Commit Graph

1647 Commits

Author SHA1 Message Date
9d8c5cd410 MXS-862: Add authenticator options and instances
Authenticators now have a similar mechanism to the `router_options`
parameter which enables configurable authentication.

The authenticators also have a new initialize entry point which is similar
to the createInstance entry point of the filters and routers. The value of
`authenticator_options` is passed as a parameter to this function. The
return vaulue of the `initialize` entry point is passed to the `create`
entry point.
2016-10-13 15:58:18 +03:00
cb7c112764 MXS-862: Create common MySQL library
The MySQLCommon library contains functions used by both the protocol and
authenticator modules. The contents of the modutil.c file could also be
moved to this file if the functions in that file are only used by modules
and not the core.
2016-10-13 15:51:52 +03:00
dfeb5c46c9 MXS-862: Add create/destroy and remove plugin_name entry points
The create and destroy entry points allow authenticators to store data in
the DCB. This data is not shared by other DCBs related to the same
session.

The plugin_name entry point wasn't really useful as the plugins would
still need to send a AuthSwitchRequest packet if they wanted to change the
authentication mechanism.
2016-10-13 15:51:51 +03:00
6d057f8152 MXS-862: Move backend authentication from MySQLBackend to MySQLBackendAuth
The authentication for backend connections is now done in the
MySQLBackendAuth module. This is also the default authentication module
for backend connections created by MySQLBackend.
2016-10-13 15:51:51 +03:00
35d9b35609 MXS-862: Refactor backend authentication handling
The backend responses are now read in one place and the functions just
read the data. The protocol level will now handle the packet gathering
process and the authentication part just inspects the data.

Backend connections now load authenticators when they are being
connected. In the future, this enables the use of authentication modules
for backend connection.
2016-10-13 15:51:50 +03:00
cd11971d5d Log more precise DCB write error messages
The DCB error messages now log the type of the DCB and the remote address
in addition to the system error message. The file descriptor and memory
address are no longer printed in the error message as they are not useful
to the end user. The fd and address are now logged at debug level with a
more verbose error message.
2016-10-13 15:51:50 +03:00
cc01ce5c16 Remove obsolete parts from testlog.c
The code used the log manager in the wrong way which caused the test to
hang from time to time.
2016-10-03 15:40:49 +03:00
fbf5c331f1 Merge branch '2.0.1' into develop 2016-10-03 15:21:04 +03:00
91759ef323 Use MXS_ALERT when logging the stack of a crash
As MXS_ERROR is throttled you'd risk missing some part of the stack.
2016-09-30 10:48:04 +03:00
93b755fc33 Add MXS_ALERT
As errors and warnings are throttled, there is a need for being able
to log severe errors without ever having them throttled (e.g. when
logging the stack in conjunction with a crash).

MXS_ALERT should only be used in a context where the process is known
to be going down, either via crash or explicit exit.
2016-09-30 10:44:59 +03:00
3d5cfee348 housekeeper: Copy data to prevent access of freed data 2016-09-29 09:34:54 +03:00
c919511ba7 Implement simple failover mode into mysqlmon
The mysqlmon simple failover mode allows it to direct write traffic to a
secondary node. This enables a very simple failover mode with MaxScale
when it is used in a two node master-slave setup.
2016-09-26 11:00:16 +03:00
e484aac6f0 Use CLOCK_MONOTONIC instead of CLOCK_MONOTONIC_RAW
The CLOCK_MONOTONIC_RAW isn't supported on all of the platforms, namely
CentOS 5.
2016-09-22 10:09:25 +03:00
0a951d5e65 Merge branch 'develop-2.0-merge' into develop 2016-09-22 09:49:10 +03:00
08d980b433 Trim and squeeze whitespace when canonicalizing queries
The canonical form of the query should ignore changes in whitespace as the
semantics of the query stays the same regardless of the amount of
whitespace.
2016-09-21 10:58:24 +03:00
ca9021b835 Merge branch '2.0' into develop 2016-09-21 02:51:27 +03:00
3992135325 Move authentication return codes to gw_authenticator.h
The MYSQL_* authentication return codes are now in gw_authenticator.h so
that all authenticators can use them. Also dropped the MYSQL_ prefix from
the return codes and added AUTH_INCOMPLETE for a generic
authentication-in-progress return code.
2016-09-20 11:44:17 +03:00
35d4be14d2 Make service and monitor permissions checks optional
MaxScale shouldn't require the service and monitor user checks. It makes
sense to disable the checks to speed up the startup process when the user
knows that the permissions are OK.
2016-09-20 10:30:53 +03:00
92ef33327e MXS-870: Handle non-contiguous session command responses
Session command responses with multiple packets could be spread across
multiple, non-contiguous buffers. If a buffer contained a complete packet
and some extra data but it wasn't contiguous, the debug assertion in
gwbuf_clone_portion would fail. With release builds, it would cause
eventual out-of-bounds memory access when the response would be sent to
the client.
2016-09-19 09:58:20 +03:00
da9c7db231 Fix Travis builds
The travis builds failed due to outdated build scripts. The queuemanager
also failed to build on non-Debug builds.
2016-09-15 07:13:10 +03:00
8baba28450 Cleanup modutil_get_next_MySQL_packet
- Single entry/single exit.
- Variables declared as they are needed.
- The GWBUF_EMPTY check removed as it only looks at the first buffer
  in a chain. That is, if there had been a non-empty chain where the
  first buffer is empty, the function would incorrectly have reported
  that the buffer contains no packet.
- Documentation updated.
2016-09-14 15:13:25 +03:00
4597cdf7b9 Use gwbuf_split in modutil_get_next_MySQL_packet
Earlier, a copy was made.
2016-09-14 15:13:25 +03:00
65ccc6b8fb CMakeLists.txt cleanup
- maxscale-common no longer linked with libaio as it is not used.
2016-09-14 11:31:01 +03:00
6dc75d4b9c MXS-860: Detect whether replication is configured
The `detect_stale_slave` functionality used to only work when MaxScale had
the knowledge that a master server has existed and that replication was
working at some point in time. This might be a "safe" way to do it in
regards to staleness of the data but in practice it is preferrable to
always allow slave to be used for reads.

