ctdb/server/ctdb_monitor.c

   1 /*
   2    monitoring links to all other nodes to detect dead nodes
   3
   4
   5    Copyright (C) Ronnie Sahlberg 2007
   6
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License as published by
   9    the Free Software Foundation; either version 3 of the License, or
  10    (at your option) any later version.
  11
  12    This program is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16
  17    You should have received a copy of the GNU General Public License
  18    along with this program; if not, see <http://www.gnu.org/licenses/>.
  19 */
  20
  21 #include "replace.h"
  22 #include "system/filesys.h"
  23 #include "system/network.h"
  24 #include "system/wait.h"
  25
  26 #include <talloc.h>
  27 #include <tevent.h>
  28
  29 #include "lib/util/debug.h"
  30 #include "lib/util/samba_util.h"
  31 #include "lib/util/util_process.h"
  32
  33 #include "ctdb_private.h"
  34
  35 #include "common/system.h"
  36 #include "common/common.h"
  37 #include "common/logging.h"
  38
  39 struct ctdb_monitor_state {
  40         uint32_t monitoring_mode;
  41         TALLOC_CTX *monitor_context;
  42         uint32_t next_interval;
  43         uint32_t event_script_timeouts;
  44 };
  45
  46 static void ctdb_check_health(struct tevent_context *ev,
  47                               struct tevent_timer *te,
  48                               struct timeval t, void *private_data);
  49
  50 /*
  51   setup the notification script
  52 */
  53 int ctdb_set_notification_script(struct ctdb_context *ctdb, const char *script)
  54 {
  55         ctdb->notification_script = talloc_strdup(ctdb, script);
  56         CTDB_NO_MEMORY(ctdb, ctdb->notification_script);
  57         return 0;
  58 }
  59
  60 static int ctdb_run_notification_script_child(struct ctdb_context *ctdb, const char *event)
  61 {
  62         struct stat st;
  63         int ret;
  64         char *cmd;
  65
  66         if (stat(ctdb->notification_script, &st) != 0) {
  67                 DEBUG(DEBUG_ERR,("Could not stat notification script %s. Can not send notifications.\n", ctdb->notification_script));
  68                 return -1;
  69         }
  70         if (!(st.st_mode & S_IXUSR)) {
  71                 DEBUG(DEBUG_ERR,("Notification script %s is not executable.\n", ctdb->notification_script));
  72                 return -1;
  73         }
  74
  75         cmd = talloc_asprintf(ctdb, "%s %s\n", ctdb->notification_script, event);
  76         CTDB_NO_MEMORY(ctdb, cmd);
  77
  78         ret = system(cmd);
  79         /* if the system() call was successful, translate ret into the
  80            return code from the command
  81         */
  82         if (ret != -1) {
  83                 ret = WEXITSTATUS(ret);
  84         }
  85         if (ret != 0) {
  86                 DEBUG(DEBUG_ERR,("Notification script \"%s\" failed with error %d\n", cmd, ret));
  87         }
  88
  89         return ret;
  90 }
  91
  92 void ctdb_run_notification_script(struct ctdb_context *ctdb, const char *event)
  93 {
  94         pid_t child;
  95
  96         if (ctdb->notification_script == NULL) {
  97                 return;
  98         }
  99
 100         child = ctdb_fork(ctdb);
 101         if (child == (pid_t)-1) {
 102                 DEBUG(DEBUG_ERR,("Failed to fork() a notification child process\n"));
 103                 return;
 104         }
 105         if (child == 0) {
 106                 int ret;
 107
 108                 prctl_set_comment("ctdb_notification");
 109                 debug_extra = talloc_asprintf(NULL, "notification-%s:", event);
 110                 ret = ctdb_run_notification_script_child(ctdb, event);
 111                 if (ret != 0) {
 112                         DEBUG(DEBUG_ERR,(__location__ " Notification script failed\n"));
