Commit Graph

4309 Commits

Author SHA1 Message Date
b313c6d0e7 MXS-2474 Ignore attempts to re-register a housekeeper task
It is an error to register the same task multiple times, but
for a maintenance release it is simpler and less risky to simply
ignore an attempt (that BLR does) to do that.

Allowing a task to be registered anew causes behaviour akin
to a leak.
2019-05-09 10:58:35 +03:00
e3b5ba9620 MXS-1973 Support reverse DNS for client hostnames in MaxCtrl
May slow maxscale down when used. Only supported for "list sessions",
"show sessions" and "show session <id>".
2019-05-08 15:04:44 +03:00
446788f2ed MXS-1799 Add timestamps to retain_last_statements messages 2019-05-07 22:54:31 +03:00
3d66e68e95 MXS-2170 Start MaxScale normally if it gets the same PID as previous
MaxScale

Check is made to see if the found MaxScale PID is owned by the process
itself.
2019-05-07 22:23:46 +03:00
4e6ffc0381 Clean up server config parameter handling
Removes helper classes which are no longer required.
2019-05-07 15:39:34 +03:00
95fd61b8dc Fix listener search functions
The functions that searched for listeners compared both sockets and
addresses in the same function. This made its use error prone and caused
false positives in some cases.
2019-05-06 19:55:31 +03:00
6b8ca35408 Format core source files
Formatted core .cc files according to current uncrustify configuration.
2019-05-06 16:05:50 +03:00
5ac24de6b0 Remove log_to_shm
The feature was removed in 2.3 and was ignored if configured.
2019-05-06 16:05:50 +03:00
20a7170024 Fix unit tests that use durations
The tests that used objects that expected a default value for a duration
failed due to missing parameters.
2019-05-06 15:38:43 +03:00
fb0745e3de Merge branch '2.3' into develop 2019-05-03 13:48:57 +03:00
a3cf1d22c0 MXS-2457 Streamline logging 2019-05-03 13:38:12 +03:00
f09d46c8e6 MXS-2457 Allow string arguments to be treated as fields
Before this change, the masking could be bypassed simply by

    > set @@sql_mode='ANSI_QUOTES';
    > select concat("ssn") from person;

The reason is that as the query classifier is not aware of whether
'ANSI_QUOTES' is on or not, it will not know that what above appears
to be the string "ssn", actually is the field name `ssn`. Consequently,
the select will not be blocked and the result returned in cleartext.

It's now possible to instruct the query classifier to report all string
arguments of functions as fields, which will prevent the above. However,
it will also mean that there may be false positives.
2019-05-03 13:38:12 +03:00
20afbfca76 Merge branch '2.3' into develop 2019-05-02 20:24:04 +03:00
bc654849e8 Fix duration JSON representation
Duration values converted to JSON are now again returned as integers. This
keeps the REST API backwards compatible until suffixed durations are no
longer supported at which point all duration values can be represented in
milliseconds.
2019-05-02 16:54:19 +03:00
0d61522586 Fix test_adminusers
The test did not remove old inet user password files.
2019-05-02 12:53:42 +03:00
0c5a45cb85 MXS-2414: Remove unused variable 2019-04-30 14:49:36 +03:00
59be841939 MXS-2414: Rename max_auth_failures to max_auth_errors_until_block 2019-04-30 14:49:36 +03:00
6caa8e55b0 MXS-2414: Send error when host is blocked
If a connection attempt is not accepted due to the host being blocked, the
protocol can now return an error message that is sent to the client. Only
mariadb_client implements this as it is the only one who calls the auth
failure methods in the first place.
2019-04-30 14:49:35 +03:00
db0e491ace MXS-2414: Add max_auth_failures parameter
The parameter controls how many authentication failures are allowed until
the host is blocked. The default is 10 failures per thread.
2019-04-30 14:49:35 +03:00
cf86b0cb7e MXS-2414: Prototype connection attempt throttling
The RateLimit class stores authentication failure data mapped by the
client IP addresses. The authentication failures are limited
per thread. The limits are still hard-coded and at least the number of
failures should be made configurable.

The simplest, most maintainable and acceptably efficient implementation
for DDoS protection is a thread-local unordered_map. The unwanted
side-effect of "scaling" of the number of allowed authentication failures
is unlikely to be problematic in most use-cases.

As the blocking of a host is only temporary, the behavior differs from the
one in the MariaDB server. This allows the number of failures to be set to
a much lower value negating some of the problems caused by the relatively
simple implementation.
2019-04-30 14:49:35 +03:00
d1ab4fcb89 MXS-2329 Fix missing duration type 2019-04-30 14:31:47 +03:00
82b4338eca Remove MonitorManager calls from Monitor functions
Also adds admin thread checks to MonitorManager functions and combines
anonymous namespaces.
2019-04-30 13:45:48 +03:00
c4b27cdefc Store server->monitor relation in a map
Removes the need to iterate through monitor serverlists. Also adds asserts to verify
that monitor modifications are done only from an admin thread.
2019-04-30 13:45:48 +03:00
2115322737 MXS-2329 Change warning into info
Currently it's too laborious to use duration suffixes when saving
generated configs and also to handle suffixes when changes are made
dynamically using maxctrl.

