May 2012

An overview of Riak

by MOSS GROSS May 31, 2012

At PalominoDB, we constantly evaluate new technologies and database options for our clients’ environments. NoSQL databases are especially popular right now, and Riak is an increasingly-recommended option for highly available, fault-tolerant scenarios. Moss Gross attended an introductory workshop, and shares his findings here. For more on Riak, please see the Basho wiki.

What is Riak?

Some of the key features of Riak include:

- license is apache2

- key-value store

- masterless

- distributed

- fault-tolerant

- eventually consistent (Given a sufficiently long time, all nodes in the system will agree. Depending on your requirements, this could be a determining factor on whether you should use Riak)

- highly available

- scalable

- each node has one file

- supports map/reduce for spreading out query processing among multiple processes

- The database itself is written in Erlang. There are currently clients written in Ruby, Java, Javascript, Python and many other languages.

Key Concept Definitions

Node: One running instance of the Riak binary, which is an Erlang virtual machine.

Cluster: A group of Riak nodes. A cluster is almost always in a single datacenter.

Riak Object: One fundamental unit of replication. An object includes a key, a value, and may include one or more pieces of metadata.

Value: Since it is a binary blob, it can be any format. The content-type of the value is given in the object's metadata.

Metadata: Additional headers attached to a Riak Object. Types of metadata include content-type, links, secondary indexes

Vector Clock: An opaque indicator that establishes the temporality of a Riak object. This is used internally by Erlang, and the actual timestamp is not intended to be read by the user from the vector clock.

Bucket: Namespace. This can be thought of as an analog to a table, however Riak namespaces are unlike tables in any way. They indicate a group of Riak objects that share a configuration.

Link: Unidirectional pointer from one Riak object to another. Since an object can have multiple links, bi-directional behavior is possible. These links use the HTTP RFC.

Secondary Index: An index used to tag an object for a fast lookup. This is useful for one-to-many relationships

More Key Concepts

Riak uses consistent hashing, which can be thought of as a ring which maps all the possible Riak objects, the number of which can be up to 2^160.

Partition: Logical Division of the ring. This corresponds to logical storage units on the disk. The number of partitions must be a power of two, and in practice should be generally very high. The default number of partitions is 64, and this is considered a very small number.

Operations:

To insert data, the basic operation is a PUT request to one of the hosts. The bucket is indicated in the address, and metadata is added via headers to the request. For example: curl -v http://host:8091:/buckets/training/keys/my-first-object -X PUT -H "content-type: text/plain" -d "My first key"

To insert data without a key, use a POST request. To retrieve an object, use GET, and to delete, use DELETE.

Riak doesn't have any inherent locking. This must be handled in the application layer.

Administration:

Configuration:

Riak has two configuration files, located in /etc/ by default.

vm.args: identifies the node to itself and other clusters. The name of the node is of the form 'name@foo', where 'name' is a string and 'foo' can be an ip or a hostname, and it must resolve to a machine, using /etc/hosts or DNS, etc.

app.config: identifies the ringstate directory and the addresses and ports that the node listens on.

Logs:

There are four main logs

console.log: All the INFO, WARN, and ERR messages from the node.

crash.log: crash dumps from the Erlang VM

error.log: just the ERR messages from the node

run_erl.log: logs the start and stop of the master process

Diagnostics:

Things to check for proper operation:

Locally from the machine the node is on, you can run the command 'riak-admin status'. This gives one minutes stats for the node by name and cluster status

Cluster Status:

nodename: 'xxxx' (compare to what the rest of the cluster things it should be)

connected_nodes (verify it's what's expected)

ring_members (includes OOC members)

ring_ownership (has numbers that should show a general balance in

indexes across all of the nodes, if one is significantly different,

indicates a problem)

Storage Backend

Riak is very versatile in that you have many choices as to what to use for your storage backend. Some of the possibilities include memory, Bitcask (a homegrown solution written in Erlang, which keeps just a hashmap of keys in memory), LevelDB (which will allow secondary indexing, uses compaction, and does not require you to store all keys in memory), or a combination. They recommend actually using different storage engines for different buckets if it seems more appropriate.

