archive/netdata_netdata
0
0
Fork 0
mirror of https://github.com/netdata/netdata.git synced 2025-04-13 17:19:11 +00:00
Code Issues Projects Releases Wiki Activity
netdata_netdata/streaming/rrdpush.c
thiagoftsm 2f7962c9e1 Fix parsing SSL ACL along with others () 
* sslstream: ACL parser

It was noticed in the issue 6457 that the some ACLs were not parsing
correctly when they were along SSL acl, this commit fixes this'

* sslstream: remove comments

This commit removes the comments that were present while I was testing the code

* sslstream: Tests

This commit adds ACL tests to check the Netdata response to them

* sslstream: Tests

Fix the extension to upload the files

* sslstream: more tests

In this commit I am bringing more tests, including the ssl tests'

* sslstream: leading space

Remove leading space from variable that was creating problem with shellcheck

* sslstream: glob

Remove special character from script

* sslstream: Makefile

The Makefile diretives were pointed to wrong files

* sslstream: Missing stream encrypt

This commit solves the problem of the stream not be encrypted, but
it is not the final solution, because the parser made is incomplete.

* sslstream: Finish encrypt channel

This commit brings the step that I was missing, the complete encryptation
in the communication between Master and Slave

* sslstream: Fix argument in script

After the latest tests, it was verified that two arguments given to a function
inside the script were not correct, with this PR I am fixing this!

* sslstream: Fix argument in info

Instead to call a function to deliver an integer I was passing a size_t value.
Only cmake showed this, but not in my clion! :/

* sslstream: Fix redirect

When we were having different SSL configuration, the system were not applying
the option for all

* sslstream: Update documentation

Our documentation was not clear about the rules according our code
so I am updating the text to explain for the users

* sslstream: Adjust script

With this last commit, I am adjusting the tests to avoid false positive

* sslstream: Missing elif

The previous commit had a missing elif in the shell script

* sslstream: Split ports

Before this commit Netdata was having SSL as a global option, now it has as a real ACL.

* sslstream: reduce context

The stream variable will not be affected in the master side, it is only necessary
on the slave side, so I am reducing the context of it

* sslstream: Force SSL

When the user has certificate and he does not set any SSL flag, it is necessary
to append the SSL=force flag

* sslstream: Default flag

It is necessary to have a default flag when the SSL flags are not SET

* sslstream: remove comments

Remove comments from the scrip

* sslstream: moving flag

It is better the flag to be set inside socket instead everytime there is a new connection

