From a3e007956864f5d902f7bec22a2c51d1c391a7ff Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 2 Sep 2011 16:42:10 +0200 Subject: [PATCH] Add a tunable "AllowClientDBAttach" with default value 1. When set to 0, clients will not be able to attach to databases via the db_attach control. This might can be useful for maintenance where ctdb should be kept running but clients should not be able to modify databases. (This used to be ctdb commit ddfeecda87955b4e46777599f678e6926d37f4c4) --- ctdb/include/ctdb_private.h | 1 + ctdb/server/ctdb_ltdb_server.c | 6 ++++++ ctdb/server/ctdb_tunables.c | 3 ++- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/ctdb/include/ctdb_private.h b/ctdb/include/ctdb_private.h index 6d3e91e37bf..b24efcc64a0 100644 --- a/ctdb/include/ctdb_private.h +++ b/ctdb/include/ctdb_private.h @@ -121,6 +121,7 @@ struct ctdb_tunable { uint32_t deferred_attach_timeout; uint32_t vacuum_fast_path_count; uint32_t lcp2_public_ip_assignment; + uint32_t allow_client_db_attach; }; /* diff --git a/ctdb/server/ctdb_ltdb_server.c b/ctdb/server/ctdb_ltdb_server.c index a93e2fa0c95..a0fe2c529c6 100644 --- a/ctdb/server/ctdb_ltdb_server.c +++ b/ctdb/server/ctdb_ltdb_server.c @@ -1010,6 +1010,12 @@ int32_t ctdb_control_db_attach(struct ctdb_context *ctdb, TDB_DATA indata, struct ctdb_node *node = ctdb->nodes[ctdb->pnn]; struct ctdb_client *client = NULL; + if (ctdb->tunable.allow_client_db_attach == 0) { + DEBUG(DEBUG_ERR, ("DB Attach to database %s denied by tunable " + "AllowClientDBAccess == 0\n", db_name)); + return -1; + } + /* dont allow any local clients to attach while we are in recovery mode * except for the recovery daemon. * allow all attach from the network since these are always from remote diff --git a/ctdb/server/ctdb_tunables.c b/ctdb/server/ctdb_tunables.c index 9da3cc80656..ef86051cecf 100644 --- a/ctdb/server/ctdb_tunables.c +++ b/ctdb/server/ctdb_tunables.c @@ -68,7 +68,8 @@ static const struct { { "UseStatusEvents", 0, offsetof(struct ctdb_tunable, use_status_events_for_monitoring) }, { "AllowUnhealthyDBRead", 0, offsetof(struct ctdb_tunable, allow_unhealthy_db_read) }, { "StatHistoryInterval", 1, offsetof(struct ctdb_tunable, stat_history_interval) }, - { "DeferredAttachTO", 120, offsetof(struct ctdb_tunable, deferred_attach_timeout) } + { "DeferredAttachTO", 120, offsetof(struct ctdb_tunable, deferred_attach_timeout) }, + { "AllowClientDBAttach", 1, offsetof(struct ctdb_tunable, allow_client_db_attach) } }; /*