Creating backups in Riak is relatively straightforward:

1. stop node

2. copy data directory (if not in memory)

3. start node back up

4. let read repair handle the rest

Monitoring and Security

- There is no built-in security in Riak - it's up to the administrator to add access restrictions via http authentication, firewalls, etc. The commercial product, Riak CS, has ACLs and security built-in however.

- JMX monitoring is built-in and can be enabled in the application configuration - just specify the port.

- MapReduce can be enabled by a setting in app.config. JavaScript or Erlang can be used.

Permalink

Posted in NoSQL

No Comments

Querying connection information in MongoDB

by MIKE TALUC May 21, 2012

As with all other database platforms, daily administration and troubleshooting of MongoDB often begins with analyzing database activity. It can be helpful to see all connections from within MongoDB, which you can do by running:

db.$cmd.sys.inprog.findOne({$all:1});

db.currentOp(true);

where the “true” makes the command include idle connections. But often there's so many connections that unless you capture the output in a script file or some similar thing, it's kind of useless.

Thanks to a hint given by Scott Hernandez in the mongodb-user forum, we can use the line

db.currentOp(true).inprog.forEach(function(o){if( <filter criteria> ) printjson(o)});

to show a subset that is more manageable. For instance, we might want to show all connections from a particular application server:

db.currentOp(true).inprog.forEach(function(o){if(o.client.indexOf(“10.0.1.77”) != -1 ) printjson(o)});

or from the MongoDB logs we’ll see a particular connectionId and want to know where it came from:

db.currentOp(true).inprog.forEach(function(o){if(o.connectionId == 8606 ) printjson(o)});

This will then show all the connection info for that connectionId:

{

"opid" : 7117752,

"active" : false,

"lockType" : "read",

"waitingForLock" : false,

"op" : "query",

"ns" : "player_data.player_answerchoice",

"query" : {

"$query" : {

"poll_id" : ObjectId("4f58e08db3e93217c2000008")

}

"client" : "10.0.1.77:59542",

"desc" : "conn",

"threadId" : "0x49e31940",

"connectionId" : 8606,

"numYields" : 0

}

Permalink

Posted in MongoDB

No Comments

Testing and Analyzing Performance with Benchmarks

by RENE CANNAO May 17, 2012

Generic benchmark tools can be very useful for testing performance on your system. These benchmark tools normally have a set of predefined workloads, but often they don't match your specific workload in useful ways.

One of the best ways to reproduce your workload is to have a good sense of the application that uses the database and how it manages requests to the database. If this is not an option, it is also possible to analyze traffic and to find the most common queries, and use those to define the most common workload.

You can analyze traffic in many ways, from tcpdump to general log, from binlog (only for DML statements) to slow query log.

Afterwards it is possible to analyze them with pt-query-digest (or the obsolete mk-query-digest) to find the most common and/or heavy queries.

In the system we analyze here, the workload was mainly write intensive and involved just 4 tables:

tableA was receiving single-row INSERT statements;
for each insert on tableA , on average 200 INSERTs were performed in the other 3 tables, distributed as follows: 100 on tableB, 95 on tableC, 5 on tableD (to be more specific , for each INSERT on tableB there is an INSERT either on tableC or tableD).

The system also receives SELECT statements, but in a very small number and very simple primary key lookup.

To simulate the workload, we generated a simple perl script that spawns a certain number of threads that perform the DML statements, and other threads that perform the SELECT statements.

At regular intervals, the script prints statistics and progress.

The benchmark test was executed in a setup with 2 hosts: one host where the client was running, and another host where the servers were running.

The RDBMS tested were: MariaDB 5.2.3 with TokuDB 5.2.7 and InnoDB, and Percona 5.5.20.

Additionally, Percona 5.5.20 was tested as multiple instances running on the same hosts.

The goal of the first benchmark test was to compare TokuDB against InnoDB for this specific workload.

