Corosync used to just ignore parse errors so that un-resolved names
could cause silent failures. We now always check the result from
totemip_parse() and at least print something in syslog.
There's also a little get-out here that allows you to correct
a bad node address without having to destroy and recreate the
whole link. I'm being nice to you.
Signed-off-by: Christine Caulfield <ccaulfie@redhat.com> Reviewed-by: Jan Friesse <jfriesse@redhat.com>
Jan Friesse [Thu, 15 Nov 2018 15:54:47 +0000 (16:54 +0100)]
stats: Fix delete of track
When cmap_track_delete was called to stats map (cmap created with
CMAP_MAP_STATS parameter) result was always ERR_BAD_HANDLE.
It turned out that corosync part of cmap is always calling icmap
function to get user data (where required hdb handle is stored)
instead of generalized map_fns.
After fixing this issue, valgrind showed error about jump depending on
unitialized data in stats_map_track_delete. Solution seems to be always
initialize tracker->events (so not only when track_type is add or
delete).
Signed-off-by: Jan Friesse <jfriesse@redhat.com> Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
Jan Friesse [Mon, 3 Sep 2018 15:04:23 +0000 (17:04 +0200)]
init: Fix init script to work with containers
Previously init scripts were not using pid file so pidof was used. This
is usually not a problem, but when containers are used it may result to
killing improper instance when issued on host.
Solution is to always use pidfile.
Also try to use LSB complaint status codes.
Signed-off-by: Jan Friesse <jfriesse@redhat.com> Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
Jan Friesse [Mon, 12 Nov 2018 17:35:45 +0000 (18:35 +0100)]
main: Replace COROSYNC_MAIN_CONFIG_FILE
COROSYNC_MAIN_CONFIG_FILE environment variable was quite well hidden
and it was never used by init script. It also makes quite hard to debug
possible problems.
Replace it by -c option.
Also patch makes use of configuration file path as a base for uidgid.d
directory, so it's no longer needed to keep uidgid.d in sysconfdir.
Signed-off-by: Jan Friesse <jfriesse@redhat.com> Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
Jan Friesse [Mon, 12 Nov 2018 14:46:14 +0000 (15:46 +0100)]
main: Move sched paramaters to config file
The reason for this change is, that number of corosync CLI options
kind of exploded and scheduler based one are really beter to be kept in
config file.
Nice side-effect of this move is better "integration" with systemd,
because currently used EnvironmentFile should be really used for
environment and not that much for passing extra options to CLI.
Signed-off-by: Jan Friesse <jfriesse@redhat.com> Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
Jan Friesse [Wed, 7 Nov 2018 14:12:10 +0000 (09:12 -0500)]
configure: move to AC_COMPILE_IFELSE
from AC_PREPROC_IFELSE which is strongly discouraged.
Our detection system was very weak and recent versions of clang did
show that PREPROC_IFELFE (cpp) would enable warning options that
the compiler does not support (clang).
Use a full compilation test to detect what works and what doesn't.
The conversion to the new srp_addr format broke the feature where
UDP/UDPU nodes could get their nodeids generated from the IP address.
A big part of this was the removal of mandatory ring0_addr - it was used
as a placeholder when reading down the nodelist. I replaced this with
nodeid thinking that nodeid was now mandatory, forgetting this use case.
So the compare on "ring0_addr" or "nodeid" is now replaced with a more
robust check that we're only reading keys from the same node_pos once,
this was needed in votequorum.c as well as totemconfig.c
Another tidying side-effect of this patch is that the nodeid generation
is now all in a single routine in totemconfig.c and not shared between
it and totemip.c.
Signed-off-by: Christine Caulfield <ccaulfie@redhat.com> Reviewed-by: Jan Friesse <jfriesse@redhat.com>
Jan Friesse [Tue, 16 Oct 2018 08:28:56 +0000 (10:28 +0200)]
totemconfig: Replace strcpy by strncpy
Formally not needed, because totemip_print should not return string
longer than INET6_ADDRSTRLEN, but static analysis tools are not capable
of such conclusion.
