Rusty Russell [Wed, 16 Dec 2009 10:27:20 +0000 (20:57 +1030)]
ctdb: use mlockall, cautiously
We don't want ctdb stalling due to paging; this can be far worse than
scheduling delays. But if we simply do mlockall(MCL_FUTURE), it
increases the risk that mmap (ie. tdb open) or malloc will fail,
causing us to abort.
This patch is a compromise: we mlock all current pages (including
10k of future stack for expansion) and then relock when a client
asks us to open a TDB. We warn, but don't exit, if it fails.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Wed, 16 Dec 2009 08:56:22 +0000 (19:26 +1030)]
Remove RT priority, use niceness.
1) It's buggy. Code needs to be carefully written (ie. no busy
loops) to handle running with it, and we fork and run scripts.[1]
2) It makes debugging harder. If ctdbd loops (as has happened recently)
it can be extremely hard to get in and see what's happening. We've already
seen the valgrind hacks.
3) We have seen recent scheduler problems. Perhaps they are unrelated,
but removing this very unusual setup is unlikely to hurt.
4) It doesn't make anything faster. Under all but the most perverse of
circumstances, 99% of the cpu gives the same performance as 100%, and
we will always preempt normal processes anyway.
[1] I made this worse in
0fafdcb8d353 "eventscript: fork() a child for
each script" by removing the switch_from_server_to_client() which
restored it, but even that was only for monitor scripts. Others were
run with RT priority.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Wed, 16 Dec 2009 10:29:15 +0000 (20:59 +1030)]
Add --valgringing flag instead of --nosetsched
The do_setsched was being tested for whether to mmap tdbs: let's make it
explicit. We can also happily move the kill-child eventscript hack under
this flag.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Ronnie Sahlberg [Tue, 15 Dec 2009 22:51:17 +0000 (09:51 +1100)]
Revert "cleanup: remove a tunable we no longer use in the eventscripts any more :"
This reverts commit
401f421fa003d9515df15e759b50b56e0c67d69c.
Conflicts:
include/ctdb_private.h
server/ctdb_tunables.c
Ronnie Sahlberg [Tue, 15 Dec 2009 10:00:22 +0000 (21:00 +1100)]
Merge branch 'trans3'
Ronnie Sahlberg [Tue, 15 Dec 2009 09:56:16 +0000 (20:56 +1100)]
Author: Rusty Russell <rusty@rustcorp.com.au>
Date: Tue Dec 15 15:53:30 2009 +1030
eventscript: hack to avoid overloading valgrind
Now we fork one child per script, when running under valgrind the
load
gets quite high. This is because valgrind does a lot of work after
exit,
and we don't wait for the children to finish; we start the next one
when
the child reports status via the pipe.
This fix is ugly, but simple.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Ronnie Sahlberg [Tue, 15 Dec 2009 08:04:52 +0000 (19:04 +1100)]
This is a dodgy patch.
I saw once where the master ctdbd logging structure was talloc freed
which caused issues.
So only free the structure if it is NOT the master structure.
This needs to be looked into in more detail.
Ronnie Sahlberg [Tue, 15 Dec 2009 03:26:28 +0000 (14:26 +1100)]
Revert "Make fetch_locked more scalable"
This reverts commit
5736e17c139c9a8049e235429aeae0c6c9d0e93d.
Ronnie Sahlberg [Tue, 15 Dec 2009 03:25:55 +0000 (14:25 +1100)]
Merge commit 'obnox/ctdb-wip-trans3' into trans3
Ronnie Sahlberg [Tue, 15 Dec 2009 01:14:49 +0000 (12:14 +1100)]
add a new test tool that just locks and releases the same record over and over
Ronnie Sahlberg [Tue, 15 Dec 2009 00:29:16 +0000 (11:29 +1100)]
ctdb_fetch requires the number of nodes being specified.
