本来以为是个挺美好的东西,结果。。。
这样的方式非常不安全,尤其是假设暴露在公网地址,非常easy被攻击,并且gearman的http服务远没有专业的webserver健壮。
攻击方式非常easy:telnet host 8080,连接成功后,随便输入点内容,如:aaa,gearman日志就不停的出现例如以下错误信息:
bad request line:aaa
简直就是死循环,gearmand就顶不住了,系统内存也一会就被耗尽,说明http这块实现的有BUG。
只是能够通过改动源代码来修复这个BUG:
You can open file libgearman-server/plugins/protocol/http/protocol.cc , find 'bad request line:' and 'bad method:', then chang 'GEARMAND_SUCCESS' to 'GEARMAND_INVALID_PACKET' after them. This way is quick for this bug.
也能够下载以下的补丁,对源patch:
https://bugs.launchpad.net/gearmand/+bug/1348865/+attachment/4182968/+files/gearmand-1.1.12.patch
gearmand-1.1.12源代码安装文件夹下运行:patch -p0 < ../gearmand-1.1.12.patch
该补丁攻克了上面的错误,同一时候也添加了对get方法的支持
bug信息參见:https://bugs.launchpad.net/gearmand/+bug/1348865
原文:
This protocol plugin allows you to map HTTP requests to Gearman jobs. It only provides client job submission currently, but it may be extended to support other request types in the future. The plugin can handle both GET and POST data, the latter being used to send a workload to the job server. The URL being requested is translated into the function being called.
For example, the request:
Is translated into a job submission request for the function “reverse” and workload “Hello world!”. This will respond with:
The following headers can be passed to change the behavior of the job:
For example, to run a low priority background job, the following request can be sent:
The response for this request will not have any data associated with it since it was a background job:
The HTTP protocol should be considered experimental.
应用场景:
开启gearman http监听功能,让前端以web api方式调用gearman job
起用方式:
在gearmand的起动參数中加上:
/usr/local/gearman/sbin/gearmand \
-l /usr/local/gearman/log/trace.log \
--verbose INFO -p 4730 -u root -d -t 4 \
--http-port 8080 \
-r http
--http-port=8080 指定监听端口号
-r http 起用http协议模块
调用方式:
眼下http协议仅仅支持任务提交类接口,其他类型的暂不支持。
按官方文档上说,http支持GET和POS两种方式调用,可是GET方式我还没弄清楚如何携带数据,POST方式实验过是能够的
http://172.16.18.116:8080/reverse
reverse就为函数名,假如POST的数据内容为:“Hello world!”,返回结果为:“!dlrow olleH”
在http的header头中能够设置一些任务參数:
* X-Gearman-Unique: <unique key>
* X-Gearman-Background: true
* X-Gearman-Priority: <high|low>
这样的使用方式,实际上gearmand监听着两个端,原来的4730端还是能够接收正常的gearman协议client的请求,另外的8080port则监听着http协议的请求,两种方式共同工作,http服务前端如移动端调用,gearman服务内部的其他模块的调用。