From eec053924c0fd1085023458ade00098c7110fb39 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Fri, 24 Apr 2015 22:11:49 +0300 Subject: [PATCH 001/119] Updated various MaxScale command line and configuration options to allow custom log, module, data, cache and language directories. --- CMakeLists.txt | 30 ++++-- server/core/gateway.c | 226 +++++++++++++++++++++++++++------------ server/core/load_utils.c | 9 +- server/include/gw.h | 1 + 4 files changed, 185 insertions(+), 81 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 94842ebaa..e654e766e 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -137,19 +137,29 @@ ${CMAKE_SOURCE_DIR}/Documentation/Release-Notes/MaxScale-1.1-Release-Notes.md execute_process(COMMAND perl ${CMAKE_SOURCE_DIR}/Documentation/format.pl ${CMAKE_SOURCE_DIR}/Documentation/Upgrading-To-MaxScale-1.1.0.md ${CMAKE_BINARY_DIR}/UpgradingToMaxScale110.txt) -install(FILES ${CMAKE_BINARY_DIR}/Changelog.txt DESTINATION .) -install(FILES ${CMAKE_BINARY_DIR}/ReleaseNotes.txt DESTINATION .) -install(FILES ${CMAKE_BINARY_DIR}/UpgradingToMaxScale110.txt DESTINATION .) message(STATUS "Installing MaxScale to: ${CMAKE_INSTALL_PREFIX}/") -install(FILES server/MaxScale_template.cnf DESTINATION etc) -install(FILES server/MaxScale_BinlogServer_template.cnf DESTINATION etc) -install(FILES ${ERRMSG} DESTINATION mysql) -install(FILES ${CMAKE_SOURCE_DIR}/COPYRIGHT DESTINATION .) -install(FILES ${CMAKE_SOURCE_DIR}/README DESTINATION .) -install(FILES ${CMAKE_SOURCE_DIR}/LICENSE DESTINATION .) - +if(PACKAGE) + install(FILES server/MaxScale_template.cnf DESTINATION /etc) + install(FILES server/MaxScale_BinlogServer_template.cnf DESTINATION /etc) + install(FILES ${CMAKE_SOURCE_DIR}/COPYRIGHT DESTINATION /usr/share/maxscale) + install(FILES ${CMAKE_SOURCE_DIR}/README DESTINATION /usr/share/maxscale) + install(FILES ${CMAKE_SOURCE_DIR}/LICENSE DESTINATION /usr/share/maxscale) + install(FILES ${CMAKE_BINARY_DIR}/Changelog.txt DESTINATION /usr/share/maxscale) + install(FILES ${CMAKE_BINARY_DIR}/ReleaseNotes.txt DESTINATION /usr/share/maxscale) + install(FILES ${CMAKE_BINARY_DIR}/UpgradingToMaxScale110.txt DESTINATION /usr/share/maxscale) +else() + install(FILES ${CMAKE_BINARY_DIR}/Changelog.txt DESTINATION .) + install(FILES ${CMAKE_BINARY_DIR}/ReleaseNotes.txt DESTINATION .) + install(FILES ${CMAKE_BINARY_DIR}/UpgradingToMaxScale110.txt DESTINATION .) + install(FILES server/MaxScale_template.cnf DESTINATION etc) + install(FILES server/MaxScale_BinlogServer_template.cnf DESTINATION etc) + install(FILES ${ERRMSG} DESTINATION mysql) + install(FILES ${CMAKE_SOURCE_DIR}/COPYRIGHT DESTINATION .) + install(FILES ${CMAKE_SOURCE_DIR}/README DESTINATION .) + install(FILES ${CMAKE_SOURCE_DIR}/LICENSE DESTINATION .) +endif() # Install startup scripts and ldconfig files if(WITH_SCRIPTS) configure_file(${CMAKE_SOURCE_DIR}/maxscale.conf.in ${CMAKE_BINARY_DIR}/maxscale.conf @ONLY) diff --git a/server/core/gateway.c b/server/core/gateway.c index ed69d3e3e..c06b9f309 100644 --- a/server/core/gateway.c +++ b/server/core/gateway.c @@ -113,12 +113,15 @@ static char* server_options[] = { const int num_elements = (sizeof(server_options) / sizeof(char *)) - 1; -const char* default_cnf_fname = "etc/MaxScale.cnf"; +const char* default_cnf_fname = "MaxScale.cnf"; const char* default_configdir = "/etc/"; const char* default_logdir = "/var/log/maxscale/"; -const char* default_libdir = "/lib64/maxscale/lib/"; -const char* default_moddir = "/lib64/maxscale/modules/"; +const char* default_datadir = "/var/lib/maxscale/"; +const char* default_moduledir = "/lib64/maxscale/modules/"; +const char* default_cachedir = "/var/cache/maxscale/"; +const char* default_langdir = "/usr/share/mysql/english/"; +const char* default_piddir = "/var/run/maxscale/"; static char* server_groups[] = { "embedded", @@ -132,14 +135,15 @@ static char* server_groups[] = { /* The data directory we created for this gateway instance */ static char datadir[PATH_MAX+1] = ""; - +static bool datadir_defined = false; /*< If the datadir was already set */ /* The data directory we created for this gateway instance */ static char pidfile[PATH_MAX+1] = ""; static char* configdir = NULL; static char* logdir = NULL; -static char* libdir = NULL; -static char* moddir = NULL; +static char* moduledir = NULL; +static char* cachedir = NULL; +static char* langdir = NULL; /** * exit flag for log flusher. */ @@ -161,9 +165,14 @@ static struct option long_options[] = { {"config", required_argument, 0, 'f'}, {"nodaemon", no_argument, 0, 'd'}, {"log", required_argument, 0, 'l'}, - {"logdir", required_argument, 0, 'L'}, + {"logdir", required_argument, 0, 'L'}, + {"datadir", required_argument, 0, 'D'}, + {"configdir",required_argument, 0, 'C'}, + {"moduledir",required_argument, 0, 'B'}, + {"cachedir",required_argument, 0, 'A'}, + {"language",required_argument, 0, 'N'}, {"syslog", required_argument, 0, 's'}, - {"maxscalelog", required_argument, 0, 'S'}, + {"maxscalelog",required_argument,0,'S'}, {"version", no_argument, 0, 'v'}, {"help", no_argument, 0, '?'}, {0, 0, 0, 0} @@ -201,6 +210,14 @@ static bool resolve_maxscale_homedir( static char* check_dir_access(char* dirname,bool,bool); +/** + * Get the directory with all the modules. + * @return The module directory + */ +char* get_moduledir() +{ + return moduledir; +} /** * Handler for SIGHUP signal. Reload the configuration for the * gateway. @@ -369,11 +386,10 @@ void datadir_cleanup() { int depth = 1; int flags = FTW_CHDIR|FTW_DEPTH|FTW_MOUNT; - int rc; if (datadir[0] != 0 && access(datadir, F_OK) == 0) { - rc = nftw(datadir, ntfw_cb, depth, flags); + nftw(datadir, ntfw_cb, depth, flags); } } @@ -394,14 +410,13 @@ static bool file_write_footer( FILE* outfile) { bool succp = false; - size_t wbytes1; size_t len1; const char* header_buf1; header_buf1 = "------------------------------------------------------" "\n\n"; len1 = strlen(header_buf1); - wbytes1=fwrite((void*)header_buf1, len1, 1, outfile); + fwrite((void*)header_buf1, len1, 1, outfile); succp = true; @@ -412,9 +427,6 @@ static bool file_write_header( FILE* outfile) { bool succp = false; - size_t wbytes1; - size_t wbytes2; - size_t wbytes3; size_t len1; size_t len2; size_t len3; @@ -458,9 +470,9 @@ static bool file_write_header( #if defined(LAPTOP_TEST) nanosleep(&ts1, NULL); #else - wbytes1=fwrite((void*)header_buf1, len1, 1, outfile); - wbytes2=fwrite((void*)header_buf2, len2, 1, outfile); - wbytes3=fwrite((void*)header_buf3, len3, 1, outfile); + fwrite((void*)header_buf1, len1, 1, outfile); + fwrite((void*)header_buf2, len2, 1, outfile); + fwrite((void*)header_buf3, len3, 1, outfile); #endif succp = true; @@ -1015,20 +1027,28 @@ static void usage(void) { fprintf(stderr, "\nUsage : %s [-h] | [-d] [-c ] [-f ]\n\n" - " -d|--nodaemon enable running in terminal process (default:disabled)\n" - " -c|--homedir=... relative|absolute MaxScale home directory\n" - " -f|--config=... relative|absolute pathname of MaxScale configuration file\n" - " (default: $MAXSCALE_HOME/etc/MaxScale.cnf)\n" - " -l|--log=... log to file or shared memory\n" - " -lfile or -lshm - defaults to shared memory\n" - " -L|--logdir=... path to log file directory\n" - " (default: /var/log/maxscale)\n" - " -s|--syslog= log messages to syslog." - " True or false - defaults to true\n" - " -S|--maxscalelog= log messages to MaxScale log." - " True or false - defaults to true\n" - " -v|--version print version info and exit\n" - " -?|--help show this help\n" + " -d|--nodaemon enable running in terminal process (default:disabled)\n" + " -c|--homedir=... relative|absolute MaxScale home directory\n" + " -f|--config=... relative|absolute pathname of MaxScale configuration file\n" + " (default: $MAXSCALE_HOME/etc/MaxScale.cnf)\n" + " -l|--log=... log to file or shared memory\n" + " -lfile or -lshm - defaults to shared memory\n" + " -L|--logdir=... path to log file directory\n" + " (default: /var/log/maxscale)\n" + " -D|--datadir=... path to data directory\n" + " (default: /var/lib/maxscale)\n" + " -C|--configdir=... path to configuration file directory\n" + " (default: /etc/)\n" + " -B|--moduledir=... path to module directory\n" + " (default: /var/lib/maxscale)\n" + " -A|--cachedir=... path to cache directory\n" + " (default: /var/cache/maxscale)\n" + " -s|--syslog= log messages to syslog.\n" + " True or false - defaults to true\n" + " -S|--maxscalelog= log messages to MaxScale log.\n" + " True or false - defaults to true\n" + " -v|--version print version info and exit\n" + " -?|--help show this help\n" , progname); } @@ -1103,9 +1123,8 @@ int main(int argc, char **argv) NULL}; sigemptyset(&sigpipe_mask); sigaddset(&sigpipe_mask, SIGPIPE); - progname = *argv; - + sprintf(datadir, "%s", default_datadir); #if defined(FAKE_CODE) memset(conn_open, 0, sizeof(bool)*10240); memset(dcb_fake_write_errno, 0, sizeof(unsigned char)*10240); @@ -1133,7 +1152,7 @@ int main(int argc, char **argv) } } - while ((opt = getopt_long(argc, argv, "dc:f:l:vs:S:?L:", + while ((opt = getopt_long(argc, argv, "dc:f:l:vs:S:?L:D:C:B:", long_options, &option_index)) != -1) { bool succp = true; @@ -1245,6 +1264,33 @@ int main(int argc, char **argv) logdir = tmp_path; } + break; + case 'N': + if(handle_path_arg(&tmp_path,optarg,NULL,true,false)) + { + langdir = tmp_path; + } + break; + case 'D': + sprintf(datadir,"%s",optarg); + datadir_defined = true; + break; + case 'C': + if(handle_path_arg(&tmp_path,optarg,NULL,true,false)) + { + configdir = tmp_path; + } + break; + case 'B': + if(handle_path_arg(&tmp_path,optarg,NULL,true,false)) + { + moduledir = tmp_path; + } + case 'A': + if(handle_path_arg(&tmp_path,optarg,NULL,true,true)) + { + cachedir = tmp_path; + } break; case 'S': if(strstr(optarg,"=")) @@ -1547,11 +1593,17 @@ int main(int argc, char **argv) goto return_main; } - /*< + /** Use the cache dir for the mysql folder of the embedded library */ + sprintf(mysql_home, "%s/mysql", cachedir); + setenv("MYSQL_HOME", mysql_home, 1); + + /*< * If MaxScale home directory wasn't set by command-line argument. * Next, resolve it from environment variable and further on, * try to use default. */ +/* + if (home_dir == NULL) { if (!resolve_maxscale_homedir(&home_dir)) @@ -1560,8 +1612,7 @@ int main(int argc, char **argv) rc = MAXSCALE_HOMELESS; goto return_main; } - sprintf(mysql_home, "%s/mysql", home_dir); - setenv("MYSQL_HOME", mysql_home, 1); + } else { @@ -1601,13 +1652,28 @@ int main(int argc, char **argv) } free(log_context); } +*/ - char pbuf[PATH_MAX]; + /** + * Resolve the full pathname for configuration file and check for + * read accessibility. + */ + char pathbuf[PATH_MAX+1]; + snprintf(pathbuf,PATH_MAX,"%s",configdir ? configdir:default_configdir); + if(pathbuf[strlen(pathbuf)-1] != '/') + strcat(pathbuf,"/"); - sprintf(pbuf,"%s/etc/MaxScale.cnf",home_dir); + if (!resolve_maxscale_conf_fname(&cnf_file_path, pathbuf, cnf_file_arg)) + { + ss_dassert(cnf_file_path == NULL); + rc = MAXSCALE_BADCONFIG; + goto return_main; + } - ini_parse(pbuf,cnf_preparser,NULL); + ini_parse(cnf_file_path,cnf_preparser,NULL); + if(!datadir_defined) + sprintf(datadir,"%s",default_datadir); /** * Init Log Manager for MaxScale. * If $MAXSCALE_HOME is set then write the logs into $MAXSCALE_HOME/log. @@ -1678,25 +1744,25 @@ int main(int argc, char **argv) goto return_main; } } - /** - * Resolve the full pathname for configuration file and check for - * read accessibility. - */ - if (!resolve_maxscale_conf_fname(&cnf_file_path, home_dir, cnf_file_arg)) - { - ss_dassert(cnf_file_path == NULL); - rc = MAXSCALE_BADCONFIG; - goto return_main; - } - /*< + + + if(cachedir == NULL) + cachedir = strdup(default_cachedir); + + if(langdir == NULL) + langdir = strdup(default_langdir); + + /** * Set a data directory for the mysqld library, we use * a unique directory name to avoid clauses if multiple * instances of the gateway are beign run on the same * machine. */ - sprintf(datadir, "%s/data", home_dir); + if(datadir[strlen(datadir)-1] != '/') + strcat(datadir,"/"); + strcat(datadir,"data"); if(mkdir(datadir, 0777) != 0){ if(errno != EEXIST){ @@ -1706,7 +1772,7 @@ int main(int argc, char **argv) } } - sprintf(datadir, "%s/data/data%d", home_dir, getpid()); + sprintf(datadir, "%s/data%d", datadir, getpid()); if(mkdir(datadir, 0777) != 0){ @@ -1720,27 +1786,29 @@ int main(int argc, char **argv) if (!daemon_mode) { fprintf(stderr, - "Home directory : %s" - "\nConfiguration file : %s" + //"Home directory : %s" + "Configuration file : %s" "\nLog directory : %s" "\nData directory : %s\n\n", - home_dir, + //home_dir, cnf_file_path, logdir, datadir); } +/* LOGIF(LM, (skygw_log_write_flush( LOGFILE_MESSAGE, "Home directory : %s", home_dir))); +*/ LOGIF(LM, (skygw_log_write_flush( LOGFILE_MESSAGE, "Data directory : %s", datadir))); LOGIF(LM, (skygw_log_write_flush( LOGFILE_MESSAGE, - "Log directory : %s/log", - home_dir))); + "Log directory : %s/", + logdir))); LOGIF(LM, (skygw_log_write_flush( LOGFILE_MESSAGE, "Configuration file : %s", @@ -1758,8 +1826,8 @@ int main(int argc, char **argv) { snprintf(language_arg, 11+PATH_MAX+1, - "--language=%s/mysql", - home_dir); + "--language=%s", + langdir); server_options[i] = language_arg; } } @@ -1815,6 +1883,9 @@ int main(int argc, char **argv) } libmysqld_started = TRUE; + if(moduledir == NULL) + moduledir = strdup(default_moduledir); + if (!config_load(cnf_file_path)) { char* fprerr = "Failed to load MaxScale configuration " @@ -2015,7 +2086,7 @@ static int write_pid_file(char *home_dir) { int fd = -1; - snprintf(pidfile, PATH_MAX, "%s/data/maxscale.pid", home_dir); + snprintf(pidfile, PATH_MAX, "%smaxscale.pid",default_piddir); fd = open(pidfile, O_WRONLY | O_CREAT | O_TRUNC, 0777); if (fd == -1) { @@ -2100,21 +2171,42 @@ static int cnf_preparser(void* data, const char* section, const char* name, cons char pathbuffer[PATH_MAX]; char* errstr; + /** These are read from the configuration file. These will not override + * command line parameters but will override default values. */ if(strcasecmp(section,"maxscale") == 0) { if(strcmp(name, "logdir") == 0) { - /** logdir is only NULL if no command line parameter was given */ if(logdir == NULL) handle_path_arg(&logdir,(char*)value,NULL,true,true); } - else if(strcmp(name, "moddir") == 0) + else if(strcmp(name, "moduledir") == 0) { - handle_path_arg(&moddir,(char*)value,NULL,true,false); + if(moduledir == NULL) + handle_path_arg(&moduledir,(char*)value,NULL,true,false); } - else if(strcmp(name, "libdir") == 0) + else if(strcmp(name, "datadir") == 0) { - handle_path_arg(&libdir,(char*)value,NULL,true,false); + if(!datadir_defined) + { + char* tmp; + if(handle_path_arg(&tmp,(char*)value,NULL,true,false)) + { + sprintf(datadir,"%s",tmp); + datadir_defined = true; + free(tmp); + } + } + } + else if(strcmp(name, "cachedir") == 0) + { + if(cachedir == NULL) + handle_path_arg((char**)&datadir,(char*)value,NULL,true,false); + } + else if(strcmp(name, "language") == 0) + { + if(langdir == NULL) + handle_path_arg((char**)&langdir,(char*)value,NULL,true,false); } } diff --git a/server/core/load_utils.c b/server/core/load_utils.c index 172f24ad0..c2716befa 100644 --- a/server/core/load_utils.c +++ b/server/core/load_utils.c @@ -48,6 +48,7 @@ #include #include #include +#include /** Defined in log_manager.cc */ extern int lm_enabled_logfiles_bitmask; @@ -146,16 +147,16 @@ MODULE_INFO *mod_info = NULL; if (access(fname, F_OK) == -1) { - home = get_maxscale_home (); - snprintf(fname, MAXPATHLEN+1,"%s/modules/lib%s.so", home, module); + //home = get_maxscale_home (); + snprintf(fname, MAXPATHLEN+1,"%s/lib%s.so", get_moduledir(), module); if (access(fname, F_OK) == -1) { LOGIF(LE, (skygw_log_write_flush( LOGFILE_ERROR, "Error : Unable to find library for " - "module: %s.", - module))); + "module: %s. Module dir: %s", + module, get_moduledir()))); return NULL; } } diff --git a/server/include/gw.h b/server/include/gw.h index 9c8507210..e2c69aa7c 100644 --- a/server/include/gw.h +++ b/server/include/gw.h @@ -65,3 +65,4 @@ int gw_write(DCB *dcb, const void *buf, size_t nbytes); int gw_getsockerrno(int fd); int parse_bindconfig(char *, unsigned short, struct sockaddr_in *); int setipaddress(struct in_addr *, char *); +char* get_moduledir(); \ No newline at end of file From df9bc65430c8f786fd71b52dbd0f22dcba911cc1 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Sat, 25 Apr 2015 06:53:59 +0300 Subject: [PATCH 002/119] Added variables that are used when installing instead of relative paths. --- CMakeLists.txt | 35 ++++------ client/CMakeLists.txt | 2 +- log_manager/CMakeLists.txt | 4 +- macros.cmake | 28 ++++++++ query_classifier/CMakeLists.txt | 2 +- server/core/CMakeLists.txt | 6 +- server/core/gateway.c | 65 +++++++++---------- server/core/load_utils.c | 1 - server/include/gw.h | 17 ++++- server/modules/filter/CMakeLists.txt | 18 ++--- server/modules/filter/hint/CMakeLists.txt | 2 +- server/modules/monitor/CMakeLists.txt | 8 +-- server/modules/protocol/CMakeLists.txt | 12 ++-- server/modules/routing/CMakeLists.txt | 12 ++-- server/modules/routing/binlog/CMakeLists.txt | 4 +- server/modules/routing/maxinfo/CMakeLists.txt | 4 +- .../routing/readwritesplit/CMakeLists.txt | 2 +- 17 files changed, 122 insertions(+), 100 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index e654e766e..48bf38e8e 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -37,7 +37,6 @@ if(NOT CURL_FOUND) message(FATAL_ERROR "Failed to locate dependency: libcurl") endif() -set(CMAKE_INSTALL_RPATH ${CMAKE_INSTALL_RPATH}:${CMAKE_INSTALL_PREFIX}/lib:${CMAKE_INSTALL_PREFIX}/modules) # Make sure the release notes for this release are present if it is a stable one if(${MAXSCALE_VERSION} MATCHES "-stable") @@ -47,6 +46,7 @@ if(${MAXSCALE_VERSION} MATCHES "-stable") message(FATAL_ERROR "Could not find the release notes for this stable release: ${MAXSCALE_VERSION_NUMERIC}") endif() endif() +set(CMAKE_INSTALL_RPATH ${CMAKE_INSTALL_RPATH}:${CMAKE_INSTALL_PREFIX}/${MAXSCALE_MODULE_INSTALL}:${CMAKE_INSTALL_PREFIX}/${MAXSCALE_LIBRARY_INSTALL}) file(MAKE_DIRECTORY ${CMAKE_BINARY_DIR}/server/include) configure_file(${CMAKE_SOURCE_DIR}/server/include/version.h.in ${CMAKE_BINARY_DIR}/server/include/version.h) @@ -127,7 +127,7 @@ if(NOT WITHOUT_MAXADMIN) add_subdirectory(client) endif() - +# Generate text versions of some documents execute_process(COMMAND perl ${CMAKE_SOURCE_DIR}/Documentation/format.pl ${CMAKE_SOURCE_DIR}/Documentation/Changelog.md ${CMAKE_BINARY_DIR}/Changelog.txt) @@ -138,28 +138,17 @@ execute_process(COMMAND perl ${CMAKE_SOURCE_DIR}/Documentation/format.pl ${CMAKE_SOURCE_DIR}/Documentation/Upgrading-To-MaxScale-1.1.0.md ${CMAKE_BINARY_DIR}/UpgradingToMaxScale110.txt) -message(STATUS "Installing MaxScale to: ${CMAKE_INSTALL_PREFIX}/") -if(PACKAGE) - install(FILES server/MaxScale_template.cnf DESTINATION /etc) - install(FILES server/MaxScale_BinlogServer_template.cnf DESTINATION /etc) - install(FILES ${CMAKE_SOURCE_DIR}/COPYRIGHT DESTINATION /usr/share/maxscale) - install(FILES ${CMAKE_SOURCE_DIR}/README DESTINATION /usr/share/maxscale) - install(FILES ${CMAKE_SOURCE_DIR}/LICENSE DESTINATION /usr/share/maxscale) - install(FILES ${CMAKE_BINARY_DIR}/Changelog.txt DESTINATION /usr/share/maxscale) - install(FILES ${CMAKE_BINARY_DIR}/ReleaseNotes.txt DESTINATION /usr/share/maxscale) - install(FILES ${CMAKE_BINARY_DIR}/UpgradingToMaxScale110.txt DESTINATION /usr/share/maxscale) -else() - install(FILES ${CMAKE_BINARY_DIR}/Changelog.txt DESTINATION .) - install(FILES ${CMAKE_BINARY_DIR}/ReleaseNotes.txt DESTINATION .) - install(FILES ${CMAKE_BINARY_DIR}/UpgradingToMaxScale110.txt DESTINATION .) - install(FILES server/MaxScale_template.cnf DESTINATION etc) - install(FILES server/MaxScale_BinlogServer_template.cnf DESTINATION etc) - install(FILES ${ERRMSG} DESTINATION mysql) - install(FILES ${CMAKE_SOURCE_DIR}/COPYRIGHT DESTINATION .) - install(FILES ${CMAKE_SOURCE_DIR}/README DESTINATION .) - install(FILES ${CMAKE_SOURCE_DIR}/LICENSE DESTINATION .) -endif() +install(FILES ${CMAKE_BINARY_DIR}/Changelog.txt DESTINATION ${MAXSCALE_SHARE_DIR}) +install(FILES ${CMAKE_BINARY_DIR}/ReleaseNotes.txt DESTINATION ${MAXSCALE_SHARE_DIR}) +install(FILES ${CMAKE_BINARY_DIR}/UpgradingToMaxScale110.txt DESTINATION ${MAXSCALE_SHARE_DIR}) +install(FILES server/MaxScale_template.cnf DESTINATION ${MAXSCALE_CONFIG_DIR}) +install(FILES server/MaxScale_BinlogServer_template.cnf DESTINATION ${MAXSCALE_CONFIG_DIR}) +install(FILES ${ERRMSG} DESTINATION ${MAXSCALE_LANG_DIR}) +install(FILES ${CMAKE_SOURCE_DIR}/COPYRIGHT DESTINATION ${MAXSCALE_SHARE_DIR}) +install(FILES ${CMAKE_SOURCE_DIR}/README DESTINATION ${MAXSCALE_SHARE_DIR}) +install(FILES ${CMAKE_SOURCE_DIR}/LICENSE DESTINATION ${MAXSCALE_SHARE_DIR}) + # Install startup scripts and ldconfig files if(WITH_SCRIPTS) configure_file(${CMAKE_SOURCE_DIR}/maxscale.conf.in ${CMAKE_BINARY_DIR}/maxscale.conf @ONLY) diff --git a/client/CMakeLists.txt b/client/CMakeLists.txt index 755f2eac8..9b679aae0 100644 --- a/client/CMakeLists.txt +++ b/client/CMakeLists.txt @@ -7,4 +7,4 @@ if(HIST) else() message(STATUS "Could not find editline library. MaxAdmin will be built without it.") endif() -install(TARGETS maxadmin DESTINATION bin) +install(TARGETS maxadmin DESTINATION ${MAXSCALE_EXECUTABLE_INSTALL}) diff --git a/log_manager/CMakeLists.txt b/log_manager/CMakeLists.txt index fdef33f6c..607341d9a 100644 --- a/log_manager/CMakeLists.txt +++ b/log_manager/CMakeLists.txt @@ -3,7 +3,7 @@ if(LOG_DEBUG) endif() add_library(log_manager SHARED log_manager.cc) target_link_libraries(log_manager pthread aio stdc++) -install(TARGETS log_manager DESTINATION lib) +install(TARGETS log_manager DESTINATION ${MAXSCALE_LIBRARY_INSTALL}) if(BUILD_TESTS) add_subdirectory(test) -endif() \ No newline at end of file +endif() diff --git a/macros.cmake b/macros.cmake index 440c3fed5..d80202534 100644 --- a/macros.cmake +++ b/macros.cmake @@ -74,6 +74,34 @@ macro(set_variables) # Build extra tools set(BUILD_TOOLS FALSE CACHE BOOL "Build extra utility tools") + # Change installation directories to standard locations for packages + if(PACKAGE) + set(MAXSCALE_MODULE_INSTALL /lib64/maxscale CACHE PATH "Module installation path") + set(MAXSCALE_LIBRARY_INSTALL /lib64/maxscale CACHE PATH "Library installation path") + message(STATUS "Installing MaxScale modules to: ${MAXSCALE_MODULE_INSTALL}/") + set(MAXSCALE_EXECUTABLE_INSTALL /bin CACHE PATH "Executable installation path") + message(STATUS "Installing MaxScale binaries to: ${MAXSCALE_EXECUTABLE_INSTALL}/") + set(MAXSCALE_CONFIG_DIR /etc CACHE PATH "Configuration file installation path") + set(MAXSCALE_DOC_DIR /usr/share/maxscale/doc CACHE PATH "Documentation installation path") + set(MAXSCALE_LOG_DIR /var/log/maxscale CACHE PATH "Log file directory") + message(STATUS "MaxScale log directory: ${MAXSCALE_LOG_DIR}/") + set(MAXSCALE_CACHE_DIR /var/cache/maxscale CACHE PATH "Service cache file directory") + set(MAXSCALE_LANG_DIR /var/cache/maxscale CACHE PATH "Language file directory(errmsg.sys)") + set(MAXSCALE_SHARE_DIR /usr/share/maxscale CACHE PATH "Share file installation path") + set(CMAKE_INSTALL_RPATH ${CMAKE_INSTALL_RPATH}:${MAXSCALE_MODULE_DIR}:${MAXSCALE_LIBRARY_DIR}) + else() + message(STATUS "Installing MaxScale to: ${CMAKE_INSTALL_PREFIX}/") + set(MAXSCALE_MODULE_INSTALL lib64/maxscale CACHE PATH "Module installation path") + set(MAXSCALE_LIBRARY_INSTALL lib64/maxscale CACHE PATH "Library installation path") + set(MAXSCALE_EXECUTABLE_INSTALL bin CACHE PATH "Executable installation path") + set(MAXSCALE_CONFIG_DIR etc CACHE PATH "Configuration file installation path") + set(MAXSCALE_DOC_DIR doc CACHE PATH "Documentation installation path") + set(MAXSCALE_LOG_DIR log CACHE PATH "Log file directory") + set(MAXSCALE_CACHE_DIR cache CACHE PATH "Service cache file directory") + set(MAXSCALE_LANG_DIR cache CACHE PATH "Log file directory") + set(MAXSCALE_SHARE_DIR . CACHE PATH "Share file installation path") + endif() + endmacro() macro(check_deps) diff --git a/query_classifier/CMakeLists.txt b/query_classifier/CMakeLists.txt index 42270cd2c..7fb36d6c6 100644 --- a/query_classifier/CMakeLists.txt +++ b/query_classifier/CMakeLists.txt @@ -1,5 +1,5 @@ add_library(query_classifier SHARED query_classifier.cc) -install(TARGETS query_classifier DESTINATION lib) +install(TARGETS query_classifier COMPONENT lib DESTINATION ${MAXSCALE_LIBRARY_INSTALL}) if(BUILD_TESTS) add_subdirectory(test) endif() diff --git a/server/core/CMakeLists.txt b/server/core/CMakeLists.txt index 630d4c034..ee01396d8 100644 --- a/server/core/CMakeLists.txt +++ b/server/core/CMakeLists.txt @@ -18,15 +18,15 @@ if(WITH_TCMALLOC) endif() target_link_libraries(maxscale ${EMBEDDED_LIB} ${PCRE_LINK_FLAGS} ${CURL_LIBRARIES} log_manager utils ssl aio pthread crypt dl crypto inih z rt m stdc++) -install(TARGETS maxscale DESTINATION bin) +install(TARGETS maxscale DESTINATION ${MAXSCALE_EXECUTABLE_INSTALL}) add_executable(maxkeys maxkeys.c secrets.c utils.c) target_link_libraries(maxkeys log_manager utils pthread crypt crypto) -install(TARGETS maxkeys DESTINATION bin) +install(TARGETS maxkeys DESTINATION ${MAXSCALE_EXECUTABLE_INSTALL}) add_executable(maxpasswd maxpasswd.c secrets.c utils.c) target_link_libraries(maxpasswd log_manager utils pthread crypt crypto) -install(TARGETS maxpasswd DESTINATION bin) +install(TARGETS maxpasswd DESTINATION ${MAXSCALE_EXECUTABLE_INSTALL}) if(BUILD_TESTS) add_subdirectory(test) diff --git a/server/core/gateway.c b/server/core/gateway.c index c06b9f309..d2bcd13a9 100644 --- a/server/core/gateway.c +++ b/server/core/gateway.c @@ -113,16 +113,6 @@ static char* server_options[] = { const int num_elements = (sizeof(server_options) / sizeof(char *)) - 1; -const char* default_cnf_fname = "MaxScale.cnf"; - -const char* default_configdir = "/etc/"; -const char* default_logdir = "/var/log/maxscale/"; -const char* default_datadir = "/var/lib/maxscale/"; -const char* default_moduledir = "/lib64/maxscale/modules/"; -const char* default_cachedir = "/var/cache/maxscale/"; -const char* default_langdir = "/usr/share/mysql/english/"; -const char* default_piddir = "/var/run/maxscale/"; - static char* server_groups[] = { "embedded", "server", @@ -1752,7 +1742,8 @@ int main(int argc, char **argv) if(langdir == NULL) langdir = strdup(default_langdir); - + if(moduledir == NULL) + moduledir = strdup(default_moduledir); /** * Set a data directory for the mysqld library, we use * a unique directory name to avoid clauses if multiple @@ -1786,33 +1777,35 @@ int main(int argc, char **argv) if (!daemon_mode) { fprintf(stderr, - //"Home directory : %s" - "Configuration file : %s" - "\nLog directory : %s" - "\nData directory : %s\n\n", - //home_dir, + "Configuration file : %s\n" + "Log directory : %s\n" + "Data directory : %s\n" + "Module directory : %s\n\n", cnf_file_path, logdir, - datadir); + datadir, + moduledir); } -/* - LOGIF(LM, (skygw_log_write_flush( - LOGFILE_MESSAGE, - "Home directory : %s", - home_dir))); -*/ - LOGIF(LM, (skygw_log_write_flush( - LOGFILE_MESSAGE, - "Data directory : %s", - datadir))); - LOGIF(LM, (skygw_log_write_flush( - LOGFILE_MESSAGE, - "Log directory : %s/", - logdir))); - LOGIF(LM, (skygw_log_write_flush( - LOGFILE_MESSAGE, - "Configuration file : %s", - cnf_file_path))); + + LOGIF(LM, + (skygw_log_write_flush( + LOGFILE_MESSAGE, + "Configuration file: %s", + cnf_file_path))); + LOGIF(LM, + (skygw_log_write_flush( + LOGFILE_MESSAGE, + "Log directory: %s/", + logdir))); + LOGIF(LM, + (skygw_log_write_flush( + LOGFILE_MESSAGE, + "Data directory: %s", + datadir))); + LOGIF(LM, + (skygw_log_write_flush(LOGFILE_MESSAGE, + "Module directory: %s", + moduledir))); /*< Update the server options */ for (i = 0; server_options[i]; i++) @@ -2211,4 +2204,4 @@ static int cnf_preparser(void* data, const char* section, const char* name, cons } return 1; -} \ No newline at end of file +} diff --git a/server/core/load_utils.c b/server/core/load_utils.c index c2716befa..c1ae57a3e 100644 --- a/server/core/load_utils.c +++ b/server/core/load_utils.c @@ -147,7 +147,6 @@ MODULE_INFO *mod_info = NULL; if (access(fname, F_OK) == -1) { - //home = get_maxscale_home (); snprintf(fname, MAXPATHLEN+1,"%s/lib%s.so", get_moduledir(), module); if (access(fname, F_OK) == -1) diff --git a/server/include/gw.h b/server/include/gw.h index e2c69aa7c..64db00204 100644 --- a/server/include/gw.h +++ b/server/include/gw.h @@ -1,3 +1,5 @@ +#ifndef _GW_HG +#define _GW_HG #include #include #include @@ -16,9 +18,19 @@ #include #include #include - #include +/** Default file locations */ +static const char* default_cnf_fname = "MaxScale.cnf"; +static const char* default_configdir = "/etc/"; +static const char* default_logdir = "/var/log/maxscale/"; +static const char* default_datadir = "/var/cache/maxscale/"; +static const char* default_moduledir = "/lib64/maxscale/"; +static const char* default_cachedir = "/var/cache/maxscale/"; +static const char* default_langdir = "/usr/share/mysql/english/"; /*< This is where the MariaDB + * server installs errmsg.sys */ +static const char* default_piddir = "/var/run/maxscale/"; + #define EXIT_FAILURE 1 // network buffer is 32K @@ -65,4 +77,5 @@ int gw_write(DCB *dcb, const void *buf, size_t nbytes); int gw_getsockerrno(int fd); int parse_bindconfig(char *, unsigned short, struct sockaddr_in *); int setipaddress(struct in_addr *, char *); -char* get_moduledir(); \ No newline at end of file +char* get_moduledir(); +#endif diff --git a/server/modules/filter/CMakeLists.txt b/server/modules/filter/CMakeLists.txt index 0af1ea566..77ebc7d0c 100644 --- a/server/modules/filter/CMakeLists.txt +++ b/server/modules/filter/CMakeLists.txt @@ -3,41 +3,41 @@ if(BUILD_RABBITMQ) include_directories(${RABBITMQ_HEADERS}) add_library(mqfilter SHARED mqfilter.c) target_link_libraries(mqfilter query_classifier log_manager utils ${RABBITMQ_LIBRARIES}) - install(TARGETS mqfilter DESTINATION modules) + install(TARGETS mqfilter DESTINATION ${MAXSCALE_MODULE_INSTALL}) endif() add_library(regexfilter SHARED regexfilter.c) target_link_libraries(regexfilter log_manager utils) -install(TARGETS regexfilter DESTINATION modules) +install(TARGETS regexfilter DESTINATION ${MAXSCALE_MODULE_INSTALL}) add_library(testfilter SHARED testfilter.c) target_link_libraries(testfilter log_manager utils) -install(TARGETS testfilter DESTINATION modules) +install(TARGETS testfilter DESTINATION ${MAXSCALE_MODULE_INSTALL}) add_library(qlafilter SHARED qlafilter.c) target_link_libraries(qlafilter log_manager utils) -install(TARGETS qlafilter DESTINATION modules) +install(TARGETS qlafilter DESTINATION ${MAXSCALE_MODULE_INSTALL}) add_library(tee SHARED tee.c) target_link_libraries(tee log_manager utils) -install(TARGETS tee DESTINATION modules) +install(TARGETS tee DESTINATION ${MAXSCALE_MODULE_INSTALL}) add_library(topfilter SHARED topfilter.c) target_link_libraries(topfilter log_manager utils) -install(TARGETS topfilter DESTINATION modules) +install(TARGETS topfilter DESTINATION ${MAXSCALE_MODULE_INSTALL}) add_library(dbfwfilter SHARED dbfwfilter.c) target_link_libraries(dbfwfilter log_manager utils query_classifier) -install(TARGETS dbfwfilter DESTINATION modules) +install(TARGETS dbfwfilter DESTINATION ${MAXSCALE_MODULE_INSTALL}) add_library(namedserverfilter SHARED namedserverfilter.c) target_link_libraries(namedserverfilter log_manager utils) -install(TARGETS namedserverfilter DESTINATION modules) +install(TARGETS namedserverfilter DESTINATION ${MAXSCALE_MODULE_INSTALL}) if(BUILD_SLAVELAG) add_library(slavelag SHARED slavelag.c) target_link_libraries(slavelag log_manager utils query_classifier) - install(TARGETS slavelag DESTINATION modules) + install(TARGETS slavelag DESTINATION ${MAXSCALE_MODULE_INSTALL}) endif() if(BUILD_TOOLS) diff --git a/server/modules/filter/hint/CMakeLists.txt b/server/modules/filter/hint/CMakeLists.txt index f47cb637e..ecc3cbb85 100644 --- a/server/modules/filter/hint/CMakeLists.txt +++ b/server/modules/filter/hint/CMakeLists.txt @@ -1,4 +1,4 @@ add_library(hintfilter SHARED hintfilter.c hintparser.c) set_target_properties(hintfilter PROPERTIES INSTALL_RPATH ${CMAKE_INSTALL_RPATH}:${CMAKE_INSTALL_PREFIX}/lib) target_link_libraries(hintfilter ssl log_manager utils) -install(TARGETS hintfilter DESTINATION modules) \ No newline at end of file +install(TARGETS hintfilter DESTINATION ${MAXSCALE_MODULE_INSTALL}) diff --git a/server/modules/monitor/CMakeLists.txt b/server/modules/monitor/CMakeLists.txt index a99a66142..74a6f2870 100644 --- a/server/modules/monitor/CMakeLists.txt +++ b/server/modules/monitor/CMakeLists.txt @@ -1,16 +1,16 @@ add_library(mysqlmon SHARED mysql_mon.c) target_link_libraries(mysqlmon log_manager utils) -install(TARGETS mysqlmon DESTINATION modules) +install(TARGETS mysqlmon DESTINATION ${MAXSCALE_MODULE_INSTALL}) add_library(galeramon SHARED galera_mon.c) target_link_libraries(galeramon log_manager utils) -install(TARGETS galeramon DESTINATION modules) +install(TARGETS galeramon DESTINATION ${MAXSCALE_MODULE_INSTALL}) add_library(ndbclustermon SHARED ndbcluster_mon.c) target_link_libraries(ndbclustermon log_manager utils) -install(TARGETS ndbclustermon DESTINATION modules) +install(TARGETS ndbclustermon DESTINATION ${MAXSCALE_MODULE_INSTALL}) if(BUILD_MMMON) add_library(mmmon SHARED mm_mon.c) target_link_libraries(mmmon log_manager utils) - install(TARGETS mmmon DESTINATION modules) + install(TARGETS mmmon DESTINATION ${MAXSCALE_MODULE_INSTALL}) endif() diff --git a/server/modules/protocol/CMakeLists.txt b/server/modules/protocol/CMakeLists.txt index fa1c2ab34..488f2e4b6 100644 --- a/server/modules/protocol/CMakeLists.txt +++ b/server/modules/protocol/CMakeLists.txt @@ -1,27 +1,27 @@ add_library(MySQLClient SHARED mysql_client.c mysql_common.c) target_link_libraries(MySQLClient log_manager utils) -install(TARGETS MySQLClient DESTINATION modules) +install(TARGETS MySQLClient DESTINATION ${MAXSCALE_MODULE_INSTALL}) add_library(MySQLBackend SHARED mysql_backend.c mysql_common.c) target_link_libraries(MySQLBackend log_manager utils) -install(TARGETS MySQLBackend DESTINATION modules) +install(TARGETS MySQLBackend DESTINATION ${MAXSCALE_MODULE_INSTALL}) add_library(telnetd SHARED telnetd.c) target_link_libraries(telnetd log_manager utils) -install(TARGETS telnetd DESTINATION modules) +install(TARGETS telnetd DESTINATION ${MAXSCALE_MODULE_INSTALL}) add_library(HTTPD SHARED httpd.c) target_link_libraries(HTTPD log_manager utils) -install(TARGETS HTTPD DESTINATION modules) +install(TARGETS HTTPD DESTINATION ${MAXSCALE_MODULE_INSTALL}) if(BUILD_TESTS) add_library(testprotocol SHARED testprotocol.c) - install(TARGETS testprotocol DESTINATION modules) + install(TARGETS testprotocol DESTINATION ${MAXSCALE_MODULE_INSTALL}) endif() add_library(maxscaled SHARED maxscaled.c) target_link_libraries(maxscaled log_manager utils) -install(TARGETS maxscaled DESTINATION modules) +install(TARGETS maxscaled DESTINATION ${MAXSCALE_MODULE_INSTALL}) diff --git a/server/modules/routing/CMakeLists.txt b/server/modules/routing/CMakeLists.txt index 77abe6cd1..b73edfa8c 100644 --- a/server/modules/routing/CMakeLists.txt +++ b/server/modules/routing/CMakeLists.txt @@ -2,28 +2,28 @@ if(BUILD_TESTS) add_subdirectory(test) add_library(testroute SHARED testroute.c) target_link_libraries(testroute log_manager utils) - install(TARGETS testroute DESTINATION modules) + install(TARGETS testroute DESTINATION ${MAXSCALE_MODULE_INSTALL}) endif() add_library(schemarouter SHARED schemarouter/schemarouter.c) target_link_libraries(schemarouter log_manager utils query_classifier) -install(TARGETS schemarouter DESTINATION modules) +install(TARGETS schemarouter DESTINATION ${MAXSCALE_MODULE_INSTALL}) add_library(shardrouter SHARED schemarouter/shardrouter.c) target_link_libraries(shardrouter log_manager utils query_classifier) -install(TARGETS shardrouter DESTINATION modules) +install(TARGETS shardrouter DESTINATION ${MAXSCALE_MODULE_INSTALL}) add_library(readconnroute SHARED readconnroute.c) target_link_libraries(readconnroute log_manager utils) -install(TARGETS readconnroute DESTINATION modules) +install(TARGETS readconnroute DESTINATION ${MAXSCALE_MODULE_INSTALL}) add_library(debugcli SHARED debugcli.c debugcmd.c) target_link_libraries(debugcli log_manager utils) -install(TARGETS debugcli DESTINATION modules) +install(TARGETS debugcli DESTINATION ${MAXSCALE_MODULE_INSTALL}) add_library(cli SHARED cli.c debugcmd.c) target_link_libraries(cli log_manager utils) -install(TARGETS cli DESTINATION modules) +install(TARGETS cli DESTINATION ${MAXSCALE_MODULE_INSTALL}) add_subdirectory(readwritesplit) add_subdirectory(schemarouter/test) diff --git a/server/modules/routing/binlog/CMakeLists.txt b/server/modules/routing/binlog/CMakeLists.txt index 4de2a35b4..9fcd8536e 100644 --- a/server/modules/routing/binlog/CMakeLists.txt +++ b/server/modules/routing/binlog/CMakeLists.txt @@ -1,4 +1,4 @@ add_library(binlogrouter SHARED blr.c blr_master.c blr_cache.c blr_slave.c blr_file.c) -set_target_properties(binlogrouter PROPERTIES INSTALL_RPATH ${CMAKE_INSTALL_RPATH}:${CMAKE_INSTALL_PREFIX}/lib) +set_target_properties(binlogrouter PROPERTIES INSTALL_RPATH ${CMAKE_INSTALL_RPATH}:${MAXSCALE_MODULE_INSTALL}:${MAXSCALE_LIBRARY_INSTALL}) target_link_libraries(binlogrouter ssl pthread log_manager) -install(TARGETS binlogrouter DESTINATION modules) +install(TARGETS binlogrouter DESTINATION ${MAXSCALE_MODULE_INSTALL}) diff --git a/server/modules/routing/maxinfo/CMakeLists.txt b/server/modules/routing/maxinfo/CMakeLists.txt index 898df9b73..2585f2a2a 100644 --- a/server/modules/routing/maxinfo/CMakeLists.txt +++ b/server/modules/routing/maxinfo/CMakeLists.txt @@ -1,4 +1,4 @@ add_library(maxinfo SHARED maxinfo.c maxinfo_parse.c maxinfo_error.c maxinfo_exec.c) -set_target_properties(maxinfo PROPERTIES INSTALL_RPATH ${CMAKE_INSTALL_RPATH}:${CMAKE_INSTALL_PREFIX}/lib) +set_target_properties(maxinfo PROPERTIES INSTALL_RPATH ${CMAKE_INSTALL_RPATH}:${MAXSCALE_MODULE_INSTALL}:MAXSCALE_LIBRARY_INSTALL) target_link_libraries(maxinfo pthread log_manager) -install(TARGETS maxinfo DESTINATION modules) +install(TARGETS maxinfo DESTINATION ${MAXSCALE_MODULE_INSTALL}) diff --git a/server/modules/routing/readwritesplit/CMakeLists.txt b/server/modules/routing/readwritesplit/CMakeLists.txt index 6960d4c8d..fe56582dc 100644 --- a/server/modules/routing/readwritesplit/CMakeLists.txt +++ b/server/modules/routing/readwritesplit/CMakeLists.txt @@ -1,6 +1,6 @@ add_library(readwritesplit SHARED readwritesplit.c) target_link_libraries(readwritesplit ssl pthread log_manager utils query_classifier) -install(TARGETS readwritesplit DESTINATION modules) +install(TARGETS readwritesplit DESTINATION ${MAXSCALE_MODULE_INSTALL}) if(BUILD_TESTS) add_subdirectory(test) endif() From ed426ca30da5c61b9aaf7805bdd5c0166c2d0cd1 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Sun, 26 Apr 2015 06:21:28 +0300 Subject: [PATCH 003/119] Updated packaging install layout, moved some cmake files around. --- CMakeLists.txt | 14 +++++++++----- cmake/install_layout.cmake | 29 +++++++++++++++++++++++++++++ macros.cmake => cmake/macros.cmake | 28 ---------------------------- etc/postinst.in | 3 +++ plugins/CMakeLists.txt | 10 +++++----- server/core/gateway.c | 14 ++++++++++---- server/core/service.c | 8 +++++--- 7 files changed, 61 insertions(+), 45 deletions(-) create mode 100644 cmake/install_layout.cmake rename macros.cmake => cmake/macros.cmake (83%) diff --git a/CMakeLists.txt b/CMakeLists.txt index 48bf38e8e..bf7e135e7 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -6,13 +6,16 @@ endif() message(STATUS "CMake version: ${CMAKE_VERSION}") -include(macros.cmake) - +include(${CMAKE_SOURCE_DIR}/cmake/macros.cmake) +include(${CMAKE_SOURCE_DIR}/cmake/install_layout.cmake) enable_testing() set_variables() set_maxscale_version() -set(CMAKE_INSTALL_PREFIX "/usr/local/mariadb-maxscale" CACHE PATH "Prefix prepended to install directories.") + +set(INSTALL_LAYOUT "STANDALONE" CACHE STRING "Install layout, options are: STANDALONE, RPM, DEB") +set_install_layout(${INSTALL_LAYOUT}) + set(CMAKE_BUILD_TYPE "RelWithDebInfo" CACHE STRING "Choose the type of build, options are: None(CMAKE_CXX_FLAGS or CMAKE_C_FLAGS used) Debug Release RelWithDebInfo MinSizeRel.") set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/cmake") @@ -37,6 +40,7 @@ if(NOT CURL_FOUND) message(FATAL_ERROR "Failed to locate dependency: libcurl") endif() +set(CMAKE_INSTALL_RPATH ${CMAKE_INSTALL_RPATH}:${MAXSCALE_MODULE_DIR}:${MAXSCALE_LIBRARY_DIR}) # Make sure the release notes for this release are present if it is a stable one if(${MAXSCALE_VERSION} MATCHES "-stable") @@ -144,7 +148,7 @@ install(FILES ${CMAKE_BINARY_DIR}/ReleaseNotes.txt DESTINATION ${MAXSCALE_SHARE_ install(FILES ${CMAKE_BINARY_DIR}/UpgradingToMaxScale110.txt DESTINATION ${MAXSCALE_SHARE_DIR}) install(FILES server/MaxScale_template.cnf DESTINATION ${MAXSCALE_CONFIG_DIR}) install(FILES server/MaxScale_BinlogServer_template.cnf DESTINATION ${MAXSCALE_CONFIG_DIR}) -install(FILES ${ERRMSG} DESTINATION ${MAXSCALE_LANG_DIR}) +install(FILES ${ERRMSG} DESTINATION ${MAXSCALE_SHARE_DIR}) install(FILES ${CMAKE_SOURCE_DIR}/COPYRIGHT DESTINATION ${MAXSCALE_SHARE_DIR}) install(FILES ${CMAKE_SOURCE_DIR}/README DESTINATION ${MAXSCALE_SHARE_DIR}) install(FILES ${CMAKE_SOURCE_DIR}/LICENSE DESTINATION ${MAXSCALE_SHARE_DIR}) @@ -225,7 +229,7 @@ if(PACKAGE) endif() endif() -add_custom_target(buildtests +add_custom_target(buildtestsx COMMAND ${CMAKE_COMMAND} -DDEPS_OK=Y -DBUILD_TESTS=Y -DCMAKE_BUILD_TYPE=Debug -DCMAKE_INSTALL_PREFIX=${CMAKE_BINARY_DIR} -DWITH_SCRIPTS=N ${CMAKE_SOURCE_DIR} COMMAND make COMMENT "Building test suite..." VERBATIM diff --git a/cmake/install_layout.cmake b/cmake/install_layout.cmake new file mode 100644 index 000000000..0d594188f --- /dev/null +++ b/cmake/install_layout.cmake @@ -0,0 +1,29 @@ +# Set the install layout +# Possible values: +# STANDALONE - Installs to /usr/local/mariadb-maxscale +# RPM - Installs to /usr +# DEB - Installs to /usr +function(set_install_layout TYPE) + + if(${TYPE} MATCHES "STANDALONE") + + set(CMAKE_INSTALL_PREFIX "/usr/local/mariadb-maxscale" CACHE PATH "Prefix prepended to install directories.") + +# RPM and DEB are the same until differences are found + elseif(${TYPE} MATCHES "RPM") + + set(CMAKE_INSTALL_PREFIX "/usr" CACHE PATH "Prefix prepended to install directories.") + + elseif(${TYPE} MATCHES "DEB") + + set(CMAKE_INSTALL_PREFIX "/usr" CACHE PATH "Prefix prepended to install directories.") + + endif() + + set(MAXSCALE_MODULE_INSTALL lib64/maxscale CACHE PATH "Module installation path") + set(MAXSCALE_LIBRARY_INSTALL lib64/maxscale CACHE PATH "Library installation path") + set(MAXSCALE_EXECUTABLE_INSTALL bin CACHE PATH "Executable installation path") + set(MAXSCALE_SHARE_DIR share/maxscale CACHE PATH "Share file installation path, includes licence and readme files") + set(MAXSCALE_DOC_DIR ${MAXSCALE_SHARE_DIR}/doc CACHE PATH "Documentation installation path, text versions only") + set(MAXSCALE_CONFIG_DIR ${MAXSCALE_SHARE_DIR}/etc CACHE PATH "Configuration file installation path, example configurations will be placed here") +endfunction() diff --git a/macros.cmake b/cmake/macros.cmake similarity index 83% rename from macros.cmake rename to cmake/macros.cmake index d80202534..440c3fed5 100644 --- a/macros.cmake +++ b/cmake/macros.cmake @@ -74,34 +74,6 @@ macro(set_variables) # Build extra tools set(BUILD_TOOLS FALSE CACHE BOOL "Build extra utility tools") - # Change installation directories to standard locations for packages - if(PACKAGE) - set(MAXSCALE_MODULE_INSTALL /lib64/maxscale CACHE PATH "Module installation path") - set(MAXSCALE_LIBRARY_INSTALL /lib64/maxscale CACHE PATH "Library installation path") - message(STATUS "Installing MaxScale modules to: ${MAXSCALE_MODULE_INSTALL}/") - set(MAXSCALE_EXECUTABLE_INSTALL /bin CACHE PATH "Executable installation path") - message(STATUS "Installing MaxScale binaries to: ${MAXSCALE_EXECUTABLE_INSTALL}/") - set(MAXSCALE_CONFIG_DIR /etc CACHE PATH "Configuration file installation path") - set(MAXSCALE_DOC_DIR /usr/share/maxscale/doc CACHE PATH "Documentation installation path") - set(MAXSCALE_LOG_DIR /var/log/maxscale CACHE PATH "Log file directory") - message(STATUS "MaxScale log directory: ${MAXSCALE_LOG_DIR}/") - set(MAXSCALE_CACHE_DIR /var/cache/maxscale CACHE PATH "Service cache file directory") - set(MAXSCALE_LANG_DIR /var/cache/maxscale CACHE PATH "Language file directory(errmsg.sys)") - set(MAXSCALE_SHARE_DIR /usr/share/maxscale CACHE PATH "Share file installation path") - set(CMAKE_INSTALL_RPATH ${CMAKE_INSTALL_RPATH}:${MAXSCALE_MODULE_DIR}:${MAXSCALE_LIBRARY_DIR}) - else() - message(STATUS "Installing MaxScale to: ${CMAKE_INSTALL_PREFIX}/") - set(MAXSCALE_MODULE_INSTALL lib64/maxscale CACHE PATH "Module installation path") - set(MAXSCALE_LIBRARY_INSTALL lib64/maxscale CACHE PATH "Library installation path") - set(MAXSCALE_EXECUTABLE_INSTALL bin CACHE PATH "Executable installation path") - set(MAXSCALE_CONFIG_DIR etc CACHE PATH "Configuration file installation path") - set(MAXSCALE_DOC_DIR doc CACHE PATH "Documentation installation path") - set(MAXSCALE_LOG_DIR log CACHE PATH "Log file directory") - set(MAXSCALE_CACHE_DIR cache CACHE PATH "Service cache file directory") - set(MAXSCALE_LANG_DIR cache CACHE PATH "Log file directory") - set(MAXSCALE_SHARE_DIR . CACHE PATH "Share file installation path") - endif() - endmacro() macro(check_deps) diff --git a/etc/postinst.in b/etc/postinst.in index 4bd193958..46772ca16 100755 --- a/etc/postinst.in +++ b/etc/postinst.in @@ -1,5 +1,8 @@ #!/bin/sh +mkdir -p /var/log/maxscale +mkdir -p /var/cache/maxscale +mkdir -p /var/run/maxscale cp @CMAKE_INSTALL_PREFIX@/maxscale /etc/init.d/ cp @CMAKE_INSTALL_PREFIX@/maxscale.conf /etc/ld.so.conf.d/ /sbin/ldconfig diff --git a/plugins/CMakeLists.txt b/plugins/CMakeLists.txt index 3ea1eb028..1936ebe84 100644 --- a/plugins/CMakeLists.txt +++ b/plugins/CMakeLists.txt @@ -1,5 +1,5 @@ -install(FILES nagios/check_maxscale_monitors.pl DESTINATION plugins/nagios) -install(FILES nagios/check_maxscale_resources.pl DESTINATION plugins/nagios) -install(FILES nagios/check_maxscale_threads.pl DESTINATION plugins/nagios) -install(FILES nagios/maxscale_commands.cfg DESTINATION plugins/nagios) -install(FILES nagios/server1.cfg DESTINATION plugins/nagios) +install(FILES nagios/check_maxscale_monitors.pl DESTINATION ${MAXSCALE_SHARE_DIR}/plugins/nagios) +install(FILES nagios/check_maxscale_resources.pl DESTINATION ${MAXSCALE_SHARE_DIR}/plugins/nagios) +install(FILES nagios/check_maxscale_threads.pl DESTINATION ${MAXSCALE_SHARE_DIR}/plugins/nagios) +install(FILES nagios/maxscale_commands.cfg DESTINATION ${MAXSCALE_SHARE_DIR}/plugins/nagios) +install(FILES nagios/server1.cfg DESTINATION ${MAXSCALE_SHARE_DIR}/plugins/nagios) diff --git a/server/core/gateway.c b/server/core/gateway.c index d2bcd13a9..6b55b2661 100644 --- a/server/core/gateway.c +++ b/server/core/gateway.c @@ -1276,6 +1276,7 @@ int main(int argc, char **argv) { moduledir = tmp_path; } + break; case 'A': if(handle_path_arg(&tmp_path,optarg,NULL,true,true)) { @@ -1739,7 +1740,6 @@ int main(int argc, char **argv) if(cachedir == NULL) cachedir = strdup(default_cachedir); - if(langdir == NULL) langdir = strdup(default_langdir); if(moduledir == NULL) @@ -1780,11 +1780,13 @@ int main(int argc, char **argv) "Configuration file : %s\n" "Log directory : %s\n" "Data directory : %s\n" - "Module directory : %s\n\n", + "Module directory : %s\n" + "Service cache : %s\n\n", cnf_file_path, logdir, datadir, - moduledir); + moduledir, + cachedir); } LOGIF(LM, @@ -1806,6 +1808,10 @@ int main(int argc, char **argv) (skygw_log_write_flush(LOGFILE_MESSAGE, "Module directory: %s", moduledir))); + LOGIF(LM, + (skygw_log_write_flush(LOGFILE_MESSAGE, + "Service cache: %s", + cachedir))); /*< Update the server options */ for (i = 0; server_options[i]; i++) @@ -1882,7 +1888,7 @@ int main(int argc, char **argv) if (!config_load(cnf_file_path)) { char* fprerr = "Failed to load MaxScale configuration " - "file. Exiting."; + "file. Exiting. See the error log for details."; print_log_n_stderr(false, !daemon_mode, fprerr, fprerr, 0); LOGIF(LE, (skygw_log_write_flush( LOGFILE_ERROR, diff --git a/server/core/service.c b/server/core/service.c index 4584ded24..9455921b7 100644 --- a/server/core/service.c +++ b/server/core/service.c @@ -61,6 +61,7 @@ #include #include #include +#include /** Defined in log_manager.cc */ extern int lm_enabled_logfiles_bitmask; @@ -112,7 +113,7 @@ SERVICE *service; return NULL; if ((service->router = load_module(router, MODULE_ROUTER)) == NULL) { - char* home = get_maxscale_home(); + char* home = get_moduledir(); char* ldpath = getenv("LD_LIBRARY_PATH"); LOGIF(LE, (skygw_log_write_flush( @@ -120,12 +121,13 @@ SERVICE *service; "Error : Unable to load %s module \"%s\".\n\t\t\t" " Ensure that lib%s.so exists in one of the " "following directories :\n\t\t\t " - "- %s/modules\n\t\t\t - %s", + "- %s/modules\n%s%s", MODULE_ROUTER, router, router, home, - ldpath))); + ldpath?"\t\t\t - ":"", + ldpath?ldpath:""))); free(service); return NULL; } From 10e9203b5be2cc2cb7d5bfade09259fb6a12e667 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Sun, 26 Apr 2015 11:39:00 +0300 Subject: [PATCH 004/119] Updated postinst script --- CMakeLists.txt | 9 +++++---- etc/postinst.in | 4 ++-- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index bf7e135e7..78d205936 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -175,13 +175,14 @@ if(WITH_SCRIPTS) endif() if(PACKAGE) - install(FILES ${CMAKE_BINARY_DIR}/maxscale DESTINATION . + # Install the files copied by the postinst script into the share folder + install(FILES ${CMAKE_BINARY_DIR}/maxscale DESTINATION ${MAXSCALE_SHARE_DIR} PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) - install(FILES ${CMAKE_BINARY_DIR}/maxscale.conf DESTINATION . + install(FILES ${CMAKE_BINARY_DIR}/maxscale.conf DESTINATION ${MAXSCALE_SHARE_DIR} PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) - install(FILES ${CMAKE_BINARY_DIR}/postinst DESTINATION . + install(FILES ${CMAKE_BINARY_DIR}/postinst DESTINATION ${MAXSCALE_SHARE_DIR} PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) - install(FILES ${CMAKE_BINARY_DIR}/postrm DESTINATION . + install(FILES ${CMAKE_BINARY_DIR}/postrm DESTINATION ${MAXSCALE_SHARE_DIR} PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) if(${CMAKE_VERSION} VERSION_LESS 2.8.12) message(WARNING "CMake version is ${CMAKE_VERSION}. Building of packages requires version 2.8.12 or greater.") diff --git a/etc/postinst.in b/etc/postinst.in index 46772ca16..c04850019 100755 --- a/etc/postinst.in +++ b/etc/postinst.in @@ -3,6 +3,6 @@ mkdir -p /var/log/maxscale mkdir -p /var/cache/maxscale mkdir -p /var/run/maxscale -cp @CMAKE_INSTALL_PREFIX@/maxscale /etc/init.d/ -cp @CMAKE_INSTALL_PREFIX@/maxscale.conf /etc/ld.so.conf.d/ +cp @CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHARE_DIR@/maxscale /etc/init.d/ +cp @CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHARE_DIR@/maxscale.conf /etc/ld.so.conf.d/ /sbin/ldconfig From 17a7b2addbebc2ac8d19b897e195014830b87431 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Sun, 26 Apr 2015 20:08:27 +0300 Subject: [PATCH 005/119] Updated more variables. --- CMakeLists.txt | 39 ++++++++++--------- client/CMakeLists.txt | 2 +- cmake/install_layout.cmake | 31 ++++++--------- log_manager/CMakeLists.txt | 2 +- plugins/CMakeLists.txt | 10 ++--- query_classifier/CMakeLists.txt | 2 +- server/core/CMakeLists.txt | 6 +-- server/core/gateway.c | 30 +++++++------- server/core/load_utils.c | 4 +- server/core/service.c | 2 +- server/include/gw.h | 4 +- server/modules/filter/CMakeLists.txt | 20 +++++----- server/modules/filter/hint/CMakeLists.txt | 4 +- server/modules/monitor/CMakeLists.txt | 8 ++-- server/modules/protocol/CMakeLists.txt | 12 +++--- server/modules/routing/CMakeLists.txt | 12 +++--- server/modules/routing/binlog/CMakeLists.txt | 4 +- server/modules/routing/maxinfo/CMakeLists.txt | 4 +- .../routing/readwritesplit/CMakeLists.txt | 2 +- 19 files changed, 95 insertions(+), 103 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 78d205936..ba669131c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -6,23 +6,24 @@ endif() message(STATUS "CMake version: ${CMAKE_VERSION}") + include(${CMAKE_SOURCE_DIR}/cmake/macros.cmake) + +# Set the installation layout +set(INSTALL_LAYOUT "STANDALONE" CACHE STRING "Install layout, options are: STANDALONE, RPM, DEB") include(${CMAKE_SOURCE_DIR}/cmake/install_layout.cmake) + enable_testing() set_variables() set_maxscale_version() - -set(INSTALL_LAYOUT "STANDALONE" CACHE STRING "Install layout, options are: STANDALONE, RPM, DEB") -set_install_layout(${INSTALL_LAYOUT}) - set(CMAKE_BUILD_TYPE "RelWithDebInfo" CACHE STRING "Choose the type of build, options are: None(CMAKE_CXX_FLAGS or CMAKE_C_FLAGS used) Debug Release RelWithDebInfo MinSizeRel.") set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/cmake") project(MaxScale) -#Disabled for now pending evaluation +#Do the platform check include(cmake/CheckPlatform.cmake) check_deps() @@ -40,7 +41,7 @@ if(NOT CURL_FOUND) message(FATAL_ERROR "Failed to locate dependency: libcurl") endif() -set(CMAKE_INSTALL_RPATH ${CMAKE_INSTALL_RPATH}:${MAXSCALE_MODULE_DIR}:${MAXSCALE_LIBRARY_DIR}) +set(CMAKE_INSTALL_RPATH ${CMAKE_INSTALL_RPATH}:${CMAKE_INSTALL_PREFIX}/${MAXSCALE_LIBDIR}) # Make sure the release notes for this release are present if it is a stable one if(${MAXSCALE_VERSION} MATCHES "-stable") @@ -143,15 +144,15 @@ ${CMAKE_SOURCE_DIR}/Documentation/Upgrading-To-MaxScale-1.1.0.md ${CMAKE_BINARY_DIR}/UpgradingToMaxScale110.txt) -install(FILES ${CMAKE_BINARY_DIR}/Changelog.txt DESTINATION ${MAXSCALE_SHARE_DIR}) -install(FILES ${CMAKE_BINARY_DIR}/ReleaseNotes.txt DESTINATION ${MAXSCALE_SHARE_DIR}) -install(FILES ${CMAKE_BINARY_DIR}/UpgradingToMaxScale110.txt DESTINATION ${MAXSCALE_SHARE_DIR}) -install(FILES server/MaxScale_template.cnf DESTINATION ${MAXSCALE_CONFIG_DIR}) -install(FILES server/MaxScale_BinlogServer_template.cnf DESTINATION ${MAXSCALE_CONFIG_DIR}) -install(FILES ${ERRMSG} DESTINATION ${MAXSCALE_SHARE_DIR}) -install(FILES ${CMAKE_SOURCE_DIR}/COPYRIGHT DESTINATION ${MAXSCALE_SHARE_DIR}) -install(FILES ${CMAKE_SOURCE_DIR}/README DESTINATION ${MAXSCALE_SHARE_DIR}) -install(FILES ${CMAKE_SOURCE_DIR}/LICENSE DESTINATION ${MAXSCALE_SHARE_DIR}) +install(FILES ${CMAKE_BINARY_DIR}/Changelog.txt DESTINATION ${MAXSCALE_SHAREDIR}) +install(FILES ${CMAKE_BINARY_DIR}/ReleaseNotes.txt DESTINATION ${MAXSCALE_SHAREDIR}) +install(FILES ${CMAKE_BINARY_DIR}/UpgradingToMaxScale110.txt DESTINATION ${MAXSCALE_SHAREDIR}) +install(FILES server/MaxScale_template.cnf DESTINATION ${MAXSCALE_SHAREDIR}) +install(FILES server/MaxScale_BinlogServer_template.cnf DESTINATION ${MAXSCALE_SHAREDIR}) +install(FILES ${ERRMSG} DESTINATION ${MAXSCALE_SHAREDIR}) +install(FILES ${CMAKE_SOURCE_DIR}/COPYRIGHT DESTINATION ${MAXSCALE_SHAREDIR}) +install(FILES ${CMAKE_SOURCE_DIR}/README DESTINATION ${MAXSCALE_SHAREDIR}) +install(FILES ${CMAKE_SOURCE_DIR}/LICENSE DESTINATION ${MAXSCALE_SHAREDIR}) # Install startup scripts and ldconfig files if(WITH_SCRIPTS) @@ -176,13 +177,13 @@ endif() if(PACKAGE) # Install the files copied by the postinst script into the share folder - install(FILES ${CMAKE_BINARY_DIR}/maxscale DESTINATION ${MAXSCALE_SHARE_DIR} + install(FILES ${CMAKE_BINARY_DIR}/maxscale DESTINATION ${MAXSCALE_SHAREDIR} PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) - install(FILES ${CMAKE_BINARY_DIR}/maxscale.conf DESTINATION ${MAXSCALE_SHARE_DIR} + install(FILES ${CMAKE_BINARY_DIR}/maxscale.conf DESTINATION ${MAXSCALE_SHAREDIR} PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) - install(FILES ${CMAKE_BINARY_DIR}/postinst DESTINATION ${MAXSCALE_SHARE_DIR} + install(FILES ${CMAKE_BINARY_DIR}/postinst DESTINATION ${MAXSCALE_SHAREDIR} PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) - install(FILES ${CMAKE_BINARY_DIR}/postrm DESTINATION ${MAXSCALE_SHARE_DIR} + install(FILES ${CMAKE_BINARY_DIR}/postrm DESTINATION ${MAXSCALE_SHAREDIR} PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) if(${CMAKE_VERSION} VERSION_LESS 2.8.12) message(WARNING "CMake version is ${CMAKE_VERSION}. Building of packages requires version 2.8.12 or greater.") diff --git a/client/CMakeLists.txt b/client/CMakeLists.txt index 9b679aae0..32ab702ea 100644 --- a/client/CMakeLists.txt +++ b/client/CMakeLists.txt @@ -7,4 +7,4 @@ if(HIST) else() message(STATUS "Could not find editline library. MaxAdmin will be built without it.") endif() -install(TARGETS maxadmin DESTINATION ${MAXSCALE_EXECUTABLE_INSTALL}) +install(TARGETS maxadmin DESTINATION ${MAXSCALE_BINDIR}) diff --git a/cmake/install_layout.cmake b/cmake/install_layout.cmake index 0d594188f..821b2c474 100644 --- a/cmake/install_layout.cmake +++ b/cmake/install_layout.cmake @@ -3,27 +3,18 @@ # STANDALONE - Installs to /usr/local/mariadb-maxscale # RPM - Installs to /usr # DEB - Installs to /usr -function(set_install_layout TYPE) +if(${TYPE} MATCHES "STANDALONE") - if(${TYPE} MATCHES "STANDALONE") + set(CMAKE_INSTALL_PREFIX "/usr/local/mariadb-maxscale" CACHE PATH "Prefix prepended to install directories.") - set(CMAKE_INSTALL_PREFIX "/usr/local/mariadb-maxscale" CACHE PATH "Prefix prepended to install directories.") + # RPM and DEB are the same until differences are found +else() + set(CMAKE_INSTALL_PREFIX "/usr" CACHE PATH "Prefix prepended to install directories.") +endif() -# RPM and DEB are the same until differences are found - elseif(${TYPE} MATCHES "RPM") +set(MAXSCALE_LIBDIR lib64/maxscale CACHE PATH "Library installation path") +set(MAXSCALE_BINDIR bin CACHE PATH "Executable installation path") +set(MAXSCALE_SHAREDIR share/maxscale CACHE PATH "Share file installation path, includes licence and readme files") +set(MAXSCALE_DOCDIR share/doc/maxscale CACHE PATH "Documentation installation path, text versions only") +set(MAXSCALE_CONFDIR etc CACHE PATH "Configuration file installation path, this is not usually needed") - set(CMAKE_INSTALL_PREFIX "/usr" CACHE PATH "Prefix prepended to install directories.") - - elseif(${TYPE} MATCHES "DEB") - - set(CMAKE_INSTALL_PREFIX "/usr" CACHE PATH "Prefix prepended to install directories.") - - endif() - - set(MAXSCALE_MODULE_INSTALL lib64/maxscale CACHE PATH "Module installation path") - set(MAXSCALE_LIBRARY_INSTALL lib64/maxscale CACHE PATH "Library installation path") - set(MAXSCALE_EXECUTABLE_INSTALL bin CACHE PATH "Executable installation path") - set(MAXSCALE_SHARE_DIR share/maxscale CACHE PATH "Share file installation path, includes licence and readme files") - set(MAXSCALE_DOC_DIR ${MAXSCALE_SHARE_DIR}/doc CACHE PATH "Documentation installation path, text versions only") - set(MAXSCALE_CONFIG_DIR ${MAXSCALE_SHARE_DIR}/etc CACHE PATH "Configuration file installation path, example configurations will be placed here") -endfunction() diff --git a/log_manager/CMakeLists.txt b/log_manager/CMakeLists.txt index 607341d9a..3dfd883de 100644 --- a/log_manager/CMakeLists.txt +++ b/log_manager/CMakeLists.txt @@ -3,7 +3,7 @@ if(LOG_DEBUG) endif() add_library(log_manager SHARED log_manager.cc) target_link_libraries(log_manager pthread aio stdc++) -install(TARGETS log_manager DESTINATION ${MAXSCALE_LIBRARY_INSTALL}) +install(TARGETS log_manager DESTINATION ${MAXSCALE_LIBDIR}) if(BUILD_TESTS) add_subdirectory(test) endif() diff --git a/plugins/CMakeLists.txt b/plugins/CMakeLists.txt index 1936ebe84..fc18cc602 100644 --- a/plugins/CMakeLists.txt +++ b/plugins/CMakeLists.txt @@ -1,5 +1,5 @@ -install(FILES nagios/check_maxscale_monitors.pl DESTINATION ${MAXSCALE_SHARE_DIR}/plugins/nagios) -install(FILES nagios/check_maxscale_resources.pl DESTINATION ${MAXSCALE_SHARE_DIR}/plugins/nagios) -install(FILES nagios/check_maxscale_threads.pl DESTINATION ${MAXSCALE_SHARE_DIR}/plugins/nagios) -install(FILES nagios/maxscale_commands.cfg DESTINATION ${MAXSCALE_SHARE_DIR}/plugins/nagios) -install(FILES nagios/server1.cfg DESTINATION ${MAXSCALE_SHARE_DIR}/plugins/nagios) +install(FILES nagios/check_maxscale_monitors.pl DESTINATION ${MAXSCALE_SHAREDIR}/plugins/nagios) +install(FILES nagios/check_maxscale_resources.pl DESTINATION ${MAXSCALE_SHAREDIR}/plugins/nagios) +install(FILES nagios/check_maxscale_threads.pl DESTINATION ${MAXSCALE_SHAREDIR}/plugins/nagios) +install(FILES nagios/maxscale_commands.cfg DESTINATION ${MAXSCALE_SHAREDIR}/plugins/nagios) +install(FILES nagios/server1.cfg DESTINATION ${MAXSCALE_SHAREDIR}/plugins/nagios) diff --git a/query_classifier/CMakeLists.txt b/query_classifier/CMakeLists.txt index 7fb36d6c6..19820ccdd 100644 --- a/query_classifier/CMakeLists.txt +++ b/query_classifier/CMakeLists.txt @@ -1,5 +1,5 @@ add_library(query_classifier SHARED query_classifier.cc) -install(TARGETS query_classifier COMPONENT lib DESTINATION ${MAXSCALE_LIBRARY_INSTALL}) +install(TARGETS query_classifier COMPONENT lib DESTINATION ${MAXSCALE_LIBDIR}) if(BUILD_TESTS) add_subdirectory(test) endif() diff --git a/server/core/CMakeLists.txt b/server/core/CMakeLists.txt index ee01396d8..ead8560d3 100644 --- a/server/core/CMakeLists.txt +++ b/server/core/CMakeLists.txt @@ -18,15 +18,15 @@ if(WITH_TCMALLOC) endif() target_link_libraries(maxscale ${EMBEDDED_LIB} ${PCRE_LINK_FLAGS} ${CURL_LIBRARIES} log_manager utils ssl aio pthread crypt dl crypto inih z rt m stdc++) -install(TARGETS maxscale DESTINATION ${MAXSCALE_EXECUTABLE_INSTALL}) +install(TARGETS maxscale DESTINATION ${MAXSCALE_BINDIR}) add_executable(maxkeys maxkeys.c secrets.c utils.c) target_link_libraries(maxkeys log_manager utils pthread crypt crypto) -install(TARGETS maxkeys DESTINATION ${MAXSCALE_EXECUTABLE_INSTALL}) +install(TARGETS maxkeys DESTINATION ${MAXSCALE_BINDIR}) add_executable(maxpasswd maxpasswd.c secrets.c utils.c) target_link_libraries(maxpasswd log_manager utils pthread crypt crypto) -install(TARGETS maxpasswd DESTINATION ${MAXSCALE_EXECUTABLE_INSTALL}) +install(TARGETS maxpasswd DESTINATION ${MAXSCALE_BINDIR}) if(BUILD_TESTS) add_subdirectory(test) diff --git a/server/core/gateway.c b/server/core/gateway.c index 6b55b2661..a4901ec23 100644 --- a/server/core/gateway.c +++ b/server/core/gateway.c @@ -131,7 +131,7 @@ static char pidfile[PATH_MAX+1] = ""; static char* configdir = NULL; static char* logdir = NULL; -static char* moduledir = NULL; +static char* libdir = NULL; static char* cachedir = NULL; static char* langdir = NULL; /** @@ -158,7 +158,7 @@ static struct option long_options[] = { {"logdir", required_argument, 0, 'L'}, {"datadir", required_argument, 0, 'D'}, {"configdir",required_argument, 0, 'C'}, - {"moduledir",required_argument, 0, 'B'}, + {"libdir",required_argument, 0, 'B'}, {"cachedir",required_argument, 0, 'A'}, {"language",required_argument, 0, 'N'}, {"syslog", required_argument, 0, 's'}, @@ -204,9 +204,9 @@ static char* check_dir_access(char* dirname,bool,bool); * Get the directory with all the modules. * @return The module directory */ -char* get_moduledir() +char* get_libdir() { - return moduledir; + return libdir; } /** * Handler for SIGHUP signal. Reload the configuration for the @@ -1029,7 +1029,7 @@ static void usage(void) " (default: /var/lib/maxscale)\n" " -C|--configdir=... path to configuration file directory\n" " (default: /etc/)\n" - " -B|--moduledir=... path to module directory\n" + " -B|--libdir=... path to module directory\n" " (default: /var/lib/maxscale)\n" " -A|--cachedir=... path to cache directory\n" " (default: /var/cache/maxscale)\n" @@ -1274,7 +1274,7 @@ int main(int argc, char **argv) case 'B': if(handle_path_arg(&tmp_path,optarg,NULL,true,false)) { - moduledir = tmp_path; + libdir = tmp_path; } break; case 'A': @@ -1742,8 +1742,8 @@ int main(int argc, char **argv) cachedir = strdup(default_cachedir); if(langdir == NULL) langdir = strdup(default_langdir); - if(moduledir == NULL) - moduledir = strdup(default_moduledir); + if(libdir == NULL) + libdir = strdup(default_libdir); /** * Set a data directory for the mysqld library, we use * a unique directory name to avoid clauses if multiple @@ -1785,7 +1785,7 @@ int main(int argc, char **argv) cnf_file_path, logdir, datadir, - moduledir, + libdir, cachedir); } @@ -1807,7 +1807,7 @@ int main(int argc, char **argv) LOGIF(LM, (skygw_log_write_flush(LOGFILE_MESSAGE, "Module directory: %s", - moduledir))); + libdir))); LOGIF(LM, (skygw_log_write_flush(LOGFILE_MESSAGE, "Service cache: %s", @@ -1882,8 +1882,8 @@ int main(int argc, char **argv) } libmysqld_started = TRUE; - if(moduledir == NULL) - moduledir = strdup(default_moduledir); + if(libdir == NULL) + libdir = strdup(default_libdir); if (!config_load(cnf_file_path)) { @@ -2179,10 +2179,10 @@ static int cnf_preparser(void* data, const char* section, const char* name, cons if(logdir == NULL) handle_path_arg(&logdir,(char*)value,NULL,true,true); } - else if(strcmp(name, "moduledir") == 0) + else if(strcmp(name, "libdir") == 0) { - if(moduledir == NULL) - handle_path_arg(&moduledir,(char*)value,NULL,true,false); + if(libdir == NULL) + handle_path_arg(&libdir,(char*)value,NULL,true,false); } else if(strcmp(name, "datadir") == 0) { diff --git a/server/core/load_utils.c b/server/core/load_utils.c index c1ae57a3e..9451f6838 100644 --- a/server/core/load_utils.c +++ b/server/core/load_utils.c @@ -147,7 +147,7 @@ MODULE_INFO *mod_info = NULL; if (access(fname, F_OK) == -1) { - snprintf(fname, MAXPATHLEN+1,"%s/lib%s.so", get_moduledir(), module); + snprintf(fname, MAXPATHLEN+1,"%s/lib%s.so", get_libdir(), module); if (access(fname, F_OK) == -1) { @@ -155,7 +155,7 @@ MODULE_INFO *mod_info = NULL; LOGFILE_ERROR, "Error : Unable to find library for " "module: %s. Module dir: %s", - module, get_moduledir()))); + module, get_libdir()))); return NULL; } } diff --git a/server/core/service.c b/server/core/service.c index 9455921b7..bd22117ec 100644 --- a/server/core/service.c +++ b/server/core/service.c @@ -113,7 +113,7 @@ SERVICE *service; return NULL; if ((service->router = load_module(router, MODULE_ROUTER)) == NULL) { - char* home = get_moduledir(); + char* home = get_libdir(); char* ldpath = getenv("LD_LIBRARY_PATH"); LOGIF(LE, (skygw_log_write_flush( diff --git a/server/include/gw.h b/server/include/gw.h index 64db00204..e210fcfa2 100644 --- a/server/include/gw.h +++ b/server/include/gw.h @@ -25,7 +25,7 @@ static const char* default_cnf_fname = "MaxScale.cnf"; static const char* default_configdir = "/etc/"; static const char* default_logdir = "/var/log/maxscale/"; static const char* default_datadir = "/var/cache/maxscale/"; -static const char* default_moduledir = "/lib64/maxscale/"; +static const char* default_libdir = "/lib64/maxscale/"; static const char* default_cachedir = "/var/cache/maxscale/"; static const char* default_langdir = "/usr/share/mysql/english/"; /*< This is where the MariaDB * server installs errmsg.sys */ @@ -77,5 +77,5 @@ int gw_write(DCB *dcb, const void *buf, size_t nbytes); int gw_getsockerrno(int fd); int parse_bindconfig(char *, unsigned short, struct sockaddr_in *); int setipaddress(struct in_addr *, char *); -char* get_moduledir(); +char* get_libdir(); #endif diff --git a/server/modules/filter/CMakeLists.txt b/server/modules/filter/CMakeLists.txt index 77ebc7d0c..6bf6a5daa 100644 --- a/server/modules/filter/CMakeLists.txt +++ b/server/modules/filter/CMakeLists.txt @@ -3,48 +3,48 @@ if(BUILD_RABBITMQ) include_directories(${RABBITMQ_HEADERS}) add_library(mqfilter SHARED mqfilter.c) target_link_libraries(mqfilter query_classifier log_manager utils ${RABBITMQ_LIBRARIES}) - install(TARGETS mqfilter DESTINATION ${MAXSCALE_MODULE_INSTALL}) + install(TARGETS mqfilter DESTINATION ${MAXSCALE_LIBDIR}) endif() add_library(regexfilter