Signed-off-by: Jan Friesse <jfriesse@redhat.com> Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
config: Fix crash in reload if new interfaces are added
This is a bug I seem to have introduced in 429209f4aa3c55504a49833e0004489f241e7819 where we compare links
for changes. if a new node was added on an existing link then it
was compared against a non-existant one in the previous configuration.
We now only compare nodes that are in both interfaces.
As I needed min() for this function, I moved it from individual
.c files into util.h so we only have one copy.
And the error message was fixed.
Signed-off-by: Christine Caulfield <ccaulfie@redhat.com> Reviewed-by: Jan Friesse <jfriesse@redhat.com>
Jan Friesse [Mon, 24 Sep 2018 13:05:02 +0000 (15:05 +0200)]
build: Do not compile totempg as a shared library
Instead of compiling totempg as a shared library, compile all totem code
directly into corosync binary.
Main idea of having totempg which may be
used in other projects was nice, but never really finished (and as far
as I know no project were ever really using it). So at the end of the
day, we've end with huge amount of problems (need to pass new arguments
thru X layers, hard debugging, ...) without any real benefit.
For a future version, we may consider to revisit idea of split totemsrp
into well tested library without unrelated bits like transports/ip/...
Signed-off-by: Jan Friesse <jfriesse@redhat.com> Reviewed-by: Fabio M. Di Nitto <fdinitto@redhat.com> Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
Jan Friesse [Fri, 14 Sep 2018 11:15:08 +0000 (13:15 +0200)]
build: Remove NSS dependencies
Complete removal of NSS from corosync tree. Most of the changes are
in build system and cpgverify had to be rewritten to use crc32 instead
of sha1.
Signed-off-by: Jan Friesse <jfriesse@redhat.com> Reviewed-by: Fabio M. Di Nitto <fdinitto@redhat.com> Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
Jan Friesse [Thu, 13 Sep 2018 15:50:36 +0000 (17:50 +0200)]
cts: Remove CTS
There are several reasons for removal of CTS:
1. It's not actively maintained
2. It's quite hard to setup
3. It has hard to fix bug in it's design (syslog messages are thrown by
rsyslog (configurable), journald (configurable) or when rsyslog is
used together with journald (non configurable)) so test
can fail just because of lost message.
4. It depends on pacemaker CTS, which is changed quite often
5. CTS itself is great tool for Pacemaker
(shutdown/startup of the node), but Corosync has a slightly
different needs
6. Bin Liu <bliu@suse.com> made a heroic effort to port it to Python 3
(huge thanks), but it's still not fully complete
All and all, if somebody is interested in maintaining CTS code, please
create repository similar to corosync flatiron cts and let us know.
Signed-off-by: Jan Friesse <jfriesse@redhat.com> Reviewed-by: Fabio M. Di Nitto <fdinitto@redhat.com> Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
Jan Friesse [Thu, 23 Aug 2018 13:06:19 +0000 (15:06 +0200)]
coroparse: Be more strict in what is parsed
Corosync parser is not very clever, but it is able to detect more errors
without too much code.
1. Check if section name is not empty (just '{' character)
2. Check if there is no extra characters after opening bracket '{'
3. Check if there is no extra characters after or before closing bracket
'}'
4. Check if line is opening section, closing section or key/value
So following examples are reported as error:
totem {
version: 2
}}}}}}}}}}
Signed-off-by: Jan Friesse <jfriesse@redhat.com> Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
Jan Friesse [Thu, 23 Aug 2018 12:18:40 +0000 (14:18 +0200)]
coroparse: Fix remove_whitespace end condition
When remove_whitespace function parameter is single character string
with whitespaces (like a:) then colon is not removed. Reason is end
condition end != start, which is valid for empty string, but invalid in
case described above. Solution is to check if *end is '\0'.
