493e55a02aeca13cbf78d2d5832d6f70b37e7484
[vlendec/samba-autobuild/.git] / ctdb / server / ctdb_monitor.c
1 /* 
2    monitoring links to all other nodes to detect dead nodes
3
4
5    Copyright (C) Ronnie Sahlberg 2007
6
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License as published by
9    the Free Software Foundation; either version 3 of the License, or
10    (at your option) any later version.
11    
12    This program is distributed in the hope that it will be useful,
13    but WITHOUT ANY WARRANTY; without even the implied warranty of
14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15    GNU General Public License for more details.
16    
17    You should have received a copy of the GNU General Public License
18    along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "system/filesys.h"
23 #include "system/wait.h"
24 #include "../include/ctdb_private.h"
25 #include "common/system.h"
26
27 struct ctdb_monitor_state {
28         uint32_t monitoring_mode;
29         TALLOC_CTX *monitor_context;
30         uint32_t next_interval;
31 };
32
33 static void ctdb_check_health(struct event_context *ev, struct timed_event *te, 
34                               struct timeval t, void *private_data);
35
36 /*
37   setup the notification script
38 */
39 int ctdb_set_notification_script(struct ctdb_context *ctdb, const char *script)
40 {
41         ctdb->notification_script = talloc_strdup(ctdb, script);
42         CTDB_NO_MEMORY(ctdb, ctdb->notification_script);
43         return 0;
44 }
45
46 static int ctdb_run_notification_script_child(struct ctdb_context *ctdb, const char *event)
47 {
48         struct stat st;
49         int ret;
50         char *cmd;
51
52         if (stat(ctdb->notification_script, &st) != 0) {
53                 DEBUG(DEBUG_ERR,("Could not stat notification script %s. Can not send notifications.\n", ctdb->notification_script));
54                 return -1;
55         }
56         if (!(st.st_mode & S_IXUSR)) {
57                 DEBUG(DEBUG_ERR,("Notification script %s is not executable.\n", ctdb->notification_script));
58                 return -1;
59         }
60
61         cmd = talloc_asprintf(ctdb, "%s %s\n", ctdb->notification_script, event);
62         CTDB_NO_MEMORY(ctdb, cmd);
63
64         ret = system(cmd);
65         /* if the system() call was successful, translate ret into the
66            return code from the command
67         */
68         if (ret != -1) {
69                 ret = WEXITSTATUS(ret);
70         }
71         if (ret != 0) {
72                 DEBUG(DEBUG_ERR,("Notification script \"%s\" failed with error %d\n", cmd, ret));
73         }
74
75         return ret;
76 }
77
78 void ctdb_run_notification_script(struct ctdb_context *ctdb, const char *event)
79 {
80         pid_t child;
81
82         if (ctdb->notification_script == NULL) {
83                 return;
84         }
85
86         child = ctdb_fork(ctdb);
87         if (child == (pid_t)-1) {
88                 DEBUG(DEBUG_ERR,("Failed to fork() a notification child process\n"));
89                 return;
90         }
91         if (child == 0) {
92                 int ret;
93
94                 ctdb_set_process_name("ctdb_notification");
95                 debug_extra = talloc_asprintf(NULL, "notification-%s:", event);
96                 ret = ctdb_run_notification_script_child(ctdb, event);
97                 if (ret != 0) {
98                         DEBUG(DEBUG_ERR,(__location__ " Notification script failed\n"));
99                 }
100                 _exit(0);
101         }
102
103         return;
104 }
105
106 /*
107   called when a health monitoring event script finishes
108  */
109 static void ctdb_health_callback(struct ctdb_context *ctdb, int status, void *p)
110 {
111         struct ctdb_node *node = ctdb->nodes[ctdb->pnn];
112         TDB_DATA data;
113         struct ctdb_node_flag_change c;
114         uint32_t next_interval;
115         int ret;
116         TDB_DATA rddata;
117         struct srvid_request rd;
118         const char *state_str = NULL;
119
120         c.pnn = ctdb->pnn;
121         c.old_flags = node->flags;
122
123         rd.pnn   = ctdb->pnn;
124         rd.srvid = CTDB_SRVID_TAKEOVER_RUN_RESPONSE;
125
126         rddata.dptr = (uint8_t *)&rd;
127         rddata.dsize = sizeof(rd);
128
129         if (status == -ECANCELED) {
130                 DEBUG(DEBUG_ERR,("Monitoring event was cancelled\n"));
131                 goto after_change_status;
132         }
133
134         if (status == -ETIME) {
135                 ctdb->event_script_timeouts++;
