git.samba.org / ctdb.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9236a67)
Add a tunable "AllowClientDBAttach" with default value 1.
authorMichael Adam <obnox@samba.org>
Fri, 2 Sep 2011 14:42:10 +0000 (16:42 +0200)
committerMichael Adam <obnox@samba.org>
Fri, 21 Nov 2014 07:12:51 +0000 (08:12 +0100)
When set to 0, clients will not be able to attach to databases
via the db_attach control. This might can be useful for maintenance
where ctdb should be kept running but clients should not be able
to modify databases.

(cherry picked from commit ddfeecda87955b4e46777599f678e6926d37f4c4)

Conflicts:
include/ctdb_private.h
server/ctdb_ltdb_server.c
server/ctdb_tunables.c

include/ctdb_private.h patch | blob | history
server/ctdb_ltdb_server.c patch | blob | history
server/ctdb_tunables.c patch | blob | history

diff --git a/include/ctdb_private.h b/include/ctdb_private.h
index e0b39eecf97ec72bf53e1a4a4408ab2c38fa44ec..3120f0b1de9b2429a7e29d1ce1ad89312c11b0da 100644 (file)
--- a/include/ctdb_private.h
+++ b/include/ctdb_private.h
@@ -132,6 +132,7 @@ struct ctdb_tunable {
        uint32_t use_status_events_for_monitoring;
        uint32_t allow_unhealthy_db_read;
        uint32_t vacuum_fast_path_count;
+       uint32_t allow_client_db_attach;
 };
 
 /*
diff --git a/server/ctdb_ltdb_server.c b/server/ctdb_ltdb_server.c
index 14709320603c2b5f4166af5429e5456642836114..195c8d10f1c172bfc78545655a8af64347ac4589 100644 (file)
--- a/server/ctdb_ltdb_server.c
+++ b/server/ctdb_ltdb_server.c
@@ -964,6 +964,13 @@ int32_t ctdb_control_db_attach(struct ctdb_context *ctdb, TDB_DATA indata,
        struct ctdb_db_context *db;
        struct ctdb_node *node = ctdb->nodes[ctdb->pnn];
 
+       if (ctdb->tunable.allow_client_db_attach == 0) {
+               DEBUG(DEBUG_ERR, ("DB Attach to database %s denied by tunable "
+                                 "AllowClientDBAccess == 0\n", db_name));
+               return -1;
+       }
+
+
        /* the client can optionally pass additional tdb flags, but we
           only allow a subset of those on the database in ctdb. Note
           that tdb_flags is passed in via the (otherwise unused)
diff --git a/server/ctdb_tunables.c b/server/ctdb_tunables.c
index 3099f6141c584e501fa4b4a3901f6d9efd6ae141..45083774f9f6a82408ad3d6fcd7c19c30f3e84a7 100644 (file)
--- a/server/ctdb_tunables.c
+++ b/server/ctdb_tunables.c
@@ -67,7 +67,8 @@ static const struct {
        { "VacuumFastPathCount", 60, offsetof(struct ctdb_tunable, vacuum_fast_path_count), false },
        { "MaxQueueDropMsg",  1000000, offsetof(struct ctdb_tunable, max_queue_depth_drop_msg), false },
        { "UseStatusEvents",     0,  offsetof(struct ctdb_tunable, use_status_events_for_monitoring), false },
-       { "AllowUnhealthyDBRead", 0,  offsetof(struct ctdb_tunable, allow_unhealthy_db_read), false }
+       { "AllowUnhealthyDBRead", 0,  offsetof(struct ctdb_tunable, allow_unhealthy_db_read), false },
+       { "AllowClientDBAttach", 1, offsetof(struct ctdb_tunable, allow_client_db_attach) }
 };
 
 /*
CTDB repository