From 7a134b0fd7853dc3f8442d7c0250d578923089b4 Mon Sep 17 00:00:00 2001 From: Aliaksandr Valialkin Date: Thu, 17 Sep 2020 14:21:39 +0300 Subject: [PATCH] app/vmstorage: added `-forceMergeAuthKey` command-line flag for protecting `/internal/force_merge` endpoint --- README.md | 1 + app/vmstorage/main.go | 10 ++++++++-- docs/Cluster-VictoriaMetrics.md | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index aa883ee19..710829972 100644 --- a/README.md +++ b/README.md @@ -1018,6 +1018,7 @@ Consider setting the following command-line flags: with [HTTP Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication). * `-deleteAuthKey` for protecting `/api/v1/admin/tsdb/delete_series` endpoint. See [how to delete time series](#how-to-delete-time-series). * `-snapshotAuthKey` for protecting `/snapshot*` endpoints. See [how to work with snapshots](#how-to-work-with-snapshots). +* `-forceMergeAuthKey` for protecting `/internal/force_merge` endpoint. See [force merge docs](#forced-merge). * `-search.resetCacheAuthKey` for protecting `/internal/resetRollupResultCache` endpoint. See [backfilling](#backfilling) for more details. Explicitly set internal network interface for TCP and UDP ports for data ingestion with Graphite and OpenTSDB formats. diff --git a/app/vmstorage/main.go b/app/vmstorage/main.go index c1395b452..2725f9e0d 100644 --- a/app/vmstorage/main.go +++ b/app/vmstorage/main.go @@ -19,8 +19,9 @@ import ( ) var ( - retentionPeriod = flag.Int("retentionPeriod", 1, "Retention period in months") - snapshotAuthKey = flag.String("snapshotAuthKey", "", "authKey, which must be passed in query string to /snapshot* pages") + retentionPeriod = flag.Int("retentionPeriod", 1, "Retention period in months") + snapshotAuthKey = flag.String("snapshotAuthKey", "", "authKey, which must be passed in query string to /snapshot* pages") + forceMergeAuthKey = flag.String("forceMergeAuthKey", "", "authKey, which must be passed in query string to /internal/force_merge pages") precisionBits = flag.Int("precisionBits", 64, "The number of precision bits to store per each value. Lower precision bits improves data compression at the cost of precision loss") @@ -181,6 +182,11 @@ func Stop() { func RequestHandler(w http.ResponseWriter, r *http.Request) bool { path := r.URL.Path if path == "/internal/force_merge" { + authKey := r.FormValue("authKey") + if authKey != *forceMergeAuthKey { + httpserver.Errorf(w, r, "invalid authKey %q. It must match the value from -forceMergeAuthKey command line flag", authKey) + return true + } // Run force merge in background partitionNamePrefix := r.FormValue("partition_prefix") go func() { diff --git a/docs/Cluster-VictoriaMetrics.md b/docs/Cluster-VictoriaMetrics.md index 0434d8f1c..5a70b6730 100644 --- a/docs/Cluster-VictoriaMetrics.md +++ b/docs/Cluster-VictoriaMetrics.md @@ -206,7 +206,7 @@ or [an alternative dashboard for VictoriaMetrics cluster](https://grafana.com/gr be used on a regular basis, since it carries non-zero overhead. * `vmstorage` nodes provide the following HTTP endpoints on `8482` port: - - `/internal/force_merge` - initiate [forced compactions](https://victoriametrics.github.io/#force-merge) on the given `vmstorage` node. + - `/internal/force_merge` - initiate [forced compactions](https://victoriametrics.github.io/#forced-merge) on the given `vmstorage` node. - `/snapshot/create` - create [instant snapshot](https://medium.com/@valyala/how-victoriametrics-makes-instant-snapshots-for-multi-terabyte-time-series-data-e1f3fb0e0282), which can be used for backups in background. Snapshots are created in `/snapshots` folder, where `` is the corresponding command-line flag value.