* sslstream: documentation

Fix a sentence in the web/server/README.md
2019-07-25 18:43:04 +02:00

1462 lines
60 KiB
C
Raw Blame History

// SPDX-License-Identifier: GPL-3.0-or-later
#include "rrdpush.h"
/*
* rrdpush
*
* 3 threads are involved for all stream operations
*
* 1. a random data collection thread, calling rrdset_done_push()
* this is called for each chart.
*
* the output of this work is kept in a BUFFER in RRDHOST
* the sender thread is signalled via a pipe (also in RRDHOST)
*
* 2. a sender thread running at the sending netdata
* this is spawned automatically on the first chart to be pushed
*
* It tries to push the metrics to the remote netdata, as fast
* as possible (i.e. immediately after they are collected).
*
* 3. a receiver thread, running at the receiving netdata
* this is spawned automatically when the sender connects to
* the receiver.
*
*/
#define START_STREAMING_PROMPT "Hit me baby, push them over..."
typedef enum {
RRDPUSH_MULTIPLE_CONNECTIONS_ALLOW,
RRDPUSH_MULTIPLE_CONNECTIONS_DENY_NEW
} RRDPUSH_MULTIPLE_CONNECTIONS_STRATEGY;
static struct config stream_config = {
.sections = NULL,
.mutex = NETDATA_MUTEX_INITIALIZER,
.index = {
.avl_tree = {
.root = NULL,
.compar = appconfig_section_compare
},
.rwlock = AVL_LOCK_INITIALIZER
}
};
unsigned int default_rrdpush_enabled = 0;
char *default_rrdpush_destination = NULL;
char *default_rrdpush_api_key = NULL;
char *default_rrdpush_send_charts_matching = NULL;
int netdata_use_ssl_on_stream = NETDATA_SSL_OPTIONAL;
static void load_stream_conf() {
errno = 0;
char *filename = strdupz_path_subpath(netdata_configured_user_config_dir, "stream.conf");
if(!appconfig_load(&stream_config, filename, 0)) {
info("CONFIG: cannot load user config '%s'. Will try stock config.", filename);
freez(filename);
filename = strdupz_path_subpath(netdata_configured_stock_config_dir, "stream.conf");
if(!appconfig_load(&stream_config, filename, 0))
info("CONFIG: cannot load stock config '%s'. Running with internal defaults.", filename);
}
freez(filename);
}
int rrdpush_init() {
// --------------------------------------------------------------------
// load stream.conf
load_stream_conf();
default_rrdpush_enabled = (unsigned int)appconfig_get_boolean(&stream_config, CONFIG_SECTION_STREAM, "enabled", default_rrdpush_enabled);
default_rrdpush_destination = appconfig_get(&stream_config, CONFIG_SECTION_STREAM, "destination", "");
default_rrdpush_api_key = appconfig_get(&stream_config, CONFIG_SECTION_STREAM, "api key", "");
default_rrdpush_send_charts_matching = appconfig_get(&stream_config, CONFIG_SECTION_STREAM, "send charts matching", "*");
rrdhost_free_orphan_time = config_get_number(CONFIG_SECTION_GLOBAL, "cleanup orphan hosts after seconds", rrdhost_free_orphan_time);
if(default_rrdpush_enabled && (!default_rrdpush_destination || !*default_rrdpush_destination || !default_rrdpush_api_key || !*default_rrdpush_api_key)) {
error("STREAM [send]: cannot enable sending thread - information is missing.");
default_rrdpush_enabled = 0;
}
#ifdef ENABLE_HTTPS
if (netdata_use_ssl_on_stream == NETDATA_SSL_OPTIONAL) {
if (default_rrdpush_destination){
char *test = strstr(default_rrdpush_destination,":SSL");
if(test){
*test = 0X00;
netdata_use_ssl_on_stream = NETDATA_SSL_FORCE;
}
}
}
char *invalid_certificate = appconfig_get(&stream_config, CONFIG_SECTION_STREAM, "ssl skip certificate verification", "no");
if ( !strcmp(invalid_certificate,"yes")){
if (netdata_validate_server == NETDATA_SSL_VALID_CERTIFICATE){
info("The Netdata is configured to accept invalid certificate.");
netdata_validate_server = NETDATA_SSL_INVALID_CERTIFICATE;
}
}
#endif
return default_rrdpush_enabled;
}
#define CONNECTED_TO_SIZE 100
// data collection happens from multiple threads
// each of these threads calls rrdset_done()
// which in turn calls rrdset_done_push()
// which uses this pipe to notify the streaming thread
// that there are more data ready to be sent
#define PIPE_READ 0
#define PIPE_WRITE 1
// to have the remote netdata re-sync the charts
// to its current clock, we send for this many
// iterations a BEGIN line without microseconds
// this is for the first iterations of each chart
unsigned int remote_clock_resync_iterations = 60;
#define rrdpush_buffer_lock(host) netdata_mutex_lock(&((host)->rrdpush_sender_buffer_mutex))
#define rrdpush_buffer_unlock(host) netdata_mutex_unlock(&((host)->rrdpush_sender_buffer_mutex))
static inline int should_send_chart_matching(RRDSET *st) {
if(unlikely(!rrdset_flag_check(st, RRDSET_FLAG_ENABLED))) {
rrdset_flag_clear(st, RRDSET_FLAG_UPSTREAM_SEND);
rrdset_flag_set(st, RRDSET_FLAG_UPSTREAM_IGNORE);
}
else if(!rrdset_flag_check(st, RRDSET_FLAG_UPSTREAM_SEND|RRDSET_FLAG_UPSTREAM_IGNORE)) {
RRDHOST *host = st->rrdhost;
if(simple_pattern_matches(host->rrdpush_send_charts_matching, st->id) ||
simple_pattern_matches(host->rrdpush_send_charts_matching, st->name)) {
rrdset_flag_clear(st, RRDSET_FLAG_UPSTREAM_IGNORE);
rrdset_flag_set(st, RRDSET_FLAG_UPSTREAM_SEND);
}
else {
rrdset_flag_clear(st, RRDSET_FLAG_UPSTREAM_SEND);
rrdset_flag_set(st, RRDSET_FLAG_UPSTREAM_IGNORE);
}
}
return(rrdset_flag_check(st, RRDSET_FLAG_UPSTREAM_SEND));
}
// checks if the current chart definition has been sent
static inline int need_to_send_chart_definition(RRDSET *st) {
rrdset_check_rdlock(st);
if(unlikely(!(rrdset_flag_check(st, RRDSET_FLAG_UPSTREAM_EXPOSED))))
return 1;
RRDDIM *rd;
rrddim_foreach_read(rd, st) {
if(unlikely(!rd->exposed)) {
#ifdef NETDATA_INTERNAL_CHECKS
info("host '%s', chart '%s', dimension '%s' flag 'exposed' triggered chart refresh to upstream", st->rrdhost->hostname, st->id, rd->id);
#endif
return 1;
}
}
return 0;
}
// sends the current chart definition
static inline void rrdpush_send_chart_definition_nolock(RRDSET *st) {
RRDHOST *host = st->rrdhost;
rrdset_flag_set(st, RRDSET_FLAG_UPSTREAM_EXPOSED);
// properly set the name for the remote end to parse it
char *name = "";
if(likely(st->name)) {
if(unlikely(strcmp(st->id, st->name))) {
// they differ
name = strchr(st->name, '.');
if(name)
name++;
else
name = "";
}
}
// info("CHART '%s' '%s'", st->id, name);
// send the chart
buffer_sprintf(
host->rrdpush_sender_buffer
, "CHART \"%s\" \"%s\" \"%s\" \"%s\" \"%s\" \"%s\" \"%s\" %ld %d \"%s %s %s %s\" \"%s\" \"%s\"\n"
, st->id
, name
, st->title
, st->units
, st->family
, st->context
, rrdset_type_name(st->chart_type)
, st->priority
, st->update_every
, rrdset_flag_check(st, RRDSET_FLAG_OBSOLETE)?"obsolete":""
, rrdset_flag_check(st, RRDSET_FLAG_DETAIL)?"detail":""
, rrdset_flag_check(st, RRDSET_FLAG_STORE_FIRST)?"store_first":""
, rrdset_flag_check(st, RRDSET_FLAG_HIDDEN)?"hidden":""
, (st->plugin_name)?st->plugin_name:""
, (st->module_name)?st->module_name:""
);
// send the dimensions
RRDDIM *rd;
rrddim_foreach_read(rd, st) {
buffer_sprintf(
host->rrdpush_sender_buffer
, "DIMENSION \"%s\" \"%s\" \"%s\" " COLLECTED_NUMBER_FORMAT " " COLLECTED_NUMBER_FORMAT " \"%s %s %s\"\n"
, rd->id
, rd->name
, rrd_algorithm_name(rd->algorithm)
, rd->multiplier
, rd->divisor
, rrddim_flag_check(rd, RRDDIM_FLAG_OBSOLETE)?"obsolete":""
, rrddim_flag_check(rd, RRDDIM_FLAG_HIDDEN)?"hidden":""
, rrddim_flag_check(rd, RRDDIM_FLAG_DONT_DETECT_RESETS_OR_OVERFLOWS)?"noreset":""
);
rd->exposed = 1;
}
// send the chart local custom variables
