diff --git a/en/admin/config.rst b/en/admin/config.rst index 4ccaade20..ac81d6441 100644 --- a/en/admin/config.rst +++ b/en/admin/config.rst @@ -2439,145 +2439,147 @@ Broker System Parameters The following table shows the broker parameters available in the broker configuration file (**cubrid_broker.conf**). For details, see :ref:`broker-common-parameters` and :ref:`parameter-by-broker`. You can temporarily change the parameter of which configuration values can be dynamically changed by using the **broker_changer** utility. To apply configuration values even after restarting all brokers with **cubrid broker restart**, you should change the values in the **cubrid_broker.conf** file. -+---------------------------------+-------------------------+---------------------------------+--------+------------------------------+-----------+ -| Category | Use | Parameter Name | Type | Default Value | Dynamic | -| | | | | | Changes | -+=================================+=========================+=================================+========+==============================+===========+ -| :ref:`broker-common-parameters` | Access | ACCESS_CONTROL | bool | no | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | ACCESS_CONTROL_FILE | string | | | -| +-------------------------+---------------------------------+--------+------------------------------+-----------+ -| | Logging | ADMIN_LOG_FILE | string | log/broker/cubrid_broker.log | | -| +-------------------------+---------------------------------+--------+------------------------------+-----------+ -| | Broker server | MASTER_SHM_ID | int | 30,001 | | -| | (cub_broker) | | | | | -+---------------------------------+-------------------------+---------------------------------+--------+------------------------------+-----------+ -| :ref:`parameter-by-broker` | Access | ACCESS_LIST | string | | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | ACCESS_MODE | string | RW | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | BROKER_PORT | int | 30,000(max : 65,535) | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | CONNECT_ORDER | string | SEQ | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | ENABLE_MONITOR_HANG | string | OFF | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | KEEP_CONNECTION | string | AUTO | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | MAX_NUM_DELAYED_HOSTS_LOOKUP | int | -1 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | PREFERRED_HOSTS | string | | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | RECONNECT_TIME | sec | 600 | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | REPLICA_ONLY | string | OFF | | -| +-------------------------+---------------------------------+--------+------------------------------+-----------+ -| | Broker App. Server(CAS) | APPL_SERVER_MAX_SIZE | MB | Windows 32bit: 40, | available | -| | | | | Windows 64bit: 80, | | -| | | | | Linux: 0(max: 2,097,151) | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | APPL_SERVER_MAX_SIZE_HARD_LIMIT | MB | 1,024 | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | APPL_SERVER_PORT | int | BROKER_PORT+1 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | APPL_SERVER_SHM_ID | int | 30,000 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | AUTO_ADD_APPL_SERVER | string | ON | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | MAX_NUM_APPL_SERVER | int | 40 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | MIN_NUM_APPL_SERVER | int | 5 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | TIME_TO_KILL | sec | 120 | available | -| +-------------------------+---------------------------------+--------+------------------------------+-----------+ -| | Transaction & Query | CCI_DEFAULT_AUTOCOMMIT | string | ON | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | LONG_QUERY_TIME | sec | 60(max: 86,400) | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | LONG_TRANSACTION_TIME | sec | 60(max: 86,400) | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | MAX_PREPARED_STMT_COUNT | int | 2,000(min: 1) | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | MAX_QUERY_TIMEOUT | sec | 0(max: 86,400) | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SESSION_TIMEOUT | sec | 300 | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | STATEMENT_POOLING | string | ON | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | JDBC_CACHE | string | OFF | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | JDBC_CACHE_HINT_ONLY | string | OFF | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | JDBC_CACHE_LIFE_TIME | sec | 1000 | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | TRIGGER_ACTION | string | ON | available | -| +-------------------------+---------------------------------+--------+------------------------------+-----------+ -| | Logging | ACCESS_LOG | string | OFF | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | ACCESS_LOG_DIR | string | log/broker | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | ACCESS_LOG_MAX_SIZE | KB | 10M(max: 2G) | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | ERROR_LOG_DIR | string | log/broker/error_log | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | LOG_DIR | string | log/broker/sql_log | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SLOW_LOG | string | ON | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SLOW_LOG_DIR | string | log/broker/sql_log | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SQL_LOG | string | ON | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SQL_LOG_MAX_SIZE | KB | 10,000 | available | -| +-------------------------+---------------------------------+--------+------------------------------+-----------+ -| | Shard | SHARD | string | OFF | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_CONNECTION_FILE | string | shard_connection.txt | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_DB_NAME | string | | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_DB_PASSWORD | string | | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_DB_USER | string | | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_IGNORE_HINT | string | OFF | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_KEY_FILE | string | shard_key.txt | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_KEY_FUNCTION_NAME | string | | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_KEY_LIBRARY_NAME | string | | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_KEY_MODULAR | int | 256 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_MAX_CLIENTS | int | 256 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_MAX_PREPARED_STMT_COUNT | int | 10,000 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_NUM_PROXY | int | 1 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_PROXY_CONN_WAIT_TIMEOUT | sec | 8h | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_PROXY_LOG | string | ERROR | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_PROXY_LOG_DIR | string | log/broker/proxy_log | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_PROXY_LOG_MAX_SIZE | KB | 100,000 | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_PROXY_SHM_ID | int | | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_PROXY_TIMEOUT | sec | 30(second) | | -| +-------------------------+---------------------------------+--------+------------------------------+-----------+ -| | Etc | MAX_STRING_LENGTH | int | -1 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SERVICE | string | ON | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SSL | string | OFF | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SOURCE_ENV | string | cubrid.env | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | NET_BUF_SIZE | KB | 16K | | -+---------------------------------+-------------------------+---------------------------------+--------+------------------------------+-----------+ ++---------------------------------+-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| Category | Use | Parameter Name | Type | Default Value | Dynamic | +| | | | | | Changes | ++=================================+=========================+=========================================+========+==============================+===========+ +| :ref:`broker-common-parameters` | Access | ACCESS_CONTROL | bool | no | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | ACCESS_CONTROL_FILE | string | | | +| +-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| | Logging | ADMIN_LOG_FILE | string | log/broker/cubrid_broker.log | | +| +-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| | Broker server | MASTER_SHM_ID | int | 30,001 | | +| | (cub_broker) | | | | | ++---------------------------------+-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| :ref:`parameter-by-broker` | Access | ACCESS_LIST | string | | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | ACCESS_MODE | string | RW | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | BROKER_PORT | int | 30,000(max : 65,535) | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | CONNECT_ORDER | string | SEQ | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | ENABLE_MONITOR_HANG | string | OFF | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | KEEP_CONNECTION | string | AUTO | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | MAX_NUM_DELAYED_HOSTS_LOOKUP | int | -1 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | PREFERRED_HOSTS | string | | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | RECONNECT_TIME | sec | 600 | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | REPLICA_ONLY | string | OFF | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER | bool | DENY | | +| +-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| | Broker App. Server(CAS) | APPL_SERVER_MAX_SIZE | MB | Windows 32bit: 40, | available | +| | | | | Windows 64bit: 80, | | +| | | | | Linux: 0(max: 2,097,151) | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | APPL_SERVER_MAX_SIZE_HARD_LIMIT | MB | 1,024 | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | APPL_SERVER_PORT | int | BROKER_PORT+1 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | APPL_SERVER_SHM_ID | int | 30,000 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | AUTO_ADD_APPL_SERVER | string | ON | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | MAX_NUM_APPL_SERVER | int | 40 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | MIN_NUM_APPL_SERVER | int | 5 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | TIME_TO_KILL | sec | 120 | available | +| +-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| | Transaction & Query | CCI_DEFAULT_AUTOCOMMIT | string | ON | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | LONG_QUERY_TIME | sec | 60(max: 86,400) | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | LONG_TRANSACTION_TIME | sec | 60(max: 86,400) | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | MAX_PREPARED_STMT_COUNT | int | 2,000(min: 1) | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | MAX_QUERY_TIMEOUT | sec | 0(max: 86,400) | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SESSION_TIMEOUT | sec | 300 | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | STATEMENT_POOLING | string | ON | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | JDBC_CACHE | string | OFF | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | JDBC_CACHE_HINT_ONLY | string | OFF | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | JDBC_CACHE_LIFE_TIME | sec | 1000 | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | TRIGGER_ACTION | string | ON | available | +| +-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| | Logging | ACCESS_LOG | string | OFF | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | ACCESS_LOG_DIR | string | log/broker | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | ACCESS_LOG_MAX_SIZE | KB | 10M(max: 2G) | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | ERROR_LOG_DIR | string | log/broker/error_log | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | LOG_DIR | string | log/broker/sql_log | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SLOW_LOG | string | ON | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SLOW_LOG_DIR | string | log/broker/sql_log | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SQL_LOG | string | ON | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SQL_LOG_MAX_SIZE | KB | 10,000 | available | +| +-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| | Shard | SHARD | string | OFF | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_CONNECTION_FILE | string | shard_connection.txt | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_DB_NAME | string | | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_DB_PASSWORD | string | | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_DB_USER | string | | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_IGNORE_HINT | string | OFF | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_KEY_FILE | string | shard_key.txt | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_KEY_FUNCTION_NAME | string | | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_KEY_LIBRARY_NAME | string | | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_KEY_MODULAR | int | 256 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_MAX_CLIENTS | int | 256 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_MAX_PREPARED_STMT_COUNT | int | 10,000 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_NUM_PROXY | int | 1 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_PROXY_CONN_WAIT_TIMEOUT | sec | 8h | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_PROXY_LOG | string | ERROR | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_PROXY_LOG_DIR | string | log/broker/proxy_log | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_PROXY_LOG_MAX_SIZE | KB | 100,000 | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_PROXY_SHM_ID | int | | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_PROXY_TIMEOUT | sec | 30(second) | | +| +-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| | Etc | MAX_STRING_LENGTH | int | -1 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SERVICE | string | ON | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SSL | string | OFF | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SOURCE_ENV | string | cubrid.env | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | NET_BUF_SIZE | KB | 16K | | ++---------------------------------+-------------------------+-----------------------------------------+--------+------------------------------+-----------+ Default Parameters ^^^^^^^^^^^^^^^^^^ @@ -2722,6 +2724,16 @@ Access Please note that replication mismatch occurs when you write the data directly to the replica DB. +.. _access_control_behavior_for_emptybroker: + +**ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** + + If no broker is specified in **ACCESS_CONTROL_FILE** and the value of **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** is **ALLOW** , all access to the broker are allowed. The default is **DENY**. For more information, see :ref:`limiting-broker-access`. + + .. note:: + + The settings value ALLOW or DENY for **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** is valid only when **ACCESS_CONTROL** is set to **ON**. If it is set to **OFF**, the setting value is not applicable. + Broker