mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
e3b85bba3f
track and produce audit logs when someone runs "service ctdb <something>" S1033891 (This used to be ctdb commit 4f4fbd4080a3a7226d3b82637f803c4b71217d39)
402 lines
9.1 KiB
Bash
Executable File
402 lines
9.1 KiB
Bash
Executable File
#!/bin/sh
|
|
#
|
|
##############################
|
|
# ctdb: Starts the clustered tdb daemon
|
|
#
|
|
# chkconfig: - 90 01
|
|
#
|
|
# description: Starts and stops the clustered tdb daemon
|
|
# pidfile: /var/run/ctdbd/ctdbd.pid
|
|
#
|
|
|
|
### BEGIN INIT INFO
|
|
# Provides: ctdb
|
|
# Required-Start: $network
|
|
# Required-Stop: $network
|
|
# Default-Stop:
|
|
# Default-Start: 3 5
|
|
# Short-Description: start and stop ctdb service
|
|
# Description: initscript for the ctdb service
|
|
### END INIT INFO
|
|
|
|
# Source function library.
|
|
if [ -f /etc/init.d/functions ] ; then
|
|
. /etc/init.d/functions
|
|
elif [ -f /etc/rc.d/init.d/functions ] ; then
|
|
. /etc/rc.d/init.d/functions
|
|
fi
|
|
|
|
[ -f /etc/rc.status ] && {
|
|
. /etc/rc.status
|
|
rc_reset
|
|
LC_ALL=en_US.UTF-8
|
|
}
|
|
|
|
# Avoid using root's TMPDIR
|
|
unset TMPDIR
|
|
|
|
[ -z "$CTDB_BASE" ] && {
|
|
export CTDB_BASE="/etc/ctdb"
|
|
}
|
|
|
|
. $CTDB_BASE/functions
|
|
loadconfig network
|
|
loadconfig ctdb
|
|
|
|
# check networking is up (for redhat)
|
|
[ "$NETWORKING" = "no" ] && exit 0
|
|
|
|
detect_init_style
|
|
export CTDB_INIT_STYLE
|
|
|
|
ctdbd=${CTDBD:-/usr/sbin/ctdbd}
|
|
|
|
if [ "$CTDB_VALGRIND" = "yes" ]; then
|
|
init_style="valgrind"
|
|
else
|
|
init_style="$CTDB_INIT_STYLE"
|
|
fi
|
|
|
|
build_ctdb_options () {
|
|
|
|
maybe_set () {
|
|
# If the 2nd arg is null then return - don't set anything.
|
|
# Else if the 3rd arg is set and it doesn't match the 2nd arg
|
|
# then return
|
|
[ -z "$2" -o \( -n "$3" -a "$3" != "$2" \) ] && return
|
|
|
|
val="'$2'"
|
|
case "$1" in
|
|
--*) sep="=" ;;
|
|
-*) sep=" " ;;