 113                 }
 114                 _exit(0);
 115         }
 116
 117         return;
 118 }
 119
 120 /*
 121   called when a health monitoring event script finishes
 122  */
 123 static void ctdb_health_callback(struct ctdb_context *ctdb, int status, void *p)
 124 {
 125         struct ctdb_node *node = ctdb->nodes[ctdb->pnn];
 126         TDB_DATA data;
 127         struct ctdb_node_flag_change c;
 128         uint32_t next_interval;
 129         int ret;
 130         TDB_DATA rddata;
 131         struct ctdb_srvid_message rd;
 132         const char *state_str = NULL;
 133
 134         c.pnn = ctdb->pnn;
 135         c.old_flags = node->flags;
 136
 137         rd.pnn   = ctdb->pnn;
 138         rd.srvid = CTDB_SRVID_TAKEOVER_RUN_RESPONSE;
 139
 140         rddata.dptr = (uint8_t *)&rd;
 141         rddata.dsize = sizeof(rd);
 142
 143         if (status == -ECANCELED) {
 144                 DEBUG(DEBUG_ERR,("Monitoring event was cancelled\n"));
 145                 goto after_change_status;
 146         }
 147
 148         if (status == -ETIME) {
 149                 ctdb->monitor->event_script_timeouts++;
 150
 151                 if (ctdb->monitor->event_script_timeouts >=
 152                     ctdb->tunable.monitor_timeout_count) {
 153                         DEBUG(DEBUG_ERR,
 154                               ("Maximum monitor timeout count %u reached."
 155                                " Making node unhealthy\n",
 156                                ctdb->tunable.monitor_timeout_count));
 157                 } else {
 158                         /* We pretend this is OK. */
 159                         goto after_change_status;
 160                 }
 161         } else {
 162                 ctdb->monitor->event_script_timeouts = 0;
 163         }
 164
 165         if (status != 0 && !(node->flags & NODE_FLAGS_UNHEALTHY)) {
 166                 DEBUG(DEBUG_NOTICE,("monitor event failed - disabling node\n"));
 167                 node->flags |= NODE_FLAGS_UNHEALTHY;
 168                 ctdb->monitor->next_interval = 5;
 169
 170                 ctdb_run_notification_script(ctdb, "unhealthy");
 171         } else if (status == 0 && (node->flags & NODE_FLAGS_UNHEALTHY)) {
 172                 DEBUG(DEBUG_NOTICE,("monitor event OK - node re-enabled\n"));
 173                 node->flags &= ~NODE_FLAGS_UNHEALTHY;
 174                 ctdb->monitor->next_interval = 5;
 175
 176                 ctdb_run_notification_script(ctdb, "healthy");
 177         }
 178
 179 after_change_status:
 180         next_interval = ctdb->monitor->next_interval;
 181
 182         ctdb->monitor->next_interval *= 2;
 183         if (ctdb->monitor->next_interval > ctdb->tunable.monitor_interval) {
 184                 ctdb->monitor->next_interval = ctdb->tunable.monitor_interval;
 185         }
 186
 187         tevent_add_timer(ctdb->ev, ctdb->monitor->monitor_context,
 188                          timeval_current_ofs(next_interval, 0),
 189                          ctdb_check_health, ctdb);
 190
 191         if (c.old_flags == node->flags) {
 192                 return;
 193         }
 194
 195         c.new_flags = node->flags;
 196
 197         data.dptr = (uint8_t *)&c;
 198         data.dsize = sizeof(c);
 199
 200         /* ask the recovery daemon to push these changes out to all nodes */
 201         ctdb_daemon_send_message(ctdb, ctdb->pnn,
 202                                  CTDB_SRVID_PUSH_NODE_FLAGS, data);
 203
 204         if (c.new_flags & NODE_FLAGS_UNHEALTHY) {
 205                 state_str = "UNHEALTHY";
 206         } else {
 207                 state_str = "HEALTHY";
 208         }
 209
 210         /* ask the recmaster to reallocate all addresses */
 211         DEBUG(DEBUG_ERR,
 212               ("Node became %s. Ask recovery master to reallocate IPs\n",
