| blob | 13949cac38893dc6047d2c83fad3aeb84ec1d4ae |
1 /*
2 ctdb recovery daemon
4 Copyright (C) Ronnie Sahlberg 2007
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, see <http://www.gnu.org/licenses/>.
18 */
33 /* most recent reload all ips request we need to perform during the
34 next monitoring loop
35 */
38 /* list of "ctdb ipreallocate" processes to call back when we have
39 finished the takeover run.
40 */
44 };
49 };
51 /*
52 private state of recovery daemon
53 */
73 };
75 #define CONTROL_TIMEOUT() timeval_current_ofs(ctdb->tunable.recover_timeout, 0)
76 #define MONITOR_TIMEOUT() timeval_current_ofs(ctdb->tunable.recover_interval, 0)
78 static void ctdb_restart_recd(struct event_context *ev, struct timed_event *te, struct timeval t, void *private_data);
80 /*
81 ban a node for a period of time
82 */
84 {
94 }
103 }
105 }
107 enum monitor_result { MONITOR_OK, MONITOR_RECOVERY_NEEDED, MONITOR_ELECTION_NEEDED, MONITOR_FAILED};
110 /*
111 remember the trouble maker
112 */
114 {
121 }
128 }
131 /* this was the first time in a long while this node
132 misbehaved so we will forgive any old transgressions.
133 */
135 }
140 }
142 /*
143 remember the trouble maker
144 */
146 {
148 }
151 /* this callback is called for every node that failed to execute the
152 recovered event
153 */
154 static void recovered_fail_callback(struct ctdb_context *ctdb, uint32_t node_pnn, int32_t res, TDB_DATA outdata, void *callback_data)
155 {
158 DEBUG(DEBUG_ERR, (__location__ " Node %u failed the recovered event. Setting it as recovery fail culprit\n", node_pnn));
161 }
163 /*
164 run the "recovered" eventscript on all nodes
165 */
166 static int run_recovered_eventscript(struct ctdb_recoverd *rec, struct ctdb_node_map *nodemap, const char *caller)
167 {
181 DEBUG(DEBUG_ERR, (__location__ " Unable to run the 'recovered' event when called from %s\n", caller));
185 }
189 }
191 /* this callback is called for every node that failed to execute the
192 start recovery event
193 */
194 static void startrecovery_fail_callback(struct ctdb_context *ctdb, uint32_t node_pnn, int32_t res, TDB_DATA outdata, void *callback_data)
195 {
198 DEBUG(DEBUG_ERR, (__location__ " Node %u failed the startrecovery event. Setting it as recovery fail culprit\n", node_pnn));
201 }
203 /*
204 run the "startrecovery" eventscript on all nodes
205 */
206 static int run_startrecovery_eventscript(struct ctdb_recoverd *rec, struct ctdb_node_map *nodemap)
207 {
219 NULL,
220 startrecovery_fail_callback,
222 DEBUG(DEBUG_ERR, (__location__ " Unable to run the 'startrecovery' event. Recovery failed.\n"));
225 }
229 }
231 static void async_getcap_callback(struct ctdb_context *ctdb, uint32_t node_pnn, int32_t res, TDB_DATA outdata, void *callback_data)
232 {
234 DEBUG(DEBUG_ERR, (__location__ " Invalid length/pointer for getcap callback : %u %p\n", (unsigned)outdata.dsize, outdata.dptr));
236 }
239 }
243 }
244 }
246 /*
247 update the node capabilities for all connected nodes
248 */
250 {
267 }
271 }
273 static void set_recmode_fail_callback(struct ctdb_context *ctdb, uint32_t node_pnn, int32_t res, TDB_DATA outdata, void *callback_data)
274 {
277 DEBUG(DEBUG_ERR,("Failed to freeze node %u during recovery. Set it as ban culprit for %d credits\n", node_pnn, rec->nodemap->num));
279 }
281 static void transaction_start_fail_callback(struct ctdb_context *ctdb, uint32_t node_pnn, int32_t res, TDB_DATA outdata, void *callback_data)
282 {
285 DEBUG(DEBUG_ERR,("Failed to start recovery transaction on node %u. Set it as ban culprit for %d credits\n", node_pnn, rec->nodemap->num));
287 }
289 /*
290 change recovery mode on all nodes
291 */
292 static int set_recovery_mode(struct ctdb_context *ctdb, struct ctdb_recoverd *rec, struct ctdb_node_map *nodemap, uint32_t rec_mode)
293 {
294 TDB_DATA data;
301 /* freeze all nodes */
311 NULL,
312 set_recmode_fail_callback,
317 }
318 }
319 }
334 }
338 }
340 /*
341 change recovery master on all node
342 */
343 static int set_recovery_master(struct ctdb_context *ctdb, struct ctdb_node_map *nodemap, uint32_t pnn)
344 {
345 TDB_DATA data;
364 }
368 }
370 /* update all remote nodes to use the same db priority that we have
371 this can fail if the remove node has not yet been upgraded to
372 support this function, so we always return success and never fail
373 a recovery if this call fails.
