1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Commit Graph

2382 Commits

Author SHA1 Message Date
Amitay Isaacs
fc28a74254 ctdb-daemon: Remove ctdb_event_helper
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Sun Dec 18 18:10:50 CET 2016 on sn-devel-144
2016-12-18 18:10:50 +01:00
Amitay Isaacs
69b1ae3423 ctdb-daemon: Switch to using event daemon
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-12-18 14:23:23 +01:00
Amitay Isaacs
bcd7444c57 ctdb-daemon: Add functions to talk to event daemon
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-12-18 14:23:23 +01:00
Amitay Isaacs
21cac65b67 ctdb-daemon: Refactor check for valid events during recovery
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-12-18 14:23:23 +01:00
Amitay Isaacs
def5f4b1bf ctdb-daemon: Drop implementation of eventscript controls
Following controls are now implemented by event daemon
 - RUN_EVENTSCRIPTS
 - GET_EVENT_SCRIPT_STATUS
 - ENABLE_SCRIPT
 - DISABLE_SCRIPT

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-12-18 14:23:23 +01:00
Amitay Isaacs
950110f3c1 ctdb-eventd: Add event script handling daemon
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-12-18 14:23:22 +01:00
Amitay Isaacs
41c964fdbc ctdb-recovery: Start recovery helper with ctdb_vfork_exec
The recovery helper does it's own logging, so there is no need to
pass logfd.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Dec  5 11:59:42 CET 2016 on sn-devel-144
2016-12-05 11:59:42 +01:00
Amitay Isaacs
1b7f0a7bbb ctdb-locking: Start locking helper using ctdb_vfork_exec
This avoids the extra argument of logfd to ctdb_lock_helper.  The log
messages from lock helper are captured by ctdbd.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-12-05 08:09:23 +01:00
Amitay Isaacs
c43856342f ctdb-daemon: Add ctdb_vfork_exec()
This will replace ctdb_vfork_with_logging().

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-12-05 08:09:23 +01:00
Amitay Isaacs
ecf3f56138 ctdb-daemon: Log to stderr when running in interactive mode
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-12-05 08:09:23 +01:00
Amitay Isaacs
d53dbd0dcc ctdb-daemon: Initialize logging in recovery daemon
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-12-05 08:09:22 +01:00
Amitay Isaacs
74ccc7280a ctdb-recoverd: Log a message when terminating
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-12-05 08:09:22 +01:00
Amitay Isaacs
e2413a0567 ctdb-logging: Get rid of debug_extra
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-12-05 08:09:22 +01:00
Amitay Isaacs
aaeef14ae5 ctdb-daemon: Remove setting of debug_extra
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-12-05 08:09:22 +01:00
Amitay Isaacs
3d6860b275 ctdb-daemon: Remove setting of debug_extra from switch_from_server_to_client()
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-12-05 08:09:22 +01:00
Amitay Isaacs
ca55652575 ctdb-daemon: Remove setting of debug_extra via ctdb_set_child_info()
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-12-05 08:09:22 +01:00
Amitay Isaacs
9ae62f1532 ctdb-daemon: Don't depend on debug_extra in exit handler
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-12-05 08:09:22 +01:00
Amitay Isaacs
4108f47bcf ctdb-daemon: Fix debug messages
- Use fprintf() before logging is initialized
- replace DEBUG_ALERT with DEBUG_ERR

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-12-05 08:09:22 +01:00
Amitay Isaacs
28b6a90a15 ctdb-daemon: Consolidate initialization of logging and debug level
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-12-05 08:09:22 +01:00
Amitay Isaacs
02aa65cede ctdb-logging: Remove duplicate logging code
ctdb_logging_init() now uses logging_init().

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-12-05 08:09:22 +01:00
Martin Schwenke
2650f37018 ctdb-logging: Drop enum debug_level
We are switching to Samba-style integer debug levels.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-12-05 08:09:21 +01:00
Amitay Isaacs
9b7308b202 ctdb-daemon: Remove tevent debug logging
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-12-05 08:09:21 +01:00
Martin Schwenke
429377a242 ctdb-ipalloc: Optimise check to see if IP is available on a node
Use a "bitmap" of available IPs for each IP address instead of walking
the list of available IP addresses.

For ctdb/tests/takeover/lcp2.030.sh, this improves the time taken on
my laptop from:

  real	0m11.997s
  user	0m11.960s
  sys	0m0.000s

to

  real	0m8.571s
  user	0m8.544s
  sys	0m0.000s

So, when assigning all 900 IP addresses the improvement is about 25%.

For the no-op case (where all IPs are already assigned to nodes), the
extra setup adds a small fraction of a second for 900 IPs.
Intermediate cases result in intermediate improvements.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-12-02 00:24:28 +01:00
Martin Schwenke
24db43839f ctdb-daemon: Exit early if there are trailing command-line arguments
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-12-02 00:24:28 +01:00
Martin Schwenke
df2d6518e7 ctdb-daemon: Don't call ctdb_local_node_got_banned() on flag changes
This function is currently called twice each time a node is banned.

ctdb_local_node_got_banned() is already called from the banning code,
either due to a received banning control or a node banning itself.
Given that other nodes can't set a node's BANNED flag, a node can only
be banned via the above mechanisms, so drop the redundant call.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-12-02 00:24:28 +01:00
Martin Schwenke
bdc049dfce ctdb-common: Drop CTDB's copy of sys_read() and sys_write()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue Nov 29 11:22:40 CET 2016 on sn-devel-144
2016-11-29 11:22:40 +01:00
Martin Schwenke
dcde6f1619 ctdb-lock-helper: Drop include of ctdb_private.h
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-11-29 07:25:19 +01:00
Amitay Isaacs
f2414841f2 ctdb-daemon: Mark RecoverPDBBySeqNum tunable deprecated
Persistent databases are now always recovered by sequence number, so
there is no need for this tunable.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Nov 25 08:13:59 CET 2016 on sn-devel-144
2016-11-25 08:13:59 +01:00
Amitay Isaacs
2a9584dc0a ctdb-daemon: Remove unused code cmdline.[ch]
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-11-25 04:19:23 +01:00
Amitay Isaacs
569d787a1d ctdb-daemon: Consolidate command line options to ctdbd
This inserts the code from ctdb_cmdline_init() function directly in
main(), so common/cmdline.[ch] can be removed.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-11-25 04:19:23 +01:00
Amitay Isaacs
54e392b385 ctdb-recovery: Avoid NULL dereference in failure case
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12434

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Nov 21 12:26:04 CET 2016 on sn-devel-144
2016-11-21 12:26:04 +01:00
Amitay Isaacs
6c6d63c044 ctdb-locking: Reset real-time priority in lock helper
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12392

Earlier we were relying on SCHED_RESET_ON_FORK to reset the priority of lock
helper processes.  Since SCHED_RESET_ON_FORK support has been removed, the
scheduling priority of child processes created using vfork() need to be reset
explicitly in the helper processes.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Nov 18 10:18:27 CET 2016 on sn-devel-144
2016-11-18 10:18:27 +01:00
Amitay Isaacs
3c03754921 ctdb-daemon: Simplify code using tdb_storev
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
2016-10-27 23:53:12 +02:00
Amitay Isaacs
12fd2ddc01 ctdb-daemon: Simplify code using local variable
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
2016-10-27 23:53:12 +02:00
Volker Lendecke
6c95148f85 ctdb: Fix format errors for time_t!=long
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-10-17 22:34:20 +02:00
Martin Schwenke
0ec01826d3 ctdb-daemon: Log when removing stale Unix domain socket
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12287

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Sep 22 12:28:12 CEST 2016 on sn-devel-144
2016-09-22 12:28:12 +02:00
Martin Schwenke
8eff9e9603 ctdb-daemon: Drop attempt to connect to Unix domain socket
This was a weak attempt at exclusivity.  PID file creation now does
that properly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12287

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-09-22 08:34:20 +02:00
Martin Schwenke
d719a87fe0 ctdb-daemon: Don't try to reopen TDB files
There aren't any open at this stage.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12287

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-09-22 08:34:20 +02:00
Martin Schwenke
1e501c7749 ctdb-daemon: Bind to Unix domain socket after PID file creation
No use touching the socket if PID file creation fails.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12287

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-09-22 08:34:20 +02:00
Martin Schwenke
5148e02adb ctdb-daemon: Use PID file abstraction
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12287

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-09-22 08:34:20 +02:00
Amitay Isaacs
8b979c729b ctdb-locking: Restrict lock debugging to once per second
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-09-22 08:34:20 +02:00
Amitay Isaacs
cdc46ef9d7 ctdb-locking: Log if ctdb is unable to take db locks in INACTIVE state
This is useful information if ctdb is unable to freeze any of the
databases on banning or stopping.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-09-22 08:34:20 +02:00
Amitay Isaacs
28fad1c59d ctdb-daemon: Log a message when vfork() takes long time
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Sep 19 12:18:15 CEST 2016 on sn-devel-144
2016-09-19 12:18:15 +02:00
Amitay Isaacs
06171961d6 ctdb-daemon: Log a message when fork() takes long time
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-09-19 08:23:22 +02:00
Amitay Isaacs
a69d1e202a ctdb-daemon: Avoid extra condition in tevent trace callback
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-09-19 08:23:22 +02:00
Amitay Isaacs
6b93b57921 ctdb-recovery-helper: Add missing initialisation of ban_credits
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12275

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-09-19 08:23:22 +02:00
Martin Schwenke
7ec7d4f3c0 ctdb-ipalloc: ipalloc_set_public_ips() can't fail
So make it a void function.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12254

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-09-14 08:39:29 +02:00
Martin Schwenke
7522a7aee8 ctdb-ipalloc: Move merged IP list creation to ipalloc()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12254

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-09-14 08:39:29 +02:00
Martin Schwenke
c1efb801a4 ctdb-ipalloc: Drop known_ips argument from merged IP list creation
This is available in the IP allocation state.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12254

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-09-14 08:39:29 +02:00
Martin Schwenke
fed251726f ctdb-ipalloc: Optimise check to see if IPs can be hosted
Add an early return if there are no known IP addresses.

