CN112437120B - Access monitoring method and system of cache system, electronic equipment and storage medium - Google Patents

Access monitoring method and system of cache system, electronic equipment and storage medium Download PDF

Info

Publication number
CN112437120B
CN112437120B CN202011225949.3A CN202011225949A CN112437120B CN 112437120 B CN112437120 B CN 112437120B CN 202011225949 A CN202011225949 A CN 202011225949A CN 112437120 B CN112437120 B CN 112437120B
Authority
CN
China
Prior art keywords
sasl
cache system
authentication
memcached
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011225949.3A
Other languages
Chinese (zh)
Other versions
CN112437120A (en
Inventor
武新超
胡玉鹏
亓开元
李红卫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Inspur Data Technology Co Ltd
Original Assignee
Beijing Inspur Data Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Inspur Data Technology Co Ltd filed Critical Beijing Inspur Data Technology Co Ltd
Priority to CN202011225949.3A priority Critical patent/CN112437120B/en
Publication of CN112437120A publication Critical patent/CN112437120A/en
Application granted granted Critical
Publication of CN112437120B publication Critical patent/CN112437120B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/568Storing data temporarily at an intermediate stage, e.g. caching
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45591Monitoring or debugging support
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Databases & Information Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses an access monitoring method of a cache system, which is applied to a cloud computing management platform and comprises the following steps: adding configuration parameters corresponding to the SASL container mirror image into a kolla-allowable target file; when the cloud computing management platform deploys the service, judging whether the cache system needs to start SASL authentication according to the target file; if yes, deploying the SASL service by using the SASL container mirror image in the mirror image warehouse, and modifying the authentication mode of the SASL daemon into shadow; and adding the cache system as a monitoring object of the SASL daemon according to the authentication name and the password of the cache system so as to monitor the access of the client to the cache system by using the SASL service. The access security of the cache system can be improved. The application also discloses an access monitoring system of the cache system, electronic equipment and a storage medium, which have the beneficial effects.

