1 # Hey Emacs, this is a -*- shell-script -*- !!!
3 # utility functions for ctdb event scripts
5 if [ -z "$CTDB_BASE" ] ; then
6 echo 'CTDB_BASE unset in CTDB functions file'
11 # CTDB_VARDIR is used elsewhere
12 # shellcheck disable=SC2034
13 CTDB_VARDIR="/usr/local/var/lib/ctdb"
14 ctdb_rundir="/usr/local/var/run/ctdb"
16 CTDB="${CTDB:-/usr/local/bin/ctdb}"
18 # Only (and always) override these variables in test code
20 if [ -z "$CTDB_SCRIPT_VARDIR" ] ; then
21 CTDB_SCRIPT_VARDIR="/usr/local/var/lib/ctdb/scripts"
24 if [ -z "$CTDB_SYS_ETCDIR" ] ; then
25 CTDB_SYS_ETCDIR="/etc"
28 if [ -z "$CTDB_HELPER_BINDIR" ] ; then
29 CTDB_HELPER_BINDIR="/usr/local/libexec/ctdb"
32 #######################################
33 # pull in a system config file, if any
35 rewrite_ctdb_options ()
39 _opts_defaults="mode=700"
40 # Get any extra options specified after colon
41 if [ "$CTDB_DBDIR" = "tmpfs" ] ; then
44 _opts="${CTDB_DBDIR#tmpfs:}"
46 # It is OK to repeat mount options - last value wins.
47 # CTDB_DBDIR_TMPFS_OPTIONS is used by ctdbd_wrapper
48 # shellcheck disable=SC2034
49 CTDB_DBDIR_TMPFS_OPTIONS="${_opts_defaults}${_opts:+,}${_opts}"
51 CTDB_DBDIR="${ctdb_rundir}/CTDB_DBDIR"
54 # shellcheck disable=SC2034
55 CTDB_DBDIR_TMPFS_OPTIONS=""
65 if [ -f "${CTDB_SYS_ETCDIR}/sysconfig/$1" ]; then
66 . "${CTDB_SYS_ETCDIR}/sysconfig/$1"
67 elif [ -f "${CTDB_SYS_ETCDIR}/default/$1" ]; then
68 . "${CTDB_SYS_ETCDIR}/default/$1"
74 load_system_config "ctdb"
76 _config="${CTDB_BASE}/ctdbd.conf"
77 if [ -r "$_config" ] ; then
83 load_script_options ()
87 _options="${0%.script}.options"
89 if [ -r "$_options" ] ; then
94 ##############################################################
105 # Log given message or stdin to either syslog or a CTDB log file
106 # $1 is the tag passed to logger if syslog is in use.
111 case "$CTDB_LOGGING" in
113 if [ -n "$CTDB_LOGGING" ] ; then
114 _file="${CTDB_LOGGING#file:}"
116 _file="/usr/local/var/log/log.ctdb"
119 if [ -n "$*" ] ; then
127 # Handle all syslog:* variants here too. There's no tool to do
128 # the lossy things, so just use logger.