Have it log an error and terminate if thie parameter was omitted
Ronnie Sahlberg [Mon, 14 Dec 2009 23:45:18 +0000 (10:45 +1100)]
When setting up the logging, set the event to trigger a read of a log message from a child process as a child of the "log" structure and not the ctdb structure,
or else we can crash if we receive log messages from a child but the log structure has been freed()
Ronnie Sahlberg [Mon, 14 Dec 2009 23:23:58 +0000 (10:23 +1100)]
From rusty:
Subject: eventscript: fix spinning at 100% cpu when child exits.
ctdbd was spinning reading 0 from a pipe, as soon as the first
eventscript finishes.
This was caused by the intersection between
a78b8ea7168e "Run only one
event for each epoll_wait/select call" and
32cfdc3aec34 "eventscript:
ctdb_fork_with_logging()". Unavoidable mid-air collision, since both
worked fine and both were developed simultaneously.
When the script exits, we have two pipes open to it: one for any
stdout/stderr for logging (ctdb_log_handler), and one for the result
(ctdb_event_script_handler). The latter frees everything, including
the log fd and event structure.
We used to get one callback to ctdb_log_handler, which got a harmless
0-length read, then one to ctdb_event_script_handler which cleaned up.
Now we only do one callback per poll, we need the logging function to
clean itself up so we can make process.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Ronnie Sahlberg [Mon, 14 Dec 2009 04:53:23 +0000 (15:53 +1100)]
Rename the tunable EventScriptBanCount to EventScriptTimeoutCount
since we no longer ban nodes when dodgy scripts continue to hang.
We now only mark nodes as unhealthy if monitor events fail or timeout. Never ban.
Ronnie Sahlberg [Mon, 14 Dec 2009 04:48:47 +0000 (15:48 +1100)]
cleanup: remove a tunable we no longer use in the eventscripts any more :
EventScriptUnhealthyOnTimeout
Rusty Russell [Thu, 10 Dec 2009 10:05:54 +0000 (20:35 +1030)]
ctdb: don't print OUTPUT: for DISABLED scripts
In other news, did you know ctime() returns a \n-terminated string?
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Thu, 10 Dec 2009 09:55:33 +0000 (20:25 +1030)]
eventscript: fix monitoring when killed by another script command
Commit
c1ba1392fe "eventscript: get rid of ctdb_control_event_script_finished
altogether" was wrong: there is one case where we want to free the script
without transferring their status to last_status. This happens because we
always kill an running monitor command when we run any other command.
This still isn't quite right (and never was): the callback will be called
with status value 0, which might flip us to HEALTHY if we were unhealthy.
This is conveniently fixed in my next set of patches :)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Ronnie Sahlberg [Mon, 14 Dec 2009 04:40:54 +0000 (15:40 +1100)]
remove the variable "disable when unhealthy"
there is no rational need for a setting where we permanently mark nodes as disabled everytime an eventscript fails
Michael Adam [Fri, 11 Dec 2009 16:05:30 +0000 (17:05 +0100)]
Revert "recovery: add special pull-logic for persistent databases"
This reverts commit
8aef46d2aab3efb322dda51eaa202653cefd5222.
This special recovery logic is wrong now with the transaction rewrite.
The treatment of persistent databases will later be rewritten to use the
database sequence number.
Michael
Volker Lendecke [Wed, 9 Dec 2009 14:11:45 +0000 (15:11 +0100)]
Make fetch_locked more scalable
This patch improves the handling of the fetch_lock operation on non-persistent
databases that ctdb clients have to do very frequently.
The normal flow how this goes is the following:
1. Client does a local fetch_lock on the database
2. Client looks if the local node is dmaster.
If yes, everything is fine
If no, continue here
3. Client unlocks the local record
4. Client issues a "get me the record" call to ctdbd
5. ctdbd goes out and fetches the dmaster role
6. ctdbd tells the client to retry
7. Client starts over again
The problem is between step 6 and 7: Before the client has had the chance to
retry (i.e. catch the record with a fetch_locked), another node might have come
asking ctdbd to migrate away the record again. This is a real problem, I've
seen >20 loops of this kind in real workloads.