374 */
378 {
384 /* step through all local databases */
386 TDB_DATA data;
391 ret = ctdb_ctrl_get_db_priority(ctdb, CONTROL_TIMEOUT(), CTDB_CURRENT_NODE, dbmap->dbs[db].dbid, &db_prio.priority);
393 DEBUG(DEBUG_ERR,(__location__ " Failed to read database priority from local node for db 0x%08x\n", dbmap->dbs[db].dbid));
395 }
397 DEBUG(DEBUG_INFO,("Update DB priority for db 0x%08x to %u\n", dbmap->dbs[db].dbid, db_prio.priority));
403 CTDB_CONTROL_SET_DB_PRIORITY,
409 }
410 }
413 }
415 /*
416 ensure all other nodes have attached to any databases that we have
417 */
418 static int create_missing_remote_databases(struct ctdb_context *ctdb, struct ctdb_node_map *nodemap,
420 {
424 /* verify that all other nodes have all our databases */
426 /* we dont need to ourself ourselves */
429 }
430 /* dont check nodes that are unavailable */
433 }
440 }
442 /* step through all local databases */
450 }
451 }
452 /* the remote node already have this database */
455 }
456 /* ok so we need to create this database */
462 }
469 }
470 }
471 }
474 }
477 /*
478 ensure we are attached to any databases that anyone else is attached to
479 */
480 static int create_missing_local_databases(struct ctdb_context *ctdb, struct ctdb_node_map *nodemap,
482 {
486 /* verify that we have all database any other node has */
488 /* we dont need to ourself ourselves */
491 }
492 /* dont check nodes that are unavailable */
495 }
502 }
504 /* step through all databases on the remote node */
511 }
512 }
513 /* we already have this db locally */
516 }
517 /* ok so we need to create this database and
518 rebuild dbmap
519 */
526 }
532 }
537 }
538 }
539 }
542 }
545 /*
546 pull the remote database contents from one node into the recdb
547 */
550 {
552 TDB_DATA outdata;
564 }
572 }
581 TDB_DATA existing;
594 }
596 /* fetch the existing record, if any */
607 }
613 }
614 }
620 }
621 }
626 }
633 };
635 static void pull_seqnum_cb(struct ctdb_context *ctdb, uint32_t node_pnn, int32_t res, TDB_DATA outdata, void *callback_data)
636 {
641 DEBUG(DEBUG_ERR, ("Got seqnum from node %d but we have already failed the entire operation\n", node_pnn));
643 }
649 }
652 DEBUG(DEBUG_ERR, ("Error when reading pull seqnum from node %d, got %d bytes but expected %d\n", node_pnn, (int)outdata.dsize, (int)sizeof(uint64_t)));
655 }
662 }
663 }
665 static void pull_seqnum_fail_cb(struct ctdb_context *ctdb, uint32_t node_pnn, int32_t res, TDB_DATA outdata, void *callback_data)
666 {
671 }
677 {
680 TDB_DATA data;
697 }
707 pull_seqnum_cb,
708 pull_seqnum_fail_cb,
714 }
720 }
723 DEBUG(DEBUG_NOTICE, ("Failed to find a node with highest sequence numbers for DB 0x%08x\n", dbid));
726 }
728 DEBUG(DEBUG_NOTICE, ("Pull persistent db:0x%08x from node %d with highest seqnum:%lld\n", dbid, cb_data->pnn, (long long)cb_data->seqnum));
731 DEBUG(DEBUG_ERR, ("Failed to pull higest seqnum database 0x%08x from node %d\n", dbid, cb_data->pnn));
734 }
738 }
741 /*
742 pull all the remote database contents into the recdb
743 */
749 {
757 }
758 }
760 /* pull all records from all other nodes across onto this node
761 (this merges based on rsn)
762 */
764 /* dont merge from nodes that are unavailable */
767 }
773 }
774 }
777 }
780 /*
781 update flags on all active nodes
782 */
783 static int update_flags_on_all_nodes(struct ctdb_context *ctdb, struct ctdb_node_map *nodemap, uint32_t pnn, uint32_t flags)
784 {
791 }
794 }
796 /*
797 ensure all nodes have the same vnnmap we do
798 */
801 {
804 /* push the new vnn map out to all the nodes */
806 /* dont push to nodes that are unavailable */
809 }
815 }
816 }
819 }
829 };
833 /*
834 called when a vacuum fetch has completed - just free it and do the next one
835 */
837 {
841 }
844 /*
845 process the next element from the vacuum list
846 */
848 {
854 TDB_DATA data;
869 /* ensure we don't block this daemon - just skip a record if we can't get
870 the chainlock */
873 }
879 }
885 }
889 /* its already local */
893 }
903 }
907 }
910 }
913 /*
914 destroy a vacuum info structure
915 */
917 {
920 }
923 /*
924 handler for vacuum fetch
925 */
928 {
947 }
953 /* we're already working on records from this node */
956 }
957 }
959 /* work out if the database is persistent */
965 }
971 }
972 }
977 }
979 /* find the name of this database */
980 if (ctdb_ctrl_getdbname(ctdb, CONTROL_TIMEOUT(), CTDB_CURRENT_NODE, recs->db_id, tmp_ctx, &name) != 0) {
984 }
986 /* attach to it */
992 }
999 }
1010 }
1019 }
1022 /*
1023 called when ctdb_wait_timeout should finish
1024 */
1027 {
1030 }
1032 /*
1033 wait for a given number of seconds
1034 */
1036 {
1039 event_add_timed(ctdb->ev, ctdb, timeval_current_ofs(secs, usecs), ctdb_wait_handler, &timed_out);
1042 }
1043 }
1045 /*
1046 called when an election times out (ends)
