1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-13 13:18:06 +03:00
samba-mirror/ctdb/server/ctdb_banning.c
Amitay Isaacs 28a1b75886 ctdb-recoverd: Set recovery mode before freezing databases
Setting recovery mode to active is the only correct way to inform recovery
daemon to run database recovery.  Only freezing databases without setting
recovery mode should not trigger database recovery, as this mechanism
is used in tool to implement wipedb/restoredb commands.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2014-07-07 13:29:49 +02:00

177 lines
4.9 KiB
C

/*
ctdb banning code
Copyright (C) Ronnie Sahlberg 2009
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#include "tdb.h"
#include "system/time.h"
#include "system/network.h"
#include "system/filesys.h"
#include "system/wait.h"
#include "../include/ctdb_client.h"
#include "../include/ctdb_private.h"
static void
ctdb_ban_node_event(struct event_context *ev, struct timed_event *te,
struct timeval t, void *private_data)
{
struct ctdb_context *ctdb = talloc_get_type(private_data, struct ctdb_context);
bool freeze_failed = false;
int i;
/* Make sure we were able to freeze databases during banning */
for (i=1; i<=NUM_DB_PRIORITIES; i++) {
if (ctdb->freeze_mode[i] != CTDB_FREEZE_FROZEN) {
freeze_failed = true;
break;
}
}
if (freeze_failed) {
DEBUG(DEBUG_ERR, ("Banning timedout, but still unable to freeze databases\n"));
ctdb_ban_self(ctdb);
return;
}
DEBUG(DEBUG_ERR,("Banning timedout\n"));
ctdb->nodes[ctdb->pnn]->flags &= ~NODE_FLAGS_BANNED;
if (ctdb->banning_ctx != NULL) {
talloc_free(ctdb->banning_ctx);
ctdb->banning_ctx = NULL;
}
}
void ctdb_local_node_got_banned(struct ctdb_context *ctdb)
{
uint32_t i;
/* make sure we are frozen */
DEBUG(DEBUG_NOTICE,("This node has been banned - forcing freeze and recovery\n"));
/* Reset the generation id to 1 to make us ignore any
REQ/REPLY CALL/DMASTER someone sends to us.
We are now banned so we shouldnt service database calls
anymore.
*/
ctdb->vnn_map->generation = INVALID_GENERATION;
ctdb->recovery_mode = CTDB_RECOVERY_ACTIVE;
for (i=1; i<=NUM_DB_PRIORITIES; i++) {
ctdb_start_freeze(ctdb, i);
}
ctdb_release_all_ips(ctdb);
}
int32_t ctdb_control_set_ban_state(struct ctdb_context *ctdb, TDB_DATA indata)
{
struct ctdb_ban_time *bantime = (struct ctdb_ban_time *)indata.dptr;
DEBUG(DEBUG_INFO,("SET BAN STATE\n"));
if (bantime->pnn != ctdb->pnn) {
if (bantime->pnn >= ctdb->num_nodes) {
DEBUG(DEBUG_ERR,(__location__ " ERROR: Invalid ban request. PNN:%d is invalid. Max nodes %d\n", bantime->pnn, ctdb->num_nodes));
return -1;
}
if (bantime->time == 0) {
DEBUG(DEBUG_NOTICE,("unbanning node %d\n", bantime->pnn));
ctdb->nodes[bantime->pnn]->flags &= ~NODE_FLAGS_BANNED;
} else {
DEBUG(DEBUG_NOTICE,("banning node %d\n", bantime->pnn));
if (ctdb->tunable.enable_bans == 0) {
/* FIXME: This is bogus. We really should be
* taking decision based on the tunables on
* the banned node and not local node.
*/
DEBUG(DEBUG_WARNING,("Bans are disabled - ignoring ban of node %u\n", bantime->pnn));
return 0;
}
ctdb->nodes[bantime->pnn]->flags |= NODE_FLAGS_BANNED;
}
return 0;
}
if (ctdb->banning_ctx != NULL) {
talloc_free(ctdb->banning_ctx);
ctdb->banning_ctx = NULL;
}
if (bantime->time == 0) {
DEBUG(DEBUG_ERR,("Unbanning this node\n"));
ctdb->nodes[bantime->pnn]->flags &= ~NODE_FLAGS_BANNED;
return 0;
}
if (ctdb->tunable.enable_bans == 0) {
DEBUG(DEBUG_ERR,("Bans are disabled - ignoring ban of node %u\n", bantime->pnn));
return 0;
}
ctdb->banning_ctx = talloc(ctdb, struct ctdb_ban_time);
if (ctdb->banning_ctx == NULL) {
DEBUG(DEBUG_CRIT,(__location__ " ERROR Failed to allocate new banning state\n"));
return -1;
}
*((struct ctdb_ban_time *)(ctdb->banning_ctx)) = *bantime;
DEBUG(DEBUG_ERR,("Banning this node for %d seconds\n", bantime->time));
ctdb->nodes[bantime->pnn]->flags |= NODE_FLAGS_BANNED;
event_add_timed(ctdb->ev, ctdb->banning_ctx, timeval_current_ofs(bantime->time,0), ctdb_ban_node_event, ctdb);
ctdb_local_node_got_banned(ctdb);
return 0;
}
int32_t ctdb_control_get_ban_state(struct ctdb_context *ctdb, TDB_DATA *outdata)
{
struct ctdb_ban_time *bantime;
bantime = talloc(outdata, struct ctdb_ban_time);
CTDB_NO_MEMORY(ctdb, bantime);
if (ctdb->banning_ctx != NULL) {
*bantime = *(struct ctdb_ban_time *)(ctdb->banning_ctx);
} else {
bantime->pnn = ctdb->pnn;
bantime->time = 0;
}
outdata->dptr = (uint8_t *)bantime;
outdata->dsize = sizeof(struct ctdb_ban_time);
return 0;
}
/* Routine to ban ourselves for a while when trouble strikes. */
void ctdb_ban_self(struct ctdb_context *ctdb)
{
TDB_DATA data;
struct ctdb_ban_time bantime;
bantime.pnn = ctdb->pnn;
bantime.time = ctdb->tunable.recovery_ban_period;
data.dsize = sizeof(bantime);
data.dptr = (uint8_t *)&bantime;
ctdb_control_set_ban_state(ctdb, data);
}