2010-12-02 01:48:02 +03:00
# Hey Emacs, this is a -*- shell-script -*- !!!
2007-06-01 14:54:26 +04:00
# utility functions for ctdb event scripts
2023-07-16 13:47:09 +03:00
if [ -z "$CTDB_BASE" ]; then
echo 'CTDB_BASE unset in CTDB functions file'
exit 1
2015-08-17 07:01:40 +03:00
fi
2016-06-29 10:33:43 +03:00
export CTDB_BASE
2015-08-17 07:01:40 +03:00
2016-07-06 10:16:44 +03:00
# CTDB_VARDIR is used elsewhere
# shellcheck disable=SC2034
2015-08-13 08:54:20 +03:00
CTDB_VARDIR="/usr/local/var/lib/ctdb"
2016-06-08 13:08:35 +03:00
CTDB="${CTDB:-/usr/local/bin/ctdb}"
2015-08-13 08:17:51 +03:00
# Only (and always) override these variables in test code
2023-07-16 13:47:09 +03:00
if [ -z "$CTDB_SCRIPT_VARDIR" ]; then
CTDB_SCRIPT_VARDIR="/usr/local/var/lib/ctdb/scripts"
2015-08-13 08:17:51 +03:00
fi
2023-07-16 13:47:09 +03:00
if [ -z "$CTDB_SYS_ETCDIR" ]; then
CTDB_SYS_ETCDIR="/etc"
2015-08-13 08:17:51 +03:00
fi
2010-12-15 02:08:16 +03:00
2023-07-16 13:47:09 +03:00
if [ -z "$CTDB_HELPER_BINDIR" ]; then
CTDB_HELPER_BINDIR="/usr/local/libexec/ctdb"
2016-02-12 02:12:13 +03:00
fi
2007-06-03 16:07:07 +04:00
#######################################
# pull in a system config file, if any
2015-11-17 06:57:44 +03:00
2023-07-16 13:47:09 +03:00
load_system_config()
2018-02-06 03:25:56 +03:00
{
2023-07-16 13:47:09 +03:00
for _i; do
2019-03-20 13:19:49 +03:00
if [ -f "${CTDB_SYS_ETCDIR}/sysconfig/${_i}" ]; then
. "${CTDB_SYS_ETCDIR}/sysconfig/${_i}"
return
elif [ -f "${CTDB_SYS_ETCDIR}/default/${_i}" ]; then
. "${CTDB_SYS_ETCDIR}/default/${_i}"
return
fi
done
2018-02-06 03:25:56 +03:00
}
2009-11-13 10:28:25 +03:00
2018-04-04 12:06:13 +03:00
# load_script_options [ component script ]
# script is an event script name relative to a component
# component is currently ignored
2023-07-16 13:47:09 +03:00
load_script_options()
2018-02-19 05:13:26 +03:00
{
2023-07-16 13:47:09 +03:00
if [ $# -eq 2 ]; then
2018-04-04 12:06:13 +03:00
_script="$2"
2023-07-16 13:47:09 +03:00
elif [ $# -eq 0 ]; then
2018-04-04 12:06:13 +03:00
_script=""
else
die "usage: load_script_options [ component script ]"
fi
2018-04-04 11:52:36 +03:00
_options="${CTDB_BASE}/script.options"
2023-07-16 13:47:09 +03:00
if [ -r "$_options" ]; then
2018-04-04 11:52:36 +03:00
. "$_options"
fi
2023-07-16 13:47:09 +03:00
if [ -n "$_script" ]; then
2018-05-15 06:39:15 +03:00
_s="${CTDB_BASE}/events/legacy/${_script}"
2018-04-04 12:06:13 +03:00
else
_s="${0%.script}"
fi
_options="${_s}.options"
2018-02-19 05:13:26 +03:00
2023-07-16 13:47:09 +03:00
if [ -r "$_options" ]; then
2018-02-19 05:13:26 +03:00
. "$_options"
fi
}
2011-08-17 03:00:46 +04:00
##############################################################
2023-07-16 13:47:09 +03:00
die()
2012-03-07 09:09:56 +04:00
{
2023-07-16 13:47:09 +03:00
_msg="$1"
_rc="${2:-1}"
2012-03-07 09:09:56 +04:00
2023-07-16 13:47:09 +03:00
echo "$_msg" >&2
exit "$_rc"
2012-03-07 09:09:56 +04:00
}
2012-10-16 10:04:48 +04:00
# Log given message or stdin to either syslog or a CTDB log file
# $1 is the tag passed to logger if syslog is in use.
2023-07-16 13:47:09 +03:00
script_log()
{
_tag="$1"
shift
case "$CTDB_LOGGING" in
2023-07-16 13:52:54 +03:00
file:)
if [ -n "$*" ] ; then
echo "$*"
else
cat
fi >&2
;;
2023-07-16 13:47:09 +03:00
file:* | "")
if [ -n "$CTDB_LOGGING" ]; then
_file="${CTDB_LOGGING#file:}"
2014-08-11 11:07:41 +04:00
else
2023-07-16 13:47:09 +03:00
_file="/usr/local/var/log/log.ctdb"
2014-08-11 11:07:41 +04:00
fi
2023-07-16 13:47:09 +03:00
{
if [ -n "$*" ]; then
echo "$*"
else
cat
fi
} >>"$_file"
;;
2014-08-11 11:07:41 +04:00
*)
2023-07-16 13:47:09 +03:00
# Handle all syslog:* variants here too. There's no tool to do
# the lossy things, so just use logger.
logger -t "ctdbd: ${_tag}" "$@"
;;
esac
2012-10-16 10:04:48 +04:00
}
# When things are run in the background in an eventscript then logging
# output might get lost. This is the "solution". :-)
2023-07-16 13:47:09 +03:00
background_with_logging()
2012-10-16 10:04:48 +04:00
{
2023-07-16 13:47:09 +03:00
(
"$@" 2>&1 </dev/null |
script_log "${script_name}&"
) &
2012-09-03 09:37:01 +04:00
2023-07-16 13:47:09 +03:00
return 0
2012-09-03 09:37:01 +04:00
}
2011-08-23 10:32:34 +04:00
##############################################################
# check number of args for different events
2023-07-16 13:47:09 +03:00
ctdb_check_args()
2011-08-23 10:32:34 +04:00
{
2023-07-16 13:47:09 +03:00
case "$1" in
takeip | releaseip)
if [ $# != 4 ]; then
echo "ERROR: must supply interface, IP and maskbits"
exit 1
fi
;;
2011-08-23 10:32:34 +04:00
updateip)
2023-07-16 13:47:09 +03:00
if [ $# != 5 ]; then
echo "ERROR: must supply old interface, new interface, IP and maskbits"
exit 1
fi
;;
esac
2011-08-23 10:32:34 +04:00
}
2009-01-16 15:26:57 +03:00
##############################################################
# determine on what type of system (init style) we are running
2013-10-18 06:24:03 +04:00
detect_init_style()
{
2023-09-19 10:34:55 +03:00
_init_style_file="${CTDB_SCRIPT_VARDIR}/init-style"
2018-02-19 07:29:43 +03:00
2023-09-19 10:34:55 +03:00
if [ ! -f "$_init_style_file" ]; then
if [ -n "$CTDB_INIT_STYLE" ]; then
echo "$CTDB_INIT_STYLE" >"$_init_style_file"
return
fi
# Subshell to contain variables in os-release file
(
_os_release="${CTDB_SYS_ETCDIR}/os-release"
if [ -f "$_os_release" ]; then
. "$_os_release"
case "$ID" in
centos | fedora | rhel)
echo "redhat"
;;
debian | ubuntu)
echo "debian"
;;
sles | suse)
echo "suse"
;;
*)
case "$ID_LIKE" in
*centos* | *rhel*)
echo "redhat"
;;
*)
echo "$ID"
;;
esac
;;
esac
else
echo "WARNING: unknown distribution ${ID}" >&2
echo "unknown"
fi
) >"$_init_style_file"
2018-02-19 07:29:43 +03:00
fi
2023-09-19 10:34:55 +03:00
read -r CTDB_INIT_STYLE <"$_init_style_file"