 213                state_str));
 214         ret = ctdb_daemon_send_message(ctdb, CTDB_BROADCAST_CONNECTED, CTDB_SRVID_TAKEOVER_RUN, rddata);
 215         if (ret != 0) {
 216                 DEBUG(DEBUG_ERR,
 217                       (__location__
 218                        " Failed to send IP takeover run request\n"));
 219         }
 220 }
 221
 222
 223 static void ctdb_run_startup(struct tevent_context *ev,
 224                              struct tevent_timer *te,
 225                              struct timeval t, void *private_data);
 226 /*
 227   called when the startup event script finishes
 228  */
 229 static void ctdb_startup_callback(struct ctdb_context *ctdb, int status, void *p)
 230 {
 231         if (status != 0) {
 232                 DEBUG(DEBUG_ERR,("startup event failed\n"));
 233                 tevent_add_timer(ctdb->ev, ctdb->monitor->monitor_context,
 234                                  timeval_current_ofs(5, 0),
 235                                  ctdb_run_startup, ctdb);
 236                 return;
 237         }
 238
 239         DEBUG(DEBUG_NOTICE,("startup event OK - enabling monitoring\n"));
 240         ctdb_set_runstate(ctdb, CTDB_RUNSTATE_RUNNING);
 241         ctdb->monitor->next_interval = 2;
 242         ctdb_run_notification_script(ctdb, "startup");
 243
 244         ctdb->monitor->monitoring_mode = CTDB_MONITORING_ACTIVE;
 245
 246         tevent_add_timer(ctdb->ev, ctdb->monitor->monitor_context,
 247                          timeval_current_ofs(ctdb->monitor->next_interval, 0),
 248                          ctdb_check_health, ctdb);
 249 }
 250
 251 static void ctdb_run_startup(struct tevent_context *ev,
 252                              struct tevent_timer *te,
 253                              struct timeval t, void *private_data)
 254 {
 255         struct ctdb_context *ctdb = talloc_get_type(private_data,
 256                                                     struct ctdb_context);
 257         int ret;
 258
 259         /* This is necessary to avoid the "startup" event colliding
 260          * with the "ipreallocated" event from the takeover run
 261          * following the first recovery.  We might as well serialise
 262          * these things if we can.
 263          */
 264         if (ctdb->runstate < CTDB_RUNSTATE_STARTUP) {
 265                 DEBUG(DEBUG_NOTICE,
 266                       ("Not yet in startup runstate. Wait one more second\n"));
 267                 tevent_add_timer(ctdb->ev, ctdb->monitor->monitor_context,
 268                                  timeval_current_ofs(1, 0),
 269                                  ctdb_run_startup, ctdb);
 270                 return;
 271         }
 272
 273         /* release any IPs we hold from previous runs of the daemon */
 274         ctdb_release_all_ips(ctdb);
 275
 276         DEBUG(DEBUG_NOTICE,("Running the \"startup\" event.\n"));
 277         ret = ctdb_event_script_callback(ctdb,
 278                                          ctdb->monitor->monitor_context,
 279                                          ctdb_startup_callback,
 280                                          ctdb, CTDB_EVENT_STARTUP, "%s", "");
 281
 282         if (ret != 0) {
 283                 DEBUG(DEBUG_ERR,("Unable to launch startup event script\n"));
 284                 tevent_add_timer(ctdb->ev, ctdb->monitor->monitor_context,
 285                                  timeval_current_ofs(5, 0),
 286                                  ctdb_run_startup, ctdb);
 287         }
 288 }
 289
 290 /*
 291   wait until we have finished initial recoveries before we start the
 292   monitoring events
 293  */
 294 static void ctdb_wait_until_recovered(struct tevent_context *ev,
 295                                       struct tevent_timer *te,
