hcq/oceanbase
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

patch 4.0

Browse Source
This commit is contained in:
wangzelin.wzl
2022-10-24 10:34:53 +08:00
parent 4ad6e00ec3
commit 93a1074b0c
10533 changed files with 2588271 additions and 2299373 deletions
Download Patch File Download Diff File Expand all files Collapse all files

304
src/rootserver/ob_create_inner_schema_executor.cpp
View File

@ -31,9 +31,9 @@ int64_t ObCreateInnerSchemaTask::get_deep_copy_size() const
return sizeof(*this);
}
ObAsyncTask* ObCreateInnerSchemaTask::deep_copy(char* buf, const int64_t buf_size) const
ObAsyncTask *ObCreateInnerSchemaTask::deep_copy(char *buf, const int64_t buf_size) const
{
ObAsyncTask* task = nullptr;
ObAsyncTask *task = nullptr;
int ret = OB_SUCCESS;
const int64_t deep_copy_size = get_deep_copy_size();
if (OB_ISNULL(buf) || buf_size < deep_copy_size) {
@ -56,22 +56,22 @@ int ObCreateInnerSchemaTask::process()
} else if (OB_FAIL(executor_->execute())) {
LOG_WARN("fail to execute create inner schema task", K(ret));
}
LOG_INFO("[UPGRADE] finish create inner schema task", K(ret), "cost_time", ObTimeUtility::current_time() - start);
LOG_INFO("[UPGRADE] finish create inner schema task",
K(ret), "cost_time", ObTimeUtility::current_time() - start);
return ret;
}
ObCreateInnerSchemaExecutor::ObCreateInnerSchemaExecutor()
: is_inited_(false),
is_stopped_(false),
execute_(false),
rwlock_(),
schema_service_(nullptr),
sql_proxy_(nullptr),
rpc_proxy_(nullptr)
{}
: is_inited_(false), is_stopped_(false), execute_(false),
rwlock_(), schema_service_(nullptr), sql_proxy_(nullptr),
rpc_proxy_(nullptr)
{
}
int ObCreateInnerSchemaExecutor::init(share::schema::ObMultiVersionSchemaService& schema_service,
common::ObMySQLProxy& sql_proxy, obrpc::ObCommonRpcProxy& rpc_proxy)
int ObCreateInnerSchemaExecutor::init(
share::schema::ObMultiVersionSchemaService &schema_service,
common::ObMySQLProxy &sql_proxy,
obrpc::ObCommonRpcProxy &rpc_proxy)
{
int ret = OB_SUCCESS;
if (OB_UNLIKELY(is_inited_)) {
@ -90,8 +90,8 @@ int ObCreateInnerSchemaExecutor::init(share::schema::ObMultiVersionSchemaService
int ObCreateInnerSchemaExecutor::stop()
{
int ret = OB_SUCCESS;
const uint64_t WAIT_US = 100 * 1000L; // 100ms
const uint64_t MAX_WAIT_US = 10 * 1000 * 1000L; // 10s
const uint64_t WAIT_US = 100 * 1000L; //100ms
const uint64_t MAX_WAIT_US = 10 * 1000 * 1000L; //10s
const int64_t start = ObTimeUtility::current_time();
{
SpinWLockGuard guard(rwlock_);
@ -104,7 +104,7 @@ int ObCreateInnerSchemaExecutor::stop()
} else if (!execute_) {
break;
} else {
usleep(WAIT_US);
ob_usleep(WAIT_US);
}
}
return ret;
@ -172,7 +172,7 @@ int ObCreateInnerSchemaExecutor::execute()
int tmp_ret = OB_SUCCESS;
if (OB_SUCCESS != (tmp_ret = RS_JOB_COMPLETE(job_id, ret, *sql_proxy_))) {
LOG_ERROR("fail to complete job", K(tmp_ret), K(ret), K(job_id));
ret = OB_SUCCESS == ret ? tmp_ret : ret;
ret = OB_SUCCESS == ret ? tmp_ret : ret;
}
}
// no need lock, because single-machine concurrency is prevented in the process
@ -182,12 +182,15 @@ int ObCreateInnerSchemaExecutor::execute()
