1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

2357 Commits

Author SHA1 Message Date
Martin Schwenke
a10545ab6b ctdb-daemon: Drop special case handling for new IP already on interface
The address may already be assigned to another node, so this is wrong.
It also leaves the interface unknown.

This is better left to code that handles rogue IP addresses.  A
takeover run should correctly takeover the address if it is assigned
to this node or release it if it is assigned to another node.  Coming
soon...

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-17 23:00:26 +02:00
Martin Schwenke
d2a91394f5 ctdb-daemon: Use release_ip_post() when releasing all IP addresses
This has the advantage of using common code.  Also, if there was
previously a failed attempt to release the IP address as part of a
delete, then this will finish processing the delete.

Extra care needs to be taken when a VNN is actually deleted.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12158

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-17 23:00:26 +02:00
Martin Schwenke
46c5136e4e ctdb-daemon: Factor out new function release_ip_post()
This contains the cleanup that needs to be done after an IP address is
released from an interface.

state->vnn is set to the return value from release_ip_post(), which is
either the original VNN, or NULL if it was deleted.  This allows
correct handling of the in-flight flag in the destructor for state.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12158

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-17 23:00:26 +02:00
Martin Schwenke
e653c8bb4a ctdb-daemon: Do not copy address for RELEASE_IP message
If there's an allocation failure then the implicit early return in
CTDB_NO_MEMORY_VOID() means that no reply is sent to the control.
ctdb_daemon_send_message() makes a copy of the data, so don't copy it
here and remove an unnecessary chance of failure.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12158

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-17 23:00:26 +02:00
Martin Schwenke
ca22373231 ctdb-daemon: Do not update the VNN state on RELEASE_IP failure
If RELEASE_IP fails then updating the VNN makes it inconsistent with
reality.  Instead, log the failure and move on to the next IP
address.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12158

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-17 23:00:26 +02:00
Martin Schwenke
509491a868 ctdb-daemon: Try to release IP address even if interface is unknown
The "releaseip" event in 10.interface will determine the interface and
do the right thing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12158

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-17 23:00:26 +02:00
Martin Schwenke
254d5545f4 ctdb-logging: Fix CID 1272823 Unchecked return value from library
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12157

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-17 23:00:25 +02:00
Martin Schwenke
1de8948cb5 ctdb-daemon: Fix CID 1362723 Unchecked return value from library
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12157

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-17 23:00:25 +02:00
Martin Schwenke
0de52420b8 ctdb-daemon: Fix CID 1362726 Unchecked return value from library
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12157

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-17 23:00:25 +02:00
Martin Schwenke
518683abfe ctdb-daemon: Fix CID 1125574 Operands don't affect result
Interfaces going up or down are always interesting, so log these at
error level.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12157

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-17 23:00:25 +02:00
Martin Schwenke
1be2cd9dd2 ctdb-daemon: Fix CID 1125575 Operands don't affect result
This is related to an error, so repeatedly log at error level instead
of trying to avoid repetition.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12157

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-17 23:00:24 +02:00
Martin Schwenke
b92c78a043 ctdb-daemon: Fix CID 1272855 Operands don't affect result
Failures are already logged at alert/error level above, so just log
the summary at notice level.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12157

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-17 23:00:24 +02:00
Amitay Isaacs
f1a8fb11dd ctdb-recovery-helper: Fix format-nonliteral warning
... and printf format errors.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12137

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-08-10 08:18:16 +02:00
Amitay Isaacs
fa0015d9ad ctdb-daemon: Fix format-nonliteral warning
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12137

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-08-10 08:18:16 +02:00
Martin Schwenke
d7ecc913bb ctdb-daemon: Clean up SET_DB_PRIORITY/GET_DB_PRIORITY deprecation
The current message is broken:

  Control SET_DB_PRIORITY is not implemented any more, use  instead

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12126

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-08 08:17:34 +02:00
Martin Schwenke
940272d215 ctdb-daemon: Fix CID 1125627 Resource leak (RESOURCE_LEAK)
Also fixes CID 1125628.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12110

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-08 08:17:34 +02:00
Martin Schwenke
1f942ec36c ctdb-mutex: Avoid corner case where helper is already reparented to init
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12113

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-08 08:17:34 +02:00
Martin Schwenke
24e28c0aa5 ctdb-mutex: Fix CID 1359217 Resource leak (RESOURCE_LEAK)
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Aug  3 09:13:55 CEST 2016 on sn-devel-144
2016-08-03 09:13:55 +02:00
Martin Schwenke
c6a7f680ce ctdb-daemon: Fix CID 1363067 Resource leak (RESOURCE_LEAK)
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-03 05:29:24 +02:00
Martin Schwenke
74aca5f4c6 ctdb-daemon: Fix CID 1363233 Resource leak (RESOURCE_LEAK)
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-08-03 05:29:24 +02:00
Martin Schwenke
ed81e51cc1 ctdb-daemon: Fix CID 1364527/8/9: Null pointer dereferences (NULL_RETURNS)
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
2016-07-28 05:00:18 +02:00
Amitay Isaacs
3314a09aaf ctdb-daemon: Drop implementation of global transaction controls
These were used in serial recovery and for restoring databases using
older ctdb tool.  New code uses database specific transaction controls.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-28 05:00:17 +02:00
Amitay Isaacs
28b2a6391b ctdb-daemon: Drop the implementation of THAW control
This control was used by the older implementation of tool to restore a
database from backup.  In the new implemenation of tool, it freezes and thaws
only the database being restored.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-28 05:00:17 +02:00
Martin Schwenke
87b49c913f ctdb-daemon: Deletion of IPs is deferred until the next takeover run
This drastically simplifies the code.  "ctdb reloadips" behaves the
same, since it causes a takeover run immediately after IPs are
deleted.  "ctdb delip" now needs to be followed with an explicit "ctdb
ipreallocate".

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-28 05:00:17 +02:00
Amitay Isaacs
0a759bc3ff ctdb-daemon: Use consistent naming for monitoring mode
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-28 05:00:17 +02:00
Martin Schwenke
10165c48f1 ctdb-daemon: Move CTDB VNN structure to IP takeover code
It is only used in this code.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-28 05:00:15 +02:00
Martin Schwenke
c40fc62642 ctdb-ipalloc: Use a cumulative timeout for takeover run stages
RELEASE_IP sometimes times out because killing TCP connections can
take a long time.

The aim of the takeover timeout is actually to limit the total amount
of time for an IP takeover run.  So, calculate a combined timeout
offset once and use it for each of the RELEASE_IP, TAKEOVER_IP,
IPREALLOCATED stages.  This gives RELEASE_IP more time to kill TCP
connections but still limits the total time.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-28 05:00:15 +02:00
Amitay Isaacs
abd5d7c8fd ctdb-daemon: Use refactored tunable code
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-25 21:29:46 +02:00
Amitay Isaacs
9187f26f99 ctdb-locking: Remove ctdb_db_prio_iterator function
It is not used anymore.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-25 21:29:43 +02:00
Amitay Isaacs
b5ede509ab ctdb-freeze: Remove ctdb_db_prio_frozen() function
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-25 21:29:43 +02:00
Amitay Isaacs
2852397691 ctdb-locking: Remove API for locking databases with priority
This is not used anymore.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-25 21:29:43 +02:00
Amitay Isaacs
b81824e10d ctdb-locking: Remove API for locking all databases
This has never been used.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-25 21:29:43 +02:00
Amitay Isaacs
3927603ca2 ctdb-daemon: Remove priority field from ctdb_db_context
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-25 21:29:43 +02:00
Amitay Isaacs
dc0bfcd7da ctdb-daemon: Remove implementation of SET/GET_DB_PRIORITY
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-25 21:29:42 +02:00
Amitay Isaacs
6693fa59dc ctdb-recoverd: Remove code that updates database priorities during recovery
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-25 21:29:42 +02:00
Amitay Isaacs
5944a9bbcb ctdb-freeze: Drop function thaw_priority()
There are no database priorities anymore, so the function name does
not make any sense.  Call the code in thaw_priority() directly from
ctdb_control_thaw().

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-25 21:29:42 +02:00
Amitay Isaacs
79b6b4b621 ctdb-daemon: Drop priorites from freeze/thaw code
Parallel database recovery freezes databases in parallel and irrespective
of database priority.  So drop priority from freeze/thaw code.
Database priority will be dropped completely soon.

Now FREEZE and THAW controls operate on all the databases.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-25 21:29:42 +02:00
Amitay Isaacs
9338443a92 ctdb-recovery: Remove serial database recovery code
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-25 21:29:42 +02:00
Amitay Isaacs
a376ba8b34 ctdb-vacuum: Do not use freeze_mode outside freeze code
If the database is not frozen and recovery mode is not active, then
vacuuming can continue.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-25 21:29:42 +02:00
Amitay Isaacs
d5e4a7abdc ctdb-locking: Drop code for Samba 3.x compatibility
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-25 21:29:41 +02:00
Amitay Isaacs
9f54b6b67c ctdb-daemon: Log ctdb socket in the main daemon
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-05 10:53:15 +02:00
Amitay Isaacs
ca35d8149d ctdb-daemon: Check if method is initialized before calling
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-05 10:53:15 +02:00
Amitay Isaacs
7c8c6ce74e ctdb-daemon: Improve log message
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-05 10:53:14 +02:00
Amitay Isaacs
e6818c8e3c ctdb-recoverd: Improve election win messages
Logging that node has lost election is less useful than knowing which
node has won the election.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-07-05 10:53:14 +02:00
Martin Schwenke
a2124a1cd8 ctdb-ipalloc: Drop implicit dependency on ctdb-common
Use new functions from protocol API instead.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:26 +02:00
Martin Schwenke
445860bf84 ctdb-ipalloc: IP allocation state is now an opaque structure
It is private to the IP allocation module.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:25 +02:00
Martin Schwenke
41a14e72b5 ctdb-ipalloc: ipalloc() returns public IP list
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:25 +02:00
Martin Schwenke
21adcd32bd ctdb-ipalloc: Move set_ipflags_internal() to ipalloc
Rename it ipalloc_set_node_flags().

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:25 +02:00
Martin Schwenke
2eb0b9e98a ctdb-ipalloc: Switch set_ipflags_internal() to use a new-style node map
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:25 +02:00
Martin Schwenke
ee7fc252c8 ctdb-ipalloc: Move ipalloc state initialisation to ipalloc.c
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:25 +02:00
Martin Schwenke
38f4616bdd ctdb-ipalloc: Pass extra data to IP allocation state initialisation
No longer require CTDB context but pass in number of nodes, algorithm,
no_ip_failback and force_rebalance_nodes.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:25 +02:00
Martin Schwenke
64361d9778 ctdb-ipalloc: Make no_ip_failback a boolean
No need to expose tunable values that far down.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:25 +02:00
Martin Schwenke
86f7c4d7f3 ctdb-ipalloc: Fix buggy short-circuit when no IPs are available
At the moment IP is short-circuited when there are no available IP
addresses.  However, if some IP addresses are already allocated then
"no available IP addresses" means that all the addresses should
(probably) be released.  The current short-circuit means that no
already hosted IP addresses will be released.