This change adds the missing functionality to the monitor by assigning
slave status to all servers which are configured as replication slaves
when no master can be found.

The new member variable that was added to the SERVER should be removed in
2.1 where the server_info offers the same functionalty without "polluting"
the SERVER type.
2016-09-12 15:59:08 +03:00
506ef1b9f6 Assign master status only to root level masters
If a relay master server is found in the replication tree, it should not
get the master status. Previously all master servers were assigned the
master status regardless of their depth in the replication tree.

By comparing the depth value of each potential master, the monitor can
find the right master at the root of the replication tree.
2016-09-12 15:57:27 +03:00
46c8a6f66b MXS-839: Detect multi-master topologies with mysqlmon
The mysqlmon now supports proper detection of multi-master topologies by
building a directed graph out of the monitored server. If cycles are found from
this graph, they are assigned a master group ID. All servers with a positive
master group ID will receive the Master status unless they have `@@read_only`
enabled.

This new functionality can be enabled with the 'multimaster' boolean
parameter.
2016-09-12 15:57:27 +03:00
d8bff00fa5 FAKE_CODE variables declared in header, defined in c-file 2016-09-12 15:09:05 +03:00
0b4320fb1d Merge branch '2.0' into develop 2016-09-12 09:39:26 +03:00
2d229927fe Fix broken if in poll.c
One if was not working due to an extra semicolon at the end of the line.
2016-09-12 06:46:56 +03:00
717b623587 Fix crash in server_free
server_free tried to free a char array which wasn't malloc'ed.
2016-09-09 20:39:16 +03:00
d7f79942be Merge branch '2.0' into develop 2016-09-09 15:12:58 +03:00
a87a9c75e5 Add --basedir flag
If maxscale is invoked with '--basedir=PATH', all directory paths
and the configuration file to be defined relative to that path.
2016-09-09 10:53:36 +03:00
f798bc9f64 Print correct default directories
Invoking 'maxscale --help' now displays the correct default
directories.
2016-09-08 14:33:21 +03:00
a074605c58 MXS-825: Add support for --execdir
Although claimed in the output of "--help", the long option
"--execdir" was not supported. Support for that now added.

The long options have now also been sorted in the same order
as the options are displayed by the help, to make it easy to
check that everything is there.

Further, the description column of the output of --help has
been aligned.
2016-09-08 13:17:53 +03:00
a474dad753 Fix crash when multiple MySQL monitors monitor same servers
The monitors always freed and reallocated the memory for the slaves. It
was always of the same size so a static array of that size should also
work.
2016-09-08 13:02:27 +03:00
af896b8e86 Test modutil_get_next_MySQL_packet 2016-09-07 16:17:35 +03:00
7702d1f242 Correctly return a complete packet also when header split
Some special handling is needed if the first buffer in a chained
GWBUF does not contain at least 3 bytes.
2016-09-07 14:45:03 +03:00
5360918344 Make gwbuf_alloc_and_load const correct. 2016-09-07 12:31:26 +03:00
58a8bdd4ab Enlarge statistics variables from 32 to 64 bit
Apparently at least the epoll cycles can wrap. Also use
integer types of explicit size.
2016-09-07 10:41:06 +03:00
a4903cff73 Accept 'password' in addition to 'passwd'
In the configuration section of services and monitors, the
password to be used can now be specified using 'password'
in addition to 'passwd'.