Description

Access monitoring method and system of cache system, electronic equipment and storage medium
Technical Field
The present disclosure relates to the field of cloud computing technologies, and in particular, to an access monitoring method of a cache system, an access monitoring system of a cache system, an electronic device, and a storage medium.
Background
OpenStack is an open-source cloud computing management platform project, and specific work is completed by combining several main components. OpenStack supports almost all types of cloud environments, and the project goal is to provide a cloud computing management platform that is simple to implement, scalable on a large scale, rich, and standard-unified. The kolla-stable is responsible for deploying the various services and infrastructure components of the containerized OpenStack, and the kolla-stable is utilized for configuring the OpenStack services and arranging the deployment of the various service containers of the OpenStack. memcached is a widely used set of open-source high-performance, distributed memory object caching systems based on a C/S architecture.
The memcached service currently using OpenStack has the following problems: components such as Nova of OpenStack use memcached as a cache system, and because memcached defaults to not open an authentication mechanism, a client can read and modify a cache memory without authentication, and the system security is poor.
Therefore, how to improve the access security of the cache system memcached is a technical problem that needs to be solved by those skilled in the art.
Disclosure of Invention
The purpose of the application is to provide an access monitoring method of a cache system, an access monitoring system of the cache system, electronic equipment and a storage medium, which can improve the access security of the memcached of the cache system.
In order to solve the above technical problems, the present application provides an access monitoring method of a cache system, which is applied to a cloud computing management platform, and the access monitoring method of the cache system includes:
adding configuration parameters corresponding to the SASL container mirror image into a kolla-allowable target file;
when the cloud computing management platform deploys a service, judging whether the memcached of the cache system needs to start SASL authentication or not according to the target file;
if yes, deploying the SASL service by using the SASL container mirror image in the mirror image warehouse, and modifying the authentication mode of the SASL daemon into shadow so as to acquire the authentication name and the password of the memcached of the cache system;
and adding the cache system memcached as a monitoring object of the SASL daemon according to the authentication name and the password of the cache system memcached so as to monitor the access of the client to the cache system memcached by utilizing the SASL service.
Optionally, before adding the configuration parameter corresponding to the SASL container image to the kolla-allowable target file, the method further includes:
and constructing the SASL container mirror image adapting to the kolla-stable, and pushing the SASL container mirror image to a mirror image warehouse corresponding to the OpenStack environment.
Optionally, the adding the configuration parameter corresponding to the SASL container image to the kolla-allowable target file includes:
adding first configuration information in the global control file of the kolla-allowable; wherein the first configuration information is information for controlling whether to deploy the SASL service;
adding second configuration information in a host manifest file of the kolla-stable; wherein the second configuration information is information for determining a node where the SASL service is deployed;
adding third configuration information in the kolla-allowable module entry file; wherein the third configuration information is information for including the SASL service into a kolla-allowable project;
and adding the starting configuration of the SASL container under the role catalog of the kolla-stable.
Optionally, after determining whether the memcached of the cache system needs to turn on the SASL authentication according to the target file, the method further includes:
if the cache system memcached needs to start SASL authentication, an authentication identifier is added in the starting parameter of the cache system memcached;
when an access request sent by a client is received, judging whether an authentication name and a password input by the client are correct or not according to the access request; wherein, the access request is a request for applying access to a cache system memcached added with the authentication identifier;
if the client is correct, providing access service for the client by using the cache system memcached;
and if so, refusing to provide the access service for the client.
Optionally, determining whether the authentication name and the password input by the client are correct according to the access request includes:
determining an authentication name and a password input by the client according to the access request;
judging whether the authentication name and the password input by the client are the same as the authentication name and the password of the memcached of the cache system;
if the authentication name and the password are the same, judging that the authentication name and the password input by the client are correct;
if the authentication names and the passwords are different, judging that the authentication names and the passwords input by the client are wrong.
Optionally, after determining that the authentication name and the password input by the client are wrong, the method further comprises:
and returning prompt information of access failure and access failure reasons to the client.
Optionally, after adding the cache system memcached as the monitor object of the SASL daemon according to the authentication name and the password of the cache system memcached, the method further includes:
and if a monitoring state change instruction corresponding to the cache system memcached is received, deleting the cache system memcached from the monitoring object list of the SASL daemon according to the authentication name and the password of the cache system memcached.
The application also provides an access monitoring system of the cache system, which is applied to the cloud computing management platform, and comprises:
the parameter configuration module is used for adding configuration parameters corresponding to the SASL container mirror image into the kolla-allowable target file;
the authentication judging module is used for judging whether the memcached of the cache system needs to start SASL authentication or not according to the target file when the cloud computing management platform deploys services;
the service deployment module is used for deploying the SASL service by utilizing the SASL container mirror image in the mirror image warehouse if the cache system memcached needs to be started, and modifying the authentication mode of the SASL daemon into a shadow so as to acquire the authentication name and the password of the cache system memcached;
and the monitoring module is used for adding the cache system memcached as a monitoring object of the SASL daemon according to the authentication name and the password of the cache system memcached so as to monitor the access of the client to the cache system memcached by utilizing the SASL service.
The application also provides a storage medium, on which a computer program is stored, which when executed implements the steps performed by the access listening method of the cache system.
The application also provides electronic equipment, which comprises a memory and a processor, wherein the memory stores a computer program, and the processor realizes the steps executed by the access monitoring method of the cache system when calling the computer program in the memory.
The application provides an access monitoring method of a cache system, which comprises the following steps: adding configuration parameters corresponding to the SASL container mirror image into a kolla-allowable target file; when the cloud computing management platform deploys a service, judging whether the memcached of the cache system needs to start SASL authentication or not according to the target file; if yes, deploying the SASL service by using the SASL container mirror image in the mirror image warehouse, and modifying the authentication mode of the SASL daemon into shadow so as to acquire the authentication name and the password of the memcached of the cache system; and adding the cache system memcached as a monitoring object of the SASL daemon according to the authentication name and the password of the cache system memcached so as to monitor the access of the client to the cache system memcached by utilizing the SASL service.
The configuration parameters corresponding to the SASL container mirror image are added in the kolla-stable target file, so that the kolla-stable realizes the support of the SASL service. When the cloud computing management platform is deployed, the application judges whether the memcached of the cache system needs to start SASL authentication according to the target file, if so, the SASL service is deployed and the memcached of the cache system is added as a monitoring object of the SASL daemon, so that the access of the client to the memcached of the cache system is monitored by the SASL service. When the client accesses the cache system memcached, the client only allows the client to access the cache system memcached on the premise that the input authentication name and password are correct. The access security of the memcached of the cache system can be improved. The application also provides an access monitoring system of the cache system, an electronic device and a storage medium, which have the beneficial effects and are not repeated here.
Drawings
For a clearer description of the embodiments of the present application, the drawings that are needed in the embodiments will be briefly described, it being apparent that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of an access snoop method of a cache system according to an embodiment of the present application;
FIG. 2 is a schematic diagram of a modification of a kolla-allowable related code according to an embodiment of the present application;
fig. 3 is a schematic diagram of a starting flow of a SASL service according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an access snoop system of a cache system according to an embodiment of the present application.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present application more clear, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
Referring to fig. 1, fig. 1 is a flowchart of an access monitoring method of a cache system according to an embodiment of the present application.
The specific steps may include:
s101: adding configuration parameters corresponding to the SASL container mirror image into a kolla-allowable target file;
the embodiment can be applied to a cloud computing management platform OpenStask, and kolla-secure can be used for configuring OpenStack services and arranging deployment of various OpenStack service containers. The isolation of the containers can be utilized by kolla-stable, so that the upgrading and rollback of each service container of the OpenStack can be achieved, the influence range of the upgrading and rollback can be controlled, and the complexity of the operation and maintenance of the OpenStack cluster can be reduced.
SASL (SiMP 2027726le Authentication and Security Layer) is a mechanism authentication mechanism used to extend the capability of C/S mode authentication, which can be used to authenticate a user 'S account/password whether to run into the system or use the system' S services.
The following steps may be present before this step: and constructing the SASL container mirror image adapting to the kolla-stable, and pushing the SASL container mirror image to a mirror image warehouse corresponding to the OpenStack environment. The embodiment can realize the support of the SASL service by adding the configuration parameters corresponding to the SASL container mirror image into the target file of the kola-stable.