The short-circuit exists to avoid lots of messages saying that all IP
addresses can not be assigned at startup time.  So, add a check to
ipalloc_can_host_ips() so that it succeeds if IP addresses are already
allocated to nodes.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:25 +02:00
Martin Schwenke
c5d85a071b ctdb-ipalloc: New function ipalloc_can_host_ips()
Abstracts out code involving internals of IP allocation state.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:25 +02:00
Martin Schwenke
695da518de ctdb-ipalloc: Drop known public IPs from IP allocation state
This is never used in the allocation algorithms.  It is only used when
building the merged IP list.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:25 +02:00
Martin Schwenke
e8ff433c46 ctdb-ipalloc: Move create_merged_ip_list() into ipalloc
How the existing IP layout is constructed and how the merged IP list is
sorted are important aspects of the IP allocation algorithm.  Construct the
merged IP list when known and available IPs are assigned.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:25 +02:00
Martin Schwenke
5c47c35c5a ctdb-ipalloc: New function ipalloc_set_public_ips()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:25 +02:00
Martin Schwenke
1f5c4dbac9 ctdb-ipalloc: Remove function ctdb_reload_remote_public_ips()
Use ctdb_fetch_remote_public_ips() inline to fetch each list.  Assign
them into the IP allocation state separately.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:25 +02:00
Martin Schwenke
303ef82a27 ctdb-ipalloc: Clean up reloading of remote public IPs
Factor out new function ctdb_fetch_remote_public_ips() to fetch known
or available public IP addresses, according to flags.

This also drops the hack where the array from a
ctdb_public_ip_list_old was assigned to a pointer in a
ctdb_public_ip_list.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:25 +02:00
Martin Schwenke
c09cf571b7 ctdb-ipalloc: Don't build a global IP tree
It isn't used outside this function, so just use a local variable.

This makes create_merged_ip_list() independent of the CTDB context.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:25 +02:00
Martin Schwenke
55f13b74bf ctdb-ipalloc: Drop code to update IP assignment tree
This code is not used.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:24 +02:00
Martin Schwenke
a26d39e5ce ctdb-recoverd: Drop code to change the IP assignment tree
The tree is no longer used in verification.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:24 +02:00
Martin Schwenke
35644d0d82 ctdb-ipalloc: Drop remote IP verification
It is only run during a takeover run and only logs errors.  It doesn't
actually do anything to fix potential errors.  The takeover run should
fix any inconsistencies anyway.

Instead, leave a comment in the recovery daemon's monitoring loop to
add proper remote IP verification later.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:24 +02:00
Martin Schwenke
c86066cdc0 ctdb-ipalloc: Drop a use of CTDB_NO_MEMORY_NULL()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:24 +02:00
Martin Schwenke
1ec7de66e9 ctdb-ipalloc: Do not use node count or PNNs from CTDB context
This is unnecessary.  IP allocation state already has a node count and
"i" is already a PNN.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:24 +02:00
Martin Schwenke
c92aa6105a ctdb-ipalloc: Drop an unnecessary check
Deleted (and other inactive) nodes will have an empty list of known
IP addresses.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:24 +02:00
Martin Schwenke
03b300e052 ctdb-ipalloc: Move if-statement with broken condition
This pointer is for an array that is always allocated.  The check is
meant to skip a node that has no IP addresses.  However, when there
are no IP addresses the loop below will not do anything anyway.

Add this as a check at the beginning of the function instead.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-07-04 15:42:24 +02:00
Amitay Isaacs
600cec4d44 ctdb-recovery: Terminate if recovery fails without any banning credits
In case of database recovery failure, if there are no banning credits
assigned, then the async computation is never terminated.  The else
condition is missing in (max_credits >= NUM_RETRIES) check.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Jun 24 09:56:23 CEST 2016 on sn-devel-144
2016-06-24 09:56:23 +02:00
Amitay Isaacs
1847556562 ctdb-recovery-helper: Fix a comment
The sequence of events are incorrectly documented.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-06-24 05:59:08 +02:00
Michael Adam
6083e62af5 ctdb-daemon: make bool assignment more obvious
(showing what is the rule and what is the exception)

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Jun 21 11:48:29 CEST 2016 on sn-devel-144
2016-06-21 11:48:29 +02:00
Amitay Isaacs
da91b70746 ctdb-locking: Avoid real-time in lock helper if nosetsched option is set
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-06-20 16:21:19 +02:00
Amitay Isaacs
a21a4de2cb ctdb-locking: Conditionally set real-time priority in lock helper
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-06-20 16:21:19 +02:00
Amitay Isaacs
2828b9a8c6 ctdb-daemon: Explicitly assign boolean values
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-06-20 16:21:19 +02:00
Amitay Isaacs
fd7bad4229 ctdb-daemon: Do explicit check for integer values
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-06-20 16:21:19 +02:00
Amitay Isaacs
c620bf5deb ctdb-daemon: Reset push_started flag once DB_PUSH_CONFIRM is done
Once DB_PUSH_START is processed as part of recovery, push_started
flag tracks if there are multiple attempts to send DB_PUSH_START.
In DB_PUSH_CONFIRM, once the record count is confirmed, all information
related to DB_PUSH should be reset.  However, The push_started flag was
not reset when the push_state was reset.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Jun  8 14:31:52 CEST 2016 on sn-devel-144
2016-06-08 14:31:52 +02:00
Amitay Isaacs
ecb74721e7 ctdb-recoverd: Avoid duplicate recoverd event in parallel recovery
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11956

In do_recovery, after the recovery and takeover is complete, recoverd
event is triggered.  When the parallel database recovery was separated,
ctdb_recovery_helper implemented sending END_RECOVERY control which
causes recoverd event to be triggered.  So when there is parallel database
recovery, recoverd event is triggered twice.

Instead move the call to run_recovered_eventscript() explicitly in
the serial recovery code path.  This avoids the duplication trigger of
recoverd event.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-06-08 10:33:19 +02:00
Amitay Isaacs
a4ac97d6c0 ctdb-daemon: Use lib/util functions instead of redefinitions
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-06-08 10:33:19 +02:00
Amitay Isaacs
b7073d4021 ctdb-cluster-mutex: Fix #endif decoration
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Jun  8 04:52:18 CEST 2016 on sn-devel-144
2016-06-08 04:52:18 +02:00
Martin Schwenke
174449c1e0 ctdb-recoverd: Release recovery lock on exit
The recovery lock helper must exit when it notices its parent is gone.
However, that can take a few seconds.

The usual way of terminating the recovery daemon is for the main ctdbd
to send it a SIGTERM.  Installing a handler is nice and simple.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:29 +02:00
Martin Schwenke
75717ac667 ctdb-recoverd: Add handler for lost recovery lock
If the process holding the recovery lock terminates unexpectedly then
the recovery daemon needs to know that the lock is no longer held.

While here, rename hold_reclock_handler() to take_reclock_handler() so
there is a clear difference between the two handler names.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:29 +02:00
Martin Schwenke
95a7920d22 ctdb-cluster-mutex: Register an extra handler for when mutex is lost
Pass NULL if not needed.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:29 +02:00
Martin Schwenke
4f0ca0107c ctdb-cluster-mutex: ctdb_cluster_mutex() registers handler and private data
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:29 +02:00
Martin Schwenke
145ddcbe37 ctdb-cluster-mutex: Drop cluster_mutex_handler() ctdb and handle arguments
This makes the API more general.  If they are needed in a handler then
they can be in the private data.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:29 +02:00
Martin Schwenke
8cf74f335e ctdb-recovery: Wrap private data for reclock test callback
This will allow a simplification of the cluster mutex API, so the
private data can be registered when calling ctdb_cluster_mutex().

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:29 +02:00
Martin Schwenke
a192364a12 ctdb-recoverd: Simplify reclock handler
Do the interesting work outside the handler.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:29 +02:00
Martin Schwenke
197264dfe7 ctdb-recoverd: Recovery lock handle should be in recovery deamon context
This shouldn't be in the CTDB context.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:29 +02:00
Martin Schwenke
5c4744e69d ctdb-cluster-mutex: Pass a talloc context to allocate the handle off
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:28 +02:00
Martin Schwenke
58be187de0 ctdb-recoverd: No need to reset reclock handler
It won't be called more than once by the cluster mutex code.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:28 +02:00
Martin Schwenke
a47da8246e ctdb-cluster-mutex: Don't call the supplied hander more than once
After the first activity on the file descriptor, ignore any subsequent
activity.  Single-shot handlers are easier to write.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:28 +02:00
Martin Schwenke
630f169653 ctdb-recoverd: Fix buggy function return on memory allocation failure
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:28 +02:00
Martin Schwenke
dbd4e67aee ctdb-recoverd: Don't expose internal cluster mutex status
Just expose whether the lock was taken.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:28 +02:00
Martin Schwenke
fdd214ce6a ctdb-daemon: Rename recovery lock file to just recovery lock
It isn't necessarily a file.

Don't bother changing the control, since it doesn't pervade the code.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:28 +02:00
Martin Schwenke
f16b26bc97 ctdb-daemon: Drop function ctdb_set_recovery_lock_file()
Setting the recovery lock file at startup can be done more simply.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:28 +02:00
Martin Schwenke
5b4dd8c001 ctdb-protocol: CTDB_CONTROL_SET_RECLOCK_FILE is obsolete
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:28 +02:00
Martin Schwenke
1127f3ae1e ctdb-recovery: Don't update recovery lock from daemon
It can't change after startup.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:28 +02:00
Martin Schwenke
23823f128f ctdb-recovery: Don't sync recovery lock across cluster
Support for updating the recovery lock is being removed because it
isn't possible to recover from failure.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:28 +02:00
Martin Schwenke
091d4d2dbb ctdb-recovery: Consistency check reclock in start recovery control
If the recovery lock setting is not consistent with that of the
recovery master then abort.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-08 00:51:28 +02:00
Amitay Isaacs
93dcca2a5f ctdb-recovery: Update timeout and number of retries during recovery
The timeout RecoverTimeout (default 120) is used for control messages
sent during the recovery.  If any of the nodes does not respond to any
of the recovery control messages for RecoverTimeout seconds, then it
will cause a failure of recovery of a database.  Recovery helper will
retry the recovery for a database 5 times.

