1 <?xml version="1.0" encoding="iso-8859-1"?>
3 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
4 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
6 <refentry id="ctdb-tunables.7">
9 <refentrytitle>ctdb-tunables</refentrytitle>
10 <manvolnum>7</manvolnum>
11 <refmiscinfo class="source">ctdb</refmiscinfo>
12 <refmiscinfo class="manual">CTDB - clustered TDB database</refmiscinfo>
16 <refname>ctdb-tunables</refname>
17 <refpurpose>CTDB tunable configuration variables</refpurpose>
21 <title>DESCRIPTION</title>
24 CTDB's behaviour can be configured by setting run-time tunable
25 variables. This lists and describes all tunables. See the
26 <citerefentry><refentrytitle>ctdb</refentrytitle>
27 <manvolnum>1</manvolnum></citerefentry>
28 <command>listvars</command>, <command>setvar</command> and
29 <command>getvar</command> commands for more details.
33 Unless otherwise stated, tunables should be set to the same
34 value on all nodes. Setting tunables to different values across
35 nodes may produce unexpected results. Future releases may set
36 (some or most) tunables globally across the cluster but doing so
37 is currently a manual process.
41 Tunables can be set at startup from the
42 <filename>/usr/local/etc/ctdb/ctdb.tunables</filename>
46 <replaceable>TUNABLE</replaceable>=<replaceable>VALUE</replaceable>
53 <screen format="linespecific">
59 The available tunable variables are listed alphabetically below.
63 <title>AllowClientDBAttach</title>
64 <para>Default: 1</para>
66 When set to 0, clients are not allowed to attach to any databases.
67 This can be used to temporarily block any new processes from
68 attaching to and accessing the databases. This is mainly used
69 for detaching a volatile database using 'ctdb detach'.
74 <title>AllowMixedVersions</title>
75 <para>Default: 0</para>
77 CTDB will not allow incompatible versions to co-exist in
78 a cluster. If a version mismatch is found, then losing CTDB
79 will shutdown. To disable the incompatible version check,
80 set this tunable to 1.
83 For version checking, CTDB uses major and minor version.
84 For example, CTDB 4.6.1 and CTDB 4.6.2 are matching versions;
85 CTDB 4.5.x and CTDB 4.6.y do not match.
88 CTDB with version check support will lose to CTDB without
89 version check support. Between two different CTDB versions with
90 version check support, one running for less time will lose.
91 If the running time for both CTDB versions with version check
92 support is equal (to seconds), then the older version will lose.
93 The losing CTDB daemon will shutdown.
98 <title>AllowUnhealthyDBRead</title>
99 <para>Default: 0</para>
101 When set to 1, ctdb allows database traverses to read unhealthy
102 databases. By default, ctdb does not allow reading records from
108 <title>ControlTimeout</title>
109 <para>Default: 60</para>
111 This is the default setting for timeout for when sending a
112 control message to either the local or a remote ctdb daemon.
117 <title>DatabaseHashSize</title>
118 <para>Default: 100001</para>
120 Number of the hash chains for the local store of the tdbs that
126 <title>DatabaseMaxDead</title>
127 <para>Default: 5</para>
129 Maximum number of dead records per hash chain for the tdb databses
135 <title>DBRecordCountWarn</title>
136 <para>Default: 100000</para>
138 When set to non-zero, ctdb will log a warning during recovery if
139 a database has more than this many records. This will produce a
140 warning if a database grows uncontrollably with orphaned records.
145 <title>DBRecordSizeWarn</title>
146 <para>Default: 10000000</para>
148 When set to non-zero, ctdb will log a warning during recovery
149 if a single record is bigger than this size. This will produce
150 a warning if a database record grows uncontrollably.
155 <title>DBSizeWarn</title>
156 <para>Default: 1000000000</para>
158 When set to non-zero, ctdb will log a warning during recovery if
159 a database size is bigger than this. This will produce a warning
160 if a database grows uncontrollably.
165 <title>DeferredAttachTO</title>
166 <para>Default: 120</para>
168 When databases are frozen we do not allow clients to attach to
169 the databases. Instead of returning an error immediately to the
170 client, the attach request from the client is deferred until
171 the database becomes available again at which stage we respond
175 This timeout controls how long we will defer the request from the
176 client before timing it out and returning an error to the client.
181 <title>ElectionTimeout</title>
182 <para>Default: 3</para>
184 The number of seconds to wait for the election of recovery
185 master to complete. If the election is not completed during this
186 interval, then that round of election fails and ctdb starts a
192 <title>EnableBans</title>
193 <para>Default: 1</para>
195 This parameter allows ctdb to ban a node if the node is misbehaving.
198 When set to 0, this disables banning completely in the cluster
199 and thus nodes can not get banned, even it they break. Don't
200 set to 0 unless you know what you are doing.
