1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Commit Graph

282 Commits

Author SHA1 Message Date
Amitay Isaacs
e1fed53e2a ctdb-daemon: Rename struct ctdb_req_control to ctdb_req_control_old
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-11-04 00:47:14 +01:00
Amitay Isaacs
4647787773 ctdb-daemon: Separate prototypes for common client/server functions
This groups function prototypes for common client/server functions in
common/common.h and removes them from ctdb_private.h.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-10-30 02:00:27 +01:00
Amitay Isaacs
01c6c90e98 ctdb-daemon: Remove dependency on includes.h
Instead of includes.h, include the required header files explicitly.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-10-30 02:00:27 +01:00
Amitay Isaacs
2fdb332fad ctdb-daemon: Stop using tevent compatibility definitions
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-10-30 02:00:27 +01:00
Amitay Isaacs
b900adc55c ctdb-daemon: Separate prototypes for system specific functions
This groups function prototypes for system specific functions in
common/system.h and removes them from ctdb_private.h.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-10-30 02:00:27 +01:00
Amitay Isaacs
b25c1135a7 ctdb-daemon: Use reqid abstraction
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-10-07 14:53:28 +02:00
Martin Schwenke
bce6a386d3 ctdb-daemon: Drop struct ctdb_control_killtcp
Just use ctdb_tcp_connection.  It is the same.  There are no external
users.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
2015-09-07 07:01:13 +02:00
Martin Schwenke
952a50485f ctdb-daemon: Check if updates are in flight when releasing all IPs
Some code involved in releasing IPs is not re-entrant.  Memory
corruption can occur if, for example, overlapping attempts are made to
ban a node.  We haven't been able to recreate the corruption but this
should protect against it.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-07-29 10:33:29 +02:00
Martin Schwenke
036c2a9243 ctdb-recoverd: Add new function clear_ip_assignment_tree()
This needs to be cleared to avoid stale data when a new recovery
master is elected.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-07-01 04:18:28 +02:00
Martin Schwenke
7d0a4ab622 ctdb-daemon: Never release all IPs when DisableIPFailover is set
If DisableIPFailover is set then something else may be managing public
IP addresses so CTDB should leave them alone.

Pair-programmed-with: Amitay Isaacs <amitay@gmail.com>
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-05-13 06:42:13 +02:00
Martin Schwenke
5483d0c799 ctdb-daemon: Don't update IP tree if DisableIPFailover is set
There won't be an IP tree.  It is only ever initialised during a
takeover run.

The alternate to this would be to avoid sending
CTDB_SRVID_RECD_UPDATE_IP in "ctdb moveip".  This logic is probably
best kept out of the CLI tool.

Pair-programmed-with: Amitay Isaacs <amitay@gmail.com>
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-05-13 06:42:13 +02:00
Martin Schwenke
3c7bcea368 ctdb-daemon: Mark interfaces as "up" by default
The potential for public IP addresses to shuffle around during node
initialisation disappeared a while ago because IP addresses can only
be assigned to a node that is in CTDB_RUNSTATE_RUNNING.  This means
that interfaces might as well just be initialised as "up".  If any
interfaces are actually "down" then this will be rectified by the
"startup" event in 10.interfaces.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-05-13 06:42:13 +02:00
Martin Schwenke
694482fb3f ctdb-daemon: Skip "IP on interface" checks if DisableIPFailover is set
To support external failover of IP addresses if DisableIPFailover is
set.  CTDB's idea of IP address assignment can be manipulated using
"ctdb moveip".  Checking if the IP address is already held breaks
this in several places.

Pair-programmed-with: Amitay Isaacs <amitay@gmail.com>
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-05-13 06:42:13 +02:00
Martin Schwenke
3e6660c46f ctdb-daemon: Improve readability of code by nesting if-statements
ctdb_sys_have_ip() should only be run if if do_publicipcheck is set.
This is clearer if written as 2 nested if-statements rather than as a
lazy conjuction.

Pair-programmed-with: Amitay Isaacs <amitay@gmail.com>
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-05-13 06:42:13 +02:00
Amitay Isaacs
9b6865475e ctdb-daemon: Remove obsolete IPv4 only controls
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-05-12 01:32:11 +02:00
Amitay Isaacs
4f4e6ebace ctdb-daemon: Remove older data structure that supports only IPv4 addresses
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-05-12 01:32:11 +02:00
Martin Schwenke
6808b0aa6a ctdb-daemon: Drop interface monitoring
This is done by 10.interace where the monitor event fails when there
is a missing interface.  The in-daemon interface checking adds no
value.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-05-10 03:22:14 +02:00
Martin Schwenke
7ee57b8d7c ctdb-recoverd: Short circuit takeover run if no nodes are RUNNING
If all nodes are still in, say, FIRST_RECOVERY runstate, then the logs
contain unfortunate noise like:

  recoverd:Failed to find node to cover ip 10.0.2.131

This avoids that by adding an early exit that avoids running
takeover_run_core() when there are no nodes in the
CTDB_RUNSTATE_RUNNING.