In the worst case, if a database could not be recovered within 5 attempts,
a total of 600 seconds would have passed.  During this time period other
timeouts will be triggered causing unnecessary failures as follows:

1. During the recovery, even though recoverd is processing events,
   it does not send a ping message to ctdb daemon.  If a ping message is
   not received for RecdPingTimeout (default 60) seconds, then ctdb will
   count it as unresponsive recovery daemon.  If the recovery daemon
   fails for RecdFailCount (default 10) times, then ctdb daemon will
   restart recovery daemon.  So after 600 seconds, ctdb daemon will
   restart recovery daemon.

2. If ctdb daemon stays in recovery for RecoveryDropAllIPs (default 120),
   then it will drop all the public addresses.  This will cause all
   SMB client to be disconnected unnecessarily.  The released public
   addresses will not be taken over till the recovery is complete.

To avoid dropping of IPs and restarting recovery daemon during a delayed
recovery, adjust RecoverTimeout to 30 seconds and limit number of
retries for recovering a database to 3.  If we don't hear from a node
for more than 25 seconds, then the node is considered disconnected.
So 30 seconds is sufficient timeout for controls during recovery.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Jun  6 08:49:15 CEST 2016 on sn-devel-144
2016-06-06 08:49:15 +02:00
Amitay Isaacs
f8141e91a6 ctdb-recoverd: Freeze databases whenever the node is INACTIVE
If the node becomes stopped or banned after recovery is marked
active, then it will never freeze the databases, and hence the
node will keep banning itself indefinitely, until ctdbd is restarted.

This is a regression from 4.3, introduced with

b4357a79d9

and

d8f3b490bb

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11945

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Jun  1 17:36:12 CEST 2016 on sn-devel-144
2016-06-01 17:36:12 +02:00
Michael Adam
4b5eaf9a4e ctdb:banning: Improve debug message in ctdb_ban_node_event()
Make it more clear what happens when reading the logs.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-01 14:02:20 +02:00
Michael Adam
57cb011a0a ctdb:banning: Improve a debug message
This adapts the debug message in local_node_got_banned
to reflect what the function is currently doing.
This message was not adapted when the function was changed.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-01 14:02:20 +02:00
Michael Adam
2fbf19449e ctdb:eventscript: timedout->timed out in ctdb_event_script_args()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-06-01 00:57:33 +02:00
Michael Adam
b360c72eaf ctdb:banning: timedout->timed out in dbg messages in ctdb_ban_node_event()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-06-01 00:57:32 +02:00
Martin Schwenke
f9d4cb4c29 ctdb-recoverd: Unify takeover run triggering code in main loop
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Fri May 13 17:15:57 CEST 2016 on sn-devel-144
2016-05-13 17:15:57 +02:00
Martin Schwenke
e3e4f37c41 ctdb-recoverd: Add early return in srvid_requests_reply()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-13 13:47:17 +02:00
Martin Schwenke
ebbeab74ed ctdb-recoverd: Drop an unnecessary log message
do_takeover_run() will logs something at NOTICE level anyway.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-13 13:47:17 +02:00
Martin Schwenke
2a93b8423b ctdb-recoverd: Move takeover run checks after recover checks
If a recovery is going to be done then this will be followed by a
takeover run anyway.  So, there's no use doing the takeover run
checks, potentially doing a takeover run and then doing a recovery.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-13 13:47:17 +02:00
Martin Schwenke
662f06de9f ctdb-recoverd: Drop explicit check to flag takeover run needed
The recovery daemon should be less involved in the service monitoring
logic.

The cases handled here are already handled elsewhere:

* When a node becomes unhealthy/healthy the monitoring code will
  trigger a takeover run

* When a node is disabled/enabled the ctdb CLI tool will trigger a
  takeover run

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-13 13:47:17 +02:00
Martin Schwenke
4331306fce ctdb-takeover: Do not set node unhealthy when "takeip" fails
It will just become healthy again in the next monitor cycle.

Instead, let the recovery master ban it if the problem persists.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-13 13:47:17 +02:00
Martin Schwenke
9dc3b117e2 ctdb-takeover: Recovery daemon no longer passes fail callback
Banning is now handled by the takeover code sending banning credit
messages.

This commit makes a change in behaviour quite obvious.  Takeover runs
were initiated from several locations in the code but banning was only
done from one of these locations.  Now banning can be done from any
failed takeover run.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-13 13:47:17 +02:00
Martin Schwenke
1e9f650382 ctdb-takeover: Only apply banning credits to the worst offender
Post-process failues and only send banning credits to the node with
the most failures.

If there is a widespread problem or a problem on the recovery master
node then this should help avoid banning all the nodes.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-13 13:47:17 +02:00
Martin Schwenke
1c60694e53 ctdb-takeover: Count takeover run failures
This will allow banning credits assignments to be limited according to
some criteria.

Note that this only matters when multiple controls are sent to each
node: RELEASE_IP and TAKEOVER_IP.  This doesn't change the behaviour
for IPREALLOCATED.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-13 13:47:17 +02:00
Martin Schwenke
0053b85fc6 ctdb-takeover: Send banning credit messages from fail callback
Banning credits are now assigned by takeover runs called from all
locations in the recovery daemon.  Previously this only happened from
one of the callers.  When separating out the takeover run code the
behaviour should be consistent.

The callback (and corresponding data) passed to ctdb_takeover_run() is
now ignored.  Dropping this will allow the interface between the
recovery daemon and IP takeover to be simplified.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-13 13:47:17 +02:00
Martin Schwenke
db9ec11b1a ctdb-takeover: Have the takeover fail callback log a message
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-13 13:47:17 +02:00
Martin Schwenke
1f0263c6d4 ctdb-takeover: Use the takeover_run_fail_callback() in more cases
Probably due to oversight, this is currently only used for the
"takeip" step.

This does consistent error handling and provides a layer of
indirection to the passed callback, so use it for "releaseip" and
"ipreallocated" steps too.

The callback data now needs to be initialised before the first
possible jump to "ipreallocated".

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-13 13:47:17 +02:00
Martin Schwenke
06ad1711cf ctdb-takeover: New function takeover_callback_data_init()
Abstract out the initialisation of the callback data.  Later, we'll
need to do it multiple times or move it.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-13 13:47:17 +02:00
Martin Schwenke
a44c099e42 ctdb-takeover: Takeover callback data doesn't need a node map
It just needs to know the number of nodes.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-13 13:47:16 +02:00
Martin Schwenke
d61a75fd67 ctdb-takeover: PNN can be used to index into node map
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-13 13:47:16 +02:00
Martin Schwenke
9056b43b96 ctdb-takeover: Drop ipreallocated fallback code
The ipreallocated control has been in CTDB for a long time.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-13 13:47:16 +02:00
Martin Schwenke
866ca591d4 ctdb-recoverd: Fold IP allocation house-keeping into IP verification
Now all the IP takeover code for non-master node is in this function.
The function can always be renamed to something more suitable.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri May  6 15:10:59 CEST 2016 on sn-devel-144
2016-05-06 15:10:59 +02:00
Martin Schwenke
4947789b2a ctdb-recoverd: Clean up local IP verification
Update log levels and messages, comments and wrapping of long lines.
No functional changes.

Note that interfaces_have_changed() already does adequate logging.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-06 11:39:09 +02:00
Martin Schwenke
bdcc796f3c ctdb-recoverd: Skip known IP address checking when it is disabled
When public IP checking is disabled, verify_local_ip_allocation()
still retrieves known IP addresses and runs through a loop that does
nothing.

Instead, completely skip the retrieval and checking loop.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-06 11:39:09 +02:00
Martin Schwenke
fc4cbf5528 ctdb-recoverd: Check that IP failover is active in IP verification
This makes verify_local_ip_allocation() self-contained and simplifies
main_loop().

Due to indentation changes, this commit is most easily read when
ignoring whitespace.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-06 11:39:09 +02:00
Martin Schwenke
ff28cbb73d ctdb-recoverd: Call election when necessary in recovery master validation
There is no need to return one of several states and then trigger an
election for one of those return states.  Have the recovery master
validation trigger the election directly and just return whether
monitoring should continue.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-06 11:39:09 +02:00
Martin Schwenke
e8c33aa24a ctdb-recoverd: Simplify return values when updating local flags
Change this to return just 0 or -1.  It isn't monitoring anything.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-06 11:39:09 +02:00
Martin Schwenke
0a9401ff0e ctdb-recoverd: Drop unreachable code
update_local_flags() never returns MONITOR_ELECTION_NEEDED, so drop
this entire if-statement.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-06 11:39:09 +02:00
Martin Schwenke
4bef374e31 ctdb-daemon: Don't use CTDB_SRVID_TAKEOVER_RUN_RESPONSE
Nobody registers a handler for this message type.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-06 11:39:09 +02:00
Martin Schwenke
3e272e081f ctdb-recover: Avoid duplicate deferred attach processing
Deferred attach processing is done unconditionally at this point.  It
is then done again if recovery lock checking is done and completes
successfuly.  If the recovery lock checking fails then it should not
be done at all.

Move this processing so it is done with the early exit when the
recovery lock is not being used.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-06 11:39:09 +02:00
Martin Schwenke
721f64511c ctdb-recovery: Move recovery lock latency updating to handler
The cluster mutex code already passes the latency and expects the
handler to update the statistics.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-28 09:39:17 +02:00
Martin Schwenke
bcb838ba1e ctdb-recovery: Move recovery lock functions to recovery daemon code
ctdb_recovery_have_lock(), ctdb_recovery_lock(),
ctdb_recovery_unlock() are only used by recovery daemon, so move them
there.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-28 09:39:17 +02:00
Martin Schwenke
df99d9e273 ctdb-cluster-mutex: Factor out cluster mutex code
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-28 09:39:17 +02:00
Martin Schwenke
ecc6751c6b ctdb-recovery: Factor out setting of cluster mutex handler
This means that the cluster mutex handle can now be treated as opaque.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-28 09:39:17 +02:00
Martin Schwenke
94fb2cf0ec ctdb_recovery: ctdb_cluster_mutex() now takes an argstring argument
All of the ctdb_cluster_mutex_* infrastucture can now handle an
arbitrary mutex.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-28 09:39:17 +02:00
Martin Schwenke
46684867b1 ctdb-recovery: Recovery lock setting can now include helper command
The underlying change is to allow the cluster mutex argstring to
optionally contain a helper command.  When the argument string starts
with '!' then the first word is the helper command to run.  This is
now the standard way of changing the helper from the default.

CTDB_CLUSTER_MUTEX_HELPER show now only be used to change the location
of the default helper when testing.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-28 09:39:17 +02:00
Martin Schwenke
918b0d9a9c ctdb-recovery: Parse recovery lock setting
This is currently just treated as the name of a lock file.  However,
it is really some arbitrary arguments to lock helper.