129 logger -t "ctdbd: ${_tag}" "$@"
134 # When things are run in the background in an eventscript then logging
135 # output might get lost. This is the "solution". :-)
136 background_with_logging ()
139 "$@" 2>&1 </dev/null |
140 script_log "${script_name}&"
146 ##############################################################
147 # check number of args for different events
153 echo "ERROR: must supply interface, IP and maskbits"
159 echo "ERROR: must supply old interface, new interface, IP and maskbits"
166 ##############################################################
167 # determine on what type of system (init style) we are running
170 # only do detection if not already set:
171 if [ -n "$CTDB_INIT_STYLE" ] ; then
175 if [ -x /sbin/startproc ]; then
176 CTDB_INIT_STYLE="suse"
177 elif [ -x /sbin/start-stop-daemon ]; then
178 CTDB_INIT_STYLE="debian"
180 CTDB_INIT_STYLE="redhat"
184 ######################################################
185 # simulate /sbin/service on platforms that don't have it
186 # _service() makes it easier to hook the service() function for
193 # do nothing, when no service was specified
194 [ -z "$_service_name" ] && return
196 if [ -x /sbin/service ]; then
197 $_nice /sbin/service "$_service_name" "$_op"
198 elif [ -x /usr/sbin/service ]; then
199 $_nice /usr/sbin/service "$_service_name" "$_op"
200 elif [ -x /bin/systemctl ]; then
201 $_nice /bin/systemctl "$_op" "$_service_name"
202 elif [ -x "${CTDB_SYS_ETCDIR}/init.d/${_service_name}" ]; then
203 $_nice "${CTDB_SYS_ETCDIR}/init.d/${_service_name}" "$_op"
204 elif [ -x "${CTDB_SYS_ETCDIR}/rc.d/init.d/${_service_name}" ]; then
205 $_nice "${CTDB_SYS_ETCDIR}/rc.d/init.d/${_service_name}" "$_op"
215 ######################################################
216 # simulate /sbin/service (niced) on platforms that don't have it
223 ######################################################
224 # Cached retrieval of PNN from local node. This never changes so why
225 # open a client connection to the server each time this is needed?
228 _pnn_file="${CTDB_SCRIPT_VARDIR}/my-pnn"
229 if [ ! -f "$_pnn_file" ] ; then
230 $CTDB pnn >"$_pnn_file"
236 # Cached retrieval of private IP address from local node. This never
238 ctdb_get_ip_address ()
240 _ip_addr_file="${CTDB_SCRIPT_VARDIR}/my-ip-address"
241 if [ ! -f "$_ip_addr_file" ] ; then
242 $CTDB -X nodestatus |
243 awk -F '|' 'NR == 2 { print $3 }' >"$_ip_addr_file"
246 # ip_address is used by caller
247 # shellcheck disable=SC2034
251 ######################################################
252 # wrapper around /proc/ settings to allow them to be hooked
254 # 1st arg is relative path under /proc/, 2nd arg is value to set
257 echo "$2" >"/proc/$1"
262 if [ -w "/proc/$1" ] ; then
267 ######################################################
268 # wrapper around getting file contents from /proc/ to allow
269 # this to be hooked for testing
270 # 1st arg is relative path under /proc/
276 ######################################################
277 # Print up to $_max kernel stack traces for processes named $_program
278 program_stack_traces ()
284 for _pid in $(pidof "$_prog") ; do
285 [ "$_count" -le "$_max" ] || break
287 # Do this first to avoid racing with process exit
288 _stack=$(get_proc "${_pid}/stack" 2>/dev/null)
289 if [ -n "$_stack" ] ; then
290 echo "Stack trace for ${_prog}[${_pid}]:"
292 _count=$((_count + 1))
297 ######################################################
298 # Ensure $service_name is set
299 assert_service_name ()
301 # service_name is set by the event script
302 # shellcheck disable=SC2154
303 [ -n "$service_name" ] || die "INTERNAL ERROR: \$service_name not set"
306 ######################################################
307 # check a set of directories is available
308 # return 1 on a missing directory
309 # directories are read from stdin
310 ######################################################
311 ctdb_check_directories_probe()
313 while IFS="" read d ; do
319 [ -d "${d}/." ] || return 1
324 ######################################################
325 # check a set of directories is available
326 # directories are read from stdin
327 ######################################################
328 ctdb_check_directories()
330 ctdb_check_directories_probe || {
331 echo "ERROR: $service_name directory \"$d\" not available"
336 ######################################################
337 # check a set of tcp ports
338 # usage: ctdb_check_tcp_ports <ports...>
339 ######################################################
341 # Check whether something is listening on all of the given TCP ports
342 # using the "ctdb checktcpport" command.