1047 */
1050 {
1056 }
1059 /*
1060 wait for an election to finish. It finished election_timeout seconds after
1061 the last election packet is received
1062 */
1064 {
1068 }
1069 }
1071 /*
1072 Update our local flags from all remote connected nodes.
1073 This is only run when we are or we belive we are the recovery master
1074 */
1076 {
1081 /* get the nodemap for all active remote nodes and verify
1082 they are the same as for this node
1083 */
1090 }
1093 }
1103 }
1105 /* We should tell our daemon about this so it
1106 updates its flags or else we will log the same
1107 message again in the next iteration of recovery.
1108 Since we are the recovery master we can just as
1109 well update the flags on all nodes.
1110 */
1111 ret = ctdb_ctrl_modflags(ctdb, CONTROL_TIMEOUT(), nodemap->nodes[j].pnn, nodemap->nodes[j].flags, ~nodemap->nodes[j].flags);
1115 }
1117 /* Update our local copy of the flags in the recovery
1118 daemon.
1119 */
1124 }
1126 }
1129 }
1132 /* Create a new random generation ip.
1133 The generation id can not be the INVALID_GENERATION id
1134 */
1136 {
1144 }
1145 }
1148 }
1151 /*
1152 create a temporary working database
1153 */
1155 {
1160 /* open up the temporary recovery database */
1166 }
1172 }
1179 }
1184 }
1187 /*
1188 a traverse function for pulling all relevant records from recdb
1189 */
1197 };
1200 {
1205 /* skip empty records */
1208 }
1210 /* update the dmaster field to point to us */
1215 }
1217 /* add the record to the blob ready to send to the nodes */
1222 }
1224 params->allocated_len = rec->length + params->len + params->ctdb->tunable.pulldb_preallocation_size;
1226 }
1232 }
1239 }
1241 /*
1242 push the recdb database out to all nodes
1243 */
1247 {
1250 TDB_DATA outdata;
1274 }
1281 }
1298 }
1307 }
1310 /*
1311 go through a full recovery on one database
1312 */
1320 {
1324 TDB_DATA data;
1331 }
1333 /* pull all remote databases onto the recdb */
1338 }
1342 /* wipe all the remote databases. This is safe as we are in a transaction */
1358 }
1360 /* push out the correct database. This sets the dmaster and skips
1361 the empty records */
1366 }
1368 /* all done with this database */
1372 }
1374 /*
1375 reload the nodes file
1376 */
1378 {
1381 }
1387 {
1396 }
1398 }
1401 /* release any existing data */
1405 }
1409 }
1413 }
1415 /* grab a new shiny list of public ips from the node */
1427 }
1429 }
1434 DEBUG(DEBUG_ERR,("Node %d has inconsistent public ip allocation and needs update.\n", ctdb->nodes[j]->pnn));
1436 }
1437 }
1438 }
1440 /* grab a new shiny list of public ips from the node */
1445 CTDB_PUBLIC_IP_FLAGS_ONLY_AVAILABLE,
1452 }
1454 }
1455 }
1458 }
1460 /* when we start a recovery, make sure all nodes use the same reclock file
1461 setting
1462 */
1464 {
1467 TDB_DATA data;
1476 }
1488 }
1492 }
1495 /*
1496 * this callback is called for every node that failed to execute ctdb_takeover_run()
1497 * and set flag to re-run takeover run.
1498 */
1499 static void takeover_fail_callback(struct ctdb_context *ctdb, uint32_t node_pnn, int32_t res, TDB_DATA outdata, void *callback_data)
1500 {
1503 DEBUG(DEBUG_ERR, (__location__ " Node %u failed the takeover run. Setting it as recovery fail culprit\n", node_pnn));
1507 }
1510 /*
1511 we are the recmaster, and recovery is needed - start a recovery run
1512 */
1516 {
1521 TDB_DATA data;
1528 /* if recovery fails, force it again */
1536 }
1540 }
1546 }
1558 }
1561 }
1563 DEBUG(DEBUG_NOTICE, (__location__ " Recovery initiated due to problem with node %u\n", rec->last_culprit_node));
1565 /* get a list of all databases */
1570 }
1572 /* we do the db creation before we set the recovery mode, so the freeze happens
1573 on all databases we will be dealing with. */
1575 /* verify that we have all the databases any other node has */
1580 }
1582 /* verify that all other nodes have all our databases */
1587 }
1590 /* update the database priority for all remote databases */
1594 }
1598 /* update all other nodes to use the same setting for reclock files
1599 as the local recovery master.
1600 */
1603 /* set recovery mode to active on all nodes */
1608 }
1610 /* execute the "startrecovery" event script on all nodes */
1615 }
1617 /*
1618 update all nodes to have the same flags that we have
1619 */
1623 }
1629 }
1630 }
1634 /* pick a new generation number */
1637 /* change the vnnmap on this node to use the new generation
1638 number but not on any other nodes.