It will be trivial to do that when the new configuration mechanism
has been taken into use everywhere. That will not happen before
MaxScale 2.5.

So, in MaxScale 2.4 duration suffixes will be accepted in manually
created configuration files, but no warning will be logged if a
suffix is not used.
2019-04-30 13:02:53 +03:00
c60c5e4626 MXS-2329 Use durations in monitor (common parts) 2019-04-30 13:02:53 +03:00
ca51316364 MXS-2329 0 is a valid duration, with or without a suffix 2019-04-30 13:02:53 +03:00
b1a495b342 MXS-2329 Use durations with persistmaxtime 2019-04-30 13:02:53 +03:00
93e130bb48 MXS-2329 Use durations with max_retry_interval 2019-04-30 13:02:53 +03:00
75fbcc9393 MXS-2329 Use durations in log_throttling 2019-04-30 13:02:53 +03:00
9fb4116bf5 MXS-2329 Use durations with connection_timeout 2019-04-30 13:02:53 +03:00
638debcdc0 MXS-2329 Allow the restriction of duration units
It's now possible to specify in the config parameter declaration
that the smallest allowed unit is seconds. For parameters whose
granularity is seconds, allowing to specify a duration in
milliseconds would open up a possibility for hard to detect errors.
2019-04-30 13:02:53 +03:00
8a250a8b13 MXS-2329 Make duration misuse harder
Now the desired type must be specified when getting a duration.
The type also dictates how durations without suffixes should be
interpreted.

That removes the need for remembering that to convert a returned
millisecond duration to a second duration.
2019-04-30 13:02:53 +03:00
8bf0e00b1c MXS-2329 Use duration with users_refresh_time 2019-04-30 13:02:53 +03:00
3055e49f5a MXS-2329 Use durations with query_retry_timeout
Also change auth_[connect|read|write]_timeout to be time_t.
2019-04-30 13:02:53 +03:00
92cc31f0c0 MXS-2329 Use durations with auth_[connect|read|write]_timeout 2019-04-30 13:02:53 +03:00
ea14331d18 Move DCB owner selection into Listener
The code that selects which worker to assign the DCB to is now completely
in the Listener class. This removes the need to change the ownership of a
DCB after it has been allocated.
2019-04-26 13:18:37 +03:00
510cae2fe0 Allocate DCB on owning thread
The DCB is now fully allocated on the thread that owns it. This guarantees
that the owner is always correct when it is used.

The code in poll_add_dcb still manipulates which worker the DCB is
allocated. This needs to be removed and the detection of special needs
(maxadmin, maxinfo) must be moved into the listener.
2019-04-26 11:40:30 +03:00
fadbc0b1ae Separate Monitor management to its own file
Allows better separation of file local data. Also allows moving monitor-
related code from config_runtime.cc.
2019-04-25 12:32:41 +03:00
820ff756a7 Fix test_config2
The static structures referred to non-static data.
2019-04-24 18:01:28 +03:00
6aedcc085f Remove references to NDB server state 2019-04-24 14:15:56 +03:00
75c0ac5323 Move items from MonitorWorker to MonitorWorkerSimple
MonitorWorker only enforces the use of a worker thread but otherwise
does not define how the monitor is implemented.
2019-04-24 11:27:11 +03:00
2bc0b9c875 Don't ignore getcwd return value
The return value should be used.
2019-04-24 11:08:34 +03:00
4186f39616 Merge branch '2.3' into develop 2019-04-23 12:11:09 +03:00
9e3f0aab5a Extract client address before allocating the DCB
By extracting the address before the session is started, we can refuse the
connection if there are too many connections from that particular host.
2019-04-23 11:57:10 +03:00
d60ec9e281 Fix test_config2
If the /etc/maxscale.modules.d/ didn't exist or wasn't accessable by the
current user, the test would fail.
2019-04-23 11:57:10 +03:00
ba79028a46 Add debug assertions into the core
The assertions make sure DCB writes and reads are only done by the thread
that owns them.
2019-04-23 11:46:38 +03:00
3e41a601f8 MXS-2411: Implicitly use latest API version
The request API prefix is now simply ignored as it has no meaning as long
as there is a single version of the API.
2019-04-18 13:58:34 +03:00
61f728c05a MXS-2433: Reduce default query classifier cache size
Reduced the default cache size from 40% to 15%. Most cases don't benefit
from that much memory and the defaults have caused problems in live
environments.
2019-04-17 16:07:04 +03:00
d13e6e56ee MXS-2433: Never cache multi-packet queries
If a query spans more than a single packet, it will never be successfully
classified due to the fact that the complete SQL is never available to the
query classifier. For this reason, it is pointless to cache them.
2019-04-17 16:07:04 +03:00
ddf004b733 MXS-2349: Extend REST API tests
Added tests to the REST API that make sure the `socket` parameter works.
2019-04-16 11:52:37 +03:00