1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-29 12:03:03 +00:00
Commit Graph

222 Commits

Author SHA1 Message Date
Pawel Jakub Dawidek
0855e42386 - Add support for AF_INET6 sockets for %S format character.
- Use inet_ntop(3) instead of reimplementing it.
- Use %hhu for unsigned char instead of casting it to unsigned int and
  using %u.

MFC after:	1 week
2011-05-18 22:43:56 +00:00
Pawel Jakub Dawidek
0cddb12ffd Currently we are unable to use capsicum for the primary worker process,
because we need to do ioctl(2)s, which are not permitted in the capability
mode. What we do now is to chroot(2) to /var/empty, which restricts access
to file system name space and we drop privileges to hast user and hast
group.

This still allows to access to other name spaces, like list of processes,
network and sysvipc.

To address that, use jail(2) instead of chroot(2). Using jail(2) will restrict
access to process table, network (we use ip-less jails) and sysvipc (if
security.jail.sysvipc_allowed is turned off). This provides much better
separation.

MFC after:	1 week
2011-05-14 17:02:03 +00:00
Pawel Jakub Dawidek
bcc9f32110 When using capsicum to sanbox, still use other methods first, just in case
one of them have some problems.
2011-05-14 16:55:24 +00:00
Pawel Jakub Dawidek
b64a692b64 Allow to specify remote as 'none' again which was broken by r219351, where
'none' was defined as a value for checksum.

Reported by:	trasz
MFC after:	1 week
2011-05-08 11:10:56 +00:00
Mikolaj Golub
0d9d733c57 Fix isitme(), which is used to check if node-specific configuration
belongs to our node, and was returning false positive if the first
part of a node name matches short hostname.

Approved by:	pjd (mentor)
2011-05-08 09:31:17 +00:00
Mikolaj Golub
cfd2b3fb51 Add missing ifdef. This fixes build with NO_OPENSSL.
Reported by:	Pawel Tyll <ptyll@nitronet.pl>
Approved by:	pjd (mentor)
MFC after:	1 week
2011-04-26 19:52:21 +00:00
Mikolaj Golub
7a2b83683d Rename HASTCTL_ defines, which are used for conversion between main
hastd process and workers, remove unused one and set different range
of numbers. This is done in order not to confuse them with HASTCTL_CMD
defines, used for conversation between hastctl and hastd, and to avoid
bugs like the one fixed in in r221075.

Approved by:	pjd (mentor)
MFC after:	1 week
2011-04-26 19:38:30 +00:00
Mikolaj Golub
1768fba5c0 For conversation between hastctl and hastd we should use HASTCTL_CMD
defines.

Approved by:	pjd (mentor)
MFC after:	1 week
2011-04-26 19:22:54 +00:00
Pawel Jakub Dawidek
8e15d1e490 Correct comment.
MFC after:	1 week
2011-04-20 18:49:12 +00:00
Pawel Jakub Dawidek
ac0401e321 When we become primary, we connect to the remote and expect it to be in
secondary role. It is possible that the remote node is primary, but only
because there was a role change and it didn't finish cleaning up (unmounting
file systems, etc.). If we detect such situation, wait for the remote node
to switch the role to secondary before accepting I/Os. If we don't wait for
it in that case, we will most likely cause split-brain.

MFC after:	1 week
2011-04-20 18:43:28 +00:00
Pawel Jakub Dawidek
0eb02c031b If we act in different role than requested by the remote node, log it
as a warning and not an error.

MFC after:	1 week
2011-04-20 16:38:05 +00:00
Pawel Jakub Dawidek
20f32a33d2 Timeout must be positive.
MFC after:	1 week
2011-04-20 16:36:59 +00:00
Pawel Jakub Dawidek
06cbf54941 Scenario:
- We have two nodes connected and synchronized (local counters on both sides
  are 0).
- We take secondary down and recreate it.
- Primary connects to it and starts synchronization (but local counters are
  still 0).
- We switch the roles.
- Synchronization restarts but data is synchronized now from new primary
  (because local counters are 0) that doesn't have new data yet.

This fix this issue we bump local counter on primary when we discover that
connected secondary was recreated and has no data yet.

Reported by:	trociny
Discussed with:	trociny
Tested by:	trociny
MFC after:	1 week
2011-04-19 19:26:27 +00:00
Mikolaj Golub
64acad05cd Remove hast_proto_recv(). It was used only in one place, where
hast_proto_recv_hdr() may be used. This also fixes the issue
(introduced by r220523) with hastctl, which crashed on assert in
hast_proto_recv_data().

Suggested and approved by:	pjd (mentor)
2011-04-17 16:18:45 +00:00
Pawel Jakub Dawidek
ac6518673e The replication mode that is currently support is fullsync, not memsync.
Correct this and print a warning if different replication mode is
configured.