1639 this guarantees that if we abort the recovery prematurely
1640 for some reason (a node stops responding?)
1641 that we can just return immediately and we will reenter
1642 recovery shortly again.
1643 I.e. we deliberately leave the cluster with an inconsistent
1644 generation id to allow us to abort recovery at any stage and
1645 just restart it from scratch.
1646 */
1652 }
1661 NULL,
1662 transaction_start_fail_callback,
1668 NULL,
1669 NULL,
1672 }
1674 }
1686 }
1687 }
1691 /* commit all the changes */
1699 }
1704 /* update the capabilities for all nodes */
1709 }
1711 /* build a new vnn map with all the currently active and
1712 unbanned nodes */
1723 }
1725 /* this node can not be an lmaster */
1728 }
1735 }
1742 }
1744 /* update to the new vnnmap on all nodes */
1749 }
1753 /* update recmaster to point to us for all nodes */
1758 }
1762 /*
1763 update all nodes to have the same flags that we have
1764 */
1768 }
1774 }
1775 }
1779 /* disable recovery mode */
1784 }
1788 /*
1789 tell nodes to takeover their public IPs
1790 */
1794 culprit));
1797 }
1801 DEBUG(DEBUG_ERR, (__location__ " Unable to setup public takeover addresses. ctdb_takeover_run() failed.\n"));
1803 }
1805 /* execute the "recovered" event script on all nodes */
1808 DEBUG(DEBUG_ERR, (__location__ " Unable to run the 'recovered' event on cluster. Recovery process failed.\n"));
1810 }
1814 /* send a message to all clients telling them that the cluster
1815 has been reconfigured */
1822 /* we managed to complete a full recovery, make sure to forgive
1823 any past sins by the nodes that could now participate in the
1824 recovery.
1825 */
1832 }
1837 }
1840 }
1843 /* We just finished a recovery successfully.
1844 We now wait for rerecovery_timeout before we allow
1845 another recovery to take place.
1846 */
1847 DEBUG(DEBUG_NOTICE, ("Just finished a recovery. New recoveries will now be supressed for the rerecovery timeout (%d seconds)\n", ctdb->tunable.rerecovery_timeout));
1849 DEBUG(DEBUG_NOTICE, ("The rerecovery timeout has elapsed. We now allow recoveries to trigger again.\n"));
1852 }
1855 /*
1856 elections are won by first checking the number of connected nodes, then
1857 the priority time, then the pnn
1858 */
1864 };
1866 /*
1867 form this nodes election data
1868 */
1870 {
1884 }
1892 }
1893 }
1895 /* we shouldnt try to win this election if we cant be a recmaster */
1899 }
1902 }
1904 /*
1905 see if the given election data wins
1906 */
1908 {
1914 /* we cant win if we dont have the recmaster capability */
1917 }
1919 /* we cant win if we are banned */
1922 }
1924 /* we cant win if we are stopped */
1927 }
1929 /* we will automatically win if the other node is banned */
1932 }
1934 /* we will automatically win if the other node is banned */
1937 }
1939 /* try to use the most connected node */
1942 }
1944 /* then the longest running node */
1947 }
1951 }
1954 }
1956 /*
1957 send out an election request
1958 */
1959 static int send_election_request(struct ctdb_recoverd *rec, uint32_t pnn, bool update_recmaster)
1960 {
1962 TDB_DATA election_data;
1975 /* send an election message to all active nodes */
1980 /* A new node that is already frozen has entered the cluster.
1981 The existing nodes are not frozen and dont need to be frozen
1982 until the election has ended and we start the actual recovery
1983 */
1985 /* first we assume we will win the election and set
1986 recoverymaster to be ourself on the current node
1987 */
1992 }
1993 }
1997 }
1999 /*
2000 this function will unban all nodes in the cluster
2001 */
2003 {
2012 }
2018 }
2019 }
2022 }
2025 /*
2026 we think we are winning the election - send a broadcast election request
2027 */
2028 static void election_send_request(struct event_context *ev, struct timed_event *te, struct timeval t, void *p)
2029 {
2036 }
2040 }
2042 /*
2043 handler for memory dumps
2044 */
2047 {
2057 }
2065 }
2071 }
2080 }
2083 }
2085 /*
2086 handler for getlog
2087 */
2090 {
2092 pid_t child;
2097 }
2104 }
2108 DEBUG(DEBUG_CRIT, (__location__ "ERROR: failed to switch log collector child into client mode.\n"));
2110 }
2113 }
2114 }
2116 /*
2117 handler for clearlog
2118 */
2121 {
2123 }
2125 /*
2126 handler for reload_nodes
2127 */
2130 {
2136 }
2141 {
2146 }
2151 {
2160 DEBUG(DEBUG_ERR, (__location__ " Unable to setup public takeover addresses. ctdb_takeover_run() failed.\n"));
2162 }
2166 }
2171 {
2176 DEBUG(DEBUG_ERR,(__location__ " Incorrect size of node rebalance message. Was %zd but expected %zd bytes\n", data.dsize, sizeof(uint32_t)));
2178 }
2182 }
2191 }
2196 }
2202 {
2209 }
2212 DEBUG(DEBUG_ERR,(__location__ " Incorrect size of recd update ip message. Was %zd but expected %zd bytes\n", data.dsize, sizeof(struct ctdb_public_ip)));
2214 }
2219 }
2224 {
2231 }
2238 }
2242 }
2249 }
2256 event_add_timed(ctdb->ev, rec->ip_check_disable_ctx, timeval_current_ofs(timeout, 0), reenable_ip_check, rec);
2257 }
2260 /*
2261 handler for reload all ips.