RRDSETVAR *rs;
for(rs = st->variables; rs ;rs = rs->next) {
if(unlikely(rs->type == RRDVAR_TYPE_CALCULATED && rs->options & RRDVAR_OPTION_CUSTOM_CHART_VAR)) {
calculated_number *value = (calculated_number *) rs->value;
buffer_sprintf(
host->rrdpush_sender_buffer
, "VARIABLE CHART %s = " CALCULATED_NUMBER_FORMAT "\n"
, rs->variable
, *value
);
}
}
st->upstream_resync_time = st->last_collected_time.tv_sec + (remote_clock_resync_iterations * st->update_every);
}
// sends the current chart dimensions
static inline void rrdpush_send_chart_metrics_nolock(RRDSET *st) {
RRDHOST *host = st->rrdhost;
buffer_sprintf(host->rrdpush_sender_buffer, "BEGIN \"%s\" %llu\n", st->id, (st->last_collected_time.tv_sec > st->upstream_resync_time)?st->usec_since_last_update:0);
RRDDIM *rd;
rrddim_foreach_read(rd, st) {
if(rd->updated && rd->exposed)
buffer_sprintf(host->rrdpush_sender_buffer
, "SET \"%s\" = " COLLECTED_NUMBER_FORMAT "\n"
, rd->id
, rd->collected_value
);
}
buffer_strcat(host->rrdpush_sender_buffer, "END\n");
}
static void rrdpush_sender_thread_spawn(RRDHOST *host);
void rrdset_push_chart_definition_now(RRDSET *st) {
RRDHOST *host = st->rrdhost;
if(unlikely(!host->rrdpush_send_enabled || !should_send_chart_matching(st)))
return;
rrdset_rdlock(st);
rrdpush_buffer_lock(host);
rrdpush_send_chart_definition_nolock(st);
rrdpush_buffer_unlock(host);
rrdset_unlock(st);
}
void rrdset_done_push(RRDSET *st) {
if(unlikely(!should_send_chart_matching(st)))
return;
RRDHOST *host = st->rrdhost;
rrdpush_buffer_lock(host);
if(unlikely(host->rrdpush_send_enabled && !host->rrdpush_sender_spawn))
rrdpush_sender_thread_spawn(host);
if(unlikely(!host->rrdpush_sender_buffer || !host->rrdpush_sender_connected)) {
if(unlikely(!host->rrdpush_sender_error_shown))
error("STREAM %s [send]: not ready - discarding collected metrics.", host->hostname);
host->rrdpush_sender_error_shown = 1;
rrdpush_buffer_unlock(host);
return;
}
else if(unlikely(host->rrdpush_sender_error_shown)) {
info("STREAM %s [send]: sending metrics...", host->hostname);
host->rrdpush_sender_error_shown = 0;
}
if(need_to_send_chart_definition(st))
rrdpush_send_chart_definition_nolock(st);
rrdpush_send_chart_metrics_nolock(st);
// signal the sender there are more data
if(host->rrdpush_sender_pipe[PIPE_WRITE] != -1 && write(host->rrdpush_sender_pipe[PIPE_WRITE], " ", 1) == -1)
error("STREAM %s [send]: cannot write to internal pipe", host->hostname);
rrdpush_buffer_unlock(host);
}
// ----------------------------------------------------------------------------
// rrdpush sender thread
static inline void rrdpush_sender_add_host_variable_to_buffer_nolock(RRDHOST *host, RRDVAR *rv) {
calculated_number *value = (calculated_number *)rv->value;
buffer_sprintf(
host->rrdpush_sender_buffer
, "VARIABLE HOST %s = " CALCULATED_NUMBER_FORMAT "\n"
, rv->name
, *value
);
debug(D_STREAM, "RRDVAR pushed HOST VARIABLE %s = " CALCULATED_NUMBER_FORMAT, rv->name, *value);
}
void rrdpush_sender_send_this_host_variable_now(RRDHOST *host, RRDVAR *rv) {
if(host->rrdpush_send_enabled && host->rrdpush_sender_spawn && host->rrdpush_sender_connected) {
rrdpush_buffer_lock(host);
rrdpush_sender_add_host_variable_to_buffer_nolock(host, rv);
rrdpush_buffer_unlock(host);
}
}
static int rrdpush_sender_thread_custom_host_variables_callback(void *rrdvar_ptr, void *host_ptr) {
RRDVAR *rv = (RRDVAR *)rrdvar_ptr;
RRDHOST *host = (RRDHOST *)host_ptr;
if(unlikely(rv->options & RRDVAR_OPTION_CUSTOM_HOST_VAR && rv->type == RRDVAR_TYPE_CALCULATED)) {
rrdpush_sender_add_host_variable_to_buffer_nolock(host, rv);
// return 1, so that the traversal will return the number of variables sent
return 1;
}
// returning a negative number will break the traversal
return 0;
}
static void rrdpush_sender_thread_send_custom_host_variables(RRDHOST *host) {
int ret = rrdvar_callback_for_all_host_variables(host, rrdpush_sender_thread_custom_host_variables_callback, host);
(void)ret;
debug(D_STREAM, "RRDVAR sent %d VARIABLES", ret);
}
// resets all the chart, so that their definitions
// will be resent to the central netdata
static void rrdpush_sender_thread_reset_all_charts(RRDHOST *host) {
rrdhost_rdlock(host);
RRDSET *st;
rrdset_foreach_read(st, host) {
rrdset_flag_clear(st, RRDSET_FLAG_UPSTREAM_EXPOSED);
st->upstream_resync_time = 0;
rrdset_rdlock(st);
RRDDIM *rd;
rrddim_foreach_read(rd, st)
rd->exposed = 0;
rrdset_unlock(st);
}
rrdhost_unlock(host);
}
static inline void rrdpush_sender_thread_data_flush(RRDHOST *host) {
rrdpush_buffer_lock(host);
if(buffer_strlen(host->rrdpush_sender_buffer))
error("STREAM %s [send]: discarding %zu bytes of metrics already in the buffer.", host->hostname, buffer_strlen(host->rrdpush_sender_buffer));
buffer_flush(host->rrdpush_sender_buffer);
rrdpush_sender_thread_reset_all_charts(host);
rrdpush_sender_thread_send_custom_host_variables(host);
rrdpush_buffer_unlock(host);
}
void rrdpush_sender_thread_stop(RRDHOST *host) {
rrdpush_buffer_lock(host);
rrdhost_wrlock(host);
netdata_thread_t thr = 0;
if(host->rrdpush_sender_spawn) {
info("STREAM %s [send]: signaling sending thread to stop...", host->hostname);
// signal the thread that we want to join it
host->rrdpush_sender_join = 1;
// copy the thread id, so that we will be waiting for the right one
// even if a new one has been spawn
thr = host->rrdpush_sender_thread;
// signal it to cancel
netdata_thread_cancel(host->rrdpush_sender_thread);
}
rrdhost_unlock(host);
rrdpush_buffer_unlock(host);
if(thr != 0) {
info("STREAM %s [send]: waiting for the sending thread to stop...", host->hostname);
void *result;
netdata_thread_join(thr, &result);
info("STREAM %s [send]: sending thread has exited.", host->hostname);
}
}
static inline void rrdpush_sender_thread_close_socket(RRDHOST *host) {
host->rrdpush_sender_connected = 0;
if(host->rrdpush_sender_socket != -1) {
close(host->rrdpush_sender_socket);
host->rrdpush_sender_socket = -1;
}
}
//called from client side
static int rrdpush_sender_thread_connect_to_master(RRDHOST *host, int default_port, int timeout, size_t *reconnects_counter, char *connected_to, size_t connected_to_size) {
struct timeval tv = {
.tv_sec = timeout,
.tv_usec = 0
};
// make sure the socket is closed
rrdpush_sender_thread_close_socket(host);
debug(D_STREAM, "STREAM: Attempting to connect...");
info("STREAM %s [send to %s]: connecting...", host->hostname, host->rrdpush_send_destination);
host->rrdpush_sender_socket = connect_to_one_of(
host->rrdpush_send_destination
, default_port
, &tv
, reconnects_counter
, connected_to
, connected_to_size
);
if(unlikely(host->rrdpush_sender_socket == -1)) {
error("STREAM %s [send to %s]: failed to connect", host->hostname, host->rrdpush_send_destination);
return 0;
}
info("STREAM %s [send to %s]: initializing communication...", host->hostname, connected_to);
#ifdef ENABLE_HTTPS
if( netdata_client_ctx ){
host->ssl.flags = NETDATA_SSL_START;
if (!host->ssl.conn){
host->ssl.conn = SSL_new(netdata_client_ctx);
if(!host->ssl.conn){
error("Failed to allocate SSL structure.");
host->ssl.flags = NETDATA_SSL_NO_HANDSHAKE;
}
}
else{
SSL_clear(host->ssl.conn);
}
if (host->ssl.conn)
{
if (SSL_set_fd(host->ssl.conn, host->rrdpush_sender_socket) != 1) {
error("Failed to set the socket to the SSL on socket fd %d.", host->rrdpush_sender_socket);
