IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Traverse records are sent directly from traverse child process, but
the last empty record signalling end of traverse is sent from ctdbd.
This creates a race condition between ctdbd and traverse child.
There are two fds from traverse child to ctdbd - a pipe to track status
of the child process and unix socket connection for sending records.
It's possible that last few records are sitting in unix socket buffer
when ctdbd reads the status written from traverse child. This will
be interpreted as end of traverse and ctdbd will send the last empty
record to originating node before it has processed the pending packets
in unix socket connection.
The race is avoided by sending the last empty record marking end of
traverse from the child process.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
(This used to be ctdb commit 37e22fc3ac3eb64732f2e67058f5b7b06c093fbf)
To improve the traverse performance, records are directly sent from
traverse child process to the originating node. Make sure that all the
data is sent via socket, before informing ctdbd that traverse is complete.
Without waiting for all the packets to be flushed from the queue,
child process can incorrectly signal ctdbd that traverse has ended.
This will cause the pending records in the queue never to make it to
the originating node and traverse information will not be complete.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
(This used to be ctdb commit 482ac708cb79cb6378d814a79c2cf13f88435bc4)
By passing the result of tdb_traverse_read() allows ctdbd to determine
if the local traverse succeeded or not. In case of a problem with local
traverse, ctdbd can log an error.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
(This used to be ctdb commit abd51a9f41ebb178c4ea4491bdedf9a9433e7232)
Signed-off-by: Martin Schwenke <martin@meltin.net>
Pair-programmed-with: Amitay Isaacs <amitay@gmail.com>
(This used to be ctdb commit 8f660d0dd52013e5876806be908e8e603aa6e968)
Signed-off-by: Martin Schwenke <martin@meltin.net>
Pair-programmed-with: Amitay Isaacs <amitay@gmail.com>
(This used to be ctdb commit c700dd0c7b6b43b61b3e231643b5d7cbe2f9592a)
Apparently it used to mean a permanent ban but it is unclear if this
was ever supported.
Signed-off-by: Martin Schwenke <martin@meltin.net>
(This used to be ctdb commit c8a6e5ce579e2fe320c40268e7e9ddfe68b8cd30)
60 seconds might not be long enough to kill all connections and
release IPs.
Signed-off-by: Martin Schwenke <martin@meltin.net>
(This used to be ctdb commit 71080676bb4acbd0d9b595a30cf7fe6dddbf426f)
Takeover runs are currently silent when they succeed. However, they
are important, so log something by default.
Signed-off-by: Martin Schwenke <martin@meltin.net>
(This used to be ctdb commit b39aa2e401fbb581207d986bac93778e9c01acdc)
This means that takeover runs will be disabled for about as long as the
reloadips control can take to complete.
Signed-off-by: Martin Schwenke <martin@meltin.net>
(This used to be ctdb commit 6d44657a5e5b0df22bab2d487a503dd1c5ba79b4)
There's no reason why specifying a node should be compulsory. This is
a cluster-wide operation because it is implemented by the recovery
master so multiple nodes should not be specified using -n. However,
the command should be able to specify multiple nodes so let it have
its own nodestring argument.
This change should be backward compatible with the old requirement of
specifying a single node via -n.
Signed-off-by: Martin Schwenke <martin@meltin.net>
(This used to be ctdb commit 0846c00597adb66bba8c9dbf63443d0c2f91a7d1)
Use a broadcast instead of trying to win the race of determining the
recovery master and then sending the message before the recovery
master changes.
Signed-off-by: Martin Schwenke <martin@meltin.net>
(This used to be ctdb commit ac946ee4ad01b1e5cd1006930b9f8a190a0a58ba)
Specifying nodes to reload no longer uses -n.
Signed-off-by: Martin Schwenke <martin@meltin.net>
(This used to be ctdb commit d921b2756d5f1c4ad7a35fe120f6fda9f5bf5686)
It can change during a takeover run. If it does then don't free it.
