5
rrdcached - Data caching daemon for rrdtool
10
[B<-P>E<nbsp>I<permissions>]
11
[B<-l>E<nbsp>I<address>]
12
[B<-s>E<nbsp>I<group>]
13
[B<-w>E<nbsp>I<timeout>]
14
[B<-z>E<nbsp>I<delay>]
15
[B<-f>E<nbsp>I<timeout>]
16
[B<-p>E<nbsp>I<pid_file>]
17
[B<-t>E<nbsp>I<write_threads>]
18
[B<-j>E<nbsp>I<journal_dir>]
21
[B<-b>E<nbsp>I<base_dir>E<nbsp>[B<-B>]]
25
B<rrdcached> is a daemon that receives updates to existing RRD files,
26
accumulates them and, if enough have been received or a defined time has
27
passed, writes the updates to the RRD file. A I<flush> command may be used to
28
force writing of values to disk, so that graphing facilities and similar can
29
work with up-to-date data.
31
The daemon was written with big setups in mind. Those setups usually run into
32
IOE<nbsp>related problems sooner or later for reasons that are beyond the scope
33
of this document. Check the wiki at the RRDtool homepage for details. Also
34
check L</"SECURITY CONSIDERATIONS"> below before using this daemon! A detailed
35
description of how the daemon operates can be found in the L</"HOW IT WORKS">
42
=item B<-l> I<address>
44
Tells the daemon to bind to I<address> and accept incoming connections on that
45
socket. If I<address> begins with C<unix:>, everything following that prefix is
46
interpreted as the path to a UNIX domain socket. Otherwise the address or node
47
name are resolved using C<getaddrinfo()>.
49
For network sockets, a port may be specified by using the form
50
C<B<[>I<address>B<]:>I<port>>. If the address is an IPv4 address or a fully
51
qualified domain name (i.E<nbsp>e. the address contains at least one dot
52
(C<.>)), the square brackets can be omitted, resulting in the (simpler)
53
C<I<address>B<:>I<port>> pattern. The default port is B<42217/udp>. If you
54
specify a network socket, it is mandatory to read the
55
L</"SECURITY CONSIDERATIONS"> section.
57
The following formats are accepted. Please note that the address of the UNIX
58
domain socket B<must> start with a slash in the second case!
60
unix:</path/to/unix.sock>
63
[<hostname-or-ip>]:<port>
64
<hostname-or-ipv4>:<port>
66
If the B<-l> option is not specified the default address,
67
C<unix:/tmp/rrdcached.sock>, will be used.
69
=item B<-s> I<group_name>|I<gid>
71
Set the group permissions of a UNIX domain socket. The option accepts either
72
a numeric group id or group name. That group will then have both read and write
73
permissions (the socket will have file permissions 0750) for the socket and,
74
therefore, is able to send commands to the daemon. This
75
may be useful in cases where you cannot easily run all RRD processes with the same
76
user privileges (e.g. graph generating CGI scripts that typically run in the
77
permission context of the web server).
79
This option affects the I<following> UNIX socket addresses (the following
80
B<-l> options), i.e., you may specify different settings for different
83
The default is not to change ownership or permissions of the socket and, thus,
84
use the system default.
88
Set the file permissions of a UNIX domain socket. The option accepts an octal
89
number representing the bit pattern for the mode (see L<chmod(1)> for
92
Please note that not all systems honor this setting. On Linux, read/write
93
permissions are required to connect to a UNIX socket. However, many
94
BSD-derived systems ignore permissions for UNIX sockets. See L<unix(7)> for
97
This option affects the I<following> UNIX socket addresses (the following
98
B<-l> options), i.e., you may specify different settings for different
101
The default is not to change ownership or permissions of the socket and, thus,
102
use the system default.
104
=item B<-P> I<command>[,I<command>[,...]]
106
Specifies the commands accepted via a network socket. This allows
107
administrators of I<RRDCacheD> to control the actions accepted from various
110
The arguments given to the B<-P> option is a comma separated list of commands.