We executed MariaDB with TokuDB with the following (simple) config file:

[mysqld] user=mysql table_open_cache=1024 max_connections=128 query_cache_size=0 innodb_file_per_table datadir=/localfio/datadir log_bin innodb_flush_log_at_trx_commit=1 innodb_buffer_pool_size=256M innodb_log_buffer_size=8M innodb_log_file_size=1024M basedir=/usr/local/tokudb

We found the performance of InnoDB significantly better compared than TokuDB in this instance, though this test - where the dataset fits almost entirely in memory - does not show the real power of TokuDB, which excels at insertion rate at scale. Because these tables have very few indexes, TokuDB and Fractal tree indexes weren't very efficient. Furthermore, the benchmarks were running on FusionIO, which meant that performance on InnoDB didn't degrade much as on spinning disks. We excluded TokuDB out from the next benchmark tests because they are all cases which are not well-suited for TokuDB’s strengths.

We temporarily abandoned MariaDB, and tested Percona 5.5.20 with the following config file:

[mysqld] user=mysql table_open_cache=256 max_connections=128 query_cache_size=0 innodb_file_per_table log_bin innodb_flush_log_at_trx_commit=1 innodb_buffer_pool_size=2G innodb_log_buffer_size=8M innodb_log_file_size=1024M basedir=/usr/local/mysql port=3306 datadir=/localfio/MULTI/db00 socket=/localfio/MULTI/db00/mysql.sock

We tried various innodb_flush_method attempts, and the graphs show that O_DIRECT performs slightly better than the default fsync(), even if the benchmark shows a weird bootstrap. We also tried ALL_O_DIRECT, which performed badly.

Additionally, we tried innodb_log_block_size=4096 instead of the default 512, but nothing changed: insert rate wasn't affected.

One of the goals of this benchmark was to test if running multiple mysqld instances on the same host performs better than a single mysqld instance.

On this specific hardware, the answer seems to be yes. Configuring 8 mysqld instances with the same config file listed below (but different paths and ports), throughput is significantly higher. Note that innodb_buffer_pool_size was set to 256M to try to stress the IO subsystem.

[mysqld] user=mysql table_open_cache=256 max_connections=128 query_cache_size=0 innodb_file_per_table log_bin innodb_flush_log_at_trx_commit=1 innodb_buffer_pool_size=256M innodb_log_buffer_size=8M innodb_log_file_size=1024M basedir=/usr/local/mysql port=3306 datadir=/localfio/MULTI/db00 socket=/localfio/MULTI/db00/mysql.sock

All the above tests were executed using 36 client connections for writes and 36 client connections for reads.

We then ran a new cycle of tests, but instead of using 36 x 2 connections, we used 80 x 2 (80 for writes and 80 for reads).

With 80 connections, throughput was higher than with 36 connections, but at nearly regular intervals we found performance dropping. This seems independent from the size of the buffer pool.

It is interesting to note that with only one mysqld instance, FusionIO was performing at 4.7k – 4.8k IOPS, while with 8 mysqld instances FusionIO was performing at 27k – 29k IOPS. As expected, with a small buffer pool performance tends to slowly degrade when the data doesn't fit in memory.

We tried various values of innodb_write_io_threads, but this didn't make any difference, since the Redo Log was the most written and not the tablespaces.

To better analyze the throughput, we reduced the sample time to 10 seconds and reran the test:

It is clear that throughput drops from time to time, and for a nearly constant amount of time. While the test was running, we tried to monitor the mysqld instances, but there was no clear indication of why they were stalling. The Redo Log wasn't anywhere close to full and InnoDB wasn't performing aggressive flushing. The amount of data read from disk was pretty low but the amount of data written was spiking. Yet, the writes weren't coming from InnoDB.

The reason for the stalls became apparent when we analyzed the content of /proc/meminfo: the Linux Virtual Memory (VM) subsystem was performing dirty pages flushing!

We changed the dirty_background_ratio from 10 (the default) to 1 , and reran the test.

sysctl -w vm.dirty_background_ratio=1

Throughput is now way more stable, although performance has dropped by 2.8%. It is interesting to note that throughput drops at nearly the same time no matter the value of dirty_background_ratio.

A quick analysis of MySQL source code shows that binlog are synced to disk when closed, therefore the drops in throughput may be caused by the flush of binary logs.

We then raised vm.dirty_background_ratio up to 10 (the default value) and lowered max_binlog_size from 1G to 64M.

Throughput doesn't drop drastically as in the two previous tests, but goes up and down at more regular intervals.

