| blob | 644c2ad2c7ab66af8129b0cdb20ecaeaadbd0781 |
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
22 /*
23 * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
24 */
26 #include <unistd.h>
27 #include <sys/types.h>
28 #include <sys/stat.h>
29 #include <sys/statvfs.h>
30 #include <sys/uadmin.h>
31 #include <sys/resource.h>
32 #include <fcntl.h>
33 #include <stdio.h>
34 #include <thread.h>
35 #include <meta.h>
36 #include <sdssc.h>
37 #include <mdmn_changelog.h>
40 /*
41 * This is the communication daemon for SVM Multi Node Disksets.
42 * It runs on every node and provides the following rpc services:
43 * - mdmn_send_svc_2
44 * - mdmn_work_svc_2
45 * - mdmn_wakeup_initiator_svc_2
46 * - mdmn_wakeup_master_svc_2
47 * - mdmn_comm_lock_svc_2
48 * - mdmn_comm_unlock_svc_2
49 * - mdmn_comm_suspend_svc_2
50 * - mdmn_comm_resume_svc_2
51 * - mdmn_comm_reinit_set_svc_2
52 * where send, lock, unlock and reinit are meant for external use,
53 * work and the two wakeups are for internal use only.
54 *
55 * NOTE:
56 * On every node only one of those xxx_2 functions can be active at the
57 * same time because the daemon is single threaded.
58 *
59 * (not quite true, as mdmn_send_svc_2 and mdmn_work_svc_2 do thr_create()s
60 * as part of their handlers, so those aspects are multi-threaded)
61 *
62 * In case an event occurs that has to be propagated to all the nodes...
63 *
64 * One node (the initiator)
65 * calls the libmeta function mdmn_send_message()
66 * This function calls the local daemon thru mdmn_send_svc_2.
67 *
68 * On the initiator:
69 * mdmn_send_svc_2()
70 * - starts a thread -> mdmn_send_to_work() and returns.
71 * mdmn_send_to_work()
72 * - sends this message over to the master of the diskset.
73 * This is done by calling mdmn_work_svc_2 on the master.
74 * - registers to the initiator_table
75 * - exits without doing a svc_sendreply() for the call to
76 * mdmn_send_svc_2. This means that call is blocked until somebody
77 * (see end of this comment) does a svc_sendreply().
78 * This means mdmn_send_message() does not yet return.
79 * - A timeout surveillance is started at this point.
80 * This means in case the master doesn't reply at all in an
81 * aproppriate time, an error condition is returned
82 * to the caller.
83 *
84 * On the master:
85 * mdmn_work_svc_2()
86 * - starts a thread -> mdmn_master_process_msg() and returns
87 * mdmn_master_process_msg()
88 * - logs the message to the change log
89 * - executes the message locally
90 * - flags the message in the change log
91 * - sends the message to mdmn_work_svc_2() on all the
92 * other nodes (slaves)
93 * after each call to mdmn_work_svc_2 the thread goes to sleep and
94 * will be woken up by mdmn_wakeup_master_svc_2() as soon as the
95 * slave node is done with this message.
96 * - In case the slave doesn't respond in a apropriate time, an error
97 * is assumed to ensure the master doesn't wait forever.
98 *
99 * On a slave:
100 * mdmn_work_svc_2()
101 * - starts a thread -> mdmn_slave_process_msg() and returns
102 * mdmn_slave_process_msg()
103 * - processes this message locally by calling the appropriate message
104 * handler, that creates some result.
105 * - sends that result thru a call to mdmn_wakeup_master_svc_2() to
106 * the master.
107 *
108 * Back on the master:
109 * mdmn_wakeup_master_svc_2()
110 * - stores the result into the master_table.
111 * - signals the mdmn_master_process_msg-thread.
112 * - returns
113 * mdmn_master_process_msg()
114 * - after getting the results from all nodes
115 * - sends them back to the initiating node thru a call to
116 * mdmn_wakeup_initiator_svc_2.
117 *
118 * Back on the initiator:
119 * mdmn_wakeup_initiator_svc_2()
120 * - calls svc_sendreply() which makes the call to mdmn_send_svc_2()
121 * return.
122 * which allows the initial mdmn_send_message() call to return.
123 */
127 /* want at least 10 MB free space when logging into a file */
128 #define MIN_FS_SPACE (10LL * 1024 * 1024)
130 /*
131 * Number of outstanding messages that were initiated by this node.
132 * If zero, check_timeouts goes to sleep
133 */
134 uint_t messages_on_their_way;
138 /* for printing out time stamps */
139 hrtime_t __savetime;
141 /* RPC clients for every set and every node and their protecting locks */
145 /* the descriptors of all possible sets and their protectors */
149 /* the daemon to daemon communication has to timeout quickly */
152 /* These indicate if a set has already been setup */
155 /* For every set we have a message completion table and protecting mutexes */
159 /* Stuff to describe the global status of the commd on one node */
160 #define MD_CGS_INITED 0x0001
164 /*
165 * Global verbosity level for the daemon
166 */
167 uint_t md_commd_global_verb;
169 /*
170 * libmeta doesn't like multiple threads in metaget_setdesc().
171 * So we must protect access to it with a global lock
172 */
173 mutex_t get_setdesc_mutex;
175 /*
176 * Need a way to block single message types,
177 * hence an array with a status for every message type
178 */
181 /* for reading in the config file */
182 #define MAX_LINE_SIZE 1024
187 /*
188 * mdmn_clnt_create is a helper function for meta_client_create_retry. It
189 * merely needs to call clnt_create_timed, and meta_client_create_retry
190 * will take care of the rest.
