Example 1 with FirewallConfig
use of com.actiontech.dble.config.model.FirewallConfig in project dble by actiontech.
the class ServerPrivileges method checkFirewallWhiteHostPolicy.
@Override
public boolean checkFirewallWhiteHostPolicy(String user, String host) {
if (!checkManagerPrivilege(user)) {
// normal user try to login by manager port
return false;
}
boolean isPassed = false;
ServerConfig config = DbleServer.getInstance().getConfig();
FirewallConfig firewallConfig = config.getFirewall();
Map<String, List<UserConfig>> whitehost = firewallConfig.getWhitehost();
if (whitehost == null || whitehost.size() == 0) {
Map<String, UserConfig> users = config.getUsers();
isPassed = users.containsKey(user);
} else {
List<UserConfig> list = whitehost.get(host);
if (list != null) {
for (UserConfig userConfig : list) {
if (userConfig.getName().equals(user)) {
isPassed = true;
break;
}
}
}
}
if (!isPassed) {
ALARM.error(Alarms.FIREWALL_ATTACK + "[host=" + host + ",user=" + user + ']');
return false;
}
return true;
}
Also used :
List(java.util.List)
FirewallConfig(com.actiontech.dble.config.model.FirewallConfig)
UserConfig(com.actiontech.dble.config.model.UserConfig)
Example 2 with FirewallConfig
use of com.actiontech.dble.config.model.FirewallConfig in project dble by actiontech.
the class ReloadConfig method reload.
public static void reload() throws Exception {
/* 1 load new conf, ConfigInitializer will check itself */
ConfigInitializer loader;
try {
loader = new ConfigInitializer(false, DbleServer.getInstance().getSystemVariables().isLowerCaseTableNames());
} catch (Exception e) {
throw new Exception(e);
}
Map<String, UserConfig> users = loader.getUsers();
Map<String, SchemaConfig> schemas = loader.getSchemas();
Map<String, PhysicalDBNode> dataNodes = loader.getDataNodes();
Map<String, PhysicalDBPool> dataHosts = loader.getDataHosts();
Map<ERTable, Set<ERTable>> erRelations = loader.getErRelations();
FirewallConfig firewall = loader.getFirewall();
/* 2 apply the new conf */
DbleServer.getInstance().getConfig().reload(users, schemas, dataNodes, dataHosts, erRelations, firewall, DbleServer.getInstance().getSystemVariables(), loader.isDataHostWithoutWH(), false);
}
Also used :
PhysicalDBNode(com.actiontech.dble.backend.datasource.PhysicalDBNode)
SchemaConfig(com.actiontech.dble.config.model.SchemaConfig)
Set(java.util.Set)
ConfigInitializer(com.actiontech.dble.config.ConfigInitializer)
PhysicalDBPool(com.actiontech.dble.backend.datasource.PhysicalDBPool)
ERTable(com.actiontech.dble.config.model.ERTable)
UserConfig(com.actiontech.dble.config.model.UserConfig)
FirewallConfig(com.actiontech.dble.config.model.FirewallConfig)
Example 3 with FirewallConfig
use of com.actiontech.dble.config.model.FirewallConfig in project dble by actiontech.
the class ReloadConfig method reloadAll.
public static void reloadAll(final int loadAllMode) throws Exception {
/*
* 1 load new conf
* 1.1 ConfigInitializer init adn check itself
* 1.2 DataNode/DataHost test connection
*/
ConfigInitializer loader;
try {
loader = new ConfigInitializer(true, DbleServer.getInstance().getSystemVariables().isLowerCaseTableNames());
} catch (Exception e) {
throw new Exception(e);
}
Map<String, UserConfig> newUsers = loader.getUsers();
Map<String, SchemaConfig> newSchemas = loader.getSchemas();
Map<String, PhysicalDBNode> newDataNodes = loader.getDataNodes();
Map<String, PhysicalDBPool> newDataHosts = loader.getDataHosts();
Map<ERTable, Set<ERTable>> newErRelations = loader.getErRelations();
FirewallConfig newFirewall = loader.getFirewall();
SystemVariables newSystemVariables = DbleServer.getInstance().getSystemVariables();
if (!loader.isDataHostWithoutWH()) {
VarsExtractorHandler handler = new VarsExtractorHandler(newDataNodes);
newSystemVariables = handler.execute();
ConfigInitializer confInit = new ConfigInitializer(newSystemVariables.isLowerCaseTableNames());
newUsers = confInit.getUsers();
newSchemas = confInit.getSchemas();
newDataNodes = confInit.getDataNodes();
newErRelations = confInit.getErRelations();
newFirewall = confInit.getFirewall();
newDataHosts = confInit.getDataHosts();
}
if ((loadAllMode & ManagerParseConfig.OPTT_MODE) != 0) {
try {
loader.testConnection(false);
} catch (Exception e) {
throw new Exception(e);
}
}
/*
* 2 transform
* 2.1 old dataSource continue to work
* 2.2 init the new dataSource
* 2.3 transform
* 2.4 put the old connection into a queue
*/
ServerConfig config = DbleServer.getInstance().getConfig();
/* 2.1 do nothing */
boolean isReloadStatusOK = true;