SHARED regexfilter.c) target_link_libraries(regexfilter log_manager utils) -install(TARGETS regexfilter DESTINATION ${MAXSCALE_MODULE_INSTALL}) +install(TARGETS regexfilter DESTINATION ${MAXSCALE_LIBDIR}) add_library(testfilter SHARED testfilter.c) target_link_libraries(testfilter log_manager utils) -install(TARGETS testfilter DESTINATION ${MAXSCALE_MODULE_INSTALL}) +install(TARGETS testfilter DESTINATION ${MAXSCALE_LIBDIR}) add_library(qlafilter SHARED qlafilter.c) target_link_libraries(qlafilter log_manager utils) -install(TARGETS qlafilter DESTINATION ${MAXSCALE_MODULE_INSTALL}) +install(TARGETS qlafilter DESTINATION ${MAXSCALE_LIBDIR}) add_library(tee SHARED tee.c) target_link_libraries(tee log_manager utils) -install(TARGETS tee DESTINATION ${MAXSCALE_MODULE_INSTALL}) +install(TARGETS tee DESTINATION ${MAXSCALE_LIBDIR}) add_library(topfilter SHARED topfilter.c) target_link_libraries(topfilter log_manager utils) -install(TARGETS topfilter DESTINATION ${MAXSCALE_MODULE_INSTALL}) +install(TARGETS topfilter DESTINATION ${MAXSCALE_LIBDIR}) add_library(dbfwfilter SHARED dbfwfilter.c) target_link_libraries(dbfwfilter log_manager utils query_classifier) -install(TARGETS dbfwfilter DESTINATION ${MAXSCALE_MODULE_INSTALL}) +install(TARGETS dbfwfilter DESTINATION ${MAXSCALE_LIBDIR}) add_library(namedserverfilter SHARED namedserverfilter.c) target_link_libraries(namedserverfilter log_manager utils) -install(TARGETS namedserverfilter DESTINATION ${MAXSCALE_MODULE_INSTALL}) +install(TARGETS namedserverfilter DESTINATION ${MAXSCALE_LIBDIR}) if(BUILD_SLAVELAG) add_library(slavelag SHARED slavelag.c) target_link_libraries(slavelag log_manager utils query_classifier) - install(TARGETS slavelag DESTINATION ${MAXSCALE_MODULE_INSTALL}) + install(TARGETS slavelag DESTINATION ${MAXSCALE_LIBDIR}) endif() if(BUILD_TOOLS) add_executable(ruleparser dbfwfilter.c) target_compile_definitions(ruleparser PUBLIC "BUILD_RULE_PARSER") target_link_libraries(ruleparser ${EMBEDDED_LIB} log_manager utils query_classifier fullcore) - install(TARGETS ruleparser DESTINATION tools) + install(TARGETS ruleparser DESTINATION ${MAXSCALE_BINDIR}) endif() add_subdirectory(hint) diff --git a/server/modules/filter/hint/CMakeLists.txt b/server/modules/filter/hint/CMakeLists.txt index ecc3cbb85..c2d5e9ea1 100644 --- a/server/modules/filter/hint/CMakeLists.txt +++ b/server/modules/filter/hint/CMakeLists.txt @@ -1,4 +1,4 @@ add_library(hintfilter SHARED hintfilter.c hintparser.c) -set_target_properties(hintfilter PROPERTIES INSTALL_RPATH ${CMAKE_INSTALL_RPATH}:${CMAKE_INSTALL_PREFIX}/lib) +set_target_properties(hintfilter PROPERTIES INSTALL_RPATH ${CMAKE_INSTALL_RPATH}:${MAXSCALE_LIBDIR}) target_link_libraries(hintfilter ssl log_manager utils) -install(TARGETS hintfilter DESTINATION ${MAXSCALE_MODULE_INSTALL}) +install(TARGETS hintfilter DESTINATION ${MAXSCALE_LIBDIR}) diff --git a/server/modules/monitor/CMakeLists.txt b/server/modules/monitor/CMakeLists.txt index 74a6f2870..b4d641934 100644 --- a/server/modules/monitor/CMakeLists.txt +++ b/server/modules/monitor/CMakeLists.txt @@ -1,16 +1,16 @@ add_library(mysqlmon SHARED mysql_mon.c) target_link_libraries(mysqlmon log_manager utils) -install(TARGETS mysqlmon DESTINATION ${MAXSCALE_MODULE_INSTALL}) +install(TARGETS mysqlmon DESTINATION ${MAXSCALE_LIBDIR}) add_library(galeramon SHARED galera_mon.c) target_link_libraries(galeramon log_manager utils) -install(TARGETS galeramon DESTINATION ${MAXSCALE_MODULE_INSTALL}) +install(TARGETS galeramon DESTINATION ${MAXSCALE_LIBDIR}) add_library(ndbclustermon SHARED ndbcluster_mon.c) target_link_libraries(ndbclustermon log_manager utils) -install(TARGETS ndbclustermon DESTINATION ${MAXSCALE_MODULE_INSTALL}) +install(TARGETS ndbclustermon DESTINATION ${MAXSCALE_LIBDIR}) if(BUILD_MMMON) add_library(mmmon SHARED mm_mon.c) target_link_libraries(mmmon log_manager utils) - install(TARGETS mmmon DESTINATION ${MAXSCALE_MODULE_INSTALL}) + install(TARGETS mmmon DESTINATION ${MAXSCALE_LIBDIR}) endif() diff --git a/server/modules/protocol/CMakeLists.txt b/server/modules/protocol/CMakeLists.txt index 488f2e4b6..4ae3b8f2c 100644 --- a/server/modules/protocol/CMakeLists.txt +++ b/server/modules/protocol/CMakeLists.txt @@ -1,27 +1,27 @@ add_library(MySQLClient SHARED mysql_client.c mysql_common.c) target_link_libraries(MySQLClient log_manager utils) -install(TARGETS MySQLClient DESTINATION ${MAXSCALE_MODULE_INSTALL}) +install(TARGETS MySQLClient DESTINATION ${MAXSCALE_LIBDIR}) add_library(MySQLBackend SHARED mysql_backend.c mysql_common.c) target_link_libraries(MySQLBackend log_manager utils) -install(TARGETS MySQLBackend DESTINATION ${MAXSCALE_MODULE_INSTALL}) +install(TARGETS MySQLBackend DESTINATION ${MAXSCALE_LIBDIR}) add_library(telnetd SHARED telnetd.c) target_link_libraries(telnetd log_manager utils) -install(TARGETS telnetd DESTINATION ${MAXSCALE_MODULE_INSTALL}) +install(TARGETS telnetd DESTINATION ${MAXSCALE_LIBDIR}) add_library(HTTPD SHARED httpd.c) target_link_libraries(HTTPD log_manager utils) -install(TARGETS HTTPD DESTINATION ${MAXSCALE_MODULE_INSTALL}) +install(TARGETS HTTPD DESTINATION ${MAXSCALE_LIBDIR}) if(BUILD_TESTS) add_library(testprotocol SHARED testprotocol.c) - install(TARGETS testprotocol DESTINATION ${MAXSCALE_MODULE_INSTALL}) + install(TARGETS testprotocol DESTINATION ${MAXSCALE_LIBDIR}) endif() add_library(maxscaled SHARED maxscaled.c) target_link_libraries(maxscaled log_manager utils) -install(TARGETS maxscaled DESTINATION ${MAXSCALE_MODULE_INSTALL}) +install(TARGETS maxscaled DESTINATION ${MAXSCALE_LIBDIR}) diff --git a/server/modules/routing/CMakeLists.txt b/server/modules/routing/CMakeLists.txt index b73edfa8c..2933e5ec8 100644 --- a/server/modules/routing/CMakeLists.txt +++ b/server/modules/routing/CMakeLists.txt @@ -2,28 +2,28 @@ if(BUILD_TESTS) add_subdirectory(test) add_library(testroute SHARED testroute.c) target_link_libraries(testroute log_manager utils) - install(TARGETS testroute DESTINATION ${MAXSCALE_MODULE_INSTALL}) + install(TARGETS testroute DESTINATION ${MAXSCALE_LIBDIR}) endif() add_library(schemarouter SHARED schemarouter/schemarouter.c) target_link_libraries(schemarouter log_manager utils query_classifier) -install(TARGETS schemarouter DESTINATION ${MAXSCALE_MODULE_INSTALL}) +install(TARGETS schemarouter DESTINATION ${MAXSCALE_LIBDIR}) add_library(shardrouter SHARED schemarouter/shardrouter.c) target_link_libraries(shardrouter log_manager utils query_classifier) -install(TARGETS shardrouter DESTINATION ${MAXSCALE_MODULE_INSTALL}) +install(TARGETS shardrouter DESTINATION ${MAXSCALE_LIBDIR}) add_library(readconnroute SHARED readconnroute.c) target_link_libraries(readconnroute log_manager utils) -install(TARGETS readconnroute DESTINATION ${MAXSCALE_MODULE_INSTALL}) +install(TARGETS readconnroute DESTINATION ${MAXSCALE_LIBDIR}) add_library(debugcli SHARED debugcli.c debugcmd.c) target_link_libraries(debugcli log_manager utils) -install(TARGETS debugcli DESTINATION ${MAXSCALE_MODULE_INSTALL}) +install(TARGETS debugcli DESTINATION ${MAXSCALE_LIBDIR}) add_library(cli SHARED cli.c debugcmd.c) target_link_libraries(cli log_manager utils) -install(TARGETS cli DESTINATION ${MAXSCALE_MODULE_INSTALL}) +install(TARGETS cli DESTINATION ${MAXSCALE_LIBDIR}) add_subdirectory(readwritesplit) add_subdirectory(schemarouter/test) diff --git a/server/modules/routing/binlog/CMakeLists.txt b/server/modules/routing/binlog/CMakeLists.txt index 9fcd8536e..9a0c245de 100644 --- a/server/modules/routing/binlog/CMakeLists.txt +++ b/server/modules/routing/binlog/CMakeLists.txt @@ -1,4 +1,4 @@ add_library(binlogrouter SHARED blr.c blr_master.c blr_cache.c blr_slave.c blr_file.c) -set_target_properties(binlogrouter PROPERTIES INSTALL_RPATH ${CMAKE_INSTALL_RPATH}:${MAXSCALE_MODULE_INSTALL}:${MAXSCALE_LIBRARY_INSTALL}) +set_target_properties(binlogrouter PROPERTIES INSTALL_RPATH ${CMAKE_INSTALL_RPATH}:${MAXSCALE_LIBDIR}) target_link_libraries(binlogrouter ssl pthread log_manager) -install(TARGETS binlogrouter DESTINATION ${MAXSCALE_MODULE_INSTALL}) +install(TARGETS binlogrouter DESTINATION ${MAXSCALE_LIBDIR}) diff --git a/server/modules/routing/maxinfo/CMakeLists.txt b/server/modules/routing/maxinfo/CMakeLists.txt index 2585f2a2a..8e07a34a7 100644 --- a/server/modules/routing/maxinfo/CMakeLists.txt +++ b/server/modules/routing/maxinfo/CMakeLists.txt @@ -1,4 +1,4 @@ add_library(maxinfo SHARED maxinfo.c maxinfo_parse.c maxinfo_error.c maxinfo_exec.c) -set_target_properties(maxinfo PROPERTIES INSTALL_RPATH ${CMAKE_INSTALL_RPATH}:${MAXSCALE_MODULE_INSTALL}:MAXSCALE_LIBRARY_INSTALL) +set_target_properties(maxinfo PROPERTIES INSTALL_RPATH ${CMAKE_INSTALL_RPATH}:${MAXSCALE_LIBDIR}) target_link_libraries(maxinfo pthread log_manager) -install(TARGETS maxinfo DESTINATION ${MAXSCALE_MODULE_INSTALL}) +install(TARGETS maxinfo DESTINATION ${MAXSCALE_LIBDIR}) diff --git a/server/modules/routing/readwritesplit/CMakeLists.txt b/server/modules/routing/readwritesplit/CMakeLists.txt index fe56582dc..c7e387290 100644 --- a/server/modules/routing/readwritesplit/CMakeLists.txt +++ b/server/modules/routing/readwritesplit/CMakeLists.txt @@ -1,6 +1,6 @@ add_library(readwritesplit SHARED readwritesplit.c) target_link_libraries(readwritesplit ssl pthread log_manager utils query_classifier) -install(TARGETS readwritesplit DESTINATION ${MAXSCALE_MODULE_INSTALL}) +install(TARGETS readwritesplit DESTINATION ${MAXSCALE_LIBDIR}) if(BUILD_TESTS) add_subdirectory(test) endif() From c500d23d04b2566d6acecc4b6ee777540752b1f0 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Mon, 27 Apr 2015 04:48:50 +0300 Subject: [PATCH 006/119] Moved default file search paths to gwdirs.h which is configured by CMake from gwdirs.h.in. --- CMakeLists.txt | 21 +-- Documentation/About/SETUP.md | 32 ++--- .../Getting-Started/Configuration-Guide.md | 8 +- .../Getting-Started-With-MaxScale.md | 6 +- .../Tutorials/Administration-Tutorial.md | 4 +- ...era-Cluster-Connection-Routing-Tutorial.md | 2 +- ...a-Cluster-Read-Write-Splitting-Tutorial.md | 2 +- .../Tutorials/MaxScale-Information-Schema.md | 53 +++++++- ...Replication-Connection-Routing-Tutorial.md | 121 +++++++----------- ...plication-Read-Write-Splitting-Tutorial.md | 2 +- ...eplication-Proxy-Binlog-Router-Tutorial.md | 2 +- Documentation/filters/Query-Log-All-Filter.md | 2 +- Documentation/filters/RabbitMQ-Filter.md | 2 +- Documentation/filters/Regex-Filter.md | 2 +- Documentation/filters/Tee-Filter.md | 2 +- Documentation/filters/Top-N-Filter.md | 2 +- cmake/install_layout.cmake | 20 +-- server/core/gateway.c | 71 +--------- server/include/gw.h | 32 +++-- server/include/gwdirs.h.in | 33 +++++ 20 files changed, 198 insertions(+), 221 deletions(-) create mode 100644 server/include/gwdirs.h.in diff --git a/CMakeLists.txt b/CMakeLists.txt index ba669131c..564cb43a5 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -6,23 +6,28 @@ endif() message(STATUS "CMake version: ${CMAKE_VERSION}") - include(${CMAKE_SOURCE_DIR}/cmake/macros.cmake) - -# Set the installation layout -set(INSTALL_LAYOUT "STANDALONE" CACHE STRING "Install layout, options are: STANDALONE, RPM, DEB") -include(${CMAKE_SOURCE_DIR}/cmake/install_layout.cmake) - enable_testing() + +set(INSTALL_LAYOUT "STANDALONE" CACHE STRING "Install layout, options are: STANDALONE, RPM, DEB") +if(${INSTALL_LAYOUT} MATCHES "STANDALONE") + set(CMAKE_INSTALL_PREFIX "/usr/local/mariadb-maxscale" CACHE PATH "Prefix prepended to install directories.") +else() + set(CMAKE_INSTALL_PREFIX "/usr" CACHE PATH "Prefix prepended to install directories.") +endif() + +# Set default values for cache entries and set the MaxScale version set_variables() set_maxscale_version() set(CMAKE_BUILD_TYPE "RelWithDebInfo" CACHE STRING "Choose the type of build, options are: None(CMAKE_CXX_FLAGS or CMAKE_C_FLAGS used) Debug Release RelWithDebInfo MinSizeRel.") - set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/cmake") project(MaxScale) +# Set the installation layout +include(${CMAKE_SOURCE_DIR}/cmake/install_layout.cmake) + #Do the platform check include(cmake/CheckPlatform.cmake) @@ -51,10 +56,10 @@ if(${MAXSCALE_VERSION} MATCHES "-stable") message(FATAL_ERROR "Could not find the release notes for this stable release: ${MAXSCALE_VERSION_NUMERIC}") endif() endif() -set(CMAKE_INSTALL_RPATH ${CMAKE_INSTALL_RPATH}:${CMAKE_INSTALL_PREFIX}/${MAXSCALE_MODULE_INSTALL}:${CMAKE_INSTALL_PREFIX}/${MAXSCALE_LIBRARY_INSTALL}) file(MAKE_DIRECTORY ${CMAKE_BINARY_DIR}/server/include) configure_file(${CMAKE_SOURCE_DIR}/server/include/version.h.in ${CMAKE_BINARY_DIR}/server/include/version.h) +configure_file(${CMAKE_SOURCE_DIR}/server/include/gwdirs.h.in ${CMAKE_BINARY_DIR}/server/include/gwdirs.h) configure_file(${CMAKE_SOURCE_DIR}/server/test/maxscale_test.h.in ${CMAKE_BINARY_DIR}/server/include/maxscale_test.h) configure_file(${CMAKE_SOURCE_DIR}/etc/postinst.in ${CMAKE_BINARY_DIR}/postinst) configure_file(${CMAKE_SOURCE_DIR}/etc/postrm.in ${CMAKE_BINARY_DIR}/postrm) diff --git a/Documentation/About/SETUP.md b/Documentation/About/SETUP.md index 2be316a4d..9cb5dd11b 100644 --- a/Documentation/About/SETUP.md +++ b/Documentation/About/SETUP.md @@ -1,37 +1,25 @@ Installation and startup Untar the binary distribution in the desired location, -e.g. /usr/local/mariadb +e.g. /usr/local/mariadb-maxscale Alternatively build from the source code using the instructions -in the README file and execute make install. +in the [Building MaxScale from Source Code](../Getting-Started/Building-MaxScale-from-Source-Code.md) document. -Simply set the environment variable MAXSCALE_HOME to point to the -MaxScale directory, found inside the path into which the files have been copied, -e.g. MAXSCALE_HOME=/usr/local/mariadb-maxscale - -Also you will need to optionally set LD_LIBRARY_PATH to include the 'lib' folder, -found inside the path into which the files have been copied, -e.g. LD_LIBRARY_PATH=/usr/local/mariadb-maxscale/lib - -Because we need the libmysqld library for parsing we must create a -valid my.cnf file to enable the library to be used. Copy the my.cnf -to $MAXSCALE_HOME/mysql/my.cnf. - -To start MaxScale execute the command 'maxscale' from the bin folder, -e.g. /usr/local/mariadb-maxscale/bin/maxscale +You can start MaxScale using `service maxscale start` or `systemctl start maxscale` if you installed the init.d scripts +or by manually starting the process from the bin folder of the installation directory. Configuration -You need to edit the file MaxScale.cnf in $MAXSCALE_HOME/etc, you should -define the set of server definitions you require, with the addresses -and ports of those servers. Also define the listening ports for your -various services. +You need to create or edit the MaxScale.cnf file in the /etc folder. +Define the services you wish to provide, the set of server definitions +you require, with the addresses and ports of those servers and also +define the listening ports for your various services. -In order to view the internal activity of the gateway you can telnet to +In order to view the internal activity of MaxScale you can either use +the maxadmin client interface with the cli routing module or telnet to the port defined for the telnet listener. Initially you may login with the user name of "admin" and the password "mariadb". Once connected type help for an overview of the commands and help for the more detailed help on commands. Use the add user command to add a new user, this will also remove the admin/mariadb user. - diff --git a/Documentation/Getting-Started/Configuration-Guide.md b/Documentation/Getting-Started/Configuration-Guide.md index 5ce081a82..81d3c90e2 100644 --- a/Documentation/Getting-Started/Configuration-Guide.md +++ b/Documentation/Getting-Started/Configuration-Guide.md @@ -27,11 +27,9 @@ connection failover| When a connection currently being used between MaxScale and The MaxScale configuration is read from a file which can be located in a number of placing, MaxScale will search for the configuration file in a number of locations. -1. If the environment variable `MAXSCALE_HOME` is set then MaxScale will look for a configuration file called `MaxScale.cnf` in the directory `$MAXSCALE_HOME/etc`. +1. Location given with the --configdir= command line argument -2. If `MAXSCALE_HOME` is not set or the configuration file is not in the location above MaxScale will look for a file in `/etc/MaxScale.cnf`. - -Alternatively MaxScale can be started with the `-c` flag and the path of the MaxScale home directory tree. +2. MaxScale will look for a configuration file called `MaxScale.cnf` in the directory `/etc/MaxScale.cnf` An explicit path to a configuration file can be passed by using the `-f` option to MaxScale. @@ -524,7 +522,7 @@ Default value is `2`. Write Timeout is the timeout in seconds for each attempt t ## Protocol Modules -The protocols supported by MaxScale are implemented as external modules that are loaded dynamically into the MaxScale core. These modules reside in the directory `$MAXSCALE_HOME/modules`, if the environment variable `$MAXSCALE_HOME` is not set it defaults to `/usr/local/mariadb-maxscale`. It may also be set by passing the `-c` option on the MaxScale command line. +The protocols supported by MaxScale are implemented as external modules that are loaded dynamically into the MaxScale core. These modules reside in the directory `/usr/lib64/maxscale`. The location can be overridden with the `libdir=PATH` parameter under the `[maxscale]` section. It may also be set by passing the `-B PATH` or `--libdir=PATH` option on the MaxScale command line. ### MySQLClient diff --git a/Documentation/Getting-Started/Getting-Started-With-MaxScale.md b/Documentation/Getting-Started/Getting-Started-With-MaxScale.md index 24ee54b22..6b84d8d58 100644 --- a/Documentation/Getting-Started/Getting-Started-With-MaxScale.md +++ b/Documentation/Getting-Started/Getting-Started-With-MaxScale.md @@ -62,11 +62,9 @@ shared objects that are loaded on demand. In order for MaxScale to find these modules it will search using a predescribed search path. The rules are: 1. Look in the current directory for the module - 2. Look in $MAXSCALE_HOME/modules - 3. Look in /usr/local/mariadb-maxscale/modules - -Configuration is read by default from the file $MAXSCALE_HOME/etc/MaxScale.cnf, /etc/MaxScale.cnf. An example file is included in in the installation and can be found in the etc/ folder within the MaxScale installation. The default value of MAXSCALE_HOME can be overridden by using the -c flag on the command line. This should be immediately followed by the path to the MaxScale home directory. The -f flag can be used on the command line to set the name and the location of the configuration file. Without path expression the file is read from \$MAXSCALE_HOME/etc directory. + 2. Look in /usr/lib64/maxscale +Configuration is read by default from the file /etc/MaxScale.cnf. An example file is included in in the installation and can be found in the /usr/share/maxscale folder within the MaxScale installation. The -f flag can be used on the command line to set the name and the location of the configuration file. Without path expression the file is read from the /etc directory. ## Administration Of MaxScale diff --git a/Documentation/Tutorials/Administration-Tutorial.md b/Documentation/Tutorials/Administration-Tutorial.md index 929850eb5..894f89f94 100644 --- a/Documentation/Tutorials/Administration-Tutorial.md +++ b/Documentation/Tutorials/Administration-Tutorial.md @@ -45,7 +45,7 @@ Options may be passed to the MaxScale binary that alter this default behavior, t -f --config= - Use the filename passed as an argument instead of looking in $MAXSCALE_HOME/etc/MaxScale.cnf + Use the filename passed as an argument instead of looking in /etc/MaxScale.cnf -l| @@ -79,7 +79,7 @@ or MaxScale will also stop gracefully if it received a hangup signal, to find the process id of the MaxScale server use the ps command or read the contents of the maxscale.pid file located in the same directory as the logs. - $ kill -HUP `cat $MAXSCALE_HOME/log/maxscale.pid` + $ kill -HUP `cat /log/maxscale.pid` In order to shutdown MaxScale using the maxadmin command you may either connect with maxadmin in interactive mode or pass the "shutdown maxscale" command you wish to execute as an argument to maxadmin. diff --git a/Documentation/Tutorials/Galera-Cluster-Connection-Routing-Tutorial.md b/Documentation/Tutorials/Galera-Cluster-Connection-Routing-Tutorial.md index d75c6162a..d58ebc32c 100644 --- a/Documentation/Tutorials/Galera-Cluster-Connection-Routing-Tutorial.md +++ b/Documentation/Tutorials/Galera-Cluster-Connection-Routing-Tutorial.md @@ -60,7 +60,7 @@ If you wish to use two different usernames for the two different roles of monito ### Creating Your MaxScale Configuration -MaxScale configuration is held in an ini file that is located in the file MaxScale.cnf in the directory $MAXSCALE_HOME/etc, if you have installed in the default location then this file is available in /usr/local/mariadb-maxscale/etc/MaxScale.cnf. This is not created as part of the installation process and must be manually created. A template file does exist within this directory that may be use as a basis for your configuration. +MaxScale configuration is held in an ini file that is located in the file MaxScale.cnf in the directory /etc, if you have installed in the default location then this file is available in /usr/local/mariadb-maxscale/etc/MaxScale.cnf. This is not created as part of the installation process and must be manually created. A template file does exist within this directory that may be use as a basis for your configuration. A global, maxscale, section is included within every MaxScale configuration file; this is used to set the values of various MaxScale wide parameters, perhaps the most important of these is the number of threads that MaxScale will use to execute the code that forwards requests and handles responses for clients. diff --git a/Documentation/Tutorials/Galera-Cluster-Read-Write-Splitting-Tutorial.md b/Documentation/Tutorials/Galera-Cluster-Read-Write-Splitting-Tutorial.md index df57e9390..8717591d8 100644 --- a/Documentation/Tutorials/Galera-Cluster-Read-Write-Splitting-Tutorial.md +++ b/Documentation/Tutorials/Galera-Cluster-Read-Write-Splitting-Tutorial.md @@ -62,7 +62,7 @@ If you wish to use two different usernames for the two different roles of monito ### Creating Your MaxScale Configuration -MaxScale configuration is held in an ini file that is located in the file MaxScale.cnf in the directory $MAXSCALE_HOME/etc, if you have installed in the default location then this file is available in /usr/local/mariadb-maxscale/etc/MaxScale.cnf. This is not created as part of the installation process and must be manually created. A template file does exist within this directory that may be use as a basis for your configuration. +MaxScale configuration is held in an ini file that is located in the file MaxScale.cnf in the directory /etc, if you have installed in the default location then this file is available in /usr/local/mariadb-maxscale/etc/MaxScale.cnf. This is not created as part of the installation process and must be manually created. A template file does exist within this directory that may be use as a basis for your configuration. A global, maxscale, section is included within every MaxScale configuration file; this is used to set the values of various MaxScale wide parameters, perhaps the most important of these is the number of threads that MaxScale will use to execute the code that forwards requests and handles responses for clients. diff --git a/Documentation/Tutorials/MaxScale-Information-Schema.md b/Documentation/Tutorials/MaxScale-Information-Schema.md index c8ce5c08a..9872556b3 100644 --- a/Documentation/Tutorials/MaxScale-Information-Schema.md +++ b/Documentation/Tutorials/MaxScale-Information-Schema.md @@ -11,48 +11,59 @@ The service entry needs to define the service name, the type as service and the The specified user, with the password (plain or encrypted via maxpassword utility) is allowed to connect via MySQL protocol. Currently the user can connect to maxinfo from any remote IP and to localhost as well. +``` [MaxInfo] type=service router=maxinfo user=monitor passwd=EBD2F49C3B375812A8CDEBA632ED8BBC +``` The listener section defines the protocol, port and other information needed to create a listener for the service. To listen on a port using the MySQL protocol a section as shown below should be added to the configuration file. +``` [MaxInfo Listener] type=listener service=MaxInfo protocol=MySQLClient port=9003 +``` To listen with the HTTP protocol and hence return JSON documents a section as should below is required. +``` [MaxInfo JSON Listener] type=listener service=MaxInfo protocol=HTTPD port=8003 +``` + If both the MySQL and JSON responses are required then a single service can be configured with both types of listener. As with any other listeners within MaxScale the listeners can be bound to a particular interface by use of the address= parameter. This allows the access to the maxinfo data to be limited to the localhost by adding an address=localhost parameter in the configuration file. +``` [MaxInfo Listener] type=listener service=MaxInfo protocol=MySQLClient address=localhost port=9003 +``` # MySQL Interface to maxinfo The maxinfo supports a small subset of SQL statements in addition to the MySQL status and ping requests. These may be used for simple monitoring of MaxScale. +``` % mysqladmin -hmaxscale.mariadb.com -P9003 -umonitor -pxyz ping mysqld is alive % mysqladmin -hmaxscale.mariadb.com -P9003 -umonitor -pxyz status Uptime: 72 Threads: 1 Sessions: 11 % +``` The SQL command used to interact with maxinfo is the show command, a variety of show commands are available and will be described in the following sections. @@ -60,6 +71,7 @@ The SQL command used to interact with maxinfo is the show command, a variety of The show variables command will display a set of name and value pairs for a number of MaxScale system variables. +``` mysql> show variables; +--------------------+-------------------------+ | Variable_name | Value | @@ -77,9 +89,11 @@ The show variables command will display a set of name and value pairs for a numb 9 rows in set (0.02 sec) mysql> +``` The show variables command can also accept a limited like clause. This like clause must either be a literal string to match, a pattern starting with a %, a pattern ending with a % or a string with a % at both the start and the end. +``` mysql> show variables like 'version'; +---------------+----------------+ | Variable_name | Value | @@ -116,11 +130,13 @@ The show variables command can also accept a limited like clause. This like clau 3 rows in set (0.02 sec) mysql> +``` ## Show status The show status command displays a set of status counters, as with show variables the show status command can be passed a simplified like clause to limit the values returned. +``` mysql> show status; +---------------------------+-------+ | Variable_name | Value | @@ -151,11 +167,13 @@ The show status command displays a set of status counters, as with show variable 22 rows in set (0.02 sec) mysql> +``` ## Show services The show services command will return a set of basic statistics regarding each of the configured services within MaxScale. +``` mysql> show services; +----------------+----------------+--------------+----------------+ | Service Name | Router Module | No. Sessions | Total Sessions | @@ -172,6 +190,7 @@ The show services command will return a set of basic statistics regarding each o 8 rows in set (0.02 sec) mysql> +``` The show services command does not accept a like clause and will ignore any like clause that is given. @@ -179,6 +198,7 @@ The show services command does not accept a like clause and will ignore any like The show listeners command will return a set of status information for every listener defined within the MaxScale configuration file. +``` mysql> show listeners; +----------------+-----------------+-----------+------+---------+ | Service Name | Protocol Module | Address | Port | State | @@ -196,6 +216,7 @@ The show listeners command will return a set of status information for every lis 9 rows in set (0.02 sec) mysql> +``` The show listeners command will ignore any like clause passed to it. @@ -203,6 +224,7 @@ The show listeners command will ignore any like clause passed to it. The show sessions command returns information on every active session within MaxScale. It will ignore any like clause passed to it. +``` mysql> show sessions; +-----------+---------------+----------------+---------------------------+ | Session | Client | Service | State | @@ -222,11 +244,13 @@ The show sessions command returns information on every active session within Max 11 rows in set (0.02 sec) mysql> +``` ## Show clients The show clients command reports a row for every client application connected to MaxScale. Like clauses are not available of the show clients command. +``` mysql> show clients; +-----------+---------------+---------+---------------------------+ | Session | Client | Service | State | @@ -237,11 +261,13 @@ The show clients command reports a row for every client application connected to 2 rows in set (0.02 sec) mysql> +``` ## Show servers The show servers command returns data for each backend server configured within the MaxScale configuration file. This data includes the current number of connections MaxScale has to that server and the state of that server as monitored by MaxScale. +``` mysql> show servers; +---------+-----------+------+-------------+---------+ | Server | Address | Port | Connections | Status | @@ -254,11 +280,13 @@ The show servers command returns data for each backend server configured within 4 rows in set (0.02 sec) mysql> +``` ## Show modules The show modules command reports the information on the modules currently loaded into MaxScale. This includes the name type and version of each module. It also includes the API version the module has been written against and the current release status of the module. +``` mysql> show modules; +----------------+-------------+---------+-------------+----------------+ | Module Name | Module Type | Version | API Version | Status | @@ -277,12 +305,13 @@ The show modules command reports the information on the modules currently loaded 10 rows in set (0.02 sec) mysql> - +``` ## Show monitors The show monitors command reports each monitor configured within the system and the state of that monitor. +``` mysql> show monitors; +---------------+---------+ | Monitor | Status | @@ -292,12 +321,13 @@ The show monitors command reports each monitor configured within the system and 1 row in set (0.02 sec) mysql> - +``` ## Show eventTimes The show eventTimes command returns a table of statistics that reflect the performance of the event queuing and execution portion of the MaxScale core. +``` mysql> show eventTimes; +---------------+-------------------+---------------------+ | Duration | No. Events Queued | No. Events Executed | @@ -336,6 +366,7 @@ The show eventTimes command returns a table of statistics that reflect the perfo 30 rows in set (0.02 sec) mysql> +``` Each row represents a time interval, in 100ms increments, with the counts representing the number of events that were in the event queue for the length of time that row represents and the number of events that were executing of the time indicated by the row. @@ -347,6 +378,7 @@ The simplified JSON interface takes the URL of the request made to maxinfo and m The /variables URL will return the MaxScale variables, these variables can not be filtered via this interface. +``` $ curl http://maxscale.mariadb.com:8003/variables [ { "Variable_name" : "version", "Value" : "1.0.6-unstable"}, { "Variable_name" : "version_comment", "Value" : "MariaDB MaxScale"}, @@ -358,11 +390,13 @@ The /variables URL will return the MaxScale variables, these variables can not b { "Variable_name" : "MAXSCALE_UPTIME", "Value" : 3948}, { "Variable_name" : "MAXSCALE_SESSIONS", "Value" : 12}] $ +``` ## Status Use of the /status URI will return the status information that would normally be returned by the show status command. No filtering of the status information is available via this interface +``` $ curl http://maxscale.mariadb.com:8003/status [ { "Variable_name" : "Uptime", "Value" : 3831}, { "Variable_name" : "Uptime_since_flush_status", "Value" : 3831}, @@ -387,11 +421,13 @@ Use of the /status URI will return the status information that would normally be { "Variable_name" : "Max_event_queue_time", "Value" : 0}, { "Variable_name" : "Max_event_execution_time", "Value" : 1}] $ +``` ## Services The /services URI returns the data regarding the services defined within the configuration of MaxScale. Two counters are returned, the current number of sessions attached to this service and the total number connected since the service started. +``` $ curl http://maxscale.mariadb.com:8003/services [ { "Service Name" : "Test Service", "Router Module" : "readconnroute", "No. Sessions" : 1, "Total Sessions" : 1}, { "Service Name" : "Split Service", "Router Module" : "readwritesplit", "No. Sessions" : 1, "Total Sessions" : 1}, @@ -402,11 +438,13 @@ The /services URI returns the data regarding the services defined within the con { "Service Name" : "CLI", "Router Module" : "cli", "No. Sessions" : 1, "Total Sessions" : 1}, { "Service Name" : "MaxInfo", "Router Module" : "maxinfo", "No. Sessions" : 5, "Total Sessions" : 20}] $ +``` ## Listeners The /listeners URI will return a JSON array with one entry per listener, each entry is a JSON object that describes the configuration and state of that listener. +``` $ curl http://maxscale.mariadb.com:8003/listeners [ { "Service Name" : "Test Service", "Protocol Module" : "MySQLClient", "Address" : "*", "Port" : 4006, "State" : "Running"}, { "Service Name" : "Split Service", "Protocol Module" : "MySQLClient", "Address" : "*", "Port" : 4007, "State" : "Running"}, @@ -418,11 +456,13 @@ The /listeners URI will return a JSON array with one entry per listener, each en { "Service Name" : "MaxInfo", "Protocol Module" : "MySQLClient", "Address" : "*", "Port" : 9003, "State" : "Running"}, { "Service Name" : "MaxInfo", "Protocol Module" : "HTTPD", "Address" : "*", "Port" : 8003, "State" : "Running"}] $ +``` ## Modules The /modules URI returns data for each plugin that has been loaded into MaxScale. The plugin name, type and version are returned as is the version of the plugin API that the plugin was built against and the release status of the plugin. +``` $ curl http://maxscale.mariadb.com:8003/modules [ { "Module Name" : "HTTPD", "Module Type" : "Protocol", "Version" : "V1.0.1", "API Version" : "1.0.0", "Status" : "In Development"}, { "Module Name" : "maxscaled", "Module Type" : "Protocol", "Version" : "V1.0.0", "API Version" : "1.0.0", "Status" : "GA"}, @@ -435,11 +475,13 @@ The /modules URI returns data for each plugin that has been loaded into MaxScale { "Module Name" : "cli", "Module Type" : "Router", "Version" : "V1.0.0", "API Version" : "1.0.0", "Status" : "GA"}, { "Module Name" : "maxinfo", "Module Type" : "Router", "Version" : "V1.0.0", "API Version" : "1.0.0", "Status" : "Alpha"}] $ +``` ## Sessions The /sessions URI returns a JSON array with an object for each active session within MaxScale. +``` $ curl http://maxscale.mariadb.com:8003/sessions [ { "Session" : "0x1a8e9a0", "Client" : "80.176.79.245", "Service" : "MaxInfo", "State" : "Session ready for routing"}, { "Session" : "0x1a8e6d0", "Client" : "80.240.130.35", "Service" : "MaxInfo", "State" : "Session ready for routing"}, @@ -453,32 +495,38 @@ The /sessions URI returns a JSON array with an object for each active session wi { "Session" : "0x1a5c530", "Client" : , "Service" : "Split Service", "State" : "Listener Session"}, { "Session" : "0x19ac1c0", "Client" : , "Service" : "Test Service", "State" : "Listener Session"}] $ +``` ## Clients The /clients URI is a limited version of the /sessions, in this case it only returns an entry for a session that represents a client connection. +``` $ curl http://maxscale.mariadb.com:8003/clients [ { "Session" : "0x1a90be0", "Client" : "80.176.79.245", "Service" : "MaxInfo", "State" : "Session ready for routing"}, { "Session" : "0x1a8e9a0", "Client" : "127.0.0.1", "Service" : "MaxInfo", "State" : "Session ready for routing"}, { "Session" : "0x1a8e6d0", "Client" : "80.240.130.35", "Service" : "MaxInfo", "State" : "Session ready for routing"}] $ +``` ## Servers The /servers URI is used to retrieve information for each of the servers defined within the MaxScale configuration. This information includes the connection count and the current status as monitored by MaxScale. The connection count is only those connections made by MaxScale to those servers. +``` $ curl http://maxscale.mariadb.com:8003/servers [ { "Server" : "server1", "Address" : "127.0.0.1", "Port" : 3306, "Connections" : 0, "Status" : "Running"}, { "Server" : "server2", "Address" : "127.0.0.1", "Port" : 3307, "Connections" : 0, "Status" : "Down"}, { "Server" : "server3", "Address" : "127.0.0.1", "Port" : 3308, "Connections" : 0, "Status" : "Down"}, { "Server" : "server4", "Address" : "127.0.0.1", "Port" : 3309, "Connections" : 0, "Status" : "Down"}] $ +``` ## Event Times The /event/times URI returns an array of statistics that reflect the performance of the event queuing and execution portion of the MaxScale core. Each element is an object that represents a time bucket, in 100ms increments, with the counts representing the number of events that were in the event queue for the length of time that row represents and the number of events that were executing of the time indicated by the object. +``` $ curl http://maxscale.mariadb.com:8003/event/times [ { "Duration" : "< 100ms", "No. Events Queued" : 64, "No. Events Executed" : 63}, { "Duration" : " 100 - 200ms", "No. Events Queued" : 0, "No. Events Executed" : 0}, @@ -510,3 +558,4 @@ The /event/times URI returns an array of statistics that reflect the performance { "Duration" : "2700 - 2800ms", "No. Events Queued" : 0, "No. Events Executed" : 0}, { "Duration" : "2800 - 2900ms", "No. Events Queued" : 0, "No. Events Executed" : 0}, { "Duration" : "> 3000ms", "No. Events Queued" : 0, "No. Events Executed" : 0}] +``` diff --git a/Documentation/Tutorials/MySQL-Replication-Connection-Routing-Tutorial.md b/Documentation/Tutorials/MySQL-Replication-Connection-Routing-Tutorial.md index aac084f7b..8158bfa76 100644 --- a/Documentation/Tutorials/MySQL-Replication-Connection-Routing-Tutorial.md +++ b/Documentation/Tutorials/MySQL-Replication-Connection-Routing-Tutorial.md @@ -36,6 +36,7 @@ The first user required must be able to select data from the table mysql.user, t 2. Create the user, substituting the username, password and host on which maxscale runs within your environment +``` MariaDB [(none)]> create user '*username*'@'*maxscalehost*' identified by '*password*'; **Query OK, 0 rows affected (0.00 sec)** @@ -45,9 +46,11 @@ MariaDB [(none)]> create user '*username*'@'*maxscalehost*' identified by '*pass MariaDB [(none)]> grant SELECT on mysql.user to '*username*'@'*maxscalehost*'; **Query OK, 0 rows affected (0.03 sec)** +``` Additionally, GRANT SELECT on the mysql.db table and SHOW DATABASES privileges are required in order to load databases name and grants suitable for database name authorization. +``` MariaDB [(none)]> GRANT SELECT ON mysql.db TO 'username'@'maxscalehost'; **Query OK, 0 rows affected (0.00 sec)** @@ -55,9 +58,11 @@ MariaDB [(none)]> GRANT SELECT ON mysql.db TO 'username'@'maxscalehost'; MariaDB [(none)]> GRANT SHOW DATABASES ON *.* TO 'username'@'maxscalehost'; **Query OK, 0 rows affected (0.00 sec)** +``` The second user is used to monitored the state of the cluster. This user, which may be the same username as the first, requires permissions to access the various sources of monitoring data. In order to monitor a replication cluster this user must be granted the roles REPLICATION SLAVE and REPLICATION CLIENT +``` MariaDB [(none)]> grant REPLICATION SLAVE on *.* to '*username*'@'*maxscalehost*'; **Query OK, 0 rows affected (0.00 sec)** @@ -65,220 +70,174 @@ MariaDB [(none)]> grant REPLICATION SLAVE on *.* to '*username*'@'*maxscalehost* MariaDB [(none)]> grant REPLICATION CLIENT on *.* to '*username*'@'*maxscalehost*'; **Query OK, 0 rows affected (0.00 sec)** +``` If you wish to use two different usernames for the two different roles of monitoring and collecting user information then create a different username using the first two steps from above. ## Creating Your MaxScale Configuration -MaxScale configuration is held in an ini file that is located in the file MaxScale.cnf in the directory $MAXSCALE_HOME/etc, if you have installed in the default location then this file is available in /usr/local/mariadb/maxscle/etc/MaxScale.cnf. This is not created as part of the installation process and must be manually created. A template file does exist within this directory that may be use as a basis for your configuration. +MaxScale configuration is held in an ini file that is located in the file MaxScale.cnf in the directory /etc. This is not created as part of the installation process and must be manually created. A template file does exist in the `/usr/share/maxscale` folder that can be use as a basis for your configuration. A global, maxscale, section is included within every MaxScale configuration file; this is used to set the values of various MaxScale wide parameters, perhaps the most important of these is the number of threads that MaxScale will use to execute the code that forwards requests and handles responses for clients. +``` [maxscale] - threads=4 +``` Since we are using MySQL Replication and connection routing we want two different ports to which the client application can connect; one that will be directed to the current master within the replication cluster and another that will load balance between the slaves. To achieve this within MaxScale we need to define two services in the ini file; one for the read/write operations that should be executed on the master server and another for connections to one of the slaves. Create a section for each in your MaxScale.ini file and set the type to service, the section names are the names of the services themselves and should be meaningful to the administrator. Names may contain whitespace. +``` [Write Service] - type=service [Read Service] - type=service +``` The router for these two sections is identical, the readconnroute module, also the services should be provided with the list of servers that will be part of the cluster. The server names given here are actually the names of server sections in the configuration file and not the physical hostnames or addresses of the servers. +``` [Write Service] - type=service - router=readconnroute - servers=dbserv1, dbserv2, dbserv3 [Read Service] - type=service - router=readconnroute - servers=dbserv1, dbserv2, dbserv3 +``` In order to instruct the router to which servers it should route we must add router options to the service. The router options are compared to the status that the monitor collects from the servers and used to restrict the eligible set of servers to which that service may route. In our case we use the two options master and slave for our two services. +``` [Write Service] - type=service - router=readconnroute - router_options=master - servers=dbserv1, dbserv2, dbserv3 [Read Service] - type=service - router=readconnroute - router_options=slave - servers=dbserv1, dbserv2, dbserv3 +``` The final step in the service sections is to add the username and password that will be used to populate the user data from the database cluster. There are two options for representing the password, either plain text or encrypted passwords may be used. In order to use encrypted passwords a set of keys must be generated that will be used by the encryption and decryption process. To generate the keys use the maxkeys command and pass the name of the secrets file in which the keys are stored. -% maxkeys /usr/local/mariadb-maxscale/etc/.secrets - -% +``` +maxkeys /usr/local/mariadb-maxscale/etc/.secrets +``` Once the keys have been created the maxpasswd command can be used to generate the encrypted password. -% maxpasswd plainpassword - +``` +maxpasswd plainpassword 96F99AA1315BDC3604B006F427DD9484 - -% +``` The username and password, either encrypted or plain text, are stored in the service section using the user and passwd parameters. +``` [Write Service] - type=service - router=readconnroute - router_options=master - servers=dbserv1, dbserv2, dbserv3 - user=maxscale - passwd=96F99AA1315BDC3604B006F427DD9484 [Read Service] - type=service - router=readconnroute - router_options=slave - servers=dbserv1, dbserv2, dbserv3 - user=maxscale - passwd=96F99AA1315BDC3604B006F427DD9484 +``` This completes the definitions required by the services, however listening ports must be associated with the services in order to allow network connections. This is done by creating a series of listener sections. These sections again are named for the convenience of the administrator and should be of type listener with an entry labeled service which contains the name of the service to associate the listener with. Each service may have multiple listeners. +``` [Write Listener] - type=listener - service=Write Service [Read Listener] - type=listener - service=Read Service +``` A listener must also define the protocol module it will use for the incoming network protocol, currently this should be the MySQLClient protocol for all database listeners. The listener may then supply a network port to listen on and/or a socket within the file system. +``` [Write Listener] - type=listener - service=Write Service - protocol=MySQLClient - port=4306 - socket=/tmp/ClusterMaster [Read Listener] - type=listener - service=Read Service - protocol=MySQLClient - port=4307 +``` An address parameter may be given if the listener is required to bind to a particular network address when using hosts with multiple network addresses. The default behavior is to listen on all network interfaces. The next stage is the configuration is to define the server information. This defines how to connect to each of the servers within the cluster, again a section is created for each server, with the type set to server, the network address and port to connect to and the protocol to use to connect to the server. Currently the protocol for all database connections in MySQLBackend. +``` [dbserv1] - type=server - address=192.168.2.1 - port=3306 - protocol=MySQLBackend [dbserv2] - type=server - address=192.168.2.2 - port=3306 - protocol=MySQLBackend [dbserv3] - type=server - address=192.168.2.3 - port=3306 - protocol=MySQLBackend +``` In order for MaxScale to monitor the servers using the correct monitoring mechanisms a section should be provided that defines the monitor to use and the servers to monitor. Once again a section is created with a symbolic name for the monitor, with the type set to monitor. Parameters are added for the module to use, the list of servers to monitor and the username and password to use when connecting to the the servers with the monitor. +``` [Replication Monitor] - type=monitor - module=mysqlmon - servers=dbserv1, dbserv2, dbserv3 - user=maxscale - passwd=96F99AA1315BDC3604B006F427DD9484 +``` As with the password definition in the server either plain text or encrypted passwords may be used. The final stage in the configuration is to add the option service which is used by the maxadmin command to connect to MaxScale for monitoring and administration purposes. This creates a service section and a listener section. +``` [CLI] - type=service - router=cli [CLI Listener] - type=listener - service=CLI - protocol=maxscaled - address=localhost - port=6603 +``` In the case of the example above it should be noted that an address parameter has been given to the listener, this limits connections to maxadmin commands that are executed on the same machine that hosts MaxScale. @@ -286,14 +245,19 @@ In the case of the example above it should be noted that an address parameter ha Upon completion of the configuration process MaxScale is ready to be started for the first time. This may either be done manually by running the maxscale command or via the service interface. -% maxscale +``` +maxscale +``` or -% service maxscale start +``` +service maxscale start +``` -Check the error log in /usr/local/mariadb-maxscale/log to see if any errors are detected in the configuration file and to confirm MaxScale has been started. Also the maxadmin command may be used to confirm that MaxScale is running and the services, listeners etc have been correctly configured. +Check the error log in /var/log/lomaxscale/ to see if any errors are detected in the configuration file and to confirm MaxScale has been started. Also the maxadmin command may be used to confirm that MaxScale is running and the services, listeners etc have been correctly configured. +``` % maxadmin -pmariadb list services Services. @@ -349,6 +313,7 @@ CLI | maxscaled | localhost | 6603 | Running ---------------------+--------------------+-----------------+-------+-------- % +``` -MaxScale is now ready to start accepting client connections and routing them to the master or slaves within your cluster. Other configuration options are available that can alter the criteria used for routing, these include monitoring the replication lag within the cluster and routing only to slaves that are within a predetermined delay from the current master or using weights to obtain unequal balancing operations. These options may be found in the MaxScale Configuration Guide. More detail on the use of maxadmin can be found in the document "MaxAdmin - The MaxScale Administration & Monitoring Client Application". +MaxScale is now ready to start accepting client connections and routing them to the master or slaves within your cluster. Other configuration options are available that can alter the criteria used for routing, these include monitoring the replication lag within the cluster and routing only to slaves that are within a predetermined delay from the current master or using weights to obtain unequal balancing operations. These options may be found in the MaxScale Configuration Guide. More detail on the use of maxadmin can be found in the document [MaxAdmin - The MaxScale Administration & Monitoring Client Application](Administration-Tutorial.md). diff --git a/Documentation/Tutorials/MySQL-Replication-Read-Write-Splitting-Tutorial.md b/Documentation/Tutorials/MySQL-Replication-Read-Write-Splitting-Tutorial.md index 54e5412be..b34fcf71e 100644 --- a/Documentation/Tutorials/MySQL-Replication-Read-Write-Splitting-Tutorial.md +++ b/Documentation/Tutorials/MySQL-Replication-Read-Write-Splitting-Tutorial.md @@ -70,7 +70,7 @@ If you wish to use two different usernames for the two different roles of monito ## Creating Your MaxScale Configuration -MaxScale configuration is held in an ini file that is located in the file MaxScale.cnf in the directory $MAXSCALE_HOME/etc, if you have installed in the default location then this file is available in /usr/local/mariadb-maxscale/etc/MaxScale.cnf. This is not created as part of the installation process and must be manually created. A template file does exist within this directory that may be use as a basis for your configuration. +MaxScale configuration is held in an ini file that is located in the file MaxScale.cnf in the directory /etc, if you have installed in the default location then this file is available in /usr/local/mariadb-maxscale/etc/MaxScale.cnf. This is not created as part of the installation process and must be manually created. A template file does exist within this directory that may be use as a basis for your configuration. A global, maxscale, section is included within every MaxScale configuration file; this is used to set the values of various MaxScale wide parameters, perhaps the most important of these is the number of threads that MaxScale will use to execute the code that forwards requests and handles responses for clients. diff --git a/Documentation/Tutorials/Replication-Proxy-Binlog-Router-Tutorial.md b/Documentation/Tutorials/Replication-Proxy-Binlog-Router-Tutorial.md index f07fd13a3..3f61638d1 100644 --- a/Documentation/Tutorials/Replication-Proxy-Binlog-Router-Tutorial.md +++ b/Documentation/Tutorials/Replication-Proxy-Binlog-Router-Tutorial.md @@ -84,7 +84,7 @@ This optional parameter allows for the administrator to define the number of the ### binlogdir -This parameter allows the location that MaxScale uses to store binlog files to be set. If this parameter is not set to a directory name then MaxScale will store the binlog files in the directory $MAXSCALE_HOME/. +This parameter allows the location that MaxScale uses to store binlog files to be set. If this parameter is not set to a directory name then MaxScale will store the binlog files in the directory /var/cache/maxscale/. ### heartbeat diff --git a/Documentation/filters/Query-Log-All-Filter.md b/Documentation/filters/Query-Log-All-Filter.md index e0c71e13f..87ea620c8 100644 --- a/Documentation/filters/Query-Log-All-Filter.md +++ b/Documentation/filters/Query-Log-All-Filter.md @@ -6,7 +6,7 @@ The Query Log All (QLA) filter is a filter module for MaxScale that is ## Configuration -The configuration block for the QLA filter requires the minimal filter options in it's section within the MaxScale.cnf file, stored in $MAXSCALE_HOME/etc/MaxScale.cnf. +The configuration block for the QLA filter requires the minimal filter options in it's section within the MaxScale.cnf file, stored in /etc/MaxScale.cnf. ``` [MyLogFilter] type=filter diff --git a/Documentation/filters/RabbitMQ-Filter.md b/Documentation/filters/RabbitMQ-Filter.md index f23313d0d..4068ceec5 100644 --- a/Documentation/filters/RabbitMQ-Filter.md +++ b/Documentation/filters/RabbitMQ-Filter.md @@ -5,7 +5,7 @@ This filter is designed to extract queries and transform them into a canonical f ## Configuration -The configuration block for the **mqfilter** filter requires the minimal filter options in it’s section within the MaxScale.cnf file, stored in $MAXSCALE_HOME/etc/MaxScale.cnf. Although the filter will start, it will use the default values which only work with a freshly installed RabbitMQ server and use its default values. This setup is mostly intended for testing the filter. +The configuration block for the **mqfilter** filter requires the minimal filter options in it’s section within the MaxScale.cnf file, stored in /etc/MaxScale.cnf. Although the filter will start, it will use the default values which only work with a freshly installed RabbitMQ server and use its default values. This setup is mostly intended for testing the filter. The following is an example of a mqfilter configuration in the MaxScale.cnf file used for actual logging of queries to a RabbitMQ broker on a different host. diff --git a/Documentation/filters/Regex-Filter.md b/Documentation/filters/Regex-Filter.md index 2d5ecd96d..e5a6744f2 100644 --- a/Documentation/filters/Regex-Filter.md +++ b/Documentation/filters/Regex-Filter.md @@ -6,7 +6,7 @@ The regex filter is a filter module for MaxScale that is able to rewrite query c # Configuration -The configuration block for the Regex filter requires the minimal filter options in it’s section within the MaxScale.cnf file, stored in $MAXSCALE_HOME/etc/MaxScale.cnf. +The configuration block for the Regex filter requires the minimal filter options in it’s section within the MaxScale.cnf file, stored in /etc/MaxScale.cnf. ``` [MyRegexFilter] diff --git a/Documentation/filters/Tee-Filter.md b/Documentation/filters/Tee-Filter.md index a8a95a5cc..868886ceb 100644 --- a/Documentation/filters/Tee-Filter.md +++ b/Documentation/filters/Tee-Filter.md @@ -6,7 +6,7 @@ The tee filter is a filter module for MaxScale is a "plumbing" fitting in the Ma # Configuration -The configuration block for the TEE filter requires the minimal filter parameters in it’s section within the MaxScale.cnf file, stored in $MAXSCALE_HOME/etc/MaxScale.cnf, that defines the filter to load and the service to send the duplicates to. Currently the tee filter does not support multi-statements. +The configuration block for the TEE filter requires the minimal filter parameters in it’s section within the MaxScale.cnf file, stored in /etc/MaxScale.cnf, that defines the filter to load and the service to send the duplicates to. Currently the tee filter does not support multi-statements. ``` [DataMartFilter] diff --git a/Documentation/filters/Top-N-Filter.md b/Documentation/filters/Top-N-Filter.md index d51ca43db..f52a6bedd 100644 --- a/Documentation/filters/Top-N-Filter.md +++ b/Documentation/filters/Top-N-Filter.md @@ -6,7 +6,7 @@ The top filter is a filter module for MaxScale that monitors every SQL statement # Configuration -The configuration block for the TOP filter requires the minimal filter options in it’s section within the MaxScale.cnf file, stored in $MAXSCALE_HOME/etc/MaxScale.cnf. +The configuration block for the TOP filter requires the minimal filter options in it’s section within the MaxScale.cnf file, stored in /etc/MaxScale.cnf. ``` [MyLogFilter] diff --git a/cmake/install_layout.cmake b/cmake/install_layout.cmake index 821b2c474..1425b4d49 100644 --- a/cmake/install_layout.cmake +++ b/cmake/install_layout.cmake @@ -3,18 +3,12 @@ # STANDALONE - Installs to /usr/local/mariadb-maxscale # RPM - Installs to /usr # DEB - Installs to /usr -if(${TYPE} MATCHES "STANDALONE") +include(GNUInstallDirs) - set(CMAKE_INSTALL_PREFIX "/usr/local/mariadb-maxscale" CACHE PATH "Prefix prepended to install directories.") - - # RPM and DEB are the same until differences are found -else() - set(CMAKE_INSTALL_PREFIX "/usr" CACHE PATH "Prefix prepended to install directories.") -endif() - -set(MAXSCALE_LIBDIR lib64/maxscale CACHE PATH "Library installation path") -set(MAXSCALE_BINDIR bin CACHE PATH "Executable installation path") -set(MAXSCALE_SHAREDIR share/maxscale CACHE PATH "Share file installation path, includes licence and readme files") -set(MAXSCALE_DOCDIR share/doc/maxscale CACHE PATH "Documentation installation path, text versions only") -set(MAXSCALE_CONFDIR etc CACHE PATH "Configuration file installation path, this is not usually needed") +set(MAXSCALE_LIBDIR ${CMAKE_INSTALL_LIBDIR}/maxscale CACHE PATH "Library installation path") +set(MAXSCALE_BINDIR ${CMAKE_INSTALL_BINDIR} CACHE PATH "Executable installation path") +set(MAXSCALE_SHAREDIR ${CMAKE_INSTALL_DATADIR}/maxscale CACHE PATH "Share file installation path, includes licence and readme files") +set(MAXSCALE_DOCDIR ${CMAKE_INSTALL_DOCDIR}/maxscale CACHE PATH "Documentation installation path, text versions only") +set(MAXSCALE_CONFDIR ${CMAKE_INSTALL_SYSCONFDIR} CACHE PATH "Configuration file installation path, this is not usually needed") +set(MAXSCALE_VARDIR /var CACHE PATH "Data file path (usually /var/)") diff --git a/server/core/gateway.c b/server/core/gateway.c index a4901ec23..f24cf8a11 100644 --- a/server/core/gateway.c +++ b/server/core/gateway.c @@ -505,15 +505,9 @@ static bool resolve_maxscale_conf_fname( * directory. * '-f MaxScale.cnf' */ - home_etc_dir = (char*)malloc(strlen(home_dir)+strlen("/etc")+1); - snprintf(home_etc_dir, - strlen(home_dir)+strlen("/etc")+1, - "%s/etc", - home_dir); *cnf_full_path = get_expanded_pathname(NULL, - home_etc_dir, + home_dir, cnf_file_arg); - free(home_etc_dir); if (*cnf_full_path != NULL) { @@ -1026,11 +1020,11 @@ static void usage(void) " -L|--logdir=... path to log file directory\n" " (default: /var/log/maxscale)\n" " -D|--datadir=... path to data directory\n" - " (default: /var/lib/maxscale)\n" + " (default: /usr/lib64/maxscale)\n" " -C|--configdir=... path to configuration file directory\n" " (default: /etc/)\n" - " -B|--libdir=... path to module directory\n" - " (default: /var/lib/maxscale)\n" + " -B|--libdir=... path to module directory\n" + " (default: /usr/lib64/maxscale)\n" " -A|--cachedir=... path to cache directory\n" " (default: /var/cache/maxscale)\n" " -s|--syslog= log messages to syslog.\n" @@ -1588,63 +1582,6 @@ int main(int argc, char **argv) sprintf(mysql_home, "%s/mysql", cachedir); setenv("MYSQL_HOME", mysql_home, 1); - /*< - * If MaxScale home directory wasn't set by command-line argument. - * Next, resolve it from environment variable and further on, - * try to use default. - */ -/* - - if (home_dir == NULL) - { - if (!resolve_maxscale_homedir(&home_dir)) - { - ss_dassert(home_dir != NULL); - rc = MAXSCALE_HOMELESS; - goto return_main; - } - - } - else - { - char* log_context = strdup("Home directory command-line argument"); - char* errstr; - - errstr = check_dir_access(home_dir,true,true); - - if (errstr != NULL) - { - char* logstr = (char*)malloc(strlen(log_context)+ - 1+ - strlen(errstr)+ - 1); - - snprintf(logstr, - strlen(log_context)+ - 1+ - strlen(errstr)+1, - "%s: %s", - log_context, - errstr); - - print_log_n_stderr(true, true, logstr, logstr, 0); - - free(errstr); - free(logstr); - rc = MAXSCALE_HOMELESS; - goto return_main; - } - else if (!daemon_mode) - { - fprintf(stderr, - "Using %s as MAXSCALE_HOME = %s\n", - log_context, - home_dir); - } - free(log_context); - } -*/ - /** * Resolve the full pathname for configuration file and check for * read accessibility. diff --git a/server/include/gw.h b/server/include/gw.h index e210fcfa2..b51bb0e2a 100644 --- a/server/include/gw.h +++ b/server/include/gw.h @@ -1,5 +1,25 @@ #ifndef _GW_HG #define _GW_HG + +/* + * This file is distributed as part of the MariaDB Corporation MaxScale. It is free + * software: you can redistribute it and/or modify it under the terms of the + * GNU General Public License as published by the Free Software Foundation, + * version 2. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 51 + * Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Copyright MariaDB Corporation Ab 2013-2014 + */ + + #include #include #include @@ -19,17 +39,7 @@ #include #include #include - -/** Default file locations */ -static const char* default_cnf_fname = "MaxScale.cnf"; -static const char* default_configdir = "/etc/"; -static const char* default_logdir = "/var/log/maxscale/"; -static const char* default_datadir = "/var/cache/maxscale/"; -static const char* default_libdir = "/lib64/maxscale/"; -static const char* default_cachedir = "/var/cache/maxscale/"; -static const char* default_langdir = "/usr/share/mysql/english/"; /*< This is where the MariaDB - * server installs errmsg.sys */ -static const char* default_piddir = "/var/run/maxscale/"; +#include #define EXIT_FAILURE 1 diff --git a/server/include/gwdirs.h.in b/server/include/gwdirs.h.in new file mode 100644 index 000000000..3bc6c3f67 --- /dev/null +++ b/server/include/gwdirs.h.in @@ -0,0 +1,33 @@ +#ifndef _GW_DIRS_HG +#define _GW_DIRS_HG + +/* + * This file is distributed as part of the MariaDB Corporation MaxScale. It is free + * software: you can redistribute it and/or modify it under the terms of the + * GNU General Public License as published by the Free Software Foundation, + * version 2. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 51 + * Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Copyright MariaDB Corporation Ab 2015 + */ + +/** Default file locations, configured by CMake */ +static const char* default_cnf_fname = "MaxScale.cnf"; +static const char* default_configdir = "/etc/"; +static const char* default_piddir = "/var/run/maxscale/"; +static const char* default_logdir = "/var/log/maxscale/"; +static const char* default_datadir = "/var/cache/maxscale/"; +static const char* default_libdir = "@CMAKE_INSTALL_PREFIX@/@MAXSCALE_LIBDIR@"; +static const char* default_cachedir = "/var/cache/maxscale/"; +static const char* default_langdir = "/usr/share/mysql/english/"; /*< This is where the MariaDB + * server installs errmsg.sys */ + +#endif From 9eeec2e9d3f131b038c2977f24c8d39f199c71aa Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Sun, 26 Apr 2015 11:41:02 +0300 Subject: [PATCH 007/119] Added FindJemalloc.cmake --- CMakeLists.txt | 2 +- cmake/FindJemalloc.cmake | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 cmake/FindJemalloc.cmake diff --git a/CMakeLists.txt b/CMakeLists.txt index 564cb43a5..34d2767ea 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -38,7 +38,7 @@ find_package(MySQLClient) find_package(MySQL) find_package(Pandoc) find_package(TCMalloc) - +find_package(Jemalloc) # You can find the variables set by this in the FindCURL.cmake file # which is a default module in CMake. find_package(CURL) diff --git a/cmake/FindJemalloc.cmake b/cmake/FindJemalloc.cmake new file mode 100644 index 000000000..3bea2d5a0 --- /dev/null +++ b/cmake/FindJemalloc.cmake @@ -0,0 +1,11 @@ +# this CMake file defines the following variables +# JEMALLOC_FOUND - Jemalloc was found +# JEMALLOC_LIBRARIES - Jemalloc library +find_library(JEMALLOC_LIBRARIES NAMES jemalloc libjemalloc.so.4 libjemalloc.so.4.2.2) +if(JEMALLOC_LIBRARIES) + set(JEMALLOC_FOUND TRUE CACHE INTERNAL "") + message(STATUS "Found libjemalloc: ${JEMALLOC_LIBRARIES}") +else() + set(JEMALLOC_FOUND FALSE CACHE INTERNAL "") + message(STATUS "Could not find libjemalloc, using system default malloc instead.") +endif() From 49907ffdea3f5caf62bd6dddcf6d1fb87de81e7b Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Mon, 27 Apr 2015 05:57:16 +0300 Subject: [PATCH 008/119] Added optional jemalloc linkage. --- server/core/CMakeLists.txt | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/server/core/CMakeLists.txt b/server/core/CMakeLists.txt index ead8560d3..36d87865f 100644 --- a/server/core/CMakeLists.txt +++ b/server/core/CMakeLists.txt @@ -1,7 +1,9 @@ if(BUILD_TESTS OR BUILD_TOOLS) file(GLOB FULLCORE_SRC *.c) add_library(fullcore STATIC ${FULLCORE_SRC}) - if(WITH_TCMALLOC) + if(WITH_JEMALLOC) + target_link_libraries(fullcore ${JEMALLOC_LIBRARIES}) + elseif(WITH_TCMALLOC) target_link_libraries(fullcore ${TCMALLOC_LIBRARIES}) endif() target_link_libraries(fullcore ${CURL_LIBRARIES} log_manager utils pthread ${EMBEDDED_LIB} ${PCRE_LINK_FLAGS} ssl aio rt crypt dl crypto inih z m stdc++) @@ -13,7 +15,9 @@ add_executable(maxscale atomic.c buffer.c spinlock.c gateway.c monitor.c adminusers.c secrets.c filter.c modutil.c hint.c housekeeper.c memlog.c resultset.c) -if(WITH_TCMALLOC) +if(WITH_JEMALLOC) + target_link_libraries(maxscale ${JEMALLOC_LIBRARIES}) +elseif(WITH_TCMALLOC) target_link_libraries(maxscale ${TCMALLOC_LIBRARIES}) endif() From 41ddc6fbfda25356be73aa9050e9176544ca7117 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Mon, 27 Apr 2015 09:43:22 +0300 Subject: [PATCH 009/119] Switched over to gwbuf_clone_portion in modutils_get_complete_packets. Conflicts: server/core/modutil.c --- server/core/modutil.