 296                                       struct timeval t, void *private_data)
 297 {
 298         struct ctdb_context *ctdb = talloc_get_type(private_data, struct ctdb_context);
 299         int ret;
 300         static int count = 0;
 301
 302         count++;
 303
 304         if (count < 60 || count%600 == 0) {
 305                 DEBUG(DEBUG_NOTICE,("CTDB_WAIT_UNTIL_RECOVERED\n"));
 306                 if (ctdb->nodes[ctdb->pnn]->flags & NODE_FLAGS_STOPPED) {
 307                         DEBUG(DEBUG_NOTICE,("Node is STOPPED. Node will NOT recover.\n"));
 308                 }
 309         }
 310
 311         if (ctdb->vnn_map->generation == INVALID_GENERATION) {
 312                 ctdb->db_persistent_startup_generation = INVALID_GENERATION;
 313
 314                 tevent_add_timer(ctdb->ev, ctdb->monitor->monitor_context,
 315                                  timeval_current_ofs(1, 0),
 316                                  ctdb_wait_until_recovered, ctdb);
 317                 return;
 318         }
 319
 320         if (ctdb->recovery_mode != CTDB_RECOVERY_NORMAL) {
 321                 ctdb->db_persistent_startup_generation = INVALID_GENERATION;
 322
 323                 DEBUG(DEBUG_NOTICE,(__location__ " in recovery. Wait one more second\n"));
 324                 tevent_add_timer(ctdb->ev, ctdb->monitor->monitor_context,
 325                                  timeval_current_ofs(1, 0),
 326                                  ctdb_wait_until_recovered, ctdb);
 327                 return;
 328         }
 329
 330
 331         if (!fast_start && timeval_elapsed(&ctdb->last_recovery_finished) < (ctdb->tunable.rerecovery_timeout + 3)) {
 332                 ctdb->db_persistent_startup_generation = INVALID_GENERATION;
 333
 334                 DEBUG(DEBUG_NOTICE,(__location__ " wait for pending recoveries to end. Wait one more second.\n"));
 335
 336                 tevent_add_timer(ctdb->ev, ctdb->monitor->monitor_context,
 337                                  timeval_current_ofs(1, 0),
 338                                  ctdb_wait_until_recovered, ctdb);
 339                 return;
 340         }
 341
 342         if (ctdb->vnn_map->generation == ctdb->db_persistent_startup_generation) {
 343                 DEBUG(DEBUG_INFO,(__location__ " skip ctdb_recheck_persistent_health() "
 344                                   "until the next recovery\n"));
 345                 tevent_add_timer(ctdb->ev, ctdb->monitor->monitor_context,
 346                                  timeval_current_ofs(1, 0),
 347                                  ctdb_wait_until_recovered, ctdb);
 348                 return;
 349         }
 350
 351         ctdb->db_persistent_startup_generation = ctdb->vnn_map->generation;
 352         ret = ctdb_recheck_persistent_health(ctdb);
 353         if (ret != 0) {
 354                 ctdb->db_persistent_check_errors++;
 355                 if (ctdb->db_persistent_check_errors < ctdb->max_persistent_check_errors) {
 356                         DEBUG(ctdb->db_persistent_check_errors==1?DEBUG_ERR:DEBUG_WARNING,
 357                               (__location__ "ctdb_recheck_persistent_health() "
 358                               "failed (%llu of %llu times) - retry later\n",
 359                               (unsigned long long)ctdb->db_persistent_check_errors,
 360                               (unsigned long long)ctdb->max_persistent_check_errors));
 361                         tevent_add_timer(ctdb->ev,
 362                                          ctdb->monitor->monitor_context,
 363                                          timeval_current_ofs(1, 0),
 364                                          ctdb_wait_until_recovered, ctdb);
 365                         return;
 366                 }
 367                 DEBUG(DEBUG_ALERT,(__location__
