git.samba.org - gd/samba-autobuild/.git/commit

author	Martin Schwenke <martin@meltin.net>
	Thu, 8 Jul 2021 07:28:20 +0000 (17:28 +1000)
committer	Amitay Isaacs <amitay@samba.org>
	Thu, 9 Sep 2021 01:46:49 +0000 (01:46 +0000)
commit	49dc5d8cd2d3767044ac69cbd25c8210d11cadf7
tree	77f0b70b692ef59255b1fc20095d5706d5b960b6	tree
parent	8305f6a7f132f03b0bbdb26692b7491fd3f6c24f	commit \| diff

ctdb-protocol: Add new controls to disable and enable nodes

These are CTDB_CONTROL_DISABLE_NODE and CTDB_CONTROL_ENABLE_NODE.

For consistency these match CTDB_CONTROL_STOP_NODE and
CTDB_CONTROL_CONTINUE_NODE.  It would be possible to add a single
control but it would need to take data.

The aim is to finally fix races in flag handling.  Previous fixes have
improved the situation but they have only narrowed the race window.
The problem is that the recovery daemon on the master node pushes
flags to nodes the same way that disable and enable are implemented.
So the following sequence is still racy:

1. Node A is disabled
2. Recovery master pulls flags from all nodes including A
3. Node A is enabled
4. Recovery master notices A is disabled and pushes a flag update to
   all nodes including node A
5. Node A is erroneously marked disabled

Node A can not tell if the MODIFY_FLAGS control is from a "ctdb
disable" command or a flag update from the recovery master.

The solution is to use a different mechanism for disable/enable and
for a node to ignore MODIFY_FLAGS controls for their own flags.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>