Signed-off-by: Jan Friesse <jfriesse@redhat.com> Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
Jan Friesse [Fri, 24 Aug 2018 08:30:13 +0000 (10:30 +0200)]
build: Support for git archive stored tags
Attempt to solve problem with git archive generated tarballs
(used for example by github when release is downloaded) which are no
longer git tree and (in contrast to officially released tarballs) also
doesn't contain .tarball-version file so git-version-gen script simply
cannot obtain valid version info.
Solution is based on using gitattributes which is instructs git to
replace string in the .gitarchivever file by known ref names.
git-version-gen is enhanced to support this file and tries to parse
any string which looks like "tag: v[0-9]+.[0-9]+.[0-9]". If such string
is found it's used as a version. This file is used as a last attempt and
other methods (.tarball-version, git abbrev) have precedence.
Based on idea stated by Jan Pokorný <jpokorny@redhat.com>.
Signed-off-by: Jan Friesse <jfriesse@redhat.com> Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
Jan Friesse [Tue, 14 Aug 2018 11:56:46 +0000 (07:56 -0400)]
Remove libcgroup
Libcgroup is deprecated and not shipping with new distributions
(OpenSuSE is one example). Solution is to have a partial implementation
of required functionality of libcgroup in the corosync code.
Patch uses hardcoded cgroup mount point, because most of the systems are
now systemd and systemd is also using hardcoded mountpoint (see
https://github.com/systemd/systemd/blob/master/src/core/mount-setup.c)
Configuration option --enable-cgroup is gone, because it's not needed
any longer.
Big thanks to Christine Caulfield <ccaulfie@redhat.com> for example of
simplified implementation of cgroup management code primitives.
Signed-off-by: Jan Friesse <jfriesse@redhat.com> Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
Jan Pokorný [Mon, 13 Aug 2018 23:18:47 +0000 (01:18 +0200)]
systemd: prevent redundancy in journal
Originating from a dual sink (stderr and syslog).
Annotated example from "journalctl -b --no-hostname -u corosync":
Aug 14 00:27:45 corosync[5203]: [MAIN ] Corosync Cluster
Engine ('2.99.3'): started and ready to provide service.
^ from syslog source
Aug 14 00:27:45 corosync[5203]: notice [MAIN ] Corosync Cluster
Engine ('2.99.3'): started and ready to provide service.
^ from stderr source
Signed-off-by: Jan Pokorný <jpokorny@redhat.com> Reviewed-by: Jan Friesse <jfriesse@redhat.com>
Jan Friesse [Fri, 10 Aug 2018 10:49:43 +0000 (06:49 -0400)]
cmap: Fix strncpy warning in cmap_iter_next
cmap_iter_next in contrast of it's icmap counterpart copies key name
into user preallocated space. In the worst case, key name may be
CMAP_KEYNAME_MAXLEN, so cmap_iter_next then need CMAP_KEYNAME_MAXLEN +
additional byte to store zero. strncpy was copying only
CMAP_KEYNAME_MAXLEN characters so there was possibility of unterminated
string.
Patch solves this by using memcpy and always add trailing zero.
Documentation was improved suggesting minimum size of keyname buffer to
be CMAP_KEYNAME_MAXLEN + 1.
Also sam and quorumtool were using too short buffer so they are fixed too.
Signed-off-by: Jan Friesse <jfriesse@redhat.com> Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
Bin Liu [Thu, 12 Jul 2018 11:44:21 +0000 (13:44 +0200)]
totemudpu: Add local loop support
This patch intends to solve long time ifdown corosync problem. Idea is
to use local socket for sending both unicast and multicast messages if
interface is down.
Together with testing what is current bind state it's possible to keep
pretending existence of old IP address instead of rebinding to localhost
what breaks a lot things badly.
Heavilly based on Yu, Zou <zouyu@shiqichuban.com> work and it's
basically port of UDP patch created by
Jan Friesse <jfriesse@redhat.com>.
totemconfig: Check for things that cannot be changed on the fly
There are a few things in the interface that cannot be changed on the
fly. Warn about them and tell the user that these things need to be done
in two steps and why.