At the end of this test, performance with max_binlog_size=64M is ~4% lower than the initial test with max_binlog_size=1G (in both cases, vm.dirty_background_ratio=10).

The last setup of 8 instances with a 256M buffer pool each and max_binlog_size=64M was then compared with a new setup: 4 instances with a 512M buffer pool each (2GB total in both cases) and max_binlog_size=64M:

An interesting outcome from this last test is that total throughput raised by around 4% (that was originally lost using binlogs of 64M) and that the total number of IOPS dropped to ~16k, leaving room for more IO in case of a different workload.

We then ran a new test using only 2 mysqld instances. It shows what was already easy to guess when running a similar test with only one mysqld instance: a lower number of mysqld instances can't fully utilize IO capacity and therefore has lower throughput.

Conclusions (most of them are as expected) for this specific workload and on this specific hardware:

O_DIRECT performs slightly better than the default fsync for innodb_flush_method .

A high number of clients provides more throughput than a smaller number of clients: not enough tests were performed to find the optimal number of clients.

Throughput reduces when data doesn't fit in the buffer pool.

A high number of mysqld instances running on the same server are able to better utilize the number of IOPS that FusionIO is able to provide (perhaps, it should be a very bad idea to run multiple mysqld instances on the same spinning disk or array)

The sync of binlog during binlog rotation are able to stall the system. Lowering dirty_background_ration or max_binlog_size is able to stabilize the throughput.

Permalink

Posted in Process

1 comment

Securing MySQL on Linux Systems

by MATT REID May 11, 2012

MySQL is one of the most, if not the most, popular relational databases chosen by internet based startups in the last decade. Although it is a very robust platform and offers many of the necessary features to support the database needs of today's internet giants, it also suffers from some security issues that must be addressed prior to production use.

This article will discuss the necessary steps to secure a basic MySQL installation and additionally cover more advanced topics for general database security as would be applied to general production environments.

Functionality

The following general statements apply to this security discussion:

• This is a discussion of MySQL as installed on Linux; Windows, OSX, Solaris, and BSD installations may differ and the differences are not covered here.

• MySQL will be handling generic web traffic as is commonly found on PHP, Python, Perl, and Java web applications.

• The standard, and included, MySQL administration tools will be used as necessary for daily contact with the database server. Non-standard tools are not discussed.

• Any remote connections not done over SSH, either explicitly or via tunnel, are assumed to be a security risk and are not advised, as they lack encryption and allow passwords to be read in transit by potential attackers.

Pre-Installation Security Recommendations

Before installing any software it is a good idea to harden the operating system. This includes filesystem security features:

• Encrypted filesystems to prevent inspection of data by unauthorized parties

• Intrusion detection systems like Tripwire, which watch for changes to critical system files

• Port lockdown via firewall software to prevent access to system services

• Strong root and OS-user passwords

• Disallowing OS login by application users: set to “nologin” or “/bin/false”

• Setting up sudo for privileged accounts and requiring a password for sudo access

• Running scheduled rootkit detection scripts

• Running an operating system level Access Control List process: SELinux extensions or AppArmor. These programs will restrict system or server processes from accessing data and resources that is not explicitly defined. Due to general misunderstanding or lack of desire to maintain the access controls, these programs are very often disabled by system administrators.

Post Install Security

After MySQL is installed, either via RPM, Deb package, or other means, there are different approaches to securing the initial database. The first option is to execute the script provided with MySQL, named “mysql_secure_installation”. This will go through the following steps, which can also be taken manually if you prefer:

• Checking for existence of the Root password, and if not found it will set one

◦ mysql> SELECT * FROM mysql.users WHERE User=’root’;

◦ mysql> UPDATE mysql.users SET Password=password(‘your password here’) WHERE User=’root’;

• Delete anonymous users

◦ mysql> DELETE FROM mysql.users WHERE User=’’;

• Removing remote access for the root account

◦ mysql> DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');

• Removing the default “test” database

◦ mysql> DROP database test;

• Reloading the user privilege tables

◦ mysql> FLUSH PRIVILEGES;

By default, MySQL will run via the “mysqld_safe” which contrary to the name does not make MySQL safer for security reasons aside from ensuring that the mysqld process is not running under the root user. The mysqld_safe script provides the functionality as follows: “Script to start the MySQL daemon and restart it if it dies unexpectedly”. As such, if one attempts to run mysqld as the root user it will complain and refuse to start. If you are troubleshooting the mysqld process and want to run without mysqld_safe you can run it as follows, via sudo. Your binary location may differ from /usr/local/bin/mysqld so replace as necessary.