Therefore, it should be parsed and passed as separate arguments to the
lock helper.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-28 09:39:17 +02:00
Martin Schwenke
64d557200e ctdb-recovery: Reimplement ctdb_recovery_lock() using ctdb_cluster_mutex()
Replace the file descriptor for the recovery lock in the CTDB context
with the cluster mutex handle, where non-NULL means locked.
Attempting to take the recovery lock is now asynchronous and no longer
blocks the recovery daemon.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-28 09:39:16 +02:00
Martin Schwenke
0b0b954ff2 ctdb-recovery: Kill cluster mutex helper with a signal that can be caught
Unlike fcntl(2), some other helper might need to explicitly take
action to release a mutex.  This can be done by catching SIGTERM.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-28 09:39:16 +02:00
Martin Schwenke
e679a1731c ctdb-recovery: Switch ctdb_cluster_mutex() to use helper
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-28 09:39:16 +02:00
Martin Schwenke
5cf3b7a1e3 ctdb: Add new helper ctdb_mutex_fcntl_helper
This implements the type of fcntl locking that the recovery lock uses.
The intent is to use it for multiple locks and allow the choice of
helper to be configured.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-28 09:39:16 +02:00
Martin Schwenke
978404ecde ctdb-recovery: Add optional timeout argument to ctdb_cluster_mutex()
Timeout in seconds, 0 means no timeout.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-28 09:39:16 +02:00
Martin Schwenke
43e9f58d6a ctdb-recovery: Factor out reclock testing into ctdb_cluster_mutex()
This is currently only used to check whether the recovery lock can be
taken.  However, name it more generally in anticipation of using it
for general cluster mutex taking and testing.

No functional changes.  A couple of debug message simplifications and
code rearrangements.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-28 09:39:16 +02:00
Martin Schwenke
ab75f2a587 ctdb-recovery: Use a configurable handler when testing cluster mutex
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-28 09:39:16 +02:00
Martin Schwenke
419f57f378 ctdb-recovery: Factor out new function set_recmode_handler()
This is used to reply to the recmode control for all the different
cases.  The callers can later be generalised to use a pointer, which
can then be used for recovery lock handling in different contexts.

Note that the handle is now freed in set_recmode_handler() rather than
the callbacks.

There is one difference in behaviour.  Deferred attach calls are now
processed in the timeout case, where they weren't before.  That's a
bug fix!

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-28 09:39:16 +02:00
Martin Schwenke
14a2330692 ctdb-recovery: Use single char ASCII numbers for status from child
'0' = Child took the mutex
  '1' = Unable to take mutex - contention
  '2' = Unable to take mutex - timeout
  '3' = Unable to take mutex - error

This is a straightforward API.  When the child is generalised to an
external helper then this makes it easier for a helper to be, for
example, a simple script.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-28 09:39:16 +02:00
Martin Schwenke
4842b6bb91 ctdb-recovery: Rename recovery lock functions and struct
Use the more general name "cluster mutex", since we are likely to end
up with more than one cluster-wide lock.  There will probably be a
dedicated recovery lock, held only during recovery, and also a second
lock that is held by the master node.  Currently one lock is used for
both purposes.

At the moment the struct and functions are involved with setting the
recovery mode.  However, they'll be abstracted out to more generally
deal with the cluster mutexes, so "recmode" -> "cluster_mutex".  Drop
"set" from names, since this is used to test the lock.  Also drop
"ctdb" prefix from functions, since they are local to this file.  The
struct will eventually be a long-lived handle that will release the
mutex when freed, so name it accordingly.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-28 09:39:16 +02:00
Volker Lendecke
aad53cf595 ctdbd: Use talloc_memdup where appropriate
.... 40 bytes .text less ;-)

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-04-25 18:29:21 +02:00
Martin Schwenke
09173f80d9 ctdb-ipalloc: Do ipreallocated even if no IP addresses can be allocated
In particular, LVS won't work at all if there are no public IP
addresses.

This is a temporary solution until a generic reconfiguration hook is
implemented.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-25 07:10:14 +02:00
Martin Schwenke
107f40abf9 ctdb-daemon: Move port filtering to server side when getting tickles
Why allocate all that memory and transfer all that data across the
socket?

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-25 07:10:14 +02:00
Amitay Isaacs
d2f86ea8c3 ctdb-daemon: Remove unused controls related to server_id
These controls have never been used and also they do not use the server_id
structure defined in samba.  In future, similar controls can be added to
register/unregister using proper server_id structure.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-04-23 23:55:14 +02:00
Amitay Isaacs
979693069a ctdb-daemon: Avoid memory leak
ctdb->idr and ctdb->srv get initialized as part of ctdb_init() called
from ctdb_cmdline_init().

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-04-23 23:55:14 +02:00
Martin Schwenke
a610447995 ctdb-daemon: Log a message when fork(2) fails
It is useful to know what error occurred.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-17 13:54:13 +02:00
Martin Schwenke
ffd64de772 ctdb-daemon: Drop --lvs option and support for CTDB_CAP_LVS
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Fri Apr 15 09:35:51 CEST 2016 on sn-devel-144
2016-04-15 09:35:51 +02:00
Martin Schwenke
951e8180a9 ctdb-daemon: Drop --single-public-ip option and related code
This has been replaced by scripts.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-15 05:57:18 +02:00
Martin Schwenke
2e1e1e8268 ctdb-killtcp: Merge "common" killtcp code into helper
ctdb_killtcp.c is now the only place it is needed.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-01 04:42:12 +02:00
Martin Schwenke
d8398b04b5 ctdb-daemon: Remove implementation of CTDB_CONTROL_KILL_TCP
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-01 04:42:12 +02:00
Martin Schwenke
c56112949a ctdb-killtcp: Simplify includes by using ctdb_sock_addr_to_string()
This allows common.h and ctdb_private.h to be dropped.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-01 04:42:11 +02:00
Martin Schwenke
248557bdf5 ctdb-killtcp: Avoid unnecessary dependency on lib/util/time.h
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-01 04:42:11 +02:00
Martin Schwenke
51f5faf555 ctdb-killtcp: Factor out killtcp code into separate file.
This will be used in a standalone helper.

Don't worry that the API isn't clean and opaque.  All of the code will
eventually move into the helper and will no longer be used by the
daemon.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-01 04:42:11 +02:00
Martin Schwenke
f76cb52eb5 ctdb-killtcp: Factor out ctdb_killtcp()
This function knows nothing about CTDB contexts or VNNs, so it can be
used elsewhere.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-01 04:42:11 +02:00
Martin Schwenke
879960b74d ctdb-killtcp: Change struct ctdb_tcp_kill to store arbitrary destructor data
The destructor used in this instances needs a CTDB context and a VNN.
However, destructors used in other cases may need different data.

For this instance create a local structure to hold the required data.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-01 04:42:11 +02:00
Martin Schwenke
1bf494f693 ctdb-killtcp: Avoid CTDB_NO_MEMORY()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-01 04:42:11 +02:00
Martin Schwenke
32ea7c0d2c ctdb-killtcp: Determine the interface as soon as vnn is known
This makes restructuring the code easier.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-01 04:42:11 +02:00
Martin Schwenke
380c894471 ctdb-killtcp: Use the given event context directly
We don't want this code to depend on a CTDB context, so don't go
looking there for an event context.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-04-01 04:42:11 +02:00
Amitay Isaacs
c51b8c2234 ctdb-recovery-helper: Add banning to parallel recovery
If one or more nodes are misbehaving during recovery, keep track of
failures as ban_credits.  If the node with the highest ban_credits exceeds
5 ban credits, then tell recovery daemon to assign banning credits.

This will ban only a single node at a time in case of recovery failure.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Mar 25 06:57:32 CET 2016 on sn-devel-144
2016-03-25 06:57:32 +01:00
Amitay Isaacs
ae366fb932 ctdb-recoverd: Add message handler to assigning banning credits
This will be called from recovery helper to assign banning credits to
misbehaving node.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:16 +01:00
Amitay Isaacs
ad7a407a13 ctdb-recovery-helper: Introduce new #define variable
... instead of hardcoding number of retries.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:16 +01:00
Amitay Isaacs
e5a714a3c2 ctdb-recovery-helper: Improve log message
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:16 +01:00
Amitay Isaacs
ffea827bae ctdb-recovery-helper: Introduce push database abstraction
This abstraction uses capabilities of the remote nodes to either send
older PUSH_DB controls or newer DB_PUSH_START and DB_PUSH_CONFIRM
controls.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:15 +01:00
Amitay Isaacs
b96a4759b3 ctdb-recovery-helper: Introduce pull database abstraction
This abstraction depending on the capability of the remote node either
uses older PULL_DB control or newer DB_PULL control.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:15 +01:00
Amitay Isaacs
e1fdfdd1c1 ctdb-recovery-helper: Write recovery records to a recovery file
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:15 +01:00
Amitay Isaacs
9058fe06df ctdb-recovery-helper: Re-factor function to retain records from recdb
Also, rename traverse function and traverse state for recdb_records
consistently.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:15 +01:00
Amitay Isaacs
a80ff09ed3 ctdb-recovery-helper: Create accessors for recdb structure fields
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:15 +01:00
Amitay Isaacs
70011a1bfb ctdb-recovery-helper: Rename pnn to dmaster in recdb_records()
This variable is used to set the dmaster value for each record in
recdb_traverse().

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:15 +01:00
Amitay Isaacs
5b926d882e ctdb-recovery-helper: Pass capabilities to database recovery functions
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:15 +01:00
Amitay Isaacs
5f43f92796 ctdb-recovery-helper: Factor out generic recv function
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:15 +01:00
Amitay Isaacs
95a15cde45 ctdb-daemon: Implement new controls DB_PULL and DB_PUSH_START/DB_PUSH_CONFIRM
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:15 +01:00
Amitay Isaacs
c41808e6d2 ctdb-tunables: Add new tunable RecBufferSizeLimit
This will be used to limit the size of record buffer sent in newer
controls for recovery and existing controls for vacuuming.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-25 03:26:14 +01:00
Martin Schwenke
e4f592539d ctdb-daemon: Replace an unsafe strcpy(3) call
Tweak another strncpy(3) call.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-22 00:23:20 +01:00
Martin Schwenke
0ffa5d8d9e ctdb-daemon: Validate length of new interface names
Interface names that are too long will be truncated by strncpy(3)
later on.  It is better to validate the length of each new interface
name to ensure it will be usable.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-22 00:23:20 +01:00
Volker Lendecke
deaab95b8d ctdb: Fix CID 1356313 Explicit null dereferenced
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-18 00:29:14 +01:00
Martin Schwenke
fa8bd41009 ctdb-tunables: Mark tunable DeferredRebalanceOnNodeAdd obsolete
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Mar 10 06:51:46 CET 2016 on sn-devel-144
2016-03-10 06:51:46 +01:00
Martin Schwenke
c9e69a4b2e ctdb-recoverd: Drop use of DeferredRebalanceOnNodeAdd tunable
If set, this was used to setup an IP takeover run on a timer after
certain updates to the public IP address configuration (e.g. "ctdb
addip").