Also add an extra comment for clarification.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12254

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-09-14 08:39:29 +02:00
Martin Schwenke
dfc3b8855d ctdb-ipalloc: Whether IPs can be hosted need not depend on merged IP list
Merged IP list won't be available here...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12254

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-09-14 08:39:29 +02:00
Martin Schwenke
0e5c62d8fc ctdb-ipalloc: Store known public IPs in IP allocation state
This was dropped because it wasn't used, but it will be needed again.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12254

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-09-14 08:39:28 +02:00
Amitay Isaacs
67351e61ee ctdb-recoverd: Drop code to freeze databases from set_recovery_mode()
This function is called only once from force_election() and does not
require freezing of databases.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-09-14 08:39:28 +02:00
Martin Schwenke
a2abc78c87 ctdb-daemon: Compare interface pointers instead of using strcmp(3)
If the interfaces have different names then they are different
interfaces.

Also, move assignment of new_name just above where is is first used.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-09-08 06:57:21 +02:00
Martin Schwenke
a66072efdf ctdb-daemon: Use ctdb_find_iface() instead of duplicating logic
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-09-08 06:57:21 +02:00
Martin Schwenke
2f46056228 ctdb-deamon: Rename vnn_has_interface_with_name() to vnn_has_interface()
Now takes a pointer to an interface structure and does direct pointer
comparisons.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-09-08 06:57:21 +02:00
Martin Schwenke
b129c288f5 ctdb-daemon: Drop redundant uses of ctdb_find_iface()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-09-08 06:57:20 +02:00
Martin Schwenke
29787cb3c8 ctdb-daemon: Make vnn->iface a list of new struct vnn_interface
To keep this change small, this leaves behind some redundant calls to
ctdb_find_iface() and similar.  They will be cleaned up later.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-09-08 06:57:20 +02:00
Martin Schwenke
e6258acf1b ctdb-daemon: Change ctdb_add_local_iface() to return struct ctdb_interface
This will allow a change to the way interfaces are handled in a VNN.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-09-08 06:57:20 +02:00
Martin Schwenke
ff4b452c6a ctdb-daemon: Move interface addition into interface parsing
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-09-08 06:57:20 +02:00
Martin Schwenke
1790f9f754 ctdb-daemon: Drop some uses of CTDB_NO_MEMORY{,_FATAL}()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-09-08 06:57:20 +02:00
Martin Schwenke
c3502cf9f9 ctdb-daemon: Consolidate interface checking with interface parsing
There's no point parsing the interfaces twice, especially since it
doesn't improve error handling.

This also removes a use of strdup(3)/free(3), which is not generally
used in our code.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-09-08 06:57:20 +02:00
Martin Schwenke
05665d9ede ctdb-daemon: Replace some uses of CTDB_NO_MEMORY_FATAL()
Also add a missing out-of-memory check for vnn->ifaces.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-09-08 06:57:20 +02:00
Martin Schwenke
d658d4e701 ctdb-daemon: Move and improve public IP duplicate checking
This also moves the interface validation down, making more obvious
that it can be consolidated.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-09-08 06:57:20 +02:00
Martin Schwenke
f63fe7c3b9 ctdb-daemon: Drop use of strdup(3) and free(3) when releasing IP
If anything should be used here it should be talloc functions.
However, this is a remnant from when ctdb_sys_find_ifname() was used
here and, for some reason, it used strdup(3).

In this case the interface string doesn't actually need to be copied.
The only use of it is when ctdb_event_script_callback_v() uses it with
the format string in a call to talloc_vasprintf().  In the same
context the IP address isn't copied.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-09-08 06:57:20 +02:00
Martin Schwenke
9d975b860d ctdb-daemon: Don't steal control structure before synchronous reply
If *async_reply isn't set then the calling code will reply to the
control and free the control structure.  In some places the control
structure pointer is stolen onto state before a synchronous exit due
to an error condition.  The error handling then frees state and
returns an error.  The calling code will access-after-free when trying
to reply to the control.

To make this easier to understand, the convention is that any
(immediate) error results in a synchronous reply to the control via an
error return code AND *async_reply not being set.  In this case the
control structure pointer should never be stolen onto state.  State is
never used for a synchronous reply, it is only ever used by a
callback.

Also initialise state->c to NULL so that any premature call to a
callback (e.g. in an immediate error path) is more obvious.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12180

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-09-01 13:30:10 +02:00
Martin Schwenke
582518c7e8 ctdb-daemon: Handle failure immediately, do housekeeping later
The callback should never be called before an immediate return.  The
callback might reply to a control and the caller of
ctdb_event_script_callback_v() may not have assigned/stolen the
pointer to control structure into the private data.  Therefore,
calling the callback can dereference an uninitialised pointer to the
control structure when attempting to reply.

An event script isn't being run until the child has been forked.  So
update relevant state and set the destructor after this.

If the child can't be forked then free the state and return with an
error.  The callback will not be called and the caller will process
the error correctly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12180

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-09-01 13:30:10 +02:00
Martin Schwenke
9076c44f35 ctdb-daemon: Schedule running of callback if there are no event scripts
The callback should never be called before an immediate return.  The
callback might reply to a control and the caller of
ctdb_event_script_callback_v() may not have assigned/stolen the
pointer to control structure into the private data.  Therefore,
calling the callback can dereference an uninitialised pointer to the
control structure when attempting to reply.

ctdb_event_script_callback_v() must succeed when there are no event
scripts.  On success the caller will mark the call as asynchronous and
expect the callback to be called.  Given that it can't be called
before return then it needs to be scheduled.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12180

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-09-01 13:30:10 +02:00
Martin Schwenke
6dc75c7d24 ctdb-daemon: When releasing an IP, update PNN in callback
When an error occurs so an IP address is not released then the PNN in
the VNN is currently incorrectly updated.

Instead, update the PNN in the callback when the release is
successful.  Also, explicitly update the PNN on redundant releases.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12158

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Sun Aug 21 22:45:33 CEST 2016 on sn-devel-144
2016-08-21 22:45:32 +02:00
Martin Schwenke
976a50af6f ctdb-daemon: Rename takeover_callback_state -> release_ip_callback_state
Many years ago takeover_callback_state was used for both IP takeover
and release.  Now it is only used when releasing an IP so rename it to
improve clarity.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12158

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-21 18:52:05 +02:00
Martin Schwenke
626dcc9e49 ctdb-ipalloc: Fix cumulative takeover timeout
Commit c40fc62642 runs the IP allocation
algorithm after calculating the timeout offset.  If the algorithm
takes a long time then there may be no attempt to release or take over
IPs.

Instead, reset the timeout just before the RELEASE_IP stage if an
early jump to IPREALLOCATED was not taken.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12161

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Aug 18 12:36:37 CEST 2016 on sn-devel-144
2016-08-18 12:36:37 +02:00
Martin Schwenke
abe5445c24 ctdb-recoverd: Don't directly release rogue IP addresses
This is inconsistent with the rest of the local IP verification.  It
should notice problems but not try to fix them directly.  Like other
cases, it should use an IP takeover run to try to fix the problem.  In
this case the address might have just been added and an out-of-band
RELEASE_IP might cause conflicts (i.e. "another change is in flight")
with a scheduled IP takeover run.

This effectively reverts commit
694c1b269e.  Not sure why this was
needed after c7e648c2d1.  More recently
commit 6471541d6d moves responsibility
for determining interface/netmask to 10.interface so this should
continue to work just fine.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-17 23:00:26 +02:00
Martin Schwenke
12f9e332e9 ctdb-daemon: Fix takeover of incorrectly assigned public IP address
Cause an "updateip" instead of just logging a message.

This may reset existing connections.  However, CTDB doesn't think the
address should already be hosted on the node so there should be no
connections.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-17 23:00:26 +02:00
Martin Schwenke
2210337ce8 ctdb-daemon: Avoid referencing NULL pointer due to unknown old interface
This doesn't currently happen but it will in a subsequent commit.
That commit and this one could be squashed but then the functional
change gets lost in amongst this one.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-17 23:00:26 +02:00
Martin Schwenke
81cba9054e Revert "When adding an ip at runtime, it might not yet have an iface assigned to it, so ensure that the next takover_ip call will fall through to accept the ip and add it."
This reverts commit 4136f27145.