Signed-off-by: Christine Caulfield <ccaulfie@redhat.com> Reviewed-by: Jan Friesse <jfriesse@redhat.com>
knet sends log messages as struct knet_log_msg, not a string
of KNET_MAX_LOG_MSG_SIZE (which is only part of that structure).
So we were both losing and corrupting messages.
Signed-off-by: Christine Caulfield <ccaulfie@redhat.com> Reviewed-by: Jan Friesse <jfriesse@redhat.com>
Jan Friesse [Tue, 24 Apr 2018 15:44:48 +0000 (17:44 +0200)]
cpg: Inform clients about left nodes during pause
Patch tries to fix incorrect behaviour during following test-case:
- 3 nodes
- Node 1 is paused
- Node 2 and 3 detects node 1 as failed and informs CPG clients
- Node 1 is unpaused
- Node 1 clients are informed about new membership, but not about Node 1
being paused, so from Node 1 point-of-view, Node 2 and 3 failure
Solution is to:
- Remove downlist master choose and always choose local node downlist.
For Node 1 in example above, downlist contains Node 2 and 3.
- Keep code which informs clients about left nodes
- Use joinlist as a authoritative source of nodes/clients which exists
in membership
Jan Friesse [Thu, 19 Apr 2018 10:52:39 +0000 (12:52 +0200)]
totemsrp: Fix leave message regression
Leave message in totem is just join message where leaving member is
excluded from member list and included in fail list. It also contains
special nodeid in header.nodeid and system_from.nodeid fields.
Before "totem: Use nodeid ONLY in srp_addr" fix, most of the functions
were using system_from addresses and not nodeid, which was used only in
one specific case for memb_consensus_set function.
After the patch, addresses are gone and only nodeid is used. Result is,
that leaving node nodeid is not added into local fail list
(my_faillist) so node is unable to reach consensus till token timeout,
which starts new gather process.
Solution is to send valid leaving node nodeid in system_from.nodeid and
handle specific case for memb_consensus_set in memb_join_process.
Signed-off-by: Jan Friesse <jfriesse@redhat.com> Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
Jan Friesse [Wed, 18 Apr 2018 13:34:04 +0000 (15:34 +0200)]
totemsrp: Fix srp_addr_compare
There is regression caused by "totem: Use nodeid ONLY in srp_addr" patch
in srp_addr_compare function. This function should be usable with qsort,
so it should return values less than, equal to or greater than zero. It
was however returning only zero or negation of a zero. Final results
were unable to reach consensus in following test case:
- 3 node cluster
- start nodes 1, 2, 3
- shutdown node 3
- start node 3
- shutdown node 2
- start node 2
- shutdown node 1
After this steps, node 2 and 3 were unable to reach consensus.
Signed-off-by: Jan Friesse <jfriesse@redhat.com> Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
Jan Friesse [Wed, 11 Apr 2018 14:15:01 +0000 (16:15 +0200)]
totemsrp: Check join and leave msg length
If number of proc_list, failed_list or active members is too high it
may be impossible to put them into message, which is allocated on the
stack what results in stack corruption.
Signed-off-by: Jan Friesse <jfriesse@redhat.com> Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
Rytis Karpuška [Tue, 27 Mar 2018 12:01:36 +0000 (15:01 +0300)]
cpg: Handle fragmented message sending interrupt
It turns out that there are some legitimate cases where fragmented
messages might be interrupted during sending (e.g. CS_ERR_TRY_AGAIN or
as in my case: CS_ERR_INTERRUPT). This creates a situation where
LIBCPG_PARTIAL_FIRST is sent multiple times before receiving
LIBCPG_PARTIAL_LAST.
Solution is to drop incomplete message and start assembly of new message
as libcpg should have reported error during sending of that
incomplete message.
Jan Friesse [Wed, 14 Mar 2018 15:25:11 +0000 (16:25 +0100)]
totemsrp: Add magic and version into header
Magic number (0xC070) together with version in every packet
is used for detecting that other node is really
Corosync 3.x.
Endian_detector field is removed and magic number is now
used instead.