}
int ObCreateInnerSchemaExecutor::ur_exists(
ObSchemaGetterGuard& schema_guard, uint64_t tenant_id, const uint64_t ur_id, bool& exists)
ObSchemaGetterGuard &schema_guard,
uint64_t tenant_id,
const uint64_t ur_id,
bool &exists)
{
int ret = OB_SUCCESS;
const ObUserInfo* user_info = NULL;
const ObUserInfo *user_info = NULL;
OZ(schema_guard.get_user_info(combine_id(tenant_id, ur_id), user_info));
OZ (schema_guard.get_user_info(tenant_id, ur_id, user_info));
if (OB_SUCC(ret)) {
exists = (user_info != NULL);
}
@ -195,7 +198,9 @@ int ObCreateInnerSchemaExecutor::ur_exists(
}
int ObCreateInnerSchemaExecutor::add_inner_role(
uint64_t tenant_id, ObSchemaGetterGuard& schema_guard, common::ObMySQLProxy* sql_proxy)
uint64_t tenant_id,
ObSchemaGetterGuard &schema_guard,
common::ObMySQLProxy *sql_proxy)
{
int ret = OB_SUCCESS;
ObSqlString sql;
@ -203,91 +208,99 @@ int ObCreateInnerSchemaExecutor::add_inner_role(
// int n;
int64_t affected_rows = 0;
bool exists;
OZ(ur_exists(schema_guard, tenant_id, OB_ORA_CONNECT_ROLE_ID, exists));
OZ (ur_exists(schema_guard, tenant_id, OB_ORA_CONNECT_ROLE_ID, exists));
if (OB_SUCC(ret) && !exists) {
OZ(sql.assign_fmt("create role \"CONNECT\""));
CK(sql_proxy != NULL);
OZ(sql_proxy->write(tenant_id, sql.ptr(), affected_rows, ORACLE_MODE));
OZ (sql.assign_fmt("create role \"CONNECT\""));
CK (sql_proxy != NULL);
OZ (sql_proxy->write(tenant_id, sql.ptr(), affected_rows, ORACLE_MODE));
}
OZ(sql.assign_fmt("grant create session to connect"));
CK(sql_proxy != NULL);
OZ(sql_proxy->write(tenant_id, sql.ptr(), affected_rows, ORACLE_MODE));
OZ (sql.assign_fmt("grant create session to connect"));
CK (sql_proxy != NULL);
OZ (sql_proxy->write(tenant_id, sql.ptr(), affected_rows, ORACLE_MODE));
OZ(ur_exists(schema_guard, tenant_id, OB_ORA_RESOURCE_ROLE_ID, exists));
OZ (ur_exists(schema_guard, tenant_id, OB_ORA_RESOURCE_ROLE_ID, exists));
if (OB_SUCC(ret) && !exists) {
OZ(sql.assign_fmt("create role \"RESOURCE\""));
CK(sql_proxy != NULL);
OZ(sql_proxy->write(tenant_id, sql.ptr(), affected_rows, ORACLE_MODE));
OZ (sql.assign_fmt("create role \"RESOURCE\""));
CK (sql_proxy != NULL);
OZ (sql_proxy->write(tenant_id, sql.ptr(), affected_rows, ORACLE_MODE));
}
OZ(sql.assign_fmt("grant create table, create type, create trigger, "
"create procedure, create sequence to resource"));
CK(sql_proxy != NULL);
OZ(sql_proxy->write(tenant_id, sql.ptr(), affected_rows, ORACLE_MODE));
OZ (sql.assign_fmt("grant create table, create type, create trigger, "
"create procedure, create sequence to resource"));
CK (sql_proxy != NULL);
OZ (sql_proxy->write(tenant_id, sql.ptr(), affected_rows, ORACLE_MODE));
OZ(ur_exists(schema_guard, tenant_id, OB_ORA_PUBLIC_ROLE_ID, exists));
OZ (ur_exists(schema_guard, tenant_id, OB_ORA_PUBLIC_ROLE_ID, exists));
if (OB_SUCC(ret) && !exists) {
OZ(sql.assign_fmt("create role \"PUBLIC\""));
CK(sql_proxy != NULL);
OZ(sql_proxy->write(tenant_id, sql.ptr(), affected_rows, ORACLE_MODE));
OZ (sql.assign_fmt("create role \"PUBLIC\""));
CK (sql_proxy != NULL);