If the IP address is on an interface then it won't help to pretend
that it isn't.  This will simply cause a takeip event, which will fail
because the address can't be added.  Note that the IP address isn't
necessarily new - something unexpected may have happened.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-17 23:00:26 +02:00
Martin Schwenke
a10545ab6b ctdb-daemon: Drop special case handling for new IP already on interface
The address may already be assigned to another node, so this is wrong.
It also leaves the interface unknown.

This is better left to code that handles rogue IP addresses.  A
takeover run should correctly takeover the address if it is assigned
to this node or release it if it is assigned to another node.  Coming
soon...

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-17 23:00:26 +02:00
Martin Schwenke
d2a91394f5 ctdb-daemon: Use release_ip_post() when releasing all IP addresses
This has the advantage of using common code.  Also, if there was
previously a failed attempt to release the IP address as part of a
delete, then this will finish processing the delete.

Extra care needs to be taken when a VNN is actually deleted.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12158

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-17 23:00:26 +02:00
Martin Schwenke
46c5136e4e ctdb-daemon: Factor out new function release_ip_post()
This contains the cleanup that needs to be done after an IP address is
released from an interface.

state->vnn is set to the return value from release_ip_post(), which is
either the original VNN, or NULL if it was deleted.  This allows
correct handling of the in-flight flag in the destructor for state.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12158

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-17 23:00:26 +02:00
Martin Schwenke
e653c8bb4a ctdb-daemon: Do not copy address for RELEASE_IP message
If there's an allocation failure then the implicit early return in
CTDB_NO_MEMORY_VOID() means that no reply is sent to the control.
ctdb_daemon_send_message() makes a copy of the data, so don't copy it
here and remove an unnecessary chance of failure.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12158

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-17 23:00:26 +02:00
Martin Schwenke
ca22373231 ctdb-daemon: Do not update the VNN state on RELEASE_IP failure
If RELEASE_IP fails then updating the VNN makes it inconsistent with
reality.  Instead, log the failure and move on to the next IP
address.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12158

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-17 23:00:26 +02:00
Martin Schwenke
509491a868 ctdb-daemon: Try to release IP address even if interface is unknown
The "releaseip" event in 10.interface will determine the interface and
do the right thing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12158

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-17 23:00:26 +02:00
Martin Schwenke
254d5545f4 ctdb-logging: Fix CID 1272823 Unchecked return value from library
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12157

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-17 23:00:25 +02:00
Martin Schwenke
1de8948cb5 ctdb-daemon: Fix CID 1362723 Unchecked return value from library
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12157

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-17 23:00:25 +02:00
Martin Schwenke
0de52420b8 ctdb-daemon: Fix CID 1362726 Unchecked return value from library
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12157

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-17 23:00:25 +02:00
Martin Schwenke
518683abfe ctdb-daemon: Fix CID 1125574 Operands don't affect result
Interfaces going up or down are always interesting, so log these at
error level.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12157

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-17 23:00:25 +02:00
Martin Schwenke
1be2cd9dd2 ctdb-daemon: Fix CID 1125575 Operands don't affect result
This is related to an error, so repeatedly log at error level instead
of trying to avoid repetition.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12157

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-17 23:00:24 +02:00
Martin Schwenke
b92c78a043 ctdb-daemon: Fix CID 1272855 Operands don't affect result
Failures are already logged at alert/error level above, so just log
the summary at notice level.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12157

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-17 23:00:24 +02:00
Amitay Isaacs
f1a8fb11dd ctdb-recovery-helper: Fix format-nonliteral warning
... and printf format errors.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12137

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-08-10 08:18:16 +02:00
Amitay Isaacs
fa0015d9ad ctdb-daemon: Fix format-nonliteral warning
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12137

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-08-10 08:18:16 +02:00
Martin Schwenke
d7ecc913bb ctdb-daemon: Clean up SET_DB_PRIORITY/GET_DB_PRIORITY deprecation
The current message is broken:

  Control SET_DB_PRIORITY is not implemented any more, use  instead

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12126

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-08 08:17:34 +02:00
Martin Schwenke
940272d215 ctdb-daemon: Fix CID 1125627 Resource leak (RESOURCE_LEAK)
Also fixes CID 1125628.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12110

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-08 08:17:34 +02:00
Martin Schwenke
1f942ec36c ctdb-mutex: Avoid corner case where helper is already reparented to init
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12113

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-08 08:17:34 +02:00
Martin Schwenke
24e28c0aa5 ctdb-mutex: Fix CID 1359217 Resource leak (RESOURCE_LEAK)
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Aug  3 09:13:55 CEST 2016 on sn-devel-144
2016-08-03 09:13:55 +02:00
Martin Schwenke
c6a7f680ce ctdb-daemon: Fix CID 1363067 Resource leak (RESOURCE_LEAK)
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-03 05:29:24 +02:00
Martin Schwenke
74aca5f4c6 ctdb-daemon: Fix CID 1363233 Resource leak (RESOURCE_LEAK)
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-03 05:29:24 +02:00
Martin Schwenke
ed81e51cc1 ctdb-daemon: Fix CID 1364527/8/9: Null pointer dereferences (NULL_RETURNS)
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
2016-07-28 05:00:18 +02:00
Amitay Isaacs
3314a09aaf ctdb-daemon: Drop implementation of global transaction controls
These were used in serial recovery and for restoring databases using
older ctdb tool.  New code uses database specific transaction controls.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-28 05:00:17 +02:00
Amitay Isaacs
28b2a6391b ctdb-daemon: Drop the implementation of THAW control
This control was used by the older implementation of tool to restore a
database from backup.  In the new implemenation of tool, it freezes and thaws
only the database being restored.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-28 05:00:17 +02:00
Martin Schwenke
87b49c913f ctdb-daemon: Deletion of IPs is deferred until the next takeover run
This drastically simplifies the code.  "ctdb reloadips" behaves the
same, since it causes a takeover run immediately after IPs are
deleted.  "ctdb delip" now needs to be followed with an explicit "ctdb
ipreallocate".

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-28 05:00:17 +02:00
Amitay Isaacs
0a759bc3ff ctdb-daemon: Use consistent naming for monitoring mode
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-28 05:00:17 +02:00
Martin Schwenke
10165c48f1 ctdb-daemon: Move CTDB VNN structure to IP takeover code
It is only used in this code.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-28 05:00:15 +02:00
Martin Schwenke
c40fc62642 ctdb-ipalloc: Use a cumulative timeout for takeover run stages
RELEASE_IP sometimes times out because killing TCP connections can
take a long time.

The aim of the takeover timeout is actually to limit the total amount
of time for an IP takeover run.  So, calculate a combined timeout
offset once and use it for each of the RELEASE_IP, TAKEOVER_IP,
IPREALLOCATED stages.  This gives RELEASE_IP more time to kill TCP
connections but still limits the total time.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-28 05:00:15 +02:00
Amitay Isaacs
abd5d7c8fd ctdb-daemon: Use refactored tunable code
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-25 21:29:46 +02:00
Amitay Isaacs
9187f26f99 ctdb-locking: Remove ctdb_db_prio_iterator function
It is not used anymore.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-25 21:29:43 +02:00
Amitay Isaacs
b5ede509ab ctdb-freeze: Remove ctdb_db_prio_frozen() function
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-25 21:29:43 +02:00
Amitay Isaacs
2852397691 ctdb-locking: Remove API for locking databases with priority
This is not used anymore.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-25 21:29:43 +02:00
Amitay Isaacs
b81824e10d ctdb-locking: Remove API for locking all databases
This has never been used.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-25 21:29:43 +02:00
Amitay Isaacs
3927603ca2 ctdb-daemon: Remove priority field from ctdb_db_context
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-25 21:29:43 +02:00
Amitay Isaacs
dc0bfcd7da ctdb-daemon: Remove implementation of SET/GET_DB_PRIORITY
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-25 21:29:42 +02:00
Amitay Isaacs
6693fa59dc ctdb-recoverd: Remove code that updates database priorities during recovery
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-25 21:29:42 +02:00
Amitay Isaacs
5944a9bbcb ctdb-freeze: Drop function thaw_priority()
There are no database priorities anymore, so the function name does
not make any sense.  Call the code in thaw_priority() directly from
ctdb_control_thaw().

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-25 21:29:42 +02:00
Amitay Isaacs
79b6b4b621 ctdb-daemon: Drop priorites from freeze/thaw code
Parallel database recovery freezes databases in parallel and irrespective
of database priority.  So drop priority from freeze/thaw code.
Database priority will be dropped completely soon.