136
137                 if (ctdb->event_script_timeouts >= ctdb->tunable.script_timeout_count) {
138                         DEBUG(DEBUG_ERR, ("Maximum timeout count %u reached for eventscript. Making node unhealthy\n", ctdb->tunable.script_timeout_count));
139                 } else {
140                         /* We pretend this is OK. */
141                         goto after_change_status;
142                 }
143         }
144
145         if (status != 0 && !(node->flags & NODE_FLAGS_UNHEALTHY)) {
146                 DEBUG(DEBUG_NOTICE,("monitor event failed - disabling node\n"));
147                 node->flags |= NODE_FLAGS_UNHEALTHY;
148                 ctdb->monitor->next_interval = 5;
149
150                 ctdb_run_notification_script(ctdb, "unhealthy");
151         } else if (status == 0 && (node->flags & NODE_FLAGS_UNHEALTHY)) {
152                 DEBUG(DEBUG_NOTICE,("monitor event OK - node re-enabled\n"));
153                 node->flags &= ~NODE_FLAGS_UNHEALTHY;
154                 ctdb->monitor->next_interval = 5;
155
156                 ctdb_run_notification_script(ctdb, "healthy");
157         }
158
159 after_change_status:
160         next_interval = ctdb->monitor->next_interval;
161
162         ctdb->monitor->next_interval *= 2;
163         if (ctdb->monitor->next_interval > ctdb->tunable.monitor_interval) {
164                 ctdb->monitor->next_interval = ctdb->tunable.monitor_interval;
165         }
166
167         event_add_timed(ctdb->ev, ctdb->monitor->monitor_context, 
168                                 timeval_current_ofs(next_interval, 0), 
169                                 ctdb_check_health, ctdb);
170
171         if (c.old_flags == node->flags) {
172                 return;
173         }
174
175         c.new_flags = node->flags;
176
177         data.dptr = (uint8_t *)&c;
178         data.dsize = sizeof(c);
179
180         /* ask the recovery daemon to push these changes out to all nodes */
181         ctdb_daemon_send_message(ctdb, ctdb->pnn,
182                                  CTDB_SRVID_PUSH_NODE_FLAGS, data);
183
184         if (c.new_flags & NODE_FLAGS_UNHEALTHY) {
185                 state_str = "UNHEALTHY";
186         } else {
187                 state_str = "HEALTHY";
188         }
189
190         /* ask the recmaster to reallocate all addresses */
191         DEBUG(DEBUG_ERR,
192               ("Node became %s. Ask recovery master to reallocate IPs\n",
193                state_str));
194         ret = ctdb_daemon_send_message(ctdb, CTDB_BROADCAST_CONNECTED, CTDB_SRVID_TAKEOVER_RUN, rddata);
195         if (ret != 0) {
196                 DEBUG(DEBUG_ERR,
197                       (__location__
198                        " Failed to send IP takeover run request\n"));
199         }
200 }
201
202
203 static void ctdb_run_startup(struct event_context *ev, struct timed_event *te,
204                              struct timeval t, void *private_data);
205 /*
206   called when the startup event script finishes
207  */
208 static void ctdb_startup_callback(struct ctdb_context *ctdb, int status, void *p)
209 {
210         if (status != 0) {
211                 DEBUG(DEBUG_ERR,("startup event failed\n"));
212                 event_add_timed(ctdb->ev, ctdb->monitor->monitor_context,
213                                 timeval_current_ofs(5, 0),
214                                 ctdb_run_startup, ctdb);
215                 return;
216         }
217
218         DEBUG(DEBUG_NOTICE,("startup event OK - enabling monitoring\n"));
219         ctdb_set_runstate(ctdb, CTDB_RUNSTATE_RUNNING);
220         ctdb->monitor->next_interval = 2;
221         ctdb_run_notification_script(ctdb, "startup");
222
223         ctdb->monitor->monitoring_mode = CTDB_MONITORING_ACTIVE;
224
225         event_add_timed(ctdb->ev, ctdb->monitor->monitor_context,
226                         timeval_current_ofs(ctdb->monitor->next_interval, 0),
227                         ctdb_check_health, ctdb);
228 }
229
230 static void ctdb_run_startup(struct event_context *ev, struct timed_event *te,
231                              struct timeval t, void *private_data)
232 {
233         struct ctdb_context *ctdb = talloc_get_type(private_data,
234                                                     struct ctdb_context);
235         int ret;
236
237         /* This is necessary to avoid the "startup" event colliding
238          * with the "ipreallocated" event from the takeover run
239          * following the first recovery.  We might as well serialise
240          * these things if we can.
