git.samba.org / sahlberg / ctdb.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cdbc800)
Add a tunable "AllowClientDBAttach" with default value 1.
authorMichael Adam <obnox@samba.org>
Fri, 2 Sep 2011 14:42:10 +0000 (16:42 +0200)
committerRonnie Sahlberg <ronniesahlberg@gmail.com>
Mon, 5 Sep 2011 06:17:39 +0000 (16:17 +1000)
When set to 0, clients will not be able to attach to databases
via the db_attach control. This might can be useful for maintenance
where ctdb should be kept running but clients should not be able
to modify databases.

include/ctdb_private.h patch | blob | history
server/ctdb_ltdb_server.c patch | blob | history
server/ctdb_tunables.c patch | blob | history

diff --git a/include/ctdb_private.h b/include/ctdb_private.h
index 6d3e91e37bfc4a9d133d943fc7205432bdec0785..b24efcc64a03001e0cbccae59bba0ac8e69e5cc6 100644 (file)
--- a/include/ctdb_private.h
+++ b/include/ctdb_private.h
@@ -121,6 +121,7 @@ struct ctdb_tunable {
        uint32_t deferred_attach_timeout;
        uint32_t vacuum_fast_path_count;
        uint32_t lcp2_public_ip_assignment;
+       uint32_t allow_client_db_attach;
 };
 
 /*
diff --git a/server/ctdb_ltdb_server.c b/server/ctdb_ltdb_server.c
index a93e2fa0c950a7cc3c50f2a838c3ff8a724a3ddf..a0fe2c529c606c4b033a4577fec97baa1a476df2 100644 (file)
--- a/server/ctdb_ltdb_server.c
+++ b/server/ctdb_ltdb_server.c
@@ -1010,6 +1010,12 @@ int32_t ctdb_control_db_attach(struct ctdb_context *ctdb, TDB_DATA indata,
        struct ctdb_node *node = ctdb->nodes[ctdb->pnn];
        struct ctdb_client *client = NULL;
 
+       if (ctdb->tunable.allow_client_db_attach == 0) {
+               DEBUG(DEBUG_ERR, ("DB Attach to database %s denied by tunable "
+                                 "AllowClientDBAccess == 0\n", db_name));
+               return -1;
+       }
+
        /* dont allow any local clients to attach while we are in recovery mode
         * except for the recovery daemon.
         * allow all attach from the network since these are always from remote
diff --git a/server/ctdb_tunables.c b/server/ctdb_tunables.c
index 9da3cc806562f1601797ecf040b0a5762a6de39c..ef86051cecf2ebd634dfa30b5c4d28dca4d9b1f3 100644 (file)
--- a/server/ctdb_tunables.c
+++ b/server/ctdb_tunables.c
@@ -68,7 +68,8 @@ static const struct {
        { "UseStatusEvents",     0,  offsetof(struct ctdb_tunable, use_status_events_for_monitoring) },
        { "AllowUnhealthyDBRead", 0,  offsetof(struct ctdb_tunable, allow_unhealthy_db_read) },
        { "StatHistoryInterval",  1,  offsetof(struct ctdb_tunable, stat_history_interval) },
-       { "DeferredAttachTO",  120,  offsetof(struct ctdb_tunable, deferred_attach_timeout) }
+       { "DeferredAttachTO",  120,  offsetof(struct ctdb_tunable, deferred_attach_timeout) },
+       { "AllowClientDBAttach", 1, offsetof(struct ctdb_tunable, allow_client_db_attach) }
 };
 
 /*
CTDB repository