111
For example, to allow the C<FLUSH> and C<PENDING> commands one could specify:
113
rrdcached -P FLUSH,PENDING $MORE_ARGUMENTS
115
The B<-P> option affects the I<following> socket addresses (the following B<-l>
116
options). In the following example, only the IPv4 network socket (address
117
C<10.0.0.1>) will be restricted to the C<FLUSH> and C<PENDING> commands:
119
rrdcached -l unix:/some/path -P FLUSH,PENDING -l 10.0.0.1
121
A complete list of available commands can be found in the section
122
L</"Valid Commands"> below. There are two minor special exceptions:
128
The C<HELP> and C<QUIT> commands are always allowed.
132
If the C<BATCH> command is accepted, the B<.>E<nbsp>command will automatically
137
Please also read L</"SECURITY CONSIDERATIONS"> below.
139
=item B<-w> I<timeout>
141
Data is written to disk every I<timeout> seconds. If this option is not
142
specified the default interval of 300E<nbsp>seconds will be used.
146
If specified, rrdcached will delay writing of each RRD for a random number
147
of seconds in the rangeE<nbsp>[0,I<delay>). This will avoid too many
148
writes being queued simultaneously. This value should be no greater than
149
the value specified in B<-w>. By default, there is no delay.
151
=item B<-f> I<timeout>
153
Every I<timeout> seconds the entire cache is searched for old values which are
154
written to disk. This only concerns files to which updates have stopped, so
155
setting this to a high value, such as 3600E<nbsp>seconds, is acceptable in most
156
cases. This timeout defaults to 3600E<nbsp>seconds.
160
Sets the name and location of the PID-file. If not specified, the default,
161
C<I<$localststedir>/run/rrdcached.pid> will be used.
163
=item B<-t> I<write_threads>
165
Specifies the number of threads used for writing RRD files. The default
166
isE<nbsp>4. Increasing this number will allow rrdcached to have more
167
simultaneous I/O requests into the kernel. This may allow the kernel to
168
re-order disk writes, resulting in better disk throughput.
172
Write updates to a journal in I<dir>. In the event of a program or system
173
crash, this will allow the daemon to write any updates that were pending
174
at the time of the crash.
176
On startup, the daemon will check for journal files in this directory. If
177
found, all updates therein will be read into memory before the daemon
178
starts accepting new connections.
180
The journal will be rotated with the same frequency as the flush timer
183
When journaling is enabled, the daemon will use a fast shutdown procedure.
184
Rather than flushing all files to disk, it will make sure the journal is
185
properly written and exit immediately. Although the RRD data files are
186
not fully up-to-date, no information is lost; all pending updates will be
187
replayed from the journal next time the daemon starts up.
189
To disable fast shutdown, use the B<-F> option.
193
ALWAYS flush all updates to the RRD data files when the daemon is shut
194
down, regardless of journal setting.
198
Run in the foreground. The daemon will not fork().
202
The daemon will change into a specific directory at startup. All files passed
203
to the daemon, that are specified by a B<relative> path, will be interpreted
204
to be relative to this directory. If not given the default, C</tmp>, will be
207
+------------------------+------------------------+
208
! Command line ! File updated !
209
+------------------------+------------------------+
210
! foo.rrd ! /tmp/foo.rrd !
211
! foo/bar.rrd ! /tmp/foo/bar.rrd !
212
! /var/lib/rrd/foo.rrd ! /var/lib/rrd/foo.rrd !
213
+------------------------+------------------------+
214
Paths given on the command line and paths actually
215
updated by the daemon, assuming the base directory
218
B<WARNING:> The paths up to and including the base directory B<MUST NOT BE>
219
symbolic links. In other words, if the base directory is
222
-b /base/dir/somewhere
224
... then B<NONE> of the following should be symbolic links:
232
Only permit writes into the base directory specified in B<-b> (and any
233
sub-directories). This does B<NOT> detect symbolic links. Paths
234
containing C<../> will also be blocked.