S102: when the cloud computing management platform deploys the service, judging whether the memcached of the cache system needs to start SASL authentication or not according to the target file; if yes, go to S103; if not, the process is ended.
In this embodiment, when the configuration parameter added to the target file includes a parameter about whether the cache system memcached needs to start the SASL authentication, it may be determined, according to the target file, whether the cache system memcached needs to start the SASL authentication when the cloud computing management platform deploys a service. If the cache system memcached needs to start the SASL authentication, the related operation of S103 can be entered; if the cache system memcached does not need to start the SASL authentication, the process can be directly ended.
S103: utilizing an SASL container mirror image in a mirror image warehouse to deploy SASL service, and modifying an authentication mode of an SASL daemon into a shadow so as to acquire an authentication name and a password of the memcached of the cache system;
based on the requirement of starting SASL authentication by the memcached cache system, the step can obtain the SASL container mirror image adapting to the kolla-stable from the mirror image warehouse, and deploy SASL service in the cloud computing management platform by utilizing the SASL container mirror image. The authentication mode of the SASL daemon is modified from a default mode to a shadow so as to obtain the authentication name and the password of the memcached of the cache system under the shadow authentication mode. The authentication name and the password of the cache system memcached are authentication information when the cache system memcached is accessed, and the client is allowed to access the cache system memcached only when the authentication name and the password input by the client are consistent with the authentication name and the password acquired in the step.
S104: and adding the cache system memcached as a monitoring object of the SASL daemon according to the authentication name and the password of the cache system memcached so as to monitor the access of the client to the cache system memcached by using the SASL service.
The step is based on obtaining the authentication name and the password of the cache system memcached, and the cache system memcached can be added as a monitoring object of the SASL daemon according to the obtained authentication name and password, so that the SASL service is used for monitoring the access of the client to the cache system memcached. In the process of monitoring the access of the client to the cache system memcached by utilizing the SASL service, if the client is detected to access the cache system memcached, the SASL can detect whether the authentication name and the password input by the client are consistent with the authentication name and the password stored in advance, and if so, the client is allowed to access the cache system memcached; if not, the client is not allowed to access the cache system memcached. The SASL daemon is a daemon of the SASL service.
As a possible implementation manner, after the root adds the cache system memcached as the monitor object of the SASL daemon, if a monitor state change instruction corresponding to the cache system memcached is received, the cache system memcached is deleted from the monitor object list of the SASL daemon according to the authentication name and the password of the cache system memcached. By the method, flexible monitoring and elimination of monitoring of the memcached of the cache system can be realized.
In the embodiment, the configuration parameters corresponding to the SASL container mirror image are added in the target file of the kola-stable so that the kola-stable realizes the support of the SASL service. When the cloud computing management platform is deployed, the embodiment judges whether the memcached of the cache system needs to start the SASL authentication according to the target file, if so, the SASL service is deployed, the memcached of the cache system is added as a monitoring object of the SASL daemon, and then the access of the client to the memcached of the cache system is monitored by the SASL service. When the client accesses the cache system memcached, the client only allows the client to access the cache system memcached on the premise that the input authentication name and password are correct. The embodiment can improve the access security of the memcached of the cache system.
As a further introduction to the corresponding embodiment of fig. 1, the process of adding the configuration parameters corresponding to the SASL container image to the kolla-stable object file in S101 may include the following steps: adding first configuration information in the global control file of the kolla-allowable; wherein the first configuration information is information for controlling whether to deploy the SASL service; adding second configuration information in a host manifest file of the kolla-stable; wherein the second configuration information is information for determining a node where the SASL service is deployed; adding third configuration information in the kolla-allowable module entry file; wherein the third configuration information is information for including the SASL service into a kolla-allowable project; and adding the starting configuration of the SASL container under the role catalog of the kolla-stable.
Further, after judging whether the cache system memcached needs to start the SASL authentication according to the target file, if the cache system memcached needs to start the SASL authentication, adding an authentication identifier into a starting parameter of the cache system memcached; when an access request sent by a client is received, judging whether an authentication name and a password input by the client are correct or not according to the access request; wherein, the access request is a request for applying access to a cache system memcached added with the authentication identifier; if the client is correct, providing access service for the client by using the cache system memcached; and if so, refusing to provide the access service for the client. As a possible implementation manner, after determining that the authentication name and the password input by the client are wrong, prompt information of access failure and the reason of the access failure may also be returned to the client.