This patch does the following: Whenever ctdb receives a record as result of
step 5, it puts the key on a "holdback list". As long as a key is on this list,
a request to migrate away the dmaster is put on hold. It is the client's duty
to issue the "CTDB_CONTROL_GOTIT" control when it has successfully done step 2
after having asked ctdb to fetch the record. This will release the key from the
"holdback list" and re-issue all dmaster migration requests.
As a safeguard against malicious clients, once a second (default 1000msecs,
tunable "HoldbackCleanupInterval" in milliseconds) ctdbd goes over the list of
held back keys, deletes them and releases all held back migration requests.
Volker Lendecke [Thu, 10 Dec 2009 12:02:29 +0000 (13:02 +0100)]
Import "talloc_array_length" from upstream talloc
Michael Adam [Fri, 11 Dec 2009 15:39:58 +0000 (16:39 +0100)]
tests: temporarily disable the transaction test tool.
Make it return success for make test.
This is temporarily disabled until the rewrite of the
transaction code (in samba and the daemon) using the global
lock feature has been ported to the ctdb client code.
Michael
Michael Adam [Fri, 11 Dec 2009 14:31:02 +0000 (15:31 +0100)]
Add a new control CTDB_GET_DB_SEQNUM - fetch a persistent db's sequence number.
Michael
Michael Adam [Fri, 11 Dec 2009 13:19:55 +0000 (14:19 +0100)]
define CTDB_DB_SEQNUM_KEY - used with the new implementation of transactions.
Michael
Volker Lendecke [Wed, 9 Dec 2009 16:20:23 +0000 (17:20 +0100)]
Tiny simplification of ctdb_queue_packet()
Volker Lendecke [Tue, 8 Dec 2009 16:00:55 +0000 (17:00 +0100)]
Rename a struct member for clarity
Michael Adam [Thu, 3 Dec 2009 16:59:49 +0000 (17:59 +0100)]
server: add a new control CTDB_CONTROL_TRANS3_COMMIT
This is a simplified version of the trans2 commit control:
It just rolls out the marshall buffer to all active nodes.
It is the main ctdbd part of the re-implementation of the
persistent transactions. The client code is changed to
take a global lock to start a transactions and store into
the marshal buffer instead of writing to the local tdb
under a local transaction.
The old transaction implementation is going to be
removed in a later commit.
Michael
Ronnie Sahlberg [Wed, 9 Dec 2009 21:53:55 +0000 (08:53 +1100)]
From: Volker Lendecke <vl@samba.org>
Date: Wed, 9 Dec 2009 22:45:12 +0100
Subject: [PATCH] Revert an accidential commit
Michael Adam [Wed, 9 Dec 2009 21:04:48 +0000 (22:04 +0100)]
tests: remove the no_trans mode from ctdb_transaction.
Writes without transaction are not possible any more on
persistent databases.
Michael
Michael Adam [Thu, 30 Jul 2009 09:59:59 +0000 (11:59 +0200)]
tests: remove the persistent_unsafe writes test.
This is useless now that persistent write operations without
transaction are forbidden.
Michael
Michael Adam [Thu, 30 Jul 2009 09:59:02 +0000 (11:59 +0200)]
tests: remove persistent_safe write test.
This is useless now that persistent writes without transactions are forbidden.
Michael
Michael Adam [Wed, 9 Dec 2009 20:38:44 +0000 (21:38 +0100)]
test: add test 54_ctdb_transaction_recovery.sh
This is like the 53_ctdb_transaction test, but it additionally
runs a loop with recoveries while the transactions are running.
When called like this, the transaction loops run for 10 minutes:
CTDB_TEST_TIMELIMIT=600 tests/scripts/run_tests tests/simple/54_ctdb_transaction_recovery.sh
The default timelimit is 30 seconds.