191 */
192 /* ARGSUSED */
195 {
199 time_out));
200 }
202 #define FLUSH_DEBUGFILE() \
203 if (commdout != (FILE *)NULL) { \
204 (void) fflush(commdout); \
205 (void) fsync(fileno(commdout)); \
206 }
208 static void
211 {
212 md_mn_commd_err_t commd_err;
228 "Inconsistent return value from node %d when processing "
229 "message type %d. Master exitval = %d, "
232 }
238 }
240 static void
242 {
249 /* No output file, nothing to do */
253 /*
254 * stat the appropriate filesystem to check for available space.
255 */
258 }
261 /*
262 * If we don't have enough space, we print out a warning.
263 * And we drop the verbosity level to NULL
264 * In case the condtion doesn't go away, we don't repeat
265 * the warning.
266 */
270 }
280 }
283 }
284 }
286 /* safer version of clnt_destroy. If clnt is NULL don't do anything */
287 #define mdmn_clnt_destroy(clnt) { \
288 if (clnt) \
289 clnt_destroy(clnt); \
290 }
292 /*
293 * Own version of svc_sendreply that checks the integrity of the transport
294 * handle and so prevents us from core dumps in the real svc_sendreply()
295 */
296 void
298 {
303 }
305 }
307 /*
308 * timeout_initiator(set, class)
309 *
310 * Alas, I sent a message and didn't get a response back in aproppriate time.
311 *
312 * timeout_initiator() takes care for doing the needed svc_sendreply() to the
313 * calling mdmn_send_message, so that guy doesn't wait forever
314 * What is done here is pretty much the same as what is done in
315 * wakeup initiator. The difference is that we cannot provide for any results,
316 * of course and we set the comm_state to MDMNE_TIMEOUT.
317 *
318 * By doing so, mdmn_send_message can decide if a retry would make sense or not.
319 * It's not our's to decide that here.
320 */
321 void
323 {
325 md_mn_msgid_t mid;
339 /*
340 * Give the result the corresponding msgid from the failed message.
341 */
344 /* return to mdmn_send_message() and let it deal with the situation */
351 }
354 /*
355 * check_timeouts - thread
356 *
357 * This implements a timeout surveillance for messages sent from the
358 * initiator to the master.
359 *
360 * If a message is started, this thread is triggered thru
361 * cond_signal(&check_timeout_cv) and we keep track of the numbers of
362 * messages that are outstanding (messages_on_their_way).
363 *
364 * As long as there are messages on their way, this thread never goes to sleep.
365 * It'll keep checking all class/set combinations for outstanding messages.
366 * If one is found, it's checked if this message is overdue. In that case,
367 * timeout_initiator() is called to wakeup the calling mdmn_send_message and
368 * to clean up the mess.
369 *
370 * If the result from the master arrives later, this message is considered
371 * to be unsolicited. And will be ignored.
372 */
374 void
376 {
377 set_t setno;
387 }
393 /* then is the registered time */
394 then =
398 }
400 }
401 }
402 /* it's ok to check only once per second */
405 /* is there work to do? */
410 }
412 }
413 }
415 void
417 {
420 /* Read in the debug-controlling tokens from runtime.cf */
422 /*
423 * If the user didn't specify a verbosity level in runtime.cf
424 * we can safely return here. As we don't intend to printout
425 * debug messages, we don't need to check for the output file.
426 */
429 }
431 /* if commdout is non-NULL it is an open FILE, we'd better close it */
434 }
438 /* setup the debug output */
440 /* if no valid file was specified, use the default */
444 /* check if the directory exists and is writable */
454 }
456 }
460 commdoutfile);
461 }
462 }
464 /*
465 * mdmn_is_node_dead checks to see if a node is dead using
466 * the SunCluster infrastructure which is a stable interface.
467 * If unable to contact SunCuster the node is assumed to be alive.
468 * Return values:
469 * 1 - node is dead
470 * 0 - node is alive
471 */
472 int
474 {
482 /* I know that I'm alive */
493 /* If scha_cluster_get returned DOWN - return dead */
496 }
498 }
501 }
503 /*
504 * global_init()
505 *
506 * Perform some global initializations.
507 *
508 * the following routines have to call this before operation can start:
509 * - mdmn_send_svc_2
510 * - mdmn_work_svc_2
511 * - mdmn_comm_lock_svc_2
512 * - mdmn_comm_unlock_svc_2
513 * - mdmn_comm_suspend_svc_2
514 * - mdmn_comm_resume_svc_2
515 * - mdmn_comm_reinit_set_svc_2
516 *
517 * This is a single threaded daemon, so it can only be in one of the above
518 * routines at the same time.
519 * This means, global_init() cannot be called more than once at the same time.
520 * Hence, no lock is needed.
521 */
522 void
524 {
525 set_t set;
533 /* Do these global initializations only once */
536 }
539 /* setup the debug options from the config file */
542 /* make sure that we don't run out of file descriptors */
547 }
549 /* Make setup_debug() be the action in case of SIGHUP */
559 /* start a thread that flushes out the debug on a regular basis */
563 /* global rwlock's / mutex's / cond_t's go here */
568 /* Make sure the initiator table is initialized correctly */
572 }
573 }
576 /* setup the check for timeouts */
581 }
584 /*
585 * mdmn_init_client(setno, nodeid)
586 * called if client[setno][nodeid] is NULL
587 *
588 * NOTE: Must be called with set_desc_rwlock held as a reader
589 * NOTE: Must be called with client_rwlock held as a writer
590 *
591 * If the rpc client for this node has not been setup for any set, we do it now.
592 *
593 * Returns 0 on success (node found in set, rpc client setup)
594 * -1 if metaget_setdesc failed,
595 * -2 if node not part of set
596 * -3 if clnt_create fails
597 */
598 static int
600 {
607 /*
608 * Is the appropriate set_descriptor already initialized ?