/* 2.2 init the new dataSource */
for (PhysicalDBPool dbPool : newDataHosts.values()) {
String hostName = dbPool.getHostName();
// set schemas
ArrayList<String> dnSchemas = new ArrayList<>(30);
for (PhysicalDBNode dn : newDataNodes.values()) {
if (dn.getDbPool().getHostName().equals(hostName)) {
dnSchemas.add(dn.getDatabase());
}
}
dbPool.setSchemas(dnSchemas.toArray(new String[dnSchemas.size()]));
// get data host
String dnIndex = DnPropertyUtil.loadDnIndexProps().getProperty(dbPool.getHostName(), "0");
if (!"0".equals(dnIndex)) {
LOGGER.info("init data host: " + dbPool.getHostName() + " to use datasource index:" + dnIndex);
}
dbPool.init(Integer.parseInt(dnIndex));
if (!dbPool.isInitSuccess()) {
isReloadStatusOK = false;
break;
}
}
if (isReloadStatusOK) {
/* 2.3 apply new conf */
config.reload(newUsers, newSchemas, newDataNodes, newDataHosts, newErRelations, newFirewall, newSystemVariables, loader.isDataHostWithoutWH(), true);
recycleOldBackendConnections(config, ((loadAllMode & ManagerParseConfig.OPTF_MODE) != 0));
AlarmAppender.refreshConfig();
} else {
// INIT FAILED
LOGGER.info("reload failed, clear previously created data sources ");
for (PhysicalDBPool dbPool : newDataHosts.values()) {
dbPool.clearDataSources("reload config");
dbPool.stopHeartbeat();
}
throw new Exception("Init DbPool failed");
}
}
Also used :
PhysicalDBNode(com.actiontech.dble.backend.datasource.PhysicalDBNode)
VarsExtractorHandler(com.actiontech.dble.server.variables.VarsExtractorHandler)
SchemaConfig(com.actiontech.dble.config.model.SchemaConfig)
Set(java.util.Set)
ConfigInitializer(com.actiontech.dble.config.ConfigInitializer)
ArrayList(java.util.ArrayList)
PhysicalDBPool(com.actiontech.dble.backend.datasource.PhysicalDBPool)
ERTable(com.actiontech.dble.config.model.ERTable)
UserConfig(com.actiontech.dble.config.model.UserConfig)
FirewallConfig(com.actiontech.dble.config.model.FirewallConfig)
SystemVariables(com.actiontech.dble.server.variables.SystemVariables)
ServerConfig(com.actiontech.dble.config.ServerConfig)
Example 4 with FirewallConfig
use of com.actiontech.dble.config.model.FirewallConfig in project dble by actiontech.
the class FirewallConfigLoader method load.
public void load(Element root, XMLServerLoader xsl, boolean isLowerCaseTableNames) throws IllegalAccessException, InvocationTargetException {
FirewallConfig firewall = xsl.getFirewall();
Map<String, UserConfig> users = xsl.getUsers();
NodeList list = root.getElementsByTagName("host");
Map<String, List<UserConfig>> whitehost = new HashMap<>();
for (int i = 0, n = list.getLength(); i < n; i++) {
Node node = list.item(i);
if (node instanceof Element) {
Element e = (Element) node;
String host = e.getAttribute("host").trim();
String userStr = e.getAttribute("user").trim();
if (firewall.existsHost(host)) {
throw new ConfigException("host duplicated : " + host);
}
String[] arrayUsers = userStr.split(",");
List<UserConfig> userConfigs = new ArrayList<>();
for (String user : arrayUsers) {
UserConfig uc = users.get(user);
if (null == uc) {
throw new ConfigException("[user: " + user + "] doesn't exist in [host: " + host + "]");
}
if (!uc.isManager() && (uc.getSchemas() == null || uc.getSchemas().size() == 0)) {
throw new ConfigException("[host: " + host + "] contains one root privileges user: " + user);
}
userConfigs.add(uc);
}
whitehost.put(host, userConfigs);
}
}
firewall.setWhitehost(whitehost);
WallConfig wallConfig = new WallConfig();
NodeList blacklist = root.getElementsByTagName("blacklist");
for (int i = 0, n = blacklist.getLength(); i < n; i++) {
Node node = blacklist.item(i);
if (node instanceof Element) {
Element e = (Element) node;
String check = e.getAttribute("check");
if (null != check) {
firewall.setBlackListCheck(Boolean.parseBoolean(check));
}
Map<String, Object> props = ConfigUtil.loadElements((Element) node);
ParameterMapping.mapping(wallConfig, props);
}
}
firewall.setWallConfig(wallConfig);
firewall.init();
}
Also used :
HashMap(java.util.HashMap)
NodeList(org.w3c.dom.NodeList)
Node(org.w3c.dom.Node)
Element(org.w3c.dom.Element)
ArrayList(java.util.ArrayList)
ConfigException(com.actiontech.dble.config.util.ConfigException)
WallConfig(com.alibaba.druid.wall.WallConfig)
FirewallConfig(com.actiontech.dble.config.model.FirewallConfig)
UserConfig(com.actiontech.dble.config.model.UserConfig)
NodeList(org.w3c.dom.NodeList)
ArrayList(java.util.ArrayList)
List(java.util.List)
Example 5 with FirewallConfig
use of com.actiontech.dble.config.model.FirewallConfig in project dble by actiontech.
