill the pid

Expected behavior

The scan task ends with no problems from many temp files

Screenshots

Your Environment

• Icinga Web 2 version and modules (System - About): Icingaweb2 v2.11.1, Icinga X509 v1.2.1
• Icinga 2 version used (icinga2 --version): 2.13.5
• PHP version used (php --version): 7.3.31
• Server operating system and version: Debian 10.12

[yhabteab]

Hii @gianmarco-mameli, thanks for reporting.

How big is the network you are scanning? Of course, the scan may take a while, if you scan a huge network. Alternatively, try using the parallel option to reduce the --parallel scanning and decrease the tmp files being created (Default is 256). But be careful, this will slow down the scan even more.

[yhabteab]

Ignore my suggestion with the parallel option. There will be a lot of tmp files created only when verifying the certificates.

[gianmarco-mameli]

Hi @yhabteab, ok thank you, at the first time I supposed too that the problem was the dimension of the network, but the same problem is present scanning a simple /24 net. The other strange thing is that I've updated the module 10 days ago, and for 8 days nothing happen, all worked as expected.
Also with the older version of the module the scan was really fast, in complex network too

[yhabteab]

The other strange thing is that I've updated the module 10 days ago, and for 8 days nothing happen, all worked as expected.

Have you changed anything within the 2 days? It sounds like something was changed on your network or in the job configs, but even then this shouldn't prevent the scan command to complete.

I have made some improvements to how the certificate chains are validated in this PR, can you please test if that helps. And when the problem still occurs (if the scan command still hangs), please run the scan command in debug mode with the --debug option and share some of the latest messages.

[gianmarco-mameli]

Hi @yhabteab, nope I haven't changed anything in the meantine, but I've tried your mod on the PR and the problem seems disappeared.
Next days I turn back ok the service and the cron jobs hoping the problem is definitely solved. Thanks for your help

[yhabteab]

Next days I turn back ok the service and the cron jobs hoping the problem is definitely solved.

What do your job configs look like?

You might also have a very large network with extremely short schedule intervals. For example, if you have a job that takes over a minute to complete, but you're using the @minutely frequency, the scheduler won't cancel the ongoing instance, it will simply start another one. And this, of course, can lead to dozens of temp file storages being created at the same time.

[gianmarco-mameli]

I've tested all my jobs before scheduling the scans, each job ends in about 1-2 minutes and my schedules are 10 minutes apart from each other

[gianmarco-mameli]

Hi, sorry for my late feedback. Apparently all is ok with your PR, so I've reactivated the jobs and is running correctly

Thank you