Now FREEZE and THAW controls operate on all the databases.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-25 21:29:42 +02:00
Amitay Isaacs
9338443a92 ctdb-recovery: Remove serial database recovery code
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-25 21:29:42 +02:00
Amitay Isaacs
a376ba8b34 ctdb-vacuum: Do not use freeze_mode outside freeze code
If the database is not frozen and recovery mode is not active, then
vacuuming can continue.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-25 21:29:42 +02:00
Amitay Isaacs
d5e4a7abdc ctdb-locking: Drop code for Samba 3.x compatibility
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-25 21:29:41 +02:00
Amitay Isaacs
9f54b6b67c ctdb-daemon: Log ctdb socket in the main daemon
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-05 10:53:15 +02:00
Amitay Isaacs
ca35d8149d ctdb-daemon: Check if method is initialized before calling
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-05 10:53:15 +02:00
Amitay Isaacs
7c8c6ce74e ctdb-daemon: Improve log message
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-05 10:53:14 +02:00
Amitay Isaacs
e6818c8e3c ctdb-recoverd: Improve election win messages
Logging that node has lost election is less useful than knowing which
node has won the election.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-05 10:53:14 +02:00
Martin Schwenke
a2124a1cd8 ctdb-ipalloc: Drop implicit dependency on ctdb-common
Use new functions from protocol API instead.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:26 +02:00
Martin Schwenke
445860bf84 ctdb-ipalloc: IP allocation state is now an opaque structure
It is private to the IP allocation module.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:25 +02:00
Martin Schwenke
41a14e72b5 ctdb-ipalloc: ipalloc() returns public IP list
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:25 +02:00
Martin Schwenke
21adcd32bd ctdb-ipalloc: Move set_ipflags_internal() to ipalloc
Rename it ipalloc_set_node_flags().

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:25 +02:00
Martin Schwenke
2eb0b9e98a ctdb-ipalloc: Switch set_ipflags_internal() to use a new-style node map
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:25 +02:00
Martin Schwenke
ee7fc252c8 ctdb-ipalloc: Move ipalloc state initialisation to ipalloc.c
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:25 +02:00
Martin Schwenke
38f4616bdd ctdb-ipalloc: Pass extra data to IP allocation state initialisation
No longer require CTDB context but pass in number of nodes, algorithm,
no_ip_failback and force_rebalance_nodes.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:25 +02:00
Martin Schwenke
64361d9778 ctdb-ipalloc: Make no_ip_failback a boolean
No need to expose tunable values that far down.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:25 +02:00
Martin Schwenke
86f7c4d7f3 ctdb-ipalloc: Fix buggy short-circuit when no IPs are available
At the moment IP is short-circuited when there are no available IP
addresses.  However, if some IP addresses are already allocated then
"no available IP addresses" means that all the addresses should
(probably) be released.  The current short-circuit means that no
already hosted IP addresses will be released.

The short-circuit exists to avoid lots of messages saying that all IP
addresses can not be assigned at startup time.  So, add a check to
ipalloc_can_host_ips() so that it succeeds if IP addresses are already
allocated to nodes.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:25 +02:00
Martin Schwenke
c5d85a071b ctdb-ipalloc: New function ipalloc_can_host_ips()
Abstracts out code involving internals of IP allocation state.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:25 +02:00
Martin Schwenke
695da518de ctdb-ipalloc: Drop known public IPs from IP allocation state
This is never used in the allocation algorithms.  It is only used when
building the merged IP list.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:25 +02:00
Martin Schwenke
e8ff433c46 ctdb-ipalloc: Move create_merged_ip_list() into ipalloc
How the existing IP layout is constructed and how the merged IP list is
sorted are important aspects of the IP allocation algorithm.  Construct the
merged IP list when known and available IPs are assigned.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:25 +02:00
Martin Schwenke
5c47c35c5a ctdb-ipalloc: New function ipalloc_set_public_ips()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:25 +02:00
Martin Schwenke
1f5c4dbac9 ctdb-ipalloc: Remove function ctdb_reload_remote_public_ips()
Use ctdb_fetch_remote_public_ips() inline to fetch each list.  Assign
them into the IP allocation state separately.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:25 +02:00
Martin Schwenke
303ef82a27 ctdb-ipalloc: Clean up reloading of remote public IPs
Factor out new function ctdb_fetch_remote_public_ips() to fetch known
or available public IP addresses, according to flags.

This also drops the hack where the array from a
ctdb_public_ip_list_old was assigned to a pointer in a
ctdb_public_ip_list.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:25 +02:00
Martin Schwenke
c09cf571b7 ctdb-ipalloc: Don't build a global IP tree
It isn't used outside this function, so just use a local variable.

This makes create_merged_ip_list() independent of the CTDB context.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:25 +02:00
Martin Schwenke
55f13b74bf ctdb-ipalloc: Drop code to update IP assignment tree
This code is not used.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:24 +02:00
Martin Schwenke
a26d39e5ce ctdb-recoverd: Drop code to change the IP assignment tree
The tree is no longer used in verification.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:24 +02:00
Martin Schwenke
35644d0d82 ctdb-ipalloc: Drop remote IP verification
It is only run during a takeover run and only logs errors.  It doesn't
actually do anything to fix potential errors.  The takeover run should
fix any inconsistencies anyway.

Instead, leave a comment in the recovery daemon's monitoring loop to
add proper remote IP verification later.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:24 +02:00
Martin Schwenke
c86066cdc0 ctdb-ipalloc: Drop a use of CTDB_NO_MEMORY_NULL()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:24 +02:00
Martin Schwenke
1ec7de66e9 ctdb-ipalloc: Do not use node count or PNNs from CTDB context
This is unnecessary.  IP allocation state already has a node count and
"i" is already a PNN.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:24 +02:00
Martin Schwenke
c92aa6105a ctdb-ipalloc: Drop an unnecessary check
Deleted (and other inactive) nodes will have an empty list of known
IP addresses.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:24 +02:00
Martin Schwenke
03b300e052 ctdb-ipalloc: Move if-statement with broken condition
This pointer is for an array that is always allocated.  The check is
meant to skip a node that has no IP addresses.  However, when there
are no IP addresses the loop below will not do anything anyway.

Add this as a check at the beginning of the function instead.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:24 +02:00
Amitay Isaacs
600cec4d44 ctdb-recovery: Terminate if recovery fails without any banning credits
In case of database recovery failure, if there are no banning credits
assigned, then the async computation is never terminated.  The else
condition is missing in (max_credits >= NUM_RETRIES) check.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Jun 24 09:56:23 CEST 2016 on sn-devel-144
2016-06-24 09:56:23 +02:00
Amitay Isaacs
1847556562 ctdb-recovery-helper: Fix a comment
The sequence of events are incorrectly documented.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-06-24 05:59:08 +02:00
Michael Adam
6083e62af5 ctdb-daemon: make bool assignment more obvious
(showing what is the rule and what is the exception)

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Jun 21 11:48:29 CEST 2016 on sn-devel-144
2016-06-21 11:48:29 +02:00
Amitay Isaacs
da91b70746 ctdb-locking: Avoid real-time in lock helper if nosetsched option is set
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-06-20 16:21:19 +02:00
Amitay Isaacs
a21a4de2cb ctdb-locking: Conditionally set real-time priority in lock helper
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-06-20 16:21:19 +02:00
Amitay Isaacs
2828b9a8c6 ctdb-daemon: Explicitly assign boolean values
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-06-20 16:21:19 +02:00
Amitay Isaacs
fd7bad4229 ctdb-daemon: Do explicit check for integer values
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-06-20 16:21:19 +02:00
Amitay Isaacs
c620bf5deb ctdb-daemon: Reset push_started flag once DB_PUSH_CONFIRM is done
Once DB_PUSH_START is processed as part of recovery, push_started
flag tracks if there are multiple attempts to send DB_PUSH_START.
In DB_PUSH_CONFIRM, once the record count is confirmed, all information
related to DB_PUSH should be reset.  However, The push_started flag was
not reset when the push_state was reset.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Jun  8 14:31:52 CEST 2016 on sn-devel-144
2016-06-08 14:31:52 +02:00
Amitay Isaacs
ecb74721e7 ctdb-recoverd: Avoid duplicate recoverd event in parallel recovery
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11956

In do_recovery, after the recovery and takeover is complete, recoverd
event is triggered.  When the parallel database recovery was separated,
ctdb_recovery_helper implemented sending END_RECOVERY control which
causes recoverd event to be triggered.  So when there is parallel database
recovery, recoverd event is triggered twice.

Instead move the call to run_recovered_eventscript() explicitly in
the serial recovery code path.  This avoids the duplication trigger of
recoverd event.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-06-08 10:33:19 +02:00
Amitay Isaacs
a4ac97d6c0 ctdb-daemon: Use lib/util functions instead of redefinitions
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-06-08 10:33:19 +02:00
Amitay Isaacs
b7073d4021 ctdb-cluster-mutex: Fix #endif decoration
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Jun  8 04:52:18 CEST 2016 on sn-devel-144
2016-06-08 04:52:18 +02:00
Martin Schwenke
174449c1e0 ctdb-recoverd: Release recovery lock on exit
The recovery lock helper must exit when it notices its parent is gone.
However, that can take a few seconds.

The usual way of terminating the recovery daemon is for the main ctdbd
to send it a SIGTERM.  Installing a handler is nice and simple.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:29 +02:00
Martin Schwenke
75717ac667 ctdb-recoverd: Add handler for lost recovery lock
If the process holding the recovery lock terminates unexpectedly then
the recovery daemon needs to know that the lock is no longer held.