App. Server(CAS) ^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/en/admin/control.rst b/en/admin/control.rst index 92a16beba..89ae67265 100644 --- a/en/admin/control.rst +++ b/en/admin/control.rst @@ -1462,8 +1462,8 @@ Limiting Broker Access ---------------------- To limit the client applications accessing the broker, set to **ON** for the **ACCESS_ CONTROL** parameter in the **cubrid_broker.conf** file, and enter a name of the file in which the users and the list of databases and IP addresses allowed to access the **ACCESS_CONTROL_FILE** parameter value are written. -The default value of the **ACCESS_CONTROL** broker parameter is **OFF**. -The **ACCESS_CONTROL** and **ACCESS_CONTROL_FILE** parameters must be written under [broker] which common parameters are specified. +The default value of the **ACCESS_CONTROL** broker parameter is **OFF**. All access to brokers not listed in **ACCESS_CONTROL_FILE** is restricted. Even if not listed in **ACCESS_CONTROL_FILE**, you can allow access to a specific broker by setting **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** to **ALLOW** for that broker. +The **ACCESS_CONTROL** and **ACCESS_CONTROL_FILE** parameters must be written under the [broker] section where common parameters are specified. On the other hand, the **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** parameter must be specified for each broker. The format of **ACCESS_CONTROL_FILE** is as follows: @@ -1491,6 +1491,12 @@ The format of the ip_list_file is as follows: * : An IP address that is allowed to access the server. If the last digit of the address is specified as \*, all IP addresses in that rage are allowed to access the broker server. If a value for **ACCESS_CONTROL** is set to ON and a value for **ACCESS_CONTROL_FILE** is not specified, the broker will only allow the access requests from the localhost. +However, if **ACCESS_CONTROL_FILE** is not specified, all requests are allowed for brokers with **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** set to **ALLOW**. + +Broker access restrictions not specified in **ACCESS_CONTROL_FILE**. + +* Allow access only from localhost. (default) +* If **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** is set to **ALLOW**, all access is allowed. If the analysis of **ACCESS_CONTROL_FILE** and ip_list_file fails when starting a broker, the broker will not be run. @@ -1505,6 +1511,7 @@ If the analysis of **ACCESS_CONTROL_FILE** and ip_list_file fails when starting [%QUERY_EDITOR] SERVICE =ON BROKER_PORT =30000 + ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER = ALLOW ...... The following example shows the content of **ACCESS_CONTROL_FILE**. The * symbol represents everything, and you can use it when you want to specify database names, database user IDs and IPs in the IP list file which are allowed to access the broker server. @@ -1578,6 +1585,7 @@ The below is an example of displaying results. ACCESS_CONTROL_FILE=access_file.txt [%broker1] + ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER=DENY demodb:dba:iplist1.txt CLIENT IP LAST ACCESS TIME ========================================== @@ -1591,7 +1599,12 @@ The below is an example of displaying results. CLIENT IP LAST ACCESS TIME ========================================== * 2013-11-08 10:10:12 - + + [%broker2] + ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER=ALLOW + + ++ cubrid broker acl: success + **Broker Logs** If you try to access brokers through IP addresses that are not allowed, the following logs will be created. diff --git a/ko/admin/config.rst b/ko/admin/config.rst index c6adb0ba5..ac63c57b5 100644 --- a/ko/admin/config.rst +++ b/ko/admin/config.rst @@ -2412,143 +2412,145 @@ cubrid_broker.conf 설정 파일과 기본 제공 파라미터 다음은 **cubrid_broker.conf** 설정 파일에 사용할 수 있는 브로커 파라미터이다. 각 파라미터에 대한 설명은 :ref:`broker-common-parameters` 및 :ref:`parameter-by-broker` 를 참조한다. 동적으로 설정값 변경이 가능한 파라미터는 **broker_changer** 유틸리티를 이용하여 한시적으로 변경할 수 있다. **cubrid broker restart** 로 전체 브로커를 재시작한 후에도 값이 적용되도록 하려면 **cubrid_broker.conf** 에 설정된 값을 변경해 두어야 한다. -+---------------------------------+-------------------------+---------------------------------+--------+------------------------------+-----------+ -| 적용 구분 | 용도 | 파라미터 이름 | 타입 | 기본값 | 동적 변경 | -+=================================+=========================+=================================+========+==============================+===========+ -| :ref:`broker-common-parameters` | 접속 | ACCESS_CONTROL | bool | no | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | ACCESS_CONTROL_FILE | string | | | -| +-------------------------+---------------------------------+--------+------------------------------+-----------+ -| | 로그 | ADMIN_LOG_FILE | string | log/broker/cubrid_broker.log | | -| +-------------------------+---------------------------------+--------+------------------------------+-----------+ -| | 브로커 서버(cub_broker) | MASTER_SHM_ID | int | 30,001 | | -+---------------------------------+-------------------------+---------------------------------+--------+------------------------------+-----------+ -| :ref:`parameter-by-broker` | 접속 | ACCESS_LIST | string | | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | ACCESS_MODE | string | RW | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | BROKER_PORT | int | 30,000(최대값: 65,535) | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | CONNECT_ORDER | string | SEQ | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | ENABLE_MONITOR_HANG | string | OFF | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | KEEP_CONNECTION | string | AUTO | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | MAX_NUM_DELAYED_HOSTS_LOOKUP | int | -1 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | PREFERRED_HOSTS | string | | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | RECONNECT_TIME | sec | 600 | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | REPLICA_ONLY | string | OFF | | -| +-------------------------+---------------------------------+--------+------------------------------+-----------+ -| | 브로커 응용 서버(CAS) | APPL_SERVER_MAX_SIZE | MB | Windows 32비트: 40, | 가능 | -| | | | | Windows 64비트: 80, | | -| | | | | Linux: 0 (최대값: 2,097,151) | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | APPL_SERVER_MAX_SIZE_HARD_LIMIT | MB | 1,024(최대값: 2,097,151) | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | APPL_SERVER_PORT | int | BROKER_PORT+1 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | APPL_SERVER_SHM_ID | int | 30,000 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | AUTO_ADD_APPL_SERVER | string | ON | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | MAX_NUM_APPL_SERVER | int | 40 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | MIN_NUM_APPL_SERVER | int | 5 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | TIME_TO_KILL | sec | 120 | 가능 | -| +-------------------------+---------------------------------+--------+------------------------------+-----------+ -| | 트랜잭션 및 질의 | CCI_DEFAULT_AUTOCOMMIT | string | ON | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | LONG_QUERY_TIME | sec | 60(최대값: 86,400) | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | LONG_TRANSACTION_TIME | sec | 60(최대값: 86,400) | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | MAX_PREPARED_STMT_COUNT | int | 2,000(최소값: 1) | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | MAX_QUERY_TIMEOUT | sec | 0(최대값: 86,400) | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SESSION_TIMEOUT | sec | 300 | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | STATEMENT_POOLING | string | ON | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | JDBC_CACHE | string | OFF | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | JDBC_CACHE_HINT_ONLY | string | OFF | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | JDBC_CACHE_LIFE_TIME | sec | 1000 | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | TRIGGER_ACTION | string | ON | 가능 | -| +-------------------------+---------------------------------+--------+------------------------------+-----------+ -| | 로그 | ACCESS_LOG | string | OFF | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | ACCESS_LOG_DIR | string | log/broker | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | ACCESS_LOG_MAX_SIZE | KB | 10M(최대값: 2G) | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | ERROR_LOG_DIR | string | log/broker/error_log | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | LOG_DIR | string | log/broker/sql_log | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SLOW_LOG | string | ON | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SLOW_LOG_DIR | string | log/broker/sql_log | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SQL_LOG | string | ON | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SQL_LOG_MAX_SIZE | KB | 10000 | 가능 | -| +-------------------------+---------------------------------+--------+------------------------------+-----------+ -| | 샤드 | SHARD | string | OFF | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_CONNECTION_FILE | string | shard_connection.txt | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_DB_NAME | string | | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_DB_PASSWORD | string | | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_DB_USER | string | | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_IGNORE_HINT | string | OFF | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_KEY_FILE | string | shard_key.txt | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_KEY_FUNCTION_NAME | string | | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_KEY_LIBRARY_NAME | string | | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_KEY_MODULAR | int | 256 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_MAX_CLIENTS | int | 256 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_MAX_PREPARED_STMT_COUNT | int | 10,000 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_NUM_PROXY | int | 1 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_PROXY_CONN_WAIT_TIMEOUT | sec | 8h | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_PROXY_LOG | string | ERROR | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_PROXY_LOG_DIR | string | log/broker/proxy_log | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_PROXY_LOG_MAX_SIZE | KB | 100,000 | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_PROXY_SHM_ID | int | | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_PROXY_TIMEOUT | sec | 30(초) | | -| +-------------------------+---------------------------------+--------+------------------------------+-----------+ -| | 기타 | MAX_STRING_LENGTH | int | -1 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SERVICE | string | ON | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SSL | string | OFF | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SOURCE_ENV | string | cubrid.env | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | NET_BUF_SIZE | KB | 16K | | -+---------------------------------+-------------------------+---------------------------------+--------+------------------------------+-----------+ ++---------------------------------+-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| 적용 구분 | 용도 | 파라미터 이름 | 타입 | 기본값 | 동적 변경 | ++=================================+=========================+=========================================+========+==============================+===========+ +| :ref:`broker-common-parameters` | 접속 | ACCESS_CONTROL | bool | no | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | ACCESS_CONTROL_FILE | string | | | +| +-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| | 로그 | ADMIN_LOG_FILE | string | log/broker/cubrid_broker.log | | +| +-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| | 브로커 서버(cub_broker) | MASTER_SHM_ID | int | 30,001 | | ++---------------------------------+-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| :ref:`parameter-by-broker` | 접속 | ACCESS_LIST | string | | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | ACCESS_MODE | string | RW | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | BROKER_PORT | int | 30,000(최대값: 65,535) | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | CONNECT_ORDER | string | SEQ | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | ENABLE_MONITOR_HANG | string | OFF | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | KEEP_CONNECTION | string | AUTO | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | MAX_NUM_DELAYED_HOSTS_LOOKUP | int | -1 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | PREFERRED_HOSTS | string | | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | RECONNECT_TIME | sec | 600 | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | REPLICA_ONLY | string | OFF | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER | bool | DENY | | +| +-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| | 브로커 응용 서버(CAS) | APPL_SERVER_MAX_SIZE | MB | Windows 32비트: 40, | 가능 | +| | | | | Windows 64비트: 80, | | +| | | | | Linux: 0 (최대값: 2,097,151) | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | APPL_SERVER_MAX_SIZE_HARD_LIMIT | MB | 1,024(최대값: 2,097,151) | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | APPL_SERVER_PORT | int | BROKER_PORT+1 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | APPL_SERVER_SHM_ID | int | 30,000 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | AUTO_ADD_APPL_SERVER | string | ON | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | MAX_NUM_APPL_SERVER | int | 40 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | MIN_NUM_APPL_SERVER | int | 5 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | TIME_TO_KILL | sec | 120 | 가능 | +| +-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| | 트랜잭션 및 질의 | CCI_DEFAULT_AUTOCOMMIT | string | ON | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | LONG_QUERY_TIME | sec | 60(최대값: 86,400) | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | LONG_TRANSACTION_TIME | sec | 60(최대값: 86,400) | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | MAX_PREPARED_STMT_COUNT | int | 2,000(최소값: 1) | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | MAX_QUERY_TIMEOUT | sec | 0(최대값: 86,400) | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SESSION_TIMEOUT | sec | 300 | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | STATEMENT_POOLING | string | ON | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | JDBC_CACHE | string | OFF | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | JDBC_CACHE_HINT_ONLY | string | OFF | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | JDBC_CACHE_LIFE_TIME | sec | 1000 | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | TRIGGER_ACTION | string | ON | 가능 | +| +-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| | 로그 | ACCESS_LOG | string | OFF | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | ACCESS_LOG_DIR | string | log/broker | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | ACCESS_LOG_MAX_SIZE | KB | 10M(최대값: 2G) | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | ERROR_LOG_DIR | string | log/broker/error_log | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | LOG_DIR | string | log/broker/sql_log | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SLOW_LOG | string | ON | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SLOW_LOG_DIR | string | log/broker/sql_log | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SQL_LOG | string | ON | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SQL_LOG_MAX_SIZE | KB | 10000 | 가능 | +| +-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| | 샤드 | SHARD | string | OFF | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_CONNECTION_FILE | string | shard_connection.txt | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_DB_NAME | string | | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_DB_PASSWORD | string | | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_DB_USER | string | | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_IGNORE_HINT | string | OFF | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_KEY_FILE | string | shard_key.txt | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_KEY_FUNCTION_NAME | string | | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_KEY_LIBRARY_NAME | string | | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_KEY_MODULAR | int | 256 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_MAX_CLIENTS | int | 256 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_MAX_PREPARED_STMT_COUNT | int | 10,000 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_NUM_PROXY | int | 1 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_PROXY_CONN_WAIT_TIMEOUT | sec | 8h | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_PROXY_LOG | string | ERROR | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_PROXY_LOG_DIR | string | log/broker/proxy_log | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_PROXY_LOG_MAX_SIZE | KB | 100,000 | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_PROXY_SHM_ID | int | | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_PROXY_TIMEOUT | sec | 30(초) | | +| +-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| | 기타 | MAX_STRING_LENGTH | int | -1 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SERVICE | string | ON | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SSL | string | OFF | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SOURCE_ENV | string | cubrid.env | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | NET_BUF_SIZE | KB | 16K | | ++---------------------------------+-------------------------+-----------------------------------------+--------+------------------------------+-----------+ 기본 제공 파라미터 ^^^^^^^^^^^^^^^^^^ @@ -2693,6 +2695,16 @@ CUBRID 설치 시 생성되는 기본 브로커 설정 파일인 **cubrid_broker 레플리카에 직접 데이터를 쓰는 경우 복제 불일치가 발생함에 주의해야 한다. +.. _access_control_behavior_for_emptybroker: + +**ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** + + **ACCESS_CONTROL_FILE** 에 지정한 브로커가 없고 **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** 의 값이 **ALLOW** 인 경우, 브로커에 접속을 모두 허용한다. 기본값은 **DENY** 이다. 자세한 내용은 :ref:`limiting-broker-access` 을 참고한다. + + .. note:: + + **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** 의 설정값 **ALLOW** 또는 **DENY** 는 **ACCESS_CONTROL** 이 **ON** 일 때만 유효하며, **OFF** 일 경우에는 설정값이 적용되지 않습니다. + 브로커 응용 서버(CAS) ^^^^^^^^^^^^^^^^^^^^^ diff --git a/ko/admin/control.rst b/ko/admin/control.rst index 748d0ac8d..2e796be61 100644 --- a/ko/admin/control.rst +++ b/ko/admin/control.rst @@ -1454,8 +1454,9 @@ SHARD-Q는 Shard Waiting Queue를 줄인 말이다. SHARD proxy 프로세스가 --------------------- 브로커에 접속하는 응용 클라이언트를 제한하려면 **cubrid_broker.conf**\의 **ACCESS_CONTROL** 파라미터 값을 ON으로 설정하고, **ACCESS_CONTROL_FILE** 파라미터 값에 접속을 허용하는 사용자와 데이터베이스 및 IP 목록을 작성한 파일 이름을 입력한다. +만약 ACCESS_CONTROL_FILE에 브로커 이름이 없으면, 해당 브로커로의 모든 접속이 제한된다. 이 경우, ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER 파라미터를 설정하여 모든 접속을 허용할 수 있다. **ACCESS_CONTROL** 브로커 파라미터의 기본값은 **OFF**\이다. -**ACCESS_CONTROL**, **ACCESS_CONTROL_FILE** 파라미터는 공통 적용 파라미터가 위치하는 [broker] 아래에 작성해야 한다. +**ACCESS_CONTROL**, **ACCESS_CONTROL_FILE** 파라미터는 공통 적용 파라미터가 위치하는 [broker] 아래에 작성해야 하며, **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** 파라미터는 각각의 브로커에 작성하야 한다. **ACCESS_CONTROL_FILE**\ 의 형식은 다음과 같다. @@ -1482,7 +1483,13 @@ ip_list_file의 작성 형식은 다음과 같다. * : 접근을 허용할 IP 명. 뒷자리를 \*로 입력하면 뒷자리의 모든 IP를 허용한다. -**ACCESS_CONTROL** 값이 ON인 상태에서 **ACCESS_CONTROL_FILE**\이 지정되지 않으면 브로커는 localhost에서의 접속 요청만을 허용한다. +**ACCESS_CONTROL** 값이 ON 상태에서 **ACCESS_CONTROL_FILE**\에 지정되지 않으면 브로커는 localhost에서만 접속을 허용한다. +그러나 **ACCESS_CONTROL_FILE** 에 지정되지 않은 브로커의 경우, **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** 의 값을 ALLOW로 설정한 브로커들에 대해서는 모든 접속 요청을 허용한다. + +**ACCESS_CONTROL_FILE** 에 지정되지 않은 브로커 접속 제한 방식. + +* localhost에서만 접속 허용. (기본) +* ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER를 ALLOW 로 설정하면 모든 접속 허용. 브로커 구동 시 **ACCESS_CONTROL_FILE** 및 ip_list_file 분석에 실패하는 경우 브로커는 구동되지 않는다. @@ -1570,6 +1577,7 @@ QUERY_EDITOR 브로커는 다음과 같은 응용의 접속 요청만을 허용 ACCESS_CONTROL_FILE=access_file.txt [%broker1] + ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER=DENY demodb:dba:iplist1.txt CLIENT IP LAST ACCESS TIME ========================================== @@ -1584,6 +1592,9 @@ QUERY_EDITOR 브로커는 다음과 같은 응용의 접속 요청만을 허용 ========================================== * 2013-11-08 10:10:12 + [%broker2] + ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER=ALLOW + **브로커 로그** 허용되지 않는 IP에서 접근하면 다음과 같은 로그가 남는다.