238
=head1 AFFECTED RRDTOOL COMMANDS
240
The following commands may be made aware of the B<rrdcached> using the command
241
line argument B<--daemon> or the environment variable B<RRDCACHED_ADDRESS>:
287
The B<update> command can send values to the daemon instead of writing them to
288
the disk itself. All other commands can send a B<FLUSH> command (see below) to
289
the daemon before accessing the files, so they work with up-to-date data even
290
if the cache timeout is large.
292
=head1 ERROR REPORTING
294
The daemon reports errors in one of two ways: During startup, error messages
295
are printed to C<STDERR>. One of the steps when starting up is to fork to the
296
background and closing C<STDERR> - after this writing directly to the user is
297
no longer possible. Once this has happened, the daemon will send log messages
298
to the system logging daemon using syslog(3). The facility used is
303
When receiving an update, B<rrdcached> does not write to disk but looks for an
304
entry for that file in its internal tree. If not found, an entry is created
305
including the current time (called "First" in the diagram below). This time is
306
B<not> the time specified on the command line but the time the operating system
307
considers to be "now". The value and time of the value (called "Time" in the
308
diagram below) are appended to the tree node.
310
When appending a value to a tree node, it is checked whether it's time to write
311
the values to disk. Values are written to disk if
312
S<C<now() - First E<gt>= timeout>>, where C<timeout> is the timeout specified
313
using the B<-w> option, see L</OPTIONS>. If the values are "old enough" they
314
will be enqueued in the "update queue", i.E<nbsp>e. they will be appended to
315
the linked list shown below. Because the tree nodes and the elements of the
316
linked list are the same data structures in memory, any update to a file that
317
has already been enqueued will be written with the next write to the RRD file,
320
A separate "update thread" constantly dequeues the first element in the update
321
queue and writes all its values to the appropriate file. So as long as the
322
update queue is not empty files are written at the highest possible rate.
324
Since the timeout of files is checked only when new values are added to the
325
file, "dead" files, i.E<nbsp>e. files that are not updated anymore, would never
326
be written to disk. Therefore, every now and then, controlled by the B<-f>
327
option, the entire tree is walked and all "old" values are enqueued. Since this
328
only affects "dead" files and walking the tree is relatively expensive, you
329
should set the "flush interval" to a reasonably high value. The default is
330
3600E<nbsp>seconds (one hour).
332
The downside of caching values is that they won't show up in graphs generated
333
from the RRDE<nbsp>files. To get around this, the daemon provides the "flush
334
command" to flush specific files. This means that the file is inserted at the
335
B<head> of the update queue or moved there if it is already enqueued. The flush
336
command will return only after the file's pending updates have been written
339
+------+ +------+ +------+
340
! head ! ! root ! ! tail !
341
+---+--+ +---+--+ +---+--+
345
! /\/\ \ `----------------- ... --------, !
347
+---+----+---+ +------+-----+ +---+----+---+
348
! File: foo ! ! File: bar ! ! File: qux !
349
! First: 101 ! ! First: 119 ! ! First: 180 !
350
! Next:&bar -+--->! Next:&... -+---> ... --->! Next:NULL !
351
| Prev:NULL !<---+-Prev:&foo !<--- ... ----+-Prev: &... !
352
+============+ +============+ +============+
353
! Time: 100 ! ! Time: 120 ! ! Time: 180 !
354
! Value: 10 ! ! Value: 0.1 ! ! Value: 2,2 !
355
+------------+ +------------+ +------------+
356
! Time: 110 ! ! Time: 130 ! ! Time: 190 !
357
! Value: 26 ! ! Value: 0.1 ! ! Value: 7,3 !
358
+------------+ +------------+ +------------+
360
+------------+ +------------+ +------------+
361
! Time: 230 ! ! Time: 250 ! ! Time: 310 !
362
! Value: 42 ! ! Value: 0.2 ! ! Value: 1,2 !
363
+------------+ +------------+ +------------+
365
The above diagram demonstrates:
371
Files/values are stored in a (balanced) tree.
375
Tree nodes and entries in the update queue are the same data structure.
379
The local time ("First") and the time specified in updates ("Time") may differ.
383
Timed out values are inserted at the "tail".
387
Explicitly flushed values are inserted at the "head".
