2 monitoring links to all other nodes to detect dead nodes
5 Copyright (C) Ronnie Sahlberg 2007
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, see <http://www.gnu.org/licenses/>.
22 #include "lib/tevent/tevent.h"
23 #include "system/filesys.h"
24 #include "system/wait.h"
25 #include "../include/ctdb_private.h"
27 struct ctdb_monitor_state {
28 uint32_t monitoring_mode;
29 TALLOC_CTX *monitor_context;
30 uint32_t next_interval;
33 static void ctdb_check_health(struct event_context *ev, struct timed_event *te,
34 struct timeval t, void *private_data);
37 setup the notification script
39 int ctdb_set_notification_script(struct ctdb_context *ctdb, const char *script)
41 ctdb->notification_script = talloc_strdup(ctdb, script);
42 CTDB_NO_MEMORY(ctdb, ctdb->notification_script);
46 static int ctdb_run_notification_script_child(struct ctdb_context *ctdb, const char *event)
52 if (stat(ctdb->notification_script, &st) != 0) {
53 DEBUG(DEBUG_ERR,("Could not stat notification script %s. Can not send notifications.\n", ctdb->notification_script));
56 if (!(st.st_mode & S_IXUSR)) {
57 DEBUG(DEBUG_ERR,("Notification script %s is not executable.\n", ctdb->notification_script));
61 cmd = talloc_asprintf(ctdb, "%s %s\n", ctdb->notification_script, event);
62 CTDB_NO_MEMORY(ctdb, cmd);
65 /* if the system() call was successful, translate ret into the
66 return code from the command
69 ret = WEXITSTATUS(ret);
72 DEBUG(DEBUG_ERR,("Notification script \"%s\" failed with error %d\n", cmd, ret));
78 void ctdb_run_notification_script(struct ctdb_context *ctdb, const char *event)
82 if (ctdb->notification_script == NULL) {
86 child = ctdb_fork(ctdb);
87 if (child == (pid_t)-1) {
88 DEBUG(DEBUG_ERR,("Failed to fork() a notification child process\n"));
94 debug_extra = talloc_asprintf(NULL, "notification-%s:", event);
95 ret = ctdb_run_notification_script_child(ctdb, event);
97 DEBUG(DEBUG_ERR,(__location__ " Notification script failed\n"));
106 called when a health monitoring event script finishes
108 static void ctdb_health_callback(struct ctdb_context *ctdb, int status, void *p)
110 struct ctdb_node *node = ctdb->nodes[ctdb->pnn];
112 struct ctdb_node_flag_change c;
113 uint32_t next_interval;
116 struct takeover_run_reply rd;
119 c.old_flags = node->flags;
122 rd.srvid = CTDB_SRVID_TAKEOVER_RUN_RESPONSE;
124 rddata.dptr = (uint8_t *)&rd;
125 rddata.dsize = sizeof(rd);
127 if (status == -ECANCELED) {
128 DEBUG(DEBUG_ERR,("Monitoring event was cancelled\n"));
129 goto after_change_status;
132 if (status == -ETIME) {
133 ctdb->event_script_timeouts++;
135 if (ctdb->event_script_timeouts >= ctdb->tunable.script_timeout_count) {
136 DEBUG(DEBUG_ERR, ("Maximum timeout count %u reached for eventscript. Making node unhealthy\n", ctdb->tunable.script_timeout_count));
138 /* We pretend this is OK. */
139 goto after_change_status;
143 if (status != 0 && !(node->flags & NODE_FLAGS_UNHEALTHY)) {
144 DEBUG(DEBUG_NOTICE,("monitor event failed - disabling node\n"));
145 node->flags |= NODE_FLAGS_UNHEALTHY;
146 ctdb->monitor->next_interval = 5;
148 ctdb_run_notification_script(ctdb, "unhealthy");
150 /* ask the recmaster to reallocate all addresses */
151 DEBUG(DEBUG_ERR,("Node became UNHEALTHY. Ask recovery master %u to perform ip reallocation\n", ctdb->recovery_master));
152 ret = ctdb_daemon_send_message(ctdb, ctdb->recovery_master, CTDB_SRVID_TAKEOVER_RUN, rddata);
154 DEBUG(DEBUG_ERR,(__location__ " Failed to send ip takeover run request message to %u\n", ctdb->recovery_master));
157 } else if (status == 0 && (node->flags & NODE_FLAGS_UNHEALTHY)) {
158 DEBUG(DEBUG_NOTICE,("monitor event OK - node re-enabled\n"));