2262 */
2265 {
2271 }
2275 DEBUG(DEBUG_NOTICE,("RELOAD_ALL_IPS message received from node:%d srvid:%d\n", reload_all_ips_request->pnn, (int)reload_all_ips_request->srvid));
2277 }
2279 static void async_reloadips_callback(struct ctdb_context *ctdb, uint32_t node_pnn, int32_t res, TDB_DATA outdata, void *callback_data)
2280 {
2286 }
2287 }
2289 static int
2290 reload_all_ips(struct ctdb_context *ctdb, struct ctdb_recoverd *rec, struct ctdb_node_map *nodemap, struct reloadips_all_reply *rips)
2291 {
2303 }
2304 }
2306 /* send the flags update to all connected nodes */
2318 }
2324 }
2330 }
2333 /*
2334 handler for ip reallocate, just add it to the list of callers and
2335 handle this later in the monitor_cluster loop so we do not recurse
2336 with other callers to takeover_run()
2337 */
2340 {
2347 }
2352 }
2362 }
2364 static void process_ipreallocate_requests(struct ctdb_context *ctdb, struct ctdb_recoverd *rec)
2365 {
2367 TDB_DATA result;
2374 /* update the list of public ips that a node can handle for
2375 all connected nodes
2376 */
2380 culprit));
2382 }
2388 }
2389 }
2396 /* Someone that sent srvid==0 does not want a reply */
2399 }
2409 }
2410 }
2417 }
2420 /*
2421 handler for recovery master elections
2422 */
2425 {
2431 /* we got an election packet - update the timeout for the election */
2434 fast_start ?
2441 /* someone called an election. check their election data
2442 and if we disagree and we would rather be the elected node,
2443 send a new election message to all other nodes
2444 */
2450 }
2452 /*unban_all_nodes(ctdb);*/
2454 }
2456 /* we didn't win */
2461 /* release the recmaster lock */
2467 }
2468 }
2470 /* ok, let that guy become recmaster then */
2476 }
2480 }
2483 /*
2484 force the start of the election process
2485 */
2488 {
2494 /* set all nodes to recovery mode to stop all internode traffic */
2499 }
2503 fast_start ?
2512 }
2514 /* wait for a few seconds to collect all responses */
2516 }
2520 /*
2521 handler for when a node changes its flags
2522 */
2525 {
2537 }
2547 }
2552 }
2558 }
2561 DEBUG(DEBUG_NOTICE,("Node %u has changed flags - now 0x%x was 0x%x\n", c->pnn, c->new_flags, nodemap->nodes[i].flags));
2562 }
2574 }
2579 /* Only do the takeover run if the perm disabled or unhealthy
2580 flags changed since these will cause an ip failover but not
2581 a recovery.
2582 If the node became disconnected or banned this will also
2583 lead to an ip address failover but that is handled
2584 during recovery
2585 */
2588 }
2589 }
2592 }
2594 /*
2595 handler for when we need to push out flag changes ot all other nodes
2596 */
2599 {
2607 /* find the recovery master */
2613 }
2615 /* read the node flags from the recmaster */
2621 }
2626 }
2628 /* send the flags update to all connected nodes */
2640 }
2643 }
2649 };
2652 {
2653 struct verify_recmode_normal_data *rmdata = talloc_get_type(state->async.private_data, struct verify_recmode_normal_data);
2656 /* one more node has responded with recmode data*/
2659 /* if we failed to get the recmode, then return an error and let
2660 the main loop try again.
2661 */
2665 }
2667 }
2669 /* if we got a response, then the recmode will be stored in the
2670 status field
2671 */
2673 DEBUG(DEBUG_NOTICE, (__location__ " Node:%u was in recovery mode. Restart recovery process\n", state->c->hdr.destnode));
2675 }
2678 }
2681 /* verify that all nodes are in normal recovery mode */
2682 static enum monitor_result verify_recmode(struct ctdb_context *ctdb, struct ctdb_node_map *nodemap)
2683 {
2695 /* loop over all active nodes and send an async getrecmode call to
2696 them*/
2700 }
2705 /* we failed to send the control, treat this as
2706 an error and try again next iteration
2707 */
2711 }
2713 /* set up the callback functions */
2717 /* one more control to wait for to complete */
2719 }
2722 /* now wait for up to the maximum number of seconds allowed
2723 or until all nodes we expect a response from has replied
2724 */
2727 }
2732 }
2740 };
2743 {
2744 struct verify_recmaster_data *rmdata = talloc_get_type(state->async.private_data, struct verify_recmaster_data);
2747 /* one more node has responded with recmaster data*/
2750 /* if we failed to get the recmaster, then return an error and let
2751 the main loop try again.