To support this add the runstate to the ipflags structure.  There are
clearly other ways of hacking this but this seems the simplest.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-05-10 03:22:13 +02:00
Rajesh Joseph
9b33732a57 ctdb: Coverity fix for CID 1125630
Due to usage of CTDB_NO_MEMORY macro,
some of the resources are not freed in failure cases.

Signed-off-by: Rajesh Joseph <rjoseph@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Apr 17 16:49:05 CEST 2015 on sn-devel-104
2015-04-17 16:49:04 +02:00
Amitay Isaacs
41ed26cbf7 ctdb-recoverd: Fix typo in comment
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-03-27 06:40:08 +01:00
Martin Schwenke
108b1be0ee ctdb-daemon: Trust vnn->interface for an IP when releasing it
ctdb_sys_find_ifname() doesn't work for IPv6 addresses so don't use
it.

Trust the eventscript to do sanity checking on the interface.  Current
warnings are replaced with equivalents generated by the eventscript.
The unlikely message:

  Public IP %s is hosted on interface %s but we have no VNN

will be replaced by:

  WARNING: Public IP %s hosted on interface %s but VNN says __none__

which is clear enough.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2014-12-05 21:02:40 +01:00
Martin Schwenke
a4e76b58a5 ctdb-util: Add extra max_size argument to file_lines_load()
This is part of a migration to Samba's lib/util.  CTDB always passes 0
(i.e. no max_size) so use a simple assert() to enforce this, rather
than changing a lot of code that will be discarded anyway.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2014-09-10 01:36:15 +02:00
Martin Schwenke
c1558adeaa ctdb: Use sys_read() and sys_write() to ensure correct signal interaction
... and avoid compiler warnings in some cases.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2014-08-21 04:46:13 +02:00
Martin Schwenke
6f43896e12 ctdb-daemon: Debugging for tickle updates
This was useful for debugging the race fixed by commit
4f79fa6c7c.  It might be useful again.

Also fix a nearby comment typo.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Fri Jun 20 02:07:48 CEST 2014 on sn-devel-104
2014-06-20 02:07:48 +02:00
Martin Schwenke
cbd6beb469 ctdb-daemon: Move a ZERO_STRUCT() to a better place
It might as well be near where it is used.  Add a comment explaining
it.

Also add/update comments at the top of the RELEASE_IP and TAKEOVER_IP
loops to explain what is happening.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon May  5 06:20:39 CEST 2014 on sn-devel-104
2014-05-05 06:20:38 +02:00
Gregor Beck
6cdde2711b ctdb:daemon avoid goto ctdb_remove_orphaned_ifaces()
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Apr  1 02:59:05 CEST 2014 on sn-devel-104
2014-04-01 02:59:05 +02:00
Gregor Beck
dd56afc7df ctdb:daemon take a shortcut in all_nodes_are_disabled()
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-04-01 00:55:45 +02:00
Martin Schwenke
20c719677a ctdb/daemon: Optimise deletion of IPs
Previous commits maintained the ordering between
ctdb_remove_orphaned_ifaces() and ctdb_vnn_unassign_iface().  This
meant that ctdb_remove_orphaned_ifaces() needed to steal the orphaned
interfaces and they would be freed later.

Unassign the interface first and things get simpler.
ctdb_remove_orphaned_ifaces() is now self-contained.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Sun Mar 23 06:20:43 CET 2014 on sn-devel-104
2014-03-23 06:20:43 +01:00
Martin Schwenke
9b907536fb ctdb/daemon: Make delete IP wait until the IP is released
reloadips really expects deleted IPs to be released before completing.
Otherwise the recovery daemon starts failing the local IP check.  The
races that follow can cause a node to be banned.

To make the error handling simple, do the actual deletion in
release_ip_callback().

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2014-03-23 04:20:15 +01:00
Martin Schwenke
4f79fa6c7c ctdb-daemon: Fix tickle updates to recently started nodes
Commit 0723fedced added a cheap
implemention of ctdb_control_startup() that simply flags the recipient
node as needing to send updates for each IP when the tickle update
loop next fires.  Commit 026996550d
ensures that a node only sends tickle updates once being flagged to do
so.