|
|
esac
|
|
# For these options we're only passing a value-less flag.
|
|
[ -n "$3" ] && {
|
|
val=""
|
|
sep=""
|
|
}
|
|
|
|
CTDB_OPTIONS="${CTDB_OPTIONS}${CTDB_OPTIONS:+ }${1}${sep}${val}"
|
|
}
|
|
|
|
[ -z "$CTDB_RECOVERY_LOCK" ] && {
|
|
echo "No recovery lock specified. Starting CTDB without split brain prevention"
|
|
}
|
|
maybe_set "--reclock" "$CTDB_RECOVERY_LOCK"
|
|
|
|
# build up CTDB_OPTIONS variable from optional parameters
|
|
maybe_set "--logfile" "$CTDB_LOGFILE"
|
|
maybe_set "--nlist" "$CTDB_NODES"
|
|
maybe_set "--socket" "$CTDB_SOCKET"
|
|
maybe_set "--public-addresses" "$CTDB_PUBLIC_ADDRESSES"
|
|
maybe_set "--public-interface" "$CTDB_PUBLIC_INTERFACE"
|
|
maybe_set "--dbdir" "$CTDB_DBDIR"
|
|
maybe_set "--dbdir-persistent" "$CTDB_DBDIR_PERSISTENT"
|
|
maybe_set "--event-script-dir" "$CTDB_EVENT_SCRIPT_DIR"
|
|
maybe_set "--transport" "$CTDB_TRANSPORT"
|
|
maybe_set "-d" "$CTDB_DEBUGLEVEL"
|
|
maybe_set "--notification-script" "$CTDB_NOTIFY_SCRIPT"
|
|
maybe_set "--start-as-disabled" "$CTDB_START_AS_DISABLED" "yes"
|
|
maybe_set "--start-as-stopped " "$CTDB_START_AS_STOPPED" "yes"
|
|
maybe_set "--no-recmaster" "$CTDB_CAPABILITY_RECMASTER" "no"
|
|
maybe_set "--no-lmaster" "$CTDB_CAPABILITY_LMASTER" "no"
|
|
maybe_set "--lvs --single-public-ip" "$CTDB_LVS_PUBLIC_IP"
|
|
maybe_set "--script-log-level" "$CTDB_SCRIPT_LOG_LEVEL"
|
|
maybe_set "--log-ringbuf-size" "$CTDB_LOG_RINGBUF_SIZE"
|
|
maybe_set "--syslog" "$CTDB_SYSLOG" "yes"
|
|
maybe_set "--max-persistent-check-errors" "$CTDB_MAX_PERSISTENT_CHECK_ERRORS"
|
|
}
|
|
|
|
check_tdb () {
|
|
local PDBASE=$1
|
|
|
|
test x"$TDBTOOL_HAS_CHECK" = x"1" && {
|
|
#
|
|
# Note tdbtool always exits with 0
|
|
#
|
|
local OK=`tdbtool $PDBASE check | grep "Database integrity is OK" | wc -l`
|
|
test x"$OK" = x"1" || {
|
|
return 1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
tdbdump $PDBASE >/dev/null 2>/dev/null || {
|
|
return $?;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
check_persistent_databases () {
|
|
PERSISTENT_DB_DIR="${CTDB_DBDIR:-/var/ctdb}/persistent"
|
|
mkdir -p $PERSISTENT_DB_DIR 2>/dev/null
|
|
local ERRCOUNT=$CTDB_MAX_PERSISTENT_CHECK_ERRORS
|
|
|
|
test -z "$ERRCOUNT" && {
|
|
ERRCOUNT="0"
|
|
}
|
|
test x"$ERRCOUNT" != x"0" && {
|
|
return 0;
|
|
}
|
|
|
|
if test -x /usr/bin/tdbtool ; then
|
|
HAVE_TDBTOOL=1
|
|
else
|
|
HAVE_TDBTOOL=0
|
|
fi
|
|
|
|
if test x"$HAVE_TDBTOOL" = x"1" ; then
|
|
TDBTOOL_HAS_CHECK=`echo "help" | /usr/bin/tdbtool | grep check | wc -l`
|
|
else
|
|
TDBTOOL_HAS_CHECK=0
|
|
fi
|
|
|
|
if test -x /usr/bin/tdbdump ; then
|
|
HAVE_TDBDUMP=1
|
|
else
|
|
HAVE_TDBDUMP=0
|
|
fi
|
|
|
|
if test x"$HAVE_TDBDUMP" = x"0" -a x"$TDBTOOL_HAS_CHECK" = x"0" ; then
|
|
echo "WARNING: Cannot check persistent databases since"
|
|
echo "neither 'tdbdump' nor 'tdbtool check' is available."
|
|
echo "Consider installing tdbtool or at least tdbdump!"
