[SCM] CTDB repository - branch 1.0.112 updated - ctdb-1.0.111-58-g7bbf083

Ronnie Sahlberg sahlberg at samba.org
Tue Apr 6 18:46:18 MDT 2010 

The branch, 1.0.112 has been updated
       via  7bbf08373eea95d8a859043cf0f9063e77c8c133 (commit)
       via  8f2e48b74b96219a3b4258ec864a5652883620e4 (commit)
      from  f5ac659e4df9ba6ee4652aeb9b4f5a01b532fd99 (commit)

http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=1.0.112


- Log -----------------------------------------------------------------
commit 7bbf08373eea95d8a859043cf0f9063e77c8c133
Author: Ronnie Sahlberg <ronniesahlberg at gmail.com>
Date:   Wed Apr 7 10:42:51 2010 +1000

    Lower the loglevel for "Recovery lock successfully taken"
    from ERR to NOTICE
    
    BZ62086

commit 8f2e48b74b96219a3b4258ec864a5652883620e4
Author: Ronnie Sahlberg <ronniesahlberg at gmail.com>
Date:   Wed Mar 31 11:20:25 2010 +1100

    Volker experienced a situation where we leaked iptable rules
    and continued to block an ipaddress after a recovery had completed.
    
    Rework how we handle the iptables blocking and use a new separate
    table for all failover related blocks so that we can find these rules and
    remove them more easily from outside of the takeip and releaseip events.

-----------------------------------------------------------------------

Summary of changes:
 config/events.d/10.interface |   38 ++++++++++++++++++++++++++++++++++----
 server/ctdb_recover.c        |    2 +-
 server/ctdb_recoverd.c       |    2 +-
 3 files changed, 36 insertions(+), 6 deletions(-)


Changeset truncated at 500 lines:

diff --git a/config/events.d/10.interface b/config/events.d/10.interface
index f881808..88ab2e9 100755
--- a/config/events.d/10.interface
+++ b/config/events.d/10.interface
@@ -17,6 +17,31 @@ loadconfig
 	exit 0
 }
 
+add_failover_block() {
+	# Make sure our chain exists
+	iptables -N ctdbfailover 2> /dev/null
+	
+	# make sure we link to it from INPUT
+	iptables -L INPUT -n | grep ctdbfailover >/dev/null 2>/dev/null || {
+		iptables -I INPUT -j ctdbfailover
+	}
+	# block this ip
+	iptables -I ctdbfailover -i $1 -d $2 -j DROP
+}
+
+delete_failover_block() {
+	iptables -D ctdbfailover -i $1 -d $2 -j DROP 2>/dev/null
+}
+
+delete_all_failover_blocks() {
+	# make sure to remova all links to the ctdbfailover table
+	while iptables -L INPUT -n | grep ctdbfailover >/dev/null 2>/dev/null ; do
+		iptables -D INPUT -j ctdbfailover
+	done
+	iptables -F ctdbfailover 2>/dev/null
+	iptables -X ctdbfailover 2>/dev/null
+}
+
 case "$1" in 
      #############################
      # called when ctdbd starts up
@@ -58,7 +83,7 @@ case "$1" in
 		 echo "Failed to add $ip/$maskbits on dev $iface"
 	}
 	# cope with the script being killed while we have the interface blocked
-	iptables -D INPUT -i $iface -d $ip -j DROP 2> /dev/null
+	delete_failover_block $iface $ip
 
 	# flush our route cache
 	echo 1 > /proc/sys/net/ipv4/route/flush
@@ -89,8 +114,8 @@ case "$1" in
 
 	failed=0
 	# we do an extra delete to cope with the script being killed
-	iptables -D INPUT -i $iface -d $ip -j DROP 2> /dev/null
-	iptables -I INPUT -i $iface -d $ip -j DROP
+	delete_failover_block $iface $ip
+	add_failover_block $iface $ip
 	kill_tcp_connections $ip
 
 	# the ip tool will delete all secondary IPs if this is the primary. To work around
@@ -111,7 +136,7 @@ case "$1" in
 		fi
 	    done
 	}
-	iptables -D INPUT -i $iface -d $ip -j DROP 2> /dev/null
+	delete_failover_block $iface $ip
 	[ $failed = 0 ] || {
 		 echo "Failed to del $ip on dev $iface"
 		 exit 1
@@ -125,14 +150,19 @@ case "$1" in
      ###########################################
      # called when ctdbd has finished a recovery
      recovered)
+	delete_all_failover_blocks
 	;;
 
      ####################################
      # called when ctdbd is shutting down
      shutdown)
+	delete_all_failover_blocks
 	;;
 
      monitor)
+	# make sure we dont block any ips when we are outside of recovery
+	delete_all_failover_blocks
+
 	INTERFACES=`cat $CTDB_PUBLIC_ADDRESSES | 
 		sed -e "s/^[^\t ]*[\t ]*//" -e "s/[\t ]*$//"`
 
diff --git a/server/ctdb_recover.c b/server/ctdb_recover.c
index ed5c22b..4a1e04c 100644
--- a/server/ctdb_recover.c
+++ b/server/ctdb_recover.c
@@ -819,7 +819,7 @@ bool ctdb_recovery_lock(struct ctdb_context *ctdb, bool keep)
 	}
 
 	if (keep) {
-		DEBUG(DEBUG_ERR, ("Recovery lock taken successfully\n"));
+		DEBUG(DEBUG_NOTICE, ("Recovery lock taken successfully\n"));
 	}
 
 	DEBUG(DEBUG_NOTICE,("ctdb_recovery_lock: Got recovery lock on '%s'\n", ctdb->recovery_lock_file));
diff --git a/server/ctdb_recoverd.c b/server/ctdb_recoverd.c
index 80dbc1e..f94d43b 100644
--- a/server/ctdb_recoverd.c
+++ b/server/ctdb_recoverd.c
@@ -1274,7 +1274,7 @@ static int do_recovery(struct ctdb_recoverd *rec,
 			return -1;
 		}
 		ctdb_ctrl_report_recd_lock_latency(ctdb, CONTROL_TIMEOUT(), timeval_elapsed(&start_time));
-		DEBUG(DEBUG_ERR,("Recovery lock taken successfully by recovery daemon\n"));
+		DEBUG(DEBUG_NOTICE,("Recovery lock taken successfully by recovery daemon\n"));
 	}
 
 	DEBUG(DEBUG_NOTICE, (__location__ " Recovery initiated due to problem with node %u\n", rec->last_culprit_node));


-- 
CTDB repository

More information about the samba-cvs mailing list