Michael
Michael Adam [Wed, 9 Dec 2009 20:36:42 +0000 (21:36 +0100)]
test: get value for --timelimit from environment var CTDB_TEST_TIMELIMIT in transaction test
Michael
Michael Adam [Wed, 9 Dec 2009 14:05:20 +0000 (15:05 +0100)]
client: lower level of commit retry message WARNING->DEBUG
This can happen frequently when recoveries intercept transactions.
Michael
Michael Adam [Wed, 9 Dec 2009 12:48:49 +0000 (13:48 +0100)]
client: lower debug level of transaction-active-retry message to DEBUG
This reduces some noise.
Michael
Michael Adam [Wed, 9 Dec 2009 12:43:38 +0000 (13:43 +0100)]
call: lower the debug message "refusing migration while transction" to lvl INFO
This gets just too noisy on a busy system.
And it is purley informational anyways...
Michael
Volker Lendecke [Wed, 9 Dec 2009 16:14:16 +0000 (17:14 +0100)]
Run only one event for each epoll_wait/select call
This might be a bit less efficient, but experience in winbind has shown that
event callbacks can trigger changes in the socket state in very hard to
diagnose ways.
Christian Ambach [Tue, 8 Dec 2009 18:23:19 +0000 (19:23 +0100)]
reduce vacuuming lognoise
syslog.h says:
LOG_NOTICE 5 normal but significant condition
LOG_INFO 6 informational
several vacuuming related logs logged at NOTICE level although I don't see
any real significance, these are just informational messages for me
Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
Christian Ambach [Tue, 8 Dec 2009 18:08:37 +0000 (19:08 +0100)]
improve time jump logging
add the __location__ macro to the logs to get a better idea
in which loop the problem occured
Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
Ronnie Sahlberg [Wed, 9 Dec 2009 03:26:42 +0000 (14:26 +1100)]
Merge commit 'rusty/script-report'
Ronnie Sahlberg [Wed, 9 Dec 2009 00:33:04 +0000 (11:33 +1100)]
Bond devices can have any name the user configures, so
when checking link status for an interface, first
check if this interface is in fact a bond device
(by the precense of a /proc/net/bonding/IFACE file)
and use that file for checking status.
Othervise assume ib* is an infiniband interface which we donnt know how
to check, or otherwise it is an ethernet interface and ethtool should
hopefully work.
Ronnie Sahlberg [Wed, 9 Dec 2009 00:13:29 +0000 (11:13 +1100)]
make sure to also check that interfaces used for NATGW are ok
and have a link.
if not the node should become unhealthy
Stefan Metzmacher [Mon, 7 Dec 2009 13:37:21 +0000 (14:37 +0100)]
events/50.samba: only use wbinfo --ping-dc if available
metze
Rusty Russell [Mon, 7 Dec 2009 15:20:55 +0000 (01:50 +1030)]
ctdb: scriptstatus can now query non-monitor events
We also no longer return an error before scripts have been run; a special
zero-length data means we have never run the scripts.
"ctdb scriptstatus all" returns all event script results.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 7 Dec 2009 15:17:13 +0000 (01:47 +1030)]
eventscript: expost call names and enum
We're going to need this so ctdb can query non-monitor status.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 7 Dec 2009 15:02:36 +0000 (01:32 +1030)]
eventscript: lock logging on timeout.
Ronnie suggested this; seems like a very good idea.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 7 Dec 2009 15:01:53 +0000 (01:31 +1030)]
ctdb: support --machinereadable (-Y) for scriptstatus
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Tue, 8 Dec 2009 01:59:10 +0000 (12:29 +1030)]
eventscript: get rid of ctdb_control_event_script_finished altogether
We always have to call it before freeing the state; we should just do
this work in the destructor itself.