CTDB_CONTROL_STARTUP is broadcast to all nodes, so this is a good
start.  However, the tickle updates are only broadcast to connected
nodes.  A recently started node may not yet be considered to be
connected because the keepalive monitoring loop may not yet have
marked the node as connected.  This means that the tickle update loop
races with the keepalive monitoring loop.  If the tickle update loop
wins then updates will not be sent to the recently started node.

The simplest improvement is to stop the tickle update from depending
on whether a node is connected or not.  So instead of broadcasting
tickle updates to connected nodes, they are broadcast to all nodes.
Since no reply is expected, this should work just fine.

While looking at this code, ctdb_ctrl_set_tcp_tickles() is named like
a client function.  It isn't a client function.  Also, 2 of the
arguments are ignored.  So rename this function to
ctdb_send_set_tcp_tickles_for_ip() and remove the ignored arguments.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Pair-programmed-with: Amitay Isaacs <amitay@gmail.com>
2014-03-23 04:20:14 +01:00
Amitay Isaacs
fb2631f5df ctdb-daemon: Do not support connection tracking if there are no public IPs
CTDB tracks connections to be able to send tickle ACKs and gratuitous
ARPs.  When there are no public IPs, there is no need for tickle ACKs
and gratuitous ARPs.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Mar  4 03:01:38 CET 2014 on sn-devel-104
2014-03-04 03:01:38 +01:00
Amitay Isaacs
7d05baa96b ctdb-recoverd: Check if callback function is registered before calling
Fix suggested by by Kevin Osborn <kosborn@overlandstorage.com>.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Feb 27 13:54:59 CET 2014 on sn-devel-104
2014-02-27 13:54:59 +01:00
Amitay Isaacs
026996550d ctdb-daemon: After updating tickles on other nodes, set update flag to false
tcp_update_flag is set to true whenever tickles are added or deleted.
This flag is used to determine whether or not to send tickles list to
other nodes.  Once tickles list is sent to other nodes successfully,
set tcp_update_flag to false, so ctdbd does not keep sending same tickles
list every TickleUpdateInterval (20 seconds).

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2014-02-27 11:49:39 +01:00
Martin Schwenke
0723fedced ctdb-daemon: Implement ctdb_control_startup()
This doesn't implement what was recommended.  That would require
careful error handling, probably with a fallback to this code anyway.
This is simple and does no worse that the current code.  That is, the
new node is updated on the next call to tdb_update_tcp_tickles().

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2014-02-27 11:49:39 +01:00
Amitay Isaacs
75ca1216a6 ctdb-daemon: Fix whitespaces
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2014-02-27 11:49:39 +01:00
Amitay Isaacs
f2cd999189 ctdb-daemon: Always talloc tickle array off vnn instead of ctdb->nodes
This fixes ctdb crash reported in bug #10366.
Fix suggested by Kevin Osborn <kosborn@overlandstorage.com>.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2014-02-27 11:49:39 +01:00
Martin Schwenke
24b734f084 ctdb-recoverd: LCP2 cleanups
* Remove unnecessary candimbl parameter.

  This parameter can be cheaply calculated in
  lcp2_failback_candidate().  The compiler will probably do an
  excellent job optimising it.  :-)

* Clarify a debug statement

  This is much clearer than doing a complex recalculation of a known
  value.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2014-02-19 12:04:47 +11:00
Martin Schwenke
9e5ef44f32 ctdb-recoverd: Optimise check for rebalance candidates in LCP2
Currently this can be checked many times.  However, there's no point
calling the rebalance/failback code at all if there are no rebalance
candidates.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2014-02-19 12:04:47 +11:00
Martin Schwenke
f1a20d748f ctdb-recoverd: Fix a bug in the LCP2 rebalancing code
srcimbl gets changed on every iteration of the loop.  The value that
should be stored for the new imbalance of the source node is
minsrcimbl.

To help diagnose this, added some extra debug that can be left in.

The extra debug changes the output of a couple of tests.  Note that
the resulting IP allocations in those tests is unchanged - only the
debug output is changed.

Also add some new tests that illustrates the bug.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2014-02-13 02:03:24 +01:00
Martin Schwenke
e5778cc172 ctdb/daemon: reloadips must register state of asynchronous controls
Otherwise ctdb_client_async_wait() is a no-op.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2014-01-31 13:36:04 +11:00
Martin Schwenke
a955d0bedc ctdb-recoverd: Ignore failed ipreallocated controls to inactive nodes
Currently timeouts for controls to inactive nodes can cause banning
credits to be applied.  This should not happen.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2014-01-17 17:59:08 +11:00
Amitay Isaacs
7aa20ccb5c ctdb-daemon: No need to call event scripts with CTDB_CALLED_BY_USER
This was added to support external monitoring using CTDB event scripts.
However, it was never used.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2014-01-16 11:41:12 +11:00
Amitay Isaacs
6d1b74f052 ctdb-server: Coverity fixes
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-11-19 17:13:03 +01:00
Martin Schwenke
4adc8f4f09 ctdbd: Default for event_script_dir should use CTDB_BASE
Also get rid of ctdb_set_event_script_dir().  It creates an
unnecessary copy of something that will be around for the lifetime of
the process.