343 ctdb_check_tcp_ports()
345 if [ -z "$1" ] ; then
346 echo "INTERNAL ERROR: ctdb_check_tcp_ports - no ports specified"
350 for _p ; do # process each function argument (port)
351 _cmd="$CTDB checktcpport $_p"
356 echo "$service_name not listening on TCP port $_p"
360 # Couldn't bind, something already listening, next port
364 echo "unexpected error (${_ret}) running \"${_cmd}\""
365 if [ -n "$_out" ] ; then
373 # All ports listening
377 ######################################################
378 # check a unix socket
379 # usage: ctdb_check_unix_socket SOCKPATH
380 ######################################################
381 ctdb_check_unix_socket()
385 if [ -z "$_sockpath" ] ; then
386 echo "ERROR: ctdb_check_unix_socket() requires socket path"
390 _out=$(ss -l -x "src ${_sockpath}" | tail -n +2)
391 if [ -z "$_out" ] ; then
392 echo "ERROR: ${service_name} not listening on ${_sockpath}"
397 ################################################
398 # kill off any TCP connections with the given IP
399 ################################################
400 kill_tcp_connections ()
406 if [ "$3" = "oneway" ] ; then
410 get_tcp_connections_for_ip "$_ip" | {
415 while read _dst _src; do
416 _destport="${_dst##*:}"
419 # we only do one-way killtcp for CIFS
420 139|445) __oneway=true ;;
423 _connections="${_connections}${_nl}${_src} ${_dst}"
424 if ! $__oneway ; then
425 _connections="${_connections}${_nl}${_dst} ${_src}"
428 _killcount=$((_killcount + 1))
431 if [ $_killcount -eq 0 ] ; then
435 echo "$_connections" | \
436 "${CTDB_HELPER_BINDIR}/ctdb_killtcp" "$_iface" || {
437 echo "Failed to kill TCP connections"
441 _connections=$(get_tcp_connections_for_ip "$_ip")
442 if [ -z "$_connections" ] ; then
445 _remaining=$(echo "$_connections" | wc -l)
448 _actually_killed=$((_killcount - _remaining))
450 _t="${_actually_killed}/${_killcount}"
451 echo "Killed ${_t} TCP connections to released IP $_ip"
453 if [ -n "$_connections" ] ; then
454 echo "Remaining connections:"
455 echo "$_connections" | sed -e 's|^| |'
460 ##################################################################
461 # kill off the local end for any TCP connections with the given IP
462 ##################################################################
463 kill_tcp_connections_local_only ()
465 kill_tcp_connections "$@" "oneway"
468 ##################################################################
469 # tickle any TCP connections with the given IP
470 ##################################################################
471 tickle_tcp_connections ()
475 # Get connections, both directions
476 _conns=$(get_tcp_connections_for_ip "$_ip" | \
477 awk '{ print $1, $2 ; print $2, $1 }')
479 echo "$_conns" | awk '{ print "Tickle TCP connection", $1, $2 }'
480 echo "$_conns" | ctdb tickle
483 get_tcp_connections_for_ip ()
487 ss -tn state established "src [$_ip]" | awk 'NR > 1 {print $3, $4}'
490 ########################################################
498 # Ensure interface is up
499 ip link set "$_iface" up || \
500 die "Failed to bringup interface $_iface"
502 # Only need to define broadcast for IPv4
508 # Intentionally unquoted multi-word value here
509 # shellcheck disable=SC2086
510 ip addr add "$_ip/$_maskbits" $_bcast dev "$_iface" || {
511 echo "Failed to add $_ip/$_maskbits on dev $_iface"
515 # Wait 5 seconds for IPv6 addresses to stop being tentative...
516 if [ -z "$_bcast" ] ; then
517 for _x in $(seq 1 10) ; do
518 ip addr show to "${_ip}/128" | grep -q "tentative" || break
522 # If the address was a duplicate then it won't be on the
523 # interface so flag an error.
524 _t=$(ip addr show to "${_ip}/128")
527 echo "Failed to add $_ip/$_maskbits on dev $_iface"
530 *tentative*|*dadfailed*)
531 echo "Failed to add $_ip/$_maskbits on dev $_iface"
532 ip addr del "$_ip/$_maskbits" dev "$_iface"
539 delete_ip_from_iface()
545 # This could be set globally for all interfaces but it is probably
546 # better to avoid surprises, so limit it the interfaces where CTDB
547 # has public IP addresses. There isn't anywhere else convenient
548 # to do this so just set it each time. This is much cheaper than
549 # remembering and re-adding secondaries.