However, "ctdb reloadips" completely manages public IP reconfiguration
and avoids the anomalies that DeferredRebalanceOnNodeAdd was
introduced to work around.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-03-10 03:34:19 +01:00
Martin Schwenke
aaa57fbcb3 ctdb-tools: Drop "ctdb rebalanceip"
This is undocumented and is not needed.  It was a workaround for
trying to ensure public IP addresses are properly rebalanced after
running "ctdb addip" on multiple nodes.  "ctdb reloadips" is a better
solution.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-03-10 03:34:19 +01:00
Amitay Isaacs
bd23b43bfe ctdb-tunables: Fix the implementation of LIST_TUNABLES control
Do not assume the first tunable is not obsolete.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-10 03:34:18 +01:00
Amitay Isaacs
700f39372a ctdb-recovery-helper: Get tunables first, so control timeout can be set
During the recovery process, the timeout value for sending all controls
is decided by RecoverTimeout tunable.  So in the recovery process,
first get the tunables, so the control timeout gets set correctly.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-10 03:34:18 +01:00
Amitay Isaacs
4a78200f43 ctdb-tunables: Mark tunable ReclockPingPeriod obsolete
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-10 03:34:18 +01:00
Amitay Isaacs
73ab0f9911 ctdb-tunables: Mark tunable MaxRedirectCount obsolete
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-10 03:34:18 +01:00
Amitay Isaacs
aa700deb64 ctdb-tunables: Add missing flags in the initializer
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-10 03:34:18 +01:00
Amitay Isaacs
ace23f0a81 ctdb-locking: Use real-time only for actual record or DB locking
Use real-time priority only for obtaining record and database locks.
Do not open databases with real-time priority as it can cause thundering
herd on fcntl lock while opening tdb database.  Also relinquish real-time
priority after the lock is obtained.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Mar  7 11:29:00 CET 2016 on sn-devel-144
2016-03-07 11:29:00 +01:00
Amitay Isaacs
00b9e76904 ctdb-takeover: Inform clients when dropping all IP addresses
CTDB releases all IPs in following cases: starting up, shutting down,
node gets banned, node does not come out of recovery for a long time.
Always inform samba when CTDB releases IP addresses.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-07 08:14:21 +01:00
Amitay Isaacs
b8272d835d ctdb-takeover: Do not kill smbd processes on releasing IP
CTDB already notifies Samba with RELEASE_IP message.  Samba can take
appropriate action based on that.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-07 08:14:21 +01:00
Martin Schwenke
46edef25df ctdb-recovery: Limit scope of reclock latency statistics
It does not make sense to update this statistic for the timeout case,
since this could skew the statistic.  To keep it simple, just update
it for the usual case where there is lock contention, since this is
the usual case.  So the daemon statistic measures time to test the
lock and the corresponding recovery daemon statistic measures time to
take the lock.

Additionally, the recovery daemon will eventually use this code to
take the lock, and the method of updating the latency statistic will
need to be pushed further out to a configurable handler that depends
on the calling context.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue Feb 23 10:32:06 CET 2016 on sn-devel-144
2016-02-23 10:32:06 +01:00
Martin Schwenke
188019b877 ctdb-recovery: Negate the status when checking the recovery lock
Have 0 indicate that the lock was taken.  This allows non-zero values
to be used to indicate why the lock could not be taken.  EACCES means
lock contention.

For now use just EACCES to cover all failures, since
ctdb_recovery_lock() returns a bool and details of other errors will
be lost.  ctdb_recovery_lock() will undergo some big changes, so don't
try to fix this now.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-02-23 07:23:18 +01:00
Martin Schwenke
fad3f367b7 ctdb-recovery: Clean up status handling from recmode child
This currently returns an incorrect error when the expected number of
bytes are not read.  Separate out the different cases to clarify the
logic and avoid reporting the wrong error.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-02-23 07:23:18 +01:00
Martin Schwenke
b6c3918457 ctdb-recovery: Don't bother ensuring file descriptor is -1
This is already done before the destructor is assigned.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-02-23 07:23:18 +01:00
Martin Schwenke
531e6724ba ctdb-recovery: Don't store recmode in recovery mode state
The callbacks that use this value are only ever called if recovery
mode is being set to NORMAL.  So do not check if recmode is NORMAL
either.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-02-23 07:23:18 +01:00
Martin Schwenke
6695fa50ae ctdb: Use ctdb_wait_for_process_to_exit()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-02-23 07:23:18 +01:00
Martin Schwenke
4d6ec81299 ctdb-recovery: Drop redundant status send when setting recovery mode
The child process writes the status into the pipe before looping to
wait.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-02-23 07:23:18 +01:00
Martin Schwenke
3e2f2169a4 ctdb-recovery: Include lib/util/time.h instead of samba_util.h
Less is more...

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-02-23 07:23:18 +01:00
Volker Lendecke
7b3fb853a4 ctdb: Fix CID 1353175 Logically dead code
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-02-16 16:41:18 +01:00
Volker Lendecke
e23ab7d408 ctdb: Fix CID 1353176 Logically dead code
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-02-16 16:41:18 +01:00
Martin Schwenke
2deba05c58 ctdb-ipalloc: Remove most uses of struct ctdb_public_ip_list_old
Where possible, this should no longer be used.

struct ctdb_public_ip_list is a fixed size structure and introduces an
extra level of indirection.  This means one level of indirection can
be dropped for known_public_ips and available_public_ips.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Fri Feb 12 08:40:21 CET 2016 on sn-devel-144
2016-02-12 08:40:21 +01:00
Martin Schwenke
53752bcf29 ctdb-ipalloc: Use goto fail to avoid repetition
This is getting unreadable...

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-02-12 05:32:16 +01:00
Amitay Isaacs
157e19b984 ctdb-recovery: Add a log message when marshalling recovery database fails
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-02-12 05:32:16 +01:00
Amitay Isaacs
d1f3b5d408 ctdb-daemon: Improve log message when REQ_DMASTER is received on non-lmaster
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-02-12 05:32:16 +01:00
Amitay Isaacs
19a411f839 ctdb-recovery: Create recovery databases in state dir
This matches the behaviour during serial database recovery.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Feb 11 08:01:14 CET 2016 on sn-devel-144
2016-02-11 08:01:14 +01:00
Amitay Isaacs
171fdc20b9 ctdb-recovery: Fix newlines in log messages
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Uri Simchoni <uri@samba.org>

Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Tue Feb  9 22:28:08 CET 2016 on sn-devel-144
2016-02-09 22:28:08 +01:00
Amitay Isaacs
b71c2e4230 Revert "ctdb-daemon: Check packet generation against database generation"
This reverts commit 0ff90f4fac.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11707

The checks against database generation are not required since
the global generation is updated as part of updating vnnmap
before the actual database recovery.  This change was done in
5aab31a39a.

Checking only against the database generation is incomplete.  It can
cause CTDB to abort if the following sequence of events happen.

 - CTDB gets REQ_DMASTER packet (gen1)
   This packet processing gets deferred to get a record lock

 - CTDB goes into recovery, marks RECOVERY_ACTIVE
   CTDB recovery helper updates vnnmap (gen2)

 - CTDB processes REQ_DMASTER packet (gen1)
   The check against database generation (gen1) succeeds.
   The check for lmaster is now invalid because VNNMAP has changed.
   This will cause CTDB to abort due to protocol error.

Reverting the patch stops processing packets of older generation before
they get into call processing.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Signed-off-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Feb  9 12:39:24 CET 2016 on sn-devel-144
2016-02-09 12:39:24 +01:00
Günther Deschner
1f6495b2f5 ctdb/server: fix gcc6 build warning.
ctdb/server/ipalloc_lcp2.c:264:29: warning: 'minimbl' may be used uninitialized
in this function [-Wmaybe-uninitialized]

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Feb  7 00:56:44 CET 2016 on sn-devel-144
2016-02-07 00:56:44 +01:00
Michael Adam
476672b647 dlist: remove unneeded type argument from DLIST_ADD_END()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-02-06 21:48:17 +01:00
Martin Schwenke
6bbf7d8f09 ctdb: NAT gateway capability and control to set it are obsolete
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Jan 27 18:35:24 CET 2016 on sn-devel-144
2016-01-27 18:35:24 +01:00
Volker Lendecke
93e48df86c ctdb: Fix the O3 developer build
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-01-14 19:37:19 +01:00
Martin Schwenke
39bc356ccb ctdb-ipalloc: Document the steps involved in a takeover run
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Jan 13 23:27:01 CET 2016 on sn-devel-144
2016-01-13 23:27:01 +01:00
Martin Schwenke
e320725f02 ctdb-ipalloc: Split IP allocation into its own build subsystem
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-01-13 20:18:20 +01:00
Martin Schwenke
18b0aeaae0 ctdb-ipalloc: Fix a memory leak
Commit cfa0ffe780 introduced a memory
leak.  Never assume...

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-01-12 19:16:17 +01:00
Martin Schwenke
24160ee6a4 ctdb-daemon: Don't leak memory if not using recovery lock
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-01-12 19:16:17 +01:00
Martin Schwenke
56ce230de7 ctdb-recoverd: Fix some uninitialised memory issues
The first element of these structures is a 32-bit PNN.  On 64-bit
systems this field can be followed by 32-bits of padding.  When the
structures are copied this can cause uninitialised memory to be
copied.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-01-12 19:16:17 +01:00
Martin Schwenke
8f73ae03cc ctdb-daemon: Drop the "schedule for deletion" messages to DEBUG level
Thousands of these can be generated each second, rendering INFO level
debugging useless.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-01-12 19:16:17 +01:00
Martin Schwenke
fe918572cb ctdb-ipalloc: Rename top level IP allocation algorithm functions
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Fri Dec  4 12:25:14 CET 2015 on sn-devel-104
2015-12-04 12:25:14 +01:00
Martin Schwenke
821aa24ffd ctdb-ipalloc: Rename ctdb_takeover_run_core() to ipalloc()
It just does IP allocation...

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-12-04 09:17:17 +01:00
Martin Schwenke
99abcc108c ctdb-ipalloc: Fold force_rebalance_candidates into IP allocation state
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-12-04 09:17:17 +01:00
Martin Schwenke
13aa583ea4 ctdb-ipalloc: Fold all IPs list into IP allocation state
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-12-04 09:17:17 +01:00
Martin Schwenke
fb66232155 ctdb-ipalloc: Tidy up some of the IP allocation functions
Shorter temporary variables for compactness/readability.  "tmp_ip" is
5 characters longer than "t".  In each for statement it is used 4
times, so costs 20 characters.  Save those extra characters so that
future edits will avoid going over 80 columns.

Tweak whitespace for readability, rewrap some code.