241          */
242         if (ctdb->runstate < CTDB_RUNSTATE_STARTUP) {
243                 DEBUG(DEBUG_NOTICE,
244                       ("Not yet in startup runstate. Wait one more second\n"));
245                 event_add_timed(ctdb->ev, ctdb->monitor->monitor_context,
246                                 timeval_current_ofs(1, 0),
247                                 ctdb_run_startup, ctdb);
248                 return;
249         }
250
251         /* release any IPs we hold from previous runs of the daemon */
252         ctdb_release_all_ips(ctdb);
253
254         DEBUG(DEBUG_NOTICE,("Running the \"startup\" event.\n"));
255         ret = ctdb_event_script_callback(ctdb,
256                                          ctdb->monitor->monitor_context,
257                                          ctdb_startup_callback,
258                                          ctdb, CTDB_EVENT_STARTUP, "%s", "");
259
260         if (ret != 0) {
261                 DEBUG(DEBUG_ERR,("Unable to launch startup event script\n"));
262                 event_add_timed(ctdb->ev, ctdb->monitor->monitor_context,
263                                 timeval_current_ofs(5, 0),
264                                 ctdb_run_startup, ctdb);
265         }
266 }
267
268 /*
269   wait until we have finished initial recoveries before we start the
270   monitoring events
271  */
272 static void ctdb_wait_until_recovered(struct event_context *ev, struct timed_event *te, 
273                               struct timeval t, void *private_data)
274 {
275         struct ctdb_context *ctdb = talloc_get_type(private_data, struct ctdb_context);
276         int ret;
277         static int count = 0;
278
279         count++;
280
281         if (count < 60 || count%600 == 0) { 
282                 DEBUG(DEBUG_NOTICE,("CTDB_WAIT_UNTIL_RECOVERED\n"));
283                 if (ctdb->nodes[ctdb->pnn]->flags & NODE_FLAGS_STOPPED) {
284                         DEBUG(DEBUG_NOTICE,("Node is STOPPED. Node will NOT recover.\n"));
285                 }
286         }
287
288         if (ctdb->vnn_map->generation == INVALID_GENERATION) {
289                 ctdb->db_persistent_startup_generation = INVALID_GENERATION;
290
291                 event_add_timed(ctdb->ev, ctdb->monitor->monitor_context,
292                                      timeval_current_ofs(1, 0), 
293                                      ctdb_wait_until_recovered, ctdb);
294                 return;
295         }
296
297         if (ctdb->recovery_mode != CTDB_RECOVERY_NORMAL) {
298                 ctdb->db_persistent_startup_generation = INVALID_GENERATION;
299
300                 DEBUG(DEBUG_NOTICE,(__location__ " in recovery. Wait one more second\n"));
301                 event_add_timed(ctdb->ev, ctdb->monitor->monitor_context,
302                                      timeval_current_ofs(1, 0), 
303                                      ctdb_wait_until_recovered, ctdb);
304                 return;
305         }
306
307
308         if (!fast_start && timeval_elapsed(&ctdb->last_recovery_finished) < (ctdb->tunable.rerecovery_timeout + 3)) {
309                 ctdb->db_persistent_startup_generation = INVALID_GENERATION;
310
311                 DEBUG(DEBUG_NOTICE,(__location__ " wait for pending recoveries to end. Wait one more second.\n"));
312
313                 event_add_timed(ctdb->ev, ctdb->monitor->monitor_context,
314                                      timeval_current_ofs(1, 0), 
315                                      ctdb_wait_until_recovered, ctdb);
316                 return;
317         }
318
319         if (ctdb->vnn_map->generation == ctdb->db_persistent_startup_generation) {
320                 DEBUG(DEBUG_INFO,(__location__ " skip ctdb_recheck_persistent_health() "
321                                   "until the next recovery\n"));
322                 event_add_timed(ctdb->ev, ctdb->monitor->monitor_context,
323                                      timeval_current_ofs(1, 0),
324                                      ctdb_wait_until_recovered, ctdb);
325                 return;
326         }
327
328         ctdb->db_persistent_startup_generation = ctdb->vnn_map->generation;
329         ret = ctdb_recheck_persistent_health(ctdb);
