diff --git a/Documentation/filters/Firewall-Filter.md b/Documentation/filters/Firewall-Filter.md index 9d99b359a..73399521f 100644 --- a/Documentation/filters/Firewall-Filter.md +++ b/Documentation/filters/Firewall-Filter.md @@ -7,11 +7,12 @@ The firewall filter is used to block queries that match a set of rules. It can b The firewall filter only requires a minimal set of configurations in the MaxScale.cnf file. The actual rules of the firewall filter are located in a separate text file. The following is an example of a firewall filter configuration in the MaxScale.cnf file. - - [Firewall] - type=filter - module=fwfilter - rules=/home/user/rules.txt +``` +[Firewall] +type=filter +module=fwfilter +rules=/home/user/rules.txt +``` ### Filter Options @@ -25,9 +26,11 @@ The firewall filter has one mandatory parameter that defines the location of the The rules are defined by using the following syntax. -` rule NAME deny [wildcard | columns VALUE ... | - regex REGEX | limit_queries COUNT TIMEPERIOD HOLDOFF | - no_where_clause] [at_times VALUE...] [on_queries [select|update|insert|delete]]` +``` +rule NAME deny [wildcard | columns VALUE ... | + regex REGEX | limit_queries COUNT TIMEPERIOD HOLDOFF | + no_where_clause] [at_times VALUE...] [on_queries [select|update|insert|delete]]` +``` Rules always define a blocking action so the basic mode for the firewall filter is to allow all queries that do not match a given set of rules. Rules are identified by their name and have a mandatory part and optional parts. @@ -81,30 +84,38 @@ After this either the keyword `any` `all` or `strict_all` is expected. This defi After the matching part comes the rules keyword after which a list of rule names is expected. This allows reusing of the rules and enables varying levels of query restriction. -## Examples +## Use Cases -### Example rule file +### Use Case 1 - Prevent rapid execution of specific queries -The following is an example of a rule file which defines six rules and applies them to three sets of users. This rule file is used in all of the examples. +To prevent the excessive use of a database we want to set a limit on the rate of queries. We only want to apply this limit to certain queries that cause unwanted behavior. To achieve this we can use a regular expression. - rule block_wildcard deny wildcard at_times 8:00:00-17:00:00 - rule no_personal_info deny columns phone salary address on_queries select|delete at_times 12:00:00-18:00:00 - rule simple_regex deny regex '.*insert.*into.*select.*' - rule dos_block deny limit_queries 10000 1.0 500.0 at_times 12:00:00-18:00:00 - rule safe_delete deny no_where_clause on_queries delete - rule managers_table deny regex '.*from.*managers.*' - users John@% Jane@% match any rules no_personal_info block_wildcard - users %@80.120.% match any rules block_wildcard dos_block - users %@% match all rules safe_delete managers_table +First we define the limit on the rate of queries. The first parameter for the rule sets the number of allowed queries to 10 queries and the second parameter sets the rate of sampling to 5 seconds. If a user executes queries faster than this, any further queries that match the regular expression are blocked for 60 seconds. -### Example 1 - Deny access to personal information and prevent huge queries during peak hours +``` +rule limit_rate_of_queries deny limit_queries 10 5 60 +rule query_regex deny regex '.*select.*from.*user_data.*' +``` -Assume that a database cluster with tables that have a large number of columns is under heavy load during certain times of the day. Now also assume that large selects and querying of personal information creates unwanted stress on the cluster. Now we wouldn't want to completely prevent all the users from accessing personal information or performing large select queries, we only want to block the users John and Jane. +To apply these rules we combine them into a single rule by adding a `users` line to the rule file. -This can be achieved by creating two rules. One that blocks the usage of the wildcard and one that prevents queries that target a set of columns. To apply these rules to the users we define a users line into the rule file with both the rules and all the users we want to apply the rules to. The rules are defined in the example rule file on line 1 and 2 and the users line is defined on line 7. +``` +users %@% match all rules limit_rate_of_queries query_regex +``` -### Example 2 - Only safe deletes into the managers table +### Use Case 2 - Only allow deletes with a where clause -We want to prevent accidental deletes into the managers table where the where clause is missing. This poses a problem, we don't want to require all the delete queries to have a where clause. We only want to prevent the data in the managers table from being deleted without a where clause. +We have a table which contains all the managers of a company. We want to prevent accidental deletes into this table where the where clause is missing. This poses a problem, we don't want to require all the delete queries to have a where clause. We only want to prevent the data in the managers table from being deleted without a where clause. -To achieve this, we need two rules. The first rule can be seen on line 5 in the example rule file. This defines that all delete operations must have a where clause. This rule alone does us no good so we need a second one. The second rule is defined on line 6 and it blocks all queries that match the provided regular expression. When we combine these two rules we get the result we want. You can see the application of these rules on line 9 of the example rule file. The usage of the `all` and `strict_all` matching mode requires that all the rules must match for the query to be blocked. This in effect combines the two rules into a more complex rule. +To achieve this, we need two rules. The first rule defines that all delete operations must have a where clause. This rule alone does us no good so we need a second one. The second rule blocks all queries that match a regular expression. + +``` +rule safe_delete deny no_where_clause on_queries delete +rule managers_table deny regex '.*from.*managers.*' +``` + +When we combine these two rules we get the result we want. To combine these two rules add the following line to the rule file. + +``` +users %@% match all rules safe_delete managers_table +``` diff --git a/plugins/nagios/README b/plugins/nagios/README new file mode 100644 index 000000000..9065796c4 --- /dev/null +++ b/plugins/nagios/README @@ -0,0 +1,44 @@ +MaxScale Nagios plugins, for Nagios 3.5.1 + +MaxScale must be configured with 'maxscaled' protocol for the administration interface + +[AdminInterface] +type=service +router=cli + +[AdminListener] +type=listener +service=AdminInterface +protocol=maxscaled +port=6603 + +1) copy check_maxscale_*.pl under /usr/lib64/nagios/plugins +2) copy maxscale_commands.cfg, server1.cfg to /etc/nagios/objects/ +3) Edit /etc/nagios/nagios.cfg + +add + +cfg_file=/etc/nagios/objects/maxscale_commands.cfg +cfg_file=/etc/nagios/objects/server1.cfg + +Please note: +- modify server IP address in server1.cfg, pointing to MaxScale server +- maxadmin executable must be in the nagios server +- default AdminInterface port is 6603 +- default maxadmin executable path is /usr/local/skysql/maxscale/bin/maxadmin + It can be changed by -m option + +Example related to server1.cfg + +# Check MaxScale sessions, on the remote machine. +define service{ + use local-service ; Name of service template to use + host_name server1 + service_description MaxScale_sessions + check_command check_maxscale_resource!6603!admin!skysql!sessions!/path_to/maxadmin + notifications_enabled 0 + } + +4) Restart Nagios + + diff --git a/plugins/nagios/check_maxscale_monitors.pl b/plugins/nagios/check_maxscale_monitors.pl new file mode 100755 index 000000000..2850bd754 --- /dev/null +++ b/plugins/nagios/check_maxscale_monitors.pl @@ -0,0 +1,213 @@ +#!/usr/bin/perl +# +# +# +# This file is distributed as part of the MariaDB Corporation MaxScale. It is free +# software: you can redistribute it and/or modify it under the terms of the +# GNU General Public License as published by the Free Software Foundation, +# version 2. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +# details. +# +# You should have received a copy of the GNU General Public License along with +# this program; if not, write to the Free Software Foundation, Inc., 51 +# Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright MariaDB Corporation Ab 2013-2015 +# +# + +# +# @file check_maxscale_monitors.pl - Nagios plugin for MaxScale monitors +# +# Revision History +# +# Date Who Description +# 06-03-2015 Massimiliano Pinto Initial implementation +# + +#use strict; +#use warnings; +use Getopt::Std; + +my %opts; +my $TIMEOUT = 15; # we don't want to wait long for a response +my %ERRORS = ('UNKNOWN' , '3', + 'OK', '0', + 'WARNING', '1', + 'CRITICAL', '2'); + +my $curr_script = "$0"; +$curr_script =~ s{.