2009-01-16 15:26:57 +03:00
}
2007-06-01 14:54:26 +04:00
2007-06-02 12:51:05 +04:00
######################################################
# simulate /sbin/service on platforms that don't have it
2011-06-07 09:57:29 +04:00
# _service() makes it easier to hook the service() function for
# testing.
2023-07-16 13:47:09 +03:00
_service()
2011-06-07 09:57:29 +04:00
{
2023-07-16 13:47:09 +03:00
_service_name="$1"
_op="$2"
# do nothing, when no service was specified
[ -z "$_service_name" ] && return
if [ -x /sbin/service ]; then
$_nice /sbin/service "$_service_name" "$_op"
elif [ -x /usr/sbin/service ]; then
$_nice /usr/sbin/service "$_service_name" "$_op"
elif [ -x /bin/systemctl ]; then
$_nice /bin/systemctl "$_op" "$_service_name"
elif [ -x "${CTDB_SYS_ETCDIR}/init.d/${_service_name}" ]; then
$_nice "${CTDB_SYS_ETCDIR}/init.d/${_service_name}" "$_op"
elif [ -x "${CTDB_SYS_ETCDIR}/rc.d/init.d/${_service_name}" ]; then
$_nice "${CTDB_SYS_ETCDIR}/rc.d/init.d/${_service_name}" "$_op"
fi
2007-06-02 12:51:05 +04:00
}
2011-06-07 09:57:29 +04:00
service()
{
2023-07-16 13:47:09 +03:00
_nice=""
_service "$@"
2011-06-07 09:57:29 +04:00
}
2008-02-13 00:20:20 +03:00
######################################################
# simulate /sbin/service (niced) on platforms that don't have it
2011-06-07 09:57:29 +04:00
nice_service()
{
2023-07-16 13:47:09 +03:00
_nice="nice"
_service "$@"
2008-02-13 00:20:20 +03:00
}
2007-06-17 05:57:42 +04:00
2015-04-17 13:44:15 +03:00
######################################################
# Cached retrieval of PNN from local node. This never changes so why
# open a client connection to the server each time this is needed?
2023-07-16 13:47:09 +03:00
ctdb_get_pnn()
2015-04-17 13:44:15 +03:00
{
2023-07-16 13:47:09 +03:00
_pnn_file="${CTDB_SCRIPT_VARDIR}/my-pnn"
if [ ! -f "$_pnn_file" ]; then
$CTDB pnn >"$_pnn_file"
fi
2015-04-17 13:44:15 +03:00
2023-07-16 13:47:09 +03:00
cat "$_pnn_file"
2015-04-17 13:44:15 +03:00
}
2016-04-08 08:53:47 +03:00
# Cached retrieval of private IP address from local node. This never
2016-07-06 10:41:55 +03:00
# changes.
2023-07-16 13:47:09 +03:00
ctdb_get_ip_address()
2016-04-08 08:53:47 +03:00
{
2023-07-16 13:47:09 +03:00
_ip_addr_file="${CTDB_SCRIPT_VARDIR}/my-ip-address"
if [ ! -f "$_ip_addr_file" ]; then
$CTDB -X nodestatus |
awk -F '|' 'NR == 2 { print $3 }' >"$_ip_addr_file"
fi
2016-04-08 08:53:47 +03:00
2023-07-16 13:47:09 +03:00
cat "$_ip_addr_file"
2016-04-08 08:53:47 +03:00
}
2023-06-15 09:21:19 +03:00
# Cache of public IP addresses assigned to this node. This function
2024-05-10 04:42:26 +03:00
# exists mainly so statd_callout does not need to talk to ctdbd, so
2023-06-15 09:21:19 +03:00
# can be run as non-root, but it may be used in other places. This
# must be updated/refreshed on failover. This is done in
# 10.interface, but doing it in "ipreallocated" isn't enough because
# clients may connect as soon as "takeip" completes. Also, the VNN in
# the daemon is only updated after the "releaseip" event completes, so
# "ctdb -X ip" can't be relied on there. Hence, complex updates
# involving locking for "takeip" & "releaseip". A future
# restructuring of the failover model will obsolete all of these
# moving parts.
CTDB_MY_PUBLIC_IPS_CACHE="${CTDB_SCRIPT_VARDIR}/my-public-ip-addresses"
update_my_public_ip_addresses()
{
_event="$1"
_f="$CTDB_MY_PUBLIC_IPS_CACHE"
_lock="${_f}.lock"
# In private CTDB state directory - no $$ security issue
_new="${_f}.new.$$"
{
flock --timeout 10 9 ||
die "ctdb_get_my_public_ip_addresses: timeout"
case "$_event" in
takeip)
_ip="$2"
# Redirect of stderr guards against initial
# missing file
cat "$_f" 2>/dev/null >"$_new"
echo "$_ip" >>"$_new"
;;
releaseip)
_ip="$2"
# Redirect of stderr guards against initial
# missing file, which shouldn't happen in
# releaseip...
grep -Fvx "$_ip" "$_f" 2>/dev/null >"$_new"
;;
ipreallocated)
_pnn=$(ctdb_get_pnn)
$CTDB -X ip |
awk -F'|' -v pnn="$_pnn" \
'$3 == pnn {print $2}' >"$_new"
;;
esac
mv "$_new" "$_f"
} 9>"$_lock"
}
2018-04-20 05:12:44 +03:00
# Cached retrieval of database options for use by event scripts.
#
# If the variables are already set then they should not be overwritten
# - this should only happen during event script testing.
2023-07-16 13:47:09 +03:00
ctdb_get_db_options()
2018-04-20 05:12:44 +03:00
{
_db_opts_file="${CTDB_SCRIPT_VARDIR}/db_options.cache"
2023-07-16 13:47:09 +03:00
if [ ! -f "$_db_opts_file" ]; then
2018-04-20 05:12:44 +03:00
{
ctdb_translate_option "database" \
2023-07-16 13:47:09 +03:00
"volatile database directory" \
"CTDB_DBDIR"
2018-04-20 05:12:44 +03:00
ctdb_translate_option "database" \
2023-07-16 13:47:09 +03:00
"persistent database directory" \
"CTDB_DBDIR_PERSISTENT"
2018-04-20 05:12:44 +03:00
ctdb_translate_option "database" \
2023-07-16 13:47:09 +03:00
"state database directory" \
"CTDB_DBDIR_STATE"
2018-04-20 05:12:44 +03:00
} >"$_db_opts_file"
fi
. "$_db_opts_file"
}
2023-07-16 13:47:09 +03:00
ctdb_translate_option()
2018-04-20 05:12:44 +03:00
{
_section="$1"
_opt="$2"
_variable="$3"
# ctdb-config already prints an error if something goes wrong
2023-07-16 13:47:09 +03:00
_t=$("${CTDB_HELPER_BINDIR}/ctdb-config" get "$_section" "$_opt") ||
2018-04-20 05:12:44 +03:00
exit $?