host->ssl.flags = NETDATA_SSL_NO_HANDSHAKE;
} else{
host->ssl.flags = NETDATA_SSL_HANDSHAKE_COMPLETE;
}
}
}
else {
host->ssl.flags = NETDATA_SSL_NO_HANDSHAKE;
}
#endif
#define HTTP_HEADER_SIZE 8192
char http[HTTP_HEADER_SIZE + 1];
int eol = snprintfz(http, HTTP_HEADER_SIZE,
"STREAM key=%s&hostname=%s&registry_hostname=%s&machine_guid=%s&update_every=%d&os=%s&timezone=%s&tags=%s"
"&NETDATA_SYSTEM_OS_NAME=%s"
"&NETDATA_SYSTEM_OS_ID=%s"
"&NETDATA_SYSTEM_OS_ID_LIKE=%s"
"&NETDATA_SYSTEM_OS_VERSION=%s"
"&NETDATA_SYSTEM_OS_VERSION_ID=%s"
"&NETDATA_SYSTEM_OS_DETECTION=%s"
"&NETDATA_SYSTEM_KERNEL_NAME=%s"
"&NETDATA_SYSTEM_KERNEL_VERSION=%s"
"&NETDATA_SYSTEM_ARCHITECTURE=%s"
"&NETDATA_SYSTEM_VIRTUALIZATION=%s"
"&NETDATA_SYSTEM_VIRT_DETECTION=%s"
"&NETDATA_SYSTEM_CONTAINER=%s"
"&NETDATA_SYSTEM_CONTAINER_DETECTION=%s"
" HTTP/1.1\r\n"
"User-Agent: %s/%s\r\n"
"Accept: */*\r\n\r\n"
, host->rrdpush_send_api_key
, host->hostname
, host->registry_hostname
, host->machine_guid
, default_rrd_update_every
, host->os
, host->timezone
, (host->tags) ? host->tags : ""
, (host->system_info->os_name) ? host->system_info->os_name : ""
, (host->system_info->os_id) ? host->system_info->os_id : ""
, (host->system_info->os_id_like) ? host->system_info->os_id_like : ""
, (host->system_info->os_version) ? host->system_info->os_version : ""
, (host->system_info->os_version_id) ? host->system_info->os_version_id : ""
, (host->system_info->os_detection) ? host->system_info->os_detection : ""
, (host->system_info->kernel_name) ? host->system_info->kernel_name : ""
, (host->system_info->kernel_version) ? host->system_info->kernel_version : ""
, (host->system_info->architecture) ? host->system_info->architecture : ""
, (host->system_info->virtualization) ? host->system_info->virtualization : ""
, (host->system_info->virt_detection) ? host->system_info->virt_detection : ""
, (host->system_info->container) ? host->system_info->container : ""
, (host->system_info->container_detection) ? host->system_info->container_detection : ""
, host->program_name
, host->program_version
);
http[eol] = 0x00;
#ifdef ENABLE_HTTPS
if (!host->ssl.flags) {
ERR_clear_error();
SSL_set_connect_state(host->ssl.conn);
int err = SSL_connect(host->ssl.conn);
if (err != 1){
err = SSL_get_error(host->ssl.conn, err);
error("SSL cannot connect with the server: %s ",ERR_error_string((long)SSL_get_error(host->ssl.conn,err),NULL));
if (netdata_use_ssl_on_stream == NETDATA_SSL_FORCE) {
rrdpush_sender_thread_close_socket(host);
return 0;
}else {
host->ssl.flags = NETDATA_SSL_NO_HANDSHAKE;
}
}
else {
if (netdata_use_ssl_on_stream == NETDATA_SSL_FORCE) {
if (netdata_validate_server == NETDATA_SSL_VALID_CERTIFICATE) {
if ( security_test_certificate(host->ssl.conn)) {
error("Closing the stream connection, because the server SSL certificate is not valid.");
rrdpush_sender_thread_close_socket(host);
return 0;
}
}
}
}
}
if(send_timeout(&host->ssl,host->rrdpush_sender_socket, http, strlen(http), 0, timeout) == -1) {
#else
if(send_timeout(host->rrdpush_sender_socket, http, strlen(http), 0, timeout) == -1) {
#endif
error("STREAM %s [send to %s]: failed to send HTTP header to remote netdata.", host->hostname, connected_to);
rrdpush_sender_thread_close_socket(host);
return 0;
}
info("STREAM %s [send to %s]: waiting response from remote netdata...", host->hostname, connected_to);
#ifdef ENABLE_HTTPS
if(recv_timeout(&host->ssl,host->rrdpush_sender_socket, http, HTTP_HEADER_SIZE, 0, timeout) == -1) {
#else
if(recv_timeout(host->rrdpush_sender_socket, http, HTTP_HEADER_SIZE, 0, timeout) == -1) {
#endif
error("STREAM %s [send to %s]: remote netdata does not respond.", host->hostname, connected_to);
rrdpush_sender_thread_close_socket(host);
return 0;
}
if(strncmp(http, START_STREAMING_PROMPT, strlen(START_STREAMING_PROMPT)) != 0) {
error("STREAM %s [send to %s]: server is not replying properly (is it a netdata?).", host->hostname, connected_to);
rrdpush_sender_thread_close_socket(host);
return 0;
}
info("STREAM %s [send to %s]: established communication - ready to send metrics...", host->hostname, connected_to);
if(sock_setnonblock(host->rrdpush_sender_socket) < 0)
error("STREAM %s [send to %s]: cannot set non-blocking mode for socket.", host->hostname, connected_to);
if(sock_enlarge_out(host->rrdpush_sender_socket) < 0)
error("STREAM %s [send to %s]: cannot enlarge the socket buffer.", host->hostname, connected_to);
debug(D_STREAM, "STREAM: Connected on fd %d...", host->rrdpush_sender_socket);
return 1;
}
static void rrdpush_sender_thread_cleanup_callback(void *ptr) {
RRDHOST *host = (RRDHOST *)ptr;
rrdpush_buffer_lock(host);
rrdhost_wrlock(host);
info("STREAM %s [send]: sending thread cleans up...", host->hostname);
rrdpush_sender_thread_close_socket(host);
// close the pipe
if(host->rrdpush_sender_pipe[PIPE_READ] != -1) {
close(host->rrdpush_sender_pipe[PIPE_READ]);
host->rrdpush_sender_pipe[PIPE_READ] = -1;
}
if(host->rrdpush_sender_pipe[PIPE_WRITE] != -1) {
close(host->rrdpush_sender_pipe[PIPE_WRITE]);
host->rrdpush_sender_pipe[PIPE_WRITE] = -1;
}
buffer_free(host->rrdpush_sender_buffer);
host->rrdpush_sender_buffer = NULL;
if(!host->rrdpush_sender_join) {
info("STREAM %s [send]: sending thread detaches itself.", host->hostname);
netdata_thread_detach(netdata_thread_self());
}
host->rrdpush_sender_spawn = 0;
info("STREAM %s [send]: sending thread now exits.", host->hostname);
rrdhost_unlock(host);
rrdpush_buffer_unlock(host);
}
void *rrdpush_sender_thread(void *ptr) {
RRDHOST *host = (RRDHOST *)ptr;
if(!host->rrdpush_send_enabled || !host->rrdpush_send_destination || !*host->rrdpush_send_destination || !host->rrdpush_send_api_key || !*host->rrdpush_send_api_key) {
error("STREAM %s [send]: thread created (task id %d), but host has streaming disabled.", host->hostname, gettid());
return NULL;
}
#ifdef ENABLE_HTTPS
if (netdata_use_ssl_on_stream & NETDATA_SSL_FORCE ){
security_start_ssl(NETDATA_SSL_CONTEXT_STREAMING);
}
#endif
info("STREAM %s [send]: thread created (task id %d)", host->hostname, gettid());
int timeout = (int)appconfig_get_number(&stream_config, CONFIG_SECTION_STREAM, "timeout seconds", 60);
int default_port = (int)appconfig_get_number(&stream_config, CONFIG_SECTION_STREAM, "default port", 19999);
size_t max_size = (size_t)appconfig_get_number(&stream_config, CONFIG_SECTION_STREAM, "buffer size bytes", 1024 * 1024);
unsigned int reconnect_delay = (unsigned int)appconfig_get_number(&stream_config, CONFIG_SECTION_STREAM, "reconnect delay seconds", 5);
remote_clock_resync_iterations = (unsigned int)appconfig_get_number(&stream_config, CONFIG_SECTION_STREAM, "initial clock resync iterations", remote_clock_resync_iterations);
char connected_to[CONNECTED_TO_SIZE + 1] = "";
// initialize rrdpush globals
host->rrdpush_sender_buffer = buffer_create(1);
host->rrdpush_sender_connected = 0;
if(pipe(host->rrdpush_sender_pipe) == -1) fatal("STREAM %s [send]: cannot create required pipe.", host->hostname);
// initialize local variables
size_t begin = 0;
size_t reconnects_counter = 0;
size_t sent_bytes = 0;
size_t sent_bytes_on_this_connection = 0;
size_t send_attempts = 0;
time_t last_sent_t = 0;
struct pollfd fds[2], *ifd, *ofd;
nfds_t fdmax;
ifd = &fds[0];
ofd = &fds[1];
size_t not_connected_loops = 0;