609 * Can't think of a scenario where this is not the case, but we'd better
610 * check for it anyway.
611 */
615 /* readlock -> writelock */
619 /* Only one thread is supposed to be in metaget_setdesc() */
624 /* back to ... */
626 /* ... readlock */
629 }
631 /* back to readlock */
634 }
636 /* first we have to find the node name for this node id */
640 }
648 }
653 /* Did this node join the diskset? */
659 }
661 /* if clnt_create has not been done for that node, do it now */
665 /*
666 * While trying to create a connection to a node,
667 * periodically check to see if the node has been marked
668 * dead by the SunCluster infrastructure.
669 * This periodic check is needed since a non-responsive
670 * rpc.mdcommd (while it is attempting to create a connection
671 * to a dead node) can lead to large delays and/or failures
672 * in the reconfig steps.
673 */
679 /* Is the node dead? */
687 }
693 }
694 /* this node has the license to send */
698 /* set the timeout value */
702 }
705 }
707 /*
708 * check_client(setno, nodeid)
709 *
710 * must be called with reader lock held for set_desc_rwlock[setno]
711 * and must be called with reader lock held for client_rwlock[setno]
712 * Checks if the client for this set/node combination is already setup
713 * if not it upgrades the lock to a writer lock
714 * and tries to initialize the client.
715 * Finally it's checked if the client nulled out again due to some race
716 *
717 * returns 0 if there is a usable client
718 * returns MDMNE_RPC_FAIL otherwise
719 */
720 static int
722 {
726 /* upgrade reader ... */
728 /* ... to writer lock. */
732 }
733 /* downgrade writer ... */
735 /* ... back to reader lock. */
737 }
739 }
741 /*
742 * mdmn_init_set(setno, todo)
743 * setno is the number of the set to be initialized.
744 * todo is one of the MDMN_SET_* thingies or MDMN_SET_READY
745 * If called with MDMN_SET_READY everything is initialized.
746 *
747 * If the set mutexes are already initialized, the caller has to hold
748 * both set_desc_rwlock[setno] and client_rwlock[setno] as a writer, before
749 * calling mdmn_init_set()
750 */
751 int
753 {
759 md_mn_nodeid_t nid;
761 /*
762 * Check if we are told to setup the mutexes and
763 * if these are not yet setup
764 */
779 }
781 }
786 caddr_t addr;
793 /*
794 * If the mct file exists we map it into memory.
795 * Otherwise we create an empty file of appropriate
796 * size and map that into memory.
797 * The mapped areas are stored in mct[setno].
798 */
804 }
805 /*
806 * Ensure that we are the only process that has this file
807 * mapped. If another instance of rpc.mdcommd has beaten us
808 * then we display the failing process and attempt to terminate
809 * it. The next call of this routine should establish us as
810 * the only rpc.mdcommd on the system.
811 */
830 }
832 /*
833 * Try to terminate other mdcommd process so that we
834 * can establish ourselves.
835 */
839 "rpc.mdcommd:"
843 "rpc.mdcommd:"
845 }
849 }
851 }
852 /*
853 * To ensure that the file has the appropriate size,
854 * we write a byte at the end of the file.
855 */
859 /* at this point we have a file in place that we can mmap */
865 errno);
867 }
868 /* LINTED pointer alignment */
871 /* finally we initialize the mutexes that protect the mct */
875 }
878 }
879 /*
880 * Check if we are told to setup the nodes and
881 * if these are not yet setup
882 * (Attention: negative logic here compared to above!)
883 */
887 }
893 }
895 /* flush local copy of rpc.metad data */
906 }
908 /*
909 * if this set is not a multinode set or
910 * this node didn't join yet the diskset, better don't do anything
911 */
916 }
932 setno);
934 }
937 /* already inited */
941 }
943 /*
944 * While trying to create a connection to a node,
945 * periodically check to see if the node has been marked
946 * dead by the SunCluster infrastructure.
947 * This periodic check is needed since a non-responsive
948 * rpc.mdcommd (while it is attempting to create a connection
949 * to a dead node) can lead to large delays and/or failures
950 * in the reconfig steps.
951 */
957 /* Is the node dead? */
965 }
969 /*
970 * If we cannot connect to a single node
971 * (maybe because it is down) we mark this node as not
972 * owned and continue with the next node in the list.
973 * This is better than failing the entire starting up
974 * of the commd system.
975 */
986 }
987 /* this node has the license to send */
991 /* set the timeout value */
997 }
1002 }
1006 {
1010 set_t setno;
1014 md_mn_nodeid_t set_master;
1024 /* set the sender, so the master knows who to send the results */
1032 /*
1033 * Here we check, if the initiator table slot for this set/class
1034 * combination is free to use.
1035 * If this is not the case, we return CLASS_BUSY forcing the
1036 * initiating send_message call to retry
1037 */
1040 md_mn_msgid_t active_mid;
1045 "send_to_work: received but locally busy "
1046 "(%d, 0x%llx-%d), set=%d, class=%d, type=%d, "
1052 "send_to_work: received (%d, 0x%llx-%d), "
1055 }
1060 /* is the rpc client to the master still around ? */
1066 }
1068 /*
1069 * Send the request to the work function on the master
1070 * this call will return immediately
1071 */
1073 set_master);
1075 /* Everything's Ok? */
1078 /*
1079 * Probably something happened to the daemon on the
1080 * master. Kill the client, and try again...
1081 */
1087 }
1092 /* something went wrong, break out */
1097 }
1102 /*
1103 * If we are here, we sucessfully delivered the message.
1104 * We register the initiator_table, so that
1105 * wakeup_initiator_2 can do the sendreply with the
1106 * results for us.