There are potentially fancier solutions (e.g. check what PNNs are new
to the list) to this issue but this is the simplest.
Signed-off-by: Martin Schwenke <martin@meltin.net>
(This used to be ctdb commit e81589b7084c661adf617e166cc2c25b4939f841)
Otherwise, if existing IPs are added to extra nodes (that have,
perhaps, been disconnected) then those IPs will not be rebalanced
across the extra nodes.
Signed-off-by: Martin Schwenke <martin@meltin.net>
(This used to be ctdb commit ceb30432a9a550778aed0b422a654fc5287b82a3)
Deleting IPs can take a while because IPs are released and connections
are killed. This can take a while so do them in parallel. In fact,
since the set of IPs being added and deleted will be disjoint, send
all the adds/deletes at the same time and then wait.
Signed-off-by: Martin Schwenke <martin@meltin.net>
(This used to be ctdb commit 85a5b544ec032173e98c9cc3b5402a76b961aa3b)
The current implementation has a few flaws:
* A takeover run is called unconditionally when the timer goes even if
the recovery master role has moved. This means a node other than
the recovery master can incorrectly do a takeover run.
* The rebalancing target nodes are cleared in the setup for a takeover
run, regardless of whether the takeover run succeeds.
* The timer to force a rebalance isn't cleared if another takeover run
occurs before the deadline. Any forced rebalancing will happen in
the first takeover run and when the timer expires some time later
then an unnecessary takeover run will occur.
* If the recovery master role moves then the rebalancing data will
stay on the original node and affect the next takeover run to occur
if the recovery master role should come back to the original node.
Instead, store an array of rebalance target nodes in the recovery
master context. This is passed as an extra argument to
ctdb_takeover_run() each time it is called and is cleared when a
takeover run succeeds. The timer hangs off the array of rebalance
target nodes, which is cleared if the node isn't the recovery master.
This means that it is possible to lose rebalance data if the recovery
master role moves. However, that's a difficult problem to solve. The
best way of approaching it is probably to try to stop the recovery
master role from jumping around unnecesarily when inactive nodes join
the cluster.
The long term solution is to avoid this nonsense completely. The IP
allocation algorithm needs to cache state between runs so that it
knows which nodes have just become healthy. This also needs recovery
master stability.
Signed-off-by: Martin Schwenke <martin@meltin.net>
(This used to be ctdb commit c51c1efe5fc7fa668597f2acd435dee16e410fc9)
This implementation disables takeover runs on all nodes before trying
to reload IPs. It also takes "all" or the list of PNNs as an argument
to the command instead of to -n. -n can still be specified with a
single node indicating that node should be considered the current node
- that might be confusing so could be removed.
This implementation does not use CTDB_SRVID_RELOAD_ALL_IPS, so it can
be removed.
Signed-off-by: Martin Schwenke <martin@meltin.net>
(This used to be ctdb commit d66a072d9b120c78c47e726e9f29a3c1cfdd87ce)
The takeover run will fail anyway but deferring seems like a cleaner
option.
Signed-off-by: Martin Schwenke <martin@meltin.net>
(This used to be ctdb commit 428f800bcdf3dbfe19de8bb36099fbf01ebeaab4)
Use disable_takeover_runs_handler() instead of maintaining duplicate
logic.
Signed-off-by: Martin Schwenke <martin@meltin.net>
(This used to be ctdb commit 0a51a85915486b2a8fded7ba6444b18c6c1ee8e8)
This implements a superset of CTDB_SRVID_DISABLE_IP_CHECK. It stops
the IP checks but also causes any attempted takeover runs to fail and
be rescheduled.
This is meant to completely stop IP movements.
Signed-off-by: Martin Schwenke <martin@meltin.net>
(This used to be ctdb commit 00db4de53a0d86013e79e6577e7e6cf3ef864e56)
This will be useful for other SRVIDs.