netdata_thread_cleanup_push(rrdpush_sender_thread_cleanup_callback, host);
for(; host->rrdpush_send_enabled && !netdata_exit ;) {
// check for outstanding cancellation requests
netdata_thread_testcancel();
// if we don't have socket open, lets wait a bit
if(unlikely(host->rrdpush_sender_socket == -1)) {
send_attempts = 0;
if(not_connected_loops == 0 && sent_bytes_on_this_connection > 0) {
// fast re-connection on first disconnect
sleep_usec(USEC_PER_MS * 500); // milliseconds
}
else {
// slow re-connection on repeating errors
sleep_usec(USEC_PER_SEC * reconnect_delay); // seconds
}
if(rrdpush_sender_thread_connect_to_master(host, default_port, timeout, &reconnects_counter, connected_to, CONNECTED_TO_SIZE)) {
last_sent_t = now_monotonic_sec();
// reset the buffer, to properly send charts and metrics
rrdpush_sender_thread_data_flush(host);
// send from the beginning
begin = 0;
// make sure the next reconnection will be immediate
not_connected_loops = 0;
// reset the bytes we have sent for this session
sent_bytes_on_this_connection = 0;
// let the data collection threads know we are ready
host->rrdpush_sender_connected = 1;
}
else {
// increase the failed connections counter
not_connected_loops++;
// reset the number of bytes sent
sent_bytes_on_this_connection = 0;
}
// loop through
continue;
}
else if(unlikely(now_monotonic_sec() - last_sent_t > timeout)) {
error("STREAM %s [send to %s]: could not send metrics for %d seconds - closing connection - we have sent %zu bytes on this connection via %zu send attempts.", host->hostname, connected_to, timeout, sent_bytes_on_this_connection, send_attempts);
rrdpush_sender_thread_close_socket(host);
}
ifd->fd = host->rrdpush_sender_pipe[PIPE_READ];
ifd->events = POLLIN;
ifd->revents = 0;
ofd->fd = host->rrdpush_sender_socket;
ofd->revents = 0;
if(ofd->fd != -1 && begin < buffer_strlen(host->rrdpush_sender_buffer)) {
debug(D_STREAM, "STREAM: Requesting data output on streaming socket %d...", ofd->fd);
ofd->events = POLLOUT;
fdmax = 2;
send_attempts++;
}
else {
debug(D_STREAM, "STREAM: Not requesting data output on streaming socket %d (nothing to send now)...", ofd->fd);
ofd->events = 0;
fdmax = 1;
}
debug(D_STREAM, "STREAM: Waiting for poll() events (current buffer length %zu bytes)...", buffer_strlen(host->rrdpush_sender_buffer));
if(unlikely(netdata_exit)) break;
int retval = poll(fds, fdmax, 1000);
if(unlikely(netdata_exit)) break;
if(unlikely(retval == -1)) {
debug(D_STREAM, "STREAM: poll() failed (current buffer length %zu bytes)...", buffer_strlen(host->rrdpush_sender_buffer));
if(errno == EAGAIN || errno == EINTR) {
debug(D_STREAM, "STREAM: poll() failed with EAGAIN or EINTR...");
}
else {
error("STREAM %s [send to %s]: failed to poll(). Closing socket.", host->hostname, connected_to);
rrdpush_sender_thread_close_socket(host);
}
continue;
}
else if(likely(retval)) {
if (ifd->revents & POLLIN || ifd->revents & POLLPRI) {
debug(D_STREAM, "STREAM: Data added to send buffer (current buffer length %zu bytes)...", buffer_strlen(host->rrdpush_sender_buffer));
char buffer[1000 + 1];
if (read(host->rrdpush_sender_pipe[PIPE_READ], buffer, 1000) == -1)
error("STREAM %s [send to %s]: cannot read from internal pipe.", host->hostname, connected_to);
}
if (ofd->revents & POLLOUT) {
if (begin < buffer_strlen(host->rrdpush_sender_buffer)) {
debug(D_STREAM, "STREAM: Sending data (current buffer length %zu bytes, begin = %zu)...", buffer_strlen(host->rrdpush_sender_buffer), begin);
// BEGIN RRDPUSH LOCKED SESSION
// during this session, data collectors
// will not be able to append data to our buffer
// but the socket is in non-blocking mode
// so, we will not block at send()
netdata_thread_disable_cancelability();
debug(D_STREAM, "STREAM: Getting exclusive lock on host...");
rrdpush_buffer_lock(host);
debug(D_STREAM, "STREAM: Sending data, starting from %zu, size %zu...", begin, buffer_strlen(host->rrdpush_sender_buffer));
ssize_t ret;
#ifdef ENABLE_HTTPS
SSL *conn = host->ssl.conn ;
if(conn && !host->ssl.flags) {
ret = SSL_write(conn,&host->rrdpush_sender_buffer->buffer[begin], buffer_strlen(host->rrdpush_sender_buffer) - begin);
} else {
ret = send(host->rrdpush_sender_socket, &host->rrdpush_sender_buffer->buffer[begin], buffer_strlen(host->rrdpush_sender_buffer) - begin, MSG_DONTWAIT);
}
#else
ret = send(host->rrdpush_sender_socket, &host->rrdpush_sender_buffer->buffer[begin], buffer_strlen(host->rrdpush_sender_buffer) - begin, MSG_DONTWAIT);
#endif
if (unlikely(ret == -1)) {
if (errno != EAGAIN && errno != EINTR && errno != EWOULDBLOCK) {
debug(D_STREAM, "STREAM: Send failed - closing socket...");
error("STREAM %s [send to %s]: failed to send metrics - closing connection - we have sent %zu bytes on this connection.", host->hostname, connected_to, sent_bytes_on_this_connection);
rrdpush_sender_thread_close_socket(host);
}
else {
debug(D_STREAM, "STREAM: Send failed - will retry...");
}
}
else if (likely(ret > 0)) {
// DEBUG - dump the string to see it
//char c = host->rrdpush_sender_buffer->buffer[begin + ret];
//host->rrdpush_sender_buffer->buffer[begin + ret] = '\0';
//debug(D_STREAM, "STREAM: sent from %zu to %zd:\n%s\n", begin, ret, &host->rrdpush_sender_buffer->buffer[begin]);
//host->rrdpush_sender_buffer->buffer[begin + ret] = c;
sent_bytes_on_this_connection += ret;
sent_bytes += ret;
begin += ret;
if (begin == buffer_strlen(host->rrdpush_sender_buffer)) {
// we send it all
debug(D_STREAM, "STREAM: Sent %zd bytes (the whole buffer)...", ret);
buffer_flush(host->rrdpush_sender_buffer);
begin = 0;
}
else {
debug(D_STREAM, "STREAM: Sent %zd bytes (part of the data buffer)...", ret);
}
last_sent_t = now_monotonic_sec();
}
else {
debug(D_STREAM, "STREAM: send() returned %zd - closing the socket...", ret);
error("STREAM %s [send to %s]: failed to send metrics (send() returned %zd) - closing connection - we have sent %zu bytes on this connection.",
host->hostname, connected_to, ret, sent_bytes_on_this_connection);
rrdpush_sender_thread_close_socket(host);
}
debug(D_STREAM, "STREAM: Releasing exclusive lock on host...");
rrdpush_buffer_unlock(host);
netdata_thread_enable_cancelability();
// END RRDPUSH LOCKED SESSION
}
else {
debug(D_STREAM, "STREAM: we have sent the entire buffer, but we received POLLOUT...");
}
}
if(host->rrdpush_sender_socket != -1) {
char *error = NULL;
if (unlikely(ofd->revents & POLLERR))
error = "socket reports errors (POLLERR)";
else if (unlikely(ofd->revents & POLLHUP))
error = "connection closed by remote end (POLLHUP)";
else if (unlikely(ofd->revents & POLLNVAL))
error = "connection is invalid (POLLNVAL)";
if(unlikely(error)) {
debug(D_STREAM, "STREAM: %s - closing socket...", error);
error("STREAM %s [send to %s]: %s - reopening socket - we have sent %zu bytes on this connection.", host->hostname, connected_to, error, sent_bytes_on_this_connection);
rrdpush_sender_thread_close_socket(host);
}
}
}
else {
debug(D_STREAM, "STREAM: poll() timed out.");
}
// protection from overflow
if(buffer_strlen(host->rrdpush_sender_buffer) > max_size) {
debug(D_STREAM, "STREAM: Buffer is too big (%zu bytes), bigger than the max (%zu) - flushing it...", buffer_strlen(host->rrdpush_sender_buffer), max_size);
errno = 0;