395
=head1 SECURITY CONSIDERATIONS
397
=head2 Authentication
399
There is no authentication.
401
The client/server protocol does not yet have any authentication mechanism. It
402
is likely that authentication and encryption will be added in a future version,
403
but for the time being it is the administrator's responsibility to secure the
404
traffic from/to the daemon!
406
It is highly recommended to install a packet filter or similar mechanism to
407
prevent unauthorized connections. Unless you have a dedicated VLAN or VPN for
408
this, using network sockets is probably a bad idea!
412
There is minimal per-socket authorization.
414
Authorization is currently done on a per-socket basis. That means each socket
415
has a list of commands it will accept and it will accept. It will accept only
416
those commands explicitly listed but it will (currently) accept these commands
417
from anyone reaching the socket.
419
If the networking sockets are to be used, it is necessary to restrict the
420
accepted commands to those needed by external clients. If, for example,
421
external clients want to draw graphs of the cached data, they should only be
422
allowed to use the C<FLUSH> command.
426
There is no encryption.
428
Again, this may be added in the future, but for the time being it is your job
429
to keep your private data private. Install a VPN or an encrypted tunnel if you
430
statistics are confidential!
432
=head2 Sanity checking
434
There is no sanity checking.
436
The daemon will blindly write to any file it gets told, so you really should
437
create a separate user just for this daemon. Also it does not do any sanity
438
checks, so if it gets told to write values for a time far in the future, your
439
files will be messed up good!
447
Security is the job of the administrator.
451
We recommend to allow write access via UNIX domain sockets only.
455
You have been warned.
461
The daemon communicates with clients using a line based ASCII protocol which is
462
easy to read and easy to type. This makes it easy for scripts to implement the
463
protocol and possible for users to use telnet to connect to the daemon
464
and test stuff "by hand".
466
The protocol is line based, this means that each record consists of one or more
467
lines. A line is terminated by the line feed character C<0x0A>, commonly
468
written as C<\n>. In the examples below, this character will be written as
469
C<E<lt>LFE<gt>> ("line feed").
471
After the connection has been established, the client is expected to send a
472
"command". A command consists of the command keyword, possibly some arguments,
473
and a terminating newline character. For a list of commands, see
474
L</"Valid Commands"> below.
478
FLUSH /tmp/foo.rrd<LF>
480
The daemon answers with a line consisting of a status code and a short status
481
message, separated by one or more space characters. A negative status code
482
signals an error, a positive status code or zero signal success. If the status
483
code is greater than zero, it indicates the number of lines that follow the
490
2 Two lines follow<LF>
491
This is the first line<LF>
492
And this is the second line<LF>
494
=head2 Valid Commands
496
The following commands are understood by the daemon:
500
=item B<FLUSH> I<filename>
502
Causes the daemon to put I<filename> to the B<head> of the update queue
503
(possibly moving it there if the node is already enqueued). The answer will be
504
sent B<after> the node has been dequeued.
508
Causes the daemon to start flushing ALL pending values to disk. This
509
returns immediately, even though the writes may take a long time.
511
=item B<PENDING> I<filename>
513
Shows any "pending" updates for a file, in order. The updates shown have
514
not yet been written to the underlying RRD file.
516
=item B<FORGET> I<filename>
518
Removes I<filename> from the cache. Any pending updates B<WILL BE LOST>.
522
Shows the files that are on the output queue. Returns zero or more lines
523
in the following format, where E<lt>num_valsE<gt> is the number of values
524
to be written for the E<lt>fileE<gt>:
528
=item B<HELP> [I<command>]
530
Returns a short usage message. If no command is given, or I<command> is
531
B<HELP>, a list of commands supported by the daemon is returned. Otherwise a
532
short description, possibly containing a pointer to a manual page, is returned.
533
Obviously, this is meant for interactive usage and the format in which the
534
commands and usage summaries are returned is not well defined.
538
Returns a list of metrics which can be used to measure the daemons performance
539
and check its status. For a description of the values returned, see
540
L</"Performance Values"> below.