echo "${_variable}=\"${_t}\""
}
2011-06-28 08:54:33 +04:00
######################################################
# wrapper around /proc/ settings to allow them to be hooked
# for testing
# 1st arg is relative path under /proc/, 2nd arg is value to set
2023-07-16 13:47:09 +03:00
set_proc()
2011-06-28 08:54:33 +04:00
{
2023-07-16 13:47:09 +03:00
echo "$2" >"/proc/$1"
2011-06-28 08:54:33 +04:00
}
2023-07-16 13:47:09 +03:00
set_proc_maybe()
2015-06-24 14:06:22 +03:00
{
2023-07-16 13:47:09 +03:00
if [ -w "/proc/$1" ]; then
set_proc "$1" "$2"
fi
2015-06-24 14:06:22 +03:00
}
2011-06-28 08:54:33 +04:00
######################################################
# wrapper around getting file contents from /proc/ to allow
# this to be hooked for testing
# 1st arg is relative path under /proc/
2023-07-16 13:47:09 +03:00
get_proc()
2011-06-28 08:54:33 +04:00
{
2023-07-16 13:47:09 +03:00
cat "/proc/$1"
2011-06-28 08:54:33 +04:00
}
2014-11-14 05:31:03 +03:00
######################################################
# Print up to $_max kernel stack traces for processes named $_program
2023-07-16 13:47:09 +03:00
program_stack_traces()
2014-11-14 05:31:03 +03:00
{
2023-07-16 13:47:09 +03:00
_prog="$1"
_max="${2:-1}"
_count=1
for _pid in $(pidof "$_prog"); do
[ "$_count" -le "$_max" ] || break
# Do this first to avoid racing with process exit
_stack=$(get_proc "${_pid}/stack" 2>/dev/null)
if [ -n "$_stack" ]; then
echo "Stack trace for ${_prog}[${_pid}]:"
echo "$_stack"
_count=$((_count + 1))
fi
done
2013-08-02 10:05:46 +04:00
}
2013-04-29 21:45:21 +04:00
######################################################
# Ensure $service_name is set
2023-07-16 13:47:09 +03:00
assert_service_name()
2013-04-29 21:45:21 +04:00
{
2018-02-06 03:25:56 +03:00
# service_name is set by the event script
# shellcheck disable=SC2154
[ -n "$service_name" ] || die "INTERNAL ERROR: \$service_name not set"
2013-04-29 21:45:21 +04:00
}
2007-06-06 06:08:42 +04:00
######################################################
# check a set of directories is available
2009-10-12 09:32:49 +04:00
# return 1 on a missing directory
2013-04-29 21:48:51 +04:00
# directories are read from stdin
2007-06-06 06:08:42 +04:00
######################################################
2013-04-29 21:48:51 +04:00
ctdb_check_directories_probe()
{
2023-07-16 13:49:57 +03:00
while IFS="" read -r d; do
2023-07-16 13:47:09 +03:00
case "$d" in
*%*)
continue
;;
*)
[ -d "${d}/." ] || return 1
;;
esac
done
2008-07-23 09:35:46 +04:00
}
######################################################
# check a set of directories is available
2013-04-29 21:48:51 +04:00
# directories are read from stdin
2008-07-23 09:35:46 +04:00
######################################################
2013-04-29 21:48:51 +04:00
ctdb_check_directories()
{
2023-07-16 13:47:09 +03:00
ctdb_check_directories_probe || {
echo "ERROR: $service_name directory \"$d\" not available"
exit 1
}
2007-06-06 06:08:42 +04:00
}
######################################################
# check a set of tcp ports
2009-11-20 08:45:36 +03:00
# usage: ctdb_check_tcp_ports <ports...>
2007-06-06 06:08:42 +04:00
######################################################
2011-08-05 10:39:57 +04:00
2013-10-17 08:23:35 +04:00
# Check whether something is listening on all of the given TCP ports
# using the "ctdb checktcpport" command.
2011-07-05 05:32:06 +04:00
ctdb_check_tcp_ports()
{
2023-07-16 13:47:09 +03:00
if [ -z "$1" ]; then
2016-12-17 14:40:05 +03:00
echo "INTERNAL ERROR: ctdb_check_tcp_ports - no ports specified"
exit 1
fi
2011-08-17 08:02:45 +04:00
2023-07-16 13:47:09 +03:00
for _p; do # process each function argument (port)
2016-12-17 14:40:05 +03:00
_cmd="$CTDB checktcpport $_p"
_out=$($_cmd 2>&1)
_ret=$?
case "$_ret" in
0)
echo "$service_name not listening on TCP port $_p"
return 1
;;
98)
# Couldn't bind, something already listening, next port
continue
;;
*)
echo "unexpected error (${_ret}) running \"${_cmd}\""
2023-07-16 13:47:09 +03:00
if [ -n "$_out" ]; then
2016-12-17 14:40:05 +03:00
echo "$_out"
fi
return $_ret
;;
esac
done
# All ports listening
return 0
2011-08-17 08:02:45 +04:00
}
2009-05-19 02:47:19 +04:00
######################################################
# check a unix socket
2017-03-18 13:53:06 +03:00
# usage: ctdb_check_unix_socket SOCKPATH
2009-05-19 02:47:19 +04:00
######################################################
2017-03-18 13:53:06 +03:00
ctdb_check_unix_socket()
{
_sockpath="$1"
2009-05-19 02:47:19 +04:00
2023-07-16 13:47:09 +03:00
if [ -z "$_sockpath" ]; then
2017-03-18 13:53:06 +03:00
echo "ERROR: ctdb_check_unix_socket() requires socket path"
return 1
fi
2024-09-16 05:26:53 +03:00
_out=$(ss -l -xH "src ${_sockpath}")
2023-07-16 13:47:09 +03:00
if [ -z "$_out" ]; then
2017-03-18 13:53:06 +03:00
echo "ERROR: ${service_name} not listening on ${_sockpath}"
return 1
fi
2009-05-19 02:47:19 +04:00
}
2007-10-11 01:27:38 +04:00
################################################
# kill off any TCP connections with the given IP
################################################
2023-08-25 03:00:57 +03:00
kill_tcp_summarise()
{
_mode="$1"
_count="$2"
ctdb-scripts: Add configuration variable CTDB_KILLTCP_USE_SS_KILL
This allows CTDB to be configured to use "ss -K" to reset TCP
connections on "releaseip". This is only supported when the kernel is
configured with CONFIG_INET_DIAG_DESTROY enabled.
From the documentation:
ss -K has been supported in ss since iproute 4.5 in March 2016 and
in the Linux kernel since 4.4 in December 2015. However, the
required kernel configuration item CONFIG_INET_DIAG_DESTROY is
disabled by default. Although enabled in Debian kernels since
~2017 and in Ubuntu since at least 18.04,, this has only recently
been enabled in distributions such as RHEL. There seems to be no
way, including running ss -K, to determine if this is supported, so
use of this feature needs to be configurable. When available, it
should be the fastest, most reliable way of killing connections.
For RHEL and derivatives, this was enabled as follows:
* RHEL 8 via https://bugzilla.redhat.com/show_bug.cgi?id=2230213,
arriving in version kernel-4.18.0-513.5.1.el8_9
* RHEL 9 via https://issues.redhat.com/browse/RHEL-212, arriving in
kernel-5.14.0-360.el9
Enabling this option results in a small behaviour change because ss -K
always does a 2-way kill (i.e. it also sends a RST to the client).
Only a 1-way kill is done for SMB connections when ctdb_killtcp is
used - the reasons for this are shrouded in history and the 2-way kill
seems to work fine.
For the summary that is logged, when CTDB_KILLTCP_USE_SS_KILL is "yes"
or "try", always log the method used, even the fallback to
ctdb_killtcp. However, when set to "no", maintain the existing
output.