*/}{}; + +sub usage { + my $rc = shift; + + print <<"EOF"; +MaxScale monitor checker plugin for Nagios + +Usage: $curr_script [-r ] [-H ] [-P ] [-u ] [-p ] [-m ] [-h] + +Options: + -r = monitors + -h = provide this usage message + -H = which host to connect to + -P = port to use + -u = username to connect as + -p = password to use for at + -m = /path/to/maxadmin +EOF + exit $rc; +} + +%opts =( + 'r' => 'monitors', # default maxscale resource to show + 'h' => '', # give help + 'H' => 'localhost', # host + 'u' => 'root', # username + 'p' => '', # password + 'P' => 6603, # port + 'm' => '/usr/local/skysql/maxscale/bin/maxadmin', # maxadmin + ); + +my $MAXADMIN_DEFAULT = $opts{'m'}; + +getopts('r:hH:u:p:P:m:', \%opts) + or usage( $ERRORS{"UNKNOWN"} ); +usage( $ERRORS{'OK'} ) if $opts{'h'}; + +my $MAXADMIN_RESOURCE = $opts{'r'}; +my $MAXADMIN = $opts{'m'}; +if (!defined $MAXADMIN || length($MAXADMIN) == 0) { + $MAXADMIN = $MAXADMIN_DEFAULT; +} +-x $MAXADMIN or + die "$curr_script: Failed to find required tool: $MAXADMIN. Please install it or use the -m option to point to another location."; + +# Just in case of problems, let's not hang Nagios +$SIG{'ALRM'} = sub { + print ("UNKNOWN: No response from MaxScale server (alarm)\n"); + exit $ERRORS{"UNKNOWN"}; +}; +alarm($TIMEOUT); + +my $command = $MAXADMIN . ' -h ' . $opts{'H'} . ' -u ' . $opts{'u'} . ' -p "' . $opts{'p'} . '" -P ' . $opts{'P'} . ' ' . "show " . $MAXADMIN_RESOURCE; + +#print "maxadmin command: $command\n"; + +open (MAXSCALE, "$command 2>&1 |") + or die "can't get data out of Maxscale: $!"; + +my $hostname = qx{hostname}; chomp $hostname; +my $waiting_backend = 0; +my $service; +my $start_output = 0; +my $n_threads = 0; +my $p_threads = 0; +my $performance_data=""; + + +my $resource_type = $MAXADMIN_RESOURCE; +chop($resource_type); + +my $resource_match = ucfirst("$resource_type Name"); + +my $this_key; +my %monitor_data; + +while ( ) { + chomp; + + if ( /(Failed|Unable) to connect to MaxScale/ ) { + printf "CRITICAL: $_\n"; + close(MAXSCALE); + exit(2); + } + + if ( /^Monitor\:/ ) { + $n_threads++; + $this_key = 'monitor' . $n_threads; + $monitor_data{$this_key} = { + '1name'=> '', + '2state' => '', + '3servers' => '', + '4interval' => '', + '5repl_lag' => '' + }; + + next; + } + + next if (/--/ || $_ eq ''); + + if ( /\s+Name/) { + + my $str; + my $perf_line; + my @data_row = split(':', $_); + my $name = $data_row[1]; + $name =~ s/^\s+|\s+$//g; + $monitor_data{$this_key}{'1name'}=$name; + + } + + if (/(\s+Monitor )(.*)/) { + $monitor_data{$this_key}{'2state'}=$2; + } + + if ( /Monitored servers\:/ ) { + my $server_list; + my @data_row = split(':', $_); + shift(@data_row); + foreach my $name (@data_row) { + $name =~ s/^\s+|\s+$//g; + $name =~ s/ //g; + $server_list .= $name . ":"; + } + chop($server_list); + $monitor_data{$this_key}{'3servers'}=$server_list; + } + + if ( /(Sampling interval\:)\s+(\d+) milliseconds/ ) { + #my @data_row = split(':', $_); + #my $name = $data_row[1]; + #$name =~ s/^\s+|\s+$//g; + #$monitor_data{$this_key}{'4interval'}=$name; + $monitor_data{$this_key}{'4interval'}=$2; + } + + if ( /Replication lag\:/ ) { + my @data_row = split(':', $_); + my $name = $data_row[1]; + $name =~ s/^\s+|\s+$//g; + $monitor_data{$this_key}{'5repl_lag'}=$name; + } +} + + + for my $key ( sort(keys %monitor_data) ) { + #print "-- key: [$key]\n"; + my $local_hash = {}; + $performance_data .= " $key="; + $local_hash = $monitor_data{$key}; + my %new_hash = %$local_hash; + foreach my $key (sort (keys (%new_hash))) { + $performance_data .= $new_hash{$key} . ";"; + } + } + +chop($performance_data); + +if ($n_threads) { + printf "OK: %d monitors found |%s\n", $n_threads, $performance_data; + close(MAXSCALE); + exit 0; +} else { + printf "CRITICAL: 0 monitors found\n"; + close(MAXSCALE); + exit 2; +} + diff --git a/plugins/nagios/check_maxscale_resources.pl b/plugins/nagios/check_maxscale_resources.pl new file mode 100755 index 000000000..2cb3944e0 --- /dev/null +++ b/plugins/nagios/check_maxscale_resources.pl @@ -0,0 +1,181 @@ +#!/usr/bin/perl +# +# +# +# This file is distributed as part of the MariaDB Corporation MaxScale. It is free +# software: you can redistribute it and/or modify it under the terms of the +# GNU General Public License as published by the Free Software Foundation, +# version 2. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +# details. +# +# You should have received a copy of the GNU General Public License along with +# this program; if not, write to the Free Software Foundation, Inc., 51 +# Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright MariaDB Corporation Ab 2013-2015 +# +# + +# +# @file check_maxscale_resources.pl - Nagios plugin for MaxScale resources +# +# Revision History +# +# Date Who Description +# 06-03-2015 Massimiliano Pinto Initial implementation +# + +#use strict; +#use warnings; +use Getopt::Std; + +my %opts; +my $TIMEOUT = 15; # we don't want to wait long for a response +my %ERRORS = ('UNKNOWN' , '3', + 'OK', '0', + 'WARNING', '1', + 'CRITICAL', '2'); + +my $curr_script = "$0"; +$curr_script =~ s{.*/}{}; + +sub usage { + my $rc = shift; + + print <<"EOF"; +MaxScale monitor checker plugin for Nagios + +Usage: $curr_script [-r ] [-H ] [-P ] [-u ] [-p ] [-m ] [-h] + +Options: + -r = modules|services|filters|listeners|servers|sessions + -h = provide this usage message + -H = which host to connect to + -P = port to use + -u = username to connect as + -p = password to use for at + -m = /path/to/maxadmin +EOF + exit $rc; +} + +%opts =( + 'r' => 'services', # default maxscale resource to show + 'h' => '', # give help + 'H' => 'localhost', # host + 'u' => 'root', # username + 'p' => '', # password + 'P' => 6603, # port + 'm' => '/usr/local/skysql/maxscale/bin/maxadmin', # maxadmin + ); + +my $MAXADMIN_DEFAULT = $opts{'m'}; + +getopts('r:hH:u:p:P:m:', \%opts) + or usage( $ERRORS{"UNKNOWN"} ); +usage( $ERRORS{'OK'} ) if $opts{'h'}; + +my $MAXADMIN_RESOURCE = $opts{'r'}; +my $MAXADMIN = $opts{'m'}; +if (!defined $MAXADMIN || length($MAXADMIN) == 0) { + $MAXADMIN = $MAXADMIN_DEFAULT; +} + +-x $MAXADMIN or + die "$curr_script: Failed to find required tool: $MAXADMIN. Please install it or use the -m option to point to another location."; + +# Just in case of problems, let's not hang Nagios +$SIG{'ALRM'} = sub { + print ("UNKNOWN: No response from MaxScale server (alarm)\n"); + exit $ERRORS{"UNKNOWN"}; +}; +alarm($TIMEOUT); + +my $command = $MAXADMIN . ' -h ' . $opts{'H'} . ' -u ' . $opts{'u'} . ' -p "' . $opts{'p'} . '" -P ' . $opts{'P'} . ' ' . "list " . $MAXADMIN_RESOURCE; + +#print "maxadmin command: $command\n"; +open (MAXSCALE, "$command 2>&1 |") + or die "can't get data out of Maxscale: $!"; + +my $hostname = qx{hostname}; chomp $hostname; +my $waiting_backend = 0; +my $service; +my $start_output = 0; +my $n_threads = 0; +my $p_threads = 0; +my $performance_data=""; + + +my $resource_type = $MAXADMIN_RESOURCE; +chop($resource_type); + +my $resource_match = ucfirst("$resource_type Name"); + +if ($resource_type eq "listener") { + $resource_match = "Service Name"; +} +if ($resource_type eq "filter") { + $resource_match = "Filter"; +} +if ($resource_type eq "server") { + $resource_match = "Server"; +} +if ($resource_type eq "session") { + $resource_match = "Session"; +} + +#print "Matching [$resource_match]\n"; + +while ( ) { + chomp; + + if ( /(Failed|Unable) to connect to MaxScale/ ) { + printf "CRITICAL: $_\n"; + close(MAXSCALE); + exit(2); + } + + if ( ! /^$resource_match/ ) { + } else { + $start_output = 1; + next; + } + if ($start_output) { + next if (/--/ || $_ eq ''); + $n_threads++; + if ($resource_type ne "session") { + my $str; + my $perf_line; + my @data_row = split('\|', $_); + $performance_data .= "module$n_threads="; + foreach my $val (@data_row) { + $str = $val; + $str =~ s/^\s+|\s+$//g; + $perf_line .= $str . ';'; + } + chop($perf_line); + $performance_data .= $perf_line . ' '; + } + } +} + +chop($performance_data); + +if ($n_threads) { + if ($performance_data eq '') { + printf "OK: %d $MAXADMIN_RESOURCE found\n", $n_threads; + } else { + printf "OK: %d $MAXADMIN_RESOURCE found | %s\n", $n_threads, $performance_data; + } + close(MAXSCALE); + exit 0; +} else { + printf "CRITICAL: 0 $MAXADMIN_RESOURCE found\n"; + close(MAXSCALE); + exit 2; +} + diff --git a/plugins/nagios/check_maxscale_threads.pl b/plugins/nagios/check_maxscale_threads.pl new file mode 100755 index 000000000..7486a6b24 --- /dev/null +++ b/plugins/nagios/check_maxscale_threads.pl @@ -0,0 +1,244 @@ +#!/usr/bin/perl +# +# +# +# This file is distributed as part of the MariaDB Corporation MaxScale. It is free +# software: you can redistribute it and/or modify it under the terms of the +# GNU General Public License as published by the Free Software Foundation, +# version 2. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +# details. +# +# You should have received a copy of the GNU General Public License along with +# this program; if not, write to the Free Software Foundation, Inc., 51 +# Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright MariaDB Corporation Ab 2013-2015 +# +# + +# +# @file check_maxscale_threads.pl - Nagios plugin for MaxScale threads and events +# +# Revision History +# +# Date Who Description +# 06-03-2015 Massimiliano Pinto Initial implementation +# + +#use strict; +#use warnings; +use Getopt::Std; + +my %opts; +my $TIMEOUT = 15; # we don't want to wait long for a response +my %ERRORS = ('UNKNOWN' , '3', + 'OK', '0', + 'WARNING', '1', + 'CRITICAL', '2'); + +my $curr_script = "$0"; +$curr_script =~ s{.*/}{}; + +sub usage { + my $rc = shift; + + print <<"EOF"; +MaxScale monitor checker plugin for Nagios + +Usage: $curr_script [-r ] [-H ] [-P ] [-u ] [-p ] [-m ] [-h] + +Options: + -r = threads + -h = provide this usage message + -H = which host to connect to + -P = port to use + -u = username to connect as + -p = password to use for at + -m = /path/to/maxadmin +EOF + exit $rc; +} + +%opts =( + 'r' => 'threads', # default maxscale resource to show + 'h' => '', # give help + 'H' => 'localhost', # host + 'u' => 'root', # username + 'p' => '', # password + 'P' => 6603, # port + 'm' => '/usr/local/skysql/maxscale/bin/maxadmin', # maxadmin + ); + +my $MAXADMIN_DEFAULT = $opts{'m'}; + +getopts('r:hH:u:p:P:m:', \%opts) + or usage( $ERRORS{"UNKNOWN"} ); +usage( $ERRORS{'OK'} ) if $opts{'h'}; + +my $MAXADMIN_RESOURCE = $opts{'r'}; +my $MAXADMIN = $opts{'m'}; +if (!defined $MAXADMIN || length($MAXADMIN) == 0) { + $MAXADMIN = $MAXADMIN_DEFAULT; +} +-x $MAXADMIN or + die "$curr_script: Failed to find required tool: $MAXADMIN. Please install it or use the -m option to point to another location."; + +# Just in case of problems, let's not hang Nagios +$SIG{'ALRM'} = sub { + print ("UNKNOWN: No response from MaxScale server (alarm)\n"); + exit $ERRORS{"UNKNOWN"}; +}; +alarm($TIMEOUT); + +my $command = $MAXADMIN . ' -h ' . $opts{'H'} . ' -u ' . $opts{'u'} . ' -p "' . $opts{'p'} . '" -P ' . $opts{'P'} . ' ' . "show " . $MAXADMIN_RESOURCE; + +#print "maxadmin command: $command\n"; + +open (MAXSCALE, "$command 2>&1 |") + or die "can't get data out of Maxscale: $!"; + +my $hostname = qx{hostname}; chomp $hostname; +my $waiting_backend = 0; +my $service; +my $start_output = 0; +my $n_threads = 0; +my $p_threads = 0; +my $performance_data=""; + + +my $resource_type = $MAXADMIN_RESOURCE; +chop($resource_type); + +my $resource_match = ucfirst("$resource_type Name"); + +my $historic_thread_load_average = 0; +my $current_thread_load_average = 0; + +my %thread_data; +my %event_data; + +my $start_queue_len = 0; + +while ( ) { + chomp; + + if ( /(Failed|Unable) to connect to MaxScale/ ) { + printf "CRITICAL: $_\n"; + close(MAXSCALE); + exit(2); + } + + if ( /Historic Thread Load Average/) { + my $str; + my @data_row = split(':', $_); + foreach my $val (@data_row) { + $str = $val; + $str =~ s/^\s+|\s+$//g; + } + chop($str); + $historic_thread_load_average = $str; + } + + if (/Current Thread Load Average/) { + my $str; + my @data_row = split(':', $_); + foreach my $val (@data_row) { + $str = $val; + $str =~ s/^\s+|\s+$//g; + } + chop($str); + $current_thread_load_average = $str; + } + + if (/Minute Average/) { + my $str; + my $in_str; + my @data_row = split(',', $_); + foreach my $val (@data_row) { + my ($i,$j)= split(':', $val); + $i =~ s/^\s+|\s+$//g; + $j =~ s/^\s+|\s+$//g; + if ($start_queue_len) { + $event_data{$i} = $j; + } else { + $thread_data{$i} = $j; + } + } + } + + if ( /Pending event queue length averages/) { + $start_queue_len = 1; + next; + } + + if ( ! /^\s+ID/ ) { + #printf $_ ."\n"; + } else { + #printf "[$_]" ."\n"; + $start_output = 1; + next; + } + if ($start_output && /^\s+\d/) { + #printf "Thread [$_]" . "\n"; + $n_threads++; + if (/Processing/) { + $p_threads++; + } + } +} + +close(MAXSCALE); + + +open( MAXSCALE, "/servers/maxinfo/bin/maxadmin -h 127.0.0.1 -P 8444 -uadmin -pskysql show epoll 2>&1 |" ) + or die "can't get data out of Maxscale: $!"; + +my $queue_len = 0; + +while ( ) { + chomp; + if ( ! /Current event queue length/ ) { + next; + } else { + my $str; + my @data_row = split(':', $_); + foreach my $val (@data_row) { + $str = $val; + $str =~ s/^\s+|\s+$//g; + } + $queue_len = $str; + + last; + } +} + +my $performance_data = ""; +my $performance_data_thread = ""; +my $performance_data_event = ""; + +my $in_str; +my $in_key; +my $in_val; + +my @new_thread_array = @thread_data{'15 Minute Average', '5 Minute Average', '1 Minute Average'}; +my @new_event_array = @event_data{'15 Minute Average', '5 Minute Average', '1 Minute Average'}; + +$performance_data_thread = join(';', @new_thread_array); +$performance_data_event = join(';', @new_event_array); + +$performance_data .