1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-25 06:04:04 +03:00

33 Commits

Author SHA1 Message Date
Amitay Isaacs
de3f0d889b ctdb-recovery-helper: Deregister message handler in error paths
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13188

If PULL_DB control times out but the remote node is still sending the
data, then the tevent_req for pull_database_send will be freed without
removing the message handler.  So when the data is received, srvid
handler will be called and it will try to access tevent_req which will
result in use-after-free and abort.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2017-12-13 08:48:18 +01:00
Amitay Isaacs
676df8770b ctdb-protocol: Fix marshalling for ctdb_rec_buffer
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2017-08-30 14:59:23 +02:00
Amitay Isaacs
b8a0420d10 ctdb-daemon: Add implementation for CTDB_CONTROL_DB_ATTACH_REPLICATED control
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2017-06-29 10:34:27 +02:00
Amitay Isaacs
1e10f224ff ctdb-recovery: Use db_flags instead of a boolean persistent flag
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2017-06-29 10:34:27 +02:00
Amitay Isaacs
c9d9f56bff ctdb-recovery: Assign banning credits if database fails to freeze
https://bugzilla.samba.org/show_bug.cgi?id=12857

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2017-06-24 10:28:21 +02:00
Amitay Isaacs
6ebcba49d0 ctdb-recovery: Delete empty records during recovery
Persistent databases are now always recovered by sequence number.  So
there is no need to keep the empty records in the database since they
will never be recovered record-by-record using RSN.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sat Jun 17 16:47:55 CEST 2017 on sn-devel-144
2017-06-17 16:47:55 +02:00
Amitay Isaacs
40cc7a1eb3 ctdb-recovery: Log messages at various debug levels
This avoids spamming the logs during recovery at NOTICE level.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Jun 13 13:22:09 CEST 2017 on sn-devel-144
2017-06-13 13:22:09 +02:00
Amitay Isaacs
41c964fdbc ctdb-recovery: Start recovery helper with ctdb_vfork_exec
The recovery helper does it's own logging, so there is no need to
pass logfd.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Dec  5 11:59:42 CET 2016 on sn-devel-144
2016-12-05 11:59:42 +01:00
Martin Schwenke
bdc049dfce ctdb-common: Drop CTDB's copy of sys_read() and sys_write()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue Nov 29 11:22:40 CET 2016 on sn-devel-144
2016-11-29 11:22:40 +01:00
Amitay Isaacs
f2414841f2 ctdb-daemon: Mark RecoverPDBBySeqNum tunable deprecated
Persistent databases are now always recovered by sequence number, so
there is no need for this tunable.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Nov 25 08:13:59 CET 2016 on sn-devel-144
2016-11-25 08:13:59 +01:00
Amitay Isaacs
54e392b385 ctdb-recovery: Avoid NULL dereference in failure case
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12434

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Nov 21 12:26:04 CET 2016 on sn-devel-144
2016-11-21 12:26:04 +01:00
Amitay Isaacs
6b93b57921 ctdb-recovery-helper: Add missing initialisation of ban_credits
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12275

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-09-19 08:23:22 +02:00
Amitay Isaacs
f1a8fb11dd ctdb-recovery-helper: Fix format-nonliteral warning
... and printf format errors.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12137

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-08-10 08:18:16 +02:00
Amitay Isaacs
600cec4d44 ctdb-recovery: Terminate if recovery fails without any banning credits
In case of database recovery failure, if there are no banning credits
assigned, then the async computation is never terminated.  The else
condition is missing in (max_credits >= NUM_RETRIES) check.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Jun 24 09:56:23 CEST 2016 on sn-devel-144
2016-06-24 09:56:23 +02:00
Amitay Isaacs
1847556562 ctdb-recovery-helper: Fix a comment
The sequence of events are incorrectly documented.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-06-24 05:59:08 +02:00
Amitay Isaacs
93dcca2a5f ctdb-recovery: Update timeout and number of retries during recovery
The timeout RecoverTimeout (default 120) is used for control messages
sent during the recovery.  If any of the nodes does not respond to any
of the recovery control messages for RecoverTimeout seconds, then it
will cause a failure of recovery of a database.  Recovery helper will
retry the recovery for a database 5 times.

In the worst case, if a database could not be recovered within 5 attempts,
a total of 600 seconds would have passed.  During this time period other
timeouts will be triggered causing unnecessary failures as follows:

1. During the recovery, even though recoverd is processing events,
   it does not send a ping message to ctdb daemon.  If a ping message is
   not received for RecdPingTimeout (default 60) seconds, then ctdb will
   count it as unresponsive recovery daemon.  If the recovery daemon
   fails for RecdFailCount (default 10) times, then ctdb daemon will
   restart recovery daemon.  So after 600 seconds, ctdb daemon will
   restart recovery daemon.

2. If ctdb daemon stays in recovery for RecoveryDropAllIPs (default 120),
   then it will drop all the public addresses.  This will cause all
   SMB client to be disconnected unnecessarily.  The released public
   addresses will not be taken over till the recovery is complete.

To avoid dropping of IPs and restarting recovery daemon during a delayed
recovery, adjust RecoverTimeout to 30 seconds and limit number of
retries for recovering a database to 3.  If we don't hear from a node
for more than 25 seconds, then the node is considered disconnected.
So 30 seconds is sufficient timeout for controls during recovery.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Jun  6 08:49:15 CEST 2016 on sn-devel-144
2016-06-06 08:49:15 +02:00
Amitay Isaacs
c51b8c2234 ctdb-recovery-helper: Add banning to parallel recovery
If one or more nodes are misbehaving during recovery, keep track of
failures as ban_credits.  If the node with the highest ban_credits exceeds
5 ban credits, then tell recovery daemon to assign banning credits.

This will ban only a single node at a time in case of recovery failure.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Mar 25 06:57:32 CET 2016 on sn-devel-144
2016-03-25 06:57:32 +01:00
Amitay Isaacs
ad7a407a13 ctdb-recovery-helper: Introduce new #define variable
... instead of hardcoding number of retries.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:16 +01:00
Amitay Isaacs
e5a714a3c2 ctdb-recovery-helper: Improve log message
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:16 +01:00
Amitay Isaacs
ffea827bae ctdb-recovery-helper: Introduce push database abstraction
This abstraction uses capabilities of the remote nodes to either send
older PUSH_DB controls or newer DB_PUSH_START and DB_PUSH_CONFIRM
controls.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:15 +01:00
Amitay Isaacs
b96a4759b3 ctdb-recovery-helper: Introduce pull database abstraction
This abstraction depending on the capability of the remote node either
uses older PULL_DB control or newer DB_PULL control.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:15 +01:00
Amitay Isaacs
e1fdfdd1c1 ctdb-recovery-helper: Write recovery records to a recovery file
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:15 +01:00
Amitay Isaacs
9058fe06df ctdb-recovery-helper: Re-factor function to retain records from recdb
Also, rename traverse function and traverse state for recdb_records
consistently.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:15 +01:00
Amitay Isaacs
a80ff09ed3 ctdb-recovery-helper: Create accessors for recdb structure fields
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:15 +01:00
Amitay Isaacs
70011a1bfb ctdb-recovery-helper: Rename pnn to dmaster in recdb_records()
This variable is used to set the dmaster value for each record in
recdb_traverse().

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:15 +01:00
Amitay Isaacs
5b926d882e ctdb-recovery-helper: Pass capabilities to database recovery functions
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:15 +01:00
Amitay Isaacs
5f43f92796 ctdb-recovery-helper: Factor out generic recv function
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:15 +01:00
Amitay Isaacs
700f39372a ctdb-recovery-helper: Get tunables first, so control timeout can be set
During the recovery process, the timeout value for sending all controls
is decided by RecoverTimeout tunable.  So in the recovery process,
first get the tunables, so the control timeout gets set correctly.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-10 03:34:18 +01:00
Amitay Isaacs
157e19b984 ctdb-recovery: Add a log message when marshalling recovery database fails
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-02-12 05:32:16 +01:00
Amitay Isaacs
19a411f839 ctdb-recovery: Create recovery databases in state dir
This matches the behaviour during serial database recovery.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Feb 11 08:01:14 CET 2016 on sn-devel-144
2016-02-11 08:01:14 +01:00
Amitay Isaacs
171fdc20b9 ctdb-recovery: Fix newlines in log messages
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Uri Simchoni <uri@samba.org>

Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Tue Feb  9 22:28:08 CET 2016 on sn-devel-144
2016-02-09 22:28:08 +01:00
Amitay Isaacs
5aab31a39a ctdb-recovery: Update vnnmap before database recovery
Once the databases are recovered, all the pending calls are resent.
If the vnnmap is not updated, then the nodes can redirect calls to nodes
that are not part of the new vnnmap.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Oct 16 09:31:34 CEST 2015 on sn-devel-104
2015-10-16 09:31:34 +02:00
Amitay Isaacs
951431910d ctdb-recoverd: Add parallel database recovery helper
Parallel database recovery fixes the samba/ctdb deadlock during recovery.

Many times samba tries to grab multiple record locks in sequence.
Consider a case when samba is already holding a record lock on a database
and tries to get a record lock on second database.  If the second record
is not available on the local node, samba asks ctdb to migrate the record.
If recovery occurs at this time (e.g. node becoming inactive), ctdb
cannot freeze all the databases since samba is already holding a lock
and waiting for the second lock.  CTDB can process the second record
request only after the recovery is complete, thus causing a deadlock.

In parallel database recovery, each database is frozen and recovered
independent from each other.  So as soon as the second database is
recovered, CTDB will resend all the pending migration requests and Samba
can get the second lock.  Once samba releases both the locks, ctdb can
freeze the first database and recover it completing recovery process.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-10-07 14:53:29 +02:00