The decision to use -K rather than --kill is because short options are
trivial to implement in test stubs.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jerry Heyman <jheyman@ddn.com>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Nov 7 00:12:34 UTC 2024 on atb-devel-224
2023-08-22 05:13:44 +03:00
_method="$3"
2023-08-25 03:00:57 +03:00
_connections=$(get_tcp_connections_for_ip "$_ip")
if [ -z "$_connections" ]; then
_remaining=0
else
_remaining=$(echo "$_connections" | wc -l)
fi
case "$_mode" in
total)
_total="$_count"
_killed=$((_total - _remaining))
;;
killed)
_killed="$_count"
_total=$((_killed + _remaining))
;;
esac
_t="${_killed}/${_total}"
ctdb-scripts: Add configuration variable CTDB_KILLTCP_USE_SS_KILL
This allows CTDB to be configured to use "ss -K" to reset TCP
connections on "releaseip". This is only supported when the kernel is
configured with CONFIG_INET_DIAG_DESTROY enabled.
From the documentation:
ss -K has been supported in ss since iproute 4.5 in March 2016 and
in the Linux kernel since 4.4 in December 2015. However, the
required kernel configuration item CONFIG_INET_DIAG_DESTROY is
disabled by default. Although enabled in Debian kernels since
~2017 and in Ubuntu since at least 18.04,, this has only recently
been enabled in distributions such as RHEL. There seems to be no
way, including running ss -K, to determine if this is supported, so
use of this feature needs to be configurable. When available, it
should be the fastest, most reliable way of killing connections.
For RHEL and derivatives, this was enabled as follows:
* RHEL 8 via https://bugzilla.redhat.com/show_bug.cgi?id=2230213,
arriving in version kernel-4.18.0-513.5.1.el8_9
* RHEL 9 via https://issues.redhat.com/browse/RHEL-212, arriving in
kernel-5.14.0-360.el9
Enabling this option results in a small behaviour change because ss -K
always does a 2-way kill (i.e. it also sends a RST to the client).
Only a 1-way kill is done for SMB connections when ctdb_killtcp is
used - the reasons for this are shrouded in history and the 2-way kill
seems to work fine.
For the summary that is logged, when CTDB_KILLTCP_USE_SS_KILL is "yes"
or "try", always log the method used, even the fallback to
ctdb_killtcp. However, when set to "no", maintain the existing
output.
The decision to use -K rather than --kill is because short options are
trivial to implement in test stubs.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jerry Heyman <jheyman@ddn.com>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Nov 7 00:12:34 UTC 2024 on atb-devel-224
2023-08-22 05:13:44 +03:00
_m=""
if [ -n "$_method" ]; then
_m=", using ${_method}"
fi
echo "Killed ${_t} TCP connections to released IP ${_ip}${_m}"
2023-08-25 03:00:57 +03:00
if [ -n "$_connections" ]; then
echo "Remaining connections:"
echo "$_connections" | sed -e 's|^| |'
fi
}
2023-07-16 13:47:09 +03:00
kill_tcp_connections()
2013-05-06 10:23:25 +04:00
{
2023-07-16 13:47:09 +03:00
_iface="$1"
_ip="$2"
2013-04-30 00:19:18 +04:00
2023-07-16 13:47:09 +03:00
_oneway=false
if [ "$3" = "oneway" ]; then
_oneway=true
fi
2013-04-30 00:19:18 +04:00
ctdb-scripts: Add configuration variable CTDB_KILLTCP_USE_SS_KILL
This allows CTDB to be configured to use "ss -K" to reset TCP
connections on "releaseip". This is only supported when the kernel is
configured with CONFIG_INET_DIAG_DESTROY enabled.
From the documentation:
ss -K has been supported in ss since iproute 4.5 in March 2016 and
in the Linux kernel since 4.4 in December 2015. However, the
required kernel configuration item CONFIG_INET_DIAG_DESTROY is
disabled by default. Although enabled in Debian kernels since
~2017 and in Ubuntu since at least 18.04,, this has only recently
been enabled in distributions such as RHEL. There seems to be no
way, including running ss -K, to determine if this is supported, so
use of this feature needs to be configurable. When available, it
should be the fastest, most reliable way of killing connections.
For RHEL and derivatives, this was enabled as follows:
* RHEL 8 via https://bugzilla.redhat.com/show_bug.cgi?id=2230213,
arriving in version kernel-4.18.0-513.5.1.el8_9
* RHEL 9 via https://issues.redhat.com/browse/RHEL-212, arriving in
kernel-5.14.0-360.el9
Enabling this option results in a small behaviour change because ss -K
always does a 2-way kill (i.e. it also sends a RST to the client).
Only a 1-way kill is done for SMB connections when ctdb_killtcp is
used - the reasons for this are shrouded in history and the 2-way kill
seems to work fine.
For the summary that is logged, when CTDB_KILLTCP_USE_SS_KILL is "yes"
or "try", always log the method used, even the fallback to
ctdb_killtcp. However, when set to "no", maintain the existing
output.
The decision to use -K rather than --kill is because short options are
trivial to implement in test stubs.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jerry Heyman <jheyman@ddn.com>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Nov 7 00:12:34 UTC 2024 on atb-devel-224
2023-08-22 05:13:44 +03:00
case "$CTDB_KILLTCP_USE_SS_KILL" in
yes | try)
_killcount=$(ss -K -tnH state established src "$_ip" | wc -l)
kill_tcp_summarise "killed" "$_killcount" "ss -K"
if [ "$CTDB_KILLTCP_USE_SS_KILL" = "yes" ]; then
return
fi
;;
esac
2023-07-16 13:47:09 +03:00
get_tcp_connections_for_ip "$_ip" | {
_killcount=0
_connections=""
_nl="
2013-07-25 07:40:43 +04:00
"
2023-07-16 13:49:57 +03:00
while read -r _dst _src; do
2023-07-16 13:47:09 +03:00
_destport="${_dst##*:}"
__oneway=$_oneway
case $_destport in
# we only do one-way killtcp for CIFS
139 | 445) __oneway=true ;;
esac
_connections="${_connections}${_nl}${_src} ${_dst}"
if ! $__oneway; then
_connections="${_connections}${_nl}${_dst} ${_src}"
fi
2013-04-30 00:25:26 +04:00
2023-07-16 13:47:09 +03:00
_killcount=$((_killcount + 1))
done
2013-04-30 05:39:46 +04:00
2023-07-16 13:47:09 +03:00
if [ $_killcount -eq 0 ]; then
return
fi
2013-07-25 07:40:43 +04:00
2023-07-16 13:47:09 +03:00
if [ -n "$CTDB_KILLTCP_DEBUGLEVEL" ]; then
_debuglevel="$CTDB_KILLTCP_DEBUGLEVEL"
else
_debuglevel="$CTDB_DEBUGLEVEL"
fi
echo "$_connections" |
CTDB_DEBUGLEVEL="$_debuglevel" \
"${CTDB_HELPER_BINDIR}/ctdb_killtcp" "$_iface" || {
echo "Failed to kill TCP connections"
return
}
2013-04-30 05:39:46 +04:00
ctdb-scripts: Add configuration variable CTDB_KILLTCP_USE_SS_KILL
This allows CTDB to be configured to use "ss -K" to reset TCP
connections on "releaseip". This is only supported when the kernel is
configured with CONFIG_INET_DIAG_DESTROY enabled.
From the documentation:
ss -K has been supported in ss since iproute 4.5 in March 2016 and
in the Linux kernel since 4.4 in December 2015. However, the
required kernel configuration item CONFIG_INET_DIAG_DESTROY is
disabled by default. Although enabled in Debian kernels since
~2017 and in Ubuntu since at least 18.04,, this has only recently
been enabled in distributions such as RHEL. There seems to be no
way, including running ss -K, to determine if this is supported, so
use of this feature needs to be configurable. When available, it
should be the fastest, most reliable way of killing connections.