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/server/core/modutil.c b/server/core/modutil.c index 82890e334..c01c7623a 100644 --- a/server/core/modutil.c +++ b/server/core/modutil.c @@ -538,7 +538,7 @@ return_packetbuf: GWBUF* modutil_get_complete_packets(GWBUF** p_readbuf) { GWBUF *buff = NULL, *packet; - uint8_t *ptr,*end; + uint8_t *ptr; int len,blen,total = 0; if(p_readbuf == NULL || (*p_readbuf) == NULL || @@ -583,7 +583,6 @@ GWBUF* modutil_get_complete_packets(GWBUF** p_readbuf) "Error: Failed to partially clone buffer."); return NULL; } - gwbuf_consume(packet,total); return buff; } @@ -841,4 +840,4 @@ int modutil_count_statements(GWBUF* buffer) } return num; -} \ No newline at end of file +} From d5682bf7c089a486bcc18cb2f04c79331182fe58 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Mon, 27 Apr 2015 10:10:55 +0300 Subject: [PATCH 010/119] Removed file globbing in the core CMake file and used explicit names instead. --- server/core/CMakeLists.txt | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/server/core/CMakeLists.txt b/server/core/CMakeLists.txt index 36d87865f..218d2b0c4 100644 --- a/server/core/CMakeLists.txt +++ b/server/core/CMakeLists.txt @@ -1,6 +1,5 @@ if(BUILD_TESTS OR BUILD_TOOLS) - file(GLOB FULLCORE_SRC *.c) - add_library(fullcore STATIC ${FULLCORE_SRC}) + add_library(fullcore STATIC adminusers.c atomic.c config.c dbusers.c dcb.c filter.c gwbitmask.c gw_utils.c hashtable.c hint.c housekeeper.c load_utils.c memlog.x modutil.c monitor.c poll.c resultset.c secrets.c server.c service.c session.c spinlock.c thread.c users.c utils.c) if(WITH_JEMALLOC) target_link_libraries(fullcore ${JEMALLOC_LIBRARIES}) elseif(WITH_TCMALLOC) From 97653e98faa1cb73113354a7bfad0e5de712f188 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Mon, 27 Apr 2015 10:14:47 +0300 Subject: [PATCH 011/119] Fixed a typo in the core CMakeLists.txt --- server/core/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/core/CMakeLists.txt b/server/core/CMakeLists.txt index 218d2b0c4..25bf74c35 100644 --- a/server/core/CMakeLists.txt +++ b/server/core/CMakeLists.txt @@ -1,5 +1,5 @@ if(BUILD_TESTS OR BUILD_TOOLS) - add_library(fullcore STATIC adminusers.c atomic.c config.c dbusers.c dcb.c filter.c gwbitmask.c gw_utils.c hashtable.c hint.c housekeeper.c load_utils.c memlog.x modutil.c monitor.c poll.c resultset.c secrets.c server.c service.c session.c spinlock.c thread.c users.c utils.c) + add_library(fullcore STATIC adminusers.c atomic.c config.c dbusers.c dcb.c filter.c gwbitmask.c gw_utils.c hashtable.c hint.c housekeeper.c load_utils.c memlog.c modutil.c monitor.c poll.c resultset.c secrets.c server.c service.c session.c spinlock.c thread.c users.c utils.c) if(WITH_JEMALLOC) target_link_libraries(fullcore ${JEMALLOC_LIBRARIES}) elseif(WITH_TCMALLOC) From 2fce1144830a06c474c3a6a19b4a73c0849e0408 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Mon, 27 Apr 2015 10:17:55 +0300 Subject: [PATCH 012/119] Added missing buffer.c from fullcore static lib. --- server/core/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/core/CMakeLists.txt b/server/core/CMakeLists.txt index 25bf74c35..52ebf2b1e 100644 --- a/server/core/CMakeLists.txt +++ b/server/core/CMakeLists.txt @@ -1,5 +1,5 @@ if(BUILD_TESTS OR BUILD_TOOLS) - add_library(fullcore STATIC adminusers.c atomic.c config.c dbusers.c dcb.c filter.c gwbitmask.c gw_utils.c hashtable.c hint.c housekeeper.c load_utils.c memlog.c modutil.c monitor.c poll.c resultset.c secrets.c server.c service.c session.c spinlock.c thread.c users.c utils.c) + add_library(fullcore STATIC adminusers.c atomic.c config.c buffer.c dbusers.c dcb.c filter.c gwbitmask.c gw_utils.c hashtable.c hint.c housekeeper.c load_utils.c memlog.c modutil.c monitor.c poll.c resultset.c secrets.c server.c service.c session.c spinlock.c thread.c users.c utils.c) if(WITH_JEMALLOC) target_link_libraries(fullcore ${JEMALLOC_LIBRARIES}) elseif(WITH_TCMALLOC) From 0cfcad55dad5e03cb6ee4b62ab23c07368b5d3c3 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Mon, 27 Apr 2015 11:06:11 +0300 Subject: [PATCH 013/119] Moved get_libdir function to its own file. --- server/core/CMakeLists.txt | 4 ++-- server/core/gateway.c | 15 ++------------- server/core/gwdirs.c | 10 ++++++++++ server/include/gwdirs.h.in | 10 ++++++++++ 4 files changed, 24 insertions(+), 15 deletions(-) create mode 100644 server/core/gwdirs.c diff --git a/server/core/CMakeLists.txt b/server/core/CMakeLists.txt index 52ebf2b1e..c952f5a1a 100644 --- a/server/core/CMakeLists.txt +++ b/server/core/CMakeLists.txt @@ -1,5 +1,5 @@ if(BUILD_TESTS OR BUILD_TOOLS) - add_library(fullcore STATIC adminusers.c atomic.c config.c buffer.c dbusers.c dcb.c filter.c gwbitmask.c gw_utils.c hashtable.c hint.c housekeeper.c load_utils.c memlog.c modutil.c monitor.c poll.c resultset.c secrets.c server.c service.c session.c spinlock.c thread.c users.c utils.c) + add_library(fullcore STATIC adminusers.c atomic.c config.c buffer.c dbusers.c dcb.c filter.c gwbitmask.c gw_utils.c hashtable.c hint.c housekeeper.c load_utils.c memlog.c modutil.c monitor.c poll.c resultset.c secrets.c server.c service.c session.c spinlock.c thread.c users.c utils.c gwdirs.c) if(WITH_JEMALLOC) target_link_libraries(fullcore ${JEMALLOC_LIBRARIES}) elseif(WITH_TCMALLOC) @@ -12,7 +12,7 @@ add_executable(maxscale atomic.c buffer.c spinlock.c gateway.c gw_utils.c utils.c dcb.c load_utils.c session.c service.c server.c poll.c config.c users.c hashtable.c dbusers.c thread.c gwbitmask.c monitor.c adminusers.c secrets.c filter.c modutil.c hint.c - housekeeper.c memlog.c resultset.c) + housekeeper.c memlog.c resultset.c gwdirs.c) if(WITH_JEMALLOC) target_link_libraries(maxscale ${JEMALLOC_LIBRARIES}) diff --git a/server/core/gateway.c b/server/core/gateway.c index f24cf8a11..77afe994b 100644 --- a/server/core/gateway.c +++ b/server/core/gateway.c @@ -129,11 +129,7 @@ static bool datadir_defined = false; /*< If the datadir was already set */ /* The data directory we created for this gateway instance */ static char pidfile[PATH_MAX+1] = ""; -static char* configdir = NULL; -static char* logdir = NULL; -static char* libdir = NULL; -static char* cachedir = NULL; -static char* langdir = NULL; + /** * exit flag for log flusher. */ @@ -200,14 +196,7 @@ static bool resolve_maxscale_homedir( static char* check_dir_access(char* dirname,bool,bool); -/** - * Get the directory with all the modules. - * @return The module directory - */ -char* get_libdir() -{ - return libdir; -} + /** * Handler for SIGHUP signal. Reload the configuration for the * gateway. diff --git a/server/core/gwdirs.c b/server/core/gwdirs.c new file mode 100644 index 000000000..af7edd9de --- /dev/null +++ b/server/core/gwdirs.c @@ -0,0 +1,10 @@ +#include + +/** + * Get the directory with all the modules. + * @return The module directory + */ +char* get_libdir() +{ + return libdir?libdir:(char*)default_libdir; +} diff --git a/server/include/gwdirs.h.in b/server/include/gwdirs.h.in index 3bc6c3f67..40bf3ba26 100644 --- a/server/include/gwdirs.h.in +++ b/server/include/gwdirs.h.in @@ -19,6 +19,8 @@ * Copyright MariaDB Corporation Ab 2015 */ +#include + /** Default file locations, configured by CMake */ static const char* default_cnf_fname = "MaxScale.cnf"; static const char* default_configdir = "/etc/"; @@ -30,4 +32,12 @@ static const char* default_cachedir = "/var/cache/maxscale/"; static const char* default_langdir = "/usr/share/mysql/english/"; /*< This is where the MariaDB * server installs errmsg.sys */ +static char* configdir = NULL; +static char* logdir = NULL; +static char* libdir = NULL; +static char* cachedir = NULL; +static char* langdir = NULL; + +char* get_libdir(); + #endif From bbcecc0db53b54087ad242405fb587c807ccf9a9 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Mon, 27 Apr 2015 13:10:06 +0300 Subject: [PATCH 014/119] Changed all MaxScale.cnf code references to maxscale.cnf --- CMakeLists.txt | 8 ++-- cmake/testall.cmake | 2 +- server/core/gateway.c | 42 +++++++++---------- server/core/gwdirs.c | 9 ++++ server/core/service.c | 15 +++---- server/include/gwdirs.h.in | 2 +- ...cnf => maxscale_binlogserver_template.cnf} | 0 ...ale_template.cnf => maxscale_template.cnf} | 0 server/modules/filter/test/tee_recursion.sh | 4 +- .../{MaxScale_test.cnf => maxscale_test.cnf} | 4 ++ 10 files changed, 46 insertions(+), 40 deletions(-) rename server/{MaxScale_BinlogServer_template.cnf => maxscale_binlogserver_template.cnf} (100%) rename server/{MaxScale_template.cnf => maxscale_template.cnf} (100%) rename server/test/{MaxScale_test.cnf => maxscale_test.cnf} (92%) diff --git a/CMakeLists.txt b/CMakeLists.txt index 34d2767ea..550724505 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -63,6 +63,7 @@ configure_file(${CMAKE_SOURCE_DIR}/server/include/gwdirs.h.in ${CMAKE_BINARY_DIR configure_file(${CMAKE_SOURCE_DIR}/server/test/maxscale_test.h.in ${CMAKE_BINARY_DIR}/server/include/maxscale_test.h) configure_file(${CMAKE_SOURCE_DIR}/etc/postinst.in ${CMAKE_BINARY_DIR}/postinst) configure_file(${CMAKE_SOURCE_DIR}/etc/postrm.in ${CMAKE_BINARY_DIR}/postrm) +configure_file(${CMAKE_SOURCE_DIR}/server/test/maxscale_test.cnf ${CMAKE_BINARY_DIR}/maxscale.cnf) set(FLAGS "-Wall -Wno-unused-variable -Wno-unused-function -fPIC" CACHE STRING "Compilation flags") set(DEBUG_FLAGS "-ggdb -pthread -pipe -Wformat -fstack-protector --param=ssp-buffer-size=4" CACHE STRING "Debug compilation flags") @@ -152,9 +153,9 @@ ${CMAKE_SOURCE_DIR}/Documentation/Upgrading-To-MaxScale-1.1.0.md install(FILES ${CMAKE_BINARY_DIR}/Changelog.txt DESTINATION ${MAXSCALE_SHAREDIR}) install(FILES ${CMAKE_BINARY_DIR}/ReleaseNotes.txt DESTINATION ${MAXSCALE_SHAREDIR}) install(FILES ${CMAKE_BINARY_DIR}/UpgradingToMaxScale110.txt DESTINATION ${MAXSCALE_SHAREDIR}) -install(FILES server/MaxScale_template.cnf DESTINATION ${MAXSCALE_SHAREDIR}) -install(FILES server/MaxScale_BinlogServer_template.cnf DESTINATION ${MAXSCALE_SHAREDIR}) -install(FILES ${ERRMSG} DESTINATION ${MAXSCALE_SHAREDIR}) +install(FILES server/maxscale_template.cnf DESTINATION ${MAXSCALE_SHAREDIR}) +install(FILES server/maxscale_binlogserver_template.cnf DESTINATION ${MAXSCALE_SHAREDIR}) +install(FILES ${ERRMSG} DESTINATION /usr/share/mysql/english/) install(FILES ${CMAKE_SOURCE_DIR}/COPYRIGHT DESTINATION ${MAXSCALE_SHAREDIR}) install(FILES ${CMAKE_SOURCE_DIR}/README DESTINATION ${MAXSCALE_SHAREDIR}) install(FILES ${CMAKE_SOURCE_DIR}/LICENSE DESTINATION ${MAXSCALE_SHAREDIR}) @@ -245,7 +246,6 @@ add_custom_target(buildtestsx add_custom_target(testall COMMAND ${CMAKE_COMMAND} -DDEPS_OK=Y -DBUILD_TESTS=Y -DCMAKE_BUILD_TYPE=Debug -DCMAKE_INSTALL_PREFIX=${CMAKE_BINARY_DIR} -DWITH_SCRIPTS=N ${CMAKE_SOURCE_DIR} COMMAND make install - COMMAND ${CMAKE_COMMAND} -E copy_if_different ${CMAKE_SOURCE_DIR}/server/test/MaxScale_test.cnf ${CMAKE_BINARY_DIR}/etc/MaxScale.cnf COMMAND ${CMAKE_COMMAND} -P ${CMAKE_SOURCE_DIR}/cmake/testall.cmake COMMENT "Running full test suite..." VERBATIM) diff --git a/cmake/testall.cmake b/cmake/testall.cmake index fedbdf273..1a438bc1a 100644 --- a/cmake/testall.cmake +++ b/cmake/testall.cmake @@ -1,4 +1,4 @@ -execute_process(COMMAND /bin/sh -c "${CMAKE_BINARY_DIR}/bin/maxscale -c ${CMAKE_BINARY_DIR} &>/dev/null 2> /dev/null > /dev/null") +execute_process(COMMAND /bin/sh -c "${CMAKE_BINARY_DIR}/bin/maxscale -f ${CMAKE_BINARY_DIR}/etc/maxscale.cnf &>/dev/null 2> /dev/null > /dev/null") execute_process(COMMAND make test RESULT_VARIABLE RVAL) execute_process(COMMAND killall maxscale) if(NOT RVAL EQUAL 0) diff --git a/server/core/gateway.c b/server/core/gateway.c index 77afe994b..ae6f1c5c0 100644 --- a/server/core/gateway.c +++ b/server/core/gateway.c @@ -999,29 +999,25 @@ return_cnf_file_buf: static void usage(void) { fprintf(stderr, - "\nUsage : %s [-h] | [-d] [-c ] [-f ]\n\n" - " -d|--nodaemon enable running in terminal process (default:disabled)\n" - " -c|--homedir=... relative|absolute MaxScale home directory\n" - " -f|--config=... relative|absolute pathname of MaxScale configuration file\n" - " (default: $MAXSCALE_HOME/etc/MaxScale.cnf)\n" - " -l|--log=... log to file or shared memory\n" - " -lfile or -lshm - defaults to shared memory\n" - " -L|--logdir=... path to log file directory\n" - " (default: /var/log/maxscale)\n" - " -D|--datadir=... path to data directory\n" - " (default: /usr/lib64/maxscale)\n" - " -C|--configdir=... path to configuration file directory\n" - " (default: /etc/)\n" - " -B|--libdir=... path to module directory\n" - " (default: /usr/lib64/maxscale)\n" - " -A|--cachedir=... path to cache directory\n" - " (default: /var/cache/maxscale)\n" - " -s|--syslog= log messages to syslog.\n" - " True or false - defaults to true\n" - " -S|--maxscalelog= log messages to MaxScale log.\n" - " True or false - defaults to true\n" - " -v|--version print version info and exit\n" - " -?|--help show this help\n" + "\nUsage : %s [OPTION]...\n\n" + " -d, --nodaemon enable running in terminal process (default:disabled)\n" + " -f, --config=FILE relative|absolute pathname of MaxScale configuration file\n" + " (default:/etc/maxscale.cnf)\n" + " -l, --log=[file|shm] log to file or shared memory (default: shm)\n" + " -L, --logdir=PATH path to log file directory\n" + " (default: /var/log/maxscale)\n" + " -D, --datadir=PATH path to data directory\n" + " (default: /usr/lib64/maxscale)\n" + " -C, --configdir=PATH path to configuration file directory\n" + " (default: /etc/)\n" + " -B, --libdir=PATH path to module directory\n" + " (default: /usr/lib64/maxscale)\n" + " -A, --cachedir=PATH path to cache directory\n" + " (default: /var/cache/maxscale)\n" + " -s, --syslog=[yes|no] log messages to syslog (default:yes)\n" + " -S, --maxscalelog=[yes|no] log messages to MaxScale log (default: yes)\n" + " -v, --version print version info and exit\n" + " -?, --help show this help\n" , progname); } diff --git a/server/core/gwdirs.c b/server/core/gwdirs.c index af7edd9de..9bf0185cd 100644 --- a/server/core/gwdirs.c +++ b/server/core/gwdirs.c @@ -8,3 +8,12 @@ char* get_libdir() { return libdir?libdir:(char*)default_libdir; } + +/** + * Get the service cache directory + * @return The path to the cache directory + */ +char* get_cachedir() +{ + return cachedir?cachedir:(char*)default_cachedir; +} diff --git a/server/core/service.c b/server/core/service.c index bd22117ec..d529cc54a 100644 --- a/server/core/service.c +++ b/server/core/service.c @@ -62,6 +62,7 @@ #include #include #include +#include /** Defined in log_manager.cc */ extern int lm_enabled_logfiles_bitmask; @@ -259,15 +260,11 @@ GWPROTOCOL *funcs; else { /* Save authentication data to file cache */ - char *ptr, path[4097]; + char *ptr, path[PATH_MAX + 1]; int mkdir_rval = 0; - strcpy(path, "/usr/local/mariadb-maxscale"); - if ((ptr = getenv("MAXSCALE_HOME")) != NULL) - { - strncpy(path, ptr, 4096); - } + strcpy(path, get_cachedir()); strncat(path, "/", 4096); - strncat(path, service->name, 4096); + strncat(path, service->name, PATH_MAX); if (access(path, R_OK) == -1) { mkdir_rval = mkdir(path, 0777); @@ -282,7 +279,7 @@ GWPROTOCOL *funcs; mkdir_rval = 0; } - strncat(path, "/.cache", 4096); + strncat(path, "/.cache", PATH_MAX); if (access(path, R_OK) == -1) { mkdir_rval = mkdir(path, 0777); @@ -296,7 +293,7 @@ GWPROTOCOL *funcs; strerror(errno)); mkdir_rval = 0; } - strncat(path, "/dbusers", 4096); + strncat(path, "/dbusers", PATH_MAX); dbusers_save(service->users, path); } if (loaded == 0) diff --git a/server/include/gwdirs.h.in b/server/include/gwdirs.h.in index 40bf3ba26..e62696aab 100644 --- a/server/include/gwdirs.h.in +++ b/server/include/gwdirs.h.in @@ -22,7 +22,7 @@ #include /** Default file locations, configured by CMake */ -static const char* default_cnf_fname = "MaxScale.cnf"; +static const char* default_cnf_fname = "maxscale.cnf"; static const char* default_configdir = "/etc/"; static const char* default_piddir = "/var/run/maxscale/"; static const char* default_logdir = "/var/log/maxscale/"; diff --git a/server/MaxScale_BinlogServer_template.cnf b/server/maxscale_binlogserver_template.cnf similarity index 100% rename from server/MaxScale_BinlogServer_template.cnf rename to server/maxscale_binlogserver_template.cnf diff --git a/server/MaxScale_template.cnf b/server/maxscale_template.cnf similarity index 100% rename from server/MaxScale_template.cnf rename to server/maxscale_template.cnf diff --git a/server/modules/filter/test/tee_recursion.sh b/server/modules/filter/test/tee_recursion.sh index 015bb9a8e..82a8080e2 100755 --- a/server/modules/filter/test/tee_recursion.sh +++ b/server/modules/filter/test/tee_recursion.sh @@ -49,8 +49,8 @@ USER=$3 PWD=$4 HOST=$5 PORT=$6 -CONF=$BINDIR/etc/MaxScale.cnf -OLDCONF=$BINDIR/etc/MaxScale.cnf.old +CONF=$BINDIR/etc/maxscale.cnf +OLDCONF=$BINDIR/etc/maxscale.cnf.old MAXPID=$BINDIR/log/$(ls -1 $BINDIR/log|grep maxscale) TEST1=$SRCDIR/server/modules/filter/test/tee_recursion1.cnf TEST2=$SRCDIR/server/modules/filter/test/tee_recursion2.cnf diff --git a/server/test/MaxScale_test.cnf b/server/test/maxscale_test.cnf similarity index 92% rename from server/test/MaxScale_test.cnf rename to server/test/maxscale_test.cnf index 06b783ca5..2fd6ad0d8 100644 --- a/server/test/MaxScale_test.cnf +++ b/server/test/maxscale_test.cnf @@ -1,5 +1,9 @@ [maxscale] threads=4 +libdir=@CMAKE_INSTALL_PREFIX@/@MAXSCALE_LIBDIR@ +logdir=@CMAKE_INSTALL_PREFIX@/log +datadir=@CMAKE_INSTALL_PREFIX@/data +cachedir=@CMAKE_INSTALL_PREFIX@/cache [feedback] feedback_enable=true From 55249193a9f9687f3e63b8e2fbc766b47c08938a Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Mon, 27 Apr 2015 14:30:47 +0300 Subject: [PATCH 015/119] Updated post-install scripts and binlogrouter Binlogrouter: Switched hard-coded maximum path values to PATH_MAX and used cache directory instead of MAXSCALE_HOME Scripts: Updated with new executable file paths --- etc/init.d/maxscale.in | 13 ++++---- etc/postinst.in | 1 + etc/ubuntu/init.d/maxscale.in | 9 +++-- server/core/gateway.c | 4 +-- server/modules/routing/binlog/blr_file.c | 42 +++++++++--------------- 5 files changed, 28 insertions(+), 41 deletions(-) diff --git a/etc/init.d/maxscale.in b/etc/init.d/maxscale.in index 88f026e18..c8822109c 100755 --- a/etc/init.d/maxscale.in +++ b/etc/init.d/maxscale.in @@ -18,12 +18,11 @@ ### END INIT INFO ############################################# -# MaxScale HOME, PIDFILE, LIB +# MaxScale PIDFILE and LIB ############################################# -export MAXSCALE_HOME=@CMAKE_INSTALL_PREFIX@ -export MAXSCALE_PIDFILE=$MAXSCALE_HOME/log/maxscale.pid -export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$MAXSCALE_HOME/lib +export MAXSCALE_PIDFILE=/var/run/maxscale/maxscale.pid +export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:@CMAKE_INSTALL_PREFIX@/@MAXSCALE_LIBDIR@/maxscale ############################### # LSB Exit codes (non-Status) @@ -56,7 +55,7 @@ start() { CHECK_RET=$? [ $CHECK_RET -eq 0 ] && echo -n " found $my_check" && success && CHECK_RET=0 - daemon --pidfile $MAXSCALE_PIDFILE $MAXSCALE_HOME/bin/maxscale >& /dev/null + daemon --pidfile $MAXSCALE_PIDFILE @CMAKE_INSTALL_PREFIX@/@MAXSCALE_BINDIR@/maxscale >& /dev/null RETVAL=$? [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$servicename @@ -68,7 +67,7 @@ start() { [ $CHECK_RET -eq 0 ] && echo -n $my_check && success || failure fi - # Return rigth code + # Return right code if [ $RETVAL -ne 0 ]; then failure RETVAL=$_RETVAL_NOT_RUNNING @@ -100,7 +99,7 @@ stop() { reload() { echo -n $"Reloading MaxScale: " - killproc -p $MAXSCALE_PIDFILE $MAXSCALE_HOME/bin/maxscale -HUP + killproc -p $MAXSCALE_PIDFILE @CMAKE_INSTALL_PREFIX@/@MAXSCALE_BINDIR@/maxscale -HUP RETVAL=$? echo } diff --git a/etc/postinst.in b/etc/postinst.in index c04850019..464e240f1 100755 --- a/etc/postinst.in +++ b/etc/postinst.in @@ -3,6 +3,7 @@ mkdir -p /var/log/maxscale mkdir -p /var/cache/maxscale mkdir -p /var/run/maxscale +mkdir -p @CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHARE_DIR@/ cp @CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHARE_DIR@/maxscale /etc/init.d/ cp @CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHARE_DIR@/maxscale.conf /etc/ld.so.conf.d/ /sbin/ldconfig diff --git a/etc/ubuntu/init.d/maxscale.in b/etc/ubuntu/init.d/maxscale.in index caf7d1408..9b8ff84e9 100755 --- a/etc/ubuntu/init.d/maxscale.in +++ b/etc/ubuntu/init.d/maxscale.in @@ -21,9 +21,8 @@ # MaxScale HOME, PIDFILE, LIB ############################################# -export MAXSCALE_HOME=@CMAKE_INSTALL_PREFIX@ -export MAXSCALE_PIDFILE=$MAXSCALE_HOME/log/maxscale.pid -export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$MAXSCALE_HOME/lib +export MAXSCALE_PIDFILE=/var/run/maxscale/maxscale.pid +export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:@CMAKE_INSTALL_PREFIX@/@MAXSCALE_LIBDIR@/maxscale ############################### # LSB Exit codes (non-Status) @@ -45,7 +44,7 @@ _RETVAL_STATUS_NOT_RUNNING=3 # stop/start/status related vars ################################# NAME=maxscale -DAEMON=$MAXSCALE_HOME/bin/maxscale +DAEMON=@CMAKE_INSTALL_PREFIX@/@MAXSCALE_BINDIR@/maxscale # Source function library. . /lib/lsb/init-functions @@ -82,7 +81,7 @@ reload() { } maxscale_wait_stop() { - PIDTMP=$(pidofproc -p $MAXSCALE_PIDFILE $MAXSCALE_HOME/bin/maxscale) + PIDTMP=$(pidofproc -p $MAXSCALE_PIDFILE @CMAKE_INSTALL_PREFIX@/@MAXSCALE_BINDIR@/maxscale) kill -TERM "${PIDTMP:-}" 2> /dev/null; if [ -n "${PIDTMP:-}" ] && kill -0 "${PIDTMP:-}" 2> /dev/null; then local i=0 diff --git a/server/core/gateway.c b/server/core/gateway.c index ae6f1c5c0..a5ad3e2fe 100644 --- a/server/core/gateway.c +++ b/server/core/gateway.c @@ -1006,8 +1006,8 @@ static void usage(void) " -l, --log=[file|shm] log to file or shared memory (default: shm)\n" " -L, --logdir=PATH path to log file directory\n" " (default: /var/log/maxscale)\n" - " -D, --datadir=PATH path to data directory\n" - " (default: /usr/lib64/maxscale)\n" + " -D, --datadir=PATH path to data directory, stored embedded mysql tables\n" + " (default: /var/cache/maxscale)\n" " -C, --configdir=PATH path to configuration file directory\n" " (default: /etc/)\n" " -B, --libdir=PATH path to module directory\n" diff --git a/server/modules/routing/binlog/blr_file.c b/server/modules/routing/binlog/blr_file.c index b8e201227..32fbad28c 100644 --- a/server/modules/routing/binlog/blr_file.c +++ b/server/modules/routing/binlog/blr_file.c @@ -71,7 +71,7 @@ static void blr_log_header(logfile_id_t file, char *msg, uint8_t *ptr); int blr_file_init(ROUTER_INSTANCE *router) { -char *ptr, path[PATH_MAX], filename[PATH_MAX]; +char *ptr, path[PATH_MAX+1], filename[PATH_MAX+1]; int file_found, n = 1; int root_len, i; DIR *dirp; @@ -79,12 +79,8 @@ struct dirent *dp; if (router->binlogdir == NULL) { - strcpy(path, "/usr/local/mariadb-maxscale"); - if ((ptr = getenv("MAXSCALE_HOME")) != NULL) - { - strncpy(path, ptr,PATH_MAX); - } - strncat(path, "/",PATH_MAX); + strcpy(path, get_cachedir()); + strncat(path,"/",PATH_MAX); strncat(path, router->service->name,PATH_MAX); if (access(path, R_OK) == -1) @@ -659,24 +655,20 @@ struct stat statb; void blr_cache_response(ROUTER_INSTANCE *router, char *response, GWBUF *buf) { -char path[4097], *ptr; +char path[PATH_MAX+1], *ptr; int fd; - strcpy(path, "/usr/local/mariadb-maxscale"); - if ((ptr = getenv("MAXSCALE_HOME")) != NULL) - { - strncpy(path, ptr, 4096); - } - strncat(path, "/", 4096); - strncat(path, router->service->name, 4096); + strcpy(path,get_cachedir()); + strncat(path,"/",PATH_MAX); + strncat(path, router->service->name, PATH_MAX); if (access(path, R_OK) == -1) mkdir(path, 0777); - strncat(path, "/.cache", 4096); + strncat(path, "/.cache", PATH_MAX); if (access(path, R_OK) == -1) mkdir(path, 0777); strncat(path, "/", 4096); - strncat(path, response, 4096); + strncat(path, response, PATH_MAX); if ((fd = open(path, O_WRONLY|O_CREAT|O_TRUNC, 0666)) == -1) return; @@ -697,19 +689,15 @@ GWBUF * blr_cache_read_response(ROUTER_INSTANCE *router, char *response) { struct stat statb; -char path[4097], *ptr; +char path[PATH_MAX+1], *ptr; int fd; GWBUF *buf; - strcpy(path, "/usr/local/mariadb-maxscale"); - if ((ptr = getenv("MAXSCALE_HOME")) != NULL) - { - strncpy(path, ptr, 4096); - } - strncat(path, "/", 4096); - strncat(path, router->service->name, 4096); - strncat(path, "/.cache/", 4096); - strncat(path, response, 4096); + strcpy(path, get_cachedir()); + strncat(path, "/", PATH_MAX); + strncat(path, router->service->name, PATH_MAX); + strncat(path, "/.cache/", PATH_MAX); + strncat(path, response, PATH_MAX); if ((fd = open(path, O_RDONLY)) == -1) return NULL; From 1cc6ced505c47e18757d09388b5923b4a2677abc Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Mon, 27 Apr 2015 15:06:45 +0300 Subject: [PATCH 016/119] Updated old references to MAXSCALE_HOME --- server/core/adminusers.c | 26 +++++--------------------- server/core/load_utils.c | 11 ----------- server/core/maxkeys.c | 24 +++++++++++++----------- server/include/modules.h | 1 - 4 files changed, 18 insertions(+), 44 deletions(-) diff --git a/server/core/adminusers.c b/server/core/adminusers.c index 64ea5f224..e20f9d1c3 100644 --- a/server/core/adminusers.c +++ b/server/core/adminusers.c @@ -26,6 +26,7 @@ #include #include #include +#include /** Defined in log_manager.cc */ extern int lm_enabled_logfiles_bitmask; @@ -119,12 +120,7 @@ char fname[1024], *home; char uname[80], passwd[80]; initialise(); - if ((home = getenv("MAXSCALE_HOME")) != NULL && strlen(home) < 1024){ - sprintf(fname, "%s/etc/passwd", home); - } - else{ - sprintf(fname, "/usr/local/mariadb-maxscale/etc/passwd"); - } + sprintf(fname, "%s/passwd", get_cachedir()); if ((fp = fopen(fname, "r")) == NULL) return NULL; if ((rval = users_alloc()) == NULL) @@ -155,12 +151,7 @@ FILE *fp; char fname[1024], *home, *cpasswd; initialise(); - if ((home = getenv("MAXSCALE_HOME")) != NULL && strlen(home) < 1024){ - sprintf(fname, "%s/etc/passwd", home); - } - else{ - sprintf(fname, "/usr/local/mariadb-maxscale/etc/passwd"); - } + sprintf(fname, "%s/passwd", get_cachedir()); if (users == NULL) { @@ -253,15 +244,8 @@ char* admin_remove_user( /** * Open passwd file and remove user from the file. */ - if ((home = getenv("MAXSCALE_HOME")) != NULL && - strnlen(home,PATH_MAX) < PATH_MAX && - strnlen(home,PATH_MAX) > 0) { - sprintf(fname, "%s/etc/passwd", home); - sprintf(fname_tmp, "%s/etc/passwd_tmp", home); - } else { - sprintf(fname, "/usr/local/mariadb-maxscale/etc/passwd"); - sprintf(fname_tmp, "/usr/local/mariadb-maxscale/etc/passwd_tmp"); - } + sprintf(fname, "%s/passwd", get_cachedir()); + sprintf(fname_tmp, "%s/passwd_tmp", get_cachedir()); /** * Rewrite passwd file from memory. */ diff --git a/server/core/load_utils.c b/server/core/load_utils.c index 9451f6838..7e4a10c37 100644 --- a/server/core/load_utils.c +++ b/server/core/load_utils.c @@ -105,17 +105,6 @@ WriteMemoryCallback(void *contents, size_t size, size_t nmemb, void *userp) return realsize; } -char* get_maxscale_home(void) -{ - char* home = getenv("MAXSCALE_HOME"); - if (home == NULL) - { - home = "/usr/local/mariadb-maxscale"; - } - return home; -} - - /** * Load the dynamic library related to a gateway module. The routine * will look for library files in the current directory, diff --git a/server/core/maxkeys.c b/server/core/maxkeys.c index 0d5c938ff..6cb4501ec 100644 --- a/server/core/maxkeys.c +++ b/server/core/maxkeys.c @@ -31,6 +31,7 @@ #include #include #include +#include int main(int argc, char **argv) { int arg_count = 3; @@ -52,19 +53,20 @@ int main(int argc, char **argv) return 1; } + if(access("/var/log/maxscale/maxkeys/",F_OK) != 0) + { + if(mkdir("/var/log/maxscale/maxkeys/",0777) == -1) + { + if(errno != EEXIST) + { + fprintf(stderr,"Error: %d - %s",errno,strerror(errno)); + return 1; + } + } + } arg_vector[0] = strdup("logmanager"); arg_vector[1] = strdup("-j"); - - if ((home = getenv("MAXSCALE_HOME")) != NULL) - { - arg_vector[2] = (char*)malloc((strlen(home) + strlen("/log"))*sizeof(char)); - sprintf(arg_vector[2],"%s/log",home); - } - else - { - arg_vector[2] = strdup("/usr/local/mariadb-maxscale/log"); - } - + arg_vector[2] = strdup("/var/log/maxscale/maxkeys"); arg_vector[3] = NULL; skygw_logmanager_init(arg_count,arg_vector); skygw_log_enable(LOGFILE_TRACE); diff --git a/server/include/modules.h b/server/include/modules.h index 51e10b29d..96d322402 100644 --- a/server/include/modules.h +++ b/server/include/modules.h @@ -68,7 +68,6 @@ extern void unload_all_modules(); extern void printModules(); extern void dprintAllModules(DCB *); extern RESULTSET *moduleGetList(); -extern char *get_maxscale_home(void); extern void module_feedback_send(void*); extern void moduleShowFeedbackReport(DCB *dcb); From 9e0a2bfc12f5d962b16f28b023de697f090ef0e7 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Mon, 27 Apr 2015 21:38:49 +0300 Subject: [PATCH 017/119] Changed relevant files to use get_cachedir() instead of using the now deprecated MAXSCALE_HOME. --- etc/init.d/maxscale.in | 6 +- etc/ubuntu/init.d/maxscale.in | 2 +- server/core/CMakeLists.txt | 4 +- server/core/gateway.c | 206 +--------------------- server/core/load_utils.c | 3 +- server/core/maxpasswd.c | 11 +- server/core/secrets.c | 10 +- server/core/service.c | 6 +- server/core/test/CMakeLists.txt | 15 -- server/core/test/testadminusers.c | 9 +- server/core/test/testfeedback.c | 13 +- server/include/gwdirs.h.in | 2 +- server/maxscale_binlogserver_template.cnf | 5 +- server/modules/filter/dbfwfilter.c | 12 +- server/modules/filter/test/CMakeLists.txt | 10 -- 15 files changed, 29 insertions(+), 285 deletions(-) diff --git a/etc/init.d/maxscale.in b/etc/init.d/maxscale.in index c8822109c..4ee5ce0f4 100755 --- a/etc/init.d/maxscale.in +++ b/etc/init.d/maxscale.in @@ -38,7 +38,7 @@ _RETVAL_STATUS_OK=0 _RETVAL_STATUS_NOT_RUNNING=3 # Sanity checks. -[ -x $MAXSCALE_HOME/bin/maxscale ] || exit $_RETVAL_NOT_INSTALLED +[ -x @CMAKE_INSTALL_PREFIX@/@MAXSCALE_BINDIR@/maxscale ] || exit $_RETVAL_NOT_INSTALLED # Source function library. . /etc/rc.d/init.d/functions @@ -51,7 +51,7 @@ RETVAL=0 start() { echo -n $"Starting MaxScale: " - my_check=`status -p $MAXSCALE_PIDFILE $MAXSCALE_HOME/bin/maxscale` + my_check=`status -p $MAXSCALE_PIDFILE @CMAKE_INSTALL_PREFIX@/@MAXSCALE_BINDIR@/maxscale` CHECK_RET=$? [ $CHECK_RET -eq 0 ] && echo -n " found $my_check" && success && CHECK_RET=0 @@ -62,7 +62,7 @@ start() { if [ $CHECK_RET -ne 0 ]; then sleep 2 - my_check=`status -p $MAXSCALE_PIDFILE $MAXSCALE_HOME/bin/maxscale` + my_check=`status -p $MAXSCALE_PIDFILE @CMAKE_INSTALL_PREFIX@/@MAXSCALE_BINDIR@/maxscale` CHECK_RET=$? [ $CHECK_RET -eq 0 ] && echo -n $my_check && success || failure fi diff --git a/etc/ubuntu/init.d/maxscale.in b/etc/ubuntu/init.d/maxscale.in index 9b8ff84e9..27a73092c 100755 --- a/etc/ubuntu/init.d/maxscale.in +++ b/etc/ubuntu/init.d/maxscale.in @@ -38,7 +38,7 @@ _RETVAL_STATUS_OK=0 _RETVAL_STATUS_NOT_RUNNING=3 # Sanity checks. -[ -x $MAXSCALE_HOME/bin/maxscale ] || exit $_RETVAL_NOT_INSTALLED +[ -x @CMAKE_INSTALL_PREFIX@/@MAXSCALE_BINDIR@/maxscale ] || exit $_RETVAL_NOT_INSTALLED ################################# # stop/start/status related vars diff --git a/server/core/CMakeLists.txt b/server/core/CMakeLists.txt index c952f5a1a..39983e6ff 100644 --- a/server/core/CMakeLists.txt +++ b/server/core/CMakeLists.txt @@ -23,11 +23,11 @@ endif() target_link_libraries(maxscale ${EMBEDDED_LIB} ${PCRE_LINK_FLAGS} ${CURL_LIBRARIES} log_manager utils ssl aio pthread crypt dl crypto inih z rt m stdc++) install(TARGETS maxscale DESTINATION ${MAXSCALE_BINDIR}) -add_executable(maxkeys maxkeys.c secrets.c utils.c) +add_executable(maxkeys maxkeys.c secrets.c utils.c gwdirs.c) target_link_libraries(maxkeys log_manager utils pthread crypt crypto) install(TARGETS maxkeys DESTINATION ${MAXSCALE_BINDIR}) -add_executable(maxpasswd maxpasswd.c secrets.c utils.c) +add_executable(maxpasswd maxpasswd.c secrets.c utils.c gwdirs.c) target_link_libraries(maxpasswd log_manager utils pthread crypt crypto) install(TARGETS maxpasswd DESTINATION ${MAXSCALE_BINDIR}) diff --git a/server/core/gateway.c b/server/core/gateway.c index a5ad3e2fe..cf0f41525 100644 --- a/server/core/gateway.c +++ b/server/core/gateway.c @@ -191,8 +191,6 @@ static bool resolve_maxscale_conf_fname( char** cnf_full_path, char* home_dir, char* cnf_file_arg); -static bool resolve_maxscale_homedir( - char** p_home_dir); static char* check_dir_access(char* dirname,bool,bool); @@ -575,149 +573,6 @@ return_succp: return succp; } - -static bool resolve_maxscale_homedir( - char** p_home_dir) -{ - bool succp = false; - char* tmp; - char* tmp2; - char* log_context = NULL; - - ss_dassert(*p_home_dir == NULL); - - if (*p_home_dir != NULL) - { - log_context = strdup("Command-line argument"); - tmp = NULL; - goto check_home_dir; - } - /*< - * 1. if home dir wasn't specified by a command-line argument, - * read env. variable MAXSCALE_HOME. - */ - if (getenv("MAXSCALE_HOME") != NULL) - { - tmp = strndup(getenv("MAXSCALE_HOME"), PATH_MAX); - get_expanded_pathname(p_home_dir, tmp, NULL); - - if (*p_home_dir != NULL) - { - log_context = strdup("MAXSCALE_HOME"); - goto check_home_dir; - } - free(tmp); - } - else - { - fprintf(stderr, "\n*\n* Warning : MAXSCALE_HOME environment variable " - "is not set.\n*\n"); - LOGIF(LE, (skygw_log_write_flush( - LOGFILE_ERROR, - "Warning : MAXSCALE_HOME environment " - "variable is not set."))); - } - /*< - * 2. if home dir wasn't specified in MAXSCALE_HOME, - * try access /etc/MaxScale/ - */ - tmp = strdup("/etc/MaxScale"); - get_expanded_pathname(p_home_dir, tmp, NULL); - - if (*p_home_dir != NULL) - { - log_context = strdup("/etc/MaxScale"); - goto check_home_dir; - } - free(tmp); - /*< - * 3. if /etc/MaxScale/MaxScale.cnf didn't exist or wasn't accessible, home - * isn't specified. Thus, try to access $PWD/MaxScale.cnf . - */ - char *pwd = getenv("PWD"); - tmp = strndup(pwd ? pwd : "PWD_NOT_SET", PATH_MAX); - tmp2 = get_expanded_pathname(p_home_dir, tmp, default_cnf_fname); - free(tmp2); /*< full path isn't needed so simply free it */ - - if (*p_home_dir != NULL) - { - log_context = strdup("Current working directory"); - } - -check_home_dir: - if (*p_home_dir != NULL) - { - if (!file_is_readable(*p_home_dir)) - { - char* tailstr = "MaxScale doesn't have read permission " - "to MAXSCALE_HOME."; - char* logstr = (char*)malloc(strlen(log_context)+ - 1+ - strlen(tailstr)+ - 1); - snprintf(logstr, - strlen(log_context)+ - 1+ - strlen(tailstr)+1, - "%s:%s", - log_context, - tailstr); - print_log_n_stderr(true, true, logstr, logstr, 0); - free(logstr); - goto return_succp; - } - -#if WRITABLE_HOME - if (!file_is_writable(*p_home_dir)) - { - char* tailstr = "MaxScale doesn't have write permission " - "to MAXSCALE_HOME. Exiting."; - char* logstr = (char*)malloc(strlen(log_context)+ - 1+ - strlen(tailstr)+ - 1); - snprintf(logstr, - strlen(log_context)+ - 1+ - strlen(tailstr)+1, - "%s:%s", - log_context, - tailstr); - print_log_n_stderr(true, true, logstr, logstr, 0); - free(logstr); - goto return_succp; - } -#endif - if (!daemon_mode) - { - fprintf(stderr, - "Using %s as MAXSCALE_HOME = %s\n", - log_context, - tmp); - } - succp = true; - goto return_succp; - } - -return_succp: - free (tmp); - - - if (log_context != NULL) - { - free(log_context); - } - - if (!succp) - { - char* logstr = "MaxScale was unable to locate home directory " - "with read and write permissions. \n*\n* Exiting."; - print_log_n_stderr(true, true, logstr, logstr, 0); - usage(); - } - return succp; -} - /** * Check read and write accessibility to a directory. * @param dirname directory to be checked @@ -1042,19 +897,13 @@ static void usage(void) * This is not obvious solution because stderr is often directed to somewhere, * but currently this is the case. * - * The configuration file is by default \/etc/MaxScale.cnf + * The configuration file is by default /etc/maxscale.cnf * The name of configuration file and its location can be specified by * command-line argument. * - * \ is resolved in the following order: - * 1. from '-c ' command-line argument - * 2. from MAXSCALE_HOME environment variable - * 3. /etc/ if MaxScale.cnf is found from there - * 4. current working directory if MaxScale.cnf is found from there - * * \ is resolved in the following order: * 1. from '-f \' command-line argument - * 2. by using default value "MaxScale.cnf" + * 2. by using default value "maxscale.cnf" * */ int main(int argc, char **argv) @@ -1131,56 +980,6 @@ int main(int argc, char **argv) /*< Debug mode, maxscale runs in this same process */ daemon_mode = false; break; - - case 'c': - /*< - * Create absolute path pointing to MaxScale home - * directory. User-provided home directory may be - * either absolute or relative. If latter, it is - * expanded and stored in home_dir if succeed. - */ - if (optarg[0] != '-') - { - struct stat sb; - - if (stat(optarg, &sb) != -1 - && (! S_ISDIR(sb.st_mode))) - { - char* logerr = "Home directory argument " - "identifier \'-c\' was specified but " - "the argument didn't specify a valid " - "a directory."; - print_log_n_stderr(true, true, logerr, logerr, 0); - usage(); - succp = false; - } - else - { - get_expanded_pathname(&home_dir, optarg, NULL); - } - } - - if (home_dir != NULL) - { - /*< - * MAXSCALE_HOME is set. - * It is used to assist in finding the modules - * to be loaded into MaxScale. - */ - setenv("MAXSCALE_HOME", home_dir, 1); - } - else - { - char* logerr = "Home directory argument " - "identifier \'-c\' was specified but " - "the argument didn't specify \n a valid " - "home directory or the argument was " - "missing."; - print_log_n_stderr(true, true, logerr, logerr, 0); - usage(); - succp = false; - } - break; case 'f': /*< @@ -1589,7 +1388,6 @@ int main(int argc, char **argv) sprintf(datadir,"%s",default_datadir); /** * Init Log Manager for MaxScale. - * If $MAXSCALE_HOME is set then write the logs into $MAXSCALE_HOME/log. * The skygw_logmanager_init expects to take arguments as passed to main * and proesses them with getopt, therefore we need to give it a dummy * argv[0] diff --git a/server/core/load_utils.c b/server/core/load_utils.c index 7e4a10c37..5ecbe7f34 100644 --- a/server/core/load_utils.c +++ b/server/core/load_utils.c @@ -49,6 +49,7 @@ #include #include #include +#include /** Defined in log_manager.cc */ extern int lm_enabled_logfiles_bitmask; @@ -108,7 +109,7 @@ WriteMemoryCallback(void *contents, size_t size, size_t nmemb, void *userp) /** * Load the dynamic library related to a gateway module. The routine * will look for library files in the current directory, - * $MAXSCALE_HOME/modules and /usr/local/mariadb-maxscale/modules. + * the configured folder and /usr/lib64/maxscale. * * @param module Name of the module to load * @param type Type of module, used purely for registration diff --git a/server/core/maxpasswd.c b/server/core/maxpasswd.c index 4da1dbde1..159fbae49 100644 --- a/server/core/maxpasswd.c +++ b/server/core/maxpasswd.c @@ -62,16 +62,7 @@ main(int argc, char **argv) arg_vector[0] = strdup("logmanager"); arg_vector[1] = strdup("-j"); - - if ((home = getenv("MAXSCALE_HOME")) != NULL) - { - arg_vector[2] = (char*)malloc((strlen(home) + strlen("/log"))*sizeof(char)); - sprintf(arg_vector[2],"%s/log",home); - } - else - { - arg_vector[2] = strdup("/usr/local/mariadb-maxscale/log"); - } + arg_vector[2] = strdup("/var/log/maxscale"); arg_vector[3] = NULL; skygw_logmanager_init(arg_count,arg_vector); diff --git a/server/core/secrets.c b/server/core/secrets.c index 3eae2cc48..b0ddc084b 100644 --- a/server/core/secrets.c +++ b/server/core/secrets.c @@ -22,6 +22,7 @@ #include #include #include +#include /** Defined in log_manager.cc */ extern int lm_enabled_logfiles_bitmask; @@ -62,7 +63,7 @@ int i; static MAXKEYS * secrets_readKeys() { -char secret_file[255]; +char secret_file[PATH_MAX+1]; char *home; MAXKEYS *keys; struct stat secret_stats; @@ -70,12 +71,7 @@ int fd; int len; static int reported = 0; - home = getenv("MAXSCALE_HOME"); - - if (home == NULL) { - home = "/usr/local/mariadb-maxscale"; - } - snprintf(secret_file, 255, "%s/etc/.secrets", home); + snprintf(secret_file, PATH_MAX, "%s/.secrets", get_cachedir()); /* Try to access secrets file */ if (access(secret_file, R_OK) == -1) diff --git a/server/core/service.c b/server/core/service.c index d529cc54a..5ba5d539d 100644 --- a/server/core/service.c +++ b/server/core/service.c @@ -232,11 +232,7 @@ GWPROTOCOL *funcs; { /* Try loading authentication data from file cache */ char *ptr, path[4097]; - strcpy(path, "/usr/local/mariadb-maxscale"); - if ((ptr = getenv("MAXSCALE_HOME")) != NULL) - { - strncpy(path, ptr, 4096); - } + strcpy(path, get_cachedir()); strncat(path, "/", 4096); strncat(path, service->name, 4096); strncat(path, "/.cache/dbusers", 4096); diff --git a/server/core/test/CMakeLists.txt b/server/core/test/CMakeLists.txt index 626a75f3e..a1933aa0d 100644 --- a/server/core/test/CMakeLists.txt +++ b/server/core/test/CMakeLists.txt @@ -44,19 +44,4 @@ add_test(Internal-TestUsers test_users) add_test(Internal-TestAdminUsers test_adminusers) add_test(Internal-TestMemlog testmemlog) add_test(TestFeedback testfeedback) -set_tests_properties(Internal-TestMySQLUsers - Internal-TestHash - Internal-TestHint - Internal-TestSpinlock - Internal-TestFilter - Internal-TestBuffer - Internal-TestDCB - Internal-TestModutil - Internal-TestPoll - Internal-TestService - Internal-TestServer - Internal-TestUsers - Internal-TestAdminUsers - Internal-TestMemlog - TestFeedback PROPERTIES ENVIRONMENT MAXSCALE_HOME=${CMAKE_BINARY_DIR}/) set_tests_properties(TestFeedback PROPERTIES TIMEOUT 30) diff --git a/server/core/test/testadminusers.c b/server/core/test/testadminusers.c index ae52bd8b7..f9c34e500 100644 --- a/server/core/test/testadminusers.c +++ b/server/core/test/testadminusers.c @@ -30,7 +30,7 @@ #include #include #include - +#include #include @@ -40,7 +40,7 @@ * Test that the username password admin/mariadb is accepted if no users * have been created and that no other users are accepted * - * WARNING: $MAXSCALE_HOME/etc/passwd must be removed before this test is run + * WARNING: The passwd file must be removed before this test is run */ static int test1() @@ -269,9 +269,8 @@ int result = 0; char *home, buf[1024]; /* Unlink any existing password file before running this test */ - if ((home = getenv("MAXSCALE_HOME")) == NULL || strlen(home) >= 1024) - home = "/usr/local/mariadb-maxscale"; - sprintf(buf, "%s/etc/passwd", home); + + sprintf(buf, "%s/passwd", default_cachedir); if(!is_valid_posix_path(buf)) exit(1); if (strcmp(buf, "/etc/passwd") != 0) diff --git a/server/core/test/testfeedback.c b/server/core/test/testfeedback.c index 6549305c3..3b281537e 100644 --- a/server/core/test/testfeedback.c +++ b/server/core/test/testfeedback.c @@ -73,17 +73,8 @@ int main(int argc, char** argv) char* cnf; hkinit(); - home = getenv("MAXSCALE_HOME"); - if(home == NULL) - { - FAILTEST("MAXSCALE_HOME was not defined."); - } - printf("Home: %s\n",home); - - cnf = malloc(strlen(home) + strlen("/etc/MaxScale.cnf") + 1); - strcpy(cnf,home); - strcat(cnf,"/etc/MaxScale.cnf"); + cnf = strdup("/etc/MaxScale.cnf"); printf("Config: %s\n",cnf); @@ -116,4 +107,4 @@ int main(int argc, char** argv) } mysql_library_end(); return 0; -} \ No newline at end of file +} diff --git a/server/include/gwdirs.h.in b/server/include/gwdirs.h.in index e62696aab..bd878bb59 100644 --- a/server/include/gwdirs.h.in +++ b/server/include/gwdirs.h.in @@ -39,5 +39,5 @@ static char* cachedir = NULL; static char* langdir = NULL; char* get_libdir(); - +char* get_cachedir(); #endif diff --git a/server/maxscale_binlogserver_template.cnf b/server/maxscale_binlogserver_template.cnf index dddd74163..f9cc112aa 100644 --- a/server/maxscale_binlogserver_template.cnf +++ b/server/maxscale_binlogserver_template.cnf @@ -1,5 +1,5 @@ # -# Example MaxScale.cnf for the Binlog Server. +# Example maxscale.cnf for the Binlog Server. # # @@ -37,14 +37,13 @@ threads=6 # The MaxScale Binlog Server Service. # # The name of this service will be used as the directory name -# in $MAXSCALE_HOME where the binlogs will be saved. +# in the cache directory where the binlogs will be saved. # If this name is changed, it must be changed in the listener # configuration below. [Binlog_Service] # type must be service # router must be binlogrouter -# (corresponding to the so file in $MAXSCALE_HOME/modules). type=service router=binlogrouter diff --git a/server/modules/filter/dbfwfilter.c b/server/modules/filter/dbfwfilter.c index 9cdc2816f..d796bb3c0 100644 --- a/server/modules/filter/dbfwfilter.c +++ b/server/modules/filter/dbfwfilter.c @@ -2133,15 +2133,13 @@ int main(int argc, char** argv) return 1; } - if((home = getenv("MAXSCALE_HOME")) == NULL) + home = malloc(sizeof(char)*(PATH_MAX+1)); + if(getcwd(home,PATH_MAX) == NULL) { - home = malloc(sizeof(char)*(PATH_MAX+1)); - if(getcwd(home,PATH_MAX) == NULL) - { - free(home); - home = NULL; - } + free(home); + home = NULL; } + printf("Log files written to: %s\n",home?home:"/tpm"); int argc_ = 11; diff --git a/server/modules/filter/test/CMakeLists.txt b/server/modules/filter/test/CMakeLists.txt index 2ad0c2201..4e1006bfb 100644 --- a/server/modules/filter/test/CMakeLists.txt +++ b/server/modules/filter/test/CMakeLists.txt @@ -1,10 +1,3 @@ -aux_source_directory(${CMAKE_SOURCE_DIR}/server/core CORE_ALL) -foreach(VAR ${CORE_ALL}) - if(NOT( (${VAR} MATCHES "max[a-z_]*.c") OR (${VAR} MATCHES "gateway.c"))) - list(APPEND CORE ${VAR}) - endif() -endforeach() - include_directories(${CMAKE_CURRENT_SOURCE_DIR}) add_executable(harness_ui harness_ui.c harness_common.c) add_executable(harness harness_util.c harness_common.c ${CORE}) @@ -32,6 +25,3 @@ add_test(TestTeeRecursion ${CMAKE_CURRENT_SOURCE_DIR}/tee_recursion.sh ${TEST_HOST} ${TEST_PORT}) -set_tests_properties(TestHintfilter TestRegexfilter TestFwfilter1 TestFwfilter2 TestTeeRecursion -PROPERTIES -ENVIRONMENT MAXSCALE_HOME=${CMAKE_BINARY_DIR}/) From e681d18fdd011c4dbcc0da3403b888cd84832302 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Mon, 27 Apr 2015 23:11:49 +0300 Subject: [PATCH 018/119] Split packaging to RPM and DEB cmake files. --- CMakeLists.txt | 71 +++++++++++++++++++---------------------- cmake/package_deb.cmake | 6 ++++ cmake/package_rpm.cmake | 23 +++++++++++++ 3 files changed, 62 insertions(+), 38 deletions(-) create mode 100644 cmake/package_deb.cmake create mode 100644 cmake/package_rpm.cmake diff --git a/CMakeLists.txt b/CMakeLists.txt index 550724505..eff114eb5 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -9,7 +9,14 @@ message(STATUS "CMake version: ${CMAKE_VERSION}") include(${CMAKE_SOURCE_DIR}/cmake/macros.cmake) enable_testing() -set(INSTALL_LAYOUT "STANDALONE" CACHE STRING "Install layout, options are: STANDALONE, RPM, DEB") +# Packaging builds install to /usr and other builds to /usr/local/mariadb-maxscale +if(PACKAGE) + set(INSTALL_LAYOUT "PACKAGE" CACHE STRING "Install layout, options are: STANDALONE, PACKAGE") +else() + set(INSTALL_LAYOUT "STANDALONE" CACHE STRING "Install layout, options are: STANDALONE, PACKAGE") +endif() + +# Installation prefixes for different layouts if(${INSTALL_LAYOUT} MATCHES "STANDALONE") set(CMAKE_INSTALL_PREFIX "/usr/local/mariadb-maxscale" CACHE PATH "Prefix prepended to install directories.") else() @@ -58,12 +65,12 @@ if(${MAXSCALE_VERSION} MATCHES "-stable") endif() file(MAKE_DIRECTORY ${CMAKE_BINARY_DIR}/server/include) -configure_file(${CMAKE_SOURCE_DIR}/server/include/version.h.in ${CMAKE_BINARY_DIR}/server/include/version.h) -configure_file(${CMAKE_SOURCE_DIR}/server/include/gwdirs.h.in ${CMAKE_BINARY_DIR}/server/include/gwdirs.h) -configure_file(${CMAKE_SOURCE_DIR}/server/test/maxscale_test.h.in ${CMAKE_BINARY_DIR}/server/include/maxscale_test.h) -configure_file(${CMAKE_SOURCE_DIR}/etc/postinst.in ${CMAKE_BINARY_DIR}/postinst) -configure_file(${CMAKE_SOURCE_DIR}/etc/postrm.in ${CMAKE_BINARY_DIR}/postrm) -configure_file(${CMAKE_SOURCE_DIR}/server/test/maxscale_test.cnf ${CMAKE_BINARY_DIR}/maxscale.cnf) +configure_file(${CMAKE_SOURCE_DIR}/server/include/version.h.in ${CMAKE_BINARY_DIR}/server/include/version.h @ONLY) +configure_file(${CMAKE_SOURCE_DIR}/server/include/gwdirs.h.in ${CMAKE_BINARY_DIR}/server/include/gwdirs.h @ONLY) +configure_file(${CMAKE_SOURCE_DIR}/server/test/maxscale_test.h.in ${CMAKE_BINARY_DIR}/server/include/maxscale_test.h @ONLY) +configure_file(${CMAKE_SOURCE_DIR}/etc/postinst.in ${CMAKE_BINARY_DIR}/postinst @ONLY) +configure_file(${CMAKE_SOURCE_DIR}/etc/postrm.in ${CMAKE_BINARY_DIR}/postrm @ONLY) +configure_file(${CMAKE_SOURCE_DIR}/server/test/maxscale_test.cnf ${CMAKE_BINARY_DIR}/maxscale.cnf @ONLY) set(FLAGS "-Wall -Wno-unused-variable -Wno-unused-function -fPIC" CACHE STRING "Compilation flags") set(DEBUG_FLAGS "-ggdb -pthread -pipe -Wformat -fstack-protector --param=ssp-buffer-size=4" CACHE STRING "Debug compilation flags") @@ -81,7 +88,7 @@ if(CMAKE_VERSION VERSION_GREATER 2.6) endif() -IF(DEFINED OLEVEL ) +IF(DEFINED OLEVEL) if((OLEVEL GREATER -1) AND (OLEVEL LESS 4) ) set(FLAGS "${FLAGS} -O${OLEVEL}" CACHE STRING "Compilation flags") message(STATUS "Optimization level at: ${OLEVEL}") @@ -181,7 +188,9 @@ if(WITH_SCRIPTS) endif() endif() +# Only do packaging if configured if(PACKAGE) + # Install the files copied by the postinst script into the share folder install(FILES ${CMAKE_BINARY_DIR}/maxscale DESTINATION ${MAXSCALE_SHAREDIR} PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) @@ -194,23 +203,8 @@ if(PACKAGE) if(${CMAKE_VERSION} VERSION_LESS 2.8.12) message(WARNING "CMake version is ${CMAKE_VERSION}. Building of packages requires version 2.8.12 or greater.") else() - # See if we are on a RPM-capable or DEB-capable system - find_program(RPMBUILD rpmbuild) - find_program(DEBBUILD dpkg-buildpackage) - set(CPACK_GENERATOR "TGZ") - if(NOT ( ${RPMBUILD} STREQUAL "RPMBUILD-NOTFOUND" ) ) - message(STATUS "Generating RPM packages") - set(CPACK_GENERATOR "${CPACK_GENERATOR};RPM") - endif() - - if(NOT ( ${DEBBUILD} STREQUAL "DEBBUILD-NOTFOUND" ) ) - set(CPACK_GENERATOR "${CPACK_GENERATOR};DEB") - execute_process(COMMAND dpgk --print-architecture OUTPUT_VARIABLE DEB_ARCHITECTURE) - set(CPACK_DEBIAN_PACKAGE_ARCHITECTURE ${DEB_ARCHITECTURE}) - set (CPACK_DEBIAN_PACKAGE_SHLIBDEPS ON) - message(STATUS "Generating DEB packages for ${DEB_ARCHITECTURE}") - endif() + # Generic CPack configuration variables set(CPACK_PACKAGE_DESCRIPTION_SUMMARY "MaxScale") set(CPACK_PACKAGE_VERSION_MAJOR "${MAXSCALE_VERSION_MAJOR}") set(CPACK_PACKAGE_VERSION_MINOR "${MAXSCALE_VERSION_MINOR}") @@ -221,23 +215,25 @@ if(PACKAGE) set(CPACK_PACKAGE_VENDOR "MariaDB Corporation Ab") set(CPACK_PACKAGE_DESCRIPTION_FILE ${CMAKE_SOURCE_DIR}/etc/DESCRIPTION) set(CPACK_PACKAGING_INSTALL_PREFIX "${CMAKE_INSTALL_PREFIX}") - set(CPACK_DEBIAN_PACKAGE_CONTROL_EXTRA "${CMAKE_BINARY_DIR}/postinst;{CMAKE_BINARY_DIR}/postrm") - set(CPACK_RPM_PACKAGE_RELEASE ${MAXSCALE_BUILD_NUMBER}) - set(CPACK_RPM_POST_INSTALL_SCRIPT_FILE ${CMAKE_BINARY_DIR}/postinst) - set(CPACK_RPM_POST_UNINSTALL_SCRIPT_FILE ${CMAKE_BINARY_DIR}/postrm) - set(CPACK_RPM_PACKAGE_NAME "maxscale") - set(CPACK_RPM_PACKAGE_VENDOR "MariaDB Corporation Ab") - set(CPACK_RPM_PACKAGE_LICENSE "GPLv2") - set(CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION "/etc /etc/ld.so.conf.d /etc/init.d /etc/rc.d/init.d") - set(CPACK_RPM_SPEC_MORE_DEFINE "%define ignore \#") - set(CPACK_RPM_USER_FILELIST "%ignore /etc/init.d") - set(CPACK_RPM_USER_FILELIST "%ignore /etc/ld.so.conf.d") - set(CPACK_RPM_USER_FILELIST "%ignore /etc") + + # See if we are on a RPM-capable or DEB-capable system + find_program(RPMBUILD rpmbuild) + find_program(DEBBUILD dpkg-buildpackage) + set(CPACK_GENERATOR "TGZ") + + if(NOT ( ${RPMBUILD} STREQUAL "RPMBUILD-NOTFOUND" ) ) + include(cmake/package_rpm.cmake) + message(STATUS "Generating RPM packages") + elseif(NOT ( ${DEBBUILD} STREQUAL "DEBBUILD-NOTFOUND" ) ) + include(cmake/package_deb.cmake) + message(STATUS "Generating DEB packages for ${DEB_ARCHITECTURE}") + endif() + include(CPack) endif() endif() -add_custom_target(buildtestsx +add_custom_target(buildtests COMMAND ${CMAKE_COMMAND} -DDEPS_OK=Y -DBUILD_TESTS=Y -DCMAKE_BUILD_TYPE=Debug -DCMAKE_INSTALL_PREFIX=${CMAKE_BINARY_DIR} -DWITH_SCRIPTS=N ${CMAKE_SOURCE_DIR} COMMAND make COMMENT "Building test suite..." VERBATIM @@ -252,7 +248,6 @@ add_custom_target(testall add_custom_target(testcore COMMAND ${CMAKE_COMMAND} -DDEPS_OK=Y -DBUILD_TESTS=Y -DCMAKE_BUILD_TYPE=Debug -DCMAKE_INSTALL_PREFIX=${CMAKE_BINARY_DIR} -DWITH_SCRIPTS=N ${CMAKE_SOURCE_DIR} COMMAND make install - COMMAND ${CMAKE_COMMAND} -E copy_if_different ${CMAKE_SOURCE_DIR}/server/test/MaxScale_test.cnf ${CMAKE_BINARY_DIR}/etc/MaxScale.cnf COMMAND ctest -R Internal COMMENT "Running core test suite..." VERBATIM) diff --git a/cmake/package_deb.cmake b/cmake/package_deb.cmake new file mode 100644 index 000000000..90d66d4bc --- /dev/null +++ b/cmake/package_deb.cmake @@ -0,0 +1,6 @@ +# DEB specific CPack configuration parameters +set(CPACK_GENERATOR "${CPACK_GENERATOR};DEB") +set(CPACK_DEBIAN_PACKAGE_CONTROL_EXTRA "${CMAKE_BINARY_DIR}/postinst;{CMAKE_BINARY_DIR}/postrm") +execute_process(COMMAND dpgk --print-architecture OUTPUT_VARIABLE DEB_ARCHITECTURE) +set(CPACK_DEBIAN_PACKAGE_ARCHITECTURE ${DEB_ARCHITECTURE}) +set (CPACK_DEBIAN_PACKAGE_SHLIBDEPS ON) diff --git a/cmake/package_rpm.cmake b/cmake/package_rpm.cmake new file mode 100644 index 000000000..0f65bcdd2 --- /dev/null +++ b/cmake/package_rpm.cmake @@ -0,0 +1,23 @@ +# RPM specific CPack configuration parameters +set(CPACK_GENERATOR "${CPACK_GENERATOR};RPM") +set(CPACK_PACKAGE_DESCRIPTION_SUMMARY "MaxScale") +set(CPACK_PACKAGE_VERSION_MAJOR "${MAXSCALE_VERSION_MAJOR}") +set(CPACK_PACKAGE_VERSION_MINOR "${MAXSCALE_VERSION_MINOR}") +set(CPACK_PACKAGE_VERSION_PATCH "${MAXSCALE_VERSION_PATCH}") +set(CPACK_PACKAGE_CONTACT "MariaDB Corporation Ab") +set(CPACK_PACKAGE_FILE_NAME "maxscale-${MAXSCALE_VERSION}") +set(CPACK_PACKAGE_NAME "maxscale") +set(CPACK_PACKAGE_VENDOR "MariaDB Corporation Ab") +set(CPACK_PACKAGE_DESCRIPTION_FILE ${CMAKE_SOURCE_DIR}/etc/DESCRIPTION) +set(CPACK_PACKAGING_INSTALL_PREFIX "${CMAKE_INSTALL_PREFIX}") +set(CPACK_RPM_PACKAGE_RELEASE ${MAXSCALE_BUILD_NUMBER}) +set(CPACK_RPM_POST_INSTALL_SCRIPT_FILE ${CMAKE_BINARY_DIR}/postinst) +set(CPACK_RPM_POST_UNINSTALL_SCRIPT_FILE ${CMAKE_BINARY_DIR}/postrm) +set(CPACK_RPM_PACKAGE_NAME "maxscale") +set(CPACK_RPM_PACKAGE_VENDOR "MariaDB Corporation Ab") +set(CPACK_RPM_PACKAGE_LICENSE "GPLv2") +set(CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION "/etc /etc/ld.so.conf.d /etc/init.d /etc/rc.d/init.d") +set(CPACK_RPM_SPEC_MORE_DEFINE "%define ignore \#") +set(CPACK_RPM_USER_FILELIST "%ignore /etc/init.d") +set(CPACK_RPM_USER_FILELIST "%ignore /etc/ld.so.conf.d") +set(CPACK_RPM_USER_FILELIST "%ignore /etc") From 71531cde3ed0e69d826721ab00e806c91dece731 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Tue, 28 Apr 2015 11:09:49 +0300 Subject: [PATCH 019/119] Updated package installation and started documentation update. --- CMakeLists.txt | 1 + .../Getting-Started/Configuration-Guide.md | 14 +++-- cmake/install_layout.cmake | 3 +- cmake/macros.cmake | 62 ------------------- etc/maxscale.service.in | 11 ++++ 5 files changed, 21 insertions(+), 70 deletions(-) create mode 100644 etc/maxscale.service.in diff --git a/CMakeLists.txt b/CMakeLists.txt index eff114eb5..43ede7f92 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -170,6 +170,7 @@ install(FILES ${CMAKE_SOURCE_DIR}/LICENSE DESTINATION ${MAXSCALE_SHAREDIR}) # Install startup scripts and ldconfig files if(WITH_SCRIPTS) configure_file(${CMAKE_SOURCE_DIR}/maxscale.conf.in ${CMAKE_BINARY_DIR}/maxscale.conf @ONLY) + configure_file(${CMAKE_SOURCE_DIR}/etc/maxscale.service.in ${CMAKE_BINARY_DIR}/maxscale.service @ONLY) if(DEB_BASED) configure_file(${CMAKE_SOURCE_DIR}/etc/ubuntu/init.d/maxscale.in ${CMAKE_BINARY_DIR}/maxscale @ONLY) else() diff --git a/Documentation/Getting-Started/Configuration-Guide.md b/Documentation/Getting-Started/Configuration-Guide.md index 81d3c90e2..3f3dee484 100644 --- a/Documentation/Getting-Started/Configuration-Guide.md +++ b/Documentation/Getting-Started/Configuration-Guide.md @@ -1244,7 +1244,7 @@ In addition parameters may be added to define patterns to match against to eithe The top filter is a filter module for MaxScale that monitors every SQL statement that passes through the filter. It measures the duration of that statement, the time between the statement being sent and the first result being returned. The top N times are kept, along with the SQL text itself and a list sorted on the execution times of the query is written to a file upon closure of the client session. -The configuration block for the **top** filter requires the minimal filter options in its section within the `MaxScale.cnf` file, stored in `$MAXSCALE_HOME/etc/MaxScale.cnf`. +The configuration block for the **top** filter requires the minimal filter options in its section within the `MaxScale.cnf` file, stored in `/etc/MaxScale.cnf`. ``` [MyLogFilter] @@ -1258,9 +1258,11 @@ In addition parameters may be added to define patterns to match against to eithe ## Encrypting Passwords -Passwords stored in the MaxScale.cnf file may optionally be encrypted for added security. This is done by creation of an encryption key on installation of MaxScale. Encryption keys may be created manually by executing the maxkeys utility with the argument of the filename to store the key. +Passwords stored in the MaxScale.cnf file may optionally be encrypted for added security. This is done by creation of an encryption key on installation of MaxScale. Encryption keys may be created manually by executing the maxkeys utility with the argument of the filename to store the key. The default location MaxScale stores the keys is `/var/cache/maxscale`. - maxkeys $MAXSCALE_HOME/etc/.secrets +``` +maxkeys /var/cache/maxscale/.secrets +``` Changing the encryption key for MaxScale will invalidate any currently encrypted keys stored in the MaxScale.cnf file. @@ -1352,7 +1354,7 @@ and short notations ## Error Reporting -MaxScale is designed to be executed as a service, therefore all error reports, including configuration errors, are written to the MaxScale error log file. MaxScale will log to a set of files in the directory `$MAXSCALE_HOME/log`, the only exception to this is if the log directory is not writable, in which case a message is sent to the standard error descriptor. +MaxScale is designed to be executed as a service, therefore all error reports, including configuration errors, are written to the MaxScale error log file. By default, MaxScale will log to a set of files in the directory `/var/log/maxscale`, the only exception to this is if the log directory is not writable, in which case a message is sent to the standard error descriptor. ### Troubleshooting @@ -1367,11 +1369,11 @@ Example: ``` [Galera Listener] type=listener -address=192.1681.3.33 +address=192.168.3.33 port=4408 socket=/servers/maxscale/galera.sock ``` -TCP/IP Traffic must be permitted to 192.1681.3.33 port 4408 +TCP/IP Traffic must be permitted to 192.168.3.33 port 4408 For Unix socket, the socket file path (example: `/servers/maxscale/galera.sock`) must be writable by the Unix user MaxScale runs as. diff --git a/cmake/install_layout.cmake b/cmake/install_layout.cmake index 1425b4d49..f7ce45441 100644 --- a/cmake/install_layout.cmake +++ b/cmake/install_layout.cmake @@ -1,8 +1,7 @@ # Set the install layout # Possible values: # STANDALONE - Installs to /usr/local/mariadb-maxscale -# RPM - Installs to /usr -# DEB - Installs to /usr +# PACKAGE - Installs to /usr include(GNUInstallDirs) set(MAXSCALE_LIBDIR ${CMAKE_INSTALL_LIBDIR}/maxscale CACHE PATH "Library installation path") diff --git a/cmake/macros.cmake b/cmake/macros.cmake index 440c3fed5..aaed9cd69 100644 --- a/cmake/macros.cmake +++ b/cmake/macros.cmake @@ -196,68 +196,6 @@ debugmsg("Search returned: ${MYSQL_DIR_LOC}") set(ERRMSG ${ERRMSG_FILE} CACHE FILEPATH "Path to the errmsg.sys file." FORCE) unset(ERRMSG_FILE) - # Find the embedded mysql library - - # if (DEFINED EMBEDDED_LIB) - # if( NOT (IS_DIRECTORY ${EMBEDDED_LIB}) ) - # debugmsg("EMBEDDED_LIB is not a directory: ${EMBEDDED_LIB}") - # if(${CMAKE_VERSION} VERSION_LESS 2.8.12 ) - # set(COMP_VAR PATH) - # else() - # set(COMP_VAR DIRECTORY) - # endif() - # get_filename_component(EMBEDDED_LIB ${EMBEDDED_LIB} ${COMP_VAR}) - # debugmsg("EMBEDDED_LIB directory component: ${EMBEDDED_LIB}") - # endif() - # debugmsg("Searching for the embedded library at: ${EMBEDDED_LIB}") - # endif() - - # if(STATIC_EMBEDDED) - - # debugmsg("Using the static embedded library...") - # set(OLD_SUFFIXES ${CMAKE_FIND_LIBRARY_SUFFIXES}) - # set(CMAKE_FIND_LIBRARY_SUFFIXES ".a") - # if (DEFINED EMBEDDED_LIB) - # debugmsg("Searching for libmysqld.a at: ${EMBEDDED_LIB}") - # find_library(EMBEDDED_LIB_STATIC libmysqld.a PATHS ${EMBEDDED_LIB} PATH_SUFFIXES mysql mariadb NO_DEFAULT_PATH) - # else() - # find_library(EMBEDDED_LIB_STATIC libmysqld.a PATH_SUFFIXES mysql mariadb) - # endif() - # debugmsg("Search returned: ${EMBEDDED_LIB_STATIC}") - - # set(EMBEDDED_LIB ${EMBEDDED_LIB_STATIC} CACHE FILEPATH "Path to libmysqld" FORCE) - # set(CMAKE_FIND_LIBRARY_SUFFIXES ${OLD_SUFFIXES}) - - # else() - # debugmsg("Using the dynamic embedded library...") - # set(OLD_SUFFIXES ${CMAKE_FIND_LIBRARY_SUFFIXES}) - # set(CMAKE_FIND_LIBRARY_SUFFIXES ".so") - # if (DEFINED EMBEDDED_LIB) - # debugmsg("Searching for libmysqld.so at: ${EMBEDDED_LIB}") - # find_library(EMBEDDED_LIB_DYNAMIC mysqld PATHS ${EMBEDDED_LIB} PATH_SUFFIXES mysql mariadb NO_DEFAULT_PATH) - # else() - # find_library(EMBEDDED_LIB_DYNAMIC mysqld PATH_SUFFIXES mysql mariadb) - # endif() - # debugmsg("Search returned: ${EMBEDDED_LIB_DYNAMIC}") - # set(EMBEDDED_LIB ${EMBEDDED_LIB_DYNAMIC} CACHE FILEPATH "Path to libmysqld" FORCE) - # set(CMAKE_FIND_LIBRARY_SUFFIXES ${OLD_SUFFIXES}) - - # endif() - - # unset(EMBEDDED_LIB_DYNAMIC) - # unset(EMBEDDED_LIB_STATIC) - # unset(OLD_SUFFIXES) - - # # Inform the user about the embedded library - # if( (${EMBEDDED_LIB} MATCHES "NOTFOUND") OR (${EMBEDDED_LIB} MATCHES "NOTFOUND")) - # set(DEPS_OK FALSE CACHE BOOL "If all the dependencies were found.") - # message(FATAL_ERROR "Library not found: libmysqld. If your install of MySQL is in a non-default location, please provide the location with -DEMBEDDED_LIB=") - # else() - # get_filename_component(EMBEDDED_LIB ${EMBEDDED_LIB} REALPATH) - # message(STATUS "Using embedded library: ${EMBEDDED_LIB}") - # endif() - - # Check which init.d script to install find_file(RPM_FNC functions PATHS /etc/rc.d/init.d) if(${RPM_FNC} MATCHES "RPM_FNC-NOTFOUND") diff --git a/etc/maxscale.service.in b/etc/maxscale.service.in new file mode 100644 index 000000000..56b49d98f --- /dev/null +++ b/etc/maxscale.service.in @@ -0,0 +1,11 @@ +[Unit] +Description=MariaDB MaxScale Database Proxy +After=network.target + +[Service] +Type=forking +PIDFile=/var/run/maxscale/maxscale.pid +ExecStart=@CMAKE_INSTALL_PREFIX@/@MAXSCALE_BINDIR@/maxscale + +[Install] +WantedBy=multi-user.target From 3501ffb689f02d54824291e65eb8473da1c8642d Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Tue, 28 Apr 2015 16:39:52 +0300 Subject: [PATCH 020/119] Updated documentation --- .../Getting-Started/Configuration-Guide.md | 2 +- .../Reference/Debug-And-Diagnostic-Support.md | 10 ++-- .../Tutorials/Administration-Tutorial.md | 53 ++++++------------- 3 files changed, 22 insertions(+), 43 deletions(-) diff --git a/Documentation/Getting-Started/Configuration-Guide.md b/Documentation/Getting-Started/Configuration-Guide.md index 3f3dee484..19d4c2b6e 100644 --- a/Documentation/Getting-Started/Configuration-Guide.md +++ b/Documentation/Getting-Started/Configuration-Guide.md @@ -1268,7 +1268,7 @@ Changing the encryption key for MaxScale will invalidate any currently encrypted ### Creating Encrypted Passwords -Encrypted passwords are created by executing the maxpasswd command with the password you require to encrypt as an argument. The environment variable `MAXSCALE_HOME` must be set, or MaxScale must be installed in the default location before maxpasswd can be executed. +Encrypted passwords are created by executing the maxpasswd command with the password you require to encrypt as an argument. maxpasswd MaxScalePw001 61DD955512C39A4A8BC4BB1E5F116705 diff --git a/Documentation/Reference/Debug-And-Diagnostic-Support.md b/Documentation/Reference/Debug-And-Diagnostic-Support.md index 34fda6653..d9bffa268 100644 --- a/Documentation/Reference/Debug-And-Diagnostic-Support.md +++ b/Documentation/Reference/Debug-And-Diagnostic-Support.md @@ -1711,7 +1711,7 @@ User admin already exists. **MaxScale>**** ** -If you should forget or lose the the account details you may simply remove the passwd file in $MAXSCALE_HOME/etc and the system will revert to the default behavior with admin/mariadb as the account. +If you should forget or lose the the account details you may simply remove the passwd file in /var/cache/maxscale and the system will revert to the default behavior with admin/mariadb as the account. ## Enable/disable log @@ -1745,7 +1745,7 @@ MaxScale generates output of its behavior to four distinct logs, error, messages ## Log contents -By default all log files are located in : $MAXSCALE_HOME/log and named as : +By default all log files are located in : /var/log/maxscale and named as : skygw_errW.log, skygw_msgX.log, skygw_traceY.log and skygw_debugZ.log @@ -1837,7 +1837,7 @@ MariaDB Corporation MaxScale /home/jdoe/bin/develop/log/skygw_msg1.log Tue Dec ### Trace log -Trace log includes information about available servers and their states, client sessions, queries being executed, routing decisions and other routing related data. Trace log can be found from the same directory with other logs but it is physically stored elsewhere, to OSs shared memory to reduce the latency caused by logging. The location of physical file is : /dev/shm//skygw_traceX.log where ‘X’ is the same sequence number as in the file name in the $MAXSCALE_HOME/log directory. +Trace log includes information about available servers and their states, client sessions, queries being executed, routing decisions and other routing related data. Trace log can be found from the same directory with other logs but it is physically stored elsewhere, to OSs shared memory to reduce the latency caused by logging. The location of physical file is : /dev/shm//skygw_traceX.log where ‘X’ is the same sequence number as in the file name in the /var/log/maxscale directory. Individual trace log entry looks similar to those in other logs but there is some difference too. Some log entries include a number within square brackets to specify which client session they belong to. For example: @@ -1923,11 +1923,11 @@ In the log, session’s life cycle is covered by annotating its beginning and th The log files are located in -$MAXSCALE_HOME/log +/var/log/maxscale by default. If, however, trace and debug logs are enabled, only a soft link is created there. MaxScale process creates a directory under -/dev/shm/ +/dev/shm/maxscale. where it stores the physical trace and debug log files. Link and physical files share the same name. These logs consume the main memory of the host they run on so it is important to archive or remove them periodically to avoid unnecessary main-memory consumption. diff --git a/Documentation/Tutorials/Administration-Tutorial.md b/Documentation/Tutorials/Administration-Tutorial.md index 894f89f94..943ecaa27 100644 --- a/Documentation/Tutorials/Administration-Tutorial.md +++ b/Documentation/Tutorials/Administration-Tutorial.md @@ -26,43 +26,20 @@ It is also possible to start MaxScale by executing the maxscale command itself, Options may be passed to the MaxScale binary that alter this default behavior, this options are documented in the table below. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
SwitchLong OptionDescription
-d--nodaemonRun MaxScale attached to the terminal rather than as a daemon process. This is useful for debugging purposes.
-c--homedir=Ignore the environment variable MAXSCALE_HOME and use the supplied argument instead.
-f--config=Use the filename passed as an argument instead of looking in /etc/MaxScale.cnf
-l|--log=Control where logs are written for the debug and trace level log messages. the default is to write these to a shared memory device, however using the -lfile or --log=file option will forced these to be written to regular files.
