2 monitoring links to all other nodes to detect dead nodes
5 Copyright (C) Ronnie Sahlberg 2007
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, see <http://www.gnu.org/licenses/>.
22 #include "system/filesys.h"
23 #include "system/network.h"
24 #include "system/wait.h"
29 #include "lib/util/debug.h"
30 #include "lib/util/samba_util.h"
32 #include "ctdb_private.h"
33 #include "ctdb_logging.h"
35 #include "common/system.h"
36 #include "common/common.h"
38 struct ctdb_monitor_state {
39 uint32_t monitoring_mode;
40 TALLOC_CTX *monitor_context;
41 uint32_t next_interval;
44 static void ctdb_check_health(struct tevent_context *ev,
45 struct tevent_timer *te,
46 struct timeval t, void *private_data);
49 setup the notification script
51 int ctdb_set_notification_script(struct ctdb_context *ctdb, const char *script)
53 ctdb->notification_script = talloc_strdup(ctdb, script);
54 CTDB_NO_MEMORY(ctdb, ctdb->notification_script);
58 static int ctdb_run_notification_script_child(struct ctdb_context *ctdb, const char *event)
64 if (stat(ctdb->notification_script, &st) != 0) {
65 DEBUG(DEBUG_ERR,("Could not stat notification script %s. Can not send notifications.\n", ctdb->notification_script));
68 if (!(st.st_mode & S_IXUSR)) {
69 DEBUG(DEBUG_ERR,("Notification script %s is not executable.\n", ctdb->notification_script));
73 cmd = talloc_asprintf(ctdb, "%s %s\n", ctdb->notification_script, event);
74 CTDB_NO_MEMORY(ctdb, cmd);
77 /* if the system() call was successful, translate ret into the
78 return code from the command
81 ret = WEXITSTATUS(ret);
84 DEBUG(DEBUG_ERR,("Notification script \"%s\" failed with error %d\n", cmd, ret));
90 void ctdb_run_notification_script(struct ctdb_context *ctdb, const char *event)
94 if (ctdb->notification_script == NULL) {
98 child = ctdb_fork(ctdb);
99 if (child == (pid_t)-1) {
100 DEBUG(DEBUG_ERR,("Failed to fork() a notification child process\n"));
106 ctdb_set_process_name("ctdb_notification");
107 debug_extra = talloc_asprintf(NULL, "notification-%s:", event);
108 ret = ctdb_run_notification_script_child(ctdb, event);
110 DEBUG(DEBUG_ERR,(__location__ " Notification script failed\n"));
119 called when a health monitoring event script finishes
121 static void ctdb_health_callback(struct ctdb_context *ctdb, int status, void *p)
123 struct ctdb_node *node = ctdb->nodes[ctdb->pnn];
125 struct ctdb_node_flag_change c;
126 uint32_t next_interval;
129 struct ctdb_srvid_message rd;
130 const char *state_str = NULL;
133 c.old_flags = node->flags;
136 rd.srvid = CTDB_SRVID_TAKEOVER_RUN_RESPONSE;
138 rddata.dptr = (uint8_t *)&rd;
139 rddata.dsize = sizeof(rd);
141 if (status == -ECANCELED) {
142 DEBUG(DEBUG_ERR,("Monitoring event was cancelled\n"));
143 goto after_change_status;
146 if (status == -ETIME) {
147 ctdb->event_script_timeouts++;
149 if (ctdb->event_script_timeouts >= ctdb->tunable.script_timeout_count) {
150 DEBUG(DEBUG_ERR, ("Maximum timeout count %u reached for eventscript. Making node unhealthy\n", ctdb->tunable.script_timeout_count));
152 /* We pretend this is OK. */
153 goto after_change_status;
157 if (status != 0 && !(node->flags & NODE_FLAGS_UNHEALTHY)) {
158 DEBUG(DEBUG_NOTICE,("monitor event failed - disabling node\n"));
159 node->flags |= NODE_FLAGS_UNHEALTHY;
160 ctdb->monitor->next_interval = 5;
162 ctdb_run_notification_script(ctdb, "unhealthy");
163 } else if (status == 0 && (node->flags & NODE_FLAGS_UNHEALTHY)) {
164 DEBUG(DEBUG_NOTICE,("monitor event OK - node re-enabled\n"));
165 node->flags &= ~NODE_FLAGS_UNHEALTHY;
166 ctdb->monitor->next_interval = 5;
168 ctdb_run_notification_script(ctdb, "healthy");
