@@ -47,7 +64,8 @@
rrdcached -[-l/-L address] +[-P permissions] +[-l address] [-w timeout] [-z delay] [-f timeout] @@ -77,135 +95,131 @@ section below.
Tells the daemon to bind to address and accept incoming connections on that
socket. If address begins with unix:, everything following that prefix is
interpreted as the path to a UNIX domain socket. Otherwise the address or node
-name are resolved using getaddrinfo.
-
For network sockets, a port may be specified by using the form
[address]:port. If the address is an IPv4 address or a fully
qualified domain name (i. e. the address contains at least one dot
(.)), the square brackets can be omitted, resulting in the (simpler)
-address:port pattern.. The default port is 42217/udp.
address:port pattern. The default port is 42217/udp. If you
+specify a network socket, it is mandatory to read the
+SECURITY CONSIDERATIONS section.
The following formats are accepted. Please note that the address of the UNIX domain socket must start with a slash in the second case!
-
unix:</path/to/unix.sock>
/<path/to/unix.sock>
<hostname-or-ip>
[<hostname-or-ip>]:<port>
<hostname-or-ipv4>:<port>
-If the -l option is not specified the default address,
unix:/tmp/rrdcached.sock, will be used.
Specifies the commands accepted via a network socket. This allows +administrators of RRDCacheD to control the actions accepted from various +sources.
+The arguments given to the -P option is a comma separated list of commands.
+For example, to allow the FLUSH and PENDING commands one could specify:
+ rrdcached -P FLUSH,PENDING $MORE_ARGUMENTS+
The -P option effects the following socket addresses (the following -l
+options). In the following example, only the IPv4 network socket (address
+10.0.0.1) will be restricted to the FLUSH and PENDING commands:
+ rrdcached -l unix:/some/path -P FLUSH,PENDING -l 10.0.0.1+
A complete list of available commands can be found in the section +Valid Commands below. There are two minor special exceptions:
+The HELP and QUIT commands are always allowed.
If the BATCH command is accepted, the . command will automatically
+be accepted, too.
Please also read SECURITY CONSIDERATIONS below.
Data is written to disk every timeout seconds. If this option is not +specified the default interval of 300 seconds will be used.
If specified, rrdcached will delay writing of each RRD for a random number of seconds in the range [0,delay). This will avoid too many writes being queued simultaneously. This value should be no greater than -the value specified in -w. By default, there is no delay. +the value specified in -w. By default, there is no delay.
Every timeout seconds the entire cache is searched for old values which are written to disk. This only concerns files to which updates have stopped, so setting this to a high value, such as 3600 seconds, is acceptable in most -cases. This timeout defaults to 3600 seconds. +cases. This timeout defaults to 3600 seconds.
$localststedir/run/rrdcached.pid will be used.
+Sets the name and location of the PID-file. If not specified, the default,
+$localststedir/run/rrdcached.pid will be used.
Specifies the number of threads used for writing RRD files. The default is 4. Increasing this number will allow rrdcached to have more simultaneous I/O requests into the kernel. This may allow the kernel to -re-order disk writes, resulting in better disk throughput. +re-order disk writes, resulting in better disk throughput.
Write updates to a journal in dir. In the event of a program or system crash, this will allow the daemon to write any updates that were pending -at the time of the crash. -
On startup, the daemon will check for journal files in this directory. If found, all updates therein will be read into memory before the daemon starts accepting new connections.
-The journal will be rotated with the same frequency as the flush timer given by -f.
-When journaling is enabled, the daemon will use a fast shutdown procedure. Rather than flushing all files to disk, it will make sure the journal is properly written and exit immediately. Although the RRD data files are not fully up-to-date, no information is lost; all pending updates will be replayed from the journal next time the daemon starts up.
-To disable fast shutdown, use the -F option.
ALWAYS flush all updates to the RRD data files when the daemon is shut +down, regardless of journal setting.
Run in the foreground. The daemon will not fork().
The daemon will change into a specific directory at startup. All files passed
to the daemon, that are specified by a relative path, will be interpreted
to be relative to this directory. If not given the default, /tmp, will be
-used.
-
+------------------------+------------------------+ ! Command line ! File updated ! @@ -217,34 +231,25 @@ used. Paths given on the command line and paths actually updated by the daemon, assuming the base directory "/tmp".-
WARNING: The paths up to and including the base directory MUST NOT BE symbolic links. In other words, if the base directory is specified as:
-
-b /base/dir/somewhere
-... then NONE of the following should be symbolic links:
-
/base
/base/dir
/base/dir/somewhere
Only permit writes into the base directory specified in -b (and any
sub-directories). This does NOT detect symbolic links. Paths
-containing ../ will also be blocked.
+containing ../ will also be blocked.
../ will also be blocked.