-v--versionPrint version information for MaxScale
-?--helpPrint usage information for MaxScale
+Switch|Long Option|Description +------|-----------|----------- +`-d`|`--nodaemon`|enable running in terminal process (default:disabled) +`-f FILE`|`--config=FILE`|relative or absolute pathname of MaxScale configuration file (default:/etc/maxscale.cnf) +`-l[file shm]`|`--log=[file shm]`|log to file or shared memory (default: shm) +`-L PATH`|`--logdir=PATH`|path to log file directory (default: /var/log/maxscale) +`-D PATH`|`--datadir=PATH`|path to data directory, stored embedded mysql tables (default: /var/cache/maxscale) +`-C PATH`|`--configdir=PATH`|path to configuration file directory (default: /etc/) +`-B PATH`|`--libdir=PATH`|path to module directory (default: /usr/lib64/maxscale) +`-A PATH`|`--cachedir=PATH`|path to cache directory (default: /var/cache/maxscale) +`-s [yes no]`|`--syslog=[yes no]`|log messages to syslog (default:yes) +`-S [yes no]`|`--maxscalelog=[yes no]`|log messages to MaxScale log (default: yes) +`-v`|`--version`|print version info and exit +`-?`|`--help`|show this help ### Stopping MaxScale @@ -90,6 +67,7 @@ In order to shutdown MaxScale using the maxadmin command you may either connect It is possible to use the maxadmin command to obtain statistics regarding the services that are configured within your MaxScale configuration file. The maxadmin command "list services" will give very basic information regarding the services that are define. This command may be either run in interactive mode or passed on the maxadmin command line. +``` $ maxadmin -pmariadb MaxScale> list services @@ -110,6 +88,7 @@ It is possible to use the maxadmin command to obtain statistics regarding the se --------------------------+----------------------+--------+--------------- MaxScale> +``` It should be noted that network listeners count as a user of the service, therefore there will always be one user per network port in which the service listens. More detail can be obtained by use of the "show service" command which is passed a service name. From 5394b4d0fab6d71272f0f1da595f71c17baf4e69 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Wed, 29 Apr 2015 05:42:58 +0300 Subject: [PATCH 021/119] Changed standard installation directory from /usr/local/mariadb-maxscale to /usr/local. --- CMakeLists.txt | 11 +---------- cmake/install_layout.cmake | 2 +- 2 files changed, 2 insertions(+), 11 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 43ede7f92..28b3229d8 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -9,17 +9,8 @@ message(STATUS "CMake version: ${CMAKE_VERSION}") include(${CMAKE_SOURCE_DIR}/cmake/macros.cmake) enable_testing() -# Packaging builds install to /usr and other builds to /usr/local/mariadb-maxscale +# Packaging builds install to /usr and other builds to /usr/local if(PACKAGE) - set(INSTALL_LAYOUT "PACKAGE" CACHE STRING "Install layout, options are: STANDALONE, PACKAGE") -else() - set(INSTALL_LAYOUT "STANDALONE" CACHE STRING "Install layout, options are: STANDALONE, PACKAGE") -endif() - -# Installation prefixes for different layouts -if(${INSTALL_LAYOUT} MATCHES "STANDALONE") - set(CMAKE_INSTALL_PREFIX "/usr/local/mariadb-maxscale" CACHE PATH "Prefix prepended to install directories.") -else() set(CMAKE_INSTALL_PREFIX "/usr" CACHE PATH "Prefix prepended to install directories.") endif() diff --git a/cmake/install_layout.cmake b/cmake/install_layout.cmake index f7ce45441..c55a25a32 100644 --- a/cmake/install_layout.cmake +++ b/cmake/install_layout.cmake @@ -1,6 +1,6 @@ # Set the install layout # Possible values: -# STANDALONE - Installs to /usr/local/mariadb-maxscale +# STANDALONE - Installs to /usr/local # PACKAGE - Installs to /usr include(GNUInstallDirs) From c035f4b8b75eb9a11b7cea9ef334ba8d2d632083 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Wed, 29 Apr 2015 07:03:05 +0300 Subject: [PATCH 022/119] Removed current directory from the module search path. --- server/core/load_utils.c | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/server/core/load_utils.c b/server/core/load_utils.c index 5ecbe7f34..9d7d69220 100644 --- a/server/core/load_utils.c +++ b/server/core/load_utils.c @@ -133,21 +133,17 @@ MODULE_INFO *mod_info = NULL; * * Search of the shared object. */ - snprintf(fname,MAXPATHLEN+1, "./lib%s.so", module); - + + snprintf(fname, MAXPATHLEN+1,"%s/lib%s.so", get_libdir(), module); + if (access(fname, F_OK) == -1) { - snprintf(fname, MAXPATHLEN+1,"%s/lib%s.so", get_libdir(), module); - - if (access(fname, F_OK) == -1) - { - LOGIF(LE, (skygw_log_write_flush( - LOGFILE_ERROR, - "Error : Unable to find library for " - "module: %s. Module dir: %s", - module, get_libdir()))); - return NULL; - } + LOGIF(LE, (skygw_log_write_flush( + LOGFILE_ERROR, + "Error : Unable to find library for " + "module: %s. Module dir: %s", + module, get_libdir()))); + return NULL; } if ((dlhandle = dlopen(fname, RTLD_NOW|RTLD_LOCAL)) == NULL) From 416ffea9b76fd45a4d643dcecd8da61d2f2326fb Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Thu, 30 Apr 2015 10:37:06 +0300 Subject: [PATCH 023/119] Changed errmsg.sys installation location to /var/lib/maxscale --- CMakeLists.txt | 2 +- server/include/gwdirs.h.in | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 28b3229d8..33627ba15 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -153,7 +153,7 @@ install(FILES ${CMAKE_BINARY_DIR}/ReleaseNotes.txt DESTINATION ${MAXSCALE_SHARED install(FILES ${CMAKE_BINARY_DIR}/UpgradingToMaxScale110.txt DESTINATION ${MAXSCALE_SHAREDIR}) install(FILES server/maxscale_template.cnf DESTINATION ${MAXSCALE_SHAREDIR}) install(FILES server/maxscale_binlogserver_template.cnf DESTINATION ${MAXSCALE_SHAREDIR}) -install(FILES ${ERRMSG} DESTINATION /usr/share/mysql/english/) +install(FILES ${ERRMSG} DESTINATION ${MAXSCALE_VARDIR}/lib/maxscale) install(FILES ${CMAKE_SOURCE_DIR}/COPYRIGHT DESTINATION ${MAXSCALE_SHAREDIR}) install(FILES ${CMAKE_SOURCE_DIR}/README DESTINATION ${MAXSCALE_SHAREDIR}) install(FILES ${CMAKE_SOURCE_DIR}/LICENSE DESTINATION ${MAXSCALE_SHAREDIR}) diff --git a/server/include/gwdirs.h.in b/server/include/gwdirs.h.in index bd878bb59..ac8fcf4af 100644 --- a/server/include/gwdirs.h.in +++ b/server/include/gwdirs.h.in @@ -29,8 +29,7 @@ static const char* default_logdir = "/var/log/maxscale/"; static const char* default_datadir = "/var/cache/maxscale/"; static const char* default_libdir = "@CMAKE_INSTALL_PREFIX@/@MAXSCALE_LIBDIR@"; static const char* default_cachedir = "/var/cache/maxscale/"; -static const char* default_langdir = "/usr/share/mysql/english/"; /*< This is where the MariaDB - * server installs errmsg.sys */ +static const char* default_langdir = "@MAXSCALE_VARDIR@/lib/maxscale/"; static char* configdir = NULL; static char* logdir = NULL; From fb8359b5ca0120f73e1c5be1fa09089f07ac997f Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Wed, 6 May 2015 12:34:10 +0300 Subject: [PATCH 024/119] Fixed missing installation of init.d and ldconfig files. --- CMakeLists.txt | 4 ++++ etc/postinst.in | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 33627ba15..3e975c4f7 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -170,6 +170,10 @@ if(WITH_SCRIPTS) if(PACKAGE) message(STATUS "maxscale.conf will unpack to: /etc/ld.so.conf.d") message(STATUS "startup scripts will unpack to to: /etc/init.d") + install(FILES ${CMAKE_BINARY_DIR}/maxscale DESTINATION ${MAXSCALE_SHAREDIR} + PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + install(FILES ${CMAKE_BINARY_DIR}/maxscale.conf DESTINATION ${MAXSCALE_SHAREDIR} + PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) else() install(FILES ${CMAKE_BINARY_DIR}/maxscale DESTINATION /etc/init.d PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/etc/postinst.in b/etc/postinst.in index 464e240f1..fa0c4271c 100755 --- a/etc/postinst.in +++ b/etc/postinst.in @@ -4,6 +4,6 @@ mkdir -p /var/log/maxscale mkdir -p /var/cache/maxscale mkdir -p /var/run/maxscale mkdir -p @CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHARE_DIR@/ -cp @CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHARE_DIR@/maxscale /etc/init.d/ -cp @CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHARE_DIR@/maxscale.conf /etc/ld.so.conf.d/ +cp @CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHAREDIR@/maxscale /etc/init.d/ +cp @CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHAREDIR@/maxscale.conf /etc/ld.so.conf.d/ /sbin/ldconfig From 63060d123334893a6cef833b72932fd4a2ec138e Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Sun, 10 May 2015 06:23:50 +0300 Subject: [PATCH 025/119] Added possibility to run as non-root user. --- server/core/gateway.c | 68 ++++++++++++++++++++++++++++++++++++++----- 1 file changed, 60 insertions(+), 8 deletions(-) diff --git a/server/core/gateway.c b/server/core/gateway.c index cf0f41525..0dbffc637 100644 --- a/server/core/gateway.c +++ b/server/core/gateway.c @@ -159,6 +159,7 @@ static struct option long_options[] = { {"language",required_argument, 0, 'N'}, {"syslog", required_argument, 0, 's'}, {"maxscalelog",required_argument,0,'S'}, + {"user",required_argument,0,'U'}, {"version", no_argument, 0, 'v'}, {"help", no_argument, 0, '?'}, {0, 0, 0, 0} @@ -193,7 +194,7 @@ static bool resolve_maxscale_conf_fname( char* cnf_file_arg); static char* check_dir_access(char* dirname,bool,bool); - +static int set_user(); /** * Handler for SIGHUP signal. Reload the configuration for the @@ -861,14 +862,16 @@ static void usage(void) " -l, --log=[file|shm] log to file or shared memory (default: shm)\n" " -L, --logdir=PATH path to log file directory\n" " (default: /var/log/maxscale)\n" - " -D, --datadir=PATH path to data directory, stored embedded mysql tables\n" - " (default: /var/cache/maxscale)\n" - " -C, --configdir=PATH path to configuration file directory\n" - " (default: /etc/)\n" - " -B, --libdir=PATH path to module directory\n" - " (default: /usr/lib64/maxscale)\n" " -A, --cachedir=PATH path to cache directory\n" " (default: /var/cache/maxscale)\n" + " -B, --libdir=PATH path to module directory\n" + " (default: /usr/lib64/maxscale)\n" + " -C, --configdir=PATH path to configuration file directory\n" + " (default: /etc/)\n" + " -D, --datadir=PATH path to data directory, stored embedded mysql tables\n" + " (default: /var/cache/maxscale)\n" + " -U, --user=USER run MaxScale as another user.\n" + " The user ID and group ID of this user are used to run MaxScale." " -s, --syslog=[yes|no] log messages to syslog (default:yes)\n" " -S, --maxscalelog=[yes|no] log messages to MaxScale log (default: yes)\n" " -v, --version print version info and exit\n" @@ -939,6 +942,9 @@ int main(int argc, char **argv) datadir_cleanup, write_footer, NULL}; + + + sigemptyset(&sigpipe_mask); sigaddset(&sigpipe_mask, SIGPIPE); progname = *argv; @@ -970,7 +976,7 @@ int main(int argc, char **argv) } } - while ((opt = getopt_long(argc, argv, "dc:f:l:vs:S:?L:D:C:B:", + while ((opt = getopt_long(argc, argv, "dc:f:l:vs:S:?L:D:C:B:U:A:", long_options, &option_index)) != -1) { bool succp = true; @@ -1083,6 +1089,12 @@ int main(int argc, char **argv) syslog_enabled = config_truth_value(optarg); } break; + case 'U': + if(set_user(optarg) != 0) + { + succp = false; + } + break; case '?': usage(); rc = EXIT_SUCCESS; @@ -1931,3 +1943,43 @@ static int cnf_preparser(void* data, const char* section, const char* name, cons return 1; } + +static int set_user(char* user) +{ + errno = 0; + struct passwd *pwname; + int rval; + + pwname = getpwnam(user); + if(pwname == NULL) + { + printf("Error: Failed to retrieve user information for '%s': %d %s\n", + user,errno,errno == 0 ? "User not found" : strerror(errno)); + return -1; + } + + rval = setgid(pwname->pw_gid); + if(rval != 0) + { + printf("Error: Failed to change group to '%d': %d %s\n", + pwname->pw_gid,errno,strerror(errno)); + return rval; + } + + rval = setuid(pwname->pw_uid); + if(rval != 0) + { + printf("Error: Failed to change user to '%s': %d %s\n", + pwname->pw_name,errno,strerror(errno)); + return rval; + } +#ifdef SS_DEBUG + else + { + printf("Running MaxScale as: %s %d:%d\n",pwname->pw_name,pwname->pw_uid,pwname->pw_gid); + } +#endif + + + return rval; +} \ No newline at end of file From 2b457bf372ef9c81d3a29582ff00898dc0299e2b Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Mon, 11 May 2015 06:19:06 +0300 Subject: [PATCH 026/119] Updated init.d and systemd scripts. --- cmake/install_layout.cmake | 5 ++--- etc/init.d/maxscale.in | 4 ++-- etc/maxscale.service.in | 2 +- etc/postinst.in | 24 ++++++++++++++++++++---- etc/ubuntu/init.d/maxscale.in | 4 ++-- 5 files changed, 27 insertions(+), 12 deletions(-) diff --git a/cmake/install_layout.cmake b/cmake/install_layout.cmake index c55a25a32..e25bd0a8d 100644 --- a/cmake/install_layout.cmake +++ b/cmake/install_layout.cmake @@ -1,7 +1,4 @@ # Set the install layout -# Possible values: -# STANDALONE - Installs to /usr/local -# PACKAGE - Installs to /usr include(GNUInstallDirs) set(MAXSCALE_LIBDIR ${CMAKE_INSTALL_LIBDIR}/maxscale CACHE PATH "Library installation path") @@ -9,5 +6,7 @@ set(MAXSCALE_BINDIR ${CMAKE_INSTALL_BINDIR} CACHE PATH "Executable installation set(MAXSCALE_SHAREDIR ${CMAKE_INSTALL_DATADIR}/maxscale CACHE PATH "Share file installation path, includes licence and readme files") set(MAXSCALE_DOCDIR ${CMAKE_INSTALL_DOCDIR}/maxscale CACHE PATH "Documentation installation path, text versions only") set(MAXSCALE_CONFDIR ${CMAKE_INSTALL_SYSCONFDIR} CACHE PATH "Configuration file installation path, this is not usually needed") + +# This is the only hard-coded absolute path set(MAXSCALE_VARDIR /var CACHE PATH "Data file path (usually /var/)") diff --git a/etc/init.d/maxscale.in b/etc/init.d/maxscale.in index 4ee5ce0f4..70cdf5b3d 100755 --- a/etc/init.d/maxscale.in +++ b/etc/init.d/maxscale.in @@ -21,7 +21,7 @@ # MaxScale PIDFILE and LIB ############################################# -export MAXSCALE_PIDFILE=/var/run/maxscale/maxscale.pid +export MAXSCALE_PIDFILE=@MAXSCALE_VARDIR@/run/maxscale/maxscale.pid export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:@CMAKE_INSTALL_PREFIX@/@MAXSCALE_LIBDIR@/maxscale ############################### @@ -55,7 +55,7 @@ start() { CHECK_RET=$? [ $CHECK_RET -eq 0 ] && echo -n " found $my_check" && success && CHECK_RET=0 - daemon --pidfile $MAXSCALE_PIDFILE @CMAKE_INSTALL_PREFIX@/@MAXSCALE_BINDIR@/maxscale >& /dev/null + daemon --pidfile $MAXSCALE_PIDFILE @CMAKE_INSTALL_PREFIX@/@MAXSCALE_BINDIR@/maxscale --user=maxscale >& /dev/null RETVAL=$? [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$servicename diff --git a/etc/maxscale.service.in b/etc/maxscale.service.in index 56b49d98f..50e781f30 100644 --- a/etc/maxscale.service.in +++ b/etc/maxscale.service.in @@ -4,7 +4,7 @@ After=network.target [Service] Type=forking -PIDFile=/var/run/maxscale/maxscale.pid +PIDFile=@MAXSCALE_VARDIR@/run/maxscale/maxscale.pid ExecStart=@CMAKE_INSTALL_PREFIX@/@MAXSCALE_BINDIR@/maxscale [Install] diff --git a/etc/postinst.in b/etc/postinst.in index fa0c4271c..f5b85f537 100755 --- a/etc/postinst.in +++ b/etc/postinst.in @@ -1,9 +1,25 @@ #!/bin/sh -mkdir -p /var/log/maxscale -mkdir -p /var/cache/maxscale -mkdir -p /var/run/maxscale -mkdir -p @CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHARE_DIR@/ + +# Create directories +mkdir -p @MAXSCALE_LIBDIR@ +mkdir -p @MAXSCALE_BINDIR@ +mkdir -p @MAXSCALE_SHAREDIR@ +mkdir -p @MAXSCALE_DOCDIR@ +mkdir -p @MAXSCALE_CONFDIR@ +mkdir -p @MAXSCALE_VARDIR@/log/maxscale +mkdir -p @MAXSCALE_VARDIR@/lib/maxscale +mkdir -p @MAXSCALE_VARDIR@/cache/maxscale +mkdir -p @MAXSCALE_VARDIR@/run/maxscale + +# Create MaxScale user +if [ -f "/etc/passwd" -a "$(grep -c 'maxscale' /etc/passwd)" -eq 0 ] +then + useradd -s -r /bin/false maxscale + groupadd maxscale +fi + +# Copy init.d script and ldconfig file cp @CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHAREDIR@/maxscale /etc/init.d/ cp @CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHAREDIR@/maxscale.conf /etc/ld.so.conf.d/ /sbin/ldconfig diff --git a/etc/ubuntu/init.d/maxscale.in b/etc/ubuntu/init.d/maxscale.in index 27a73092c..315f16c5d 100755 --- a/etc/ubuntu/init.d/maxscale.in +++ b/etc/ubuntu/init.d/maxscale.in @@ -21,7 +21,7 @@ # MaxScale HOME, PIDFILE, LIB ############################################# -export MAXSCALE_PIDFILE=/var/run/maxscale/maxscale.pid +export MAXSCALE_PIDFILE=@MAXSCALE_VARDIR@/run/maxscale/maxscale.pid export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:@CMAKE_INSTALL_PREFIX@/@MAXSCALE_LIBDIR@/maxscale ############################### @@ -44,7 +44,7 @@ _RETVAL_STATUS_NOT_RUNNING=3 # stop/start/status related vars ################################# NAME=maxscale -DAEMON=@CMAKE_INSTALL_PREFIX@/@MAXSCALE_BINDIR@/maxscale +DAEMON=@CMAKE_INSTALL_PREFIX@/@MAXSCALE_BINDIR@/maxscale --user=maxscale # Source function library. . /lib/lsb/init-functions From 3fcc1778bbda69f5618c188b7881a398f6b58a00 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Tue, 12 May 2015 06:43:36 +0300 Subject: [PATCH 027/119] Added changing of directory ownership. --- etc/postinst.in | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/etc/postinst.in b/etc/postinst.in index f5b85f537..8d81907ed 100755 --- a/etc/postinst.in +++ b/etc/postinst.in @@ -19,6 +19,12 @@ then groupadd maxscale fi +# Change the owner of the directories to maxscale:maxscale +chown maxscale:maxscale @MAXSCALE_VARDIR@/log/maxscale +chown maxscale:maxscale @MAXSCALE_VARDIR@/lib/maxscale +chown maxscale:maxscale @MAXSCALE_VARDIR@/cache/maxscale +chown maxscale:maxscale @MAXSCALE_VARDIR@/run/maxscale + # Copy init.d script and ldconfig file cp @CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHAREDIR@/maxscale /etc/init.d/ cp @CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHAREDIR@/maxscale.conf /etc/ld.so.conf.d/ From b41130b533c91fcf6d73fe5a1760abf273fb0eea Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Tue, 12 May 2015 08:11:10 +0300 Subject: [PATCH 028/119] Fixed the useradd command in the postinst script having he command line arguments in the wrong order. --- etc/postinst.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/postinst.in b/etc/postinst.in index 8d81907ed..e04a34f5f 100755 --- a/etc/postinst.in +++ b/etc/postinst.in @@ -15,7 +15,7 @@ mkdir -p @MAXSCALE_VARDIR@/run/maxscale # Create MaxScale user if [ -f "/etc/passwd" -a "$(grep -c 'maxscale' /etc/passwd)" -eq 0 ] then - useradd -s -r /bin/false maxscale + useradd -r -s /bin/false maxscale groupadd maxscale fi From a6701ee7861ac9bd0e0f51996ca3a09b606dd3e3 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Thu, 14 May 2015 15:42:49 +0300 Subject: [PATCH 029/119] Added missing newline to usage output. --- server/core/gateway.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/core/gateway.c b/server/core/gateway.c index 0dbffc637..462d28e8e 100644 --- a/server/core/gateway.c +++ b/server/core/gateway.c @@ -871,7 +871,7 @@ static void usage(void) " -D, --datadir=PATH path to data directory, stored embedded mysql tables\n" " (default: /var/cache/maxscale)\n" " -U, --user=USER run MaxScale as another user.\n" - " The user ID and group ID of this user are used to run MaxScale." + " The user ID and group ID of this user are used to run MaxScale.\n" " -s, --syslog=[yes|no] log messages to syslog (default:yes)\n" " -S, --maxscalelog=[yes|no] log messages to MaxScale log (default: yes)\n" " -v, --version print version info and exit\n" From e794c0953c0a1f216cebefd0b74417355022aac4 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Tue, 19 May 2015 18:17:42 +0300 Subject: [PATCH 030/119] Added systemd script installation --- CMakeLists.txt | 2 ++ etc/postinst.in | 1 + 2 files changed, 3 insertions(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index 3e975c4f7..44516cdfe 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -174,6 +174,8 @@ if(WITH_SCRIPTS) PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) install(FILES ${CMAKE_BINARY_DIR}/maxscale.conf DESTINATION ${MAXSCALE_SHAREDIR} PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + install(FILES ${CMAKE_BINARY_DIR}/maxscale.service DESTINATION ${MAXSCALE_SHAREDIR} + PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) else() install(FILES ${CMAKE_BINARY_DIR}/maxscale DESTINATION /etc/init.d PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/etc/postinst.in b/etc/postinst.in index e04a34f5f..dca7215df 100755 --- a/etc/postinst.in +++ b/etc/postinst.in @@ -28,4 +28,5 @@ chown maxscale:maxscale @MAXSCALE_VARDIR@/run/maxscale # Copy init.d script and ldconfig file cp @CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHAREDIR@/maxscale /etc/init.d/ cp @CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHAREDIR@/maxscale.conf /etc/ld.so.conf.d/ +cp @CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHAREDIR@/maxscale.service /usr/lib/systemd/system /sbin/ldconfig From 4eddec7989d4254cd20b696e92e5d2671068c90b Mon Sep 17 00:00:00 2001 From: Sriram Patil Date: Wed, 20 May 2015 17:47:58 +0530 Subject: [PATCH 031/119] Fixed MXS - 165: Concurrency issue while incrementing sessions in qlafilter --- server/modules/filter/qlafilter.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/server/modules/filter/qlafilter.c b/server/modules/filter/qlafilter.c index 5362cf61e..3c358cda1 100644 --- a/server/modules/filter/qlafilter.c +++ b/server/modules/filter/qlafilter.c @@ -50,6 +50,7 @@ #include #include #include +#include /** Defined in log_manager.cc */ extern int lm_enabled_logfiles_bitmask; @@ -304,7 +305,9 @@ char *remote, *userName; sprintf(my_session->filename, "%s.%d", my_instance->filebase, my_instance->sessions); - my_instance->sessions++; + + // Multiple sessions can try to update my_instance->sessions simultaneously + atomic_add(&(my_instance->sessions), 1); if (my_session->active) { From 6d9765f736ef51baf8b8e2b67f68a4fcf6301300 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Thu, 21 May 2015 15:22:18 +0300 Subject: [PATCH 032/119] Added copying of old configuration files to new directories. --- etc/postrm.in | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/etc/postrm.in b/etc/postrm.in index b1e86fca5..65c0f7116 100755 --- a/etc/postrm.in +++ b/etc/postrm.in @@ -3,4 +3,9 @@ if [ "$1" -eq 0 ] then rm -f /etc/init.d/maxscale rm -f /etc/ld.so.conf.d/maxscale.conf +else + if [ -f "/usr/local/mariadb-maxscale/etc/MaxScale.cnf" ] + then + cp "/usr/local/mariadb-maxscale/etc/MaxScale.cnf" "/etc/maxscale.cnf" + fi fi From 0d85ae66039e52f1407500de18af6d8da461c86d Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Fri, 22 May 2015 11:31:22 +0300 Subject: [PATCH 033/119] Changed data directory to /var/lib/maxscale. --- server/core/adminusers.c | 8 ++++---- server/core/gateway.c | 1 + server/core/gwdirs.c | 10 ++++++++++ server/core/secrets.c | 2 +- server/include/gwdirs.h.in | 4 +++- server/modules/routing/binlog/blr_file.c | 6 +++--- 6 files changed, 22 insertions(+), 9 deletions(-) diff --git a/server/core/adminusers.c b/server/core/adminusers.c index e20f9d1c3..53734e9cc 100644 --- a/server/core/adminusers.c +++ b/server/core/adminusers.c @@ -120,7 +120,7 @@ char fname[1024], *home; char uname[80], passwd[80]; initialise(); - sprintf(fname, "%s/passwd", get_cachedir()); + sprintf(fname, "%s/passwd", get_datadir()); if ((fp = fopen(fname, "r")) == NULL) return NULL; if ((rval = users_alloc()) == NULL) @@ -151,7 +151,7 @@ FILE *fp; char fname[1024], *home, *cpasswd; initialise(); - sprintf(fname, "%s/passwd", get_cachedir()); + sprintf(fname, "%s/passwd", get_datadir()); if (users == NULL) { @@ -244,8 +244,8 @@ char* admin_remove_user( /** * Open passwd file and remove user from the file. */ - sprintf(fname, "%s/passwd", get_cachedir()); - sprintf(fname_tmp, "%s/passwd_tmp", get_cachedir()); + sprintf(fname, "%s/passwd", get_datadir()); + sprintf(fname_tmp, "%s/passwd_tmp", get_datadir()); /** * Rewrite passwd file from memory. */ diff --git a/server/core/gateway.c b/server/core/gateway.c index 462d28e8e..3ab50609b 100644 --- a/server/core/gateway.c +++ b/server/core/gateway.c @@ -1047,6 +1047,7 @@ int main(int argc, char **argv) break; case 'D': sprintf(datadir,"%s",optarg); + maxscaledatadir = strdup(optarg); datadir_defined = true; break; case 'C': diff --git a/server/core/gwdirs.c b/server/core/gwdirs.c index 9bf0185cd..1fe8af008 100644 --- a/server/core/gwdirs.c +++ b/server/core/gwdirs.c @@ -17,3 +17,13 @@ char* get_cachedir() { return cachedir?cachedir:(char*)default_cachedir; } + + +/** + * Get the service cache directory + * @return The path to the cache directory + */ +char* get_datadir() +{ + return maxscaledatadir?maxscaledatadir:(char*)default_datadir; +} diff --git a/server/core/secrets.c b/server/core/secrets.c index b0ddc084b..2ec3e75a9 100644 --- a/server/core/secrets.c +++ b/server/core/secrets.c @@ -71,7 +71,7 @@ int fd; int len; static int reported = 0; - snprintf(secret_file, PATH_MAX, "%s/.secrets", get_cachedir()); + snprintf(secret_file, PATH_MAX, "%s/.secrets", get_datadir()); /* Try to access secrets file */ if (access(secret_file, R_OK) == -1) diff --git a/server/include/gwdirs.h.in b/server/include/gwdirs.h.in index ac8fcf4af..66e34426f 100644 --- a/server/include/gwdirs.h.in +++ b/server/include/gwdirs.h.in @@ -26,7 +26,7 @@ static const char* default_cnf_fname = "maxscale.cnf"; static const char* default_configdir = "/etc/"; static const char* default_piddir = "/var/run/maxscale/"; static const char* default_logdir = "/var/log/maxscale/"; -static const char* default_datadir = "/var/cache/maxscale/"; +static const char* default_datadir = "/var/lib/maxscale/"; static const char* default_libdir = "@CMAKE_INSTALL_PREFIX@/@MAXSCALE_LIBDIR@"; static const char* default_cachedir = "/var/cache/maxscale/"; static const char* default_langdir = "@MAXSCALE_VARDIR@/lib/maxscale/"; @@ -35,8 +35,10 @@ static char* configdir = NULL; static char* logdir = NULL; static char* libdir = NULL; static char* cachedir = NULL; +static char* maxscaledatadir = NULL; static char* langdir = NULL; char* get_libdir(); +char* get_datadir(); char* get_cachedir(); #endif diff --git a/server/modules/routing/binlog/blr_file.c b/server/modules/routing/binlog/blr_file.c index 32fbad28c..91944eea1 100644 --- a/server/modules/routing/binlog/blr_file.c +++ b/server/modules/routing/binlog/blr_file.c @@ -79,7 +79,7 @@ struct dirent *dp; if (router->binlogdir == NULL) { - strcpy(path, get_cachedir()); + strcpy(path, get_datadir()); strncat(path,"/",PATH_MAX); strncat(path, router->service->name,PATH_MAX); @@ -658,7 +658,7 @@ blr_cache_response(ROUTER_INSTANCE *router, char *response, GWBUF *buf) char path[PATH_MAX+1], *ptr; int fd; - strcpy(path,get_cachedir()); + strcpy(path,get_datadir()); strncat(path,"/",PATH_MAX); strncat(path, router->service->name, PATH_MAX); @@ -693,7 +693,7 @@ char path[PATH_MAX+1], *ptr; int fd; GWBUF *buf; - strcpy(path, get_cachedir()); + strcpy(path, get_datadir()); strncat(path, "/", PATH_MAX); strncat(path, router->service->name, PATH_MAX); strncat(path, "/.cache/", PATH_MAX); From 72066a4262325545f6ac190ef0abfcda186c5d2c Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Fri, 22 May 2015 14:12:40 +0300 Subject: [PATCH 034/119] Added a conditional for systemd script installation and changed directory rights for the maxscale user. --- etc/postinst.in | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/etc/postinst.in b/etc/postinst.in index dca7215df..abf2db1ef 100755 --- a/etc/postinst.in +++ b/etc/postinst.in @@ -24,9 +24,16 @@ chown maxscale:maxscale @MAXSCALE_VARDIR@/log/maxscale chown maxscale:maxscale @MAXSCALE_VARDIR@/lib/maxscale chown maxscale:maxscale @MAXSCALE_VARDIR@/cache/maxscale chown maxscale:maxscale @MAXSCALE_VARDIR@/run/maxscale +chmod 0755 @MAXSCALE_VARDIR@/log/maxscale +chmod 0755 @MAXSCALE_VARDIR@/lib/maxscale +chmod 0755 @MAXSCALE_VARDIR@/cache/maxscale +chmod 0755 @MAXSCALE_VARDIR@/run/maxscale # Copy init.d script and ldconfig file cp @CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHAREDIR@/maxscale /etc/init.d/ cp @CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHAREDIR@/maxscale.conf /etc/ld.so.conf.d/ -cp @CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHAREDIR@/maxscale.service /usr/lib/systemd/system +if [ -d "/usr/lib/systemd/system" ] +then + cp @CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHAREDIR@/maxscale.service /usr/lib/systemd/system +fi /sbin/ldconfig From 04aaaea717214f2cca247cd7a0b494a18efd4d71 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Fri, 22 May 2015 18:26:20 +0300 Subject: [PATCH 035/119] Added 1.2 release notes. --- .../MaxScale-1.2.0-Release-Notes.md | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 Documentation/Release-Notes/MaxScale-1.2.0-Release-Notes.md diff --git a/Documentation/Release-Notes/MaxScale-1.2.0-Release-Notes.md b/Documentation/Release-Notes/MaxScale-1.2.0-Release-Notes.md new file mode 100644 index 000000000..f85382b3c --- /dev/null +++ b/Documentation/Release-Notes/MaxScale-1.2.0-Release-Notes.md @@ -0,0 +1,26 @@ +# MaxScale Release Notes + +## 1.2 GA + +This document details the changes in version 1.2 since the release of the 1.1.1 GA Release of the MaxScale product. + +###***PLEASE NOTICE: MaxScale installation directories have changed in this version*** +The 1.2 version of MaxScale differs from previos versions in its installation layout. Please take great care when upgrading MaxScale from previous versions to version 1.2. An automatic upgrade will not work due to the severe changes in the installation layout. + +## New Features + +### Non-root MaxScale +You can now run MaxScale as any user. The standard installation of a MaxScale package now creates the maxscale user and the maxscale group. + +### FHS-compliant installation +The 1.2 version of MaxScale now complies to the Filesystem Hierarchy Standard. This means that MAXSCALE_HOME is no longer necessary and directories can be moved to different locations. + +A quick list of changes in installation directories and file names: + + * Binaries go into `/usr/bin` + * Configuration files to `/etc` and the configuration file is now lower case: `maxscale.cnf` + * Logs to `/var/log/maxscale` + * The module and library directory have been combined into a single directory in `/usr/lib64/maxscale`. If you have custom modules please make sure they are located there. + * Data directory is `/var/lib/maxscale`. This is the default location for MaxScale-specific data. + * PID file can be found at `/var/run/maxscale` + From 15da20184c080364f9c695d2ddfa39407bebfb0f Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Tue, 26 May 2015 14:04:07 +0300 Subject: [PATCH 036/119] Fixed old references in documentation. --- Documentation/Getting-Started/Configuration-Guide.md | 4 +++- .../Getting-Started/Getting-Started-With-MaxScale.md | 9 +++++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/Documentation/Getting-Started/Configuration-Guide.md b/Documentation/Getting-Started/Configuration-Guide.md index 7bc7abee6..a031bb03d 100644 --- a/Documentation/Getting-Started/Configuration-Guide.md +++ b/Documentation/Getting-Started/Configuration-Guide.md @@ -29,12 +29,14 @@ The MaxScale configuration is read from a file which can be located in a number 1. Location given with the --configdir= command line argument -2. MaxScale will look for a configuration file called `MaxScale.cnf` in the directory `/etc/MaxScale.cnf` +2. MaxScale will look for a configuration file called `maxscale.cnf` in the directory `/etc/maxscale.cnf` An explicit path to a configuration file can be passed by using the `-f` option to MaxScale. The configuration file itself is based on the ".ini" file format and consists of various sections that are used to build the configuration, these sections define services, servers, listeners, monitors and global settings. +Please see the section about [Protocol Modules](## Protocol Modules) for more details about MaxScale and the default directories where modules will be searched for. + ### Global Settings The global settings, in a section named `[MaxScale]`, allow various parameters that affect MaxScale as a whole to be tuned. Currently the only setting that is supported is the number of threads to use to handle the network traffic. MaxScale will also accept the section name of `[gateway]` for global settings. This is for backward compatibility with versions prior to the naming of MaxScale. diff --git a/Documentation/Getting-Started/Getting-Started-With-MaxScale.md b/Documentation/Getting-Started/Getting-Started-With-MaxScale.md index 6b84d8d58..ed41da728 100644 --- a/Documentation/Getting-Started/Getting-Started-With-MaxScale.md +++ b/Documentation/Getting-Started/Getting-Started-With-MaxScale.md @@ -59,12 +59,13 @@ As well as the four major configuration choices outlined above there are also ot MaxScale consists of a core executable and a number of modules that implement the different protocols and routing algorithms. These modules are built as shared objects that are loaded on demand. In order for MaxScale to find these -modules it will search using a predescribed search path. The rules are: +modules it will search using a configurable search path. The priority of these paths are: - 1. Look in the current directory for the module - 2. Look in /usr/lib64/maxscale + 1. Look in the directory defined with --libdir=PATH during startup + 2. Look in the directory defined with libdir=PATH in the configuration file under the [maxscale] section + 3. Look in default directory in /usr/lib64/maxscale -Configuration is read by default from the file /etc/MaxScale.cnf. An example file is included in in the installation and can be found in the /usr/share/maxscale folder within the MaxScale installation. The -f flag can be used on the command line to set the name and the location of the configuration file. Without path expression the file is read from the /etc directory. +Configuration is read by default from the file /etc/MaxScale.cnf. An example file is included in in the installation and can be found in the /usr/share/maxscale folder within the MaxScale installation. The -f flag can be used on the command line to set the name and the location of the configuration file. The -C flag can be used to set the directory where the configuration file is searched for. Without the -f or -C flags, the file is read from the /etc directory. ## Administration Of MaxScale From 47407405c58e24db01c4ebb80aa6a727d9dc00ad Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Tue, 26 May 2015 14:05:18 +0300 Subject: [PATCH 037/119] Fixed broken link. --- Documentation/Getting-Started/Configuration-Guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Documentation/Getting-Started/Configuration-Guide.md b/Documentation/Getting-Started/Configuration-Guide.md index a031bb03d..92b86c0ae 100644 --- a/Documentation/Getting-Started/Configuration-Guide.md +++ b/Documentation/Getting-Started/Configuration-Guide.md @@ -35,7 +35,7 @@ An explicit path to a configuration file can be passed by using the `-f` option The configuration file itself is based on the ".ini" file format and consists of various sections that are used to build the configuration, these sections define services, servers, listeners, monitors and global settings. -Please see the section about [Protocol Modules](## Protocol Modules) for more details about MaxScale and the default directories where modules will be searched for. +Please see the section about [Protocol Modules](# Protocol Modules) for more details about MaxScale and the default directories where modules will be searched for. ### Global Settings From 6be6c741e905b6d63a9b766e9532714db21d4635 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Tue, 26 May 2015 14:07:39 +0300 Subject: [PATCH 038/119] Fixed spaces braking links. --- Documentation/Getting-Started/Configuration-Guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Documentation/Getting-Started/Configuration-Guide.md b/Documentation/Getting-Started/Configuration-Guide.md index 92b86c0ae..a5b449d16 100644 --- a/Documentation/Getting-Started/Configuration-Guide.md +++ b/Documentation/Getting-Started/Configuration-Guide.md @@ -35,7 +35,7 @@ An explicit path to a configuration file can be passed by using the `-f` option The configuration file itself is based on the ".ini" file format and consists of various sections that are used to build the configuration, these sections define services, servers, listeners, monitors and global settings. -Please see the section about [Protocol Modules](# Protocol Modules) for more details about MaxScale and the default directories where modules will be searched for. +Please see the section about [Protocol Modules](#protocol-modules) for more details about MaxScale and the default directories where modules will be searched for. ### Global Settings From 099fc0ba3c52242b483cf30167b146108d7a898a Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Tue, 26 May 2015 14:12:33 +0300 Subject: [PATCH 039/119] Fix to MXS-162 Changed router to monitor in documentation. --- Documentation/Getting-Started/Configuration-Guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Documentation/Getting-Started/Configuration-Guide.md b/Documentation/Getting-Started/Configuration-Guide.md index a5b449d16..332266ab5 100644 --- a/Documentation/Getting-Started/Configuration-Guide.md +++ b/Documentation/Getting-Started/Configuration-Guide.md @@ -1076,7 +1076,7 @@ Please note, those two options are not enabled by default. ### galeramon -The Galeramon monitor is a simple router designed for use with MySQL Galera cluster. To execute the galeramon monitor an entry as shown below should be added to the MaxScale configuration file. +The Galeramon monitor is a simple monitor designed for use with MySQL Galera cluster. To execute the galeramon monitor an entry as shown below should be added to the MaxScale configuration file. ``` [Galera Monitor] From 5f49a62724f45ec7e303e3387a88493c2e877fba Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Tue, 26 May 2015 14:41:20 +0300 Subject: [PATCH 040/119] Fix to MXS-166 Added a call to thd->end_statement in parsing_info_done --- query_classifier/query_classifier.cc | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/query_classifier/query_classifier.cc b/query_classifier/query_classifier.cc index bb6b1c6da..d598ab5d2 100644 --- a/query_classifier/query_classifier.cc +++ b/query_classifier/query_classifier.cc @@ -1485,7 +1485,8 @@ void parsing_info_done( void* ptr) { parsing_info_t* pi; - + THD* thd; + if (ptr) { pi = (parsing_info_t *)ptr; @@ -1496,6 +1497,8 @@ void parsing_info_done( if (mysql->thd != NULL) { + thd = (THD*)mysql->thd; + thd->end_statement (); (*mysql->methods->free_embedded_thd)(mysql); mysql->thd = NULL; } From 4cbcc4ecb6b6d68b3c90054d777c201e5d2ec01c Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Tue, 26 May 2015 15:12:29 +0300 Subject: [PATCH 041/119] Removed old unused cmake variables, updated documentation and fixed testall suite. --- CMakeLists.txt | 8 +++---- .../Getting-Started/Configuration-Guide.md | 8 +++++++ .../Tutorials/Administration-Tutorial.md | 2 ++ cmake/macros.cmake | 23 ------------------- server/core/gateway.c | 18 +++++++++++++-- server/include/gwdirs.h.in | 2 +- server/modules/filter/test/tee_recursion.sh | 4 ++-- server/test/maxscale_test.cnf | 7 +++--- 8 files changed, 37 insertions(+), 35 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index aa8bde511..376df9b0f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -233,19 +233,19 @@ if(PACKAGE) endif() add_custom_target(buildtests - COMMAND ${CMAKE_COMMAND} -DDEPS_OK=Y -DBUILD_TESTS=Y -DCMAKE_BUILD_TYPE=Debug -DCMAKE_INSTALL_PREFIX=${CMAKE_BINARY_DIR} -DWITH_SCRIPTS=N ${CMAKE_SOURCE_DIR} + COMMAND ${CMAKE_COMMAND} -DBUILD_TESTS=Y -DCMAKE_BUILD_TYPE=Debug -DCMAKE_INSTALL_PREFIX=${CMAKE_BINARY_DIR} -DWITH_SCRIPTS=N ${CMAKE_SOURCE_DIR} COMMAND make COMMENT "Building test suite..." VERBATIM ) add_custom_target(testall - COMMAND ${CMAKE_COMMAND} -DDEPS_OK=Y -DBUILD_TESTS=Y -DCMAKE_BUILD_TYPE=Debug -DCMAKE_INSTALL_PREFIX=${CMAKE_BINARY_DIR} -DWITH_SCRIPTS=N ${CMAKE_SOURCE_DIR} -DMAXSCALE_VARDIR=${CMAKE_BINARY_DIR} + COMMAND ${CMAKE_COMMAND} ${CMAKE_SOURCE_DIR} -DBUILD_TESTS=Y -DCMAKE_BUILD_TYPE=Debug -DCMAKE_INSTALL_PREFIX=${CMAKE_BINARY_DIR} -DWITH_SCRIPTS=N -DMAXSCALE_VARDIR=${CMAKE_BINARY_DIR} COMMAND make install COMMAND ${CMAKE_COMMAND} -P ${CMAKE_SOURCE_DIR}/cmake/testall.cmake COMMENT "Running full test suite..." VERBATIM) add_custom_target(testcore - COMMAND ${CMAKE_COMMAND} -DDEPS_OK=Y -DBUILD_TESTS=Y -DCMAKE_BUILD_TYPE=Debug -DCMAKE_INSTALL_PREFIX=${CMAKE_BINARY_DIR} -DWITH_SCRIPTS=N ${CMAKE_SOURCE_DIR} -DMAXSCALE_VARDIR=${CMAKE_BINARY_DIR} + COMMAND ${CMAKE_COMMAND} ${CMAKE_SOURCE_DIR} -DBUILD_TESTS=Y -DCMAKE_BUILD_TYPE=Debug -DCMAKE_INSTALL_PREFIX=${CMAKE_BINARY_DIR} -DWITH_SCRIPTS=N -DMAXSCALE_VARDIR=${CMAKE_BINARY_DIR} COMMAND make install COMMAND ctest -R Internal COMMENT "Running core test suite..." VERBATIM) @@ -276,7 +276,7 @@ endif() # Testall target with Valgrind if(VALGRIND_FOUND) add_custom_target(testall-valgrind - COMMAND ${CMAKE_COMMAND} -DDEPS_OK=Y -DBUILD_TESTS=Y -DCMAKE_BUILD_TYPE=Debug -DCMAKE_INSTALL_PREFIX=${CMAKE_BINARY_DIR} -DWITH_SCRIPTS=N ${CMAKE_SOURCE_DIR} + COMMAND ${CMAKE_COMMAND} -DBUILD_TESTS=Y -DCMAKE_BUILD_TYPE=Debug -DCMAKE_INSTALL_PREFIX=${CMAKE_BINARY_DIR} -DWITH_SCRIPTS=N ${CMAKE_SOURCE_DIR} COMMAND make install COMMAND ${CMAKE_COMMAND} -E copy_if_different ${CMAKE_SOURCE_DIR}/server/test/MaxScale_test.cnf ${CMAKE_BINARY_DIR}/etc/MaxScale.cnf COMMAND /bin/sh -c "valgrind --track-fds=yes --leak-check=full --show-leak-kinds=all --log-file=${CMAKE_BINARY_DIR}/valgrind.log ${CMAKE_BINARY_DIR}/bin/maxscale -c ${CMAKE_BINARY_DIR} &>/dev/null" diff --git a/Documentation/Getting-Started/Configuration-Guide.md b/Documentation/Getting-Started/Configuration-Guide.md index 332266ab5..535eca2cc 100644 --- a/Documentation/Getting-Started/Configuration-Guide.md +++ b/Documentation/Getting-Started/Configuration-Guide.md @@ -133,6 +133,14 @@ Configure the directory MaxScale uses to store cached data. An example of cached cachedir=/tmp/maxscale_cache/ ``` +#### `piddir` + +Configure the directory for the PID file for MaxScale. This file contains the Process ID for the running MaxScale process. + +``` +piddir=/tmp/maxscale_cache/ +``` + #### `language` Set the folder where the errmsg.sys file is located in. MaxScale will look for the errmsg.sys file installed with MaxScale from this folder. diff --git a/Documentation/Tutorials/Administration-Tutorial.md b/Documentation/Tutorials/Administration-Tutorial.md index 943ecaa27..6913431bc 100644 --- a/Documentation/Tutorials/Administration-Tutorial.md +++ b/Documentation/Tutorials/Administration-Tutorial.md @@ -36,6 +36,8 @@ Switch|Long Option|Description `-C PATH`|`--configdir=PATH`|path to configuration file directory (default: /etc/) `-B PATH`|`--libdir=PATH`|path to module directory (default: /usr/lib64/maxscale) `-A PATH`|`--cachedir=PATH`|path to cache directory (default: /var/cache/maxscale) +`P PATH`|`--piddir=PATH`|PID file directory +`-U USER`|`--user=USER`|run MaxScale as another user. The user ID and group ID of this user are used to run MaxScale. `-s [yes no]`|`--syslog=[yes no]`|log messages to syslog (default:yes) `-S [yes no]`|`--maxscalelog=[yes no]`|log messages to MaxScale log (default: yes) `-v`|`--version`|print version info and exit diff --git a/cmake/macros.cmake b/cmake/macros.cmake index 43c366ef6..c287343fb 100644 --- a/cmake/macros.cmake +++ b/cmake/macros.cmake @@ -132,29 +132,9 @@ macro(check_deps) endif() - # set(MAXSCALE_DEPS aio ssl crypt crypto z m dl rt pthread) - # foreach(lib ${MAXSCALE_DEPS}) - # find_library(lib${lib} ${lib}) - # if((DEFINED lib${lib}) AND (${lib${lib}} MATCHES "NOTFOUND")) - # set(DEPS_ERROR TRUE) - # set(FAILED_DEPS "${FAILED_DEPS} lib${lib}") - # elseif(DEBUG_OUTPUT) - # message(STATUS "Library was found at: ${lib${lib}}") - # endif() - # endforeach() - - # if(DEPS_ERROR) - # set(DEPS_OK FALSE CACHE BOOL "If all the dependencies were found.") - # message(FATAL_ERROR "Cannot find dependencies: ${FAILED_DEPS}") - # endif() - endmacro() macro(check_dirs) - - # This variable is used to prevent redundant checking of dependencies - set(DEPS_OK TRUE CACHE BOOL "If all the dependencies were found.") - # Find the MySQL headers if they were not defined if(DEFINED MYSQL_DIR) @@ -168,7 +148,6 @@ macro(check_dirs) debugmsg("Search returned: ${MYSQL_DIR_LOC}") if(${MYSQL_DIR_LOC} MATCHES "NOTFOUND") - set(DEPS_OK FALSE CACHE BOOL "If all the dependencies were found.") message(FATAL_ERROR "Fatal Error: MySQL headers were not found.") else() set(MYSQL_DIR ${MYSQL_DIR_LOC} CACHE PATH "Path to MySQL headers" FORCE) @@ -193,7 +172,6 @@ debugmsg("Search returned: ${MYSQL_DIR_LOC}") else() find_file(ERRMSG_FILE errmsg.sys PATHS /usr/share /usr/share/mysql /usr/local/share/mysql PATH_SUFFIXES english mysql/english) if(${ERRMSG_FILE} MATCHES "NOTFOUND") - set(DEPS_OK FALSE CACHE BOOL "If all the dependencies were found.") message(FATAL_ERROR "Fatal Error: The errmsg.sys file was not found, please define the path to it by using -DERRMSG=") else() message(STATUS "Using errmsg.sys found at: ${ERRMSG_FILE}") @@ -208,7 +186,6 @@ debugmsg("Search returned: ${MYSQL_DIR_LOC}") if(${RPM_FNC} MATCHES "RPM_FNC-NOTFOUND") find_file(DEB_FNC init-functions PATHS /lib/lsb) if(${DEB_FNC} MATCHES "DEB_FNC-NOTFOUND") - set(DEPS_OK FALSE CACHE BOOL "If all the dependencies were found.") message(FATAL_ERROR "Cannot find required init-functions in /lib/lsb/ or /etc/rc.d/init.d/, please confirm that your system files are OK.") else() set(DEB_BASED TRUE CACHE BOOL "If init.d script uses /lib/lsb/init-functions instead of /etc/rc.d/init.d/functions.") diff --git a/server/core/gateway.c b/server/core/gateway.c index 5e17fe04f..9845713e1 100644 --- a/server/core/gateway.c +++ b/server/core/gateway.c @@ -154,6 +154,7 @@ static struct option long_options[] = { {"logdir", required_argument, 0, 'L'}, {"datadir", required_argument, 0, 'D'}, {"configdir",required_argument, 0, 'C'}, + {"piddir",required_argument, 0, 'P'}, {"libdir",required_argument, 0, 'B'}, {"cachedir",required_argument, 0, 'A'}, {"language",required_argument, 0, 'N'}, @@ -870,6 +871,8 @@ static void usage(void) " (default: /etc/)\n" " -D, --datadir=PATH path to data directory, stored embedded mysql tables\n" " (default: /var/cache/maxscale)\n" + " -P, --piddir=PATH path to PID file directory\n" + " (default: /var/run/maxscale)\n" " -U, --user=USER run MaxScale as another user.\n" " The user ID and group ID of this user are used to run MaxScale.\n" " -s, --syslog=[yes|no] log messages to syslog (default:yes)\n" @@ -976,7 +979,7 @@ int main(int argc, char **argv) } } - while ((opt = getopt_long(argc, argv, "dc:f:l:vs:S:?L:D:C:B:U:A:", + while ((opt = getopt_long(argc, argv, "dc:f:l:vs:S:?L:D:C:B:U:A:P:", long_options, &option_index)) != -1) { bool succp = true; @@ -1045,6 +1048,12 @@ int main(int argc, char **argv) langdir = tmp_path; } break; + case 'P': + if(handle_path_arg(&tmp_path,optarg,NULL,true,true)) + { + piddir = tmp_path; + } + break; case 'D': sprintf(datadir,"%s",optarg); maxscaledatadir = strdup(optarg); @@ -1821,7 +1830,7 @@ static int write_pid_file(char *home_dir) { int fd = -1; - snprintf(pidfile, PATH_MAX, "%smaxscale.pid",default_piddir); + snprintf(pidfile, PATH_MAX, "%smaxscale.pid",piddir?piddir:default_piddir); fd = open(pidfile, O_WRONLY | O_CREAT | O_TRUNC, 0777); if (fd == -1) { @@ -1920,6 +1929,11 @@ static int cnf_preparser(void* data, const char* section, const char* name, cons if(libdir == NULL) handle_path_arg(&libdir,(char*)value,NULL,true,false); } + else if(strcmp(name, "piddir") == 0) + { + if(piddir == NULL) + handle_path_arg(&piddir,(char*)value,NULL,true,true); + } else if(strcmp(name, "datadir") == 0) { if(!datadir_defined) diff --git a/server/include/gwdirs.h.in b/server/include/gwdirs.h.in index 66e34426f..b8044484b 100644 --- a/server/include/gwdirs.h.in +++ b/server/include/gwdirs.h.in @@ -37,7 +37,7 @@ static char* libdir = NULL; static char* cachedir = NULL; static char* maxscaledatadir = NULL; static char* langdir = NULL; - +static char* piddir = NULL; char* get_libdir(); char* get_datadir(); char* get_cachedir(); diff --git a/server/modules/filter/test/tee_recursion.sh b/server/modules/filter/test/tee_recursion.sh index 82a8080e2..a37dae0c4 100755 --- a/server/modules/filter/test/tee_recursion.sh +++ b/server/modules/filter/test/tee_recursion.sh @@ -17,8 +17,8 @@ function execute_test() return 1 fi - LAST_LOG=$(ls $BINDIR/log -1|grep err|sort|uniq|tail -n 1) - TEST_RESULT=$(cat $BINDIR/log/$LAST_LOG | grep -i recursive) + LAST_LOG=$(ls $BINDIR/ -1|grep error|sort|uniq|tail -n 1) + TEST_RESULT=$(cat $BINDIR/$LAST_LOG | grep -i recursive) if [[ "$TEST_RESULT" != "" ]] then return 0 diff --git a/server/test/maxscale_test.cnf b/server/test/maxscale_test.cnf index 83f52b23c..fdc843d8d 100644 --- a/server/test/maxscale_test.cnf +++ b/server/test/maxscale_test.cnf @@ -1,10 +1,11 @@ [maxscale] threads=4 libdir=@CMAKE_INSTALL_PREFIX@/@MAXSCALE_LIBDIR@ -logdir=@CMAKE_INSTALL_PREFIX@/log -datadir=@CMAKE_INSTALL_PREFIX@/data -cachedir=@CMAKE_INSTALL_PREFIX@/cache +logdir=@CMAKE_INSTALL_PREFIX@/ +datadir=@CMAKE_INSTALL_PREFIX@/ +cachedir=@CMAKE_INSTALL_PREFIX@/ language=@CMAKE_INSTALL_PREFIX@/lib/maxscale/ +piddir=@CMAKE_INSTALL_PREFIX@/ [feedback] feedback_enable=true From 06bece82a80cf1895291550999fdd93e157c54e0 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Tue, 26 May 2015 23:08:29 +0300 Subject: [PATCH 042/119] Fixed multi-character wildcard database grants not working with schemarouter. --- server/core/dbusers.c | 32 ++++++++++++++++++++++++-------- 1 file changed, 24 insertions(+), 8 deletions(-) diff --git a/server/core/dbusers.c b/server/core/dbusers.c index c8d1a78ec..f4e0ed080 100644 --- a/server/core/dbusers.c +++ b/server/core/dbusers.c @@ -974,19 +974,27 @@ getAllUsers(SERVICE *service, USERS *users) } } - if(service->optimize_wildcard && havedb && wildcard_db_grant(dbnm)) + if(havedb && wildcard_db_grant(dbnm)) { - rc = add_wildcard_users(users, row[0], row[1], password, row[4], dbnm, service->resources); - skygw_log_write(LOGFILE_DEBUG|LOGFILE_TRACE,"%s: Converted '%s' to %d individual database grants.",service->name,dbnm,rc); + if(service->optimize_wildcard) + { + rc = add_wildcard_users(users, row[0], row[1], password, row[4], dbnm, service->resources); + skygw_log_write(LOGFILE_DEBUG|LOGFILE_TRACE,"%s: Converted '%s' to %d individual database grants.",service->name,dbnm,rc); + } + else + { + /** Use ANYDB for wildcard grants */ + rc = add_mysql_users_with_host_ipv4(users, row[0], row[1], password, "Y", NULL); + } } else { rc = add_mysql_users_with_host_ipv4(users, row[0], row[1], password, row[4], havedb ? dbnm : NULL); } - skygw_log_write(LOGFILE_DEBUG,"%s: Adding user:%s host:%s anydb:%s db:%s.", + LOGIF(LD,(skygw_log_write(LOGFILE_DEBUG,"%s: Adding user:%s host:%s anydb:%s db:%s.", service->name,row[0],row[1],row[4], - havedb ? dbnm : NULL); + havedb ? dbnm : NULL))); } else { /* we don't have dbgrants, simply set ANY DB for the user */ rc = add_mysql_users_with_host_ipv4(users, row[0], row[1], password, "Y", NULL); @@ -1483,10 +1491,18 @@ getUsers(SERVICE *service, USERS *users) } } - if(service->optimize_wildcard && havedb && wildcard_db_grant(row[5])) + if(havedb && wildcard_db_grant(row[5])) { - rc = add_wildcard_users(users, row[0], row[1], password, row[4], dbnm, service->resources); - skygw_log_write(LOGFILE_DEBUG|LOGFILE_TRACE,"%s: Converted '%s' to %d individual database grants.",service->name,row[5],rc); + if(service->optimize_wildcard) + { + rc = add_wildcard_users(users, row[0], row[1], password, row[4], dbnm, service->resources); + skygw_log_write(LOGFILE_DEBUG|LOGFILE_TRACE,"%s: Converted '%s' to %d individual database grants.",service->name,row[5],rc); + } + else + { + /** Use ANYDB for wildcard grants */ + rc = add_mysql_users_with_host_ipv4(users, row[0], row[1], password, "Y", NULL); + } } else { From 4365a04d2c0f36d079c6428f705e38d504be4031 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Thu, 28 May 2015 10:30:21 +0300 Subject: [PATCH 043/119] Added 5.5.5- string to the start of MariaDB 10.0 version strings. --- server/core/config.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/server/core/config.c b/server/core/config.c index 60c99bf87..274522468 100644 --- a/server/core/config.c +++ b/server/core/config.c @@ -231,7 +231,7 @@ int rval; strcpy(version_string,tmp); } - ptr = strstr(tmp, "-embedded"); + ptr = strstr(version_string, "-embedded"); if (ptr) { *ptr = '\0'; } @@ -417,7 +417,21 @@ hashtable_memory_fns(monitorhash,strdup,NULL,free,NULL); } if (version_string) { + + /** Add the 5.5.5- string to the start of the version string if + * the version string starts with "10.". + * This mimics MariaDB 10.0 replication which adds 5.5.5- for backwards compatibility. */ + if(strncmp(version_string,"10.",3) == 0) + { + ((SERVICE *)(obj->element))->version_string = malloc((strlen(version_string) + + strlen("5.5.5-") + 1) * sizeof(char)); + strcpy(((SERVICE *)(obj->element))->version_string,"5.5.5-"); + strcat(((SERVICE *)(obj->element))->version_string,version_string); + } + else + { ((SERVICE *)(obj->element))->version_string = strdup(version_string); + } } else { if (gateway.version_string) ((SERVICE *)(obj->element))->version_string = strdup(gateway.version_string); From 16d6bd6d2c7f4d0b40eee154d6656902a238187d Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Thu, 28 May 2015 11:56:14 +0300 Subject: [PATCH 044/119] Added service SSL mode variables. --- server/core/config.c | 2 +- server/core/service.c | 13 +++++++++- server/include/service.h | 7 ++++++ .../include/mysql_client_server_protocol.h | 4 ++++ server/modules/protocol/mysql_client.c | 24 ++++++++++++++++--- 5 files changed, 45 insertions(+), 5 deletions(-) diff --git a/server/core/config.c b/server/core/config.c index 274522468..ccbeee0e0 100644 --- a/server/core/config.c +++ b/server/core/config.c @@ -420,7 +420,7 @@ hashtable_memory_fns(monitorhash,strdup,NULL,free,NULL); /** Add the 5.5.5- string to the start of the version string if * the version string starts with "10.". - * This mimics MariaDB 10.0 replication which adds 5.5.5- for backwards compatibility. */ + * This mimics MariaDB 10.0 behavior which adds 5.5.5- for backwards compatibility. */ if(strncmp(version_string,"10.",3) == 0) { ((SERVICE *)(obj->element))->version_string = malloc((strlen(version_string) + diff --git a/server/core/service.c b/server/core/service.c index 5ba5d539d..8297ea6fd 100644 --- a/server/core/service.c +++ b/server/core/service.c @@ -136,7 +136,8 @@ SERVICE *service; service->routerModule = strdup(router); service->users_from_all = false; service->resources = NULL; - + service->ssl_mode = SSL_REQUIRED; + if (service->name == NULL || service->routerModule == NULL) { if (service->name) @@ -855,6 +856,16 @@ serviceOptimizeWildcard(SERVICE *service, int action) return 1; } +/** Enable or disable the service SSL capability*/ +int +serviceSetSSL(SERVICE *service, int action) +{ + if(action) + service->ssl_mode = SSL_REQUIRED; + else + service->ssl_mode = SSL_DISABLED; +} + /** * Whether to strip escape characters from the name of the database the client * is connecting to. diff --git a/server/include/service.h b/server/include/service.h index f26c99806..a6fea6d56 100644 --- a/server/include/service.h +++ b/server/include/service.h @@ -105,6 +105,12 @@ typedef struct server_ref_t{ SERVER* server; }SERVER_REF; +typedef enum { + SSL_DISABLED, + SSL_ENABLED, + SSL_REQUIRED +} ssl_mode_t; + /** * Defines a service within the gateway. * @@ -149,6 +155,7 @@ typedef struct service { FILTER_DEF **filters; /**< Ordered list of filters */ int n_filters; /**< Number of filters */ int conn_timeout; /*< Session timeout in seconds */ + ssl_mode_t ssl_mode; /*< one of DISABLED, ENABLED or REQUIRED */ char *weightby; struct service *next; /**< The next service in the linked list */ } SERVICE; diff --git a/server/modules/include/mysql_client_server_protocol.h b/server/modules/include/mysql_client_server_protocol.h index 46bbe296c..de8118659 100644 --- a/server/modules/include/mysql_client_server_protocol.h +++ b/server/modules/include/mysql_client_server_protocol.h @@ -97,6 +97,10 @@ typedef enum { MYSQL_AUTH_RECV, MYSQL_AUTH_FAILED, MYSQL_HANDSHAKE_FAILED, + MYSQL_AUTH_SSL_REQ, /*< client requested SSL */ + MYSQL_AUTH_SSL_EXCHANGE_DONE, /*< SSL handshake done */ + MYSQL_AUTH_SSL_EXCHANGE_ERR, /*< SSL handshake failure */ + MYSQL_AUTH_SSL_RECV, /*< */ MYSQL_IDLE } mysql_auth_state_t; diff --git a/server/modules/protocol/mysql_client.c b/server/modules/protocol/mysql_client.c index abdb4422c..d1e188281 100644 --- a/server/modules/protocol/mysql_client.c +++ b/server/modules/protocol/mysql_client.c @@ -242,7 +242,7 @@ MySQLSendHandshake(DCB* dcb) char server_scramble[GW_MYSQL_SCRAMBLE_SIZE + 1]=""; char *version_string; int len_version_string=0; - + MySQLProtocol *protocol = DCB_PROTOCOL(dcb, MySQLProtocol); GWBUF *buf; @@ -319,7 +319,16 @@ MySQLSendHandshake(DCB* dcb) mysql_server_capabilities_one[0] &= ~GW_MYSQL_CAPABILITIES_COMPRESS; - mysql_server_capabilities_one[0] &= ~GW_MYSQL_CAPABILITIES_SSL; + + if(dcb->service->ssl_mode != SSL_DISABLED) + { + mysql_server_capabilities_one[1] |= GW_MYSQL_CAPABILITIES_SSL >> 8; + } + else + { + mysql_server_capabilities_one[0] &= ~GW_MYSQL_CAPABILITIES_SSL; + } + memcpy(mysql_handshake_payload, mysql_server_capabilities_one, sizeof(mysql_server_capabilities_one)); mysql_handshake_payload = mysql_handshake_payload + sizeof(mysql_server_capabilities_one); @@ -402,7 +411,7 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue) { uint8_t *stage1_hash = NULL; int auth_ret = -1; MYSQL_session *client_data = NULL; - + int ssl = 0; CHK_DCB(dcb); protocol = DCB_PROTOCOL(dcb, MySQLProtocol); @@ -451,6 +460,15 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue) { &protocol->client_capabilities); */ + + ssl = protocol->client_capabilities & GW_MYSQL_CAPABILITIES_SSL; + + /** Client didn't requested SSL when SSL mode was required*/ + if(!ssl && protocol->owner_dcb->service->ssl_mode == SSL_REQUIRED) + { + return 1; + } + username = get_username_from_auth(username, client_auth_packet); if (username == NULL) From f4dee6d584dbc6c21284cdd07ba44c52a506b174 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Thu, 28 May 2015 12:11:49 +0300 Subject: [PATCH 045/119] Fixed systemd service file not starting with the maxscale user. --- etc/maxscale.service.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/maxscale.service.in b/etc/maxscale.service.in index 50e781f30..6717f6b25 100644 --- a/etc/maxscale.service.in +++ b/etc/maxscale.service.in @@ -5,7 +5,7 @@ After=network.target [Service] Type=forking PIDFile=@MAXSCALE_VARDIR@/run/maxscale/maxscale.pid -ExecStart=@CMAKE_INSTALL_PREFIX@/@MAXSCALE_BINDIR@/maxscale +ExecStart=@CMAKE_INSTALL_PREFIX@/@MAXSCALE_BINDIR@/maxscale --user=maxscale [Install] WantedBy=multi-user.target From b24da2c540d09d28943b39c6e3cd1cdb1b0199df Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Thu, 28 May 2015 12:47:26 +0300 Subject: [PATCH 046/119] Changed errmsg.sys file to be world executable when installed. This way the maxscale user can read it when the package is installed. --- CMakeLists.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 376df9b0f..03cb541b6 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -154,7 +154,8 @@ install(FILES ${CMAKE_BINARY_DIR}/ReleaseNotes.txt DESTINATION ${MAXSCALE_SHARED install(FILES ${CMAKE_BINARY_DIR}/UpgradingToMaxScale110.txt DESTINATION ${MAXSCALE_SHAREDIR}) install(FILES server/maxscale_template.cnf DESTINATION ${MAXSCALE_SHAREDIR}) install(FILES server/maxscale_binlogserver_template.cnf DESTINATION ${MAXSCALE_SHAREDIR}) -install(FILES ${ERRMSG} DESTINATION ${MAXSCALE_VARDIR}/lib/maxscale) +install(FILES ${ERRMSG} DESTINATION ${MAXSCALE_VARDIR}/lib/maxscale + PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) install(FILES ${CMAKE_SOURCE_DIR}/COPYRIGHT DESTINATION ${MAXSCALE_SHAREDIR}) install(FILES ${CMAKE_SOURCE_DIR}/README DESTINATION ${MAXSCALE_SHAREDIR}) install(FILES ${CMAKE_SOURCE_DIR}/LICENSE DESTINATION ${MAXSCALE_SHAREDIR}) From 3d6259cb00d32818b9bc98f154a772543e524509 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Thu, 28 May 2015 16:33:51 +0300 Subject: [PATCH 047/119] Added configuration options for different SSL modes. --- server/core/config.c | 9 ++++++++- server/core/service.c | 20 ++++++++++++++++---- server/include/service.h | 1 + server/modules/protocol/mysql_client.c | 12 ++++++++++++ 4 files changed, 37 insertions(+), 5 deletions(-) diff --git a/server/core/config.c b/server/core/config.c index ccbeee0e0..f6721a28e 100644 --- a/server/core/config.c +++ b/server/core/config.c @@ -345,6 +345,7 @@ hashtable_memory_fns(monitorhash,strdup,NULL,free,NULL); char *weightby; char *version_string; char *subservices; + char* ssl; bool is_rwsplit = false; bool is_schemarouter = false; char *allow_localhost_match_wildcard_host; @@ -353,6 +354,8 @@ hashtable_memory_fns(monitorhash,strdup,NULL,free,NULL); user = config_get_value(obj->parameters, "user"); auth = config_get_value(obj->parameters, "passwd"); subservices = config_get_value(obj->parameters, "subservices"); + ssl = config_get_value(obj->parameters, "ssl"); + enable_root_user = config_get_value( obj->parameters, "enable_root_user"); @@ -443,7 +446,11 @@ hashtable_memory_fns(monitorhash,strdup,NULL,free,NULL); max_slave_rlag_str = config_get_value(obj->parameters, "max_slave_replication_lag"); - + + if(ssl) + if(serviceSetSSL(obj->element,ssl) != 0) + skygw_log_write(LE,"Error: Unknown parameter for service '%s': %s",obj->object,ssl); + if (enable_root_user) serviceEnableRootUser( obj->element, diff --git a/server/core/service.c b/server/core/service.c index 8297ea6fd..4ef9b3515 100644 --- a/server/core/service.c +++ b/server/core/service.c @@ -136,7 +136,7 @@ SERVICE *service; service->routerModule = strdup(router); service->users_from_all = false; service->resources = NULL; - service->ssl_mode = SSL_REQUIRED; + service->ssl_mode = SSL_DISABLED; if (service->name == NULL || service->routerModule == NULL) { @@ -858,12 +858,20 @@ serviceOptimizeWildcard(SERVICE *service, int action) /** Enable or disable the service SSL capability*/ int -serviceSetSSL(SERVICE *service, int action) +serviceSetSSL(SERVICE *service, char* action) { - if(action) + int rval = 0; + + if(strcasecmp(action,"required") == 0) service->ssl_mode = SSL_REQUIRED; - else + else if(strcasecmp(action,"enabled") == 0) + service->ssl_mode = SSL_ENABLED; + else if(strcasecmp(action,"disabled") == 0) service->ssl_mode = SSL_DISABLED; + else + rval = -1; + + return rval; } /** @@ -1029,6 +1037,8 @@ int i; printf("\tUsers data: %p\n", (void *)service->users); printf("\tTotal connections: %d\n", service->stats.n_sessions); printf("\tCurrently connected: %d\n", service->stats.n_current); + printf("\tSSL: %s\n", service->ssl_mode == SSL_DISABLED ? "Disabled": + (service->ssl_mode == SSL_ENABLED ? "Enabled":"Required")); } /** @@ -1138,6 +1148,8 @@ int i; service->stats.n_sessions); dcb_printf(dcb, "\tCurrently connected: %d\n", service->stats.n_current); + dcb_printf(dcb,"\tSSL: %s\n", service->ssl_mode == SSL_DISABLED ? "Disabled": + (service->ssl_mode == SSL_ENABLED ? "Enabled":"Required")); } /** diff --git a/server/include/service.h b/server/include/service.h index a6fea6d56..e0ae151cf 100644 --- a/server/include/service.h +++ b/server/include/service.h @@ -185,6 +185,7 @@ extern int serviceRestart(SERVICE *); extern int serviceSetUser(SERVICE *, char *, char *); extern int serviceGetUser(SERVICE *, char **, char **); extern void serviceSetFilters(SERVICE *, char *); +extern int serviceSetSSL(SERVICE *service, char* action); extern int serviceEnableRootUser(SERVICE *, int ); extern int serviceSetTimeout(SERVICE *, int ); extern void serviceWeightBy(SERVICE *, char *); diff --git a/server/modules/protocol/mysql_client.c b/server/modules/protocol/mysql_client.c index d1e188281..eaf061334 100644 --- a/server/modules/protocol/mysql_client.c +++ b/server/modules/protocol/mysql_client.c @@ -466,9 +466,21 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue) { /** Client didn't requested SSL when SSL mode was required*/ if(!ssl && protocol->owner_dcb->service->ssl_mode == SSL_REQUIRED) { + LOGIF(LT,(skygw_log_write(LT,"User %s@%s connected to service '%s' without SSL when SSL was required.", + protocol->owner_dcb->user, + protocol->owner_dcb->remote, + protocol->owner_dcb->service->name))); return 1; } + if(LOG_IS_ENABLED(LT)) + { + skygw_log_write(LT,"User %s@%s connected to service '%s' with SSL.", + protocol->owner_dcb->user, + protocol->owner_dcb->remote, + protocol->owner_dcb->service->name); + } + username = get_username_from_auth(username, client_auth_packet); if (username == NULL) From 449c186a668a6d48f9de484ada049af703fe43b0 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Thu, 28 May 2015 18:13:45 +0300 Subject: [PATCH 048/119] Added OpenSSL init function call. --- server/modules/protocol/mysql_client.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/server/modules/protocol/mysql_client.c b/server/modules/protocol/mysql_client.c index eaf061334..0d5c47b48 100644 --- a/server/modules/protocol/mysql_client.c +++ b/server/modules/protocol/mysql_client.c @@ -46,7 +46,9 @@ #include #include #include - +#include +#include +#include MODULE_INFO info = { MODULE_API_PROTOCOL, MODULE_GA, @@ -113,6 +115,7 @@ version() void ModuleInit() { + SSL_library_init(); } /** @@ -473,7 +476,7 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue) { return 1; } - if(LOG_IS_ENABLED(LT)) + if(LOG_IS_ENABLED(LT) && ssl) { skygw_log_write(LT,"User %s@%s connected to service '%s' with SSL.", protocol->owner_dcb->user, @@ -481,6 +484,11 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue) { protocol->owner_dcb->service->name); } + if(ssl && protocol->owner_dcb->service->ssl_mode != SSL_DISABLED) + { + + } + username = get_username_from_auth(username, client_auth_packet); if (username == NULL) From a572166ffd0a3152fdf7229e17fcf0242a633587 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Thu, 28 May 2015 22:19:50 +0300 Subject: [PATCH 049/119] Added ssl handshake to mysql_client --- server/core/config.c | 30 +++++++++-- server/core/service.c | 50 +++++++++++++++++++ server/include/service.h | 15 +++++- .../include/mysql_client_server_protocol.h | 5 +- server/modules/protocol/mysql_client.c | 44 ++++++++++++++-- 5 files changed, 134 insertions(+), 10 deletions(-) diff --git a/server/core/config.c b/server/core/config.c index f6721a28e..12d4c099e 100644 --- a/server/core/config.c +++ b/server/core/config.c @@ -345,7 +345,7 @@ hashtable_memory_fns(monitorhash,strdup,NULL,free,NULL); char *weightby; char *version_string; char *subservices; - char* ssl; + char *ssl,*ssl_cert,*ssl_key,*ssl_ca_cert; bool is_rwsplit = false; bool is_schemarouter = false; char *allow_localhost_match_wildcard_host; @@ -355,7 +355,9 @@ hashtable_memory_fns(monitorhash,strdup,NULL,free,NULL); auth = config_get_value(obj->parameters, "passwd"); subservices = config_get_value(obj->parameters, "subservices"); ssl = config_get_value(obj->parameters, "ssl"); - + ssl_cert = config_get_value(obj->parameters, "ssl_cert"); + ssl_key = config_get_value(obj->parameters, "ssl_key"); + ssl_ca_cert = config_get_value(obj->parameters, "ssl_ca_cert"); enable_root_user = config_get_value( obj->parameters, "enable_root_user"); @@ -448,8 +450,28 @@ hashtable_memory_fns(monitorhash,strdup,NULL,free,NULL); "max_slave_replication_lag"); if(ssl) - if(serviceSetSSL(obj->element,ssl) != 0) - skygw_log_write(LE,"Error: Unknown parameter for service '%s': %s",obj->object,ssl); + { + if(ssl_cert == NULL) + skygw_log_write(LE,"Error: Server certificate missing for service '%s'.",obj->object); + if(ssl_ca_cert == NULL) + skygw_log_write(LE,"Error: CA Certificate missing for service '%s'.",obj->object); + if(ssl_key == NULL) + skygw_log_write(LE,"Error: Server private key missing for service '%s'.",obj->object); + + if(ssl_ca_cert != NULL && ssl_cert != NULL && ssl_key != NULL) + { + + if(serviceSetSSL(obj->element,ssl) != 0) + { + skygw_log_write(LE,"Error: Unknown parameter for service '%s': %s",obj->object,ssl); + } + else + { + serviceSetCertificates(obj->element,ssl_cert,ssl_key,ssl_ca_cert); + } + } + + } if (enable_root_user) serviceEnableRootUser( diff --git a/server/core/service.c b/server/core/service.c index 4ef9b3515..ee6d1cf26 100644 --- a/server/core/service.c +++ b/server/core/service.c @@ -137,6 +137,10 @@ SERVICE *service; service->users_from_all = false; service->resources = NULL; service->ssl_mode = SSL_DISABLED; + service->ssl_init_done = false; + service->ssl_ca_cert = NULL; + service->ssl_cert = NULL; + service->ssl_key = NULL; if (service->name == NULL || service->routerModule == NULL) { @@ -856,6 +860,14 @@ serviceOptimizeWildcard(SERVICE *service, int action) return 1; } +void +serviceSetCertificates(SERVICE *service, char* cert,char* key, char* ca_cert) +{ + service->ssl_cert = strdup(cert); + service->ssl_key = strdup(key); + service->ssl_ca_cert = strdup(ca_cert); +} + /** Enable or disable the service SSL capability*/ int serviceSetSSL(SERVICE *service, char* action) @@ -1798,3 +1810,41 @@ int *data; return set; } + + +int serviceInitSSL(SERVICE* service) +{ + if(!service->ssl_init_done) + { + service->method = (SSL_METHOD*)SSLv23_server_method(); + service->ctx = SSL_CTX_new(service->method); + + if (SSL_CTX_use_certificate_file(service->ctx, service->ssl_cert, SSL_FILETYPE_PEM) <= 0) { + return -1; + } + + /* Load the private-key corresponding to the server certificate */ + if (SSL_CTX_use_PrivateKey_file(service->ctx, service->ssl_key, SSL_FILETYPE_PEM) <= 0) { + return -1; + } + + /* Check if the server certificate and private-key matches */ + if (!SSL_CTX_check_private_key(service->ctx)) { + return -1; + } + + + /* Load the RSA CA certificate into the SSL_CTX structure */ + if (!SSL_CTX_load_verify_locations(service->ctx, service->ssl_ca_cert, NULL)) { + return -1; + } + + /* Set to require peer (client) certificate verification */ + SSL_CTX_set_verify(service->ctx,SSL_VERIFY_PEER,NULL); + + /* Set the verification depth to 1 */ + SSL_CTX_set_verify_depth(service->ctx,10); + service->ssl_init_done = true; + } + return 0; +} diff --git a/server/include/service.h b/server/include/service.h index e0ae151cf..1c6614656 100644 --- a/server/include/service.h +++ b/server/include/service.h @@ -26,7 +26,9 @@ #include #include #include - +#include +#include +#include /** * @file service.h * @@ -158,6 +160,15 @@ typedef struct service { ssl_mode_t ssl_mode; /*< one of DISABLED, ENABLED or REQUIRED */ char *weightby; struct service *next; /**< The next service in the linked list */ + SSL_CTX *ctx; + SSL *ssl; + SSL_METHOD *method; /*< SSLv2/3 or TLSv1/2 methods + * see: https://www.openssl.org/docs/ssl/SSL_CTX_new.html */ + char* ssl_cert; + char* ssl_key; + char* ssl_ca_cert; + bool ssl_init_done; + } SERVICE; typedef enum count_spec_t {COUNT_NONE=0, COUNT_ATLEAST, COUNT_EXACT, COUNT_ATMOST} count_spec_t; @@ -186,6 +197,8 @@ extern int serviceSetUser(SERVICE *, char *, char *); extern int serviceGetUser(SERVICE *, char **, char **); extern void serviceSetFilters(SERVICE *, char *); extern int serviceSetSSL(SERVICE *service, char* action); +extern int serviceInitSSL(SERVICE* service); +extern void serviceSetCertificates(SERVICE *service, char* cert,char* key, char* ca_cert); extern int serviceEnableRootUser(SERVICE *, int ); extern int serviceSetTimeout(SERVICE *, int ); extern void serviceWeightBy(SERVICE *, char *); diff --git a/server/modules/include/mysql_client_server_protocol.h b/server/modules/include/mysql_client_server_protocol.h index de8118659..87dbc50ee 100644 --- a/server/modules/include/mysql_client_server_protocol.h +++ b/server/modules/include/mysql_client_server_protocol.h @@ -54,7 +54,9 @@ #include #include #include - +#include +#include +#include #include #include #include @@ -294,6 +296,7 @@ typedef struct { unsigned long tid; /*< MySQL Thread ID, in * handshake */ unsigned int charset; /*< MySQL character set at connect time */ + SSL* ssl; /*< SSL struct for client connection */ #if defined(SS_DEBUG) skygw_chk_t protocol_chk_tail; #endif diff --git a/server/modules/protocol/mysql_client.c b/server/modules/protocol/mysql_client.c index 0d5c47b48..5adb8bcd0 100644 --- a/server/modules/protocol/mysql_client.c +++ b/server/modules/protocol/mysql_client.c @@ -46,9 +46,7 @@ #include #include #include -#include -#include -#include + MODULE_INFO info = { MODULE_API_PROTOCOL, MODULE_GA, @@ -116,6 +114,7 @@ void ModuleInit() { SSL_library_init(); + SSL_load_error_strings(); } /** @@ -484,9 +483,47 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue) { protocol->owner_dcb->service->name); } + /** Do the SSL Handshake */ if(ssl && protocol->owner_dcb->service->ssl_mode != SSL_DISABLED) { + if(serviceInitSSL(protocol->owner_dcb->service) != 0) + { + skygw_log_write(LOGFILE_ERROR,"Error: SSL initialization for service '%s' failed.", + protocol->owner_dcb->service->name); + return 1; + } + protocol->ssl = SSL_new(protocol->owner_dcb->service->ctx); + SSL_set_fd(protocol->ssl,dcb->fd); + protocol->protocol_auth_state = MYSQL_AUTH_SSL_REQ; + printf("%s\n",SSL_get_version(protocol->ssl)); + int errnum,rval; + char errbuf[1024]; + switch((rval = SSL_accept(protocol->ssl))) + { + case 0: + errnum = SSL_get_error(protocol->ssl,rval); + ERR_error_string(errnum,errbuf); + skygw_log_write_flush(LOGFILE_ERROR,"SSL_accept: %s",errbuf); + ERR_print_errors_fp(stdout); + ERR_error_string(errnum,errbuf); + printf("%s\n",errbuf); + fflush(stdout); + break; + case 1: + protocol->protocol_auth_state = MYSQL_AUTH_SSL_EXCHANGE_DONE; + break; + default: + errnum = SSL_get_error(protocol->ssl,rval); + ERR_print_errors_fp(stdout); + ERR_error_string(errnum,errbuf); + printf("%s\n",errbuf); + fflush(stdout); + skygw_log_write_flush(LOGFILE_ERROR,"Error: Fatal error in SSL_accept: %s",errbuf); + protocol->protocol_auth_state = MYSQL_AUTH_SSL_EXCHANGE_ERR; + break; + + } } username = get_username_from_auth(username, client_auth_packet); @@ -1700,4 +1737,3 @@ return_str: return str; } #endif - From f946a44620b9f709d01dbcdb11c0769f1dab733d Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Thu, 28 May 2015 23:11:32 +0300 Subject: [PATCH 050/119] Added handling of partial SSL handshakes. --- server/modules/protocol/mysql_client.c | 91 +++++++++++++++++++++++--- 1 file changed, 83 insertions(+), 8 deletions(-) diff --git a/server/modules/protocol/mysql_client.c b/server/modules/protocol/mysql_client.c index 5adb8bcd0..387b59aa0 100644 --- a/server/modules/protocol/mysql_client.c +++ b/server/modules/protocol/mysql_client.c @@ -78,6 +78,8 @@ extern char* get_username_from_auth(char* ptr, uint8_t* data); extern int check_db_name_after_auth(DCB *, char *, int); extern char* create_auth_fail_str(char *username, char *hostaddr, char *sha1, char *db); +int do_ssl_accept(MySQLProtocol* protocol); + /* * The "module object" for the mysqld client protocol module. */ @@ -498,6 +500,7 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue) { printf("%s\n",SSL_get_version(protocol->ssl)); int errnum,rval; char errbuf[1024]; + switch((rval = SSL_accept(protocol->ssl))) { case 0: @@ -515,12 +518,22 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue) { default: errnum = SSL_get_error(protocol->ssl,rval); - ERR_print_errors_fp(stdout); - ERR_error_string(errnum,errbuf); - printf("%s\n",errbuf); - fflush(stdout); - skygw_log_write_flush(LOGFILE_ERROR,"Error: Fatal error in SSL_accept: %s",errbuf); - protocol->protocol_auth_state = MYSQL_AUTH_SSL_EXCHANGE_ERR; + if(errnum == SSL_ERROR_WANT_READ) + { + /** Not all of the data has been read. Go back to the poll + queue and wait for more.