159 node->flags &= ~NODE_FLAGS_UNHEALTHY;
160 ctdb->monitor->next_interval = 5;
162 ctdb_run_notification_script(ctdb, "healthy");
164 /* ask the recmaster to reallocate all addresses */
165 DEBUG(DEBUG_ERR,("Node became HEALTHY. Ask recovery master %u to perform ip reallocation\n", ctdb->recovery_master));
166 ret = ctdb_daemon_send_message(ctdb, ctdb->recovery_master, CTDB_SRVID_TAKEOVER_RUN, rddata);
168 DEBUG(DEBUG_ERR,(__location__ " Failed to send ip takeover run request message to %u\n", ctdb->recovery_master));
174 next_interval = ctdb->monitor->next_interval;
176 ctdb->monitor->next_interval *= 2;
177 if (ctdb->monitor->next_interval > ctdb->tunable.monitor_interval) {
178 ctdb->monitor->next_interval = ctdb->tunable.monitor_interval;
181 event_add_timed(ctdb->ev, ctdb->monitor->monitor_context,
182 timeval_current_ofs(next_interval, 0),
183 ctdb_check_health, ctdb);
185 if (c.old_flags == node->flags) {
189 c.new_flags = node->flags;
191 data.dptr = (uint8_t *)&c;
192 data.dsize = sizeof(c);
194 /* ask the recovery daemon to push these changes out to all nodes */
195 ctdb_daemon_send_message(ctdb, ctdb->pnn,
196 CTDB_SRVID_PUSH_NODE_FLAGS, data);
202 called when the startup event script finishes
204 static void ctdb_startup_callback(struct ctdb_context *ctdb, int status, void *p)
207 DEBUG(DEBUG_ERR,("startup event failed\n"));
208 } else if (status == 0) {
209 DEBUG(DEBUG_NOTICE,("startup event OK - enabling monitoring\n"));
210 ctdb->done_startup = true;
211 ctdbd_pid = ctdb->ctdbd_pid;
212 ctdb->monitor->next_interval = 2;
213 ctdb_run_notification_script(ctdb, "startup");
216 event_add_timed(ctdb->ev, ctdb->monitor->monitor_context,
217 timeval_current_ofs(ctdb->monitor->next_interval, 0),
218 ctdb_check_health, ctdb);
223 wait until we have finished initial recoveries before we start the
226 static void ctdb_wait_until_recovered(struct event_context *ev, struct timed_event *te,
227 struct timeval t, void *private_data)
229 struct ctdb_context *ctdb = talloc_get_type(private_data, struct ctdb_context);
231 static int count = 0;
235 if (count < 60 || count%600 == 0) {
236 DEBUG(DEBUG_NOTICE,("CTDB_WAIT_UNTIL_RECOVERED\n"));
237 if (ctdb->nodes[ctdb->pnn]->flags & NODE_FLAGS_STOPPED) {
238 DEBUG(DEBUG_NOTICE,("Node is STOPPED. Node will NOT recover.\n"));
242 if (ctdb->vnn_map->generation == INVALID_GENERATION) {
243 ctdb->db_persistent_startup_generation = INVALID_GENERATION;
245 event_add_timed(ctdb->ev, ctdb->monitor->monitor_context,
246 timeval_current_ofs(1, 0),
247 ctdb_wait_until_recovered, ctdb);
251 if (ctdb->recovery_mode != CTDB_RECOVERY_NORMAL) {
252 ctdb->db_persistent_startup_generation = INVALID_GENERATION;
254 DEBUG(DEBUG_NOTICE,(__location__ " in recovery. Wait one more second\n"));
255 event_add_timed(ctdb->ev, ctdb->monitor->monitor_context,
256 timeval_current_ofs(1, 0),
257 ctdb_wait_until_recovered, ctdb);
262 if (!fast_start && timeval_elapsed(&ctdb->last_recovery_finished) < (ctdb->tunable.rerecovery_timeout + 3)) {
263 ctdb->db_persistent_startup_generation = INVALID_GENERATION;
265 DEBUG(DEBUG_NOTICE,(__location__ " wait for pending recoveries to end. Wait one more second.\n"));
267 event_add_timed(ctdb->ev, ctdb->monitor->monitor_context,
268 timeval_current_ofs(1, 0),
269 ctdb_wait_until_recovered, ctdb);
273 if (ctdb->vnn_map->generation == ctdb->db_persistent_startup_generation) {
274 DEBUG(DEBUG_INFO,(__location__ " skip ctdb_recheck_persistent_health() "
275 "until the next recovery\n"));
276 event_add_timed(ctdb->ev, ctdb->monitor->monitor_context,
277 timeval_current_ofs(1, 0),
