The new `ssl_verify_peer_certificate` parameter controls whether the peer
certificate is verified. This allows self-signed certificates to be
properly used with MaxScale.
If a server points to a local MaxScale listener, the permission checks for
that server are skipped. This allows permission checks to be used with a
mix of external servers and internal services.
As the DCBs are "owned" by threads and are handled without locks, no
cross-thread access to those DCBs should be done. Due to this, the show
persistent command for maxadmin has to be changed to show only the size of
the pool.
Moved some typedefs to router.h and server.h, changed a few
constants to these enums. Renamed some types in config.h to
remove "Gateway".
There are still some functions in the public header which are
only used in core, but they seem to fit the theme of public functions
so were not moved.
- All (but the printing/debug functions) are now in snake_case.
- Functions made const correct.
- All function prototypes now have named arguments.
Documentation still to be moved, and file possibly split into
include/mascale/server.h and server/core/maxscale/server.h
- Rename session_getUser to session_get_user
- Change session_get_user and session_get_remote to take a const
SESSION* as argument and to return a const char*.
- Change server_get_persistent, so that user is passed as const.
- Update all users of these functions as appropriate.
The server weighting parameters couldn't be altered online and they
weren't serialized to disk. Only servers that are created online will have
their weighting parameters persisted to disk.
Any changes to servers that aren't created online need to be manually
added to the configuration file in order for them to take effect after the
restart.
Previously, server status changes from MaxAdmin would be set immediately
as long as the server lock could be acquired. This meant that it might take
several seconds until the next monitor pass is executed. Usually, this was
fine but in some situations we would want the monitor to run immediately
after the change (MXS-740 and Galera). This patch changes the logic of
setting and clearing status bits to a delayed mode: changes are first applied
to a "status_pending"-variable, and only once the monitor runs will the
setting be applied. To reduce the delay, the monitor now has a flag
which is checked during sleep (between short 0.1s naps). If set, the
sleep is cut short.
If a server is not monitored, the status bits are set directly.
There is a small possibility of a race condition: If a monitor is stopped or
destroyed before the pending change is applied, the change is forgotten.
The source and destination strings for snprintf must not overlap. A simple
check for the address of the source and destination should solve the case
where they are the same. Behavior is undefined if the pointers aren't the
same but the memory overlaps.
MXS-873 To prevent monitors and MaxAdmin from interfering with each other,
changes to the server status flags now happen under a lock. To avoid
interfering with monitor logic, the monitors now acquire locks to all
of their servers at the start of the monitor loop and release them
before sleeping.
All changes made to the configuration should be traceable. This makes the
process of understanding the life-cycle of a specific MaxScale
installation easier.
The polling system now has a concept of messages. This can be used to send
a synchronous message to the polling system which waits for all threads to
process the message before returning.
Currently this is used to flush unused DCBs when server persistent
statistics are reported.
Making the lists of persistent DCBs thread specific is both a bug fix and
a performance enhancement. There was a small window where a non-owner
thread could receive events for a DCB. By partitioning the DCBs into
thread specific lists, this is avoided by removing the possibility of DCBs
moving between threads.
The config_runtime.h header contains functions that can be used to
manipulate the running configuration. Currently the header contains the
function to create, add, remove and destroy servers.
If a master once had slaves and is in the stale status, it will not retain
this status after a restart. Without storing on-disk information, the
stale master status cannot be deduced by looking at the master
alone. Because of this, the user should be able to manually enable the
stale master status.
Servers created at runtime can now be configured to use SSL. The
configuration is only possible if the server is not in use.
The `alter server` command in maxadmin now takes a list of `key=value`
strings. This allows the user to define multiple alter operations with one
command.
The functions allow simple operations on configuration context
objects. This makes it easier to understand what the code does and allows
reuse of the configuration processing code.
The checks for the server active status are now hidden behind a
macro. This allows for the conditions of the activity to change without
having to alter the code that uses it.
Now that servers use an array for the server name, name truncation can
occur. Although this is nigh impossible, a warning message is a prudent
precaution.
Server creation and allocation are now the same apart from the fact that
allocation only adds the server to the running configuration where as the
creation of a server also persist it to disk.
The server serialization should not be seen through the server.h API. This
allows the serialization method to change without actually having to
change the interfaces.
If a server were to be destroyed, it should not show up among
non-destroyed servers. Even though the servers aren't actually destroyed,
it hides unnecessary information from the user.
When a server is created via MaxAdmin, it will be serialized to disk. This
allows created servers to be retained through a restart of MaxScale.
Currently, all serialized objects are stored in one folder and there is no
structure in the created files. In the future, servers could be created
under a `servers` subdirectory so that it is easier to see what was
added. Whether there is a need for this will be seen.
The server monuser and monpw members were used with the assumption that
they could be NULL. This is no longer true since they were converted to
arrays.
The name member of the server was freed leading to a crash when the server
unit test was run.
The address, port, monuser and monpw parameters of an existing server can
be changed at runtime. The support for enabling SSL will come in a later
commit.
Allowing servers to be modified could also be done by destroying and
recreating them. Since the servers are never actually destroyed, it is
better to allow the alteration of the existing ones.
The function serializes a server to a file. This is intended to be used
with dynamically created servers. The output of the server serialization
will eventually be stored in the configuration file directory (default is
/etc/maxscale.cnf.d/) so that created servers persist even after a
restart.
The dbusers.c was a MySQL protocol specific file which was used directly
by some of the modules.
Added a new return value for the loadusers authenticator entry point which
allows fatal failures to occur when users are loaded. Currently this is
only taken into notice when the service is first started. If a listener
later returns a fatal error, it is only logged but the service stays in
operation.
Moved the MySQLAuth authenticator sources and the tests that relate to
this module into a subdirectory in the authenticator
directory. Eventually, all authenticators could have a subdirectory of
their own.
The default character set should be copied from the server so that
MaxScale appears to be the same. This fixes problems where utf8mb4
couldn't be taken into use because MaxScale would always send latin1 as
the server charset.
The general purpose stuff in skygw_utils.h was moved to utils.h
and the corresponding implementation from skygw_utils.cc to utils.c.
Includes updated accordingly.
Skygw_utils.h is now only used by log_manager and by mlist, which
is only used by log_manager. Consequently, skygw_utils.h was moved
to server/maxscale.
Utils.h needs a separate overhaul.
- Headers now to be included as <maxscale/xyz.h>
- First step, no cleanup of headers has been made. Only moving
from one place to another + necessary modifications.
Authenticators now have a similar mechanism to the `router_options`
parameter which enables configurable authentication.
The authenticators also have a new initialize entry point which is similar
to the createInstance entry point of the filters and routers. The value of
`authenticator_options` is passed as a parameter to this function. The
return vaulue of the `initialize` entry point is passed to the `create`
entry point.
The backend responses are now read in one place and the functions just
read the data. The protocol level will now handle the packet gathering
process and the authentication part just inspects the data.
Backend connections now load authenticators when they are being
connected. In the future, this enables the use of authentication modules
for backend connection.
