Example 1 with FirewallConfig
use of io.mycat.config.model.FirewallConfig in project Mycat-Server by MyCATApache.
the class RollbackConfig method rollback.
private static boolean rollback() {
MycatConfig conf = MycatServer.getInstance().getConfig();
Map<String, UserConfig> users = conf.getBackupUsers();
Map<String, SchemaConfig> schemas = conf.getBackupSchemas();
Map<String, PhysicalDBNode> dataNodes = conf.getBackupDataNodes();
Map<String, PhysicalDBPool> dataHosts = conf.getBackupDataHosts();
MycatCluster cluster = conf.getBackupCluster();
FirewallConfig firewall = conf.getBackupFirewall();
// 检查可回滚状态
if (!conf.canRollback()) {
return false;
}
// 如果回滚已经存在的pool
boolean rollbackStatus = true;
Map<String, PhysicalDBPool> cNodes = conf.getDataHosts();
for (PhysicalDBPool dn : dataHosts.values()) {
dn.init(dn.getActivedIndex());
if (!dn.isInitSuccess()) {
rollbackStatus = false;
break;
}
}
// 如果回滚不成功,则清理已初始化的资源。
if (!rollbackStatus) {
for (PhysicalDBPool dn : dataHosts.values()) {
dn.clearDataSources("rollbackup config");
dn.stopHeartbeat();
}
return false;
}
// 应用回滚
conf.rollback(users, schemas, dataNodes, dataHosts, cluster, firewall);
// 处理旧的资源
for (PhysicalDBPool dn : cNodes.values()) {
dn.clearDataSources("clear old config ");
dn.stopHeartbeat();
}
//清理缓存
MycatServer.getInstance().getCacheService().clearCache();
return true;
}
Also used :
PhysicalDBNode(io.mycat.backend.datasource.PhysicalDBNode)
SchemaConfig(io.mycat.config.model.SchemaConfig)
MycatCluster(io.mycat.config.MycatCluster)
PhysicalDBPool(io.mycat.backend.datasource.PhysicalDBPool)
MycatConfig(io.mycat.config.MycatConfig)
UserConfig(io.mycat.config.model.UserConfig)
FirewallConfig(io.mycat.config.model.FirewallConfig)
Example 2 with FirewallConfig
use of io.mycat.config.model.FirewallConfig in project Mycat-Server by MyCATApache.
the class MycatPrivileges method checkFirewallSQLPolicy.
/**
* @see https://github.com/alibaba/druid/wiki/%E9%85%8D%E7%BD%AE-wallfilter
*/
@Override
public boolean checkFirewallSQLPolicy(String user, String sql) {
boolean isPassed = true;
if (contextLocal.get() == null) {
FirewallConfig firewallConfig = MycatServer.getInstance().getConfig().getFirewall();
if (firewallConfig != null) {
if (firewallConfig.isCheck()) {
contextLocal.set(firewallConfig.getProvider());
check = true;
}
}
}
if (check) {
WallCheckResult result = contextLocal.get().check(sql);
// 修复 druid 防火墙在处理SHOW FULL TABLES WHERE Table_type != 'VIEW' 的时候存在的 BUG
List<SQLStatement> stmts = result.getStatementList();
if (!stmts.isEmpty() && !(stmts.get(0) instanceof SQLShowTablesStatement)) {
if (!result.getViolations().isEmpty()) {
isPassed = false;
ALARM.warn("Firewall to intercept the '" + user + "' unsafe SQL , errMsg:" + result.getViolations().get(0).getMessage() + " \r\n " + sql);
}
}
}
return isPassed;
}
Also used :
SQLShowTablesStatement(com.alibaba.druid.sql.ast.statement.SQLShowTablesStatement)
FirewallConfig(io.mycat.config.model.FirewallConfig)
SQLStatement(com.alibaba.druid.sql.ast.SQLStatement)
WallCheckResult(com.alibaba.druid.wall.WallCheckResult)
Example 3 with FirewallConfig
use of io.mycat.config.model.FirewallConfig in project Mycat-Server by MyCATApache.
the class MycatPrivileges method checkFirewallWhiteHostPolicy.