$> sudo -u mysql /usr/local/bin/mysqld

MySQL Configuration Considerations

There are several configuration settings that can further secure the database during operation. These settings will be found in the /etc/my.cnf or /etc/mysql/my.cnf file depending on the version of Linux being used.

old-passwords: this allows MySQL to create and authenticate users via the outdated and insecure password hashing from version 4 and older. It is strongly recommended against using this in production.

http://dev.mysql.com/doc/refman/5.5/en/server-options.html#option_mysqld_old-passwords

sql-mode: this allows the administrator to run MySQL in various operating modes. There are many options but for security the recommended minimum setting is “NO_AUTO_CREATE_USER” or “TRADITIONAL”

http://dev.mysql.com/doc/refman/5.5/en/server-options.html#option_mysqld_sql-mode

skip-grant-tables: this starts the mysqld process without any authentication tables, which is useful if one needs to recover or reset a lost root password. However, if you see this option enabled on a production server that is not undergoing recovery it should be seen as a critical security issue and dealt with immediately.

http://dev.mysql.com/doc/refman/5.5/en/server-options.html#option_mysqld_skip-grant-tables

bind-address: this can be used to restrict network and socket access to specific interfaces, thus ensuring that traffic can only originate through the desired interface. An example is a server with multiple network interfaces (eth0, eth1, eth2) that resides on multiple subnets; in some architectures the database will answer only to application servers or users on a specific subnet and thus the mysqld process needs to be restricted to listen for connections on only the required subnet.

http://dev.mysql.com/doc/refman/5.5/en/server-options.html#option_mysqld_bind-address

Data Encryption

MySQL offers in-row data encryption functions. These can be used to ensure that even in the event of a security breach, that the attacker cannot access the data in the database tables without an encryption key. Although not a MySQL specific functionality, the SQL functions for AES_ENCRYPT and AES_DECRYPT, along with a multitude of HASH mechanisms exist for employing in-row data encryption. Read more about this topic here: http://dev.mysql.com/doc/refman/5.5/en/encryption-functions.html

Database User and Connection Security Considerations

MySQL users, by definition, can connect to the database server and access data. How much or how little access your users are granted will determine the level of security compromise that they pose to potential attackers. The most insecure user that can be created is a user with wildcard remote host connection ability (the ability to connect from any location, any host, any IP address) who has SUPER and GRANT options; this user can create other users and has the ability to shut down the database server process. As such, it is wise to limit the amount of access that a user is granted when creating accounts. Here are some things to keep in mind:

• Limit user access to specific schemas: granting global access to a user allows the user to access all current and future schemas as opposed to a single defined schema.

• Limit originating users connections from specific IP addresses or subnets instead of allowing connections from any host or any network.

• Where possible limit users to connect only from localhost (127.0.0.1) and advise ssh tunnels to be utilized to gain access to localhost.

• Do not grant SUPER privileges to non-administrative users

• Do not grant replication privileges to non replication process users.

• When granting replication processes limit them to only replication privileges.

• When possible, do not use hostnames for host connection privileges, instead specify IP addresses. This removes the risk of DNS spoofing and removes the requirement for a DNS lookup during connection initiation which saves time and resources.

• Require strong passwords for all users and rotate passwords on a defined schedule.

• If running connections over the internet without a VPN, SSH tunnel, or other encrypted means, consider using SSL for all connections. Otherwise passwords can be seen in transit by attackers, similar to FTP.

References for further reading:

Permalink

Posted in MySQL

No Comments

May 2012

An overview of Riak

Querying connection information in MongoDB

Testing and Analyzing Performance with Benchmarks

Securing MySQL on Linux Systems

Archives

Categories

Authors

Latest Tweets