hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Cache documentation

Browse Source
This commit is contained in:
Johan Wikman
2017-02-03 11:28:00 +02:00
parent 4ccfc35b00
commit d8e05436b1
1 changed files with 137 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

145
Documentation/Filters/Cache.md
View File

@ -5,18 +5,61 @@ The cache filter is a simple cache that is capable of caching the result of
SELECTs, so that subsequent identical SELECTs are served directly by MaxScale, SELECTs, so that subsequent identical SELECTs are served directly by MaxScale,
without the queries being routed to any server. without the queries being routed to any server.
_Note that the cache is still experimental._ _Note that the cache is still experimental and that non-backward compatible
changes may be made._
## Limitations ## Limitations
* Currently there is **no** cache invalidation, apart from _time-to-live_. This All of these limitations may be addressed in forthcoming releases.
will be changed in forthcoming releases.
* Resultsets of prepared statements are **not** cached. This will be changed ### Invalidation
in forthcoming releases. Currently there is **no** cache invalidation, apart from _time-to-live_.
* Data from the cache will be used and the cache will be populated **only** if ### Prepared Statements
no transaction or an explicitly _read-only_ transaction is in progress. Resultsets of prepared statements are **not** cached.
### Transactions
The cache will be used and populated **only** if there is _no_ on-going
transaction or if an on-going transaction is _explicitly_ read-only (that is,
`START TRANSACTION READ ONLY`).
### Variables
The cache key is effectively the entire _SELECT_ statement. However, the
value of any variables used in the select is **not** considered. For instance,
if a variable is used in the _WHERE_ clause of the select, a subsequent
identical select will return the wrong result, if the value of the variable
has been changed in between.
```
MySQL [testdb]> create table tbl (a int, b int);
MySQL [testdb]> insert into tbl values (1, 2), (3, 4);
MySQL [testdb]> set @var=2;
MySQL [testdb]> select a from tbl where b=@var;
+------+
| a |
+------+
| 1 |
+------+
MySQL [testdb]> set @var=4;
MySQL [testdb]> select a from tbl where b=@var;
+------+
| a |
+------+
| 1 |
+------+
```
In the second case, the correct answer would have been `3` and not `1`.
### Security
The cache is **not** aware of grants.
The implication is that unless the cache has been explicitly configured
who the caching should apply to, the presence of the cache may provide
a user with access to data he should not have access to.
Please read the section [Security](#security-1) for more detailed information.
## Configuration ## Configuration
@ -67,6 +110,7 @@ argument. For instance:
``` ```
storage=storage_inmemory storage=storage_inmemory
``` ```
See [Storage](#storage-1) for what storage modules are available.
#### `storage_options` #### `storage_options`
@ -464,6 +508,85 @@ regardless of what host the `admin` user comes from.
] ]
} }
``` ```
# Security
As the cache is not aware of grants, unless the cache has been explicitly
configured who the caching should apply to, the presence of the cache
may provide a user with access to data he should not have access to.
Suppose there is a table ``access`` that the user _alice_ has access to,
but the user _bob_ does not. If _bob_ tries to access the table, he will
get an error as reply:
```
MySQL [testdb]> select * from access;
ERROR 1142 (42000): SELECT command denied to user 'bob'@'localhost' for table 'access'
```
If we now setup caching for the table, using the simplest possible rules
file, _bob_ will get access to data from the table, provided he executes
a select identical with one _alice_ has executed.
For instance, suppose the rules look as follows:
```
{
"store": [
{
"attribute": "table",
"op": "=",
"value": "access"
}
]
}
```
If _alice_ now queries the table, she will get the result, which also will
be cached:
```
MySQL [testdb]> select * from access;
+------+------+
| a | b |
+------+------+
| 47 | 11 |
+------+------+
```
If _bob_ now executes the very same query, and the result is still in the
cache, it will be returned to him.
```
MySQL [testdb]> select current_user();
+----------------+
| current_user() |
+----------------+
| bob@127.0.0.1 |
+----------------+
1 row in set (0.00 sec)
MySQL [testdb]> select * from access;
+------+------+
| a | b |
+------+------+
| 47 | 11 |
+------+------+
```
That can be prevented, by explicitly declaring in the rules that the caching
should be applied to _alice_ only.
```
{
"store": [
{
"attribute": "table",
"op": "=",
"value": "access"
}
],
"use": [
{
"attribute": "user",
"op": "=",
"value": "'alice'@'%'"
}
]
}
```
With these rules in place, _bob_ is again denied access, since queries
targeting the table `access` will in his case not be served from the cache.
# Storage # Storage
@ -471,6 +594,9 @@ regardless of what host the `admin` user comes from.
This simple storage module uses the standard memory allocator for storing This simple storage module uses the standard memory allocator for storing
the cached data. the cached data.
```
storage=storage_inmemory
```
## `storage_rocksdb` ## `storage_rocksdb`
@ -479,6 +605,9 @@ directory where the RocksDB database will be created is by default created
into the _MaxScale cache_ directory, which usually is not on a RAM disk. For into the _MaxScale cache_ directory, which usually is not on a RAM disk. For
maximum performance, you may want to explicitly place the RocksDB database maximum performance, you may want to explicitly place the RocksDB database
on a RAM disk. on a RAM disk.
```
storage=storage_rocksdb
```
### Parameters ### Parameters
@ -509,4 +638,4 @@ The value is a boolean and the default is `false`.
``` ```
storage_options=collect_statistics=true storage_options=collect_statistics=true
``` ```