1107 */
1111 /* tell check_timeouts, there's work to do */
1113 messages_on_their_way++;
1117 }
1126 /* In case of failure do the sendreply now */
1130 /*
1131 * copy the MSGID so that we know _which_ message
1132 * failed (if the transp has got mangled)
1133 */
1140 /*
1141 * We don't have a timeout registered to wake us up, so we're
1142 * now done with this handle. Release it back to the pool.
1143 */
1146 }
1149 /* the alloc was done in mdmn_send_svc_2 */
1154 }
1156 /*
1157 * do_message_locally(msg, result)
1158 * Process a message locally on the master
1159 * Lookup the MCT if the message has already been processed.
1160 * If not, call the handler and store the result
1161 * If yes, retrieve the result from the MCT.
1162 * Return:
1163 * MDMNE_ACK in case of success
1164 * MDMNE_LOG_FAIL if the MCT could not be checked
1165 */
1166 static int
1168 {
1170 set_t setno;
1179 /* let the sender decide if this is an error or not */
1182 }
1194 /* message not yet processed locally */
1199 /*
1200 * Mark the message as being currently processed,
1201 * so we won't start a second handler for it
1202 */
1206 /* here we actually process the message on the master */
1213 /* Mark the message as fully processed, store the result */
1225 /* MCT error occurred (should never happen) */
1229 "mdmn_check_completion returned %d "
1233 }
1237 }
1239 /*
1240 * do_send_message(msg, node)
1241 *
1242 * Send a message to a given node and wait for a acknowledgment, that the
1243 * message has arrived on the remote node.
1244 * Make sure that the client for the set is setup correctly.
1245 * If no ACK arrives, destroy and recreate the RPC client and retry the
1246 * message one time
1247 * After actually sending wait no longer than the appropriate number of
1248 * before timing out the message.
1249 *
1250 * Note must be called with set_desc_wrlock held in reader mode
1251 */
1252 static int
1254 {
1259 set_t setno;
1263 md_mn_nodeid_t nid;
1264 md_mn_msgtype_t msgtype;
1274 retry_rpc:
1276 /* We try two times to send the message */
1279 /*
1280 * if sending the message doesn't succeed the first time due to a
1281 * RPC problem, we retry one time
1282 */
1284 /* in abort state, we error out immediately */
1287 }
1290 /* unable to create client? Ignore it */
1292 /*
1293 * In case we cannot establish an RPC client, we
1294 * take this node out of our considerations.
1295 * This will be reset by a reconfig
1296 * cycle that should come pretty soon.
1297 * MNISSUE: Should a reconfig cycle
1298 * be forced on SunCluster?
1299 */
1310 }
1311 /* let's be paranoid and check again before sending */
1313 /*
1314 * if this is true, strange enough, we catch our breath,
1315 * and then continue, so that the client is set up
1316 * once again.
1317 */
1322 }
1324 /* send it over, it will return immediately */
1331 "proc_mas: sending (%d,0x%llx-%d) to %d returned "
1336 "proc_mas: sending (%d,0x%llx-%d) to %d returned "
1339 }
1343 /*
1344 * Something happened to the daemon on the other side.
1345 * Kill the client, and try again.
1346 * check_client() will create a new client
1347 */
1352 }
1355 /* ... but don't try infinitely */
1358 }
1359 /*
1360 * If the class is locked on the other node, keep trying.
1361 * This situation will go away automatically,
1362 * if we wait long enough
1363 */
1369 }
1370 }
1373 }
1376 /* if the slave is in abort state, we just ignore it. */
1379 "proc_mas: work(%d,0x%llx-%d) returned "
1384 }
1386 /* Did the remote processing succeed? */
1388 /*
1389 * Some commd failure in the middle of sending the msg
1390 * to the nodes. We don't continue here.
1391 */
1397 }
1401 /*
1402 * When we are here, we have sent the message to the other node and
1403 * we know that node has accepted it.
1404 * We go to sleep and have trust to be woken up by wakeup.
1405 * If we wakeup due to a timeout, or a signal, no result has been
1406 * placed in the appropriate slot.
1407 * If we timeout, it is likely that this is because the node has
1408 * gone away, so we will destroy the client and try it again in the
1409 * expectation that the rpc will fail and we will return
1410 * MDMNE_IGNORE_NODE. If that is not the case, the message must still
1411 * be being processed on the slave. In this case just timeout for 4
1412 * more seconds and then return RPC_FAIL if the message is not complete.
1413 */
1420 /* everything's fine, return success */
1422 }
1426 "timeout occured, set=%d, class=%d, "
1430 timeout_retries++;
1431 /*
1432 * Destroy the client and try the rpc call again
1433 */
1439 }
1442 "commd signalled, set=%d, class=%d, "
1447 "cond_reltimedwait err=%d, set=%d, "
1451 }
1453 /* some failure happened */
1455 }
1457 /*
1458 * before we return we have to
1459 * free_msg(msg); because we are working on a copied message
1460 */
1461 void
1463 {
1468 set_t setno;
1474 md_mn_msgid_t dummyid;
1477 md_mn_nodeid_t sender;
1478 md_mn_nodeid_t set_master;
1505 /*
1506 * Put message into the change log unless told otherwise
1507 * Note that we only log original messages.
1508 * If they are generated by some smgen, we don't log them!
1509 * Replay messages aren't logged either.
1510 * Note, that replay messages are unlogged on completion.
1511 */
1518 /* msg logged successfully */
1523 }
1525 /* Same msg in the slot, proceed */
1530 }
1532 /* Oh, bad, the log is non functional. */
1534 /*
1535 * Note that the mark_busy was already done by
1536 * mdmn_work_svc_2()
1537 */
1542 }
1544 /*
1545 * The log is occupied with a different message
1546 * that needs to be played first.
