diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-07-24 09:54:23 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-07-24 09:54:44 +0000 |
commit | 836b47cb7e99a977c5a23b059ca1d0b5065d310e (patch) | |
tree | 1604da8f482d02effa033c94a84be42bc0c848c3 /registry | |
parent | Releasing debian version 1.44.3-2. (diff) | |
download | netdata-836b47cb7e99a977c5a23b059ca1d0b5065d310e.tar.xz netdata-836b47cb7e99a977c5a23b059ca1d0b5065d310e.zip |
Merging upstream version 1.46.3.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'registry')
-rw-r--r-- | registry/Makefile.am | 8 | ||||
-rw-r--r-- | registry/README.md | 217 | ||||
-rw-r--r-- | registry/registry.c | 535 | ||||
-rw-r--r-- | registry/registry.h | 83 | ||||
-rw-r--r-- | registry/registry_db.c | 381 | ||||
-rw-r--r-- | registry/registry_init.c | 249 | ||||
-rw-r--r-- | registry/registry_internals.c | 321 | ||||
-rw-r--r-- | registry/registry_internals.h | 89 | ||||
-rw-r--r-- | registry/registry_log.c | 137 | ||||
-rw-r--r-- | registry/registry_machine.c | 116 | ||||
-rw-r--r-- | registry/registry_machine.h | 48 | ||||
-rw-r--r-- | registry/registry_person.c | 232 | ||||
-rw-r--r-- | registry/registry_person.h | 57 |
13 files changed, 0 insertions, 2473 deletions
diff --git a/registry/Makefile.am b/registry/Makefile.am deleted file mode 100644 index 161784b8f..000000000 --- a/registry/Makefile.am +++ /dev/null @@ -1,8 +0,0 @@ -# SPDX-License-Identifier: GPL-3.0-or-later - -AUTOMAKE_OPTIONS = subdir-objects -MAINTAINERCLEANFILES = $(srcdir)/Makefile.in - -dist_noinst_DATA = \ - README.md \ - $(NULL) diff --git a/registry/README.md b/registry/README.md deleted file mode 100644 index 0bf174e1a..000000000 --- a/registry/README.md +++ /dev/null @@ -1,217 +0,0 @@ -<!-- -title: "Registry" -description: "Netdata utilizes a central registry of machines/person GUIDs, URLs, and opt-in account information to provide unified cross-server dashboards." -custom_edit_url: "https://github.com/netdata/netdata/edit/master/registry/README.md" -sidebar_label: "Registry" -learn_status: "Published" -learn_rel_path: "Configuration" ---> - -# Registry - -Netdata provides distributed monitoring. - -Traditional monitoring solutions centralize all the data to provide unified dashboards across all servers. Before -Netdata, this was the standard practice. However it has a few issues: - -1. due to the resources required, the number of metrics collected is limited. -2. for the same reason, the data collection frequency is not that high, at best it will be once every 10 or 15 seconds, - at worst every 5 or 10 mins. -3. the central monitoring solution needs dedicated resources, thus becoming "another bottleneck" in the whole - ecosystem. It also requires maintenance, administration, etc. -4. most centralized monitoring solutions are usually only good for presenting _statistics of past performance_ (i.e. - cannot be used for real-time performance troubleshooting). - -Netdata follows a different approach: - -1. data collection happens per second -2. thousands of metrics per server are collected -3. data do not leave the server where they are collected -4. Netdata servers do not talk to each other -5. your browser connects all the Netdata servers - -Using Netdata, your monitoring infrastructure is embedded on each server, limiting significantly the need of additional -resources. Netdata is blazingly fast, very resource efficient and utilizes server resources that already exist and are -spare (on each server). This allows **scaling out** the monitoring infrastructure. - -However, the Netdata approach introduces a few new issues that need to be addressed, one being **the list of Netdata we -have installed**, i.e. the URLs our Netdata servers are listening. - -To solve this, Netdata utilizes a **central registry**. This registry, together with certain browser features, allow -Netdata to provide unified cross-server dashboards. For example, when you jump from server to server using the node -menu, several session settings (like the currently viewed charts, the current zoom and pan operations on the charts, -etc.) are propagated to the new server, so that the new dashboard will come with exactly the same view. - -## What data does the registry store? - -The registry keeps track of 4 entities: - -1. **machines**: i.e. the Netdata installations (a random GUID generated by each Netdata the first time it starts; we - call this **machine_guid**) - - For each Netdata installation (each `machine_guid`) the registry keeps track of the different URLs it has accessed. - -2. **persons**: i.e. the web browsers accessing the Netdata installations (a random GUID generated by the registry the - first time it sees a new web browser; we call this **person_guid**) - - For each person, the registry keeps track of the Netdata installations it has accessed and their URLs. - -3. **URLs** of Netdata installations (as seen by the web browsers) - - For each URL, the registry keeps the URL and nothing more. Each URL is linked to _persons_ and _machines_. The only - way to find a URL is to know its **machine_guid** or have a **person_guid** it is linked to it. - -4. **accounts**: i.e. the information used to sign-in via one of the available sign-in methods. Depending on the - method, this may include an email, or an email and a profile picture or avatar. - -For _persons_/_accounts_ and _machines_, the registry keeps links to _URLs_, each link with 2 timestamps (first time -seen, last time seen) and a counter (number of times it has been seen). *machines_, _persons_ and timestamps are stored -in the Netdata registry regardless of whether you sign in or not. - -## Who talks to the registry? - -Your web browser **only**! If sending this information is against your policies, you -can [run your own registry](#run-your-own-registry) - -Your Netdata servers do not talk to the registry. This is a UML diagram of its operation: - -![registry](https://cloud.githubusercontent.com/assets/2662304/19448565/11a70632-94ab-11e6-9d80-f410b4acb797.png) - -## Which is the default registry? - -`https://registry.my-netdata.io`, which is currently served by `https://london.my-netdata.io`. This registry listens to -both HTTP and HTTPS requests but the default is HTTPS. - -### Can this registry handle the global load of Netdata installations? - -Yeap! The registry can handle 50.000 - 100.000 requests **per second per core** (depending on the type of CPU, the -computer's memory bandwidth, etc). 50.000 is on J1900 (celeron 2Ghz). - -We believe, it can do it... - -## Run your own registry - -**Every Netdata can be a registry**. Just pick one and configure it. - -**To turn any Netdata into a registry**, edit `/etc/netdata/netdata.conf` and set: - -```conf -[registry] - enabled = yes - registry to announce = http://your.registry:19999 -``` - -Restart your Netdata to activate it. - -Then, you need to tell **all your other Netdata servers to advertise your registry**, instead of the default. To do -this, on each of your Netdata servers, edit `/etc/netdata/netdata.conf` and set: - -```conf -[registry] - enabled = no - registry to announce = http://your.registry:19999 -``` - -Note that we have not enabled the registry on the other servers. Only one Netdata (the registry) needs -`[registry].enabled = yes`. - -This is it. You have your registry now. - -You may also want to give your server different names under the node menu (i.e. to have them sorted / grouped). You can -change its registry name, by setting on each Netdata server: - -```conf -[registry] - registry hostname = Group1 - Master DB -``` - -So this server will appear in the node menu as `Group1 - Master DB`. The max name length is 50 characters. - -### Limiting access to the registry - -Netdata v1.9+ support limiting access to the registry from given IPs, like this: - -```conf -[registry] - allow from = * -``` - -`allow from` settings are [Netdata simple patterns](https://github.com/netdata/netdata/blob/master/libnetdata/simple_pattern/README.md): string matches that use `*` -as wildcard (any number of times) and a `!` prefix for a negative match. So: `allow from = !10.1.2.3 10.*` will allow -all IPs in `10.*` except `10.1.2.3`. The order is important: left to right, the first positive or negative match is -used. - -Keep in mind that connections to Netdata API ports are filtered by `[web].allow connections from`. So, IPs allowed by -`[registry].allow from` should also be allowed by `[web].allow connection from`. - -The patterns can be matches over IP addresses or FQDN of the host. In order to check the FQDN of the connection without -opening the Netdata agent to DNS-spoofing, a reverse-dns record must be setup for the connecting host. At connection -time the reverse-dns of the peer IP address is resolved, and a forward DNS resolution is made to validate the IP address -against the name-pattern. - -Please note that this process can be expensive on a machine that is serving many connections. The behaviour of the -pattern matching can be controlled with the following setting: - -```conf -[registry] - allow by dns = heuristic -``` - -The settings are: -- `yes` allows the pattern to match DNS names. -- `no` disables DNS matching for the patterns (they only match IP addresses). -- `heuristic` will estimate if the patterns should match FQDNs by the presence or absence of `:`s or alpha-characters. - -### Where is the registry database stored? - -`/var/lib/netdata/registry/*.db` - -There can be up to 2 files: - -- `registry-log.db`, the transaction log - - all incoming requests that affect the registry are saved in this file in real-time. - -- `registry.db`, the database - - every `[registry].registry save db every new entries` entries in `registry-log.db`, Netdata will save its database - to `registry.db` and empty `registry-log.db`. - -Both files are machine readable text files. - -### How can I disable the SameSite and Secure cookies? - -Beginning with `v1.30.0`, when the Netdata Agent's web server processes a request, it delivers the `SameSite=none` -and `Secure` cookies. If you have problems accessing the local Agent dashboard or Netdata Cloud, disable these -cookies by [editing `netdata.conf`](https://github.com/netdata/netdata/blob/master/docs/configure/nodes.md#use-edit-config-to-edit-configuration-files): - -```conf -[registry] - enable cookies SameSite and Secure = no -``` - -## The future - -The registry opens a whole world of new possibilities for Netdata. Check here what we think: -<https://github.com/netdata/netdata/issues/416> - -## Troubleshooting the registry - -The registry URL should be set to the URL of a Netdata dashboard. This server has to have `[registry].enabled = yes`. -So, accessing the registry URL directly with your web browser, should present the dashboard of the Netdata operating the -registry. - -To use the registry, your web browser needs to support **third party cookies**, since the cookies are set by the -registry while you are browsing the dashboard of another Netdata server. The registry, the first time it sees a new web -browser it tries to figure if the web browser has cookies enabled or not. It does this by setting a cookie and -redirecting the browser back to itself hoping that it will receive the cookie. If it does not