Switch mysql-proxy to simpleproxy
Mysql-proxy turns out too unreliable and unstable for use in production. The packaged version on Ubuntu suffers from a critical DOS by using telnet. This patch switches from mysql-proxy to simpleproxy, which is just a tcp proxy to forward incoming port 3306 connections to the subunit2sql db. Change-Id: Iffea64aea46cc34969bbaa970e5d91bd0cc05232
This commit is contained in:
parent
ab3a2571d6
commit
d69df1515f
@ -330,7 +330,6 @@ node 'logstash.openstack.org' {
|
||||
],
|
||||
subunit2sql_db_host => hiera('subunit2sql_db_host', ''),
|
||||
subunit2sql_db_pass => hiera('subunit2sql_db_password', ''),
|
||||
mysql_proxy_admin_pass => hiera('subunit2sql_proxy_pass', ''),
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -17,24 +17,21 @@
|
||||
class mysql_proxy {
|
||||
|
||||
package { 'mysql-proxy':
|
||||
ensure => present,
|
||||
ensure => absent,
|
||||
}
|
||||
|
||||
file { '/etc/mysql-proxy':
|
||||
ensure => directory,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
require => Package['mysql-proxy'],
|
||||
|
||||
ensure => absent,
|
||||
recurse => true,
|
||||
force => true,
|
||||
}
|
||||
|
||||
file { '/etc/default/mysql-proxy':
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
source => 'puppet:///modules/mysql_proxy/mysql-proxy',
|
||||
require => Package['mysql-proxy'],
|
||||
ensure => absent,
|
||||
}
|
||||
|
||||
package { 'simpleproxy':
|
||||
ensure => latest,
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -17,25 +17,24 @@
|
||||
class mysql_proxy::server (
|
||||
$db_host,
|
||||
$db_port='3306',
|
||||
$lua_script = '/usr/share/mysql-proxy/rw-splitting.lua',
|
||||
$admin_username = 'admin',
|
||||
$admin_pass,
|
||||
) {
|
||||
|
||||
file { '/etc/mysql-proxy/mysql-proxy.conf':
|
||||
ensure => file,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0600',
|
||||
content => template("mysql_proxy/mysql-proxy.conf.erb"),
|
||||
require => File['/etc/mysql-proxy']
|
||||
ensure => absent,
|
||||
}
|
||||
|
||||
service{ 'mysql-proxy':
|
||||
ensure => running,
|
||||
subscribe => [
|
||||
Package['mysql-proxy'],
|
||||
File['/etc/mysql-proxy/mysql-proxy.conf'],
|
||||
],
|
||||
file { "/etc/init.d/simpleproxy-mysql":
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0555',
|
||||
content => template('mysql_proxy/simpleproxy-mysql.init.erb'),
|
||||
require => Package['simpleproxy']
|
||||
}
|
||||
|
||||
service{ 'simpleproxy-mysql':
|
||||
enable => true,
|
||||
hasrestart => true,
|
||||
require => File["/etc/init.d/simpleproxy-mysql"],
|
||||
}
|
||||
}
|
||||
|
@ -1,8 +0,0 @@
|
||||
[mysql-proxy]
|
||||
log-file = /var/log/mysql-proxy.log
|
||||
log-level = message
|
||||
proxy-read-only-backend-addresses = <%= @db_host %>:<%= @db_port %>
|
||||
proxy-lua-script = <%= @lua_script %>
|
||||
admin-username = <%= @admin_username %>
|
||||
admin-password = <%= @admin_pass %>
|
||||
admin-lua-script = /usr/share/mysql-proxy/admin.lua
|
158
modules/mysql_proxy/templates/simpleproxy-mysql.init.erb
Normal file
158
modules/mysql_proxy/templates/simpleproxy-mysql.init.erb
Normal file
@ -0,0 +1,158 @@
|
||||
#! /bin/sh
|
||||
#### BEGIN INIT INFO
|
||||
# Provides: simpleproxy-mysql
|
||||
# Required-Start: $remote_fs $syslog
|
||||
# Required-Stop: $remote_fs $syslog
|
||||
# Default-Start: 2 3 4 5
|
||||
# Default-Stop: 0 1 6
|
||||
# Short-Description: Simpleproxy for MySQL
|
||||
# Description: TCP proxy to forward incoming MySQL connections
|
||||
### END INIT INFO
|
||||
|
||||
# Do NOT "set -e"
|
||||
|
||||
# PATH should only include /usr/* if it runs after the mountnfs.sh script
|
||||
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/bin
|
||||
DESC="Simpleproxy for MySQL"
|
||||
NAME=simpleproxy-mysql
|
||||
DAEMON=/usr/bin/simpleproxy
|
||||
DAEMON_ARGS="-L<%= @db_port %> -R <%= @db_host %>:<%= @db_port %> -d"