the class RollbackConfig method rollback.
public static void rollback() throws Exception {
ServerConfig conf = DbleServer.getInstance().getConfig();
Map<String, PhysicalDBPool> dataHosts = conf.getBackupDataHosts();
Map<String, UserConfig> users = conf.getBackupUsers();
Map<String, SchemaConfig> schemas = conf.getBackupSchemas();
Map<String, PhysicalDBNode> dataNodes = conf.getBackupDataNodes();
FirewallConfig firewall = conf.getBackupFirewall();
Map<ERTable, Set<ERTable>> erRelations = conf.getBackupErRelations();
boolean backDataHostWithoutWR = conf.backDataHostWithoutWR();
if (conf.canRollback()) {
conf.rollback(users, schemas, dataNodes, dataHosts, erRelations, firewall, backDataHostWithoutWR);
} else if (conf.canRollbackAll()) {
boolean rollbackStatus = true;
String errorMsg = null;
for (PhysicalDBPool dn : dataHosts.values()) {
dn.init(dn.getActiveIndex());
if (!dn.isInitSuccess()) {
rollbackStatus = false;
errorMsg = "dataHost[" + dn.getHostName() + "] inited failure";
break;
}
}
// INIT FAILED
if (!rollbackStatus) {
for (PhysicalDBPool dn : dataHosts.values()) {
dn.clearDataSources("rollbackup config");
dn.stopHeartbeat();
}
throw new Exception(errorMsg);
}
final Map<String, PhysicalDBPool> cNodes = conf.getDataHosts();
// apply
conf.rollback(users, schemas, dataNodes, dataHosts, erRelations, firewall, backDataHostWithoutWR);
// stop old resource heartbeat
for (PhysicalDBPool dn : cNodes.values()) {
dn.clearDataSources("clear old config ");
dn.stopHeartbeat();
}
AlarmAppender.rollbackConfig();
} else {
throw new Exception("there is no old version");
}
}
Also used :
PhysicalDBNode(com.actiontech.dble.backend.datasource.PhysicalDBNode)
SchemaConfig(com.actiontech.dble.config.model.SchemaConfig)
Set(java.util.Set)
PhysicalDBPool(com.actiontech.dble.backend.datasource.PhysicalDBPool)
ERTable(com.actiontech.dble.config.model.ERTable)
UserConfig(com.actiontech.dble.config.model.UserConfig)
FirewallConfig(com.actiontech.dble.config.model.FirewallConfig)
ServerConfig(com.actiontech.dble.config.ServerConfig)
Map(java.util.Map)
Aggregations
FirewallConfig (com.actiontech.dble.config.model.FirewallConfig)6
UserConfig (com.actiontech.dble.config.model.UserConfig)5
PhysicalDBNode (com.actiontech.dble.backend.datasource.PhysicalDBNode)3
PhysicalDBPool (com.actiontech.dble.backend.datasource.PhysicalDBPool)3
ERTable (com.actiontech.dble.config.model.ERTable)3
SchemaConfig (com.actiontech.dble.config.model.SchemaConfig)3
Set (java.util.Set)3
ConfigInitializer (com.actiontech.dble.config.ConfigInitializer)2
ServerConfig (com.actiontech.dble.config.ServerConfig)2
ArrayList (java.util.ArrayList)2
List (java.util.List)2
ConfigException (com.actiontech.dble.config.util.ConfigException)1
SystemVariables (com.actiontech.dble.server.variables.SystemVariables)1
VarsExtractorHandler (com.actiontech.dble.server.variables.VarsExtractorHandler)1
WallCheckResult (com.alibaba.druid.wall.WallCheckResult)1
WallConfig (com.alibaba.druid.wall.WallConfig)1
HashMap (java.util.HashMap)1
Map (java.util.Map)1
Element (org.w3c.dom.Element)1
Node (org.w3c.dom.Node)1