The error checking in the handler depends on the SRVID responding with
a uint32_t where <0 indicates an error and >=0 is a PNN that
succeeded.
Signed-off-by: Martin Schwenke <martin@meltin.net>
(This used to be ctdb commit 52050e1c75b21961dafe2bc410268b44240ab24e)
Instead of the current global variable. This is in anticipation of
abstracting the code.
Signed-off-by: Martin Schwenke <martin@meltin.net>
(This used to be ctdb commit c58ee0eddf7ae3283e3ca8bd25575e6e677e1b17)
The code that handles IP reallocate requests can be reused.
This also changes the result back to a SRVID caller to the PNN on
success or a negative error code on failure. None of the callers
currently look at the result so this is harmless... but it will be
useful later.
Signed-off-by: Martin Schwenke <martin@meltin.net>
(This used to be ctdb commit e4eae6e3291baa299a1d0f733ab11b138ee699a3)
No need for a separate one for each SRVID.
Signed-off-by: Martin Schwenke <martin@meltin.net>
(This used to be ctdb commit d9c22b04d5aa7938a3965bd3144568664eb772ce)
Nested takeover runs should never happens so they should fail.
Signed-off-by: Martin Schwenke <martin@meltin.net>
(This used to be ctdb commit 8ed29c60c0a7dd29f2a6efdf694d38e94281e1c4)
It is set on every failure anyway.
Signed-off-by: Martin Schwenke <martin@meltin.net>
(This used to be ctdb commit e5f94c7857405bdeac233069003c3769b3dc3616)
Previously flagging a failure was probably avoided because of attempts
to run "ipreallocated" events on stopped and banned nodes, which would
fail because they are in recovery. Given the change to a new control
and that fallback only retries the old method on active nodes, this
should never fail in reasonable circumstances.
Signed-off-by: Martin Schwenke <martin@meltin.net>
(This used to be ctdb commit 53722430ad35f80935aabd12fa07654126443b8b)
Factor the calling sequence for ctdb_takeover_run() into a new
function and call it instead. This changes rec->need_takeover_run to
false for each successful takeover run and that seems to be the right
thing to do.
Signed-off-by: Martin Schwenke <martin@meltin.net>
(This used to be ctdb commit 9a3f0c0e61ca5c17e020c6e0463d73c7cf4f7c09)
On rare occasions when a node that has been inactive it will trigger
an election when it becomes active again. If that node has been up
for the longest then it will win the election and the recovery master
role will spuriously move.
While a node remains inactive we reset the priority time to discourage
it from winning elections. The priority time will now reflect roughly
how long the node has been active rather than how long it has been up.
That means the most stable node is more likely to win elections.
Having a stable recovery master means that disabling takeover runs
while reloading IPs is more likely to succeed. It also improves the
chances of being able to cache information in the recovery master -
for example, between takeover runs.
Signed-off-by: Martin Schwenke <martin@meltin.net>
(This used to be ctdb commit f0f48f22f45e4c82eba2582efae307e25385de81)
They will reject it because they are in recovery. This can result in
extra banning credits being applied to banned nodes.
This corresponds to commit 9132e6814ed927fa317f333f03dedb18f75d0e5b
from the 1.2.40 branch.
Signed-off-by: Martin Schwenke <martin@meltin.net>
(This used to be ctdb commit 403938804caf1322f9773d63197e4303a7b2a788)
Signed-off-by: Martin Schwenke <martin@meltin.net>
Pair-programmed-with: Amitay Isaacs <amitay@gmail.com>
(This used to be ctdb commit c0bb147ca09e82019b05ec22995623cffc3184e2)
This should have been removed with the associated code in commit
14bd0b6961ef1294e9cba74ce875386b7dfbf446.
Signed-off-by: Martin Schwenke <martin@meltin.net>
(This used to be ctdb commit 36de63843de10a1f2a9ccdbbee24cc1d08542984)