No functional changes.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-12-04 09:17:17 +01:00
Martin Schwenke
5dcc1d7a69 ctdb-daemon: Don't delete connection information for released IP
As per the comment:

  If the IP address is hosted on this node then remove the connection.

  Otherwise this function has been called because the server IP
  address has been released to another node and the client has exited.
  This means that we should not delete the connection information.
  The takeover node processes connections too.

This doesn't matter at the moment, since the empty connection list for
an IP address that has been released will never be pushed to another
node.  However, it matters if the connection information is stored in
a real replicated database.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-12-04 09:17:17 +01:00
Martin Schwenke
4261d6e70a ctdb-daemon: Move VNN lookup out of ctdb_remove_tcp_connection()
In a subsequent commit ctdb_takeover_client_destructor_hook() needs to
know the VNN.  So just have both callers of
ctdb_remove_tcp_connection() do the lookup and pass in the VNN.

This should cause no change in behaviour.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-12-04 09:17:17 +01:00
Martin Schwenke
473f1a77e1 ctdb-daemon: Do not process tickle updates for hosted IP addresses
Tickle list updates are broadcast to all connected nodes and are
accepted even when received on the same node that sent them.  This
could actually lead to lost connection information when information
about new connections is received while an update is in-flight.

Instead, return early when the IP is hosted on the current node, since
it is the only one that could have sent the update.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-12-04 09:17:17 +01:00
Martin Schwenke
bd7c94d5ac ctdb-recoverd: Drop function unban_all_nodes()
It hasn't worked since commit cda5f02c7c
in 2009, which reworked the banning code.  Since then
ctdb_control_modflags() has contained a comment saying:

  /* we don't let other nodes modify our BANNED status */

Unbanning all nodes originally occurred here when the recovery master
role moved to a new node.  The logic could have been meant for the
case when the old recovery master was malfunctioning, so got banned.
If any other nodes had been banned by this recovery master then they
would be unbanned.  However, this would also unban the old recovery
master, which is probably suboptimal.  The logic would also trigger if
a node was banned for a good reason and then the recovery master was
stopped.  So, apart from doing nothing, the logic is too simplistic so
might as well be removed.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-12-04 09:17:17 +01:00
Martin Schwenke
ad6685847b ctdb-daemon: Drop handling of ban control sent to unexpected node
The banning code caters for the case where the node specified in the
bantime data is not the node receiving the control.  This never
happens.  There are 2 places where ctdb_ctrl_set_ban() is called: the
ctdb CLI tool and the recovery daemon.  Both pass the same node in the
bantime data that they are sending the control to.  There are no plans
to do anything more elaborate, so just delete the handling of this
special case.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-12-04 09:17:17 +01:00
Martin Schwenke
33084a1c2c ctdb-ipalloc: Drop unnecessary struct ctdb_ipflags
This can be easily decomposed into 2 separate arrays.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Nov 23 05:34:55 CET 2015 on sn-devel-104
2015-11-23 05:34:55 +01:00
Martin Schwenke
e73496d0dc ctdb-ipalloc: Move memory allocation into ipalloc_state_init()
This puts all of the memory allocation for ipalloc_state into its init
function.  This also simplifies the code because
set_ipflags_internal() can no longer fail because it no longer
allocates memory.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-23 02:31:11 +01:00
Martin Schwenke
47c5e5aa14 ctdb-ipalloc: Have set_ipflags_internal() set ipalloc_state->ipflags
This is cleaner than returning ipflags and assigning them into
ipalloc_state afterwards.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-23 02:31:10 +01:00
Martin Schwenke
dd163e26d9 ctdb-ipalloc: Fold IP flags into IP allocation state
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-23 02:31:10 +01:00
Martin Schwenke
22a930a045 ctdb-ipalloc: Use number of nodes from IP allocation state
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-23 02:31:10 +01:00
Martin Schwenke
13162419be ctdb-ipalloc: Allocate memory off IP allocation state
Instead of local or passed temporary contexts.

This has the side effect of making ipalloc_state available inside the
modified functions, making future use of ipalloc_state simpler.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-23 02:31:10 +01:00
Martin Schwenke
921e17d81e ctdb-ipalloc: Add error handling to IP allocation
The only likely failure is out of memory, so just return boolean
value.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-23 02:31:10 +01:00
Martin Schwenke
25c10936eb ctdb-ipalloc: Drop CTDB context argument from set_ipflags_internal()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-23 02:31:10 +01:00
Martin Schwenke
5b7bb6056b ctdb-ipalloc: ctdb_takeover_run_core() takes ipalloc_state
As do the functions called below it.  They no longer need a CTDB
context.

create_merged_ip_list() now takes both a CTDB context and an
ipalloc_state.

Drop ipalloc_state from CTDB context.  So the substitution in the
code is:

  ctdb->ipalloc_state  ->  ipalloc_state

Tweak the test code to match.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-20 01:36:32 +01:00
Martin Schwenke
5fba874a2e ctdb-ipalloc: Tidy up create_merged_ip_list()
Simplify with TALLOC_FREE() and fix some whitespace.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-20 01:36:32 +01:00
Martin Schwenke
837483c8d3 ctdb-ipalloc: Move IP list creation out to ctdb_takeover_run()
For various reasons create_merged_ip_list() needs a CTDB context.
This is difficult to resolve now for a few reasons, including:

* The ip_tree needs somewhere to live.

  It isn't very useful in its current form.  However, in the future
  real remote IP monitoring will probably be added back, so leave it
  around.

* It uses node flags from the ctdb_node structure.

  This could be changed by putting a node map into ipalloc_state
  and referencing that.

For now, it is easier to move it out to where there will be a CTDB
context available for the forseeable future.  ctdb_takeover_run() will
need one as long as the current client interface is used.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-20 01:36:31 +01:00
Martin Schwenke
cc1637b17c ctdb-ipalloc: Add no_ip_failback to ipalloc_state
The IP allocation algorithms need the value of this tunable, so copy
it to avoid needing the CTDB context.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-20 01:36:31 +01:00
Martin Schwenke
47ddd62358 ctdb-ipalloc: New enum ipalloc_algorithm in ipalloc_state
Algorithm-related tunables from the CTDB context no longer need to be
accessed in the allocation logic.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-20 01:36:31 +01:00
Martin Schwenke
cfa0ffe780 ctdb-ipalloc: Move IP allocation state into its own struct
Most of the IP allocation code does not need a CTDB context.  However,
temporarily hang this off the CTDB context and make only the changes
relating to known/available IP address.  This makes those logic
changes obvious without burying them in function type changes.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-20 01:36:31 +01:00
Martin Schwenke
d7739d8a7f ctdb-ipalloc: node_ip_coverage() doesn't need CTDB context
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-20 01:36:31 +01:00
Christof Schmitt
03b27bd139 ctdb: Use prctl_set_comment from lib/util
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-18 04:05:13 +01:00
Martin Schwenke
44bf7c2a12 ctdb-recoverd: Factor out recovery master validation
Starting to untangle cluster management, database recovery and public
IP allocation.  This is a non-trivial subset of the cluster management
code that runs in the recovery daemon on all nodes.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Nov 16 11:47:45 CET 2015 on sn-devel-104
2015-11-16 11:47:44 +01:00
Martin Schwenke
e44957fc8b ctdb-recmaster: Update capabilities before calling first election
Capabilities are used when computing an election result so having them
up-to-date seems like a good idea.

Also update several instances of an ambiguous comment.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-16 08:42:12 +01:00
Martin Schwenke
c5e50a474b ctdb-recoverd: Move VNN map retrieval to where it is needed
The VNN map is only needed on the recovery master, so no need for all
recovery daemons to retrieve it.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-16 08:42:12 +01:00
Martin Schwenke
d1f996a50f ctdb-recoverd: Drop explicit check for recovery lock
This is already handled in update_recovery_lock(), which is called
immediately before.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-16 08:42:12 +01:00
Martin Schwenke
1499f3e301 ctdb-recoverd: Simplify using TALLOC_FREE()
The only non-obvious part here is dropping the setting of the nodemap
local variable to NULL.  If the following control succeeds then it is
set, otherwise return and it doesn't matter.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-16 08:42:12 +01:00
Martin Schwenke
050e64b647 ctdb-recoverd: Clarify that recmaster is being set on the current node
That is, using CTDB_CURRENT_NODE makes this more obvious.

Also fix incorrect error messages.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-16 08:42:12 +01:00
Martin Schwenke
0833e478c3 ctdb-recoverd: Do not sanity check recovery master with local daemon
Each recovery daemon knows who the recmaster is and is in sync with
its local daemon.  The recovery master is running this check so do not
bother checking with its local daemon - both agree that it is the
recovery master.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-16 08:42:12 +01:00
Martin Schwenke
d8decd0b1d ctdb-recoverd: Don't retrieve recovery master from local daemon
The recovery daemon already knows which node is the master.  This
relies on rec->recmaster being correctly initialised and correctly set
during elections.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-16 08:42:12 +01:00
Martin Schwenke
e90cab7073 ctdb-recoverd: Explicitly set initial recovery master to unknown
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-16 08:42:11 +01:00
Martin Schwenke
018077f3b0 ctdb-recoverd: Do not set recovery master during recovery
Recovery should not do cluster management functions.  Setting the
recovery master should only be done via an election.

Main loop will determine if recovery master is inconsistent across the
cluster and force an election if necessary.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-16 08:42:11 +01:00
Martin Schwenke
4b37cc7cf6 ctdb-recoverd: Have recovery daemon remember election result
The recovery daemon pushes knowledge of recovery master election
progress/result to local daemon.  It then retrieves that information
again.

Instead, have the recovery daemon reliably track election
progress/result in rec->recmaster so it doesn't need to be retrieved.
Be careful to maintain consistency by only doing this when the local
daemon has been updated.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-16 08:42:11 +01:00
Martin Schwenke
6f8837528f ctdb-recoverd: Clarify recovery master validation logic
There can be no holes in the nodemap.  Even if a node has been deleted
it will take a slot in the nodemap.  The only exception is that the
nodemap shrinks if nodes are deleted from the end.  That should never
include the master because a node should be shutdown before being
deleted, and an election should already have take place.

To avoid walking off the end of the nodemap nodes array just confirm
that the master node's PNN is a valid index into the array.  No need
to walk through the nodemap.

After this, in this section of the code j is now invalid.  So use the
master's PNN to index into the nodemap.  This is safe.

In the process, clean up some log messages to avoid saying "Force
reelection".  It's just an "election".

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-16 08:42:11 +01:00
Martin Schwenke
9166c30a41 ctdb-daemon: Rename EventScriptTimeoutCount to MonitorTimeoutCount
This only applies to monitor events so renaming clarifies this.