330         if (ret != 0) {
331                 ctdb->db_persistent_check_errors++;
332                 if (ctdb->db_persistent_check_errors < ctdb->max_persistent_check_errors) {
333                         DEBUG(ctdb->db_persistent_check_errors==1?DEBUG_ERR:DEBUG_WARNING,
334                               (__location__ "ctdb_recheck_persistent_health() "
335                               "failed (%llu of %llu times) - retry later\n",
336                               (unsigned long long)ctdb->db_persistent_check_errors,
337                               (unsigned long long)ctdb->max_persistent_check_errors));
338                         event_add_timed(ctdb->ev,
339                                         ctdb->monitor->monitor_context,
340                                         timeval_current_ofs(1, 0),
341                                         ctdb_wait_until_recovered, ctdb);
342                         return;
343                 }
344                 DEBUG(DEBUG_ALERT,(__location__
345                                   "ctdb_recheck_persistent_health() failed (%llu times) - prepare shutdown\n",
346                                   (unsigned long long)ctdb->db_persistent_check_errors));
347                 ctdb_shutdown_sequence(ctdb, 11);
348                 /* In case above returns due to duplicate shutdown */
349                 return;
350         }
351         ctdb->db_persistent_check_errors = 0;
352
353         event_add_timed(ctdb->ev, ctdb->monitor->monitor_context,
354                         timeval_current(), ctdb_run_startup, ctdb);
355 }
356
357
358 /*
359   see if the event scripts think we are healthy
360  */
361 static void ctdb_check_health(struct event_context *ev, struct timed_event *te, 
362                               struct timeval t, void *private_data)
363 {
364         struct ctdb_context *ctdb = talloc_get_type(private_data, struct ctdb_context);
365         bool skip_monitoring = false;
366         int ret = 0;
367
368         if (ctdb->recovery_mode != CTDB_RECOVERY_NORMAL ||
369             ctdb->monitor->monitoring_mode == CTDB_MONITORING_DISABLED) {
370                 skip_monitoring = true;
371         } else {
372                 if (ctdb_db_all_frozen(ctdb)) {
373                         DEBUG(DEBUG_ERR,
374                               ("Skip monitoring since databases are frozen\n"));
375                         skip_monitoring = true;
376                 }
377         }
378
379         if (skip_monitoring) {
380                 event_add_timed(ctdb->ev, ctdb->monitor->monitor_context,
381                                 timeval_current_ofs(ctdb->monitor->next_interval, 0),
382                                 ctdb_check_health, ctdb);
383                 return;
384         }
385
386         ret = ctdb_event_script_callback(ctdb,
387                                          ctdb->monitor->monitor_context,
388                                          ctdb_health_callback,
389                                          ctdb, CTDB_EVENT_MONITOR, "%s", "");
390         if (ret != 0) {
391                 DEBUG(DEBUG_ERR,("Unable to launch monitor event script\n"));
392                 ctdb->monitor->next_interval = 5;
393                 event_add_timed(ctdb->ev, ctdb->monitor->monitor_context,
394                                 timeval_current_ofs(5, 0),
395                                 ctdb_check_health, ctdb);
396         }
397 }
398
399 /* 
400   (Temporaily) Disabling monitoring will stop the monitor event scripts
401   from running   but node health checks will still occur
402 */
403 void ctdb_disable_monitoring(struct ctdb_context *ctdb)
404 {
405         ctdb->monitor->monitoring_mode = CTDB_MONITORING_DISABLED;
406         DEBUG(DEBUG_INFO,("Monitoring has been disabled\n"));
407 }
408
409 /* 
410    Re-enable running monitor events after they have been disabled
411  */
412 void ctdb_enable_monitoring(struct ctdb_context *ctdb)
413 {
414         ctdb->monitor->monitoring_mode  = CTDB_MONITORING_ACTIVE;
415         ctdb->monitor->next_interval = 5;
416         DEBUG(DEBUG_INFO,("Monitoring has been enabled\n"));
417 }
418
419 /* stop any monitoring 
420    this should only be done when shutting down the daemon