Further, judging whether the authentication name and the password input by the client are correct according to the access request comprises the following steps: determining an authentication name and a password input by the client according to the access request; judging whether the authentication name and the password input by the client are the same as the authentication name and the password of the memcached of the cache system; if the authentication name and the password are the same, judging that the authentication name and the password input by the client are correct; if the authentication names and the passwords are different, judging that the authentication names and the passwords input by the client are wrong.
The flow described in the above embodiment is illustrated by an embodiment in practical application, and this embodiment provides a container deployment method for a memcached security authentication service SASL based on a kola-stable, where this embodiment constructs a container image adapted to the kola-stable, pushes the image to an image repository corresponding to an OpenStack environment, and then modifies a kola-stable related code to implement deployment support for the SASL. In addition, the embodiment also designs a starting flow of the SASL service, ensures flexible control of the service in the cluster, and realizes monitoring of the memcached service of the OpenStack cloud platform.
Referring to fig. 2, fig. 2 is a schematic diagram of a modification of a kolla-allowable related code according to an embodiment of the present application, and specifically includes the following steps: and constructing an SASL container image adapting to the kola-stable, pushing the image to an image warehouse corresponding to the OpenStack environment, and modifying relevant codes of the kola-stable to realize support of SASL services.
Further, the procedure for modifying the kolla-stable correlation code is as follows: A. adding a SASL related field in a global control file (global. Yml) can control whether the SASL service is deployed in the cluster; B. adding SASL related fields in host list files (multi node and all-in-one) to realize the support of single node and multi node environments, and designating the nodes of SASL service deployment; C. adding an SASL related field in a file module entry file (site.yml), and including an SASL service into an allowable project; D. the startup configuration of the SASL container is added under the role directory (roles).
The present embodiment implements the containerized deployment support of the sall service by modifying global control files (global. Yml) in the kolla-analog, host manifest files (multi and all-in-one), module entry files (site. Yml), and adding the startup configuration of the SASL container under the role directory (roles).
Referring to fig. 3, fig. 3 is a schematic diagram of a starting flow of a SASL service according to an embodiment of the present application, where the starting flow of the SASL service is as follows:
step 1: and opening the deployment of the OpenStack cloud platform.
Step 2: judging whether SASL authentication is started when memcached is deployed; if yes, the memcached starting parameter contains an authentication identifier-s; if not, the memcached initiation parameter is made to not include the authentication identifier-s.
Step 3: the deployment of the SASL service is initiated.
Step 4: the authentication mode of the SASL daemon is modified to be shadow.
Step 5: the authentication name and password of the memcached service are acquired.
Step 6: the memcached program is added to the SASL daemon.
Step 7: the SASL service is started to snoop access to memcached.
In this embodiment, by modifying the authentication mode of the SASL daemon, the memcached authentication name and password are obtained, the memcached program is added to the SASL daemon, and the SASL service is started to monitor the access of each module to the system cache.
In the embodiment, the kolla-stable is used for realizing containerized deployment on the SASL service, and the security of the OpenStack cloud platform is enhanced by monitoring the memcached service through the SASL service. The scheme realizes the sall service containerized deployment based on kolla-stable, and can control whether the sall service is deployed or not according to actual requirements in a production environment. Meanwhile, a starting flow of the SASL service is designed, and safety protection of memcached service in the OpenStack cloud platform is achieved.
Referring to fig. 4, fig. 4 is a schematic structural diagram of an access monitor system of a cache system according to an embodiment of the present application;
the system may include:
the parameter configuration module 100 is configured to add configuration parameters corresponding to the SASL container mirror image to the kolla-allowable object file;
the authentication judging module 200 is configured to judge whether the memcached cache system needs to start SASL authentication according to the target file when the cloud computing management platform deploys a service;
the service deployment module 300 is configured to deploy the SASL service by using the SASL container mirror image in the mirror image repository if the cache system memcached needs to start SASL authentication, and modify the authentication mode of the SASL daemon to shadow so as to obtain the authentication name and the password of the cache system memcached;
and the monitoring module 400 is configured to add the cache system memcached as a monitoring object of the SASL daemon according to the authentication name and the password of the cache system memcached, so as to monitor the access of the client to the cache system memcached by using the SASL service.