OZ (sql_proxy->write(tenant_id, sql.ptr(), affected_rows, ORACLE_MODE));
}
OZ(ur_exists(schema_guard, tenant_id, OB_ORA_DBA_ROLE_ID, exists));
OZ (ur_exists(schema_guard, tenant_id, OB_ORA_DBA_ROLE_ID, exists));
if (OB_SUCC(ret) && !exists) {
OZ(sql.assign_fmt("create role \"DBA\""));
CK(sql_proxy != NULL);
OZ(sql_proxy->write(tenant_id, sql.ptr(), affected_rows, ORACLE_MODE));
OZ (sql.assign_fmt("create role \"DBA\""));
CK (sql_proxy != NULL);
OZ (sql_proxy->write(tenant_id, sql.ptr(), affected_rows, ORACLE_MODE));
}
OZ(sql.assign_fmt("grant create session, create table, create any table, "
" alter any table, backup any table, drop any table, "
" lock any table, comment any table, select any table, "
" insert any table, update any table, delete any table, "
" flashback any table, create role, drop any role, "
" grant any role, alter any role, grant any privilege, "
" grant any object privilege, create any index, "
" alter any index, drop any index, create any view, "
" drop any view, create view, select any dictionary, "
" create procedure, create any procedure, "
" alter any procedure, drop any procedure, "
" execute any procedure, create synonym, "
" create any synonym, drop any synonym, "
" create public synonym, drop public synonym, "
" create sequence, create any sequence, "
" alter any sequence, drop any sequence, "
" select any sequence, create trigger, "
" create any trigger, alter any trigger, "
" drop any trigger, create profile, "
" alter profile, drop profile, "
" create user,"
" alter user, drop user, "
" create type, create any type, "
" alter any type, drop any type, "
" execute any type, under any type, "
" purge dba_recyclebin, create any outline, "
" alter any outline, drop any outline, "
" syskm, create tablespace, "
" alter tablespace, drop tablespace, "
" show process, alter system, "
" create database link, create public database link, "
" drop database link, alter session, alter database to dba"));
CK(sql_proxy != NULL);
OZ(sql_proxy->write(tenant_id, sql.ptr(), affected_rows, ORACLE_MODE));
OZ (sql.assign_fmt("grant create session, create table, create any table, "
" alter any table, backup any table, drop any table, "
" lock any table, comment any table, select any table, "
" insert any table, update any table, delete any table, "
" flashback any table, create role, drop any role, "
" grant any role, alter any role, grant any privilege, "
" grant any object privilege, create any index, "
" alter any index, drop any index, create any view, "
" drop any view, create view, select any dictionary, "
" create procedure, create any procedure, "
" alter any procedure, drop any procedure, "
" execute any procedure, create synonym, "
" create any synonym, drop any synonym, "
" create public synonym, drop public synonym, "
" create sequence, create any sequence, "
" alter any sequence, drop any sequence, "
" select any sequence, create trigger, "
" create any trigger, alter any trigger, "
" drop any trigger, create profile, "
" alter profile, drop profile, "
" create user,"