*/ + protocol->protocol_auth_state = MYSQL_AUTH_SSL_RECV; + return 0; + } + else + { + ERR_print_errors_fp(stdout); + ERR_error_string(errnum,errbuf); + printf("%s\n",errbuf); + fflush(stdout); + skygw_log_write_flush(LOGFILE_ERROR,"Error: Fatal error in SSL_accept: %s",errbuf); + protocol->protocol_auth_state = MYSQL_AUTH_SSL_EXCHANGE_ERR; + } break; } @@ -655,6 +668,10 @@ int gw_read_client_event( CHK_DCB(dcb); protocol = DCB_PROTOCOL(dcb, MySQLProtocol); CHK_PROTOCOL(protocol); + if(protocol->protocol_auth_state == MYSQL_AUTH_SSL_RECV) + { + goto do_auth; + } rc = dcb_read(dcb, &read_buffer); @@ -794,7 +811,7 @@ int gw_read_client_event( } } - + do_auth: /** * Now there should be at least one complete mysql packet in read_buffer. */ @@ -805,7 +822,10 @@ int gw_read_client_event( int auth_val; auth_val = gw_mysql_do_authentication(dcb, read_buffer); - + + if(protocol->protocol_auth_state == MYSQL_AUTH_SSL_RECV) + break; + if (auth_val == 0) { SESSION *session; @@ -899,6 +919,15 @@ int gw_read_client_event( } break; + case MYSQL_AUTH_SSL_RECV: + { + if(do_ssl_accept(protocol) == 1) + { + protocol->protocol_auth_state = MYSQL_AUTH_SSL_EXCHANGE_DONE; + } + } + break; + case MYSQL_IDLE: { uint8_t* payload = NULL; @@ -1737,3 +1766,49 @@ return_str: return str; } #endif + +int do_ssl_accept(MySQLProtocol* protocol) +{ + int rval,errnum; + char errbuf[2014]; + + switch((rval = SSL_accept(protocol->ssl))) + { + case 0: + errnum = SSL_get_error(protocol->ssl,rval); + ERR_error_string(errnum,errbuf); + skygw_log_write_flush(LOGFILE_ERROR,"SSL_accept: %s",errbuf); + ERR_print_errors_fp(stdout); + ERR_error_string(errnum,errbuf); + printf("%s\n",errbuf); + fflush(stdout); + break; + case 1: + protocol->protocol_auth_state = MYSQL_AUTH_SSL_EXCHANGE_DONE; + rval = 1; + break; + + default: + errnum = SSL_get_error(protocol->ssl,rval); + if(errnum == SSL_ERROR_WANT_READ) + { + /** Not all of the data has been read. Go back to the poll + queue and wait for more.*/ + rval = 0; + } + else + { + ERR_print_errors_fp(stdout); + ERR_error_string(errnum,errbuf); + printf("%s\n",errbuf); + fflush(stdout); + skygw_log_write_flush(LOGFILE_ERROR,"Error: Fatal error in SSL_accept: %s",errbuf); + protocol->protocol_auth_state = MYSQL_AUTH_SSL_EXCHANGE_ERR; + rval = -1; + } + break; + + } + + return rval; +} \ No newline at end of file From 0f814d3e73c8e57f1f78ef91a8999bf5672f099a Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Fri, 29 May 2015 13:00:37 +0300 Subject: [PATCH 051/119] Added SSL write and read functions. --- server/core/config.c | 19 +- server/core/dcb.c | 529 +++++++++++++++++- server/include/dcb.h | 8 +- .../include/mysql_client_server_protocol.h | 1 + server/modules/protocol/mysql_client.c | 245 +++++--- server/modules/protocol/mysql_common.c | 5 +- 6 files changed, 726 insertions(+), 81 deletions(-) diff --git a/server/core/config.c b/server/core/config.c index 12d4c099e..640437270 100644 --- a/server/core/config.c +++ b/server/core/config.c @@ -452,11 +452,17 @@ hashtable_memory_fns(monitorhash,strdup,NULL,free,NULL); if(ssl) { if(ssl_cert == NULL) - skygw_log_write(LE,"Error: Server certificate missing for service '%s'.",obj->object); + skygw_log_write(LE,"Error: Server certificate missing for service '%s'." + "Please provide the path to the server certificate by adding the ssl_cert= parameter", + obj->object); if(ssl_ca_cert == NULL) - skygw_log_write(LE,"Error: CA Certificate missing for service '%s'.",obj->object); + skygw_log_write(LE,"Error: CA Certificate missing for service '%s'." + "Please provide the path to the certificate authority certificate by adding the ssl_ca_cert= parameter", + obj->object); if(ssl_key == NULL) - skygw_log_write(LE,"Error: Server private key missing for service '%s'.",obj->object); + skygw_log_write(LE,"Error: Server private key missing for service '%s'. " + "Please provide the path to the server certificate key by adding the ssl_key= parameter" + ,obj->object); if(ssl_ca_cert != NULL && ssl_cert != NULL && ssl_key != NULL) { @@ -470,6 +476,13 @@ hashtable_memory_fns(monitorhash,strdup,NULL,free,NULL); serviceSetCertificates(obj->element,ssl_cert,ssl_key,ssl_ca_cert); } } + else + { + /** If SSL was configured wrong, the + * service needs to fail.*/ + skygw_log_write_flush(LE,"Error: Missing SSL certificate paths found in the configuration. " + "This service will not use SSL."); + } } diff --git a/server/core/dcb.c b/server/core/dcb.c index 6717aea41..ba2028de2 100644 --- a/server/core/dcb.c +++ b/server/core/dcb.c @@ -49,6 +49,7 @@ * backend * 07/05/2014 Mark Riddoch Addition of callback mechanism * 20/06/2014 Mark Riddoch Addition of dcb_clone + * 29/05/2015 Markus Makela Addition of dcb_write_SSL * * @endverbatim */ @@ -880,6 +881,152 @@ return_n: return n; } + +/** + * General purpose read routine to read data from a socket in the + * Descriptor Control Block and append it to a linked list of buffers. + * The list may be empty, in which case *head == NULL + * + * @param dcb The DCB to read from + * @param head Pointer to linked list to append data to + * @return -1 on error, otherwise the number of read bytes on the last + * iteration of while loop. 0 is returned if no data available. + */ +int dcb_read_SSL( + DCB *dcb, + SSL* ssl, + GWBUF **head) +{ + GWBUF *buffer = NULL; + int b; + int rc; + int n; + int nread = 0; + + CHK_DCB(dcb); + + if (dcb->fd <= 0) + { + LOGIF(LE, (skygw_log_write_flush( + LOGFILE_ERROR, + "Error : Read failed, dcb is %s.", + dcb->fd == DCBFD_CLOSED ? "closed" : "cloned, not readable"))); + n = 0; + goto return_n; + } + + while (true) + { + int bufsize; + + rc = ioctl(dcb->fd, FIONREAD, &b); + + if (rc == -1) + { + LOGIF(LE, (skygw_log_write_flush( + LOGFILE_ERROR, + "Error : ioctl FIONREAD for dcb %p in " + "state %s fd %d failed due error %d, %s.", + dcb, + STRDCBSTATE(dcb->state), + dcb->fd, + errno, + strerror(errno)))); + n = -1; + goto return_n; + } + + if (b == 0 && nread == 0) + { + /** Handle closed client socket */ + if (dcb_isclient(dcb)) + { + char c; + int l_errno = 0; + int r = -1; + + /* try to read 1 byte, without consuming the socket buffer */ + r = recv(dcb->fd, &c, sizeof(char), MSG_PEEK); + l_errno = errno; + + if (r <= 0 && + l_errno != EAGAIN && + l_errno != EWOULDBLOCK && + l_errno != 0) + { + n = -1; + goto return_n; + } + } + n = 0; + goto return_n; + } + else if (b == 0) + { + n = 0; + goto return_n; + } + + dcb->last_read = hkheartbeat; + + bufsize = MIN(b, MAX_BUFFER_SIZE); + + if ((buffer = gwbuf_alloc(bufsize)) == NULL) + { + /*< + * This is a fatal error which should cause shutdown. + * Todo shutdown if memory allocation fails. + */ + LOGIF(LE, (skygw_log_write_flush( + LOGFILE_ERROR, + "Error : Failed to allocate read buffer " + "for dcb %p fd %d, due %d, %s.", + dcb, + dcb->fd, + errno, + strerror(errno)))); + + n = -1; + goto return_n; + } + GW_NOINTR_CALL(n = SSL_read(ssl, GWBUF_DATA(buffer), bufsize); + dcb->stats.n_reads++); + + if (n <= 0) + { + int ssl_errno = ERR_get_error(); + if(ssl_errno != SSL_ERROR_WANT_READ) + { + LOGIF(LE, (skygw_log_write_flush( + LOGFILE_ERROR, + "Error : Read failed, dcb %p in state " + "%s fd %d: %s.", + dcb, + STRDCBSTATE(dcb->state), + dcb->fd, + ERR_error_string(ssl_errno,NULL)))); + + gwbuf_free(buffer); + goto return_n; + } + } + nread += n; + + LOGIF(LD, (skygw_log_write( + LOGFILE_DEBUG, + "%lu [dcb_read] Read %d bytes from dcb %p in state %s " + "fd %d.", + pthread_self(), + n, + dcb, + STRDCBSTATE(dcb->state), + dcb->fd))); + /*< Append read data to the gwbuf */ + *head = gwbuf_append(*head, buffer); + } /*< while (true) */ +return_n: + return n; +} /** * General purpose routine to write to a DCB * @@ -905,11 +1052,11 @@ int below_water; return 0; } /** - * SESSION_STATE_STOPPING means that one of the backends is closing - * the router session. Some backends may have not completed + * SESSION_STATE_STOPPING means that one of the backends is closing + * the router session. Some backends may have not completed * authentication yet and thus they have no information about router * being closed. Session state is changed to SESSION_STATE_STOPPING - * before router's closeSession is called and that tells that DCB may + * before router's closeSession is called and that tells that DCB may * still be writable. */ if (queue == NULL || @@ -932,9 +1079,9 @@ int below_water; //ss_dassert(false); return 0; } - + spinlock_acquire(&dcb->writeqlock); - + if (dcb->writeq != NULL) { /* @@ -949,7 +1096,7 @@ int below_water; if (queue) { int qlen; - + qlen = gwbuf_length(queue); atomic_add(&dcb->writeqlen, qlen); dcb->writeq = gwbuf_append(dcb->writeq, queue); @@ -998,7 +1145,7 @@ int below_water; w = gw_write(dcb, GWBUF_DATA(queue), qlen); dcb->stats.n_writes++; ); - + if (w < 0) { saved_errno = errno; @@ -1006,7 +1153,7 @@ int below_water; if (LOG_IS_ENABLED(LOGFILE_DEBUG)) { - if (saved_errno == EPIPE) + if (saved_errno == EPIPE) { LOGIF(LD, (skygw_log_write( LOGFILE_DEBUG, @@ -1019,9 +1166,9 @@ int below_water; dcb->fd, saved_errno, strerror(saved_errno)))); - } + } } - + if (LOG_IS_ENABLED(LOGFILE_ERROR)) { if (saved_errno != EPIPE && @@ -1066,7 +1213,7 @@ int below_water; if (queue) { int qlen; - + qlen = gwbuf_length(queue); atomic_add(&dcb->writeqlen, qlen); dcb->stats.n_buffered++; @@ -1086,7 +1233,7 @@ int below_water; if (GWBUF_IS_TYPE_MYSQL(queue)) { uint8_t* data = GWBUF_DATA(queue); - + if (data[4] == 0x01) { dolog = false; @@ -1116,6 +1263,262 @@ int below_water; return 1; } +/** + * General purpose routine to write to an SSL enabled DCB + * + * @param dcb The DCB of the client + * @param ssl The SSL structure for this DCB + * @param queue Queue of buffers to write + * @return 0 on failure, 1 on success + */ +int +dcb_write_SSL(DCB *dcb, SSL* ssl, GWBUF *queue) +{ + int w; + int saved_errno = 0; + int below_water; + + below_water = (dcb->high_water && dcb->writeqlen < dcb->high_water) ? 1 : 0; + ss_dassert(queue != NULL); + + if (dcb->fd <= 0) + { + LOGIF(LE, (skygw_log_write_flush( + LOGFILE_ERROR, + "Error : Write failed, dcb is %s.", + dcb->fd == DCBFD_CLOSED ? "closed" : "cloned, not writable"))); + return 0; + } + + /** + * SESSION_STATE_STOPPING means that one of the backends is closing + * the router session. Some backends may have not completed + * authentication yet and thus they have no information about router + * being closed. Session state is changed to SESSION_STATE_STOPPING + * before router's closeSession is called and that tells that DCB may + * still be writable. + */ + if (queue == NULL || + (dcb->state != DCB_STATE_ALLOC && + dcb->state != DCB_STATE_POLLING && + dcb->state != DCB_STATE_LISTENING && + dcb->state != DCB_STATE_NOPOLLING && + (dcb->session == NULL || + dcb->session->state != SESSION_STATE_STOPPING))) + { + LOGIF(LD, (skygw_log_write( + LOGFILE_DEBUG, + "%lu [dcb_write] Write aborted to dcb %p because " + "it is in state %s", + pthread_self(), + dcb->stats.n_buffered, + dcb, + STRDCBSTATE(dcb->state), + dcb->fd))); + //ss_dassert(false); + return 0; + } + + spinlock_acquire(&dcb->writeqlock); + + if (dcb->writeq != NULL) + { + /* + * We have some queued data, so add our data to + * the write queue and return. + * The assumption is that there will be an EPOLLOUT + * event to drain what is already queued. We are protected + * by the spinlock, which will also be acquired by the + * the routine that drains the queue data, so we should + * not have a race condition on the event. + */ + if (queue) + { + int qlen; + + qlen = gwbuf_length(queue); + atomic_add(&dcb->writeqlen, qlen); + dcb->writeq = gwbuf_append(dcb->writeq, queue); + dcb->stats.n_buffered++; + LOGIF(LD, (skygw_log_write( + LOGFILE_DEBUG, + "%lu [dcb_write] Append to writequeue. %d writes " + "buffered for dcb %p in state %s fd %d", + pthread_self(), + dcb->stats.n_buffered, + dcb, + STRDCBSTATE(dcb->state), + dcb->fd))); + } + } + else + { + /* + * Loop over the buffer chain that has been passed to us + * from the reading side. + * Send as much of the data in that chain as possible and + * add any balance to the write queue. + */ + while (queue != NULL) + { + int qlen; +#if defined(FAKE_CODE) + if (dcb->dcb_role == DCB_ROLE_REQUEST_HANDLER && + dcb->session != NULL) + { + if (dcb_isclient(dcb) && fail_next_client_fd) { + dcb_fake_write_errno[dcb->fd] = 32; + dcb_fake_write_ev[dcb->fd] = 29; + fail_next_client_fd = false; + } else if (!dcb_isclient(dcb) && + fail_next_backend_fd) + { + dcb_fake_write_errno[dcb->fd] = 32; + dcb_fake_write_ev[dcb->fd] = 29; + fail_next_backend_fd = false; + } + } +#endif /* FAKE_CODE */ + qlen = GWBUF_LENGTH(queue); + GW_NOINTR_CALL( + w = gw_write_SSL(ssl, GWBUF_DATA(queue), qlen); + dcb->stats.n_writes++; + ); + + if (w < 0) + { + int ssl_errno = ERR_get_error(); + + if (LOG_IS_ENABLED(LOGFILE_DEBUG)) + { + switch(ssl_errno) + { + case SSL_ERROR_WANT_READ: + LOGIF(LD, (skygw_log_write( + LOGFILE_DEBUG, + "%lu [dcb_write] Write to dcb " + "%p in state %s fd %d failed " + "due error SSL_ERROR_WANT_READ", + pthread_self(), + dcb, + STRDCBSTATE(dcb->state), + dcb->fd))); + break; + case SSL_ERROR_WANT_WRITE: + LOGIF(LD, (skygw_log_write( + LOGFILE_DEBUG, + "%lu [dcb_write] Write to dcb " + "%p in state %s fd %d failed " + "due error SSL_ERROR_WANT_WRITE", + pthread_self(), + dcb, + STRDCBSTATE(dcb->state), + dcb->fd))); + break; + default: + LOGIF(LD, (skygw_log_write( + LOGFILE_DEBUG, + "%lu [dcb_write] Write to dcb " + "%p in state %s fd %d failed " + "due error %d", + pthread_self(), + dcb, + STRDCBSTATE(dcb->state), + dcb->fd,ssl_errno))); + } + } + + if (LOG_IS_ENABLED(LOGFILE_ERROR)) + { + if (ssl_errno != 0) + { + LOGIF(LE, (skygw_log_write_flush( + LOGFILE_ERROR, + "Error : Write to dcb %p in " + "state %s fd %d failed due " + "SSL error %d", + dcb, + STRDCBSTATE(dcb->state), + dcb->fd, + ssl_errno))); + } + } + break; + } + /* + * Pull the number of bytes we have written from + * queue with have. + */ + queue = gwbuf_consume(queue, w); + LOGIF(LD, (skygw_log_write( + LOGFILE_DEBUG, + "%lu [dcb_write] Wrote %d Bytes to dcb %p in " + "state %s fd %d", + pthread_self(), + w, + dcb, + STRDCBSTATE(dcb->state), + dcb->fd))); + } /*< while (queue != NULL) */ + /*< + * What wasn't successfully written is stored to write queue + * for suspended write. + */ + dcb->writeq = queue; + + if (queue) + { + int qlen; + + qlen = gwbuf_length(queue); + atomic_add(&dcb->writeqlen, qlen); + dcb->stats.n_buffered++; + } + } /* if (dcb->writeq) */ + + if (saved_errno != 0 && + queue != NULL && + saved_errno != EAGAIN && + saved_errno != EWOULDBLOCK) + { + bool dolog = true; + + /** + * Do not log if writing COM_QUIT to backend failed. + */ + if (GWBUF_IS_TYPE_MYSQL(queue)) + { + uint8_t* data = GWBUF_DATA(queue); + + if (data[4] == 0x01) + { + dolog = false; + } + } + if (dolog) + { + LOGIF(LD, (skygw_log_write( + LOGFILE_DEBUG, + "%lu [dcb_write] Writing to %s socket failed due %d, %s.", + pthread_self(), + dcb_isclient(dcb) ? "client" : "backend server", + saved_errno, + strerror(saved_errno)))); + } + spinlock_release(&dcb->writeqlock); + return 0; + } + spinlock_release(&dcb->writeqlock); + + if (dcb->high_water && dcb->writeqlen > dcb->high_water && below_water) + { + atomic_add(&dcb->stats.n_high_water, 1); + dcb_call_callback(dcb, DCB_REASON_HIGH_WATER); + } + + return 1; +} + /** * Drain the write queue of a DCB. This is called as part of the EPOLLOUT handling * of a socket and will try to send any buffered data from the write queue @@ -1208,6 +1611,85 @@ int above_water; return n; } + +/** + * Drain the write queue of a DCB. This is called as part of the EPOLLOUT handling + * of a socket and will try to send any buffered data from the write queue + * up until the point the write would block. + * + * @param dcb DCB to drain the write queue of + * @return The number of bytes written + */ +int +dcb_drain_writeq_SSL(DCB *dcb, SSL* ssl) +{ + int n = 0; + int w; + int saved_errno = 0; + int above_water; + + above_water = (dcb->low_water && dcb->writeqlen > dcb->low_water) ? 1 : 0; + + spinlock_acquire(&dcb->writeqlock); + + if (dcb->writeq) + { + int len; + /* + * Loop over the buffer chain in the pending writeq + * Send as much of the data in that chain as possible and + * leave any balance on the write queue. + */ + while (dcb->writeq != NULL) + { + len = GWBUF_LENGTH(dcb->writeq); + GW_NOINTR_CALL(w = gw_write_SSL(ssl, GWBUF_DATA(dcb->writeq), len);); + + if (w < 0) + { + int ssl_errno = ERR_get_error(); + + if(ssl_errno == SSL_ERROR_WANT_WRITE || + ssl_errno == SSL_ERROR_WANT_ACCEPT || + ssl_errno == SSL_ERROR_WANT_READ) + { + break; + } + + skygw_log_write_flush( + LOGFILE_ERROR, + "Error : Write to dcb %p " + "in state %s fd %d failed: %s", + dcb, + STRDCBSTATE(dcb->state), + dcb->fd, + ERR_error_string(ssl_errno,NULL)); + break; + } + /* + * Pull the number of bytes we have written from + * queue with have. + */ + dcb->writeq = gwbuf_consume(dcb->writeq, w); + n += w; + } + } + spinlock_release(&dcb->writeqlock); + atomic_add(&dcb->writeqlen, -n); + + /* The write queue has drained, potentially need to call a callback function */ + if (dcb->writeq == NULL) + dcb_call_callback(dcb, DCB_REASON_DRAINED); + + if (above_water && dcb->writeqlen < dcb->low_water) + { + atomic_add(&dcb->stats.n_low_water, 1); + dcb_call_callback(dcb, DCB_REASON_LOW_WATER); + } + + return n; +} + /** * Removes dcb from poll set, and adds it to zombies list. As a consequense, * dcb first moves to DCB_STATE_NOPOLLING, and then to DCB_STATE_ZOMBIE state. @@ -1792,6 +2274,29 @@ static bool dcb_set_state_nomutex( return succp; } +/** + * Write data to a DCB + * + * @param ssl The SSL to write the buffer to + * @param buf Buffer to write + * @param nbytes Number of bytes to write + * @return Number of written bytes + */ +int +gw_write_SSL(SSL* ssl, const void *buf, size_t nbytes) +{ + int w = 0; + int fd = SSL_get_fd(ssl); + + if (fd > 0) + { + w = SSL_write(ssl, buf, nbytes); + } + return w; +} + + + /** * Write data to a DCB * diff --git a/server/include/dcb.h b/server/include/dcb.h index 7eedfbec3..38ebdc299 100644 --- a/server/include/dcb.h +++ b/server/include/dcb.h @@ -23,6 +23,9 @@ #include #include #include +#include +#include +#include #define ERRHANDLE @@ -337,7 +340,10 @@ bool dcb_set_state(DCB* dcb, dcb_state_t new_state, dcb_state_t* old_state); void dcb_call_foreach (struct server* server, DCB_REASON reason); size_t dcb_get_session_id(DCB* dcb); bool dcb_get_ses_log_info(DCB* dcb, size_t* sesid, int* enabled_logs); - +int gw_write_SSL(SSL* ssl, const void *buf, size_t nbytes); +int dcb_write_SSL(DCB *dcb, SSL* ssl, GWBUF *queue); +int dcb_read_SSL(DCB *dcb,SSL* ssl,GWBUF **head); +int dcb_drain_writeq_SSL(DCB *dcb, SSL* ssl); /** diff --git a/server/modules/include/mysql_client_server_protocol.h b/server/modules/include/mysql_client_server_protocol.h index 87dbc50ee..6c841d9c9 100644 --- a/server/modules/include/mysql_client_server_protocol.h +++ b/server/modules/include/mysql_client_server_protocol.h @@ -297,6 +297,7 @@ typedef struct { * handshake */ unsigned int charset; /*< MySQL character set at connect time */ SSL* ssl; /*< SSL struct for client connection */ + bool use_ssl; #if defined(SS_DEBUG) skygw_chk_t protocol_chk_tail; #endif diff --git a/server/modules/protocol/mysql_client.c b/server/modules/protocol/mysql_client.c index 387b59aa0..f1aa0aa94 100644 --- a/server/modules/protocol/mysql_client.c +++ b/server/modules/protocol/mysql_client.c @@ -37,7 +37,7 @@ * 09/09/2014 Massimiliano Pinto Added: 777 permission for socket path * 13/10/2014 Massimiliano Pinto Added: dbname authentication check * 10/11/2014 Massimiliano Pinto Added: client charset added to protocol struct - * + * 29/05/2015 Markus Makela Added SSL support */ #include #include @@ -69,7 +69,9 @@ static int gw_MySQLWrite_client(DCB *dcb, GWBUF *queue); static int gw_error_client_event(DCB *dcb); static int gw_client_close(DCB *dcb); static int gw_client_hangup_event(DCB *dcb); - +int gw_read_client_event_SSL(DCB* dcb); +int gw_MySQLWrite_client_SSL(DCB *dcb, GWBUF *queue); +int gw_write_client_event_SSL(DCB *dcb); int mysql_send_ok(DCB *dcb, int packet_number, int in_affected_rows, const char* mysql_message); int MySQLSendHandshake(DCB* dcb); static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue); @@ -464,6 +466,8 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue) { &protocol->client_capabilities); */ + if(protocol->protocol_auth_state == MYSQL_AUTH_SSL_EXCHANGE_DONE) + goto ssl_hs_done; ssl = protocol->client_capabilities & GW_MYSQL_CAPABILITIES_SSL; @@ -497,48 +501,19 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue) { protocol->ssl = SSL_new(protocol->owner_dcb->service->ctx); SSL_set_fd(protocol->ssl,dcb->fd); protocol->protocol_auth_state = MYSQL_AUTH_SSL_REQ; - printf("%s\n",SSL_get_version(protocol->ssl)); - int errnum,rval; - char errbuf[1024]; - switch((rval = SSL_accept(protocol->ssl))) + if(do_ssl_accept(protocol) < 0) { - case 0: - errnum = SSL_get_error(protocol->ssl,rval); - ERR_error_string(errnum,errbuf); - skygw_log_write_flush(LOGFILE_ERROR,"SSL_accept: %s",errbuf); - ERR_print_errors_fp(stdout); - ERR_error_string(errnum,errbuf); - printf("%s\n",errbuf); - fflush(stdout); - break; - case 1: - protocol->protocol_auth_state = MYSQL_AUTH_SSL_EXCHANGE_DONE; - break; - - default: - errnum = SSL_get_error(protocol->ssl,rval); - if(errnum == SSL_ERROR_WANT_READ) - { - /** Not all of the data has been read. Go back to the poll - queue and wait for more.*/ - protocol->protocol_auth_state = MYSQL_AUTH_SSL_RECV; - return 0; - } - else - { - ERR_print_errors_fp(stdout); - ERR_error_string(errnum,errbuf); - printf("%s\n",errbuf); - fflush(stdout); - skygw_log_write_flush(LOGFILE_ERROR,"Error: Fatal error in SSL_accept: %s",errbuf); - protocol->protocol_auth_state = MYSQL_AUTH_SSL_EXCHANGE_ERR; - } - break; - + return 1; + } + else + { + return 0; } } + ssl_hs_done: + username = get_username_from_auth(username, client_auth_packet); if (username == NULL) @@ -645,6 +620,65 @@ gw_MySQLWrite_client(DCB *dcb, GWBUF *queue) return dcb_write(dcb, queue); } + +/** + * Write function for client DCB: writes data from MaxScale to Client + * + * @param dcb The DCB of the client + * @param queue Queue of buffers to write + */ +int +gw_MySQLWrite_client_SSL(DCB *dcb, GWBUF *queue) +{ + MySQLProtocol *protocol = NULL; + CHK_DCB(dcb); + protocol = DCB_PROTOCOL(dcb, MySQLProtocol); + CHK_PROTOCOL(protocol); + return dcb_write_SSL(dcb, protocol->ssl, queue); +} + + +int gw_read_client_event_SSL( +DCB* dcb) +{ + SESSION *session = NULL; + ROUTER_OBJECT *router = NULL; + ROUTER *router_instance = NULL; + void *rsession = NULL; + MySQLProtocol *protocol = NULL; + GWBUF *read_buffer = NULL; + int rc = 0; + int nbytes_read = 0; + uint8_t cap = 0; + bool stmt_input = false; /*< router input type */ + + CHK_DCB(dcb); + protocol = DCB_PROTOCOL(dcb, MySQLProtocol); + CHK_PROTOCOL(protocol); + + + if(protocol->protocol_auth_state == MYSQL_AUTH_SSL_REQ) + { + if(do_ssl_accept(protocol) == 1) + { + spinlock_acquire(&protocol->protocol_lock); + protocol->protocol_auth_state = MYSQL_AUTH_SSL_EXCHANGE_DONE; + spinlock_release(&protocol->protocol_lock); + + spinlock_acquire(&dcb->authlock); + dcb->func.read = gw_read_client_event_SSL; + dcb->func.write = gw_MySQLWrite_client_SSL; + dcb->func.write_ready = gw_write_client_event; + spinlock_release(&dcb->authlock); + } + goto return_rc; + } + + return_rc: + + return rc; +} + /** * Client read event triggered by EPOLLIN * @@ -668,13 +702,36 @@ int gw_read_client_event( CHK_DCB(dcb); protocol = DCB_PROTOCOL(dcb, MySQLProtocol); CHK_PROTOCOL(protocol); - if(protocol->protocol_auth_state == MYSQL_AUTH_SSL_RECV) + + /** Let the OpenSSL API do the reading from the socket */ + if(protocol->protocol_auth_state == MYSQL_AUTH_SSL_REQ) { - goto do_auth; + if(do_ssl_accept(protocol) == 1) + { + spinlock_acquire(&protocol->protocol_lock); + protocol->protocol_auth_state = MYSQL_AUTH_SSL_EXCHANGE_DONE; + protocol->use_ssl = true; + spinlock_release(&protocol->protocol_lock); + + spinlock_acquire(&dcb->authlock); + //dcb->func.read = gw_read_client_event_SSL; + //dcb->func.write = gw_MySQLWrite_client_SSL; + //dcb->func.write_ready = gw_write_client_event_SSL; + spinlock_release(&dcb->authlock); + } + goto return_rc; } - rc = dcb_read(dcb, &read_buffer); - - + + + if(protocol->use_ssl) + { + rc = dcb_read_SSL(dcb,protocol->ssl, &read_buffer); + } + else + { + rc = dcb_read(dcb, &read_buffer); + } + if (rc < 0) { dcb_close(dcb); @@ -811,7 +868,7 @@ int gw_read_client_event( } } - do_auth: + /** * Now there should be at least one complete mysql packet in read_buffer. */ @@ -823,7 +880,7 @@ int gw_read_client_event( auth_val = gw_mysql_do_authentication(dcb, read_buffer); - if(protocol->protocol_auth_state == MYSQL_AUTH_SSL_RECV) + if(protocol->protocol_auth_state == MYSQL_AUTH_SSL_REQ) break; if (auth_val == 0) @@ -919,12 +976,9 @@ int gw_read_client_event( } break; - case MYSQL_AUTH_SSL_RECV: + case MYSQL_AUTH_SSL_EXCHANGE_DONE: { - if(do_ssl_accept(protocol) == 1) - { - protocol->protocol_auth_state = MYSQL_AUTH_SSL_EXCHANGE_DONE; - } + protocol->protocol_auth_state = MYSQL_AUTH_SSL_EXCHANGE_DONE; } break; @@ -1047,6 +1101,64 @@ return_rc: return rc; } + +/////////////////////////////////////////////// +// client write event to Client triggered by EPOLLOUT +////////////////////////////////////////////// +/** + * @node Client's fd became writable, and EPOLLOUT event + * arrived. As a consequence, client input buffer (writeq) is flushed. + * + * Parameters: + * @param dcb - in, use + * client dcb + * + * @return constantly 1 + * + * + * @details (write detailed description here) + * + */ +int gw_write_client_event(DCB *dcb) +{ + MySQLProtocol *protocol = NULL; + + CHK_DCB(dcb); + + ss_dassert(dcb->state != DCB_STATE_DISCONNECTED); + + if (dcb == NULL) { + goto return_1; + } + + if (dcb->state == DCB_STATE_DISCONNECTED) { + goto return_1; + } + + if (dcb->protocol == NULL) { + goto return_1; + } + protocol = (MySQLProtocol *)dcb->protocol; + CHK_PROTOCOL(protocol); + + if (protocol->protocol_auth_state == MYSQL_IDLE) + { + dcb_drain_writeq(dcb); + goto return_1; + } + +return_1: +#if defined(SS_DEBUG) + if (dcb->state == DCB_STATE_POLLING || + dcb->state == DCB_STATE_NOPOLLING || + dcb->state == DCB_STATE_ZOMBIE) + { + CHK_PROTOCOL(protocol); + } +#endif + return 1; +} + /////////////////////////////////////////////// // client write event to Client triggered by EPOLLOUT ////////////////////////////////////////////// @@ -1064,7 +1176,7 @@ return_rc: * @details (write detailed description here) * */ -int gw_write_client_event(DCB *dcb) +int gw_write_client_event_SSL(DCB *dcb) { MySQLProtocol *protocol = NULL; @@ -1088,7 +1200,7 @@ int gw_write_client_event(DCB *dcb) if (protocol->protocol_auth_state == MYSQL_IDLE) { - dcb_drain_writeq(dcb); + dcb_drain_writeq_SSL(dcb,protocol->ssl); goto return_1; } @@ -1776,16 +1888,17 @@ int do_ssl_accept(MySQLProtocol* protocol) { case 0: errnum = SSL_get_error(protocol->ssl,rval); - ERR_error_string(errnum,errbuf); - skygw_log_write_flush(LOGFILE_ERROR,"SSL_accept: %s",errbuf); - ERR_print_errors_fp(stdout); - ERR_error_string(errnum,errbuf); - printf("%s\n",errbuf); - fflush(stdout); + skygw_log_write_flush(LT,"SSL_accept ongoing for %s@%s", + protocol->owner_dcb->user, + protocol->owner_dcb->remote); break; case 1: protocol->protocol_auth_state = MYSQL_AUTH_SSL_EXCHANGE_DONE; rval = 1; + protocol->use_ssl = true; + skygw_log_write_flush(LT,"SSL_accept done for %s@%s", + protocol->owner_dcb->user, + protocol->owner_dcb->remote); break; default: @@ -1795,14 +1908,18 @@ int do_ssl_accept(MySQLProtocol* protocol) /** Not all of the data has been read. Go back to the poll queue and wait for more.*/ rval = 0; + protocol->protocol_auth_state = MYSQL_AUTH_SSL_REQ; + skygw_log_write_flush(LT,"SSL_accept partially done for %s@%s", + protocol->owner_dcb->user, + protocol->owner_dcb->remote); } else { - ERR_print_errors_fp(stdout); - ERR_error_string(errnum,errbuf); - printf("%s\n",errbuf); - fflush(stdout); - skygw_log_write_flush(LOGFILE_ERROR,"Error: Fatal error in SSL_accept: %s",errbuf); + skygw_log_write_flush(LE, + "Error: Fatal error in SSL_accept for %s@%s: %s", + protocol->owner_dcb->user, + protocol->owner_dcb->remote, + ERR_error_string(errnum,NULL)); protocol->protocol_auth_state = MYSQL_AUTH_SSL_EXCHANGE_ERR; rval = -1; } diff --git a/server/modules/protocol/mysql_common.c b/server/modules/protocol/mysql_common.c index ffd72c034..654d24692 100644 --- a/server/modules/protocol/mysql_common.c +++ b/server/modules/protocol/mysql_common.c @@ -137,7 +137,10 @@ void mysql_protocol_done ( goto retblock; } scmd = p->protocol_cmd_history; - + if(p->ssl) + { + SSL_free(p->ssl); + } while (scmd != NULL) { scmd2 = scmd->scom_next; From a2768955e75134914198bf956dc1a44cefd03b75 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Mon, 1 Jun 2015 13:50:22 +0300 Subject: [PATCH 052/119] SSL handshake now successfully completes when a client connects with SSL enabled. --- Documentation/Reference/MaxScale-and-SSL.md | 13 + server/core/dcb.c | 24 +- server/core/gateway.c | 37 +- server/core/service.c | 2 +- .../include/mysql_client_server_protocol.h | 9 +- server/modules/protocol/mysql_client.c | 347 ++++++++++-------- 6 files changed, 253 insertions(+), 179 deletions(-) create mode 100644 Documentation/Reference/MaxScale-and-SSL.md diff --git a/Documentation/Reference/MaxScale-and-SSL.md b/Documentation/Reference/MaxScale-and-SSL.md new file mode 100644 index 000000000..4c583793b --- /dev/null +++ b/Documentation/Reference/MaxScale-and-SSL.md @@ -0,0 +1,13 @@ +# MaxScale and SSL + +MaxScale supports client side SSL connections. Enabling is done on a per service basis and each service has its own set of certificates. + +## SSL Options + +Here are the options which relate to SSL and certificates. +Parameter|Values|Description +---------------------------- +ssl | disabled, enabled, required |`disable` disables SSL, `enabled` enables SSL for client connections but still allows non-SSL connections and `required` requires SSL from all client connections. With the `required` option, client connections that do not use SSL will be rejected. +ssl_cert | |Path to server certificate +ssl_key | |Path to server private key +ssl_ca_cert | |Path to Certificate Authority file diff --git a/server/core/dcb.c b/server/core/dcb.c index ba2028de2..562929774 100644 --- a/server/core/dcb.c +++ b/server/core/dcb.c @@ -941,18 +941,12 @@ int dcb_read_SSL( /** Handle closed client socket */ if (dcb_isclient(dcb)) { - char c; - int l_errno = 0; + char c = 0; int r = -1; /* try to read 1 byte, without consuming the socket buffer */ - r = recv(dcb->fd, &c, sizeof(char), MSG_PEEK); - l_errno = errno; - - if (r <= 0 && - l_errno != EAGAIN && - l_errno != EWOULDBLOCK && - l_errno != 0) + r = SSL_peek(ssl, &c, sizeof(char)); + if (r <= 0) { n = -1; goto return_n; @@ -989,13 +983,15 @@ int dcb_read_SSL( n = -1; goto return_n; } - GW_NOINTR_CALL(n = SSL_read(ssl, GWBUF_DATA(buffer), bufsize); - dcb->stats.n_reads++); + n = SSL_read(ssl, GWBUF_DATA(buffer), bufsize); + dcb->stats.n_reads++; + int ssl_errno = 0; if (n <= 0) { - int ssl_errno = ERR_get_error(); - if(ssl_errno != SSL_ERROR_WANT_READ) + ssl_errno = ERR_get_error(); + + if(ssl_errno != SSL_ERROR_WANT_READ && ssl_errno != SSL_ERROR_NONE) { LOGIF(LE, (skygw_log_write_flush( LOGFILE_ERROR, @@ -1023,6 +1019,8 @@ int dcb_read_SSL( dcb->fd))); /*< Append read data to the gwbuf */ *head = gwbuf_append(*head, buffer); + if(ssl_errno == SSL_ERROR_WANT_READ || ssl_errno == SSL_ERROR_NONE) + break; } /*< while (true) */ return_n: return n; diff --git a/server/core/gateway.c b/server/core/gateway.c index 9845713e1..0b07f507b 100644 --- a/server/core/gateway.c +++ b/server/core/gateway.c @@ -196,7 +196,9 @@ static bool resolve_maxscale_conf_fname( static char* check_dir_access(char* dirname,bool,bool); static int set_user(); - +static void maxscale_ssl_lock(int mode,int n,const char* file, int line); +static unsigned long maxscale_ssl_id(); +static SPINLOCK* ssl_locks; /** * Handler for SIGHUP signal. Reload the configuration for the * gateway. @@ -1370,7 +1372,23 @@ int main(int argc, char **argv) rc = MAXSCALE_INTERNALERROR; goto return_main; } + + /** OpenSSL initialization */ + SSL_library_init(); + SSL_load_error_strings(); + int n_locks = CRYPTO_num_locks(); + if((ssl_locks = malloc(n_locks*sizeof(SPINLOCK))) == NULL) + { + rc = MAXSCALE_INTERNALERROR; + goto return_main; + } + + for(i = 0;ictx,SSL_VERIFY_PEER,NULL); /* Set the verification depth to 1 */ - SSL_CTX_set_verify_depth(service->ctx,10); + SSL_CTX_set_verify_depth(service->ctx,1); service->ssl_init_done = true; } return 0; diff --git a/server/modules/include/mysql_client_server_protocol.h b/server/modules/include/mysql_client_server_protocol.h index 6c841d9c9..94db6e664 100644 --- a/server/modules/include/mysql_client_server_protocol.h +++ b/server/modules/include/mysql_client_server_protocol.h @@ -99,10 +99,11 @@ typedef enum { MYSQL_AUTH_RECV, MYSQL_AUTH_FAILED, MYSQL_HANDSHAKE_FAILED, - MYSQL_AUTH_SSL_REQ, /*< client requested SSL */ - MYSQL_AUTH_SSL_EXCHANGE_DONE, /*< SSL handshake done */ - MYSQL_AUTH_SSL_EXCHANGE_ERR, /*< SSL handshake failure */ - MYSQL_AUTH_SSL_RECV, /*< */ + MYSQL_AUTH_SSL_REQ, /*< client requested SSL but SSL_accept hasn't beed called */ + MYSQL_AUTH_SSL_HANDSHAKE_DONE, /*< SSL handshake has been fully completed */ + MYSQL_AUTH_SSL_HANDSHAKE_FAILED, /*< SSL handshake failed for any reason */ + MYSQL_AUTH_SSL_HANDSHAKE_ONGOING, /*< SSL_accept has been called but the + * SSL handshake hasn't been completed */ MYSQL_IDLE } mysql_auth_state_t; diff --git a/server/modules/protocol/mysql_client.c b/server/modules/protocol/mysql_client.c index f1aa0aa94..8ee4b5687 100644 --- a/server/modules/protocol/mysql_client.c +++ b/server/modules/protocol/mysql_client.c @@ -117,8 +117,6 @@ version() void ModuleInit() { - SSL_library_init(); - SSL_load_error_strings(); } /** @@ -466,7 +464,7 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue) { &protocol->client_capabilities); */ - if(protocol->protocol_auth_state == MYSQL_AUTH_SSL_EXCHANGE_DONE) + if(protocol->protocol_auth_state == MYSQL_AUTH_SSL_HANDSHAKE_DONE) goto ssl_hs_done; ssl = protocol->client_capabilities & GW_MYSQL_CAPABILITIES_SSL; @@ -637,48 +635,6 @@ gw_MySQLWrite_client_SSL(DCB *dcb, GWBUF *queue) return dcb_write_SSL(dcb, protocol->ssl, queue); } - -int gw_read_client_event_SSL( -DCB* dcb) -{ - SESSION *session = NULL; - ROUTER_OBJECT *router = NULL; - ROUTER *router_instance = NULL; - void *rsession = NULL; - MySQLProtocol *protocol = NULL; - GWBUF *read_buffer = NULL; - int rc = 0; - int nbytes_read = 0; - uint8_t cap = 0; - bool stmt_input = false; /*< router input type */ - - CHK_DCB(dcb); - protocol = DCB_PROTOCOL(dcb, MySQLProtocol); - CHK_PROTOCOL(protocol); - - - if(protocol->protocol_auth_state == MYSQL_AUTH_SSL_REQ) - { - if(do_ssl_accept(protocol) == 1) - { - spinlock_acquire(&protocol->protocol_lock); - protocol->protocol_auth_state = MYSQL_AUTH_SSL_EXCHANGE_DONE; - spinlock_release(&protocol->protocol_lock); - - spinlock_acquire(&dcb->authlock); - dcb->func.read = gw_read_client_event_SSL; - dcb->func.write = gw_MySQLWrite_client_SSL; - dcb->func.write_ready = gw_write_client_event; - spinlock_release(&dcb->authlock); - } - goto return_rc; - } - - return_rc: - - return rc; -} - /** * Client read event triggered by EPOLLIN * @@ -703,26 +659,26 @@ int gw_read_client_event( protocol = DCB_PROTOCOL(dcb, MySQLProtocol); CHK_PROTOCOL(protocol); - /** Let the OpenSSL API do the reading from the socket */ - if(protocol->protocol_auth_state == MYSQL_AUTH_SSL_REQ) + if(protocol->protocol_auth_state == MYSQL_AUTH_SSL_HANDSHAKE_ONGOING || + protocol->protocol_auth_state == MYSQL_AUTH_SSL_REQ) { - if(do_ssl_accept(protocol) == 1) + switch(do_ssl_accept(protocol)) { - spinlock_acquire(&protocol->protocol_lock); - protocol->protocol_auth_state = MYSQL_AUTH_SSL_EXCHANGE_DONE; - protocol->use_ssl = true; - spinlock_release(&protocol->protocol_lock); - - spinlock_acquire(&dcb->authlock); - //dcb->func.read = gw_read_client_event_SSL; - //dcb->func.write = gw_MySQLWrite_client_SSL; - //dcb->func.write_ready = gw_write_client_event_SSL; - spinlock_release(&dcb->authlock); + case 0: + return 0; + break; + case 1: + return 0; + break; + case -1: + return 1; + break; + default: + return 1; + break; } - goto return_rc; } - if(protocol->use_ssl) { rc = dcb_read_SSL(dcb,protocol->ssl, &read_buffer); @@ -880,8 +836,13 @@ int gw_read_client_event( auth_val = gw_mysql_do_authentication(dcb, read_buffer); - if(protocol->protocol_auth_state == MYSQL_AUTH_SSL_REQ) + if(protocol->protocol_auth_state == MYSQL_AUTH_SSL_REQ || + protocol->protocol_auth_state == MYSQL_AUTH_SSL_HANDSHAKE_ONGOING || + protocol->protocol_auth_state == MYSQL_AUTH_SSL_HANDSHAKE_DONE || + protocol->protocol_auth_state == MYSQL_AUTH_SSL_HANDSHAKE_FAILED) + { break; + } if (auth_val == 0) { @@ -976,9 +937,103 @@ int gw_read_client_event( } break; - case MYSQL_AUTH_SSL_EXCHANGE_DONE: + case MYSQL_AUTH_SSL_HANDSHAKE_DONE: { - protocol->protocol_auth_state = MYSQL_AUTH_SSL_EXCHANGE_DONE; + int auth_val; + + auth_val = gw_mysql_do_authentication(dcb, read_buffer); + + + if (auth_val == 0) + { + SESSION *session; + + protocol->protocol_auth_state = MYSQL_AUTH_RECV; + /** + * Create session, and a router session for it. + * If successful, there will be backend connection(s) + * after this point. + */ + session = session_alloc(dcb->service, dcb); + + if (session != NULL) + { + CHK_SESSION(session); + ss_dassert(session->state != SESSION_STATE_ALLOC); + + protocol->protocol_auth_state = MYSQL_IDLE; + /** + * Send an AUTH_OK packet to the client, + * packet sequence is # 2 + */ + mysql_send_ok(dcb, 2, 0, NULL); + } + else + { + protocol->protocol_auth_state = MYSQL_AUTH_FAILED; + LOGIF(LD, (skygw_log_write( + LOGFILE_DEBUG, + "%lu [gw_read_client_event] session " + "creation failed. fd %d, " + "state = MYSQL_AUTH_FAILED.", + pthread_self(), + protocol->owner_dcb->fd))); + + /** Send ERR 1045 to client */ + mysql_send_auth_error( + dcb, + 2, + 0, + "failed to create new session"); + + dcb_close(dcb); + } + } + else + { + char* fail_str = NULL; + + protocol->protocol_auth_state = MYSQL_AUTH_FAILED; + + if (auth_val == 2) { + /** Send error 1049 to client */ + int message_len = 25 + MYSQL_DATABASE_MAXLEN; + + fail_str = calloc(1, message_len+1); + snprintf(fail_str, message_len, "Unknown database '%s'", + (char*)((MYSQL_session *)dcb->data)->db); + + modutil_send_mysql_err_packet(dcb, 2, 0, 1049, "42000", fail_str); + } else { + /** Send error 1045 to client */ + fail_str = create_auth_fail_str((char *)((MYSQL_session *)dcb->data)->user, + dcb->remote, + (char*)((MYSQL_session *)dcb->data)->client_sha1, + (char*)((MYSQL_session *)dcb->data)->db); + modutil_send_mysql_err_packet(dcb, 2, 0, 1045, "28000", fail_str); + } + if (fail_str) + free(fail_str); + + LOGIF(LD, (skygw_log_write( + LOGFILE_DEBUG, + "%lu [gw_read_client_event] after " + "gw_mysql_do_authentication, fd %d, " + "state = MYSQL_AUTH_FAILED.", + protocol->owner_dcb->fd, + pthread_self()))); + /** + * Release MYSQL_session since it is not used anymore. + */ + if (!DCB_IS_CLONE(dcb)) + { + free(dcb->data); + } + dcb->data = NULL; + + dcb_close(dcb); + } + read_buffer = gwbuf_consume(read_buffer, nbytes_read); } break; @@ -1821,111 +1876,83 @@ return_rc: return rc; } - /** - * Create a character array including the query string. - * GWBUF given as input includes either one complete or partial query. - * Length of buffer is at most the query length+4 (length of packet header). + * Do the SSL authentication handshake. + * This functions + * @param protocol + * @return */ -#if defined(NOT_USED) -static char* gw_get_or_create_querystr ( - void* data, - bool* new_allocation) -{ - GWBUF* buf = (GWBUF *)data; - size_t buflen; /*< first gw buffer data length */ - size_t packetlen; /*< length of mysql packet */ - size_t querylen; /*< total buffer length- */ - size_t nbytes_copied; - char* startpos; /*< first byte of query in gw buffer */ - char* str; /*< resulting query string */ - - CHK_GWBUF(buf); - packetlen = MYSQL_GET_PACKET_LEN((uint8_t *)GWBUF_DATA(buf)); - str = (char *)malloc(packetlen); /*< leave space for terminating null */ - - if (str == NULL) - { - goto return_str; - } - *new_allocation = true; - /** - * First buffer includes 4 bytes header and a type indicator byte. - */ - buflen = GWBUF_LENGTH(buf); - querylen = packetlen-1; - ss_dassert(buflen<=querylen+5); /*< 5 == header+type indicator */ - startpos = (char *)GWBUF_DATA(buf)+5; - nbytes_copied = MIN(querylen, buflen-5); - memcpy(str, startpos, nbytes_copied); - memset(&str[querylen-1], 0, 1); - buf = gwbuf_consume(buf, querylen-1); - - /** - * In case of multi-packet statement whole buffer consists of query - * string. - */ - while (buf != NULL) - { - buflen = GWBUF_LENGTH(buf); - memcpy(str+nbytes_copied, GWBUF_DATA(buf), buflen); - nbytes_copied += buflen; - buf = gwbuf_consume(buf, buflen); - } - ss_dassert(str[querylen-1] == 0); - -return_str: - return str; -} -#endif - int do_ssl_accept(MySQLProtocol* protocol) { int rval,errnum; char errbuf[2014]; - - switch((rval = SSL_accept(protocol->ssl))) - { - case 0: - errnum = SSL_get_error(protocol->ssl,rval); - skygw_log_write_flush(LT,"SSL_accept ongoing for %s@%s", - protocol->owner_dcb->user, - protocol->owner_dcb->remote); - break; - case 1: - protocol->protocol_auth_state = MYSQL_AUTH_SSL_EXCHANGE_DONE; - rval = 1; - protocol->use_ssl = true; - skygw_log_write_flush(LT,"SSL_accept done for %s@%s", - protocol->owner_dcb->user, - protocol->owner_dcb->remote); - break; + DCB* dcb; - default: - errnum = SSL_get_error(protocol->ssl,rval); - if(errnum == SSL_ERROR_WANT_READ) - { - /** Not all of the data has been read. Go back to the poll - queue and wait for more.*/ - rval = 0; - protocol->protocol_auth_state = MYSQL_AUTH_SSL_REQ; - skygw_log_write_flush(LT,"SSL_accept partially done for %s@%s", - protocol->owner_dcb->user, - protocol->owner_dcb->remote); - } - else - { - skygw_log_write_flush(LE, - "Error: Fatal error in SSL_accept for %s@%s: %s", - protocol->owner_dcb->user, - protocol->owner_dcb->remote, - ERR_error_string(errnum,NULL)); - protocol->protocol_auth_state = MYSQL_AUTH_SSL_EXCHANGE_ERR; - rval = -1; - } - break; + rval = SSL_accept(protocol->ssl); - } + switch(rval) + { + case 0: + errnum = SSL_get_error(protocol->ssl,rval); + skygw_log_write_flush(LT,"SSL_accept shutdown for %s@%s", + protocol->owner_dcb->user, + protocol->owner_dcb->remote); + return -1; + break; + case 1: + spinlock_acquire(&protocol->protocol_lock); + dcb = protocol->owner_dcb; + protocol->protocol_auth_state = MYSQL_AUTH_SSL_HANDSHAKE_DONE; + protocol->use_ssl = true; + spinlock_release(&protocol->protocol_lock); + + spinlock_acquire(&dcb->authlock); + dcb->func.write = gw_MySQLWrite_client_SSL; + dcb->func.write_ready = gw_write_client_event_SSL; + spinlock_release(&dcb->authlock); + + rval = 1; + + skygw_log_write_flush(LT,"SSL_accept done for %s@%s", + protocol->owner_dcb->user, + protocol->owner_dcb->remote); + break; + + case -1: + errnum = SSL_get_error(protocol->ssl,rval); + + if(errnum == SSL_ERROR_WANT_READ || errnum == SSL_ERROR_WANT_WRITE || + errnum == SSL_ERROR_WANT_X509_LOOKUP) + { + /** Not all of the data has been read. Go back to the poll + queue and wait for more.*/ + + rval = 0; + skygw_log_write_flush(LT,"SSL_accept ongoing for %s@%s", + protocol->owner_dcb->user, + protocol->owner_dcb->remote); + } + else + { + spinlock_acquire(&protocol->protocol_lock); + protocol->protocol_auth_state = MYSQL_AUTH_SSL_HANDSHAKE_FAILED; + spinlock_release(&protocol->protocol_lock); + rval = -1; + + skygw_log_write_flush(LE, + "Error: Fatal error in SSL_accept for %s@%s: %s", + protocol->owner_dcb->user, + protocol->owner_dcb->remote, + ERR_error_string(errnum,NULL)); + } + break; + + default: + skygw_log_write_flush(LE, + "Error: Fatal error in SSL_accept, returned value was %d.", + rval); + break; + } return rval; } \ No newline at end of file From 4d5291c26329ebee8dd04a51bf0468a5f162727a Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Mon, 1 Jun 2015 13:58:26 +0300 Subject: [PATCH 053/119] Fixed wrong packet sequence number causing a disconnect from the client. --- server/modules/protocol/mysql_client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/modules/protocol/mysql_client.c b/server/modules/protocol/mysql_client.c index 8ee4b5687..2d2633b90 100644 --- a/server/modules/protocol/mysql_client.c +++ b/server/modules/protocol/mysql_client.c @@ -966,7 +966,7 @@ int gw_read_client_event( * Send an AUTH_OK packet to the client, * packet sequence is # 2 */ - mysql_send_ok(dcb, 2, 0, NULL); + mysql_send_ok(dcb, 3, 0, NULL); } else { From d7232d8b6ecc2fab121b1326a7f489b84bb0722d Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Mon, 1 Jun 2015 20:51:26 +0300 Subject: [PATCH 054/119] Moved SSL structure to the DCB instead of the MySQL protocol. This allows for non-MySQL SSL connections. --- server/core/dcb.c | 139 ++++++++++++++++-- server/core/service.c | 6 +- server/include/dcb.h | 9 +- .../include/mysql_client_server_protocol.h | 1 - server/modules/protocol/mysql_client.c | 64 +++----- server/modules/protocol/mysql_common.c | 5 +- 6 files changed, 164 insertions(+), 60 deletions(-) diff --git a/server/core/dcb.c b/server/core/dcb.c index 562929774..2948dae2e 100644 --- a/server/core/dcb.c +++ b/server/core/dcb.c @@ -73,6 +73,8 @@ #include #include +#include "mysql_client_server_protocol.h" + /** Defined in log_manager.cc */ extern int lm_enabled_logfiles_bitmask; extern size_t log_ses_count[]; @@ -433,7 +435,8 @@ DCB_CALLBACK *cb; free(cb); } spinlock_release(&dcb->cb_lock); - + if(dcb->ssl) + SSL_free(dcb->ssl); bitmask_free(&dcb->memdata.bitmask); free(dcb); } @@ -894,7 +897,6 @@ return_n: */ int dcb_read_SSL( DCB *dcb, - SSL* ssl, GWBUF **head) { GWBUF *buffer = NULL; @@ -945,7 +947,7 @@ int dcb_read_SSL( int r = -1; /* try to read 1 byte, without consuming the socket buffer */ - r = SSL_peek(ssl, &c, sizeof(char)); + r = SSL_peek(dcb->ssl, &c, sizeof(char)); if (r <= 0) { n = -1; @@ -983,11 +985,18 @@ int dcb_read_SSL( n = -1; goto return_n; } - n = SSL_read(ssl, GWBUF_DATA(buffer), bufsize); - dcb->stats.n_reads++; + + int npending; + n = 0; + do + { + n += SSL_read(dcb->ssl, GWBUF_DATA(buffer), bufsize); + dcb->stats.n_reads++; + }while((npending = SSL_pending(dcb->ssl)) > 0); int ssl_errno = 0; - if (n <= 0) + + if (n <= 0) { ssl_errno = ERR_get_error(); @@ -1006,6 +1015,15 @@ int dcb_read_SSL( goto return_n; } } + + if(n < b) + { + gwbuf_rtrim(buffer,b - n); + ss_dassert(gwbuf_length(buffer) == n); + LOGIF(LD,(skygw_log_write(LD,"[%lu] SSL: Truncated buffer to correct size from %d to %d bytes.\n", + b,gwbuf_length(buffer)))); + } + nread += n; LOGIF(LD, (skygw_log_write( @@ -1019,7 +1037,8 @@ int dcb_read_SSL( dcb->fd))); /*< Append read data to the gwbuf */ *head = gwbuf_append(*head, buffer); - if(ssl_errno == SSL_ERROR_WANT_READ || ssl_errno == SSL_ERROR_NONE) + if(ssl_errno == SSL_ERROR_WANT_READ || ssl_errno == SSL_ERROR_NONE || + ssl_errno == SSL_ERROR_WANT_X509_LOOKUP || SSL_ERROR_WANT_WRITE) break; } /*< while (true) */ return_n: @@ -1270,7 +1289,7 @@ int below_water; * @return 0 on failure, 1 on success */ int -dcb_write_SSL(DCB *dcb, SSL* ssl, GWBUF *queue) +dcb_write_SSL(DCB *dcb, GWBUF *queue) { int w; int saved_errno = 0; @@ -1379,7 +1398,7 @@ dcb_write_SSL(DCB *dcb, SSL* ssl, GWBUF *queue) #endif /* FAKE_CODE */ qlen = GWBUF_LENGTH(queue); GW_NOINTR_CALL( - w = gw_write_SSL(ssl, GWBUF_DATA(queue), qlen); + w = gw_write_SSL(dcb->ssl, GWBUF_DATA(queue), qlen); dcb->stats.n_writes++; ); @@ -1619,7 +1638,7 @@ int above_water; * @return The number of bytes written */ int -dcb_drain_writeq_SSL(DCB *dcb, SSL* ssl) +dcb_drain_writeq_SSL(DCB *dcb) { int n = 0; int w; @@ -1641,7 +1660,7 @@ dcb_drain_writeq_SSL(DCB *dcb, SSL* ssl) while (dcb->writeq != NULL) { len = GWBUF_LENGTH(dcb->writeq); - GW_NOINTR_CALL(w = gw_write_SSL(ssl, GWBUF_DATA(dcb->writeq), len);); + GW_NOINTR_CALL(w = gw_write_SSL(dcb->ssl, GWBUF_DATA(dcb->writeq), len);); if (w < 0) { @@ -2728,3 +2747,101 @@ DCB *ptr; spinlock_release(&dcbspin); return rval; } + +/** + * Create the SSL structure for this DCB. + * This function creates the SSL structure for the given SSL context. This context + * should be the service's context + * @param dcb + * @param context + * @return + */ +int dcb_create_SSL(DCB* dcb) +{ + + if(serviceInitSSL(dcb->service) != 0) + { + return -1; + } + + if((dcb->ssl = SSL_new(dcb->service->ctx)) == NULL) + { + skygw_log_write(LE,"Error: Failed to initialize SSL connection."); + return -1; + } + + if(SSL_set_fd(dcb->ssl,dcb->fd) == 0) + { + skygw_log_write(LE,"Error: Failed to set file descriptor for SSL connection."); + return -1; + } + + return 0; +} +/** + * Accept a SSL connection and do the SSL authentication handshake. + * This function accepts a client connection to a DCB. It assumes that the SSL + * structure has the underlying method of communication set and this method is ready + * for usage. It then proceeds with the SSL handshake and stops only if an error + * occurs or the client has not yet written enough data to complete the handshake. + * @param dcb DCB which should accept the SSL connection + * @return 1 if the handshake was successfully completed, 0 if the handshake is + * still ongoing and another call to dcb_SSL_accept should be made or -1 if an + * error occurred during the handshake and the connection should be terminated. + */ +int dcb_accept_SSL(DCB* dcb) +{ + int rval,errnum; + + rval = SSL_accept(dcb->ssl); + + switch(rval) + { + case 0: + errnum = SSL_get_error(dcb->ssl,rval); + LOGIF(LD,(skygw_log_write_flush(LD,"SSL_accept shutdown for %s@%s", + dcb->user, + dcb->remote))); + return -1; + break; + case 1: + rval = 1; + LOGIF(LD,(skygw_log_write_flush(LD,"SSL_accept done for %s@%s", + dcb->user, + dcb->remote))); + break; + + case -1: + errnum = SSL_get_error(dcb->ssl,rval); + + if(errnum == SSL_ERROR_WANT_READ || errnum == SSL_ERROR_WANT_WRITE || + errnum == SSL_ERROR_WANT_X509_LOOKUP) + { + /** Not all of the data has been read. Go back to the poll + queue and wait for more.*/ + + rval = 0; + LOGIF(LD,(skygw_log_write_flush(LD,"SSL_accept ongoing for %s@%s", + dcb->user, + dcb->remote))); + } + else + { + rval = -1; + skygw_log_write_flush(LE, + "Error: Fatal error in SSL_accept for %s@%s: %s", + dcb->user, + dcb->remote, + ERR_error_string(errnum,NULL)); + } + break; + + default: + skygw_log_write_flush(LE, + "Error: Fatal error in SSL_accept, returned value was %d.", + rval); + break; + } + + return rval; +} \ No newline at end of file diff --git a/server/core/service.c b/server/core/service.c index 77b581e81..f8b9d0e99 100644 --- a/server/core/service.c +++ b/server/core/service.c @@ -1818,24 +1818,28 @@ int serviceInitSSL(SERVICE* service) { service->method = (SSL_METHOD*)SSLv23_server_method(); service->ctx = SSL_CTX_new(service->method); - + SSL_CTX_set_read_ahead(service->ctx,1); if (SSL_CTX_use_certificate_file(service->ctx, service->ssl_cert, SSL_FILETYPE_PEM) <= 0) { + skygw_log_write(LE,"Error: Failed to set server SSL certificate."); return -1; } /* Load the private-key corresponding to the server certificate */ if (SSL_CTX_use_PrivateKey_file(service->ctx, service->ssl_key, SSL_FILETYPE_PEM) <= 0) { + skygw_log_write(LE,"Error: Failed to set server SSL key."); return -1; } /* Check if the server certificate and private-key matches */ if (!SSL_CTX_check_private_key(service->ctx)) { + skygw_log_write(LE,"Error: Server SSL certificate and key do not match."); return -1; } /* Load the RSA CA certificate into the SSL_CTX structure */ if (!SSL_CTX_load_verify_locations(service->ctx, service->ssl_ca_cert, NULL)) { + skygw_log_write(LE,"Error: Failed to set Certificate Authority file."); return -1; } diff --git a/server/include/dcb.h b/server/include/dcb.h index 38ebdc299..58a4eb532 100644 --- a/server/include/dcb.h +++ b/server/include/dcb.h @@ -268,6 +268,7 @@ typedef struct dcb { unsigned int high_water; /**< High water mark */ unsigned int low_water; /**< Low water mark */ struct server *server; /**< The associated backend server */ + SSL* ssl; /*< SSL struct for connection */ #if defined(SS_DEBUG) int dcb_port; /**< port of target server */ skygw_chk_t dcb_chk_tail; @@ -340,10 +341,12 @@ bool dcb_set_state(DCB* dcb, dcb_state_t new_state, dcb_state_t* old_state); void dcb_call_foreach (struct server* server, DCB_REASON reason); size_t dcb_get_session_id(DCB* dcb); bool dcb_get_ses_log_info(DCB* dcb, size_t* sesid, int* enabled_logs); +int dcb_create_SSL(DCB* dcb); +int dcb_accept_SSL(DCB* dcb); int gw_write_SSL(SSL* ssl, const void *buf, size_t nbytes); -int dcb_write_SSL(DCB *dcb, SSL* ssl, GWBUF *queue); -int dcb_read_SSL(DCB *dcb,SSL* ssl,GWBUF **head); -int dcb_drain_writeq_SSL(DCB *dcb, SSL* ssl); +int dcb_write_SSL(DCB *dcb,GWBUF *queue); +int dcb_read_SSL(DCB *dcb,GWBUF **head); +int dcb_drain_writeq_SSL(DCB *dcb); /** diff --git a/server/modules/include/mysql_client_server_protocol.h b/server/modules/include/mysql_client_server_protocol.h index 94db6e664..e5fd954a4 100644 --- a/server/modules/include/mysql_client_server_protocol.h +++ b/server/modules/include/mysql_client_server_protocol.h @@ -297,7 +297,6 @@ typedef struct { unsigned long tid; /*< MySQL Thread ID, in * handshake */ unsigned int charset; /*< MySQL character set at connect time */ - SSL* ssl; /*< SSL struct for client connection */ bool use_ssl; #if defined(SS_DEBUG) skygw_chk_t protocol_chk_tail; diff --git a/server/modules/protocol/mysql_client.c b/server/modules/protocol/mysql_client.c index 2d2633b90..b930d8c77 100644 --- a/server/modules/protocol/mysql_client.c +++ b/server/modules/protocol/mysql_client.c @@ -490,14 +490,7 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue) { /** Do the SSL Handshake */ if(ssl && protocol->owner_dcb->service->ssl_mode != SSL_DISABLED) { - if(serviceInitSSL(protocol->owner_dcb->service) != 0) - { - skygw_log_write(LOGFILE_ERROR,"Error: SSL initialization for service '%s' failed.", - protocol->owner_dcb->service->name); - return 1; - } - protocol->ssl = SSL_new(protocol->owner_dcb->service->ctx); - SSL_set_fd(protocol->ssl,dcb->fd); + protocol->protocol_auth_state = MYSQL_AUTH_SSL_REQ; if(do_ssl_accept(protocol) < 0) @@ -632,7 +625,7 @@ gw_MySQLWrite_client_SSL(DCB *dcb, GWBUF *queue) CHK_DCB(dcb); protocol = DCB_PROTOCOL(dcb, MySQLProtocol); CHK_PROTOCOL(protocol); - return dcb_write_SSL(dcb, protocol->ssl, queue); + return dcb_write_SSL(dcb, queue); } /** @@ -681,7 +674,7 @@ int gw_read_client_event( if(protocol->use_ssl) { - rc = dcb_read_SSL(dcb,protocol->ssl, &read_buffer); + rc = dcb_read_SSL(dcb, &read_buffer); } else { @@ -795,7 +788,7 @@ int gw_read_client_event( dcb->dcb_readqueue = gwbuf_append(dcb->dcb_readqueue, read_buffer); nbytes_read = gwbuf_length(dcb->dcb_readqueue); data = (uint8_t *)GWBUF_DATA(dcb->dcb_readqueue); - + int plen = MYSQL_GET_PACKET_LEN(data); if (nbytes_read < 3 || nbytes_read < MYSQL_GET_PACKET_LEN(data)) { rc = 0; @@ -1255,7 +1248,7 @@ int gw_write_client_event_SSL(DCB *dcb) if (protocol->protocol_auth_state == MYSQL_IDLE) { - dcb_drain_writeq_SSL(dcb,protocol->ssl); + dcb_drain_writeq_SSL(dcb); goto return_1; } @@ -1878,30 +1871,38 @@ return_rc: /** * Do the SSL authentication handshake. - * This functions - * @param protocol - * @return + * This creates the DCB SSL structure if one has not been created and starts the + * SSL handshake handling. + * @param protocol Protocol to connect with SSL + * @return 1 on success, 0 when the handshake is ongoing or -1 on error */ int do_ssl_accept(MySQLProtocol* protocol) { int rval,errnum; char errbuf[2014]; - DCB* dcb; - - rval = SSL_accept(protocol->ssl); + DCB* dcb = protocol->owner_dcb; + if(dcb->ssl == NULL) + { + if(dcb_create_SSL(dcb) != 0) + return -1; + } + rval = dcb_accept_SSL(dcb); + switch(rval) { case 0: - errnum = SSL_get_error(protocol->ssl,rval); - skygw_log_write_flush(LT,"SSL_accept shutdown for %s@%s", + /** Not all of the data has been read. Go back to the poll + queue and wait for more.*/ + + rval = 0; + skygw_log_write_flush(LT,"SSL_accept ongoing for %s@%s", protocol->owner_dcb->user, protocol->owner_dcb->remote); - return -1; + return 0; break; case 1: spinlock_acquire(&protocol->protocol_lock); - dcb = protocol->owner_dcb; protocol->protocol_auth_state = MYSQL_AUTH_SSL_HANDSHAKE_DONE; protocol->use_ssl = true; spinlock_release(&protocol->protocol_lock); @@ -1919,32 +1920,15 @@ int do_ssl_accept(MySQLProtocol* protocol) break; case -1: - errnum = SSL_get_error(protocol->ssl,rval); - if(errnum == SSL_ERROR_WANT_READ || errnum == SSL_ERROR_WANT_WRITE || - errnum == SSL_ERROR_WANT_X509_LOOKUP) - { - /** Not all of the data has been read. Go back to the poll - queue and wait for more.*/ - - rval = 0; - skygw_log_write_flush(LT,"SSL_accept ongoing for %s@%s", - protocol->owner_dcb->user, - protocol->owner_dcb->remote); - } - else - { spinlock_acquire(&protocol->protocol_lock); protocol->protocol_auth_state = MYSQL_AUTH_SSL_HANDSHAKE_FAILED; spinlock_release(&protocol->protocol_lock); rval = -1; - skygw_log_write_flush(LE, "Error: Fatal error in SSL_accept for %s@%s: %s", protocol->owner_dcb->user, - protocol->owner_dcb->remote, - ERR_error_string(errnum,NULL)); - } + protocol->owner_dcb->remote); break; default: diff --git a/server/modules/protocol/mysql_common.c b/server/modules/protocol/mysql_common.c index 654d24692..56988dc9a 100644 --- a/server/modules/protocol/mysql_common.c +++ b/server/modules/protocol/mysql_common.c @@ -137,10 +137,7 @@ void mysql_protocol_done ( goto retblock; } scmd = p->protocol_cmd_history; - if(p->ssl) - { - SSL_free(p->ssl); - } + while (scmd != NULL) { scmd2 = scmd->scom_next; From 76655e7136790bc189e678584681143108ada50b Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Tue, 2 Jun 2015 06:04:06 +0300 Subject: [PATCH 055/119] Added a call to a library function which adds all algorithms to OpenSSL to the SSL initialization code. --- server/core/gateway.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/server/core/gateway.c b/server/core/gateway.c index 0b07f507b..67d5ecf62 100644 --- a/server/core/gateway.c +++ b/server/core/gateway.c @@ -1377,6 +1377,8 @@ int main(int argc, char **argv) SSL_library_init(); SSL_load_error_strings(); + OPENSSL_add_all_algorithms_noconf(); + int n_locks = CRYPTO_num_locks(); if((ssl_locks = malloc(n_locks*sizeof(SPINLOCK))) == NULL) { From 6e01757455dd4ec94eeca482e85c616bf1572918 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Tue, 2 Jun 2015 06:39:51 +0300 Subject: [PATCH 056/119] Added error message to users when trying to connect to a MaxScale service that only allows SSL connections. --- .../include/mysql_client_server_protocol.h | 4 +++ server/modules/protocol/mysql_backend.c | 4 +-- server/modules/protocol/mysql_client.c | 27 ++++++++++++------- server/modules/protocol/mysql_common.c | 11 +++++++- 4 files changed, 33 insertions(+), 13 deletions(-) diff --git a/server/modules/include/mysql_client_server_protocol.h b/server/modules/include/mysql_client_server_protocol.h index e5fd954a4..f72416491 100644 --- a/server/modules/include/mysql_client_server_protocol.h +++ b/server/modules/include/mysql_client_server_protocol.h @@ -91,6 +91,10 @@ #define COM_QUIT_PACKET_SIZE (4+1) struct dcb; +#define MYSQL_FAILED_AUTH 1 +#define MYSQL_FAILED_AUTH_DB 2 +#define MYSQL_FAILED_AUTH_SSL 3 + typedef enum { MYSQL_ALLOC, MYSQL_PENDING_CONNECT, diff --git a/server/modules/protocol/mysql_backend.c b/server/modules/protocol/mysql_backend.c index ba5786851..d000474ab 100644 --- a/server/modules/protocol/mysql_backend.c +++ b/server/modules/protocol/mysql_backend.c @@ -72,7 +72,7 @@ static void backend_set_delayqueue(DCB *dcb, GWBUF *queue); static int gw_change_user(DCB *backend_dcb, SERVER *server, SESSION *in_session, GWBUF *queue); static GWBUF* process_response_data (DCB* dcb, GWBUF* readbuf, int nbytes_to_process); extern char* create_auth_failed_msg( GWBUF* readbuf, char* hostaddr, uint8_t* sha1); -extern char* create_auth_fail_str(char *username, char *hostaddr, char *sha1, char *db); +extern char* create_auth_fail_str(char *username, char *hostaddr, char *sha1, char *db,int); static bool sescmd_response_complete(DCB* dcb); @@ -1433,7 +1433,7 @@ static int gw_change_user( message = create_auth_fail_str(username, backend->session->client->remote, password_set, - ""); + "",auth_ret); if (message == NULL) { LOGIF(LE, (skygw_log_write_flush( diff --git a/server/modules/protocol/mysql_client.c b/server/modules/protocol/mysql_client.c index b930d8c77..6aeadd180 100644 --- a/server/modules/protocol/mysql_client.c +++ b/server/modules/protocol/mysql_client.c @@ -78,7 +78,7 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue); static int route_by_statement(SESSION *, GWBUF **); extern char* get_username_from_auth(char* ptr, uint8_t* data); extern int check_db_name_after_auth(DCB *, char *, int); -extern char* create_auth_fail_str(char *username, char *hostaddr, char *sha1, char *db); +extern char* create_auth_fail_str(char *username, char *hostaddr, char *sha1, char *db,int); int do_ssl_accept(MySQLProtocol* protocol); @@ -450,7 +450,7 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue) { /* Detect now if there are enough bytes to continue */ if (client_auth_packet_size < (4 + 4 + 4 + 1 + 23)) { - return 1; + return MYSQL_FAILED_AUTH; } memcpy(&protocol->client_capabilities, client_auth_packet + 4, 4); @@ -476,7 +476,7 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue) { protocol->owner_dcb->user, protocol->owner_dcb->remote, protocol->owner_dcb->service->name))); - return 1; + return MYSQL_FAILED_AUTH_SSL; } if(LOG_IS_ENABLED(LT) && ssl) @@ -495,7 +495,7 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue) { if(do_ssl_accept(protocol) < 0) { - return 1; + return MYSQL_FAILED_AUTH; } else { @@ -509,7 +509,7 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue) { if (username == NULL) { - return 1; + return MYSQL_FAILED_AUTH; } /* get charset */ @@ -902,7 +902,7 @@ int gw_read_client_event( fail_str = create_auth_fail_str((char *)((MYSQL_session *)dcb->data)->user, dcb->remote, (char*)((MYSQL_session *)dcb->data)->client_sha1, - (char*)((MYSQL_session *)dcb->data)->db); + (char*)((MYSQL_session *)dcb->data)->db,auth_val); modutil_send_mysql_err_packet(dcb, 2, 0, 1045, "28000", fail_str); } if (fail_str) @@ -996,14 +996,21 @@ int gw_read_client_event( snprintf(fail_str, message_len, "Unknown database '%s'", (char*)((MYSQL_session *)dcb->data)->db); - modutil_send_mysql_err_packet(dcb, 2, 0, 1049, "42000", fail_str); - } else { + modutil_send_mysql_err_packet(dcb, 3, 0, 1049, "42000", fail_str); + }else if(auth_val == 3){ /** Send error 1045 to client */ fail_str = create_auth_fail_str((char *)((MYSQL_session *)dcb->data)->user, dcb->remote, (char*)((MYSQL_session *)dcb->data)->client_sha1, - (char*)((MYSQL_session *)dcb->data)->db); - modutil_send_mysql_err_packet(dcb, 2, 0, 1045, "28000", fail_str); + (char*)((MYSQL_session *)dcb->data)->db,auth_val); + modutil_send_mysql_err_packet(dcb, 3, 0, 1045, "28000", fail_str); + }else { + /** Send error 1045 to client */ + fail_str = create_auth_fail_str((char *)((MYSQL_session *)dcb->data)->user, + dcb->remote, + (char*)((MYSQL_session *)dcb->data)->client_sha1, + (char*)((MYSQL_session *)dcb->data)->db,auth_val); + modutil_send_mysql_err_packet(dcb, 3, 0, 1045, "28000", fail_str); } if (fail_str) free(fail_str); diff --git a/server/modules/protocol/mysql_common.c b/server/modules/protocol/mysql_common.c index 56988dc9a..0a1d2195b 100644 --- a/server/modules/protocol/mysql_common.c +++ b/server/modules/protocol/mysql_common.c @@ -2199,7 +2199,8 @@ char *create_auth_fail_str( char *username, char *hostaddr, char *sha1, - char *db) + char *db, + int errcode) { char* errstr; const char* ferrstr; @@ -2214,6 +2215,10 @@ char *create_auth_fail_str( { ferrstr = "Access denied for user '%s'@'%s' (using password: %s) to database '%s'"; } + else if(errcode == MYSQL_FAILED_AUTH_SSL) + { + ferrstr = "Access without SSL denied"; + } else { ferrstr = "Access denied for user '%s'@'%s' (using password: %s)"; @@ -2233,6 +2238,10 @@ char *create_auth_fail_str( { sprintf(errstr, ferrstr, username, hostaddr, (*sha1 == '\0' ? "NO" : "YES"), db); } + else if(errcode == MYSQL_FAILED_AUTH_SSL) + { + sprintf(errstr, ferrstr); + } else { sprintf(errstr, ferrstr, username, hostaddr, (*sha1 == '\0' ? "NO" : "YES")); From 08e0a318268cd42fa0f70442c5642e9da682f1f2 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Tue, 2 Jun 2015 06:42:41 +0300 Subject: [PATCH 057/119] Fixed session creation failure messages using the wrong packet number when an SSL connection was made. --- server/modules/protocol/mysql_client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/modules/protocol/mysql_client.c b/server/modules/protocol/mysql_client.c index 6aeadd180..45fc65ee0 100644 --- a/server/modules/protocol/mysql_client.c +++ b/server/modules/protocol/mysql_client.c @@ -975,7 +975,7 @@ int gw_read_client_event( /** Send ERR 1045 to client */ mysql_send_auth_error( dcb, - 2, + 3, 0, "failed to create new session"); From fc8918b1f2d77d32880ca0297dcb069fccc1e0e1 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Tue, 2 Jun 2015 09:15:08 +0300 Subject: [PATCH 058/119] Added a dcb_connect_SSL function which starts a client SSL connection. --- server/core/dcb.c | 66 ++++++++++++++++++++++++++++++++++++++++++++ server/include/dcb.h | 1 + 2 files changed, 67 insertions(+) diff --git a/server/core/dcb.c b/server/core/dcb.c index 2948dae2e..2dcbd9b4c 100644 --- a/server/core/dcb.c +++ b/server/core/dcb.c @@ -2843,5 +2843,71 @@ int dcb_accept_SSL(DCB* dcb) break; } + return rval; +} + +/** + * Initiate an SSL client connection to a server + * + * This functions starts an SSL client connection to a server which is expecting + * an SSL handshake. The DCB should already have a TCP connection to the server and + * this connection should be in a state that expects an SSL handshake. + * @param dcb DCB to connect + * @return 1 on success, -1 on error and 0 if the SSL handshake is still ongoing + */ +int dcb_connect_SSL(DCB* dcb) +{ + int rval,errnum; + + rval = SSL_connect(dcb->ssl); + + switch(rval) + { + case 0: + errnum = SSL_get_error(dcb->ssl,rval); + LOGIF(LD,(skygw_log_write_flush(LD,"SSL_connect shutdown for %s@%s", + dcb->user, + dcb->remote))); + return -1; + break; + case 1: + rval = 1; + LOGIF(LD,(skygw_log_write_flush(LD,"SSL_connect done for %s@%s", + dcb->user, + dcb->remote))); + break; + + case -1: + errnum = SSL_get_error(dcb->ssl,rval); + + if(errnum == SSL_ERROR_WANT_READ || errnum == SSL_ERROR_WANT_WRITE || + errnum == SSL_ERROR_WANT_X509_LOOKUP) + { + /** Not all of the data has been read. Go back to the poll + queue and wait for more.