MFC after:	1 week
2011-04-12 19:13:10 +00:00
Mikolaj Golub
a827fe1fdf In hast_proto_recv() remove unnecessary check. The size is checked
later in hast_proto_recv_data().

Approved by:	pjd (mentor)
MFC after:	1 week
2011-04-10 15:28:37 +00:00
Mikolaj Golub
1d521b1cbd In hast_proto_recv_data() check that the size of the data to be
received does not exceed the buffer size.

Approved by:	pjd (mentor)
MFC after:	1 week
2011-04-10 15:21:46 +00:00
Mikolaj Golub
47f1eb5c4b Fix a typo in comments.
Approved by:	pjd (mentor)
MFC after:	3 days
2011-04-10 15:11:19 +00:00
Pawel Jakub Dawidek
39526f7fb6 Increase default timeout from 5 seconds to 20 seconds. 5 seconds is definitely
to short under heavy load and I was experiencing those timeouts in my recent
tests.

MFC after:	1 week
2011-04-02 09:34:33 +00:00
Pawel Jakub Dawidek
41bb85146b Handle ENOBUFS on send(2) by retrying for a while and logging the problem.
MFC after:	1 week
2011-04-02 09:31:02 +00:00
Pawel Jakub Dawidek
a7ebb3eb8b When we are operating on blocking socket and get EAGAIN on send(2) or recv(2)
this means that request timed out. Translate the meaningless EAGAIN to
ETIMEDOUT to give administrator a hint that he might need to increase timeout
in configuration file.

MFC after:	1 month
2011-04-02 09:29:53 +00:00
Pawel Jakub Dawidek
02dfe9724c Declare directions for sockets between primary and secondary.
In HAST we use two sockets - one for only sending the data and one for only
receiving the data.

MFC after:	1 month
2011-04-02 09:25:13 +00:00
Pawel Jakub Dawidek
3a0b818f59 Allow to disable sends or receives on a socket using shutdown(2) by
interpreting NULL 'data' argument passed to proto_common_send() or
proto_common_recv() as a will to do so.

MFC after:	1 month
2011-04-02 09:22:06 +00:00
Pawel Jakub Dawidek
2a49afacd1 Handle the problem described in r220264 by using GEOM GATE queue of unlimited
length. This should fix deadlocks reported by HAST users.

MFC after:	1 week
2011-04-02 07:01:09 +00:00
Pawel Jakub Dawidek
54987cacfd Add mapsize to the header just before sending the packet.
Before it could change later and we were sending invalid mapsize.
Some time ago I added optimization where when nodes are connected for the
first time and there were no writes to them yet, there is no initial full
synchronization. This bug prevented it from working.

MFC after:	1 week
2011-03-25 20:19:15 +00:00
Pawel Jakub Dawidek
7d4df5cd0b Use timeout from configuration file not only when sending and receiving,
but also when establishing connection.

MFC after:	1 week
2011-03-25 20:15:16 +00:00
Pawel Jakub Dawidek
643080b75f Use role2str() when setting process title.
MFC after:	1 week
2011-03-25 20:13:38 +00:00
Pawel Jakub Dawidek
640b7ee623 Don't create socketpair for connection forwarding between parent and secondary.
Secondary doesn't need to connect anywhere.

MFC after:	1 week
2011-03-23 11:09:04 +00:00
Pawel Jakub Dawidek
6d51b7d530 Add my copyright.
MFC after:	1 week
2011-03-22 21:19:51 +00:00
Mikolaj Golub
9237aa3fa5 After synchronization is complete we should make primary counters be
equal to secondary counters:

  primary_localcnt = secondary_remotecnt
  primary_remotecnt = secondary_localcnt

Previously it was done wrong and split-brain was observed after
primary had synchronized up-to-date data from secondary.

Approved by:	pjd (mentor)
MFC after:	1 week
2011-03-22 20:27:26 +00:00
Mikolaj Golub
b068d5aafb For requests that are sent only to remote component use the
error from remote.
Approved by:	pjd (mentor)
MFC after:	1 week
2011-03-22 19:49:27 +00:00
Pawel Jakub Dawidek
e2eabb44d7 The proto API is a general purpose API, so don't use 'hast' in structures or
function names. It can now be used outside of HAST.

MFC after:	1 week
2011-03-22 16:21:11 +00:00
Pawel Jakub Dawidek
cd72d521e3 White space cleanups.
MFC after:	1 week
2011-03-22 10:39:34 +00:00
Pawel Jakub Dawidek
4d8dc3b838 When dropping privileges prefer capsicum over chroot+setgid+setuid.
We can use capsicum for secondary worker processes and hastctl.
When working as primary we drop privileges using chroot+setgid+setuid
still as we need to send ioctl(2)s to ggate device, for which capsicum
doesn't allow (yet).

X-MFC after:	capsicum is merged to stable/8
2011-03-21 21:31:50 +00:00
Pawel Jakub Dawidek
9446b4536e Initialize localcnt on first write. This fixes assertion when we create
resource, set role to primary, do no writes, then sent it to secondary
and accept connection from primary.

MFC after:	1 week
2011-03-21 21:16:12 +00:00
Pawel Jakub Dawidek
756cb15420 Fix typo.
MFC after:	1 week
2011-03-21 21:14:07 +00:00
Pawel Jakub Dawidek
351758d85b Before handling any events on descriptors check signals so we can update
our info about worker processes if any of them was terminated in the meantime.

This fixes the problem with 'hastctl status' running from a hook called on
split-brain:
1. Secondary calls a hooks and terminates.
2. Hook asks for resource status via 'hastctl status'.
3. The main hastd handles the status request by sending it to the secondary
   worker who is already dead, but because signals weren't checked yet he
   doesn't know that and we get EPIPE.

MFC after:	1 week
2011-03-21 15:29:20 +00:00
Pawel Jakub Dawidek
ed646d4dbc Remove stale comment. Yes, it is valid to set role back to init.
MFC after:	1 week
2011-03-21 15:08:10 +00:00
Pawel Jakub Dawidek
2b5ad0e077 Increase debug level of "Checking hooks." message.
MFC after:	1 week
2011-03-21 14:53:27 +00:00
Pawel Jakub Dawidek
e208a185f0 Be pedantic and free nvout before exiting.
MFC after:	1 week
2011-03-21 14:51:16 +00:00
Pawel Jakub Dawidek
38ea70cadf Detect situation where resource internal identifier differs.
This means that both nodes have separately managed resources that don't
have the same data.

MFC after:	1 week
2011-03-21 14:50:12 +00:00
Pawel Jakub Dawidek
0b626a289e In hast.conf we define the other node's address in 'remote' variable.
This way we know how to connect to secondary node when we are primary.
The same variable is used by the secondary node - it only accepts
connections from the address stored in 'remote' variable.
In cluster configurations it is common that each node has its individual
IP address and there is one addtional shared IP address which is assigned
to primary node. It seems it is possible that if the shared IP address is
from the same network as the individual IP address it might be choosen by
the kernel as a source address for connection with the secondary node.
Such connection will be rejected by secondary, as it doesn't come from
primary node individual IP.

Add 'source' variable that allows to specify source IP address we want to
bind to before connecting to the secondary node.

MFC after:	1 week
2011-03-21 08:54:59 +00:00
Pawel Jakub Dawidek
1884f6bbf3 Log when we start hooks checking and when we execute a hook.
MFC after:	1 week
2011-03-21 08:38:24 +00:00
Pawel Jakub Dawidek
8a8763b7cf Use snprlcat() instead of two strlcat(3)s.
MFC after:	1 week
2011-03-21 08:37:50 +00:00
Pawel Jakub Dawidek
9925a680a9 Add snprlcat() and vsnprlcat() - the functions I'm always missing.
They work as a combination of snprintf(3) and strlcat(3) - the caller
can append a string build based on the given format.

MFC after:	1 week
2011-03-21 08:36:50 +00:00
Pawel Jakub Dawidek
4f0ec4797a When creating connection on behalf of primary worker, set pjdlog prefix
to resource name and role, so that any logs related to that can be identified
properly.

MFC after:	1 week
2011-03-21 08:33:58 +00:00
Pawel Jakub Dawidek
c3a8627c9a If there is any traffic on one of out descriptors, we were not checking for
long running hooks. Fix it by not using select(2) timeout to decide if we want
to check hooks or not.

MFC after:	1 week
2011-03-21 08:31:35 +00:00
Mikolaj Golub
8d7dcf14ff For secondary, set 2 * HAST_KEEPALIVE seconds timeout for incoming
connection so the worker will exit if it does not receive packets from
the primary during this interval.

Reported by:	Christian Vogt <Christian.Vogt@haw-hamburg.de>
Tested by:	Christian Vogt <Christian.Vogt@haw-hamburg.de>
Approved by:	pjd (mentor)
MFC after:	1 week
2011-03-17 21:02:14 +00:00
Pawel Jakub Dawidek
35daccccce Remove #include needed for debugging.
MFC after:	1 week
2011-03-15 13:53:39 +00:00
Mikolaj Golub
bc7a916a25 Make workers inherit debug level from the main process.
Approved by:	pjd (mentor)
MFC after:	1 week
2011-03-11 12:12:35 +00:00