 368                                   "ctdb_recheck_persistent_health() failed (%llu times) - prepare shutdown\n",
 369                                   (unsigned long long)ctdb->db_persistent_check_errors));
 370                 ctdb_shutdown_sequence(ctdb, 11);
 371                 /* In case above returns due to duplicate shutdown */
 372                 return;
 373         }
 374         ctdb->db_persistent_check_errors = 0;
 375
 376         tevent_add_timer(ctdb->ev, ctdb->monitor->monitor_context,
 377                          timeval_current(), ctdb_run_startup, ctdb);
 378 }
 379
 380
 381 /*
 382   see if the event scripts think we are healthy
 383  */
 384 static void ctdb_check_health(struct tevent_context *ev,
 385                               struct tevent_timer *te,
 386                               struct timeval t, void *private_data)
 387 {
 388         struct ctdb_context *ctdb = talloc_get_type(private_data, struct ctdb_context);
 389         bool skip_monitoring = false;
 390         int ret = 0;
 391
 392         if (ctdb->recovery_mode != CTDB_RECOVERY_NORMAL ||
 393             ctdb->monitor->monitoring_mode == CTDB_MONITORING_DISABLED) {
 394                 skip_monitoring = true;
 395         } else {
 396                 if (ctdb_db_all_frozen(ctdb)) {
 397                         DEBUG(DEBUG_ERR,
 398                               ("Skip monitoring since databases are frozen\n"));
 399                         skip_monitoring = true;
 400                 }
 401         }
 402
 403         if (skip_monitoring) {
 404                 tevent_add_timer(ctdb->ev, ctdb->monitor->monitor_context,
 405                                  timeval_current_ofs(ctdb->monitor->next_interval, 0),
 406                                  ctdb_check_health, ctdb);
 407                 return;
 408         }
 409
 410         ret = ctdb_event_script_callback(ctdb,
 411                                          ctdb->monitor->monitor_context,
 412                                          ctdb_health_callback,
 413                                          ctdb, CTDB_EVENT_MONITOR, "%s", "");
 414         if (ret != 0) {
 415                 DEBUG(DEBUG_ERR,("Unable to launch monitor event script\n"));
 416                 ctdb->monitor->next_interval = 5;
 417                 tevent_add_timer(ctdb->ev, ctdb->monitor->monitor_context,
 418                                  timeval_current_ofs(5, 0),
 419                                  ctdb_check_health, ctdb);
 420         }
 421 }
 422
 423 /*
 424   (Temporaily) Disabling monitoring will stop the monitor event scripts
 425   from running   but node health checks will still occur
 426 */
 427 void ctdb_disable_monitoring(struct ctdb_context *ctdb)
 428 {
 429         ctdb->monitor->monitoring_mode = CTDB_MONITORING_DISABLED;
 430         DEBUG(DEBUG_INFO,("Monitoring has been disabled\n"));
 431 }
 432
 433 /*
 434    Re-enable running monitor events after they have been disabled
 435  */
 436 void ctdb_enable_monitoring(struct ctdb_context *ctdb)
 437 {
 438         ctdb->monitor->monitoring_mode  = CTDB_MONITORING_ACTIVE;
 439         ctdb->monitor->next_interval = 5;
 440         DEBUG(DEBUG_INFO,("Monitoring has been enabled\n"));
 441 }
 442
 443 /* stop any monitoring
 444    this should only be done when shutting down the daemon
 445 */
 446 void ctdb_stop_monitoring(struct ctdb_context *ctdb)
 447 {
 448         talloc_free(ctdb->monitor->monitor_context);
 449         ctdb->monitor->monitor_context = NULL;
 450
 451         ctdb->monitor->monitoring_mode  = CTDB_MONITORING_DISABLED;
 452         ctdb->monitor->next_interval = 5;
 453         DEBUG(DEBUG_NOTICE,("Monitoring has been stopped\n"));
 454 }
 455
 456 /*
 457   start watching for nodes that might be dead
 458  */
 459 void ctdb_wait_for_first_recovery(struct ctdb_context *ctdb)