For RHEL and derivatives, this was enabled as follows:
* RHEL 8 via https://bugzilla.redhat.com/show_bug.cgi?id=2230213,
arriving in version kernel-4.18.0-513.5.1.el8_9
* RHEL 9 via https://issues.redhat.com/browse/RHEL-212, arriving in
kernel-5.14.0-360.el9
Enabling this option results in a small behaviour change because ss -K
always does a 2-way kill (i.e. it also sends a RST to the client).
Only a 1-way kill is done for SMB connections when ctdb_killtcp is
used - the reasons for this are shrouded in history and the 2-way kill
seems to work fine.
For the summary that is logged, when CTDB_KILLTCP_USE_SS_KILL is "yes"
or "try", always log the method used, even the fallback to
ctdb_killtcp. However, when set to "no", maintain the existing
output.
The decision to use -K rather than --kill is because short options are
trivial to implement in test stubs.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jerry Heyman <jheyman@ddn.com>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Nov 7 00:12:34 UTC 2024 on atb-devel-224
2023-08-22 05:13:44 +03:00
_method=""
if [ "$CTDB_KILLTCP_USE_SS_KILL" = "try" ]; then
_method="ctdb_killtcp"
fi
kill_tcp_summarise "total" "$_killcount" "$_method"
2023-07-16 13:47:09 +03:00
}
2009-03-24 06:05:31 +03:00
}
##################################################################
# kill off the local end for any TCP connections with the given IP
##################################################################
2023-07-16 13:47:09 +03:00
kill_tcp_connections_local_only()
2013-04-30 00:19:18 +04:00
{
2023-07-16 13:47:09 +03:00
kill_tcp_connections "$@" "oneway"
2007-10-11 01:27:38 +04:00
}
2009-12-18 11:43:20 +03:00
##################################################################
# tickle any TCP connections with the given IP
##################################################################
2023-07-16 13:47:09 +03:00
tickle_tcp_connections()
2013-05-06 10:23:25 +04:00
{
2023-07-16 13:47:09 +03:00
_ip="$1"
2009-12-18 11:43:20 +03:00
2023-07-16 13:47:09 +03:00
# Get connections, both directions
_conns=$(get_tcp_connections_for_ip "$_ip" |
awk '{ print $1, $2 ; print $2, $1 }')
2013-04-30 00:25:26 +04:00
2023-07-16 13:47:09 +03:00
echo "$_conns" | awk '{ print "Tickle TCP connection", $1, $2 }'
echo "$_conns" | ctdb tickle
2009-12-18 11:43:20 +03:00
}
2023-07-16 13:47:09 +03:00
get_tcp_connections_for_ip()
2013-04-30 00:25:26 +04:00
{
2023-07-16 13:47:09 +03:00
_ip="$1"
2013-04-30 00:25:26 +04:00
2024-09-16 05:26:53 +03:00
ss -tnH state established "src [$_ip]" | awk '{print $3, $4}'
2013-04-30 00:25:26 +04:00
}
2014-01-28 07:41:25 +04:00
########################################################
2023-07-16 13:47:09 +03:00
add_ip_to_iface()
{
_iface=$1
_ip=$2
_maskbits=$3
# Ensure interface is up
ip link set "$_iface" up ||
die "Failed to bringup interface $_iface"
# Only need to define broadcast for IPv4
case "$_ip" in
*:*) _bcast="" ;;
*) _bcast="brd +" ;;
esac
2014-11-21 09:33:21 +03:00
2023-07-16 13:47:09 +03:00
# Intentionally unquoted multi-word value here
# shellcheck disable=SC2086
ip addr add "$_ip/$_maskbits" $_bcast dev "$_iface" || {
2014-11-21 09:33:21 +03:00
echo "Failed to add $_ip/$_maskbits on dev $_iface"
return 1
2023-07-16 13:47:09 +03:00
}
# Wait 5 seconds for IPv6 addresses to stop being tentative...
if [ -z "$_bcast" ]; then
for _x in $(seq 1 10); do
ip addr show to "${_ip}/128" | grep -q "tentative" || break
sleep 0.5
done
# If the address was a duplicate then it won't be on the
# interface so flag an error.
_t=$(ip addr show to "${_ip}/128")
case "$_t" in
"")
echo "Failed to add $_ip/$_maskbits on dev $_iface"
return 1
;;
*tentative* | *dadfailed*)
echo "Failed to add $_ip/$_maskbits on dev $_iface"
ip addr del "$_ip/$_maskbits" dev "$_iface"
return 1
;;
esac
fi
2010-01-20 13:10:48 +03:00
}
delete_ip_from_iface()
{
2023-07-16 13:47:09 +03:00
_iface=$1
_ip=$2
_maskbits=$3
# This could be set globally for all interfaces but it is probably
# better to avoid surprises, so limit it the interfaces where CTDB
# has public IP addresses. There isn't anywhere else convenient
# to do this so just set it each time. This is much cheaper than
# remembering and re-adding secondaries.
set_proc "sys/net/ipv4/conf/${_iface}/promote_secondaries" 1
ip addr del "$_ip/$_maskbits" dev "$_iface" || {
echo "Failed to del $_ip on dev $_iface"
return 1
}
2010-02-12 11:48:01 +03:00
}
2014-12-19 06:19:32 +03:00
# If the given IP is hosted then print 2 items: maskbits and iface
2023-07-16 13:47:09 +03:00
ip_maskbits_iface()
2013-01-04 04:23:29 +04:00
{
2023-07-16 13:47:09 +03:00
_addr="$1"
2013-01-04 04:23:29 +04:00
2023-07-16 13:47:09 +03:00
case "$_addr" in
2016-05-13 18:06:38 +03:00
*:*) _bits=128 ;;
2023-07-16 13:47:09 +03:00
*) _bits=32 ;;
esac
ip addr show to "${_addr}/${_bits}" 2>/dev/null |
awk 'NR == 1 { iface = $2; sub(":$", "", iface) ;
2016-07-06 13:09:07 +03:00
sub("@.*", "", iface) }
$1 ~ /inet/ { mask = $2; sub(".*/", "", mask);
2016-05-13 18:06:38 +03:00
print mask, iface }'
2013-01-04 04:23:29 +04:00
}
2023-07-16 13:47:09 +03:00
drop_ip()
2013-01-04 04:23:29 +04:00
{
2023-07-16 13:47:09 +03:00
_addr="${1%/*}" # Remove optional maskbits
# Intentional word splitting here
# shellcheck disable=SC2046
set -- $(ip_maskbits_iface "$_addr")
if [ -n "$1" ]; then
_maskbits="$1"
_iface="$2"
echo "Removing public address $_addr/$_maskbits from device $_iface"
delete_ip_from_iface "$_iface" "$_addr" "$_maskbits" >/dev/null 2>&1
fi
2013-01-04 04:23:29 +04:00
}
2024-01-30 12:25:37 +03:00
have_public_addresses()
{
[ -f "${CTDB_BASE}/public_addresses" ]
}
# This sets $public_ifaces as a side-effect.
get_public_ifaces()
{
# Get all the interfaces listed in the public_addresses file
public_ifaces=$(sed -e '/^#.*/d' \
-e 's/^[^\t ]*[\t ]*//' \
-e 's/,/ /g' \
-e 's/[\t ]*$//' "${CTDB_BASE}/public_addresses")