205 <title>EventScriptTimeout</title>
206 <para>Default: 30</para>
208 Maximum time in seconds to allow an event to run before timing
209 out. This is the total time for all enabled scripts that are
210 run for an event, not just a single event script.
213 Note that timeouts are ignored for some events ("takeip",
214 "releaseip", "startrecovery", "recovered") and converted to
215 success. The logic here is that the callers of these events
216 implement their own additional timeout.
221 <title>FetchCollapse</title>
222 <para>Default: 1</para>
224 This parameter is used to avoid multiple migration requests for
225 the same record from a single node. All the record requests for
226 the same record are queued up and processed when the record is
227 migrated to the current node.
230 When many clients across many nodes try to access the same record
231 at the same time this can lead to a fetch storm where the record
232 becomes very active and bounces between nodes very fast. This
233 leads to high CPU utilization of the ctdbd daemon, trying to
234 bounce that record around very fast, and poor performance.
235 This can improve performance and reduce CPU utilization for
241 <title>HopcountMakeSticky</title>
242 <para>Default: 50</para>
244 For database(s) marked STICKY (using 'ctdb setdbsticky'),
245 any record that is migrating so fast that hopcount
246 exceeds this limit is marked as STICKY record for
247 <varname>StickyDuration</varname> seconds. This means that
248 after each migration the sticky record will be kept on the node
249 <varname>StickyPindown</varname>milliseconds and prevented from
250 being migrated off the node.
253 This will improve performance for certain workloads, such as
254 locking.tdb if many clients are opening/closing the same file
260 <title>IPAllocAlgorithm</title>
261 <para>Default: 2</para>
263 Selects the algorithm that CTDB should use when doing public
264 IP address allocation. Meaningful values are:
271 Deterministic IP address allocation.
274 This is a simple and fast option. However, it can cause
275 unnecessary address movement during fail-over because
276 each address has a "home" node. Works badly when some
277 nodes do not have any addresses defined. Should be used
278 with care when addresses are defined across multiple
287 Non-deterministic IP address allocation.
290 This is a relatively fast option that attempts to do a
291 minimise unnecessary address movements. Addresses do
292 not have a "home" node. Rebalancing is limited but it
293 usually adequate. Works badly when addresses are
294 defined across multiple networks.
302 LCP2 IP address allocation.
305 Uses a heuristic to assign addresses defined across
306 multiple networks, usually balancing addresses on each
307 network evenly across nodes. Addresses do not have a
308 "home" node. Minimises unnecessary address movements.
309 The algorithm is complex, so is slower than other
310 choices for a large number of addresses. However, it
311 can calculate an optimal assignment of 900 addresses in
312 under 10 seconds on modern hardware.
318 If the specified value is not one of these then the default
324 <title>KeepaliveInterval</title>
325 <para>Default: 5</para>
327 How often in seconds should the nodes send keep-alive packets to
333 <title>KeepaliveLimit</title>
334 <para>Default: 5</para>
336 After how many keepalive intervals without any traffic should
337 a node wait until marking the peer as DISCONNECTED.
340 If a node has hung, it can take
341 <varname>KeepaliveInterval</varname> *
342 (<varname>KeepaliveLimit</varname> + 1) seconds before
343 ctdb determines that the node is DISCONNECTED and performs
344 a recovery. This limit should not be set too high to enable
345 early detection and avoid any application timeouts (e.g. SMB1)
346 to kick in before the fail over is completed.
351 <title>LockProcessesPerDB</title>
352 <para>Default: 200</para>
354 This is the maximum number of lock helper processes ctdb will
355 create for obtaining record locks. When ctdb cannot get a record
356 lock without blocking, it creates a helper process that waits
357 for the lock to be obtained.
362 <title>LogLatencyMs</title>
363 <para>Default: 0</para>
365 When set to non-zero, ctdb will log if certains operations
366 take longer than this value, in milliseconds, to complete.
367 These operations include "process a record request from client",
368 "take a record or database lock", "update a persistent database
369 record" and "vacuum a database".
374 <title>MaxQueueDropMsg</title>
375 <para>Default: 1000000</para>
377 This is the maximum number of messages to be queued up for
378 a client before ctdb will treat the client as hung and will
379 terminate the client connection.
384 <title>MonitorInterval</title>
385 <para>Default: 15</para>
387 How often should ctdb run the 'monitor' event in seconds to check
393 <title>MonitorTimeoutCount</title>
394 <para>Default: 20</para>
396 How many 'monitor' events in a row need to timeout before a node
397 is flagged as UNHEALTHY. This setting is useful if scripts can
398 not be written so that they do not hang for benign reasons.
