Contenu connexe Similaire à MySQL Proxy. A powerful, flexible MySQL toolbox. (20) Plus de Miguel Araújo (10) MySQL Proxy. A powerful, flexible MySQL toolbox.1. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 121
2. MySQL Proxy
A powerful, flexible MySQL toolbox
Miguel Araújo
Software Developer @
MySQL Enterprise Tools
3 April 2014
3. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.3
Agenda
1. What is MySQL Proxy?
2. Overview / Concepts
3. Architecture
1. Usage
2. Plugins
4. Scenarios
1. Examples / Demo!
5. How can we improve?
6. Q/A
4. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.4
What is MySQL Proxy?
Do you know it?
5. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.5
What is MySQL Proxy?
●
Stands between the client and the server
●
“Speaks” MySQL
●
Can analyze, block, inject, rewrite, route queries...
●
A good MitM!
Do you know it?
6. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.6
Overview / Concepts
Transparent to the client
Supports all major platforms
GPLv2 license
Plugins layer
Customized with Lua scripts
7. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.7
Overview / Concepts
Transparent to the client
Supports all major platforms
GPLv2 license
Plugins layer
Customized with Lua scripts
8. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.8
Overview / Concepts
Use-cases
Query analysis
Query manipulation
Load balancing
Fail over
Sharding
R/W splitting
Pooling
9. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.9
Architecture
4 Layers
Chassis
La
scripting
10. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.10
Architecture
4 Layers
Chassis
Network Core
11. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.11
Architecture
4 Layers
Chassis
Network Core
Plugins
12. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.12
Architecture
4 Layers
Chassis
Network Core
Plugins
Lua
scripting
13. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.13
Architecture
Detail
14. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.14
How do I start proxy?
Which are the command-line options?
Can I have a configuration file?
How does it look like?
Architecture
Usage
15. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.15
Demo!
Architecture
Usage
16. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.16
Architecture
Plugins: Proxy plugin
MySQL Proxy “is” actually, the Proxy plugin
Accepts connections on its “--proxy-address”
Forwards data to the “--proxy-backend-addresses”
We can provide a Lua script with “--proxy-lua-script”
Exposes hooks to the scripting layer:
➔
connect_server()
➔
read_query()
➔
read_query_result()
➔
...
17. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.17
Demo!
Architecture
Plugins: Proxy plugin
18. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.18
Architecture
Plugins: Admin plugin
Administration interface
Only authenticated users can use it
➔
--admin-username
➔
--admin-password
Provides information about the proxy server
We must use a Lua script...
➔
--admin-lua-script
… to access the internal components of mysql-proxy
19. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.19
Demo!
Architecture
Plugins: Admin plugin
20. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.20
Scenarios
Query manipulation
Let's intercept some
user queries and
rewrite them...
21. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.21
Scenarios
Query manipulation
Let's intercept some
user queries and
rewrite them...
rewrite.lua
function read_query (packet)
if packet:byte() == proxy.COM_QUERY then
...
if string.match(string.upper(query),
'foo') then
proxy.queries:append(1,
string.char(proxy.COM_QUERY) .. "bar")
return proxy.PROXY_SEND_QUERY
end
end
end
22. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.22
Demo!
Scenarios
Query manipulation
23. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.23
Scenarios
Query injection
Let's inject some
useful SQL for certain
queries...
24. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.24
Scenarios
Query injection
Let's inject some
useful SQL for certain
queries...
inject.lua
function read_query (packet)
...
proxy.queries:append(2,
string.char(proxy.COM_QUERY) .. "SELECT
CURRENT_USER()", {resultset_is_needed = true})
...
end
function read_query_result(inj)
...
if (inj.id == 2) then
for row in inj.resultset.rows do
...
end
return proxy.PROXY_IGNORE_RESULT
end
end
25. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.25
Demo!
Scenarios
Query injection
26. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.26
Scenarios
Load balancing
27. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.27
Scenarios
Load balancing
ro-pooling.lua
function connect_server (packet)
--get a connection to a backend...
...
end
function read_auth_result (auth)
--successful connection? Put it on the pool
...
end
function read_query (packet)
--get the first idle server and choose it
for backend connection
...
end
function read_query_result (inj)
--manage backends use
end
function disconnect_client ()
--manage disconnected clients
end
28. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.28
Scenarios
R/W splitting
29. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.29
Scenarios
R/W splitting
rw-splitting.lua
function connect_server (packet)
--get a connection to a backend...
...
end
function read_auth_result (auth)
--successful connection? Put it on the pool
...
end
function read_query (packet)
--use the tokenizer to check if query is a
SELECT. If so pick an idle slave if not pick
the master
...
end
function read_query_result (inj)
--manage backends use
end
function disconnect_client ()
--manage disconnected clients
end
30. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.30
Demo!
Scenarios
R/W splitting
31. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.31
Used worldwide
Used in production
Scenarios
32. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.32
How can we improve?
Problems / Solutions
Performance issues due to global plugin lock
Plugins loaded at start
Scripting restricted to Lua
Admin plugin limited
Code can be optimized
0.8.4 Next... (0.9.0)
33. Copyright © 2014, Oracle and/or its affiliates. All rights reserved.33
Any questions?
Download from: http://dev.mysql.com/downloads/mysql-proxy/
Code @ launchpad.net/mysql-proxy
mailto: miguel.araujo@oracle.com; jan.kneschke@oracle.com;
mark.leith@oracle.com
IRC: miguelaraujo / weigon / leithal in #mysql-proxy on irc.freenode.net
Thanks!