= "threads=$historic_thread_load_average;$current_thread_load_average avg_threads=$performance_data_thread avg_events=$performance_data_event"; + +if ($p_threads < $n_threads) { + printf "OK: Processing threads: %d/%d Events: %d | $performance_data\n", $p_threads, $n_threads, $queue_len; + close(MAXSCALE); + exit 0; +} else { + printf "WARNING: Processing threads: %d/%d Events: %d | $performance_data\n", $p_threads, $n_threads, $queue_len; + close(MAXSCALE); + exit 1; +} + diff --git a/plugins/nagios/maxscale_commands.cfg b/plugins/nagios/maxscale_commands.cfg new file mode 100644 index 000000000..ca3446d4e --- /dev/null +++ b/plugins/nagios/maxscale_commands.cfg @@ -0,0 +1,31 @@ +############################################################################### +# MAXSCALE_COMMANDS.CFG - SAMPLE COMMAND DEFINITIONS FOR NAGIOS 3.5.1 +# +# Last Modified: 06-03-2015 +# +# NOTES: This config file provides you with some example command definitions +# that you can reference in host, service, and contact definitions. +# +# You don't need to keep commands in a separate file from your other +# object definitions. This has been done just to make things easier to +# understand. +# +############################################################################### + +# check maxscale monitors +define command{ + command_name check_maxscale_monitors + command_line $USER1$/check_maxscale_monitors.pl -H $HOSTADDRESS$ -P $ARG1$ -u $ARG2$ -p $ARG3$ -r $ARG4$ -m $ARG5$ +} + +# check maxscale threads +define command{ + command_name check_maxscale_threads + command_line $USER1$/check_maxscale_threads.pl -H $HOSTADDRESS$ -P $ARG1$ -u $ARG2$ -p $ARG3$ -r $ARG4$ -m $ARG5$ +} + +# check maxscale resource (listeners, services, etc) +define command{ + command_name check_maxscale_resource + command_line $USER1$/check_maxscale_resources.pl -H $HOSTADDRESS$ -P $ARG1$ -u $ARG2$ -p $ARG3$ -r $ARG4$ -m $ARG5$ +} diff --git a/plugins/nagios/server1.cfg b/plugins/nagios/server1.cfg new file mode 100644 index 000000000..d571fb1aa --- /dev/null +++ b/plugins/nagios/server1.cfg @@ -0,0 +1,111 @@ + +############################################################################### +############################################################################### +# +# HOST DEFINITION +# +############################################################################### +############################################################################### + +# Define a host for the remote machine + +define host{ + use linux-server ; Name of host template to use + ; This host definition will inherit all variables that are defined + ; in (or inherited by) the linux-server host template definition. + host_name server1 + alias server1 + address xxx.xxx.xxx.xxx + } + + + +############################################################################### +############################################################################### +# +# HOST GROUP DEFINITION +# +############################################################################### +############################################################################### + +# Define an optional hostgroup for Linux machines + +define hostgroup{ + hostgroup_name linux-real-servers ; The name of the hostgroup + alias Linux Real Servers ; Long name of the group + members server1 ; Comma separated list of hosts that belong to this group + } + + + +# Check MaxScale modules, on the remote machine. +define service{ + use local-service ; Name of service template to use + host_name server1 + service_description MaxScale_modules + check_command check_maxscale_resource!6603!admin!skysql!modules + notifications_enabled 0 + } + +# Check MaxScale services, on the remote machine. +define service{ + use local-service ; Name of service template to use + host_name server1 + service_description MaxScale_services + check_command check_maxscale_resource!6603!admin!skysql!services + notifications_enabled 0 + } + +# Check MaxScale listeners, on the remote machine. +define service{ + use local-service ; Name of service template to use + host_name server1 + service_description MaxScale_listeners + check_command check_maxscale_resource!6603!admin!skysql!listeners + notifications_enabled 0 + } + +# Check MaxScale servers, on the remote machine. +define service{ + use local-service ; Name of service template to use + host_name server1 + service_description MaxScale_servers + check_command check_maxscale_resource!6603!admin!skysql!servers + notifications_enabled 0 + } + +# Check MaxScale