*/ + + rval = 0; + LOGIF(LD,(skygw_log_write_flush(LD,"SSL_connect ongoing for %s@%s", + dcb->user, + dcb->remote))); + } + else + { + rval = -1; + skygw_log_write_flush(LE, + "Error: Fatal error in SSL_connect for %s@%s: %s", + dcb->user, + dcb->remote, + ERR_error_string(errnum,NULL)); + } + break; + + default: + skygw_log_write_flush(LE, + "Error: Fatal error in SSL_connect, returned value was %d.", + rval); + break; + } + return rval; } \ No newline at end of file diff --git a/server/include/dcb.h b/server/include/dcb.h index 58a4eb532..cc96a2c0e 100644 --- a/server/include/dcb.h +++ b/server/include/dcb.h @@ -343,6 +343,7 @@ size_t dcb_get_session_id(DCB* dcb); bool dcb_get_ses_log_info(DCB* dcb, size_t* sesid, int* enabled_logs); int dcb_create_SSL(DCB* dcb); int dcb_accept_SSL(DCB* dcb); +int dcb_connect_SSL(DCB* dcb); int gw_write_SSL(SSL* ssl, const void *buf, size_t nbytes); int dcb_write_SSL(DCB *dcb,GWBUF *queue); int dcb_read_SSL(DCB *dcb,GWBUF **head); From 57060cafecff9141e1883879c11cfe46d0b120d3 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Tue, 2 Jun 2015 17:00:39 +0300 Subject: [PATCH 059/119] Added SSL level configuration to services. --- .../Getting-Started/Configuration-Guide.md | 48 +++++++++++++++++ Documentation/Reference/MaxScale-and-SSL.md | 3 +- server/core/config.c | 16 ++++-- server/core/service.c | 51 ++++++++++++++++++- server/include/service.h | 12 +++++ 5 files changed, 124 insertions(+), 6 deletions(-) diff --git a/Documentation/Getting-Started/Configuration-Guide.md b/Documentation/Getting-Started/Configuration-Guide.md index 535eca2cc..e3cc4871b 100644 --- a/Documentation/Getting-Started/Configuration-Guide.md +++ b/Documentation/Getting-Started/Configuration-Guide.md @@ -326,6 +326,54 @@ Example: connection_timeout=300 ``` +### Service and SSL + +This section describes configuration parameters for services that control the SSL/TLS encrption method and the various certificate files involved in it. To enable SSL, you must configure the `ssl` parameter with either `enabled` or `required` and provide the three files for `ssl_cert`, `ssl_key` and `ssl_ca_cert`. After this, MySQL connections to this service can be encrypted with SSL. + +#### `ssl` + +This enables SSL connections to the service. If this parameter is set to either `required` or `enabled` and the three certificate files can be found (these are explained afterwards), then client connections will be encrypted with SSL. If the parameter is `enabled` then both SSL and non-SSL connections can connect to this service. If the parameter is set to `required` then only SSL connections can be used for this service and non-SSL connections will get an error when they try to connect to the service. + +#### `ssl_key` + +The SSL private key the service should use. This will be the private key that is used as the server side private key during a client-server SSL handshake. This is a required parameter for SSL enabled services. + +#### `ssl_cert` + +The SSL certificate the service should use. This will be the public certificate that is used as the server side certificate during a client-server SSL handshake. This is a required parameter for SSL enabled services. + +#### `ssl_ca_cert` + +This is the Certificate Authority file. It will be used to verify that both the client and the server certificates are valid. This is a required parameter for SSL enabled services. + +### `ssl_version` + +This parameter controls the level of encryption used. Accepted values are: + * SSLv2 + * SSLv3 + * TLSv10 + * TLSv11 + * TLSv12 + * MAX + +Example SSL enabled service configuration: + +``` +[ReadWriteSplitService] +type=service +router=readwritesplit +servers=server1,server2,server3 +user=myuser +passwd=mypasswd +ssl=required +ssl_cert=/home/markus/certs/server-cert.pem +ssl_key=/home/markus/certs/server-key.pem +ssl_ca_cert=/home/markus/certs/ca.pem +ssl_version=TLSv12 +``` + +This configuration requires all connections to be encryped with SSL. It also specifies that TLSv1.2 should be used as the encryption method. The paths to the server certificate files and the Certificate Authority file are also provided. + ### Server Server sections are used to define the backend database servers that can be formed into a service. A server may be a member of one or more services within MaxScale. Servers are identified by a server name which is the section name in the configuration file. Servers have a type parameter of server, plus address port and protocol parameters. diff --git a/Documentation/Reference/MaxScale-and-SSL.md b/Documentation/Reference/MaxScale-and-SSL.md index a4210b0de..ca61d52e2 100644 --- a/Documentation/Reference/MaxScale-and-SSL.md +++ b/Documentation/Reference/MaxScale-and-SSL.md @@ -5,9 +5,10 @@ MaxScale supports client side SSL connections. Enabling is done on a per service ## SSL Options Here are the options which relate to SSL and certificates. -Parameter|Values|Description +Parameter|Values |Description ---------|-----------|-------- ssl | disabled, enabled, required |`disable` disables SSL, `enabled` enables SSL for client connections but still allows non-SSL connections and `required` requires SSL from all client connections. With the `required` option, client connections that do not use SSL will be rejected. ssl_cert | |Path to server certificate ssl_key | |Path to server private key ssl_ca_cert | |Path to Certificate Authority file +ssl_version|SSLV2,SSLV3,TLSV10,TLSV11,TLSV12,MAX| The SSL method level, defaults to highest available encryption level which is TLSv1.2 diff --git a/server/core/config.c b/server/core/config.c index 640437270..5e03a3b19 100644 --- a/server/core/config.c +++ b/server/core/config.c @@ -345,7 +345,7 @@ hashtable_memory_fns(monitorhash,strdup,NULL,free,NULL); char *weightby; char *version_string; char *subservices; - char *ssl,*ssl_cert,*ssl_key,*ssl_ca_cert; + char *ssl,*ssl_cert,*ssl_key,*ssl_ca_cert,*ssl_version; bool is_rwsplit = false; bool is_schemarouter = false; char *allow_localhost_match_wildcard_host; @@ -358,6 +358,7 @@ hashtable_memory_fns(monitorhash,strdup,NULL,free,NULL); ssl_cert = config_get_value(obj->parameters, "ssl_cert"); ssl_key = config_get_value(obj->parameters, "ssl_key"); ssl_ca_cert = config_get_value(obj->parameters, "ssl_ca_cert"); + ssl_version = config_get_value(obj->parameters, "ssl_version"); enable_root_user = config_get_value( obj->parameters, "enable_root_user"); @@ -474,6 +475,10 @@ hashtable_memory_fns(monitorhash,strdup,NULL,free,NULL); else { serviceSetCertificates(obj->element,ssl_cert,ssl_key,ssl_ca_cert); + if(ssl_version) + { + serviceSetSSLVersion(obj->element,ssl_version); + } } } else @@ -1381,7 +1386,7 @@ int i; } else if (strcmp(name, "ms_timestamp") == 0) { - skygw_set_highp(config_truth_value(value)); + skygw_set_highp(config_truth_value((char*)value)); } else { @@ -1389,7 +1394,7 @@ int i; { if (strcasecmp(name, lognames[i].logname) == 0) { - if (config_truth_value(value)) + if (config_truth_value((char*)value)) skygw_log_enable(lognames[i].logfile); else skygw_log_disable(lognames[i].logfile); @@ -1967,6 +1972,11 @@ static char *service_params[] = "version_string", "filters", "weightby", + "ssl_cert", + "ssl_ca_cert", + "ssl", + "ssl_key", + "ssl_version", NULL }; diff --git a/server/core/service.c b/server/core/service.c index f8b9d0e99..a8df37f5b 100644 --- a/server/core/service.c +++ b/server/core/service.c @@ -141,7 +141,8 @@ SERVICE *service; service->ssl_ca_cert = NULL; service->ssl_cert = NULL; service->ssl_key = NULL; - + /** Use the highest possible SSL/TLS methods available */ + service->ssl_method_type = SERVICE_SSL_TLS_MAX; if (service->name == NULL || service->routerModule == NULL) { if (service->name) @@ -868,6 +869,22 @@ serviceSetCertificates(SERVICE *service, char* cert,char* key, char* ca_cert) service->ssl_ca_cert = strdup(ca_cert); } +void +serviceSetSSLVersion(SERVICE *service, char* version) +{ + if(strcasecmp(version,"SSLV2") == 0) + service->ssl_method_type = SERVICE_SSLV2; + else if(strcasecmp(version,"SSLV3") == 0) + service->ssl_method_type = SERVICE_SSLV3; + else if(strcasecmp(version,"TLSV10") == 0) + service->ssl_method_type = SERVICE_TLS10; + else if(strcasecmp(version,"TLSV11") == 0) + service->ssl_method_type = SERVICE_TLS11; + else if(strcasecmp(version,"TLSV12") == 0) + service->ssl_method_type = SERVICE_TLS12; + else if(strcasecmp(version,"MAX") == 0) + service->ssl_method_type = SERVICE_SSL_TLS_MAX; +} /** Enable or disable the service SSL capability*/ int serviceSetSSL(SERVICE *service, char* action) @@ -1816,7 +1833,37 @@ int serviceInitSSL(SERVICE* service) { if(!service->ssl_init_done) { - service->method = (SSL_METHOD*)SSLv23_server_method(); + switch(service->ssl_method_type) + { + case SERVICE_SSLV2: + service->method = (SSL_METHOD*)SSLv2_server_method(); + break; + case SERVICE_SSLV3: + service->method = (SSL_METHOD*)SSLv3_server_method(); + break; + case SERVICE_TLS10: + service->method = (SSL_METHOD*)TLSv1_server_method(); + break; + case SERVICE_TLS11: + service->method = (SSL_METHOD*)TLSv1_1_server_method(); + break; + case SERVICE_TLS12: + service->method = (SSL_METHOD*)TLSv1_2_server_method(); + break; + case SERVICE_SSL_MAX: + service->method = (SSL_METHOD*)SSLv23_server_method(); + break; + case SERVICE_TLS_MAX: + service->method = (SSL_METHOD*)SSLv23_server_method(); + break; + case SERVICE_SSL_TLS_MAX: + service->method = (SSL_METHOD*)SSLv23_server_method(); + break; + default: + service->method = (SSL_METHOD*)SSLv23_server_method(); + break; + } + service->ctx = SSL_CTX_new(service->method); SSL_CTX_set_read_ahead(service->ctx,1); if (SSL_CTX_use_certificate_file(service->ctx, service->ssl_cert, SSL_FILETYPE_PEM) <= 0) { diff --git a/server/include/service.h b/server/include/service.h index 1c6614656..7975518e7 100644 --- a/server/include/service.h +++ b/server/include/service.h @@ -113,6 +113,17 @@ typedef enum { SSL_REQUIRED } ssl_mode_t; +enum{ + SERVICE_SSLV2, + SERVICE_SSLV3, + SERVICE_TLS10, + SERVICE_TLS11, + SERVICE_TLS12, + SERVICE_SSL_MAX, + SERVICE_TLS_MAX, + SERVICE_SSL_TLS_MAX +}; + /** * Defines a service within the gateway. * @@ -164,6 +175,7 @@ typedef struct service { SSL *ssl; SSL_METHOD *method; /*< SSLv2/3 or TLSv1/2 methods * see: https://www.openssl.org/docs/ssl/SSL_CTX_new.html */ + int ssl_method_type; /*< Which of the SSLv2/3 or TLS1.0/1.1/1.2 methods to use */ char* ssl_cert; char* ssl_key; char* ssl_ca_cert; From dbcb9a450fa10febe7982140068cd177d53030da Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Wed, 3 Jun 2015 10:15:53 +0300 Subject: [PATCH 060/119] Added note about GCC versions to the source building document. --- .../Getting-Started/Building-MaxScale-from-Source-Code.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Documentation/Getting-Started/Building-MaxScale-from-Source-Code.md b/Documentation/Getting-Started/Building-MaxScale-from-Source-Code.md index 30a06fcdb..f83a6e3ae 100644 --- a/Documentation/Getting-Started/Building-MaxScale-from-Source-Code.md +++ b/Documentation/Getting-Started/Building-MaxScale-from-Source-Code.md @@ -4,7 +4,7 @@ You will need a number of tools and libraries in order to achieve this. * cmake version 2.8.12 or later -* gcc recommended version 4.4.7 or later +* gcc recommended version 4.4.7 or later (MariaDB 10 libraries require gcc 4.7 or newer) * libaio From 6e2611f24141bf934f06fa96901a7bbe0fda76ef Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Wed, 3 Jun 2015 11:07:06 +0300 Subject: [PATCH 061/119] Updated documentation with new configuration file name. --- Documentation/About/SETUP.md | 4 ++-- .../Getting-Started/Configuration-Guide.md | 16 ++++++++-------- .../Getting-Started-With-MaxScale.md | 2 +- .../Reference/Debug-And-Diagnostic-Support.md | 4 ++-- Documentation/Reference/Hint-Syntax.md | 2 +- Documentation/Reference/MaxAdmin.md | 8 ++++---- .../MaxScale-1.0.1-Release-Notes.md | 4 ++-- .../Tutorials/Administration-Tutorial.md | 14 +++++++------- ...Galera-Cluster-Connection-Routing-Tutorial.md | 6 +++--- ...lera-Cluster-Read-Write-Splitting-Tutorial.md | 6 +++--- .../Tutorials/MaxScale-Information-Schema.md | 2 +- Documentation/Tutorials/MySQL-Cluster-Setup.md | 4 ++-- ...QL-Replication-Connection-Routing-Tutorial.md | 4 ++-- ...-Replication-Read-Write-Splitting-Tutorial.md | 6 +++--- Documentation/Tutorials/Nagios-Plugins.md | 6 +++--- .../RabbitMQ-Setup-And-MaxScale-Integration.md | 2 +- .../Replication-Proxy-Binlog-Router-Tutorial.md | 2 +- .../Tutorials/Simple-Sharding-Tutorial.md | 4 ++-- .../filters/Database-Firewall-Filter.md | 2 +- Documentation/filters/Query-Log-All-Filter.md | 2 +- Documentation/filters/RabbitMQ-Filter.md | 4 ++-- Documentation/filters/Regex-Filter.md | 2 +- Documentation/filters/Tee-Filter.md | 2 +- Documentation/filters/Top-N-Filter.md | 2 +- 24 files changed, 55 insertions(+), 55 deletions(-) diff --git a/Documentation/About/SETUP.md b/Documentation/About/SETUP.md index 9cb5dd11b..e28fb0d40 100644 --- a/Documentation/About/SETUP.md +++ b/Documentation/About/SETUP.md @@ -11,7 +11,7 @@ or by manually starting the process from the bin folder of the installation dire Configuration -You need to create or edit the MaxScale.cnf file in the /etc folder. +You need to create or edit the maxscale.cnf file in the /etc folder. Define the services you wish to provide, the set of server definitions you require, with the addresses and ports of those servers and also define the listening ports for your various services. @@ -22,4 +22,4 @@ the port defined for the telnet listener. Initially you may login with the user name of "admin" and the password "mariadb". Once connected type help for an overview of the commands and help for the more detailed help on commands. Use the add user command to add a new user, -this will also remove the admin/mariadb user. +this will also remove the admin/mariadb user. For a detailed guide about using the MaxAdmin interface, take a look at the [MaxAdmin](../Reference/MaxAdmin.md) guide. diff --git a/Documentation/Getting-Started/Configuration-Guide.md b/Documentation/Getting-Started/Configuration-Guide.md index 535eca2cc..15293d1aa 100644 --- a/Documentation/Getting-Started/Configuration-Guide.md +++ b/Documentation/Getting-Started/Configuration-Guide.md @@ -241,7 +241,7 @@ Query OK, 0 rows affected (0.00 sec) #### `passwd` -The passwd parameter provides the password information for the above user and may be either a plain text password or it may be an encrypted password. See the section on encrypting passwords for use in the MaxScale.cnf file. This user must be capable of connecting to the backend database and executing these SQL statements to load database names and grants from the backends: +The passwd parameter provides the password information for the above user and may be either a plain text password or it may be an encrypted password. See the section on encrypting passwords for use in the maxscale.cnf file. This user must be capable of connecting to the backend database and executing these SQL statements to load database names and grants from the backends: * `SELECT user, host, password,Select_priv FROM mysql.user`. * `SELECT user, host, db FROM mysql.db` @@ -366,7 +366,7 @@ The monitor has a username and password that is used to connect to all servers f monitorpw=mymonitorpasswd ``` -The monpasswd parameter may be either a plain text password or it may be an encrypted password. See the section on encrypting passwords for use in the MaxScale.cnf file. +The monpasswd parameter may be either a plain text password or it may be an encrypted password. See the section on encrypting passwords for use in the maxscale.cnf file. ### Listener @@ -515,7 +515,7 @@ Individual servers may define override values for the user and password the moni #### `passwd` -The password parameter may be either a plain text password or it may be an encrypted password. See the section on encrypting passwords for use in the `MaxScale.cnf` file. +The password parameter may be either a plain text password or it may be an encrypted password. See the section on encrypting passwords for use in the `maxscale.cnf` file. #### `monitor_interval` @@ -1307,7 +1307,7 @@ before being sent to the server. Note that the text in the match string is case- The **tee** filter is a filter module for MaxScale that acts as a "plumbing" fitting in the MaxScale filter toolkit. It can be used in a filter pipeline of a service to make a copy of requests from the client and dispatch a copy of the request to another service within MaxScale. -The configuration block for the **tee** filter requires the minimal filter parameters in its section within the `MaxScale.cnf` file that defines the filter to load and the service to send the duplicates to. +The configuration block for the **tee** filter requires the minimal filter parameters in its section within the `maxscale.cnf` file that defines the filter to load and the service to send the duplicates to. ``` [ArchiveFilter] @@ -1322,7 +1322,7 @@ In addition parameters may be added to define patterns to match against to eithe The top filter is a filter module for MaxScale that monitors every SQL statement that passes through the filter. It measures the duration of that statement, the time between the statement being sent and the first result being returned. The top N times are kept, along with the SQL text itself and a list sorted on the execution times of the query is written to a file upon closure of the client session. -The configuration block for the **top** filter requires the minimal filter options in its section within the `MaxScale.cnf` file, stored in `/etc/MaxScale.cnf`. +The configuration block for the **top** filter requires the minimal filter options in its section within the `maxscale.cnf` file, stored in `/etc/maxscale.cnf`. ``` [MyLogFilter] @@ -1336,13 +1336,13 @@ In addition parameters may be added to define patterns to match against to eithe ## Encrypting Passwords -Passwords stored in the MaxScale.cnf file may optionally be encrypted for added security. This is done by creation of an encryption key on installation of MaxScale. Encryption keys may be created manually by executing the maxkeys utility with the argument of the filename to store the key. The default location MaxScale stores the keys is `/var/cache/maxscale`. +Passwords stored in the maxscale.cnf file may optionally be encrypted for added security. This is done by creation of an encryption key on installation of MaxScale. Encryption keys may be created manually by executing the maxkeys utility with the argument of the filename to store the key. The default location MaxScale stores the keys is `/var/cache/maxscale`. ``` maxkeys /var/cache/maxscale/.secrets ``` -Changing the encryption key for MaxScale will invalidate any currently encrypted keys stored in the MaxScale.cnf file. +Changing the encryption key for MaxScale will invalidate any currently encrypted keys stored in the maxscale.cnf file. ### Creating Encrypted Passwords @@ -1351,7 +1351,7 @@ Encrypted passwords are created by executing the maxpasswd command with the pass maxpasswd MaxScalePw001 61DD955512C39A4A8BC4BB1E5F116705 -The output of the maxpasswd command is a hexadecimal string, this should be inserted into the MaxScale.cnf file in place of the ordinary, plain text, password. MaxScale will determine this as an encrypted password and automatically decrypt it before sending it the database server. +The output of the maxpasswd command is a hexadecimal string, this should be inserted into the maxscale.cnf file in place of the ordinary, plain text, password. MaxScale will determine this as an encrypted password and automatically decrypt it before sending it the database server. ``` [Split Service] diff --git a/Documentation/Getting-Started/Getting-Started-With-MaxScale.md b/Documentation/Getting-Started/Getting-Started-With-MaxScale.md index ed41da728..344ac500d 100644 --- a/Documentation/Getting-Started/Getting-Started-With-MaxScale.md +++ b/Documentation/Getting-Started/Getting-Started-With-MaxScale.md @@ -65,7 +65,7 @@ modules it will search using a configurable search path. The priority of these p 2. Look in the directory defined with libdir=PATH in the configuration file under the [maxscale] section 3. Look in default directory in /usr/lib64/maxscale -Configuration is read by default from the file /etc/MaxScale.cnf. An example file is included in in the installation and can be found in the /usr/share/maxscale folder within the MaxScale installation. The -f flag can be used on the command line to set the name and the location of the configuration file. The -C flag can be used to set the directory where the configuration file is searched for. Without the -f or -C flags, the file is read from the /etc directory. +Configuration is read by default from the file /etc/maxscale.cnf. An example file is included in in the installation and can be found in the /usr/share/maxscale folder within the MaxScale installation. The -f flag can be used on the command line to set the name and the location of the configuration file. The -C flag can be used to set the directory where the configuration file is searched for. Without the -f or -C flags, the file is read from the /etc directory. ## Administration Of MaxScale diff --git a/Documentation/Reference/Debug-And-Diagnostic-Support.md b/Documentation/Reference/Debug-And-Diagnostic-Support.md index d9bffa268..12298624c 100644 --- a/Documentation/Reference/Debug-And-Diagnostic-Support.md +++ b/Documentation/Reference/Debug-And-Diagnostic-Support.md @@ -1679,7 +1679,7 @@ Loaded 34 users. ## Reload config -The reload config command can be used to force MaxScale to re-read the MaxScale.cnf and update itself to the latest configuration defined in that configuration file. It is also possible to force the reading of the configuration file by sending a HangUp signal (SIGHUP) to the maxscale process. +The reload config command can be used to force MaxScale to re-read the maxscale.cnf and update itself to the latest configuration defined in that configuration file. It is also possible to force the reading of the configuration file by sending a HangUp signal (SIGHUP) to the maxscale process. **MaxScale>** reload config @@ -1789,7 +1789,7 @@ MariaDB Corporation MaxScale /home/jdoe/bin/develop/log/skygw_msg1.log Tue Dec 2014-12-09 14:47:05 Log directory : /home/jdoe/bin/develop/log -2014-12-09 14:47:05 Configuration file : /home/jdoe/bin/develop/etc/MaxScale.cnf +2014-12-09 14:47:05 Configuration file : /home/jdoe/bin/develop/etc/maxscale.cnf 2014-12-09 14:47:05 Initialise CLI router module V1.0.0. diff --git a/Documentation/Reference/Hint-Syntax.md b/Documentation/Reference/Hint-Syntax.md index 0cb7cbaee..264d264f6 100644 --- a/Documentation/Reference/Hint-Syntax.md +++ b/Documentation/Reference/Hint-Syntax.md @@ -15,7 +15,7 @@ name-value pairs. Routing queries to a server: -- maxscale route to [master | slave | server ] -The name of the server is the same as in MaxScale.cnf +The name of the server is the same as in maxscale.cnf Creating a name-value pair: -- maxscale = diff --git a/Documentation/Reference/MaxAdmin.md b/Documentation/Reference/MaxAdmin.md index b8889192a..6244a33d6 100644 --- a/Documentation/Reference/MaxAdmin.md +++ b/Documentation/Reference/MaxAdmin.md @@ -591,7 +591,7 @@ Some monitors provide a replication heartbeat mechanism that monitors the delay MaxScale> enable heartbeat "MySQL Monitor" MaxScale> -Please note that changes made via this interface will not persist across restarts of MaxScale. To make a permanent change edit the MaxScale.cnf file. +Please note that changes made via this interface will not persist across restarts of MaxScale. To make a permanent change edit the maxscale.cnf file. Enabling the replication heartbeat mechanism will add the display of heartbeat information in the show server output @@ -786,11 +786,11 @@ Two commands are provided to change the logging levels within MaxScale, disable MaxScale> disable log debug MaxScale> -Please note that changes made via this interface will not persist across restarts of MaxScale. To make a permanent change edit the MaxScale.cnf file. +Please note that changes made via this interface will not persist across restarts of MaxScale. To make a permanent change edit the maxscale.cnf file. ## Reloading The Configuration -A command, reload config, is available that will cause MaxScale to reload the MaxScale.cnf configuration file. +A command, reload config, is available that will cause MaxScale to reload the maxscale.cnf configuration file. ## Shutting Down MaxScale @@ -798,7 +798,7 @@ The MaxScale server may be shutdown using the shutdown maxscale command. # Configuring MaxScale to Accept MaxAdmin Connections -In order to allow the use of the MaxAdmin client interface the service must be added to the MaxScale.cnf file of the Maxscale server. The CLI service itself must be added and a listener for the maxscaled protocol. +In order to allow the use of the MaxAdmin client interface the service must be added to the maxscale.cnf file of the Maxscale server. The CLI service itself must be added and a listener for the maxscaled protocol. The default entries required are shown below. diff --git a/Documentation/Release-Notes/MaxScale-1.0.1-Release-Notes.md b/Documentation/Release-Notes/MaxScale-1.0.1-Release-Notes.md index 6a34ec3a9..a82083ac9 100644 --- a/Documentation/Release-Notes/MaxScale-1.0.1-Release-Notes.md +++ b/Documentation/Release-Notes/MaxScale-1.0.1-Release-Notes.md @@ -107,11 +107,11 @@ A number of bug fixes have been applied between the 1.0 beta release and this re 479 - Undefined filter reference in MaxScale.cnf causes a crash + Undefined filter reference in maxscale.cnf causes a crash 410 - MaxScale.cnf server option is not parsed for spaces + maxscale.cnf server option is not parsed for spaces 417 diff --git a/Documentation/Tutorials/Administration-Tutorial.md b/Documentation/Tutorials/Administration-Tutorial.md index 6913431bc..e3253fca6 100644 --- a/Documentation/Tutorials/Administration-Tutorial.md +++ b/Documentation/Tutorials/Administration-Tutorial.md @@ -22,7 +22,7 @@ or $ /etc/init.d/maxscale start -It is also possible to start MaxScale by executing the maxscale command itself, in this case you must ensure that the environment is correctly setup or command line options are passed. The major elements to consider are the correct setting of the MAXSCALE\_HOME directory and to ensure that LD\_LIBRARY\_PATH. The LD\_LIBRARY\_PATH should include the lib directory that was installed as part of the MaxScale installation, the MAXSCALE\_HOME should point to /usr/local/mariadb-maxscale if a default installation has been created or to the directory this was relocated to. Running the executable $MAXSCALE\_HOME/bin/maxscale will result in MaxScale running as a daemon process, unattached to the terminal in which it was started and using configuration files that it finds in the $MAXSCALE\_HOME directory. +It is also possible to start MaxScale by executing the maxscale command itself. Running the executable /usr/bin/maxscale will result in MaxScale running as a daemon process, unattached to the terminal in which it was started and using configuration files that it finds in the /etc directory. Options may be passed to the MaxScale binary that alter this default behavior, this options are documented in the table below. @@ -56,9 +56,9 @@ or $ /etc/init.d/maxscale stop -MaxScale will also stop gracefully if it received a hangup signal, to find the process id of the MaxScale server use the ps command or read the contents of the maxscale.pid file located in the same directory as the logs. +MaxScale will also stop gracefully if it received a terminate signal, to find the process id of the MaxScale server use the ps command or read the contents of the maxscale.pid file located in the /var/run/maxscale directory. - $ kill -HUP `cat /log/maxscale.pid` + $ kill `cat /var/run/maxscale/maxscale.pid` In order to shutdown MaxScale using the maxadmin command you may either connect with maxadmin in interactive mode or pass the "shutdown maxscale" command you wish to execute as an argument to maxadmin. @@ -135,7 +135,7 @@ This may be integrated into the Linux logrotate mechanism by adding a configurat - @@ -156,14 +156,14 @@ One disadvantage with this is that the password used for the maxadmin command ha
/usr/local/mariadb-maxscale/log/*.log { + /var/log/maxscale/*.log { monthly rotate 5 missingok @@ -144,7 +144,7 @@ sharedscripts postrotate \# run if maxscale is running if test -n "`ps acx|grep maxscale`"; then -/usr/local/mariadb-maxscale/bin/maxadmin -pmariadb flush logs +/usr/bin/maxadmin -pmariadb flush logs fi endscript }
- diff --git a/Documentation/Tutorials/Galera-Cluster-Connection-Routing-Tutorial.md b/Documentation/Tutorials/Galera-Cluster-Connection-Routing-Tutorial.md index d58ebc32c..0ebe57a2b 100644 --- a/Documentation/Tutorials/Galera-Cluster-Connection-Routing-Tutorial.md +++ b/Documentation/Tutorials/Galera-Cluster-Connection-Routing-Tutorial.md @@ -60,7 +60,7 @@ If you wish to use two different usernames for the two different roles of monito ### Creating Your MaxScale Configuration -MaxScale configuration is held in an ini file that is located in the file MaxScale.cnf in the directory /etc, if you have installed in the default location then this file is available in /usr/local/mariadb-maxscale/etc/MaxScale.cnf. This is not created as part of the installation process and must be manually created. A template file does exist within this directory that may be use as a basis for your configuration. +MaxScale configuration is held in an ini file that is located in the file maxscale.cnf in the directory /etc, if you have installed in the default location then this file is available in /etc/maxscale.cnf. This is not created as part of the installation process and must be manually created. A template file does exist within the /usr/share/maxscale directory that may be use as a basis for your configuration. A global, maxscale, section is included within every MaxScale configuration file; this is used to set the values of various MaxScale wide parameters, perhaps the most important of these is the number of threads that MaxScale will use to execute the code that forwards requests and handles responses for clients. @@ -89,7 +89,7 @@ In order to instruct the router to which servers it should route we must add rou The final step in the service section is to add the username and password that will be used to populate the user data from the database cluster. There are two options for representing the password, either plain text or encrypted passwords may be used. In order to use encrypted passwords a set of keys must be generated that will be used by the encryption and decryption process. To generate the keys use the maxkeys command and pass the name of the secrets file in which the keys are stored. - % maxkeys /usr/local/mariadb-maxscale/etc/.secrets + % maxkeys /var/lib/maxscale/.secrets % Once the keys have been created the maxpasswd command can be used to generate the encrypted password. @@ -178,7 +178,7 @@ or % service maxscale start -Check the error log in /usr/local/mariadb-maxscale/log to see if any errors are detected in the configuration file and to confirm MaxScale has been started. Also the maxadmin command may be used to confirm that MaxScale is running and the services, listeners etc have been correctly configured. +Check the error log in /var/log/maxscale to see if any errors are detected in the configuration file and to confirm MaxScale has been started. Also the maxadmin command may be used to confirm that MaxScale is running and the services, listeners etc have been correctly configured. % maxadmin -pmariadb list services diff --git a/Documentation/Tutorials/Galera-Cluster-Read-Write-Splitting-Tutorial.md b/Documentation/Tutorials/Galera-Cluster-Read-Write-Splitting-Tutorial.md index 8717591d8..4da69f27e 100644 --- a/Documentation/Tutorials/Galera-Cluster-Read-Write-Splitting-Tutorial.md +++ b/Documentation/Tutorials/Galera-Cluster-Read-Write-Splitting-Tutorial.md @@ -62,7 +62,7 @@ If you wish to use two different usernames for the two different roles of monito ### Creating Your MaxScale Configuration -MaxScale configuration is held in an ini file that is located in the file MaxScale.cnf in the directory /etc, if you have installed in the default location then this file is available in /usr/local/mariadb-maxscale/etc/MaxScale.cnf. This is not created as part of the installation process and must be manually created. A template file does exist within this directory that may be use as a basis for your configuration. +MaxScale configuration is held in an ini file that is located in the file maxscale.cnf in the directory /etc, if you have installed in the default location then this file is available in /etc/maxscale.cnf. This is not created as part of the installation process and must be manually created. A template file does exist within the /usr/share/maxscale directory that may be use as a basis for your configuration. A global, maxscale, section is included within every MaxScale configuration file; this is used to set the values of various MaxScale wide parameters, perhaps the most important of these is the number of threads that MaxScale will use to execute the code that forwards requests and handles responses for clients. @@ -83,7 +83,7 @@ The router for we need to use for this configuration is the readwritesplit modul The final step in the service sections is to add the username and password that will be used to populate the user data from the database cluster. There are two options for representing the password, either plain text or encrypted passwords may be used. In order to use encrypted passwords a set of keys must be generated that will be used by the encryption and decryption process. To generate the keys use the maxkeys command and pass the name of the secrets file in which the keys are stored. - % maxkeys /usr/local/mariadb-maxscale/etc/.secrets + % maxkeys /var/lib/maxscale/.secrets % Once the keys have been created the maxpasswd command can be used to generate the encrypted password. @@ -183,7 +183,7 @@ or % service maxscale start -Check the error log in /usr/local/mariadb-maxscale/log to see if any errors are detected in the configuration file and to confirm MaxScale has been started. Also the maxadmin command may be used to confirm that MaxScale is running and the services, listeners etc have been correctly configured. +Check the error log in /var/log/maxscale to see if any errors are detected in the configuration file and to confirm MaxScale has been started. Also the maxadmin command may be used to confirm that MaxScale is running and the services, listeners etc have been correctly configured. % maxadmin -pmariadb list services diff --git a/Documentation/Tutorials/MaxScale-Information-Schema.md b/Documentation/Tutorials/MaxScale-Information-Schema.md index 9872556b3..370960287 100644 --- a/Documentation/Tutorials/MaxScale-Information-Schema.md +++ b/Documentation/Tutorials/MaxScale-Information-Schema.md @@ -5,7 +5,7 @@ The plugin is capable of returning data in one of two ways, either as MySQL resu # Configuration -The plugin is configured in the MaxScale.cnf plugin in much the same way as any other router service is configured, there needs to be a service section in the configuration file and also listeners defined for that service. The service does not however require any backend servers to be associated with it, or any monitors. +The plugin is configured in the maxscale.cnf plugin in much the same way as any other router service is configured, there needs to be a service section in the configuration file and also listeners defined for that service. The service does not however require any backend servers to be associated with it, or any monitors. The service entry needs to define the service name, the type as service and the router module to load. The specified user, with the password (plain or encrypted via maxpassword utility) is allowed to connect via MySQL protocol. diff --git a/Documentation/Tutorials/MySQL-Cluster-Setup.md b/Documentation/Tutorials/MySQL-Cluster-Setup.md index fd6c038ca..a168fcfd4 100644 --- a/Documentation/Tutorials/MySQL-Cluster-Setup.md +++ b/Documentation/Tutorials/MySQL-Cluster-Setup.md @@ -207,7 +207,7 @@ The SQL node is referenced here as [mysqld(API)], which reflects the fact that t ## Configuring MaxScale for connection load balancing of SQL nodes -Add these sections in MaxScale.cnf config file: +Add these sections in maxscale.cnf config file: [Cluster Service] type=service @@ -249,7 +249,7 @@ Add these sections in MaxScale.cnf config file: Assuming MaxScale is installed in server1, start it - [root@server1 ~]# cd /usr/local/mariadb-maxscale/bin + [root@server1 ~]# cd /usr/bin [root@server1 bin]# ./maxscale -c ../ diff --git a/Documentation/Tutorials/MySQL-Replication-Connection-Routing-Tutorial.md b/Documentation/Tutorials/MySQL-Replication-Connection-Routing-Tutorial.md index 8158bfa76..45de0a791 100644 --- a/Documentation/Tutorials/MySQL-Replication-Connection-Routing-Tutorial.md +++ b/Documentation/Tutorials/MySQL-Replication-Connection-Routing-Tutorial.md @@ -76,7 +76,7 @@ If you wish to use two different usernames for the two different roles of monito ## Creating Your MaxScale Configuration -MaxScale configuration is held in an ini file that is located in the file MaxScale.cnf in the directory /etc. This is not created as part of the installation process and must be manually created. A template file does exist in the `/usr/share/maxscale` folder that can be use as a basis for your configuration. +MaxScale configuration is held in an ini file that is located in the file maxscale.cnf in the directory /etc. This is not created as part of the installation process and must be manually created. A template file does exist in the `/usr/share/maxscale` folder that can be use as a basis for your configuration. A global, maxscale, section is included within every MaxScale configuration file; this is used to set the values of various MaxScale wide parameters, perhaps the most important of these is the number of threads that MaxScale will use to execute the code that forwards requests and handles responses for clients. @@ -128,7 +128,7 @@ servers=dbserv1, dbserv2, dbserv3 The final step in the service sections is to add the username and password that will be used to populate the user data from the database cluster. There are two options for representing the password, either plain text or encrypted passwords may be used. In order to use encrypted passwords a set of keys must be generated that will be used by the encryption and decryption process. To generate the keys use the maxkeys command and pass the name of the secrets file in which the keys are stored. ``` -maxkeys /usr/local/mariadb-maxscale/etc/.secrets +maxkeys /var/lib/maxscale/.secrets ``` Once the keys have been created the maxpasswd command can be used to generate the encrypted password. diff --git a/Documentation/Tutorials/MySQL-Replication-Read-Write-Splitting-Tutorial.md b/Documentation/Tutorials/MySQL-Replication-Read-Write-Splitting-Tutorial.md index b34fcf71e..93ecdd931 100644 --- a/Documentation/Tutorials/MySQL-Replication-Read-Write-Splitting-Tutorial.md +++ b/Documentation/Tutorials/MySQL-Replication-Read-Write-Splitting-Tutorial.md @@ -70,7 +70,7 @@ If you wish to use two different usernames for the two different roles of monito ## Creating Your MaxScale Configuration -MaxScale configuration is held in an ini file that is located in the file MaxScale.cnf in the directory /etc, if you have installed in the default location then this file is available in /usr/local/mariadb-maxscale/etc/MaxScale.cnf. This is not created as part of the installation process and must be manually created. A template file does exist within this directory that may be use as a basis for your configuration. +MaxScale configuration is held in an ini file that is located in the file maxscale.cnf in the directory /etc, if you have installed in the default location then this file is available in /etc/maxscale.cnf. This is not created as part of the installation process and must be manually created. A template file does exist within the /usr/share/maxscale directory that may be use as a basis for your configuration. A global, maxscale, section is included within every MaxScale configuration file; this is used to set the values of various MaxScale wide parameters, perhaps the most important of these is the number of threads that MaxScale will use to execute the code that forwards requests and handles responses for clients. @@ -96,7 +96,7 @@ servers=dbserv1, dbserv2, dbserv3 The final step in the service sections is to add the username and password that will be used to populate the user data from the database cluster. There are two options for representing the password, either plain text or encrypted passwords may be used. In order to use encrypted passwords a set of keys must be generated that will be used by the encryption and decryption process. To generate the keys use the maxkeys command and pass the name of the secrets file in which the keys are stored. -% maxkeys /usr/local/mariadb-maxscale/etc/.secrets +% maxkeys /var/lib/maxscale/.secrets % @@ -226,7 +226,7 @@ or % service maxscale start -Check the error log in /usr/local/mariadb-maxscale/log to see if any errors are detected in the configuration file and to confirm MaxScale has been started. Also the maxadmin command may be used to confirm that MaxScale is running and the services, listeners etc have been correctly configured. +Check the error log in /var/log/maxscale to see if any errors are detected in the configuration file and to confirm MaxScale has been started. Also the maxadmin command may be used to confirm that MaxScale is running and the services, listeners etc have been correctly configured. % maxadmin -pmariadb list services diff --git a/Documentation/Tutorials/Nagios-Plugins.md b/Documentation/Tutorials/Nagios-Plugins.md index 9ee3a87c7..6c8cef9c2 100644 --- a/Documentation/Tutorials/Nagios-Plugins.md +++ b/Documentation/Tutorials/Nagios-Plugins.md @@ -44,7 +44,7 @@ In order to use these scripts on your Nagios Server, you need to copy them from MaxScale must be configured with 'maxscaled' protocol for the administration interface: -Example of MaxScale.cnf file: +Example of maxscale.cnf file: [AdminInterface] type=service @@ -73,9 +73,9 @@ and add (just after localhost.cfg or commnads.cfg) - modify server IP address in server1.cfg, pointing to MaxScale server - maxadmin executable must be in the nagios server - default MaxScale AdminInterface port is 6603 -- default maxadmin executable path is /usr/local/mariadb-maxscale/bin/maxadmin +- default maxadmin executable path is /usr/bin/maxadmin It can be changed by -m option -- maxadmin executable could be copied from an existing maxscale installation (default location is /usr/local/mariadb-maxscale/bin/maxadmin) +- maxadmin executable could be copied from an existing maxscale installation (default location is /usr/bin/maxadmin) This example shows configuration that needs to be done on Nagios server in order to communicate to MaxScale server that is running on host server1. In this example we are using the check_maxscale_resource as the check command diff --git a/Documentation/Tutorials/RabbitMQ-Setup-And-MaxScale-Integration.md b/Documentation/Tutorials/RabbitMQ-Setup-And-MaxScale-Integration.md index 2f2903861..c66d8c1cb 100644 --- a/Documentation/Tutorials/RabbitMQ-Setup-And-MaxScale-Integration.md +++ b/Documentation/Tutorials/RabbitMQ-Setup-And-MaxScale-Integration.md @@ -193,7 +193,7 @@ This generates RPM or DEB packages based on your system. These packages can then ## Step 5 - Configure new applications -The new filter needs to be configured in MaxScale.cnf. +The new filter needs to be configured in maxscale.cnf. [Test Service] type=service diff --git a/Documentation/Tutorials/Replication-Proxy-Binlog-Router-Tutorial.md b/Documentation/Tutorials/Replication-Proxy-Binlog-Router-Tutorial.md index 3f61638d1..b455ea86f 100644 --- a/Documentation/Tutorials/Replication-Proxy-Binlog-Router-Tutorial.md +++ b/Documentation/Tutorials/Replication-Proxy-Binlog-Router-Tutorial.md @@ -28,7 +28,7 @@ Using MaxScale as a replication proxy is much the same as using MaxScale as a pr ## Service Configuration -As with any MaxScale configuration a good starting point is with the service definition with the MaxScale.cnf file. The service requires a name which is the section name in the ini file, a type parameter with a value of service and the name of the router plugin that should be loaded. In the case of replication proxies this router name is binlogrouter. +As with any MaxScale configuration a good starting point is with the service definition with the maxscale.cnf file. The service requires a name which is the section name in the ini file, a type parameter with a value of service and the name of the router plugin that should be loaded. In the case of replication proxies this router name is binlogrouter. [Replication] diff --git a/Documentation/Tutorials/Simple-Sharding-Tutorial.md b/Documentation/Tutorials/Simple-Sharding-Tutorial.md index 6c16fa9f6..70b972de2 100644 --- a/Documentation/Tutorials/Simple-Sharding-Tutorial.md +++ b/Documentation/Tutorials/Simple-Sharding-Tutorial.md @@ -32,7 +32,7 @@ Upon successful completion of the installation command you will have MaxScale in ### Creating Your MaxScale Configuration -The first step in the creation of your MaxScale.cnf file is to define the global maxscale section. This section configures the number of threads MaxScale uses. A good rule of thumb is to use at most as may threads as you have CPUs. MaxScale uses few threads for internal operations so one or two threads less than the maximum should be enough. +The first step in the creation of your maxscale.cnf file is to define the global maxscale section. This section configures the number of threads MaxScale uses. A good rule of thumb is to use at most as may threads as you have CPUs. MaxScale uses few threads for internal operations so one or two threads less than the maximum should be enough. ``` [maxscale] @@ -92,7 +92,7 @@ After this we have a fully working configuration and we can move on to starting Upon completion of the configuration process MaxScale is ready to be started . This may either be done manually by running the maxscale command or via the service interface. The service scripts are located in the `/etc/init.d/` folder and are accessible through both the `service` and `systemctl` commands. -After starting MaxScale check the error log in /usr/local/mariadb-maxscale/log to see if any errors are detected in the configuration file. Also the maxadmin command may be used to confirm that MaxScale is running and the services, listeners etc have been correctly configured. +After starting MaxScale check the error log in /var/log/maxscale to see if any errors are detected in the configuration file. Also the maxadmin command may be used to confirm that MaxScale is running and the services, listeners etc have been correctly configured. MaxScale is now ready to start accepting client connections and routing them. Queries are routed to the right servers based on the database they target and switching between the shards is seamless since MaxScale keeps the session state intact between servers. diff --git a/Documentation/filters/Database-Firewall-Filter.md b/Documentation/filters/Database-Firewall-Filter.md index b448b65be..58eac1b6c 100644 --- a/Documentation/filters/Database-Firewall-Filter.md +++ b/Documentation/filters/Database-Firewall-Filter.md @@ -5,7 +5,7 @@ The database firewall filter is used to block queries that match a set of rules. ## Configuration -The database firewall filter only requires minimal configuration in the MaxScale.cnf file. The actual rules of the database firewall filter are located in a separate text file. The following is an example of a database firewall filter configuration in MaxScale.cnf. +The database firewall filter only requires minimal configuration in the maxscale.cnf file. The actual rules of the database firewall filter are located in a separate text file. The following is an example of a database firewall filter configuration in maxscale.cnf. ``` [DatabaseFirewall] diff --git a/Documentation/filters/Query-Log-All-Filter.md b/Documentation/filters/Query-Log-All-Filter.md index 87ea620c8..c06b97f6b 100644 --- a/Documentation/filters/Query-Log-All-Filter.md +++ b/Documentation/filters/Query-Log-All-Filter.md @@ -6,7 +6,7 @@ The Query Log All (QLA) filter is a filter module for MaxScale that is ## Configuration -The configuration block for the QLA filter requires the minimal filter options in it's section within the MaxScale.cnf file, stored in /etc/MaxScale.cnf. +The configuration block for the QLA filter requires the minimal filter options in it's section within the maxscale.cnf file, stored in /etc/maxscale.cnf. ``` [MyLogFilter] type=filter diff --git a/Documentation/filters/RabbitMQ-Filter.md b/Documentation/filters/RabbitMQ-Filter.md index 4068ceec5..3d04702ac 100644 --- a/Documentation/filters/RabbitMQ-Filter.md +++ b/Documentation/filters/RabbitMQ-Filter.md @@ -5,9 +5,9 @@ This filter is designed to extract queries and transform them into a canonical f ## Configuration -The configuration block for the **mqfilter** filter requires the minimal filter options in it’s section within the MaxScale.cnf file, stored in /etc/MaxScale.cnf. Although the filter will start, it will use the default values which only work with a freshly installed RabbitMQ server and use its default values. This setup is mostly intended for testing the filter. +The configuration block for the **mqfilter** filter requires the minimal filter options in it’s section within the maxscale.cnf file, stored in /etc/maxscale.cnf. Although the filter will start, it will use the default values which only work with a freshly installed RabbitMQ server and use its default values. This setup is mostly intended for testing the filter. -The following is an example of a mqfilter configuration in the MaxScale.cnf file used for actual logging of queries to a RabbitMQ broker on a different host. +The following is an example of a mqfilter configuration in the maxscale.cnf file used for actual logging of queries to a RabbitMQ broker on a different host. ``` [RabbitMQ] diff --git a/Documentation/filters/Regex-Filter.md b/Documentation/filters/Regex-Filter.md index 7b09ffcae..ce0f54358 100644 --- a/Documentation/filters/Regex-Filter.md +++ b/Documentation/filters/Regex-Filter.md @@ -6,7 +6,7 @@ The regex filter is a filter module for MaxScale that is able to rewrite query c # Configuration -The configuration block for the Regex filter requires the minimal filter options in it’s section within the MaxScale.cnf file, stored in /etc/MaxScale.cnf. +The configuration block for the Regex filter requires the minimal filter options in it’s section within the maxscale.cnf file, stored in /etc/maxscale.cnf. ``` [MyRegexFilter] diff --git a/Documentation/filters/Tee-Filter.md b/Documentation/filters/Tee-Filter.md index 868886ceb..c90fd814f 100644 --- a/Documentation/filters/Tee-Filter.md +++ b/Documentation/filters/Tee-Filter.md @@ -6,7 +6,7 @@ The tee filter is a filter module for MaxScale is a "plumbing" fitting in the Ma # Configuration -The configuration block for the TEE filter requires the minimal filter parameters in it’s section within the MaxScale.cnf file, stored in /etc/MaxScale.cnf, that defines the filter to load and the service to send the duplicates to. Currently the tee filter does not support multi-statements. +The configuration block for the TEE filter requires the minimal filter parameters in it’s section within the maxscale.cnf file, stored in /etc/maxscale.cnf, that defines the filter to load and the service to send the duplicates to. Currently the tee filter does not support multi-statements. ``` [DataMartFilter] diff --git a/Documentation/filters/Top-N-Filter.md b/Documentation/filters/Top-N-Filter.md index f52a6bedd..f20d9cc3c 100644 --- a/Documentation/filters/Top-N-Filter.md +++ b/Documentation/filters/Top-N-Filter.md @@ -6,7 +6,7 @@ The top filter is a filter module for MaxScale that monitors every SQL statement # Configuration -The configuration block for the TOP filter requires the minimal filter options in it’s section within the MaxScale.cnf file, stored in /etc/MaxScale.cnf. +The configuration block for the TOP filter requires the minimal filter options in it’s section within the maxscale.cnf file, stored in /etc/maxscale.cnf. ``` [MyLogFilter] From 49e72df4ab2a104be27bd02000fc57db01c8e7d6 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Wed, 3 Jun 2015 11:14:37 +0300 Subject: [PATCH 062/119] Fixed formatting. --- .../Tutorials/Administration-Tutorial.md | 65 +++++++++---------- 1 file changed, 30 insertions(+), 35 deletions(-) diff --git a/Documentation/Tutorials/Administration-Tutorial.md b/Documentation/Tutorials/Administration-Tutorial.md index e3253fca6..17d7efe37 100644 --- a/Documentation/Tutorials/Administration-Tutorial.md +++ b/Documentation/Tutorials/Administration-Tutorial.md @@ -15,13 +15,13 @@ The purpose of this tutorial is to introduce the MaxScale Administrator to a few ### Starting MaxScale There are several ways to start MaxScale, the most convenient mechanism is probably using the Linux service interface. When a MaxScale package is installed the package manager will also installed a script in /etc/init.d which may be used to start and stop MaxScale either directly or via the service interface. - +``` $ service maxscale start - +``` or - +``` $ /etc/init.d/maxscale start - +``` It is also possible to start MaxScale by executing the maxscale command itself. Running the executable /usr/bin/maxscale will result in MaxScale running as a daemon process, unattached to the terminal in which it was started and using configuration files that it finds in the /etc directory. Options may be passed to the MaxScale binary that alter this default behavior, this options are documented in the table below. @@ -49,21 +49,21 @@ Switch|Long Option|Description There are numerous ways in which MaxScale can be stopped; using the service interface, killing the process or by use of the maxadmin utility. Stopping MaxScale with the service interface is simply a case of using the service stop command or calling the init.d script with the stop argument. - +``` $ service maxscale stop - +``` or - +``` $ /etc/init.d/maxscale stop - +``` MaxScale will also stop gracefully if it received a terminate signal, to find the process id of the MaxScale server use the ps command or read the contents of the maxscale.pid file located in the /var/run/maxscale directory. - +``` $ kill `cat /var/run/maxscale/maxscale.pid` - +``` In order to shutdown MaxScale using the maxadmin command you may either connect with maxadmin in interactive mode or pass the "shutdown maxscale" command you wish to execute as an argument to maxadmin. - +``` $ maxadmin -pmariadb shutdown maxscale - +``` ### Checking The Status Of The MaxScale Services @@ -98,7 +98,7 @@ It should be noted that network listeners count as a user of the service, theref ### What Clients Are Connected To MaxScale To determine what client are currently connected to MaxScale you can use the "list clients" command within maxadmin. This will give you IP address and the ID’s of the DCB and session for that connection. As with any maxadmin command this can be passed on the command line or typed interactively in maxadmin. - +``` $ maxadmin -pmariadb list clients Client Connections @@ -114,28 +114,27 @@ To determine what client are currently connected to MaxScale you can use the "li -----------------+------------------+----------------------+------------ $ - +``` ### Rotating Log Files MaxScale write log data into four log files with varying degrees of detail. With the exception of the error log, which can not be disabled, these log files may be enabled and disabled via the maxadmin interface or in the configuration file. The default behavior of MaxScale is to grow the log files indefinitely, the administrator must take action to prevent this. It is possible to rotate either a single log file or all the log files with a single command. When the logfile is rotated, the current log file is closed and a new log file, with an increased sequence number in its name, is created. Log file rotation is achieved by use of the "flush log" or “flush logs” command in maxadmin. - +``` $ maxadmin -pmariadb flush logs - +``` Flushes all of the logs, whereas an individual log may be flushed with the "flush log" command. - +``` $ maxadmin -pmariadb MaxScale> flush log error MaxScale> flush log trace MaxScale> - +``` This may be integrated into the Linux logrotate mechanism by adding a configuration file to the /etc/logrotate.d directory. If we assume we want to rotate the log files once per month and wish to keep 5 log files worth of history, the configuration file would look like the following. -
/usr/local/mariadb-maxscale/log/*.log { + /var/log/maxscale/*.log { monthly rotate 5 missingok nocompress sharedscripts postrotate -kill -USR1 `cat /usr/local/mariadb-maxscale/log/maxscale.pid` +kill -USR1 `cat /var/run/maxscale/maxscale.pid` endscript }
- - - -
/var/log/maxscale/*.log { +``` +/var/log/maxscale/*.log { monthly rotate 5 missingok @@ -147,16 +146,13 @@ if test -n "`ps acx|grep maxscale`"; then /usr/bin/maxadmin -pmariadb flush logs fi endscript -}
- +} +``` One disadvantage with this is that the password used for the maxadmin command has to be embedded in the log rotate configuration file. MaxScale will also rotate all of its log files if it receives the USR1 signal. Using this the logrotate configuration script can be rewritten as - - - - -
/var/log/maxscale/*.log { +``` +/var/log/maxscale/*.log { monthly rotate 5 missingok @@ -165,9 +161,8 @@ sharedscripts postrotate kill -USR1 `cat /var/run/maxscale/maxscale.pid` endscript -}
+} +``` ### Taking A Database Server Out Of Use @@ -175,16 +170,16 @@ endscript MaxScale supports the concept of maintenance mode for servers within a cluster, this allows for planned, temporary removal of a database from the cluster within the need to change the MaxScale configuration. To achieve the removal of a database server you can use the set server command in the maxadmin utility to set the maintenance mode flag for the server. This may be done interactively within maxadmin or by passing the command on the command line. - +``` MaxScale> set server dbserver3 maintenance MaxScale> - +``` This will cause MaxScale to stop routing any new requests to the server, however if there are currently requests executing on the server these will not be interrupted. To bring the server back into service use the "clear server" command to clear the maintenance mode bit for that server. - +``` MaxScale> clear server dbserver3 maintenance MaxScale> - +``` Note that maintenance mode is not persistent, if MaxScale restarts when a node is in maintenance mode a new instance of MaxScale will not honour this mode. If multiple MaxScale instances are configured to use the node them maintenance mode must be set within each MaxScale instance. However if multiple services within one MaxScale instance are using the server then you only need set the maintenance mode once on the server for all services to take note of the mode change. From 72d14f88940b452f0750f1c7f0b97cef929d5767 Mon Sep 17 00:00:00 2001 From: MassimilianoPinto Date: Wed, 3 Jun 2015 10:15:48 +0200 Subject: [PATCH 063/119] Addition of server_update_address/port --- server/core/server.c | 39 +++++++++++++++++++++++++++++++++++++++ server/include/server.h | 3 +++ 2 files changed, 42 insertions(+) diff --git a/server/core/server.c b/server/core/server.c index 425089d93..9455adb94 100644 --- a/server/core/server.c +++ b/server/core/server.c @@ -32,6 +32,7 @@ * 26/06/14 Mark Riddoch Addition of server parameters * 30/08/14 Massimiliano Pinto Addition of new service status description * 30/10/14 Massimiliano Pinto Addition of SERVER_MASTER_STICKINESS description + * 01/06/15 Massimiliano Pinto Addition of server_update_address/port * * @endverbatim */ @@ -731,3 +732,41 @@ int *data; return set; } + +/* + * Update the address value of a specific server + * + * @param server The server to update + * @param address The new address + * + */ +void +server_update_address(SERVER *server, char *address) +{ + spinlock_acquire(&server_spin); + if (server && address) { + if (server->name) { + free(server->name); + } + server->name = strdup(address); + } + spinlock_release(&server_spin); +} + +/* + * Update the port value of a specific server + * + * @param server The server to update + * @param port The new port value + * + */ +void +server_update_port(SERVER *server, unsigned short port) +{ + spinlock_acquire(&server_spin); + if (server && port > 0) { + server->port = port; + } + spinlock_release(&server_spin); +} + diff --git a/server/include/server.h b/server/include/server.h index 734f30365..28011927f 100644 --- a/server/include/server.h +++ b/server/include/server.h @@ -43,6 +43,7 @@ * 30/08/14 Massimiliano Pinto Addition of SERVER_STALE_STATUS * 27/10/14 Massimiliano Pinto Addition of SERVER_MASTER_STICKINESS * 19/02/15 Mark Riddoch Addition of serverGetList + * 01/06/15 Massimiliano Pinto Addition of server_update_address/port * * @endverbatim */ @@ -189,5 +190,7 @@ extern void serverAddParameter(SERVER *, char *, char *); extern char *serverGetParameter(SERVER *, char *); extern void server_update(SERVER *, char *, char *, char *); extern void server_set_unique_name(SERVER *, char *); +extern void server_update_address(SERVER *, char *); +extern void server_update_port(SERVER *, unsigned short); extern RESULTSET *serverGetList(); #endif From 19ac70fc2fdb5f4276cd0ea4e62f85534c21b7e9 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Wed, 3 Jun 2015 13:15:45 +0300 Subject: [PATCH 064/119] Added unit tests for SSL. --- server/core/config.c | 46 ++++++++--- server/core/service.c | 12 ++- server/include/service.h | 1 + server/modules/protocol/CMakeLists.txt | 1 + server/modules/protocol/test/CMakeLists.txt | 10 +++ server/modules/protocol/test/bad_ca.cnf | 28 +++++++ server/modules/protocol/test/bad_cert.cnf | 28 +++++++ server/modules/protocol/test/bad_key.cnf | 28 +++++++ server/modules/protocol/test/bad_ssl.cnf | 28 +++++++ server/modules/protocol/test/no_ca.cnf | 28 +++++++ .../modules/protocol/test/no_server_cert.cnf | 28 +++++++ .../modules/protocol/test/no_server_key.cnf | 28 +++++++ server/modules/protocol/test/ok.cnf | 28 +++++++ server/modules/protocol/test/test_ssl.sh | 76 +++++++++++++++++++ 14 files changed, 360 insertions(+), 10 deletions(-) create mode 100644 server/modules/protocol/test/CMakeLists.txt create mode 100644 server/modules/protocol/test/bad_ca.cnf create mode 100644 server/modules/protocol/test/bad_cert.cnf create mode 100644 server/modules/protocol/test/bad_key.cnf create mode 100644 server/modules/protocol/test/bad_ssl.cnf create mode 100644 server/modules/protocol/test/no_ca.cnf create mode 100644 server/modules/protocol/test/no_server_cert.cnf create mode 100644 server/modules/protocol/test/no_server_key.cnf create mode 100644 server/modules/protocol/test/ok.cnf create mode 100755 server/modules/protocol/test/test_ssl.sh diff --git a/server/core/config.c b/server/core/config.c index 5e03a3b19..40be2c704 100644 --- a/server/core/config.c +++ b/server/core/config.c @@ -453,41 +453,69 @@ hashtable_memory_fns(monitorhash,strdup,NULL,free,NULL); if(ssl) { if(ssl_cert == NULL) + { + error_count++; skygw_log_write(LE,"Error: Server certificate missing for service '%s'." "Please provide the path to the server certificate by adding the ssl_cert= parameter", obj->object); + } if(ssl_ca_cert == NULL) + { + error_count++; skygw_log_write(LE,"Error: CA Certificate missing for service '%s'." "Please provide the path to the certificate authority certificate by adding the ssl_ca_cert= parameter", obj->object); + } if(ssl_key == NULL) + { + error_count++; skygw_log_write(LE,"Error: Server private key missing for service '%s'. " "Please provide the path to the server certificate key by adding the ssl_key= parameter" ,obj->object); + } - if(ssl_ca_cert != NULL && ssl_cert != NULL && ssl_key != NULL) + if(access(ssl_ca_cert,F_OK) != 0) { + skygw_log_write(LE,"Error: Certificate authority file for service '%s' not found: %s", + obj->object, + ssl_ca_cert); + error_count++; + } + if(access(ssl_cert,F_OK) != 0) + { + skygw_log_write(LE,"Error: Server certificate file for service '%s' not found: %s", + obj->object, + ssl_cert); + error_count++; + } + if(access(ssl_key,F_OK) != 0) + { + skygw_log_write(LE,"Error: Server private key file for service '%s' not found: %s", + obj->object, + ssl_key); + error_count++; + } + if(error_count == 0) + { if(serviceSetSSL(obj->element,ssl) != 0) { skygw_log_write(LE,"Error: Unknown parameter for service '%s': %s",obj->object,ssl); + error_count++; } else { serviceSetCertificates(obj->element,ssl_cert,ssl_key,ssl_ca_cert); if(ssl_version) { - serviceSetSSLVersion(obj->element,ssl_version); + if(serviceSetSSLVersion(obj->element,ssl_version) != 0) + { + skygw_log_write(LE,"Error: Unknown parameter value for 'ssl_version' for service '%s': %s",obj->object,ssl_version); + error_count++; + } } } } - else - { - /** If SSL was configured wrong, the - * service needs to fail.*/ - skygw_log_write_flush(LE,"Error: Missing SSL certificate paths found in the configuration. " - "This service will not use SSL."); - } } diff --git a/server/core/service.c b/server/core/service.c index a8df37f5b..7fc931297 100644 --- a/server/core/service.c +++ b/server/core/service.c @@ -864,12 +864,20 @@ serviceOptimizeWildcard(SERVICE *service, int action) void serviceSetCertificates(SERVICE *service, char* cert,char* key, char* ca_cert) { + if(service->ssl_cert) + free(service->ssl_cert); service->ssl_cert = strdup(cert); + + if(service->ssl_key) + free(service->ssl_key); service->ssl_key = strdup(key); + + if(service->ssl_ca_cert) + free(service->ssl_ca_cert); service->ssl_ca_cert = strdup(ca_cert); } -void +int serviceSetSSLVersion(SERVICE *service, char* version) { if(strcasecmp(version,"SSLV2") == 0) @@ -884,6 +892,8 @@ serviceSetSSLVersion(SERVICE *service, char* version) service->ssl_method_type = SERVICE_TLS12; else if(strcasecmp(version,"MAX") == 0) service->ssl_method_type = SERVICE_SSL_TLS_MAX; + else return -1; + return 0; } /** Enable or disable the service SSL capability*/ int diff --git a/server/include/service.h b/server/include/service.h index 7975518e7..af71bfe7d 100644 --- a/server/include/service.h +++ b/server/include/service.h @@ -210,6 +210,7 @@ extern int serviceGetUser(SERVICE *, char **, char **); extern void serviceSetFilters(SERVICE *, char *); extern int serviceSetSSL(SERVICE *service, char* action); extern int serviceInitSSL(SERVICE* service); +extern int serviceSetSSLVersion(SERVICE *service, char* version); extern void serviceSetCertificates(SERVICE *service, char* cert,char* key, char* ca_cert); extern int serviceEnableRootUser(SERVICE *, int ); extern int serviceSetTimeout(SERVICE *, int ); diff --git a/server/modules/protocol/CMakeLists.txt b/server/modules/protocol/CMakeLists.txt index 4ae3b8f2c..124071c44 100644 --- a/server/modules/protocol/CMakeLists.txt +++ b/server/modules/protocol/CMakeLists.txt @@ -17,6 +17,7 @@ install(TARGETS HTTPD DESTINATION ${MAXSCALE_LIBDIR}) if(BUILD_TESTS) add_library(testprotocol SHARED testprotocol.c) install(TARGETS testprotocol DESTINATION ${MAXSCALE_LIBDIR}) + add_subdirectory(test) endif() add_library(maxscaled SHARED maxscaled.c) diff --git a/server/modules/protocol/test/CMakeLists.txt b/server/modules/protocol/test/CMakeLists.txt new file mode 100644 index 000000000..f3eb3aa2b --- /dev/null +++ b/server/modules/protocol/test/CMakeLists.txt @@ -0,0 +1,10 @@ +configure_file(test_ssl.sh ${CMAKE_CURRENT_BINARY_DIR}/test_ssl.sh @ONLY) +configure_file(no_ca.cnf ${CMAKE_CURRENT_BINARY_DIR}/no_ca.cnf @ONLY) +configure_file(no_server_cert.cnf ${CMAKE_CURRENT_BINARY_DIR}/no_server_cert.cnf @ONLY) +configure_file(no_server_key.cnf ${CMAKE_CURRENT_BINARY_DIR}/no_server_key.cnf @ONLY) +configure_file(bad_ca.cnf ${CMAKE_CURRENT_BINARY_DIR}/bad_ca.cnf @ONLY) +configure_file(bad_cert.cnf ${CMAKE_CURRENT_BINARY_DIR}/bad_cert.cnf @ONLY) +configure_file(bad_key.cnf ${CMAKE_CURRENT_BINARY_DIR}/bad_key.cnf @ONLY) +configure_file(bad_ssl.cnf ${CMAKE_CURRENT_BINARY_DIR}/bad_ssl.cnf @ONLY) +configure_file(ok.cnf ${CMAKE_CURRENT_BINARY_DIR}/ok.cnf @ONLY) +add_test(NAME SSLTest COMMAND ${CMAKE_CURRENT_BINARY_DIR}/test_ssl.sh) diff --git a/server/modules/protocol/test/bad_ca.cnf b/server/modules/protocol/test/bad_ca.cnf new file mode 100644 index 000000000..9206679a9 --- /dev/null +++ b/server/modules/protocol/test/bad_ca.cnf @@ -0,0 +1,28 @@ +[maxscale] +threads=1 +logdir=@CMAKE_CURRENT_BINARY_DIR@ +datadir=@CMAKE_CURRENT_BINARY_DIR@ +piddir=@CMAKE_CURRENT_BINARY_DIR@ +cachedir=@CMAKE_CURRENT_BINARY_DIR@ + +[Testservice] +type=service +router=readconnroute +servers=server1 +user=user +passwd=pwd +ssl=enabled +ssl_ca_cert=This is not a value +ssl_cert=@CMAKE_CURRENT_BINARY_DIR@/server-cert +ssl_key=@CMAKE_CURRENT_BINARY_DIR@/server-key + +[Testlistener] +type=listener +service=Testservice +protocol=MySQLBackend +port=12345 + +[server1] +type=server +address=127.0.0.1 +port=4321 diff --git a/server/modules/protocol/test/bad_cert.cnf b/server/modules/protocol/test/bad_cert.cnf new file mode 100644 index 000000000..1b4c776cc --- /dev/null +++ b/server/modules/protocol/test/bad_cert.cnf @@ -0,0 +1,28 @@ +[maxscale] +threads=1 +logdir=@CMAKE_CURRENT_BINARY_DIR@ +datadir=@CMAKE_CURRENT_BINARY_DIR@ +piddir=@CMAKE_CURRENT_BINARY_DIR@ +cachedir=@CMAKE_CURRENT_BINARY_DIR@ + +[Testservice] +type=service +router=readconnroute +servers=server1 +user=user +passwd=pwd +ssl=enabled +ssl_ca_cert=@CMAKE_CURRENT_BINARY_DIR@/ca +ssl_cert=This is not a value +ssl_key=@CMAKE_CURRENT_BINARY_DIR@/server-key + +[Testlistener] +type=listener +service=Testservice +protocol=MySQLBackend +port=12345 + +[server1] +type=server +address=127.0.0.1 +port=4321 diff --git a/server/modules/protocol/test/bad_key.cnf b/server/modules/protocol/test/bad_key.cnf new file mode 100644 index 000000000..4e0be5f05 --- /dev/null +++ b/server/modules/protocol/test/bad_key.cnf @@ -0,0 +1,28 @@ +[maxscale] +threads=1 +logdir=@CMAKE_CURRENT_BINARY_DIR@ +datadir=@CMAKE_CURRENT_BINARY_DIR@ +piddir=@CMAKE_CURRENT_BINARY_DIR@ +cachedir=@CMAKE_CURRENT_BINARY_DIR@ + +[Testservice] +type=service +router=readconnroute +servers=server1 +user=user +passwd=pwd +ssl=enabled +ssl_ca_cert=@CMAKE_CURRENT_BINARY_DIR@/ca +ssl_cert=@CMAKE_CURRENT_BINARY_DIR@/server-cert +ssl_key=This is not a value + +[Testlistener] +type=listener +service=Testservice +protocol=MySQLBackend +port=12345 + +[server1] +type=server +address=127.0.0.1 +port=4321 diff --git a/server/modules/protocol/test/bad_ssl.cnf b/server/modules/protocol/test/bad_ssl.cnf new file mode 100644 index 000000000..f6dcff1a1 --- /dev/null +++ b/server/modules/protocol/test/bad_ssl.cnf @@ -0,0 +1,28 @@ +[maxscale] +threads=1 +logdir=@CMAKE_CURRENT_BINARY_DIR@ +datadir=@CMAKE_CURRENT_BINARY_DIR@ +piddir=@CMAKE_CURRENT_BINARY_DIR@ +cachedir=@CMAKE_CURRENT_BINARY_DIR@ + +[Testservice] +type=service +router=readconnroute +servers=server1 +user=user +passwd=pwd +ssl=testing +ssl_ca_cert=@CMAKE_CURRENT_BINARY_DIR@/ca +ssl_cert=@CMAKE_CURRENT_BINARY_DIR@/server-cert +ssl_key=@CMAKE_CURRENT_BINARY_DIR@/server-key + +[Testlistener] +type=listener +service=Testservice +protocol=MySQLBackend +port=12345 + +[server1] +type=server +address=127.0.0.1 +port=4321 diff --git a/server/modules/protocol/test/no_ca.cnf b/server/modules/protocol/test/no_ca.cnf new file mode 100644 index 000000000..56f603f6a --- /dev/null +++ b/server/modules/protocol/test/no_ca.cnf @@ -0,0 +1,28 @@ +[maxscale] +threads=1 +logdir=@CMAKE_CURRENT_BINARY_DIR@ +datadir=@CMAKE_CURRENT_BINARY_DIR@ +piddir=@CMAKE_CURRENT_BINARY_DIR@ +cachedir=@CMAKE_CURRENT_BINARY_DIR@ + +[Testservice] +type=service +router=readconnroute +servers=server1 +user=user +passwd=pwd +ssl=enabled +#ssl_ca_cert=@CMAKE_CURRENT_BINARY_DIR@/ca +ssl_cert=@CMAKE_CURRENT_BINARY_DIR@/server-cert +ssl_key=@CMAKE_CURRENT_BINARY_DIR@/server-key + +[Testlistener] +type=listener +service=Testservice +protocol=MySQLBackend +port=12345 + +[server1] +type=server +address=127.0.0.1 +port=4321 diff --git a/server/modules/protocol/test/no_server_cert.cnf b/server/modules/protocol/test/no_server_cert.cnf new file mode 100644 index 000000000..f714a0b3f --- /dev/null +++ b/server/modules/protocol/test/no_server_cert.cnf @@ -0,0 +1,28 @@ +[maxscale] +threads=1 +logdir=@CMAKE_CURRENT_BINARY_DIR@ +datadir=@CMAKE_CURRENT_BINARY_DIR@ +piddir=@CMAKE_CURRENT_BINARY_DIR@ +cachedir=@CMAKE_CURRENT_BINARY_DIR@ + +[Testservice] +type=service +router=readconnroute +servers=server1 +user=user +passwd=pwd +ssl=enabled +ssl_ca_cert=@CMAKE_CURRENT_BINARY_DIR@/ca +#ssl_cert=@CMAKE_CURRENT_BINARY_DIR@/server-cert +ssl_key=@CMAKE_CURRENT_BINARY_DIR@/server-key + +[Testlistener] +type=listener +service=Testservice +protocol=MySQLBackend +port=12345 + +[server1] +type=server +address=127.0.0.1 +port=4321 diff --git a/server/modules/protocol/test/no_server_key.cnf b/server/modules/protocol/test/no_server_key.cnf new file mode 100644 index 000000000..a820ee414 --- /dev/null +++ b/server/modules/protocol/test/no_server_key.cnf @@ -0,0 +1,28 @@ +[maxscale] +threads=1 +logdir=@CMAKE_CURRENT_BINARY_DIR@ +datadir=@CMAKE_CURRENT_BINARY_DIR@ +piddir=@CMAKE_CURRENT_BINARY_DIR@ +cachedir=@CMAKE_CURRENT_BINARY_DIR@ + +[Testservice] +type=service +router=readconnroute +servers=server1 +user=user +passwd=pwd +ssl=enabled +ssl_ca_cert=@CMAKE_CURRENT_BINARY_DIR@/ca +ssl_cert=@CMAKE_CURRENT_BINARY_DIR@/server-cert +#ssl_key=@CMAKE_CURRENT_BINARY_DIR@/server-key + +[Testlistener] +type=listener +service=Testservice +protocol=MySQLBackend +port=12345 + +[server1] +type=server +address=127.0.0.1 +port=4321 diff --git a/server/modules/protocol/test/ok.cnf b/server/modules/protocol/test/ok.cnf new file mode 100644 index 000000000..089025c0d --- /dev/null +++ b/server/modules/protocol/test/ok.cnf @@ -0,0 +1,28 @@ +[maxscale] +threads=1 +logdir=@CMAKE_CURRENT_BINARY_DIR@ +datadir=@CMAKE_CURRENT_BINARY_DIR@ +piddir=@CMAKE_CURRENT_BINARY_DIR@ +cachedir=@CMAKE_CURRENT_BINARY_DIR@ + +[Testservice] +type=service +router=readconnroute +servers=server1 +user=user +passwd=pwd +ssl=enabled +ssl_ca_cert=@CMAKE_CURRENT_BINARY_DIR@/ca +ssl_cert=@CMAKE_CURRENT_BINARY_DIR@/server-cert +ssl_key=@CMAKE_CURRENT_BINARY_DIR@/server-key + +[Testlistener] +type=listener +service=Testservice +protocol=MySQLBackend +port=12345 + +[server1] +type=server +address=127.0.0.1 +port=4321 diff --git a/server/modules/protocol/test/test_ssl.sh b/server/modules/protocol/test/test_ssl.sh new file mode 100755 index 000000000..632da0f3a --- /dev/null +++ b/server/modules/protocol/test/test_ssl.sh @@ -0,0 +1,76 @@ +#!