" alter user, drop user, "
" create type, create any type, "
" alter any type, drop any type, "
" execute any type, under any type, "
" purge dba_recyclebin, create any outline, "
" alter any outline, drop any outline, "
" syskm, create tablespace, "
" alter tablespace, drop tablespace, "
" show process, alter system, "
" create database link, create public database link, "
" drop database link, alter session, alter database, "
" create any directory, drop any directory, "
" debug connect session, debug any procedure, "
" create any context, drop any context to dba"));
CK (sql_proxy != NULL);
OZ (sql_proxy->write(tenant_id, sql.ptr(), affected_rows, ORACLE_MODE));
return ret;
}
int ObCreateInnerSchemaExecutor::do_create_inner_schema_by_tenant(uint64_t tenant_id,
oceanbase::lib::Worker::CompatMode compat_mode, ObSchemaGetterGuard& schema_guard, common::ObMySQLProxy* sql_proxy,
obrpc::ObCommonRpcProxy* rpc_proxy)
int ObCreateInnerSchemaExecutor::do_create_inner_schema_by_tenant(
uint64_t tenant_id,
oceanbase::lib::Worker::CompatMode compat_mode,
ObSchemaGetterGuard &schema_guard,
common::ObMySQLProxy *sql_proxy,
obrpc::ObCommonRpcProxy *rpc_proxy)
{
int ret = OB_SUCCESS;
if (compat_mode == ObWorker::CompatMode::ORACLE) {
// at first, do profile
OZ(check_and_create_default_profile(schema_guard, tenant_id, rpc_proxy));
OZ(add_password_and_lock_security_sys_users(tenant_id, schema_guard, sql_proxy), tenant_id);
OZ(add_inner_role(tenant_id, schema_guard, sql_proxy), tenant_id);
} else if (compat_mode == ObWorker::CompatMode::MYSQL) {
OZ(add_audit_user(tenant_id, schema_guard, sql_proxy), tenant_id);
if (compat_mode == lib::Worker::CompatMode::ORACLE) {
//at first, do profile
OZ (check_and_create_default_profile(schema_guard, tenant_id, rpc_proxy));
OZ (add_password_and_lock_security_sys_users(tenant_id, schema_guard, sql_proxy),
tenant_id);
OZ (add_inner_role(tenant_id, schema_guard, sql_proxy), tenant_id);
} else if (compat_mode == lib::Worker::CompatMode::MYSQL) {
OZ (check_and_create_inner_keysore(schema_guard, tenant_id, rpc_proxy));
OZ (add_audit_user(tenant_id, schema_guard, sql_proxy), tenant_id);
}
return ret;
}
@ -311,7 +324,7 @@ int ObCreateInnerSchemaExecutor::do_create_inner_schema()
LOG_WARN("get schema guard failed", K(ret));
} else if (OB_FAIL(schema_guard.get_tenant_ids(tenant_ids))) {
LOG_WARN("get tenant ids failed", K(ret));
} else if (OB_ISNULL(sql_proxy_)) {
} else if (OB_ISNULL(sql_proxy_)) {
ret = OB_ERR_UNEXPECTED;
LOG_WARN("sql_proxy is null", K(ret));
} else {
@ -325,23 +338,58 @@ int ObCreateInnerSchemaExecutor::do_create_inner_schema()
if (OB_FAIL(schema_guard.get_tenant_compat_mode(tenant_id, compat_mode))) {
LOG_WARN("get tenant compat mode failed", K(ret));
} else {
OZ(schema_service_->get_tenant_schema_guard(tenant_id, schema_guard));
OZ(do_create_inner_schema_by_tenant(tenant_id, compat_mode, schema_guard, sql_proxy_, rpc_proxy_));
OZ (schema_service_->get_tenant_schema_guard(tenant_id, schema_guard));
OZ (do_create_inner_schema_by_tenant(tenant_id, compat_mode, schema_guard,