|
||||
SCRIPTNAME=/etc/init.d/$NAME
|
||||
USER=logstash
|
||||
|
||||
# Exit if the package is not installed
|
||||
[ -x "$DAEMON" ] || exit 0
|
||||
|
||||
# Read configuration variable file if it is present
|
||||
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
|
||||
|
||||
# Load the VERBOSE setting and other rcS variables
|
||||
. /lib/init/vars.sh
|
||||
|
||||
# Define LSB log_* functions.
|
||||
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
|
||||
. /lib/lsb/init-functions
|
||||
|
||||
#
|
||||
# Function that starts the daemon/service
|
||||
#
|
||||
do_start()
|
||||
{
|
||||
# Return
|
||||
# 0 if daemon has been started
|
||||
# 1 if daemon was already running
|
||||
# 2 if daemon could not be started
|
||||
|
||||
mkdir -p /var/run/$NAME
|
||||
chown $USER /var/run/$NAME
|
||||
start-stop-daemon --start --quiet -c $USER --exec $DAEMON --test > /dev/null \
|
||||
|| return 1
|
||||
start-stop-daemon --start --quiet -c $USER --exec $DAEMON -- \
|
||||
$DAEMON_ARGS \
|
||||
|| return 2
|
||||
# Add code here, if necessary, that waits for the process to be ready
|
||||
# to handle requests from services started subsequently which depend
|
||||
# on this one. As a last resort, sleep for some time.
|
||||
}
|
||||
|
||||
#
|
||||
# Function that stops the daemon/service
|
||||
#
|
||||
do_stop()
|
||||
{
|
||||
# Return
|
||||
# 0 if daemon has been stopped
|
||||
# 1 if daemon was already stopped
|
||||
# 2 if daemon could not be stopped
|
||||
# other if a failure occurred
|
||||
start-stop-daemon --stop --signal 9
|
||||
RETVAL="$?"
|
||||
[ "$RETVAL" = 2 ] && return 2
|
||||
rm -f /var/run/$NAME/*
|
||||
return "$RETVAL"
|
||||
}
|
||||
|
||||
#
|
||||
# Function that stops the daemon/service
|
||||
#
|
||||
#do_graceful_stop()
|
||||
#{
|
||||
# PID=`cat $PIDFILE`
|
||||
# kill -USR1 $PID
|
||||
#
|
||||
# # wait until really stopped
|
||||
# if [ -n "${PID:-}" ]; then
|
||||
# i=0
|
||||
# while kill -0 "${PID:-}" 2> /dev/null; do
|
||||
# if [ $i -eq '0' ]; then
|
||||
# echo -n " ... waiting "
|
||||
# else
|
||||
# echo -n "."
|
||||
# fi
|
||||
# i=$(($i+1))
|
||||
# sleep 1
|
||||
# done
|
||||
# fi
|
||||
#
|
||||
# rm -f /var/run/$NAME/*
|
||||
#}
|
||||
|
||||
#
|
||||
# Function that sends a SIGHUP to the daemon/service
|
||||
#
|
||||
#do_reload() {
|
||||
# #
|
||||
# # If the daemon can reload its configuration without
|
||||
# # restarting (for example, when it is sent a SIGHUP),
|
||||
# # then implement that here.
|
||||
# #
|
||||
# start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name zuul- server
|
||||
# return 0
|
||||
#}
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
|
||||
do_start
|
||||
case "$?" in
|
||||
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
|
||||
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
|
||||
esac
|
||||
;;
|
||||
stop)
|
||||
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
|
||||
do_stop
|
||||
case "$?" in
|
||||
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
|
||||
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
|
||||
esac
|
||||
;;
|
||||
status)
|
||||
status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
|
||||
;;
|
||||
# reload)
|
||||
# #
|
||||
# # If do_reload() is not implemented then leave this commented out
|
||||
# # and leave 'force-reload' as an alias for 'restart'.
|
||||
# #
|
||||
# log_daemon_msg "Reloading $DESC" "$NAME"
|
||||
# do_reload
|
||||
# log_end_msg $?
|
||||
# ;;
|
||||
restart|force-reload)
|
||||
#
|
||||
# If the "reload" option is implemented then remove the
|
||||
# 'force-reload' alias
|
||||
#
|
||||
log_daemon_msg "Restarting $DESC" "$NAME"
|
||||
do_stop
|
||||
do_start
|
||||
;;
|
||||
*)
|
||||
echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
|
||||
exit 3
|
||||
;;
|
||||
esac
|
||||
|
||||
:
|
||||
|
@ -22,7 +22,6 @@ class openstack_project::logstash (
|
||||
$sysadmins = [],
|
||||
$subunit2sql_db_host,
|
||||
$subunit2sql_db_pass,
|
||||
$mysql_proxy_admin_pass,
|
||||
) {
|
||||
$iptables_es_rule = regsubst ($elasticsearch_nodes, '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 9200:9400 -s \1 -j ACCEPT')
|
||||
$iptables_gm_rule = regsubst ($gearman_workers, '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 4730 -s \1 -j ACCEPT')
|
||||
@ -58,7 +57,5 @@ class openstack_project::logstash (
|
||||
|
||||
class { 'mysql_proxy::server':
|
||||
db_host => $subunit2sql_db_host,
|
||||
admin_username => 'admin',
|
||||
admin_pass => $mysql_proxy_admin_pass,
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user