/usr/bin/env bash + +function create_certs() +{ + echo "CA cert" > @CMAKE_CURRENT_BINARY_DIR@/ca.pem + echo "Server Certificate" > @CMAKE_CURRENT_BINARY_DIR@/server-cert.pem + echo "Server Key" > @CMAKE_CURRENT_BINARY_DIR@/server-key.pem +} + +function start_maxscale () +{ + local result=$(@CMAKE_INSTALL_PREFIX@/@MAXSCALE_BINDIR@/maxscale -d -f $1 &> $1.log;echo $?) + if [[ $result == "0" ]] + then + echo "Error: $1 exited with status $result!" + exit 1 + fi +} + +# No CA defined +printf "Testing No CA defined" +start_maxscale @CMAKE_CURRENT_BINARY_DIR@/no_ca.cnf +echo " OK" + +# No cert defined +printf "Testing No cert defined" +start_maxscale @CMAKE_CURRENT_BINARY_DIR@/no_cert.cnf +echo " OK" + +# No key defined +printf "Testing No key defined" +start_maxscale @CMAKE_CURRENT_BINARY_DIR@/no_key.cnf +echo " OK" + +# Bad SSL value +printf "Testing Bad SSL defined" +start_maxscale @CMAKE_CURRENT_BINARY_DIR@/bad_ssl.cnf +echo " OK" + +# Bad CA defined +printf "Testing Bad CA defined" +start_maxscale @CMAKE_CURRENT_BINARY_DIR@/bad_ca.cnf +echo " OK" + +# Bad cert defined +printf "Testing Bad cert defined" +start_maxscale @CMAKE_CURRENT_BINARY_DIR@/bad_cert.cnf +echo " OK" + +# Bad key defined +printf "Testing Bad key defined" +start_maxscale @CMAKE_CURRENT_BINARY_DIR@/bad_key.cnf +echo " OK" + +# No CA file +printf "Testing No CA file" +create_certs +rm @CMAKE_CURRENT_BINARY_DIR@/ca.pem +start_maxscale @CMAKE_CURRENT_BINARY_DIR@/ok.cnf +echo " OK" + +# No cert file +printf "Testing No cert file" +create_certs +rm @CMAKE_CURRENT_BINARY_DIR@/server-cert.pem +start_maxscale @CMAKE_CURRENT_BINARY_DIR@/ok.cnf +echo " OK" + +# No key file +printf "Testing No key file" +create_certs +rm @CMAKE_CURRENT_BINARY_DIR@/server-key.pem +start_maxscale @CMAKE_CURRENT_BINARY_DIR@/ok.cnf +echo " OK" + +exit 0 From 4d30cd5fd3b9bdb9a8bb03ec742b158dd558ae94 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Wed, 3 Jun 2015 13:28:35 +0300 Subject: [PATCH 065/119] Added unit test for SSL version. --- server/modules/protocol/test/CMakeLists.txt | 1 + .../modules/protocol/test/bad_ssl_version.cnf | 29 +++++++++++++++++++ server/modules/protocol/test/test_ssl.sh | 17 +++++++---- 3 files changed, 41 insertions(+), 6 deletions(-) create mode 100644 server/modules/protocol/test/bad_ssl_version.cnf diff --git a/server/modules/protocol/test/CMakeLists.txt b/server/modules/protocol/test/CMakeLists.txt index f3eb3aa2b..26653901c 100644 --- a/server/modules/protocol/test/CMakeLists.txt +++ b/server/modules/protocol/test/CMakeLists.txt @@ -6,5 +6,6 @@ configure_file(bad_ca.cnf ${CMAKE_CURRENT_BINARY_DIR}/bad_ca.cnf @ONLY) configure_file(bad_cert.cnf ${CMAKE_CURRENT_BINARY_DIR}/bad_cert.cnf @ONLY) configure_file(bad_key.cnf ${CMAKE_CURRENT_BINARY_DIR}/bad_key.cnf @ONLY) configure_file(bad_ssl.cnf ${CMAKE_CURRENT_BINARY_DIR}/bad_ssl.cnf @ONLY) +configure_file(bad_ssl_version.cnf ${CMAKE_CURRENT_BINARY_DIR}/bad_ssl_version.cnf @ONLY) configure_file(ok.cnf ${CMAKE_CURRENT_BINARY_DIR}/ok.cnf @ONLY) add_test(NAME SSLTest COMMAND ${CMAKE_CURRENT_BINARY_DIR}/test_ssl.sh) diff --git a/server/modules/protocol/test/bad_ssl_version.cnf b/server/modules/protocol/test/bad_ssl_version.cnf new file mode 100644 index 000000000..6849b1904 --- /dev/null +++ b/server/modules/protocol/test/bad_ssl_version.cnf @@ -0,0 +1,29 @@ +[maxscale] +threads=1 +logdir=@CMAKE_CURRENT_BINARY_DIR@ +datadir=@CMAKE_CURRENT_BINARY_DIR@ +piddir=@CMAKE_CURRENT_BINARY_DIR@ +cachedir=@CMAKE_CURRENT_BINARY_DIR@ + +[Testservice] +type=service +router=readconnroute +servers=server1 +user=user +passwd=pwd +ssl=enabled +ssl_ca_cert=@CMAKE_CURRENT_BINARY_DIR@/ca +ssl_cert=@CMAKE_CURRENT_BINARY_DIR@/server-cert +ssl_key=@CMAKE_CURRENT_BINARY_DIR@/server-key +ssl_version=Don't use SSL, it's not needed! + +[Testlistener] +type=listener +service=Testservice +protocol=MySQLBackend +port=12345 + +[server1] +type=server +address=127.0.0.1 +port=4321 diff --git a/server/modules/protocol/test/test_ssl.sh b/server/modules/protocol/test/test_ssl.sh index 632da0f3a..b4b4c4d46 100755 --- a/server/modules/protocol/test/test_ssl.sh +++ b/server/modules/protocol/test/test_ssl.sh @@ -32,22 +32,27 @@ printf "Testing No key defined" start_maxscale @CMAKE_CURRENT_BINARY_DIR@/no_key.cnf echo " OK" -# Bad SSL value +# Bad SSL value defined printf "Testing Bad SSL defined" start_maxscale @CMAKE_CURRENT_BINARY_DIR@/bad_ssl.cnf echo " OK" -# Bad CA defined +# Bad SSL version defined +printf "Testing Bad SSL version defined" +start_maxscale @CMAKE_CURRENT_BINARY_DIR@/bad_ssl_version.cnf +echo " OK" + +# Bad CA value defined printf "Testing Bad CA defined" start_maxscale @CMAKE_CURRENT_BINARY_DIR@/bad_ca.cnf echo " OK" -# Bad cert defined +# Bad server certificate defined printf "Testing Bad cert defined" start_maxscale @CMAKE_CURRENT_BINARY_DIR@/bad_cert.cnf echo " OK" -# Bad key defined +# Bad server key defined printf "Testing Bad key defined" start_maxscale @CMAKE_CURRENT_BINARY_DIR@/bad_key.cnf echo " OK" @@ -59,14 +64,14 @@ rm @CMAKE_CURRENT_BINARY_DIR@/ca.pem start_maxscale @CMAKE_CURRENT_BINARY_DIR@/ok.cnf echo " OK" -# No cert file +# No server certificate file printf "Testing No cert file" create_certs rm @CMAKE_CURRENT_BINARY_DIR@/server-cert.pem start_maxscale @CMAKE_CURRENT_BINARY_DIR@/ok.cnf echo " OK" -# No key file +# No server key file printf "Testing No key file" create_certs rm @CMAKE_CURRENT_BINARY_DIR@/server-key.pem From a033cbf200ae059374f78fd09deef645306f4a86 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Wed, 3 Jun 2015 14:14:05 +0300 Subject: [PATCH 066/119] Added more informative error messages when SSL handshake fails. --- server/core/dcb.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/server/core/dcb.c b/server/core/dcb.c index ade2affed..95130299f 100644 --- a/server/core/dcb.c +++ b/server/core/dcb.c @@ -2789,7 +2789,7 @@ int dcb_create_SSL(DCB* dcb) int dcb_accept_SSL(DCB* dcb) { int rval,errnum; - + char errbuf[140]; rval = SSL_accept(dcb->ssl); switch(rval) @@ -2819,23 +2819,25 @@ int dcb_accept_SSL(DCB* dcb) rval = 0; LOGIF(LD,(skygw_log_write_flush(LD,"SSL_accept ongoing for %s@%s", - dcb->user, + dcb->user?dcb->user:"a connection from ", dcb->remote))); } else { rval = -1; + ERR_error_string(errnum,errbuf); skygw_log_write_flush(LE, - "Error: Fatal error in SSL_accept for %s@%s: %s", + "Error: Fatal error in SSL_accept for %s@%s: (SSL error code: %d) %s", dcb->user, dcb->remote, - ERR_error_string(errnum,NULL)); + errnum, + errbuf); } break; default: skygw_log_write_flush(LE, - "Error: Fatal error in SSL_accept, returned value was %d.", + "Error: Fatal library error in SSL_accept, returned value was %d.", rval); break; } @@ -2855,7 +2857,7 @@ int dcb_accept_SSL(DCB* dcb) int dcb_connect_SSL(DCB* dcb) { int rval,errnum; - + char errbuf[140]; rval = SSL_connect(dcb->ssl); switch(rval) @@ -2891,11 +2893,13 @@ int dcb_connect_SSL(DCB* dcb) else { rval = -1; + ERR_error_string(errnum,errbuf); skygw_log_write_flush(LE, - "Error: Fatal error in SSL_connect for %s@%s: %s", + "Error: Fatal error in SSL_accept for %s@%s: (SSL error code: %d) %s", dcb->user, dcb->remote, - ERR_error_string(errnum,NULL)); + errnum, + errbuf); } break; From fe5e40e397bf67b7f4a34d68721b5dc1805d5926 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Wed, 3 Jun 2015 16:08:11 +0300 Subject: [PATCH 067/119] Added missing initialization of user and password variables in monitor_alloc. --- server/core/monitor.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/server/core/monitor.c b/server/core/monitor.c index ae9a64794..0f24e691d 100644 --- a/server/core/monitor.c +++ b/server/core/monitor.c @@ -81,6 +81,8 @@ MONITOR *mon; mon->handle = NULL; mon->databases = NULL; mon->password = NULL; + mon->user = NULL; + mon->password = NULL; mon->read_timeout = DEFAULT_READ_TIMEOUT; mon->write_timeout = DEFAULT_WRITE_TIMEOUT; mon->connect_timeout = DEFAULT_CONNECT_TIMEOUT; From 98d98c589e5326306f6481c299f6ecb6ac2e0b35 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Thu, 4 Jun 2015 13:30:36 +0300 Subject: [PATCH 068/119] Added an Lsyncd configuration file. --- etc/lsyncd.conf | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 etc/lsyncd.conf diff --git a/etc/lsyncd.conf b/etc/lsyncd.conf new file mode 100644 index 000000000..40e860675 --- /dev/null +++ b/etc/lsyncd.conf @@ -0,0 +1,30 @@ + +-- Lsyncd will log to these two files. +settings{ + logfile = "/var/log/maxscale/maxscale-ha.log", + statusFile = "/var/log/maxscale/maxscale-ha-status.log" +} + +-- Copy and paste the sync section and change the host value to add new remote targets. +sync{ +default.rsyncssh, + +-- This is where the maxscale.cnf file is copied from. +source="/etc", + +-- This is the user and host where the maxscale.cnf is copied to. +host="user@127.0.0.1", + +-- This is where the maxscale.cnf is copied to on the remote host. +targetdir="/etc", + +-- This is an optional section which defines a custom SSH port. Uncomment to enable. +-- ssh={port=2222}, + +-- These are values passed to rsync. Only change these if you know what you are doing. +rsync={ +compress=true, +_extra = {[[--filter=+ *maxscale.cnf]], + [[--filter=- **]]} +} +} From a032c94d25c6557cfce3bd835d8c89d10bc22f26 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Thu, 4 Jun 2015 16:49:39 +0300 Subject: [PATCH 069/119] Added comments to SSL tests. --- server/modules/protocol/test/test_ssl.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/server/modules/protocol/test/test_ssl.sh b/server/modules/protocol/test/test_ssl.sh index b4b4c4d46..f14670689 100755 --- a/server/modules/protocol/test/test_ssl.sh +++ b/server/modules/protocol/test/test_ssl.sh @@ -17,6 +17,8 @@ function start_maxscale () fi } +# All test cases expect that MaxScale will not start with a bad configuration or missing certificates + # No CA defined printf "Testing No CA defined" start_maxscale @CMAKE_CURRENT_BINARY_DIR@/no_ca.cnf From dceccce2ef919d69b952fca810af621e6e68ebec Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Thu, 4 Jun 2015 16:52:43 +0300 Subject: [PATCH 070/119] Changed gwbuf_length function to GWBUF_LENGTH macro in dcb_read_SSL. --- server/core/dcb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/core/dcb.c b/server/core/dcb.c index 95130299f..ae77707b9 100644 --- a/server/core/dcb.c +++ b/server/core/dcb.c @@ -1017,7 +1017,7 @@ int dcb_read_SSL( if(n < b) { gwbuf_rtrim(buffer,b - n); - ss_dassert(gwbuf_length(buffer) == n); + ss_dassert(GWBUF_LENGTH(buffer) == n); LOGIF(LD,(skygw_log_write(LD,"[%lu] SSL: Truncated buffer to correct size from %d to %d bytes.\n", b,gwbuf_length(buffer)))); } From 6f58f29494c2989330d02b4a36c7d2789dc53b56 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Thu, 4 Jun 2015 19:14:53 +0300 Subject: [PATCH 071/119] Added a guide on how to have a HA setup of MaxScale with lsyncd. --- CMakeLists.txt | 1 + Documentation/Documentation-Contents.md | 1 + .../Reference/MaxScale-HA-with-lsyncd.md | 117 ++++++++++++++++++ etc/{lsyncd.conf => lsyncd_example.conf} | 0 4 files changed, 119 insertions(+) create mode 100644 Documentation/Reference/MaxScale-HA-with-lsyncd.md rename etc/{lsyncd.conf => lsyncd_example.conf} (100%) diff --git a/CMakeLists.txt b/CMakeLists.txt index 03cb541b6..d12de2908 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -159,6 +159,7 @@ install(FILES ${ERRMSG} DESTINATION ${MAXSCALE_VARDIR}/lib/maxscale install(FILES ${CMAKE_SOURCE_DIR}/COPYRIGHT DESTINATION ${MAXSCALE_SHAREDIR}) install(FILES ${CMAKE_SOURCE_DIR}/README DESTINATION ${MAXSCALE_SHAREDIR}) install(FILES ${CMAKE_SOURCE_DIR}/LICENSE DESTINATION ${MAXSCALE_SHAREDIR}) +install(FILES etc/lsyncd_example.conf DESTINATION ${MAXSCALE_SHAREDIR}) # Install startup scripts and ldconfig files if(WITH_SCRIPTS) diff --git a/Documentation/Documentation-Contents.md b/Documentation/Documentation-Contents.md index 1af3750c5..99f8ba38e 100644 --- a/Documentation/Documentation-Contents.md +++ b/Documentation/Documentation-Contents.md @@ -25,6 +25,7 @@ - [MaxAdmin](Reference/MaxAdmin.md) - [MaxScale HA with Corosync-Pacemaker](Reference/MaxScale-HA-with-Corosync-Pacemaker.md) + - [MaxScale HA with Lsyncd](Reference/MaxScale-HA-with-lsyncd.md) - [How Errors are Handled in MaxScale](Reference/How-errors-are-handled-in-MaxScale.md) - [Debug and Diagnostic Support](Reference/Debug-And-Diagnostic-Support.md) diff --git a/Documentation/Reference/MaxScale-HA-with-lsyncd.md b/Documentation/Reference/MaxScale-HA-with-lsyncd.md new file mode 100644 index 000000000..18ef233db --- /dev/null +++ b/Documentation/Reference/MaxScale-HA-with-lsyncd.md @@ -0,0 +1,117 @@ +# MaxScale HA with Lsyncd + +This document guides you in setting up multiple MaxScale instances and synchronizing the configuration files with Lsyncd. Lsyncd is a rsync wrapper which can synchronize files across the network. The lsyncd daemon uses a configuration file to control the files to synchronize and the remote targets where these files are synchronized to. + +Copying the configuration file and running the lsyncd daemon on all the hosts keeps all the configuration files in sync. Modifications in the configuration file on one of the hosts will be copied on the other hosts. This allows adinistrators to easily provide a highly available, disaster resistant MaxScale installation with up-to-date configuration files on all the hosts. + + +## Installing Lsyncd + +You can install lsyncd with either a package manager or by building from source code. This guide demonstrates installation using a package manager and those looking to build lsyncd from source should refer to its documentation: https://github.com/axkibe/lsyncd/wiki/Manual-to-Lsyncd-2.1.x + +Installing with Yum: + +``` +yum install lsyncd +``` + +Installing with Apt: + +``` +apt-get install lsyncd +``` + +Lsyncd needs no further configuration after installation. All necessary options are configured in the configuration file passed to the lsyncd daemon. + +## Creating the Lsyncd configuration file + +Lsyncd uses a configuration file to determine where to read files from and where to synchronize them if changes in them occur. Lsyncd is written in Lua and the configuration file is also valid Lua code. + +Here is an example configuration file with descriptions on the meaning of the values in it. + +``` +-- Lsyncd will log to these two files. +settings{ + logfile = "/var/log/maxscale/maxscale-ha.log", + statusFile = "/var/log/maxscale/maxscale-ha-status.log" +} + +-- Copy and paste the sync section and change the host value to add new remote targets. +sync{ +default.rsyncssh, + +-- This is where the maxscale.cnf file is copied from. +source="/etc", + +-- This is the user and host where the maxscale.cnf is copied to. +host="user@127.0.0.1", + +-- This is where the maxscale.cnf is copied to on the remote host. +targetdir="/etc", + +-- This is an optional section which defines a custom SSH port. Uncomment to enable. +-- ssh={port=2222}, + +-- These are values passed to rsync. Only change these if you know what you are doing. +rsync={ + compress=true, + _extra = {[[--filter=+ *maxscale.cnf]], + [[--filter=- **]] + } + } +} +``` + +The most important part is the `sync` section which defines a target for synchronization. The `default.rsyncssh` tells lsyncd to synchronize files using SSH. + +The `source` parameter tells lsyncd where to read the files from. This should be the location of the maxscale.cnf file. The `host` parameter defines the host where the files should be synchronized to and the user account lsyncd should use when synchronizing the files. The `targetdir` parameter defines the local directory on the remote target where the files should be synchronized to. This value should be the location on the remote host where the maxscale.cnf file is searched from. By default, this is the `/etc` folder. + +The optional `ssh` parameter and its sub-parameter `port`define a custom port for the SSH connection. Most users do not need this parameterer. The `rsycn` parameter contains an arra of options that are passed to the rsycn executable. These should not be changed unless you specifically know what you are doing. For more information on the options passed to rsync read the rsync(1) manpage. + +You can add multiple remote targets by defining multiple `sync` sections. Here is an example with two sync sections defining different hosts that have MaxScale installed and whose configuration files should be kep in sync. + +``` +settings{ + logfile = "/var/log/maxscale/maxscale-ha.log", + statusFile = "/var/log/maxscale/maxscale-ha-status.log" +} + +sync{ +default.rsyncssh, +source="/etc", +host="maxuser@192.168.0.50", +targetdir="/etc", +rsync={ + compress=true, + _extra = {[[--filter=+ *maxscale.cnf]], + [[--filter=- **]] + } + } +} + + +sync{ +default.rsyncssh, +source="/etc", +host="syncuser@192.168.122.105", +targetdir="/etc", +rsync={ + compress=true, + _extra = {[[--filter=+ *maxscale.cnf]], + [[--filter=- **]] + } + } +} +``` + +## Starting Lsyncd + +Starting lsyncd can be done from the command line or through a init script. To start syncd from the command like, execute the `lsyncd` command and pass the configuration file as the only parameter. + +Here is an example which start lsyncd and reads the configuration options from the `lsyncd.cnf` file. + +``` +lsyncd lsyncd.cnf +``` + +For more information on the lsyncd executable and its options, please see the --help output of lsyncd or the lsyncd(1) manpage. diff --git a/etc/lsyncd.conf b/etc/lsyncd_example.conf similarity index 100% rename from etc/lsyncd.conf rename to etc/lsyncd_example.conf From ce570685cda436d6a9b48e7ca39adde7c5b162c6 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Thu, 4 Jun 2015 19:31:58 +0300 Subject: [PATCH 072/119] Moved assertions around. --- server/core/dcb.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/server/core/dcb.c b/server/core/dcb.c index ae77707b9..653799fa6 100644 --- a/server/core/dcb.c +++ b/server/core/dcb.c @@ -1014,12 +1014,14 @@ int dcb_read_SSL( } } - if(n < b) + if(n > 0 && b > 0 && n < b) { gwbuf_rtrim(buffer,b - n); - ss_dassert(GWBUF_LENGTH(buffer) == n); LOGIF(LD,(skygw_log_write(LD,"[%lu] SSL: Truncated buffer to correct size from %d to %d bytes.\n", b,gwbuf_length(buffer)))); + LOGIF(LD,(skygw_log_sync_all())); + ss_dassert(GWBUF_LENGTH(buffer) == n); + } nread += n; From cba37d2ac398ef31bf916ceb611b1ca45f922eb3 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Thu, 4 Jun 2015 19:38:33 +0300 Subject: [PATCH 073/119] Generated packages now have debug symbols. --- CMakeLists.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index 03cb541b6..4f35031d8 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -205,6 +205,7 @@ if(PACKAGE) else() # Generic CPack configuration variables + set(CPACK_STRIP_FILES FALSE) set(CPACK_PACKAGE_DESCRIPTION_SUMMARY "MaxScale") set(CPACK_PACKAGE_VERSION_MAJOR "${MAXSCALE_VERSION_MAJOR}") set(CPACK_PACKAGE_VERSION_MINOR "${MAXSCALE_VERSION_MINOR}") From 1f45eff135c4e657e6b0513790d25b3ff784561e Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Thu, 4 Jun 2015 19:38:33 +0300 Subject: [PATCH 074/119] Generated packages now have debug symbols. --- CMakeLists.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index 03cb541b6..4f35031d8 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -205,6 +205,7 @@ if(PACKAGE) else() # Generic CPack configuration variables + set(CPACK_STRIP_FILES FALSE) set(CPACK_PACKAGE_DESCRIPTION_SUMMARY "MaxScale") set(CPACK_PACKAGE_VERSION_MAJOR "${MAXSCALE_VERSION_MAJOR}") set(CPACK_PACKAGE_VERSION_MINOR "${MAXSCALE_VERSION_MINOR}") From cc1f720ea3e3fc6b992c75af28f200d35f2770de Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Thu, 4 Jun 2015 21:12:16 +0300 Subject: [PATCH 075/119] Removed log flushing on every dcb_read_SSL if debug log is enabled. --- server/core/dcb.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/server/core/dcb.c b/server/core/dcb.c index 653799fa6..1a7727ff8 100644 --- a/server/core/dcb.c +++ b/server/core/dcb.c @@ -1019,7 +1019,11 @@ int dcb_read_SSL( gwbuf_rtrim(buffer,b - n); LOGIF(LD,(skygw_log_write(LD,"[%lu] SSL: Truncated buffer to correct size from %d to %d bytes.\n", b,gwbuf_length(buffer)))); - LOGIF(LD,(skygw_log_sync_all())); + LOGIF(LD, + if(GWBUF_LENGTH(buffer) != n){ + skygw_log_sync_all(); + } + ); ss_dassert(GWBUF_LENGTH(buffer) == n); } From e83799648a757d31c4b641365516de34b71ae321 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Fri, 5 Jun 2015 11:00:51 +0300 Subject: [PATCH 076/119] Fixed queries getting stuck when the SSL records were of the maximum allowed size. --- server/core/dcb.c | 85 ++++++++++++++------------ server/core/service.c | 1 - server/modules/protocol/mysql_client.c | 2 +- 3 files changed, 48 insertions(+), 40 deletions(-) diff --git a/server/core/dcb.c b/server/core/dcb.c index 1a7727ff8..c1e77b58d 100644 --- a/server/core/dcb.c +++ b/server/core/dcb.c @@ -898,7 +898,7 @@ int dcb_read_SSL( GWBUF **head) { GWBUF *buffer = NULL; - int b; + int b,pending; int rc; int n; int nread = 0; @@ -918,9 +918,9 @@ int dcb_read_SSL( while (true) { int bufsize; - + int ssl_errno = 0; rc = ioctl(dcb->fd, FIONREAD, &b); - + pending = SSL_pending(dcb->ssl); if (rc == -1) { LOGIF(LE, (skygw_log_write_flush( @@ -936,7 +936,7 @@ int dcb_read_SSL( goto return_n; } - if (b == 0 && nread == 0) + if (b == 0 && pending == 0 && nread == 0) { /** Handle closed client socket */ if (dcb_isclient(dcb)) @@ -948,14 +948,20 @@ int dcb_read_SSL( r = SSL_peek(dcb->ssl, &c, sizeof(char)); if (r <= 0) { + ssl_errno = SSL_get_error(dcb->ssl,r); + if(ssl_errno != SSL_ERROR_WANT_READ && + ssl_errno != SSL_ERROR_WANT_WRITE && + ssl_errno != SSL_ERROR_NONE) + { n = -1; - goto return_n; + } + goto return_n; } } n = 0; goto return_n; } - else if (b == 0) + else if (b == 0 && pending == 0) { n = 0; goto return_n; @@ -984,39 +990,36 @@ int dcb_read_SSL( goto return_n; } - int npending; - n = 0; - do - { - n += SSL_read(dcb->ssl, GWBUF_DATA(buffer), bufsize); + n = SSL_read(dcb->ssl, GWBUF_DATA(buffer), bufsize); dcb->stats.n_reads++; - }while((npending = SSL_pending(dcb->ssl)) > 0); - int ssl_errno = 0; - - if (n <= 0) - { - ssl_errno = ERR_get_error(); - - if(ssl_errno != SSL_ERROR_WANT_READ && ssl_errno != SSL_ERROR_NONE) + if (n <= 0) { - LOGIF(LE, (skygw_log_write_flush( - LOGFILE_ERROR, - "Error : Read failed, dcb %p in state " - "%s fd %d: %s.", - dcb, - STRDCBSTATE(dcb->state), - dcb->fd, - ERR_error_string(ssl_errno,NULL)))); + ssl_errno = SSL_get_error(dcb->ssl,n); - gwbuf_free(buffer); - goto return_n; - } + if(ssl_errno != SSL_ERROR_WANT_READ && + ssl_errno != SSL_ERROR_WANT_WRITE && + ssl_errno != SSL_ERROR_NONE) + { + char errbuf[200]; + ERR_error_string(ssl_errno,errbuf); + LOGIF(LE, (skygw_log_write_flush( + LOGFILE_ERROR, + "Error : Read failed, dcb %p in state " + "%s fd %d, SSL error %d: %s.", + dcb, + STRDCBSTATE(dcb->state), + dcb->fd, + ssl_errno, + errbuf))); + + gwbuf_free(buffer); + goto return_n; + } } - if(n > 0 && b > 0 && n < b) - { - gwbuf_rtrim(buffer,b - n); + buffer->end = buffer->start + n; +#ifdef SS_DEBUG LOGIF(LD,(skygw_log_write(LD,"[%lu] SSL: Truncated buffer to correct size from %d to %d bytes.\n", b,gwbuf_length(buffer)))); LOGIF(LD, @@ -1025,9 +1028,7 @@ int dcb_read_SSL( } ); ss_dassert(GWBUF_LENGTH(buffer) == n); - - } - +#endif nread += n; LOGIF(LD, (skygw_log_write( @@ -1039,11 +1040,19 @@ int dcb_read_SSL( dcb, STRDCBSTATE(dcb->state), dcb->fd))); + /*< Append read data to the gwbuf */ *head = gwbuf_append(*head, buffer); - if(ssl_errno == SSL_ERROR_WANT_READ || ssl_errno == SSL_ERROR_NONE || - ssl_errno == SSL_ERROR_WANT_X509_LOOKUP || SSL_ERROR_WANT_WRITE) + rc = ioctl(dcb->fd, FIONREAD, &b); + pending = SSL_pending(dcb->ssl); + + if(ssl_errno == SSL_ERROR_WANT_READ || + ssl_errno == SSL_ERROR_WANT_WRITE || + (b == 0 && pending == 0)) + { break; + } + } /*< while (true) */ return_n: return n; diff --git a/server/core/service.c b/server/core/service.c index 7fc931297..f4880107d 100644 --- a/server/core/service.c +++ b/server/core/service.c @@ -1875,7 +1875,6 @@ int serviceInitSSL(SERVICE* service) } service->ctx = SSL_CTX_new(service->method); - SSL_CTX_set_read_ahead(service->ctx,1); if (SSL_CTX_use_certificate_file(service->ctx, service->ssl_cert, SSL_FILETYPE_PEM) <= 0) { skygw_log_write(LE,"Error: Failed to set server SSL certificate."); return -1; diff --git a/server/modules/protocol/mysql_client.c b/server/modules/protocol/mysql_client.c index 45fc65ee0..5a54ca4b3 100644 --- a/server/modules/protocol/mysql_client.c +++ b/server/modules/protocol/mysql_client.c @@ -789,7 +789,7 @@ int gw_read_client_event( nbytes_read = gwbuf_length(dcb->dcb_readqueue); data = (uint8_t *)GWBUF_DATA(dcb->dcb_readqueue); int plen = MYSQL_GET_PACKET_LEN(data); - if (nbytes_read < 3 || nbytes_read < MYSQL_GET_PACKET_LEN(data)) + if (nbytes_read < 3 || nbytes_read < MYSQL_GET_PACKET_LEN(data) + 4) { rc = 0; goto return_rc; From 518ef5050e5ef687c05eb83aa5cb068d78a7f31a Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Fri, 5 Jun 2015 12:15:19 +0300 Subject: [PATCH 077/119] Fixed debug asserts. --- server/core/dcb.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/server/core/dcb.c b/server/core/dcb.c index c1e77b58d..c2f48b39d 100644 --- a/server/core/dcb.c +++ b/server/core/dcb.c @@ -1018,15 +1018,16 @@ int dcb_read_SSL( } } - buffer->end = buffer->start + n; + gwbuf_rtrim(buffer,bufsize - n); #ifdef SS_DEBUG LOGIF(LD,(skygw_log_write(LD,"[%lu] SSL: Truncated buffer to correct size from %d to %d bytes.\n", - b,gwbuf_length(buffer)))); + b,GWBUF_LENGTH(buffer)))); LOGIF(LD, if(GWBUF_LENGTH(buffer) != n){ skygw_log_sync_all(); } ); + ss_info_dassert((buffer->start <= buffer->end),"Buffer start has passed end."); ss_dassert(GWBUF_LENGTH(buffer) == n); #endif nread += n; From 61b1f3467160df1cb1f6e364ac4b860eaf81d0c0 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Fri, 5 Jun 2015 18:52:44 +0300 Subject: [PATCH 078/119] Added more descriptive debug output. --- server/core/dcb.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/server/core/dcb.c b/server/core/dcb.c index c2f48b39d..728211abe 100644 --- a/server/core/dcb.c +++ b/server/core/dcb.c @@ -1020,13 +1020,14 @@ int dcb_read_SSL( gwbuf_rtrim(buffer,bufsize - n); #ifdef SS_DEBUG - LOGIF(LD,(skygw_log_write(LD,"[%lu] SSL: Truncated buffer to correct size from %d to %d bytes.\n", - b,GWBUF_LENGTH(buffer)))); - LOGIF(LD, - if(GWBUF_LENGTH(buffer) != n){ - skygw_log_sync_all(); - } - ); + skygw_log_write(LD,"[%lu] SSL: Truncated buffer from %d to %d bytes. " + "Read %d bytes, %d bytes waiting.\n", + bufsize,GWBUF_LENGTH(buffer),n,b); + + if(GWBUF_LENGTH(buffer) != n){ + skygw_log_sync_all(); + } + ss_info_dassert((buffer->start <= buffer->end),"Buffer start has passed end."); ss_dassert(GWBUF_LENGTH(buffer) == n); #endif From 1989a1482c3516cea06162b1aec640beadb6f1f3 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Fri, 5 Jun 2015 19:37:33 +0300 Subject: [PATCH 079/119] Fixed empty reads causing a debug assert with large packets. --- server/core/dcb.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/server/core/dcb.c b/server/core/dcb.c index 728211abe..6beaec55d 100644 --- a/server/core/dcb.c +++ b/server/core/dcb.c @@ -966,6 +966,13 @@ int dcb_read_SSL( n = 0; goto return_n; } +#ifdef SS_DEBUG + else + { + skygw_log_write_flush(LD,"Total: %d Socket: %d Pending: %d", + nread,b,pending); + } +#endif dcb->last_read = hkheartbeat; @@ -993,7 +1000,7 @@ int dcb_read_SSL( n = SSL_read(dcb->ssl, GWBUF_DATA(buffer), bufsize); dcb->stats.n_reads++; - if (n <= 0) + if (n < 0) { ssl_errno = SSL_get_error(dcb->ssl,n); @@ -1016,12 +1023,17 @@ int dcb_read_SSL( gwbuf_free(buffer); goto return_n; } - } + } + else if(n == 0) + { + gwbuf_free(buffer); + goto return_n; + } gwbuf_rtrim(buffer,bufsize - n); #ifdef SS_DEBUG skygw_log_write(LD,"[%lu] SSL: Truncated buffer from %d to %d bytes. " - "Read %d bytes, %d bytes waiting.\n", + "Read %d bytes, %d bytes waiting.\n",pthread_self(), bufsize,GWBUF_LENGTH(buffer),n,b); if(GWBUF_LENGTH(buffer) != n){ @@ -1029,7 +1041,7 @@ int dcb_read_SSL( } ss_info_dassert((buffer->start <= buffer->end),"Buffer start has passed end."); - ss_dassert(GWBUF_LENGTH(buffer) == n); + ss_info_dassert(GWBUF_LENGTH(buffer) == n,"Buffer size not equal to read bytes."); #endif nread += n; From d19ccc6f846ec6d54f6ad2171acdee08a48aef63 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Fri, 5 Jun 2015 20:36:04 +0300 Subject: [PATCH 080/119] Fixed SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE and SSL_ERROR_NONE causing a debug assert. --- server/core/dcb.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/server/core/dcb.c b/server/core/dcb.c index 6beaec55d..538b0531a 100644 --- a/server/core/dcb.c +++ b/server/core/dcb.c @@ -1002,13 +1002,21 @@ int dcb_read_SSL( if (n < 0) { + char errbuf[200]; ssl_errno = SSL_get_error(dcb->ssl,n); - - if(ssl_errno != SSL_ERROR_WANT_READ && - ssl_errno != SSL_ERROR_WANT_WRITE && - ssl_errno != SSL_ERROR_NONE) +#ifdef SS_DEBUG + ERR_error_string(ssl_errno,errbuf); + skygw_log_write_flush(LD,"[%lu]SSL error %d: %s", + pthread_self(),ssl_errno,errbuf); +#endif + if(ssl_errno == SSL_ERROR_WANT_READ || + ssl_errno == SSL_ERROR_WANT_WRITE || + ssl_errno == SSL_ERROR_NONE) + { + n = 0; + } + else { - char errbuf[200]; ERR_error_string(ssl_errno,errbuf); LOGIF(LE, (skygw_log_write_flush( LOGFILE_ERROR, @@ -1019,10 +1027,10 @@ int dcb_read_SSL( dcb->fd, ssl_errno, errbuf))); - - gwbuf_free(buffer); - goto return_n; } + + gwbuf_free(buffer); + goto return_n; } else if(n == 0) { From b8e55fe28d24327fd1b7d1641cdd2c736e8f26ad Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Sun, 7 Jun 2015 12:37:45 +0300 Subject: [PATCH 081/119] Fixed SSL_accept failing when more data was in the socket buffer than was used. --- server/core/dcb.c | 98 +++++++++++++++++++++++++---------------------- 1 file changed, 52 insertions(+), 46 deletions(-) diff --git a/server/core/dcb.c b/server/core/dcb.c index 538b0531a..e7862dbd4 100644 --- a/server/core/dcb.c +++ b/server/core/dcb.c @@ -2825,60 +2825,66 @@ int dcb_create_SSL(DCB* dcb) */ int dcb_accept_SSL(DCB* dcb) { - int rval,errnum; + int rval = 0,ssl_rval,errnum,fd,b = 0; char errbuf[140]; - rval = SSL_accept(dcb->ssl); - - switch(rval) + fd = dcb->fd; + ioctl(fd,FIONREAD,&b); + while(b > 0 && rval != -1) { - case 0: - errnum = SSL_get_error(dcb->ssl,rval); - LOGIF(LD,(skygw_log_write_flush(LD,"SSL_accept shutdown for %s@%s", - dcb->user, - dcb->remote))); - return -1; - break; - case 1: - rval = 1; - LOGIF(LD,(skygw_log_write_flush(LD,"SSL_accept done for %s@%s", - dcb->user, - dcb->remote))); - break; + ssl_rval = SSL_accept(dcb->ssl); - case -1: - errnum = SSL_get_error(dcb->ssl,rval); - - if(errnum == SSL_ERROR_WANT_READ || errnum == SSL_ERROR_WANT_WRITE || - errnum == SSL_ERROR_WANT_X509_LOOKUP) + switch(ssl_rval) { - /** Not all of the data has been read. Go back to the poll - queue and wait for more.*/ - - rval = 0; - LOGIF(LD,(skygw_log_write_flush(LD,"SSL_accept ongoing for %s@%s", - dcb->user?dcb->user:"a connection from ", - dcb->remote))); - } - else - { - rval = -1; + case 0: + errnum = SSL_get_error(dcb->ssl,ssl_rval); ERR_error_string(errnum,errbuf); + LOGIF(LD,(skygw_log_write_flush(LD,"[%p] SSL_accept shutdown for %s:%s", + dcb, + dcb->remote, + errbuf))); + rval = -1; + break; + case 1: + rval = 1; + LOGIF(LD,(skygw_log_write_flush(LD,"[dcb_accept_SSL] SSL_accept done for %s", + dcb->remote))); + break; + + case -1: + errnum = SSL_get_error(dcb->ssl,ssl_rval); + + if(errnum == SSL_ERROR_WANT_READ || errnum == SSL_ERROR_WANT_WRITE) + { + /** Not all of the data has been read. Go back to the poll + queue and wait for more.*/ + rval = 0; + LOGIF(LD,(skygw_log_write_flush(LD,"[dcb_accept_SSL] SSL_accept ongoing for %s", + dcb->remote))); + return rval; + } + else + { + rval = -1; + ERR_error_string(errnum,errbuf); + skygw_log_write_flush(LE, + "Error: Fatal error in SSL_accept for %s: (SSL error code: %d) %s", + dcb->remote, + errnum, + errbuf); + } + break; + + default: skygw_log_write_flush(LE, - "Error: Fatal error in SSL_accept for %s@%s: (SSL error code: %d) %s", - dcb->user, - dcb->remote, - errnum, - errbuf); + "Error: Fatal library error in SSL_accept, returned value was %d.", + ssl_rval); + rval = -1; + break; } - break; - - default: - skygw_log_write_flush(LE, - "Error: Fatal library error in SSL_accept, returned value was %d.", - rval); - break; + ioctl(fd,FIONREAD,&b); + if(LOG_IS_ENABLED(LD) && b > 0) + skygw_log_write_flush(LD,"[dcb_accept_SSL] FD %d has %d bytes ",fd,b); } - return rval; } From 61ea0861ff8f403f14915218ceee3226e5691005 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Mon, 8 Jun 2015 14:35:31 +0300 Subject: [PATCH 082/119] Fixed some connections hanging with SSL. --- server/modules/protocol/mysql_client.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/server/modules/protocol/mysql_client.c b/server/modules/protocol/mysql_client.c index 5a54ca4b3..dc5c08d89 100644 --- a/server/modules/protocol/mysql_client.c +++ b/server/modules/protocol/mysql_client.c @@ -661,7 +661,6 @@ int gw_read_client_event( return 0; break; case 1: - return 0; break; case -1: return 1; @@ -1946,4 +1945,4 @@ int do_ssl_accept(MySQLProtocol* protocol) } return rval; -} \ No newline at end of file +} From 1c36cfb28592a549d526a97ea47a6064afba278b Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Mon, 8 Jun 2015 18:04:43 +0300 Subject: [PATCH 083/119] Added more debug output. --- server/core/dcb.c | 15 +++++++++++---- .../include/mysql_client_server_protocol.h | 4 ++-- server/modules/protocol/mysql_client.c | 11 +++++++++++ server/modules/protocol/mysql_common.c | 6 +++++- 4 files changed, 29 insertions(+), 7 deletions(-) diff --git a/server/core/dcb.c b/server/core/dcb.c index e7862dbd4..cc8d77259 100644 --- a/server/core/dcb.c +++ b/server/core/dcb.c @@ -2825,14 +2825,19 @@ int dcb_create_SSL(DCB* dcb) */ int dcb_accept_SSL(DCB* dcb) { - int rval = 0,ssl_rval,errnum,fd,b = 0; + int rval = 0,ssl_rval,errnum = 0,fd,b = 0; char errbuf[140]; fd = dcb->fd; ioctl(fd,FIONREAD,&b); +#ifdef SS_DEBUG + skygw_log_write(LD,"[dcb_accept_SSL] fd %d bytes: %d",fd,b); +#endif while(b > 0 && rval != -1) { ssl_rval = SSL_accept(dcb->ssl); - +#ifdef SS_DEBUG + skygw_log_write(LD,"[dcb_accept_SSL] SSL_accept returned %d.",ssl_rval); +#endif switch(ssl_rval) { case 0: @@ -2882,8 +2887,10 @@ int dcb_accept_SSL(DCB* dcb) break; } ioctl(fd,FIONREAD,&b); - if(LOG_IS_ENABLED(LD) && b > 0) - skygw_log_write_flush(LD,"[dcb_accept_SSL] FD %d has %d bytes ",fd,b); +#ifdef SS_DEBUG + skygw_log_write_flush(LD,"[dcb_accept_SSL] fd %d: %d bytes",fd,b); + skygw_log_write_flush(LD,"[dcb_accept_SSL] SSL error: %d",errnum); +#endif } return rval; } diff --git a/server/modules/include/mysql_client_server_protocol.h b/server/modules/include/mysql_client_server_protocol.h index f72416491..905f57dd3 100644 --- a/server/modules/include/mysql_client_server_protocol.h +++ b/server/modules/include/mysql_client_server_protocol.h @@ -321,7 +321,7 @@ typedef struct { #define MYSQL_IS_CHANGE_USER(payload) (MYSQL_GET_COMMAND(payload)==0x11) #define MYSQL_GET_NATTR(payload) ((int)payload[4]) -#endif /** _MYSQL_PROTOCOL_H */ + MySQLProtocol* mysql_protocol_init(DCB* dcb, int fd); void mysql_protocol_done (DCB* dcb); @@ -417,4 +417,4 @@ void init_response_status ( int* npackets, ssize_t* nbytes); - +#endif /** _MYSQL_PROTOCOL_H */ \ No newline at end of file diff --git a/server/modules/protocol/mysql_client.c b/server/modules/protocol/mysql_client.c index dc5c08d89..fcbb1958e 100644 --- a/server/modules/protocol/mysql_client.c +++ b/server/modules/protocol/mysql_client.c @@ -652,9 +652,16 @@ int gw_read_client_event( protocol = DCB_PROTOCOL(dcb, MySQLProtocol); CHK_PROTOCOL(protocol); +#ifdef SS_DEBUG + skygw_log_write(LD,"[gw_read_client_event] Protocol state: %s", + gw_mysql_protocol_state2string(protocol->protocol_auth_state)); + +#endif + if(protocol->protocol_auth_state == MYSQL_AUTH_SSL_HANDSHAKE_ONGOING || protocol->protocol_auth_state == MYSQL_AUTH_SSL_REQ) { + switch(do_ssl_accept(protocol)) { case 0: @@ -1943,6 +1950,10 @@ int do_ssl_accept(MySQLProtocol* protocol) rval); break; } +#ifdef SS_DEBUG + skygw_log_write(LD,"[do_ssl_accept] Protocol state: %s", + gw_mysql_protocol_state2string(protocol->protocol_auth_state)); +#endif return rval; } diff --git a/server/modules/protocol/mysql_common.c b/server/modules/protocol/mysql_common.c index 0a1d2195b..d8f9a96ba 100644 --- a/server/modules/protocol/mysql_common.c +++ b/server/modules/protocol/mysql_common.c @@ -890,7 +890,11 @@ gw_mysql_protocol_state2string (int state) { case MYSQL_AUTH_FAILED: return "MySQL Authentication failed"; case MYSQL_IDLE: - return "MySQL authentication is succesfully done."; + return "MySQL authentication is succesfully done."; + case MYSQL_AUTH_SSL_REQ: return "MYSQL_AUTH_SSL_REQ"; + case MYSQL_AUTH_SSL_HANDSHAKE_DONE: return "MYSQL_AUTH_SSL_HANDSHAKE_DONE"; + case MYSQL_AUTH_SSL_HANDSHAKE_FAILED: return "MYSQL_AUTH_SSL_HANDSHAKE_FAILED"; + case MYSQL_AUTH_SSL_HANDSHAKE_ONGOING: return "MYSQL_AUTH_SSL_HANDSHAKE_ONGOING"; default: return "MySQL (unknown protocol state)"; } From 06c5da7b1728609f3d05610cfaf09a74c2dea4bc Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Tue, 9 Jun 2015 02:56:55 +0300 Subject: [PATCH 084/119] Minor fix to SSL authentication. --- server/core/dcb.c | 19 +++++++------------ server/modules/protocol/mysql_client.c | 13 +++++++++++++ 2 files changed, 20 insertions(+), 12 deletions(-) diff --git a/server/core/dcb.c b/server/core/dcb.c index cc8d77259..cfee65371 100644 --- a/server/core/dcb.c +++ b/server/core/dcb.c @@ -1055,7 +1055,7 @@ int dcb_read_SSL( LOGIF(LD, (skygw_log_write( LOGFILE_DEBUG, - "%lu [dcb_read] Read %d bytes from dcb %p in state %s " + "%lu [dcb_read_SSL] Read %d bytes from dcb %p in state %s " "fd %d.", pthread_self(), n, @@ -2800,7 +2800,7 @@ int dcb_create_SSL(DCB* dcb) if((dcb->ssl = SSL_new(dcb->service->ctx)) == NULL) { - skygw_log_write(LE,"Error: Failed to initialize SSL connection."); + skygw_log_write(LE,"Error: Failed to initialize SSL for connection."); return -1; } @@ -2828,16 +2828,10 @@ int dcb_accept_SSL(DCB* dcb) int rval = 0,ssl_rval,errnum = 0,fd,b = 0; char errbuf[140]; fd = dcb->fd; - ioctl(fd,FIONREAD,&b); -#ifdef SS_DEBUG - skygw_log_write(LD,"[dcb_accept_SSL] fd %d bytes: %d",fd,b); -#endif - while(b > 0 && rval != -1) + + do { ssl_rval = SSL_accept(dcb->ssl); -#ifdef SS_DEBUG - skygw_log_write(LD,"[dcb_accept_SSL] SSL_accept returned %d.",ssl_rval); -#endif switch(ssl_rval) { case 0: @@ -2889,9 +2883,10 @@ int dcb_accept_SSL(DCB* dcb) ioctl(fd,FIONREAD,&b); #ifdef SS_DEBUG skygw_log_write_flush(LD,"[dcb_accept_SSL] fd %d: %d bytes",fd,b); - skygw_log_write_flush(LD,"[dcb_accept_SSL] SSL error: %d",errnum); + skygw_log_write(LD,"[dcb_accept_SSL] SSL_accept returned %d, SSL error: %d",ssl_rval,errnum); #endif - } + }while(b > 0 && rval != -1); + return rval; } diff --git a/server/modules/protocol/mysql_client.c b/server/modules/protocol/mysql_client.c index fcbb1958e..da5f04732 100644 --- a/server/modules/protocol/mysql_client.c +++ b/server/modules/protocol/mysql_client.c @@ -668,7 +668,18 @@ int gw_read_client_event( return 0; break; case 1: + { + int b = 0; + ioctl(dcb->fd,FIONREAD,&b); + if(b == 0) + { + skygw_log_write(LD, + "[gw_read_client_event] No data in socket after SSL auth"); + return 0; + } break; + } + case -1: return 1; break; @@ -1897,7 +1908,9 @@ int do_ssl_accept(MySQLProtocol* protocol) if(dcb->ssl == NULL) { if(dcb_create_SSL(dcb) != 0) + { return -1; + } } rval = dcb_accept_SSL(dcb); From 528e69b726229f9489f4f7edf81eb17bd73820d2 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Tue, 9 Jun 2015 12:51:43 +0300 Subject: [PATCH 085/119] Added a warning about 1.2 changes to the postinstall script --- etc/postinst.in | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/etc/postinst.in b/etc/postinst.in index abf2db1ef..82886990f 100755 --- a/etc/postinst.in +++ b/etc/postinst.in @@ -37,3 +37,17 @@ then cp @CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHAREDIR@/maxscale.service /usr/lib/systemd/system fi /sbin/ldconfig + +cat <& 2 +********** Notice: MaxScale 1.2 Changes ************** + +MaxScale 1.2 has changed the default installation locations +and various files have changed locations. The configuration +file is now read from /etc/maxscale.cnf (note the lower case name) +and MaxScale data is in /var/lib/maxscale/. + +The default location of binary log files and the authentication cache changed from +/usr/local/mariadb-maxscale/ to /var/lib/maxscale/. + +****************************************************** +EOF From ab120cb1de746b321f5ac662daf39aafddf40465 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Tue, 9 Jun 2015 17:04:51 +0300 Subject: [PATCH 086/119] Added Diffie-Hellman key exchange for MaxScale. --- server/core/service.c | 53 +++++++++++++++++++++++++++++++++++++++- server/include/service.h | 1 + 2 files changed, 53 insertions(+), 1 deletion(-) diff --git a/server/core/service.c b/server/core/service.c index f4880107d..826c79e66 100644 --- a/server/core/service.c +++ b/server/core/service.c @@ -91,7 +91,7 @@ static SPINLOCK service_spin = SPINLOCK_INIT; static SERVICE *allServices = NULL; static int find_type(typelib_t* tl, const char* needle, int maxlen); - +DH *ssl_get_dh2236(); static void service_add_qualified_param( SERVICE* svc, CONFIG_PARAMETER* param); @@ -1841,6 +1841,8 @@ int *data; int serviceInitSSL(SERVICE* service) { + DH* dh; + if(!service->ssl_init_done) { switch(service->ssl_method_type) @@ -1875,6 +1877,14 @@ int serviceInitSSL(SERVICE* service) } service->ctx = SSL_CTX_new(service->method); + + /** Enable the Diffie-Hellman algorithms */ + if((dh = ssl_get_dh2236()) != NULL) + { + SSL_CTX_set_tmp_dh(service->ctx,dh); + DH_free(dh); + } + if (SSL_CTX_use_certificate_file(service->ctx, service->ssl_cert, SSL_FILETYPE_PEM) <= 0) { skygw_log_write(LE,"Error: Failed to set server SSL certificate."); return -1; @@ -1908,3 +1918,44 @@ int serviceInitSSL(SERVICE* service) } return 0; } + +DH *ssl_get_dh2236() +{ + static unsigned char dh2236_p[]={ + 0x0B,0xC3,0xEC,0x3F,0xCB,0xD0,0x2E,0x43,0x7B,0x13,0xF9,0x0C, + 0x4D,0xE5,0xA3,0xA4,0xDB,0x68,0x13,0xBD,0xFC,0xD2,0x35,0x05, + 0xCB,0x62,0xA1,0x85,0x33,0x20,0xC4,0x88,0x3B,0x2B,0xD5,0x76, + 0x94,0xCD,0xEB,0x9C,0x5A,0xD1,0x16,0xDB,0x51,0x82,0x7A,0x1E, + 0xC6,0xC3,0xD9,0x52,0x8F,0x54,0x33,0xF4,0x50,0x96,0x01,0xF4, + 0x71,0xA1,0x8B,0x9B,0x43,0x85,0x9C,0x95,0xFF,0x53,0x1D,0x8D, + 0xDF,0xBC,0x60,0xEB,0x4D,0x96,0xD1,0x05,0x98,0x4A,0xEB,0xC9, + 0x33,0xF6,0xE9,0x74,0x73,0x29,0x27,0xCA,0x0D,0x6D,0xEA,0x36, + 0xB9,0x3B,0x54,0xF6,0x34,0x68,0x13,0xFA,0xAC,0x3B,0x57,0x55, + 0x76,0x41,0x67,0x48,0xEF,0x3C,0xE1,0xE1,0xAF,0x3C,0x68,0x05, + 0x9C,0x32,0xD9,0x14,0x8F,0xB2,0xEE,0xEE,0xBA,0x9F,0x0D,0x75, + 0xA7,0x33,0x1F,0x3A,0x0E,0xD1,0xA6,0x5A,0x29,0xC7,0x9B,0x5E, + 0x46,0xB1,0xA6,0xA5,0x1E,0x32,0xDB,0xAF,0x23,0x83,0x94,0x12, + 0x4F,0xE4,0xC2,0x8B,0x1B,0x2C,0x01,0x79,0x92,0x21,0xFF,0x01, + 0xED,0x46,0x27,0xF0,0x70,0x2A,0xA1,0xFD,0x5C,0x8F,0x8B,0x0C, + 0xC6,0x8F,0xFF,0x4C,0x99,0xAE,0x19,0xDB,0x58,0x4C,0xC0,0xE8, + 0x70,0xCC,0x7C,0x17,0xE8,0xBD,0x6B,0x19,0x93,0xB9,0x66,0xA9, + 0xD0,0x05,0x21,0x04,0x4C,0x7E,0x87,0x9F,0xF4,0xE9,0x23,0xE1, + 0x29,0x37,0xC5,0xE2,0x0A,0xC5,0xC1,0x92,0xC7,0x69,0xB4,0xFB, + 0x84,0x06,0xCE,0x0E,0xFC,0x65,0x70,0x2F,0xF6,0xB8,0x11,0xF9, + 0x0F,0x60,0x10,0xCA,0x94,0x29,0x44,0x5E,0x4A,0x05,0x46,0xE5, + 0xE6,0xA0,0xBD,0x14,0x45,0xA6,0xA7,0xCA,0x63,0x57,0xC6,0xB0, + 0x47,0xF9,0x71,0x24,0x19,0x75,0xD2,0x64,0x16,0xB1,0xBA,0x08, + 0xE9,0xE9,0xFB,0xF3, + }; + static unsigned char dh2236_g[]={ + 0x02, + }; + DH *dh; + + if ((dh=DH_new()) == NULL) return(NULL); + dh->p=BN_bin2bn(dh2236_p,sizeof(dh2236_p),NULL); + dh->g=BN_bin2bn(dh2236_g,sizeof(dh2236_g),NULL); + if ((dh->p == NULL) || (dh->g == NULL)) + { DH_free(dh); return(NULL); } + return(dh); +} \ No newline at end of file diff --git a/server/include/service.h b/server/include/service.h index af71bfe7d..936a73058 100644 --- a/server/include/service.h +++ b/server/include/service.h @@ -29,6 +29,7 @@ #include #include #include +#include /** * @file service.h * From 1ad1a31ed7a76ffe0345f7394202639df8094c1e Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Tue, 9 Jun 2015 17:18:25 +0300 Subject: [PATCH 087/119] Fixed the OpenSSL error stack being printed wrong. --- server/core/dcb.c | 35 +++++++++++++++++++++++++++++------ server/core/gateway.c | 2 +- 2 files changed, 30 insertions(+), 7 deletions(-) diff --git a/server/core/dcb.c b/server/core/dcb.c index cfee65371..a91645417 100644 --- a/server/core/dcb.c +++ b/server/core/dcb.c @@ -1026,7 +1026,19 @@ int dcb_read_SSL( STRDCBSTATE(dcb->state), dcb->fd, ssl_errno, - errbuf))); + strerror(errno)))); + + if(ssl_errno == SSL_ERROR_SSL || + ssl_errno == SSL_ERROR_SYSCALL) + { + while((ssl_errno = ERR_get_error()) != 0) + { + ERR_error_string(ssl_errno,errbuf); + skygw_log_write(LE, + "%s", + errbuf); + } + } } gwbuf_free(buffer); @@ -2850,6 +2862,7 @@ int dcb_accept_SSL(DCB* dcb) break; case -1: + errnum = SSL_get_error(dcb->ssl,ssl_rval); if(errnum == SSL_ERROR_WANT_READ || errnum == SSL_ERROR_WANT_WRITE) @@ -2864,12 +2877,22 @@ int dcb_accept_SSL(DCB* dcb) else { rval = -1; - ERR_error_string(errnum,errbuf); - skygw_log_write_flush(LE, - "Error: Fatal error in SSL_accept for %s: (SSL error code: %d) %s", - dcb->remote, - errnum, + skygw_log_write(LE, + "Error: Fatal error in SSL_accept for %s: (SSL error code: %d):%s", + dcb->remote, + errnum, + strerror(errno)); + if(errnum == SSL_ERROR_SSL || + errnum == SSL_ERROR_SYSCALL) + { + while((errnum = ERR_get_error()) != 0) + { + ERR_error_string(errnum,errbuf); + skygw_log_write(LE, + "%s", errbuf); + } + } } break; diff --git a/server/core/gateway.c b/server/core/gateway.c index 67d5ecf62..794ed5304 100644 --- a/server/core/gateway.c +++ b/server/core/gateway.c @@ -2038,4 +2038,4 @@ static void maxscale_ssl_lock(int mode,int n,const char* file, int line) static unsigned long maxscale_ssl_id() { return (unsigned long)pthread_self(); -} \ No newline at end of file +} From 196d41cb88c7858a31f83a530a8a4712447a340a Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Tue, 9 Jun 2015 20:02:45 +0300 Subject: [PATCH 088/119] More debug output. --- server/core/dcb.c | 53 ++++++++++++++++---------- server/modules/protocol/mysql_client.c | 3 +- 2 files changed, 34 insertions(+), 22 deletions(-) diff --git a/server/core/dcb.c b/server/core/dcb.c index a91645417..0ce9ec053 100644 --- a/server/core/dcb.c +++ b/server/core/dcb.c @@ -1005,9 +1005,18 @@ int dcb_read_SSL( char errbuf[200]; ssl_errno = SSL_get_error(dcb->ssl,n); #ifdef SS_DEBUG - ERR_error_string(ssl_errno,errbuf); - skygw_log_write_flush(LD,"[%lu]SSL error %d: %s", - pthread_self(),ssl_errno,errbuf); + if(ssl_errno == SSL_ERROR_SSL || + ssl_errno == SSL_ERROR_SYSCALL) + { + int eno; + while((eno = ERR_get_error()) != 0) + { + ERR_error_string(eno,errbuf); + skygw_log_write(LE, + "%s", + errbuf); + } + } #endif if(ssl_errno == SSL_ERROR_WANT_READ || ssl_errno == SSL_ERROR_WANT_WRITE || @@ -1017,7 +1026,6 @@ int dcb_read_SSL( } else { - ERR_error_string(ssl_errno,errbuf); LOGIF(LE, (skygw_log_write_flush( LOGFILE_ERROR, "Error : Read failed, dcb %p in state " @@ -1052,7 +1060,7 @@ int dcb_read_SSL( gwbuf_rtrim(buffer,bufsize - n); #ifdef SS_DEBUG - skygw_log_write(LD,"[%lu] SSL: Truncated buffer from %d to %d bytes. " + skygw_log_write(LD,"%lu SSL: Truncated buffer from %d to %d bytes. " "Read %d bytes, %d bytes waiting.\n",pthread_self(), bufsize,GWBUF_LENGTH(buffer),n,b); @@ -1080,13 +1088,6 @@ int dcb_read_SSL( rc = ioctl(dcb->fd, FIONREAD, &b); pending = SSL_pending(dcb->ssl); - if(ssl_errno == SSL_ERROR_WANT_READ || - ssl_errno == SSL_ERROR_WANT_WRITE || - (b == 0 && pending == 0)) - { - break; - } - } /*< while (true) */ return_n: return n; @@ -2837,22 +2838,34 @@ int dcb_create_SSL(DCB* dcb) */ int dcb_accept_SSL(DCB* dcb) { - int rval = 0,ssl_rval,errnum = 0,fd,b = 0; + int rval = 0,ssl_rval,errnum = 0,fd,b = 0,pending; char errbuf[140]; fd = dcb->fd; do { ssl_rval = SSL_accept(dcb->ssl); + errnum = SSL_get_error(dcb->ssl,ssl_rval); + LOGIF(LD,(skygw_log_write_flush(LD,"[dcb_accept_SSL] SSL_accept %d, error %d", + ssl_rval,errnum))); switch(ssl_rval) { case 0: errnum = SSL_get_error(dcb->ssl,ssl_rval); - ERR_error_string(errnum,errbuf); - LOGIF(LD,(skygw_log_write_flush(LD,"[%p] SSL_accept shutdown for %s:%s", + skygw_log_write(LE,"Error: SSL authentication failed (SSL error %d):", dcb, dcb->remote, - errbuf))); + errnum); + + if(errnum == SSL_ERROR_SSL || + errnum == SSL_ERROR_SYSCALL) + { + while((errnum = ERR_get_error()) != 0) + { + ERR_error_string(errnum,errbuf); + skygw_log_write(LE,"%s",errbuf); + } + } rval = -1; break; case 1: @@ -2871,7 +2884,7 @@ int dcb_accept_SSL(DCB* dcb) queue and wait for more.*/ rval = 0; LOGIF(LD,(skygw_log_write_flush(LD,"[dcb_accept_SSL] SSL_accept ongoing for %s", - dcb->remote))); + dcb->remote))); return rval; } else @@ -2904,11 +2917,11 @@ int dcb_accept_SSL(DCB* dcb) break; } ioctl(fd,FIONREAD,&b); + pending = SSL_pending(dcb->ssl); #ifdef SS_DEBUG - skygw_log_write_flush(LD,"[dcb_accept_SSL] fd %d: %d bytes",fd,b); - skygw_log_write(LD,"[dcb_accept_SSL] SSL_accept returned %d, SSL error: %d",ssl_rval,errnum); + skygw_log_write_flush(LD,"[dcb_accept_SSL] fd %d: %d bytes, %d pending",fd,b,pending); #endif - }while(b > 0 && rval != -1); + }while((b > 0 || pending > 0) && rval != -1); return rval; } diff --git a/server/modules/protocol/mysql_client.c b/server/modules/protocol/mysql_client.c index da5f04732..187c33910 100644 --- a/server/modules/protocol/mysql_client.c +++ b/server/modules/protocol/mysql_client.c @@ -1952,8 +1952,7 @@ int do_ssl_accept(MySQLProtocol* protocol) spinlock_release(&protocol->protocol_lock); rval = -1; skygw_log_write_flush(LE, - "Error: Fatal error in SSL_accept for %s@%s: %s", - protocol->owner_dcb->user, + "Error: Fatal error in SSL_accept for %s", protocol->owner_dcb->remote); break; From de2910f75b2164ba6c5b606b036f5c7e46fd8a90 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Tue, 9 Jun 2015 22:27:15 +0300 Subject: [PATCH 089/119] Fixed SSL_accept failing if the GWBUF with the initial MySQL auth packet contains some of the SSL authentication data. --- server/core/dcb.c | 144 +++++++++++++++++++++++++ server/include/dcb.h | 1 + server/modules/protocol/mysql_client.c | 6 +- 3 files changed, 150 insertions(+), 1 deletion(-) diff --git a/server/core/dcb.c b/server/core/dcb.c index 0ce9ec053..4c9dd0324 100644 --- a/server/core/dcb.c +++ b/server/core/dcb.c @@ -883,6 +883,150 @@ return_n: } +/** + * General purpose read routine to read data from a socket in the + * Descriptor Control Block and append it to a linked list of buffers. + * The list may be empty, in which case *head == NULL + * + * @param dcb The DCB to read from + * @param head Pointer to linked list to append data to + * @return -1 on error, otherwise the number of read bytes on the last + * iteration of while loop. 0 is returned if no data available. + */ +int dcb_read_n( + DCB *dcb, + GWBUF **head, + int nbytes) +{ + GWBUF *buffer = NULL; + int b; + int rc; + int n; + int nread = 0; + + CHK_DCB(dcb); + + if (dcb->fd <= 0) + { + LOGIF(LE, (skygw_log_write_flush( + LOGFILE_ERROR, + "Error : Read failed, dcb is %s.", + dcb->fd == DCBFD_CLOSED ? "closed" : "cloned, not readable"))); + n = 0; + goto return_n; + } + + int bufsize; + + rc = ioctl(dcb->fd, FIONREAD, &b); + + if (rc == -1) + { + LOGIF(LE, (skygw_log_write_flush( + LOGFILE_ERROR, + "Error : ioctl FIONREAD for dcb %p in " + "state %s fd %d failed due error %d, %s.", + dcb, + STRDCBSTATE(dcb->state), + dcb->fd, + errno, + strerror(errno)))); + n = -1; + goto return_n; + } + + if (b == 0 && nread == 0) + { + /** Handle closed client socket */ + if (dcb_isclient(dcb)) + { + char c; + int l_errno = 0; + int r = -1; + + /* try to read 1 byte, without consuming the socket buffer */ + r = recv(dcb->fd, &c, sizeof(char), MSG_PEEK); + l_errno = errno; + + if (r <= 0 && + l_errno != EAGAIN && + l_errno != EWOULDBLOCK && + l_errno != 0) + { + n = -1; + goto return_n; + } + } + n = 0; + goto return_n; + } + else if (b == 0) + { + n = 0; + goto return_n; + } + + dcb->last_read = hkheartbeat; + + bufsize = MIN(b, nbytes); + + if ((buffer = gwbuf_alloc(bufsize)) == NULL) + { + /*< + * This is a fatal error which should cause shutdown. + * Todo shutdown if memory allocation fails. + */ + LOGIF(LE, (skygw_log_write_flush( + LOGFILE_ERROR, + "Error : Failed to allocate read buffer " + "for dcb %p fd %d, due %d, %s.", + dcb, + dcb->fd, + errno, + strerror(errno)))); + + n = -1; + goto return_n; + } + GW_NOINTR_CALL(n = read(dcb->fd, GWBUF_DATA(buffer), bufsize); + dcb->stats.n_reads++); + + if (n <= 0) + { + if (errno != 0 && errno != EAGAIN && errno != EWOULDBLOCK) + { + LOGIF(LE, (skygw_log_write_flush( + LOGFILE_ERROR, + "Error : Read failed, dcb %p in state " + "%s fd %d, due %d, %s.", + dcb, + STRDCBSTATE(dcb->state), + dcb->fd, + errno, + strerror(errno)))); + } + gwbuf_free(buffer); + goto return_n; + } + nread += n; + + LOGIF(LD, (skygw_log_write( + LOGFILE_DEBUG, + "%lu [dcb_read] Read %d bytes from dcb %p in state %s " + "fd %d.", + pthread_self(), + n, + dcb, + STRDCBSTATE(dcb->state), + dcb->fd))); + /*< Append read data to the gwbuf */ + *head = gwbuf_append(*head, buffer); + +return_n: + return n; +} + + /** * General purpose read routine to read data from a socket in the * Descriptor Control Block and append it to a linked list of buffers. diff --git a/server/include/dcb.h b/server/include/dcb.h index cc96a2c0e..19f1e72ea 100644 --- a/server/include/dcb.h +++ b/server/include/dcb.h @@ -316,6 +316,7 @@ void dcb_free(DCB *); DCB *dcb_connect(struct server *, struct session *, const char *); DCB *dcb_clone(DCB *); int dcb_read(DCB *, GWBUF **); +int dcb_read_n(DCB*,GWBUF **,int); int dcb_drain_writeq(DCB *); void dcb_close(DCB *); DCB *dcb_process_zombies(int); /* Process Zombies except the one behind the pointer */ diff --git a/server/modules/protocol/mysql_client.c b/server/modules/protocol/mysql_client.c index 187c33910..15c572a0f 100644 --- a/server/modules/protocol/mysql_client.c +++ b/server/modules/protocol/mysql_client.c @@ -490,7 +490,6 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue) { /** Do the SSL Handshake */ if(ssl && protocol->owner_dcb->service->ssl_mode != SSL_DISABLED) { - protocol->protocol_auth_state = MYSQL_AUTH_SSL_REQ; if(do_ssl_accept(protocol) < 0) @@ -693,6 +692,11 @@ int gw_read_client_event( { rc = dcb_read_SSL(dcb, &read_buffer); } + else if(dcb->service->ssl_mode != SSL_DISABLED && + protocol->protocol_auth_state == MYSQL_AUTH_SENT) + { + rc = dcb_read_n(dcb, &read_buffer,(4 + 4 + 4 + 1 + 23)); + } else { rc = dcb_read(dcb, &read_buffer); From 3fb1213dee9ffc9759ecc3430109ea76323eb931 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Wed, 10 Jun 2015 06:09:42 +0300 Subject: [PATCH 090/119] Added more error logging when monitor scripts fail. --- server/modules/monitor/galeramon.c | 18 +++++++++++++----- server/modules/monitor/mmmon.c | 16 +++++++++++++--- server/modules/monitor/monitor_common.c | 3 +++ server/modules/monitor/mysql_mon.c | 16 +++++++++++++--- server/modules/monitor/ndbclustermon.c | 16 +++++++++++++--- 5 files changed, 55 insertions(+), 14 deletions(-) diff --git a/server/modules/monitor/galeramon.c b/server/modules/monitor/galeramon.c index 6a842b8c1..07d9fd848 100644 --- a/server/modules/monitor/galeramon.c +++ b/server/modules/monitor/galeramon.c @@ -123,7 +123,7 @@ startMonitor(void *arg,void* opt) MONITOR* mon = arg; GALERA_MONITOR *handle = mon->handle; CONFIG_PARAMETER* params = (CONFIG_PARAMETER*)opt; - bool have_events = false; + bool have_events = false,script_error = false; if (handle != NULL) { handle->shutdown = 0; @@ -163,6 +163,7 @@ startMonitor(void *arg,void* opt) } else { + script_error = true; if(access(params->value,F_OK) == 0) { skygw_log_write(LE, @@ -175,17 +176,24 @@ startMonitor(void *arg,void* opt) "Error: The file cannot be found: %s", params->value); } - handle->script = NULL; } } else if(!strcmp(params->name,"events")) { - mon_parse_event_string((bool*)&handle->events,sizeof(handle->events),params->value); - have_events = true; + if(mon_parse_event_string((bool*)&handle->events,sizeof(handle->events),params->value) != 0) + script_error = true; + else + have_events = true; } params = params->next; } - + if(script_error) + { + skygw_log_write(LE,"Error: Errors were found in the script configuration parameters " + "for the monitor '%s'. The script will not be used.",mon->name); + free(handle->script); + handle->script = NULL; + } /** If no specific events are given, enable them all */ if(!have_events) { diff --git a/server/modules/monitor/mmmon.c b/server/modules/monitor/mmmon.c index 130cdb279..c0d54595d 100644 --- a/server/modules/monitor/mmmon.c +++ b/server/modules/monitor/mmmon.c @@ -113,7 +113,7 @@ startMonitor(void *arg,void* opt) MONITOR* mon = (MONITOR*)arg; MM_MONITOR *handle = mon->handle; CONFIG_PARAMETER* params = (CONFIG_PARAMETER*)opt; - bool have_events = false; + bool have_events = false,script_error = false; if (handle) { @@ -148,6 +148,7 @@ startMonitor(void *arg,void* opt) } else { + script_error = true; if(access(params->value,F_OK) == 0) { skygw_log_write(LE, @@ -165,11 +166,20 @@ startMonitor(void *arg,void* opt) } else if(!strcmp(params->name,"events")) { - mon_parse_event_string((bool*)&handle->events,sizeof(handle->events),params->value); - have_events = true; + if(mon_parse_event_string((bool*)&handle->events,sizeof(handle->events),params->value) != 0) + script_error = true; + else + have_events = true; } params = params->next; } + if(script_error) + { + skygw_log_write(LE,"Error: Errors were found in the script configuration parameters " + "for the monitor '%s'. The script will not be used.",mon->name); + free(handle->script); + handle->script = NULL; + } /** If no specific events are given, enable them all */ if(!have_events) { diff --git a/server/modules/monitor/monitor_common.c b/server/modules/monitor/monitor_common.c index e4b8e7dac..f4566c35a 100644 --- a/server/modules/monitor/monitor_common.c +++ b/server/modules/monitor/monitor_common.c @@ -343,7 +343,10 @@ int mon_parse_event_string(bool* events, size_t count,char* string) { event = mon_name_to_event(tok); if(event == UNDEFINED_MONITOR_EVENT) + { + skygw_log_write(LE,"Error: Invalid event name %s",tok); return -1; + } events[event] = true; tok = strtok_r(NULL,",| ",&saved); } diff --git a/server/modules/monitor/mysql_mon.c b/server/modules/monitor/mysql_mon.c index 6f10b0ac8..2e16afc7b 100644 --- a/server/modules/monitor/mysql_mon.c +++ b/server/modules/monitor/mysql_mon.c @@ -140,7 +140,7 @@ startMonitor(void *arg, void* opt) MONITOR* monitor = (MONITOR*)arg; MYSQL_MONITOR *handle = (MYSQL_MONITOR*)monitor->handle; CONFIG_PARAMETER* params = (CONFIG_PARAMETER*)opt; - bool have_events = false; + bool have_events = false,script_error = false; if (handle) { @@ -176,6 +176,7 @@ startMonitor(void *arg, void* opt) } else { + script_error = true; if(access(params->value,F_OK) == 0) { skygw_log_write(LE, @@ -193,11 +194,20 @@ startMonitor(void *arg, void* opt) } else if(!strcmp(params->name,"events")) { - mon_parse_event_string(handle->events,sizeof(handle->events),params->value); - have_events = true; + if(mon_parse_event_string((bool*)&handle->events,sizeof(handle->events),params->value) != 0) + script_error = true; + else + have_events = true; } params = params->next; } + if(script_error) + { + skygw_log_write(LE,"Error: Errors were found in the script configuration parameters " + "for the monitor '%s'. The script will not be used.",monitor->name); + free(handle->script); + handle->script = NULL; + } /** If no specific events are given, enable them all */ if(!have_events) { diff --git a/server/modules/monitor/ndbclustermon.c b/server/modules/monitor/ndbclustermon.c index c8790be59..9561e275e 100644 --- a/server/modules/monitor/ndbclustermon.c +++ b/server/modules/monitor/ndbclustermon.c @@ -111,7 +111,7 @@ startMonitor(void *arg,void* opt) MONITOR* mon = (MONITOR*)arg; MYSQL_MONITOR *handle = mon->handle; CONFIG_PARAMETER* params = (CONFIG_PARAMETER*)opt; - bool have_events = false; + bool have_events = false,script_error = false; if (handle != NULL) { @@ -140,6 +140,7 @@ startMonitor(void *arg,void* opt) } else { + script_error = true; if(access(params->value,F_OK) == 0) { skygw_log_write(LE, @@ -157,10 +158,19 @@ startMonitor(void *arg,void* opt) } else if(!strcmp(params->name,"events")) { - mon_parse_event_string(&handle->events,sizeof(handle->events),params->value); - have_events = true; + if(mon_parse_event_string((bool*)&handle->events,sizeof(handle->events),params->value) != 0) + script_error = true; + else + have_events = true; } params = params->next; + } + if(script_error) + { + skygw_log_write(LE,"Error: Errors were found in the script configuration parameters " + "for the monitor '%s'. The script will not be used.",mon->name); + free(handle->script); + handle->script = NULL; } /** If no specific events are given, enable them all */ if(!have_events) From c15469013e89d31b9dd5878792d4013304716f90 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Wed, 10 Jun 2015 15:05:39 +0300 Subject: [PATCH 091/119] Fixed non-SSL connections to SSL enabled services failing. --- server/modules/protocol/mysql_client.c | 83 +++++++++++++++----------- 1 file changed, 48 insertions(+), 35 deletions(-) diff --git a/server/modules/protocol/mysql_client.c b/server/modules/protocol/mysql_client.c index 15c572a0f..dd6be0de2 100644 --- a/server/modules/protocol/mysql_client.c +++ b/server/modules/protocol/mysql_client.c @@ -74,7 +74,7 @@ int gw_MySQLWrite_client_SSL(DCB *dcb, GWBUF *queue); int gw_write_client_event_SSL(DCB *dcb); int mysql_send_ok(DCB *dcb, int packet_number, int in_affected_rows, const char* mysql_message); int MySQLSendHandshake(DCB* dcb); -static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue); +static int gw_mysql_do_authentication(DCB *dcb, GWBUF **queue); static int route_by_statement(SESSION *, GWBUF **); extern char* get_username_from_auth(char* ptr, uint8_t* data); extern int check_db_name_after_auth(DCB *, char *, int); @@ -402,7 +402,8 @@ MySQLSendHandshake(DCB* dcb) * @note in case of failure, dcb->data is freed before returning. If succeed, * dcb->data is freed in session.c:session_free. */ -static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue) { +static int gw_mysql_do_authentication(DCB *dcb, GWBUF **buf) { + GWBUF* queue = *buf; MySQLProtocol *protocol = NULL; /* int compress = -1; */ int connect_with_db = -1; @@ -464,46 +465,58 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF *queue) { &protocol->client_capabilities); */ - if(protocol->protocol_auth_state == MYSQL_AUTH_SSL_HANDSHAKE_DONE) - goto ssl_hs_done; - - ssl = protocol->client_capabilities & GW_MYSQL_CAPABILITIES_SSL; - - /** Client didn't requested SSL when SSL mode was required*/ - if(!ssl && protocol->owner_dcb->service->ssl_mode == SSL_REQUIRED) + /** Skip this if the SSL handshake is already done. + * If not, start the SSL handshake. */ + if(protocol->protocol_auth_state != MYSQL_AUTH_SSL_HANDSHAKE_DONE) { - LOGIF(LT,(skygw_log_write(LT,"User %s@%s connected to service '%s' without SSL when SSL was required.", - protocol->owner_dcb->user, - protocol->owner_dcb->remote, - protocol->owner_dcb->service->name))); - return MYSQL_FAILED_AUTH_SSL; - } - if(LOG_IS_ENABLED(LT) && ssl) - { - skygw_log_write(LT,"User %s@%s connected to service '%s' with SSL.", - protocol->owner_dcb->user, - protocol->owner_dcb->remote, - protocol->owner_dcb->service->name); - } + ssl = protocol->client_capabilities & GW_MYSQL_CAPABILITIES_SSL; - /** Do the SSL Handshake */ - if(ssl && protocol->owner_dcb->service->ssl_mode != SSL_DISABLED) - { - protocol->protocol_auth_state = MYSQL_AUTH_SSL_REQ; - - if(do_ssl_accept(protocol) < 0) + /** Client didn't requested SSL when SSL mode was required*/ + if(!ssl && protocol->owner_dcb->service->ssl_mode == SSL_REQUIRED) { - return MYSQL_FAILED_AUTH; + LOGIF(LT,(skygw_log_write(LT,"User %s@%s connected to service '%s' without SSL when SSL was required.", + protocol->owner_dcb->user, + protocol->owner_dcb->remote, + protocol->owner_dcb->service->name))); + return MYSQL_FAILED_AUTH_SSL; } - else + + if(LOG_IS_ENABLED(LT) && ssl) { - return 0; + skygw_log_write(LT,"User %s@%s connected to service '%s' with SSL.", + protocol->owner_dcb->user, + protocol->owner_dcb->remote, + protocol->owner_dcb->service->name); + } + + /** Do the SSL Handshake */ + if(ssl && protocol->owner_dcb->service->ssl_mode != SSL_DISABLED) + { + protocol->protocol_auth_state = MYSQL_AUTH_SSL_REQ; + + if(do_ssl_accept(protocol) < 0) + { + return MYSQL_FAILED_AUTH; + } + else + { + return 0; + } + } + else if(dcb->service->ssl_mode == SSL_ENABLED) + { + /** This is a non-SSL connection to a SSL enabled service + * and we need to read the rest of the packet from the socket for the username */ + int bytes = dcb_read(dcb,&queue); + queue = gwbuf_make_contiguous(queue); + client_auth_packet = GWBUF_DATA(queue); + client_auth_packet_size = gwbuf_length(queue); + *buf = queue; + LOGIF(LD,(skygw_log_write(LD,"%lu Read %d bytes from fd %d",pthread_self(),bytes,dcb->fd))); } } - ssl_hs_done: - username = get_username_from_auth(username, client_auth_packet); if (username == NULL) @@ -848,7 +861,7 @@ int gw_read_client_event( { int auth_val; - auth_val = gw_mysql_do_authentication(dcb, read_buffer); + auth_val = gw_mysql_do_authentication(dcb, &read_buffer); if(protocol->protocol_auth_state == MYSQL_AUTH_SSL_REQ || protocol->protocol_auth_state == MYSQL_AUTH_SSL_HANDSHAKE_ONGOING || @@ -955,7 +968,7 @@ int gw_read_client_event( { int auth_val; - auth_val = gw_mysql_do_authentication(dcb, read_buffer); + auth_val = gw_mysql_do_authentication(dcb, &read_buffer); if (auth_val == 0) From 8ac79cf2adaec88704140731f3b93eddf48e6836 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Thu, 11 Jun 2015 10:28:35 +0300 Subject: [PATCH 092/119] Fixed some hard-coded paths being used instead of CMake variable values. --- etc/postinst.in | 11 ++++++----- server/include/gwdirs.h.in | 8 ++++---- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/etc/postinst.in b/etc/postinst.in index 82886990f..1a2c68ca3 100755 --- a/etc/postinst.in +++ b/etc/postinst.in @@ -2,11 +2,12 @@ # Create directories -mkdir -p @MAXSCALE_LIBDIR@ -mkdir -p @MAXSCALE_BINDIR@ -mkdir -p @MAXSCALE_SHAREDIR@ -mkdir -p @MAXSCALE_DOCDIR@ -mkdir -p @MAXSCALE_CONFDIR@ +mkdir -p @CMAKE_INSTALL_PREFIX@/@MAXSCALE_LIBDIR@ +mkdir -p @CMAKE_INSTALL_PREFIX@/@MAXSCALE_BINDIR@ +mkdir -p @CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHAREDIR@ +mkdir -p @CMAKE_INSTALL_PREFIX@/@MAXSCALE_DOCDIR@ + +# MAXSCALE_VARDIR is an absolute path to /var by default mkdir -p @MAXSCALE_VARDIR@/log/maxscale mkdir -p @MAXSCALE_VARDIR@/lib/maxscale mkdir -p @MAXSCALE_VARDIR@/cache/maxscale diff --git a/server/include/gwdirs.h.in b/server/include/gwdirs.h.in index b8044484b..cf1f47987 100644 --- a/server/include/gwdirs.h.in +++ b/server/include/gwdirs.h.in @@ -24,11 +24,11 @@ /** Default file locations, configured by CMake */ static const char* default_cnf_fname = "maxscale.cnf"; static const char* default_configdir = "/etc/"; -static const char* default_piddir = "/var/run/maxscale/"; -static const char* default_logdir = "/var/log/maxscale/"; -static const char* default_datadir = "/var/lib/maxscale/"; +static const char* default_piddir = "@MAXSCALE_VARDIR@/run/maxscale/"; +static const char* default_logdir = "@MAXSCALE_VARDIR@/log/maxscale/"; +static const char* default_datadir = "@MAXSCALE_VARDIR@/lib/maxscale/"; static const char* default_libdir = "@CMAKE_INSTALL_PREFIX@/@MAXSCALE_LIBDIR@"; -static const char* default_cachedir = "/var/cache/maxscale/"; +static const char* default_cachedir = "@MAXSCALE_VARDIR@/cache/maxscale/"; static const char* default_langdir = "@MAXSCALE_VARDIR@/lib/maxscale/"; static char* configdir = NULL; From bb427128a9f3a80f3545943e676d5422137770f6 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Thu, 11 Jun 2015 12:00:03 +0300 Subject: [PATCH 093/119] Fixed successful SSL_accept calls causing another call to SSL_accept. --- server/core/dcb.c | 34 ++++++++++------ server/core/gateway.c | 90 ++++++++++++++++++++++++++++--------------- 2 files changed, 81 insertions(+), 43 deletions(-) diff --git a/server/core/dcb.c b/server/core/dcb.c index 4c9dd0324..e7c74b6bc 100644 --- a/server/core/dcb.c +++ b/server/core/dcb.c @@ -1046,7 +1046,7 @@ int dcb_read_SSL( int rc; int n; int nread = 0; - + int ssl_errno = 0; CHK_DCB(dcb); if (dcb->fd <= 0) @@ -1062,7 +1062,7 @@ int dcb_read_SSL( while (true) { int bufsize; - int ssl_errno = 0; + ssl_errno = 0; rc = ioctl(dcb->fd, FIONREAD, &b); pending = SSL_pending(dcb->ssl); if (rc == -1) @@ -1096,9 +1096,9 @@ int dcb_read_SSL( if(ssl_errno != SSL_ERROR_WANT_READ && ssl_errno != SSL_ERROR_WANT_WRITE && ssl_errno != SSL_ERROR_NONE) - { n = -1; - } + else + n = 0; goto return_n; } } @@ -1192,7 +1192,7 @@ int dcb_read_SSL( } } } - + n = -1; gwbuf_free(buffer); goto return_n; } @@ -1595,7 +1595,7 @@ dcb_write_SSL(DCB *dcb, GWBUF *queue) if (w < 0) { - int ssl_errno = ERR_get_error(); + int ssl_errno = SSL_get_error(dcb->ssl,w); if (LOG_IS_ENABLED(LOGFILE_DEBUG)) { @@ -1633,6 +1633,17 @@ dcb_write_SSL(DCB *dcb, GWBUF *queue) dcb, STRDCBSTATE(dcb->state), dcb->fd,ssl_errno))); + if(ssl_errno == SSL_ERROR_SSL || + ssl_errno == SSL_ERROR_SYSCALL) + { + while((ssl_errno = ERR_get_error()) != 0) + { + char errbuf[140]; + ERR_error_string(ssl_errno,errbuf); + skygw_log_write(LE,"%s",errbuf); + } + } + break; } } @@ -3016,7 +3027,7 @@ int dcb_accept_SSL(DCB* dcb) rval = 1; LOGIF(LD,(skygw_log_write_flush(LD,"[dcb_accept_SSL] SSL_accept done for %s", dcb->remote))); - break; + return rval; case -1: @@ -3035,10 +3046,10 @@ int dcb_accept_SSL(DCB* dcb) { rval = -1; skygw_log_write(LE, - "Error: Fatal error in SSL_accept for %s: (SSL error code: %d):%s", + "Error: Fatal error in SSL_accept for %s: (SSL version: %s SSL error code: %d)", dcb->remote, - errnum, - strerror(errno)); + SSL_get_version(dcb->ssl), + errnum); if(errnum == SSL_ERROR_SSL || errnum == SSL_ERROR_SYSCALL) { @@ -3104,8 +3115,7 @@ int dcb_connect_SSL(DCB* dcb) case -1: errnum = SSL_get_error(dcb->ssl,rval); - if(errnum == SSL_ERROR_WANT_READ || errnum == SSL_ERROR_WANT_WRITE || - errnum == SSL_ERROR_WANT_X509_LOOKUP) + if(errnum == SSL_ERROR_WANT_READ || errnum == SSL_ERROR_WANT_WRITE) { /** Not all of the data has been read. Go back to the poll queue and wait for more.*/ diff --git a/server/core/gateway.c b/server/core/gateway.c index 794ed5304..1805e483d 100644 --- a/server/core/gateway.c +++ b/server/core/gateway.c @@ -40,7 +40,16 @@ * @endverbatim */ #define _XOPEN_SOURCE 700 +#define OPENSSL_THREAD_DEFINES #include + + #include + #if defined(OPENSSL_THREADS) +#define HAVE_OPENSSL_THREADS 1 + #else +#define HAVE_OPENSSL_THREADS 0 + #endif + #include #include #include @@ -196,9 +205,46 @@ static bool resolve_maxscale_conf_fname( static char* check_dir_access(char* dirname,bool,bool); static int set_user(); -static void maxscale_ssl_lock(int mode,int n,const char* file, int line); -static unsigned long maxscale_ssl_id(); -static SPINLOCK* ssl_locks; + +/** SSL multi-threading functions and structures */ + +struct CRYPTO_dynlock_value +{ + SPINLOCK lock; +}; + +static struct CRYPTO_dynlock_value *ssl_create_dynlock(const char* file, int line) +{ + struct CRYPTO_dynlock_value* lock = malloc(sizeof(struct CRYPTO_dynlock_value)); + if(lock) + { + spinlock_init(&lock->lock); + } + return lock; +} + +static void ssl_lock_dynlock(int mode,struct CRYPTO_dynlock_value * n,const char* file, int line) +{ + if(mode & CRYPTO_LOCK) + { + spinlock_acquire(&n->lock); + } + else + { + spinlock_release(&n->lock); + } +} + +static void ssl_free_dynlock(struct CRYPTO_dynlock_value * n,const char* file, int line) +{ + free(n); +} + +static void maxscale_ssl_id(CRYPTO_THREADID* id) +{ + CRYPTO_THREADID_set_numeric(id,pthread_self()); +} + /** * Handler for SIGHUP signal. Reload the configuration for the * gateway. @@ -1374,23 +1420,21 @@ int main(int argc, char **argv) } /** OpenSSL initialization */ - - SSL_library_init(); - SSL_load_error_strings(); - OPENSSL_add_all_algorithms_noconf(); - - int n_locks = CRYPTO_num_locks(); - if((ssl_locks = malloc(n_locks*sizeof(SPINLOCK))) == NULL) + if(!HAVE_OPENSSL_THREADS) { + char* logerr = "OpenSSL library does not support multi-threading"; + print_log_n_stderr(true, true, logerr, logerr, eno); rc = MAXSCALE_INTERNALERROR; goto return_main; } + SSL_library_init(); + SSL_load_error_strings(); + OPENSSL_add_all_algorithms_noconf(); + CRYPTO_set_dynlock_create_callback(ssl_create_dynlock); + CRYPTO_set_dynlock_destroy_callback(ssl_free_dynlock); + CRYPTO_set_dynlock_lock_callback(ssl_lock_dynlock); + CRYPTO_THREADID_set_callback(maxscale_ssl_id); - for(i = 0;i Date: Thu, 11 Jun 2015 13:22:18 +0300 Subject: [PATCH 094/119] Added RSA key generator. --- server/core/service.c | 72 ++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 67 insertions(+), 5 deletions(-) diff --git a/server/core/service.c b/server/core/service.c index 826c79e66..fbffd27bd 100644 --- a/server/core/service.c +++ b/server/core/service.c @@ -69,6 +69,9 @@ extern int lm_enabled_logfiles_bitmask; extern size_t log_ses_count[]; extern __thread log_info_t tls_log_info; +static RSA *rsa_512 = NULL; +static RSA *rsa_1024 = NULL; + /** To be used with configuration type checks */ typedef struct typelib_st { int tl_nelems; @@ -418,6 +421,17 @@ serviceStart(SERVICE *service) SERV_PROTOCOL *port; int listeners = 0; +if(service->ssl_mode != SSL_DISABLED) +{ + if(serviceInitSSL(service) != 0) + { + LOGIF(LE, (skygw_log_write_flush(LOGFILE_ERROR, + "%s: SSL initialization failed. Service not started.", + service->name))); + service->state = SERVICE_STATE_FAILED; + return 0; + } +} if ((service->router_instance = service->router->createInstance(service, service->routerOptions)) == NULL) { @@ -1839,9 +1853,44 @@ int *data; } +/** + * + * @param s + * @param is_export + * @param keylength + * @return + */ + RSA *tmp_rsa_callback(SSL *s, int is_export, int keylength) + { + RSA *rsa_tmp=NULL; + + switch (keylength) { + case 512: + if (rsa_512) + rsa_tmp = rsa_512; + else { /* generate on the fly, should not happen in this example */ + rsa_tmp = RSA_generate_key(keylength,RSA_F4,NULL,NULL); + rsa_512 = rsa_tmp; /* Remember for later reuse */ + } + break; + case 1024: + if (rsa_1024) + rsa_tmp=rsa_1024; + break; + default: + /* Generating a key on the fly is very costly, so use what is there */ + if (rsa_1024) + rsa_tmp=rsa_1024; + else + rsa_tmp=rsa_512; /* Use at least a shorter key */ + } + return(rsa_tmp); + } + int serviceInitSSL(SERVICE* service) { DH* dh; + RSA* rsa; if(!service->ssl_init_done) { @@ -1878,12 +1927,21 @@ int serviceInitSSL(SERVICE* service) service->ctx = SSL_CTX_new(service->method); - /** Enable the Diffie-Hellman algorithms */ - if((dh = ssl_get_dh2236()) != NULL) + if(rsa_512 == NULL) { - SSL_CTX_set_tmp_dh(service->ctx,dh); - DH_free(dh); + rsa_512 = RSA_generate_key(512,RSA_F4,NULL,NULL); + if (rsa_512 == NULL) + skygw_log_write(LE,"Error: 512-bit RSA key generation failed."); } + if(rsa_1024 == NULL) + { + rsa_1024 = RSA_generate_key(1024,RSA_F4,NULL,NULL); + if (rsa_1024 == NULL) + skygw_log_write(LE,"Error: 1024-bit RSA key generation failed."); + } + + if(rsa_512 != NULL && rsa_1024 != NULL) + SSL_CTX_set_tmp_rsa_callback(service->ctx,tmp_rsa_callback); if (SSL_CTX_use_certificate_file(service->ctx, service->ssl_cert, SSL_FILETYPE_PEM) <= 0) { skygw_log_write(LE,"Error: Failed to set server SSL certificate."); @@ -1919,6 +1977,10 @@ int serviceInitSSL(SERVICE* service) return 0; } +/** + * Generated by OpenSSL. + * @return + */ DH *ssl_get_dh2236() { static unsigned char dh2236_p[]={ @@ -1958,4 +2020,4 @@ DH *ssl_get_dh2236() if ((dh->p == NULL) || (dh->g == NULL)) { DH_free(dh); return(NULL); } return(dh); -} \ No newline at end of file +} From 3f34d237cae6a367ac20c448d91e8d307e79e998 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Thu, 11 Jun 2015 15:26:05 +0300 Subject: [PATCH 095/119] enabled all bug fixes for OpenSSL. --- server/core/service.c | 1 + 1 file changed, 1 insertion(+) diff --git a/server/core/service.c b/server/core/service.c index fbffd27bd..bd09f06ee 100644 --- a/server/core/service.c +++ b/server/core/service.c @@ -1926,6 +1926,7 @@ int serviceInitSSL(SERVICE* service) } service->ctx = SSL_CTX_new(service->method); + SSL_CTX_set_options(service->ctx,SSL_OP_ALL); if(rsa_512 == NULL) { From 1c68a9a8729d625e495a6bf133f6c194d9b8dfaf Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Thu, 11 Jun 2015 15:54:09 +0300 Subject: [PATCH 096/119] Fixed dcb_connect_SSL calling SSL_connect again after a successful connection was already made. --- server/core/dcb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/core/dcb.c b/server/core/dcb.c index e7c74b6bc..51dbb412f 100644 --- a/server/core/dcb.c +++ b/server/core/dcb.c @@ -3110,7 +3110,7 @@ int dcb_connect_SSL(DCB* dcb) LOGIF(LD,(skygw_log_write_flush(LD,"SSL_connect done for %s@%s", dcb->user, dcb->remote))); - break; + return rval; case -1: errnum = SSL_get_error(dcb->ssl,rval); From f24da8712b4c4cbf5c1bf731a6133cae39d62245 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Thu, 11 Jun 2015 18:25:42 +0300 Subject: [PATCH 097/119] Fixed a segfault and disabled syslog by default. --- server/core/gateway.c | 46 +++++++++++++++++++++++++------------------ 1 file changed, 27 insertions(+), 19 deletions(-) diff --git a/server/core/gateway.c b/server/core/gateway.c index 9845713e1..9d0e6f908 100644 --- a/server/core/gateway.c +++ b/server/core/gateway.c @@ -935,7 +935,7 @@ int main(int argc, char **argv) char* tmp_var; int option_index; int logtofile = 0; /* Use shared memory or file */ - int syslog_enabled = 1; /** Log to syslog */ + int syslog_enabled = 0; /** Log to syslog */ int maxscalelog_enabled = 1; /** Log with MaxScale */ ssize_t log_flush_timeout_ms = 0; sigset_t sigset; @@ -1078,26 +1078,34 @@ int main(int argc, char **argv) } break; case 'S': - if(strstr(optarg,"=")) - { - strtok(optarg,"= "); - maxscalelog_enabled = config_truth_value(strtok(NULL,"= ")); - } - else - { - maxscalelog_enabled = config_truth_value(optarg); - } + { + char* tok = strstr(optarg,"="); + if(tok) + { + tok++; + if(tok) + maxscalelog_enabled = config_truth_value(tok); + } + else + { + maxscalelog_enabled = config_truth_value(optarg); + } + } break; case 's': - if(strstr(optarg,"=")) - { - strtok(optarg,"= "); - syslog_enabled = config_truth_value(strtok(NULL,"= ")); - } - else - { - syslog_enabled = config_truth_value(optarg); - } + { + char* tok = strstr(optarg,"="); + if(tok) + { + tok++; + if(tok) + syslog_enabled = config_truth_value(tok); + } + else + { + syslog_enabled = config_truth_value(optarg); + } + } break; case 'U': if(set_user(optarg) != 0) From 2b2e81feb26665b938eb4acb8a60adb124bb6fdc Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Thu, 11 Jun 2015 19:05:05 +0300 Subject: [PATCH 098/119] Fix to MXS-181: https://mariadb.atlassian.net/browse/MXS-181 Added TCP_NODELAY to socket options. --- server/modules/protocol/mysql_client.c | 4 ++++ server/modules/protocol/mysql_common.c | 18 ++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/server/modules/protocol/mysql_client.c b/server/modules/protocol/mysql_client.c index abdb4422c..ea0b05b79 100644 --- a/server/modules/protocol/mysql_client.c +++ b/server/modules/protocol/mysql_client.c @@ -46,6 +46,7 @@ #include #include #include +#include MODULE_INFO info = { MODULE_API_PROTOCOL, @@ -1064,6 +1065,9 @@ int gw_MySQLListener( LOGIF(LE, (skygw_log_write_flush(LOGFILE_ERROR,"Error: Failed to set socket options. Error %d: %s",errno,strerror(errno)))); } + if((syseno = setsockopt(l_so, IPPROTO_TCP, TCP_NODELAY, (char *)&one, sizeof(one))) != 0){ + LOGIF(LE, (skygw_log_write_flush(LOGFILE_ERROR,"Error: Failed to set socket options. Error %d: %s",errno,strerror(errno)))); + } // set NONBLOCKING mode setnonblocking(l_so); diff --git a/server/modules/protocol/mysql_common.c b/server/modules/protocol/mysql_common.c index ffd72c034..0a7f22f5e 100644 --- a/server/modules/protocol/mysql_common.c +++ b/server/modules/protocol/mysql_common.c @@ -44,6 +44,7 @@ #include #include #include +#include /** Defined in log_manager.cc */ extern int lm_enabled_logfiles_bitmask; @@ -812,6 +813,23 @@ int gw_do_connect_to_backend( goto close_so; } + int one = 1; + if(setsockopt(so, IPPROTO_TCP, TCP_NODELAY, &one, sizeof(one)) != 0) + { + LOGIF(LE, (skygw_log_write_flush( + LOGFILE_ERROR, + "Error: Failed to set socket options " + "%s:%d failed.