# Get the interfaces for which CTDB has public IPs configured.
# That is, for all but the 1st line, get the 1st field.
ctdb_ifaces=$($CTDB -X ifaces | sed -e '1d' -e 's@^|@@' -e 's@|.*@@')
# Add $ctdb_ifaces and make $public_ifaces unique
# Use word splitting to squash whitespace
# shellcheck disable=SC2086
public_ifaces=$(echo $public_ifaces $ctdb_ifaces | tr ' ' '\n' | sort -u)
}
2023-07-16 13:47:09 +03:00
drop_all_public_ips()
2013-01-04 04:23:29 +04:00
{
2016-07-06 10:16:44 +03:00
# _x is intentionally ignored
# shellcheck disable=SC2034
2023-07-16 13:49:57 +03:00
while read -r _ip _x; do
2021-09-08 17:53:12 +03:00
case "$_ip" in
\#*) continue ;;
esac
2016-07-06 10:16:44 +03:00
drop_ip "$_ip"
2018-03-08 07:11:51 +03:00
done <"${CTDB_BASE}/public_addresses"
2013-01-03 08:07:07 +04:00
}
2023-07-16 13:47:09 +03:00
flush_route_cache()
2014-11-21 06:46:00 +03:00
{
2023-07-16 13:47:09 +03:00
set_proc_maybe sys/net/ipv4/route/flush 1
set_proc_maybe sys/net/ipv6/route/flush 1
2014-11-21 06:46:00 +03:00
}
2015-12-18 07:43:33 +03:00
########################################################
# Interface monitoring
# If the interface is a virtual one (e.g. VLAN) then get the
# underlying interface
2023-07-16 13:47:09 +03:00
interface_get_real()
2015-12-18 07:43:33 +03:00
{
2022-08-17 04:38:44 +03:00
_iface="$1"
# If $_iface is a VLAN (i.e. contains an '@') then strip every
# before the '@', otherwise print the whole interface
echo "${_iface##*@}"
2015-12-18 07:43:33 +03:00
}
# Check whether an interface is operational
2023-07-16 13:47:09 +03:00
interface_monitor()
2015-12-18 07:43:33 +03:00
{
2023-07-16 13:47:09 +03:00
_iface="$1"
2015-12-18 07:43:33 +03:00
2023-07-16 13:47:09 +03:00
_iface_info=$(ip -br link show "$_iface" 2>&1) || {
echo "ERROR: Monitored interface ${_iface} does not exist"
2015-12-18 07:43:33 +03:00
return 1
}
2023-07-16 13:47:09 +03:00
# If the interface is a virtual one (e.g. VLAN) then get the
# underlying interface.
_realiface=$(interface_get_real "${_iface_info%% *}")
if _bi=$(get_proc "net/bonding/${_realiface}" 2>/dev/null); then
# This is a bond: various monitoring strategies
echo "$_bi" | grep -q 'Currently Active Slave: None' && {
echo "ERROR: No active slaves for bond device ${_realiface}"
return 1
}
echo "$_bi" | grep -q '^MII Status: up' || {
echo "ERROR: public network interface ${_realiface} is down"
2015-12-18 07:43:33 +03:00
return 1
}
2023-07-16 13:47:09 +03:00
echo "$_bi" | grep -q '^Bonding Mode: IEEE 802.3ad Dynamic link aggregation' && {
# This works around a bug in the driver where the
# overall bond status can be up but none of the actual
# physical interfaces have a link.
echo "$_bi" | grep 'MII Status:' | tail -n +2 | grep -q '^MII Status: up' || {
echo "ERROR: No active slaves for 802.ad bond device ${_realiface}"
return 1
}
}
2015-12-18 07:43:33 +03:00
return 0
2023-07-16 13:47:09 +03:00
else
# Not a bond
case "$_iface" in
lo*)
# loopback is always working
return 0
;;
ib*)
# we don't know how to test ib links
return 0
;;
*)
ethtool "$_iface" | grep -q 'Link detected: yes' || {
# On some systems, this is not successful when a
# cable is plugged but the interface has not been
# brought up previously. Bring the interface up
# and try again...
ip link set "$_iface" up
ethtool "$_iface" | grep -q 'Link detected: yes' || {
echo "ERROR: No link on the public network interface ${_iface}"
return 1
}
}
return 0
;;
esac
fi
2015-12-18 07:43:33 +03:00
}
2009-09-30 15:05:16 +04:00
########################################################
2013-08-02 09:18:47 +04:00
# Simple counters
2023-07-16 13:47:09 +03:00
_ctdb_counter_common()
2018-02-06 05:51:23 +03:00
{
[ $# -le 1 ] || die "usage: _ctdb_counter_common [name]"
2023-07-16 13:47:09 +03:00
if [ $# -eq 1 ]; then
2018-02-06 05:51:23 +03:00
_counter_name="${1}.failcount"
else
_counter_name="failcount"
fi
2023-07-16 13:47:09 +03:00
if [ -z "$script_state_dir" ]; then
2018-02-06 05:51:23 +03:00
die "ctdb_counter_* functions need ctdb_setup_state_dir()"
fi
_counter_file="${script_state_dir}/${_counter_name}"
2009-09-30 15:05:16 +04:00
}
2016-07-06 13:25:57 +03:00
# Some code passes an argument
# shellcheck disable=SC2120
2023-07-16 13:47:09 +03:00
ctdb_counter_init()
{
_ctdb_counter_common "$1"
2009-09-30 15:05:16 +04:00
2023-07-16 13:47:09 +03:00
: >"$_counter_file"
2009-09-30 15:05:16 +04:00
}
2023-07-16 13:47:09 +03:00
ctdb_counter_incr()
{
_ctdb_counter_common "$1"
2009-09-30 15:05:16 +04:00
2023-07-16 13:47:09 +03:00
# unary counting using newlines!
echo >>"$_counter_file"
2009-09-30 15:05:16 +04:00
}
2023-07-16 13:47:09 +03:00
ctdb_counter_get()
{
_ctdb_counter_common "$1"