In the embodiment, the configuration parameters corresponding to the SASL container mirror image are added in the target file of the kola-stable so that the kola-stable realizes the support of the SASL service. When the cloud computing management platform is deployed, the embodiment judges whether the memcached of the cache system needs to start the SASL authentication according to the target file, if so, the SASL service is deployed, the memcached of the cache system is added as a monitoring object of the SASL daemon, and then the access of the client to the memcached of the cache system is monitored by the SASL service. When the client accesses the cache system memcached, the client only allows the client to access the cache system memcached on the premise that the input authentication name and password are correct. The embodiment can improve the access security of the memcached of the cache system.
Further, the method further comprises the following steps:
the image construction module is used for constructing the SASL container image adapting to the kola-stable before adding the configuration parameters corresponding to the SASL container image into the target file of the kola-stable, and pushing the SASL container image to an image warehouse corresponding to the OpenStack environment.
Further, the parameter configuration module 100 includes:
a global control file modification unit, configured to add first configuration information to the global control file of the kolla-allowable; wherein the first configuration information is information for controlling whether to deploy the SASL service;
a host manifest file modification unit, configured to add second configuration information to the host manifest file of the kolla-allowable; wherein the second configuration information is information for determining a node where the SASL service is deployed;
a module entry file modification unit, configured to add third configuration information to the module entry file of the kolla-allowable; wherein the third configuration information is information for including the SASL service into a kolla-allowable project;
and the role catalog modification unit is used for adding the starting configuration of the SASL container under the role catalog of the kolla-available.
Further, the method further comprises the following steps:
the authentication module is used for adding an authentication identifier into the starting parameter of the cache system memcached if the cache system memcached needs to start the SASL authentication after judging whether the cache system memcached needs to start the SASL authentication according to the target file; the method is also used for judging whether the authentication name and the password input by the client are correct or not according to the access request when the access request sent by the client is received; wherein, the access request is a request for applying access to a cache system memcached added with the authentication identifier; if the client is correct, providing access service for the client by using the cache system memcached; and if so, refusing to provide the access service for the client.
Further, the process of the authentication module judging whether the authentication name and the password input by the client are correct according to the access request includes: determining an authentication name and a password input by the client according to the access request; judging whether the authentication name and the password input by the client are the same as the authentication name and the password of the memcached of the cache system; if the authentication name and the password are the same, judging that the authentication name and the password input by the client are correct; if the authentication names and the passwords are different, judging that the authentication names and the passwords input by the client are wrong.
Further, the method further comprises the following steps:
and the error reporting unit is used for returning prompt information of access failure and access failure reasons to the client after judging that the authentication name and the password input by the client are wrong.
Further, the method further comprises the following steps:
and the interception releasing module is used for deleting the cache system memcached from the interception object list of the SASL daemon according to the authentication name and the password of the cache system memcached if a interception state change instruction corresponding to the cache system memcached is received after the cache system memcached is added as the interception object of the SASL daemon according to the authentication name and the password of the cache system memcached.
Since the embodiments of the system portion and the embodiments of the method portion correspond to each other, the embodiments of the system portion refer to the description of the embodiments of the method portion, which is not repeated herein.
The present application also provides a storage medium having stored thereon a computer program which, when executed, performs the steps provided by the above embodiments. The storage medium may include: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The application also provides an electronic device, which may include a memory and a processor, where the memory stores a computer program, and the processor may implement the steps provided in the foregoing embodiments when calling the computer program in the memory. Of course the electronic device may also include various network interfaces, power supplies, etc.
In the description, each embodiment is described in a progressive manner, and each embodiment is mainly described by the differences from other embodiments, so that the same similar parts among the embodiments are mutually referred. For the system disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section. It should be noted that it would be obvious to those skilled in the art that various improvements and modifications can be made to the present application without departing from the principles of the present application, and such improvements and modifications fall within the scope of the claims of the present application.
It should also be noted that in this specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