403 <title>NoIPFailback</title>
404 <para>Default: 0</para>
406 When set to 1, ctdb will not perform failback of IP addresses
407 when a node becomes healthy. When a node becomes UNHEALTHY,
408 ctdb WILL perform failover of public IP addresses, but when the
409 node becomes HEALTHY again, ctdb will not fail the addresses back.
412 Use with caution! Normally when a node becomes available to the
413 cluster ctdb will try to reassign public IP addresses onto the
414 new node as a way to distribute the workload evenly across the
415 clusternode. Ctdb tries to make sure that all running nodes have
416 approximately the same number of public addresses it hosts.
419 When you enable this tunable, ctdb will no longer attempt to
420 rebalance the cluster by failing IP addresses back to the new
421 nodes. An unbalanced cluster will therefore remain unbalanced
422 until there is manual intervention from the administrator. When
423 this parameter is set, you can manually fail public IP addresses
424 over to the new node(s) using the 'ctdb moveip' command.
429 <title>NoIPTakeover</title>
430 <para>Default: 0</para>
432 When set to 1, ctdb will not allow IP addresses to be failed
433 over to other nodes. Any IP addresses already hosted on
434 healthy nodes will remain. Any IP addresses hosted on
435 unhealthy nodes will be released by unhealthy nodes and will
441 <title>PullDBPreallocation</title>
442 <para>Default: 10*1024*1024</para>
444 This is the size of a record buffer to pre-allocate for sending
445 reply to PULLDB control. Usually record buffer starts with size
446 of the first record and gets reallocated every time a new record
447 is added to the record buffer. For a large number of records,
448 this can be very inefficient to grow the record buffer one record
454 <title>QueueBufferSize</title>
455 <para>Default: 1024</para>
457 This is the maximum amount of data (in bytes) ctdb will read
458 from a socket at a time.
461 For a busy setup, if ctdb is not able to process the TCP sockets
462 fast enough (large amount of data in Recv-Q for tcp sockets),
463 then this tunable value should be increased. However, large
464 values can keep ctdb busy processing packets and prevent ctdb
465 from handling other events.
470 <title>RecBufferSizeLimit</title>
471 <para>Default: 1000000</para>
473 This is the limit on the size of the record buffer to be sent
474 in various controls. This limit is used by new controls used
475 for recovery and controls used in vacuuming.
480 <title>RecdFailCount</title>
481 <para>Default: 10</para>
483 If the recovery daemon has failed to ping the main daemon for
484 this many consecutive intervals, the main daemon will consider
485 the recovery daemon as hung and will try to restart it to recover.
490 <title>RecdPingTimeout</title>
491 <para>Default: 60</para>
493 If the main daemon has not heard a "ping" from the recovery daemon
494 for this many seconds, the main daemon will log a message that
495 the recovery daemon is potentially hung. This also increments a
496 counter which is checked against <varname>RecdFailCount</varname>
497 for detection of hung recovery daemon.
502 <title>RecLockLatencyMs</title>
503 <para>Default: 1000</para>
505 When using a reclock file for split brain prevention, if set
506 to non-zero this tunable will make the recovery daemon log a
507 message if the fcntl() call to lock/testlock the recovery file
508 takes longer than this number of milliseconds.
513 <title>RecoverInterval</title>
514 <para>Default: 1</para>
516 How frequently in seconds should the recovery daemon perform the
517 consistency checks to determine if it should perform a recovery.
522 <title>RecoverTimeout</title>
523 <para>Default: 120</para>
525 This is the default setting for timeouts for controls when sent
526 from the recovery daemon. We allow longer control timeouts from
527 the recovery daemon than from normal use since the recovery
528 daemon often use controls that can take a lot longer than normal
534 <title>RecoveryBanPeriod</title>
535 <para>Default: 300</para>
537 The duration in seconds for which a node is banned if the node
538 fails during recovery. After this time has elapsed the node will
539 automatically get unbanned and will attempt to rejoin the cluster.
542 A node usually gets banned due to real problems with the node.
543 Don't set this value too small. Otherwise, a problematic node
544 will try to re-join cluster too soon causing unnecessary recoveries.
549 <title>RecoveryDropAllIPs</title>
550 <para>Default: 120</para>
552 If a node is stuck in recovery, or stopped, or banned, for this
553 many seconds, then ctdb will release all public addresses on
559 <title>RecoveryGracePeriod</title>
560 <para>Default: 120</para>
562 During recoveries, if a node has not caused recovery failures
563 during the last grace period in seconds, any records of
564 transgressions that the node has caused recovery failures will be
565 forgiven. This resets the ban-counter back to zero for that node.