The following commands may be made aware of the rrdcached using the command line argument --daemon or the environment variable RRDCACHED_ADDRESS:
The update command can send values to the daemon instead of writing them to the disk itself. All other commands can send a FLUSH command (see below) to @@ -293,32 +298,32 @@ to the system logging daemon using syslog(3). The facility used is
When receiving an update, rrdcached does not write to disk but looks for an entry for that file in its internal tree. If not found, an entry is created -including the current time (called ``First'' in the diagram below). This time is +including the current time (called "First" in the diagram below). This time is not the time specified on the command line but the time the operating system -considers to be ``now''. The value and time of the value (called ``Time'' in the +considers to be "now". The value and time of the value (called "Time" in the diagram below) are appended to the tree node.
When appending a value to a tree node, it is checked whether it's time to write
the values to disk. Values are written to disk if
now() - First >= timeout, where timeout is the timeout specified
-using the -w option, see OPTIONS. If the values are ``old enough'' they
-will be enqueued in the ``update queue'', i. e. they will be appended to
+using the -w option, see OPTIONS. If the values are "old enough" they
+will be enqueued in the "update queue", i. e. they will be appended to
the linked list shown below. Because the tree nodes and the elements of the
linked list are the same data structures in memory, any update to a file that
has already been enqueued will be written with the next write to the RRD file,
too.
A separate ``update thread'' constantly dequeues the first element in the update +
A separate "update thread" constantly dequeues the first element in the update queue and writes all its values to the appropriate file. So as long as the update queue is not empty files are written at the highest possible rate.
Since the timeout of files is checked only when new values are added to the -file, ``dead'' files, i. e. files that are not updated anymore, would never +file, "dead" files, i. e. files that are not updated anymore, would never be written to disk. Therefore, every now and then, controlled by the -f -option, the entire tree is walked and all ``old'' values are enqueued. Since this -only affects ``dead'' files and walking the tree is relatively expensive, you -should set the ``flush interval'' to a reasonably high value. The default is +option, the entire tree is walked and all "old" values are enqueued. Since this +only affects "dead" files and walking the tree is relatively expensive, you +should set the "flush interval" to a reasonably high value. The default is 3600 seconds (one hour).
The downside of caching values is that they won't show up in graphs generated -from the RRD files. To get around this, the daemon provides the ``flush -command'' to flush specific files. This means that the file is inserted at the +from the RRD files. To get around this, the daemon provides the "flush +command" to flush specific files. This means that the file is inserted at the head of the update queue or moved there if it is already enqueued. The flush command will return only after the file's pending updates have been written to disk.
@@ -350,62 +355,81 @@ to disk. +------------+ +------------+ +------------+The above diagram demonstrates:
Files/values are stored in a (balanced) tree.
+Tree nodes and entries in the update queue are the same data structure.
+The local time ("First") and the time specified in updates ("Time") may differ.
+Timed out values are inserted at the "tail".
+Explicitly flushed values are inserted at the "head".
+ASCII art rocks.
+
The client/server protocol does not have any authentication or -authorization mechanism. Therefore, take care to restrict which users can -connect to the daemon.
-Control sockets are divided into high-privilege (-l) and low-privilege -(-L) sockets. High-privilege sockets accept all commands, whereas -low-privilege sockets accept only FLUSH, STATS, and HELP.
-For a multi-user environment where only certain users require read/write -access, the recommended configuration uses two sockets as follows:
-If you (want to) use the network capability, i. e. let the daemon bind to -an IPv4 or IPv6 socket, it is your job to install a packet filter or similar -mechanism to prevent unauthorized connections. Unless you have a dedicated VLAN -or VPN for this, using the network option is probably a bad idea!
++
+There is no authentication.
+The client/server protocol does not yet have any authentication mechanism. It +is likely that authentication and encryption will be added in a future version, +but for the time being it is the administrator's responsibility to secure the +traffic from/to the daemon!
+It is highly recommended to install a packet filter or similar mechanism to +prevent unauthorized connections. Unless you have a dedicated VLAN or VPN for +this, using network sockets is probably a bad idea!
++
+There is minimal per-socket authorization.
+Authorization is currently done on a per-socket basis. That means each socket +has a list of commands it will accept and it will accept. It will accept only +those commands explicitly listed but it will (currently) accept these commands +from anyone reaching the socket.
+If the networking sockets are to be used, it is necessary to restrict the
+accepted commands to those needed by external clients. If, for example,
+external clients want to draw graphs of the cached data, they should only be
+allowed to use the FLUSH command.
+
+There is no encryption.
+Again, this may be added in the future, but for the time being it is your job +to keep your private data private. Install a VPN or an encrypted tunnel if you +statistics are confidential!
++
+There is no sanity checking.
The daemon will blindly write to any file it gets told, so you really should create a separate user just for this daemon. Also it does not do any sanity checks, so if it gets told to write values for a time far in the future, your files will be messed up good!
++
+Security is the job of the administrator.