error("STREAM %s [send to %s]: too many data pending - buffer is %zu bytes long, %zu unsent - we have sent %zu bytes in total, %zu on this connection. Closing connection to flush the data.", host->hostname, connected_to, host->rrdpush_sender_buffer->len, host->rrdpush_sender_buffer->len - begin, sent_bytes, sent_bytes_on_this_connection);
rrdpush_sender_thread_close_socket(host);
}
}
netdata_thread_cleanup_pop(1);
return NULL;
}
// ----------------------------------------------------------------------------
// rrdpush receiver thread
static void log_stream_connection(const char *client_ip, const char *client_port, const char *api_key, const char *machine_guid, const char *host, const char *msg) {
log_access("STREAM: %d '[%s]:%s' '%s' host '%s' api key '%s' machine guid '%s'", gettid(), client_ip, client_port, msg, host, api_key, machine_guid);
}
static RRDPUSH_MULTIPLE_CONNECTIONS_STRATEGY get_multiple_connections_strategy(struct config *c, const char *section, const char *name, RRDPUSH_MULTIPLE_CONNECTIONS_STRATEGY def) {
char *value;
switch(def) {
default:
case RRDPUSH_MULTIPLE_CONNECTIONS_ALLOW:
value = "allow";
break;
case RRDPUSH_MULTIPLE_CONNECTIONS_DENY_NEW:
value = "deny";
break;
}
value = appconfig_get(c, section, name, value);
RRDPUSH_MULTIPLE_CONNECTIONS_STRATEGY ret = def;
if(strcasecmp(value, "allow") == 0 || strcasecmp(value, "permit") == 0 || strcasecmp(value, "accept") == 0)
ret = RRDPUSH_MULTIPLE_CONNECTIONS_ALLOW;
else if(strcasecmp(value, "deny") == 0 || strcasecmp(value, "reject") == 0 || strcasecmp(value, "block") == 0)
ret = RRDPUSH_MULTIPLE_CONNECTIONS_DENY_NEW;
else
error("Invalid stream config value at section [%s], setting '%s', value '%s'", section, name, value);
return ret;
}
static int rrdpush_receive(int fd
, const char *key
, const char *hostname
, const char *registry_hostname
, const char *machine_guid
, const char *os
, const char *timezone
, const char *tags
, const char *program_name
, const char *program_version
, struct rrdhost_system_info *system_info
, int update_every
, char *client_ip
, char *client_port
#ifdef ENABLE_HTTPS
, struct netdata_ssl *ssl
#endif
) {
RRDHOST *host;
int history = default_rrd_history_entries;
RRD_MEMORY_MODE mode = default_rrd_memory_mode;
int health_enabled = default_health_enabled;
int rrdpush_enabled = default_rrdpush_enabled;
char *rrdpush_destination = default_rrdpush_destination;
char *rrdpush_api_key = default_rrdpush_api_key;
char *rrdpush_send_charts_matching = default_rrdpush_send_charts_matching;
time_t alarms_delay = 60;
RRDPUSH_MULTIPLE_CONNECTIONS_STRATEGY rrdpush_multiple_connections_strategy = RRDPUSH_MULTIPLE_CONNECTIONS_ALLOW;
update_every = (int)appconfig_get_number(&stream_config, machine_guid, "update every", update_every);
if(update_every < 0) update_every = 1;
history = (int)appconfig_get_number(&stream_config, key, "default history", history);
history = (int)appconfig_get_number(&stream_config, machine_guid, "history", history);
if(history < 5) history = 5;
mode = rrd_memory_mode_id(appconfig_get(&stream_config, key, "default memory mode", rrd_memory_mode_name(mode)));
mode = rrd_memory_mode_id(appconfig_get(&stream_config, machine_guid, "memory mode", rrd_memory_mode_name(mode)));
health_enabled = appconfig_get_boolean_ondemand(&stream_config, key, "health enabled by default", health_enabled);
health_enabled = appconfig_get_boolean_ondemand(&stream_config, machine_guid, "health enabled", health_enabled);
alarms_delay = appconfig_get_number(&stream_config, key, "default postpone alarms on connect seconds", alarms_delay);
alarms_delay = appconfig_get_number(&stream_config, machine_guid, "postpone alarms on connect seconds", alarms_delay);
rrdpush_enabled = appconfig_get_boolean(&stream_config, key, "default proxy enabled", rrdpush_enabled);
rrdpush_enabled = appconfig_get_boolean(&stream_config, machine_guid, "proxy enabled", rrdpush_enabled);
rrdpush_destination = appconfig_get(&stream_config, key, "default proxy destination", rrdpush_destination);
rrdpush_destination = appconfig_get(&stream_config, machine_guid, "proxy destination", rrdpush_destination);
rrdpush_api_key = appconfig_get(&stream_config, key, "default proxy api key", rrdpush_api_key);
rrdpush_api_key = appconfig_get(&stream_config, machine_guid, "proxy api key", rrdpush_api_key);
rrdpush_multiple_connections_strategy = get_multiple_connections_strategy(&stream_config, key, "multiple connections", rrdpush_multiple_connections_strategy);
rrdpush_multiple_connections_strategy = get_multiple_connections_strategy(&stream_config, machine_guid, "multiple connections", rrdpush_multiple_connections_strategy);
rrdpush_send_charts_matching = appconfig_get(&stream_config, key, "default proxy send charts matching", rrdpush_send_charts_matching);
rrdpush_send_charts_matching = appconfig_get(&stream_config, machine_guid, "proxy send charts matching", rrdpush_send_charts_matching);
tags = appconfig_set_default(&stream_config, machine_guid, "host tags", (tags)?tags:"");
if(tags && !*tags) tags = NULL;
if (strcmp(machine_guid, localhost->machine_guid) == 0) {
log_stream_connection(client_ip, client_port, key, machine_guid, hostname, "DENIED - ATTEMPT TO RECEIVE METRICS FROM MACHINE_GUID IDENTICAL TO MASTER");
error("STREAM %s [receive from %s:%s]: denied to receive metrics, machine GUID [%s] is my own. Did you copy the master/proxy machine guid to a slave?", hostname, client_ip, client_port, machine_guid);
close(fd);
return 1;
}
else
host = rrdhost_find_or_create(
hostname
, registry_hostname
, machine_guid
, os
, timezone
, tags
, program_name
, program_version
, update_every
, history
, mode
, (unsigned int)(health_enabled != CONFIG_BOOLEAN_NO)
, (unsigned int)(rrdpush_enabled && rrdpush_destination && *rrdpush_destination && rrdpush_api_key && *rrdpush_api_key)
, rrdpush_destination
, rrdpush_api_key
, rrdpush_send_charts_matching
, system_info
);
if(!host) {
close(fd);
log_stream_connection(client_ip, client_port, key, machine_guid, hostname, "FAILED - CANNOT ACQUIRE HOST");
error("STREAM %s [receive from [%s]:%s]: failed to find/create host structure.", hostname, client_ip, client_port);
return 1;
}
#ifdef NETDATA_INTERNAL_CHECKS
info("STREAM %s [receive from [%s]:%s]: client willing to stream metrics for host '%s' with machine_guid '%s': update every = %d, history = %ld, memory mode = %s, health %s, tags '%s'"
, hostname
, client_ip
, client_port
, host->hostname
, host->machine_guid
, host->rrd_update_every
, host->rrd_history_entries
, rrd_memory_mode_name(host->rrd_memory_mode)
, (health_enabled == CONFIG_BOOLEAN_NO)?"disabled":((health_enabled == CONFIG_BOOLEAN_YES)?"enabled":"auto")
, host->tags?host->tags:""
);
#endif // NETDATA_INTERNAL_CHECKS
struct plugind cd = {
.enabled = 1,
.update_every = default_rrd_update_every,
.pid = 0,
.serial_failures = 0,
.successful_collections = 0,
.obsolete = 0,
.started_t = now_realtime_sec(),
.next = NULL,
};
// put the client IP and port into the buffers used by plugins.d
snprintfz(cd.id, CONFIG_MAX_NAME, "%s:%s", client_ip, client_port);
snprintfz(cd.filename, FILENAME_MAX, "%s:%s", client_ip, client_port);
snprintfz(cd.fullfilename, FILENAME_MAX, "%s:%s", client_ip, client_port);
snprintfz(cd.cmd, PLUGINSD_CMD_MAX, "%s:%s", client_ip, client_port);
info("STREAM %s [receive from [%s]:%s]: initializing communication...", host->hostname, client_ip, client_port);