Unfortunately, the script state would already be freed by the time
the state destructor is called, so we make the script state a child of
ctdb, and talloc_free() it manually on the one path which doesn't use
the destructor.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Tue, 8 Dec 2009 01:57:48 +0000 (12:27 +1030)]
eventscript: save state for all script invocations
Rather than only tranferring to last_status for monitor events, do
it for every event (ctdb->last_status is now an array).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Tue, 8 Dec 2009 01:54:56 +0000 (12:24 +1030)]
eventscript: cleanup finished to take state arg
We only need ctdb->current_monitor so we can kill it when we want to run
something else; we don't need to use it here as we always know what script
we are running.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Tue, 8 Dec 2009 02:18:17 +0000 (12:48 +1030)]
eventscript: use wire format internally for script status.
The only difference between the exposed an internal structure now is
that the name and output fields were pointers. Switch to using
ctdb_scripts_wire/ctdb_script_wire internally as well so marshalling
is a noop.
We now reject scripts which are too long and truncate logging to the
511 characters we have space for (the entire output will be in the
normal ctdbd log).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 7 Dec 2009 14:21:24 +0000 (00:51 +1030)]
eventscript: rename ctdb_monitoring_wire to ctdb_scripts_wire
We're going to allow fetching status of all script runs, so this
name is no longer appropriate.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Tue, 8 Dec 2009 02:17:24 +0000 (12:47 +1030)]
eventscript: get_current_script() helper
This neatens the code slightly. We also use the name 'current' in
ctdb_event_script_handler() for uniformity.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Tue, 8 Dec 2009 02:17:05 +0000 (12:47 +1030)]
eventscript: use an array rather than a linked list of scripts
This brings us closer to the wire format, by using a simple array
and a 'current' iterator.
The downside is that a 'struct ctdb_script' is no longer a talloc
object: the state must be passed to our log fn, and the current
script extracted with &state->scripts->scripts[state->current].
The wackiness of marshalling is simplified, and as a bonus, we can
distinguish between an empty event directory
(state->scripts->num_scripts == 0) and and error (state->scripts ==
NULL).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Tue, 8 Dec 2009 02:16:18 +0000 (12:46 +1030)]
eventscript: record script status for all events
This unifies almost everything: the state->current pointer points to
the struct ctdb_script where we record start, finish, status and
output.
We still only marshall up the monitor events; the rest disappear when
the state structure is freed.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Tue, 8 Dec 2009 02:15:17 +0000 (12:45 +1030)]
eventscript: use scripts array directly, rather than separate list
We rename ctdb_monitor_script_status to ctdb_script, and instead of
allocating them as the scripts are executed, we allocate them up front
and keep a "current" interator.
This slightly simplifies the code, though it means we only marshall up
to the last successfully run script.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Tue, 8 Dec 2009 02:14:30 +0000 (12:44 +1030)]
eventscript: ctdb_fork_with_logging()
A new helper functions which sets up an event attached to the child's
stdout/stderr which gets routed to the logging callback after being
placed in the normal logs.
This is a generalization of the previous code which was hardcoded to
call ctdb_log_event_script_output.
The only subtlety is that we hang the child fds off the output buffer;
the destructor for that will flush, which means it has to be destroyed
before the output buffer is.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 7 Dec 2009 14:01:29 +0000 (00:31 +1030)]
eventscript: pass struct ctdb_log_state directly to ctdb_log_handler().
The current logging logic assumes that any stdout/stderr belongs to
the currently running monitor script output. This isn't quite right
anyway, and we'd like to capture stderr output of other script
invocations.
So we move towards multiple struct ctdb_log_state by handing it
directly to ctdb_log_handler to use, rather than having it assume
ctdb->log. We need a ctdb pointer inside the log struct now though.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 7 Dec 2009 13:57:40 +0000 (00:27 +1030)]
eventscript: remove unused ctbd_ctrl_event_script*
The child no longer uses ctdb_ctrl_event_script_init or
ctdb_ctrl_event_script_finished, and the others are redundant: it
doesn't need to tell us it's starting a script when it only runs one.
We move start and stop calls to the parent, and eliminate the RPC
infrastructure altogether.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 7 Dec 2009 13:52:55 +0000 (00:22 +1030)]
eventscript: refactor forking code into fork_child_for_script()
We do the same thing in two places: fire off a child from the initial
ctdb_event_script_callback_v() and also from the ctdb_event_script_handler()
when it's done.