Note that this change is not backward compatible.  Users with

  CTDB_SET_EventScriptTimeoutCount=<n>

in their configuration will get failures when starting CTDB but the
cause will be clearly logged.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-16 08:42:11 +01:00
Martin Schwenke
55ad4d80d4 ctdb-daemon: Move script timeout count into monitor state
It is only used by the monitoring code.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-16 08:42:11 +01:00
Martin Schwenke
0d5db1c007 ctdb-daemon: Reset script timeout count in monitor code
This is the only place it is used.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-16 08:42:11 +01:00
Martin Schwenke
a33b50d07f ctdb-daemon: Do not bother printing script timeout count
It is only updated for monitor events, so it is meaningless here.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-16 08:42:11 +01:00
Martin Schwenke
bda2d9de2b ctdb-ipalloc: Don't consider runstates in the IP takeover code
Checking runstates is unnecessary now that nodes that are not RUNNING
will return no available IP addresses.  I have no idea why I didn't do
it this way originally.

Tweak the test code to cope with this.

Note that this is a backward-incompatible change.  If new and old
versions of CTDB are running together in a cluster and a new node
takes over as recovery master then old nodes will be able to host
public IP addresses before they are in RUNNING runstate.  This is
mitigated by the bias towards recovery master stability in elections.
If it is important that nodes do not host IPs until they are RUNNING
then do not restart nodes running the old version.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-16 08:42:11 +01:00
Martin Schwenke
9ea318847a ctdb-ipalloc: Check for available IPs, not runstate, in takeover run
The available IPs list is now only non-empty for nodes that are in
RUNNING runstate.  So, to avoid running the IP allocation algorithm
when there are no available available IPs, explicitly check for
available IPs rather than checking runstates.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-16 08:42:11 +01:00
Martin Schwenke
66574c9fda ctdb-ipalloc: A VNN can only host IPs if node is in RUNNING runstate
This will allow wonderful simplification (i.e. removal) of some of the
runstate checking in the takeover run code.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-16 08:42:11 +01:00
Amitay Isaacs
f50db5cba5 ctdb-server: Replace ctdb_logging.h with common/logging.h
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Michael Adam <obnox@samba.org>
2015-11-16 00:46:15 +01:00
Amitay Isaacs
c170cdbc75 ctdb-logging: Move debug_extra definition to server/ctdb_logging.c
This variable is used for adding a prefix to log entries from various
child processes.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Michael Adam <obnox@samba.org>
2015-11-16 00:46:14 +01:00
Amitay Isaacs
7dd2f1c35a ctdb-daemon: Move ctdb_fork.c to server
These functions are only used in the ctdb daemon code.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Michael Adam <obnox@samba.org>
2015-11-16 00:46:14 +01:00
Amitay Isaacs
848da80152 ctdb-daemon: Move switch_from_server_to_client() to ctdb_daemon.c
This function can only called from ctdb daemon.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Michael Adam <obnox@samba.org>
2015-11-16 00:46:14 +01:00
Martin Schwenke
0886637a5e ctdb-recoverd: Reload remote IPs as part of takeover run
This is currently done before each IP takeover run, so just factor it
in.

ctdb_reload_remote_public_ips() becomes static.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Nov 12 09:28:45 CET 2015 on sn-devel-104
2015-11-12 09:28:45 +01:00
Martin Schwenke
8cdae3ade6 ctdb-recoverd: Move ctdb_reload_remote_public_ips() to ctdb_takeover.c
This will help to untangle known and available public IP lists from
the CTDB context.

verify_remote_ip_allocation() needs a forward declaration.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-12 06:24:15 +01:00
Martin Schwenke
c37e3c05b0 ctdb-recoverd: Remote IP validation can't cause a takeover run
Remote IP validation is only called when a takeover run is about to
happen anyway, so don't bother flagging one.  Given that a takeover
run isn't being triggered, also drop the test that checks if takeover
runs are disabled.  These are the only uses of the rec argument, so
drop it.

One possible further simplification would be to remove this function
because it doesn't accomplish anything.  However, it is worth leaving
it as a reminder that remote IP validation should be done properly at
some time in the future.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-12 06:24:15 +01:00
Martin Schwenke
8b7b153cf6 ctdb-recoverd: Drop culprit argument from ctdb_reload_remote_public_ips()
It is only used by the caller to print a message that includes the
culprit.  However, ctdb_reload_remote_public_ips() already prints
perfectly good messages and they include the culprit.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-12 06:24:15 +01:00
Martin Schwenke
1d7d5abd31 ctdb-recoverd: Trigger takeover run after rebalance timeout
No need to do it immediately.  It will happen in less than a second.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-12 06:24:15 +01:00
Martin Schwenke
a7e8687b6d ctdb-recoverd: Remove unnecessary assignments of need_takeover_run
do_takeover_run() unsets this if it succeeds.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-12 06:24:15 +01:00
Martin Schwenke
d608862c5a ctdb-recoverd: Do not run recovery-related events around IP takeover
This is not a recovery, so do not run "startrecovery and "recovered"
events.  There are other IP takeover runs where these are not run.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-12 06:24:15 +01:00
Martin Schwenke
bd0befa529 ctdb-recoverd: Drop some sanity checking in local IP verification
The recovery start/end times used in the checks at the top of
verify_local_ip_allocation() are set by the START_RECOVERY and
END_RECOVERY controls.  A couple of takeover runs escape the checks
because they were added later and are not surrounded by these
controls.

Recovery and IP allocation need to be untangled from each other, so
recovery-related events should not be relied on for IP allocation.
This means the solution is not to add these where they are "missing".

The concern that the checks are addressing is to avoid local IP
verification when IP addresses are in a state of flux.  Takeover runs
on non-master nodes are already disabled while a takeover run is in
progress, so local IP verification is already skipped in that case.
The other case is the master node, which will be busy with the
takeover run, rather than running main_loop().

The other issue is races.  verify_local_ip_allocation() takes a
non-zero amount of time to fetch IP addresses from the local CTDB
daemon and during this time a recovery or takeover run can start, but
a takeover run can still be triggered.  The current tests do not stop
this.

Apart from all of this, with most reasonable public IP address
configurations, an extra takeover run will be a no-op so is not a
cause for concern.

It is safe to drop these checks.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-12 06:24:15 +01:00
Martin Schwenke
ceb0988e14 ctdb-recoverd: Simplify using TALLOC_FREE()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-11-12 06:24:15 +01:00
Mathieu Parent
c315fce17e Fix various spelling errors
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Nov  6 13:43:45 CET 2015 on sn-devel-104
2015-11-06 13:43:45 +01:00
Amitay Isaacs
38d92788d6 ctdb-include: Use new protocol definitions
This gets rid of the duplicate definitions from ctdb_protocol.h.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:16 +01:00
Amitay Isaacs
409c92b6c6 ctdb-daemon: Remove explicit include of ctdb_protocol.h
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:16 +01:00
Amitay Isaacs
44e611ddcf ctdb-daemon: Rename struct ctdb_control_get_ifaces to ctdb_iface_list_old
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:16 +01:00
Amitay Isaacs
ecfaef5031 ctdb-daemon: Rename struct ctdb_control_public_ip_info to ctdb_public_ip_info_old
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:16 +01:00
Amitay Isaacs
c4e9d616ae ctdb-daemon: Rename struct ctdb_control_iface_info to ctdb_iface
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:15 +01:00
Amitay Isaacs
417077c8a7 ctdb-daemon: Rename struct ctdb_control_transdb to ctdb_transdb
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:15 +01:00
Amitay Isaacs
1278a5a4ed ctdb-daemon: Rename struct ctdb_control_set_tunable to ctdb_tunable_old
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:15 +01:00
Amitay Isaacs
64d8bb626b ctdb-daemon: Rename struct ctdb_control_pulldb to ctdb_pulldb
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:15 +01:00
Amitay Isaacs
f8c2dc3220 ctdb-daemon: Rename struct ctdb_control_gratious_arp to ctdb_addr_info_old
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:15 +01:00
Amitay Isaacs
357bc60947 ctdb-daemon: Rename struct ctdb_control_ip_iface to ctdb_addr_info_old
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:15 +01:00
Amitay Isaacs
cb0be4126f ctdb-daemon: Rename struct ctdb_tunable to ctdb_tunable_list
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:15 +01:00
Amitay Isaacs
ca481354c0 ctdb-daemon: Rename struct ctdb_control_tcp_tickle_list to ctdb_tickle_list_old
Also remove unnecessary struct ctdb_tcp_wire_array.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:15 +01:00
Amitay Isaacs
e34afd8516 ctdb-daemon: Rename struct srvid_request_data to ctdb_disable_message
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:15 +01:00
Amitay Isaacs
cf1ac77b3a ctdb-daemon: Rename struct srvid_request to ctdb_srvid_message
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:15 +01:00
Amitay Isaacs
d4de4527b0 ctdb-daemon: Rename struct ctdb_ban_time to ctdb_ban_state
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:15 +01:00
Amitay Isaacs
92a6ac18ae ctdb-daemon: Rename struct ctdb_tcp_connection to ctdb_connection
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:15 +01:00
Amitay Isaacs
a82ee238b5 ctdb-daemon: Rename struct ctdb_control_tcp_addr to ctdb_connection
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:15 +01:00
Amitay Isaacs
699ee0df94 ctdb-daemon: Rename struct ctdb_server_id_list to ctdb_client_id_list_old
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:15 +01:00
Amitay Isaacs
d858c210a7 ctdb-daemon: Rename struct ctdb_server_id to ctdb_client_id
This is to avoid clash with samba structure server_id.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:15 +01:00
Amitay Isaacs
645cd43200 ctdb-daemon: Rename struct ctdb_dbid_map to ctdb_dbid_map_old
Match struct ctdb_dbid as per protocol/protocol.h