\n\t\t Socket configuration failed " + "due %d, %s.", + host, + port, + errno, + strerror(errno)))); + rv = -1; + /** Close socket */ + goto close_so; + } + /* set socket to as non-blocking here */ setnonblocking(so); rv = connect(so, (struct sockaddr *)&serv_addr, sizeof(serv_addr)); From 6f0e3937eba9e4466a9b4645deca9064c76cde47 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Thu, 11 Jun 2015 19:43:22 +0300 Subject: [PATCH 099/119] Added missing include to gwdirs.h. --- server/include/gwdirs.h.in | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/server/include/gwdirs.h.in b/server/include/gwdirs.h.in index cf1f47987..fe911c71b 100644 --- a/server/include/gwdirs.h.in +++ b/server/include/gwdirs.h.in @@ -18,9 +18,11 @@ * * Copyright MariaDB Corporation Ab 2015 */ - +#ifndef _GNU_SOURCE +#define _GNU_SOURCE 1 +#endif #include - +#include /** Default file locations, configured by CMake */ static const char* default_cnf_fname = "maxscale.cnf"; static const char* default_configdir = "/etc/"; From fe2062b5b09d18f4bfb078f646fd941bdd09338b Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Thu, 11 Jun 2015 19:50:51 +0300 Subject: [PATCH 100/119] Fixed a regression in mysql_mon.c which caused a memory leak --- server/modules/monitor/mysql_mon.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/server/modules/monitor/mysql_mon.c b/server/modules/monitor/mysql_mon.c index 2e16afc7b..e310e2ede 100644 --- a/server/modules/monitor/mysql_mon.c +++ b/server/modules/monitor/mysql_mon.c @@ -323,6 +323,8 @@ char *server_string; int read_timeout = mon->read_timeout; int write_timeout = mon->write_timeout; + if(database->con) + mysql_close(database->con); database->con = mysql_init(NULL); mysql_options(database->con, MYSQL_OPT_CONNECT_TIMEOUT, (void *)&connect_timeout); From 68d5054afe3977717af708834b1fa15d50c44963 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Thu, 11 Jun 2015 20:58:27 +0300 Subject: [PATCH 101/119] dcb_alloc now explicitly sets the server and service pointers to NULL. --- server/core/dcb.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/server/core/dcb.c b/server/core/dcb.c index 6717aea41..128ffed21 100644 --- a/server/core/dcb.c +++ b/server/core/dcb.c @@ -193,7 +193,8 @@ DCB *rval; rval->polloutbusy = 0; rval->writecheck = 0; rval->fd = DCBFD_CLOSED; - + rval->server = NULL; + rval->service = NULL; rval->evq.next = NULL; rval->evq.prev = NULL; rval->evq.pending_events = 0; From 521e1aaf3b9126a7c21c31219871f3eb25f959e8 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Fri, 12 Jun 2015 02:44:43 +0300 Subject: [PATCH 102/119] Added man page for maxscale. --- CMakeLists.txt | 1 + Documentation/maxscale.1 | 69 ++++++++++++++++++++++++++++++++++++++++ etc/postinst.in | 2 +- 3 files changed, 71 insertions(+), 1 deletion(-) create mode 100644 Documentation/maxscale.1 diff --git a/CMakeLists.txt b/CMakeLists.txt index 4f35031d8..a21e9c745 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -159,6 +159,7 @@ install(FILES ${ERRMSG} DESTINATION ${MAXSCALE_VARDIR}/lib/maxscale install(FILES ${CMAKE_SOURCE_DIR}/COPYRIGHT DESTINATION ${MAXSCALE_SHAREDIR}) install(FILES ${CMAKE_SOURCE_DIR}/README DESTINATION ${MAXSCALE_SHAREDIR}) install(FILES ${CMAKE_SOURCE_DIR}/LICENSE DESTINATION ${MAXSCALE_SHAREDIR}) +install(FILES Documentation/maxscale.1 DESTINATION ${CMAKE_INSTALL_DATADIR}/man/man1) # Install startup scripts and ldconfig files if(WITH_SCRIPTS) diff --git a/Documentation/maxscale.1 b/Documentation/maxscale.1 new file mode 100644 index 000000000..104eaa235 --- /dev/null +++ b/Documentation/maxscale.1 @@ -0,0 +1,69 @@ +.TH maxscale 1 +.SH NAME +maxscale - The intelligent proxy +.SH SYNOPSIS +.B maxscale +[\fIOPTIONS...\fR] +.SH DESCRIPTION +The MariaDB Corporation MaxScale is an intelligent proxy that allows forwarding of +database statements to one or more database servers using complex rules, +a semantic understanding of the database statements and the roles of +the various servers within the backend cluster of databases. + +MaxScale is designed to provide load balancing and high availability +functionality transparently to the applications. In addition it provides +a highly scalable and flexible architecture, with plugin components to +support different protocols and routing decisions. + +.SH OPTIONS +.TP +.BR "-d, --nodaemon" +Run MaxScale in the terminal process +.TP +.BR -f " \fIFILE\fB, --config=\fIFILE\fR" +Relative or absolute pathname of MaxScale configuration file to load. +.TP +.BR -l "[\fIfile|shm\fB], --log=[\fIfile|shm\fB]" +Log trace and debug logs to file or shared memory. The debug and trace logs are disabled by default and if enabled, will log to shared memory. +.TP +.BR -L " \fIPATH\fB, --logdir=\fIPATH\fB" +Path to log file directory. +.TP +.BR -D " \fIPATH\fB, --datadir=\fIPATH\fB" +Path to data directory. This is where the embedded mysql tables are stored in addition to other MaxScale specific data. +.TP +.BR -C " \fIPATH\fB, --configdir=\fIPATH\fB" +Path to configuration file directory. MaxScale will look for the \fImaxscale.cnf\fR file from this folder. +.TP +.BR -B " \fIPATH\fB, --libdir=\fIPATH\fB" +Path to module directory. Modules are only searched from this folder. +.TP +.BR -A " \fIPATH\fB, --cachedir=\fIPATH\fB" +Path to cache directory. This is where MaxScale stores cached authentication data. +.TP +.BR -P " \fIPATH\fB, --piddir=\fIPATH\fB" +Location of MaxScale's PID file. +.TP +.BR -U " \fIUSER\fB, --user=\fIUSER\fB" +Run MaxScale as another user. The user ID and group ID of this user are used to run MaxScale. +.TP +.BR -s " [\fIyes\fB|\fIno\fB], --syslog=[\fIyes\fB|\fIno\fB]" +Log messages to syslog. +.TP +.BR -S " [\fIyes\fB|\fIno\fB], \fB--maxscalelog=[\fIyes\fB|\fIno\fB]" +Log messages to MaxScale's own log files. +.TP +.BR "-v, --version" +Print version information and exit. +.TP +.BR "-?, --help" +Show the help information for MaxScale and exit. + +.SH EXAMPLES +Tutorials on GitHub: +.UR https://github.com/mariadb-corporation/MaxScale/blob/master/Documentation/Documentation-Contents.md#tutorials +.UE +.SH SEE ALSO +The MaxScale documentation on GitHub: +.UR https://github.com/mariadb-corporation/MaxScale/blob/master/Documentation/Documentation-Contents.md +.UE diff --git a/etc/postinst.in b/etc/postinst.in index 1a2c68ca3..e1d3dc8ad 100755 --- a/etc/postinst.in +++ b/etc/postinst.in @@ -38,7 +38,7 @@ then cp @CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHAREDIR@/maxscale.service /usr/lib/systemd/system fi /sbin/ldconfig - +mandb cat <& 2 ********** Notice: MaxScale 1.2 Changes ************** From d3cc9be52ec445602180abcfb78ccaf226ef4b5d Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Fri, 12 Jun 2015 10:05:50 +0300 Subject: [PATCH 103/119] Added libcurl-devel and pcre-devel to build dependencies. --- .../Getting-Started/Building-MaxScale-from-Source-Code.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Documentation/Getting-Started/Building-MaxScale-from-Source-Code.md b/Documentation/Getting-Started/Building-MaxScale-from-Source-Code.md index f83a6e3ae..95236ed7e 100644 --- a/Documentation/Getting-Started/Building-MaxScale-from-Source-Code.md +++ b/Documentation/Getting-Started/Building-MaxScale-from-Source-Code.md @@ -28,7 +28,7 @@ You will need to install all of the following packages for all versions of RHEL, ``` gcc gcc-c++ ncurses-devel bison glibc-devel cmake libgcc perl make libtool -openssl-devel libaio libaio-devel librabbitmq-devel +openssl-devel libaio libaio-devel librabbitmq-devel libcurl-devel pcre-devel ``` In addition, if you wish to to build an RPM package include: @@ -68,7 +68,7 @@ These packages are required on all versions of Ubuntu and Debian. ``` build-essential libssl-dev libaio-dev ncurses-dev bison - cmake perl libtool librabbitmq-dev + cmake perl libtool librabbitmq-dev libcurl-dev libpcre3-dev ``` If you want to build a DEB package, you will also need: From f602121459b021c4f597229add2dffbd2851aa34 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Fri, 12 Jun 2015 21:21:06 +0300 Subject: [PATCH 104/119] Added configurable SSL certificate verification depth and updated the documentation in the code. --- .../Getting-Started/Configuration-Guide.md | 9 ++ Documentation/Reference/MaxScale-and-SSL.md | 7 +- server/core/config.c | 11 ++ server/core/dcb.c | 13 +- server/core/gateway.c | 27 ++++ server/core/service.c | 120 ++++++++++-------- server/include/service.h | 13 +- server/modules/protocol/mysql_client.c | 53 ++++---- 8 files changed, 163 insertions(+), 90 deletions(-) diff --git a/Documentation/Getting-Started/Configuration-Guide.md b/Documentation/Getting-Started/Configuration-Guide.md index 23a9df70d..113e28c60 100644 --- a/Documentation/Getting-Started/Configuration-Guide.md +++ b/Documentation/Getting-Started/Configuration-Guide.md @@ -356,6 +356,15 @@ This parameter controls the level of encryption used. Accepted values are: * TLSv12 * MAX +### `ssl_cert_verification_depth` + +The maximum length of the certificate authority chain that will be accepted. Accepted values are positive integers. + +``` +# Example +ssl_cert_verification_depth=10 +``` + Example SSL enabled service configuration: ``` diff --git a/Documentation/Reference/MaxScale-and-SSL.md b/Documentation/Reference/MaxScale-and-SSL.md index ca61d52e2..d03a5af52 100644 --- a/Documentation/Reference/MaxScale-and-SSL.md +++ b/Documentation/Reference/MaxScale-and-SSL.md @@ -8,7 +8,8 @@ Here are the options which relate to SSL and certificates. Parameter|Values |Description ---------|-----------|-------- ssl | disabled, enabled, required |`disable` disables SSL, `enabled` enables SSL for client connections but still allows non-SSL connections and `required` requires SSL from all client connections. With the `required` option, client connections that do not use SSL will be rejected. -ssl_cert | |Path to server certificate -ssl_key | |Path to server private key -ssl_ca_cert | |Path to Certificate Authority file +ssl_cert | path to file |Path to server certificate +ssl_key | path to file |Path to server private key +ssl_ca_cert | path to file |Path to Certificate Authority file ssl_version|SSLV2,SSLV3,TLSV10,TLSV11,TLSV12,MAX| The SSL method level, defaults to highest available encryption level which is TLSv1.2 +ssl_cert_verify_depth|integer|Certificate authority certificate verification depth, default is 100. diff --git a/server/core/config.c b/server/core/config.c index 40be2c704..3e778d077 100644 --- a/server/core/config.c +++ b/server/core/config.c @@ -346,6 +346,7 @@ hashtable_memory_fns(monitorhash,strdup,NULL,free,NULL); char *version_string; char *subservices; char *ssl,*ssl_cert,*ssl_key,*ssl_ca_cert,*ssl_version; + char* ssl_cert_verify_depth; bool is_rwsplit = false; bool is_schemarouter = false; char *allow_localhost_match_wildcard_host; @@ -359,6 +360,7 @@ hashtable_memory_fns(monitorhash,strdup,NULL,free,NULL); ssl_key = config_get_value(obj->parameters, "ssl_key"); ssl_ca_cert = config_get_value(obj->parameters, "ssl_ca_cert"); ssl_version = config_get_value(obj->parameters, "ssl_version"); + ssl_cert_verify_depth = config_get_value(obj->parameters, "ssl_cert_verify_depth"); enable_root_user = config_get_value( obj->parameters, "enable_root_user"); @@ -514,6 +516,14 @@ hashtable_memory_fns(monitorhash,strdup,NULL,free,NULL); error_count++; } } + if(ssl_cert_verify_depth) + { + if(serviceSetSSLVerifyDepth(obj->element,atoi(ssl_cert_verify_depth)) != 0) + { + skygw_log_write(LE,"Error: Invalid parameter value for 'ssl_cert_verify_depth' for service '%s': %s",obj->object,ssl_cert_verify_depth); + error_count++; + } + } } } @@ -2005,6 +2015,7 @@ static char *service_params[] = "ssl", "ssl_key", "ssl_version", + "ssl_cert_verify_depth", NULL }; diff --git a/server/core/dcb.c b/server/core/dcb.c index 05114f48f..f600239ca 100644 --- a/server/core/dcb.c +++ b/server/core/dcb.c @@ -887,10 +887,13 @@ return_n: /** * General purpose read routine to read data from a socket in the * Descriptor Control Block and append it to a linked list of buffers. - * The list may be empty, in which case *head == NULL + * This function will read at most nbytes of data. + * + * The list may be empty, in which case *head == NULL. This * * @param dcb The DCB to read from * @param head Pointer to linked list to append data to + * @param nbytes Maximum number of bytes read * @return -1 on error, otherwise the number of read bytes on the last * iteration of while loop. 0 is returned if no data available. */ @@ -1835,7 +1838,8 @@ int above_water; /** * Drain the write queue of a DCB. This is called as part of the EPOLLOUT handling * of a socket and will try to send any buffered data from the write queue - * up until the point the write would block. + * up until the point the write would block. This function uses SSL encryption + * and the SSL handshake should have been completed prior to calling this function. * * @param dcb DCB to drain the write queue of * @return The number of bytes written @@ -2495,9 +2499,10 @@ static bool dcb_set_state_nomutex( } /** - * Write data to a DCB + * Write data to a socket through an SSL structure. The SSL structure is linked to a DCB's socket + * and all communication is encrypted and done via the SSL structure. * - * @param ssl The SSL to write the buffer to + * @param ssl The SSL structure to use for writing * @param buf Buffer to write * @param nbytes Number of bytes to write * @return Number of written bytes diff --git a/server/core/gateway.c b/server/core/gateway.c index 412714fbb..21c4472c0 100644 --- a/server/core/gateway.c +++ b/server/core/gateway.c @@ -208,11 +208,21 @@ static int set_user(); /** SSL multi-threading functions and structures */ +/** + * OpenSSL requires this struct to be defined in order to use dynamic locks + */ struct CRYPTO_dynlock_value { SPINLOCK lock; }; +/** + * Create a dynamic OpenSSL lock. The dynamic lock is just a wrapper structure + * around a SPINLOCK structure. + * @param file File name + * @param line Line number + * @return Pointer to new lock or NULL of an error occurred + */ static struct CRYPTO_dynlock_value *ssl_create_dynlock(const char* file, int line) { struct CRYPTO_dynlock_value* lock = malloc(sizeof(struct CRYPTO_dynlock_value)); @@ -223,6 +233,13 @@ static struct CRYPTO_dynlock_value *ssl_create_dynlock(const char* file, int lin return lock; } +/** + * Lock a dynamic lock for OpenSSL. + * @param mode + * @param n pointer to lock + * @param file File name + * @param line Line number + */ static void ssl_lock_dynlock(int mode,struct CRYPTO_dynlock_value * n,const char* file, int line) { if(mode & CRYPTO_LOCK) @@ -235,11 +252,21 @@ static void ssl_lock_dynlock(int mode,struct CRYPTO_dynlock_value * n,const char } } +/** + * Free a dynamic OpenSSL lock. + * @param n Lock to free + * @param file File name + * @param line Line number + */ static void ssl_free_dynlock(struct CRYPTO_dynlock_value * n,const char* file, int line) { free(n); } +/** + * The thread ID callback function for OpenSSL dynamic locks. + * @param id Id to modify + */ static void maxscale_ssl_id(CRYPTO_THREADID* id) { CRYPTO_THREADID_set_numeric(id,pthread_self()); diff --git a/server/core/service.c b/server/core/service.c index bd09f06ee..4215ce725 100644 --- a/server/core/service.c +++ b/server/core/service.c @@ -94,7 +94,7 @@ static SPINLOCK service_spin = SPINLOCK_INIT; static SERVICE *allServices = NULL; static int find_type(typelib_t* tl, const char* needle, int maxlen); -DH *ssl_get_dh2236(); + static void service_add_qualified_param( SERVICE* svc, CONFIG_PARAMETER* param); @@ -144,7 +144,8 @@ SERVICE *service; service->ssl_ca_cert = NULL; service->ssl_cert = NULL; service->ssl_key = NULL; - /** Use the highest possible SSL/TLS methods available */ + service->ssl_cert_verify_depth = DEFAULT_SSL_CERT_VERIFY_DEPTH; + /** Support the highest possible SSL/TLS methods available as the default */ service->ssl_method_type = SERVICE_SSL_TLS_MAX; if (service->name == NULL || service->routerModule == NULL) { @@ -875,6 +876,14 @@ serviceOptimizeWildcard(SERVICE *service, int action) return 1; } +/** + * Set the locations of the server's SSL certificate, server's private key and the CA + * certificate which both the client and the server should trust. + * @param service Service to configure + * @param cert SSL certificate + * @param key SSL private key + * @param ca_cert SSL CA certificate + */ void serviceSetCertificates(SERVICE *service, char* cert,char* key, char* ca_cert) { @@ -891,6 +900,12 @@ serviceSetCertificates(SERVICE *service, char* cert,char* key, char* ca_cert) service->ssl_ca_cert = strdup(ca_cert); } +/** + * Set the maximum SSL/TLS version the service will support + * @param service Service to configure + * @param version SSL/TLS version string + * @return 0 on success, -1 on invalid version string + */ int serviceSetSSLVersion(SERVICE *service, char* version) { @@ -909,7 +924,34 @@ serviceSetSSLVersion(SERVICE *service, char* version) else return -1; return 0; } -/** Enable or disable the service SSL capability*/ + +/** + * Set the service's SSL certificate verification depth. Depth of 0 means the peer + * certificate, 1 is the CA and 2 is a higher CA and so on. + * @param service Service to configure + * @param depth Certificate verification depth + * @return 0 on success, -1 on incorrect depth value + */ +int serviceSetSSLVerifyDepth(SERVICE* service, int depth) +{ + if(depth < 0) + return -1; + + service->ssl_cert_verify_depth = depth; + return 0; +} + +/** + * Enable or disable the service SSL capability of a service. + * The SSL mode string passed as a parameter should be one of required, enabled + * or disabled. Required requires all connections to use SSL encryption, enabled + * allows both SSL and non-SSL connections and disabled does not use SSL encryption. + * If the service SSL mode is set to enabled, then the client will decide whether + * SSL encryption is used. + * @param service Service to configure + * @param action Mode string. One of required, enabled or disabled. + * @return 0 on success, -1 on error + */ int serviceSetSSL(SERVICE *service, char* action) { @@ -1854,11 +1896,11 @@ int *data; /** - * - * @param s - * @param is_export - * @param keylength - * @return + * The RSA ket generation callback function for OpenSSL. + * @param s SSL structure + * @param is_export Not used + * @param keylength Length of the key + * @return Pointer to RSA structure */ RSA *tmp_rsa_callback(SSL *s, int is_export, int keylength) { @@ -1887,6 +1929,13 @@ int *data; return(rsa_tmp); } + /** + * Initialize the servce's SSL context. This sets up the generated RSA + * encryption keys, chooses the server encryption level and configures the server + * certificate, private key and certificate authority file. + * @param service + * @return + */ int serviceInitSSL(SERVICE* service) { DH* dh; @@ -1911,6 +1960,8 @@ int serviceInitSSL(SERVICE* service) case SERVICE_TLS12: service->method = (SSL_METHOD*)TLSv1_2_server_method(); break; + + /** Rest of these use the maximum available SSL/TLS methods */ case SERVICE_SSL_MAX: service->method = (SSL_METHOD*)SSLv23_server_method(); break; @@ -1926,8 +1977,11 @@ int serviceInitSSL(SERVICE* service) } service->ctx = SSL_CTX_new(service->method); + + /** Enable all OpenSSL bug fixes */ SSL_CTX_set_options(service->ctx,SSL_OP_ALL); + /** Generate the 512-bit and 1024-bit RSA keys */ if(rsa_512 == NULL) { rsa_512 = RSA_generate_key(512,RSA_F4,NULL,NULL); @@ -1944,6 +1998,7 @@ int serviceInitSSL(SERVICE* service) if(rsa_512 != NULL && rsa_1024 != NULL) SSL_CTX_set_tmp_rsa_callback(service->ctx,tmp_rsa_callback); + /** Load the server sertificate */ if (SSL_CTX_use_certificate_file(service->ctx, service->ssl_cert, SSL_FILETYPE_PEM) <= 0) { skygw_log_write(LE,"Error: Failed to set server SSL certificate."); return -1; @@ -1971,54 +2026,9 @@ int serviceInitSSL(SERVICE* service) /* Set to require peer (client) certificate verification */ SSL_CTX_set_verify(service->ctx,SSL_VERIFY_PEER,NULL); - /* Set the verification depth to 1 */ - SSL_CTX_set_verify_depth(service->ctx,1); + /* Set the verification depth */ + SSL_CTX_set_verify_depth(service->ctx,service->ssl_cert_verify_depth); service->ssl_init_done = true; } return 0; } - -/** - * Generated by OpenSSL. - * @return - */ -DH *ssl_get_dh2236() -{ - static unsigned char dh2236_p[]={ - 0x0B,0xC3,0xEC,0x3F,0xCB,0xD0,0x2E,0x43,0x7B,0x13,0xF9,0x0C, - 0x4D,0xE5,0xA3,0xA4,0xDB,0x68,0x13,0xBD,0xFC,0xD2,0x35,0x05, - 0xCB,0x62,0xA1,0x85,0x33,0x20,0xC4,0x88,0x3B,0x2B,0xD5,0x76, - 0x94,0xCD,0xEB,0x9C,0x5A,0xD1,0x16,0xDB,0x51,0x82,0x7A,0x1E, - 0xC6,0xC3,0xD9,0x52,0x8F,0x54,0x33,0xF4,0x50,0x96,0x01,0xF4, - 0x71,0xA1,0x8B,0x9B,0x43,0x85,0x9C,0x95,0xFF,0x53,0x1D,0x8D, - 0xDF,0xBC,0x60,0xEB,0x4D,0x96,0xD1,0x05,0x98,0x4A,0xEB,0xC9, - 0x33,0xF6,0xE9,0x74,0x73,0x29,0x27,0xCA,0x0D,0x6D,0xEA,0x36, - 0xB9,0x3B,0x54,0xF6,0x34,0x68,0x13,0xFA,0xAC,0x3B,0x57,0x55, - 0x76,0x41,0x67,0x48,0xEF,0x3C,0xE1,0xE1,0xAF,0x3C,0x68,0x05, - 0x9C,0x32,0xD9,0x14,0x8F,0xB2,0xEE,0xEE,0xBA,0x9F,0x0D,0x75, - 0xA7,0x33,0x1F,0x3A,0x0E,0xD1,0xA6,0x5A,0x29,0xC7,0x9B,0x5E, - 0x46,0xB1,0xA6,0xA5,0x1E,0x32,0xDB,0xAF,0x23,0x83,0x94,0x12, - 0x4F,0xE4,0xC2,0x8B,0x1B,0x2C,0x01,0x79,0x92,0x21,0xFF,0x01, - 0xED,0x46,0x27,0xF0,0x70,0x2A,0xA1,0xFD,0x5C,0x8F,0x8B,0x0C, - 0xC6,0x8F,0xFF,0x4C,0x99,0xAE,0x19,0xDB,0x58,0x4C,0xC0,0xE8, - 0x70,0xCC,0x7C,0x17,0xE8,0xBD,0x6B,0x19,0x93,0xB9,0x66,0xA9, - 0xD0,0x05,0x21,0x04,0x4C,0x7E,0x87,0x9F,0xF4,0xE9,0x23,0xE1, - 0x29,0x37,0xC5,0xE2,0x0A,0xC5,0xC1,0x92,0xC7,0x69,0xB4,0xFB, - 0x84,0x06,0xCE,0x0E,0xFC,0x65,0x70,0x2F,0xF6,0xB8,0x11,0xF9, - 0x0F,0x60,0x10,0xCA,0x94,0x29,0x44,0x5E,0x4A,0x05,0x46,0xE5, - 0xE6,0xA0,0xBD,0x14,0x45,0xA6,0xA7,0xCA,0x63,0x57,0xC6,0xB0, - 0x47,0xF9,0x71,0x24,0x19,0x75,0xD2,0x64,0x16,0xB1,0xBA,0x08, - 0xE9,0xE9,0xFB,0xF3, - }; - static unsigned char dh2236_g[]={ - 0x02, - }; - DH *dh; - - if ((dh=DH_new()) == NULL) return(NULL); - dh->p=BN_bin2bn(dh2236_p,sizeof(dh2236_p),NULL); - dh->g=BN_bin2bn(dh2236_g,sizeof(dh2236_g),NULL); - if ((dh->p == NULL) || (dh->g == NULL)) - { DH_free(dh); return(NULL); } - return(dh); -} diff --git a/server/include/service.h b/server/include/service.h index 936a73058..085c0c595 100644 --- a/server/include/service.h +++ b/server/include/service.h @@ -125,6 +125,8 @@ enum{ SERVICE_SSL_TLS_MAX }; +#define DEFAULT_SSL_CERT_VERIFY_DEPTH 100 /*< The default certificate verification depth */ + /** * Defines a service within the gateway. * @@ -173,14 +175,14 @@ typedef struct service { char *weightby; struct service *next; /**< The next service in the linked list */ SSL_CTX *ctx; - SSL *ssl; SSL_METHOD *method; /*< SSLv2/3 or TLSv1/2 methods * see: https://www.openssl.org/docs/ssl/SSL_CTX_new.html */ + int ssl_cert_verify_depth; /*< SSL certificate verification depth */ int ssl_method_type; /*< Which of the SSLv2/3 or TLS1.0/1.1/1.2 methods to use */ - char* ssl_cert; - char* ssl_key; - char* ssl_ca_cert; - bool ssl_init_done; + char* ssl_cert; /*< SSL certificate */ + char* ssl_key; /*< SSL private key */ + char* ssl_ca_cert; /*< SSL CA certificate */ + bool ssl_init_done; /*< If SSL has already been initialized for this service */ } SERVICE; @@ -212,6 +214,7 @@ extern void serviceSetFilters(SERVICE *, char *); extern int serviceSetSSL(SERVICE *service, char* action); extern int serviceInitSSL(SERVICE* service); extern int serviceSetSSLVersion(SERVICE *service, char* version); +extern int serviceSetSSLVerifyDepth(SERVICE* service, int depth); extern void serviceSetCertificates(SERVICE *service, char* cert,char* key, char* ca_cert); extern int serviceEnableRootUser(SERVICE *, int ); extern int serviceSetTimeout(SERVICE *, int ); diff --git a/server/modules/protocol/mysql_client.c b/server/modules/protocol/mysql_client.c index 3164f1642..c3e463139 100644 --- a/server/modules/protocol/mysql_client.c +++ b/server/modules/protocol/mysql_client.c @@ -389,15 +389,17 @@ MySQLSendHandshake(DCB* dcb) /** * gw_mysql_do_authentication * - * Performs the MySQL protocol 4.1 authentication, using data in GWBUF *queue + * Performs the MySQL protocol 4.1 authentication, using data in GWBUF **queue. * * (MYSQL_session*)client_data including: user, db, client_sha1 are copied into - * the dcb->data and later to dcb->session->data. - * - * client_capabilitiesa are copied into the dcb->protocol + * the dcb->data and later to dcb->session->data. client_capabilities are copied + * into the dcb->protocol. + * + * If SSL is enabled for the service, the SSL handshake will be done before the + * MySQL authentication. * * @param dcb Descriptor Control Block of the client - * @param queue The GWBUF with data from client + * @param queue Pointer to the location of the GWBUF with data from client * @return 0 If succeed, otherwise non-zero value * * @note in case of failure, dcb->data is freed before returning. If succeed, @@ -507,8 +509,11 @@ static int gw_mysql_do_authentication(DCB *dcb, GWBUF **buf) { } else if(dcb->service->ssl_mode == SSL_ENABLED) { - /** This is a non-SSL connection to a SSL enabled service - * and we need to read the rest of the packet from the socket for the username */ + /** This is a non-SSL connection to a SSL enabled service. + * We have only read enough of the packet to know that the client + * is not requesting SSL and the rest of the auth packet is still + * waiting in the socket. We need to read the data from the socket + * to find out the username of the connecting client. */ int bytes = dcb_read(dcb,&queue); queue = gwbuf_make_contiguous(queue); client_auth_packet = GWBUF_DATA(queue); @@ -626,7 +631,8 @@ gw_MySQLWrite_client(DCB *dcb, GWBUF *queue) /** - * Write function for client DCB: writes data from MaxScale to Client + * Write function for client DCB: writes data from MaxScale to Client using SSL + * encryption. The SSH handshake must have already been done. * * @param dcb The DCB of the client * @param queue Queue of buffers to write @@ -671,6 +677,8 @@ int gw_read_client_event( #endif + /** SSL authentication is still going on, we need to call do_ssl_accept + * until it return 1 for success or -1 for error */ if(protocol->protocol_auth_state == MYSQL_AUTH_SSL_HANDSHAKE_ONGOING || protocol->protocol_auth_state == MYSQL_AUTH_SSL_REQ) { @@ -704,15 +712,21 @@ int gw_read_client_event( if(protocol->use_ssl) { + /** SSL handshake is done, communication is now encrypted with SSL */ rc = dcb_read_SSL(dcb, &read_buffer); } else if(dcb->service->ssl_mode != SSL_DISABLED && protocol->protocol_auth_state == MYSQL_AUTH_SENT) { + /** The service allows both SSL and non-SSL connections. + * read only enough of the auth packet to know if the client is + * requesting SSL. If the client is not requesting SSL the rest of + the auth packet will be read later. */ rc = dcb_read_n(dcb, &read_buffer,(4 + 4 + 4 + 1 + 23)); } else { + /** Normal non-SSL connection */ rc = dcb_read(dcb, &read_buffer); } @@ -869,6 +883,9 @@ int gw_read_client_event( protocol->protocol_auth_state == MYSQL_AUTH_SSL_HANDSHAKE_DONE || protocol->protocol_auth_state == MYSQL_AUTH_SSL_HANDSHAKE_FAILED) { + /** SSL was requested and the handshake is either done or + * still ongoing. After the handshake is done, the client + * will send another auth packet. */ break; } @@ -1249,22 +1266,12 @@ return_1: return 1; } -/////////////////////////////////////////////// -// client write event to Client triggered by EPOLLOUT -////////////////////////////////////////////// -/** - * @node Client's fd became writable, and EPOLLOUT event - * arrived. As a consequence, client input buffer (writeq) is flushed. - * - * Parameters: - * @param dcb - in, use - * client dcb - * +/** + * EPOLLOUT event arrived and as a consequence, client input buffer (writeq) is + * flushed. The data is encrypted and SSL is used. The SSL handshake must have + * been successfully completed prior to this function being called. + * @param client dcb * @return constantly 1 - * - * - * @details (write detailed description here) - * */ int gw_write_client_event_SSL(DCB *dcb) { From 9b0a5f13285902a7ef7cdfd121f8d837ef53cb1f Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Mon, 15 Jun 2015 16:16:48 +0300 Subject: [PATCH 105/119] Added more comments. --- server/core/dcb.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/server/core/dcb.c b/server/core/dcb.c index f600239ca..7f3651953 100644 --- a/server/core/dcb.c +++ b/server/core/dcb.c @@ -1032,9 +1032,10 @@ return_n: /** - * General purpose read routine to read data from a socket in the - * Descriptor Control Block and append it to a linked list of buffers. - * The list may be empty, in which case *head == NULL + * General purpose read routine to read data from a socket through the SSL + * structure lined with this DCB and append it to a linked list of buffers. + * The list may be empty, in which case *head == NULL. The SSL structure should + * be initialized and the SSL handshake should be done. * * @param dcb The DCB to read from * @param head Pointer to linked list to append data to From 2775145f377b9c3c66fb60b366c7561f7d502db6 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Tue, 16 Jun 2015 12:59:48 +0300 Subject: [PATCH 106/119] Fixed spelling errors. --- Documentation/Getting-Started/Configuration-Guide.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Documentation/Getting-Started/Configuration-Guide.md b/Documentation/Getting-Started/Configuration-Guide.md index 113e28c60..0ca3843c4 100644 --- a/Documentation/Getting-Started/Configuration-Guide.md +++ b/Documentation/Getting-Started/Configuration-Guide.md @@ -119,7 +119,7 @@ datadir=/home/user/maxscale_data/ #### `libdir` -Set the directory where MaxScale looks for modules. The library director is the only directory that MaxScale uses when it searches for modules. If you have custom modules for MaxScale, make sure you have them in this folder. +Set the directory where MaxScale looks for modules. The library directory is the only directory that MaxScale uses when it searches for modules. If you have custom modules for MaxScale, make sure you have them in this folder. ``` libdir=/home/user/lib64/ @@ -328,7 +328,7 @@ connection_timeout=300 ### Service and SSL -This section describes configuration parameters for services that control the SSL/TLS encrption method and the various certificate files involved in it. To enable SSL, you must configure the `ssl` parameter with either `enabled` or `required` and provide the three files for `ssl_cert`, `ssl_key` and `ssl_ca_cert`. After this, MySQL connections to this service can be encrypted with SSL. +This section describes configuration parameters for services that control the SSL/TLS encryption method and the various certificate files involved in it. To enable SSL, you must configure the `ssl` parameter with either `enabled` or `required` and provide the three files for `ssl_cert`, `ssl_key` and `ssl_ca_cert`. After this, MySQL connections to this service can be encrypted with SSL. #### `ssl` @@ -381,7 +381,7 @@ ssl_ca_cert=/home/markus/certs/ca.pem ssl_version=TLSv12 ``` -This configuration requires all connections to be encryped with SSL. It also specifies that TLSv1.2 should be used as the encryption method. The paths to the server certificate files and the Certificate Authority file are also provided. +This configuration requires all connections to be encrypted with SSL. It also specifies that TLSv1.2 should be used as the encryption method. The paths to the server certificate files and the Certificate Authority file are also provided. ### Server @@ -1129,7 +1129,7 @@ MariaDB [mysql]> grant REPLICATION CLIENT on *.* to 'maxscalemon'@'maxscalehost' Query OK, 0 rows affected (0.00 sec) ``` -MySQL monitor fetches the `@@server_id` variable and other informations from `SHOW SLAVE STATUS` in order to compute the replication topology tree that may include intermediate master servers, called relay servers. +MySQL monitor fetches the `@@server_id` variable and other information from `SHOW SLAVE STATUS` in order to compute the replication topology tree that may include intermediate master servers, called relay servers. The *Master* server used by router modules is the so called "root master": a server that has the `SERVER_MASTER` status bit set and it's at the lowest level of the replication depth. From 2ea7ff61a21880890e0f92dccc9ec31eaebc2c97 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Tue, 16 Jun 2015 14:07:34 +0300 Subject: [PATCH 107/119] Fixed init.d and systemd scripts. --- etc/maxscale.service.in | 1 + etc/ubuntu/init.d/maxscale.in | 14 +++++++------- server/include/gwdirs.h.in | 4 +++- 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/etc/maxscale.service.in b/etc/maxscale.service.in index 6717f6b25..1d0597c76 100644 --- a/etc/maxscale.service.in +++ b/etc/maxscale.service.in @@ -4,6 +4,7 @@ After=network.target [Service] Type=forking +Restart=on-failure PIDFile=@MAXSCALE_VARDIR@/run/maxscale/maxscale.pid ExecStart=@CMAKE_INSTALL_PREFIX@/@MAXSCALE_BINDIR@/maxscale --user=maxscale diff --git a/etc/ubuntu/init.d/maxscale.in b/etc/ubuntu/init.d/maxscale.in index f23ed144f..a60425890 100755 --- a/etc/ubuntu/init.d/maxscale.in +++ b/etc/ubuntu/init.d/maxscale.in @@ -44,8 +44,8 @@ _RETVAL_STATUS_NOT_RUNNING=3 # stop/start/status related vars ################################# NAME=maxscale -DAEMON=@CMAKE_INSTALL_PREFIX@/@MAXSCALE_BINDIR@/maxscale --user=maxscale - +DAEMON=@CMAKE_INSTALL_PREFIX@/@MAXSCALE_BINDIR@/maxscale +DAEMON_OPTS= --user=maxscale # Source function library. . /lib/lsb/init-functions @@ -57,11 +57,11 @@ RETVAL=0 start() { log_daemon_msg "Starting MaxScale" - start_daemon -p $MAXSCALE_PIDFILE $DAEMON 2> /dev/null > /dev/null + start_daemon -p "$MAXSCALE_PIDFILE" "$DAEMON" "$DAEMON_OPTS" 2> /dev/null > /dev/null sleep 2 - status_of_proc -p $MAXSCALE_PIDFILE $DAEMON $NAME + status_of_proc -p "$MAXSCALE_PIDFILE" "$DAEMON" $NAME log_end_msg $? } @@ -77,13 +77,13 @@ stop() { reload() { log_daemon_msg "Reloading MaxScale" - kill -HUP $(cat $MAXSCALE_PIDFILE) + kill -HUP $(cat "$MAXSCALE_PIDFILE") log_end_msg $? } maxscale_wait_stop() { - PIDTMP=$(pidofproc -p $MAXSCALE_PIDFILE @CMAKE_INSTALL_PREFIX@/@MAXSCALE_BINDIR@/maxscale) + PIDTMP=$(pidofproc -p "$MAXSCALE_PIDFILE" "$DAEMON") kill -TERM "${PIDTMP:-}" 2> /dev/null; if [ -n "${PIDTMP:-}" ] && kill -0 "${PIDTMP:-}" 2> /dev/null; then local i=0 @@ -115,7 +115,7 @@ case "$1" in # return 3 on any error log_daemon_msg "Checking MaxScale" - status_of_proc -p $MAXSCALE_PIDFILE $DAEMON $NAME + status_of_proc -p "$MAXSCALE_PIDFILE" "$DAEMON" $NAME RETVAL=$? if [ $RETVAL -ne 0 ]; then diff --git a/server/include/gwdirs.h.in b/server/include/gwdirs.h.in index fe911c71b..d9c17e152 100644 --- a/server/include/gwdirs.h.in +++ b/server/include/gwdirs.h.in @@ -26,7 +26,9 @@ /** Default file locations, configured by CMake */ static const char* default_cnf_fname = "maxscale.cnf"; static const char* default_configdir = "/etc/"; -static const char* default_piddir = "@MAXSCALE_VARDIR@/run/maxscale/"; +static const char* default_piddir = "@MAXSCALE_VARDIR@/run/maxscale/"; /*< This should be changed to just /run eventually, + * the /var/run folder is an old standard and the newe FSH 3.0 + * uses /run for PID files.*/ static const char* default_logdir = "@MAXSCALE_VARDIR@/log/maxscale/"; static const char* default_datadir = "@MAXSCALE_VARDIR@/lib/maxscale/"; static const char* default_libdir = "@CMAKE_INSTALL_PREFIX@/@MAXSCALE_LIBDIR@"; From 97a06e4006436cfd949ae54e3a6d9eac4b34fd7a Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Tue, 16 Jun 2015 14:24:38 +0300 Subject: [PATCH 108/119] Updated function documentation. --- server/core/service.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/server/core/service.c b/server/core/service.c index 4215ce725..4d2507cd6 100644 --- a/server/core/service.c +++ b/server/core/service.c @@ -1373,7 +1373,14 @@ void *router_obj; } } - +/** + * Refresh the database users for the service + * This function replaces the MySQL users used by the service with the latest + * version found on the backend servers. There is a limit on how often the users + * can be reloaded and if this limit is exceeded, the reload will fail. + * @param service Service to reload + * @return 0 on success and 1 on error + */ int service_refresh_users(SERVICE *service) { int ret = 1; /* check for another running getUsers request */ From 466ee46d8263de83c0d6f512df63a94f37095626 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Tue, 16 Jun 2015 17:10:00 +0300 Subject: [PATCH 109/119] Fix to MXS-125: https://mariadb.atlassian.net/browse/MXS-125 Unified the usages of maxkeys and maxpasswd. --- .../Getting-Started/Configuration-Guide.md | 14 ++++--- server/core/maxkeys.c | 38 ++++++++----------- server/core/maxpasswd.c | 8 ++-- server/core/secrets.c | 31 ++++++++------- server/include/secrets.h | 2 +- 5 files changed, 47 insertions(+), 46 deletions(-) diff --git a/Documentation/Getting-Started/Configuration-Guide.md b/Documentation/Getting-Started/Configuration-Guide.md index 0ca3843c4..afda397fe 100644 --- a/Documentation/Getting-Started/Configuration-Guide.md +++ b/Documentation/Getting-Started/Configuration-Guide.md @@ -1393,20 +1393,24 @@ In addition parameters may be added to define patterns to match against to eithe ## Encrypting Passwords -Passwords stored in the maxscale.cnf file may optionally be encrypted for added security. This is done by creation of an encryption key on installation of MaxScale. Encryption keys may be created manually by executing the maxkeys utility with the argument of the filename to store the key. The default location MaxScale stores the keys is `/var/cache/maxscale`. +Passwords stored in the maxscale.cnf file may optionally be encrypted for added security. This is done by creation of an encryption key on installation of MaxScale. Encryption keys may be created manually by executing the maxkeys utility with the argument of the filename to store the key. The default location MaxScale stores the keys is `/var/lib/maxscale`. ``` -maxkeys /var/cache/maxscale/.secrets + # Usage: maxkeys [PATH] +maxkeys /var/lib/maxscale/ ``` Changing the encryption key for MaxScale will invalidate any currently encrypted keys stored in the maxscale.cnf file. ### Creating Encrypted Passwords -Encrypted passwords are created by executing the maxpasswd command with the password you require to encrypt as an argument. +Encrypted passwords are created by executing the maxpasswd command with the location of the .secrets file and the password you require to encrypt as an argument. - maxpasswd MaxScalePw001 - 61DD955512C39A4A8BC4BB1E5F116705 +``` +# Usage: maxpasswd PATH PASSWORD +maxpasswd /var/lib/maxscale/ MaxScalePw001 +61DD955512C39A4A8BC4BB1E5F116705 +``` The output of the maxpasswd command is a hexadecimal string, this should be inserted into the maxscale.cnf file in place of the ordinary, plain text, password. MaxScale will determine this as an encrypted password and automatically decrypt it before sending it the database server. diff --git a/server/core/maxkeys.c b/server/core/maxkeys.c index 557920dbe..27b5c8382 100644 --- a/server/core/maxkeys.c +++ b/server/core/maxkeys.c @@ -32,19 +32,24 @@ #include #include #include + int main(int argc, char **argv) { - int arg_count = 6; + int arg_count = 4; char *home; + char *keyfile; char** arg_vector; int rval = 0; - if (argc != 2) + if (argc < 2) { - fprintf(stderr, "Usage: %s \n", argv[0]); - return 1; + keyfile = "/var/lib/maxscale/"; + fprintf(stderr, "Generating .secrets file in /var/lib/maxscale/ ...\n"); + } + else + { + keyfile = argv[1]; } - arg_vector = malloc(sizeof(char*)*(arg_count + 1)); if(arg_vector == NULL) @@ -53,27 +58,16 @@ int main(int argc, char **argv) return 1; } - if(access("/var/log/maxscale/maxkeys/",F_OK) != 0) - { - if(mkdir("/var/log/maxscale/maxkeys/",0777) == -1) - { - if(errno != EEXIST) - { - fprintf(stderr,"Error: %d - %s",errno,strerror(errno)); - return 1; - } - } - } - arg_vector[0] = strdup("logmanager"); - arg_vector[1] = strdup("-j"); - arg_vector[2] = strdup("/var/log/maxscale/maxkeys"); - arg_vector[3] = NULL; + arg_vector[0] = "logmanager"; + arg_vector[1] = "-j"; + arg_vector[2] = "/var/log/maxscale/maxkeys"; + arg_vector[3] = "-o"; + arg_vector[4] = NULL; skygw_logmanager_init(arg_count,arg_vector); - free(arg_vector[2]); free(arg_vector); - if (secrets_writeKeys(argv[1])) + if (secrets_writeKeys(keyfile)) { fprintf(stderr, "Failed to encode the password\n"); rval = 1; diff --git a/server/core/maxpasswd.c b/server/core/maxpasswd.c index 5c761f378..0a3d5ddea 100644 --- a/server/core/maxpasswd.c +++ b/server/core/maxpasswd.c @@ -46,9 +46,9 @@ main(int argc, char **argv) char** arg_vector; int rval = 0; - if (argc != 2) + if (argc != 3) { - fprintf(stderr, "Usage: %s \n", argv[0]); + fprintf(stderr, "Usage: %s \n", argv[0]); return 1; } @@ -79,9 +79,9 @@ main(int argc, char **argv) return 1; } - strncpy(pw,argv[1],80); + strncpy(pw,argv[2],80); - if ((enc = encryptPassword(pw)) != NULL){ + if ((enc = encryptPassword(argv[1],pw)) != NULL){ printf("%s\n", enc); }else{ fprintf(stderr, "Failed to encode the password\n"); diff --git a/server/core/secrets.c b/server/core/secrets.c index 2ec3e75a9..97cb49806 100644 --- a/server/core/secrets.c +++ b/server/core/secrets.c @@ -53,15 +53,14 @@ int i; } /** - * secrets_readKeys - * - * This routine reads data from a binary file and extracts the AES encryption key - * and the AES Init Vector - * + * This routine reads data from a binary file named ".secrets" and extracts the AES encryption key + * and the AES Init Vector. + * If the path parameter is not null the custom path is interpreted as a folder + * containing the .secrets file. Otherwise the default location is used. * @return The keys structure or NULL on error */ static MAXKEYS * -secrets_readKeys() +secrets_readKeys(char* path) { char secret_file[PATH_MAX+1]; char *home; @@ -70,9 +69,10 @@ struct stat secret_stats; int fd; int len; static int reported = 0; - - snprintf(secret_file, PATH_MAX, "%s/.secrets", get_datadir()); - + if(path != NULL) + snprintf(secret_file, PATH_MAX, "%s/.secrets", path); + else + snprintf(secret_file, PATH_MAX, "%s/.secrets", get_datadir()); /* Try to access secrets file */ if (access(secret_file, R_OK) == -1) { @@ -221,11 +221,14 @@ static int reported = 0; * @param secret_file The file with secret keys * @return 0 on success and 1 on failure */ -int secrets_writeKeys(char *secret_file) +int secrets_writeKeys(char *path) { int fd,randfd; unsigned int randval; MAXKEYS key; +char secret_file[PATH_MAX + 10]; + + sprintf(secret_file,"%s/.secrets",path); /* Open for writing | Create | Truncate the file for writing */ if ((fd = open(secret_file, O_CREAT | O_WRONLY | O_TRUNC, S_IRUSR)) < 0) @@ -328,7 +331,7 @@ char *ptr; unsigned char encrypted[80]; int enlen; - keys = secrets_readKeys(); + keys = secrets_readKeys(NULL); if (!keys) return strdup(crypt); /* @@ -365,12 +368,12 @@ int enlen; * Encrypt a password that can be stored in the MaxScale configuration file. * * Note the return is always a malloc'd string that the caller must free - * + * @param path Path the the .secrets file * @param password The password to encrypt * @return The encrypted password */ char * -encryptPassword(char *password) +encryptPassword(char* path, char *password) { MAXKEYS *keys; AES_KEY aeskey; @@ -379,7 +382,7 @@ char *hex_output; unsigned char padded_passwd[80]; unsigned char encrypted[80]; - if ((keys = secrets_readKeys()) == NULL) + if ((keys = secrets_readKeys(path)) == NULL) return NULL; memset(padded_passwd, 0, 80); diff --git a/server/include/secrets.h b/server/include/secrets.h index 505e79154..cb2912827 100644 --- a/server/include/secrets.h +++ b/server/include/secrets.h @@ -53,5 +53,5 @@ typedef struct maxkeys { extern int secrets_writeKeys(char *filename); extern char *decryptPassword(char *); -extern char *encryptPassword(char *); +extern char *encryptPassword(char*,char *); #endif From 2d63aa2842b0da54a8cb988963e7f461227314b3 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Tue, 16 Jun 2015 22:36:53 +0300 Subject: [PATCH 110/119] Fixed typo and added an example script. --- Documentation/monitors/Galera-Monitor.md | 2 +- Documentation/monitors/MM-Monitor.md | 2 +- Documentation/monitors/MySQL-Monitor.md | 30 ++++++++++++++++++- Documentation/monitors/NDB-Cluster-Monitor.md | 2 +- 4 files changed, 32 insertions(+), 4 deletions(-) diff --git a/Documentation/monitors/Galera-Monitor.md b/Documentation/monitors/Galera-Monitor.md index ffe54fb83..6a66fdcfc 100644 --- a/Documentation/monitors/Galera-Monitor.md +++ b/Documentation/monitors/Galera-Monitor.md @@ -108,7 +108,7 @@ master_down|A Master server has gone down master_up|A Master server has come up slave_down|A Slave server has gone down slave_up|A Slave server has come up -server_down|A server with no assigned role has done down +server_down|A server with no assigned role has gone down server_up|A server with no assigned role has come up synced_down|A synced Galera node has come up synced_up|A synced Galera node has gone down diff --git a/Documentation/monitors/MM-Monitor.md b/Documentation/monitors/MM-Monitor.md index 00375d4bf..ad9ee2c07 100644 --- a/Documentation/monitors/MM-Monitor.md +++ b/Documentation/monitors/MM-Monitor.md @@ -99,7 +99,7 @@ master_down|A Master server has gone down master_up|A Master server has come up slave_down|A Slave server has gone down slave_up|A Slave server has come up -server_down|A server with no assigned role has done down +server_down|A server with no assigned role has gone down server_up|A server with no assigned role has come up lost_master|A server lost Master status lost_slave|A server lost Slave status diff --git a/Documentation/monitors/MySQL-Monitor.md b/Documentation/monitors/MySQL-Monitor.md index ab643109e..1bfc06109 100644 --- a/Documentation/monitors/MySQL-Monitor.md +++ b/Documentation/monitors/MySQL-Monitor.md @@ -108,10 +108,38 @@ master_down|A Master server has gone down master_up|A Master server has come up slave_down|A Slave server has gone down slave_up|A Slave server has come up -server_down|A server with no assigned role has done down +server_down|A server with no assigned role has gone down server_up|A server with no assigned role has come up lost_master|A server lost Master status lost_slave|A server lost Slave status new_master|A new Master was detected new_slave|A new Slave was detected + +## Example 1 - Monitor script + +Here is an example shell script which sends an email to an admin when a server goes down. + +``` +#!/usr/bin/env bash + +#This script assumes that the local mail server is configured properly + +message="A server has gone down at `date`." +echo $message|mail -s "A server has gone down" admin@my.org + +``` + +Here is a monitor configuration that only triggers the script when a master or a slave server goes down. + +``` +[Database Monitor] +type=monitor +module=mysqlmon +servers=server1,server2 +script=mail_to_admin.sh +events=master_down,slave_down +``` + +When a master or a slave server goes down, the script is executed, a mail is sent and the administrator will be immediately notified of any possible problems. +This is just a simple example showing what you can do with MaxScale and monitor scripts. diff --git a/Documentation/monitors/NDB-Cluster-Monitor.md b/Documentation/monitors/NDB-Cluster-Monitor.md index a9f453678..9468ec323 100644 --- a/Documentation/monitors/NDB-Cluster-Monitor.md +++ b/Documentation/monitors/NDB-Cluster-Monitor.md @@ -89,7 +89,7 @@ master_down|A Master server has gone down master_up|A Master server has come up slave_down|A Slave server has gone down slave_up|A Slave server has come up -server_down|A server with no assigned role has done down +server_down|A server with no assigned role has gone down server_up|A server with no assigned role has come up ndb_down|A MySQL Cluster node has gone down ndb_up|A MySQL Cluster node has come up From f0aed1f66628c12fd3de1d1c6c759eac6ffb4a5d Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Wed, 17 Jun 2015 10:05:56 +0300 Subject: [PATCH 111/119] Fixed possible null pointer dereferences in mysql_backend. --- server/modules/protocol/mysql_backend.c | 46 +++++++++++++------------ 1 file changed, 24 insertions(+), 22 deletions(-) diff --git a/server/modules/protocol/mysql_backend.c b/server/modules/protocol/mysql_backend.c index d000474ab..477ca4cf0 100644 --- a/server/modules/protocol/mysql_backend.c +++ b/server/modules/protocol/mysql_backend.c @@ -1159,30 +1159,32 @@ gw_backend_close(DCB *dcb) * but client's close and adding client's DCB to zombies list is executed * only if client's DCB's state does _not_ change in parallel. */ - spinlock_acquire(&session->ses_lock); - /** - * If session->state is STOPPING, start closing client session. - * Otherwise only this backend connection is closed. - */ - if (session != NULL && - session->state == SESSION_STATE_STOPPING && - session->client != NULL) - { - if (session->client->state == DCB_STATE_POLLING) - { - spinlock_release(&session->ses_lock); - - /** Close client DCB */ - dcb_close(session->client); - } - else - { - spinlock_release(&session->ses_lock); - } - } - else + if(session != NULL) { + spinlock_acquire(&session->ses_lock); + /** + * If session->state is STOPPING, start closing client session. + * Otherwise only this backend connection is closed. + */ + if (session->state == SESSION_STATE_STOPPING && + session->client != NULL) + { + if (session->client->state == DCB_STATE_POLLING) + { + spinlock_release(&session->ses_lock); + + /** Close client DCB */ + dcb_close(session->client); + } + else + { + spinlock_release(&session->ses_lock); + } + } + else + { spinlock_release(&session->ses_lock); + } } return 1; } From 425dd8cb3b7c93b698a3395022638f299a6a4861 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Wed, 17 Jun 2015 10:20:00 +0300 Subject: [PATCH 112/119] Removed SSLv2 methods from serviceInitSSL because OpenSSL 1.1.0 does not support them. --- Documentation/Getting-Started/Configuration-Guide.md | 1 - Documentation/Reference/MaxScale-and-SSL.md | 2 +- server/core/service.c | 7 +------ server/include/service.h | 5 ++--- 4 files changed, 4 insertions(+), 11 deletions(-) diff --git a/Documentation/Getting-Started/Configuration-Guide.md b/Documentation/Getting-Started/Configuration-Guide.md index afda397fe..c2f815d09 100644 --- a/Documentation/Getting-Started/Configuration-Guide.md +++ b/Documentation/Getting-Started/Configuration-Guide.md @@ -349,7 +349,6 @@ This is the Certificate Authority file. It will be used to verify that both the ### `ssl_version` This parameter controls the level of encryption used. Accepted values are: - * SSLv2 * SSLv3 * TLSv10 * TLSv11 diff --git a/Documentation/Reference/MaxScale-and-SSL.md b/Documentation/Reference/MaxScale-and-SSL.md index d03a5af52..f293085c1 100644 --- a/Documentation/Reference/MaxScale-and-SSL.md +++ b/Documentation/Reference/MaxScale-and-SSL.md @@ -11,5 +11,5 @@ ssl | disabled, enabled, required |`disable` disables SSL, `enabled` ena ssl_cert | path to file |Path to server certificate ssl_key | path to file |Path to server private key ssl_ca_cert | path to file |Path to Certificate Authority file -ssl_version|SSLV2,SSLV3,TLSV10,TLSV11,TLSV12,MAX| The SSL method level, defaults to highest available encryption level which is TLSv1.2 +ssl_version|SSLV3,TLSV10,TLSV11,TLSV12,MAX| The SSL method level, defaults to highest available encryption level which is TLSv1.2 ssl_cert_verify_depth|integer|Certificate authority certificate verification depth, default is 100. diff --git a/server/core/service.c b/server/core/service.c index 4d2507cd6..b0959e6c3 100644 --- a/server/core/service.c +++ b/server/core/service.c @@ -909,9 +909,7 @@ serviceSetCertificates(SERVICE *service, char* cert,char* key, char* ca_cert) int serviceSetSSLVersion(SERVICE *service, char* version) { - if(strcasecmp(version,"SSLV2") == 0) - service->ssl_method_type = SERVICE_SSLV2; - else if(strcasecmp(version,"SSLV3") == 0) + if(strcasecmp(version,"SSLV3") == 0) service->ssl_method_type = SERVICE_SSLV3; else if(strcasecmp(version,"TLSV10") == 0) service->ssl_method_type = SERVICE_TLS10; @@ -1952,9 +1950,6 @@ int serviceInitSSL(SERVICE* service) { switch(service->ssl_method_type) { - case SERVICE_SSLV2: - service->method = (SSL_METHOD*)SSLv2_server_method(); - break; case SERVICE_SSLV3: service->method = (SSL_METHOD*)SSLv3_server_method(); break; diff --git a/server/include/service.h b/server/include/service.h index 085c0c595..3337ebfc0 100644 --- a/server/include/service.h +++ b/server/include/service.h @@ -115,7 +115,6 @@ typedef enum { } ssl_mode_t; enum{ - SERVICE_SSLV2, SERVICE_SSLV3, SERVICE_TLS10, SERVICE_TLS11, @@ -175,10 +174,10 @@ typedef struct service { char *weightby; struct service *next; /**< The next service in the linked list */ SSL_CTX *ctx; - SSL_METHOD *method; /*< SSLv2/3 or TLSv1/2 methods + SSL_METHOD *method; /*< SSLv3 or TLS1.0/1.1/1.2 methods * see: https://www.openssl.org/docs/ssl/SSL_CTX_new.html */ int ssl_cert_verify_depth; /*< SSL certificate verification depth */ - int ssl_method_type; /*< Which of the SSLv2/3 or TLS1.0/1.1/1.2 methods to use */ + int ssl_method_type; /*< Which of the SSLv3 or TLS1.0/1.1/1.2 methods to use */ char* ssl_cert; /*< SSL certificate */ char* ssl_key; /*< SSL private key */ char* ssl_ca_cert; /*< SSL CA certificate */ From acd649cdc4b7909cf8f144819f175215eb70d8e1 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Wed, 17 Jun 2015 18:18:40 +0300 Subject: [PATCH 113/119] Reverted back to older OpenSSL functions for compatibility support. --- server/core/gateway.c | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/server/core/gateway.c b/server/core/gateway.c index 21c4472c0..f206ca30e 100644 --- a/server/core/gateway.c +++ b/server/core/gateway.c @@ -263,15 +263,6 @@ static void ssl_free_dynlock(struct CRYPTO_dynlock_value * n,const char* file, i free(n); } -/** - * The thread ID callback function for OpenSSL dynamic locks. - * @param id Id to modify - */ -static void maxscale_ssl_id(CRYPTO_THREADID* id) -{ - CRYPTO_THREADID_set_numeric(id,pthread_self()); -} - /** * Handler for SIGHUP signal. Reload the configuration for the * gateway. @@ -1468,7 +1459,7 @@ int main(int argc, char **argv) CRYPTO_set_dynlock_create_callback(ssl_create_dynlock); CRYPTO_set_dynlock_destroy_callback(ssl_free_dynlock); CRYPTO_set_dynlock_lock_callback(ssl_lock_dynlock); - CRYPTO_THREADID_set_callback(maxscale_ssl_id); + CRYPTO_set_id_callback(pthread_self); /* register exit function for embedded MySQL library */ l = atexit(libmysqld_done); From fd42395d009208bc24ca51372a838c9e1174fbd1 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Thu, 18 Jun 2015 08:09:59 +0300 Subject: [PATCH 114/119] Removed mandb call from postinstall script and added cmake messages about systemd service file installation. --- CMakeLists.txt | 4 ++++ etc/postinst.in | 16 ++++++++++++---- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index a21e9c745..f77fc79d7 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -173,6 +173,7 @@ if(WITH_SCRIPTS) if(PACKAGE) message(STATUS "maxscale.conf will unpack to: /etc/ld.so.conf.d") message(STATUS "startup scripts will unpack to to: /etc/init.d") + message(STATUS "systemd service files will unpack to to: /usr/lib/systemd/system") install(FILES ${CMAKE_BINARY_DIR}/maxscale DESTINATION ${MAXSCALE_SHAREDIR} PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) install(FILES ${CMAKE_BINARY_DIR}/maxscale.conf DESTINATION ${MAXSCALE_SHAREDIR} @@ -184,8 +185,11 @@ if(WITH_SCRIPTS) PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) install(FILES ${CMAKE_BINARY_DIR}/maxscale.conf DESTINATION /etc/ld.so.conf.d PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + install(FILES ${CMAKE_BINARY_DIR}/maxscale.service DESTINATION /usr/lib/systemd/system + PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) message(STATUS "Installing maxscale.conf to: /etc/ld.so.conf.d") message(STATUS "Installing startup scripts to: /etc/init.d") + message(STATUS "Installing systemd service files to: /usr/lib/systemd/system") endif() endif() diff --git a/etc/postinst.in b/etc/postinst.in index e1d3dc8ad..30e45f806 100755 --- a/etc/postinst.in +++ b/etc/postinst.in @@ -31,14 +31,22 @@ chmod 0755 @MAXSCALE_VARDIR@/cache/maxscale chmod 0755 @MAXSCALE_VARDIR@/run/maxscale # Copy init.d script and ldconfig file -cp @CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHAREDIR@/maxscale /etc/init.d/ -cp @CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHAREDIR@/maxscale.conf /etc/ld.so.conf.d/ -if [ -d "/usr/lib/systemd/system" ] +if [ -f "@CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHAREDIR@/maxscale" ] +then + cp @CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHAREDIR@/maxscale /etc/init.d/ +fi + +if [ -f "@CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHAREDIR@/maxscale.conf" ] +then + cp @CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHAREDIR@/maxscale.conf /etc/init.d/ +fi + +if [ -d "/usr/lib/systemd/system" -a -f @CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHAREDIR@/maxscale.service ] then cp @CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHAREDIR@/maxscale.service /usr/lib/systemd/system fi /sbin/ldconfig -mandb + cat <& 2 ********** Notice: MaxScale 1.2 Changes ************** From 09ffeff17e46cc4bd2e75e68bdf3cbb7448ab419 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Thu, 18 Jun 2015 13:25:30 +0300 Subject: [PATCH 115/119] Updated lsyncd document. --- .../Reference/MaxScale-HA-with-lsyncd.md | 57 ++++++++++++++++++- 1 file changed, 54 insertions(+), 3 deletions(-) diff --git a/Documentation/Reference/MaxScale-HA-with-lsyncd.md b/Documentation/Reference/MaxScale-HA-with-lsyncd.md index 18ef233db..d81d26790 100644 --- a/Documentation/Reference/MaxScale-HA-with-lsyncd.md +++ b/Documentation/Reference/MaxScale-HA-with-lsyncd.md @@ -1,9 +1,55 @@ # MaxScale HA with Lsyncd -This document guides you in setting up multiple MaxScale instances and synchronizing the configuration files with Lsyncd. Lsyncd is a rsync wrapper which can synchronize files across the network. The lsyncd daemon uses a configuration file to control the files to synchronize and the remote targets where these files are synchronized to. +This document guides you in setting up multiple MaxScale instances and synchronizing the configuration files with Lsyncd. Lsyncd is a rsync wrapper which can synchronize files across the network. The lsyncd daemon uses a configuration file to control the files to synchronize and the remote targets where these files are synchronized to. This guide was writted for lsyncd 2.1.5. Copying the configuration file and running the lsyncd daemon on all the hosts keeps all the configuration files in sync. Modifications in the configuration file on one of the hosts will be copied on the other hosts. This allows adinistrators to easily provide a highly available, disaster resistant MaxScale installation with up-to-date configuration files on all the hosts. +You will need to have SSH access to the remote servers for. + +## Creating SSH keys + +For lsyncd to work, we will need to either use an existing set of SSH keys or to create a new set of keys. If you already have a SSH key generated, you can skip this next step and go to the Copying Keys part. + +### Generating keys + +To generate a new set of SSH keys, we will use `ssh-keygen`. + +``` +[root@localhost ~]# ssh-keygen +Generating public/private rsa key pair. +Enter file in which to save the key (/root/.ssh/id_rsa): +Enter passphrase (empty for no passphrase): +Enter same passphrase again: +Your identification has been saved in /root/.ssh/id_rsa. +Your public key has been saved in /root/.ssh/id_rsa.pub. +The key fingerprint is: +f4:99:0a:cc:d4:ac:ea:ed:ff:0d:bb:e5:87:3e:38:df root@localhost.localdomain +The key's randomart image is: ++--[ RSA 2048]----+ +| | +| o | +| . + | +| + o . o | +| = S + | +| . . . | +| . . .... | +| . . o*o.. | +| ..o...+==oE | ++-----------------+ + +``` + +The keys will be generated in the .ssh folder and will automatically be used by ssh. + +### Copying keys + +To copy the SSH keys to the remote host we will use `ssh-copy-id`. + +Use the username and host of the remote server you wish to synchronize MaxScale's configuration files to. For example, if the server's address is 192.168.122.100 and the user we use for synchronization us `user` we can use the following command. + +``` +ssh-copy-id user@192.168.122.100 +``` ## Installing Lsyncd @@ -21,8 +67,6 @@ Installing with Apt: apt-get install lsyncd ``` -Lsyncd needs no further configuration after installation. All necessary options are configured in the configuration file passed to the lsyncd daemon. - ## Creating the Lsyncd configuration file Lsyncd uses a configuration file to determine where to read files from and where to synchronize them if changes in them occur. Lsyncd is written in Lua and the configuration file is also valid Lua code. @@ -44,6 +88,7 @@ default.rsyncssh, source="/etc", -- This is the user and host where the maxscale.cnf is copied to. +-- Change this to the user and destination host where you want maxscale.cnf to be synchronized to. host="user@127.0.0.1", -- This is where the maxscale.cnf is copied to on the remote host. @@ -108,6 +153,12 @@ rsync={ Starting lsyncd can be done from the command line or through a init script. To start syncd from the command like, execute the `lsyncd` command and pass the configuration file as the only parameter. +By default lsyncd will search for the configuration file in `/etc/lsyncd.conf`. By placing the configuration file we created in the `/etc` folder, we can start lsyncd with the following command. + +``` +service lsyncd start +``` + Here is an example which start lsyncd and reads the configuration options from the `lsyncd.cnf` file. ``` From e6b16121eb5f253fc93c163b4015713625e498d9 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Thu, 18 Jun 2015 13:49:12 +0300 Subject: [PATCH 116/119] Added instructions for SSH key generation. --- .../Reference/MaxScale-HA-with-lsyncd.md | 26 +++++++++++++++---- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/Documentation/Reference/MaxScale-HA-with-lsyncd.md b/Documentation/Reference/MaxScale-HA-with-lsyncd.md index d81d26790..c9e6ac332 100644 --- a/Documentation/Reference/MaxScale-HA-with-lsyncd.md +++ b/Documentation/Reference/MaxScale-HA-with-lsyncd.md @@ -1,14 +1,26 @@ # MaxScale HA with Lsyncd -This document guides you in setting up multiple MaxScale instances and synchronizing the configuration files with Lsyncd. Lsyncd is a rsync wrapper which can synchronize files across the network. The lsyncd daemon uses a configuration file to control the files to synchronize and the remote targets where these files are synchronized to. This guide was writted for lsyncd 2.1.5. +***This guide was written for lsyncd 2.1.5.*** + +This document guides you in setting up multiple MaxScale instances and synchronizing the configuration files with lsyncd. Lsyncd is a rsync wrapper which can synchronize files across the network. The lsyncd daemon uses a configuration file to control the files to synchronize and the remote targets where these files are synchronized to. Copying the configuration file and running the lsyncd daemon on all the hosts keeps all the configuration files in sync. Modifications in the configuration file on one of the hosts will be copied on the other hosts. This allows adinistrators to easily provide a highly available, disaster resistant MaxScale installation with up-to-date configuration files on all the hosts. -You will need to have SSH access to the remote servers for. +### Requirements +You will need: + +* Access to the remote hosts. +* MaxScale installed on all systems +* Configured maxscale.cnf file in /etc +* SSH daemon and clients installed on all hosts + +The installation and configuration of MaxScale is covered in other documents. ## Creating SSH keys -For lsyncd to work, we will need to either use an existing set of SSH keys or to create a new set of keys. If you already have a SSH key generated, you can skip this next step and go to the Copying Keys part. +For lsyncd to work, we will need to either use an existing set of SSH keys or to create a new set of keys. The creation and copying of keys needs to be repeated on all of the hosts. + +If you already have a SSH key generated, you can skip this next step and go to the Copying Keys part. ### Generating keys @@ -51,7 +63,11 @@ Use the username and host of the remote server you wish to synchronize MaxScale' ssh-copy-id user@192.168.122.100 ``` -## Installing Lsyncd +Repeat the last command with the usernames and addresses of all the remote hosts you want to synchronize the configuration files to. + +## Installing lsyncd + +You will need to install lsyncd on all of the hosts for changes in the configuration file on one of the nodes to be synchronized to the other nodes. You can install lsyncd with either a package manager or by building from source code. This guide demonstrates installation using a package manager and those looking to build lsyncd from source should refer to its documentation: https://github.com/axkibe/lsyncd/wiki/Manual-to-Lsyncd-2.1.x @@ -89,7 +105,7 @@ source="/etc", -- This is the user and host where the maxscale.cnf is copied to. -- Change this to the user and destination host where you want maxscale.cnf to be synchronized to. -host="user@127.0.0.1", +host="user@192.168.122.100", -- This is where the maxscale.cnf is copied to on the remote host. targetdir="/etc", From f6369a1661a3ec785db2fd96c7b54881366deaad Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Thu, 18 Jun 2015 18:03:55 +0300 Subject: [PATCH 117/119] Changed from server unique name to ip:port in monitor script initiaion. --- server/modules/monitor/monitor_common.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/server/modules/monitor/monitor_common.c b/server/modules/monitor/monitor_common.c index f4566c35a..19980c5dd 100644 --- a/server/modules/monitor/monitor_common.c +++ b/server/modules/monitor/monitor_common.c @@ -230,7 +230,7 @@ void mon_append_node_names(MONITOR_SERVERS* start,char* str, int len) MONITOR_SERVERS* ptr = start; bool first = true; int slen = strlen(str); - + char arr[256]; while(ptr && slen < len) { if(!first) @@ -238,7 +238,8 @@ void mon_append_node_names(MONITOR_SERVERS* start,char* str, int len) strncat(str,",",len); } first = false; - strncat(str,ptr->server->unique_name,len); + sprintf(arr,"%s:%d",ptr->server->name,ptr->server->port); + strcat(str,arr); ptr = ptr->next; slen = strlen(str); } @@ -299,10 +300,11 @@ void monitor_launch_script(MONITOR* mon,MONITOR_SERVERS* ptr, char* script) EXTERNCMD* cmd; snprintf(argstr,PATH_MAX + MON_ARG_MAX, - "%s --event=%s --initiator=%s --nodelist=", + "%s --event=%s --initiator=%s:%d --nodelist=", script, mon_get_event_name(ptr), - ptr->server->unique_name); + ptr->server->name, + ptr->server->port); mon_append_node_names(mon->databases,argstr,PATH_MAX + MON_ARG_MAX + 1); if((cmd = externcmd_allocate(argstr)) == NULL) From 0cc2c13d7e124ee10deb837fe7d7e4a73c8c1928 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Thu, 18 Jun 2015 18:13:50 +0300 Subject: [PATCH 118/119] Updated documentation. --- Documentation/monitors/MySQL-Monitor.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Documentation/monitors/MySQL-Monitor.md b/Documentation/monitors/MySQL-Monitor.md index 1bfc06109..7228c1b10 100644 --- a/Documentation/monitors/MySQL-Monitor.md +++ b/Documentation/monitors/MySQL-Monitor.md @@ -124,9 +124,11 @@ Here is an example shell script which sends an email to an admin when a server g #!/usr/bin/env bash #This script assumes that the local mail server is configured properly - +#The second argument is the event type +event=${$2/.*=/} +server=${$3/.*=/} message="A server has gone down at `date`." -echo $message|mail -s "A server has gone down" admin@my.org +echo $message|mail -s "The event was $event for server $server." admin@my.org ``` From 79c20bfae82a2d0347b808c98ef42ec1f5d878d5 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Fri, 19 Jun 2015 04:45:02 +0300 Subject: [PATCH 119/119] Fixed trace and debug logs not being created in shared memory. --- log_manager/log_manager.cc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/log_manager/log_manager.cc b/log_manager/log_manager.cc index ba16db52f..b31ae6112 100644 --- a/log_manager/log_manager.cc +++ b/log_manager/log_manager.cc @@ -1761,7 +1761,6 @@ static bool fnames_conf_init( case 's': /** record list of log file ids for later use */ - if(do_syslog) shmem_id_str = optarg; break; case 'h': @@ -1793,12 +1792,14 @@ static bool fnames_conf_init( strdup(get_logpath_default()) : fn->fn_logpath; /** Set identity string for syslog if it is not set in config.*/ + if(do_syslog) + { syslog_ident_str = (syslog_ident_str == NULL ? (argv == NULL ? strdup(program_invocation_short_name) : strdup(*argv)) : syslog_ident_str); - + } /* ss_dfprintf(stderr, "\n\n\tCommand line : "); for (i=0; i