Signed-off-by: Martin Schwenke <martin@meltin.net>

(This used to be ctdb commit 21b4d1aba00902f1eee0cbf4f082b0794fd5b738)
2013-10-22 15:37:54 +11:00
Martin Schwenke
4fb0d4a301 recoverd: reloadips should rebalance target nodes for new IPs
Otherwise, if existing IPs are added to extra nodes (that have,
perhaps, been disconnected) then those IPs will not be rebalanced
across the extra nodes.

Signed-off-by: Martin Schwenke <martin@meltin.net>

(This used to be ctdb commit ceb30432a9a550778aed0b422a654fc5287b82a3)
2013-09-19 12:54:31 +10:00
Martin Schwenke
950e23f664 ctdbd: Make ctdb_reloadips_child send controls asynchronously
Deleting IPs can take a while because IPs are released and connections
are killed.  This can take a while so do them in parallel.  In fact,
since the set of IPs being added and deleted will be disjoint, send
all the adds/deletes at the same time and then wait.

Signed-off-by: Martin Schwenke <martin@meltin.net>

(This used to be ctdb commit 85a5b544ec032173e98c9cc3b5402a76b961aa3b)
2013-09-19 12:54:31 +10:00
Martin Schwenke
b33ee7a2a4 recoverd: Fix the implementation of CTDB_SRVID_REBALANCE_NODE
The current implementation has a few flaws:

* A takeover run is called unconditionally when the timer goes even if
  the recovery master role has moved.  This means a node other than
  the recovery master can incorrectly do a takeover run.

* The rebalancing target nodes are cleared in the setup for a takeover
  run, regardless of whether the takeover run succeeds.

* The timer to force a rebalance isn't cleared if another takeover run
  occurs before the deadline.  Any forced rebalancing will happen in
  the first takeover run and when the timer expires some time later
  then an unnecessary takeover run will occur.

* If the recovery master role moves then the rebalancing data will
  stay on the original node and affect the next takeover run to occur
  if the recovery master role should come back to the original node.

Instead, store an array of rebalance target nodes in the recovery
master context.  This is passed as an extra argument to
ctdb_takeover_run() each time it is called and is cleared when a
takeover run succeeds.  The timer hangs off the array of rebalance
target nodes, which is cleared if the node isn't the recovery master.

This means that it is possible to lose rebalance data if the recovery
master role moves.  However, that's a difficult problem to solve.  The
best way of approaching it is probably to try to stop the recovery
master role from jumping around unnecesarily when inactive nodes join
the cluster.

The long term solution is to avoid this nonsense completely.  The IP
allocation algorithm needs to cache state between runs so that it
knows which nodes have just become healthy.  This also needs recovery
master stability.

Signed-off-by: Martin Schwenke <martin@meltin.net>

(This used to be ctdb commit c51c1efe5fc7fa668597f2acd435dee16e410fc9)
2013-09-19 12:54:31 +10:00
Martin Schwenke
c503997746 recoverd: Move disabling of IP checks into do_takeover_run()
Signed-off-by: Martin Schwenke <martin@meltin.net>

(This used to be ctdb commit 48b603fbf16311daa47b01e7a33d477ed51da56d)
2013-09-19 12:54:30 +10:00
Martin Schwenke
701c450e90 recoverd: Fail takeover run if "ipreallocated" fails
Previously flagging a failure was probably avoided because of attempts
to run "ipreallocated" events on stopped and banned nodes, which would
fail because they are in recovery.  Given the change to a new control
and that fallback only retries the old method on active nodes, this
should never fail in reasonable circumstances.

Signed-off-by: Martin Schwenke <martin@meltin.net>

(This used to be ctdb commit 53722430ad35f80935aabd12fa07654126443b8b)
2013-09-19 12:54:30 +10:00
Martin Schwenke
630196423a recoverd: Banned nodes should not be told to run "ipreallocated" event
They will reject it because they are in recovery.  This can result in
extra banning credits being applied to banned nodes.

This corresponds to commit 9132e6814ed927fa317f333f03dedb18f75d0e5b
from the 1.2.40 branch.

Signed-off-by: Martin Schwenke <martin@meltin.net>

(This used to be ctdb commit 403938804caf1322f9773d63197e4303a7b2a788)
2013-09-18 17:16:35 +10:00