/**
* 防火墙白名单处理,根据防火墙配置,判断目前主机是否可以通过某用户登陆
* 白名单配置请参考:
* @see XMLServerLoader
* @see FirewallConfig
*
* @modification 修改增加网段白名单识别配置
* @date 2016/12/8
* @modifiedBy Hash Zhang
*/
@Override
public boolean checkFirewallWhiteHostPolicy(String user, String host) {
MycatConfig mycatConfig = MycatServer.getInstance().getConfig();
FirewallConfig firewallConfig = mycatConfig.getFirewall();
//防火墙 白名单处理
boolean isPassed = false;
Map<String, List<UserConfig>> whitehost = firewallConfig.getWhitehost();
Map<Pattern, List<UserConfig>> whitehostMask = firewallConfig.getWhitehostMask();
if ((whitehost == null || whitehost.size() == 0) && (whitehostMask == null || whitehostMask.size() == 0)) {
Map<String, UserConfig> users = mycatConfig.getUsers();
isPassed = users.containsKey(user);
} else {
List<UserConfig> list = whitehost.get(host);
Set<Pattern> patterns = whitehostMask.keySet();
if (patterns != null && patterns.size() > 0) {
for (Pattern pattern : patterns) {
if (pattern.matcher(host).find()) {
isPassed = true;
break;
}
}
}
if (list != null) {
for (UserConfig userConfig : list) {
if (userConfig.getName().equals(user)) {
isPassed = true;
break;
}
}
}
}
if (!isPassed) {
ALARM.error(new StringBuilder().append(Alarms.FIREWALL_ATTACK).append("[host=").append(host).append(",user=").append(user).append(']').toString());
return false;
}
return true;
}
Also used :
Pattern(java.util.regex.Pattern)
FirewallConfig(io.mycat.config.model.FirewallConfig)
UserConfig(io.mycat.config.model.UserConfig)
List(java.util.List)
Example 4 with FirewallConfig
use of io.mycat.config.model.FirewallConfig in project Mycat-Server by MyCATApache.
the class ReloadConfig method reload.
public static boolean reload() {
/**
* 1、载入新的配置, ConfigInitializer 内部完成自检工作, 由于不更新数据源信息,此处不自检 dataHost dataNode
*/
ConfigInitializer loader = new ConfigInitializer(false);
Map<String, UserConfig> users = loader.getUsers();
Map<String, SchemaConfig> schemas = loader.getSchemas();
Map<String, PhysicalDBNode> dataNodes = loader.getDataNodes();
Map<String, PhysicalDBPool> dataHosts = loader.getDataHosts();
MycatCluster cluster = loader.getCluster();
FirewallConfig firewall = loader.getFirewall();
/**
* 2、在老的配置上,应用新的配置
*/
MycatServer.getInstance().getConfig().reload(users, schemas, dataNodes, dataHosts, cluster, firewall, false);
/**
* 3、清理缓存
*/
MycatServer.getInstance().getCacheService().clearCache();
MycatServer.getInstance().initRuleData();
return true;
}
Also used :
PhysicalDBNode(io.mycat.backend.datasource.PhysicalDBNode)
SchemaConfig(io.mycat.config.model.SchemaConfig)
ConfigInitializer(io.mycat.config.ConfigInitializer)
MycatCluster(io.mycat.config.MycatCluster)
PhysicalDBPool(io.mycat.backend.datasource.PhysicalDBPool)
UserConfig(io.mycat.config.model.UserConfig)
FirewallConfig(io.mycat.config.model.FirewallConfig)
Example 5 with FirewallConfig
use of io.mycat.config.model.FirewallConfig in project Mycat-Server by MyCATApache.
the class ReloadConfig method reload_all.
public static boolean reload_all() {
/**
* 1、载入新的配置
* 1.1、ConfigInitializer 初始化,基本自检
* 1.2、DataNode/DataHost 实际链路检测
*/
ConfigInitializer loader = new ConfigInitializer(true);
Map<String, UserConfig> newUsers = loader.getUsers();
Map<String, SchemaConfig> newSchemas = loader.getSchemas();
Map<String, PhysicalDBNode> newDataNodes = loader.getDataNodes();
Map<String, PhysicalDBPool> newDataHosts = loader.getDataHosts();
MycatCluster newCluster = loader.getCluster();
FirewallConfig newFirewall = loader.getFirewall();
/**
* 1.2、实际链路检测
*/
loader.testConnection();
/**
* 2、承接
* 2.1、老的 dataSource 继续承接新建请求
* 2.2、新的 dataSource 开始初始化, 完毕后交由 2.3
* 2.3、新的 dataSource 开始承接新建请求
* 2.4、老的 dataSource 内部的事务执行完毕, 相继关闭
* 2.5、老的 dataSource 超过阀值的,强制关闭
*/
MycatConfig config = MycatServer.getInstance().getConfig();
/**
* 2.1 、老的 dataSource 继续承接新建请求, 此处什么也不需要做
*/
boolean isReloadStatusOK = true;
/**
* 2.2、新的 dataHosts 初始化
*/
for (PhysicalDBPool dbPool : newDataHosts.values()) {
String hostName = dbPool.getHostName();
// 设置 schemas