550 set_proc "sys/net/ipv4/conf/${_iface}/promote_secondaries" 1
552 ip addr del "$_ip/$_maskbits" dev "$_iface" || {
553 echo "Failed to del $_ip on dev $_iface"
558 # If the given IP is hosted then print 2 items: maskbits and iface
567 ip addr show to "${_addr}/${_bits}" 2>/dev/null | \
568 awk 'NR == 1 { iface = $2; sub(":$", "", iface) ;
569 sub("@.*", "", iface) }
570 $1 ~ /inet/ { mask = $2; sub(".*/", "", mask);
576 _addr="${1%/*}" # Remove optional maskbits
578 # Intentional word splitting here
579 # shellcheck disable=SC2046
580 set -- $(ip_maskbits_iface "$_addr")
581 if [ -n "$1" ] ; then
584 echo "Removing public address $_addr/$_maskbits from device $_iface"
585 delete_ip_from_iface "$_iface" "$_addr" "$_maskbits" >/dev/null 2>&1
589 drop_all_public_ips ()
591 # _x is intentionally ignored
592 # shellcheck disable=SC2034
593 while read _ip _x ; do
595 done <"${CTDB_BASE}/public_addresses"
600 set_proc_maybe sys/net/ipv4/route/flush 1
601 set_proc_maybe sys/net/ipv6/route/flush 1
604 ########################################################
605 # Interface monitoring
607 # If the interface is a virtual one (e.g. VLAN) then get the
608 # underlying interface
609 interface_get_real ()
611 # Output of "ip link show <iface>"
614 # Extract the full interface description to see if it is a VLAN
615 _t=$(echo "$_iface_info" |
616 awk 'NR == 1 { iface = $2; sub(":$", "", iface) ;
620 # VLAN: use the underlying interface, after the '@'
624 # Not a regular VLAN. For backward compatibility, assume
625 # there is some other sort of VLAN that doesn't have the
626 # '@' in the output and only use what is before a '.'. If
627 # there is no '.' then this will be the whole interface
633 # Check whether an interface is operational
638 _iface_info=$(ip link show "$_iface" 2>&1) || {
639 echo "ERROR: Monitored interface ${_iface} does not exist"
644 # If the interface is a virtual one (e.g. VLAN) then get the
645 # underlying interface.
646 _realiface=$(interface_get_real "$_iface_info")
648 if _bi=$(get_proc "net/bonding/${_realiface}" 2>/dev/null) ; then
649 # This is a bond: various monitoring strategies
650 echo "$_bi" | grep -q 'Currently Active Slave: None' && {
651 echo "ERROR: No active slaves for bond device ${_realiface}"
654 echo "$_bi" | grep -q '^MII Status: up' || {
655 echo "ERROR: public network interface ${_realiface} is down"
658 echo "$_bi" | grep -q '^Bonding Mode: IEEE 802.3ad Dynamic link aggregation' && {
659 # This works around a bug in the driver where the
660 # overall bond status can be up but none of the actual
661 # physical interfaces have a link.
662 echo "$_bi" | grep 'MII Status:' | tail -n +2 | grep -q '^MII Status: up' || {
663 echo "ERROR: No active slaves for 802.ad bond device ${_realiface}"
673 # loopback is always working
677 # we don't know how to test ib links
681 ethtool "$_iface" | grep -q 'Link detected: yes' || {
682 # On some systems, this is not successful when a
683 # cable is plugged but the interface has not been
684 # brought up previously. Bring the interface up
686 ip link set "$_iface" up
687 ethtool "$_iface" | grep -q 'Link detected: yes' || {
688 echo "ERROR: No link on the public network interface ${_iface}"
698 ########################################################
700 _ctdb_counter_common ()
702 [ $# -le 1 ] || die "usage: _ctdb_counter_common [name]"
704 if [ $# -eq 1 ] ; then
705 _counter_name="${1}.failcount"
707 _counter_name="failcount"
710 if [ -z "$script_state_dir" ] ; then
711 die "ctdb_counter_* functions need ctdb_setup_state_dir()"
714 _counter_file="${script_state_dir}/${_counter_name}"
716 # Some code passes an argument
717 # shellcheck disable=SC2120
718 ctdb_counter_init () {
719 _ctdb_counter_common "$1"
723 ctdb_counter_incr () {
724 _ctdb_counter_common "$1"
726 # unary counting using newlines!