receive the cookie, the -registry will keep redirecting your web browser back to itself, which after a few redirects will fail with an error like -this: - -```conf -ERROR 409: Cannot ACCESS netdata registry: https://registry.my-netdata.io responded with: {"status":"redirect","registry":"https://registry.my-netdata.io"} -``` - -This error is printed on your web browser console (press F12 on your browser to see it). - - diff --git a/registry/registry.c b/registry/registry.c deleted file mode 100644 index 3f3c4b274..000000000 --- a/registry/registry.c +++ /dev/null @@ -1,535 +0,0 @@ -// SPDX-License-Identifier: GPL-3.0-or-later - -#include "daemon/common.h" -#include "registry_internals.h" - -#define REGISTRY_STATUS_OK "ok" -#define REGISTRY_STATUS_REDIRECT "redirect" -#define REGISTRY_STATUS_FAILED "failed" -#define REGISTRY_STATUS_DISABLED "disabled" - -bool registry_is_valid_url(const char *url) { - return url && (*url == 'h' || *url == '*'); -} - -// ---------------------------------------------------------------------------- -// REGISTRY concurrency locking - -static inline void registry_lock(void) { - netdata_mutex_lock(®istry.lock); -} - -static inline void registry_unlock(void) { - netdata_mutex_unlock(®istry.lock); -} - -// ---------------------------------------------------------------------------- -// COOKIES - -static void registry_set_cookie(struct web_client *w, const char *guid) { - char rfc7231_expires[RFC7231_MAX_LENGTH]; - rfc7231_datetime(rfc7231_expires, sizeof(rfc7231_expires), now_realtime_sec() + registry.persons_expiration); - - buffer_sprintf(w->response.header, "Set-Cookie: " NETDATA_REGISTRY_COOKIE_NAME "=%s; Expires=%s\r\n", guid, rfc7231_expires); - buffer_sprintf(w->response.header, "Set-Cookie: " NETDATA_REGISTRY_COOKIE_NAME "=%s; SameSite=Strict; Expires=%s\r\n", guid, rfc7231_expires); - if(registry.enable_cookies_samesite_secure) - buffer_sprintf(w->response.header, "Set-Cookie: " NETDATA_REGISTRY_COOKIE_NAME "=%s; Expires=%s; SameSite=None; Secure\r\n", guid, rfc7231_expires); - - if(registry.registry_domain && *registry.registry_domain) { - buffer_sprintf(w->response.header, "Set-Cookie: " NETDATA_REGISTRY_COOKIE_NAME "=%s; Expires=%s; Domain=%s\r\n", guid, rfc7231_expires, registry.registry_domain); - buffer_sprintf(w->response.header, "Set-Cookie: " NETDATA_REGISTRY_COOKIE_NAME "=%s; Expires=%s; Domain=%s; SameSite=Strict\r\n", guid, rfc7231_expires, registry.registry_domain); - if(registry.enable_cookies_samesite_secure) - buffer_sprintf(w->response.header, "Set-Cookie: " NETDATA_REGISTRY_COOKIE_NAME "=%s; Expires=%s; Domain=%s; SameSite=None; Secure\r\n", guid, rfc7231_expires, registry.registry_domain); - } - - w->response.has_cookies = true; -} - -static inline void registry_set_person_cookie(struct web_client *w, REGISTRY_PERSON *p) { - registry_set_cookie(w, p->guid); -} - - -// ---------------------------------------------------------------------------- -// JSON GENERATION - -static inline void registry_json_header(RRDHOST *host, struct web_client *w, const char *action, const char *status) { - buffer_flush(w->response.data); - w->response.data->content_type = CT_APPLICATION_JSON; - buffer_json_initialize(w->response.data, "\"", "\"", 0, true, BUFFER_JSON_OPTIONS_DEFAULT); - buffer_json_member_add_string(w->response.data, "action", action); - buffer_json_member_add_string(w->response.data, "status", status); - buffer_json_member_add_string(w->response.data, "hostname", rrdhost_registry_hostname(host)); - buffer_json_member_add_string(w->response.data, "machine_guid", host->machine_guid); -} - -static inline void registry_json_footer(struct web_client *w) { - buffer_json_finalize(w->response.data); -} - -static inline int registry_json_disabled(RRDHOST *host, struct web_client *w, const char *action) { - registry_json_header(host, w, action, REGISTRY_STATUS_DISABLED); - - buffer_json_member_add_string(w->response.data, "registry", registry.registry_to_announce); - - registry_json_footer(w); - return HTTP_RESP_OK; -} - - -// ---------------------------------------------------------------------------- -// CALLBACKS FOR WALKING THROUGH REGISTRY OBJECTS - -// structure used be the callbacks below -struct registry_json_walk_person_urls_callback { - REGISTRY_PERSON *p; - REGISTRY_MACHINE *m; - struct web_client *w; - int count; -}; - -static STRING *asterisks = NULL; - -// callback for rendering PERSON_URLs -static int registry_json_person_url_callback(REGISTRY_PERSON_URL *pu, struct registry_json_walk_person_urls_callback *c) { - if(unlikely(!asterisks)) - asterisks = string_strdupz("***"); - - struct web_client *w = c->w; - - if (pu->url == asterisks) return 0; - - buffer_json_add_array_item_array(w->response.data); - buffer_json_add_array_item_string(w->response.data, pu->machine->guid); - buffer_json_add_array_item_string(w->response.data, string2str(pu->url)); - buffer_json_add_array_item_uint64(w->response.data, pu->last_t * (uint64_t) 1000); - buffer_json_add_array_item_uint64(w->response.data, pu->usages); - buffer_json_add_array_item_string(w->response.data, string2str(pu->machine_name)); - buffer_json_array_close(w->response.data); - - return 1; -} - -// callback for rendering MACHINE_URLs -static int registry_json_machine_url_callback(REGISTRY_MACHINE_URL *mu, struct registry_json_walk_person_urls_callback *c, STRING *hostname) { - if(unlikely(!asterisks)) - asterisks = string_strdupz("***"); - - struct web_client *w = c->w; - REGISTRY_MACHINE *m = c->m; - - if (mu->url == asterisks) return 0; - - buffer_json_add_array_item_array(w->response.data); - buffer_json_add_array_item_string(w->response.data, m->guid); - buffer_json_add_array_item_string(w->response.data, string2str(mu->url)); - buffer_json_add_array_item_uint64(w->response.data, mu->last_t * (uint64_t) 1000); - buffer_json_add_array_item_uint64(w->response.data, mu->usages); - buffer_json_add_array_item_string(w->response.data, string2str(hostname)); - buffer_json_array_close(w->response.data); - - return 1; -} - -// ---------------------------------------------------------------------------- - -// structure used be the callbacks below -struct registry_person_url_callback_verify_machine_exists_data { - REGISTRY_MACHINE *m; - int count; -}; - -static inline int registry_person_url_callback_verify_machine_exists(REGISTRY_PERSON_URL *pu, struct registry_person_url_callback_verify_machine_exists_data *d) { - REGISTRY_MACHINE *m = d->m; - - if(pu->machine == m) - d->count++; - - return 0; -} - -// ---------------------------------------------------------------------------- -// dynamic update of the configuration -// The registry does not seem to be designed to support this and I cannot see any concurrency protection -// that could make this safe, so try to be as atomic as possible. - -void registry_update_cloud_base_url() { - registry.cloud_base_url = appconfig_get(&cloud_config, CONFIG_SECTION_GLOBAL, "cloud base url", DEFAULT_CLOUD_BASE_URL); - setenv("NETDATA_REGISTRY_CLOUD_BASE_URL", registry.cloud_base_url, 1); -} - -// ---------------------------------------------------------------------------- -// public HELLO request - -int registry_request_hello_json(RRDHOST *host, struct web_client *w, bool do_not_track) { - registry_json_header(host, w, "hello", REGISTRY_STATUS_OK); - - if(host->node_id) - buffer_json_member_add_uuid(w->response.data, "node_id", host->node_id); - - buffer_json_member_add_object(w->response.data, "agent"); - { - buffer_json_member_add_string(w->response.data, "machine_guid", localhost->machine_guid); - - if(localhost->node_id) - buffer_json_member_add_uuid(w->response.data, "node_id", localhost->node_id); - - char *claim_id = get_agent_claimid(); - if (claim_id) { - buffer_json_member_add_string(w->response.data, "claim_id", claim_id); - freez(claim_id); - } - - buffer_json_member_add_boolean(w->response.data, "bearer_protection", netdata_is_protected_by_bearer); - } - buffer_json_object_close(w->response.data); - - CLOUD_STATUS status = cloud_status(); - buffer_json_member_add_string(w->response.data, "cloud_status", cloud_status_to_string(status)); - buffer_json_member_add_string(w->response.data, "cloud_base_url", registry.cloud_base_url); - - buffer_json_member_add_string(w->response.data, "registry", registry.registry_to_announce); - buffer_json_member_add_boolean(w->response.data, "anonymous_statistics", do_not_track ? false : netdata_anonymous_statistics_enabled); - buffer_json_member_add_boolean(w->response.data, "X-Netdata-Auth", true); - - buffer_json_member_add_array(w->response.data, "nodes"); - RRDHOST *h; - dfe_start_read(rrdhost_root_index, h) { - buffer_json_add_array_item_object(w->response.data); - buffer_json_member_add_string(w->response.data, "machine_guid", h->machine_guid); - - if(h->node_id) - buffer_json_member_add_uuid(w->response.data, "node_id", h->node_id); - - buffer_json_member_add_string(w->response.data, "hostname", rrdhost_registry_hostname(h)); - buffer_json_object_close(w->response.data); - } - dfe_done(h); - buffer_json_array_close(w->response.data); // nodes - - registry_json_footer(w); - return HTTP_RESP_OK; -} - -// ---------------------------------------------------------------------------- -// public ACCESS request - -// the main method for registering an access -int registry_request_access_json(RRDHOST *host, struct web_client *w, char *person_guid, char *machine_guid, char *url, char *name, time_t when) { - if(unlikely(!registry.enabled)) - return registry_json_disabled(host, w, "access"); - - if(!registry_is_valid_url(url)) { - buffer_flush(w->response.data); - buffer_strcat(w->response.data, "Invalid URL given in the request"); - return HTTP_RESP_BAD_REQUEST; - } - - // ------------------------------------------------------------------------ - // verify the browser supports cookies or the bearer - - if(registry.verify_cookies_redirects > 0 && !person_guid[0]) { - registry_lock(); - registry_request_access(REGISTRY_VERIFY_COOKIES_GUID, machine_guid, url, name, when); - registry_unlock(); - - buffer_flush(w->response.data); - registry_set_cookie(w, REGISTRY_VERIFY_COOKIES_GUID); - w->response.data->content_type = CT_APPLICATION_JSON; - registry_json_header(host, w, "access", REGISTRY_STATUS_REDIRECT); - buffer_json_member_add_string(w->response.data, "person_guid", REGISTRY_VERIFY_COOKIES_GUID); - buffer_json_member_add_string(w->response.data, "registry", registry.registry_to_announce); - registry_json_footer(w); - return HTTP_RESP_OK; - } - - if(unlikely(person_guid[0] && is_dummy_person(person_guid))) - // it passed the check - they gave us a different person_guid - // empty the dummy one, so that we will generate a new person_guid - person_guid[0] = '\0'; - - // ------------------------------------------------------------------------ - - registry_lock(); - - REGISTRY_PERSON *p = registry_request_access(person_guid, machine_guid, url, name, when); - if(!p) { - registry_json_header(host, w, "access", REGISTRY_STATUS_FAILED); - registry_json_footer(w); - registry_unlock(); - return HTTP_RESP_PRECOND_FAIL; - } - - // set the cookie - registry_set_person_cookie(w, p); - - // generate the response - registry_json_header(host, w, "access", REGISTRY_STATUS_OK); - buffer_json_member_add_string(w->response.data, "person_guid", p->guid); - buffer_json_member_add_array(w->response.data, "urls"); - - struct registry_json_walk_person_urls_callback c = { p, NULL, w, 0 }; - for(REGISTRY_PERSON_URL *pu = p->person_urls; pu ;pu = pu->next) - registry_json_person_url_callback(pu, &c); - buffer_json_array_close(w->response.data); // urls - - registry_json_footer(w); - registry_unlock(); - return HTTP_RESP_OK; -} - -// ---------------------------------------------------------------------------- -// public DELETE request - -// the main method for deleting a URL from a person -int registry_request_delete_json(RRDHOST *host, struct web_client *w, char *person_guid, char *machine_guid, char *url, char *delete_url, time_t when) { - if(!registry.enabled) - return registry_json_disabled(host, w, "delete"); - - if(!registry_is_valid_url(url)) { - buffer_flush(w->response.data); - buffer_strcat(w->response.data, "Invalid URL given in the request"); - return HTTP_RESP_BAD_REQUEST; - } - - registry_lock(); - - REGISTRY_PERSON *p = registry_request_delete(person_guid, machine_guid, url, delete_url, when); - if(!p) { - registry_json_header(host, w, "delete", REGISTRY_STATUS_FAILED); - registry_json_footer(w); - registry_unlock(); - return HTTP_RESP_PRECOND_FAIL; - } - - // generate the response - registry_json_header(host, w, "delete", REGISTRY_STATUS_OK); - registry_json_footer(w); - registry_unlock(); - return HTTP_RESP_OK; -} - -// ---------------------------------------------------------------------------- -// public SEARCH request - -// the main method for searching the URLs of a netdata -int registry_request_search_json(RRDHOST *host, struct web_client *w, char *person_guid, char *request_machine) { - if(!registry.enabled) - return registry_json_disabled(host, w, "search"); - - if(!person_guid || !person_guid[0]) { - registry_json_header(host, w, "search", REGISTRY_STATUS_FAILED); - registry_json_footer(w); - return HTTP_RESP_PRECOND_FAIL; - } - - registry_lock(); - - STRING *hostname = NULL; - REGISTRY_MACHINE *m = registry_request_machine(person_guid, request_machine, &hostname); - if(!m) { - registry_json_header(host, w, "search", REGISTRY_STATUS_FAILED); - registry_json_footer(w); - registry_unlock(); - string_freez(hostname); - return HTTP_RESP_NOT_FOUND; - } - - registry_json_header(host, w, "search", REGISTRY_STATUS_OK); - - buffer_json_member_add_array(w->response.data, "urls"); - struct registry_json_walk_person_urls_callback c = { NULL, m, w, 0 }; - - for(REGISTRY_MACHINE_URL *mu = m->machine_urls; mu ; mu = mu->next) - registry_json_machine_url_callback(mu, &c, hostname); - - buffer_json_array_close(w->response.data); - - registry_json_footer(w); - registry_unlock(); - string_freez(hostname); - return HTTP_RESP_OK; -} - -// ---------------------------------------------------------------------------- -// SWITCH REQUEST - -// the main method for switching user identity -int registry_request_switch_json(RRDHOST *host, struct web_client *w, char *person_guid, char *machine_guid, char *url __maybe_unused, char *new_person_guid, time_t when __maybe_unused) { - if(!registry.enabled) - return registry_json_disabled(host, w, "switch"); - - if(!person_guid || !person_guid[0]) { - buffer_flush(w->response.data); - buffer_strcat(w->response.data, "Who are you? Person GUID is missing"); - return HTTP_RESP_PRECOND_FAIL; - } - - if(!registry_is_valid_url(url)) { - buffer_flush(w->response.data); - buffer_strcat(w->response.data, "Invalid URL given in the request"); - return HTTP_RESP_BAD_REQUEST; - } - - registry_lock(); - - REGISTRY_PERSON *op = registry_person_find(person_guid); - if(!op) { - registry_json_header(host, w, "switch", REGISTRY_STATUS_FAILED); - registry_json_footer(w); - registry_unlock(); - return 430; - } - - REGISTRY_PERSON *np = registry_person_find(new_person_guid); - if(!np) { - registry_json_header(host, w, "switch", REGISTRY_STATUS_FAILED); - registry_json_footer(w); - registry_unlock(); - return 431; - } - - REGISTRY_MACHINE *m = registry_machine_find(machine_guid); - if(!m) { - registry_json_header(host, w, "switch", REGISTRY_STATUS_FAILED); - registry_json_footer(w); - registry_unlock(); - return 432; - } - - struct registry_person_url_callback_verify_machine_exists_data data = { m, 0 }; - - // verify the old person has access to this machine - for(REGISTRY_PERSON_URL *pu = op->person_urls; pu ;pu = pu->next) - registry_person_url_callback_verify_machine_exists(pu, &data); - - if(!data.count) { - registry_json_header(host, w, "switch", REGISTRY_STATUS_FAILED); - registry_json_footer(w); - registry_unlock(); - return 433; - } - - // verify the new person has access to this machine - data.count = 0; - for(REGISTRY_PERSON_URL *pu = np->person_urls; pu ;pu = pu->next) - registry_person_url_callback_verify_machine_exists(pu, &data); - - if(!data.count) { - registry_json_header(host, w, "switch", REGISTRY_STATUS_FAILED); - registry_json_footer(w); - registry_unlock(); - return 434; - } - - // set the cookie of the new person - // the user just switched identity - registry_set_person_cookie(w, np); - - // generate the response - registry_json_header(host, w, "switch", REGISTRY_STATUS_OK); - buffer_json_member_add_string(w->response.data, "person_guid", np->guid); - registry_json_footer(w); - - registry_unlock(); - return HTTP_RESP_OK; -} - -// ---------------------------------------------------------------------------- -// STATISTICS - -void registry_statistics(void) { - if(!registry.enabled) return; - - static RRDSET *sts = NULL, *stc = NULL, *stm = NULL; - - if(unlikely(!sts)) { - sts = rrdset_create_localhost( - "netdata" - , "registry_sessions" - , NULL - , "registry" - , NULL - , "Netdata Registry Sessions" - , "sessions" - , "registry" - , "stats" - , 131000 - , localhost->rrd_update_every - , RRDSET_TYPE_LINE - ); - - rrddim_add(sts, "sessions", NULL, 1, 1, RRD_ALGORITHM_ABSOLUTE); - } - - rrddim_set(sts, "sessions", (collected_number)registry.usages_count); - rrdset_done(sts); - - // ------------------------------------------------------------------------ - - if(unlikely(!stc)) { - stc = rrdset_create_localhost( - "netdata" - , "registry_entries" - , NULL - , "registry" - , NULL - , "Netdata Registry Entries" - , "entries" - , "registry" - , "stats" - , 131100 - , localhost->rrd_update_every - , RRDSET_TYPE_LINE - ); - - rrddim_add(stc, "persons", NULL, 1, 1, RRD_ALGORITHM_ABSOLUTE); - rrddim_add(stc, "machines", NULL, 1, 1, RRD_ALGORITHM_ABSOLUTE); - rrddim_add(stc, "persons_urls", NULL, 1, 1, RRD_ALGORITHM_ABSOLUTE); - rrddim_add(stc, "machines_urls", NULL, 1, 1, RRD_ALGORITHM_ABSOLUTE); - } - - rrddim_set(stc, "persons", (collected_number)registry.persons_count); - rrddim_set(stc, "machines", (collected_number)registry.machines_count); - rrddim_set(stc, "persons_urls", (collected_number)registry.persons_urls_count); - rrddim_set(stc, "machines_urls", (collected_number)registry.machines_urls_count); - rrdset_done(stc); - - // ------------------------------------------------------------------------ - - if(unlikely(!stm)) { - stm = rrdset_create_localhost( - "netdata" - , "registry_mem" - , NULL - , "registry" - , NULL - , "Netdata Registry Memory" - , "KiB" - , "registry" - , "stats" - , 131300 - , localhost->rrd_update_every - , RRDSET_TYPE_STACKED - ); - - rrddim_add(stm, "persons", NULL, 1, 1024, RRD_ALGORITHM_ABSOLUTE); - rrddim_add(stm, "machines", NULL, 1, 1024, RRD_ALGORITHM_ABSOLUTE); - rrddim_add(stm, "persons_urls", NULL, 1, 1024, RRD_ALGORITHM_ABSOLUTE); - rrddim_add(stm, "machines_urls", NULL, 1, 1024, RRD_ALGORITHM_ABSOLUTE); - } - - struct aral_statistics *p_aral_stats = aral_statistics(registry.persons_aral); - rrddim_set(stm, "persons", (collected_number)p_aral_stats->structures.allocated_bytes + (collected_number)p_aral_stats->malloc.allocated_bytes + (collected_number)p_aral_stats->mmap.allocated_bytes); - - struct aral_statistics *m_aral_stats = aral_statistics(registry.machines_aral); - rrddim_set(stm, "machines", (collected_number)m_aral_stats->structures.allocated_bytes + (collected_number)m_aral_stats->malloc.allocated_bytes + (collected_number)m_aral_stats->mmap.allocated_bytes); - - struct aral_statistics *pu_aral_stats = aral_statistics(registry.person_urls_aral); - rrddim_set(stm, "persons_urls", (collected_number)pu_aral_stats->structures.allocated_bytes + (collected_number)pu_aral_stats->malloc.allocated_bytes + (collected_number)pu_aral_stats->mmap.allocated_bytes); - - struct aral_statistics *mu_aral_stats = aral_statistics(registry.machine_urls_aral); - rrddim_set(stm, "machines_urls", (collected_number)mu_aral_stats->structures.allocated_bytes + (collected_number)mu_aral_stats->malloc.allocated_bytes + (collected_number)mu_aral_stats->mmap.allocated_bytes); - - rrdset_done(stm); -} diff --git a/registry/registry.h b/registry/registry.h deleted file mode 100644 index 746fe430f..000000000 --- a/registry/registry.h +++ /dev/null @@ -1,83 +0,0 @@ -// SPDX-License-Identifier: GPL-3.0-or-later -/* - * netdata registry - * - * this header file describes the public interface - * to the netdata registry - * - * only these high level functions are exposed - * - */ - -// ---------------------------------------------------------------------------- -// TODO -// -// 1. the default tracking cookie expires in 1 year, but the persons are not -// removed from the db - this means the database only grows - ideally the -// database should be cleaned in registry_db_save() for both on-disk and -// on-memory entries. -// -// Cleanup: -// i. Find all the PERSONs that have expired cookie -// ii. For each of their PERSON_URLs: -// - decrement the linked MACHINE links -// - if the linked MACHINE has no other links, remove the linked MACHINE too -// - remove the PERSON_URL -// -// 2. add protection to prevent abusing the registry by flooding it with -// requests to fill the memory and crash it. -// -// Possible protections: -// - limit the number of URLs per person -// - limit the number of URLs per machine -// - limit the number of persons -// - limit the number of machines -// - [DONE] limit the size of URLs -// - [DONE] limit the size of PERSON_URL names -// - limit the number of requests that add data to the registry, -// per client IP per hour -// -// 3. lower memory requirements -// -// - embed avl structures directly into registry objects, instead of DICTIONARY -// [DONE for PERSON_URLs, PENDING for MACHINE_URLs] -// - store GUIDs in memory as UUID instead of char * -// - do not track persons using the demo machines only -// (i.e. start tracking them only when they access a non-demo machine) -// - [DONE] do not track custom dashboards by default - -#ifndef NETDATA_REGISTRY_H -#define NETDATA_REGISTRY_H 1 - -#include "daemon/common.h" - -#define NETDATA_REGISTRY_COOKIE_NAME "netdata_registry_id" - -// initialize the registry -// should only happen when netdata starts -int registry_init(void); - -// free all data held by the registry -// should only happen when netdata exits -void registry_free(void); - -// HTTP requests handled by the registry -int registry_request_access_json(RRDHOST *host, struct web_client *w, char *person_guid, char *machine_guid, char *url, char *name, time_t when); -int registry_request_delete_json(RRDHOST *host, struct