570 <title>RepackLimit</title>
571 <para>Default: 10000</para>
573 During vacuuming, if the number of freelist records are more than
574 <varname>RepackLimit</varname>, then the database is repacked
575 to get rid of the freelist records to avoid fragmentation.
580 <title>RerecoveryTimeout</title>
581 <para>Default: 10</para>
583 Once a recovery has completed, no additional recoveries are
584 permitted until this timeout in seconds has expired.
589 <title>SeqnumInterval</title>
590 <para>Default: 1000</para>
592 Some databases have seqnum tracking enabled, so that samba will
593 be able to detect asynchronously when there has been updates
594 to the database. Every time a database is updated its sequence
598 This tunable is used to specify in milliseconds how frequently
599 ctdb will send out updates to remote nodes to inform them that
600 the sequence number is increased.
605 <title>StatHistoryInterval</title>
606 <para>Default: 1</para>
608 Granularity of the statistics collected in the statistics
609 history. This is reported by 'ctdb stats' command.
614 <title>StickyDuration</title>
615 <para>Default: 600</para>
617 Once a record has been marked STICKY, this is the duration in
618 seconds, the record will be flagged as a STICKY record.
623 <title>StickyPindown</title>
624 <para>Default: 200</para>
626 Once a STICKY record has been migrated onto a node, it will be
627 pinned down on that node for this number of milliseconds. Any
628 request from other nodes to migrate the record off the node will
634 <title>TakeoverTimeout</title>
635 <para>Default: 9</para>
637 This is the duration in seconds in which ctdb tries to complete IP
643 <title>TickleUpdateInterval</title>
644 <para>Default: 20</para>
646 Every <varname>TickleUpdateInterval</varname> seconds, ctdb
647 synchronizes the client connection information across nodes.
652 <title>TraverseTimeout</title>
653 <para>Default: 20</para>
655 This is the duration in seconds for which a database traverse
656 is allowed to run. If the traverse does not complete during
657 this interval, ctdb will abort the traverse.
662 <title>VacuumFastPathCount</title>
663 <para>Default: 60</para>
665 During a vacuuming run, ctdb usually processes only the records
666 marked for deletion also called the fast path vacuuming. After
667 finishing <varname>VacuumFastPathCount</varname> number of fast
668 path vacuuming runs, ctdb will trigger a scan of complete database
669 for any empty records that need to be deleted.
674 <title>VacuumInterval</title>
675 <para>Default: 10</para>
677 Periodic interval in seconds when vacuuming is triggered for
683 <title>VacuumMaxRunTime</title>
684 <para>Default: 120</para>
686 The maximum time in seconds for which the vacuuming process is
687 allowed to run. If vacuuming process takes longer than this
688 value, then the vacuuming process is terminated.
693 <title>VerboseMemoryNames</title>
694 <para>Default: 0</para>
696 When set to non-zero, ctdb assigns verbose names for some of
697 the talloc allocated memory objects. These names are visible
698 in the talloc memory report generated by 'ctdb dumpmemory'.
705 <title>FILES></title>
708 <member><filename>/usr/local/etc/ctdb/ctdb.tunables</filename></member>
713 <title>SEE ALSO</title>
715 <citerefentry><refentrytitle>ctdb</refentrytitle>
716 <manvolnum>1</manvolnum></citerefentry>,
718 <citerefentry><refentrytitle>ctdbd</refentrytitle>
719 <manvolnum>1</manvolnum></citerefentry>,
721 <citerefentry><refentrytitle>ctdb.conf</refentrytitle>
722 <manvolnum>5</manvolnum></citerefentry>,
724 <citerefentry><refentrytitle>ctdb</refentrytitle>
725 <manvolnum>7</manvolnum></citerefentry>,
727 <ulink url="http://ctdb.samba.org/"/>
734 This documentation was written by
743 <holder>Andrew Tridgell</holder>
744 <holder>Ronnie Sahlberg</holder>
748 This program is free software; you can redistribute it and/or
749 modify it under the terms of the GNU General Public License as
750 published by the Free Software Foundation; either version 3 of
751 the License, or (at your option) any later version.
754 This program is distributed in the hope that it will be
755 useful, but WITHOUT ANY WARRANTY; without even the implied
756 warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
757 PURPOSE. See the GNU General Public License for more details.
760 You should have received a copy of the GNU General Public
761 License along with this program; if not, see
762 <ulink url="http://www.gnu.org/licenses"/>.