727 echo >>"$_counter_file"
729 ctdb_counter_get () {
730 _ctdb_counter_common "$1"
732 stat -c "%s" "$_counter_file" 2>/dev/null || echo 0
735 ########################################################
737 # ctdb_setup_state_dir <type> <name>
738 # Sets/creates script_state_dir)
739 ctdb_setup_state_dir ()
741 [ $# -eq 2 ] || die "usage: ctdb_setup_state_dir <type> <name>"
746 script_state_dir="${CTDB_SCRIPT_VARDIR}/${_type}/${_name}"
748 mkdir -p "$script_state_dir" || \
749 die "Error creating script state dir \"${script_state_dir}\""
752 ##################################################################
753 # Reconfigure a service on demand
755 _ctdb_service_reconfigure_common ()
757 if [ -z "$script_state_dir" ] ; then
758 die "ctdb_service_*_reconfigure() needs ctdb_setup_state_dir()"
761 _ctdb_service_reconfigure_flag="${script_state_dir}/need_reconfigure"
764 ctdb_service_needs_reconfigure ()
766 _ctdb_service_reconfigure_common
767 [ -e "$_ctdb_service_reconfigure_flag" ]
770 ctdb_service_set_reconfigure ()
772 _ctdb_service_reconfigure_common
773 : >"$_ctdb_service_reconfigure_flag"
776 ctdb_service_unset_reconfigure ()
778 _ctdb_service_reconfigure_common
779 rm -f "$_ctdb_service_reconfigure_flag"
782 ctdb_service_reconfigure ()
784 echo "Reconfiguring service \"${service_name}\"..."
785 ctdb_service_unset_reconfigure
786 service_reconfigure || return $?
787 # Intentionally have this use $service_name as default
788 # shellcheck disable=SC2119
792 # Default service_reconfigure() function does nothing.
793 service_reconfigure ()
798 # Default service_start() and service_stop() functions.
800 # These may be overridden in an eventscript.
803 service "$service_name" start
808 service "$service_name" stop
811 ##################################################################
813 # This exists only for backward compatibility with 3rd party scripts
815 ctdb_standard_event_handler ()
823 if [ "$_family" = "inet6" ] ; then
824 _iptables_cmd="ip6tables"
826 _iptables_cmd="iptables"
829 # iptables doesn't like being re-entered, so flock-wrap it.