ArrayList<String> dnSchemas = new ArrayList<String>(30);
for (PhysicalDBNode dn : newDataNodes.values()) {
if (dn.getDbPool().getHostName().equals(hostName)) {
dnSchemas.add(dn.getDatabase());
}
}
dbPool.setSchemas(dnSchemas.toArray(new String[dnSchemas.size()]));
// 获取 data host
String dnIndex = DnPropertyUtil.loadDnIndexProps().getProperty(dbPool.getHostName(), "0");
if (!"0".equals(dnIndex)) {
LOGGER.info("init datahost: " + dbPool.getHostName() + " to use datasource index:" + dnIndex);
}
dbPool.init(Integer.valueOf(dnIndex));
if (!dbPool.isInitSuccess()) {
isReloadStatusOK = false;
break;
}
}
/**
* TODO: 确认初始化情况
*
* 新的 dataHosts 是否初始化成功
*/
if (isReloadStatusOK) {
/**
* 2.3、 在老的配置上,应用新的配置,开始准备承接任务
*/
config.reload(newUsers, newSchemas, newDataNodes, newDataHosts, newCluster, newFirewall, true);
/**
* 2.4、 处理旧的资源
*/
LOGGER.warn("1、clear old backend connection(size): " + NIOProcessor.backends_old.size());
// 清除前一次 reload 转移出去的 old Cons
Iterator<BackendConnection> iter = NIOProcessor.backends_old.iterator();
while (iter.hasNext()) {
BackendConnection con = iter.next();
con.close("clear old datasources");
iter.remove();
}
Map<String, PhysicalDBPool> oldDataHosts = config.getBackupDataHosts();
for (PhysicalDBPool dbPool : oldDataHosts.values()) {
dbPool.stopHeartbeat();
// 提取数据源下的所有连接
for (PhysicalDatasource ds : dbPool.getAllDataSources()) {
//
for (NIOProcessor processor : MycatServer.getInstance().getProcessors()) {
for (BackendConnection con : processor.getBackends().values()) {
if (con instanceof MySQLConnection) {
MySQLConnection mysqlCon = (MySQLConnection) con;
if (mysqlCon.getPool() == ds) {
NIOProcessor.backends_old.add(con);
}
} else if (con instanceof JDBCConnection) {
JDBCConnection jdbcCon = (JDBCConnection) con;
if (jdbcCon.getPool() == ds) {
NIOProcessor.backends_old.add(con);
}
}
}
}
}
}
LOGGER.warn("2、to be recycled old backend connection(size): " + NIOProcessor.backends_old.size());
//清理缓存
MycatServer.getInstance().getCacheService().clearCache();
MycatServer.getInstance().initRuleData();
return true;
} else {
// 如果重载不成功,则清理已初始化的资源。
LOGGER.warn("reload failed, clear previously created datasources ");
for (PhysicalDBPool dbPool : newDataHosts.values()) {
dbPool.clearDataSources("reload config");
dbPool.stopHeartbeat();
}
return false;
}
}
Also used :
PhysicalDBNode(io.mycat.backend.datasource.PhysicalDBNode)
BackendConnection(io.mycat.backend.BackendConnection)
SchemaConfig(io.mycat.config.model.SchemaConfig)
ConfigInitializer(io.mycat.config.ConfigInitializer)
MycatCluster(io.mycat.config.MycatCluster)
ArrayList(java.util.ArrayList)
PhysicalDBPool(io.mycat.backend.datasource.PhysicalDBPool)
UserConfig(io.mycat.config.model.UserConfig)
FirewallConfig(io.mycat.config.model.FirewallConfig)
MycatConfig(io.mycat.config.MycatConfig)
NIOProcessor(io.mycat.net.NIOProcessor)
PhysicalDatasource(io.mycat.backend.datasource.PhysicalDatasource)
JDBCConnection(io.mycat.backend.jdbc.JDBCConnection)
MySQLConnection(io.mycat.backend.mysql.nio.MySQLConnection)
Aggregations
FirewallConfig (io.mycat.config.model.FirewallConfig)5
UserConfig (io.mycat.config.model.UserConfig)4
PhysicalDBNode (io.mycat.backend.datasource.PhysicalDBNode)3
PhysicalDBPool (io.mycat.backend.datasource.PhysicalDBPool)3
MycatCluster (io.mycat.config.MycatCluster)3
SchemaConfig (io.mycat.config.model.SchemaConfig)3
ConfigInitializer (io.mycat.config.ConfigInitializer)2
MycatConfig (io.mycat.config.MycatConfig)2
SQLStatement (com.alibaba.druid.sql.ast.SQLStatement)1
SQLShowTablesStatement (com.alibaba.druid.sql.ast.statement.SQLShowTablesStatement)1
WallCheckResult (com.alibaba.druid.wall.WallCheckResult)1
BackendConnection (io.mycat.backend.BackendConnection)1
PhysicalDatasource (io.mycat.backend.datasource.PhysicalDatasource)1
JDBCConnection (io.mycat.backend.jdbc.JDBCConnection)1
MySQLConnection (io.mycat.backend.mysql.nio.MySQLConnection)1
NIOProcessor (io.mycat.net.NIOProcessor)1
ArrayList (java.util.ArrayList)1
List (java.util.List)1
Pattern (java.util.regex.Pattern)1
