1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Commit Graph

105 Commits

Author SHA1 Message Date
Amitay Isaacs
ef59f2e6bb ctdb-daemon: Defer all calls when processing dmaster packets
When CTDB receives DMASTER_REQUEST or DMASTER_REPLY packet, the specified
record needs to be updated as soon as possible to avoid inconsistent
dmaster information between nodes.  During this time, queue up all calls
for that record and process them only after dmaster request/reply has
been processed.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2014-09-05 07:05:10 +02:00
Amitay Isaacs
374cbc7b0f ctdb-locking: Talloc lock request from client specified context
This makes sure that when the client context is destroyed, the lock
request goes away.  If the lock requests is already scheduled, then the
lock child process will be terminated.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2014-09-05 07:05:10 +02:00
Amitay Isaacs
55fbe364b9 ctdb-daemon: Support per-node robust mutex feature
To enable TDB mutex support, set tunable TDBMutexEnabled=1.

When databases are attached for the first time, attach flags must include
TDB_MUTEX_LOCKING and TDBMutexEnabled must set to enable mutex support.

However, when CTDB attaches databases internally for recovery, it will
enable mutex support if TDBMutexEnabled is set.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Jul  9 06:45:17 CEST 2014 on sn-devel-104
2014-07-09 06:45:17 +02:00
Amitay Isaacs
2e7b0870ec ctdb-daemon: Enable robust mutexes only if TDB_MUTEX_LOCKING is defined
Runtime check for robust mutexes is performed just before opening local tdb.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-07-09 04:19:12 +02:00
Volker Lendecke
1627171792 ctdb-daemon: Allow flag TDB_MUTEX_LOCKING to pass into db_attach
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-07-09 04:19:12 +02:00
Amitay Isaacs
91be76dbe9 ctdb-daemon: Simplify code a bit
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-07-09 04:19:12 +02:00
Amitay Isaacs
1ed330f7cb ctdb-daemon: Use false instead of 0 for boolean arguments
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-07-09 04:19:12 +02:00
Amitay Isaacs
e9eed41d7f ctdb-daemon: Do not complain if node is inactive and db is not attached
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2014-06-12 05:40:11 +02:00
Amitay Isaacs
8c8ef5640e ctdb-daemon: Rename ctdb_lockdown_memory to lockdown_memory
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2014-06-12 05:40:10 +02:00
Amitay Isaacs
22f71579a4 ctdb-daemon: Instead of passing ctdb context, pass valgrinding boolean
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2014-06-12 05:40:10 +02:00
Amitay Isaacs
463ea9e525 ctdb-recoverd: Detach database from recovery daemon
As part of vacuuming, recoverd attaches to databases to migrate records.
When detaching a database from main daemon, it should be removed from
recovery daemon also.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Apr 23 17:05:45 CEST 2014 on sn-devel-104
2014-04-23 17:05:45 +02:00
Amitay Isaacs
d9d3af7baa ctdb-daemon: Talloc tdb_wrap off ctdb_db_context
This will ensure that when ctdb_db is freed, it will close the tdb
database.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-04-23 14:49:07 +02:00
Amitay Isaacs
1d4fb1b702 ctdb-daemon: Do not allow database detach if AllowClientDBAttach=1
This avoids the server detaching a database if clients are allowed to
connect to databases.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-04-23 14:49:07 +02:00
Amitay Isaacs
1c72842217 ctdb-daemon: Add control CTDB_CONTROL_DB_DETACH
This detaches specified database from all the nodes.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2014-04-14 03:52:39 +02:00
Amitay Isaacs
01de7818de ctdb-daemon: Always update database priority cluster wide
Database priority is a global property and all the nodes should have the
priority set for the databases.  Just setting priority on one node can
lead to problems in the recovery as a database can be frozen at wrong
priority and then freezing database would not succeed.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Apr  7 14:06:26 CEST 2014 on sn-devel-104
2014-04-07 14:06:26 +02:00
Martin Schwenke
a604c3d945 ctdbd: Remove duplicate database directory setting logic
Defaults for ctdb->db_directory and similar variables are currently
set in 2 places.