While here, rename hold_reclock_handler() to take_reclock_handler() so
there is a clear difference between the two handler names.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:29 +02:00
Martin Schwenke
95a7920d22 ctdb-cluster-mutex: Register an extra handler for when mutex is lost
Pass NULL if not needed.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:29 +02:00
Martin Schwenke
4f0ca0107c ctdb-cluster-mutex: ctdb_cluster_mutex() registers handler and private data
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:29 +02:00
Martin Schwenke
145ddcbe37 ctdb-cluster-mutex: Drop cluster_mutex_handler() ctdb and handle arguments
This makes the API more general.  If they are needed in a handler then
they can be in the private data.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:29 +02:00
Martin Schwenke
8cf74f335e ctdb-recovery: Wrap private data for reclock test callback
This will allow a simplification of the cluster mutex API, so the
private data can be registered when calling ctdb_cluster_mutex().

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:29 +02:00
Martin Schwenke
a192364a12 ctdb-recoverd: Simplify reclock handler
Do the interesting work outside the handler.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:29 +02:00
Martin Schwenke
197264dfe7 ctdb-recoverd: Recovery lock handle should be in recovery deamon context
This shouldn't be in the CTDB context.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:29 +02:00
Martin Schwenke
5c4744e69d ctdb-cluster-mutex: Pass a talloc context to allocate the handle off
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:28 +02:00
Martin Schwenke
58be187de0 ctdb-recoverd: No need to reset reclock handler
It won't be called more than once by the cluster mutex code.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:28 +02:00
Martin Schwenke
a47da8246e ctdb-cluster-mutex: Don't call the supplied hander more than once
After the first activity on the file descriptor, ignore any subsequent
activity.  Single-shot handlers are easier to write.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:28 +02:00
Martin Schwenke
630f169653 ctdb-recoverd: Fix buggy function return on memory allocation failure
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:28 +02:00
Martin Schwenke
dbd4e67aee ctdb-recoverd: Don't expose internal cluster mutex status
Just expose whether the lock was taken.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:28 +02:00
Martin Schwenke
fdd214ce6a ctdb-daemon: Rename recovery lock file to just recovery lock
It isn't necessarily a file.

Don't bother changing the control, since it doesn't pervade the code.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:28 +02:00
Martin Schwenke
f16b26bc97 ctdb-daemon: Drop function ctdb_set_recovery_lock_file()
Setting the recovery lock file at startup can be done more simply.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:28 +02:00
Martin Schwenke
5b4dd8c001 ctdb-protocol: CTDB_CONTROL_SET_RECLOCK_FILE is obsolete
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:28 +02:00
Martin Schwenke
1127f3ae1e ctdb-recovery: Don't update recovery lock from daemon
It can't change after startup.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:28 +02:00
Martin Schwenke
23823f128f ctdb-recovery: Don't sync recovery lock across cluster
Support for updating the recovery lock is being removed because it
isn't possible to recover from failure.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:28 +02:00
Martin Schwenke
091d4d2dbb ctdb-recovery: Consistency check reclock in start recovery control
If the recovery lock setting is not consistent with that of the
recovery master then abort.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:28 +02:00
Amitay Isaacs
93dcca2a5f ctdb-recovery: Update timeout and number of retries during recovery
The timeout RecoverTimeout (default 120) is used for control messages
sent during the recovery.  If any of the nodes does not respond to any
of the recovery control messages for RecoverTimeout seconds, then it
will cause a failure of recovery of a database.  Recovery helper will
retry the recovery for a database 5 times.

In the worst case, if a database could not be recovered within 5 attempts,
a total of 600 seconds would have passed.  During this time period other
timeouts will be triggered causing unnecessary failures as follows:

1. During the recovery, even though recoverd is processing events,
   it does not send a ping message to ctdb daemon.  If a ping message is
   not received for RecdPingTimeout (default 60) seconds, then ctdb will
   count it as unresponsive recovery daemon.  If the recovery daemon
   fails for RecdFailCount (default 10) times, then ctdb daemon will
   restart recovery daemon.  So after 600 seconds, ctdb daemon will
   restart recovery daemon.

2. If ctdb daemon stays in recovery for RecoveryDropAllIPs (default 120),
   then it will drop all the public addresses.  This will cause all
   SMB client to be disconnected unnecessarily.  The released public
   addresses will not be taken over till the recovery is complete.

To avoid dropping of IPs and restarting recovery daemon during a delayed
recovery, adjust RecoverTimeout to 30 seconds and limit number of
retries for recovering a database to 3.  If we don't hear from a node
for more than 25 seconds, then the node is considered disconnected.
So 30 seconds is sufficient timeout for controls during recovery.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Jun  6 08:49:15 CEST 2016 on sn-devel-144
2016-06-06 08:49:15 +02:00
Amitay Isaacs
f8141e91a6 ctdb-recoverd: Freeze databases whenever the node is INACTIVE
If the node becomes stopped or banned after recovery is marked
active, then it will never freeze the databases, and hence the
node will keep banning itself indefinitely, until ctdbd is restarted.

This is a regression from 4.3, introduced with

b4357a79d9

and

d8f3b490bb

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11945

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Jun  1 17:36:12 CEST 2016 on sn-devel-144
2016-06-01 17:36:12 +02:00
Michael Adam
4b5eaf9a4e ctdb:banning: Improve debug message in ctdb_ban_node_event()
Make it more clear what happens when reading the logs.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-01 14:02:20 +02:00
Michael Adam
57cb011a0a ctdb:banning: Improve a debug message
This adapts the debug message in local_node_got_banned
to reflect what the function is currently doing.
This message was not adapted when the function was changed.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-01 14:02:20 +02:00
Michael Adam
2fbf19449e ctdb:eventscript: timedout->timed out in ctdb_event_script_args()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-06-01 00:57:33 +02:00
Michael Adam
b360c72eaf ctdb:banning: timedout->timed out in dbg messages in ctdb_ban_node_event()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-06-01 00:57:32 +02:00
Martin Schwenke
f9d4cb4c29 ctdb-recoverd: Unify takeover run triggering code in main loop
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Fri May 13 17:15:57 CEST 2016 on sn-devel-144
2016-05-13 17:15:57 +02:00
Martin Schwenke
e3e4f37c41 ctdb-recoverd: Add early return in srvid_requests_reply()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-13 13:47:17 +02:00
Martin Schwenke
ebbeab74ed ctdb-recoverd: Drop an unnecessary log message
do_takeover_run() will logs something at NOTICE level anyway.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-13 13:47:17 +02:00
Martin Schwenke
2a93b8423b ctdb-recoverd: Move takeover run checks after recover checks
If a recovery is going to be done then this will be followed by a
takeover run anyway.  So, there's no use doing the takeover run
checks, potentially doing a takeover run and then doing a recovery.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-13 13:47:17 +02:00
Martin Schwenke
662f06de9f ctdb-recoverd: Drop explicit check to flag takeover run needed
The recovery daemon should be less involved in the service monitoring
logic.

The cases handled here are already handled elsewhere:

* When a node becomes unhealthy/healthy the monitoring code will
  trigger a takeover run

* When a node is disabled/enabled the ctdb CLI tool will trigger a
  takeover run

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-13 13:47:17 +02:00
Martin Schwenke
4331306fce ctdb-takeover: Do not set node unhealthy when "takeip" fails
It will just become healthy again in the next monitor cycle.

Instead, let the recovery master ban it if the problem persists.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-13 13:47:17 +02:00
Martin Schwenke
9dc3b117e2 ctdb-takeover: Recovery daemon no longer passes fail callback
Banning is now handled by the takeover code sending banning credit
messages.

This commit makes a change in behaviour quite obvious.  Takeover runs
were initiated from several locations in the code but banning was only
done from one of these locations.  Now banning can be done from any
failed takeover run.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-13 13:47:17 +02:00
Martin Schwenke
1e9f650382 ctdb-takeover: Only apply banning credits to the worst offender
Post-process failues and only send banning credits to the node with
the most failures.

If there is a widespread problem or a problem on the recovery master
node then this should help avoid banning all the nodes.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-13 13:47:17 +02:00
Martin Schwenke
1c60694e53 ctdb-takeover: Count takeover run failures
This will allow banning credits assignments to be limited according to
some criteria.

Note that this only matters when multiple controls are sent to each
node: RELEASE_IP and TAKEOVER_IP.  This doesn't change the behaviour
for IPREALLOCATED.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-13 13:47:17 +02:00
Martin Schwenke
0053b85fc6 ctdb-takeover: Send banning credit messages from fail callback
Banning credits are now assigned by takeover runs called from all
locations in the recovery daemon.  Previously this only happened from
one of the callers.  When separating out the takeover run code the
behaviour should be consistent.

The callback (and corresponding data) passed to ctdb_takeover_run() is
now ignored.  Dropping this will allow the interface between the
recovery daemon and IP takeover to be simplified.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-13 13:47:17 +02:00
Martin Schwenke
db9ec11b1a ctdb-takeover: Have the takeover fail callback log a message
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-13 13:47:17 +02:00
Martin Schwenke
1f0263c6d4 ctdb-takeover: Use the takeover_run_fail_callback() in more cases
Probably due to oversight, this is currently only used for the
"takeip" step.

This does consistent error handling and provides a layer of
indirection to the passed callback, so use it for "releaseip" and
"ipreallocated" steps too.

The callback data now needs to be initialised before the first
possible jump to "ipreallocated".

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-13 13:47:17 +02:00
Martin Schwenke
06ad1711cf ctdb-takeover: New function takeover_callback_data_init()
Abstract out the initialisation of the callback data.  Later, we'll
need to do it multiple times or move it.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-13 13:47:17 +02:00
Martin Schwenke
a44c099e42 ctdb-takeover: Takeover callback data doesn't need a node map
It just needs to know the number of nodes.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-13 13:47:16 +02:00
Martin Schwenke
d61a75fd67 ctdb-takeover: PNN can be used to index into node map
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-13 13:47:16 +02:00
Martin Schwenke
9056b43b96 ctdb-takeover: Drop ipreallocated fallback code
The ipreallocated control has been in CTDB for a long time.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-13 13:47:16 +02:00
Martin Schwenke
866ca591d4 ctdb-recoverd: Fold IP allocation house-keeping into IP verification
Now all the IP takeover code for non-master node is in this function.
The function can always be renamed to something more suitable.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri May  6 15:10:59 CEST 2016 on sn-devel-144
2016-05-06 15:10:59 +02:00
Martin Schwenke
4947789b2a ctdb-recoverd: Clean up local IP verification
Update log levels and messages, comments and wrapping of long lines.
No functional changes.

Note that interfaces_have_changed() already does adequate logging.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-06 11:39:09 +02:00
Martin Schwenke
bdcc796f3c ctdb-recoverd: Skip known IP address checking when it is disabled
When public IP checking is disabled, verify_local_ip_allocation()
still retrieves known IP addresses and runs through a loop that does
nothing.

Instead, completely skip the retrieval and checking loop.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-06 11:39:09 +02:00
Martin Schwenke
fc4cbf5528 ctdb-recoverd: Check that IP failover is active in IP verification
This makes verify_local_ip_allocation() self-contained and simplifies
main_loop().

Due to indentation changes, this commit is most easily read when
ignoring whitespace.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-06 11:39:09 +02:00
Martin Schwenke
ff28cbb73d ctdb-recoverd: Call election when necessary in recovery master validation
There is no need to return one of several states and then trigger an
election for one of those return states.  Have the recovery master
validation trigger the election directly and just return whether
monitoring should continue.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-06 11:39:09 +02:00
Martin Schwenke
e8c33aa24a ctdb-recoverd: Simplify return values when updating local flags
Change this to return just 0 or -1.  It isn't monitoring anything.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-06 11:39:09 +02:00
Martin Schwenke
0a9401ff0e ctdb-recoverd: Drop unreachable code
update_local_flags() never returns MONITOR_ELECTION_NEEDED, so drop
this entire if-statement.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-06 11:39:09 +02:00
Martin Schwenke
4bef374e31 ctdb-daemon: Don't use CTDB_SRVID_TAKEOVER_RUN_RESPONSE
Nobody registers a handler for this message type.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-06 11:39:09 +02:00
Martin Schwenke
3e272e081f ctdb-recover: Avoid duplicate deferred attach processing
Deferred attach processing is done unconditionally at this point.  It
is then done again if recovery lock checking is done and completes
successfuly.  If the recovery lock checking fails then it should not
be done at all.

Move this processing so it is done with the early exit when the
recovery lock is not being used.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-06 11:39:09 +02:00
Martin Schwenke
721f64511c ctdb-recovery: Move recovery lock latency updating to handler
The cluster mutex code already passes the latency and expects the
handler to update the statistics.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-28 09:39:17 +02:00
Martin Schwenke
bcb838ba1e ctdb-recovery: Move recovery lock functions to recovery daemon code
ctdb_recovery_have_lock(), ctdb_recovery_lock(),
ctdb_recovery_unlock() are only used by recovery daemon, so move them
there.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-28 09:39:17 +02:00
Martin Schwenke
df99d9e273 ctdb-cluster-mutex: Factor out cluster mutex code
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-28 09:39:17 +02:00
Martin Schwenke
ecc6751c6b ctdb-recovery: Factor out setting of cluster mutex handler
This means that the cluster mutex handle can now be treated as opaque.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-28 09:39:17 +02:00
Martin Schwenke
94fb2cf0ec ctdb_recovery: ctdb_cluster_mutex() now takes an argstring argument
All of the ctdb_cluster_mutex_* infrastucture can now handle an
arbitrary mutex.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-28 09:39:17 +02:00
Martin Schwenke
46684867b1 ctdb-recovery: Recovery lock setting can now include helper command
The underlying change is to allow the cluster mutex argstring to
optionally contain a helper command.  When the argument string starts
with '!' then the first word is the helper command to run.  This is
now the standard way of changing the helper from the default.

CTDB_CLUSTER_MUTEX_HELPER show now only be used to change the location
of the default helper when testing.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-28 09:39:17 +02:00
Martin Schwenke
918b0d9a9c ctdb-recovery: Parse recovery lock setting
This is currently just treated as the name of a lock file.  However,
it is really some arbitrary arguments to lock helper.

Therefore, it should be parsed and passed as separate arguments to the
lock helper.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-28 09:39:17 +02:00
Martin Schwenke
64d557200e ctdb-recovery: Reimplement ctdb_recovery_lock() using ctdb_cluster_mutex()
Replace the file descriptor for the recovery lock in the CTDB context
with the cluster mutex handle, where non-NULL means locked.
Attempting to take the recovery lock is now asynchronous and no longer
blocks the recovery daemon.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-28 09:39:16 +02:00
Martin Schwenke
0b0b954ff2 ctdb-recovery: Kill cluster mutex helper with a signal that can be caught
Unlike fcntl(2), some other helper might need to explicitly take
action to release a mutex.  This can be done by catching SIGTERM.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-28 09:39:16 +02:00
Martin Schwenke
e679a1731c ctdb-recovery: Switch ctdb_cluster_mutex() to use helper
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-28 09:39:16 +02:00
Martin Schwenke
5cf3b7a1e3 ctdb: Add new helper ctdb_mutex_fcntl_helper
This implements the type of fcntl locking that the recovery lock uses.
The intent is to use it for multiple locks and allow the choice of
helper to be configured.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-28 09:39:16 +02:00
Martin Schwenke
978404ecde ctdb-recovery: Add optional timeout argument to ctdb_cluster_mutex()
Timeout in seconds, 0 means no timeout.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-28 09:39:16 +02:00
Martin Schwenke
43e9f58d6a ctdb-recovery: Factor out reclock testing into ctdb_cluster_mutex()
This is currently only used to check whether the recovery lock can be
taken.  However, name it more generally in anticipation of using it
for general cluster mutex taking and testing.

No functional changes.  A couple of debug message simplifications and
code rearrangements.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-28 09:39:16 +02:00
Martin Schwenke
ab75f2a587 ctdb-recovery: Use a configurable handler when testing cluster mutex
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-28 09:39:16 +02:00
Martin Schwenke
419f57f378 ctdb-recovery: Factor out new function set_recmode_handler()
This is used to reply to the recmode control for all the different
cases.  The callers can later be generalised to use a pointer, which
can then be used for recovery lock handling in different contexts.

Note that the handle is now freed in set_recmode_handler() rather than
the callbacks.

There is one difference in behaviour.  Deferred attach calls are now
processed in the timeout case, where they weren't before.  That's a
bug fix!

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-28 09:39:16 +02:00
Martin Schwenke
14a2330692 ctdb-recovery: Use single char ASCII numbers for status from child
'0' = Child took the mutex
  '1' = Unable to take mutex - contention
  '2' = Unable to take mutex - timeout
  '3' = Unable to take mutex - error

This is a straightforward API.  When the child is generalised to an
external helper then this makes it easier for a helper to be, for
example, a simple script.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-28 09:39:16 +02:00
Martin Schwenke
4842b6bb91 ctdb-recovery: Rename recovery lock functions and struct
Use the more general name "cluster mutex", since we are likely to end
up with more than one cluster-wide lock.  There will probably be a
dedicated recovery lock, held only during recovery, and also a second
lock that is held by the master node.  Currently one lock is used for
both purposes.

At the moment the struct and functions are involved with setting the
recovery mode.  However, they'll be abstracted out to more generally
deal with the cluster mutexes, so "recmode" -> "cluster_mutex".  Drop
"set" from names, since this is used to test the lock.  Also drop
"ctdb" prefix from functions, since they are local to this file.  The
struct will eventually be a long-lived handle that will release the
mutex when freed, so name it accordingly.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-28 09:39:16 +02:00
Volker Lendecke
aad53cf595 ctdbd: Use talloc_memdup where appropriate
.... 40 bytes .text less ;-)

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-04-25 18:29:21 +02:00
Martin Schwenke
09173f80d9 ctdb-ipalloc: Do ipreallocated even if no IP addresses can be allocated
In particular, LVS won't work at all if there are no public IP
addresses.

This is a temporary solution until a generic reconfiguration hook is
implemented.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-25 07:10:14 +02:00
Martin Schwenke
107f40abf9 ctdb-daemon: Move port filtering to server side when getting tickles
Why allocate all that memory and transfer all that data across the
socket?

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-25 07:10:14 +02:00
Amitay Isaacs
d2f86ea8c3 ctdb-daemon: Remove unused controls related to server_id
These controls have never been used and also they do not use the server_id
structure defined in samba.  In future, similar controls can be added to
register/unregister using proper server_id structure.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-04-23 23:55:14 +02:00
Amitay Isaacs
979693069a ctdb-daemon: Avoid memory leak
ctdb->idr and ctdb->srv get initialized as part of ctdb_init() called
from ctdb_cmdline_init().

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-04-23 23:55:14 +02:00
Martin Schwenke
a610447995 ctdb-daemon: Log a message when fork(2) fails
It is useful to know what error occurred.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-17 13:54:13 +02:00
Martin Schwenke
ffd64de772 ctdb-daemon: Drop --lvs option and support for CTDB_CAP_LVS
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Fri Apr 15 09:35:51 CEST 2016 on sn-devel-144
2016-04-15 09:35:51 +02:00
Martin Schwenke
951e8180a9 ctdb-daemon: Drop --single-public-ip option and related code
This has been replaced by scripts.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-15 05:57:18 +02:00
Martin Schwenke
2e1e1e8268 ctdb-killtcp: Merge "common" killtcp code into helper
ctdb_killtcp.c is now the only place it is needed.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-01 04:42:12 +02:00
Martin Schwenke
d8398b04b5 ctdb-daemon: Remove implementation of CTDB_CONTROL_KILL_TCP
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-01 04:42:12 +02:00
Martin Schwenke
c56112949a ctdb-killtcp: Simplify includes by using ctdb_sock_addr_to_string()
This allows common.h and ctdb_private.h to be dropped.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-01 04:42:11 +02:00
Martin Schwenke
248557bdf5 ctdb-killtcp: Avoid unnecessary dependency on lib/util/time.h
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-01 04:42:11 +02:00
Martin Schwenke
51f5faf555 ctdb-killtcp: Factor out killtcp code into separate file.
This will be used in a standalone helper.

Don't worry that the API isn't clean and opaque.  All of the code will
eventually move into the helper and will no longer be used by the
daemon.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-01 04:42:11 +02:00
Martin Schwenke
f76cb52eb5 ctdb-killtcp: Factor out ctdb_killtcp()
This function knows nothing about CTDB contexts or VNNs, so it can be
used elsewhere.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-01 04:42:11 +02:00
Martin Schwenke
879960b74d ctdb-killtcp: Change struct ctdb_tcp_kill to store arbitrary destructor data
The destructor used in this instances needs a CTDB context and a VNN.
However, destructors used in other cases may need different data.

For this instance create a local structure to hold the required data.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-01 04:42:11 +02:00
Martin Schwenke
1bf494f693 ctdb-killtcp: Avoid CTDB_NO_MEMORY()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-01 04:42:11 +02:00
Martin Schwenke
32ea7c0d2c ctdb-killtcp: Determine the interface as soon as vnn is known
This makes restructuring the code easier.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-01 04:42:11 +02:00
Martin Schwenke
380c894471 ctdb-killtcp: Use the given event context directly
We don't want this code to depend on a CTDB context, so don't go
looking there for an event context.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-01 04:42:11 +02:00
Amitay Isaacs
c51b8c2234 ctdb-recovery-helper: Add banning to parallel recovery
If one or more nodes are misbehaving during recovery, keep track of
failures as ban_credits.  If the node with the highest ban_credits exceeds
5 ban credits, then tell recovery daemon to assign banning credits.

This will ban only a single node at a time in case of recovery failure.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Mar 25 06:57:32 CET 2016 on sn-devel-144
2016-03-25 06:57:32 +01:00
Amitay Isaacs
ae366fb932 ctdb-recoverd: Add message handler to assigning banning credits
This will be called from recovery helper to assign banning credits to
misbehaving node.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:16 +01:00
Amitay Isaacs
ad7a407a13 ctdb-recovery-helper: Introduce new #define variable
... instead of hardcoding number of retries.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:16 +01:00
Amitay Isaacs
e5a714a3c2 ctdb-recovery-helper: Improve log message
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:16 +01:00
Amitay Isaacs
ffea827bae ctdb-recovery-helper: Introduce push database abstraction
This abstraction uses capabilities of the remote nodes to either send
older PUSH_DB controls or newer DB_PUSH_START and DB_PUSH_CONFIRM
controls.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:15 +01:00
Amitay Isaacs
b96a4759b3 ctdb-recovery-helper: Introduce pull database abstraction
This abstraction depending on the capability of the remote node either
uses older PULL_DB control or newer DB_PULL control.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:15 +01:00
Amitay Isaacs
e1fdfdd1c1 ctdb-recovery-helper: Write recovery records to a recovery file
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:15 +01:00
Amitay Isaacs
9058fe06df ctdb-recovery-helper: Re-factor function to retain records from recdb
Also, rename traverse function and traverse state for recdb_records
consistently.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:15 +01:00
Amitay Isaacs
a80ff09ed3 ctdb-recovery-helper: Create accessors for recdb structure fields
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:15 +01:00
Amitay Isaacs
70011a1bfb ctdb-recovery-helper: Rename pnn to dmaster in recdb_records()
This variable is used to set the dmaster value for each record in
recdb_traverse().

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:15 +01:00
Amitay Isaacs
5b926d882e ctdb-recovery-helper: Pass capabilities to database recovery functions
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:15 +01:00
Amitay Isaacs
5f43f92796 ctdb-recovery-helper: Factor out generic recv function
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:15 +01:00
Amitay Isaacs
95a15cde45 ctdb-daemon: Implement new controls DB_PULL and DB_PUSH_START/DB_PUSH_CONFIRM
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:15 +01:00
Amitay Isaacs
c41808e6d2 ctdb-tunables: Add new tunable RecBufferSizeLimit
This will be used to limit the size of record buffer sent in newer
controls for recovery and existing controls for vacuuming.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:14 +01:00
Martin Schwenke
e4f592539d ctdb-daemon: Replace an unsafe strcpy(3) call
Tweak another strncpy(3) call.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-22 00:23:20 +01:00
Martin Schwenke
0ffa5d8d9e ctdb-daemon: Validate length of new interface names
Interface names that are too long will be truncated by strncpy(3)
later on.  It is better to validate the length of each new interface
name to ensure it will be usable.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-22 00:23:20 +01:00
Volker Lendecke
deaab95b8d ctdb: Fix CID 1356313 Explicit null dereferenced
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-18 00:29:14 +01:00
Martin Schwenke
fa8bd41009 ctdb-tunables: Mark tunable DeferredRebalanceOnNodeAdd obsolete
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Mar 10 06:51:46 CET 2016 on sn-devel-144
2016-03-10 06:51:46 +01:00
Martin Schwenke
c9e69a4b2e ctdb-recoverd: Drop use of DeferredRebalanceOnNodeAdd tunable
If set, this was used to setup an IP takeover run on a timer after
certain updates to the public IP address configuration (e.g. "ctdb
addip").

However, "ctdb reloadips" completely manages public IP reconfiguration
and avoids the anomalies that DeferredRebalanceOnNodeAdd was
introduced to work around.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-03-10 03:34:19 +01:00
Martin Schwenke
aaa57fbcb3 ctdb-tools: Drop "ctdb rebalanceip"
This is undocumented and is not needed.  It was a workaround for
trying to ensure public IP addresses are properly rebalanced after
running "ctdb addip" on multiple nodes.  "ctdb reloadips" is a better
solution.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-03-10 03:34:19 +01:00
Amitay Isaacs
bd23b43bfe ctdb-tunables: Fix the implementation of LIST_TUNABLES control
Do not assume the first tunable is not obsolete.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-10 03:34:18 +01:00
Amitay Isaacs
700f39372a ctdb-recovery-helper: Get tunables first, so control timeout can be set
During the recovery process, the timeout value for sending all controls
is decided by RecoverTimeout tunable.  So in the recovery process,
first get the tunables, so the control timeout gets set correctly.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-10 03:34:18 +01:00
Amitay Isaacs
4a78200f43 ctdb-tunables: Mark tunable ReclockPingPeriod obsolete
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-10 03:34:18 +01:00
Amitay Isaacs
73ab0f9911 ctdb-tunables: Mark tunable MaxRedirectCount obsolete
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-10 03:34:18 +01:00
Amitay Isaacs
aa700deb64 ctdb-tunables: Add missing flags in the initializer
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-10 03:34:18 +01:00
Amitay Isaacs
ace23f0a81 ctdb-locking: Use real-time only for actual record or DB locking
Use real-time priority only for obtaining record and database locks.
Do not open databases with real-time priority as it can cause thundering
herd on fcntl lock while opening tdb database.  Also relinquish real-time
priority after the lock is obtained.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Mar  7 11:29:00 CET 2016 on sn-devel-144
2016-03-07 11:29:00 +01:00
Amitay Isaacs
00b9e76904 ctdb-takeover: Inform clients when dropping all IP addresses
CTDB releases all IPs in following cases: starting up, shutting down,
node gets banned, node does not come out of recovery for a long time.
Always inform samba when CTDB releases IP addresses.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-07 08:14:21 +01:00
Amitay Isaacs
b8272d835d ctdb-takeover: Do not kill smbd processes on releasing IP
CTDB already notifies Samba with RELEASE_IP message.  Samba can take
appropriate action based on that.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-07 08:14:21 +01:00
Martin Schwenke
46edef25df ctdb-recovery: Limit scope of reclock latency statistics
It does not make sense to update this statistic for the timeout case,
since this could skew the statistic.  To keep it simple, just update
it for the usual case where there is lock contention, since this is
the usual case.  So the daemon statistic measures time to test the
lock and the corresponding recovery daemon statistic measures time to
take the lock.

Additionally, the recovery daemon will eventually use this code to
take the lock, and the method of updating the latency statistic will
need to be pushed further out to a configurable handler that depends
on the calling context.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue Feb 23 10:32:06 CET 2016 on sn-devel-144
2016-02-23 10:32:06 +01:00
Martin Schwenke
188019b877 ctdb-recovery: Negate the status when checking the recovery lock
Have 0 indicate that the lock was taken.  This allows non-zero values
to be used to indicate why the lock could not be taken.  EACCES means
lock contention.

For now use just EACCES to cover all failures, since
ctdb_recovery_lock() returns a bool and details of other errors will
be lost.  ctdb_recovery_lock() will undergo some big changes, so don't
try to fix this now.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-02-23 07:23:18 +01:00
Martin Schwenke
fad3f367b7 ctdb-recovery: Clean up status handling from recmode child
This currently returns an incorrect error when the expected number of
bytes are not read.  Separate out the different cases to clarify the
logic and avoid reporting the wrong error.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-02-23 07:23:18 +01:00
Martin Schwenke
b6c3918457 ctdb-recovery: Don't bother ensuring file descriptor is -1
This is already done before the destructor is assigned.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-02-23 07:23:18 +01:00
Martin Schwenke
531e6724ba ctdb-recovery: Don't store recmode in recovery mode state
The callbacks that use this value are only ever called if recovery
mode is being set to NORMAL.  So do not check if recmode is NORMAL
either.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-02-23 07:23:18 +01:00
Martin Schwenke
6695fa50ae ctdb: Use ctdb_wait_for_process_to_exit()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-02-23 07:23:18 +01:00
Martin Schwenke
4d6ec81299 ctdb-recovery: Drop redundant status send when setting recovery mode
The child process writes the status into the pipe before looping to
wait.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-02-23 07:23:18 +01:00
Martin Schwenke
3e2f2169a4 ctdb-recovery: Include lib/util/time.h instead of samba_util.h
Less is more...

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-02-23 07:23:18 +01:00
Volker Lendecke
7b3fb853a4 ctdb: Fix CID 1353175 Logically dead code
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-02-16 16:41:18 +01:00
Volker Lendecke
e23ab7d408 ctdb: Fix CID 1353176 Logically dead code
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-02-16 16:41:18 +01:00
Martin Schwenke
2deba05c58 ctdb-ipalloc: Remove most uses of struct ctdb_public_ip_list_old
Where possible, this should no longer be used.

struct ctdb_public_ip_list is a fixed size structure and introduces an
extra level of indirection.  This means one level of indirection can
be dropped for known_public_ips and available_public_ips.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Fri Feb 12 08:40:21 CET 2016 on sn-devel-144
2016-02-12 08:40:21 +01:00
Martin Schwenke
53752bcf29 ctdb-ipalloc: Use goto fail to avoid repetition
This is getting unreadable...

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-02-12 05:32:16 +01:00
Amitay Isaacs
157e19b984 ctdb-recovery: Add a log message when marshalling recovery database fails
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-02-12 05:32:16 +01:00
Amitay Isaacs
d1f3b5d408 ctdb-daemon: Improve log message when REQ_DMASTER is received on non-lmaster
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-02-12 05:32:16 +01:00
Amitay Isaacs
19a411f839 ctdb-recovery: Create recovery databases in state dir
This matches the behaviour during serial database recovery.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Feb 11 08:01:14 CET 2016 on sn-devel-144
2016-02-11 08:01:14 +01:00
Amitay Isaacs
171fdc20b9 ctdb-recovery: Fix newlines in log messages
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Uri Simchoni <uri@samba.org>

Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Tue Feb  9 22:28:08 CET 2016 on sn-devel-144
2016-02-09 22:28:08 +01:00
Amitay Isaacs
b71c2e4230 Revert "ctdb-daemon: Check packet generation against database generation"
This reverts commit 0ff90f4fac.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11707

The checks against database generation are not required since
the global generation is updated as part of updating vnnmap
before the actual database recovery.  This change was done in
5aab31a39a.

Checking only against the database generation is incomplete.  It can
cause CTDB to abort if the following sequence of events happen.

 - CTDB gets REQ_DMASTER packet (gen1)
   This packet processing gets deferred to get a record lock

 - CTDB goes into recovery, marks RECOVERY_ACTIVE
   CTDB recovery helper updates vnnmap (gen2)

 - CTDB processes REQ_DMASTER packet (gen1)
   The check against database generation (gen1) succeeds.
   The check for lmaster is now invalid because VNNMAP has changed.
   This will cause CTDB to abort due to protocol error.

Reverting the patch stops processing packets of older generation before
they get into call processing.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Signed-off-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Feb  9 12:39:24 CET 2016 on sn-devel-144
2016-02-09 12:39:24 +01:00
Günther Deschner
1f6495b2f5 ctdb/server: fix gcc6 build warning.
ctdb/server/ipalloc_lcp2.c:264:29: warning: 'minimbl' may be used uninitialized
in this function [-Wmaybe-uninitialized]

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Feb  7 00:56:44 CET 2016 on sn-devel-144
2016-02-07 00:56:44 +01:00
Michael Adam
476672b647 dlist: remove unneeded type argument from DLIST_ADD_END()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-02-06 21:48:17 +01:00
Martin Schwenke
6bbf7d8f09 ctdb: NAT gateway capability and control to set it are obsolete
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Jan 27 18:35:24 CET 2016 on sn-devel-144
2016-01-27 18:35:24 +01:00
Volker Lendecke
93e48df86c ctdb: Fix the O3 developer build
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-01-14 19:37:19 +01:00
Martin Schwenke
39bc356ccb ctdb-ipalloc: Document the steps involved in a takeover run
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Jan 13 23:27:01 CET 2016 on sn-devel-144
2016-01-13 23:27:01 +01:00
Martin Schwenke
e320725f02 ctdb-ipalloc: Split IP allocation into its own build subsystem
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-01-13 20:18:20 +01:00
Martin Schwenke
18b0aeaae0 ctdb-ipalloc: Fix a memory leak
Commit cfa0ffe780 introduced a memory
leak.  Never assume...

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-01-12 19:16:17 +01:00
Martin Schwenke
24160ee6a4 ctdb-daemon: Don't leak memory if not using recovery lock
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-01-12 19:16:17 +01:00
Martin Schwenke
56ce230de7 ctdb-recoverd: Fix some uninitialised memory issues
The first element of these structures is a 32-bit PNN.  On 64-bit
systems this field can be followed by 32-bits of padding.  When the
structures are copied this can cause uninitialised memory to be
copied.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-01-12 19:16:17 +01:00
Martin Schwenke
8f73ae03cc ctdb-daemon: Drop the "schedule for deletion" messages to DEBUG level
Thousands of these can be generated each second, rendering INFO level
debugging useless.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-01-12 19:16:17 +01:00
Martin Schwenke
fe918572cb ctdb-ipalloc: Rename top level IP allocation algorithm functions
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Fri Dec  4 12:25:14 CET 2015 on sn-devel-104
2015-12-04 12:25:14 +01:00
Martin Schwenke
821aa24ffd ctdb-ipalloc: Rename ctdb_takeover_run_core() to ipalloc()
It just does IP allocation...

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-12-04 09:17:17 +01:00
Martin Schwenke
99abcc108c ctdb-ipalloc: Fold force_rebalance_candidates into IP allocation state
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-12-04 09:17:17 +01:00
Martin Schwenke
13aa583ea4 ctdb-ipalloc: Fold all IPs list into IP allocation state
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-12-04 09:17:17 +01:00
Martin Schwenke
fb66232155 ctdb-ipalloc: Tidy up some of the IP allocation functions
Shorter temporary variables for compactness/readability.  "tmp_ip" is
5 characters longer than "t".  In each for statement it is used 4
times, so costs 20 characters.  Save those extra characters so that
future edits will avoid going over 80 columns.

Tweak whitespace for readability, rewrap some code.

No functional changes.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-12-04 09:17:17 +01:00
Martin Schwenke
5dcc1d7a69 ctdb-daemon: Don't delete connection information for released IP
As per the comment:

  If the IP address is hosted on this node then remove the connection.

  Otherwise this function has been called because the server IP
  address has been released to another node and the client has exited.
  This means that we should not delete the connection information.
  The takeover node processes connections too.

This doesn't matter at the moment, since the empty connection list for
an IP address that has been released will never be pushed to another
node.  However, it matters if the connection information is stored in
a real replicated database.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-12-04 09:17:17 +01:00
Martin Schwenke
4261d6e70a ctdb-daemon: Move VNN lookup out of ctdb_remove_tcp_connection()
In a subsequent commit ctdb_takeover_client_destructor_hook() needs to
know the VNN.  So just have both callers of
ctdb_remove_tcp_connection() do the lookup and pass in the VNN.

This should cause no change in behaviour.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-12-04 09:17:17 +01:00