830 flock -w 30 "${CTDB_SCRIPT_VARDIR}/iptables.flock" "$_iptables_cmd" "$@"
833 # AIX (and perhaps others?) doesn't have mktemp
834 # type is commonly supported and more portable than which(1)
835 # shellcheck disable=SC2039
836 if ! type mktemp >/dev/null 2>&1 ; then
840 if [ "$1" = "-d" ] ; then
845 _hex10=$(dd if=/dev/urandom count=20 2>/dev/null | \
847 sed -e 's@\(..........\).*@\1@')
848 _t="${_d}/tmp.${_hex10}"
861 ######################################################################
862 # NFS callout handling
868 if [ -z "$CTDB_NFS_CALLOUT" ] ; then
869 CTDB_NFS_CALLOUT="${CTDB_BASE}/nfs-linux-kernel-callout"
871 # Always export, for statd callout
872 export CTDB_NFS_CALLOUT
874 # If the callout wants to use this then it must create it
875 export CTDB_NFS_CALLOUT_STATE_DIR="${_state_dir}/callout-state"
877 # Export, if set, for use by clustered NFS callouts
878 if [ -n "$CTDB_NFS_STATE_FS_TYPE" ] ; then
879 export CTDB_NFS_STATE_FS_TYPE
881 if [ -n "$CTDB_NFS_STATE_MNT" ] ; then
882 export CTDB_NFS_STATE_MNT
885 nfs_callout_cache="${_state_dir}/nfs_callout_cache"
886 nfs_callout_cache_callout="${nfs_callout_cache}/CTDB_NFS_CALLOUT"
887 nfs_callout_cache_ops="${nfs_callout_cache}/ops"
890 nfs_callout_register ()
892 mkdir -p "$nfs_callout_cache_ops"
893 rm -f "$nfs_callout_cache_ops"/*
895 echo "$CTDB_NFS_CALLOUT" >"$nfs_callout_cache_callout"
897 _t=$(eval "$CTDB_NFS_CALLOUT" "register")
898 if [ -n "$_t" ] ; then
900 while IFS="" read _op ; do
901 touch "${nfs_callout_cache_ops}/${_op}"
904 touch "${nfs_callout_cache_ops}/ALL"
910 # Re-run registration if $CTDB_NFS_CALLOUT has changed
912 if [ -r "$nfs_callout_cache_callout" ] ; then
913 read _prev <"$nfs_callout_cache_callout"
915 if [ "$CTDB_NFS_CALLOUT" != "$_prev" ] ; then
919 # Run the operation if it is registered...
920 if [ -e "${nfs_callout_cache_ops}/${1}" ] || \
921 [ -e "${nfs_callout_cache_ops}/ALL" ]; then
922 eval "$CTDB_NFS_CALLOUT" "$@"
926 ########################################################
928 ########################################################
934 tickledir="${CTDB_SCRIPT_VARDIR}/tickles"
935 mkdir -p "$tickledir"
937 # What public IPs do I hold?
939 _ips=$($CTDB -X ip | awk -F'|' -v pnn="$_pnn" '$3 == pnn {print $2}')
941 # IPs and port as ss filters
943 for _ip in $_ips ; do
944 _ip_filter="${_ip_filter}${_ip_filter:+ || }src [${_ip}]"
946 _port_filter="sport == :${_port}"
948 # Record connections to our public IPs in a temporary file.
949 # This temporary file is in CTDB's private state directory and
950 # $$ is used to avoid a very rare race involving CTDB's script
951 # debugging. No security issue, nothing to see here...
952 _my_connections="${tickledir}/${_port}.connections.$$"
953 # Parentheses are needed around the filters for precedence but
954 # the parentheses can't be empty!
955 ss -tn state established \
956 "${_ip_filter:+( ${_ip_filter} )}" \
957 "${_port_filter:+( ${_port_filter} )}" |
958 awk 'NR > 1 {print $4, $3}' |
959 sort >"$_my_connections"
961 # Record our current tickles in a temporary file
962 _my_tickles="${tickledir}/${_port}.tickles.$$"
964 $CTDB -X gettickles "$_i" "$_port" |
965 awk -F'|' 'NR > 1 { printf "%s:%s %s:%s\n", $2, $3, $4, $5 }'
969 # Add tickles for connections that we haven't already got tickles for
970 comm -23 "$_my_connections" "$_my_tickles" | \
973 # Remove tickles for connections that are no longer there
974 comm -13 "$_my_connections" "$_my_tickles" | \
977 rm -f "$_my_connections" "$_my_tickles"
979 # Remove stale files from killed scripts
980 # Files can't have spaces in name, more portable than -print0/-0
981 # shellcheck disable=SC2038
982 (cd "$tickledir" && find . -type f -mmin +10 | xargs -r rm)
985 ########################################################
986 # load a site local config file
987 ########################################################
989 [ -x "${CTDB_BASE}/rc.local" ] && {
990 . "${CTDB_BASE}/rc.local"
993 [ -d "${CTDB_BASE}/rc.local.d" ] && {
994 for i in "${CTDB_BASE}/rc.local.d"/* ; do
995 [ -x "$i" ] && . "$i"
999 script_name="${0##*/}" # basename