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:15 +01:00
Amitay Isaacs
563f518283 ctdb-daemon: Remove struct ctdb_client_notify_deregister
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:15 +01:00
Amitay Isaacs
b936145951 ctdb-daemon: Rename struct ctdb_client_notify_register to ctdb_notify_data_old
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:15 +01:00
Amitay Isaacs
a9f335fcc2 ctdb-daemon: Rename struct ctdb_iface to ctdb_interface
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:14 +01:00
Amitay Isaacs
75572bd2a3 ctdb-daemon: Rename struct ctdb_db_statistics to ctdb_db_statistics_old
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:14 +01:00
Amitay Isaacs
b45bc4ce4b ctdb-daemon: Rename struct ctdb_statistics_wire to ctdb_statistics_list_old
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:14 +01:00
Amitay Isaacs
b99436e425 ctdb-daemon: Rename struct ctdb_rec_data to ctdb_rec_data_old
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:14 +01:00
Amitay Isaacs
04eaa077aa ctdb-daemon: Rename struct ctdb_all_public_ips to ctdb_public_ip_list_old
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:14 +01:00
Amitay Isaacs
2b76e58032 ctdb-daemon: Rename struct ctdb_public_ip_list to public_ip_list
A private structure need not have ctdb_ prefix.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:14 +01:00
Amitay Isaacs
afc5d8a442 ctdb-daemon: Rename struct ctdb_node_map to ctdb_node_map_old
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:14 +01:00
Amitay Isaacs
e8f8c63361 ctdb-daemon: Rename struct ctdb_req_keepalive to ctdb_req_keepalive_old
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:14 +01:00
Amitay Isaacs
1c828b4ed6 ctdb-daemon: Rename struct ctdb_reply_control to ctdb_reply_control_old
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:14 +01:00
Amitay Isaacs
e1fed53e2a ctdb-daemon: Rename struct ctdb_req_control to ctdb_req_control_old
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:14 +01:00
Amitay Isaacs
acf858defb ctdb-daemon: Rename struct ctdb_req_message to ctdb_req_message_old
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:14 +01:00
Amitay Isaacs
296d9f4cda ctdb-daemon: Rename struct ctdb_reply_dmaster to ctdb_reply_dmaster_old
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:14 +01:00
Amitay Isaacs
555a2f3f4f ctdb-daemon: Rename struct ctdb_req_dmaster to ctdb_req_dmaster_old
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:14 +01:00
Amitay Isaacs
e23a2891d9 ctdb-daemon: Rename struct ctdb_reply_error to ctdb_reply_error_old
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:14 +01:00
Amitay Isaacs
277c21f0cd ctdb-daemon: Rename struct ctdb_reply_call to ctdb_reply_call_old
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:14 +01:00
Amitay Isaacs
e0c42c5698 ctdb-daemon: Rename struct ctdb_req_call to ctdb_req_call_old
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:14 +01:00
Amitay Isaacs
f55889d2c9 ctdb-daemon: Rename enum ctdb_eventscript_call to ctdb_event
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:13 +01:00
Amitay Isaacs
e7c9e50916 ctdb-daemon: Rename struct ctdb_scripts_wire to ctdb_script_list_old
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:13 +01:00
Amitay Isaacs
b9b4bfa330 ctdb-daemon: Rename struct ctdb_script_wire to ctdb_script
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:13 +01:00
Amitay Isaacs
d8f3b490bb ctdb-banning: Do not set recovery mode to ACTIVE in daemon
When a node gets banned, it should go into recovery and freeze all
databases.  We rely on the recovery daemon to detect the banned state
and put the node in recovery and freeze all databases.

Recent change in b4357a79d9 took explicit
freezing out of banning code but left the setting of recovery mode
to ACTIVE.  Recovery daemon will freeze databases only if the recovery
mode is NORMAL.  Recovery mode set to ACTIVE is an indication that the
freeze has started.

Do not set the recovery mode to ACTIVE in banning.  Let recovery daemon
take care of it.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Oct 30 10:32:38 CET 2015 on sn-devel-104
2015-10-30 10:32:38 +01:00
Amitay Isaacs
4647787773 ctdb-daemon: Separate prototypes for common client/server functions
This groups function prototypes for common client/server functions in
common/common.h and removes them from ctdb_private.h.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-10-30 02:00:27 +01:00
Amitay Isaacs
ded94c426b ctdb-build: Calculate correct version when building from tarball
When building standalone ctdb from git repo, samba_version_file correctly
includes git sha in VERSION string.  When building standalone ctdb from
tarball, samba_version_file puts UNKNOWN in the VERSION string.

Use the packaged include/ctdb_version.h file to set the correct git sha.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-10-30 02:00:27 +01:00
Amitay Isaacs
01c6c90e98 ctdb-daemon: Remove dependency on includes.h
Instead of includes.h, include the required header files explicitly.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-10-30 02:00:27 +01:00
Amitay Isaacs
2fdb332fad ctdb-daemon: Stop using tevent compatibility definitions
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-10-30 02:00:27 +01:00
Amitay Isaacs
7084cb92e2 ctdb-include: Move include/internal/cmdline.h to common/
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-10-30 02:00:27 +01:00
Amitay Isaacs
b900adc55c ctdb-daemon: Separate prototypes for system specific functions
This groups function prototypes for system specific functions in
common/system.h and removes them from ctdb_private.h.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-10-30 02:00:27 +01:00
Michael Adam
0a90ed5124 ctdb: open the RO tracking db with perms 0600 instead of 0000
While 0000 is possible from the UNIX/POSIX point of view,
these permissions create problems in an environment with
selinux enabled, which is more strict.

This aligns the perms of the read only tracking db with other
internal dbs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11577

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Oct 28 06:13:09 CET 2015 on sn-devel-104
2015-10-28 06:13:09 +01:00
Martin Schwenke
dfc84fdd45 ctdb-daemon: Change handling of default capabilities
Centrally define all the default capabilities to make the defaults
crystal clear.  Capability-related command-line options now have a
direct correspondence rather than a reverse correspondence.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Michael Adam <obnox@samba.org>
2015-10-16 13:35:10 +02:00
Amitay Isaacs
5aab31a39a ctdb-recovery: Update vnnmap before database recovery
Once the databases are recovered, all the pending calls are resent.
If the vnnmap is not updated, then the nodes can redirect calls to nodes
that are not part of the new vnnmap.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Oct 16 09:31:34 CEST 2015 on sn-devel-104
2015-10-16 09:31:34 +02:00
Volker Lendecke
d527ab1094 ctdbd: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-10-14 02:19:14 +02:00
Amitay Isaacs
0101748287 ctdb-recoverd: Always check for recmaster before doing recovery
Recovery daemon checks if it is the recovery master before performing
certain checks.  During those checks it's possible that re-election can
change the recmaster.  In such a case, the recovery daemon should never
do a database recovery.

This is not complete fix since the recovery master can still change
while the recovery is going on.  The correct fix is to abort recovery
if the recovery master changes.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Oct  7 17:55:05 CEST 2015 on sn-devel-104
2015-10-07 17:55:05 +02:00
Amitay Isaacs
3cf93d9136 ctdb-recoverd: Get rid of connected-ness comparison in election
The reason for favouring more connected node is to create a larger
cluster in case of a split brain.  In split brain condition, the nodes
are not communicating across partitions and each partition will run its
own election.  Among all the partitions, the node which holds the recovery
lock will eventually "win".  All the other nodes which won election but
could not grab recovery lock will end up banning themselves.

This also prevents the recovery master role from bouncing between nodes
during startup when the entire cluster is restarted.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-10-07 14:53:29 +02:00
Amitay Isaacs
fbd9c9fd2f ctdb-recoverd: Do not freeze databases for election
If election occurs during SMB activity, then trying to freeze all the
databases can cause samba/ctdb deadlock which parallel database recovery
is trying to avoid.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-10-07 14:53:29 +02:00
Amitay Isaacs
ffff66b011 ctdb-call: Improve a log message
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-10-07 14:53:29 +02:00
Amitay Isaacs
e6ff36506c ctdb-recoverd: Add code for parallel database recovery
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-10-07 14:53:29 +02:00
Amitay Isaacs
f0613ac4f7 ctdb-daemon: Use a define for default capabilities
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-10-07 14:53:29 +02:00
Amitay Isaacs
4b39a7706f ctdb-recoverd: Update flags on all nodes before database recovery
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-10-07 14:53:29 +02:00
Amitay Isaacs
9843363629 ctdb-recoverd: Update capabilities before the database recovery
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-10-07 14:53:29 +02:00
Amitay Isaacs
14cacd2925 ctdb-recovery: Factor out existing database recovery code
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-10-07 14:53:29 +02:00
Amitay Isaacs
951431910d ctdb-recoverd: Add parallel database recovery helper
Parallel database recovery fixes the samba/ctdb deadlock during recovery.

Many times samba tries to grab multiple record locks in sequence.
Consider a case when samba is already holding a record lock on a database
and tries to get a record lock on second database.  If the second record
is not available on the local node, samba asks ctdb to migrate the record.
If recovery occurs at this time (e.g. node becoming inactive), ctdb
cannot freeze all the databases since samba is already holding a lock
and waiting for the second lock.  CTDB can process the second record
request only after the recovery is complete, thus causing a deadlock.

In parallel database recovery, each database is frozen and recovered
independent from each other.  So as soon as the second database is
recovered, CTDB will resend all the pending migration requests and Samba
can get the second lock.  Once samba releases both the locks, ctdb can
freeze the first database and recover it completing recovery process.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-10-07 14:53:29 +02:00
Amitay Isaacs
b25c1135a7 ctdb-daemon: Use reqid abstraction
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-10-07 14:53:28 +02:00
Amitay Isaacs
9d75bf3a9f ctdb-daemon: formatting fix
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-10-07 14:53:28 +02:00
Amitay Isaacs
62f1e2579a ctdb-daemon: Replace ctdb_message with srvid abstraction
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-10-07 14:53:28 +02:00
Amitay Isaacs
42f7722151 ctdb-daemon: Remove freeze requirement for updating vnnmap
In the parallel database recovery model, all the database will not remain
frozen at the same time.  So relax the condition to check if recovery
is active.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-10-07 14:53:27 +02:00
Amitay Isaacs
3cbd0409f3 ctdb-daemon: Add a check for database generation consistency
Before setting recovery mode to normal, confirm that all the databases are
recovered by matching the database generation with the global generation.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-10-07 14:53:27 +02:00
Amitay Isaacs
0ff90f4fac ctdb-daemon: Check packet generation against database generation
CTDB verifies the generation in the packet header matches that of the
current generation.  However, that check now needs to be done where
database context is available.  So add in the check in handlers for
database requests (CTDB_REQ_CALL, CTDB_REQ_DMASTER, CTDB_REPLY_DMASTER
and CTDB_REPLY_CALL).

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-10-07 14:53:27 +02:00
Amitay Isaacs
d701072c3e ctdb-call: Delete old defer queue if recovery occurs
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-10-07 14:53:27 +02:00
Amitay Isaacs
3d11efe3c6 ctdb-daemon: Use database generation in packet headers for database requests
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-10-07 14:53:27 +02:00
Amitay Isaacs
1df2594386 ctdb-daemon: Introduce per database generation
The database generation for each database is updated only during recovery.
After recovery is complete the database generation would be the same as
the global generation.

The database generation is required for parallel database recovery.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-10-07 14:53:27 +02:00
Amitay Isaacs
b81d4ccc77 ctdb-freeze: Use individual database freeze in blocking freeze
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-10-07 14:53:27 +02:00
Amitay Isaacs
5d9dd4d400 ctdb-freeze: Ensure all databases get frozen during freeze
It's possible that the databases can get attached after initial freeze.
This typically happens during startup as CTDB will only attach persistent
databases and go in to startup freeze.  During recovery, the recovery
master will attach all the missing databases and then send freeze
controls.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-10-07 14:53:27 +02:00