Skip to content
master
Go to file
Code

Latest commit

When shield is fronted by a reverse proxy which hides the 401 authentication status to the websocket handshake and rather returns a `HTTP/1.1 101 Switching Protocols` response, then shield client code enters an infinite loop of requests to `v2/events` and `v2/bearings`.

This comes from the fact that the error handling code to the 401 response status (which redirects the browser to the homepage) does not trigger. Instead, the websocket open event triggers a `v2/bearings` ajax call whose handler fails to parse the following unauthorized response with the following trace

```json
{"vault":"","shield":{"api":2,"version":"8.7.2","env":"sandbox","color":"yellow","motd":"Welcome to SHIELD!\n"},"user":null,"stores":null,"tenants":null}
```

```
data.js:489 Uncaught TypeError: Cannot read property 'length' of null
    at Object.success (data.js:489)
    at i (jquery.js:2)
    at Object.fireWith [as resolveWith] (jquery.js:2)
    at A (jquery.js:4)
    at XMLHttpRequest.<anonymous> (jquery.js:4)
```

As a result of this unhandled error, the websocket is closed. When the `v2/events` websocket closes, the shield client immediately reopens a new websocket, entering an infinite loop of requests to `v2/events` and `v2/bearings`

This infinite loop exhausts client and server resources. As a result, when the login form is submitted, the login ajax requests seems to loose the race with other requests or possibly be cancelled by the shield error handling, resulting in the login page to never succeed.

This commit adds some delays (3s) in the websocket close event handler as to slow down this infinite loop. It improves the situation much, whilea stalled login forms was still observed once out of 20 successful logins.
b011dfd

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
bin
 
 
ci
 
 
cmd
 
 
 
 
db
 
 
dev
 
 
 
 
 
 
 
 
lib
 
 
 
 
 
 
t
 
 
 
 
 
 
tui
 
 
 
 
 
 
web
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

README.md

Build Status

S.H.I.E.L.D. Data Protection

Questions? Join us in Slack!

SHIELD Architectural Diagram

What is SHIELD?

SHIELD is a data protection solution designed to make it easier for operations to protect their critical infrastructural data. It provides primitives for scheduling automatic backups of key systems, including PostgreSQL, MySQL, Consul, Redis and MongoDB, as well as a means for restoring backups in the event of an outage. Backups can be stored in a variety of cloud providers, including S3, Scality, Microsoft Azure Blobstore, and more.

Getting Started

The easiest way to get up and running with SHIELD is to deploy it via [BOSH][bosh], using the [SHIELD Bosh Release][shield-bosh].

Backup (Target) Plugins

fs - Local Filesystem Plugin

The fs plugin lets you back up arbitrary filesystem directories, optionally filtering the set of protected files via an includes / excludes system.

More information can be found here.

postgres - PostgreSQL Backup Plugin

Back up your PostgreSQL relational databases! This plugin lets you back up all databases (assuming you authenticate with an appropriately credentialed pg account), or pick and choose what to backup. Under the hood, this leverages pgdump, a proven solution in the PostgreSQL world.

More information can be found here.

mysql - MySQL Backup Plugin

Back up your MySQL relational databases! This plugin lets you back up all databases (assuming you authenticate with an appropriately credentialed mysql account), or pick and choose what to backup. This plugin leverages mysqldump, which generates plain-text SQL backups, which can often be replayed across MySQL versions.

More information can be found here.

xtrabackup - MySQL XtraBackup Plugin

This plugin offers another way of protecting MySQL, using the xtrabackup utility.

More information can be found here.

cassandra - Cassandra Backup Plugin

Back up Cassandra!

More information can be found here.

consul - Consul Backup Plugin

Back up the data stored in your Consul key-value store.

More information can be found here.

etcd - etcd Backup Plugin

Back up the data stored in your etcd key-value store.

More information can be found here.

mongo - MongoDB Backup Plugin

Back up your MongoDB NoSQL database(s)!

More information can be found here.

Storage Plugins

s3 - Amazon S3 Storage Plugin

Store your encrypted backup archives in Amazon's Simple Scalable Storage (S3) cloud. All you need is a bucket, a key, and a secret, and you get highly-available offsite archive storage.

More information can be found here.

webdav - WebDAV Plugin

If you can't make use of external, 3rd-party cloud storage for your backups, but do have access to an HTTP/WebDAV server, you can use this storage plugin to keep your archives there.

Note: often, use of the webdav plugin will compromise your disaster survivability. Make sure that your WebDAV store is sufficiently resilient (HA, geographically dispersed, replicated, etc.), and that you aren't using the same SHIELD core to back up your WebDAV store.

More information can be found here.

azure - Microsoft Azure Storage Plugin

Store your encrypted backup archives in Microsoft's Azure Blobstore!

More information can be found here.

google - Google Cloud Storage Plugin

Store your encrypted backup archives in Google's Cloud!

More information can be found here.

swift - OpenStack Swift Storage Plugin

Store your encrypted backup archives in your local OpenStack Swift blob store!

More information can be found here.

You can’t perform that action at this time.