# unary counting!
2023-03-15 09:56:40 +03:00
_val=$(wc -c 2>/dev/null <"$_counter_file" || echo 0)
2023-07-16 13:47:09 +03:00
# Strip leading spaces from output of wc (on freebsd)
# shellcheck disable=SC2086
echo $_val
2015-07-11 04:02:54 +03:00
}
2024-06-29 05:25:59 +03:00
ctdb_counter_exists()
{
_ctdb_counter_common "$1"
[ -e "$_counter_file" ]
}
2010-11-17 05:50:56 +03:00
2023-03-03 09:49:05 +03:00
#
# Fail counter/threshold combination to control warnings and node unhealthy
#
_failcount_validate_threshold()
{
case "$1" in
"") return 1 ;; # A failure that doesn't need a warning
*)
if echo "$1" | grep -qx '[0-9]*'; then
return 0
fi
echo "WARNING: ${1} is an invalid threshold in \"${2}\" check"
return 1
;;
esac
}
_failcount_common()
{
_thing="$1"
_counter=$(echo "$_thing" | sed -e 's@/@_SLASH_@g' -e 's@ @_@g')
}
failcount_init()
{
_thing="$1"
_failcount_common "$_thing"
ctdb_counter_init "$_counter"
}
failcount_reset()
{
_thing="$1"
_failcount_common "$_thing"
_failcount=$(ctdb_counter_get "$_counter")
if [ "$_failcount" -eq 0 ]; then
return
fi
printf 'NOTICE: %s: no longer failing\n' "$_thing"
ctdb_counter_init "$_counter"
}
failcount_incr()
{
_thing="$1"
_thresholds="$2"
_output="$3"
_failcount_common "$_thing"
ctdb_counter_incr "$_counter"
_failcount=$(ctdb_counter_get "$_counter")
case "$_thresholds" in
*:*)
_warn_threshold="${_thresholds%:*}"
_unhealthy_threshold="${_thresholds#*:}"
;;
"")
_warn_threshold=1
_unhealthy_threshold=""
;;
*)
_warn_threshold="$_thresholds"
_unhealthy_threshold=""
;;
esac
if _failcount_validate_threshold "$_unhealthy_threshold" "$_thing"; then
if [ "$_failcount" -ge "$_unhealthy_threshold" ]; then
printf 'ERROR: %s: fail count %d >= threshold %d\n' \
"$_thing" \
"$_failcount" \
"$_unhealthy_threshold"
# Only print output when exceeding the
# unhealthy threshold
if [ "$_failcount" -eq "$_unhealthy_threshold" ] && \
[ -n "$_output" ]; then
echo "$_output"
fi
exit 1
fi
fi
if _failcount_validate_threshold "$_warn_threshold" "$_thing"; then
if [ "$_failcount" -lt "$_warn_threshold" ]; then
return 0
fi
fi
printf 'WARNING: %s: fail count %d >= threshold %d\n' \
"$_thing" \
"$_failcount" \
"$_warn_threshold"
if [ "$_failcount" -eq "$_warn_threshold" ] && [ -n "$_output" ]; then
# Only print output when exceeding the warning threshold
echo "$_output"
fi
}
2009-11-13 10:28:25 +03:00
########################################################
2018-02-06 05:49:46 +03:00
# ctdb_setup_state_dir <type> <name>
# Sets/creates script_state_dir)
2023-07-16 13:47:09 +03:00
ctdb_setup_state_dir()
2018-02-06 05:49:46 +03:00
{
[ $# -eq 2 ] || die "usage: ctdb_setup_state_dir <type> <name>"
_type="$1"
_name="$2"
script_state_dir="${CTDB_SCRIPT_VARDIR}/${_type}/${_name}"
2023-07-16 13:47:09 +03:00
mkdir -p "$script_state_dir" ||
2018-02-06 05:49:46 +03:00
die "Error creating script state dir \"${script_state_dir}\""
}
2010-12-15 11:19:21 +03:00
##################################################################
# Reconfigure a service on demand
2023-07-16 13:47:09 +03:00
_ctdb_service_reconfigure_common()
2010-12-15 11:19:21 +03:00
{
2023-07-16 13:47:09 +03:00
if [ -z "$script_state_dir" ]; then
2018-02-06 05:50:47 +03:00
die "ctdb_service_*_reconfigure() needs ctdb_setup_state_dir()"
fi
_ctdb_service_reconfigure_flag="${script_state_dir}/need_reconfigure"
2010-12-15 11:19:21 +03:00
}
2023-07-16 13:47:09 +03:00
ctdb_service_needs_reconfigure()
2009-11-13 10:28:25 +03:00
{
2023-07-16 13:47:09 +03:00
_ctdb_service_reconfigure_common
[ -e "$_ctdb_service_reconfigure_flag" ]
2009-09-30 15:05:16 +04:00
}
2009-11-13 10:28:25 +03:00
2023-07-16 13:47:09 +03:00
ctdb_service_set_reconfigure()
2009-11-13 10:28:25 +03:00
{
2023-07-16 13:47:09 +03:00
_ctdb_service_reconfigure_common
: >"$_ctdb_service_reconfigure_flag"
2009-11-13 10:28:25 +03:00
}
2023-07-16 13:47:09 +03:00
ctdb_service_unset_reconfigure()
2009-11-13 10:28:25 +03:00
{
2023-07-16 13:47:09 +03:00
_ctdb_service_reconfigure_common
rm -f "$_ctdb_service_reconfigure_flag"
2009-11-13 10:28:25 +03:00
}
2023-07-16 13:47:09 +03:00
ctdb_service_reconfigure()
2009-11-13 10:28:25 +03:00
{
2023-07-16 13:47:09 +03:00
echo "Reconfiguring service \"${service_name}\"..."
ctdb_service_unset_reconfigure
service_reconfigure || return $?
# Intentionally have this use $service_name as default
# shellcheck disable=SC2119
ctdb_counter_init
2010-12-15 11:19:21 +03:00
}
2012-12-04 08:00:44 +04:00
# Default service_reconfigure() function does nothing.
2023-07-16 13:47:09 +03:00
service_reconfigure()
2010-12-15 11:19:21 +03:00
{
2023-07-16 13:47:09 +03:00
:
2010-12-15 11:19:21 +03:00
}
2011-08-11 03:39:25 +04:00
# Default service_start() and service_stop() functions.
2018-03-22 07:52:05 +03:00
2014-02-14 09:59:08 +04:00
# These may be overridden in an eventscript.
2023-07-16 13:47:09 +03:00
service_start()
2011-08-11 03:39:25 +04:00
{
2023-07-16 13:47:09 +03:00
service "$service_name" start
2011-08-11 03:39:25 +04:00
}
2023-07-16 13:47:09 +03:00
service_stop()
2011-08-11 03:39:25 +04:00
{
2023-07-16 13:47:09 +03:00
service "$service_name" stop
2009-11-13 10:28:25 +03:00
}
2011-08-11 03:39:25 +04:00
##################################################################
2016-07-11 08:04:16 +03:00
# This exists only for backward compatibility with 3rd party scripts
# that call it
2023-07-16 13:47:09 +03:00
ctdb_standard_event_handler()
2009-12-01 09:43:47 +03:00
{
2023-07-16 13:47:09 +03:00
:
2009-12-01 09:43:47 +03:00
}
2023-07-16 13:47:09 +03:00
iptables_wrapper()
2014-11-21 06:39:43 +03:00
{
2023-07-16 13:47:09 +03:00
_family="$1"
shift
if [ "$_family" = "inet6" ]; then
_iptables_cmd="ip6tables"
else
_iptables_cmd="iptables"
