IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Instead of local or passed temporary contexts.
This has the side effect of making ipalloc_state available inside the
modified functions, making future use of ipalloc_state simpler.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
The only likely failure is out of memory, so just return boolean
value.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
As do the functions called below it. They no longer need a CTDB
context.
create_merged_ip_list() now takes both a CTDB context and an
ipalloc_state.
Drop ipalloc_state from CTDB context. So the substitution in the
code is:
ctdb->ipalloc_state -> ipalloc_state
Tweak the test code to match.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
For various reasons create_merged_ip_list() needs a CTDB context.
This is difficult to resolve now for a few reasons, including:
* The ip_tree needs somewhere to live.
It isn't very useful in its current form. However, in the future
real remote IP monitoring will probably be added back, so leave it
around.
* It uses node flags from the ctdb_node structure.
This could be changed by putting a node map into ipalloc_state
and referencing that.
For now, it is easier to move it out to where there will be a CTDB
context available for the forseeable future. ctdb_takeover_run() will
need one as long as the current client interface is used.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
The IP allocation algorithms need the value of this tunable, so copy
it to avoid needing the CTDB context.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Algorithm-related tunables from the CTDB context no longer need to be
accessed in the allocation logic.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Most of the IP allocation code does not need a CTDB context. However,
temporarily hang this off the CTDB context and make only the changes
relating to known/available IP address. This makes those logic
changes obvious without burying them in function type changes.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Starting to untangle cluster management, database recovery and public
IP allocation. This is a non-trivial subset of the cluster management
code that runs in the recovery daemon on all nodes.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Nov 16 11:47:45 CET 2015 on sn-devel-104
Capabilities are used when computing an election result so having them
up-to-date seems like a good idea.
Also update several instances of an ambiguous comment.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
The VNN map is only needed on the recovery master, so no need for all
recovery daemons to retrieve it.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
This is already handled in update_recovery_lock(), which is called
immediately before.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
The only non-obvious part here is dropping the setting of the nodemap
local variable to NULL. If the following control succeeds then it is
set, otherwise return and it doesn't matter.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
That is, using CTDB_CURRENT_NODE makes this more obvious.
Also fix incorrect error messages.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Each recovery daemon knows who the recmaster is and is in sync with
its local daemon. The recovery master is running this check so do not
bother checking with its local daemon - both agree that it is the
recovery master.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
The recovery daemon already knows which node is the master. This
relies on rec->recmaster being correctly initialised and correctly set
during elections.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Recovery should not do cluster management functions. Setting the
recovery master should only be done via an election.
Main loop will determine if recovery master is inconsistent across the
cluster and force an election if necessary.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
The recovery daemon pushes knowledge of recovery master election
progress/result to local daemon. It then retrieves that information
again.
Instead, have the recovery daemon reliably track election
progress/result in rec->recmaster so it doesn't need to be retrieved.
Be careful to maintain consistency by only doing this when the local
daemon has been updated.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
There can be no holes in the nodemap. Even if a node has been deleted
it will take a slot in the nodemap. The only exception is that the
nodemap shrinks if nodes are deleted from the end. That should never
include the master because a node should be shutdown before being
deleted, and an election should already have take place.
To avoid walking off the end of the nodemap nodes array just confirm
that the master node's PNN is a valid index into the array. No need
to walk through the nodemap.
After this, in this section of the code j is now invalid. So use the
master's PNN to index into the nodemap. This is safe.
In the process, clean up some log messages to avoid saying "Force
reelection". It's just an "election".
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
This only applies to monitor events so renaming clarifies this.
Note that this change is not backward compatible. Users with
CTDB_SET_EventScriptTimeoutCount=<n>
in their configuration will get failures when starting CTDB but the
cause will be clearly logged.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
It is only updated for monitor events, so it is meaningless here.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Checking runstates is unnecessary now that nodes that are not RUNNING
will return no available IP addresses. I have no idea why I didn't do
it this way originally.
Tweak the test code to cope with this.
Note that this is a backward-incompatible change. If new and old
versions of CTDB are running together in a cluster and a new node
takes over as recovery master then old nodes will be able to host
public IP addresses before they are in RUNNING runstate. This is
mitigated by the bias towards recovery master stability in elections.
If it is important that nodes do not host IPs until they are RUNNING
then do not restart nodes running the old version.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
The available IPs list is now only non-empty for nodes that are in
RUNNING runstate. So, to avoid running the IP allocation algorithm
when there are no available available IPs, explicitly check for
available IPs rather than checking runstates.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
This will allow wonderful simplification (i.e. removal) of some of the
runstate checking in the takeover run code.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
This variable is used for adding a prefix to log entries from various
child processes.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Michael Adam <obnox@samba.org>
These functions are only used in the ctdb daemon code.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Michael Adam <obnox@samba.org>
This function can only called from ctdb daemon.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Michael Adam <obnox@samba.org>
This is currently done before each IP takeover run, so just factor it
in.
ctdb_reload_remote_public_ips() becomes static.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Nov 12 09:28:45 CET 2015 on sn-devel-104
This will help to untangle known and available public IP lists from
the CTDB context.
verify_remote_ip_allocation() needs a forward declaration.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Remote IP validation is only called when a takeover run is about to
happen anyway, so don't bother flagging one. Given that a takeover
run isn't being triggered, also drop the test that checks if takeover
runs are disabled. These are the only uses of the rec argument, so
drop it.
One possible further simplification would be to remove this function
because it doesn't accomplish anything. However, it is worth leaving
it as a reminder that remote IP validation should be done properly at
some time in the future.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
It is only used by the caller to print a message that includes the
culprit. However, ctdb_reload_remote_public_ips() already prints
perfectly good messages and they include the culprit.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
No need to do it immediately. It will happen in less than a second.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
This is not a recovery, so do not run "startrecovery and "recovered"
events. There are other IP takeover runs where these are not run.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
The recovery start/end times used in the checks at the top of
verify_local_ip_allocation() are set by the START_RECOVERY and
END_RECOVERY controls. A couple of takeover runs escape the checks
because they were added later and are not surrounded by these
controls.
Recovery and IP allocation need to be untangled from each other, so
recovery-related events should not be relied on for IP allocation.
This means the solution is not to add these where they are "missing".
The concern that the checks are addressing is to avoid local IP
verification when IP addresses are in a state of flux. Takeover runs
on non-master nodes are already disabled while a takeover run is in
progress, so local IP verification is already skipped in that case.
The other case is the master node, which will be busy with the
takeover run, rather than running main_loop().
The other issue is races. verify_local_ip_allocation() takes a
non-zero amount of time to fetch IP addresses from the local CTDB
daemon and during this time a recovery or takeover run can start, but
a takeover run can still be triggered. The current tests do not stop
this.
Apart from all of this, with most reasonable public IP address
configurations, an extra takeover run will be a no-op so is not a
cause for concern.
It is safe to drop these checks.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Nov 6 13:43:45 CET 2015 on sn-devel-104
This gets rid of the duplicate definitions from ctdb_protocol.h.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