Change this to set them in only 1 place and make the directories at
initialisation time instead of waiting until later.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Pair-programmed-with: Amitay Isaacs <amitay@gmail.com>

(This used to be ctdb commit d73d84346488a2ed54e6a86f9d7ec641c8e33ace)
2013-10-25 12:06:06 +11:00
Amitay Isaacs
b77fec9381 ctdbd: Print set db sticky message after it's set
Signed-off-by: Amitay Isaacs <amitay@gmail.com>

(This used to be ctdb commit 824dcec35ec461d78e22b2ea109473b32bfe3972)
2013-08-01 11:08:26 +10:00
Amitay Isaacs
d8fc36781c ctdbd: Remove incomplete ctdb_db_statistics_wire structure
Instead of maintaining another structure, add an element as place holder for
marshall buffer of hot keys.  This avoids duplication of the structure.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>

(This used to be ctdb commit e73b2e12adc9db1dedb48d32bba3a8406a80f4cd)
2013-07-29 16:00:46 +10:00
Amitay Isaacs
854216236b Revert "ctdbd: Remove incomplete ctdb_db_statistics_wire structure"
The structure cannot be removed without adding support for marshalling keys
for hot records.

This reverts commit 26a4653df594d351ca0dc1bd5f5b2f5b0eb0a9a5.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>

(This used to be ctdb commit 023ca2e84f5ed064a288526b9c2bc7e06674dd81)
2013-07-29 16:00:46 +10:00
Sumit Bose
157f1cfefd Fixes for various issues found by Coverity
Signed-off-by: Amitay Isaacs <amitay@gmail.com>

(This used to be ctdb commit 05bfdbbd0d4abdfbcf28e3930086723508b35952)
2013-07-11 15:16:55 +10:00
Amitay Isaacs
14c49eabe4 ctdbd: Print tdb flags when logging attached to database message
Signed-off-by: Amitay Isaacs <amitay@gmail.com>

(This used to be ctdb commit 846109169ee5e3d03135156e45c8dac93aa2e95b)
2013-07-10 14:33:19 +10:00
Amitay Isaacs
d36aa928fd ctdbd: Remove incomplete ctdb_db_statistics_wire structure
Send the ctdb_db_statistics directly instead of first copying it to
duplicate ctdb_db_statistics_wire structure.  This simplifies the
implementation of the control to get database statistics.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>

(This used to be ctdb commit 26a4653df594d351ca0dc1bd5f5b2f5b0eb0a9a5)
2013-07-10 14:33:18 +10:00
Amitay Isaacs
c0798dfb64 ctdbd: Update debug messages for setting readonly property on database
Signed-off-by: Amitay Isaacs <amitay@gmail.com>

(This used to be ctdb commit 545a46437dfb2b755bb2fddb11dea8c4ccce3ed7)
2013-07-10 14:32:52 +10:00
Mathieu Parent
d82b9ae410 build: Fix tdb.h path to enable building with system TDB library
(This used to be ctdb commit f8bf99de3a5f56be67aaa67ed836458b1cf73e86)
2013-06-14 16:45:27 +10:00
Martin Schwenke
63577c96db ctdbd: Replace ctdb->done_startup with ctdb->runstate
This allows states, including startup and shutdown states, to be
clearly tracked.  This doesn't include regular runtime "states", which
are handled by node flags.

Introduce new functions ctdb_set_runstate(), runstate_to_string() and
runstate_from_string().

Signed-off-by: Martin Schwenke <martin@meltin.net>
Pair-programmed-with: Amitay Isaacs <amitay@gmail.com>

(This used to be ctdb commit 8076773a9924dcf8aff16f7d96b2b9ac383ecc28)
2013-05-24 14:08:06 +10:00
Martin Schwenke
3f37b4418e ctdbd: Update confusing log message
Inactive can also mean stopped.  To add information, just print the
flags instead.