542
The format in which the values are returned is similar to many other line based
543
protocols: Each value is printed on a separate line, each consisting of the
544
name of the value, a colon, one or more spaces and the actual value.
559
=item B<UPDATE> I<filename> I<values> [I<values> ...]
561
Adds more data to a filename. This is B<the> operation the daemon was designed
562
for, so describing the mechanism again is unnecessary. Read L</"HOW IT WORKS">
563
above for a detailed explanation.
565
Note that rrdcached only accepts absolute timestamps in the update values.
566
Updates strings like "N:1:2:3" are automatically converted to absolute
567
time by the RRD client library before sending to rrdcached.
569
=item B<WROTE> I<filename>
571
This command is written to the journal after a file is successfully
572
written out to disk. It is used during journal replay to determine which
573
updates have already been applied. It is I<only> valid in the journal; it
574
is not accepted from the other command channels.
578
This command initiates the bulk load of multiple commands. This is
579
designed for installations with extremely high update rates, since it
580
permits more than one command to be issued per read() and write().
582
All commands are executed just as they would be if given individually,
583
except for output to the user. Messages indicating success are
584
suppressed, and error messages are delayed until the client is finished.
586
Command processing is finished when the client sends a dot (".") on its
587
own line. After the client has finished, the server responds with an
588
error count and the list of error messages (if any). Each error messages
589
indicates the number of the command to which it corresponds, and the error
590
message itself. The first user command after B<BATCH> is command number one.
593
server: 0 Go ahead. End with dot '.' on its own line.
594
client: UPDATE x.rrd 1223661439:1:2:3 <--- command #1
595
client: UPDATE y.rrd 1223661440:3:4:5 <--- command #2
599
server: 1 message for command 1
600
server: 12 message for command 12
604
Disconnect from rrdcached.
608
=head2 Performance Values
610
The following counters are returned by the B<STATS> command:
614
=item B<QueueLength> I<(unsigned 64bit integer)>
616
Number of nodes currently enqueued in the update queue.
618
=item B<UpdatesReceived> I<(unsigned 64bit integer)>
620
Number of UPDATE commands received.
622
=item B<FlushesReceived> I<(unsigned 64bit integer)>
624
Number of FLUSH commands received.
626
=item B<UpdatesWritten> I<(unsigned 64bit integer)>
628
Total number of updates, i.E<nbsp>e. calls to C<rrd_update_r>, since the
631
=item B<DataSetsWritten> I<(unsigned 64bit integer)>
633
Total number of "data sets" written to disk since the daemon was
634
started. A data set is one or more values passed to the B<UPDATE>
635
command. For example: C<1223661439:123:456> is one data set with two
636
values. The term "data set" is used to prevent confusion whether
637
individual values or groups of values are counted.
639
=item B<TreeNodesNumber> I<(unsigned 64bit integer)>
641
Number of nodes in the cache.
643
=item B<TreeDepth> I<(unsigned 64bit integer)>
645
Depth of the tree used for fast key lookup.
647
=item B<JournalBytes> I<(unsigned 64bit integer)>
649
Total number of bytes written to the journal since startup.
651
=item B<JournalRotate> I<(unsigned 64bit integer)>
653
Number of times the journal has been rotated since startup.
661
=item SIGINT and SIGTERM
663
The daemon exits normally on receipt of either of these signals. Pending
664
updates are handled in accordance with the B<-j> and B<-F> options.
668
The daemon exits AFTER flushing all updates out to disk. This may take a
673
The daemon exits immediately, without flushing updates out to disk.
674
Pending updates will be replayed from the journal when the daemon starts
675
up again. B<WARNING: if journaling (-j) is NOT enabled, any pending
676
updates WILL BE LOST>.
682
No known bugs at the moment.
686
L<rrdtool>, L<rrdgraph>
690
Florian Forster E<lt>octoE<nbsp>atE<nbsp>verplant.orgE<gt>
692
Both B<rrdcached> and this manual page have been written by Florian.
696
kevin brintnall E<lt>kbrint@rufus.netE<gt>
added
removed
doc/rrdcached.pod