2752 */
2756 }
2758 }
2760 /* if we got a response, then the recmaster will be stored in the
2761 status field
2762 */
2764 DEBUG(DEBUG_ERR,("Node %d does not agree we are the recmaster. Need a new recmaster election\n", state->c->hdr.destnode));
2767 }
2770 }
2773 /* verify that all nodes agree that we are the recmaster */
2774 static enum monitor_result verify_recmaster(struct ctdb_recoverd *rec, struct ctdb_node_map *nodemap, uint32_t pnn)
2775 {
2790 /* loop over all active nodes and send an async getrecmaster call to
2791 them*/
2795 }
2800 /* we failed to send the control, treat this as
2801 an error and try again next iteration
2802 */
2806 }
2808 /* set up the callback functions */
2812 /* one more control to wait for to complete */
2814 }
2817 /* now wait for up to the maximum number of seconds allowed
2818 or until all nodes we expect a response from has replied
2819 */
2822 }
2827 }
2830 /* called to check that the local allocation of public ip addresses is ok.
2831 */
2832 static int verify_local_ip_allocation(struct ctdb_context *ctdb, struct ctdb_recoverd *rec, uint32_t pnn, struct ctdb_node_map *nodemap)
2833 {
2848 }
2851 /* read the interfaces from the local node */
2857 }
2865 }
2873 pnn));
2875 }
2883 }
2885 /* skip the check if the startrecovery time has changed */
2888 DEBUG(DEBUG_NOTICE, (__location__ " last recovery time changed while we read the public ip list. skipping public ip address check\n"));
2891 }
2893 /* skip the check if the endrecovery time has changed */
2896 DEBUG(DEBUG_NOTICE, (__location__ " last recovery time changed while we read the public ip list. skipping public ip address check\n"));
2899 }
2901 /* skip the check if we have started but not finished recovery */
2904 DEBUG(DEBUG_INFO, (__location__ " in the middle of recovery or ip reallocation. skipping public ip address check\n"));
2908 }
2910 /* verify that we have the ip addresses we should have
2911 and we dont have ones we shouldnt have.
2912 if we find an inconsistency we set recmode to
2913 active on the local node and wait for the recmaster
2914 to do a full blown recovery.
2915 also if the pnn is -1 and we are healthy and can host the ip
2916 we also request a ip reallocation.
2917 */
2921 /* read the *available* IPs from the local node */
2922 ret = ctdb_ctrl_get_public_ips_flags(ctdb, CONTROL_TIMEOUT(), CTDB_CURRENT_NODE, mem_ctx, CTDB_PUBLIC_IP_FLAGS_ONLY_AVAILABLE, &ips);
2927 }
2935 }
2936 }
2940 /* read the *known* IPs from the local node */
2941 ret = ctdb_ctrl_get_public_ips_flags(ctdb, CONTROL_TIMEOUT(), CTDB_CURRENT_NODE, mem_ctx, 0, &ips);
2946 }
2954 }
2959 DEBUG(DEBUG_CRIT,("We are still serving a public IP '%s' that we should not be serving. Removing it\n",
2964 }
2965 }
2966 }
2967 }
2968 }
2972 TDB_DATA data;
2983 DEBUG(DEBUG_ERR,(__location__ " Failed to send ipreallocate to recmaster :%d\n", (int)rec->recmaster));
2984 }
2985 }
2988 }
2991 static void async_getnodemap_callback(struct ctdb_context *ctdb, uint32_t node_pnn, int32_t res, TDB_DATA outdata, void *callback_data)
2992 {
2998 }
3000 remote_nodemaps[node_pnn] = (struct ctdb_node_map *)talloc_steal(remote_nodemaps, outdata.dptr);
3002 }
3007 {
3014 async_getnodemap_callback,
3015 NULL,
3020 }
3023 }
3030 pid_t child;
3034 };
3036 /* when we free the reclock state we must kill any child process.
3037 */
3039 {
3042 ctdb_ctrl_report_recd_lock_latency(ctdb, CONTROL_TIMEOUT(), timeval_elapsed(&state->start_time));
3047 }
3051 }
3054 }
3056 /*
3057 called if our check_reclock child times out. this would happen if
3058 i/o to the reclock file blocks.
3059 */
3062 {
3066 DEBUG(DEBUG_ERR,(__location__ " check_reclock child process hung/timedout CFS slow to grant locks?\n"));
3068 }
3070 /* this is called when the child process has completed checking the reclock
3071 file and has written data back to us through the pipe.
3072 */
3075 {
3081 /* we got a response from our child process so we can abort the
3082 timeout.