172 next_interval = ctdb->monitor->next_interval;
174 ctdb->monitor->next_interval *= 2;
175 if (ctdb->monitor->next_interval > ctdb->tunable.monitor_interval) {
176 ctdb->monitor->next_interval = ctdb->tunable.monitor_interval;
179 tevent_add_timer(ctdb->ev, ctdb->monitor->monitor_context,
180 timeval_current_ofs(next_interval, 0),
181 ctdb_check_health, ctdb);
183 if (c.old_flags == node->flags) {
187 c.new_flags = node->flags;
189 data.dptr = (uint8_t *)&c;
190 data.dsize = sizeof(c);
192 /* ask the recovery daemon to push these changes out to all nodes */
193 ctdb_daemon_send_message(ctdb, ctdb->pnn,
194 CTDB_SRVID_PUSH_NODE_FLAGS, data);
196 if (c.new_flags & NODE_FLAGS_UNHEALTHY) {
197 state_str = "UNHEALTHY";
199 state_str = "HEALTHY";
202 /* ask the recmaster to reallocate all addresses */
204 ("Node became %s. Ask recovery master to reallocate IPs\n",
206 ret = ctdb_daemon_send_message(ctdb, CTDB_BROADCAST_CONNECTED, CTDB_SRVID_TAKEOVER_RUN, rddata);
210 " Failed to send IP takeover run request\n"));
215 static void ctdb_run_startup(struct tevent_context *ev,
216 struct tevent_timer *te,
217 struct timeval t, void *private_data);
219 called when the startup event script finishes
221 static void ctdb_startup_callback(struct ctdb_context *ctdb, int status, void *p)
224 DEBUG(DEBUG_ERR,("startup event failed\n"));
225 tevent_add_timer(ctdb->ev, ctdb->monitor->monitor_context,
226 timeval_current_ofs(5, 0),
227 ctdb_run_startup, ctdb);
231 DEBUG(DEBUG_NOTICE,("startup event OK - enabling monitoring\n"));
232 ctdb_set_runstate(ctdb, CTDB_RUNSTATE_RUNNING);
233 ctdb->monitor->next_interval = 2;
234 ctdb_run_notification_script(ctdb, "startup");
236 ctdb->monitor->monitoring_mode = CTDB_MONITORING_ACTIVE;
238 tevent_add_timer(ctdb->ev, ctdb->monitor->monitor_context,
239 timeval_current_ofs(ctdb->monitor->next_interval, 0),
240 ctdb_check_health, ctdb);
243 static void ctdb_run_startup(struct tevent_context *ev,
244 struct tevent_timer *te,
245 struct timeval t, void *private_data)
247 struct ctdb_context *ctdb = talloc_get_type(private_data,
248 struct ctdb_context);
251 /* This is necessary to avoid the "startup" event colliding
252 * with the "ipreallocated" event from the takeover run
253 * following the first recovery. We might as well serialise
254 * these things if we can.
256 if (ctdb->runstate < CTDB_RUNSTATE_STARTUP) {
258 ("Not yet in startup runstate. Wait one more second\n"));
259 tevent_add_timer(ctdb->ev, ctdb->monitor->monitor_context,
260 timeval_current_ofs(1, 0),
261 ctdb_run_startup, ctdb);
265 /* release any IPs we hold from previous runs of the daemon */
266 ctdb_release_all_ips(ctdb);
268 DEBUG(DEBUG_NOTICE,("Running the \"startup\" event.\n"));
269 ret = ctdb_event_script_callback(ctdb,
270 ctdb->monitor->monitor_context,
271 ctdb_startup_callback,
272 ctdb, CTDB_EVENT_STARTUP, "%s", "");
275 DEBUG(DEBUG_ERR,("Unable to launch startup event script\n"));
276 tevent_add_timer(ctdb->ev, ctdb->monitor->monitor_context,
277 timeval_current_ofs(5, 0),
278 ctdb_run_startup, ctdb);
283 wait until we have finished initial recoveries before we start the
286 static void ctdb_wait_until_recovered(struct tevent_context *ev,
287 struct tevent_timer *te,
288 struct timeval t, void *private_data)
290 struct ctdb_context *ctdb = talloc_get_type(private_data, struct ctdb_context);
292 static int count = 0;
296 if (count < 60 || count%600 == 0) {
297 DEBUG(DEBUG_NOTICE,("CTDB_WAIT_UNTIL_RECOVERED\n"));
298 if (ctdb->nodes[ctdb->pnn]->flags & NODE_FLAGS_STOPPED) {
299 DEBUG(DEBUG_NOTICE,("Node is STOPPED. Node will NOT recover.\n"));
303 if (ctdb->vnn_map->generation == INVALID_GENERATION) {