Claims (9)

1. An access monitoring method of a cache system is characterized by being applied to a cloud computing management platform, and comprises the following steps:
adding configuration parameters corresponding to the SASL container mirror image into a kolla-allowable target file;
when the cloud computing management platform deploys a service, judging whether a cache system memcached needs to start SASL authentication or not according to the target file;
if yes, deploying the SASL service by using the SASL container mirror image in the mirror image warehouse, and modifying the authentication mode of the SASL daemon into shadow so as to acquire the authentication name and the password of the memcached of the cache system;
adding the cache system memcached as a monitoring object of the SASL daemon according to the authentication name and the password of the cache system memcached so as to monitor the access of the client to the cache system memcached by utilizing the SASL service;
after judging whether the memcached of the cache system needs to start the SASL authentication according to the target file, the method further comprises:
if the cache system memcached needs to start SASL authentication, an authentication identifier is added in the starting parameter of the cache system memcached;
when an access request sent by a client is received, judging whether an authentication name and a password input by the client are correct or not according to the access request; wherein, the access request is a request for applying access to a cache system memcached added with the authentication identifier;
if the client is correct, providing access service for the client by using the cache system memcached;
and if so, refusing to provide the access service for the client.
2. The access listening method according to claim 1, further comprising, before adding the configuration parameters corresponding to the SASL container image to the kolla-stable target file:
and constructing the SASL container mirror image adapting to the kolla-stable, and pushing the SASL container mirror image to a mirror image warehouse corresponding to the OpenStack environment.
3. The access listening method according to claim 1, wherein the adding the configuration parameter corresponding to the SASL container image to the kolla-available object file includes:
adding first configuration information in the global control file of the kolla-allowable; wherein the first configuration information is information for controlling whether to deploy the SASL service;
adding second configuration information in a host manifest file of the kolla-stable; wherein the second configuration information is information for determining a node where the SASL service is deployed;
adding third configuration information in the kolla-allowable module entry file; wherein the third configuration information is information for including the SASL service into a kolla-allowable project;
and adding the starting configuration of the SASL container under the role catalog of the kolla-stable.
4. The access monitoring method according to claim 1, wherein determining whether the authentication name and the password input by the client are correct according to the access request comprises:
determining an authentication name and a password input by the client according to the access request;
judging whether the authentication name and the password input by the client are the same as the authentication name and the password of the memcached of the cache system;
if the authentication name and the password are the same, judging that the authentication name and the password input by the client are correct;
if the authentication names and the passwords are different, judging that the authentication names and the passwords input by the client are wrong.
5. The access listening method according to claim 4, further comprising, after determining that the authentication name and the password input by the client are wrong:
and returning prompt information of access failure and access failure reasons to the client.
6. The access snoop method of claim 1, further comprising, after adding said cache system memcached as a snoop object of said SASL daemon based on an authentication name and password of said cache system memcached:
and if a monitoring state change instruction corresponding to the cache system memcached is received, deleting the cache system memcached from the monitoring object list of the SASL daemon according to the authentication name and the password of the cache system memcached.
7. An access listening system of a cache system, applied to a cloud computing management platform, the access listening system comprising:
the parameter configuration module is used for adding configuration parameters corresponding to the SASL container mirror image into the kolla-allowable target file;
the authentication judging module is used for judging whether the memcached cache system needs to start SASL authentication or not according to the target file when the cloud computing management platform deploys services;
the service deployment module is used for deploying the SASL service by utilizing the SASL container mirror image in the mirror image warehouse if the cache system memcached needs to be started, and modifying the authentication mode of the SASL daemon into shadow so as to acquire the authentication name and the password of the cache system memcached;
the monitoring module is used for adding the cache system memcached as a monitoring object of the SASL daemon according to the authentication name and the password of the cache system memcached so as to monitor the access of the client to the cache system memcached by utilizing the SASL service;
the authentication module is used for adding an authentication identifier into the starting parameter of the cache system memcached if the cache system memcached needs to start the SASL authentication after judging whether the cache system memcached needs to start the SASL authentication according to the target file; the method is also used for judging whether the authentication name and the password input by the client are correct or not according to the access request when the access request sent by the client is received; wherein, the access request is a request for applying access to a cache system memcached added with the authentication identifier; if the client is correct, providing access service for the client by using the cache system memcached; and if so, refusing to provide the access service for the client.
8. An electronic device comprising a memory and a processor, the memory having stored therein a computer program, the processor implementing the steps of the access snoop method of the cache system as claimed in any one of claims 1 to 6 when the computer program in the memory is invoked by the processor.
9. A storage medium having stored therein computer executable instructions which when loaded and executed by a processor implement the steps of the access snoop method of the cache system according to any one of claims 1 to 6.
CN202011225949.3A 2020-11-05 2020-11-05 Access monitoring method and system of cache system, electronic equipment and storage medium Active CN112437120B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011225949.3A CN112437120B (en) 2020-11-05 2020-11-05 Access monitoring method and system of cache system, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011225949.3A CN112437120B (en) 2020-11-05 2020-11-05 Access monitoring method and system of cache system, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN112437120A CN112437120A (en) 2021-03-02
CN112437120B true CN112437120B (en) 2023-06-30