1547 * We reject the current message with MDMNE_CLASS_BUSY
1548 * to the initiator and do not unbusy the set/class,
1549 * because we will proceed with the logged message,
1550 * which has the same set/class combination
1551 */
1553 }
1563 }
1573 }
1575 }
1579 /* we can't proceed here */
1588 /* proceed with the logged message */
1591 /*
1592 * The logged message has to have the same class but
1593 * type and sender can be different
1594 */
1599 "proc_mas: Got new message from change log: "
1603 /* continue normal operation with this message */
1604 }
1605 }
1607 proceed:
1610 /* no submessages to create, just use the original message */
1614 /* some bits are passed on to submessages */
1619 /* some settings for the submessages */
1623 /* Apply the inherited flags */
1626 /*
1627 * Make sure the submessage ID is set correctly
1628 * Note: first submessage has mid_smid of 1 (not 0)
1629 */
1632 /* need the original class set in msgID (for MCT) */
1634 }
1639 }
1640 /*
1641 * This big loop does the following.
1642 * For all messages:
1643 * process message on the master first (a message completion
1644 * table MCT ensures a message is not processed twice)
1645 * in case of an error break out of message loop
1646 * for all nodes -- unless MD_MSGF_NO_BCAST is set --
1647 * send message to node until that succeeds
1648 * merge result -- not yet implemented
1649 * respect MD_MSGF_STOP_ON_ERROR
1650 */
1663 /* If we are in the abort state, we error out immediately */
1666 }
1670 /*
1671 * If the current class is different from the original class,
1672 * we have to lock it down.
1673 * The original class is already marked busy.
1674 * At this point we cannot refuse the message because the
1675 * class is busy right now, so we wait until the class becomes
1676 * available again. As soon as something changes for this set
1677 * we will be cond_signal'ed (in mdmn_mark_class_unbusy)
1678 *
1679 * Granularity could be finer (setno/class)
1680 */
1686 }
1688 }
1696 /*
1697 * if appropriate, unbusy the class and
1698 * break out of the message loop
1699 */
1706 }
1708 }
1709 }
1714 /* No broadcast? => next message */
1716 /* if appropriate, unbusy the class */
1721 }
1723 }
1726 /* fake sender, so we get notified when the results are avail */
1728 /*
1729 * register to the master_table. It's needed by wakeup_master to
1730 * wakeup the sleeping thread.
1731 * Access is protected by the class lock: mdmn_mark_class_busy()
1732 */
1738 /* Send the message to all other nodes */
1743 /* We are master and have already processed the msg */
1746 }
1748 /* If this node didn't join the disk set, ignore it */
1751 }
1753 /* If a DIRECTED message, skip non-recipient nodes */
1757 }
1760 /*
1761 * Register the node that is addressed,
1762 * so we can detect unsolicited messages
1763 */
1767 /*
1768 * Now send it. do_send_message() will return if
1769 * a failure occurs or
1770 * the results are available
1771 */
1774 /* in abort state, we error out immediately */
1777 }
1780 slave_result =
1788 }
1792 /*
1793 * If the result is NULL, or err doesn't show success,
1794 * something went wrong with this RPC call.
1795 */
1797 /*
1798 * If PANIC_WHEN_INCONSISTENT set,
1799 * panic if the master succeeded while
1800 * this node failed
1801 */
1803 MD_MSGF_PANIC_WHEN_INCONSISTENT) &&
1807 slave_result);
1810 /* are we supposed to stop in case of error? */
1820 /* send msg to the next node */
1822 }
1824 }
1826 /*
1827 * Message processed on remote node.
1828 * If PANIC_WHEN_INCONSISTENT set, panic if the
1829 * result is different on this node from the result
1830 * on the master
1831 */
1833 MD_MSGF_PANIC_WHEN_INCONSISTENT) &&
1839 /*
1840 * At this point we know we have a message that was
1841 * processed on the remote node.
1842 * We now check if the exitval is non zero.
1843 * In that case we discard the previous result and
1844 * rather use the current.
1845 * This means: If a message fails on no node,
1846 * the result from the master will be returned.
1847 * There's currently no such thing as merge of results
1848 * If additionally STOP_ON_ERROR is set, we bail out
1849 */
1851 /* throw away the previously allocated result */
1854 /* copy_result() allocates new memory */
1864 }
1868 /*
1869 * MNIssue: may want to merge the results
1870 * from all slaves. Currently only report
1871 * the results from the master.
1872 */
1874 }
1880 /* release the current class again */
1885 }
1887 /* are we supposed to quit entirely ? */
1891 }
1894 /*
1895 * If we are here, there's two possibilities:
1896 * - we processed all messages on all nodes without an error.
1897 * In this case we return the result from the master.
1898 * (to be implemented: return the merged result)
1899 * - we encountered an error in which case result has been
1900 * set accordingly already.
1901 */
1905 }
1907 /*
1908 * This message has been processed completely.
1909 * Remove it from the changelog.
1910 * Do this for replay messages too.
1911 * Note that the message is unlogged before waking up the
1912 * initiator. This is done for two reasons.
1913 * 1. Remove a race condition that occurs when back to back
1914 * messages are sent for the same class, the registeration is
1915 * is lost.
1916 * 2. If the initiator died but the action was completed on all the
1917 * the nodes, we want that to be marked "done" quickly.
1918 */
1928 }
1930 /*
1931 * In case of submessages, we increased the submessage ID in the
1932 * result structure. We restore the message ID to the value that
1933 * the initiator is waiting for.