304 ctdb->db_persistent_startup_generation = INVALID_GENERATION;
306 tevent_add_timer(ctdb->ev, ctdb->monitor->monitor_context,
307 timeval_current_ofs(1, 0),
308 ctdb_wait_until_recovered, ctdb);
312 if (ctdb->recovery_mode != CTDB_RECOVERY_NORMAL) {
313 ctdb->db_persistent_startup_generation = INVALID_GENERATION;
315 DEBUG(DEBUG_NOTICE,(__location__ " in recovery. Wait one more second\n"));
316 tevent_add_timer(ctdb->ev, ctdb->monitor->monitor_context,
317 timeval_current_ofs(1, 0),
318 ctdb_wait_until_recovered, ctdb);
323 if (!fast_start && timeval_elapsed(&ctdb->last_recovery_finished) < (ctdb->tunable.rerecovery_timeout + 3)) {
324 ctdb->db_persistent_startup_generation = INVALID_GENERATION;
326 DEBUG(DEBUG_NOTICE,(__location__ " wait for pending recoveries to end. Wait one more second.\n"));
328 tevent_add_timer(ctdb->ev, ctdb->monitor->monitor_context,
329 timeval_current_ofs(1, 0),
330 ctdb_wait_until_recovered, ctdb);
334 if (ctdb->vnn_map->generation == ctdb->db_persistent_startup_generation) {
335 DEBUG(DEBUG_INFO,(__location__ " skip ctdb_recheck_persistent_health() "
336 "until the next recovery\n"));
337 tevent_add_timer(ctdb->ev, ctdb->monitor->monitor_context,
338 timeval_current_ofs(1, 0),
339 ctdb_wait_until_recovered, ctdb);
343 ctdb->db_persistent_startup_generation = ctdb->vnn_map->generation;
344 ret = ctdb_recheck_persistent_health(ctdb);
346 ctdb->db_persistent_check_errors++;
347 if (ctdb->db_persistent_check_errors < ctdb->max_persistent_check_errors) {
348 DEBUG(ctdb->db_persistent_check_errors==1?DEBUG_ERR:DEBUG_WARNING,
349 (__location__ "ctdb_recheck_persistent_health() "
350 "failed (%llu of %llu times) - retry later\n",
351 (unsigned long long)ctdb->db_persistent_check_errors,
352 (unsigned long long)ctdb->max_persistent_check_errors));
353 tevent_add_timer(ctdb->ev,
354 ctdb->monitor->monitor_context,
355 timeval_current_ofs(1, 0),
356 ctdb_wait_until_recovered, ctdb);
359 DEBUG(DEBUG_ALERT,(__location__
360 "ctdb_recheck_persistent_health() failed (%llu times) - prepare shutdown\n",
361 (unsigned long long)ctdb->db_persistent_check_errors));
362 ctdb_shutdown_sequence(ctdb, 11);
363 /* In case above returns due to duplicate shutdown */
366 ctdb->db_persistent_check_errors = 0;
368 tevent_add_timer(ctdb->ev, ctdb->monitor->monitor_context,
369 timeval_current(), ctdb_run_startup, ctdb);
374 see if the event scripts think we are healthy
376 static void ctdb_check_health(struct tevent_context *ev,
377 struct tevent_timer *te,
378 struct timeval t, void *private_data)
380 struct ctdb_context *ctdb = talloc_get_type(private_data, struct ctdb_context);
381 bool skip_monitoring = false;
384 if (ctdb->recovery_mode != CTDB_RECOVERY_NORMAL ||
385 ctdb->monitor->monitoring_mode == CTDB_MONITORING_DISABLED) {
386 skip_monitoring = true;
388 if (ctdb_db_all_frozen(ctdb)) {
390 ("Skip monitoring since databases are frozen\n"));
391 skip_monitoring = true;
395 if (skip_monitoring) {
396 tevent_add_timer(ctdb->ev, ctdb->monitor->monitor_context,
397 timeval_current_ofs(ctdb->monitor->next_interval, 0),
398 ctdb_check_health, ctdb);
402 ret = ctdb_event_script_callback(ctdb,
403 ctdb->monitor->monitor_context,
404 ctdb_health_callback,
405 ctdb, CTDB_EVENT_MONITOR, "%s", "");
407 DEBUG(DEBUG_ERR,("Unable to launch monitor event script\n"));
408 ctdb->monitor->next_interval = 5;
409 tevent_add_timer(ctdb->ev, ctdb->monitor->monitor_context,
410 timeval_current_ofs(5, 0),
411 ctdb_check_health, ctdb);
416 (Temporaily) Disabling monitoring will stop the monitor event scripts
417 from running but node health checks will still occur