Unify this logic into fork_child_for_script().
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 7 Dec 2009 13:51:25 +0000 (00:21 +1030)]
eventscript: fork() a child for each script.
We rename child_run_scripts() to child_run_script(), because it now
runs a single script rather than walking the list. When it's
finished, we fork the next child from the ctdb_event_script_handler()
callback.
ctdb_control_event_script_init() and ctdb_control_event_script_finished()
are now called directly by the parent process; the child still calls
ctdb_ctrl_event_script_start() and ctdb_ctrl_event_script_stop() before
and after the script.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 7 Dec 2009 13:45:18 +0000 (00:15 +1030)]
eventscript: store from_user and script_list inside state structure
This means all the state about running the scripts is in that structure,
which helps in the next patch.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 7 Dec 2009 13:44:01 +0000 (00:14 +1030)]
eventscript: use direct script state pointer for current monitor
We put a "scripts" member in ctdb_event_script_state, rather than using
a special struct for monitor events. This will fit better as we further
unify the different events, and holds the reports from the child process
running each monitor script.
Rather than making the monitor state a child of current_monitor_status_ctx,
we just point current_monitor directly at it. This means we need to reset
that pointer in the destructor for ctdb_event_script_state.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 7 Dec 2009 13:39:20 +0000 (00:09 +1030)]
eventscript: make current_monitor_status_ctx serve as monitor_event_script_ctx
We have monitor_event_script_ctx and other_event_script_ctx, and
current_monitor_status_ctx in struct ctdb_context. This seems more
complex than it needs to be.
We use a single "event_script_ctx" as parent for all event script
state structures. Then we explicitly reparent monitor events under
current_monitor_status_ctx: this is freed every script invocation to
kill off any running scripts anyway.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 7 Dec 2009 13:25:03 +0000 (23:55 +1030)]
eventscript: split ctdb_run_event_script into multiple parts
Simple refactoring in preparation for switching to one-child-per-script.
We also call the functions run by the child process "child_".
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 7 Dec 2009 13:23:35 +0000 (23:53 +1030)]
eventscript: hoist work out of child process, into parent
This is the start of a move towards finer-grained reporting, with one
child per script. Simple code motion to do sanity check and get the
list of scripts before fork().
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 7 Dec 2009 13:22:01 +0000 (23:52 +1030)]
eventscript: don't make ourselves healthy if we're under ban_count
If we've timed out, but we've not timed out more than
ctdb->tunable.script_ban_count, we pretend we haven't.
There's a logic bug in the way this is done: if we were unhealthy before,
this would set us to "healthy" again (status == 0). I don't think this
would happen in real life, but it's a little surprising.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 7 Dec 2009 13:18:57 +0000 (23:48 +1030)]
eventscript: handle banning within the callbacks
Currently the timeout handler in eventscript.c does the banning if a
timeout happens. However, because monitor events are different, it has
to special case them.
As we call the callback anyway in this case, we should make that handle
-ETIME as it sees fit: for everyone but the monitor event, we simply ban
ourselves. The more complicated monitor event banning logic is now in
ctdb_monitor.c where it belongs.
Note: I wrapped the other bans in "if (status == -ETIME)", though they
should probably ban themselves on any error. This change should be a
noop.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 7 Dec 2009 12:48:40 +0000 (23:18 +1030)]
eventscript: expost ctdb_ban_self()
eventscript.c uses this now, but our next patch makes others use it.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 7 Dec 2009 12:47:23 +0000 (23:17 +1030)]
eventscript: handle v. unlikely timeout race
If we time out just as the child exits, we currently will report an
uninitialized cb_status field. Set it to -ETIME as expected.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 7 Dec 2009 12:45:56 +0000 (23:15 +1030)]
eventscript: replace other -1 returns with -errno
This completes our "problem with script" reporting; we never set cb_status
to -1 on error. Real errnos are used where the failure is a system call
(eg. read, setpgid), otherwise -EIO is used if we couldn't communicate with
the parent.