1934 */
1939 /* if we have an inited client, send result */
1948 sender);
1949 }
1960 }
1962 }
1965 /* Free all submessages, if there were any */
1969 }
1970 }
1971 /* Free the result */
1979 /*
1980 * We use this ioctl just to get the time in the same format as used in
1981 * the messageID. If it fails, all we get is a bad runtime output.
1982 */
1987 /* catching possible overflow */
1990 secdiff++;
1991 }
1998 /* Free the original message */
2000 }
2002 void
2004 {
2009 set_t setno;
2011 md_mn_nodeid_t sender;
2012 md_mn_nodeid_t whoami;
2013 md_mn_msgtype_t msgtype;
2043 /* let the sender decide if this is an error or not */
2050 /* Did we already process this message ? */
2055 /* message not yet processed locally */
2060 /*
2061 * Mark the message as being currently processed,
2062 * so we won't start a second handler for it
2063 */
2065 MDMN_MCT_IN_PROGRESS);
2075 /* Mark the message as fully done, store the result */
2079 /* message processed previously, got result from MCT */
2084 /*
2085 * If the message is curruntly being processed,
2086 * we can return here, without sending a result back.
2087 * This will be done by the initial message handling
2088 * thread
2089 */
2099 /* MCT error occurred (should never happen) */
2104 }
2106 }
2108 /*
2109 * At this point we have a result (even in an error case)
2110 * that we return to the master.
2111 */
2120 /*
2121 * If we cannot setup the rpc connection to the master,
2122 * we can't do anything besides logging this fact.
2123 */
2131 /*
2132 * if mdmn_wakeup_master_2 returns NULL, it can be that
2133 * the master (or the commd on the master) had died.
2134 * In that case, we destroy the client to the master
2135 * and retry.
2136 * If mdmn_wakeup_master_2 doesn't return MDMNE_ACK,
2137 * the commd on the master is alive but
2138 * something else is wrong,
2139 * in that case a retry doesn't make sense => break out
2140 */
2144 /* release reader lock, grab writer lock */
2150 }
2152 retries--;
2156 }
2165 }
2166 }
2167 }
2177 }
2180 /*
2181 * mdmn_send_svc_2:
2182 * ---------------
2183 * Check that the issuing node is a legitimate one (i.e. is licensed to send
2184 * messages to us), that the RPC request can be staged.
2185 *
2186 * Returns:
2187 * 0 => no RPC request is in-flight, no deferred svc_sendreply()
2188 * 1 => queued RPC request in-flight. Completion will be made (later)
2189 * by a wakeup_initiator_2() [hopefully]
2190 */
2191 int
2193 {
2195 set_t setno;
2208 /* If we are in the abort state, we error out immediately */
2216 }
2218 /* check if the global initialization is done */
2221 }
2227 /* Check for verbosity related message */
2233 /* everytime the bitmask is set, we reset the timer */
2235 /*
2236 * If local-only-flag is set, we are done here,
2237 * otherwise we pass that message on to the master.
2238 */
2247 }
2248 }
2250 /*
2251 * Are we entering the abort state?
2252 * Here we don't even need to check for MD_MSGF_LOCAL_ONLY, because
2253 * this message cannot be distributed anyway.
2254 * So, it's safe to return immediately.
2255 */
2264 }
2267 /*
2268 * Is this message type blocked?
2269 * If so we return MDMNE_CLASS_LOCKED, immediately
2270 */
2278 "send: type locked (%d, 0x%llx-%d), set=%d, class=%d, "
2282 }
2286 /* Can only use the appropriate mutexes if they are inited */
2295 }
2298 /* couldn't initialize connections, cannot proceed */
2308 }
2309 }
2321 "send: class suspended (%d, 0x%llx-%d), set=%d, "
2325 }
2328 /* is this rpc request coming from the local node? */
2332 "send: check licence fail(%d, 0x%llx-%d), set=%d, "
2336 }
2339 /*
2340 * We allocate a structure that can take two pointers in order to pass
2341 * both the message and the transp into thread_create.
2342 * The free for this alloc is done in mdmn_send_to_work()
2343 */
2348 /*
2349 * create a thread here that calls work on the master.
2350 * If we are already on the master, this would block if running
2351 * in the same context. (our service is single threaded)(
2352 * Make it a detached thread because it will not communicate with
2353 * anybody thru thr_* mechanisms
2354 */
2360 /*
2361 * We return here without sending results. This will be done by
2362 * mdmn_wakeup_initiator_svc_2() as soon as the results are available.
2363 * Until then the calling send_message will be blocked, while we
2364 * are able to take calls.
2365 */
2368 }
2370 /* ARGSUSED */
2373 {
2375 set_t setno;
2376 thread_t tid;
2383 /* If we are in the abort state, we error out immediately */
2388 }
2393 /*
2394 * Is this message type blocked?
2395 * If so we return MDMNE_CLASS_LOCKED, immediately.
2396 * This check is performed on master and slave.
2397 */
2401 }
2403 /* check if the global initialization is done */
2406 }
2412 /* Can only use the appropriate mutexes if they are inited */
2421 }
2427 }
2428 }
2430 /* is this rpc request coming from a licensed node? */
2435 }
2438 "work: received (%d, 0x%llx-%d), set=%d, class=%d, type=%d, "
2443 /* Check for various CLASS0 message types */
2448 /* for now we ignore set / class in md_mn_verbose_t */
2450 /* everytime the bitmask is set, we reset the timer */
2452 }
2456 /* check if class is locked via a call to mdmn_comm_lock_svc_2 */
2462 }
2465 /* Check if the class is busy right now. Do it only on the master */
2469 /*
2470 * If the class is currently suspended, don't accept new
2471 * messages, unless they are flagged with an override bit.
2472 */
2482 }
2488 }
2490 /*
2491 * Because the real processing of the message takes time we
2492 * create a thread for it. So the master thread can continue
2493 * to run and accept further messages.
2494 */
2503 }
2509 }
2511 /* Now run the new thread */
2520 }
2522 /* ARGSUSED */
2525 {
2529 set_t setno;
2532 md_mn_msgid_t initiator_table_id;
2537 /* check if the global initialization is done */
2540 }
2545 /* set not ready means we just crashed are restarted now */
2546 /* Can only use the appropriate mutexes if they are inited */
2555 }
2561 }
2562 }
2564 /* is this rpc request coming from a licensed node? */
2569 }
2581 /*
2582 * Search the initiator wakeup table.
2583 * If we find an entry here (which should always be true)
2584 * we are on the initiating node and we wakeup the original
2585 * local rpc call.
2586 */
2604 }
2606 /* less work for check_timeouts */
2613 messages_on_their_way--;
2614 }
2619 }
2622 /*
2623 * res must be free'd by the thread we wake up
2624 */
2625 /* ARGSUSED */
2628 {
2632 set_t setno;
2635 md_mn_msgid_t master_table_id;
2636 md_mn_nodeid_t sender;
2642 /* check if the global initialization is done */
2645 }
2647 /* Need to copy the results here, as they are static for RPC */
2655 /* set not ready means we just crashed are restarted now */
2656 /* Can only use the appropriate mutexes if they are inited */
2665 }
2671 }
2672 }
2674 /* is this rpc request coming from a licensed node? */
2679 }
2683 "wake_mas: received (%d, 0x%llx-%d) set=%d, class=%d, type=%d "
2687 /*
2688 * The mutex and cv are needed for waking up the thread
2689 * sleeping in mdmn_master_process_msg()
2690 */
2694 /*
2695 * lookup the master wakeup table
2696 * If we find our message, we are on the master and
2697 * called by a slave that finished processing a message.
2698 * We store the results in the appropriate slot and
2699 * wakeup the thread (mdmn_master_process_msg()) waiting for them.
2700 */
2711 /* id is correct but wrong sender (I smell a timeout) */
2713 "wakeup master got unsolicited message: "
2718 }
2720 /* id is wrong, smells like a very late timeout */
2722 "wakeup master got unsolicited message: "
2728 }
2733 }
2735 /*
2736 * Lock a set/class combination.
2737 * This is mainly done for debug purpose.
2738 * This set/class combination immediately is blocked,
2739 * even in the middle of sending messages to multiple slaves.
2740 * This remains until the user issues a mdmn_comm_unlock_svc_2 for the same
2741 * set/class combination.
2742 *
2743 * Special messages of class MD_MSG_CLASS0 can never be locked.
2744 * e.g. MD_MN_MSG_VERBOSITY, MD_MN_MSG_ABORT
2745 *
2746 * That means, if MD_MSG_CLASS0 is specified, we lock all classes from
2747 * >= MD_MSG_CLASS1 to < MD_MN_NCLASSES
2748 *
2749 * set must be between 1 and MD_MAXSETS
2750 * class can be:
2751 * MD_MSG_CLASS0 which means all other classes in this case
2752 * or one specific class (< MD_MN_NCLASSES)
2753 *
2754 * Returns:
2755 * MDMNE_ACK on sucess (locking a locked class is Ok)
2756 * MDMNE_EINVAL if a parameter is out of range
2757 */
2759 /* ARGSUSED */
2762 {
2769 /* check if the global initialization is done */
2772 }
2774 /* is this rpc request coming from the local node ? */
2779 }
2781 /* Perform some range checking */
2786 }
2793 /* MD_MSG_CLASS0 is used as a wild card for all classes */
2796 }
2797 }
2802 }
2804 /*
2805 * Unlock a set/class combination.
2806 * set must be between 1 and MD_MAXSETS
2807 * class can be:
2808 * MD_MSG_CLASS0 which means all other classes in this case (like above)
2809 * or one specific class (< MD_MN_NCLASSES)
2810 *
2811 * Returns:
2812 * MDMNE_ACK on sucess (unlocking an unlocked class is Ok)
2813 * MDMNE_EINVAL if a parameter is out of range
2814 */
2815 /* ARGSUSED */
2818 {
2825 /* check if the global initialization is done */
2828 }
2830 /* is this rpc request coming from the local node ? */
2835 }
2837 /* Perform some range checking */
2842 }
2849 /* MD_MSG_CLASS0 is used as a wild card for all classes */
2852 }
2853 }
2858 }
2860 /*
2861 * mdmn_comm_suspend_svc_2(setno, class)
2862 *
2863 * Drain all outstanding messages for a given set/class combination
2864 * and don't allow new messages to be processed.
2865 *
2866 * Special messages of class MD_MSG_CLASS0 can never be locked.
2867 * e.g. MD_MN_MSG_VERBOSITY
2868 *
2869 * 1 <= setno < MD_MAXSETS or setno == MD_COMM_ALL_SETS
2870 * 1 <= class < MD_MN_NCLASSES or class == MD_COMM_ALL_CLASSES
2871 *
2872 * If class _is_not_ MD_COMM_ALL_CLASSES, then we simply mark this
2873 * one class as being suspended.
2874 * If messages for this class are currently on their way,
2875 * MDMNE_SET_NOT_DRAINED is returned. Otherwise MDMNE_ACK is returned.
2876 *
2877 * If class _is_ MD_COMM_ALL_CLASSES we drain all classes of this set.
2878 * Messages must be generated in ascending order.
2879 * This means, a message cannot create submessages with the same or lower class.
2880 * Draining messages must go from 1 to NCLASSES in order to ensure we don't
2881 * generate a hanging situation here.
2882 * We mark class 1 as being suspended.
2883 * if the class is not busy, we proceed with class 2
2884 * and so on
2885 * if a class *is* busy, we cannot continue here, but return
2886 * MDMNE_SET_NOT_DRAINED.
2887 * We expect the caller to hold on for some seconds and try again.
2888 * When that message, that held the class busy is done in
2889 * mdmn_master_process_msg(), mdmn_mark_class_unbusy() called.
2890 * There it is checked if the class is about to drain.
2891 * In that case it tries to drain all higher classes there.
2892 *
2893 * If setno is MD_COMM_ALL_SETS then we perform this on all possible sets.
2894 * In that case we return MDMNE_SET_NOT_DRAINED if not all sets are
2895 * completely drained.
2896 *
2897 * Returns:
2898 * MDMNE_ACK on sucess (set is drained, no outstanding messages)
2899 * MDMNE_SET_NOT_DRAINED if drain process is started, but there are
2900 * still outstanding messages for this set(s)
2901 * MDMNE_EINVAL if setno is out of range
2902 * MDMNE_NOT_JOINED if the set is not yet initialized on this node
2903 */
2905 /* ARGSUSED */
2908 {
2914 #ifdef NOT_YET_NEEDED
2921 /* check if the global initialization is done */
2924 }
2926 /* is this rpc request coming from the local node ? */
2931 }
2936 /* Perform some range checking */
2941 }
2943 /* setno == MD_COMM_ALL_SETS means: we walk thru all possible sets. */
2950 }
2953 /* Here we need the mutexes for the set to be setup */
2956 }
2959 /* shall we drain all classes of this set? */
2968 failure++;
2969 }
2970 }
2972 /* only drain one specific class */
2977 MDMN_SUSPEND_1);
2979 failure++;
2980 }
2981 }
2983 }
2984 /* If one or more sets are not entirely drained, failure is non-zero */
2991 }
2994 }
2996 /*
2997 * mdmn_comm_resume_svc_2(setno, class)
2998 *
2999 * Resume processing messages for a given set.
3000 * This incorporates the repeal of a previous suspend operation.
3001 *
3002 * 1 <= setno < MD_MAXSETS or setno == MD_COMM_ALL_SETS
3003 * 1 <= class < MD_MN_NCLASSES or class == MD_COMM_ALL_CLASSES
3004 *
3005 * If class _is_not_ MD_COMM_ALL_CLASSES, then we simply mark this
3006 * one class as being resumed.
3007 *
3008 * If class _is_ MD_COMM_ALL_CLASSES we resume all classes of this set.
3009 *
3010 * If setno is MD_COMM_ALL_SETS then we perform this on all possible sets.
3011 *
3012 * If both setno is MD_COMM_ALL_SETS and class is MD_COMM_ALL_CLASSES we also
3013 * reset any ABORT flag from the global state.
3014 *
3015 * Returns:
3016 * MDMNE_ACK on sucess (resuming an unlocked set is Ok)
3017 * MDMNE_EINVAL if setno is out of range
3018 * MDMNE_NOT_JOINED if the set is not yet initialized on this node
3019 */
3020 /* ARGSUSED */
3023 {
3033 /* check if the global initialization is done */
3036 }
3038 /* is this rpc request coming from the local node ? */
3043 }
3048 /* Perform some range checking */
3052 }
3058 /* This is the point where we "unabort" the commd */
3061 }
3065 }
3069 /* Here we need the mutexes for the set to be setup */
3072 }
3078 /*
3079 * When SUSPENDing all classes, we go
3080 * from 1 to MD_MN_NCLASSES-1
3081 * The correct reverse action is RESUMing
3082 * from MD_MN_NCLASSES-1 to 1 (or 2)
3083 */
3087 }
3089 /*
3090 * Then mark all classes of this set as no longer
3091 * suspended. This supersedes any previous suspend(1)
3092 * calls and resumes the set entirely.
3093 */
3101 }
3103 /*
3104 * In this case only one class is marked as not
3105 * suspended. If a suspend(all) is currently active for
3106 * this set, this class will still be suspended.
3107 * That state will be cleared by a suspend(all)
3108 * (see above)
3109 */
3114 }
3117 }
3121 }
3122 /* ARGSUSED */
3125 {
3132 /* check if the global initialization is done */
3135 }
3137 /* is this rpc request coming from the local node ? */
3142 }
3147 /*
3148 * We assume, that all messages have been suspended previously.
3149 *
3150 * As we are modifying lots of clients here we grab the client_rwlock
3151 * in writer mode. This ensures, no new messages come in.
3152 */
3154 /* This set is no longer initialized */
3158 /* destroy all rpc clients from this set */
3161 /*
3162 * Since the CLIENT for ourself will be recreated
3163 * shortly, and this node is guaranteed to be
3164 * there after a reconfig, there's no reason to go
3165 * through destroying it. It also avoids an issue
3166 * with calling clnt_create() later from within the
3167 * server thread, which can effectively deadlock
3168 * itself due to RPC design limitations.
3169 */
3175 }
3176 }
3178 }
3186 }
3188 /*
3189 * This is just an interface for testing purpose.
3190 * Here we can disable single message types.
3191 * If we block a message type, this is valid for all MN sets.
3192 * If a message arrives later, and it's message type is blocked, it will
3193 * be returned immediately with MDMNE_CLASS_LOCKED, which causes the sender to
3194 * resend this message over and over again.
3195 */
3197 /* ARGSUSED */
3200 {
3207 /* check if the global initialization is done */
3210 }
3212 /* is this rpc request coming from the local node ? */
3217 }
3219 /* Perform some range checking */
3223 }
3230 }