Family

ID=74694697

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011225949.3A Active CN112437120B (en) 2020-11-05 2020-11-05 Access monitoring method and system of cache system, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN112437120B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103019964A (en) * 2012-12-24 2013-04-03 北京搜狐新媒体信息技术有限公司 Cache data access method and data cache system
CN107181757A (en) * 2017-06-27 2017-09-19 新浪网技术(中国)有限公司 Support Memcache Proxy Methods, the apparatus and system of certification and protocol conversion

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111736956B (en) * 2020-06-29 2023-01-10 苏州浪潮智能科技有限公司 Container service deployment method, device, equipment and readable storage medium

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103019964A (en) * 2012-12-24 2013-04-03 北京搜狐新媒体信息技术有限公司 Cache data access method and data cache system
CN107181757A (en) * 2017-06-27 2017-09-19 新浪网技术(中国)有限公司 Support Memcache Proxy Methods, the apparatus and system of certification and protocol conversion

Also Published As

Publication number Publication date
CN112437120A (en) 2021-03-02

Similar Documents

Publication Publication Date Title
US10419289B2 (en) System and method for configuration management service
EP2871573B1 (en) Dynamic Containerization
US9485134B2 (en) Managing configurations of system management agents in a distributed environment
JP6192534B2 (en) Virtual application extension point
EP3044936B1 (en) Method and apparatus of downloading and installing a client
US9513936B2 (en) Dynamically loadable composite software application
US20080301770A1 (en) Identity based virtual machine selector
US20080295110A1 (en) Framework for Startup of Local Instance of Remote Application
CN103826215A (en) Method and apparatus for carrying out root authority management at terminal equipment
CN108235763B (en) Detection system, method and related device
CN113407383B (en) Main and standby system switching method and device, server and main and standby system
US7571165B2 (en) Method and system for providing locking behavior
CN107220074A (en) To the access of supporting layer software function, upgrade method and device
CN114168179A (en) Micro-service management method, device, computer equipment and storage medium
CN108132832B (en) Application program starting method and device
KR101638689B1 (en) System and method for providing client terminal to user customized synchronization service
CN106293790B (en) application program upgrading method and device based on Firefox operating system
CN112437120B (en) Access monitoring method and system of cache system, electronic equipment and storage medium
CN109992298B (en) Examination and approval platform expansion method and device, examination and approval platform and readable storage medium
CN116578957A (en) Account operation request response method and device and electronic equipment
EP2972829A1 (en) Modification of compiled applications and application management using retrievable policies
US10705815B2 (en) Split installation of a software product
CN111258605A (en) Universal upgrading method and device for channel client, computer equipment and storage medium
JP2010198200A (en) Device and method for profile information management, and program
US20240137361A1 (en) Logging in to modern workspaces using different cloud identity providers and single sign-on

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant