IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
system_socket.[ch] will contain all the raw socket code and other
functions that use ctdb_sock_addr. system.[ch] will contain other
platform dependent functions.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Negative parameter passed to function which cannot take negative values.
Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Christof Schmitt <cs@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Jun 6 01:13:18 CEST 2018 on sn-devel-144
Usually run_event will stop executing event scripts on first failure.
Optionally it can continue to run events even on failure(s).
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Allowing run_event_init() to take run_proc_context as an argument allows
to create multiple run_event instances with a single run_proc_context.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
This is the initial location that will be used by the new
multi-component aware event daemon.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
All except -i/--interactive. This remaining popt option is now neatly
wrapped to fit in 80 columns.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Testing is now broken because command-line options are no longer
respected.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
These should be created at installation or, if non-standard, by the
administrator.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Volatile databases now have their own subdirectory. This makes things
easier if we later recommend mounting a tmpfs on the volatile database
directory, rather than supporting the current CTDB_DBDIR=tmpfs magic.
No need to create database directories for local daemon tests. ctdbd
will do that.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
A variant of this is currently done by the wrapper but will be removed
from there because the wrapper will no longer see the CTDB_LOGGING
option.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Move code into clearly defined sections. Add a fail label for fatal
errors to ensure memory is freed. Modernise debug messages.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
None of this initialisation needs configuration options, so centralise
it with the context initialisation.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
This doesn't require configuration options so keep the instance in
ctdb_init().
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
This used to be used by client code but not anymore, so move it to
where it is used. Drop the comment because it is wrong. Modernise
logging.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
These haven't been used by anyone in a long time. --valgrinding is
less use with CTDB_VALGRINDING now gone.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
This is a generic indicator that tests are being run.
For local daemons, this will replace --sloppy-start and
--nopublicipcheck - it also does --nosetsched, which isn't being
removed at this point.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Makes the error handling easier and the code more compact.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
This doesn't need a wrapper function. It gets in the way if building
a value involves allocating memory (e.g. talloc_asprintf()) and then
ctdb_set_notification_script() duplicates that memory.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
It is used only by the code in the server directory. It's mainly used
in recovery daemon and vacuuming child process.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
All quite obvious. For the LCP2 one, we're not actually counting so
use a bool instead of an int.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Within ctdb_daemon_read_cb the provided data is checked for sanity,
e.g. correct size and content. This is not required because it was
done already by the caller (queue_process).
Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Jeremy Allison <jra@samba.org>
Set the detructor in ctdb_start_revoke_ro_record after the revokechild_handle
was added to the list.
Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Mar 31 03:45:51 CEST 2018 on sn-devel-144
Introduced err_out goto tag to prevent code duplication.
Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Jeremy Allison <jra@samba.org>
Replace the varibale name "rc" in ctdb_start_revoke_ro_record
to prevent a mix-up with the common meaning of rc (return code).
Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Jeremy Allison <jra@samba.org>
The destructor is only needed once the state got added to the DLIST.
Therefore, move the setting of the destructor to after the addition
of state to the DLIST.
Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Jeremy Allison <jra@samba.org>
Minor code cleanup and adding a temporary variable to improve readabilty.
Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Jeremy Allison <jra@samba.org>
In case of an error condition the further processing of the data is cancelled
and the callback returns. In such a scenario the data has to be free'd.
Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Jeremy Allison <jra@samba.org>
Tests now deviate from the compile-time default by setting CTDB_BASE.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
If the specified file or the default does not exist then log a
warning.
This is done in the takeover code to localise the handling of the
public addresses file. Soon the daemon command-line option will go
away and the takeover code will be replaced in the not too distant
future.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Use environment variables for test-only options.
The setenv() can be dropped because the socket location is either the
compile-time default or the already set environment variable.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Use environment variables for test-only options.
Switch to using a local variable. This simplifies both the logic and
the ability to later drop the command-line option.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Event scripts live in a standard place.
For testing, CTDB_BASE is modified.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13188
If PULL_DB control times out but the remote node is still sending the
data, then the tevent_req for pull_database_send will be freed without
removing the message handler. So when the data is received, srvid
handler will be called and it will try to access tevent_req which will
result in use-after-free and abort.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13154
STARTUP control is primarily used to synchronise tcp tickles from running
nodes to a node which has just started up. Earlier STARTUP control was
sent (using BROADCAST_ALL) after setup event. Once the other nodes in
the cluster connected to this node, the queued up messages would be sent
and the tcp tickles would get synchronised.
Recent fix to drop messages to disconnected or not-yet-connected nodes,
the STARTUP control was never sent to the remote nodes and the tcp
tickles did not get synchronised.
To fix this problem send the STARTUP control (using BROADCAST_CONNECTED)
after startup event. By this time all the running nodes in the cluster
are connected.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Nov 30 15:29:48 CET 2017 on sn-devel-144
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Nov 24 15:49:46 CET 2017 on sn-devel-144
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13152
This makes sure that if a client disconnects, all the deferred calls
from the client are correctly freed.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
https://bugzilla.samba.org/show_bug.cgi?id=13056
Database recovery takes care of attaching missing databases on all the nodes.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Whenever the current git hash changes, we recompile ctdb.c and
ctdb_daemon.c. As both have quite a few warnings with -Wall, this
makes it quite difficult to see the real warnings that pop up during
development. Centralize the ctdb_version_string to just a single file
without warnings.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
This reverts commit 19318d2835.
With this commit, a shutdown that occurs while the startup event is
running can cause an abort because the startup callback will try to
decrease the run state from SHUTDOWN to RUNNING.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Monitoring is skipped when not in run state RUNNING, so remove the
dependency on the monitoring code.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Monitoring can fail during recovery due to databases (e.g. registry)
being unavailable. This has been avoided by explicitly disabling
monitoring around recovery via the START_RECOVERY and END_RECOVERY
controls. With this approach only there is still a window between
enabling recovery mode and START_RECOVERY when monitoring could be
attempted. However, explicitly disabling monitoring is unnecessary
because monitoring is not done when a node is in recovery.
So remove the explicit disable/enable of monitoring and rely on
monitoring being skipped when recovery mode is active.
The only possible change of behaviour with this change is that there
is now a window between setting recovery mode to normal and the
END_RECOVERY control where monitoring is enabled. However, at this
point databases would be available and the "recovered" event will
cancel any in-progress monitoring.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
This is currently handled by explicitly disabling monitoring in
various places. However, those places shouldn't need to know about
monitoring but it is OK for monitoring to know about global node
states.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13029
If a call request for a key (migration request) is in flight, then all
the subsequent call requests for the same key are deferred. In that case,
the data corresponding to key read from the local tdb is useless and there
is no need to keep it around. Once the deferred call is reprocessed,
the data corresponding to that key will be fetched again.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
This doesn't belong in the monitoring/startup code and it is already
done in the 10.interface "init" event.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Recovery and takeover are run via helper from recovery daemon. While the
helpers are running, it's possible for the current node to lose election.
If that happens, abort the currently running recovery/takeover helper.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13021
Once the recovery starts and databases are frozen, then all the record
access is postponed till the recovery is complete except reading the
database sequence number. Database access for reading sequence number
is done via a control which does not check if the databases are frozen
or not.
If the database is frozen and if the freeze transaction is not started
(this can happen when a node is inactive, or during recovery when the
database is frozen but the transaction has not yet started), then trying
to read sequence number will cause ctdb daemon to deadlock.
Before reading the sequence number, check if the database access is
allowed.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Only check processes that are CTDB clients.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13012
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
This removes the static declaration and adds prototype declarations
of ctdb_event_header marshalling functions to avoid compiler warnings.
These functions will be removed.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Only create PID file when actually starting the daemon, rather than
when setting up the context. This will facilitate future changes.
Tweak test to confirm that PID file is no longer created during setup.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12978
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Aug 25 13:32:58 CEST 2017 on sn-devel-144
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Aug 14 13:00:16 CEST 2017 on sn-devel-144
This causes any tracked connections for the IP address to be lost.
When doing a takeip, the server sends a tickle ACK to the client, the
client responds with a valid ACK and the server's TCP stack responds
with a reset because the connection does not exist. However, in the
updateip, case the connection *does* exist, so the tickle *does not*
cause the connection to be reset.
ctdb_announce_vnn_iface() clears the list of tracked TCP connections
while sending the tickle ACKs. So, if there are no reconnects as in
the takeip case, then the list of connections is simply lost.
The "updateip" event in the 10.interface event script already sends
gratuitous ARPs and tickles connections in both directions. This
ensures that traffic continues after packets may have been dropped
when the script temporarily blocks traffic to the IP address.
All of this means that the call to ctdb_announce_vnn_iface() can just
be deleted.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