web_client *w, char *person_guid, char *machine_guid, char *url, char *delete_url, time_t when); -int registry_request_search_json(RRDHOST *host, struct web_client *w, char *person_guid, char *request_machine); -int registry_request_switch_json(RRDHOST *host, struct web_client *w, char *person_guid, char *machine_guid, char *url, char *new_person_guid, time_t when); -int registry_request_hello_json(RRDHOST *host, struct web_client *w, bool do_not_track); - -// update the registry config -void registry_update_cloud_base_url(); - -// update the registry monitoring charts -void registry_statistics(void); - -char *registry_get_this_machine_guid(void); -char *registry_get_mgmt_api_key(void); -char *registry_get_this_machine_hostname(void); - -int regenerate_guid(const char *guid, char *result); - -#endif /* NETDATA_REGISTRY_H */ diff --git a/registry/registry_db.c b/registry/registry_db.c deleted file mode 100644 index 448ca29d3..000000000 --- a/registry/registry_db.c +++ /dev/null @@ -1,381 +0,0 @@ -// SPDX-License-Identifier: GPL-3.0-or-later - -#include "daemon/common.h" -#include "registry_internals.h" - -int registry_db_should_be_saved(void) { - netdata_log_debug(D_REGISTRY, "log entries %llu, max %llu", registry.log_count, registry.save_registry_every_entries); - return registry.log_count > registry.save_registry_every_entries; -} - -// ---------------------------------------------------------------------------- -// INTERNAL FUNCTIONS FOR SAVING REGISTRY OBJECTS - -static int registry_machine_save_url(REGISTRY_MACHINE_URL *mu, FILE *fp) { - netdata_log_debug(D_REGISTRY, "REGISTRY: registry_machine_save_url('%s')", string2str(mu->url)); - - int ret = fprintf(fp, "V\t%08x\t%08x\t%08x\t%02x\t%s\n", - mu->first_t, - mu->last_t, - mu->usages, - mu->flags, - string2str(mu->url) - ); - - // error handling is done at registry_db_save() - - return ret; -} - -static int registry_machine_save(const DICTIONARY_ITEM *item __maybe_unused, void *entry, void *file) { - - REGISTRY_MACHINE *m = entry; - FILE *fp = file; - - netdata_log_debug(D_REGISTRY, "REGISTRY: registry_machine_save('%s')", m->guid); - - int ret = fprintf(fp, "M\t%08x\t%08x\t%08x\t%s\n", - m->first_t, - m->last_t, - m->usages, - m->guid - ); - - if(ret >= 0) { - for(REGISTRY_MACHINE_URL *mu = m->machine_urls; mu ; mu = mu->next) { - int rc = registry_machine_save_url(mu, fp); - if(rc < 0) - return rc; - - ret += rc; - } - } - - // error handling is done at registry_db_save() - - return ret; -} - -static inline int registry_person_save_url(REGISTRY_PERSON_URL *pu, FILE *fp) { - netdata_log_debug(D_REGISTRY, "REGISTRY: registry_person_save_url('%s')", string2str(pu->url)); - - int ret = fprintf(fp, "U\t%08x\t%08x\t%08x\t%02x\t%s\t%s\t%s\n", - pu->first_t, - pu->last_t, - pu->usages, - pu->flags, - pu->machine->guid, - string2str(pu->machine_name), - string2str(pu->url) - ); - - // error handling is done at registry_db_save() - - return ret; -} - -static inline int registry_person_save(const DICTIONARY_ITEM *item __maybe_unused, void *entry, void *file) { - REGISTRY_PERSON *p = entry; - FILE *fp = file; - - netdata_log_debug(D_REGISTRY, "REGISTRY: registry_person_save('%s')", p->guid); - - int ret = fprintf(fp, "P\t%08x\t%08x\t%08x\t%s\n", - p->first_t, - p->last_t, - p->usages, - p->guid - ); - - if(ret >= 0) { - for(REGISTRY_PERSON_URL *pu = p->person_urls; pu ;pu = pu->next) { - int rc = registry_person_save_url(pu, fp); - if(rc < 0) - return rc; - else - ret += rc; - } - } - - // error handling is done at registry_db_save() - - return ret; -} - -// ---------------------------------------------------------------------------- -// SAVE THE REGISTRY DATABASE - -int registry_db_save(void) { - if(unlikely(!registry.enabled)) - return -1; - - if(unlikely(!registry_db_should_be_saved())) - return -2; - - nd_log_limits_unlimited(); - - char tmp_filename[FILENAME_MAX + 1]; - char old_filename[FILENAME_MAX + 1]; - - snprintfz(old_filename, FILENAME_MAX, "%s.old", registry.db_filename); - snprintfz(tmp_filename, FILENAME_MAX, "%s.tmp", registry.db_filename); - - netdata_log_debug(D_REGISTRY, "REGISTRY: Creating file '%s'", tmp_filename); - FILE *fp = fopen(tmp_filename, "w"); - if(!fp) { - netdata_log_error("REGISTRY: Cannot create file: %s", tmp_filename); - nd_log_limits_reset(); - return -1; - } - - // dictionary_walkthrough_read() has its own locking, so this is safe to do - - netdata_log_debug(D_REGISTRY, "REGISTRY: saving all machines"); - int bytes1 = dictionary_walkthrough_read(registry.machines, registry_machine_save, fp); - if(bytes1 < 0) { - netdata_log_error("REGISTRY: Cannot save registry machines - return value %d", bytes1); - fclose(fp); - nd_log_limits_reset(); - return bytes1; - } - netdata_log_debug(D_REGISTRY, "REGISTRY: saving machines took %d bytes", bytes1); - - netdata_log_debug(D_REGISTRY, "Saving all persons"); - int bytes2 = dictionary_walkthrough_read(registry.persons, registry_person_save, fp); - if(bytes2 < 0) { - netdata_log_error("REGISTRY: Cannot save registry persons - return value %d", bytes2); - fclose(fp); - nd_log_limits_reset(); - return bytes2; - } - netdata_log_debug(D_REGISTRY, "REGISTRY: saving persons took %d bytes", bytes2); - - // save the totals - fprintf(fp, "T\t%016llx\t%016llx\t%016llx\t%016llx\t%016llx\t%016llx\n", - registry.persons_count, - registry.machines_count, - registry.usages_count + 1, // this is required - it is lost on db rotation - 0LLU, //registry.urls_count, - registry.persons_urls_count, - registry.machines_urls_count - ); - - fclose(fp); - - errno = 0; - - // remove the .old db - netdata_log_debug(D_REGISTRY, "REGISTRY: Removing old db '%s'", old_filename); - if(unlink(old_filename) == -1 && errno != ENOENT) - netdata_log_error("REGISTRY: cannot remove old registry file '%s'", old_filename); - - // rename the db to .old - netdata_log_debug(D_REGISTRY, "REGISTRY: Link current db '%s' to .old: '%s'", registry.db_filename, old_filename); - if(link(registry.db_filename, old_filename) == -1 && errno != ENOENT) - netdata_log_error("REGISTRY: cannot move file '%s' to '%s'. Saving registry DB failed!", registry.db_filename, old_filename); - - else { - // remove the database (it is saved in .old) - netdata_log_debug(D_REGISTRY, "REGISTRY: removing db '%s'", registry.db_filename); - if (unlink(registry.db_filename) == -1 && errno != ENOENT) - netdata_log_error("REGISTRY: cannot remove old registry file '%s'", registry.db_filename); - - // move the .tmp to make it active - netdata_log_debug(D_REGISTRY, "REGISTRY: linking tmp db '%s' to active db '%s'", tmp_filename, registry.db_filename); - if (link(tmp_filename, registry.db_filename) == -1) { - netdata_log_error("REGISTRY: cannot move file '%s' to '%s'. Saving registry DB failed!", tmp_filename, - registry.db_filename); - - // move the .old back - netdata_log_debug(D_REGISTRY, "REGISTRY: linking old db '%s' to active db '%s'", old_filename, registry.db_filename); - if(link(old_filename, registry.db_filename) == -1) - netdata_log_error("REGISTRY: cannot move file '%s' to '%s'. Recovering the old registry DB failed!", old_filename, registry.db_filename); - } - else { - netdata_log_debug(D_REGISTRY, "REGISTRY: removing tmp db '%s'", tmp_filename); - if(unlink(tmp_filename) == -1) - netdata_log_error("REGISTRY: cannot remove tmp registry file '%s'", tmp_filename); - - // it has been moved successfully - // discard the current registry log - registry_log_recreate(); - registry.log_count = 0; - } - } - - // continue operations - nd_log_limits_reset(); - - return -1; -} - -// ---------------------------------------------------------------------------- -// LOAD THE REGISTRY DATABASE - -size_t registry_db_load(void) { - char *s, buf[4096 + 1]; - REGISTRY_PERSON *p = NULL; - REGISTRY_MACHINE *m = NULL; - STRING *u = NULL; - size_t line = 0; - - netdata_log_debug(D_REGISTRY, "REGISTRY: loading active db from: '%s'", registry.db_filename); - FILE *fp = fopen(registry.db_filename, "r"); - if(!fp) { - if (errno != ENOENT) - netdata_log_error("REGISTRY: cannot open registry file: '%s'", registry.db_filename); - return 0; - } - - REGISTRY_MACHINE_URL *mu; - size_t len = 0; - buf[4096] = '\0'; - while((s = fgets_trim_len(buf, 4096, fp, &len))) { - line++; - - netdata_log_debug(D_REGISTRY, "REGISTRY: read line %zu to length %zu: %s", line, len, s); - switch(*s) { - case 'U': // person URL - if(unlikely(!p)) { - netdata_log_error("REGISTRY: ignoring line %zu, no person loaded: %s", line, s); - continue; - } - - // verify it is valid - if(len < 69 || s[1] != '\t' || s[10] != '\t' || s[19] != '\t' || s[28] != '\t' || s[31] != '\t' || s[68] != '\t') { - netdata_log_error("REGISTRY: person URL line %zu is wrong (len = %zu).", line, len); - continue; - } - - s[1] = s[10] = s[19] = s[28] = s[31] = s[68] = '\0'; - - // skip the name to find the url - char *url = &s[69]; - while(*url && *url != '\t') url++; - if(!*url) { - netdata_log_error("REGISTRY: person URL line %zu does not have a url.", line); - continue; - } - *url++ = '\0'; - - if(*url != 'h' && *url != '*') { - netdata_log_error("REGISTRY: person URL line %zu does not have a valid url: %s", line, url); - continue; - } - - u = string_strdupz(url); - - time_t first_t = (time_t)strtoul(&s[2], NULL, 16); - - m = registry_machine_find(&s[32]); - if(!m) m = registry_machine_allocate(&s[32], first_t); - - mu = registry_machine_url_find(m, u); - if(!mu) { - netdata_log_error("REGISTRY: person URL line %zu was not linked to the machine it refers to", line); - mu = registry_machine_url_allocate(m, u, first_t); - } - - REGISTRY_PERSON_URL *pu = registry_person_url_index_find(p, u); - if(!pu) - pu = registry_person_url_allocate(p, m, u, &s[69], strlen(&s[69]), first_t); - else - netdata_log_error("REGISTRY: person URL line %zu is duplicate, reusing the old one.", line); - - pu->last_t = (uint32_t)strtoul(&s[11], NULL, 16); - pu->usages = (uint32_t)strtoul(&s[20], NULL, 16); - pu->flags = (uint8_t)strtoul(&s[29], NULL, 16); - netdata_log_debug(D_REGISTRY, "REGISTRY: loaded person URL '%s' with name '%s' of machine '%s', first: %u, last: %u, usages: %u, flags: %02x", - string2str(u), string2str(pu->machine_name), m->guid, pu->first_t, pu->last_t, pu->usages, pu->flags); - - string_freez(u); - break; - - case 'P': // person - m = NULL; - // verify it is valid - if(unlikely(len != 65 || s[1] != '\t' || s[10] != '\t' || s[19] != '\t' || s[28] != '\t' || s[65] != '\0')) { - netdata_log_error("REGISTRY: person line %zu is wrong (len = %zu).", line, len); - continue; - } - - s[1] = s[10] = s[19] = s[28] = '\0'; - p = registry_person_allocate(&s[29], (time_t)strtoul(&s[2], NULL, 16)); - p->last_t = (uint32_t)strtoul(&s[11], NULL, 16); - p->usages = (uint32_t)strtoul(&s[20], NULL, 16); - netdata_log_debug(D_REGISTRY, "REGISTRY: loaded person '%s', first: %u, last: %u, usages: %u", p->guid, p->first_t, p->last_t, p->usages); - break; - - case 'V': // machine URL - if(unlikely(!m)) { - netdata_log_error("REGISTRY: ignoring line %zu, no machine loaded: %s", line, s); - continue; - } - - // verify it is valid - if(len < 32 || s[1] != '\t' || s[10] != '\t' || s[19] != '\t' || s[28] != '\t' || s[31] != '\t') { - netdata_log_error("REGISTRY: person URL line %zu is wrong (len = %zu).", line, len); - continue; - } - - s[1] = s[10] = s[19] = s[28] = s[31] = '\0'; - - url = &s[32]; - if(*url != 'h' && *url != '*') { - netdata_log_error("REGISTRY: machine URL line %zu does not have a valid url: %s", line, url); - continue; - } - - u = string_strdupz(url); - - mu = registry_machine_url_find(m, u); - if(!mu) - mu = registry_machine_url_allocate(m, u, (time_t)strtoul(&s[2], NULL, 16)); - else - netdata_log_error("REGISTRY: machine URL line %zu is duplicate, reusing the old one.", line); - - mu->last_t = (uint32_t)strtoul(&s[11], NULL, 16); - mu->usages = (uint32_t)strtoul(&s[20], NULL, 16); - mu->flags = (uint8_t)strtoul(&s[29], NULL, 16); - netdata_log_debug(D_REGISTRY, "Registry loaded machine URL '%s', machine '%s', first: %u, last: %u, usages: %u, flags: %02x", - string2str(u), m->guid, mu->first_t, mu->last_t, mu->usages, mu->flags); - - string_freez(u); - break; - - case 'M': // machine - p = NULL; - // verify it is valid - if(unlikely(len != 65 || s[1] != '\t' || s[10] != '\t' || s[19] != '\t' || s[28] != '\t' || s[65] != '\0')) { - netdata_log_error("REGISTRY: person line %zu is wrong (len = %zu).", line, len); - continue; - } - - s[1] = s[10] = s[19] = s[28] = '\0'; - m = registry_machine_allocate(&s[29], (time_t)strtoul(&s[2], NULL, 16)); - m->last_t = (uint32_t)strtoul(&s[11], NULL, 16); - m->usages = (uint32_t)strtoul(&s[20], NULL, 16); - netdata_log_debug(D_REGISTRY, "REGISTRY: loaded machine '%s', first: %u, last: %u, usages: %u", m->guid, m->first_t, m->last_t, m->usages); - break; - - case 'T': // totals - if(unlikely(len != 103 || s[1] != '\t' || s[18] != '\t' || s[35] != '\t' || s[52] != '\t' || s[69] != '\t' || s[86] != '\t' || s[103] != '\0')) { - netdata_log_error("REGISTRY: totals line %zu is wrong (len = %zu).", line, len); - continue; - } - registry.persons_count = strtoull(&s[2], NULL, 16); - registry.machines_count = strtoull(&s[19], NULL, 16); - registry.usages_count = strtoull(&s[36], NULL, 16); - registry.persons_urls_count = strtoull(&s[70], NULL, 16); - registry.machines_urls_count = strtoull(&s[87], NULL, 16); - break; - - default: - netdata_log_error("REGISTRY: ignoring line %zu of filename '%s': %s.", line, registry.db_filename, s); - break; - } - } - fclose(fp); - - return line; -} diff --git a/registry/registry_init.c b/registry/registry_init.c deleted file mode 100644 index 79523e258..000000000 --- a/registry/registry_init.c +++ /dev/null @@ -1,249 +0,0 @@ -// SPDX-License-Identifier: GPL-3.0-or-later - -#include "daemon/common.h" -#include "registry_internals.h" - -void registry_db_stats(void) { - size_t persons = 0; - size_t persons_urls = 0; - size_t max_urls_per_person = 0; - - REGISTRY_PERSON *p; - dfe_start_read(registry.persons, p) { - persons++; - size_t urls = 0; - for(REGISTRY_PERSON_URL *pu = p->person_urls ; pu ;pu = pu->next) - urls++; - - if(urls > max_urls_per_person) - max_urls_per_person = urls; - - persons_urls += urls; - } - dfe_done(p); - - size_t machines = 0; - size_t machines_urls = 0; - size_t max_urls_per_machine = 0; - - REGISTRY_MACHINE *m; - dfe_start_read(registry.machines, m) { - machines++; - size_t urls = 0; - for(REGISTRY_MACHINE_URL *mu = m->machine_urls ; mu ;mu = mu->next) - urls++; - - if(urls > max_urls_per_machine) - max_urls_per_machine = urls; - - machines_urls += urls; - } - dfe_done(m); - - netdata_log_info("REGISTRY: persons %zu, person_urls %zu, max_urls_per_person %zu, " - "machines %zu, machine_urls %zu, max_urls_per_machine %zu", - persons, persons_urls, max_urls_per_person, - machines, machines_urls, max_urls_per_machine); -} - -void registry_generate_curl_urls(void) { - FILE *fp = fopen("/tmp/registry.curl", "w+"); - if (unlikely(!fp)) - return; - - REGISTRY_PERSON *p; - dfe_start_read(registry.persons, p) { - for(REGISTRY_PERSON_URL *pu = p->person_urls ; pu ;pu = pu->next) { - fprintf(fp, "do_curl '%s' '%s' '%s'\n", p->guid, pu->machine->guid, string2str(pu->url)); - } - } - dfe_done(p); - - fclose(fp); -} - -int registry_init(void) { - char filename[FILENAME_MAX + 1]; - - // registry enabled? - if(web_server_mode != WEB_SERVER_MODE_NONE) { - registry.enabled = config_get_boolean(CONFIG_SECTION_REGISTRY, "enabled", 0); - } - else { - netdata_log_info("Registry is disabled - use the central netdata"); - config_set_boolean(CONFIG_SECTION_REGISTRY, "enabled", 0); - registry.enabled = 0; - } - - // path names - snprintfz(filename, FILENAME_MAX, "%s/registry", netdata_configured_varlib_dir); - registry.pathname = config_get(CONFIG_SECTION_DIRECTORIES, "registry", filename); - if(mkdir(registry.pathname, 0770) == -1 && errno != EEXIST) - fatal("Cannot create directory '%s'.", registry.pathname); - - // filenames - snprintfz(filename, FILENAME_MAX, "%s/netdata.public.unique.id", registry.pathname); - registry.machine_guid_filename = config_get(CONFIG_SECTION_REGISTRY, "netdata unique id file", filename); - - snprintfz(filename, FILENAME_MAX, "%s/registry.db", registry.pathname); - registry.db_filename = config_get(CONFIG_SECTION_REGISTRY, "registry db file", filename); - - snprintfz(filename, FILENAME_MAX, "%s/registry-log.db", registry.pathname); - registry.log_filename = config_get(CONFIG_SECTION_REGISTRY, "registry log file", filename); - - // configuration options - registry.save_registry_every_entries = (unsigned long long)config_get_number(CONFIG_SECTION_REGISTRY, "registry save db every new entries", 1000000); - registry.persons_expiration = config_get_number(CONFIG_SECTION_REGISTRY, "registry expire idle persons days", 365) * 86400; - registry.registry_domain = config_get(CONFIG_SECTION_REGISTRY, "registry domain", ""); - registry.registry_to_announce = config_get(CONFIG_SECTION_REGISTRY, "registry to announce", "https://registry.my-netdata.io"); - registry.hostname = config_get(CONFIG_SECTION_REGISTRY, "registry hostname", netdata_configured_hostname); - registry.verify_cookies_redirects = config_get_boolean(CONFIG_SECTION_REGISTRY, "verify browser cookies support", 1); - registry.enable_cookies_samesite_secure = config_get_boolean(CONFIG_SECTION_REGISTRY, "enable cookies SameSite and Secure", 1); - - registry_update_cloud_base_url(); - setenv("NETDATA_REGISTRY_HOSTNAME", registry.hostname, 1); - setenv("NETDATA_REGISTRY_URL", registry.registry_to_announce, 1); - - registry.max_url_length = (size_t)config_get_number(CONFIG_SECTION_REGISTRY, "max URL length", 1024); - if(registry.max_url_length < 10) { - registry.max_url_length = 10; - config_set_number(CONFIG_SECTION_REGISTRY, "max URL length", (long long)registry.max_url_length); - } - - registry.max_name_length = (size_t)config_get_number(CONFIG_SECTION_REGISTRY, "max URL name length", 50); - if(registry.max_name_length < 10) { - registry.max_name_length = 10; - config_set_number(CONFIG_SECTION_REGISTRY, "max URL name length", (long long)registry.max_name_length); - } - - bool use_mmap = config_get_boolean(CONFIG_SECTION_REGISTRY, "use mmap", false); - - // initialize entries counters - registry.persons_count = 0; - registry.machines_count = 0; - registry.usages_count = 0; - registry.persons_urls_count = 0; - registry.machines_urls_count = 0; - - // initialize locks - netdata_mutex_init(®istry.lock); - - // load the registry database - if(registry.enabled) { - // create dictionaries - registry.persons = dictionary_create(REGISTRY_DICTIONARY_OPTIONS); - registry.machines = dictionary_create(REGISTRY_DICTIONARY_OPTIONS); - - // initialize the allocators - - size_t min_page_size = 4 * 1024; - size_t max_page_size = 1024 * 1024; - - if(use_mmap) { - min_page_size = 100 * 1024 * 1024; - max_page_size = 512 * 1024 * 1024; - } - - registry.persons_aral = aral_create("registry_persons", sizeof(REGISTRY_PERSON), - min_page_size / sizeof(REGISTRY_PERSON), max_page_size, - ®istry.aral_stats, - "registry_persons", - &netdata_configured_cache_dir, - use_mmap, true); - - registry.machines_aral = aral_create("registry_machines", sizeof(REGISTRY_MACHINE), - min_page_size / sizeof(REGISTRY_MACHINE), max_page_size, - ®istry.aral_stats, - "registry_machines", - &netdata_configured_cache_dir, - use_mmap, true); - - registry.person_urls_aral = aral_create("registry_person_urls", sizeof(REGISTRY_PERSON_URL), - min_page_size / sizeof(REGISTRY_PERSON_URL), max_page_size, - ®istry.aral_stats, - "registry_person_urls", - &netdata_configured_cache_dir, - use_mmap, true); - - registry.machine_urls_aral = aral_create("registry_machine_urls", sizeof(REGISTRY_MACHINE_URL), - min_page_size / sizeof(REGISTRY_MACHINE_URL), max_page_size, - ®istry.aral_stats, - "registry_machine_urls", - &netdata_configured_cache_dir, - use_mmap, true); - - // disable cancelability to avoid enable/disable per item in the dictionary locks - netdata_thread_disable_cancelability(); - - registry_log_open(); - registry_db_load(); - registry_log_load(); - - if(unlikely(registry_db_should_be_saved())) - registry_db_save(); - -// registry_db_stats(); -// registry_generate_curl_urls(); -// exit(0); - - netdata_thread_enable_cancelability(); - } - - return 0; -} - -static int machine_delete_callback(const DICTIONARY_ITEM *item __maybe_unused, void *entry, void *data __maybe_unused) { - REGISTRY_MACHINE *m = (REGISTRY_MACHINE *)entry; - - int count = 0; - - while(m->machine_urls) { - registry_machine_url_unlink_from_machine_and_free(m, m->machine_urls); - count++; - } - - aral_freez(registry.machines_aral, m); - - return count + 1; -} - -static int registry_person_del_callback(const DICTIONARY_ITEM *item __maybe_unused, void *entry, void *d __maybe_unused) { - REGISTRY_PERSON *p = (REGISTRY_PERSON *)entry; - - netdata_log_debug(D_REGISTRY, "Registry: registry_person_del('%s'): deleting person", p->guid); - - while(p->person_urls) - registry_person_unlink_from_url(p, (REGISTRY_PERSON_URL *)p->person_urls); - - //debug(D_REGISTRY, "Registry: deleting person '%s' from persons registry", p->guid); - //dictionary_del(registry.persons, p->guid); - - netdata_log_debug(D_REGISTRY, "Registry: freeing person '%s'", p->guid); - aral_freez(registry.persons_aral, p); - - return 1; -} - -void registry_free(void) { - if(!registry.enabled) return; - registry.enabled = false; - - netdata_log_debug(D_REGISTRY, "Registry: destroying persons dictionary"); - dictionary_walkthrough_read(registry.persons, registry_person_del_callback, NULL); - dictionary_destroy(registry.persons); - registry.persons = NULL; - - netdata_log_debug(D_REGISTRY, "Registry: destroying machines dictionary"); - dictionary_walkthrough_read(registry.machines, machine_delete_callback, NULL); - dictionary_destroy(registry.machines); - registry.machines = NULL; - - aral_destroy(registry.persons_aral); - aral_destroy(registry.machines_aral); - aral_destroy(registry.person_urls_aral); - aral_destroy(registry.machine_urls_aral); - registry.persons_aral = NULL; - registry.machines_aral = NULL; - registry.person_urls_aral = NULL; - registry.machine_urls_aral = NULL; -} diff --git a/registry/registry_internals.c b/registry/registry_internals.c deleted file mode 100644 index 74f12b558..000000000 --- a/registry/registry_internals.c +++ /dev/null @@ -1,321 +0,0 @@ -// SPDX-License-Identifier: GPL-3.0-or-later - -#include "daemon/common.h" -#include "registry_internals.h" - -struct registry registry; - -// ---------------------------------------------------------------------------- -// common