3083 */
3093 }
3097 }
3100 {
3108 }
3124 }
3135 }
3146 }
3149 /* make sure we die when our parent dies */
3153 }
3155 }
3160 DEBUG(DEBUG_DEBUG, (__location__ " Created PIPE FD:%d for check_recovery_lock\n", state->fd[0]));
3170 }
3173 EVENT_FD_READ,
3174 reclock_child_handler,
3181 }
3186 }
3194 }
3198 }
3201 {
3205 if (ctdb_ctrl_getreclock(ctdb, CONTROL_TIMEOUT(), CTDB_CURRENT_NODE, tmp_ctx, &reclockfile) != 0) {
3209 }
3219 }
3220 }
3224 }
3231 }
3234 }
3240 }
3248 }
3252 }
3256 {
3268 /* verify that the main daemon is still running */
3272 }
3274 /* ping the local daemon to tell it we are alive */
3278 /* an election is in progress */
3280 }
3282 /* read the debug level from the parent and update locally */
3287 }
3291 /* We must check if we need to ban a node here but we want to do this
3292 as early as possible so we dont wait until we have pulled the node
3293 map from the local node. thats why we have the hardcoded value 20
3294 */
3300 }
3304 }
3310 }
3312 /* get relevant tunables */
3317 }
3319 /* get the current recovery lock file from the server */
3323 }
3325 /* Make sure that if recovery lock verification becomes disabled when
3326 we close the file
3327 */
3332 }
3333 }
3339 }
3341 /* get the vnnmap */
3346 }
3349 /* get number of nodes */
3354 }
3359 }
3362 /* update the capabilities for all nodes */
3367 }
3369 /* check which node is the recovery master */
3374 }
3376 /* if we are not the recmaster we can safely ignore any ip reallocate requests */
3382 }
3383 }
3389 }
3391 /* if the local daemon is STOPPED, we verify that the databases are
3392 also frozen and thet the recmode is set to active
3393 */
3395 ret = ctdb_ctrl_getrecmode(ctdb, mem_ctx, CONTROL_TIMEOUT(), CTDB_CURRENT_NODE, &ctdb->recovery_mode);
3398 }
3400 DEBUG(DEBUG_ERR,("Node is stopped but recovery mode is not active. Activate recovery mode and lock databases\n"));
3406 }
3412 }
3414 }
3415 }
3416 /* If the local node is stopped, verify we are not the recmaster
3417 and yield this role if so
3418 */
3423 }
3425 /*
3426 * if the current recmaster do not have CTDB_CAP_RECMASTER,
3427 * but we have force an election and try to become the new
3428 * recmaster
3429 */
3438 }
3440 /* check that we (recovery daemon) and the local ctdb daemon
3441 agrees on whether we are banned or not
3442 */
3443 //qqq
3445 /* remember our own node flags */
3448 /* count how many active nodes there are */
3454 }
3457 }
3458 }
3461 /* verify that the recmaster node is still active */
3465 }
3466 }
3472 }
3474 /* if recovery master is disconnected we must elect a new recmaster */
3476 DEBUG(DEBUG_NOTICE, ("Recmaster node %u is disconnected. Force reelection\n", nodemap->nodes[j].pnn));
3479 }
3481 /* get nodemap from the recovery master to check if it is inactive */
3488 }
3493 DEBUG(DEBUG_NOTICE, ("Recmaster node %u no longer available. Force reelection\n", nodemap->nodes[j].pnn));
3496 }
3498 /* If this node is stopped then it is not the recovery master
3499 * so the only remaining action is to potentially to verify
3500 * the local IP allocation below. This won't accomplish
3501 * anything useful so skip it.
3502 */
3505 }
3507 /* verify that we have all ip addresses we should have and we dont
3508 * have addresses we shouldnt have.
3509 */
3514 }
3515 }
3516 }
3519 /* if we are not the recmaster then we do not need to check
3520 if recovery is needed
3521 */
3524 }
3527 /* ensure our local copies of flags are right */
3533 }
3537 }
3540 DEBUG(DEBUG_ERR, (__location__ " ctdb->num_nodes (%d) != nodemap->num (%d) reloading nodes file\n", ctdb->num_nodes, nodemap->num));
3543 }
3545 /* verify that all active nodes agree that we are the recmaster */
3548 /* can not happen */
3557 }
3561 /* a previous recovery didn't finish */
3564 }
3566 /* verify that all active nodes are in normal mode
3567 and not in recovery mode
3568 */
3576 /* can not happen */
3579 }
3583 /* we should have the reclock - check its not stale */
3590 }
3591 }
3594 /* is there a pending reload all ips ? */
3599 }
3601 /* if there are takeovers requested, perform it and notify the waiters */
3604 }
3606 /* get the nodemap for all active remote nodes
3607 */
3612 }
3615 }
3619 }
3621 /* verify that all other nodes have the same nodemap as we have
3622 */
3626 }
3629 DEBUG(DEBUG_ERR,(__location__ " Did not get a remote nodemap for node %d, restarting monitoring\n", j));
3633 }
3635 /* if the nodes disagree on how many nodes there are
3636 then this is a good reason to try recovery
3637 */
3639 DEBUG(DEBUG_ERR, (__location__ " Remote node:%u has different node count. %u vs %u of the local node\n",
3644 }
3646 /* if the nodes disagree on which nodes exist and are
3647 active, then that is also a good reason to do recovery
3648 */
3651 DEBUG(DEBUG_ERR, (__location__ " Remote node:%u has different nodemap pnn for %d (%u vs %u).\n",
3656 vnnmap);
3658 }
3659 }
3661 /* verify the flags are consistent
3662 */
3666 }
3669 DEBUG(DEBUG_ERR, (__location__ " Remote node:%u has different flags for node %u. It has 0x%02x vs our 0x%02x\n",
3675 DEBUG(DEBUG_ERR,("Use flags 0x%02x from remote node %d for cluster update of its own flags\n", remote_nodemaps[j]->nodes[i].flags, j));
3676 update_flags_on_all_nodes(ctdb, nodemap, nodemap->nodes[i].pnn, remote_nodemaps[j]->nodes[i].flags);
3679 vnnmap);
3682 DEBUG(DEBUG_ERR,("Use flags 0x%02x from local recmaster node for cluster update of node %d flags\n", nodemap->nodes[i].flags, i));
3686 vnnmap);
3688 }
3689 }
3690 }
3691 }
3694 /* there better be the same number of lmasters in the vnn map
3695 as there are active nodes or we will have to do a recovery
3696 */
3698 DEBUG(DEBUG_ERR, (__location__ " The vnnmap count is different from the number of active nodes. %u vs %u\n",
3703 }
3705 /* verify that all active nodes in the nodemap also exist in
3706 the vnnmap.