+We recommend to allow write access via UNIX domain sockets only.
+You have been warned.
+
The daemon communicates with clients using a line based ASCII protocol which is easy to read and easy to type. This makes it easy for scripts to implement the protocol and possible for users to use telnet to connect to the daemon -and test stuff ``by hand''.
+and test stuff "by hand".The protocol is line based, this means that each record consists of one or more
lines. A line is terminated by the line feed character 0x0A, commonly
written as \n. In the examples below, this character will be written as
-<LF> (``line feed'').
<LF> ("line feed").
After the connection has been established, the client is expected to send a -``command''. A command consists of the command keyword, possibly some arguments, +"command". A command consists of the command keyword, possibly some arguments, and a terminating newline character. For a list of commands, see Valid Commands below.
Example:
@@ -442,72 +466,58 @@ status line.The following commands are understood by the daemon:
Causes the daemon to put filename to the head of the update queue (possibly moving it there if the node is already enqueued). The answer will be -sent after the node has been dequeued. +sent after the node has been dequeued.
Causes the daemon to start flushing ALL pending values to disk. This +returns immediately, even though the writes may take a long time.
Shows any "pending" updates for a file, in order. The updates shown have +not yet been written to the underlying RRD file.
Removes filename from the cache. Any pending updates WILL BE LOST.
Shows the files that are on the output queue. Returns zero or more lines in the following format, where <num_vals> is the number of values -to be written for the <file>: -
<num_vals> <file>
Returns a short usage message. If no command is given, or command is HELP, a list of commands supported by the daemon is returned. Otherwise a short description, possibly containing a pointer to a manual page, is returned. Obviously, this is meant for interactive usage and the format in which the -commands and usage summaries are returned is not well defined. +commands and usage summaries are returned is not well defined.
Returns a list of metrics which can be used to measure the daemons performance and check its status. For a description of the values returned, see -Performance Values below. -
The format in which the values are returned is similar to many other line based protocols: Each value is printed on a separate line, each consisting of the name of the value, a colon, one or more spaces and the actual value.
-Example:
-9 Statistics follow QueueLength: 0 @@ -520,49 +530,38 @@ name of the value, a colon, one or more spaces and the actual value. JournalBytes: 190 JournalRotate: 0
Adds more data to a filename. This is the operation the daemon was designed for, so describing the mechanism again is unnecessary. Read HOW IT WORKS -above for a detailed explanation. -
Note that rrdcached only accepts absolute timestamps in the update values. -Updates strings like ``N:1:2:3'' are automatically converted to absolute +Updates strings like "N:1:2:3" are automatically converted to absolute time by the RRD client library before sending to rrdcached.
This command is written to the journal after a file is successfully written out to disk. It is used during journal replay to determine which updates have already been applied. It is only valid in the journal; it -is not accepted from the other command channels. +is not accepted from the other command channels.
This command initiates the bulk load of multiple commands. This is
designed for installations with extremely high update rates, since it
-permits more than one command to be issued per read() and write().
-
read() and write().
All commands are executed just as they would be if given individually, except for output to the user. Messages indicating success are suppressed, and error messages are delayed until the client is finished.
-Command processing is finished when the client sends a dot (``.'') on its +
Command processing is finished when the client sends a dot (".") on its own line. After the client has finished, the server responds with an error count and the list of error messages (if any). Each error messages indicates the number of the command to which it corresponds, and the error message itself. The first user command after BATCH is command number one.
-
client: BATCH
server: 0 Go ahead. End with dot '.' on its own line.
@@ -574,105 +573,94 @@ message itself. The first user command after BATCH is command
server: 1 message for command 1
server: 12 message for command 12
Disconnect from rrdcached.
The following counters are returned by the STATS command:
Number of nodes currently enqueued in the update queue.
Number of UPDATE commands received.
Number of FLUSH commands received.
rrd_update_r, since the
-daemon was started.
+Total number of updates, i. e. calls to rrd_update_r, since the
+daemon was started.
Total number of "data sets" written to disk since the daemon was
started. A data set is one or more values passed to the UPDATE
command. For example: 1223661439:123:456 is one data set with two
-values. The term ``data set'' is used to prevent confusion whether
-individual values or groups of values are counted.
+values. The term "data set" is used to prevent confusion whether
+individual values or groups of values are counted.
Number of nodes in the cache.
Depth of the tree used for fast key lookup.
Total number of bytes written to the journal since startup.
Number of times the journal has been rotated since startup.
The daemon exits normally on receipt of either of these signals. Pending +updates are handled in accordance with the -j and -F options.
The daemon exits AFTER flushing all updates out to disk. This may take a +while.
The daemon exits immediately, without flushing updates out to disk. Pending updates will be replayed from the journal when the daemon starts up again. WARNING: if journaling (-j) is NOT enabled, any pending -updates WILL BE LOST. +updates WILL BE LOST.