#ifdef ENABLE_HTTPS
host->ssl.conn = ssl->conn;
host->ssl.flags = ssl->flags;
if(send_timeout(ssl,fd, START_STREAMING_PROMPT, strlen(START_STREAMING_PROMPT), 0, 60) != strlen(START_STREAMING_PROMPT)) {
#else
if(send_timeout(fd, START_STREAMING_PROMPT, strlen(START_STREAMING_PROMPT), 0, 60) != strlen(START_STREAMING_PROMPT)) {
#endif
log_stream_connection(client_ip, client_port, key, host->machine_guid, host->hostname, "FAILED - CANNOT REPLY");
error("STREAM %s [receive from [%s]:%s]: cannot send ready command.", host->hostname, client_ip, client_port);
close(fd);
return 0;
}
// remove the non-blocking flag from the socket
if(sock_delnonblock(fd) < 0)
error("STREAM %s [receive from [%s]:%s]: cannot remove the non-blocking flag from socket %d", host->hostname, client_ip, client_port, fd);
// convert the socket to a FILE *
FILE *fp = fdopen(fd, "r");
if(!fp) {
log_stream_connection(client_ip, client_port, key, host->machine_guid, host->hostname, "FAILED - SOCKET ERROR");
error("STREAM %s [receive from [%s]:%s]: failed to get a FILE for FD %d.", host->hostname, client_ip, client_port, fd);
close(fd);
return 0;
}
rrdhost_wrlock(host);
if(host->connected_senders > 0) {
switch(rrdpush_multiple_connections_strategy) {
case RRDPUSH_MULTIPLE_CONNECTIONS_ALLOW:
info("STREAM %s [receive from [%s]:%s]: multiple streaming connections for the same host detected. If multiple netdata are pushing metrics for the same charts, at the same time, the result is unexpected.", host->hostname, client_ip, client_port);
break;
case RRDPUSH_MULTIPLE_CONNECTIONS_DENY_NEW:
rrdhost_unlock(host);
log_stream_connection(client_ip, client_port, key, host->machine_guid, host->hostname, "REJECTED - ALREADY CONNECTED");
info("STREAM %s [receive from [%s]:%s]: multiple streaming connections for the same host detected. Rejecting new connection.", host->hostname, client_ip, client_port);
fclose(fp);
return 0;
}
}
rrdhost_flag_clear(host, RRDHOST_FLAG_ORPHAN);
host->connected_senders++;
host->senders_disconnected_time = 0;
if(health_enabled != CONFIG_BOOLEAN_NO) {
if(alarms_delay > 0) {
host->health_delay_up_to = now_realtime_sec() + alarms_delay;
info("Postponing health checks for %ld seconds, on host '%s', because it was just connected."
, alarms_delay
, host->hostname
);
}
}
rrdhost_unlock(host);
// call the plugins.d processor to receive the metrics
info("STREAM %s [receive from [%s]:%s]: receiving metrics...", host->hostname, client_ip, client_port);
log_stream_connection(client_ip, client_port, key, host->machine_guid, host->hostname, "CONNECTED");
size_t count = pluginsd_process(host, &cd, fp, 1);
log_stream_connection(client_ip, client_port, key, host->machine_guid, host->hostname, "DISCONNECTED");
error("STREAM %s [receive from [%s]:%s]: disconnected (completed %zu updates).", host->hostname, client_ip, client_port, count);
rrdhost_wrlock(host);
host->senders_disconnected_time = now_realtime_sec();
host->connected_senders--;
if(!host->connected_senders) {
rrdhost_flag_set(host, RRDHOST_FLAG_ORPHAN);
if(health_enabled == CONFIG_BOOLEAN_AUTO)
host->health_enabled = 0;
}
rrdhost_unlock(host);
if(host->connected_senders == 0)
rrdpush_sender_thread_stop(host);
// cleanup
fclose(fp);
return (int)count;
}
struct rrdpush_thread {
int fd;
char *key;
char *hostname;
char *registry_hostname;
char *machine_guid;
char *os;
char *timezone;
char *tags;
char *client_ip;
char *client_port;
char *program_name;
char *program_version;
struct rrdhost_system_info *system_info;
int update_every;
#ifdef ENABLE_HTTPS
struct netdata_ssl ssl;
#endif
};
static void rrdpush_receiver_thread_cleanup(void *ptr) {
static __thread int executed = 0;
if(!executed) {
executed = 1;
struct rrdpush_thread *rpt = (struct rrdpush_thread *) ptr;
info("STREAM %s [receive from [%s]:%s]: receive thread ended (task id %d)", rpt->hostname, rpt->client_ip, rpt->client_port, gettid());
freez(rpt->key);
freez(rpt->hostname);
freez(rpt->registry_hostname);
freez(rpt->machine_guid);
freez(rpt->os);
freez(rpt->timezone);
freez(rpt->tags);
freez(rpt->client_ip);
freez(rpt->client_port);
freez(rpt->program_name);
freez(rpt->program_version);
#ifdef ENABLE_HTTPS
if(rpt->ssl.conn){
SSL_free(rpt->ssl.conn);
}
#endif
freez(rpt);
}
}
static void *rrdpush_receiver_thread(void *ptr) {
netdata_thread_cleanup_push(rrdpush_receiver_thread_cleanup, ptr);
struct rrdpush_thread *rpt = (struct rrdpush_thread *)ptr;
info("STREAM %s [%s]:%s: receive thread created (task id %d)", rpt->hostname, rpt->client_ip, rpt->client_port, gettid());
rrdpush_receive(
rpt->fd
, rpt->key
, rpt->hostname
, rpt->registry_hostname
, rpt->machine_guid
, rpt->os
, rpt->timezone
, rpt->tags
, rpt->program_name
, rpt->program_version
, rpt->system_info
, rpt->update_every
, rpt->client_ip
, rpt->client_port
#ifdef ENABLE_HTTPS
, &rpt->ssl
#endif
);
netdata_thread_cleanup_pop(1);
return NULL;
}
static void rrdpush_sender_thread_spawn(RRDHOST *host) {
rrdhost_wrlock(host);
if(!host->rrdpush_sender_spawn) {
char tag[NETDATA_THREAD_TAG_MAX + 1];
snprintfz(tag, NETDATA_THREAD_TAG_MAX, "STREAM_SENDER[%s]", host->hostname);
if(netdata_thread_create(&host->rrdpush_sender_thread, tag, NETDATA_THREAD_OPTION_JOINABLE, rrdpush_sender_thread, (void *) host))
error("STREAM %s [send]: failed to create new thread for client.", host->hostname);
else
host->rrdpush_sender_spawn = 1;
}
rrdhost_unlock(host);
}
int rrdpush_receiver_permission_denied(struct web_client *w) {
// we always respond with the same message and error code
// to prevent an attacker from gaining info about the error
buffer_flush(w->response.data);
buffer_sprintf(w->response.data, "You are not permitted to access this. Check the logs for more info.");
return 401;
}
int rrdpush_receiver_too_busy_now(struct web_client *w) {
// we always respond with the same message and error code
// to prevent an attacker from gaining info about the error
buffer_flush(w->response.data);
buffer_sprintf(w->response.data, "The server is too busy now to accept this request. Try later.");
return 503;
}
int rrdpush_receiver_thread_spawn(RRDHOST *host, struct web_client *w, char *url) {
(void)host;
info("clients wants to STREAM metrics.");
char *key = NULL, *hostname = NULL, *registry_hostname = NULL, *machine_guid = NULL, *os = "unknown", *timezone = "unknown", *tags = NULL;
int update_every = default_rrd_update_every;
char buf[GUID_LEN + 1];
struct rrdhost_system_info *system_info = callocz(1, sizeof(struct rrdhost_system_info));
while(url) {
char *value = mystrsep(&url, "&");
if(!value || !*value) continue;
char *name = mystrsep(&value, "=");
if(!name || !*name) continue;
if(!value || !*value) continue;
if(!strcmp(name, "key"))
key = value;
else if(!strcmp(name, "hostname"))
hostname = value;
else if(!strcmp(name, "registry_hostname"))
registry_hostname = value;
else if(!strcmp(name, "machine_guid"))
machine_guid = value;
else if(!strcmp(name, "update_every"))
update_every = (int)strtoul(value, NULL, 0);
else if(!strcmp(name, "os"))
os = value;
else if(!strcmp(name, "timezone"))
timezone = value;
else if(!strcmp(name, "tags"))
tags = value;
else
if(unlikely(rrdhost_set_system_info_variable(system_info, name, value))) {
