From ae79c556dd1006010f05e44896b81a6cbc455efa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=9F=A9=E4=B8=80=E6=95=8F?= Date: Fri, 27 Jul 2018 20:04:19 +0800 Subject: [PATCH 1/3] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E5=88=9D=E5=A7=8B?= =?UTF-8?q?=E5=8C=96SQL=E8=84=9A=E6=9C=AC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- scripts/sql/cetus_admin.sql | 79 ++++++++++++++++++++++++++++++++ scripts/sql/proxy_heart_beat.sql | 30 ++++++++++++ 2 files changed, 109 insertions(+) create mode 100644 scripts/sql/cetus_admin.sql create mode 100644 scripts/sql/proxy_heart_beat.sql diff --git a/scripts/sql/cetus_admin.sql b/scripts/sql/cetus_admin.sql new file mode 100644 index 0000000..4d4dbe6 --- /dev/null +++ b/scripts/sql/cetus_admin.sql @@ -0,0 +1,79 @@ +SET NAMES utf8mb4; +SET FOREIGN_KEY_CHECKS = 0; + +-- ---------------------------- +-- Table structure for objects +-- ---------------------------- +DROP TABLE IF EXISTS `objects`; +CREATE TABLE `objects` ( + `object_name` varchar(64) NOT NULL, + `object_value` text NOT NULL, + `mtime` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, + PRIMARY KEY (`object_name`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + + +-- ---------------------------- +-- Table structure for services +-- ---------------------------- +DROP TABLE IF EXISTS `services`; +CREATE TABLE `services` ( + `id` varchar(64) NOT NULL, + `data` varchar(64) NOT NULL, + `start_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- ---------------------------- +-- Records of services +-- ---------------------------- +BEGIN; +INSERT INTO `services` VALUES ('0.0.0.0:3306', 'proxy'); +INSERT INTO `services` VALUES ('0.0.0.0:3307', 'admin'); +COMMIT; + +-- ---------------------------- +-- Table structure for settings +-- ---------------------------- +DROP TABLE IF EXISTS `settings`; +CREATE TABLE `settings` ( + `option_key` varchar(64) NOT NULL, + `option_value` varchar(1024) NOT NULL, + PRIMARY KEY (`option_key`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- ---------------------------- +-- Records of settings +-- ---------------------------- +BEGIN; +INSERT INTO `settings` VALUES ('admin-address', '0.0.0.0:3307'); +INSERT INTO `settings` VALUES ('admin-password', ''); +INSERT INTO `settings` VALUES ('admin-username', 'admin'); +INSERT INTO `settings` VALUES ('check-slave-delay', 'true'); +INSERT INTO `settings` VALUES ('daemon', 'false'); +INSERT INTO `settings` VALUES ('default-db', ''); +INSERT INTO `settings` VALUES ('default-pool-size', '100'); +INSERT INTO `settings` VALUES ('default-username', ''); +INSERT INTO `settings` VALUES ('disable-dns-cache', 'true'); +INSERT INTO `settings` VALUES ('disable-threads', 'false'); +INSERT INTO `settings` VALUES ('keepalive', 'true'); +INSERT INTO `settings` VALUES ('log-backtrace-on-crash', 'true'); +INSERT INTO `settings` VALUES ('log-file', '/usr/local/cetus/logs/cetus.log'); +INSERT INTO `settings` VALUES ('log-level', 'info'); +INSERT INTO `settings` VALUES ('long-query-time', '100'); +INSERT INTO `settings` VALUES ('max-alive-time', '600'); +INSERT INTO `settings` VALUES ('max-open-files', '65536'); +INSERT INTO `settings` VALUES ('max-resp-size', '10485760'); +INSERT INTO `settings` VALUES ('pid-file', 'cetus.pid'); +INSERT INTO `settings` VALUES ('plugin-dir', '/usr/local/cetus/lib/cetus/plugins'); +INSERT INTO `settings` VALUES ('plugins', 'proxy,admin'); +INSERT INTO `settings` VALUES ('proxy-address', '0.0.0.0:3306'); +INSERT INTO `settings` VALUES ('proxy-backend-addresses', ''); +INSERT INTO `settings` VALUES ('proxy-read-only-backend-addresses', ''); +INSERT INTO `settings` VALUES ('read-master-percentage', '0'); +INSERT INTO `settings` VALUES ('slave-delay-down', '5'); +INSERT INTO `settings` VALUES ('slave-delay-recover', '1'); +INSERT INTO `settings` VALUES ('verbose-shutdown', 'true'); +COMMIT; + +SET FOREIGN_KEY_CHECKS = 1; diff --git a/scripts/sql/proxy_heart_beat.sql b/scripts/sql/proxy_heart_beat.sql new file mode 100644 index 0000000..7a638d9 --- /dev/null +++ b/scripts/sql/proxy_heart_beat.sql @@ -0,0 +1,30 @@ +/* + Navicat Premium Data Transfer + + Source Server : k8s-读写分离-主 + Source Server Type : MariaDB + Source Server Version : 100134 + Source Host : 10.254.78.30:3306 + Source Schema : proxy_heart_beat + + Target Server Type : MariaDB + Target Server Version : 100134 + File Encoding : 65001 + + Date: 18/07/2018 10:36:09 +*/ + +SET NAMES utf8mb4; +SET FOREIGN_KEY_CHECKS = 0; + +-- ---------------------------- +-- Table structure for tb_heartbeat +-- ---------------------------- +DROP TABLE IF EXISTS `tb_heartbeat`; +CREATE TABLE `tb_heartbeat` ( + `p_id` varchar(128) NOT NULL, + `p_ts` timestamp(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3), + PRIMARY KEY (`p_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +SET FOREIGN_KEY_CHECKS = 1; From 6b6396fb1d3bc191061596f591013a3a39bfc5cd Mon Sep 17 00:00:00 2001 From: Bin Wang Date: Wed, 15 Aug 2018 10:36:30 +0800 Subject: [PATCH 2/3] Update proxy_heart_beat.sql --- scripts/sql/proxy_heart_beat.sql | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/scripts/sql/proxy_heart_beat.sql b/scripts/sql/proxy_heart_beat.sql index 7a638d9..9b2b03d 100644 --- a/scripts/sql/proxy_heart_beat.sql +++ b/scripts/sql/proxy_heart_beat.sql @@ -1,19 +1,3 @@ -/* - Navicat Premium Data Transfer - - Source Server : k8s-读写分离-主 - Source Server Type : MariaDB - Source Server Version : 100134 - Source Host : 10.254.78.30:3306 - Source Schema : proxy_heart_beat - - Target Server Type : MariaDB - Target Server Version : 100134 - File Encoding : 65001 - - Date: 18/07/2018 10:36:09 -*/ - SET NAMES utf8mb4; SET FOREIGN_KEY_CHECKS = 0; From c0e6cf237bdcad886d416f5d62ea210ed85938be Mon Sep 17 00:00:00 2001 From: tsthght Date: Wed, 15 Aug 2018 14:52:57 +0800 Subject: [PATCH 3/3] add audit function --- src/chassis-sql-log.c | 6 ++++-- src/chassis-sql-log.h | 6 +++--- src/plugin-common.c | 10 +++++++--- 3 files changed, 14 insertions(+), 8 deletions(-) diff --git a/src/chassis-sql-log.c b/src/chassis-sql-log.c index 7bea44d..1b9d9fd 100644 --- a/src/chassis-sql-log.c +++ b/src/chassis-sql-log.c @@ -493,7 +493,7 @@ log_sql_backend_sharding(network_mysqld_con *con, server_session_t *session) } void - log_sql_connect(network_mysqld_con *con) + log_sql_connect(network_mysqld_con *con, gchar *errmsg) { if (!con || !con->srv) { g_critical("con or con->srv is NULL when call log_sql_connect()"); @@ -511,9 +511,11 @@ log_sql_backend_sharding(network_mysqld_con *con, server_session_t *session) } GString *message = g_string_sized_new(sizeof("2004-01-01T00:00:00.000Z")); get_current_time_str(message); - g_string_append_printf(message, ": #connect# %s@%s Connect Cetus, C_id:%u C_db:%s C_charset:%u C_auth_plugin:%s C_ssl:%s C_cap:%x S_cap:%x\n", + g_string_append_printf(message, ": #connect# %s@%s Connect Cetus %s msg:%s, C_id:%u C_db:%s C_charset:%u C_auth_plugin:%s C_ssl:%s C_cap:%x S_cap:%x\n", con->client->response->username->str,//C_usr con->client->src->name->str,//C_ip + errmsg == NULL ? "success" : "failed", + errmsg == NULL ? "": errmsg, con->client->challenge->thread_id,//C_id con->client->response->database->str,//C_db con->client->response->charset,//C_charset diff --git a/src/chassis-sql-log.h