Signed-off-by: Martin Schwenke <martin@meltin.net>

(This used to be ctdb commit a8605f7e06076e7edf84e0cc160fd3d9ab5c4b64)
2013-05-23 16:18:23 +10:00
Michael Adam
ce0916f61b ltdb_server: use CTDB_REC_RO_FLAGS where appropriate
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-By: Amitay Isaacs <amitay@gmail.com>

(This used to be ctdb commit 61f17e53576197def46bc61fdf0cdb5282333a3e)
2013-04-24 18:48:47 +10:00
Michael Adam
fd01c464d1 Fix a severe recovery bug that can lead to data corruption for SMB clients.
Problem:
Recovery can under certain circumstances lead to old record copies
resurrecting: Recovery selects the newest record copy purely by RSN. At
the end of the recovery, the recovery master is the dmaster for all
records in all (non-persistent) databases. And the other nodes locally
hold the complete copy of the databases. The bug is that the recovery
process does not increment the RSN on the recovery master at the end of
the recovery. Now clients acting directly on the Recovery master will
directly change a record's content on the recmaster without migration
and hence without RSN bump.  So a subsequent recovery can not tell that
the recmaster's copy is newer than the copies on the other nodes, since
their RSN is the same. Hence, if the recmaster is not node 0 (or more
precisely not the active node with the lowest node number), the recovery
will choose copies from nodes with lower number and stick to these.

Here is how to reproduce:

- assume we have a cluster with at least 2 nodes
- ensure that the recmaster is not node 0
  (maybe ensure with "onnode 0 ctdb setrecmasterrole off")
  say recmaster is node 1
- choose a new database name, say "test1.tdb"
  (make sure it is not yet attached as persistent)
- choose a key name, say "key1"
- all clustere nodes should ok and no recovery running
- now do the following on node 1:

1. dbwrap_tool test1.tdb store key1 uint32 1
2. dbwrap_tool test1.tdb fetch key1 uint32
   ==> 1
3. ctdb recover
4. dbwrap_tool test1.tdb store key1 uint32 2
5. dbwrap_tool test1.tdb fetch key1 uint32
   ==> 2
4. ctdb recover
7. dbwrap_tool test1.tdb fetch key1 uint32
   ==> 1
   ==> BUG

This is a very severe bug, since when applied to Samba's locking.tdb
database, it means that for SMB clients on clustered Samba there is
the potential for locking out oneself from previously opened files
or even worse, data corruption:

Case 1: locking out

- client on recmaster opens file
- recovery propagates open file handle (entry in locking.tdb) to
  other nodes
- client closes file
- client opens the same file
- recovery resurrects old copy of open file record in locking.tdb
  from lower node
- client closes file but fails to delete entry in locking.tdb
- client tries to open same file again but fails, since
  the old record locks it out (since the client is still connected)

Case 2: data corruption

- clien1 on recmaster opens file
- recovery propagates open file info to other nodes
- client1 closes the file and disconnects
- client2 opens the same file
- recovery resurrects old copy of locking.tdb record,
  where client2 has no entry, but client1 has.
- but client2 believes it still has a handle
- client3 opens the file and succees without
  conflicting with client2
  (the detached entry for client1 is discarded because
   the server does not exist any more).
=> both client2 and client3 believe they have exclusive
  access to the file and writing creates data corruption

Fix:

When storing a record on the dmaster, bump its RSN.

The ctdb_ltdb_store_server() is the central function for storing
a record to a local tdb from the ctdbd server context.
So this is also the place where the RSN of the record to be stored
should be incremented, when storing on the dmaster.

For the case of the record migration, this is currently done in
ctdb_become_dmaster() in ctdb_call.c, but there are other places
such as in recovery, where we should bump the RSN, but currently
don't do it.