If both are provided, then the value of 'passwd' is used. That
way there cannot be any surprises, should someone for whatever
reason currently (in 1.4.3 an invalid parameter will not prevent
MaxScale from starting) have a 'password' entry in his config file.

In the next release 'passwd' can be deprecated and in the release
after that removed.
2016-09-07 09:41:38 +03:00
fca09e0d7b MXS-836: Fix retry_on_failure not working
The service start retry mechanism mistakenly returned an error when a
service failed to start but a retry was queued. This caused MaxScale to
stop whenever a service failed to start.
2016-09-06 15:41:41 +03:00
3e08c248b9 Fix maxinfo hang
dcb_count_by_usage did not iterate the list properly and would get stuck on the
first inactive DCB. Since this function is only called by maxinfo, it would be
the only one to get stuck.
2016-09-06 14:31:34 +03:00
0aec0c483c Cleanup early error logging
If the log file could not be opened, it was reported over and
over and over again to stderr.
2016-09-06 10:50:13 +03:00
ca6c619d60 Do not access uninitialized file object
If the opening of the logfile fails it must not be assumed
to have been opened when cleaning up.
2016-09-06 10:49:41 +03:00
ce0b82ef25 Ensure buffer has enough space
In the case of a Unix domain socket, the required buffer size may
in principle be up to PATH_MAX, so better to explicitly ensure that
there's enough space.
2016-09-05 10:26:27 +03:00
a9b0a5550c Allow socket and address/port to be used with maxadmin
It's now possible to use both a Unix domain socket and host/port
when connecting with MaxAdmin to MaxScale.

By default MaxAdmin will attempt to use the default Unix domain
socket, but if host and/or port has been specified, then an inet
socket will be used.

maxscaled will authenticate the connection attempt differently
depending on whether a Unix domain socket is used or not. If
a Unix domain socket is used, then the Linux user id will be
used for the authorization, otherwise the 1.4.3 username/password
handshake will be performed.

adminusers has now been extended so that there is one set of
functions for local users (connecting locally over a Unix socket)
and one set of functions for remote users (connecting locally
or remotely over an Inet socket).

The local users are stored in the new .../maxscale-users and the
remote users in .../passwd. That is, the old users of a 1.4
installation will work as such in 2.0.

One difference is that there will be *no* default remote user.
That is, remote users will always have to be added manually using
a local user.

The implementation is shared; the local and remote alternatives
use common functions to which the hashtable and filename to be
used are forwarded.

The commands "[add|remove] user" behave now exactly like they did
in 1.4.3, and also all existing users work out of the box.

In addition there is now the commands "[enable|disable] account"
using which Linux accounts can be enabled for MaxAdmin usage.
2016-09-02 13:47:16 +03:00
099263709e Allow routers to control when users are loaded
The binlogrouter requires that users are not loaded at startup. This
allows it to inject the service user into the list of valid MySQL users so
that the binlogrouter can be controlled via the listeners.
2016-08-31 07:02:30 +03:00
9a3da88e63 Move loading of user data to authenticator modules
The authenticator modules now load the user data when the new loadusers
entry point is called. This new entry point is optional.

At the moment the code that was in service.c was just moved into the
modules but the ground work for allowing different user loading mechanisms
is done.

Further improvements need to be made so that the authenticators behave
more like routers and filters. This work includes the creation of a
AUTHENTICATOR module object, addition of createInstance entry points for
authenticators and implementing it for all authenticators.
2016-08-31 07:02:30 +03:00
94aecf4ada Prepare for local/remote admin users
Local admins are the ones accessing MaxScale on the same host
over a Unix domain socket, and who are strongly identified), and
optional remote admins are the ones accessing MaxScale potentially
over a tcp socket (potentially over the network), and who are
weakly identified.

These are completely separate and a different set of functions
will be needed for managing them. This initial change merely
renames the functions.
2016-08-30 15:53:29 +03:00
248a58629b MXS-845: Ignore Maintenance state in state change logic
When a server goes into maintenance, the current state is set to
Maintenance and the previous state is left unmodified. The function which
checks for state changes uses the current and previous values and simply
compares them. Since servers in maintenance mode aren't monitored, the
function always returned true when servers were in maintenance mode.

When the state change to or from maintenance is ignored, the state change
function works. With this fix, users can safely put servers into
maintenance without having to worry about the scripts being executed. This
also allows the scripts themselves to put servers into maintenance.
2016-08-30 13:40:45 +03:00