3707 */
3711 }
3714 }
3719 }
3720 }
3722 DEBUG(DEBUG_ERR, (__location__ " Node %u is active in the nodemap but did not exist in the vnnmap\n",
3727 }
3728 }
3731 /* verify that all other nodes have the same vnnmap
3732 and are from the same generation
3733 */
3737 }
3740 }
3748 }
3750 /* verify the vnnmap generation is the same */
3752 DEBUG(DEBUG_ERR, (__location__ " Remote node %u has different generation of vnnmap. %u vs %u (ours)\n",
3757 }
3759 /* verify the vnnmap size is the same */
3761 DEBUG(DEBUG_ERR, (__location__ " Remote node %u has different size of vnnmap. %u vs %u (ours)\n",
3766 }
3768 /* verify the vnnmap is the same */
3775 vnnmap);
3777 }
3778 }
3779 }
3781 /* we might need to change who has what IP assigned */
3787 /* update the list of public ips that a node can handle for
3788 all connected nodes
3789 */
3793 culprit));
3796 }
3798 /* execute the "startrecovery" event script on all nodes */
3805 }
3807 /* If takeover run fails, then the offending nodes are
3808 * assigned ban culprit counts. And we re-try takeover.
3809 * If takeover run fails repeatedly, the node would get
3810 * banned.
3811 *
3812 * If rec->need_takeover_run is not set to true at this
3813 * failure, monitoring is disabled cluster-wide (via
3814 * startrecovery eventscript) and will not get enabled.
3815 */
3820 }
3822 /* execute the "recovered" event script on all nodes */
3824 #if 0
3825 // we cant check whether the event completed successfully
3826 // since this script WILL fail if the node is in recovery mode
3827 // and if that race happens, the code here would just cause a second
3828 // cascading recovery.
3830 DEBUG(DEBUG_ERR, (__location__ " Unable to run the 'recovered' event on cluster. Update of public ips failed.\n"));
3833 }
3834 #endif
3835 }
3836 }
3838 /*
3839 the main monitoring loop
3840 */
3842 {
3854 /* register a message port for sending memory dumps */
3857 /* register a message port for requesting logs */
3860 /* register a message port for clearing logs */
3863 /* register a message port for recovery elections */
3866 /* when nodes are disabled/enabled */
3869 /* when we are asked to puch out a flag change */
3872 /* register a message port for vacuum fetch */
3875 /* register a message port for reloadnodes */
3878 /* register a message port for performing a takeover run */
3881 /* register a message port for performing a reload all ips */
3884 /* register a message port for disabling the ip check for a short while */
3885 ctdb_client_set_message_handler(ctdb, CTDB_SRVID_DISABLE_IP_CHECK, disable_ip_check_handler, rec);
3887 /* register a message port for updating the recovery daemons node assignment for an ip */
3890 /* register a message port for forcing a rebalance of a node next
3891 reallocation */
3892 ctdb_client_set_message_handler(ctdb, CTDB_SRVID_REBALANCE_NODE, recd_node_rebalance_handler, rec);
3903 }
3909 /* we only check for recovery once every second */
3914 }
3915 }
3916 }
3918 /*
3919 event handler for when the main ctdbd dies
3920 */
3923 {
3926 }
3928 /*
3929 called regularly to verify that the recovery daemon is still running
3930 */
3933 {
3937 DEBUG(DEBUG_ERR,("Recovery daemon (pid:%d) is no longer running. Trying to restart recovery daemon.\n", (int)ctdb->recoverd_pid));
3943 }
3948 }
3954 {
3955 // struct ctdb_context *ctdb = talloc_get_type(private_data, struct ctdb_context);
3963 DEBUG(DEBUG_ERR, (__location__ " waitpid() returned error. errno:%s(%d)\n", strerror(errno),errno));
3964 }
3966 }
3969 }
3970 }
3971 }
3973 /*
3974 startup the recovery daemon as a child of the main ctdb daemon
3975 */
3977 {
3984 }
3991 }
3999 }
4006 DEBUG(DEBUG_CRIT, (__location__ "ERROR: failed to switch recovery daemon into client mode. shutting down.\n"));
4008 }
4016 /* set up a handler to pick up sigchld */
4019 recd_sig_child_handler,
4020 ctdb);
4024 }
4030 }
4032 /*
4033 shutdown the recovery daemon
4034 */
4036 {
4039 }
4043 }
4047 {
4053 }