The latter case is a bit useless, since the parent probably won't see
the error anyway, but it's neater.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 7 Dec 2009 12:43:12 +0000 (23:13 +1030)]
eventscript: simplify ctdb_run_event_script loop
If we break, we avoid cut & paste code inside the loop. Need to initialize
ret to 0 for the "no scripts" case.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 7 Dec 2009 12:42:19 +0000 (23:12 +1030)]
eventscript: handle and report generic stat/execution errors
Rather than ignoring deleted event scripts (or pretending that they were "OK"),
and discarding other stat errors, we save the errno and turn it into a negative
status.
This gives us a bit more information if we can't execute a script (eg.
too many symlinks or other weird errors).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 7 Dec 2009 12:41:47 +0000 (23:11 +1030)]
eventscript: use -ENOEXEC for disabled status value
This unifies code paths and simplifies things: we just hand -ENOEXEC to
ctdb_ctrl_event_script_stop().
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 7 Dec 2009 12:39:02 +0000 (23:09 +1030)]
eventscript: enhance script delete race check
We currently assume 127 == script removed. The script can also return 127;
best to re-check the execution status in this case (and for 126, which will
happen if the script is non-executable).
If the script is no longer executable/not present, we ignore it.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 7 Dec 2009 12:39:39 +0000 (23:09 +1030)]
eventscript: check_executable() to centralize stat/perm checks
This is used later in the "script vanished" check.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 7 Dec 2009 12:35:58 +0000 (23:05 +1030)]
talloc: save errno over talloc_free
As we start to use errno more, it's a huge pain if talloc_free() can blatt
it (esp. destructors).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 7 Dec 2009 12:39:42 +0000 (23:09 +1030)]
eventscript: use -ETIME for timeout status value
This starts the move toward more expressive encoding of return values:
positive values mean the script ran, negative means we had a problem with
the script (and the value is the errno).
This does timeout, but changes the ctdb tool to recognize it.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 7 Dec 2009 12:39:40 +0000 (23:09 +1030)]
eventscript: marshall onto last_status immediately
This simplifies the code a little: last_status is now read to go
(it's only used by the scriptstatus command at the moment).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Ronnie Sahlberg [Mon, 7 Dec 2009 08:04:41 +0000 (19:04 +1100)]
version 1.0.108
Ronnie Sahlberg [Mon, 7 Dec 2009 07:27:46 +0000 (18:27 +1100)]
Use wbinfo --ping-dc isntead of wbingo -p sicne this is a more reliable way to determine if winbindd is in a useful state.
Michael Adam [Fri, 4 Dec 2009 22:18:12 +0000 (23:18 +0100)]
packaging: package tests/bin/ctdb_transaction under /usr/share/doc/tests/bin
For testing/diagnostic purposes.
Michael
Michael Adam [Thu, 3 Dec 2009 23:19:44 +0000 (00:19 +0100)]
client: improve two error messages in ctdb_transaction_commit().
Michael
Michael Adam [Thu, 3 Dec 2009 23:06:34 +0000 (00:06 +0100)]
server:trans2_commit: move the check for active recovery down.
This needs to be done after the control-dispatcher:
In the TRANS2_COMMIT control, the client->db_id needs
to be set before bailing out, since otherwise the
next TRANS2_COMMIT_RETRY will fail...
Michael
Michael Adam [Wed, 2 Dec 2009 23:28:32 +0000 (00:28 +0100)]
client: increase the number of commit retries 10-->100
To cope with timeouts when recoveries and transactions collide.
Maybe 100 is too high.
Michael
Michael Adam [Wed, 2 Dec 2009 23:27:34 +0000 (00:27 +0100)]
client: untangle checks and produce more detailed error messages
in ctdb_transaction_fetch_start
Michael
Michael Adam [Wed, 2 Dec 2009 23:26:52 +0000 (00:26 +0100)]
client: increase the rsn of the __transaction_lock__ when storing
So that it is correctly handled by recoveries.