So moving the RSN incrementation into ctdb_ltdb_store_server fixes
the recovery-record-resurrection bug.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-By: Amitay Isaacs <amitay@gmail.com>

(This used to be ctdb commit feb1d40b21a160737aead22e398f3c34ff3be8de)
2013-04-17 21:16:17 +10:00
Volker Lendecke
2d1d5d312e Add a \n to an error message
(This used to be ctdb commit 9be3b23adbfc844b71bf1d4ddf0fbc3b269f15fa)
2012-10-25 17:11:15 +11:00
Amitay Isaacs
a00e50e503 ctdbd: Replace lockwait with locking API and remove ctdb_lockwait.c
Signed-off-by: Amitay Isaacs <amitay@gmail.com>

(This used to be ctdb commit 2126795153dacb255e441abcb36ee05107b6282a)
2012-10-20 02:48:44 +11:00
Gregor Beck
3fd0b8a5a5 ctdbd: refuse attaching with "persistent" to a non-persistent db and v.v.
Signed-off-by: Michael Adam <obnox@samba.org>

(This used to be ctdb commit 1ebbaa620b3cfb9ff373828e4aaa84246cf3ec25)
2012-07-03 11:30:04 +02:00
Ronnie Sahlberg
59565c05cf STATISTICS: Add tracking of the 10 hottest keys per database measured in hopcount
and add mechanisms to dump it using the ctdb dbstatistics command

(This used to be ctdb commit 8307c70ed98996b430c470e9641a09fdeeb81bd8)
2012-06-13 16:19:18 +10:00
Amitay Isaacs
4392591555 Remove explicit include of lib/tevent/tevent.h.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>

(This used to be ctdb commit 0681014ca5ed2a9b56f63fdace7f894beccf8a9a)
2012-04-13 17:28:14 +10:00
Ronnie Sahlberg
fa3a06246a STICKY: add prototype code to make records stick to a node to "calm" down if they are found to be very hot and accessed by a lot of clients.
This can improve performance and stop clients from having to chase a rapidly migrating/bouncing record

(This used to be ctdb commit d0d98f7e45e5084b81335b004d50bddc80cdc219)
2012-03-20 17:12:19 +11:00
Ronnie Sahlberg
cdc232f2dd READONLY: dont schedule for fast vacuum deletion if any of the readonly record flags are set
(This used to be ctdb commit b3307d78fd15f446b423f8cdd1e403f89fbe8ac8)
2012-02-21 06:54:09 +11:00
Ronnie Sahlberg
61762a96e3 ReadOnly: Make sure we dont try to fast-vacuum records that are set for readonly delegation
(This used to be ctdb commit 303134cf10a08ce61954d5de9025d9bbcb5f75ef)
2012-02-20 21:13:46 +11:00
Ronnie Sahlberg
73f8be16c6 ReadOnly: add per-database statistics to view how much delegations/revokes we have
(This used to be ctdb commit 751ed46197661eb841042ab6a02855a51dd0b17c)
2012-02-08 15:29:27 +11:00
Michael Adam
6f0b22234f ctdb_ltdb_store_server: when storing a record that is not to be scheduled for deletion, remove it from the delete queue
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

(This used to be ctdb commit 489148e465e2b8aed87ea836e3518f43490671ca)
2011-12-23 17:39:01 +01:00
Martin Schwenke
f186dd90b6 Move some common functions to common/ctdb_ltdb.c
Move identical copies of ctdb_null_func(), ctdb_fetch_func(),
ctdb_fetch_with_header_func() from ctdb_client.c and
ctdb_ltdb_server.c to somewhere common.

This is in the context of wanting to run CCAN-style tests where most
of the ctdbd code is just included in the test program.

Signed-off-by: Martin Schwenke <martin@meltin.net>

(This used to be ctdb commit 126cb0d369b2b1aed63801dc4ba0554399e8b7e4)
2011-11-11 14:31:50 +11:00
Martin Schwenke
3b47e5fa49 Fix typo in ctdb_ltdb_store_server()
The if statement uses ret but means to use ret2.