 460 {
 461         ctdb_set_runstate(ctdb, CTDB_RUNSTATE_FIRST_RECOVERY);
 462
 463         ctdb->monitor = talloc(ctdb, struct ctdb_monitor_state);
 464         CTDB_NO_MEMORY_FATAL(ctdb, ctdb->monitor);
 465
 466         ctdb->monitor->monitor_context = talloc_new(ctdb->monitor);
 467         CTDB_NO_MEMORY_FATAL(ctdb, ctdb->monitor->monitor_context);
 468
 469         tevent_add_timer(ctdb->ev, ctdb->monitor->monitor_context,
 470                          timeval_current_ofs(1, 0),
 471                          ctdb_wait_until_recovered, ctdb);
 472 }
 473
 474
 475 /*
 476   modify flags on a node
 477  */
 478 int32_t ctdb_control_modflags(struct ctdb_context *ctdb, TDB_DATA indata)
 479 {
 480         struct ctdb_node_flag_change *c = (struct ctdb_node_flag_change *)indata.dptr;
 481         struct ctdb_node *node;
 482         uint32_t old_flags;
 483
 484         if (c->pnn >= ctdb->num_nodes) {
 485                 DEBUG(DEBUG_ERR,(__location__ " Node %d is invalid, num_nodes :%d\n", c->pnn, ctdb->num_nodes));
 486                 return -1;
 487         }
 488
 489         node         = ctdb->nodes[c->pnn];
 490         old_flags    = node->flags;
 491         if (c->pnn != ctdb->pnn) {
 492                 c->old_flags  = node->flags;
 493         }
 494         node->flags   = c->new_flags & ~NODE_FLAGS_DISCONNECTED;
 495         node->flags  |= (c->old_flags & NODE_FLAGS_DISCONNECTED);
 496
 497         /* we don't let other nodes modify our STOPPED status */
 498         if (c->pnn == ctdb->pnn) {
 499                 node->flags &= ~NODE_FLAGS_STOPPED;
 500                 if (old_flags & NODE_FLAGS_STOPPED) {
 501                         node->flags |= NODE_FLAGS_STOPPED;
 502                 }
 503         }
 504
 505         /* we don't let other nodes modify our BANNED status */
 506         if (c->pnn == ctdb->pnn) {
 507                 node->flags &= ~NODE_FLAGS_BANNED;
 508                 if (old_flags & NODE_FLAGS_BANNED) {
 509                         node->flags |= NODE_FLAGS_BANNED;
 510                 }
 511         }
 512
 513         if (node->flags == c->old_flags) {
 514                 DEBUG(DEBUG_INFO, ("Control modflags on node %u - Unchanged - flags 0x%x\n", c->pnn, node->flags));
 515                 return 0;
 516         }
 517
 518         DEBUG(DEBUG_INFO, ("Control modflags on node %u - flags now 0x%x\n", c->pnn, node->flags));
 519
 520         if (node->flags == 0 && ctdb->runstate <= CTDB_RUNSTATE_STARTUP) {
 521                 DEBUG(DEBUG_ERR, (__location__ " Node %u became healthy - force recovery for startup\n",
 522                                   c->pnn));
 523                 ctdb->recovery_mode = CTDB_RECOVERY_ACTIVE;
 524         }
 525
 526         /* tell the recovery daemon something has changed */
 527         c->new_flags = node->flags;
 528         ctdb_daemon_send_message(ctdb, ctdb->pnn,
 529                                  CTDB_SRVID_SET_NODE_FLAGS, indata);
 530
 531         /* if we have become banned, we should go into recovery mode */
 532         if ((node->flags & NODE_FLAGS_BANNED) && !(c->old_flags & NODE_FLAGS_BANNED) && (node->pnn == ctdb->pnn)) {
 533                 ctdb_local_node_got_banned(ctdb);
 534         }
 535
 536         return 0;
 537 }
 538
 539 /*
 540   return the monitoring mode
 541  */
 542 int32_t ctdb_monitoring_mode(struct ctdb_context *ctdb)
 543 {
 544         if (ctdb->monitor == NULL) {
 545                 return CTDB_MONITORING_DISABLED;
 546         }
 547         return ctdb->monitor->monitoring_mode;
 548 }
 549
 550 /*
 551  * Check if monitoring has been stopped
 552  */
 553 bool ctdb_stopped_monitoring(struct ctdb_context *ctdb)
 554 {
 555         return (ctdb->monitor->monitor_context == NULL ? true : false);
 556 }