Also explicitly set the dmaster field to the current node's pnn.
Michael
Michael Adam [Fri, 4 Dec 2009 10:21:29 +0000 (11:21 +0100)]
recovery: add special pull-logic for persistent databases
The decision mechanism which records of a persistent db
are to be pulled into the recdb during recovery is now
as follows:
* Usually a record with the higher rsn than that already
stored is taken. (Just as for normal tdbs.)
* If a transaction is running on some node, then those
nodes copies of all records are taken and are not
overwritten later by other nodes' copies.
In order to keep track of whether a record's copy was obtained
from a node with a transaction running, the recovery mechanism
misuses the ctdb tdb header field 'lacount' in the recdb.
It is cleared later when pushing out the recdb database to the
other nodes.
This way, an incomplete transaction is not spoiled when
a recovery interrupts and the replay should usually succeed
(possibly after a few retries).
Michael
Michael Adam [Wed, 2 Dec 2009 23:25:16 +0000 (00:25 +0100)]
make ctdb_ctrl_transaction_active public.
Michael
Michael Adam [Sun, 29 Nov 2009 10:17:18 +0000 (11:17 +0100)]
recovery: for persistent db's don't set the dmaster to the recmaster node number
It is important to keep track of the dmaster (i.e. the node that last committed
a transaction containing changes to this node).
Michael
Michael Adam [Sun, 29 Nov 2009 10:14:31 +0000 (11:14 +0100)]
recovery: pass the persistent flag to recover_database()
and further down to pull_remote_database(), pull_one_remote_database(),
and push_recdb_database().
This is in preparation of special handling of persistent databases
during recoveries.
Michael
Michael Adam [Sun, 29 Nov 2009 10:07:36 +0000 (11:07 +0100)]
tests:ctdb_transaction: print an extra counters when a commit fails
Michael
Michael Adam [Sun, 29 Nov 2009 09:38:33 +0000 (10:38 +0100)]
client: in catdb, print the keyname first, and separate records by a blank line
Michael
Michael Adam [Tue, 1 Dec 2009 22:54:12 +0000 (23:54 +0100)]
packaging: remove the lib/popt from the tarball in debian mode
Debian CTDB packaging fails when this is included.
Michael
Michael Adam [Tue, 1 Dec 2009 22:51:51 +0000 (23:51 +0100)]
packaging: rework maketarball.sh to accept an arbitrary githas to pack
The githash can be specified through the environment variable "GITHASH"
that can contain a commit hash or a tag name, e.g.
The call syntax is now
[GITHASH=xyz] [USE_GITHASH=yes/no] [DEBIAN_MODE=yes/no] maketarball.sh
Michael
Michael Adam [Sun, 29 Nov 2009 03:05:03 +0000 (04:05 +0100)]
ctdb: add command "ctdb wipedb" to wipe the contents of an attached tdb
Michael
Michael Adam [Thu, 29 Oct 2009 21:40:50 +0000 (22:40 +0100)]
tests: turn printfs into DEBUG statements in the ctdb_transaction test
Michael
Martin Schwenke [Fri, 4 Dec 2009 03:44:46 +0000 (14:44 +1100)]
Merge branch 'status-test-2'
Ronnie Sahlberg [Fri, 4 Dec 2009 00:45:37 +0000 (11:45 +1100)]
Dont store debug level DEBUG_DEBUG in the in-memory ringbuffer.
It is unlikely we will need something this verbose for normal troubleshooting.
This allows us to keep a significantly longer time interval of log messages
in the 500k slots available in the ringbuffer.
Ronnie Sahlberg [Fri, 4 Dec 2009 00:36:27 +0000 (11:36 +1100)]
Use statically allocated ringbuffer to store the last 500k log entries
in memory instead of dynamically allocated ones so that we reduce the pressure
on malloc/free.