info("STREAM [receive from [%s]:%s]: request has parameter '%s' = '%s', which is not used.", w->client_ip, w->client_port, key, value);
}
}
if(!key || !*key) {
rrdhost_system_info_free(system_info);
log_stream_connection(w->client_ip, w->client_port, (key && *key)?key:"-", (machine_guid && *machine_guid)?machine_guid:"-", (hostname && *hostname)?hostname:"-", "ACCESS DENIED - NO KEY");
error("STREAM [receive from [%s]:%s]: request without an API key. Forbidding access.", w->client_ip, w->client_port);
return rrdpush_receiver_permission_denied(w);
}
if(!hostname || !*hostname) {
rrdhost_system_info_free(system_info);
log_stream_connection(w->client_ip, w->client_port, (key && *key)?key:"-", (machine_guid && *machine_guid)?machine_guid:"-", (hostname && *hostname)?hostname:"-", "ACCESS DENIED - NO HOSTNAME");
error("STREAM [receive from [%s]:%s]: request without a hostname. Forbidding access.", w->client_ip, w->client_port);
return rrdpush_receiver_permission_denied(w);
}
if(!machine_guid || !*machine_guid) {
rrdhost_system_info_free(system_info);
log_stream_connection(w->client_ip, w->client_port, (key && *key)?key:"-", (machine_guid && *machine_guid)?machine_guid:"-", (hostname && *hostname)?hostname:"-", "ACCESS DENIED - NO MACHINE GUID");
error("STREAM [receive from [%s]:%s]: request without a machine GUID. Forbidding access.", w->client_ip, w->client_port);
return rrdpush_receiver_permission_denied(w);
}
if(regenerate_guid(key, buf) == -1) {
rrdhost_system_info_free(system_info);
log_stream_connection(w->client_ip, w->client_port, (key && *key)?key:"-", (machine_guid && *machine_guid)?machine_guid:"-", (hostname && *hostname)?hostname:"-", "ACCESS DENIED - INVALID KEY");
error("STREAM [receive from [%s]:%s]: API key '%s' is not valid GUID (use the command uuidgen to generate one). Forbidding access.", w->client_ip, w->client_port, key);
return rrdpush_receiver_permission_denied(w);
}
if(regenerate_guid(machine_guid, buf) == -1) {
rrdhost_system_info_free(system_info);
log_stream_connection(w->client_ip, w->client_port, (key && *key)?key:"-", (machine_guid && *machine_guid)?machine_guid:"-", (hostname && *hostname)?hostname:"-", "ACCESS DENIED - INVALID MACHINE GUID");
error("STREAM [receive from [%s]:%s]: machine GUID '%s' is not GUID. Forbidding access.", w->client_ip, w->client_port, machine_guid);
return rrdpush_receiver_permission_denied(w);
}
if(!appconfig_get_boolean(&stream_config, key, "enabled", 0)) {
rrdhost_system_info_free(system_info);
log_stream_connection(w->client_ip, w->client_port, (key && *key)?key:"-", (machine_guid && *machine_guid)?machine_guid:"-", (hostname && *hostname)?hostname:"-", "ACCESS DENIED - KEY NOT ENABLED");
error("STREAM [receive from [%s]:%s]: API key '%s' is not allowed. Forbidding access.", w->client_ip, w->client_port, key);
return rrdpush_receiver_permission_denied(w);
}
{
SIMPLE_PATTERN *key_allow_from = simple_pattern_create(appconfig_get(&stream_config, key, "allow from", "*"), NULL, SIMPLE_PATTERN_EXACT);
if(key_allow_from) {
if(!simple_pattern_matches(key_allow_from, w->client_ip)) {
simple_pattern_free(key_allow_from);
rrdhost_system_info_free(system_info);
log_stream_connection(w->client_ip, w->client_port, (key && *key)?key:"-", (machine_guid && *machine_guid)?machine_guid:"-", (hostname && *hostname) ? hostname : "-", "ACCESS DENIED - KEY NOT ALLOWED FROM THIS IP");
error("STREAM [receive from [%s]:%s]: API key '%s' is not permitted from this IP. Forbidding access.", w->client_ip, w->client_port, key);
return rrdpush_receiver_permission_denied(w);
}
simple_pattern_free(key_allow_from);
}
}
if(!appconfig_get_boolean(&stream_config, machine_guid, "enabled", 1)) {
rrdhost_system_info_free(system_info);
log_stream_connection(w->client_ip, w->client_port, (key && *key)?key:"-", (machine_guid && *machine_guid)?machine_guid:"-", (hostname && *hostname)?hostname:"-", "ACCESS DENIED - MACHINE GUID NOT ENABLED");
error("STREAM [receive from [%s]:%s]: machine GUID '%s' is not allowed. Forbidding access.", w->client_ip, w->client_port, machine_guid);
return rrdpush_receiver_permission_denied(w);
}
{
SIMPLE_PATTERN *machine_allow_from = simple_pattern_create(appconfig_get(&stream_config, machine_guid, "allow from", "*"), NULL, SIMPLE_PATTERN_EXACT);
if(machine_allow_from) {
if(!simple_pattern_matches(machine_allow_from, w->client_ip)) {
simple_pattern_free(machine_allow_from);
rrdhost_system_info_free(system_info);
log_stream_connection(w->client_ip, w->client_port, (key && *key)?key:"-", (machine_guid && *machine_guid)?machine_guid:"-", (hostname && *hostname) ? hostname : "-", "ACCESS DENIED - MACHINE GUID NOT ALLOWED FROM THIS IP");
error("STREAM [receive from [%s]:%s]: Machine GUID '%s' is not permitted from this IP. Forbidding access.", w->client_ip, w->client_port, machine_guid);
return rrdpush_receiver_permission_denied(w);
}
simple_pattern_free(machine_allow_from);
}
}
if(unlikely(web_client_streaming_rate_t > 0)) {
static netdata_mutex_t stream_rate_mutex = NETDATA_MUTEX_INITIALIZER;
static volatile time_t last_stream_accepted_t = 0;
netdata_mutex_lock(&stream_rate_mutex);
time_t now = now_realtime_sec();
if(unlikely(last_stream_accepted_t == 0))
last_stream_accepted_t = now;
if(now - last_stream_accepted_t < web_client_streaming_rate_t) {
netdata_mutex_unlock(&stream_rate_mutex);
rrdhost_system_info_free(system_info);
error("STREAM [receive from [%s]:%s]: too busy to accept new streaming request. Will be allowed in %ld secs.", w->client_ip, w->client_port, (long)(web_client_streaming_rate_t - (now - last_stream_accepted_t)));
return rrdpush_receiver_too_busy_now(w);
}
last_stream_accepted_t = now;
netdata_mutex_unlock(&stream_rate_mutex);
}
struct rrdpush_thread *rpt = callocz(1, sizeof(struct rrdpush_thread));
rpt->fd = w->ifd;
rpt->key = strdupz(key);
rpt->hostname = strdupz(hostname);
rpt->registry_hostname = strdupz((registry_hostname && *registry_hostname)?registry_hostname:hostname);
rpt->machine_guid = strdupz(machine_guid);
rpt->os = strdupz(os);
rpt->timezone = strdupz(timezone);
rpt->tags = (tags)?strdupz(tags):NULL;
rpt->client_ip = strdupz(w->client_ip);
rpt->client_port = strdupz(w->client_port);
rpt->update_every = update_every;
rpt->system_info = system_info;
#ifdef ENABLE_HTTPS
rpt->ssl.conn = w->ssl.conn;
rpt->ssl.flags = w->ssl.flags;
w->ssl.conn = NULL;
w->ssl.flags = NETDATA_SSL_START;
#endif
if(w->user_agent && w->user_agent[0]) {
char *t = strchr(w->user_agent, '/');
if(t && *t) {
*t = '\0';
t++;
}
rpt->program_name = strdupz(w->user_agent);
if(t && *t) rpt->program_version = strdupz(t);
}
netdata_thread_t thread;
debug(D_SYSTEM, "starting STREAM receive thread.");
char tag[FILENAME_MAX + 1];
snprintfz(tag, FILENAME_MAX, "STREAM_RECEIVER[%s,[%s]:%s]", rpt->hostname, w->client_ip, w->client_port);
if(netdata_thread_create(&thread, tag, NETDATA_THREAD_OPTION_DEFAULT, rrdpush_receiver_thread, (void *)rpt))
error("Failed to create new STREAM receive thread for client.");
// prevent the caller from closing the streaming socket
if(web_server_mode == WEB_SERVER_MODE_STATIC_THREADED) {
web_client_flag_set(w, WEB_CLIENT_FLAG_DONT_CLOSE_SOCKET);
}
else {
if(w->ifd == w->ofd)
w->ifd = w->ofd = -1;
else
w->ifd = -1;
}
buffer_flush(w->response.data);
return 200;
}
Reference in a new issue View git blame Copy permalink