functions - -// parse a GUID and re-generated to be always lower case -// this is used as a protection against the variations of GUIDs -int regenerate_guid(const char *guid, char *result) { - uuid_t uuid; - if(unlikely(uuid_parse(guid, uuid) == -1)) { - netdata_log_info("Registry: GUID '%s' is not a valid GUID.", guid); - return -1; - } - else { - uuid_unparse_lower(uuid, result); - -#ifdef NETDATA_INTERNAL_CHECKS - if(strcmp(guid, result) != 0) - netdata_log_info("GUID '%s' and re-generated GUID '%s' differ!", guid, result); -#endif /* NETDATA_INTERNAL_CHECKS */ - } - - return 0; -} - -// make sure the names of the machines / URLs do not contain any tabs -// (which are used as our separator in the database files) -// and are properly trimmed (before and after) -static inline char *registry_fix_machine_name(char *name, size_t *len) { - char *s = name?name:""; - - // skip leading spaces - while(*s && isspace(*s)) s++; - - // make sure all spaces are a SPACE - char *t = s; - while(*t) { - if(unlikely(isspace(*t))) - *t = ' '; - - t++; - } - - // remove trailing spaces - while(--t >= s) { - if(*t == ' ') - *t = '\0'; - else - break; - } - t++; - - if(likely(len)) - *len = (t - s); - - return s; -} - -static inline char *registry_fix_url(char *url, size_t *len) { - size_t l = 0; - char *s = registry_fix_machine_name(url, &l); - - // protection from too big URLs - if(l > registry.max_url_length) { - l = registry.max_url_length; - s[l] = '\0'; - } - - if(len) *len = l; - return s; -} - - -// ---------------------------------------------------------------------------- -// HELPERS - -// verify the person, the machine and the URL exist in our DB -REGISTRY_PERSON_URL *registry_verify_request(const char *person_guid, char *machine_guid, char *url, REGISTRY_PERSON **pp, REGISTRY_MACHINE **mm) { - char pbuf[GUID_LEN + 1], mbuf[GUID_LEN + 1]; - - if(!person_guid || !*person_guid || !machine_guid || !*machine_guid || !url || !*url) { - netdata_log_info("Registry Request Verification: invalid request! person: '%s', machine '%s', url '%s'", person_guid?person_guid:"UNSET", machine_guid?machine_guid:"UNSET", url?url:"UNSET"); - return NULL; - } - - // normalize the url - url = registry_fix_url(url, NULL); - - // make sure the person GUID is valid - if(regenerate_guid(person_guid, pbuf) == -1) { - netdata_log_info("Registry Request Verification: invalid person GUID, person: '%s', machine '%s', url '%s'", person_guid, machine_guid, url); - return NULL; - } - person_guid = pbuf; - - // make sure the machine GUID is valid - if(regenerate_guid(machine_guid, mbuf) == -1) { - netdata_log_info("Registry Request Verification: invalid machine GUID, person: '%s', machine '%s', url '%s'", person_guid, machine_guid, url); - return NULL; - } - machine_guid = mbuf; - - // make sure the machine exists - REGISTRY_MACHINE *m = registry_machine_find(machine_guid); - if(!m) { - netdata_log_info("Registry Request Verification: machine not found, person: '%s', machine '%s', url '%s'", person_guid, machine_guid, url); - return NULL; - } - if(mm) *mm = m; - - // make sure the person exist - REGISTRY_PERSON *p = registry_person_find(person_guid); - if(!p) { - netdata_log_info("Registry Request Verification: person not found, person: '%s', machine '%s', url '%s'", person_guid, machine_guid, url); - return NULL; - } - if(pp) *pp = p; - - STRING *u = string_strdupz(url); - REGISTRY_PERSON_URL *pu = registry_person_url_index_find(p, u); - string_freez(u); - - if(!pu) { - netdata_log_info("Registry Request Verification: URL not found for person, person: '%s', machine '%s', url '%s'", person_guid, machine_guid, url); - return NULL; - } - //else if (pu->machine != m) { - // netdata_log_info("Registry Request Verification: Machine mismatch: person: '%s', machine requested='%s' <> loaded='%s', url '%s'", person_guid, machine_guid, pu->machine->guid, url); - // return NULL; - //} - - return pu; -} - - -// ---------------------------------------------------------------------------- -// REGISTRY REQUESTS - -REGISTRY_PERSON *registry_request_access(const char *person_guid, char *machine_guid, char *url, char *name, time_t when) { - netdata_log_debug(D_REGISTRY, "registry_request_access('%s', '%s', '%s'): NEW REQUEST", (person_guid)?person_guid:"", machine_guid, url); - - bool is_dummy = is_dummy_person(person_guid); - - REGISTRY_MACHINE *m = registry_machine_find_or_create(machine_guid, when, is_dummy); - if(!m) return NULL; - - REGISTRY_PERSON *p = registry_person_find_or_create(person_guid, when, is_dummy); - - // make sure the name is valid - size_t name_len; - name = registry_fix_machine_name(name, &name_len); - - size_t url_len; - url = registry_fix_url(url, &url_len); - - STRING *u = string_strdupz(url); - - if(!is_dummy) - registry_person_link_to_url(p, m, u, name, name_len, when); - - registry_machine_link_to_url(m, u, when); - - registry_log('A', p, m, u, name); - - registry.usages_count++; - - return p; -} - -REGISTRY_PERSON *registry_request_delete(const char *person_guid, char *machine_guid, char *url, char *delete_url, time_t when) { - (void) when; - - REGISTRY_PERSON *p = NULL; - REGISTRY_MACHINE *m = NULL; - REGISTRY_PERSON_URL *pu = registry_verify_request(person_guid, machine_guid, url, &p, &m); - if(!pu || !p || !m) return NULL; - - // normalize the url - delete_url = registry_fix_url(delete_url, NULL); - - // make sure the user is not deleting the url it uses - /* - if(!strcmp(delete_url, pu->url->url)) { - netdata_log_info("Registry Delete Request: delete URL is the one currently accessed, person: '%s', machine '%s', url '%s', delete url '%s'" - , p->guid, m->guid, pu->url->url, delete_url); - return NULL; - } - */ - - STRING *d_url = string_strdupz(delete_url); - REGISTRY_PERSON_URL *dpu = registry_person_url_index_find(p, d_url); - string_freez(d_url); - - if(!dpu) { - netdata_log_info("Registry Delete Request: URL not found for person: '%s', machine '%s', url '%s', delete url '%s'", p->guid - , m->guid, string2str(pu->url), delete_url); - return NULL; - } - - registry_log('D', p, m, pu->url, string2str(dpu->url)); - registry_person_unlink_from_url(p, dpu); - - return p; -} - - -REGISTRY_MACHINE *registry_request_machine(const char *person_guid, char *request_machine, STRING **hostname) { - char pbuf[GUID_LEN + 1]; - char mbuf[GUID_LEN + 1]; - - // make sure the person GUID is valid - if(regenerate_guid(person_guid, pbuf) == -1) { - netdata_log_info("REGISTRY: %s(): invalid person GUID '%s'", __FUNCTION__ , person_guid); - return NULL; - } - person_guid = pbuf; - - // make sure the person GUID is valid - if(regenerate_guid(request_machine, mbuf) == -1) { - netdata_log_info("REGISTRY: %s(): invalid search machine GUID '%s'", __FUNCTION__ , request_machine); - return NULL; - } - request_machine = mbuf; - - REGISTRY_PERSON *p = registry_person_find(person_guid); - if(!p) return NULL; - - REGISTRY_MACHINE *m = registry_machine_find(request_machine); - if(!m) return NULL; - - // Verify the user has in the past accessed this machine - // We will walk through the PERSON_URLs to find the machine - // linking to our machine - - // make sure the user has access - for(REGISTRY_PERSON_URL *pu = p->person_urls; pu ;pu = pu->next) - if(pu->machine == m) { - *hostname = string_dup(pu->machine_name); - return m; - } - - return NULL; -} - - -// ---------------------------------------------------------------------------- -// REGISTRY THIS MACHINE UNIQUE ID - -static inline int is_machine_guid_blacklisted(const char *guid) { - // these are machine GUIDs that have been included in distribution packages. - // we blacklist them here, so that the next version of netdata will generate - // new ones. - - if(!strcmp(guid, "8a795b0c-2311-11e6-8563-000c295076a6") - || !strcmp(guid, "4aed1458-1c3e-11e6-a53f-000c290fc8f5") - ) { - netdata_log_error("Blacklisted machine GUID '%s' found.", guid); - return 1; - } - - return 0; -} - -char *registry_get_this_machine_hostname(void) { - return registry.hostname; -} - -char *registry_get_this_machine_guid(void) { - static char guid[GUID_LEN + 1] = ""; - - if(likely(guid[0])) - return guid; - - // read it from disk - int fd = open(registry.machine_guid_filename, O_RDONLY); - if(fd != -1) { - char buf[GUID_LEN + 1]; - if(read(fd, buf, GUID_LEN) != GUID_LEN) - netdata_log_error("Failed to read machine GUID from '%s'", registry.machine_guid_filename); - else { - buf[GUID_LEN] = '\0'; - if(regenerate_guid(buf, guid) == -1) { - netdata_log_error("Failed to validate machine GUID '%s' from '%s'. Ignoring it - this might mean this netdata will appear as duplicate in the registry.", - buf, registry.machine_guid_filename); - - guid[0] = '\0'; - } - else if(is_machine_guid_blacklisted(guid)) - guid[0] = '\0'; - } - close(fd); - } - - // generate a new one? - if(!guid[0]) { - uuid_t uuid; - - uuid_generate_time(uuid); - uuid_unparse_lower(uuid, guid); - guid[GUID_LEN] = '\0'; - - // save it - fd = open(registry.machine_guid_filename, O_WRONLY|O_CREAT|O_TRUNC, 444); - if(fd == -1) - fatal("Cannot create unique machine id file '%s'. Please fix this.", registry.machine_guid_filename); - - if(write(fd, guid, GUID_LEN) != GUID_LEN) - fatal("Cannot write the unique machine id file '%s'. Please fix this.", registry.machine_guid_filename); - - close(fd); - } - - setenv("NETDATA_REGISTRY_UNIQUE_ID", guid, 1); - - return guid; -} diff --git a/registry/registry_internals.h b/registry/registry_internals.h deleted file mode 100644 index c7f8f43dd..000000000 --- a/registry/registry_internals.h +++ /dev/null @@ -1,89 +0,0 @@ -// SPDX-License-Identifier: GPL-3.0-or-later - -#ifndef NETDATA_REGISTRY_INTERNALS_H_H -#define NETDATA_REGISTRY_INTERNALS_H_H 1 - -#include "registry.h" - -#define REGISTRY_URL_FLAGS_DEFAULT 0x00 -#define REGISTRY_URL_FLAGS_EXPIRED 0x01 - -#define REGISTRY_DICTIONARY_OPTIONS (DICT_OPTION_VALUE_LINK_DONT_CLONE | DICT_OPTION_NAME_LINK_DONT_CLONE | DICT_OPTION_SINGLE_THREADED) - -#define REGISTRY_VERIFY_COOKIES_GUID "11111111-2222-3333-4444-555555555555" -#define is_dummy_person(person_guid) (strcmp(person_guid, REGISTRY_VERIFY_COOKIES_GUID) == 0) - -// ---------------------------------------------------------------------------- -// COMMON structures - -struct registry { - int enabled; - netdata_mutex_t lock; - - // entries counters / statistics - unsigned long long persons_count; - unsigned long long machines_count; - unsigned long long usages_count; - unsigned long long persons_urls_count; - unsigned long long machines_urls_count; - unsigned long long log_count; - - // configuration - unsigned long long save_registry_every_entries; - char *registry_domain; - char *hostname; - char *registry_to_announce; - char *cloud_base_url; - time_t persons_expiration; // seconds to expire idle persons - int verify_cookies_redirects; - int enable_cookies_samesite_secure; - - size_t max_url_length; - size_t max_name_length; - - // file/path names - char *pathname; - char *db_filename; - char *log_filename; - char *machine_guid_filename; - - // open files - FILE *log_fp; - - // the database - DICTIONARY *persons; // dictionary of REGISTRY_PERSON *, with key the REGISTRY_PERSON.guid - DICTIONARY *machines; // dictionary of REGISTRY_MACHINE *, with key the REGISTRY_MACHINE.guid - - ARAL *persons_aral; - ARAL *machines_aral; - - ARAL *person_urls_aral; - ARAL *machine_urls_aral; - - struct aral_statistics aral_stats; -}; - -#include "registry_machine.h" -#include "registry_person.h" -#include "registry.h" - -extern struct registry registry; - -// REGISTRY LOW-LEVEL REQUESTS (in registry-internals.c) -REGISTRY_PERSON *registry_request_access(const char *person_guid, char *machine_guid, char *url, char *name, time_t when); -REGISTRY_PERSON *registry_request_delete(const char *person_guid, char *machine_guid, char *url, char *delete_url, time_t when); -REGISTRY_MACHINE *registry_request_machine(const char *person_guid, char *request_machine, STRING **hostname); - -// REGISTRY LOG (in registry_log.c) -void registry_log(char action, REGISTRY_PERSON *p, REGISTRY_MACHINE *m, STRING *u, const char *name); -int registry_log_open(void); -void registry_log_close(void); -void registry_log_recreate(void); -ssize_t registry_log_load(void); - -// REGISTRY DB (in registry_db.c) -int registry_db_save(void); -size_t registry_db_load(void); -int registry_db_should_be_saved(void); - -#endif //NETDATA_REGISTRY_INTERNALS_H_H diff --git a/registry/registry_log.c b/registry/registry_log.c deleted file mode 100644 index 118d47c15..000000000 --- a/registry/registry_log.c +++ /dev/null @@ -1,137 +0,0 @@ -// SPDX-License-Identifier: GPL-3.0-or-later - -#include "daemon/common.h" -#include "registry_internals.h" - -void registry_log(char action, REGISTRY_PERSON *p, REGISTRY_MACHINE *m, STRING *u, const char *name) { - if(likely(registry.log_fp)) { - if(unlikely(fprintf(registry.log_fp, "%c\t%08x\t%s\t%s\t%s\t%s\n", - action, - p->last_t, - p->guid, - m->guid, - name, - string2str(u)) < 0)) - netdata_log_error("Registry: failed to save log. Registry data may be lost in case of abnormal restart."); - - // we increase the counter even on failures - // so that the registry will be saved periodically - registry.log_count++; - - // this must be outside the log_lock(), or a deadlock will happen. - // registry_db_save() checks the same inside the log_lock, so only - // one thread will save the db - if(unlikely(registry_db_should_be_saved())) - registry_db_save(); - } -} - -int registry_log_open(void) { - if(registry.log_fp) - fclose(registry.log_fp); - - registry.log_fp = fopen(registry.log_filename, "a"); - if(registry.log_fp) { - if (setvbuf(registry.log_fp, NULL, _IOLBF, 0) != 0) - netdata_log_error("Cannot set line buffering on registry log file."); - return 0; - } - - netdata_log_error("Cannot open registry log file '%s'. Registry data will be lost in case of netdata or server crash.", registry.log_filename); - return -1; -} - -void registry_log_close(void) { - if(registry.log_fp) { - fclose(registry.log_fp); - registry.log_fp = NULL; - } -} - -void registry_log_recreate(void) { - if(registry.log_fp != NULL) { - registry_log_close(); - - // open it with truncate - registry.log_fp = fopen(registry.log_filename, "w"); - if(registry.log_fp) fclose(registry.log_fp); - else - netdata_log_error("Cannot truncate registry log '%s'", registry.log_filename); - - registry.log_fp = NULL; - registry_log_open(); - } -} - -ssize_t registry_log_load(void) { - ssize_t line = -1; - - // closing the log is required here - // otherwise we will append to it the values we read - registry_log_close(); - - netdata_log_debug(D_REGISTRY, "Registry: loading active db from: %s", registry.log_filename); - FILE *fp = fopen(registry.log_filename, "r"); - if(!fp) - netdata_log_error("Registry: cannot open registry file: %s", registry.log_filename); - else { - char *s, buf[4096 + 1]; - line = 0; - size_t len = 0; - - while ((s = fgets_trim_len(buf, 4096, fp, &len))) { - line++; - - switch (s[0]) { - case 'A': // accesses - case 'D': // deletes - - // verify it is valid - if (unlikely(len < 85 || s[1] != '\t' || s[10] != '\t' || s[47] != '\t' || s[84] != '\t')) { - netdata_log_error("Registry: log line %zd is wrong (len = %zu).", line, len); - continue; - } - s[1] = s[10] = s[47] = s[84] = '\0'; - - // get the variables - time_t when = (time_t)strtoul(&s[2], NULL, 16); - char *person_guid = &s[11]; - char *machine_guid = &s[48]; - char *name = &s[85]; - - // skip the name to find the url - char *url = name; - while(*url && *url != '\t') url++; - if(!*url) { - netdata_log_error("Registry: log line %zd does not have a url.", line); - continue; - } - *url++ = '\0'; - - // make sure the person exists - // without this, a new person guid will be created - REGISTRY_PERSON *p = registry_person_find(person_guid); - if(!p) p = registry_person_allocate(person_guid, when); - - if(s[0] == 'A') - registry_request_access(p->guid, machine_guid, url, name, when); - else - registry_request_delete(p->guid, machine_guid, url, name, when); - - registry.log_count++; - break; - - default: - netdata_log_error("Registry: ignoring line %zd of filename '%s': %s.", line, registry.log_filename, s); - break; - } - } - - fclose(fp); - } - - // open the log again - registry_log_open(); - - return line; -} diff --git a/registry/registry_machine.c b/registry/registry_machine.c deleted file mode 100644 index a94fb8ea4..000000000 --- a/registry/registry_machine.c +++ /dev/null @@ -1,116 +0,0 @@ -// SPDX-License-Identifier: GPL-3.0-or-later - -#include "daemon/common.h" -#include "registry_internals.h" - -// ---------------------------------------------------------------------------- -// MACHINE - -REGISTRY_MACHINE *registry_machine_find(const char *machine_guid) { - netdata_log_debug(D_REGISTRY, "REGISTRY: registry_machine_find('%s')", machine_guid); - return dictionary_get(registry.machines, machine_guid); -} - -REGISTRY_MACHINE_URL *registry_machine_url_find(REGISTRY_MACHINE *m, STRING *url) { - REGISTRY_MACHINE_URL *mu; - - for(mu = m->machine_urls; mu ;mu = mu->next) - if(mu->url == url) - break; - - return mu; -} - -void registry_machine_url_unlink_from_machine_and_free(REGISTRY_MACHINE *m, REGISTRY_MACHINE_URL *mu) { - DOUBLE_LINKED_LIST_REMOVE_ITEM_UNSAFE(m->machine_urls, mu, prev, next); - string_freez(mu->url); - aral_freez(registry.machine_urls_aral, mu); -} - -REGISTRY_MACHINE_URL *registry_machine_url_allocate(REGISTRY_MACHINE *m, STRING *u, time_t when) { - netdata_log_debug(D_REGISTRY, "REGISTRY: registry_machine_url_allocate('%s', '%s'): allocating %zu bytes", m->guid, string2str(u), sizeof(REGISTRY_MACHINE_URL)); - - REGISTRY_MACHINE_URL *mu = aral_mallocz(registry.machine_urls_aral); - - mu->first_t = mu->last_t = (uint32_t)when; - mu->usages = 1; - mu->url = string_dup(u); - mu->flags = REGISTRY_URL_FLAGS_DEFAULT; - - netdata_log_debug(D_REGISTRY, "REGISTRY: registry_machine_url_allocate('%s', '%s'): indexing URL in machine", m->guid, string2str(u)); - - DOUBLE_LINKED_LIST_PREPEND_ITEM_UNSAFE(m->machine_urls, mu, prev, next); - - return mu; -} - -REGISTRY_MACHINE *registry_machine_allocate(const char *machine_guid, time_t when) { - netdata_log_debug(D_REGISTRY, "REGISTRY: registry_machine_allocate('%s'): creating new machine, sizeof(MACHINE)=%zu", machine_guid, sizeof(REGISTRY_MACHINE)); - - REGISTRY_MACHINE *m = aral_mallocz(registry.machines_aral); - - strncpyz(m->guid, machine_guid, GUID_LEN); - - m->machine_urls = NULL; - - m->first_t = m->last_t = (uint32_t)when; - m->usages = 0; - m->links = 0; - - registry.machines_count++; - - dictionary_set(registry.machines, m->guid, m, sizeof(REGISTRY_MACHINE)); - - return m; -} - -// 1. validate machine GUID -// 2. if it is valid, find it or create it and return it -// 3. if it is not valid, return NULL -REGISTRY_MACHINE *registry_machine_find_or_create(const char *machine_guid, time_t when, bool is_dummy __maybe_unused) { - REGISTRY_MACHINE *m = NULL; - - if(likely(machine_guid && *machine_guid)) { - // validate it is a GUID - char buf[GUID_LEN + 1]; - if(unlikely(regenerate_guid(machine_guid, buf) == -1)) - netdata_log_info("REGISTRY: machine guid '%s' is not a valid guid. Ignoring it.", machine_guid); - else { - machine_guid = buf; - m = registry_machine_find(machine_guid); - if(!m) m = registry_machine_allocate(machine_guid, when); - } - } - - return m; -} - - -// ---------------------------------------------------------------------------- -// LINKING OF OBJECTS - -REGISTRY_MACHINE_URL *registry_machine_link_to_url(REGISTRY_MACHINE *m, STRING *url, time_t when) { - netdata_log_debug(D_REGISTRY, "REGISTRY: registry_machine_link_to_url('%s', '%s'): searching for URL in machine", m->guid, string2str(url)); - - REGISTRY_MACHINE_URL *mu = registry_machine_url_find(m, url); - if(!mu) { - netdata_log_debug(D_REGISTRY, "REGISTRY: registry_machine_link_to_url('%s', '%s'): not found", m->guid, string2str(url)); - mu = registry_machine_url_allocate(m, url, when); - registry.machines_urls_count++; - } - else { - netdata_log_debug(D_REGISTRY, "REGISTRY: registry_machine_link_to_url('%s', '%s'): found", m->guid, string2str(url)); - mu->usages++; - if(likely(mu->last_t < (uint32_t)when)) mu->last_t = (uint32_t)when; - } - - m->usages++; - if(likely(m->last_t < (uint32_t)when)) m->last_t = (uint32_t)when; - - if(mu->flags & REGISTRY_URL_FLAGS_EXPIRED) { - netdata_log_debug(D_REGISTRY, "REGISTRY: registry_machine_link_to_url('%s', '%s'): accessing an expired URL.", m->guid, string2str(url)); - mu->flags &= ~REGISTRY_URL_FLAGS_EXPIRED; - } - - return mu; -} diff --git a/registry/registry_machine.h b/registry/registry_machine.h deleted file mode 100644 index 4e8a407fe..000000000 --- a/registry/registry_machine.h +++ /dev/null @@ -1,48 +0,0 @@ -// SPDX-License-Identifier: GPL-3.0-or-later - -#ifndef NETDATA_REGISTRY_MACHINE_H -#define NETDATA_REGISTRY_MACHINE_H 1 - -#include "registry_internals.h" - -// ---------------------------------------------------------------------------- -// MACHINE structures - -// For each MACHINE-URL pair we keep this -struct registry_machine_url { - STRING *url; // de-duplicated URL - - uint8_t flags; - - uint32_t first_t; // the first time we saw this - uint32_t last_t; // the last time we saw this - uint32_t usages; // how many times this has been accessed - - struct registry_machine_url *prev, *next; -}; -typedef struct registry_machine_url REGISTRY_MACHINE_URL; - -// A machine -struct registry_machine { - char guid[GUID_LEN + 1]; // the GUID - - uint32_t links; // the number of REGISTRY_PERSON_URL linked to this machine - - REGISTRY_MACHINE_URL *machine_urls; // MACHINE_URL * - - uint32_t first_t; // the first time we saw this - uint32_t last_t; // the last time we saw this - uint32_t usages; // how many times this has been accessed -}; -typedef struct registry_machine REGISTRY_MACHINE; - -REGISTRY_MACHINE *registry_machine_find(const char *machine_guid); -REGISTRY_MACHINE_URL *registry_machine_url_allocate(REGISTRY_MACHINE *m, STRING *u, time_t when); -REGISTRY_MACHINE *registry_machine_allocate(const char *machine_guid, time_t when); -REGISTRY_MACHINE *registry_machine_find_or_create(const char *machine_guid, time_t when, bool is_dummy); -REGISTRY_MACHINE_URL *registry_machine_link_to_url(REGISTRY_MACHINE *m, STRING *url, time_t when); - -REGISTRY_MACHINE_URL *registry_machine_url_find(REGISTRY_MACHINE *m, STRING *url); -void registry_machine_url_unlink_from_machine_and_free(REGISTRY_MACHINE *m, REGISTRY_MACHINE_URL *mu); - -#endif //NETDATA_REGISTRY_MACHINE_H diff --git a/registry/registry_person.c b/registry/registry_person.c deleted file mode 100644 index 4fd40fd75..000000000 --- a/registry/registry_person.c +++ /dev/null @@ -1,232 +0,0 @@ -// SPDX-License-Identifier: GPL-3.0-or-later - -#include "daemon/common.h" -#include "registry_internals.h" - -// ---------------------------------------------------------------------------- -// PERSON_URL INDEX - -inline REGISTRY_PERSON_URL *registry_person_url_index_find(REGISTRY_PERSON *p, STRING *url) { - netdata_log_debug(D_REGISTRY, "Registry: registry_person_url_index_find('%s', '%s')", p->guid, string2str(url)); - - REGISTRY_PERSON_URL *pu; - for(pu = p->person_urls ; pu ;pu = pu->next) - if(pu->url == url) - break; - - return pu; -} - -inline REGISTRY_PERSON_URL *registry_person_url_index_add(REGISTRY_PERSON *p, REGISTRY_PERSON_URL *pu) { - DOUBLE_LINKED_LIST_PREPEND_ITEM_UNSAFE(p->person_urls, pu, prev, next); - return pu; -} - -inline REGISTRY_PERSON_URL *registry_person_url_index_del(REGISTRY_PERSON *p, REGISTRY_PERSON_URL *pu) { - DOUBLE_LINKED_LIST_REMOVE_ITEM_UNSAFE(p->person_urls, pu, prev, next); - return pu; -} - -// ---------------------------------------------------------------------------- -// PERSON_URL - -REGISTRY_PERSON_URL *registry_person_url_allocate(REGISTRY_PERSON *p, REGISTRY_MACHINE *m, STRING *url, char *machine_name, size_t machine_name_len, time_t when) { - netdata_log_debug(D_REGISTRY, "registry_person_url_allocate('%s', '%s', '%s'): allocating %zu bytes", p->guid, m->guid, string2str(url), sizeof(REGISTRY_PERSON_URL) + machine_name_len); - - // protection from too big names - if(machine_name_len > registry.max_name_length) - machine_name_len = registry.max_name_length; - - REGISTRY_PERSON_URL *pu = aral_mallocz(registry.person_urls_aral); - - // a simple strcpy() should do the job, - // but I prefer to be safe, since the caller specified name_len - pu->machine_name = string_strdupz(machine_name); - - pu->machine = m; - pu->first_t = pu->last_t = (uint32_t)when; - pu->usages = 1; - pu->url = string_dup(url); - pu->flags = REGISTRY_URL_FLAGS_DEFAULT; - m->links++; - - netdata_log_debug(D_REGISTRY, "registry_person_url_allocate('%s', '%s', '%s'): indexing URL in person", p->guid, m->guid, string2str(url)); - REGISTRY_PERSON_URL *tpu = registry_person_url_index_add(p, pu); - if(tpu != pu) { - netdata_log_error("Registry: Attempted to add duplicate person url '%s' with name '%s' to person '%s'", string2str(url), machine_name, p->guid); - string_freez(pu->machine_name); - string_freez(pu->url); - aral_freez(registry.person_urls_aral, pu); - pu = tpu; - } - - return pu; -} - -void registry_person_url_deindex_and_free(REGISTRY_PERSON *p, REGISTRY_PERSON_URL *pu) { - netdata_log_debug(D_REGISTRY, "registry_person_url_deindex_and_free('%s', '%s')", p->guid, string2str(pu->url)); - - REGISTRY_PERSON_URL *tpu = registry_person_url_index_del(p, pu); - if(tpu) { - string_freez(tpu->machine_name); - string_freez(tpu->url); - tpu->machine->links--; - aral_freez(registry.person_urls_aral, tpu); - } -} - -// this function is needed to change the name of a PERSON_URL -REGISTRY_PERSON_URL *registry_person_url_reallocate(REGISTRY_PERSON *p, REGISTRY_MACHINE *m, STRING *url, char *machine_name, size_t machine_name_len, time_t when, REGISTRY_PERSON_URL *pu) { - netdata_log_debug(D_REGISTRY, "registry_person_url_reallocate('%s', '%s', '%s'): allocating %zu bytes", p->guid, m->guid, string2str(url), sizeof(REGISTRY_PERSON_URL) + machine_name_len); - - // keep a backup - REGISTRY_PERSON_URL pu2 = { - .first_t = pu->first_t, - .last_t = pu->last_t, - .usages = pu->usages, - .flags = pu->flags, - .machine = pu->machine, - .machine_name = NULL - }; - - // remove the existing one from the index - registry_person_url_deindex_and_free(p, pu); - pu = &pu2; - - // allocate a new one - REGISTRY_PERSON_URL *tpu = registry_person_url_allocate(p, m, url, machine_name, machine_name_len, when); - tpu->first_t = pu->first_t; - tpu->last_t = pu->last_t; - tpu->usages = pu->usages; - tpu->flags = pu->flags; - - return tpu; -} - - -// ---------------------------------------------------------------------------- -// PERSON - -REGISTRY_PERSON *registry_person_find(const char *person_guid) { - netdata_log_debug(D_REGISTRY, "Registry: registry_person_find('%s')", person_guid); - return dictionary_get(registry.persons, person_guid); -} - -REGISTRY_PERSON *registry_person_allocate(const char *person_guid, time_t when) { - netdata_log_debug(D_REGISTRY, "Registry: registry_person_allocate('%s'): allocating new person, sizeof(PERSON)=%zu", (person_guid)?person_guid:"", sizeof(REGISTRY_PERSON)); - - REGISTRY_PERSON *p = aral_mallocz(registry.persons_aral); - if(!person_guid) { - for(;;) { - uuid_t uuid; - uuid_generate(uuid); - uuid_unparse_lower(uuid, p->guid); - - netdata_log_debug(D_REGISTRY, "Registry: Checking if the generated person guid '%s' is unique", p->guid); - if (!dictionary_get(registry.persons, p->guid)) { - netdata_log_debug(D_REGISTRY, "Registry: generated person guid '%s' is unique", p->guid); - break; - } - else - netdata_log_info("Registry: generated person guid '%s' found in the registry. Retrying...", p->guid); - } - } - else - strncpyz(p->guid, person_guid, GUID_LEN); - - p->person_urls = NULL; - - p->first_t = p->last_t = (uint32_t)when; - p->usages = 0; - - registry.persons_count++; - dictionary_set(registry.persons, p->guid, p, sizeof(REGISTRY_PERSON)); - - return p; -} - - -// 1. validate person GUID -// 2. if it is valid, find it -// 3. if it is not valid, create a new one -// 4. return it -REGISTRY_PERSON *registry_person_find_or_create(const char *person_guid, time_t when, bool is_dummy) { - netdata_log_debug(D_REGISTRY, "Registry: registry_person_find_or_create('%s'): creating dictionary of urls", person_guid); - - char buf[GUID_LEN + 1]; - REGISTRY_PERSON *p = NULL; - - if(person_guid && *person_guid) { - // validate it is a GUID - if(unlikely(regenerate_guid(person_guid, buf) == -1)) { - netdata_log_info("Registry: person guid '%s' is not a valid guid. Ignoring it.", person_guid); - person_guid = NULL; - } - else { - person_guid = buf; - p = registry_person_find(person_guid); - if(!p && !is_dummy) - person_guid = NULL; - } - } - else - person_guid = NULL; - - if(!p) p = registry_person_allocate(person_guid, when); - - return p; -} - -// ---------------------------------------------------------------------------- -// LINKING OF OBJECTS - -REGISTRY_PERSON_URL *registry_person_link_to_url(REGISTRY_PERSON *p, REGISTRY_MACHINE *m, STRING *url, char *machine_name, size_t machine_name_len, time_t when) { - netdata_log_debug(D_REGISTRY, "registry_person_link_to_url('%s', '%s', '%s'): searching for URL in person", p->guid, m->guid, string2str(url)); - - REGISTRY_PERSON_URL *pu = registry_person_url_index_find(p, url); - if(!pu) { - netdata_log_debug(D_REGISTRY, "registry_person_link_to_url('%s', '%s', '%s'): not found", p->guid, m->guid, string2str(url)); - pu = registry_person_url_allocate(p, m, url, machine_name, machine_name_len, when); - registry.persons_urls_count++; - } - else { - netdata_log_debug(D_REGISTRY, "registry_person_link_to_url('%s', '%s', '%s'): found", p->guid, m->guid, string2str(url)); - pu->usages++; - if(likely(pu->last_t < (uint32_t)when)) pu->last_t = (uint32_t)when; - - if(pu->machine != m) { - REGISTRY_MACHINE_URL *mu = registry_machine_url_find(pu->machine, url); - if(mu) { - netdata_log_debug(D_REGISTRY, "registry_person_link_to_url('%s', '%s', '%s'): URL switched machines (old was '%s') - expiring it from previous machine.", - p->guid, m->guid, string2str(url), pu->machine->guid); - mu->flags |= REGISTRY_URL_FLAGS_EXPIRED; - } - else { - netdata_log_debug(D_REGISTRY, "registry_person_link_to_url('%s', '%s', '%s'): URL switched machines (old was '%s') - but the URL is not linked to the old machine.", - p->guid, m->guid, string2str(url), pu->machine->guid); - } - - pu->machine->links--; - pu->machine = m; - } - - if(strcmp(string2str(pu->machine_name), machine_name) != 0) { - // the name of the PERSON_URL has changed ! - pu = registry_person_url_reallocate(p, m, url, machine_name, machine_name_len, when, pu); - } - } - - p->usages++; - if(likely(p->last_t < (uint32_t)when)) p->last_t = (uint32_t)when; - - if(pu->flags & REGISTRY_URL_FLAGS_EXPIRED) { - netdata_log_debug(D_REGISTRY, "registry_person_link_to_url('%s', '%s', '%s'): accessing an expired URL. Re-enabling URL.", p->guid, m->guid, string2str(url)); - pu->flags &= ~REGISTRY_URL_FLAGS_EXPIRED; - } - - return pu; -} - -void registry_person_unlink_from_url(REGISTRY_PERSON *p, REGISTRY_PERSON_URL *pu) { - registry_person_url_deindex_and_free(p, pu); -} diff --git a/registry/registry_person.h b/registry/registry_person.h deleted file mode 100644 index 4c2ca710f..000000000 --- a/registry/registry_person.h +++ /dev/null @@ -1,57 +0,0 @@ -// SPDX-License-Identifier: GPL-3.0-or-later - -#ifndef NETDATA_REGISTRY_PERSON_H -#define NETDATA_REGISTRY_PERSON_H 1 - -#include "registry_internals.h" - -// ---------------------------------------------------------------------------- -// PERSON structures - -// for each PERSON-URL pair we keep this -struct registry_person_url { - uint8_t flags; - - uint32_t usages; // how many times this has been accessed - - uint32_t first_t; // the first time we saw this - uint32_t last_t; // the last time we saw this - - REGISTRY_MACHINE *machine; // link the MACHINE of this URL - STRING *machine_name; // the hostname of the machine - STRING *url; // de-duplicated URL - - struct registry_person_url *prev, *next; -}; -typedef struct registry_person_url REGISTRY_PERSON_URL; - -// A person -struct registry_person { - char guid[GUID_LEN + 1]; // the person GUID - - REGISTRY_PERSON_URL *person_urls; // dictionary of PERSON_URLs - - uint32_t first_t; // the first time we saw this - uint32_t last_t; // the last time we saw this - uint32_t usages; // how many times this has been accessed -}; -typedef struct registry_person REGISTRY_PERSON; - -// PERSON_URL -REGISTRY_PERSON_URL *registry_person_url_index_find(REGISTRY_PERSON *p, STRING *url); -REGISTRY_PERSON_URL *registry_person_url_index_add(REGISTRY_PERSON *p, REGISTRY_PERSON_URL *pu) NEVERNULL WARNUNUSED; -REGISTRY_PERSON_URL *registry_person_url_index_del(REGISTRY_PERSON *p, REGISTRY_PERSON_URL *pu) WARNUNUSED; - -REGISTRY_PERSON_URL *registry_person_url_allocate(REGISTRY_PERSON *p, REGISTRY_MACHINE *m, STRING *url, char *machine_name, size_t machine_name_len, time_t when); -REGISTRY_PERSON_URL *registry_person_url_reallocate(REGISTRY_PERSON *p, REGISTRY_MACHINE *m, STRING *url, char *machine_name, size_t machine_name_len, time_t when, REGISTRY_PERSON_URL *pu); - -// PERSON -REGISTRY_PERSON *registry_person_find(const char *person_guid); -REGISTRY_PERSON *registry_person_allocate(const char *person_guid, time_t when); -REGISTRY_PERSON *registry_person_find_or_create(const char *person_guid, time_t when, bool is_dummy); - -// LINKING PERSON -> PERSON_URL -REGISTRY_PERSON_URL *registry_person_link_to_url(REGISTRY_PERSON *p, REGISTRY_MACHINE *m, STRING *url, char *machine_name, size_t machine_name_len, time_t when); -void registry_person_unlink_from_url(REGISTRY_PERSON *p, REGISTRY_PERSON_URL *pu); - -#endif //NETDATA_REGISTRY_PERSON_H |