|
|
return 0
|
|
fi
|
|
|
|
if test x"$HAVE_TDBDUMP" = x"1" -a x"$TDBTOOL_HAS_CHECK" = x"0" ; then
|
|
if test x"$HAVE_TDBTOOL" = x"0"; then
|
|
echo "WARNING: 'tdbtool' is not available. Using 'tdbdump' to"
|
|
echo "check the persistent databases."
|
|
echo "Consider installing a recent 'tdbtool' for better checks!"
|
|
else
|
|
echo "WARNING: The installed 'tdbtool' does not offer the 'check'"
|
|
echo "subcommand. Using 'tdbdump' for persistent database checks."
|
|
echo "Consider updating 'tdbtool' for better checks!"
|
|
fi
|
|
fi
|
|
|
|
for PDBASE in `ls $PERSISTENT_DB_DIR/*.tdb.[0-9] 2>/dev/null`; do
|
|
check_tdb $PDBASE || {
|
|
echo "Persistent database $PDBASE is corrupted! CTDB will not start."
|
|
return 1
|
|
}
|
|
done
|
|
}
|
|
|
|
set_ctdb_variables () {
|
|
# set any tunables from the config file
|
|
set | grep ^CTDB_SET_ | cut -d_ -f3- |
|
|
while read v; do
|
|
varname=`echo $v | cut -d= -f1`
|
|
value=`echo $v | cut -d= -f2`
|
|
ctdb setvar $varname $value || RETVAL=1
|
|
done || exit 1
|
|
}
|
|
|
|
set_retval() {
|
|
return $1
|
|
}
|
|
|
|
wait_until_ready () {
|
|
_timeout="${1:-10}" # default is 10 seconds
|
|
|
|
_count=0
|
|
while ! ctdb ping >/dev/null 2>&1 ; do
|
|
if [ $_count -ge $_timeout ] ; then
|
|
return 1
|
|
fi
|
|
sleep 1
|
|
_count=$(($_count + 1))
|
|
done
|
|
}
|
|
|
|
ctdbd=${CTDBD:-/usr/sbin/ctdbd}
|
|
|
|
drop_all_public_ips() {
|
|
[ -z "$CTDB_PUBLIC_ADDRESSES" ] && {
|
|
return
|
|
}
|
|
|
|
cat $CTDB_PUBLIC_ADDRESSES | while read IP IFACE REST; do
|
|
ip addr del $IP dev $IFACE >/dev/null 2>/dev/null
|
|
done
|
|
}
|
|
|
|
start() {
|
|
echo -n $"Starting ctdbd service: "
|
|
|
|
ctdb ping >/dev/null 2>&1 && {
|
|
echo $"CTDB is already running"
|
|
return 0
|
|
}
|
|
|
|
build_ctdb_options
|
|
|
|
# make sure we drop any ips that might still be held if previous
|
|
# instance of ctdb got killed with -9 or similar
|
|
drop_all_public_ips
|
|
|
|
check_persistent_databases || return $?
|
|
|
|
if [ "$CTDB_SUPPRESS_COREFILE" = "yes" ]; then
|
|
ulimit -c 0
|
|
else
|
|
ulimit -c unlimited
|
|
fi
|
|
|
|
case $init_style in
|
|
valgrind)
|
|
eval valgrind -q --log-file=/var/log/ctdb_valgrind \
|
|
$ctdbd --valgrinding "$CTDB_OPTIONS"
|
|
RETVAL=$?
|
|
echo
|
|
;;
|
|
suse)
|
|
eval startproc $ctdbd "$CTDB_OPTIONS"
|
|
RETVAL=$?
|
|
;;
|
|
redhat)
|
|
eval $ctdbd "$CTDB_OPTIONS"
|
|
RETVAL=$?
|
|
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/ctdb || RETVAL=1
|
|
;;
|
|
debian)
|
|
eval start-stop-daemon --start --quiet --background \
|
|
--exec $ctdbd -- "$CTDB_OPTIONS"
|
|
RETVAL=$?