278 ctdb_wait_until_recovered, ctdb);
282 ctdb->db_persistent_startup_generation = ctdb->vnn_map->generation;
283 ret = ctdb_recheck_persistent_health(ctdb);
285 ctdb->db_persistent_check_errors++;
286 if (ctdb->db_persistent_check_errors < ctdb->max_persistent_check_errors) {
287 DEBUG(ctdb->db_persistent_check_errors==1?DEBUG_ERR:DEBUG_WARNING,
288 (__location__ "ctdb_recheck_persistent_health() "
289 "failed (%llu of %llu times) - retry later\n",
290 (unsigned long long)ctdb->db_persistent_check_errors,
291 (unsigned long long)ctdb->max_persistent_check_errors));
292 event_add_timed(ctdb->ev,
293 ctdb->monitor->monitor_context,
294 timeval_current_ofs(1, 0),
295 ctdb_wait_until_recovered, ctdb);
298 DEBUG(DEBUG_ALERT,(__location__
299 "ctdb_recheck_persistent_health() failed (%llu times) - prepare shutdown\n",
300 (unsigned long long)ctdb->db_persistent_check_errors));
301 ctdb_stop_recoverd(ctdb);
302 ctdb_stop_keepalive(ctdb);
303 ctdb_stop_monitoring(ctdb);
304 ctdb_release_all_ips(ctdb);
305 if (ctdb->methods != NULL) {
306 ctdb->methods->shutdown(ctdb);
308 ctdb_event_script(ctdb, CTDB_EVENT_SHUTDOWN);
309 DEBUG(DEBUG_ALERT,("ctdb_recheck_persistent_health() failed - Stopping CTDB daemon\n"));
312 ctdb->db_persistent_check_errors = 0;
314 DEBUG(DEBUG_NOTICE,(__location__ " Recoveries finished. Running the \"startup\" event.\n"));
315 event_add_timed(ctdb->ev, ctdb->monitor->monitor_context,
317 ctdb_check_health, ctdb);
322 see if the event scripts think we are healthy
324 static void ctdb_check_health(struct event_context *ev, struct timed_event *te,
325 struct timeval t, void *private_data)
327 struct ctdb_context *ctdb = talloc_get_type(private_data, struct ctdb_context);
330 if (ctdb->recovery_mode != CTDB_RECOVERY_NORMAL ||
331 (ctdb->monitor->monitoring_mode == CTDB_MONITORING_DISABLED && ctdb->done_startup)) {
332 event_add_timed(ctdb->ev, ctdb->monitor->monitor_context,
333 timeval_current_ofs(ctdb->monitor->next_interval, 0),
334 ctdb_check_health, ctdb);
338 if (!ctdb->done_startup) {
339 ret = ctdb_event_script_callback(ctdb,
340 ctdb->monitor->monitor_context, ctdb_startup_callback,
342 CTDB_EVENT_STARTUP, "%s", "");
345 int skip_monitoring = 0;
347 if (ctdb->recovery_mode != CTDB_RECOVERY_NORMAL) {
349 DEBUG(DEBUG_ERR,("Skip monitoring during recovery\n"));
351 for (i=1; i<=NUM_DB_PRIORITIES; i++) {
352 if (ctdb->freeze_handles[i] != NULL) {
353 DEBUG(DEBUG_ERR,("Skip monitoring since databases are frozen\n"));
358 if (skip_monitoring != 0) {
359 event_add_timed(ctdb->ev, ctdb->monitor->monitor_context,
360 timeval_current_ofs(ctdb->monitor->next_interval, 0),
361 ctdb_check_health, ctdb);
364 ret = ctdb_event_script_callback(ctdb,
365 ctdb->monitor->monitor_context, ctdb_health_callback,
367 CTDB_EVENT_MONITOR, "%s", "");
372 DEBUG(DEBUG_ERR,("Unable to launch monitor event script\n"));
373 ctdb->monitor->next_interval = 5;
374 event_add_timed(ctdb->ev, ctdb->monitor->monitor_context,
375 timeval_current_ofs(5, 0),
376 ctdb_check_health, ctdb);
381 (Temporaily) Disabling monitoring will stop the monitor event scripts
382 from running but node health checks will still occur
384 void ctdb_disable_monitoring(struct ctdb_context *ctdb)
386 ctdb->monitor->monitoring_mode = CTDB_MONITORING_DISABLED;
387 DEBUG(DEBUG_INFO,("Monitoring has been disabled\n"));
391 Re-enable running monitor events after they have been disabled
393 void ctdb_enable_monitoring(struct ctdb_context *ctdb)
395 ctdb->monitor->monitoring_mode = CTDB_MONITORING_ACTIVE;
396 ctdb->monitor->next_interval = 5;
397 DEBUG(DEBUG_INFO,("Monitoring has been enabled\n"));
400 /* stop any monitoring