421 */
422 void ctdb_stop_monitoring(struct ctdb_context *ctdb)
423 {
424         talloc_free(ctdb->monitor->monitor_context);
425         ctdb->monitor->monitor_context = NULL;
426
427         ctdb->monitor->monitoring_mode  = CTDB_MONITORING_DISABLED;
428         ctdb->monitor->next_interval = 5;
429         DEBUG(DEBUG_NOTICE,("Monitoring has been stopped\n"));
430 }
431
432 /*
433   start watching for nodes that might be dead
434  */
435 void ctdb_wait_for_first_recovery(struct ctdb_context *ctdb)
436 {
437         ctdb_set_runstate(ctdb, CTDB_RUNSTATE_FIRST_RECOVERY);
438
439         ctdb->monitor = talloc(ctdb, struct ctdb_monitor_state);
440         CTDB_NO_MEMORY_FATAL(ctdb, ctdb->monitor);
441
442         ctdb->monitor->monitor_context = talloc_new(ctdb->monitor);
443         CTDB_NO_MEMORY_FATAL(ctdb, ctdb->monitor->monitor_context);
444
445         event_add_timed(ctdb->ev, ctdb->monitor->monitor_context,
446                         timeval_current_ofs(1, 0),
447                         ctdb_wait_until_recovered, ctdb);
448 }
449
450
451 /*
452   modify flags on a node
453  */
454 int32_t ctdb_control_modflags(struct ctdb_context *ctdb, TDB_DATA indata)
455 {
456         struct ctdb_node_flag_change *c = (struct ctdb_node_flag_change *)indata.dptr;
457         struct ctdb_node *node;
458         uint32_t old_flags;
459
460         if (c->pnn >= ctdb->num_nodes) {
461                 DEBUG(DEBUG_ERR,(__location__ " Node %d is invalid, num_nodes :%d\n", c->pnn, ctdb->num_nodes));
462                 return -1;
463         }
464
465         node         = ctdb->nodes[c->pnn];
466         old_flags    = node->flags;
467         if (c->pnn != ctdb->pnn) {
468                 c->old_flags  = node->flags;
469         }
470         node->flags   = c->new_flags & ~NODE_FLAGS_DISCONNECTED;
471         node->flags  |= (c->old_flags & NODE_FLAGS_DISCONNECTED);
472
473         /* we dont let other nodes modify our STOPPED status */
474         if (c->pnn == ctdb->pnn) {
475                 node->flags &= ~NODE_FLAGS_STOPPED;
476                 if (old_flags & NODE_FLAGS_STOPPED) {
477                         node->flags |= NODE_FLAGS_STOPPED;
478                 }
479         }
480
481         /* we dont let other nodes modify our BANNED status */
482         if (c->pnn == ctdb->pnn) {
483                 node->flags &= ~NODE_FLAGS_BANNED;
484                 if (old_flags & NODE_FLAGS_BANNED) {
485                         node->flags |= NODE_FLAGS_BANNED;
486                 }
487         }
488
489         if (node->flags == c->old_flags) {
490                 DEBUG(DEBUG_INFO, ("Control modflags on node %u - Unchanged - flags 0x%x\n", c->pnn, node->flags));
491                 return 0;
492         }
493
494         DEBUG(DEBUG_INFO, ("Control modflags on node %u - flags now 0x%x\n", c->pnn, node->flags));
495
496         if (node->flags == 0 && ctdb->runstate <= CTDB_RUNSTATE_STARTUP) {
497                 DEBUG(DEBUG_ERR, (__location__ " Node %u became healthy - force recovery for startup\n",
498                                   c->pnn));
499                 ctdb->recovery_mode = CTDB_RECOVERY_ACTIVE;
500         }
501
502         /* tell the recovery daemon something has changed */
503         c->new_flags = node->flags;
504         ctdb_daemon_send_message(ctdb, ctdb->pnn,
505                                  CTDB_SRVID_SET_NODE_FLAGS, indata);
506
507         /* if we have become banned, we should go into recovery mode */
508         if ((node->flags & NODE_FLAGS_BANNED) && !(c->old_flags & NODE_FLAGS_BANNED) && (node->pnn == ctdb->pnn)) {
509                 ctdb_local_node_got_banned(ctdb);
510         }
511         
512         return 0;
513 }
514
515 /*
516   return the monitoring mode
517  */
518 int32_t ctdb_monitoring_mode(struct ctdb_context *ctdb)
519 {
520         if (ctdb->monitor == NULL) {
521                 return CTDB_MONITORING_DISABLED;
522         }
523         return ctdb->monitor->monitoring_mode;
524 }
525
526 /*
527  * Check if monitoring has been stopped
528  */
529 bool ctdb_stopped_monitoring(struct ctdb_context *ctdb)
530 {
531         return (ctdb->monitor->monitor_context == NULL ? true : false);
532 }