|
|
;;
|
|
esac
|
|
|
|
if [ $RETVAL -eq 0 ] ; then
|
|
if wait_until_ready ; then
|
|
set_ctdb_variables
|
|
else
|
|
RETVAL=1
|
|
pkill -9 -f $ctdbd >/dev/null 2>&1
|
|
fi
|
|
fi
|
|
|
|
case $init_style in
|
|
suse)
|
|
set_retval $RETVAL
|
|
rc_status -v
|
|
;;
|
|
redhat)
|
|
[ $RETVAL -eq 0 ] && success || failure
|
|
echo
|
|
;;
|
|
esac
|
|
|
|
return $RETVAL
|
|
}
|
|
|
|
stop() {
|
|
echo -n $"Shutting down ctdbd service: "
|
|
pkill -0 -f $ctdbd || {
|
|
echo -n " Warning: ctdbd not running ! "
|
|
case $init_style in
|
|
suse)
|
|
rc_status -v
|
|
;;
|
|
redhat)
|
|
echo ""
|
|
;;
|
|
esac
|
|
return 0
|
|
}
|
|
ctdb shutdown >/dev/null 2>&1
|
|
RETVAL=$?
|
|
count=0
|
|
while pkill -0 -f $ctdbd ; do
|
|
sleep 1
|
|
count=$(($count + 1))
|
|
[ $count -gt 10 ] && {
|
|
echo -n $"killing ctdbd "
|
|
pkill -9 -f $ctdbd
|
|
pkill -9 -f $CTDB_BASE/events.d/
|
|
}
|
|
done
|
|
# make sure all ips are dropped, pfkill -9 might leave them hanging around
|
|
drop_all_public_ips
|
|
|
|
case $init_style in
|
|
suse)
|
|
# re-set the return code to the recorded RETVAL in order
|
|
# to print the correct status message
|
|
set_retval $RETVAL
|
|
rc_status -v
|
|
;;
|
|
redhat)
|
|
[ $RETVAL -eq 0 ] && success || failure
|
|
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/ctdb
|
|
echo ""
|
|
;;
|
|
esac
|
|
|
|
return $RETVAL
|
|
}
|
|
|
|
restart() {
|
|
stop
|
|
start
|
|
}
|
|
|
|
status() {
|
|
echo -n $"Checking for ctdbd service: "
|
|
ctdb ping >/dev/null 2>&1 || {
|
|
RETVAL=$?
|
|
echo -n " ctdbd not running. "
|
|
case $init_style in
|
|
suse)
|
|
set_retval $RETVAL
|
|
rc_status -v
|
|
;;
|
|
redhat)
|
|
if [ -f /var/lock/subsys/ctdb ]; then
|
|
echo $"ctdb dead but subsys locked"
|
|
RETVAL=2
|
|
else
|
|
echo $"ctdb is stopped"
|
|
RETVAL=3
|
|
fi
|
|
;;
|
|
esac
|
|
return $RETVAL
|
|
}
|
|
echo ""
|
|
ctdb status
|
|
}
|
|
|
|
|
|
[ -f "$CTDB_BASE/rc.ctdb" ] && "$CTDB_BASE/rc.ctdb" $1
|
|
|
|
case "$1" in
|
|
start)
|
|
start
|
|
;;
|
|
stop)
|
|
stop
|
|
;;
|
|
restart|reload|force-reload)
|
|
restart
|
|
;;
|
|
status)
|
|
status
|
|
;;
|
|
condrestart|try-restart)
|
|
ctdb status > /dev/null && restart || :
|
|
;;
|
|
cron)
|
|
# used from cron to auto-restart ctdb
|
|
ctdb status > /dev/null || restart
|
|
;;
|
|
*)
|
|
echo $"Usage: $0 {start|stop|restart|reload|force-reload|status|cron|condrestart|try-restart}"
|
|
exit 1
|
|
esac
|
|
|
|
exit $?
|