Signed-off-by: Martin Schwenke <martin@meltin.net>

(This used to be ctdb commit f40101a615f8b9826a484e4697bfea6ee2b9ba88)
2011-11-09 14:55:07 +11:00
Ronnie Sahlberg
0e79b2d1e8 Record Fetch Collapse: Collapse multiple fetch request into one single request.
When multiple clients fetch the same record concurrently, send only one single
fetch across the network and deferr all other fetches locally.
This improves performance for hot records and reduces cpu load on ctdb.

(This used to be ctdb commit 82d6946ad8b3348e8b9d3d971f24925ade02d1be)
2011-11-08 16:08:28 +11:00
Ronnie Sahlberg
90c0c235fa Remove debug message
(This used to be ctdb commit db0fdc2281c4742113c92d697371c37815db35a0)
2011-10-24 12:21:55 +11:00
Ronnie Sahlberg
0dc5584101 Merge branch 'master-readonly-records' into foo
Conflicts:

	Makefile.in
	tools/ctdb.c

(This used to be ctdb commit 0fedef0ffba4178126eee9544c5e2db52f5db893)
2011-09-12 09:34:34 +10:00
Michael Adam
a3e0079568 Add a tunable "AllowClientDBAttach" with default value 1.
When set to 0, clients will not be able to attach to databases
via the db_attach control. This might can be useful for maintenance
where ctdb should be kept running but clients should not be able
to modify databases.

(This used to be ctdb commit ddfeecda87955b4e46777599f678e6926d37f4c4)
2011-09-05 16:17:39 +10:00
Ronnie Sahlberg
206a3c0c66 ReadOnly: add a new control to activate readonly lock capability for a database.
let all databases default to not support this  until enabled through this control

(This used to be ctdb commit 908a07c42e5135a3ba30a625fc4f4e4916de197a)
2011-09-01 11:08:18 +10:00
Ronnie Sahlberg
9729d3e339 ReadOnly: Check the readonly flag instead of whether the tdb pointer is NULL or not
(This used to be ctdb commit 01314c2cb3a480917d6a632b83c39f0a48bba0e7)
2011-08-23 10:41:52 +10:00
Ronnie Sahlberg
1441b77cce ReadOnly: Add "readonly" flag to the ctdb_db_context to indicate if this database supports readonly operations or not. Add a private lock-less tdb file to the ctdb_db_context to use for tracking delegarions for records
Assume all databases will support readonly mode for now and se thte flag for all databases. At later stage we will add support to control on a per database level whether delegations will be supported or not.

(This used to be ctdb commit 502f86f79944df4bac9094f716e54110c511dc24)
2011-08-23 10:24:26 +10:00
Ronnie Sahlberg
00a870f759 ReadOnly records: Add a new RPC function FETCH_WITH_HEADER.
This function differs from the old FETCH in that this function will also fetch the record header and not just the record data

(This used to be ctdb commit c7196d16e8e03bb2a64be164d15a7502300eae0e)
2011-08-23 10:06:59 +10:00
Ronnie Sahlberg
cee8c4be94 Deferred attach: create the timed event as a child context of the da context we want to delete.
Othwervise the da context can be timed out and talloc_free()d
but the event for this already freed object will still trigger,
causing a talloc error and shutdown.

CQ S1022515

(This used to be ctdb commit 2fd27bdedb1e0d6558c07e1b74fc8e70ddf593dc)
2011-03-16 16:08:45 +11:00
Ronnie Sahlberg
3cc230b5ee Dont allow clients to connect to databases untile we are well past and through
the initial recovery phase

CQ S1022412

Signed-off-by: Michael Adam <obnox@samba.org>

(This used to be ctdb commit e02bbd915b7151c615ff64f09ad9abc9720bef7d)
2011-03-14 13:35:53 +01:00