sessions, on the remote machine. +define service{ + use local-service ; Name of service template to use + host_name server1 + service_description MaxScale_sessions + check_command check_maxscale_resource!6603!admin!skysql!sessions + notifications_enabled 0 + } + +# Check MaxScale filters, on the remote machine. +define service{ + use local-service ; Name of service template to use + host_name server1 + service_description MaxScale_filters + check_command check_maxscale_resource!6603!admin!skysql!filters + notifications_enabled 0 + } + +# Check MaxScale monitors, on the remote machine. +define service{ + use local-service ; Name of service template to use + host_name server1 + service_description MaxScale_monitors + check_command check_maxscale_monitors!6603!admin!skysql!monitors + notifications_enabled 0 + } + +# Define a service to check Script on the remote machine. +define service{ + use local-service ; Name of service template to use + host_name server1 + service_description MaxScale_threads + check_command check_maxscale_threads!6603!admin!skysql!threads + notifications_enabled 0 + } diff --git a/server/core/modutil.c b/server/core/modutil.c index db4563766..6362d70a0 100644 --- a/server/core/modutil.c +++ b/server/core/modutil.c @@ -558,7 +558,7 @@ GWBUF* modutil_get_complete_packets(GWBUF** p_readbuf) * @return Number of EOF packets */ int -modutil_count_signal_packets(GWBUF *reply, int use_ok, int n_found) +modutil_count_signal_packets(GWBUF *reply, int use_ok, int n_found, int* more) { unsigned char* ptr = (unsigned char*) reply->start; unsigned char* end = (unsigned char*) reply->end; @@ -566,6 +566,7 @@ modutil_count_signal_packets(GWBUF *reply, int use_ok, int n_found) int pktlen, eof = 0, err = 0; int errlen = 0, eoflen = 0; int iserr = 0, iseof = 0; + bool moreresults = false; while(ptr < end) { @@ -585,8 +586,9 @@ modutil_count_signal_packets(GWBUF *reply, int use_ok, int n_found) } } - if((ptr + pktlen) > end) + if((ptr + pktlen) > end || (eof + n_found) >= 2) { + moreresults = PTR_EOF_MORE_RESULTS(ptr); ptr = prev; break; } @@ -616,6 +618,8 @@ modutil_count_signal_packets(GWBUF *reply, int use_ok, int n_found) } } + *more = moreresults; + return(eof + err); } @@ -693,3 +697,97 @@ static void modutil_reply_routing_error( poll_add_epollin_event_to_dcb(backend_dcb, buf); return; } + +/** + * Find the first occurrence of a character in a string. This function ignores + * escaped characters and all characters that are enclosed in single or double quotes. + * @param ptr Pointer to area of memory to inspect + * @param c Character to search for + * @param len Size of the memory area + * @return Pointer to the first non-escaped, non-quoted occurrence of the character. + * If the character is not found, NULL is returned. + */ +void* strnchr_esc(char* ptr,char c, int len) +{ + char* p = (char*)ptr; + char* start = p; + bool quoted = false, escaped = false; + char qc; + + while(p < start + len) + { + if(escaped) + { + escaped = false; + } + else if(*p == '\\') + { + escaped = true; + } + else if((*p == '\'' || *p == '"') && !quoted) + { + quoted = true; + qc = *p; + } + else if(quoted && *p == qc) + { + quoted = false; + } + else if(*p == c && !escaped && !quoted) + { + return p; + } + p++; + } + + return NULL; +} + +/** + * Create a COM_QUERY packet from a string. + * @param query Query to create. + * @return Pointer to GWBUF with the query or NULL if an error occurred. + */ +GWBUF* modutil_create_query(char* query) +{ + if(query == NULL) + return NULL; + + GWBUF* rval = gwbuf_alloc(strlen(query) + 5); + int pktlen = strlen(query) + 1; + unsigned char* ptr; + + if(rval) + { + ptr = (unsigned char*)rval->start; + *ptr++ = (pktlen); + *ptr++ = (pktlen)>>8; + *ptr++ = (pktlen)>>16; + *ptr++ = 0x0; + *ptr++ = 0x03; + memcpy(ptr,query,strlen(query)); + gwbuf_set_type(rval,GWBUF_TYPE_MYSQL); + } + + return rval; +} + +/** + * Count the number of statements in a query. + * @param buffer Buffer to analyze. + * @return Number of statements. + */ +int modutil_count_statements(GWBUF* buffer) +{ + char* ptr = ((char*)(buffer)->start + 5); + char* end = ((char*)(buffer)->end); + int num = 1; + + while((ptr = strnchr_esc(ptr,';', end - ptr))) + { + num++; + ptr++; + } + + return num; +} \ No newline at end of file diff --git a/server/core/resultset.c b/server/core/resultset.c index cca4e3c5a..7f9d88bbf 100644 --- a/server/core/resultset.c +++ b/server/core/resultset.c @@ -73,18 +73,19 @@ resultset_free(RESULTSET *resultset) { RESULT_COLUMN *col; - if (resultset) - return; - col = resultset->column; - while (col) + if (resultset != NULL) { - RESULT_COLUMN *next; + col = resultset->column; + while (col) + { + RESULT_COLUMN *next; next = col->next; resultset_column_free(col); col = next; + } + free(resultset); } - free(resultset); } /** diff --git a/server/core/test/testservice.c b/server/core/test/testservice.c index 7474925d4..ef2560481 100644 --- a/server/core/test/testservice.c +++ b/server/core/test/testservice.c @@ -42,6 +42,7 @@ static bool success = false; int hup(DCB* dcb) { success = true; + return 1; } /** @@ -108,7 +109,8 @@ hkinit(); skygw_log_sync_all(); ss_info_dassert(0 != result, "Stop should succeed"); - dcb = dcb_alloc(DCB_ROLE_REQUEST_HANDLER); + if((dcb = dcb_alloc(DCB_ROLE_REQUEST_HANDLER)) == NULL) + return 1; ss_info_dassert(dcb != NULL, "DCB allocation failed"); session = session_alloc(service,dcb); diff --git a/server/include/modutil.h b/server/include/modutil.h index 6f99f9c36..dc7ee2937 100644 --- a/server/include/modutil.h +++ b/server/include/modutil.h @@ -33,12 +33,14 @@ */ #include #include +#include #define PTR_IS_RESULTSET(b) (b[0] == 0x01 && b[1] == 0x0 && b[2] == 0x0 && b[3] == 0x01) #define PTR_IS_EOF(b) (b[0] == 0x05 && b[1] == 0x0 && b[2] == 0x0 && b[4] == 0xfe) #define PTR_IS_OK(b) (b[4] == 0x00) #define PTR_IS_ERR(b) (b[4] == 0xff) #define PTR_IS_LOCAL_INFILE(b) (b[4] == 0xfb) +#define PTR_EOF_MORE_RESULTS(b) ((PTR_IS_EOF(b) && ptr[7] & 0x08)) extern int modutil_is_SQL(GWBUF *); extern int modutil_is_SQL_prepare(GWBUF *); @@ -53,6 +55,8 @@ GWBUF* modutil_get_complete_packets(GWBUF** p_readbuf); int modutil_MySQL_query_len(GWBUF* buf, int* nbytes_missing); void modutil_reply_parse_error(DCB* backend_dcb, char* errstr, uint32_t flags); void modutil_reply_auth_error(DCB* backend_dcb, char* errstr, uint32_t flags); +int modutil_count_statements(GWBUF* buffer); +GWBUF* modutil_create_query(char* query); GWBUF *modutil_create_mysql_err_msg( int packet_number, @@ -61,5 +65,5 @@ GWBUF *modutil_create_mysql_err_msg( const char *statemsg, const char *msg); -int modutil_count_signal_packets(GWBUF*,int,int); +int modutil_count_signal_packets(GWBUF*,int,int,int*); #endif diff --git a/server/modules/filter/CMakeLists.txt b/server/modules/filter/CMakeLists.txt index 98d855d54..84629559b 100644 --- a/server/modules/filter/CMakeLists.txt +++ b/server/modules/filter/CMakeLists.txt @@ -34,9 +34,9 @@ add_library(namedserverfilter SHARED namedserverfilter.c) target_link_libraries(namedserverfilter log_manager utils) install(TARGETS namedserverfilter DESTINATION modules) -add_library(lagfilter SHARED lagfilter.c) -target_link_libraries(lagfilter log_manager utils query_classifier) -install(TARGETS lagfilter DESTINATION modules) +add_library(slavelag SHARED slavelag.c) +target_link_libraries(slavelag log_manager utils query_classifier) +install(TARGETS slavelag DESTINATION modules) add_subdirectory(hint) diff --git a/server/modules/filter/fwfilter.c b/server/modules/filter/fwfilter.c index d33cacb2e..63d07b5a9 100644 --- a/server/modules/filter/fwfilter.c +++ b/server/modules/filter/fwfilter.c @@ -1558,6 +1558,7 @@ bool check_match_any(FW_INSTANCE* my_instance, FW_SESSION* my_session, GWBUF *qu } qlen = gw_mysql_get_byte3(memptr); + qlen = qlen < 0xffffff ? qlen : 0xffffff; fullquery = malloc((qlen) * sizeof(char)); memcpy(fullquery,memptr + 5,qlen - 1); memset(fullquery + qlen - 1,0,1); @@ -1612,6 +1613,7 @@ bool check_match_all(FW_INSTANCE* my_instance, FW_SESSION* my_session, GWBUF *qu } qlen = gw_mysql_get_byte3(memptr); + qlen = qlen < 0xffffff ? qlen : 0xffffff; fullquery = malloc((qlen) * sizeof(char)); memcpy(fullquery,memptr + 5,qlen - 1); memset(fullquery + qlen - 1,0,1); diff --git a/server/modules/filter/lagfilter.c b/server/modules/filter/slavelag.c similarity index 92% rename from server/modules/filter/lagfilter.c rename to server/modules/filter/slavelag.c index aff236850..c12d7a2a7 100644 --- a/server/modules/filter/lagfilter.c +++ b/server/modules/filter/slavelag.c @@ -32,7 +32,7 @@ extern size_t log_ses_count[]; extern __thread log_info_t tls_log_info; /** - * @file lagfilter.c - a very simple filter designed to send queries to the + * @file slavelag.c - a very simple filter designed to send queries to the * master server after data modification has occurred. This is done to prevent * replication lag affecting the outcome of a select query. * @@ -42,8 +42,11 @@ extern __thread log_info_t tls_log_info; * is executed: * * count= Queries to route to master after data modification. - * time=