sql_proxy_, rpc_proxy_));
}
}
}
}
LOG_INFO(
"[UPGRADE] execute job create_inner_schema finish", K(ret), "cost_us", ObTimeUtility::current_time() - start);
LOG_INFO("[UPGRADE] execute job create_inner_schema finish",
K(ret), "cost_us", ObTimeUtility::current_time() - start);
return ret;
}
int ObCreateInnerSchemaExecutor::check_and_create_default_profile(
ObSchemaGetterGuard& schema_guard, int64_t tenant_id, obrpc::ObCommonRpcProxy* rpc_proxy)
int ObCreateInnerSchemaExecutor::check_and_create_inner_keysore(ObSchemaGetterGuard &schema_guard,
int64_t tenant_id,
obrpc::ObCommonRpcProxy *rpc_proxy)
{
int ret = OB_SUCCESS;
const ObProfileSchema* profile_schema = NULL;
int64_t profile_id = combine_id(tenant_id, OB_ORACLE_TENANT_INNER_PROFILE_ID);
const ObKeystoreSchema *ks_schema = NULL;
if (OB_SYS_TENANT_ID == tenant_id) {
/*do nothing*/
} else if (OB_FAIL(schema_guard.get_keystore_schema(tenant_id, ks_schema))) {
LOG_WARN("fail to get keystore schema", K(ret));
} else if (OB_NOT_NULL(ks_schema)) {
/*do nothing*/
} else {
ObKeystoreDDLArg arg;
ObKeystoreSchema &keystore_schema = arg.schema_;
arg.exec_tenant_id_ = tenant_id;
arg.type_ = ObKeystoreDDLArg::DDLType::CREATE_KEYSTORE;
int64_t keystore_id = OB_MYSQL_TENANT_INNER_KEYSTORE_ID;
keystore_schema.set_keystore_id(keystore_id);
keystore_schema.set_tenant_id(tenant_id);
keystore_schema.set_status(2);
keystore_schema.set_keystore_name("mysql_keystore");
if (OB_ISNULL(rpc_proxy)) {
ret = OB_NOT_INIT;
LOG_WARN("get common rpc proxy failed");
} else if (OB_FAIL(rpc_proxy->do_keystore_ddl(arg))) {
LOG_WARN("alter keystore error", K(ret));
}
}
return ret;
}
int ObCreateInnerSchemaExecutor::check_and_create_default_profile(ObSchemaGetterGuard &schema_guard,
int64_t tenant_id,
obrpc::ObCommonRpcProxy* rpc_proxy)
{
int ret = OB_SUCCESS;
const ObProfileSchema *profile_schema = NULL;
int64_t profile_id = OB_ORACLE_TENANT_INNER_PROFILE_ID;
if (OB_FAIL(schema_guard.get_profile_schema_by_id(tenant_id, profile_id, profile_schema))) {
if (OB_OBJECT_NAME_NOT_EXIST == ret) {
ret = OB_SUCCESS;
@ -354,15 +402,15 @@ int ObCreateInnerSchemaExecutor::check_and_create_default_profile(
/*do nothing*/
} else {
obrpc::ObProfileDDLArg arg;
ObProfileSchema& profile_schema = arg.schema_;
ObProfileSchema &profile_schema = arg.schema_;
arg.exec_tenant_id_ = tenant_id;
arg.ddl_type_ = ObSchemaOperationType::OB_DDL_CREATE_PROFILE;
profile_schema.set_tenant_id(tenant_id);
profile_schema.set_profile_id(profile_id);
profile_schema.set_password_lock_time(1);
profile_schema.set_password_life_time(INT64_MAX);
profile_schema.set_password_grace_time(INT64_MAX);
profile_schema.set_failed_login_attempts(10000000);
profile_schema.set_password_lock_time(USECS_PER_DAY);
profile_schema.set_password_life_time(ObProfileSchema::UNLIMITED_VALUE);
profile_schema.set_password_grace_time(ObProfileSchema::UNLIMITED_VALUE);
profile_schema.set_failed_login_attempts(ObProfileSchema::UNLIMITED_VALUE);
profile_schema.set_password_verify_function("NULL");
profile_schema.set_profile_name("DEFAULT");