401 this should only be done when shutting down the daemon
403 void ctdb_stop_monitoring(struct ctdb_context *ctdb)
405 talloc_free(ctdb->monitor->monitor_context);
406 ctdb->monitor->monitor_context = NULL;
408 ctdb->monitor->monitoring_mode = CTDB_MONITORING_DISABLED;
409 ctdb->monitor->next_interval = 5;
410 DEBUG(DEBUG_NOTICE,("Monitoring has been stopped\n"));
414 start watching for nodes that might be dead
416 void ctdb_start_monitoring(struct ctdb_context *ctdb)
418 if (ctdb->monitor != NULL) {
422 ctdb->monitor = talloc(ctdb, struct ctdb_monitor_state);
423 CTDB_NO_MEMORY_FATAL(ctdb, ctdb->monitor);
425 ctdb->monitor->next_interval = 5;
427 ctdb->monitor->monitor_context = talloc_new(ctdb->monitor);
428 CTDB_NO_MEMORY_FATAL(ctdb, ctdb->monitor->monitor_context);
430 event_add_timed(ctdb->ev, ctdb->monitor->monitor_context,
431 timeval_current_ofs(1, 0),
432 ctdb_wait_until_recovered, ctdb);
434 ctdb->monitor->monitoring_mode = CTDB_MONITORING_ACTIVE;
435 DEBUG(DEBUG_NOTICE,("Monitoring has been started\n"));
440 modify flags on a node
442 int32_t ctdb_control_modflags(struct ctdb_context *ctdb, TDB_DATA indata)
444 struct ctdb_node_flag_change *c = (struct ctdb_node_flag_change *)indata.dptr;
445 struct ctdb_node *node;
449 if (c->pnn >= ctdb->num_nodes) {
450 DEBUG(DEBUG_ERR,(__location__ " Node %d is invalid, num_nodes :%d\n", c->pnn, ctdb->num_nodes));
454 node = ctdb->nodes[c->pnn];
455 old_flags = node->flags;
456 if (c->pnn != ctdb->pnn) {
457 c->old_flags = node->flags;
459 node->flags = c->new_flags & ~NODE_FLAGS_DISCONNECTED;
460 node->flags |= (c->old_flags & NODE_FLAGS_DISCONNECTED);
462 /* we dont let other nodes modify our STOPPED status */
463 if (c->pnn == ctdb->pnn) {
464 node->flags &= ~NODE_FLAGS_STOPPED;
465 if (old_flags & NODE_FLAGS_STOPPED) {
466 node->flags |= NODE_FLAGS_STOPPED;
470 /* we dont let other nodes modify our BANNED status */
471 if (c->pnn == ctdb->pnn) {
472 node->flags &= ~NODE_FLAGS_BANNED;
473 if (old_flags & NODE_FLAGS_BANNED) {
474 node->flags |= NODE_FLAGS_BANNED;
478 if (node->flags == c->old_flags) {
479 DEBUG(DEBUG_INFO, ("Control modflags on node %u - Unchanged - flags 0x%x\n", c->pnn, node->flags));
483 DEBUG(DEBUG_INFO, ("Control modflags on node %u - flags now 0x%x\n", c->pnn, node->flags));
485 if (node->flags == 0 && !ctdb->done_startup) {
486 DEBUG(DEBUG_ERR, (__location__ " Node %u became healthy - force recovery for startup\n",
488 ctdb->recovery_mode = CTDB_RECOVERY_ACTIVE;
491 /* tell the recovery daemon something has changed */
492 ctdb_daemon_send_message(ctdb, ctdb->pnn,
493 CTDB_SRVID_SET_NODE_FLAGS, indata);
495 /* if we have become banned, we should go into recovery mode */
496 if ((node->flags & NODE_FLAGS_BANNED) && !(c->old_flags & NODE_FLAGS_BANNED) && (node->pnn == ctdb->pnn)) {
497 /* make sure we are frozen */
498 DEBUG(DEBUG_NOTICE,("This node has been banned - forcing freeze and recovery\n"));
499 /* Reset the generation id to 1 to make us ignore any
500 REQ/REPLY CALL/DMASTER someone sends to us.
501 We are now banned so we shouldnt service database calls
504 ctdb->vnn_map->generation = INVALID_GENERATION;
506 for (i=1; i<=NUM_DB_PRIORITIES; i++) {
507 if (ctdb_start_freeze(ctdb, i) != 0) {
508 DEBUG(DEBUG_ERR,(__location__ " Failed to freeze db priority %u\n", i));
511 ctdb_release_all_ips(ctdb);
512 ctdb->recovery_mode = CTDB_RECOVERY_ACTIVE;
519 return the monitoring mode
521 int32_t ctdb_monitoring_mode(struct ctdb_context *ctdb)
523 if (ctdb->monitor == NULL) {
524 return CTDB_MONITORING_DISABLED;
526 return ctdb->monitor->monitoring_mode;
git.samba.org / ctdb.git / blob