b/src/chassis-sql-log.h index 57afbd5..ce3927d 100644 --- a/src/chassis-sql-log.h +++ b/src/chassis-sql-log.h @@ -58,9 +58,9 @@ struct sql_log_mgr { SQL_LOG_MODE sql_log_mode; guint sql_log_maxsize; gulong sql_log_cursize; - volatile guint sql_log_action; + volatile SQL_LOG_ACTION sql_log_action; - volatile SQL_LOG_ACTION sql_log_idletime; + volatile guint sql_log_idletime; volatile guint sql_log_maxnum; gchar *sql_log_filename; @@ -79,7 +79,7 @@ gpointer sql_log_mainloop(gpointer user_data); void cetus_sql_log_start_thread_once(struct sql_log_mgr *mgr); void sql_log_thread_start(struct sql_log_mgr *mgr); -void log_sql_connect(network_mysqld_con *con); +void log_sql_connect(network_mysqld_con *con, gchar *errmsg); void log_sql_client(network_mysqld_con *con); void log_sql_backend(network_mysqld_con *con, injection *inj); void log_sql_backend_sharding(network_mysqld_con *con, server_session_t *session); diff --git a/src/plugin-common.c b/src/plugin-common.c index 9187516..fa1745b 100644 --- a/src/plugin-common.c +++ b/src/plugin-common.c @@ -133,6 +133,7 @@ do_read_auth(network_mysqld_con *con, GHashTable *allow_ip_table, GHashTable *de if (con->client->response == NULL) { if (con->client->challenge == NULL) { + log_sql_connect(con, "client's challenge is NULL"); return NETWORK_SOCKET_ERROR; } @@ -142,6 +143,7 @@ do_read_auth(network_mysqld_con *con, GHashTable *allow_ip_table, GHashTable *de int err = network_mysqld_proto_get_auth_response(&packet, auth); if (err) { network_mysqld_auth_response_free(auth); + log_sql_connect(con, "get auth response failed"); return NETWORK_SOCKET_ERROR; } @@ -161,6 +163,7 @@ do_read_auth(network_mysqld_con *con, GHashTable *allow_ip_table, GHashTable *de network_mysqld_queue_append(con->client, con->client->send_queue, C("\xff\xd7\x07" "4.0 protocol is not supported")); network_mysqld_auth_response_free(auth); + log_sql_connect(con, "4.0 protocol is not supported"); return NETWORK_SOCKET_ERROR; } @@ -204,7 +207,6 @@ do_read_auth(network_mysqld_con *con, GHashTable *allow_ip_table, GHashTable *de auth = con->client->response; g_debug("sock:%p, 2nd round auth", con); } - log_sql_connect(con); /* Check allow and deny IP */ gboolean check_ip; if (allow_ip_table || deny_ip_table) { @@ -227,6 +229,7 @@ do_read_auth(network_mysqld_con *con, GHashTable *allow_ip_table, GHashTable *de g_strfreev(client_addr_arr); if (check_ip) { network_mysqld_con_send_error_full(recv_sock, L(ip_err_msg), 1045, "28000"); + log_sql_connect(con, ip_err_msg); g_free(ip_err_msg); con->state = ST_SEND_ERROR; return NETWORK_SOCKET_SUCCESS; @@ -250,7 +253,8 @@ do_read_auth(network_mysqld_con *con, GHashTable *allow_ip_table, GHashTable *de network_mysqld_auth_response *response = con->client->response; if (cetus_users_authenticate_client(users, challenge, response)) { con->state = ST_SEND_AUTH_RESULT; - network_mysqld_con_send_ok(recv_sock); + network_mysqld_con_send_ok(recv_sock);\ + log_sql_connect(con, NULL); } else { char msg[256] = { 0 }; snprintf(msg, sizeof(msg), @@ -258,6 +262,7 @@ do_read_auth(network_mysqld_con *con, GHashTable *allow_ip_table, GHashTable *de response->username->str, con->client->src->name->str); network_mysqld_con_send_error_full(con->client, L(msg), ER_ACCESS_DENIED_ERROR, "28000"); g_message("%s", msg); + log_sql_connect(con, msg); con->state = ST_SEND_ERROR; } @@ -265,7 +270,6 @@ do_read_auth(network_mysqld_con *con, GHashTable *allow_ip_table, GHashTable *de if (recv_sock->recv_queue->chunks->length > 0) { g_warning("%s: client-recv-queue-len = %d", G_STRLOC, recv_sock->recv_queue->chunks->length); } - return NETWORK_SOCKET_SUCCESS; }