fi
2014-12-30 08:04:00 +03:00
2023-07-16 13:47:09 +03:00
# iptables doesn't like being re-entered, so flock-wrap it.
flock -w 30 "${CTDB_SCRIPT_VARDIR}/iptables.flock" "$_iptables_cmd" "$@"
2014-11-21 06:39:43 +03:00
}
2010-07-12 09:41:42 +04:00
2013-05-25 13:57:24 +04:00
# AIX (and perhaps others?) doesn't have mktemp
2016-07-06 13:43:29 +03:00
# type is commonly supported and more portable than which(1)
# shellcheck disable=SC2039
2023-07-16 13:47:09 +03:00
if ! type mktemp >/dev/null 2>&1; then
mktemp()
{
_dir=false
if [ "$1" = "-d" ]; then
_dir=true
shift
fi
_d="${TMPDIR:-/tmp}"
_hex10=$(dd if=/dev/urandom count=20 2>/dev/null |
cksum |
awk '{print $1}')
_t="${_d}/tmp.${_hex10}"
(
umask 077
if $_dir; then
mkdir "$_t"
else
: >"$_t"
fi
)
echo "$_t"
}
2013-05-25 13:57:24 +04:00
fi
2016-06-06 06:56:55 +03:00
######################################################################
# NFS callout handling
2023-07-16 13:47:09 +03:00
nfs_callout_init()
2016-06-06 06:56:55 +03:00
{
2016-07-06 10:41:55 +03:00
_state_dir="$1"
2023-07-16 13:47:09 +03:00
if [ -z "$CTDB_NFS_CALLOUT" ]; then
2016-06-06 06:56:55 +03:00
CTDB_NFS_CALLOUT="${CTDB_BASE}/nfs-linux-kernel-callout"
fi
# Always export, for statd callout
export CTDB_NFS_CALLOUT
# If the callout wants to use this then it must create it
2016-07-06 10:41:55 +03:00
export CTDB_NFS_CALLOUT_STATE_DIR="${_state_dir}/callout-state"
2016-06-06 06:56:55 +03:00
# Export, if set, for use by clustered NFS callouts
2023-07-16 13:47:09 +03:00
if [ -n "$CTDB_NFS_STATE_FS_TYPE" ]; then
2016-06-06 06:56:55 +03:00
export CTDB_NFS_STATE_FS_TYPE
fi
2023-07-16 13:47:09 +03:00
if [ -n "$CTDB_NFS_STATE_MNT" ]; then
2016-06-06 06:56:55 +03:00
export CTDB_NFS_STATE_MNT
fi
2024-03-27 06:24:09 +03:00
if [ -n "$CTDB_NFS_EXPORTS_FILE" ]; then
export CTDB_NFS_EXPORTS_FILE
fi
2016-06-06 06:56:55 +03:00
2016-07-06 10:41:55 +03:00
nfs_callout_cache="${_state_dir}/nfs_callout_cache"
2016-06-06 06:56:55 +03:00
nfs_callout_cache_callout="${nfs_callout_cache}/CTDB_NFS_CALLOUT"
nfs_callout_cache_ops="${nfs_callout_cache}/ops"
}
2023-07-16 13:47:09 +03:00
nfs_callout_register()
2016-06-06 06:56:55 +03:00
{
2023-07-16 13:47:09 +03:00
mkdir -p "$nfs_callout_cache_ops"
rm -f "$nfs_callout_cache_ops"/*
2016-06-06 06:56:55 +03:00
2023-07-16 13:47:09 +03:00
echo "$CTDB_NFS_CALLOUT" >"$nfs_callout_cache_callout"
2016-06-06 06:56:55 +03:00
2023-07-16 13:47:09 +03:00
_t=$("$CTDB_NFS_CALLOUT" "register")
if [ -n "$_t" ]; then
echo "$_t" |
2023-07-16 13:49:57 +03:00
while IFS="" read -r _op; do
2023-07-16 13:47:09 +03:00
touch "${nfs_callout_cache_ops}/${_op}"
done
else
touch "${nfs_callout_cache_ops}/ALL"
fi
2016-06-06 06:56:55 +03:00
}
2023-07-16 13:47:09 +03:00
nfs_callout()
2016-06-06 06:56:55 +03:00
{
2023-07-16 13:47:09 +03:00
# Re-run registration if $CTDB_NFS_CALLOUT has changed
_prev=""
if [ -r "$nfs_callout_cache_callout" ]; then
2023-07-16 13:49:57 +03:00
read -r _prev <"$nfs_callout_cache_callout"
2023-07-16 13:47:09 +03:00
fi
if [ "$CTDB_NFS_CALLOUT" != "$_prev" ]; then
nfs_callout_register
fi
2016-06-06 06:56:55 +03:00
2023-07-16 13:47:09 +03:00
# Run the operation if it is registered...
if [ -e "${nfs_callout_cache_ops}/${1}" ] ||
[ -e "${nfs_callout_cache_ops}/ALL" ]; then
"$CTDB_NFS_CALLOUT" "$@"
fi
2016-06-06 06:56:55 +03:00
}
2010-08-26 08:59:59 +04:00
########################################################
# tickle handling
########################################################
2023-07-16 13:47:09 +03:00
update_tickles()
2010-08-26 08:59:59 +04:00
{
2015-08-13 08:54:20 +03:00
tickledir="${CTDB_SCRIPT_VARDIR}/tickles"
2013-04-17 07:26:04 +04:00
mkdir -p "$tickledir"
2010-08-26 08:59:59 +04:00
2024-09-19 06:52:48 +03:00
# If not hosting any public IPs then can't have any connections...
2024-09-19 07:32:46 +03:00
if [ ! -s "$CTDB_MY_PUBLIC_IPS_CACHE" ]; then
2024-09-19 06:52:48 +03:00
return
fi
2010-08-26 08:59:59 +04:00
2023-10-23 06:17:36 +03:00
# IPs ss filter
2015-08-27 06:22:49 +03:00
_ip_filter=""
2024-09-19 07:32:46 +03:00
while read -r _ip; do
2023-07-16 13:47:09 +03:00
_ip_filter="${_ip_filter}${_ip_filter:+ || }src [${_ip}]"
2024-09-19 07:32:46 +03:00
done <"$CTDB_MY_PUBLIC_IPS_CACHE"
2010-08-26 08:59:59 +04:00
2024-09-30 03:50:00 +03:00
# Record our current tickles in a temporary file
2023-10-23 06:17:36 +03:00
_my_tickles="${tickledir}/all.tickles.$$"
2024-09-30 03:50:00 +03:00
while read -r _i; do
2023-10-23 06:17:36 +03:00
$CTDB -X gettickles "$_i" |
2024-09-30 03:50:00 +03:00
awk -F'|' 'NR > 1 { printf "%s:%s %s:%s\n", $2, $3, $4, $5 }'
done <"$CTDB_MY_PUBLIC_IPS_CACHE" |
sort >"$_my_tickles"
2015-12-10 07:03:46 +03:00
# Record connections to our public IPs in a temporary file.
# This temporary file is in CTDB's private state directory and
# $$ is used to avoid a very rare race involving CTDB's script
# debugging. No security issue, nothing to see here...
2023-10-23 06:17:36 +03:00
_my_connections="${tickledir}/all.connections.$$"
# Parentheses are needed around the IP filter for precedence but
2015-08-27 06:22:49 +03:00
# the parentheses can't be empty!
2023-10-23 06:17:36 +03:00
ss -tnH state established "${_ip_filter:+( ${_ip_filter} )}" |
2024-09-16 05:26:53 +03:00
awk '{print $4, $3}' |
2023-07-16 13:47:09 +03:00
sort >"$_my_connections"
2010-08-26 08:59:59 +04:00
# Add tickles for connections that we haven't already got tickles for
2023-07-16 13:47:09 +03:00
comm -23 "$_my_connections" "$_my_tickles" |
2015-03-23 11:37:35 +03:00
$CTDB addtickle
2010-08-26 08:59:59 +04:00
# Remove tickles for connections that are no longer there
2023-07-16 13:47:09 +03:00
comm -13 "$_my_connections" "$_my_tickles" |
2015-03-23 11:37:35 +03:00
$CTDB deltickle
2010-08-26 08:59:59 +04:00
2015-12-10 07:03:46 +03:00
rm -f "$_my_connections" "$_my_tickles"
# Remove stale files from killed scripts
2016-07-12 06:27:08 +03:00
# Files can't have spaces in name, more portable than -print0/-0
# shellcheck disable=SC2038
(cd "$tickledir" && find . -type f -mmin +10 | xargs -r rm)
2010-08-26 08:59:59 +04:00
}
2008-04-10 00:50:12 +04:00
########################################################
# load a site local config file
########################################################
2016-06-29 11:11:44 +03:00
[ -x "${CTDB_BASE}/rc.local" ] && {
. "${CTDB_BASE}/rc.local"
2008-04-10 00:50:12 +04:00
}
2008-08-20 03:47:00 +04:00
2016-06-29 11:11:44 +03:00
[ -d "${CTDB_BASE}/rc.local.d" ] && {
2023-07-16 13:47:09 +03:00
for i in "${CTDB_BASE}/rc.local.d"/*; do
2009-10-19 09:22:15 +04:00
[ -x "$i" ] && . "$i"
done
}
2023-07-16 13:47:09 +03:00
script_name="${0##*/}" # basename