419 void ctdb_disable_monitoring(struct ctdb_context *ctdb)
421 ctdb->monitor->monitoring_mode = CTDB_MONITORING_DISABLED;
422 DEBUG(DEBUG_INFO,("Monitoring has been disabled\n"));
426 Re-enable running monitor events after they have been disabled
428 void ctdb_enable_monitoring(struct ctdb_context *ctdb)
430 ctdb->monitor->monitoring_mode = CTDB_MONITORING_ACTIVE;
431 ctdb->monitor->next_interval = 5;
432 DEBUG(DEBUG_INFO,("Monitoring has been enabled\n"));
435 /* stop any monitoring
436 this should only be done when shutting down the daemon
438 void ctdb_stop_monitoring(struct ctdb_context *ctdb)
440 talloc_free(ctdb->monitor->monitor_context);
441 ctdb->monitor->monitor_context = NULL;
443 ctdb->monitor->monitoring_mode = CTDB_MONITORING_DISABLED;
444 ctdb->monitor->next_interval = 5;
445 DEBUG(DEBUG_NOTICE,("Monitoring has been stopped\n"));
449 start watching for nodes that might be dead
451 void ctdb_wait_for_first_recovery(struct ctdb_context *ctdb)
453 ctdb_set_runstate(ctdb, CTDB_RUNSTATE_FIRST_RECOVERY);
455 ctdb->monitor = talloc(ctdb, struct ctdb_monitor_state);
456 CTDB_NO_MEMORY_FATAL(ctdb, ctdb->monitor);
458 ctdb->monitor->monitor_context = talloc_new(ctdb->monitor);
459 CTDB_NO_MEMORY_FATAL(ctdb, ctdb->monitor->monitor_context);
461 tevent_add_timer(ctdb->ev, ctdb->monitor->monitor_context,
462 timeval_current_ofs(1, 0),
463 ctdb_wait_until_recovered, ctdb);
468 modify flags on a node
470 int32_t ctdb_control_modflags(struct ctdb_context *ctdb, TDB_DATA indata)
472 struct ctdb_node_flag_change *c = (struct ctdb_node_flag_change *)indata.dptr;
473 struct ctdb_node *node;
476 if (c->pnn >= ctdb->num_nodes) {
477 DEBUG(DEBUG_ERR,(__location__ " Node %d is invalid, num_nodes :%d\n", c->pnn, ctdb->num_nodes));
481 node = ctdb->nodes[c->pnn];
482 old_flags = node->flags;
483 if (c->pnn != ctdb->pnn) {
484 c->old_flags = node->flags;
486 node->flags = c->new_flags & ~NODE_FLAGS_DISCONNECTED;
487 node->flags |= (c->old_flags & NODE_FLAGS_DISCONNECTED);
489 /* we don't let other nodes modify our STOPPED status */
490 if (c->pnn == ctdb->pnn) {
491 node->flags &= ~NODE_FLAGS_STOPPED;
492 if (old_flags & NODE_FLAGS_STOPPED) {
493 node->flags |= NODE_FLAGS_STOPPED;
497 /* we don't let other nodes modify our BANNED status */
498 if (c->pnn == ctdb->pnn) {
499 node->flags &= ~NODE_FLAGS_BANNED;
500 if (old_flags & NODE_FLAGS_BANNED) {
501 node->flags |= NODE_FLAGS_BANNED;
505 if (node->flags == c->old_flags) {
506 DEBUG(DEBUG_INFO, ("Control modflags on node %u - Unchanged - flags 0x%x\n", c->pnn, node->flags));
510 DEBUG(DEBUG_INFO, ("Control modflags on node %u - flags now 0x%x\n", c->pnn, node->flags));
512 if (node->flags == 0 && ctdb->runstate <= CTDB_RUNSTATE_STARTUP) {
513 DEBUG(DEBUG_ERR, (__location__ " Node %u became healthy - force recovery for startup\n",
515 ctdb->recovery_mode = CTDB_RECOVERY_ACTIVE;
518 /* tell the recovery daemon something has changed */
519 c->new_flags = node->flags;
520 ctdb_daemon_send_message(ctdb, ctdb->pnn,
521 CTDB_SRVID_SET_NODE_FLAGS, indata);
523 /* if we have become banned, we should go into recovery mode */
524 if ((node->flags & NODE_FLAGS_BANNED) && !(c->old_flags & NODE_FLAGS_BANNED) && (node->pnn == ctdb->pnn)) {
525 ctdb_local_node_got_banned(ctdb);
532 return the monitoring mode
534 int32_t ctdb_monitoring_mode(struct ctdb_context *ctdb)
536 if (ctdb->monitor == NULL) {
537 return CTDB_MONITORING_DISABLED;
539 return ctdb->monitor->monitoring_mode;
543 * Check if monitoring has been stopped
545 bool ctdb_stopped_monitoring(struct ctdb_context *ctdb)
547 return (ctdb->monitor->monitor_context == NULL ? true : false);