If received packet magic number differs, guessing is used to show more
about the source (Corosync 2.3+, 2.2 are quite reliable, Knet and
unencrypted Corosync 2.1/2.0/1.x/OpenAIS are semi-reliable and encrypted
Corosync 2.1/2.0/1.x/OpenAIS are quite unreliable).
Signed-off-by: Jan Friesse <jfriesse@redhat.com> Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
knet: Fix display of links with unconfigured link0
because totemknet always configures link0 as loopback even
if it's not known to corosync, we need to filter it
out when returning the link status, as things get misaligned
in cfg.
Signed-off-by: Christine Caulfield <ccaulfie@redhat.com> Reviewed-by: Jan Friesse <jfriesse@redhat.com>
For the moment link-ids are a single digit, but that could change and
the tools shouldn't be quite so fragile. So parse the interface_name
properly by looking for the space between the linkID and the IP.
Signed-off-by: Christine Caulfield <ccaulfie@redhat.com> Reviewed-by: Jan Friesse <jfriesse@redhat.com>
This shrinks the srp_addr (and consequently every packet sent by
corosync) so that instead of containing loads of IP addresses to
identify a node, it just sends the nodeid.
This then allows us to make ring0 optional and replaceable when running
knet.
It also means that we need some other way of identifying the local
node in corosync.conf, so the nodelist.node.name entry is now mandatory
and is mapped to the local host using the same algorithm as used in
cman.
This code needs LOTS of testing as it touches a huge amount of totemsrp
and totemconfig.
Signed-off-by: Christine Caulfield <ccaulfie@redhat.com> Reviewed-by: Jan Friesse <jfriesse@redhat.com>
- move dbus-devel and nss-devel BuildRequires to file based depedency.
Those 2 BR have different names in OpenSUSE vs Fedora/RHEL/Centos.
This is kind of controversial as most distribution prefers a package
based build depedency, but the rpm version that supports
BuildRequires: foo || bar
is only available in rawhide and tumbleweed (aka no stable releases
are shipping it yet).
In order to build rpms in CI and have some level of flexibility
with upstream spec file, we need to compromise a bit.
- add explicit --docdir
OpenSUSE does not ship docs in the normal dir and their rpm macro
does not appear to set it for us.
Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com> Reviewed-by: Jan Friesse <jfriesse@redhat.com>
Rytis Karpuška [Fri, 9 Feb 2018 14:00:19 +0000 (16:00 +0200)]
totempg: Fix corrupted messages
Commit 899cb299831fea479ca8bc64d99fb1fce215d795 changed copy_len
to iovec[i].iov_len, assuming,
copy_len is always the same as iovec[i].iov_len under those
circumstances, but it missed the possability of small message being
partly put at the end of packet, which cuts this message in two parts
and therefore making copy_len not equal to iovec[i].iov_len.
Rytis Karpuška [Wed, 7 Feb 2018 12:44:30 +0000 (14:44 +0200)]
totempg: Fix fragmentation segfault
The problem was that two or more messages were concatenated
together during fragmentation in mcast_msg() function. In specific case,
message of just short of 1MB was provided for mcast_msg() and it
happened so, that the remainder (212 bytes to be exact) left some free
space in packet, therefore branch
was selected and this was the last mesage in provided iovec.
Then, on the second call, came another big message (about 300KB ) and
during fragmentation mcast.fragmented was set to 1.
On the other end, while receiving messages, due to missing
mcast.fragmentation==0 those two messages were concatenated and
therefore assembly->data array overflowed overwriting linked list
pointers and offset (which happened to be set to 0 and that 300KB
message was being copied from the beginning again).
After whole 300KB message has been sent, mcast.fragmentation==0 arrived
and totempg_deliver_fn() tried to move assembly structure to
assembly_list_free list, but as linked list pointers has been overriden,
segfault occured.
Signed-off-by: Rytis Karpuška <rytisk@neurotechnology.com> Reviewed-by: Jan Friesse <jfriesse@redhat.com>