if (OB_ISNULL(rpc_proxy)) {
@ -376,23 +424,27 @@ int ObCreateInnerSchemaExecutor::check_and_create_default_profile(
}
int ObCreateInnerSchemaExecutor::add_password_and_lock_security_sys_users(
uint64_t tenant_id, ObSchemaGetterGuard& schema_guard, common::ObMySQLProxy* sql_proxy)
uint64_t tenant_id,
ObSchemaGetterGuard &schema_guard,
common::ObMySQLProxy *sql_proxy)
{
int ret = OB_SUCCESS;
ObSqlString sql;
int64_t affected_rows = 0;
CK(sql_proxy != NULL);
CK (sql_proxy != NULL);
const char* user_names[2] = {OB_ORA_LBACSYS_NAME, OB_ORA_AUDITOR_NAME};
uint64_t user_id[2] = {OB_ORA_LBACSYS_USER_ID, OB_ORA_AUDITOR_USER_ID};
for (int64_t i = 0; OB_SUCC(ret) && i < 2; ++i) {
bool exists = false;
OZ(ur_exists(schema_guard, tenant_id, user_id[i], exists));
// password
OZ(sql.assign_fmt("%s user %s identified by %s", !exists ? "create" : "alter", user_names[i], user_names[i]));
OZ(sql_proxy->write(tenant_id, sql.ptr(), affected_rows, 1));
// lock
OZ(sql.assign_fmt("alter user %s account lock", user_names[i]));
OZ(sql_proxy->write(tenant_id, sql.ptr(), affected_rows, 1));
OZ (ur_exists(schema_guard, tenant_id, user_id[i], exists));
//password
OZ (sql.assign_fmt("%s user %s identified by %s",
!exists ? "create" : "alter",
user_names[i], user_names[i]));
OZ (sql_proxy->write(tenant_id, sql.ptr(), affected_rows, 1));
//lock
OZ (sql.assign_fmt("alter user %s account lock", user_names[i]));
OZ (sql_proxy->write(tenant_id, sql.ptr(), affected_rows, 1));
}
return ret;
}
@ -406,31 +458,35 @@ int ObCreateInnerSchemaExecutor::can_execute()
LOG_WARN("not init", K(ret));
} else if (is_stopped_) {
ret = OB_OP_NOT_ALLOW;
LOG_WARN("status not matched", K(ret), "stopped", is_stopped_ ? "true" : "false");
LOG_WARN("status not matched", K(ret),
"stopped", is_stopped_ ? "true" : "false");
}
return ret;
}
int ObCreateInnerSchemaExecutor::add_audit_user(
uint64_t tenant_id, ObSchemaGetterGuard& schema_guard, common::ObMySQLProxy* sql_proxy)
uint64_t tenant_id,
ObSchemaGetterGuard &schema_guard,
common::ObMySQLProxy *sql_proxy)
{
int ret = OB_SUCCESS;
ObSqlString sql;
int64_t affected_rows = 0;
CK(sql_proxy != NULL);
CK (sql_proxy != NULL);
const char* user_name = OB_ORA_AUDITOR_NAME;
uint64_t user_id = OB_ORA_AUDITOR_USER_ID;
bool exists = false;
OZ(ur_exists(schema_guard, tenant_id, user_id, exists));
OZ (ur_exists(schema_guard, tenant_id, user_id, exists));
if (exists) {
/*do nothing*/
/*do nothing*/
} else {
// password
OZ(sql.assign_fmt("%s user %s identified by '%s'", "create", user_name, user_name));
OZ(sql_proxy->write(tenant_id, sql.ptr(), affected_rows, 0 /*MySQL*/));
// lock
OZ(sql.assign_fmt("alter user %s account lock", user_name));
OZ(sql_proxy->write(tenant_id, sql.ptr(), affected_rows, 0 /*MySQL*/));
//password
OZ (sql.assign_fmt("%s user %s identified by '%s'",
"create", user_name, user_name));
OZ (sql_proxy->write(tenant_id, sql.ptr(), affected_rows, 0/*MySQL*/));
//lock
OZ (sql.assign_fmt("alter user %s account lock", user_name));
OZ (sql_proxy->write(tenant_id, sql.ptr(), affected_rows, 0/*MySQL*/));
}
return ret;
}